last executing test programs: 11.233863024s ago: executing program 1 (id=173): syz_mount_image$reiserfs(&(0x7f0000000140), &(0x7f0000001140)='./file6\x00', 0x98, &(0x7f0000000280), 0x5, 0x10f5, &(0x7f0000001180)="$eJzs2DGLE0EYBuB3dgNyVWSuXw+0sJDjjvgHrlBIY2FtF6zsTKXk5/hz5Cr743qvCNgrmxgSJGKRxUB4Hlh252Xm+2bKnQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBvlHwvyXmT1E3WJClJ191O75N0m/zx17ZJydv30/mrj5PX8/W09FmT0q9ajev101ondVKv68vzm2d1/unzh3anZUmXu+VidvbmYdCj9L3bQSsCAADAafh5sPGR+wMAAAD/MthFAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAA6uajSVKSrrud3ifpjrstAAAA4EAlTd6N9+Xra4CtF/k2LimPtsmP0s+5ypc96/+iLzk6aMMAAABwosrO//jznOXJTn6RUS4v1+PfrzzcJG2Sqz/q3C0Xs9VzsZiV/3kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgF/swLEAAAAAgDB/6zQ6NgAAAAAAAAAAAAAAAACYKgAA//87RdIO") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000100), 0xfffffd9d) connect$tipc(0xffffffffffffffff, &(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x1, 0x4}}, 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0x490267a0}, 0x1c) sendmsg$NL80211_CMD_SET_STATION(0xffffffffffffffff, 0x0, 0x8004) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000100)=ANY=[], 0x32600) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) pwritev2(r2, &(0x7f0000000600)=[{&(0x7f0000000080)='W', 0x1}], 0x1, 0x800be6b, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x300, 0x0) 9.514337862s ago: executing program 3 (id=176): r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x41, 0x3, 0x348, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2e8, 0x1f0, 0x1f0, 0x2e8, 0x1f0, 0x3, 0x0, {[{{@uncond, 0x0, 0x1c0, 0x1e0, 0x0, {0x0, 0xffffffffa0028000}, [@common=@inet=@hashlimit2={{0x150}, {'nicvf0\x00', {0xffffffff, 0x0, 0x20, 0x0, 0x0, 0x3, 0x7bfd, 0x18}}}]}, @unspec=@NOTRACK={0x20}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x3a8) 9.140395502s ago: executing program 2 (id=177): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x800, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@userxattr}]}) chdir(&(0x7f0000000140)='./bus\x00') open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x1) r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) renameat2(r0, &(0x7f00000001c0)='./file1\x00', r1, &(0x7f0000000080)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x2) 8.089125097s ago: executing program 3 (id=178): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x6, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000480)=[{&(0x7f00000000c0)="799e", 0x2}], 0x1, 0xe) 8.021028893s ago: executing program 2 (id=179): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000180)={0x1, 0xaa4, 0x0, &(0x7f0000000340)}) ioctl$KVM_SET_CLOCK(r1, 0x4188aec6, 0x0) 7.828839918s ago: executing program 0 (id=180): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) syz_usb_connect(0x0, 0x24, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000333c2340fd03beeb0dd201020301090212000100000000090400000091cd640040f20f2e7c0b480140d0b831ebdd4be6a8df1f50888d7655d34b2a03a879428ff5a468566cb2cd1a2e99114caf41ae040ba403d1601763b74398a1f7b2805df647fa404ca195bbe101640d9d047beb385be402d6f407bd770cbea9fa4ce70aa917cdbac8b2fe2ec4ba6a2e4a67698ddbe07b0b3f54c3e559c5a3c6f4be7183604252998be68d4cb19c99e4633ce2884a4288966f64cc"], 0x0) syz_usb_connect$uac1(0x0, 0x0, 0x0, 0x0) bind$bt_sco(r0, &(0x7f0000000040), 0x8) listen(r0, 0x1) setsockopt$bt_BT_VOICE(r0, 0x112, 0x13, 0x0, 0x0) syz_open_dev$evdev(&(0x7f0000000400), 0x800000003, 0x3c3781) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendto$inet(r4, &(0x7f0000000000)="f461c5bbd75c3583", 0x8, 0x0, &(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10) recvmmsg(r4, &(0x7f000000e280), 0x58a, 0x42, 0x0) 7.706473479s ago: executing program 3 (id=181): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) r0 = openat$mice(0xffffffffffffff9c, &(0x7f0000000100), 0x48000) syz_clone(0x4386111, 0x0, 0x0, 0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x0, 0x0}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) recvmmsg$unix(r0, 0x0, 0x0, 0x40000002, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r2, 0x0, 0x60, &(0x7f0000000cc0)={'filter\x00', 0x3b, 0x4, 0x4c8, 0x2f8, 0x2f8, 0x3e0, 0x2f8, 0x3e0, 0x3e0, 0x4, 0x0, {[{{@uncond, 0xc0, 0x1e8}, @unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x0, 0x0, 'system_u:object_r:update_modules_exec_t:s0\x00'}}}, {{@arp={@broadcast, @dev, 0x0, 0x0, 0x0, 0x0, {@mac=@broadcast}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth0_to_batadv\x00', 'veth1_to_hsr\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@remote, @empty, @multicast2, @loopback}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x520) 7.705957738s ago: executing program 2 (id=182): newfstatat(0xffffffffffffff9c, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x0) 7.570028869s ago: executing program 2 (id=183): socket$inet_tcp(0x2, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, 0x0, 0x0, 0x8, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_init_net_socket$ax25(0x3, 0x5, 0x0) setsockopt$ax25_int(r3, 0x101, 0x2, &(0x7f0000000040), 0x4) 7.445453399s ago: executing program 1 (id=184): setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000200)=[@in6={0xa, 0x4e24, 0x4, @loopback}], 0x1c) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_CLOCK(r1, 0x4188aec6, &(0x7f0000000040)={0x1, 0x8, 0x0, 0x20000000000000}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000024000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000280)="66b9800000c00f326635010000000f3064660f38828e4258660f086766c744240012e93bf96766c7442402010000006766c744240600000000670f011c2466b9800000c00f326635002000000f300f01df66b80500000066b900200000a90a000f01c40f019f09000f01c2", 0x6b}], 0x1, 0x41, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000300)={[0xbb5, 0xffffffffffffffca, 0x100, 0xfffffffffffffff6, 0x6, 0x401, 0x6, 0x2, 0x0, 0x8, 0x100000001, 0xba25, 0x1000, 0x3, 0xfffffffffffffe00, 0x4], 0xeeef0000, 0x40080}) ioctl$KVM_CAP_X86_USER_SPACE_MSR(r1, 0x4068aea3, &(0x7f0000000100)={0xbc, 0x0, 0x4}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 6.629346585s ago: executing program 2 (id=185): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) syz_usb_connect(0x0, 0x24, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000333c2340fd03beeb0dd201020301090212000100000000090400000091cd640040f20f2e7c0b480140d0b831ebdd4be6a8df1f50888d7655d34b2a03a879428ff5a468566cb2cd1a2e99114caf41ae040ba403d1601763b74398a1f7b2805df647fa404ca195bbe101640d9d047beb385be402d6f407bd770cbea9fa4ce70aa917cdbac8b2fe2ec4ba6a2e4a67698ddbe07b0b3f54c3e559c5a3c6f4be7183604252998be68d4cb19c99e4633ce2884a4288966f64cc"], 0x0) syz_usb_connect$uac1(0x0, 0x0, 0x0, 0x0) bind$bt_sco(r0, &(0x7f0000000040), 0x8) listen(r0, 0x1) setsockopt$bt_BT_VOICE(r0, 0x112, 0x13, 0x0, 0x0) syz_open_dev$evdev(&(0x7f0000000400), 0x800000003, 0x3c3781) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendto$inet(r4, &(0x7f0000000000)="f461c5bbd75c3583", 0x8, 0x0, &(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10) recvmmsg(r4, &(0x7f000000e280), 0x58a, 0x42, 0x0) 6.614035176s ago: executing program 3 (id=186): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB="1800000000030000000000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x9}, 0x94) r0 = syz_usb_connect(0x2, 0x3f, &(0x7f00000007c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f00000002c0)={0x2c, &(0x7f0000000300)=ANY=[], 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r1, 0xc0045b0f, &(0x7f0000000000)) 5.843135709s ago: executing program 1 (id=187): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x800, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@userxattr}]}) chdir(&(0x7f0000000140)='./bus\x00') open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x1) r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) renameat2(r0, &(0x7f00000001c0)='./file1\x00', r1, &(0x7f0000000080)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x2) 5.669996503s ago: executing program 1 (id=188): unshare(0x22020600) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x40, 0x0) socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0, 0x0, 0xd}, 0x18) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) socket(0x40000000015, 0x5, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000380)={r3, r3}, 0x4) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000400)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x80020}, 0x3) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r5 = openat$mixer(0xffffffffffffff9c, &(0x7f0000003fc0), 0x0, 0x0) ioctl$SOUND_MIXER_READ_DEVMASK(r5, 0xc0044dff, 0x0) write$tun(0xffffffffffffffff, 0x0, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_mount_image$f2fs(&(0x7f0000000040), &(0x7f0000000000)='./file2\x00', 0x5001, &(0x7f00000003c0)={[{@nouser_xattr}, {@nolazytime}, {@four_active_logs}, {@data_flush}, {@heap}, {@nouser_xattr}, {@quota}, {@resuid={'resuid', 0x3d, 0xee01}}, {@usrjquota={'usrjquota', 0x3d, 'noflush_merge'}}, {@noflush_merge}, {@noinline_data}, {@grpjquota={'grpjquota', 0x3d, '+~N~^\x05[\x1b=^\x00\x1e\xe1\x06\x86\xa2\xec\xc19lh\xa6\xb1\x84\xe2\x7f\xe0\x13\xa1HTx\x8ey\xd55:\x90\xe5 \x9b\xbc\xbe\x9d/\xacPN\xbed\xb0\x84\xd7\xfd\xff\x92*Q\xe8&\xd8\x1d\x8c5\r\x96I\xc9\x0eq\x01\xd1;t$\xe0XVU\x1c\xbf\x84L\xd3\xf3\xf43\xd1\xb7\"\nn\f\xeby\x9d\xdf\xcb\\\xcc\xe6Zk\xe6\xf6]\xd9/\xe3\xc5k\x17\x04\xee'}}]}, 0x0, 0x550a, &(0x7f0000006200)="$eJzs3E1rY+UXAPCTtJ33//yLuHA3FwahhUlo+jLoruoMvmCHMurClaZJGjKT5JYmTWtXLlyKC7+JKLhy6Wdw4dqduFDcCUruvdWpLyA0bez094Obc58nT849TxgGzr0lAVxY88nPP5biZlyNiJmIuBGRnZeKI7Oeh+ci4lZElJ84SsX87xOXIuJaRNwcJ89zloq3Pr0zur32wxs/ffXN5dnrn3357fR2DUzb8xHR28nP93t5TNt5fFTM10edLPZWR0XM3+g9LsZpHvdbW1mG/frRunoWV9r5+nRnbzCO2916Yxzbne1sfqefX3Awah/lyT7wqL6bjZutrSx2BmkW24d5XQeH+f9th4NhnqdZ5PsgSx/D4VHM51sHrXw/O4+z2OgPi/k8b9psHYzjqIjF5aKRdptZHVsn+ab/297s9PcOklFrd9BJ+8latfZCtXa3UttNm61ha7VS7zXvriYL7e54WWXYqvfW22na7raqjbS3mCy0G41KrZYs3Gttder9pFarrlSXKmuLxdmd5NUH7yTdZrIwji93+nvDTneQbKe7Sf6JxWS5uvLiYnK7lry1sZlsPrx/f2Pz7ffuvfvgpY3XXykW/aWsZGF5aXm5UluqLNcWL9D+PyqKnuD+4URK0y4A4PzR/wPTcHr9/+7DiNPv/0P/PxHnqv+94P1/+RT2Dyei/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuLC+m/v8texkPh9fL+b/V0w9U4xLEVGOiF//xkxcOpZzpsgz9w/r5/5Uw9elyDKMr3G5OK5FxHpx/PL/0/4WAAAA4On1xYe3Psm79fxlftoFcZbymzblG+9PKF8pIubmv59QtvL45dkJJcv+fc/GwYSyZTewrkwoWX7LbXZS2f6VmWPhyhOhlIfymZYDAACcieOdwNl2IQAAAJylj6ddANNRiqNHmUfPgrO/vP/jgeDVYyMAAADgHCpNuwAAAADg1GX9v9//AwAAgKdb/vt/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/MbO/eSkDgRwAB4KffDe00iMe6/iDo7hEVy6NBzAS3AEvIIX4Ay44wgGDJ2JsQrE0JaK+b6kDB3ojxkCi/mTAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANOkln42fHq4fq+as1tXU0xsAAABgm0U+GxdPhvH8f6o/T1WX6bwTQshCCNvG7t3wp5TZTTn5jvfnn9rwHEKRsPmMfjr+hRBu0vF60fS3AAAAAL/XfDIdxdF6fBi23SCOKU7aZGe3X17pHJS3uSofLiu3K8o2eVc1hRW/7164rymtmMAa1BQWp9x6papeXdk7FH/391m7wYeiE4ts//W19R0AADiibqloetwBAABAe+7abgDtKFZ50178tBTYj0Va3vtbOgMAAAB+qPWerdyH7fIGAAAATkkx/nf/PwAAADhN313Yj/f/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoEmLfDaeT6ajqjmrdTVhWU9/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeGN/3lEgBMIgDPau70zm/oeVBg2NTapA+PgbgwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN797i//J6bGmWTutbH0PJKsnRpbp8beuXH0h/H1awAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAi/15SYEQCIIomDP+d9L3P6wk6BlEiICGRxW1aAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAL/rdL/8npsaZZO60sXQ8kqxdNbauGnsPGkcPxtu/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAi537eY2jigMA/mZmZ2ur4hplDxFR8KAXu93W1t7EgxI8+CcIId3W2K0/2hxsKUIu3iTnXkSPIoISb/0fem4gl3jLYQ8RPCszO5NMkgXXH53ZZD8fePO+Owzzvm8WQr7vTQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACl0bsHcZIdOuM4Ls493ru/kvVbR/rMw43txaxlcVRn0ifDy9UPUbe5RAAAAJgfSVnfhxB20s2lrI87ef2fltdkNf93z47jsp4/WveXfVn7Z+3XX3Zf3B+oMx4nu+n11eHgwvFUWk9ulrPtub+9opU/+XztJcm/kPiD9RdGaf48o28ePXqvnYdn6sgWAPg3zpd9EZS/D2V9v8nEAJgbrUrhXdb/SafZnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADqMFoPT5dxFEJYbB3Ema29+yuT+ocb24tlu/LgwUb1ntkt0hDC9dXh4EKNc5l1d+7eu7k8HA5u1x+8EkJoavR3iunf/GiKi0No5PkI/qcgLr7sWcnnZAQN/lACAOBUSouW1fU76eZSdi5aCOHP7w/X/69X4jBl/b/78ZXH1bGq9X+/thnOvt7arc97d+7ee3P11vKNwY3Bp29d7L/dv3T18uWrvXytpGfFBAAAgP+mXbRq/R8vHN//P1eJw5T1/xff9r+qjpWo/yc62PRrOhMAAID59vyrf/weTTgftdvhy+W1tdv98XH/88XxsYFU/7EzRavW/8lC01kBAAAAdRitR4f2/69V4jDl/v8zP7z0U/WeSQjhbLH/f37ls+G1+qYz02r4c+Iwaf0KAACA+XG2aNX9/zR//z/eLxnjEMIbr43j4t8ATlX/J+9//WN1rOr7/5fqm+JMirvj55H33RBa3aYzAgAA4DR7qmhZsf9burn0yc/nPmx7/x8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgbn8FAAD///cRP7M=") fdatasync(r7) r8 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r8, 0x11b, 0x4, &(0x7f0000000080)={0x0, 0x14000, 0x800, 0x1000, 0x1}, 0x20) sendmsg$TIPC_NL_SOCK_GET(r6, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000440)={0x0}, 0x1, 0x0, 0x0, 0x95}, 0x20004800) ioctl$FAT_IOCTL_GET_ATTRIBUTES(r1, 0x80047210, &(0x7f0000000100)) 2.528849617s ago: executing program 0 (id=189): r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x41, 0x3, 0x348, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2e8, 0x1f0, 0x1f0, 0x2e8, 0x1f0, 0x3, 0x0, {[{{@uncond, 0x0, 0x1c0, 0x1e0, 0x0, {0x0, 0xffffffffa0028000}, [@common=@inet=@hashlimit2={{0x150}, {'nicvf0\x00', {0xffffffff, 0x0, 0x20, 0x0, 0x0, 0x3, 0x7bfd, 0x18}}}]}, @unspec=@NOTRACK={0x20}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x3a8) 1.98393161s ago: executing program 0 (id=190): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x6, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000480)=[{&(0x7f00000000c0)="799e", 0x2}], 0x1, 0xe) 1.937505764s ago: executing program 3 (id=191): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000180)={0x1, 0xaa4, 0x0, &(0x7f0000000340)}) ioctl$KVM_SET_CLOCK(r1, 0x4188aec6, 0x0) 1.313393584s ago: executing program 2 (id=192): syz_mount_image$reiserfs(&(0x7f0000000140), &(0x7f0000001140)='./file6\x00', 0x98, &(0x7f0000000280), 0x5, 0x10f5, &(0x7f0000001180)="$eJzs2DGLE0EYBuB3dgNyVWSuXw+0sJDjjvgHrlBIY2FtF6zsTKXk5/hz5Cr743qvCNgrmxgSJGKRxUB4Hlh252Xm+2bKnQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBvlHwvyXmT1E3WJClJ191O75N0m/zx17ZJydv30/mrj5PX8/W09FmT0q9ajev101ondVKv68vzm2d1/unzh3anZUmXu+VidvbmYdCj9L3bQSsCAADAafh5sPGR+wMAAAD/MthFAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAA6uajSVKSrrud3ifpjrstAAAA4EAlTd6N9+Xra4CtF/k2LimPtsmP0s+5ypc96/+iLzk6aMMAAABwosrO//jznOXJTn6RUS4v1+PfrzzcJG2Sqz/q3C0Xs9VzsZiV/3kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgF/swLEAAAAAgDB/6zQ6NgAAAAAAAAAAAAAAAACYKgAA//87RdIO") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000100), 0xfffffd9d) connect$tipc(0xffffffffffffffff, &(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x1, 0x4}}, 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0x490267a0}, 0x1c) sendmsg$NL80211_CMD_SET_STATION(0xffffffffffffffff, 0x0, 0x8004) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000100)=ANY=[], 0x32600) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) pwritev2(r2, &(0x7f0000000600)=[{&(0x7f0000000080)='W', 0x1}], 0x1, 0x800be6b, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x300, 0x0) 1.204185033s ago: executing program 0 (id=193): socket$inet_tcp(0x2, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, 0x0, 0x0, 0x8, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_init_net_socket$ax25(0x3, 0x5, 0x0) setsockopt$ax25_int(r3, 0x101, 0x2, &(0x7f0000000040), 0x4) 1.082753633s ago: executing program 1 (id=194): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) r0 = openat$mice(0xffffffffffffff9c, &(0x7f0000000100), 0x48000) syz_clone(0x4386111, 0x0, 0x0, 0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x0, 0x0}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) recvmmsg$unix(r0, 0x0, 0x0, 0x40000002, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r2, 0x0, 0x60, &(0x7f0000000cc0)={'filter\x00', 0x3b, 0x4, 0x4c8, 0x2f8, 0x2f8, 0x3e0, 0x2f8, 0x3e0, 0x3e0, 0x4, 0x0, {[{{@uncond, 0xc0, 0x1e8}, @unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x0, 0x0, 'system_u:object_r:update_modules_exec_t:s0\x00'}}}, {{@arp={@broadcast, @dev, 0x0, 0x0, 0x0, 0x0, {@mac=@broadcast}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth0_to_batadv\x00', 'veth1_to_hsr\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@remote, @empty, @multicast2, @loopback}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x520) 545.897167ms ago: executing program 3 (id=195): setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000200)=[@in6={0xa, 0x4e24, 0x4, @loopback}], 0x1c) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_CLOCK(r1, 0x4188aec6, &(0x7f0000000040)={0x1, 0x8, 0x0, 0x20000000000000}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000024000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000280)="66b9800000c00f326635010000000f3064660f38828e4258660f086766c744240012e93bf96766c7442402010000006766c744240600000000670f011c2466b9800000c00f326635002000000f300f01df66b80500000066b900200000a90a000f01c40f019f09000f01c2", 0x6b}], 0x1, 0x41, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000300)={[0xbb5, 0xffffffffffffffca, 0x100, 0xfffffffffffffff6, 0x6, 0x401, 0x6, 0x2, 0x0, 0x8, 0x100000001, 0xba25, 0x1000, 0x3, 0xfffffffffffffe00, 0x4], 0xeeef0000, 0x40080}) ioctl$KVM_CAP_X86_USER_SPACE_MSR(r1, 0x4068aea3, &(0x7f0000000100)={0xbc, 0x0, 0x4}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 209.454364ms ago: executing program 0 (id=196): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x800, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@userxattr}]}) chdir(&(0x7f0000000140)='./bus\x00') open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x1) r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) renameat2(r0, &(0x7f00000001c0)='./file1\x00', r1, &(0x7f0000000080)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x2) 105.603892ms ago: executing program 0 (id=197): newfstatat(0xffffffffffffff9c, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x0) 0s ago: executing program 1 (id=198): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) syz_usb_connect(0x0, 0x24, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000333c2340fd03beeb0dd201020301090212000100000000090400000091cd640040f20f2e7c0b480140d0b831ebdd4be6a8df1f50888d7655d34b2a03a879428ff5a468566cb2cd1a2e99114caf41ae040ba403d1601763b74398a1f7b2805df647fa404ca195bbe101640d9d047beb385be402d6f407bd770cbea9fa4ce70aa917cdbac8b2fe2ec4ba6a2e4a67698ddbe07b0b3f54c3e559c5a3c6f4be7183604252998be68d4cb19c99e4633ce2884a4288966f64cc"], 0x0) syz_usb_connect$uac1(0x0, 0x0, 0x0, 0x0) bind$bt_sco(r0, &(0x7f0000000040), 0x8) listen(r0, 0x1) setsockopt$bt_BT_VOICE(r0, 0x112, 0x13, 0x0, 0x0) syz_open_dev$evdev(&(0x7f0000000400), 0x800000003, 0x3c3781) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendto$inet(r4, &(0x7f0000000000)="f461c5bbd75c3583", 0x8, 0x0, &(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10) recvmmsg(r4, &(0x7f000000e280), 0x58a, 0x42, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.28' (ED25519) to the list of known hosts. [ 65.732486][ T5773] cgroup: Unknown subsys name 'net' [ 65.894038][ T5773] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 67.275773][ T5773] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 68.655102][ T5785] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 68.667461][ T5788] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 68.675244][ T5788] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 68.688138][ T5788] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 68.695974][ T5788] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 68.703598][ T5788] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 68.703673][ T5787] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 68.721338][ T5787] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 68.729114][ T5787] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 68.737821][ T5787] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 68.747299][ T5788] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 68.756056][ T5788] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 68.782682][ T5788] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 68.797396][ T5788] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 68.805108][ T5788] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 68.815497][ T5788] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 68.824553][ T5788] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 68.836743][ T5788] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 68.874581][ T5787] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 68.887698][ T5787] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 68.897127][ T5787] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 68.912593][ T5787] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 68.920743][ T5787] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 68.929261][ T5787] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 69.124785][ T5783] chnl_net:caif_netlink_parms(): no params data found [ 69.217575][ T5786] chnl_net:caif_netlink_parms(): no params data found [ 69.329482][ T5783] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.337937][ T5783] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.345244][ T5783] bridge_slave_0: entered allmulticast mode [ 69.352436][ T5783] bridge_slave_0: entered promiscuous mode [ 69.365267][ T5783] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.372576][ T5783] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.379942][ T5783] bridge_slave_1: entered allmulticast mode [ 69.387215][ T5783] bridge_slave_1: entered promiscuous mode [ 69.409558][ T5790] chnl_net:caif_netlink_parms(): no params data found [ 69.460318][ T5783] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.501568][ T5783] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.536102][ T5786] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.543697][ T5786] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.551398][ T5786] bridge_slave_0: entered allmulticast mode [ 69.558539][ T5786] bridge_slave_0: entered promiscuous mode [ 69.567070][ T5786] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.574911][ T5786] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.582198][ T5786] bridge_slave_1: entered allmulticast mode [ 69.588927][ T5786] bridge_slave_1: entered promiscuous mode [ 69.613663][ T5783] team0: Port device team_slave_0 added [ 69.647193][ T5783] team0: Port device team_slave_1 added [ 69.694902][ T5786] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.717360][ T5790] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.724545][ T5790] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.732693][ T5790] bridge_slave_0: entered allmulticast mode [ 69.740032][ T5790] bridge_slave_0: entered promiscuous mode [ 69.762146][ T5783] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.769232][ T5783] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.795313][ T5783] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.808935][ T5786] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.828150][ T5790] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.835404][ T5790] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.842897][ T5790] bridge_slave_1: entered allmulticast mode [ 69.849706][ T5790] bridge_slave_1: entered promiscuous mode [ 69.867185][ T5783] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.874181][ T5783] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.900444][ T5783] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.929672][ T5786] team0: Port device team_slave_0 added [ 69.941208][ T5786] team0: Port device team_slave_1 added [ 69.958550][ T5790] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.969499][ T5793] chnl_net:caif_netlink_parms(): no params data found [ 69.991018][ T5790] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.028369][ T5790] team0: Port device team_slave_0 added [ 70.080372][ T5790] team0: Port device team_slave_1 added [ 70.088036][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.095003][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.121935][ T5786] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.173551][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.180778][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.207871][ T5786] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.225972][ T5783] hsr_slave_0: entered promiscuous mode [ 70.232398][ T5783] hsr_slave_1: entered promiscuous mode [ 70.255421][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.263045][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.289174][ T5790] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.302131][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.309285][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.335594][ T5790] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.404608][ T5793] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.411863][ T5793] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.419463][ T5793] bridge_slave_0: entered allmulticast mode [ 70.426172][ T5793] bridge_slave_0: entered promiscuous mode [ 70.456181][ T5786] hsr_slave_0: entered promiscuous mode [ 70.462577][ T5786] hsr_slave_1: entered promiscuous mode [ 70.469322][ T5786] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.477193][ T5786] Cannot create hsr debugfs directory [ 70.482861][ T5793] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.490487][ T5793] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.497754][ T5793] bridge_slave_1: entered allmulticast mode [ 70.504392][ T5793] bridge_slave_1: entered promiscuous mode [ 70.554902][ T5790] hsr_slave_0: entered promiscuous mode [ 70.561544][ T5790] hsr_slave_1: entered promiscuous mode [ 70.569635][ T5790] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.577380][ T5790] Cannot create hsr debugfs directory [ 70.618167][ T5793] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.663620][ T5793] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.741751][ T5793] team0: Port device team_slave_0 added [ 70.766904][ T5793] team0: Port device team_slave_1 added [ 70.767321][ T5788] Bluetooth: hci0: command tx timeout [ 70.846728][ T5793] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.853861][ T5788] Bluetooth: hci1: command tx timeout [ 70.853995][ T5793] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.886077][ T5793] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.912368][ T5793] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.919631][ T5793] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.945848][ T5793] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.957114][ T5788] Bluetooth: hci2: command tx timeout [ 71.006917][ T5788] Bluetooth: hci3: command tx timeout [ 71.061525][ T5783] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 71.083551][ T5793] hsr_slave_0: entered promiscuous mode [ 71.090365][ T5793] hsr_slave_1: entered promiscuous mode [ 71.097024][ T5793] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 71.104615][ T5793] Cannot create hsr debugfs directory [ 71.112070][ T5783] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 71.121462][ T5783] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 71.151648][ T5783] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 71.231974][ T5786] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 71.242585][ T5786] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 71.271343][ T5786] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 71.285143][ T5786] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 71.367956][ T5790] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 71.378985][ T5790] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 71.402829][ T5790] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 71.420427][ T5790] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 71.554843][ T5793] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 71.564581][ T5793] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 71.572843][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.588507][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.599983][ T5793] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 71.611203][ T5793] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 71.664660][ T5783] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.728631][ T5786] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.738284][ T5783] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.777343][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.784593][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.795220][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.802381][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.823052][ T5786] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.844082][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.851264][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.872809][ T5790] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.889156][ T3463] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.896306][ T3463] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.952804][ T5790] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.997677][ T5793] 8021q: adding VLAN 0 to HW filter on device bond0 [ 72.013773][ T1087] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.021056][ T1087] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.059134][ T5793] 8021q: adding VLAN 0 to HW filter on device team0 [ 72.095734][ T3463] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.102925][ T3463] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.161380][ T3463] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.168600][ T3463] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.185708][ T3463] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.193321][ T3463] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.303596][ T5793] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 72.460664][ T5783] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.577521][ T5783] veth0_vlan: entered promiscuous mode [ 72.612824][ T5786] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.656145][ T5783] veth1_vlan: entered promiscuous mode [ 72.721634][ T5790] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.760118][ T5786] veth0_vlan: entered promiscuous mode [ 72.771040][ T5793] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.812280][ T5786] veth1_vlan: entered promiscuous mode [ 72.831499][ T5783] veth0_macvtap: entered promiscuous mode [ 72.839972][ T5790] veth0_vlan: entered promiscuous mode [ 72.847975][ T5788] Bluetooth: hci0: command tx timeout [ 72.857943][ T5783] veth1_macvtap: entered promiscuous mode [ 72.888018][ T5790] veth1_vlan: entered promiscuous mode [ 72.910024][ T5783] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.920201][ T5786] veth0_macvtap: entered promiscuous mode [ 72.926889][ T5788] Bluetooth: hci1: command tx timeout [ 72.951390][ T5786] veth1_macvtap: entered promiscuous mode [ 72.970874][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.982577][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.994018][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.003876][ T5783] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.007239][ T5788] Bluetooth: hci2: command tx timeout [ 73.021199][ T5783] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.031809][ T5783] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.041021][ T5783] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.050970][ T5783] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.073687][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.084375][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.086988][ T5788] Bluetooth: hci3: command tx timeout [ 73.102576][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.114514][ T5786] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.123330][ T5786] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.132102][ T5786] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.141001][ T5786] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.181368][ T5793] veth0_vlan: entered promiscuous mode [ 73.216388][ T5790] veth0_macvtap: entered promiscuous mode [ 73.224478][ T5793] veth1_vlan: entered promiscuous mode [ 73.261752][ T5790] veth1_macvtap: entered promiscuous mode [ 73.334154][ T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.351332][ T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.392583][ T3463] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.403315][ T3463] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.442089][ T3508] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.450133][ T5793] veth0_macvtap: entered promiscuous mode [ 73.454416][ T5793] veth1_macvtap: entered promiscuous mode [ 73.462218][ T3508] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.470398][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.482004][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.493191][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.504101][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.516996][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.527011][ T3508] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.534883][ T3508] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.552178][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.565880][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.581213][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.591705][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.603749][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.643399][ T5790] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.653555][ T5790] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.667769][ T5790] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.681402][ T5790] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.704274][ T5793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.715139][ T5793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.725723][ T5793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.738492][ T5793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.748730][ T5793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.759603][ T5793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.771050][ T5793] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.799297][ T5793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.813429][ T5793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.836744][ T5793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.849122][ T5793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.859512][ T5793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.884487][ T5793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.913469][ T5793] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.914801][ T5871] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 73.954322][ T5793] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.986070][ T5793] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.995346][ T5793] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.005841][ T5793] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.101991][ T3508] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.115763][ T3508] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.187828][ T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.199117][ T5841] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 74.219701][ T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.331519][ T3508] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.348310][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.361332][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.376550][ T3508] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.418828][ T5841] usb 3-1: New USB device found, idVendor=03fd, idProduct=ebbe, bcdDevice=d2.0d [ 74.435338][ T5841] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 74.469122][ T5841] usb 3-1: Product: syz [ 74.485448][ T5841] usb 3-1: Manufacturer: syz [ 74.507438][ T5841] usb 3-1: SerialNumber: syz [ 74.546045][ T5841] usb 3-1: config 0 descriptor?? [ 74.937690][ T5788] Bluetooth: hci0: command tx timeout [ 74.938122][ T5841] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 75.008012][ T5788] Bluetooth: hci1: command tx timeout [ 75.097562][ T5788] Bluetooth: hci2: command tx timeout [ 75.167924][ T5788] Bluetooth: hci3: command tx timeout [ 75.174755][ T5886] x_tables: duplicate entry at hook 1 [ 75.178819][ T5841] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 75.192251][ T5841] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 75.207465][ T5841] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 75.217682][ T5841] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 75.511251][ T5841] usb 1-1: GET_CAPABILITIES returned 0 [ 75.536583][ T5841] usbtmc 1-1:16.0: can't read capabilities [ 75.566654][ T0] NOHZ tick-stop error: local softirq work is pending, handler #242!!! [ 75.873837][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 75.976233][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 76.078662][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 76.447168][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 76.483268][ T5841] usb 1-1: USB disconnect, device number 2 [ 77.006614][ T5788] Bluetooth: hci0: command tx timeout [ 77.090212][ T5788] Bluetooth: hci1: command tx timeout [ 77.167633][ T5788] Bluetooth: hci2: command tx timeout [ 77.247980][ T5788] Bluetooth: hci3: command tx timeout [ 77.452517][ T5867] usb 3-1: USB disconnect, device number 2 [ 77.717086][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 79.407034][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 79.436692][ T5903] syz.2.6[5903]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 79.560529][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 79.570022][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 79.646665][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 80.536285][ T5903] loop2: detected capacity change from 0 to 40427 [ 81.837092][ T5777] I/O error, dev loop2, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 82.157741][ T8] cfg80211: failed to load regulatory.db [ 82.400940][ T5903] Zero length message leads to an empty skb [ 82.697981][ T5907] loop1: detected capacity change from 0 to 8192 [ 82.752323][ T5907] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 82.796616][ T5907] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal [ 82.806292][ T5907] REISERFS (device loop1): using ordered data mode [ 82.813155][ T5907] reiserfs: using flush barriers [ 82.824547][ T5907] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 82.852404][ T5907] REISERFS (device loop1): checking transaction log (loop1) [ 83.059190][ T5922] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 83.082065][ T5922] Cannot find add_set index 0 as target [ 83.847699][ T5907] REISERFS (device loop1): Using tea hash to sort names [ 83.974034][ T5907] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 84.156533][ T27] audit: type=1804 audit(1754987802.699:2): pid=5929 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.9" name="/newroot/3/file6/file1" dev="loop1" ino=5 res=1 errno=0 [ 84.180229][ T5929] REISERFS error (device loop1): vs-4010 is_reusable: block number is out of range 11822 (1024) [ 84.278616][ T5929] REISERFS (device loop1): Remounting filesystem read-only [ 84.286135][ T5929] REISERFS error (device loop1): vs-4010 is_reusable: block number is out of range 265056 (1024) [ 84.307931][ T5929] REISERFS error (device loop1): vs-4010 is_reusable: block number is out of range 592744 (1024) [ 84.347766][ T5907] REISERFS warning (device loop1): clm-6006 reiserfs_dirty_inode: writing inode 4 on readonly FS [ 84.414246][ T5929] REISERFS error (device loop1): vs-4080 _reiserfs_free_block: block 1: bit already cleared [ 84.458190][ T5929] REISERFS error (device loop1): vs-4080 _reiserfs_free_block: block 1: bit already cleared [ 84.692131][ T5938] x_tables: duplicate entry at hook 1 [ 84.738021][ T5929] REISERFS warning (device loop1): clm-6006 reiserfs_dirty_inode: writing inode 5 on readonly FS [ 86.312871][ T5964] Cannot find add_set index 0 as target [ 87.423500][ T5969] loop1: detected capacity change from 0 to 8192 [ 87.461564][ T5969] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 87.544886][ T5969] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal [ 87.559260][ T5969] REISERFS (device loop1): using ordered data mode [ 87.565932][ T5969] reiserfs: using flush barriers [ 87.681653][ T5969] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 87.998267][ T5969] REISERFS (device loop1): checking transaction log (loop1) [ 88.545777][ T5987] x_tables: duplicate entry at hook 1 [ 88.578337][ T5969] REISERFS (device loop1): Using tea hash to sort names [ 88.585938][ T5969] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 88.996885][ T9] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 89.059781][ T8] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 89.431806][ T9] usb 4-1: New USB device found, idVendor=03fd, idProduct=ebbe, bcdDevice=d2.0d [ 89.442407][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 89.464488][ T8] usb 1-1: New USB device found, idVendor=03fd, idProduct=ebbe, bcdDevice=d2.0d [ 89.476576][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 89.490374][ T9] usb 4-1: Product: syz [ 89.498910][ T8] usb 1-1: Product: syz [ 89.503116][ T8] usb 1-1: Manufacturer: syz [ 89.518674][ T9] usb 4-1: Manufacturer: syz [ 89.523414][ T9] usb 4-1: SerialNumber: syz [ 89.538766][ T8] usb 1-1: SerialNumber: syz [ 89.561892][ T8] usb 1-1: config 0 descriptor?? [ 89.569642][ T9] usb 4-1: config 0 descriptor?? [ 90.805463][ T6010] loop1: detected capacity change from 0 to 32768 [ 90.835551][ T6010] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 90.874770][ T6010] XFS (loop1): Ending clean mount [ 90.921537][ T5786] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 90.977436][ T9] usb 3-1: new full-speed USB device number 3 using dummy_hcd [ 91.178888][ T9] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 91.183202][ T6029] Cannot find add_set index 0 as target [ 91.193583][ T9] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 91.212899][ T9] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 91.224715][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 91.278493][ T6031] x_tables: duplicate entry at hook 1 [ 91.402133][ T6033] loop1: detected capacity change from 0 to 8192 [ 91.415261][ T6033] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 91.436214][ T6033] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal [ 91.446479][ T6033] REISERFS (device loop1): using ordered data mode [ 91.453191][ T6033] reiserfs: using flush barriers [ 91.455052][ T9] usb 3-1: GET_CAPABILITIES returned 0 [ 91.464825][ T6033] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 91.481846][ T6033] REISERFS (device loop1): checking transaction log (loop1) [ 91.482665][ T9] usbtmc 3-1:16.0: can't read capabilities [ 91.619389][ T6033] REISERFS (device loop1): Using tea hash to sort names [ 91.627237][ T6033] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 91.674377][ T9] usb 3-1: USB disconnect, device number 3 [ 91.820472][ T786] usb 1-1: USB disconnect, device number 3 [ 91.993489][ T5175] usb 4-1: USB disconnect, device number 2 [ 93.182777][ T6053] Cannot find add_set index 0 as target [ 93.923062][ T6051] loop0: detected capacity change from 0 to 40427 [ 95.637291][ T5175] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 95.822194][ T5175] usb 2-1: New USB device found, idVendor=03fd, idProduct=ebbe, bcdDevice=d2.0d [ 95.842145][ T5175] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 95.862457][ T5175] usb 2-1: Product: syz [ 95.873557][ T5175] usb 2-1: Manufacturer: syz [ 95.882764][ T5175] usb 2-1: SerialNumber: syz [ 95.901833][ T5175] usb 2-1: config 0 descriptor?? [ 95.938685][ T5868] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 96.026623][ T28] usb 3-1: new full-speed USB device number 4 using dummy_hcd [ 96.152299][ T5868] usb 1-1: New USB device found, idVendor=03fd, idProduct=ebbe, bcdDevice=d2.0d [ 96.161588][ T5868] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 96.180034][ T5868] usb 1-1: Product: syz [ 96.184249][ T5868] usb 1-1: Manufacturer: syz [ 96.197067][ T5868] usb 1-1: SerialNumber: syz [ 96.215575][ T5868] usb 1-1: config 0 descriptor?? [ 96.225410][ T28] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 96.254655][ T28] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 96.315972][ T28] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 96.340773][ T28] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 96.613703][ T28] usb 3-1: GET_CAPABILITIES returned 0 [ 96.713491][ T28] usbtmc 3-1:16.0: can't read capabilities [ 96.951877][ T6073] loop3: detected capacity change from 0 to 8192 [ 96.960484][ T28] usb 3-1: USB disconnect, device number 4 [ 97.640437][ T6073] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 97.654920][ T6073] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal [ 97.664798][ T6073] REISERFS (device loop3): using ordered data mode [ 97.672113][ T6073] reiserfs: using flush barriers [ 97.680437][ T6073] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 97.719123][ T6073] REISERFS (device loop3): checking transaction log (loop3) [ 98.054697][ T8] usb 2-1: USB disconnect, device number 2 [ 98.183364][ T6073] REISERFS (device loop3): Using tea hash to sort names [ 98.192532][ T6073] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 98.951804][ T5175] usb 1-1: USB disconnect, device number 4 [ 101.088379][ T6088] loop1: detected capacity change from 0 to 40427 [ 102.376543][ T5841] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 102.436640][ T5868] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 102.471224][ T6095] loop0: detected capacity change from 0 to 32768 [ 102.522208][ T6095] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 102.578379][ T5841] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 102.609667][ T5841] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 102.645715][ T5841] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 102.660940][ T6095] XFS (loop0): Ending clean mount [ 102.672897][ T5841] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.681615][ T5868] usb 3-1: New USB device found, idVendor=03fd, idProduct=ebbe, bcdDevice=d2.0d [ 102.710814][ T5868] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.759945][ T5868] usb 3-1: Product: syz [ 102.788150][ T5868] usb 3-1: Manufacturer: syz [ 102.794963][ T5868] usb 3-1: SerialNumber: syz [ 102.811632][ T5868] usb 3-1: config 0 descriptor?? [ 102.882096][ T5790] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 103.196177][ T5841] usb 2-1: GET_CAPABILITIES returned 0 [ 103.202884][ T5841] usbtmc 2-1:16.0: can't read capabilities [ 104.799756][ T9] usb 2-1: USB disconnect, device number 3 [ 105.166590][ T8] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 105.377109][ T8] usb 1-1: New USB device found, idVendor=03fd, idProduct=ebbe, bcdDevice=d2.0d [ 105.395738][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 105.404376][ T8] usb 1-1: Product: syz [ 105.411874][ T8] usb 1-1: Manufacturer: syz [ 105.421905][ T8] usb 1-1: SerialNumber: syz [ 105.436820][ T8] usb 1-1: config 0 descriptor?? [ 105.727812][ T6133] loop1: detected capacity change from 0 to 8192 [ 105.856686][ T8] usb 3-1: USB disconnect, device number 5 [ 105.880934][ T6133] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 106.531817][ T6133] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal [ 106.542071][ T6133] REISERFS (device loop1): using ordered data mode [ 106.548760][ T6133] reiserfs: using flush barriers [ 106.555926][ T6133] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 106.600938][ T6133] REISERFS (device loop1): checking transaction log (loop1) [ 107.168544][ T6133] REISERFS (device loop1): Using tea hash to sort names [ 107.207403][ T6133] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 108.208248][ T6142] loop3: detected capacity change from 0 to 40427 [ 108.660881][ T27] audit: type=1804 audit(1754987827.089:3): pid=6143 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.83" name="/newroot/19/file6/file1" dev="loop1" ino=5 res=1 errno=0 [ 108.739266][ T9] usb 1-1: USB disconnect, device number 5 [ 108.784632][ T6143] REISERFS warning (device loop1): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 1) not found (pos 4) [ 108.880149][ T5777] I/O error, dev loop3, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 108.977116][ T6143] REISERFS warning (device loop1): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 1) not found (pos 4) [ 110.419694][ T8] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 110.868127][ T8] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 110.896458][ T8] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 111.024537][ T8] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 111.057181][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 111.242240][ T6153] loop0: detected capacity change from 0 to 32768 [ 111.291447][ T6153] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 111.300204][ T8] usb 4-1: usb_control_msg returned -71 [ 111.300245][ T8] usbtmc 4-1:16.0: can't read capabilities [ 111.319445][ T8] usb 4-1: USB disconnect, device number 3 [ 111.402403][ T6153] XFS (loop0): Ending clean mount [ 111.546925][ T5790] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 112.037460][ T6187] loop0: detected capacity change from 0 to 8192 [ 112.046808][ T8] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 112.156705][ T6187] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 112.176545][ T5867] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 112.258904][ T6187] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 112.330929][ T6187] REISERFS (device loop0): using ordered data mode [ 112.392067][ T6187] reiserfs: using flush barriers [ 112.468468][ T6187] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 112.565662][ T6187] REISERFS (device loop0): checking transaction log (loop0) [ 113.397946][ T6193] loop3: detected capacity change from 0 to 40427 [ 113.694313][ T8] usb 3-1: New USB device found, idVendor=03fd, idProduct=ebbe, bcdDevice=d2.0d [ 114.469565][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 114.492130][ T8] usb 3-1: Product: syz [ 114.496654][ T5867] usb 2-1: New USB device found, idVendor=03fd, idProduct=ebbe, bcdDevice=d2.0d [ 114.505862][ T5867] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 114.545034][ T8] usb 3-1: Manufacturer: syz [ 114.561082][ T6187] REISERFS (device loop0): Using tea hash to sort names [ 114.569820][ T6187] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 114.588014][ T8] usb 3-1: SerialNumber: syz [ 114.608785][ T5867] usb 2-1: Product: syz [ 114.643829][ T5867] usb 2-1: Manufacturer: syz [ 114.654187][ T8] usb 3-1: config 0 descriptor?? [ 114.673517][ T5867] usb 2-1: SerialNumber: syz [ 114.711543][ T5867] usb 2-1: config 0 descriptor?? [ 114.853885][ T8] usb 3-1: USB disconnect, device number 6 [ 114.874041][ T27] audit: type=1804 audit(1754987833.419:4): pid=6198 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.97" name="/newroot/23/file6/file1" dev="loop0" ino=5 res=1 errno=0 [ 114.941984][ T5867] usb 2-1: USB disconnect, device number 4 [ 114.982246][ T6198] REISERFS error (device loop0): vs-4010 is_reusable: block number is out of range 11822 (1024) [ 114.993926][ T6198] REISERFS (device loop0): Remounting filesystem read-only [ 115.002424][ T6198] REISERFS error (device loop0): vs-4010 is_reusable: block number is out of range 265500 (1024) [ 115.054190][ T6198] REISERFS error (device loop0): vs-4010 is_reusable: block number is out of range 593188 (1024) [ 115.095450][ T6198] REISERFS error (device loop0): vs-4080 _reiserfs_free_block: block 1: bit already cleared [ 115.135381][ T6198] REISERFS error (device loop0): vs-4080 _reiserfs_free_block: block 1: bit already cleared [ 115.163520][ T6198] REISERFS warning (device loop0): clm-6006 reiserfs_dirty_inode: writing inode 5 on readonly FS [ 115.286871][ T6210] x_tables: duplicate entry at hook 1 [ 115.330506][ T5788] Bluetooth: hci3: link tx timeout [ 115.336550][ T5788] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 115.936646][ T5867] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 116.127905][ T5867] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 116.140833][ T5867] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 116.180214][ T5867] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 116.209943][ T5867] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.549254][ T6215] loop3: detected capacity change from 0 to 32768 [ 117.556675][ T5867] usb 2-1: usb_control_msg returned -71 [ 117.582715][ T5867] usbtmc 2-1:16.0: can't read capabilities [ 117.722848][ T5867] usb 2-1: USB disconnect, device number 5 [ 117.733734][ T5787] Bluetooth: hci3: command 0x0406 tx timeout [ 117.753138][ T6223] loop2: detected capacity change from 0 to 40427 [ 118.561781][ T6215] workqueue: Failed to create a rescuer kthread for wq "xfs-inodegc/loop3": -EINTR [ 118.787427][ T9] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 119.041478][ T9] usb 1-1: New USB device found, idVendor=03fd, idProduct=ebbe, bcdDevice=d2.0d [ 119.050660][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 119.059299][ T9] usb 1-1: Product: syz [ 119.064453][ T9] usb 1-1: Manufacturer: syz [ 119.085553][ T9] usb 1-1: SerialNumber: syz [ 119.127915][ T9] usb 1-1: config 0 descriptor?? [ 119.176507][ T5867] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 119.571006][ T5867] usb 2-1: New USB device found, idVendor=03fd, idProduct=ebbe, bcdDevice=d2.0d [ 119.586513][ T5867] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 119.594557][ T5867] usb 2-1: Product: syz [ 119.606490][ T5867] usb 2-1: Manufacturer: syz [ 120.276586][ T5867] usb 2-1: SerialNumber: syz [ 120.287540][ T5867] usb 2-1: config 0 descriptor?? [ 120.337971][ T6241] loop3: detected capacity change from 0 to 8192 [ 120.363549][ T6241] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 120.378603][ T6241] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal [ 120.388286][ T6241] REISERFS (device loop3): using ordered data mode [ 120.394951][ T6241] reiserfs: using flush barriers [ 120.412037][ T6241] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 120.511669][ T6241] REISERFS (device loop3): checking transaction log (loop3) [ 120.762025][ T6241] REISERFS (device loop3): Using tea hash to sort names [ 120.773400][ T6241] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 121.388819][ T5868] usb 1-1: USB disconnect, device number 6 [ 121.432812][ T27] audit: type=1804 audit(1754987839.979:5): pid=6250 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.116" name="/newroot/29/file6/file1" dev="loop3" ino=5 res=1 errno=0 [ 121.464080][ T6250] REISERFS warning (device loop3): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 1) not found (pos 4) [ 121.497472][ T6250] REISERFS warning (device loop3): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 1) not found (pos 4) [ 121.623200][ T6256] x_tables: duplicate entry at hook 1 [ 121.946603][ T5868] usb 1-1: new full-speed USB device number 7 using dummy_hcd [ 122.358568][ T5868] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 122.451369][ T5868] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 122.478296][ T5848] usb 2-1: USB disconnect, device number 6 [ 122.514685][ T5868] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 122.566687][ T5868] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.045976][ T5868] usb 1-1: usb_control_msg returned -71 [ 123.090848][ T5868] usbtmc 1-1:16.0: can't read capabilities [ 123.443391][ T5868] usb 1-1: USB disconnect, device number 7 [ 124.085845][ T6269] loop2: detected capacity change from 0 to 40427 [ 126.376701][ T5868] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 126.570756][ T5868] usb 1-1: New USB device found, idVendor=03fd, idProduct=ebbe, bcdDevice=d2.0d [ 126.586499][ T5868] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 126.596967][ T5868] usb 1-1: Product: syz [ 126.601362][ T5868] usb 1-1: Manufacturer: syz [ 126.615105][ T5868] usb 1-1: SerialNumber: syz [ 126.630342][ T5868] usb 1-1: config 0 descriptor?? [ 127.974417][ T6285] loop2: detected capacity change from 0 to 8192 [ 128.093213][ T6285] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 128.096666][ T5868] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 128.139003][ T6285] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal [ 128.150294][ T6285] REISERFS (device loop2): using ordered data mode [ 128.157807][ T6285] reiserfs: using flush barriers [ 128.164886][ T6285] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 128.188318][ T6285] REISERFS (device loop2): checking transaction log (loop2) [ 128.301937][ T5868] usb 2-1: New USB device found, idVendor=03fd, idProduct=ebbe, bcdDevice=d2.0d [ 128.336680][ T5868] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 128.373807][ T5868] usb 2-1: Product: syz [ 128.394385][ T5868] usb 2-1: Manufacturer: syz [ 128.414673][ T5868] usb 2-1: SerialNumber: syz [ 128.452430][ T5868] usb 2-1: config 0 descriptor?? [ 128.583254][ T6285] REISERFS (device loop2): Using tea hash to sort names [ 128.597208][ T6285] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 128.963617][ T9] usb 1-1: USB disconnect, device number 8 [ 129.735214][ T27] audit: type=1800 audit(1754987848.279:6): pid=6298 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.129" name="file1" dev="loop2" ino=5 res=0 errno=0 [ 129.770423][ T6306] x_tables: duplicate entry at hook 1 [ 129.785288][ T6298] REISERFS error (device loop2): vs-4010 is_reusable: block number is out of range 11822 (1024) [ 129.811278][ T6298] REISERFS (device loop2): Remounting filesystem read-only [ 129.827778][ T6298] REISERFS error (device loop2): vs-4010 is_reusable: block number is out of range 265716 (1024) [ 129.853212][ T6298] REISERFS error (device loop2): vs-4010 is_reusable: block number is out of range 593404 (1024) [ 129.868610][ T5868] usb 4-1: new full-speed USB device number 4 using dummy_hcd [ 129.889543][ T6298] REISERFS error (device loop2): vs-4080 _reiserfs_free_block: block 1: bit already cleared [ 129.910450][ T6298] REISERFS error (device loop2): vs-4080 _reiserfs_free_block: block 1: bit already cleared [ 129.936187][ T6298] REISERFS warning (device loop2): clm-6006 reiserfs_dirty_inode: writing inode 5 on readonly FS [ 130.062897][ T5868] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 130.088960][ T5868] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 130.118705][ T5868] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 130.142865][ T5868] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.381671][ T5868] usb 4-1: GET_CAPABILITIES returned 0 [ 130.392009][ T5868] usbtmc 4-1:16.0: can't read capabilities [ 130.622628][ T5868] usb 4-1: USB disconnect, device number 4 [ 130.732511][ T6311] loop0: detected capacity change from 0 to 16 [ 130.775989][ T6311] erofs: (device loop0): mounted with root inode @ nid 36. [ 130.895932][ T6311] erofs: (device loop0): erofs_map_blocks_flatmode: inline data cross block boundary @ nid 46 [ 130.921881][ T5175] usb 2-1: USB disconnect, device number 7 [ 132.612525][ T6322] loop1: detected capacity change from 0 to 40427 [ 133.036237][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.228985][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.662366][ T6332] loop1: detected capacity change from 0 to 8192 [ 134.726935][ T5867] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 134.728611][ T6332] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 134.798623][ T6332] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal [ 134.836167][ T6332] REISERFS (device loop1): using ordered data mode [ 134.855276][ T6332] reiserfs: using flush barriers [ 134.866533][ T6332] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 134.896990][ T6332] REISERFS (device loop1): checking transaction log (loop1) [ 134.948604][ T5867] usb 4-1: New USB device found, idVendor=03fd, idProduct=ebbe, bcdDevice=d2.0d [ 134.962748][ T5867] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 134.994943][ T5867] usb 4-1: Product: syz [ 134.999513][ T5867] usb 4-1: Manufacturer: syz [ 135.004144][ T5867] usb 4-1: SerialNumber: syz [ 135.044375][ T5867] usb 4-1: config 0 descriptor?? [ 135.088157][ T6332] REISERFS (device loop1): Using tea hash to sort names [ 135.096135][ T6332] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 135.405054][ T6340] x_tables: duplicate entry at hook 1 [ 136.195199][ T27] audit: type=1804 audit(1754987854.739:7): pid=6341 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.144" name="/newroot/35/file6/file1" dev="loop1" ino=5 res=1 errno=0 [ 136.238033][ T6341] REISERFS error (device loop1): vs-4010 is_reusable: block number is out of range 11822 (1024) [ 136.261041][ T6341] REISERFS (device loop1): Remounting filesystem read-only [ 136.275931][ T6341] REISERFS error (device loop1): vs-4010 is_reusable: block number is out of range 264916 (1024) [ 136.296523][ T6341] REISERFS error (device loop1): vs-4010 is_reusable: block number is out of range 592604 (1024) [ 136.312557][ T6341] REISERFS error (device loop1): vs-4080 _reiserfs_free_block: block 1: bit already cleared [ 136.331405][ T6341] REISERFS error (device loop1): vs-4080 _reiserfs_free_block: block 1: bit already cleared [ 136.346945][ T6341] REISERFS warning (device loop1): clm-6006 reiserfs_dirty_inode: writing inode 5 on readonly FS [ 136.992212][ T5867] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 137.211750][ T5867] usb 2-1: New USB device found, idVendor=03fd, idProduct=ebbe, bcdDevice=d2.0d [ 137.925085][ T5841] usb 4-1: USB disconnect, device number 5 [ 138.715940][ T6362] loop0: detected capacity change from 0 to 40427 [ 139.022177][ T5867] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 139.615477][ T6370] x_tables: duplicate entry at hook 1 [ 140.226426][ T5867] usb 2-1: Product: syz [ 140.230703][ T5867] usb 2-1: Manufacturer: syz [ 140.235391][ T5867] usb 2-1: SerialNumber: syz [ 140.296645][ T5867] usb 2-1: config 0 descriptor?? [ 140.306540][ T5867] usb 2-1: can't set config #0, error -71 [ 140.396629][ T5867] usb 2-1: USB disconnect, device number 8 [ 140.515163][ T6040] I/O error, dev loop0, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 140.734493][ T6376] loop2: detected capacity change from 0 to 8192 [ 140.790970][ T6376] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 140.924580][ T6376] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal [ 140.966676][ T6376] REISERFS (device loop2): using ordered data mode [ 140.973348][ T6376] reiserfs: using flush barriers [ 140.988559][ T6376] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 141.044718][ T6376] REISERFS (device loop2): checking transaction log (loop2) [ 141.249737][ T6376] REISERFS (device loop2): Using tea hash to sort names [ 141.265410][ T6376] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 141.617681][ T27] audit: type=1804 audit(1754987860.169:8): pid=6384 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.157" name="/newroot/42/file6/file1" dev="loop2" ino=5 res=1 errno=0 [ 141.665589][ T6384] REISERFS error (device loop2): vs-4010 is_reusable: block number is out of range 11822 (1024) [ 141.705376][ T6384] REISERFS (device loop2): Remounting filesystem read-only [ 141.732112][ T6384] REISERFS error (device loop2): vs-4010 is_reusable: block number is out of range 265652 (1024) [ 141.770562][ T6384] REISERFS error (device loop2): vs-4010 is_reusable: block number is out of range 593340 (1024) [ 141.781690][ T6384] REISERFS error (device loop2): vs-4080 _reiserfs_free_block: block 1: bit already cleared [ 141.791998][ T6384] REISERFS error (device loop2): vs-4080 _reiserfs_free_block: block 1: bit already cleared [ 141.803484][ T6384] REISERFS warning (device loop2): clm-6006 reiserfs_dirty_inode: writing inode 5 on readonly FS [ 141.846625][ T5826] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 142.087751][ T5826] usb 1-1: New USB device found, idVendor=03fd, idProduct=ebbe, bcdDevice=d2.0d [ 142.118120][ T5826] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 142.166726][ T5826] usb 1-1: Product: syz [ 142.170940][ T5826] usb 1-1: Manufacturer: syz [ 142.175552][ T5826] usb 1-1: SerialNumber: syz [ 142.204875][ T5826] usb 1-1: config 0 descriptor?? [ 142.263290][ T6395] loop1: detected capacity change from 0 to 16 [ 142.314147][ T6395] erofs: (device loop1): mounted with root inode @ nid 36. [ 142.398998][ T6395] erofs: (device loop1): erofs_map_blocks_flatmode: inline data cross block boundary @ nid 46 [ 143.436633][ T5175] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 143.490236][ T6411] x_tables: duplicate entry at hook 1 [ 143.691615][ T5175] usb 4-1: New USB device found, idVendor=03fd, idProduct=ebbe, bcdDevice=d2.0d [ 143.700918][ T5175] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 143.709758][ T5175] usb 4-1: Product: syz [ 143.715147][ T5175] usb 4-1: Manufacturer: syz [ 143.720405][ T5175] usb 4-1: SerialNumber: syz [ 143.728747][ T5175] usb 4-1: config 0 descriptor?? [ 144.613015][ T5826] usb 1-1: USB disconnect, device number 9 [ 145.553679][ T6420] loop1: detected capacity change from 0 to 8192 [ 146.199599][ T6420] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 146.573987][ T5826] usb 4-1: USB disconnect, device number 6 [ 146.877852][ T6426] loop0: detected capacity change from 0 to 40427 [ 146.929416][ T6420] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal [ 147.190656][ T6420] REISERFS (device loop1): using ordered data mode [ 147.363533][ T6420] reiserfs: using flush barriers [ 147.552473][ T6420] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 147.855445][ T6420] REISERFS (device loop1): checking transaction log (loop1) [ 148.473957][ T6420] REISERFS (device loop1): Using tea hash to sort names [ 148.517042][ T6420] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 148.696843][ T5868] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 148.960503][ T5868] usb 1-1: New USB device found, idVendor=03fd, idProduct=ebbe, bcdDevice=d2.0d [ 148.991147][ T5868] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 148.999446][ T5868] usb 1-1: Product: syz [ 149.003719][ T5868] usb 1-1: Manufacturer: syz [ 149.010979][ T5868] usb 1-1: SerialNumber: syz [ 149.037467][ T5868] usb 1-1: config 0 descriptor?? [ 150.436796][ T5841] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 150.556577][ T5826] usb 4-1: new full-speed USB device number 7 using dummy_hcd [ 150.663797][ T5841] usb 3-1: New USB device found, idVendor=03fd, idProduct=ebbe, bcdDevice=d2.0d [ 150.719085][ T5841] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 150.782837][ T5841] usb 3-1: Product: syz [ 150.808370][ T5841] usb 3-1: Manufacturer: syz [ 150.845360][ T5841] usb 3-1: SerialNumber: syz [ 150.960805][ T5841] usb 3-1: config 0 descriptor?? [ 152.091423][ T6465] loop1: detected capacity change from 0 to 40427 [ 153.684540][ T5175] usb 1-1: USB disconnect, device number 10 [ 154.148402][ T5826] usb 4-1: device descriptor read/all, error -71 [ 154.799197][ T5841] usb 3-1: USB disconnect, device number 7 [ 155.156331][ T6478] loop2: detected capacity change from 0 to 8192 [ 155.182473][ T6478] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 155.264669][ T6478] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal [ 155.297297][ T6478] REISERFS (device loop2): using ordered data mode [ 155.303910][ T6478] reiserfs: using flush barriers [ 155.365134][ T6478] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 155.377122][ T6488] x_tables: duplicate entry at hook 1 [ 155.393257][ T6478] REISERFS (device loop2): checking transaction log (loop2) [ 155.925849][ T6478] REISERFS (device loop2): Using tea hash to sort names [ 155.935884][ T6478] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 156.165080][ T27] audit: type=1804 audit(1754987874.709:9): pid=6498 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.192" name="/newroot/53/file6/file1" dev="loop2" ino=5 res=1 errno=0 [ 156.183618][ T6498] ================================================================== [ 156.194367][ T6498] BUG: KASAN: use-after-free in leaf_paste_in_buffer+0x6a1/0xbd0 [ 156.202126][ T6498] Read of size 48 at addr ffff8880568a5ff0 by task syz.2.192/6498 [ 156.209942][ T6498] [ 156.212282][ T6498] CPU: 1 PID: 6498 Comm: syz.2.192 Not tainted 6.6.101-syzkaller #0 [ 156.220356][ T6498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 156.230437][ T6498] Call Trace: [ 156.233714][ T6498] [ 156.236654][ T6498] dump_stack_lvl+0x16c/0x230 [ 156.241343][ T6498] ? __lock_acquire+0x7c80/0x7c80 [ 156.246375][ T6498] ? show_regs_print_info+0x20/0x20 [ 156.251574][ T6498] ? load_image+0x3b0/0x3b0 [ 156.256077][ T6498] ? _raw_spin_lock_irqsave+0xb4/0xf0 [ 156.261449][ T6498] ? __virt_addr_valid+0x18c/0x540 [ 156.266555][ T6498] ? __virt_addr_valid+0x469/0x540 [ 156.271662][ T6498] print_report+0xac/0x220 [ 156.276063][ T6498] ? leaf_paste_in_buffer+0x6a1/0xbd0 [ 156.281425][ T6498] kasan_report+0x117/0x150 [ 156.285918][ T6498] ? leaf_paste_in_buffer+0x6a1/0xbd0 [ 156.291282][ T6498] kasan_check_range+0x288/0x290 [ 156.296205][ T6498] ? leaf_paste_in_buffer+0x6a1/0xbd0 [ 156.301564][ T6498] __asan_memcpy+0x29/0x70 [ 156.305968][ T6498] leaf_paste_in_buffer+0x6a1/0xbd0 [ 156.311164][ T6498] leaf_copy_dir_entries+0x5e7/0x990 [ 156.316443][ T6498] ? leaf_item_bottle+0x1280/0x1280 [ 156.321634][ T6498] leaf_copy_boundary_item+0xb90/0x2180 [ 156.327171][ T6498] ? mark_lock+0x94/0x320 [ 156.331489][ T6498] ? get_right_neighbor_position+0x147/0x210 [ 156.337453][ T6498] leaf_move_items+0x8b5/0xe90 [ 156.342209][ T6498] ? reiserfs_convert_objectid_map_v1+0x500/0x500 [ 156.348615][ T6498] balance_leaf+0xc257/0x10da0 [ 156.353368][ T6498] ? verify_lock_unused+0x140/0x140 [ 156.358561][ T6498] ? do_balance+0x940/0x940 [ 156.363050][ T6498] ? __mutex_trylock_common+0x153/0x250 [ 156.368581][ T6498] ? trace_raw_output_contention_end+0xd0/0xd0 [ 156.374727][ T6498] ? rcu_is_watching+0x15/0xb0 [ 156.379479][ T6498] ? trace_contention_end+0x39/0xe0 [ 156.384659][ T6498] ? __mutex_lock+0x304/0xcc0 [ 156.389356][ T6498] ? __might_sleep+0xe0/0xe0 [ 156.393933][ T6498] ? __mutex_unlock_slowpath+0x1a2/0x6a0 [ 156.399555][ T6498] ? reiserfs_write_lock_nested+0x60/0xd0 [ 156.405265][ T6498] ? mutex_lock_nested+0x20/0x20 [ 156.410189][ T6498] ? get_empty_nodes+0x435/0x8c0 [ 156.415116][ T6498] ? __wake_up+0x190/0x190 [ 156.419516][ T6498] ? indirect_is_left_mergeable+0xe5/0x180 [ 156.425310][ T6498] ? get_neighbors+0x1030/0x1030 [ 156.430238][ T6498] ? create_virtual_node+0x1fc/0x1c70 [ 156.435598][ T6498] ? get_neighbors+0x9ba/0x1030 [ 156.440437][ T6498] ? fix_nodes+0x7b4c/0x82e0 [ 156.445021][ T6498] do_balance+0x2fe/0x940 [ 156.449334][ T6498] ? get_right_neighbor_position+0x210/0x210 [ 156.455393][ T6498] ? reiserfs_delete_item+0xe90/0xe90 [ 156.460758][ T6498] ? calc_deleted_bytes_number+0x465/0x800 [ 156.466643][ T6498] reiserfs_cut_from_item+0x13b2/0x1f10 [ 156.472182][ T6498] ? __might_sleep+0xe0/0xe0 [ 156.476821][ T6498] ? reiserfs_do_truncate+0x1340/0x1340 [ 156.482368][ T6498] ? search_by_key+0x4435/0x4630 [ 156.487324][ T6498] reiserfs_do_truncate+0xa3d/0x1340 [ 156.492612][ T6498] ? reiserfs_delete_object+0x1a0/0x1a0 [ 156.498153][ T6498] ? journal_begin+0x1f5/0x360 [ 156.502904][ T6498] ? reiserfs_update_inode_transaction+0x20/0x130 [ 156.509300][ T6498] reiserfs_truncate_file+0x37a/0x7c0 [ 156.514663][ T6498] ? reiserfs_new_symlink+0x560/0x560 [ 156.520044][ T6498] ? unmap_mapping_range+0xdf/0x170 [ 156.525233][ T6498] ? setattr_prepare+0x1e6/0xac0 [ 156.530158][ T6498] reiserfs_setattr+0xc0c/0x11a0 [ 156.535083][ T6498] ? reiserfs_commit_write+0x590/0x590 [ 156.540530][ T6498] ? ktime_get_coarse_real_ts64+0x110/0x120 [ 156.546413][ T6498] ? current_time+0x1b9/0x270 [ 156.551079][ T6498] ? inode_set_ctime_current+0x2d0/0x2d0 [ 156.556705][ T6498] ? evm_inode_setattr+0x94/0x6a0 [ 156.561718][ T6498] ? bpf_lsm_inode_setattr+0x9/0x10 [ 156.566902][ T6498] ? try_break_deleg+0x79/0x120 [ 156.571739][ T6498] ? reiserfs_commit_write+0x590/0x590 [ 156.577188][ T6498] notify_change+0xb0d/0xe10 [ 156.581772][ T6498] do_truncate+0x19b/0x220 [ 156.586201][ T6498] ? put_page_bootmem+0x2c0/0x2c0 [ 156.591229][ T6498] ? apparmor_file_truncate+0x23f/0x2d0 [ 156.596759][ T6498] ? ima_bprm_check+0x1f0/0x1f0 [ 156.601600][ T6498] path_openat+0x298c/0x3190 [ 156.606191][ T6498] ? __kasan_slab_alloc+0x6c/0x80 [ 156.611203][ T6498] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 156.617259][ T6498] ? verify_lock_unused+0x140/0x140 [ 156.622446][ T6498] ? do_filp_open+0x3d0/0x3d0 [ 156.627115][ T6498] ? __virt_addr_valid+0x18c/0x540 [ 156.632216][ T6498] do_filp_open+0x1c5/0x3d0 [ 156.636714][ T6498] ? vfs_tmpfile+0x490/0x490 [ 156.641307][ T6498] ? _raw_spin_unlock+0x28/0x40 [ 156.646152][ T6498] ? alloc_fd+0x58f/0x630 [ 156.650473][ T6498] do_sys_openat2+0x12c/0x1c0 [ 156.655139][ T6498] ? _raw_spin_unlock+0x40/0x40 [ 156.659993][ T6498] ? do_sys_open+0xe0/0xe0 [ 156.664392][ T6498] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 156.670358][ T6498] ? lock_chain_count+0x20/0x20 [ 156.675215][ T6498] ? lock_chain_count+0x20/0x20 [ 156.680055][ T6498] __x64_sys_openat+0x139/0x160 [ 156.684918][ T6498] do_syscall_64+0x55/0xb0 [ 156.689325][ T6498] ? clear_bhb_loop+0x40/0x90 [ 156.693987][ T6498] ? clear_bhb_loop+0x40/0x90 [ 156.698647][ T6498] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 156.704531][ T6498] RIP: 0033:0x7f717ef8ebe9 [ 156.708937][ T6498] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 156.728528][ T6498] RSP: 002b:00007f717fd50038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 156.736951][ T6498] RAX: ffffffffffffffda RBX: 00007f717f1b6180 RCX: 00007f717ef8ebe9 [ 156.744925][ T6498] RDX: 0000000000000300 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 156.752919][ T6498] RBP: 00007f717f011e19 R08: 0000000000000000 R09: 0000000000000000 [ 156.760880][ T6498] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 156.768841][ T6498] R13: 00007f717f1b6218 R14: 00007f717f1b6180 R15: 00007ffd73612198 [ 156.776812][ T6498] [ 156.779823][ T6498] [ 156.782129][ T6498] The buggy address belongs to the physical page: [ 156.788531][ T6498] page:ffffea00015a2940 refcount:2 mapcount:0 mapping:ffff888148c90878 index:0x2ce pfn:0x568a5 [ 156.798850][ T6498] memcg:ffff888078838000 [ 156.803092][ T6498] aops:def_blk_aops ino:700002 [ 156.807849][ T6498] flags: 0xfff58000008224(referenced|lru|workingset|private|node=0|zone=1|lastcpupid=0x7ff) [ 156.817903][ T6498] page_type: 0xffffffff() [ 156.822224][ T6498] raw: 00fff58000008224 ffffea00015a2908 ffffea0001663f88 ffff888148c90878 [ 156.830794][ T6498] raw: 00000000000002ce ffff88805db3f000 00000002ffffffff ffff888078838000 [ 156.839379][ T6498] page dumped because: kasan: bad access detected [ 156.845786][ T6498] page_owner tracks the page as allocated [ 156.851480][ T6498] page last allocated via order 0, migratetype Movable, gfp_mask 0x148c48(GFP_NOFS|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE), pid 6495, tgid 6475 (syz.2.192), ts 156153236102, free_ts 155218510137 [ 156.871702][ T6498] post_alloc_hook+0x1cd/0x210 [ 156.876479][ T6498] get_page_from_freelist+0x195c/0x19f0 [ 156.882031][ T6498] __alloc_pages+0x1e3/0x460 [ 156.886622][ T6498] folio_alloc+0x1e/0x30 [ 156.890860][ T6498] filemap_alloc_folio+0xdf/0x470 [ 156.895877][ T6498] __filemap_get_folio+0x3ee/0xbc0 [ 156.900969][ T6498] __getblk_gfp+0x223/0x660 [ 156.905462][ T6498] get_empty_nodes+0x515/0x8c0 [ 156.910211][ T6498] fix_nodes+0x1e52/0x82e0 [ 156.914617][ T6498] reiserfs_paste_into_item+0x5ce/0x7f0 [ 156.920152][ T6498] reiserfs_get_block+0x1bd3/0x3ed0 [ 156.925360][ T6498] __block_write_begin_int+0x566/0x1ad0 [ 156.930907][ T6498] reiserfs_write_begin+0x20a/0x4c0 [ 156.936099][ T6498] generic_perform_write+0x2fb/0x5b0 [ 156.941374][ T6498] generic_file_write_iter+0xaf/0x2e0 [ 156.946739][ T6498] do_iter_write+0x79a/0xc70 [ 156.951325][ T6498] page last free stack trace: [ 156.955988][ T6498] free_unref_page_prepare+0x7ce/0x8e0 [ 156.961438][ T6498] free_unref_page_list+0xbe/0x860 [ 156.966537][ T6498] release_pages+0x1fa0/0x2220 [ 156.971284][ T6498] __folio_batch_release+0x71/0xe0 [ 156.976387][ T6498] shmem_undo_range+0x5d0/0x1a40 [ 156.981322][ T6498] shmem_evict_inode+0x273/0xa70 [ 156.986251][ T6498] evict+0x486/0x870 [ 156.990222][ T6498] __dentry_kill+0x431/0x650 [ 156.995148][ T6498] dentry_kill+0xb8/0x290 [ 156.999465][ T6498] dput+0xfe/0x1e0 [ 157.003176][ T6498] __fput+0x5e5/0x970 [ 157.007150][ T6498] task_work_run+0x1ce/0x250 [ 157.011727][ T6498] exit_to_user_mode_loop+0xe6/0x110 [ 157.017002][ T6498] exit_to_user_mode_prepare+0xb1/0x140 [ 157.022541][ T6498] syscall_exit_to_user_mode+0x1a/0x50 [ 157.027992][ T6498] do_syscall_64+0x61/0xb0 [ 157.032392][ T6498] [ 157.034697][ T6498] Memory state around the buggy address: [ 157.040307][ T6498] ffff8880568a5f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 157.048359][ T6498] ffff8880568a5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 157.056423][ T6498] >ffff8880568a6000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 157.064474][ T6498] ^ [ 157.068528][ T6498] ffff8880568a6080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 157.076580][ T6498] ffff8880568a6100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 157.084626][ T6498] ================================================================== [ 157.206241][ T6498] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 157.213486][ T6498] CPU: 1 PID: 6498 Comm: syz.2.192 Not tainted 6.6.101-syzkaller #0 [ 157.221478][ T6498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 157.231544][ T6498] Call Trace: [ 157.234827][ T6498] [ 157.237764][ T6498] dump_stack_lvl+0x16c/0x230 [ 157.242460][ T6498] ? show_regs_print_info+0x20/0x20 [ 157.247654][ T6498] ? load_image+0x3b0/0x3b0 [ 157.252157][ T6498] panic+0x2c0/0x710 [ 157.256042][ T6498] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 157.262198][ T6498] ? bpf_jit_dump+0xd0/0xd0 [ 157.266702][ T6498] ? _raw_spin_unlock_irqrestore+0xfa/0x110 [ 157.272587][ T6498] ? _raw_spin_unlock+0x40/0x40 [ 157.277429][ T6498] ? leaf_paste_in_buffer+0x6a1/0xbd0 [ 157.282799][ T6498] check_panic_on_warn+0x84/0xa0 [ 157.287730][ T6498] ? leaf_paste_in_buffer+0x6a1/0xbd0 [ 157.293093][ T6498] end_report+0x6f/0x140 [ 157.297328][ T6498] kasan_report+0x128/0x150 [ 157.301828][ T6498] ? leaf_paste_in_buffer+0x6a1/0xbd0 [ 157.307197][ T6498] kasan_check_range+0x288/0x290 [ 157.312136][ T6498] ? leaf_paste_in_buffer+0x6a1/0xbd0 [ 157.317500][ T6498] __asan_memcpy+0x29/0x70 [ 157.321909][ T6498] leaf_paste_in_buffer+0x6a1/0xbd0 [ 157.327102][ T6498] leaf_copy_dir_entries+0x5e7/0x990 [ 157.332382][ T6498] ? leaf_item_bottle+0x1280/0x1280 [ 157.337606][ T6498] leaf_copy_boundary_item+0xb90/0x2180 [ 157.343144][ T6498] ? mark_lock+0x94/0x320 [ 157.347467][ T6498] ? get_right_neighbor_position+0x147/0x210 [ 157.353446][ T6498] leaf_move_items+0x8b5/0xe90 [ 157.358207][ T6498] ? reiserfs_convert_objectid_map_v1+0x500/0x500 [ 157.364619][ T6498] balance_leaf+0xc257/0x10da0 [ 157.369375][ T6498] ? verify_lock_unused+0x140/0x140 [ 157.374570][ T6498] ? do_balance+0x940/0x940 [ 157.379062][ T6498] ? __mutex_trylock_common+0x153/0x250 [ 157.384600][ T6498] ? trace_raw_output_contention_end+0xd0/0xd0 [ 157.390766][ T6498] ? rcu_is_watching+0x15/0xb0 [ 157.395519][ T6498] ? trace_contention_end+0x39/0xe0 [ 157.400700][ T6498] ? __mutex_lock+0x304/0xcc0 [ 157.405371][ T6498] ? __might_sleep+0xe0/0xe0 [ 157.409954][ T6498] ? __mutex_unlock_slowpath+0x1a2/0x6a0 [ 157.415579][ T6498] ? reiserfs_write_lock_nested+0x60/0xd0 [ 157.421285][ T6498] ? mutex_lock_nested+0x20/0x20 [ 157.426210][ T6498] ? get_empty_nodes+0x435/0x8c0 [ 157.431142][ T6498] ? __wake_up+0x190/0x190 [ 157.435542][ T6498] ? indirect_is_left_mergeable+0xe5/0x180 [ 157.441333][ T6498] ? get_neighbors+0x1030/0x1030 [ 157.446257][ T6498] ? create_virtual_node+0x1fc/0x1c70 [ 157.451619][ T6498] ? get_neighbors+0x9ba/0x1030 [ 157.456463][ T6498] ? fix_nodes+0x7b4c/0x82e0 [ 157.461054][ T6498] do_balance+0x2fe/0x940 [ 157.465373][ T6498] ? get_right_neighbor_position+0x210/0x210 [ 157.471340][ T6498] ? reiserfs_delete_item+0xe90/0xe90 [ 157.476706][ T6498] ? calc_deleted_bytes_number+0x465/0x800 [ 157.482503][ T6498] reiserfs_cut_from_item+0x13b2/0x1f10 [ 157.488063][ T6498] ? __might_sleep+0xe0/0xe0 [ 157.492649][ T6498] ? reiserfs_do_truncate+0x1340/0x1340 [ 157.498193][ T6498] ? search_by_key+0x4435/0x4630 [ 157.503153][ T6498] reiserfs_do_truncate+0xa3d/0x1340 [ 157.508449][ T6498] ? reiserfs_delete_object+0x1a0/0x1a0 [ 157.513996][ T6498] ? journal_begin+0x1f5/0x360 [ 157.518752][ T6498] ? reiserfs_update_inode_transaction+0x20/0x130 [ 157.525150][ T6498] reiserfs_truncate_file+0x37a/0x7c0 [ 157.530517][ T6498] ? reiserfs_new_symlink+0x560/0x560 [ 157.535913][ T6498] ? unmap_mapping_range+0xdf/0x170 [ 157.541107][ T6498] ? setattr_prepare+0x1e6/0xac0 [ 157.546123][ T6498] reiserfs_setattr+0xc0c/0x11a0 [ 157.551060][ T6498] ? reiserfs_commit_write+0x590/0x590 [ 157.556506][ T6498] ? ktime_get_coarse_real_ts64+0x110/0x120 [ 157.562389][ T6498] ? current_time+0x1b9/0x270 [ 157.567052][ T6498] ? inode_set_ctime_current+0x2d0/0x2d0 [ 157.572670][ T6498] ? evm_inode_setattr+0x94/0x6a0 [ 157.577683][ T6498] ? bpf_lsm_inode_setattr+0x9/0x10 [ 157.582872][ T6498] ? try_break_deleg+0x79/0x120 [ 157.587710][ T6498] ? reiserfs_commit_write+0x590/0x590 [ 157.593157][ T6498] notify_change+0xb0d/0xe10 [ 157.597753][ T6498] do_truncate+0x19b/0x220 [ 157.602159][ T6498] ? put_page_bootmem+0x2c0/0x2c0 [ 157.607185][ T6498] ? apparmor_file_truncate+0x23f/0x2d0 [ 157.612718][ T6498] ? ima_bprm_check+0x1f0/0x1f0 [ 157.617594][ T6498] path_openat+0x298c/0x3190 [ 157.622189][ T6498] ? __kasan_slab_alloc+0x6c/0x80 [ 157.627203][ T6498] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 157.633263][ T6498] ? verify_lock_unused+0x140/0x140 [ 157.638451][ T6498] ? do_filp_open+0x3d0/0x3d0 [ 157.643122][ T6498] ? __virt_addr_valid+0x18c/0x540 [ 157.648236][ T6498] do_filp_open+0x1c5/0x3d0 [ 157.652734][ T6498] ? vfs_tmpfile+0x490/0x490 [ 157.657326][ T6498] ? _raw_spin_unlock+0x28/0x40 [ 157.662185][ T6498] ? alloc_fd+0x58f/0x630 [ 157.666514][ T6498] do_sys_openat2+0x12c/0x1c0 [ 157.671191][ T6498] ? _raw_spin_unlock+0x40/0x40 [ 157.676035][ T6498] ? do_sys_open+0xe0/0xe0 [ 157.680441][ T6498] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 157.686409][ T6498] ? lock_chain_count+0x20/0x20 [ 157.691251][ T6498] ? lock_chain_count+0x20/0x20 [ 157.696097][ T6498] __x64_sys_openat+0x139/0x160 [ 157.700941][ T6498] do_syscall_64+0x55/0xb0 [ 157.705345][ T6498] ? clear_bhb_loop+0x40/0x90 [ 157.710006][ T6498] ? clear_bhb_loop+0x40/0x90 [ 157.714668][ T6498] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 157.720552][ T6498] RIP: 0033:0x7f717ef8ebe9 [ 157.724954][ T6498] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 157.744548][ T6498] RSP: 002b:00007f717fd50038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 157.752948][ T6498] RAX: ffffffffffffffda RBX: 00007f717f1b6180 RCX: 00007f717ef8ebe9 [ 157.760904][ T6498] RDX: 0000000000000300 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 157.768861][ T6498] RBP: 00007f717f011e19 R08: 0000000000000000 R09: 0000000000000000 [ 157.776815][ T6498] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 157.784770][ T6498] R13: 00007f717f1b6218 R14: 00007f717f1b6180 R15: 00007ffd73612198 [ 157.792738][ T6498] [ 157.795990][ T6498] Kernel Offset: disabled [ 157.800295][ T6498] Rebooting in 86400 seconds..