last executing test programs: 3m26.556843058s ago: executing program 2 (id=650): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x302, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000b00)=@newtfilter={0x38, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xf}, {}, {0x7, 0x10}}, [@filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_HASH={0x8, 0x2, 0xfffffff0}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x2008c014) 3m25.875494773s ago: executing program 2 (id=654): r0 = fsopen(&(0x7f0000000000)='cgroup\x00', 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSIGACCEPT(r1, 0x5607, 0x3) ioctl$VT_ACTIVATE(r1, 0x5606, 0x4) ioctl$TIOCSWINSZ(r1, 0x5414, &(0x7f0000000180)={0x9, 0x0, 0x3, 0x7fff}) fsconfig$FSCONFIG_SET_FD(r0, 0x5, &(0x7f0000000040)='+\x00', 0x0, r1) socket$nl_sock_diag(0x10, 0x3, 0x4) 3m24.079268461s ago: executing program 2 (id=660): ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x4048aec9, &(0x7f0000000080)={[{0xfffffffc, 0x0, 0x0, 0x8, 0x0, 0x85, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x61, 0xfd, 0x0, 0x0, 0x0, 0x42}, {0x200003, 0xa, 0x21, 0x80, 0x40, 0x0, 0x5f, 0x1, 0x0, 0xfe, 0x0, 0x5, 0xfffffffffffffffd}], 0x1ffffff}) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x1f00c00e}, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="020a040007000000b6f1ffff0000854105001a"], 0x38}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="020100090e000000030000000000000405000600000000000a0000000000000400000000000000000000002100000000000100000000000002000100010000000000010200fd000005000500000000000a"], 0x70}}, 0x0) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) 3m23.657505693s ago: executing program 2 (id=664): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x80000, 0x0) move_mount(r0, &(0x7f00000000c0)='./file0\x00', r0, &(0x7f00000001c0)='./file0\x00', 0x100) 3m23.268926726s ago: executing program 2 (id=665): sendmmsg(0xffffffffffffffff, &(0x7f0000001500)=[{{&(0x7f0000000040)=@l2tp6={0xa, 0x0, 0x7080000, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x4, 0x4}, 0x80, 0x0}}], 0x1, 0x4000000) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/resume', 0x169a82, 0x189) r0 = syz_open_dev$loop(&(0x7f0000000480), 0xd76, 0x181400) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000400)=ANY=[], 0x1df) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) 3m21.661900668s ago: executing program 2 (id=668): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x801) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x4e071, 0xffffffffffffffff, 0x80000000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x16) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000100)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000339000/0x1000)=nil, 0x800000}) 3m19.30659503s ago: executing program 32 (id=668): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x801) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x4e071, 0xffffffffffffffff, 0x80000000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x16) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000100)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000339000/0x1000)=nil, 0x800000}) 2m14.392569176s ago: executing program 0 (id=942): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f00000003c0)=[@mss={0x2, 0x8}, @window={0x3, 0xe, 0x7ff}, @sack_perm, @window={0x3, 0x16}, @window={0x3, 0x8000, 0xfffc}, @sack_perm, @sack_perm, @window={0x3, 0x5}], 0x8) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000140)='cdg\x00', 0x4) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0xc7) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x11, 0x0, 0x11) 2m13.228965734s ago: executing program 0 (id=948): r0 = creat(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x182) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15) r3 = dup(r2) write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r3, &(0x7f0000000540)=ANY=[@ANYBLOB="38010000fe0000", @ANYRES64=r0, @ANYBLOB="b1baf6924846dbe91fc7534b9d4e2b"], 0x138) mount$9p_fd(0x0, &(0x7f0000000200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000004500), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) listxattr(&(0x7f0000000440)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0) 2m12.721985347s ago: executing program 0 (id=953): r0 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) r1 = add_key$keyring(&(0x7f00000006c0), &(0x7f0000000540)={'syz', 0x0}, 0x0, 0x0, r0) r2 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x3}, 0x0, 0x0, r1) r3 = add_key$keyring(&(0x7f0000000440), &(0x7f0000000480)={'syz', 0x1}, 0x0, 0x0, r2) r4 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, r3) r5 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, r4) add_key$keyring(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x0}, 0x0, 0x0, r5) request_key(&(0x7f0000000580)='encrypted\x00', &(0x7f00000005c0)={'syz', 0x1}, 0x0, 0x0) 2m12.131821324s ago: executing program 0 (id=957): unshare(0x40600) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) pivot_root(&(0x7f0000000240)='./file0\x00', &(0x7f00000000c0)='./file0/../file0/../file0/../file0/../file0\x00') 2m11.700755163s ago: executing program 0 (id=959): r0 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x80, 0x2, 0x8b6}, &(0x7f0000000000)=0x0, &(0x7f0000000300)=0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x49, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r3, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, r0, 0x0, 0x0, 0x64, 0x183000, 0x23456}) io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0) 2m3.93244799s ago: executing program 0 (id=989): bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1e, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @sk_lookup=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000300)={0x20000002}) epoll_pwait2(r1, &(0x7f00000001c0)=[{}], 0x1, 0x0, 0x0, 0x0) epoll_pwait2(r1, &(0x7f0000000200)=[{}], 0x1, 0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000080)={0x28000006}) 2m2.834706457s ago: executing program 33 (id=989): bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1e, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @sk_lookup=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000300)={0x20000002}) epoll_pwait2(r1, &(0x7f00000001c0)=[{}], 0x1, 0x0, 0x0, 0x0) epoll_pwait2(r1, &(0x7f0000000200)=[{}], 0x1, 0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000080)={0x28000006}) 57.357173991s ago: executing program 5 (id=1282): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f00000002c0)='GPL\x00'}, 0x80) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(0xffffffffffffffff, 0x0, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000007b00000000000000"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000080)='netlink_extack\x00', r2}, 0x10) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000340)={{{@in=@dev, @in6=@private2}}, {{@in6=@empty}, 0x0, @in=@empty}}, &(0x7f0000000440)=0xe8) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000000)={'team0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x1, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, r3, 0x4c811}, [@IFLA_XDP={0x1c, 0x2b, 0x0, 0x1, [@IFLA_XDP_FLAGS={0x8, 0x3, 0x18}, @IFLA_XDP_EXPECTED_FD={0x8}, @IFLA_XDP_FD={0x8, 0x1, r1}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4048051}, 0x4004800) 56.773427452s ago: executing program 5 (id=1285): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x7a81b000) mremap(&(0x7f0000a99000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f0000ff8000/0x2000)=nil) mlock(&(0x7f0000ff9000/0x4000)=nil, 0x4000) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000bfc000/0x3000)=nil, 0x3000) mbind(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) 56.172145716s ago: executing program 5 (id=1288): socket(0x2, 0x2, 0x1) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0xffffffff) r0 = open$dir(&(0x7f0000000180)='./file0\x00', 0x7e, 0x0) r1 = syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x0, 0x400, 0x0, 0x338}, &(0x7f0000000080)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x8, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r1, 0x47ba, 0x98f1, 0x2a, 0x0, 0x0) vmsplice(r0, &(0x7f0000000380)=[{&(0x7f0000000080)="9b", 0x1}], 0x1, 0x6) 55.474467949s ago: executing program 5 (id=1294): madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$inet6(r1, &(0x7f0000007bc0)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000001a80)='T', 0x1}], 0x1}}], 0x1, 0x0) mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) 54.832805388s ago: executing program 5 (id=1300): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x80044940, &(0x7f0000001b00)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$jfs(&(0x7f0000000100), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000000)=ANY=[], 0xfd, 0x609c, &(0x7f0000011b00)="$eJzs3UuPHFfZB/CnL9NzyRvbil5ZxmLhOBASQny3IdzisGABSCAhr7E1mUQGB5BtEIksPJEXiAWXjwCbbFjki4Qda8QHwJLNKhKEQjVzjl3d0zM9jme6uuf8flK76ulT1X3K/6np7qmqPgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAxHe+/cOznYi4+st0x5GI/4teRDdiua5PRD1zOS/fj4hjG0tFHI2I3mJEvf7GP4cjLkTER4ciHjy8s1rffW6X/bh45vbNT777rb//5g/3jv34zR99MNr+g/8//+Fv70Yc+f5rH35yd082HQAAAIpRVVXVSR/zj6fP9922OwUATEV+/a+SfL9arVar97T+fXe2+qMutG6qxrvbLCJivblO/Z7B4XgAmDPr8XHbXaBF8i9aPyKeabsTwEzrtN0B9sWDh3dWOynfTvP14MRme/475VD+651H13dsN51k9ByTaf183YtePLdNf5an1IdZkvPvjuZ/dbN9kJbb7/ynZbv8B5EuaipMzr83mv+Iofz/GBFzm393bP6lyvn3nyT/9d4c7//yBwAAAADg4Mt//z/S8vHfxafflF3Z6fjviSn1AQAAAAAAAAD22qcc/2/jePnR5gMZ/w8AAABmVv1ZvfanQ4/v60T87fCYZeuP+Fc6Ec+OLA8UJl0ss9J2PwAAAAAAAAAAAACgJP3Nc3ivdCIWIuLZlZWqqupb02j9pJ52/XlX+vZDydr+JQ8AAJs+OpSu5b+/tHlHJ6Keu5K+629hZWWlqpaWV6qVankxv58dLC5Vy43PtXla37c42MUb4v6gqh9sqbFe06TPy5PaRx+vfq5B1dtFx6aj7dQBKN3mq9EDr0gHTFUdjrbf5TAf7P8Hj/2f3Wj75xQAAADYf1VVVZ30dd7H0zH/btudAgCmYSm//o8eF1Cr1Wq1Wn3w6qZqvLvNIiLWm+vU7xkMxw8Ac2Y9Pm67C7RI/kXrR8SxtjsBzLRO2x1gXzx4eGe1k/LtNF8P0vju+VyQofzXOxvr5fXHTScZPcdkWj9f96IXz23Tn6NT6sMsyfl3R/O/utk+SMvtd/7Tsl3+9XYeaaE/bcv590bzH3Fw8u+Ozb9UOf/+E+Xfkz8AAAAAAMyw/Pf/I47/5k0GAAAAAAAAgLnz4OGd1Xzdaz7+/9kxy3Wac67/PDBy/p1d5+/634Mk598dzX/khJxeY/7+G4/z/9fDO6sf3P7nZ/J05vNf6A3q517odHv9dM5PtfBWXI8bsRZntizfH2o/u6V9Yaj93IT281vaB3X7cm4/Favxs7gRbz5qX5xwYtTShPZqQnvOv2f/L1LOv9+41fmvpPbOyLR2//3ulv2+OR33PJf/8p8Xt+5de20wcYl70Xu0bU319p3clz7tbOP/5JlB/OLW2s1Tv7p2+/bNs5EmQ/eeizTZYzn/hXTL+b/0wmZ7/r3f3F/vvz944vxnxb3ob5v/C435entfnnLf2pDzH6Rbzj+/Ao3f/+c5/+33/1da6A8AAAAAAAAAAAAAAADspKqqjUtEL0fEpXT9T1vXZgIAU/W776WZKgm1Wq1Wq9V7VfdnrD9DqvFebxaxNLzOpYj49bgHAwBm2X8j4h9td4LWyL9g+fv+6unn2u4MMFW33n3vJ9du3Fi7eavtngAAAAAAAAAAn1Ye//NEY/znjfOARsaNHhr/9Y04Mbfjf3YHvY2xztMGPR87j/99MnYe/7s/4fkWJrRPGrF4cUL70oT2sRd6NOT8n08Z5/yPpw0rafzXl1roT9ty/ifTWM85/y+MLNfMv/rzPOffHcr/9O13fn761rvvvXr9nWtvr7299tOzZy5dOH/xwvmLF0+/df3G2pnNf1vs8f7K+eexr50HWpacf85c/mXJ+X8+1fIvS87/xVTLvyw5//x+T/5lyfnnzz7yL0vO/+VUy78sOf8vplr+Zcn5v5Jq+Zcl5/+lVMu/LDn/V1Mt/7Lk/E+lWv5lyfmfTrX8y5Lzz0e45F+WnH8+s0H+Zcn5n0u1/MuS8z+favmXJed/IdXyL0vO/2Kq5V+WnP+lVMu/LDn/L6da/mXJ+X8l1fIvS87/tVTLvyw5/6+mWv5lyfl/LdXyL0vO/+upln9Zcv7fSLX8y5Lz/2aq5V+WnP/rqZZ/WR5//7+ZKc/8+68RM9CN/ZipqqqagW6YeYqZtn8zAQAAAAAAAAAAAACjpnE6cdvbCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/9iBAwEAAAAAIP/XRqiqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrCDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFfbuN0aOs74D+Nw/++wE4pIQQjDk7DjBkIvvzv8SE0wcIDQNLU0DodCGOsY+Owb/q8+GJIqaS5O2QURqpPZF+qIUEEVIbZUIIZVKKYpUpPZd8woUVUKtlBeWmlQmgla0JFfNzvM8t7u3t3u27+zZmc8nin++29nd52Zn9+571ncHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaLbhI9N/MpBlWf5/4491WXZ5/vc12Z78w9mdl3qFAAAAwIV6o/Hn316RPrFnCVdq2uaf3/Ov35ubm5vLPv/6mTf/bG4uXTCWZUOrs6xxWfQvv/j5XPM2wRPZ6MBg08eDPe5+qMflwz0uH+lx+aoel6/ucfloj8sX7IAF1hS/j2nc2KbGX9cVuzS7KhtpXLapw7WeGFg9OBh/l9Mw0LjO3MjB7HB2JJvOJhdcZ6DxX5a9sCG/r7uyeF+DTfe1Psuysz99dH9cw0DYx5uyljtraH7sXrsjG3v9p4/u//apV9/ZafbcDQtWmmWbN+brfDLL5n9dlQ1kq9M+iescbFrn+g7rHGpZ50Djevnf29d5donrjF/3aFjnS13WuT587qHrsyybzRbdpt0T2WC2tu1e0/4eLY6I/Dbyh/Jt2fA5HScblnCc5Nd55frW46T9mIz7f0PYJ8OLrKH54Xjt8VUL9vv5Hif5V12GYzW/7XvyOx0dbf7Vasuxmm/z6A2LHwMdH7sOx0A6lpuOgY29joHBVUONY2Bwfs0bW46BqQXXGcwGGvd15obux8DEqaMnJmYefuTmw0f3HZo+NH1sanLn9m07tm/bsWPi4OEj05PFn+e2S/vI2mwwHYMbw2tNPAbf27Zt8yE5943lex6MluR5kH/tn7oxX9Dlg9kix3i+zZObL/x5kL7vNz0PhpueBx1fUzs8D4aX8DzItzm7eWnfM4eb/u+0hpV6LVzXdAxcyu+H+X3e/77FXwvXh3U99f5z/X44tOAYiF/WQHju5Z9JP++N3hr2y8Lj4tr8gstWZadnpk9ueWjfqVMnp7IwLoormx6r9uNlbdPXlC04XgbP+XjZ8ze/vPHaDp9fF/bV6E3dH6t8m+3j3R+rxqt76/5clRX7s+WzW7MwltnF3p+dvpvl+zNliS77M9/myZsv/GfBlEuaXv9Ger3+DY0MF69/Q2lvjLS8/i18aIYaK8uyszcv7fVvJPx/sV//rirJ61++r+7f0v0YyLd5auJcj4Hhrq9/14c5ENbzvpAYRpty/5uNy2eLw7Tpsex53AwPj4TjZjjeY+txs23BdfJby+978+T5HTebr299rFp+bqngcZPvqz+f7H7c5Nu8OHXhrx1r4l+bXjtW9ToGRoZW5esdSQdB8Xo3tyYeA1uy/dnx7Eh2IF0nf5Tz+xrfurRjYFX4/2K/dlxTkmMg31fPbu1+DOTb/HDb8v7stDl8Jm3T9LNT++8XFsv81w7P3177blvuzJ+v86M/+kT6XKcMkW/z6vZzzRnd99NN4TOXddhP7c+fxY7pA9nF2U/XhHUe2dH9d1P5NlftXOLxtCfLspenXm78viv8fve7p3/0vZbf+3b6nfLLUy/fPXHvj89l/QAAnL83G3/Orip+1mz6F+ul/Ps/AAAA0Bdi7h8MM5H/AQAAoDJi7h8KM5H/AQAAoDJi7h8OM6lJ/n/w1l3PvfFYlt4NcC6Il8fdcM+Hiu1ix3s2fDw2Ny///Ie/NfLcVx5b2n0PZln2y7vf1XH7Bz8U11U4Edf5gdbPL3DNdUu6/wfum9+u+f0Tzu4qbj9+PUs9DGJX+YWJrY3bHXt4qjFfvDtrzHtnn3qiuP3i47j9mW3F9n8Z3rRkz8GBlutvDuvZFOZYeE+Ze/bM74d8xus9t/49/3Tlp+fvL15vYONbG1/ms39Q3G58j6hnriy2j1/3Yuv/x69+57l8+4du6Lz+xwY7r/9MuN1XwvzF7mL75n3+lab1/1FYf7y/eL0t3/xBx/U//45i++fDcfH1MNvXf8efvvuNTo9XvJ89txXXi/c/+d/bG9eLtxdvv339o49NteyP9tt/8fXidnZ/6WdDzdvHz8f7iR64rfX4HgiPb0uPPMuy7/xx1rKfsw8W1/uHtvXH2ztxW+f139S2zhMD1zWuP//1rGv5ur7211s7fr1xPXv+bl3L1/PMnWH/vT7xw/x2z9wbjsdw+f++VNxe+3uZPn9n6+tN3P7r64rnbby9ibb1P9O2/tnr8n3Xe/13vV6s//nbV7esf8/HwvF0VzF7rf/QX13Rcv1vfLt4PE5+efzY8ZnThw807dXm5/Hq0TVrL7v8LW+9IryWtn+89/ipB6dPjk2OTWbZWB++ZeBKr/+bYf5XMWaX/x4KP/5Zcdw9/fHi+9Z7f158/Ez4/APh8YzfH7/2FyMtx2v74z57ezEvdP3vD+tYqnd89T+uW9KGZz73wum//8NX238uiF/PibePNr6+Zzdc3bhs4MXi8vbXq17+/e2tz+ufDE825vfDfp0L78y88eri/tpvP743ydOfLJ6/8Se5eP2s7f1E1g21fh0Xuv6fhJ9jfnBN6+tfPD6+/1jbuzmvywbyJcyG14dstrg8bhX399Nnr+54f/F9eLLZd57LMhc18/DMxJHDx04/NHFqeubUxMzDj+w9evz0sVN7G+9duvcLva4///xe23h+H5jeuT1rPNuPF2OFXer1n7hv/4FbJm88MH1w3+mDp+47MX3y0P6Zmf3TB2Zu3Hfw4PSXe13/8IHdU1t3bbtl6/ihwwd237pr17Zd44ePHc+XUSyqh52TXxw/dnJv4yozu7fvmtqxY/vk+NHjB6Z33zI5OX661/Ub35vG82t/afzk9JF9pw4fnR6fOfzI9O6pXTt3bu357o9HTxycGZs4efrYxOmZ6ZMTxdcydqrx6fx7X6/rUw8zx8PrXZuB8NP5Z2/amd4fN/etxxe9qWKT1h9Ps9fCe0HF72+9Po65fyTMpCb5HwAAAOog5v7wxv/zF8j/AAAAUBkx968OM5H/AQAAoDJi7i+S/2g6/Xtd8v9y9f8f1/9v0P/X/8/0/xP9f/3/TP9f/78H/X/9/35ev/6//j+9la3/H3J/tibL/Ps/AAAAVFTM/WvDTOR/AAAAqIyY+y8LM5H/AQAAoDJi7r88zKQm+d/5//X/9f+79f/jtvr/mf5/Gfr/m/5T/38B/X/9/0z//7xd6v58v6+/hP3/Nfr/lE3Z+v8x978lzKQm+R8AAADqIOb+t4aZyP8AAABQGTH3XxFmIv8DAABAZcTcvy7MpCb5X/9f/1//3/n/9f/7pv/v/P8d6P/r/2f6/+dtkf58/kOh/n9/9v+d/5/SKVv/P+b+XwkzqUn+BwAAgDqIuf9tYSbyPwAAAFRGzP1XhpnI/wAAAFAZMfdfFWZSk/xfz/7/K1mW6f9n+v/6/23r1P/X/18J+v/6/93o/5ey/+/8//r/+v8sm7L1/2Puf3uYSU3yPwAAANRBzP1Xh5nI/wAAAFAZMfe/I8xE/gcAAIDKiLn/mjCTmuT/evb/nf9f/7+g/9+6Tv1//f+VoP+v/9+N/r/+fz+vX/9f/5/eytb/j7n/nWEmNcn/AAAAUAcx918bZiL/AwAAQGXE3P+uMBP5HwAAACoj5v71YSY1yf/6//r/+v/6//r/+v8rqb/6/4OLXqL/X9D/b7V8/f/Z+QXo//fN+vX/9f/prWz9/5j73x1mUpP8DwAAAHUQc/97wkzkfwAAAKiMmPuvCzOR/wEAAKAyYu4fCzOpSf7X/9f/1//X/9f/1/9fSf3V/1+c/n9B/7/V0vr/A8PzC3D+/+V0qdev/6//T29l6//H3L8hzKQm+R8AAADqIOb+jWEm8j8AAABURsz914eZyP8AAABQGTH3bwozqUn+1//X/9f/1//X/9f/X0n6//r/3dSj/9+8AP3/5XSp16//r/9Pb2Xr/8fcf0OYSU3yPwAAANRBzP03hpnI/wAAAFAZMfe/N8xE/gcAAIDKiLl/c5hJTfK//r/+v/5/H/f/h/T/M/3/0tP/1//vRv+/XP3/Yf1//X/9f5ZZ2fr/Mfe/L8ykJvkfAAAA6iDm/veHmcj/AAAAUBkx998UZiL/AwAAQGXE3D8eZlKT/K//r/+v/9/H/X/n/29Z/zL0/0eaP6//vzz0//X/u9H/L1f/3/n/9f/1/1luZev/x9x/c5hJTfI/AAAA1EHM/VvCTOR/AAAAqIyY+yfCTOR/AAAAqIyY+yfDTKqQ///tbM9N9P8vZv+/sY/1//X/9f/D5SXs/zv//wrQ/9f/70b/X/+/n9ev/6//T29l6//H3D8VZlKF/A8AAAA0xNy/NcxE/gcAAIDKiLl/W5iJ/A8AAACVEXP/9jCTmuT/Pun/b0kFqL7u/zv/v/6//n8t+v//E14U9f8b9P/1/7vR/9f/7+f1X4L+/3DzB/r/lM1gh8+Vrf8fc/+OMJOa5H8AAACog5j7d4aZyP8AAABQGTH33xJmIv8DAABAZcTcf2uYSU3yf5/0/yty/n/9f/1//f9a9P8D5/8v6P/r/3ej/6//38/rP7f+/2fav905/z+1ULb+f8z9u8JMapL/AQAAoA5i7v9AmIn8DwAAAJURc/9tYSbyPwAAAPSVTuchjGLu/2CYSU3yv/5/1fv/c6v1//X/9f+7r1//f2Xp/+v/d6P/r//fz+u/BOf/b6H/Tz8oW/8/5v7dYSY1yf8AAABQBzH3fyjMRP4HAACAyoi5//YwE/kfAAAAKiPm/j1hJjXJ//r/Ve//1+b8/43L9f/1//X/y0f/X/+/G/3//uz/hx9b9P9L1P/PjyH9f8qobP3/mPvvCDOpSf4HAACAOoi5/8NhJvI/AAAAVEbM/R8JM5H/AQAAoDJi7v9omElN8r/+v/5/Rfr/zv+v/6//X1L6/yvW/2+8FOr/Fxbt/6/R/+9mvj9/hfP/93n/3/n/Kauy9f9j7r8zzKQm+R8AAADqIOb+j4WZyP8AAABQGTH3/2qYifwPAAAAlRFz/11hJjXJ//r/+v/6//r/+v/6/ytJ/9/5/7tx/v+y9P8vTX++39ev/6//T29l6//H3P9rYSY1yf8AAABQBzH33x1mIv8DAABAZcTc//EwE/kfAAAA+syqRS+Juf/Xw0xqkv/7r/8/1pf9/8F0+/r/+v/6//r/+v/LSf9f/z/T/z9vl7o/3+/r1//X/6e3svX/Y+7/jTCTmuR/AAAAqIOY+z8RZiL/AwAAQGXE3P+bYSbyPwAAAFRGzP33hJnUJP8vd/+//frdOP+//n+m/6//r/+v/3+B+qn/P6L/v4D+v/5/P69f/1//n97K1v+Puf+3wkxqkv8BAACgDmLuvzfMRP4HAACAknrwnK8Rc/8nw0zkfwAAAKiMmPs/FWZSk/zff+f/77/+f377+v/6/5n+v/5/017V/18+/dT/d/7/hfT/9f/7ef36//r/9Fa2/n/M/feFmdQk/wMAAEAdxNz/6TAT+R8AAAAqI+b+3w4zkf8BAACgMmLu/0yYSU3yv/6/8//r/+v/6//r/68k/f+F/f/8NUz/v6D/r//fz+vX/9f/p7ey9f9j7v9smElN8j8AAADUQcz9vxNmIv8DAABAZcTc/7thJvI/AAAAVEbM/feHmdQk/+v/6//r/+v/6//r/68k/X/n/+9G/1//v5/Xr/+v/09vZev/x9z/uTCTmuR/AAAAqIOY+38vzET+BwAAgMqIuX9vmIn8DwAAAJURc/8DYSY1yf/6//r/+v/17f+vblun/r/+/0rQ/9f/70b/X/+/n9ev/6//T29l6//H3L8vzGRP690AAAAA/Svm/s+HmdTk3/8BAACgDmLu3x9mIv8DAABAZcTcfyDMpCb5X/9f/1//v779f+f/L+j/ryz9f/3/bvT/9f/7ef36//r/9Hax+//x+8Bi/f+Y+6ezrJb5HwAAAOog5v6DYSbyPwAAAFRGzP2HwkzkfwAAAKiMmPsfDDOpSf7X/9f/1/+vbf//pe+2rVP/X/9/Jej/6/93o/+v/9/P69f/1/+nt7Kd/z/m/sNhJjXJ/wAAAFAHMfd/IcxE/gcAAIDKiLn/i2Em8j8AAABURsz9R8JMapL/9f/1//X/z6v//39z/d//X9r5/9fM36/+v/7/+dD/1//vRv9f/7+f16//r/9Pb2Xr/8fcfzTMpCb5HwAAAOog5v5jYSbyPwAAAFRGzP3Hw0zkfwAAAKiMmPtPhJnUJP/r/59b/39gkW6g/n/n9Ve4/99Qi/5/E/1//f/zof+v/9/NRej/v9l8Ff3/Vpe6P9/v69f/1/+nt1L0/0fmP465//fDTGqS/wEAAKAOYu4/GWYi/wMAAPD/7N1Xs6V1lcfxPYduGmqKmrfA1VzPXHnpS/A1WMU7MGcwY1bMWRFzQswYMOecE+aIKCoG1Cqs7rPWavp0n2fv7t67z/P81+dz4Rqa9DDTTM2v4Dt/hpG7/0Fxi/0PAAAAw8jd/+C4pcn+P7P/P6b/9/6//l//r/8P+v/t0P/r/6d4/1//v+Tv1//r/1lvFv3/fX45d/9D4pYm+x8AAAA6yN3/0LjF/gcAAIBh5O5/WNxi/wMAAMAwcvc/PG5psv+9/6//1//r//X/+v9d0v/r/w+T/7tI/6//X+r36//1/6w3t/4/d/8j4pYm+x8AAAA6yN3/yLjF/gcAAIBh5O5/VNxi/wMAAMAwcvc/Om5psv/1//p//b/+X/9/zv7/bv3/duj/9f9TvP+v/1/y9+v/z7//P7buD8pw5tb/5+5/TNzSZP8DAABAB7n7Hxu32P8AAAAwjNz9j4tb7H8AAAAYRu7+a+OWFvv/mP5f/6//X2L/f0z/7/3/5dD/6/+n6P/1/0f3/VetViv9v/f/2bW59f+5+6+LW1rsfwAAAOghd//j4xb7HwAAABZgb6PfKnf/E+IW+x8AAACGkbv/iXFLk/2v/9f/6/8X2P97/1//vyD6//H7///R/+v/F9n/e/9f/8+lMLf+P3f/k+KWJvsfAAAAOsjd/+S4xf4HAACAYeTuf0rcYv8DAADAMHL3PzVuabL/9f/6f/2//l//r//fJf3/+P3/6lz9/InNvkf/r/9f8vfr//X/rLfz/v8B15+6m/b/ufuvj1ua7H8AAADoIHf/0+IW+x8AAACGkbv/6XGL/Q8AAADDyN3/jLilyf7X/+v/T/f/9/6X/l//r/8//eP6/+3Q/zft/zek/9f/L/n79f/6f9bbef+/pvc/+Mu5+58ZtzTZ/wAAANBB7v5nxS32PwAAAAwjd/+z4xb7HwAAAIaRu/85cUuT/a//1/97/1//r//X/++S/n+2/f/Bv/XOpP/fiP5f/39Y/3//Db5f/08Hc+v/c/c/N25psv8BAACgg9z9z4tb7H8AAAAYRu7+G+IW+x8AAACGkbv/+XFLk/3fpv8/kPPp//fp//X/q7P6/72W/f/JH9P/74b+f7b9/zT9/0b0//p/7//r/5k2t/4/d/8L4pYm+x8AAAA6yN3/wrjF/gcAAIBh5O5/Udxi/wMAAMAwcve/OG5psv/b9P8H6P/3XXT/f0L/P17/f57v/182Rv/v/f/d0f/r/6fo//X/S/5+/b/+n/Xm1v/n7n9J3NJk/wMAAMDw9la1+18at9j/AAAAMIzc/S+LW+x/AAAAGEbu/pfHLU32v/5f/+/9f/3/RfX/g7z/r//fHf2//n/Kpv3/Sv9ffy36//l8v/5f/896c+v/c/e/Im5psv8BAACgg9z9r4xb7H8AAAAYRu7+V8Ut9j8AAAAMI3f/q+OWJvtf/6//1//r//X/+v9d0v/r/6d4/1//v+Tv1//r/1lvbv1/7v7XxC1N9j8AAAB0kLv/tXGL/Q8AAADDyN1/Y9xi/wMAAMAwcve/Lm45uP/3LuVXXTr6f/2//l//r//X/++S/l//P2Xk/v/eExfe/19xyJ9P/7/h999yXP+/w/4//57S/7OJufX/uftvilv8838AAAAYRu7+18ct9j8AAAAMI3f/G+IW+x8AAACGkbv/jXFLk/1/WP9/13/v/3r9/2b0/+f+fv2//n/T/v+e20//fvp//f/50P/r/1cz7f+9/+/9/3W//1L7/6T/ZxNz6/9z978pbmmy/wEAAKCD3P1vjlvsfwAAABhG7v63xC32PwAAAAwjd/9b45Ym+3/77/9frf/X/+v/4+r/vf+v/9f/6/+n6f/1/0v+fv2//p/1ttP/X7baVv+fu/9tcUuT/Q8AAAAd5O5/e9xi/wMAAMAwcve/I26x/wEAAGAYufvfGbc02f/b7/+9/6//P8/+f69Z/3/jbfr/+PX6f/3/Nuj/9f8r/f8FO+p+funfr//X/7Pe3N7/z91/86mp12//AwAAQAc3n/rPK1bvilvsfwAAABhG7v5b4hb7HwAAAIaRu//dcUuT/a//1/8fef/v/f+i/4//uer/9f/nQf+v/1/p/y/YUffzS/9+/b/+n/Xm1v/n7n9P3NJk/wMAAEAHufvfG7fY/wAAADCM2P37//K7/Q8AAABDet+p/7xi9f64pcn+b9z/X32x/f+V9/mv9f/n/n79/1b6/5sP/tzT/+v/l0T/r/+fov/X/y/5++fT/8cPXKv/Z37m1v/n7v9A3NJk/wMAAEAHufs/GLfY/wAAADCM3P23xi32PwAAAAwjd/+H4pYm+79x/z/I+/8PvDO+QP8/bv/v/f+4i+r/79L/J/2//n+K/l//v+Tvn0//7/1/5mtu/X/u/g/HLU32PwAAAHSQu/8jcYv9DwAAAMPI3f/RuMX+BwAAgGHk7r8tbmmy//X/S+//vf+v/9f/z7L/9/5/0f/r/6fo//dO/V8i+v9lfr/+X//PenPr/3P3fyxuabL/AQAAoIPc/R+PW+x/AAAAGEbu/k/ELfY/AAAADCN3/yfjlib7X/+v/99V/3/yT6L/b9L/X6f/X+n/D6X/1/9P0f97/3/J36//1/+z3tz6/9z9n4pbmux/AAAA6CB3/6fjFvsfAAAAhpG7/zNxi/0PAAAAw8jd/9m44f+vOrpP2q7jh/x49Ob6/9Vq7z7xsf7f+//6f+//J/3/duj/9f9T9P/6/yV/v/5f/896c+v/c/d/Lm7xz/8BAABgGLn7Px+32P8AAAAwjNz9X4hb7H8AAAAYRu7+L8YtTfa//t/7//r/xfb/V+r/z/x+/f886f/1/1P0//r/JX+//l//z3pz6/9z938pbmmy/wEAAKCD3P1fjlvsfwAAABhG7v6vxC32PwAAAAwjd/9X45Ym+1//r//X/y+2//f+/4Hv1//Pk/5f/z9F/6//X/L36//1/6w3t/4/d//X4pYm+x8AAAA6yN3/9bjF/gcAAIBh5O7/Rtxi/wMAAMAwcvd/M25psv/1//p//b/+X/+v/98l/f94/f/Jvwf0//v0/7Po//Onif5f/88Mza3/z93/rbilyf4HAACADnL3fztusf8BAABg7g7+652Hyt3/nbjF/gcAAIBh5O7/btzSZP+P3P9P/Wb6/336f/3/Sv+v/98x/f94/b/3/0/bpP8/4/8DgP5/q476+/X/+n/Wm1v/n7v/e3FLk/0PAAAAHeTu/37cYv8DAADAMHL3/yBusf8BAABgGLn7fxi3NNn/I/f/U/T/+/T/+v+V/l//v2P6f/3/lA79/xn0/1t11N+v/9f/s94R9f/HV4f0/7n7fxS3NNn/AAAA0EHu/tvjFvsfAAAAhpG7/8dxi/0PAAAAw8jd/5O4ZZz9f82tE79S/7/1/v/UTyL9v/5/pf/X/+v/T9H/6/+n6P/1/0v+fv2//p/15vb+f+7+n8Yt4+x/AAAAaC93/8/iFvsfAAAAhpG7/+dxi/0PAAAAw8jd/4u4pcn+n2v/f/C//Qvq/y/o/f/8Bv2//n/H/f9lK/2//v8S0//r/6csp/8/ds4f1f/r//X/+n+mza3/z93/y7ilyf4HAACADnL3/ypusf8BAABgGLn7fx232P8AAAAwjNz9v4lbmuz/ufb/C37//4L6/4t7//90Pa3/P8r+f++sP/4M+3/v/+v/Lzn9v/5/ynL6/3PT/+v/7/d//3tN/rzT/+v/Odvc+v/c/b+NW5rsfwAAAOggd//v4hb7HwAAAIaRu/+OuMX+BwAAgGHk7v993NJk/+v/R+j/vf8/j/7/7D++/n93/f/JH9P/L4P+X/8/Rf+v/1/y93v/X//PenPr/3P33xm3NNn/AAAA0EHu/j/ELfY/AAAADCN3/x/jltj/lx/JVwEAAADblLv/rrilyT//1//r/4fs/0/07f/vaNL/e/9/OfT/+v8p+n/9/5K/X/+v/2e9ufX/ufv/FLc02f8AAADQQe7+P8ct9j8AAAAMI3f/X+IW+x8AAACGkbv/7rilyf7X/+v/z7//P15/3bPt/73/r//X/8/GuP3/5fp//f9F9/833LT/w/r/ZX6//l//z3pz6/9z9/81bmmy/wEAAKCD3P1/i1vsfwAAABhG7v6/xy32PwAAAAwjd/8/4pYm+1//r/8f8v1//b/+X/8/G+P2/97/1/97///i+vm9hX+//l//zybm1v/n7r8nbmmy/wEAAKCD3P3/jFvsfwAAABhG7v5/xS32PwAAAAwjd/+/45Ym+1//r//X/+v/9f/6/13S/+v/p+j/O/f/y/9+/b/+n/Xm1v/n7v9PAAAA//9AODfC") syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x802053, 0x0, 0xfc, 0x0, &(0x7f00000000c0)) syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000100)='.\x00', 0x1a4243c, &(0x7f0000002f80)=ANY=[@ANYRES16=r2, @ANYRESOCT, @ANYBLOB="12a4095a2aac12f0bfcb206d982e44066381388d27f14002d8d7431d3947f6399c7ff9f5193fc0398653e5a67bbb319f02bf4ac6f6ccd5acbfe1350cc3a6d2d48cf6c089ddf67171ffb3b15988e7b394c5daf3e12ca05e4dbdad7edd45f10cbc296a53a530d4c2d203ee650d5fff3a9b5aae78794fe84327e508172cdd72eeff5af4d6db9379bef20dde8e64b91d31a84ce8a7598bb78cc85108874811fc650f0520a5", @ANYRES32=r1, @ANYBLOB="7b8ae4d950a510a981c78f2246d4825535c37655327112a414ee394162b6e558c36104bc2a1b47a800a92237a6148a222bcace4f74ebf7b4d63ad663b601d02146f21caf496271e9376e3f721e48caaa194f00e137096facebc4e2574ed5d094491b637c93517ded181fdf49e2daceefb5c72f3fef86df384ff03cb9820b35f281ae9b5064199b03e8e689b35f17c7e23647ccaa01c87d80ab00757848", @ANYRES16=r1, @ANYRES16=r2, @ANYBLOB="9a7f40ad4c7145903a868b9020e1e8899ed5747db23004fc9d248900abcaa6b065cf0800930a71dcd8b8955d93c78b9d4e5e06d8d5c9ac9b75d177754d6eba23e6d2be546c0dfecdf61baf732950a5729c01fbdc11e36cb411be200a9135657acd97d21ee46aac313ebdddd9265af16558dd3e5ba4836659a6abfe08aad84276acf949bdaa34bdf7f7b2dfb2fe8b9d6d225dcecebeb6e15f649994728842bd99fc94897d24315ac2d17bf6c2acfbfa8464d80f36304f88b906b78ab359be3479db5b0e7555f04416807c2202d6551f2425440be741dbe053e0bfeb845623e722a9293843f1cf0a71119dcadf7e353af4da52aed3086d6e5a095774248be9a1b1418dec1c03a2cb0ece0840ebeaaf7b67867da45943b700e2d6dad775ae6f33e55aa86ca84c336c91e3b7d7224f7a9a10d5b45a6ce0769d875415bea136b5508e5e0a88290792da3b11b2284a3d757c301cec78b55d3fcfa073615ccb089f66c5b9a5c84f6c1bb78c3370c4687eab260711fa05525687c7709e15cddea061f70798cbf940ad929eb80f33ad8bb4fcd322dd0558f111d7d01351147976b425a27e573402490055054cf3d80bebde6a89f3086170633740f08780aac3a73f17eaeda8deb642c2887962596b4d78c0ffffb28d0e64073b0641f89cf83a69afaaea03ba6070838fdbdaccb81630a6fdaa77fc10146013b9fd79e965a320daf81c1a51f032a3f462f2740e579eb116cad80b4e233326bf94fea52184517accf608b1fbfb395942869841b9ca0f314beff6b2dc0a74d7599012274b24775f0382e72907c1f0c571b994f048c0266feb775d893fec84e5733cd66a96cd45b60f63743b17b05d99c427a2d00a27fef17cadf128059a2e227b80701755b0bc706f32255c8cd619fa995cc7649f28337361a62cff46669fa4cf095a2d148987a9fafa6e1fb9f59b5ac5ff10a4c62e0187a3c75a983f7f5211142c6c09170a13e29c2044e5568bda8055cee4722e445e83ea01307c42cbe63a5bc529e1200e5874f7500275abacd6cc0e3bf8fd38ab7bab39f54d180d60892e2e3a713a3e654c89b8e9ba4474909991844514c04b655c66ccd6f2a17e29ff69d343ebac7ac5e1510ad4ff52e6a932a97bb0d814259da6545022152dd63f06219a1d66ec2278b694876ed6195b0543b8c9289b8438e8ee57dd38bcdb045a6fc4cede28effaa0354afbd4190fcbccd9a0e91508e4399e0e30a0bfdedcc19454b6dd7c2785a6e4fe74a0ece1d683ad07d76eafec02fb0d88debfeacd3531413185da0ffa4fb9b5e6d5a916f7bb5d51efc8ab61e4953fc6b2d1e670769f3ca56d51b804ceb118278acc90422e1f51e448a27d2fe4f93c88cf7c6148474bf650902dd6dd96541044113d244cf938150ec426e7ed63e1f153bbe328f4232552b104c8dee60b0c4e4c25f2605e97cc6f4263d32e8340be2d167137682373ae4cd501fdc9c5359b40f52803a5e4c0e04a5de0412c5cbd4d05e6135a1209d4b2dff50d39e481f1d1b01ed71004fb0c18e736af8ab176f833a439a85c9132e6d2296f665771c6a284eadc08c94ffa520dcc37fd6426c152364699514b15d4df6732fff39834e8ba29688b19db27a970d9d7fbee973c76bee04fb6164963969ebde0f785606781d63726736d8b60a713d5f72207a23f6f00420fdf24d14c069f36a7e236620481cc7a63857cc1355bac8d4f9a3f32785ad4d9d81719077a816b33b98006c322ee473aa9f8f83fae86a4d421104b298a9e42357c44b773e3504b3f9eb5b29330411b776b78fdb6dd9713dd1aee0cc9c7ee8bd23a50d4c8babaf6d74bc25377009a8c57c941f80e58ac08c93a275656cbad3864df9e791305d66103ab30983b07553ede5b5d5b0aab157f805eb6c11c75dd7f297c2cc9110551131a797164dec422b13799f1c261464c765a62c201eb9c8686eee94642d59f429cd137cba0d1a8126dcdfc28ea5c201526c61164a86f480dfde0c60fdf6afd3cd64719de1d89b5a362e058054a9db73aaffac324b04e8903060e1f14ca4ac31c82183066e6d581685efbe3452a20a665166b03808220770d66051971b61d8114376e22a4511cae9fdf7bbed68bb9f45b57eee1c15775730ef1434731d7b82a7cbcd6155396263984edfcea62196189da0ba9908d7d5ef514d75a3e1d4ae42654365083873fc4ce969fa4fac51d640be8d948bb9464d1a7e494c8df98bd5a569ff7fe1aca542c34610148a8f1dc9d60ff0f761270577f286a362f32164184ffce3ad132637e9f0381e9ce76a11f296f9d1e835cdc44926104e1df4d0a282a84b9fbc23064bfcab0d221c6e3124ae8ba6022e62f170dcc2d655f73b40f83fd65f5c705bc1f9e8df13adeadff9e1fe4660a55be7dc969cfffaed607190162dcd09d0cd86a297b22142b88f0eb28dd1a45152a4f4f2dca0d96d39fa594349040f486cd486af619b7083236cf90324cddc6f1ed0f6a103c8d936d7f2f31d420ef50931838e66721bff7494617b6b4bc385f3e51b3f81cf5d6953ac7fddc0f3466682911b38bc7f082e0c18e3ae0badf7f3fd3e186ebc2bab71fa26f77bb14cd97e6761c93c8c25887c0ef1f3dc1d8d86ce0fb73190f66f4deca77977e8d6064bfeeac3fad2bc50488c144e2a1a82fcc1e1c12ac54bf3e2d468e8f53241e4a6ad9e466746a45b053452ded5caa20461881d78d8235e986ba8b77e83601655d2650bf1b64ce17c75314216b43bbd1101a2e12e57525bb7d3b136a70635bdac8af24367a24ce2fe2a72ef2b0e56ff8dc62a82946f86f9b6b1418a89b1971372dfe7d5ce2e6611befff721f04a19bce7f90b1551a4cdead136662c50513fdde6f9d4a199c3907ed8799f231f54dd8347c71d829ff8ddc5d96b5aac2fe58652c81ff7f54e2568119dff2763ef435aa420630dacc7e9414340ee8688f46c7a8ab96d860937641042b3cdf6857ff1d2d4e47cec1f23e65fe541f38cb96b132666f999002e89cd1896ca58c2e63b87382e1a6c1ee9afa56cf3ba923fa9c989e20bff313f37252632fdcff03fbdd2d334ee93baf75c1bdae30feaa81fb2ac1b63c42dda06f20ce8c9d003eb3efed7931def342fb874fce92763f6f477c7f589b75d2129419fc4cb7a8893a1d3f94533ed9fdf9f21fc254fd80aa74750833d390327a2107e761240928d35a36c5eaca61fd848116b8dd7ec8157928bc2dd87f7756aa517cf6a61d2009fd4ba0579ca3b3129cfd5403546f5ab6d0575799a008fc67da9658427636d8f806d9b8cad64aee438d0a9b45957f31a5afe3ed894add9acadfd347246099c6ff0b4ec6f19ac61557daf8739e528185ab1468ca72d6d72e4f026e371e540b774b6576df3014dcc9e91b2cd1f0403a4fcaa6627b22682bb54f92150c2917acaee1972b2b03bc2bd37fdb9e7352c654d94ef196b7229e4da5ee62b7d395ecdd5177f2563242ea49ff78151a4a816a94e89b03f41c7e6684f8be3e5802e9338e7cbd3b43f708c062f944a59f31b02ca9a177e6b681accee8785d2467d2d78636be4330febaa3f6907db07992a2de74e459f3ae8ee6adae20cbc75aabd2d5d3424de0ddcc3ddd981c3a4966c57f8fdb1c42db87395f0bc800ff8ddb4c228a7d793d8a997885494a8578f5433d3f82886ea573641bf16065efbc25718c88f7277ce04c94af560d8deb7968496f849d3fad78741272b08bf7aec3f3c777428d3b8b897333ae5afb6823af63cb7347601ee2e8d4e21b21a12e6d42f66a1aac26d296bc68a998d8ba179ed5f756c2efd8a7acc0e3f08093bb4a83d37f15b4fe07c90858058ad1ff0e21bb7bf4363079c5d452dba5972b21c8f41daf6f11a51d321d3c1d544190238036d907d965ff469ce4895eb7675f3e94a15f83b837b892a40390d87d76e9b15eda02366299d3dd93943466bceeb2f9e465adccc08e1a02c3ac01815931627ed327e0ffbe09563221a365b88c4f2449bd3634920d5bfbde7cdc92c4cb16a579f35f07dafc87ce6ce4de7bf9e8ff0e80b81cdab8f2164a25a0a6929679ce9ae0dc2ac7ed41a787446676f091597551dc2e8c054224bac6652bba5fb675c0b2c94d2faac160f11b7b96fc96415aca8a47fa03658b8afa24b6bd97f7dbeead9ae5f7ec1cb0d000055f41a5043c6c4c97212398b168b5cb9ee650726eabcc31b6712e815fdaae77885350884fb36d6d5444d5e5500a7d636d4eced14b9d411c765b36a4be06ca9be2965d6d6c06c3b6bcb38babeb2999ee71295d48926bf6e39363fabf74de5e57aa0b59f9dddeca142d0c50ab7ff198196c69c971e6ab591220f4e42d6525e2dbd99b6c57949c854e4ee0e4581f9e3e160b3f66b01f23f4d0472c0a1f307837ac8dac0a257d09ab82975148dcd764fe6359a5f21b9cbe2ae7b9b277489a8b3285b8289a84ff854508b4488ffcf68f47ec7a5c18a8c3d06e26b32f754ac74ea8e93a554147fd3b3daf1fbe924e2e389cac13a5f80f3a21dbd250d3917f7b5acfc739a63f2b3d6b3f099efb4be7a842215c89fc87bd8550d11ba2a4af0f111ab124503b26feeae3be3ee24168dd4553a226b9168edb11c3e61bc850adf995b4d6f1aace6db0b91f805c3d1789a3e6b470e5470968f429d5b05c8f76ca2981e37f5bde4ad00a09755c76774ead7d93f3f41255b1d56152e3699b133b2e0b277427c992323d1b4d8c438434e9e901ddd43788f80cb9a975e9dd1671ce16be5ff8033d5da824f00fd78b540edbcd69a2e9aff03e31af9afefb809434f52b4a1239fdd241ed3a268258addde19d1724155a1a4c877bd59b0659b7a786886f6ffcb5999d1f9c007d615020926f7165a9ddd4aaa3c7b631d30cc951e328131d99282ac06a18f88373092320ea5308f06c376e711aecda4cd1c2b639d9ea7a2613d4e9eaa9a0ef72774fdec622f7d131b45135d577897bf686b460a371083070139ea544bda15012251d6c8e7163c25412841faefba76765648ca7cd1b423403a654b6b5754588ae6c309621477db20f7c9236af1e422ebd3fb6d6a712e7a6d00d58416b7d65a53a2514bf51bedfe9207f16a4d79418600389b98ea8b9e06b8da708a86f191e567925af39a09ac9fd7902e8f8e77567baf1b75c05ba1eb7089b424801405afc982a8d79c80fada184a1ab3bab526a3b0a5e20d2dc6bcdd2c5cb7c49f735f3e8f4d36a388ca805876ae08f0e3acca5dd864c1fa1552068bf799095221480374fd2dcaeddb74be93470eff4fe278e190f0a131f32340ada9cca518af769f42943875f4c5707beee2179771da21cd66405b9973648bd047a516d1cf902fa1f0fcdcbc3f4c1f20fc22f9a7e9f4c3a52576399604c46f83ede44f542d06d54e6e8a1e693a2cfcbb16c178d1bace976133e72cc4533bd02b1c4ec2cc22097435aff5a682ca7227414895450831560fa682493f4814ce8fbdb190f8ce2b533ed9582638511bda93aeae5d0690f745b788db622864ba3fb60952f119427fbe66754c5c038c5fb2cb87c326d65862e353c14950bd1fa7c70e36323e9cf90c81f6275e59c7926acac1560a0b6bbc7a850817f2effa19d485315a219d49e293f871278294d02765cf72caa2f438de3337ed205bf68ff6ddaaa5e4b80de5fba022dfcf9cf074a319678df11eb77b3ef66e512b67ba5182265a60eaf457691e973d23cbaf6000537f886695074ebb616f9cdad9de7c6fe9ecfbd13d537d64c34a7c90ca56b50e60d6a7067e391e63561793edf6ed3c2eeb8555909a59ce73da1f096d41fb42de44494128324a9", @ANYRES8, @ANYRES16], 0x0, 0x0, &(0x7f0000000000)) openat(0xffffffffffffff9c, &(0x7f0000002500)='./file1/file1\x00', 0x105042, 0x0) 53.46598241s ago: executing program 5 (id=1304): bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000380), 0x4) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60303, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000100)={0x9, 0xf000, 0x8, 0xffffffffffffffff, 0xc}) r3 = dup(r2) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000)=@x86={0xa0, 0xfd, 0x5, 0x0, 0x3, 0x3, 0xb, 0x1, 0xf8, 0x19, 0x7, 0x3, 0x0, 0x9d, 0x1, 0x7, 0x6, 0x40, 0x0, '\x00', 0x4, 0xcaa}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 38.06916405s ago: executing program 34 (id=1304): bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000380), 0x4) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60303, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000100)={0x9, 0xf000, 0x8, 0xffffffffffffffff, 0xc}) r3 = dup(r2) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000)=@x86={0xa0, 0xfd, 0x5, 0x0, 0x3, 0x3, 0xb, 0x1, 0xf8, 0x19, 0x7, 0x3, 0x0, 0x9d, 0x1, 0x7, 0x6, 0x40, 0x0, '\x00', 0x4, 0xcaa}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 8.865728493s ago: executing program 6 (id=1509): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000100)=0x4) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000200)={"b94028f0472886060a85ae73fe0fffa7999ce8d44d998f45b34ef7c611da07f9fe410efba40bdc2eafd56506ce070fb4d4bb9117f80000000000ed4011a244e2dea53b647c1323a301c599a401d814bad8af602d9190cfe0a2409cbdbece57bb41c5e6300fb0a6fedaa09a9218c002919252c6a26f64bc5d65f530c7eec50863c2eb74acc403b8b08adbf9b3c6546e209ecb9b7b7b7e7301e9dd99efad5b9b90aa37efa888cd61f77658c7dd6bd306595295f5175600b180d8608a3d6792a41df2971e44c685ae61d991698a3a2f1fbeae6a6be75be25292e114ac5aba4e94cdbcf9d7d8bc48ed16bd8aa1ec0e896383b013fdbdbe59108f53a7d4d5bcffe471547984b9a669e23698c5c75f30ca9461df4b9932d6c4cc51e1cf7253fea5c07850ffb895a08625187689c2ed81dae4cac6f6ba79301166a41429547afd472a5952aaaaa467f499b868a6dc34edbedd337b6df24c841786d41c92ac810d92e1c2e4b940dc38244c285294ed29f51ca5571901b5d1c120f9bd48d2eb506622f68be01748890c7be9dd8e5a62f09b3205ae6a29cad936745d08c0e2e67c7b8adf4202f8ab37c7f13e04fdfa74e9417ddecf6d7415a25dc38217128d5d76d9a4df7916ce2511cde75ea0af3aecada713655ec37e7652011e3b0b5d0beafcbe382a2bdb83e7d8becd605f6aaced5184bbc4e9b7244fe53d5207d1a9584ca8d5ee8ce0c688437b648012cfc0c1292ca6caccbe9c0100af81fef680fe77e0c294bb286ba6ac517c24fa26ea62c1f56dd41455466954272438d70dafff3b01c93f8db7ad83e91daac058976caf99d7c7780c47a8f3ef927ef20083df6bb69ea346c8c6d631bd7beef18ff4b572f2f8b35014a195961df8919984fdf28f64cbd43c10fdf2aa04d4311b7cc49d2f1eeba328fe63c9afecdd5dca573669055400495da0a44ad3452108e829bbe86eef19a59a8c8caa440f7122341785071a21e80c42554b3ce108a1658b7bea148697e97ca9eeb3011533042a5ef9f2d1752024d8dd02a1bd8747985a794ea5af5f44263d039c882a7135b77bdb48de75bba09a7c1501eb304afe91be4b01bf56ba3eb1352f5fd01167021af1b379d7d61293ad5f768d07fe0e1bafbc68e11240402ce46c26eeca39a1271052a31068c181c5dd04d1e8eb13836f94c65d7e9c2278a838e8d4371ca53216ce6dda2aa5db67f052b2bde0d685e445f658108cf2954e35ebdef974f5246e161a04b7a124ee4b12b40e583478f428b60d450304577edbc0e3b937e786917f5dee22a6e2684b4f17db74f0da7092f5dfad372c952ada48c461e0349741ad92c482a84f9b24c32577b9aa2440d6539744bc6e326de8b900"}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fde000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, 0x0}], 0x1, 0x60, 0x0, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f00000001c0)=0x1ffe) ioctl$KVM_RUN(r2, 0xae80, 0x0) 7.231472278s ago: executing program 7 (id=1518): write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x10012, 0xffffffffffffffff, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x7) r0 = syz_usb_connect$hid(0x0, 0x38, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x54c, 0x268, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x30, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x3}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0x0, 0xff}}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000140)={0x24, &(0x7f0000000040)={0x0, 0x21, 0x2, {0x2, 0xb}}, 0x0, &(0x7f00000000c0)={0x0, 0x22, 0x10, {[@local=@item_4={0x3, 0x2, 0xc, "bed53f4a"}, @local=@item_4={0x3, 0x2, 0xd715bc88bf18a4ae, "98fa6edc"}, @global=@item_4={0x3, 0x1, 0x1, "8cc29b4e"}, @global=@item_012={0x0, 0x1, 0x7}]}}, 0x0}, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_SEND(0xffffffffffffffff, 0xc0182101, 0x0) 7.137706894s ago: executing program 6 (id=1519): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) syz_mount_image$xfs(&(0x7f0000000500), &(0x7f0000009640)='./file0\x00', 0x208800, &(0x7f00000006c0)={[{@nogrpid}, {@prjquota}, {@ikeep}, {@inode32}]}, 0x4, 0x9606, &(0x7f0000012cc0)="$eJzs2gm8pnPhuP/nDGOXMVRSaiqiRdYsUc0MZigkS7QjS8pSUqESSgoVEe3Zt2xlCWVrJdlbKCFUskRabMP8X8ecYYyLb/36/l++dV3X63XO8zz3c9/3+Tyf972cw2wyaYOJg8Ecg2mNG8zceddOnjLm6nXvOGrz+Y9d5tR7DnjsiouOH3mcMPI4cTAYjBp5e2jasrGD004fNZj14eWPNveccw3NOxgsO/JyZD+DFac9zHvF9PWmztTMAx169Ns+074ebr7hHzH85PAD9jpiMBiMmWH7ocFgaPfHfVBpm0yYPOlRq0fchq1Gjzyf8Wu2aV/zXjwYzHvmgI+PGdcdego+0vDP3P0l545e9yn42f9xbTJh8loz+Q+fi7OMLFtx+Byf+Rw0NvNxfttim648MoUPH2+DwfAl7jHnyn9Em0yYtPbgia/zg6NWuXCfqdOum7MPpt0o5hwMBnONXF/neapd6t9rwsTlHr5nT389wj79WN6djosT3n7yQ8M36cFgsMBgMHbN6feCqqqq+s9owsTlVoP7/xxPdv8/5ZSFz+z+X1VV9Z/bWhMmLjd8r5/p/j/Pk93/d1z4oj2n/bf/8StO2+qhp/ZDVFVV1b/UpLXw/j/mye7/K6522drd/6uqqv5zW3+dh+//88x0/1/wye7/bzl5lUVG1pv+e8ODM+xyaIb/n/DADMtnmWH5/TMsHz3DfmZcf7YZlt87w/LZh9+D9ccNBmOn/3vBKY8uHjtu+L2R5ffNsHz8o/9OZ9HVZ1g+YYblk2ZYPnFkrMPLJ8+wfPIM66/5JFNdVVX1f6b1l5u02mCGf2c/snih6e/T/f+Cs65b8qkab1VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVf1n9tAdZ587GAyGBoPBqMFgymDk+YyPg6lTp04dfn3K+Zdf/pQN9P9GQ+ddO3nKmKvXveOozec/dplT7zng0Vn6j+0//xPUv9Ow/xzHjxsMtt/oqR5KPQV1/rvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+4h+44+9yRY2DUYDBlMPJ89+mPZ+3/5reOrLryxqfedfCjWy46fpuRZ+ddO3nKNk/B2J+ChoY/65ir173jqM3nP3aZU+854L/g7PnP/wT17/Sw/zZDg8HI+T1m+Fxed8L6Gy4xGAwOvuvUjVcYPPLeSsPvrTJ2lsEsD2+6xMPf11iUd7z7mtMexw9/W/CRfZzy8P7XmnrYLEMzDWKGXnXejUe9a5N7lp/5cfEn/hyjpj854voz7p46derUxywcaY4n2Hj6/qd/lpnP85GxLzE89qV22u69S71/l12X3Ga7zbbecustt19muZWWX2HZZVZY+RVLbbXNtlsuPe37E8zZuIe/r/bPzNk8M8/ZHRNmnLOZP9sTzdm4J5+zh/c4ZdehDafP2az/4pyt9uRzNm6bkR+06PjRg00fnpqhwWDR1UcPdh5+sczsg8Gia4ysu9DwuquOHTUY7P/oBx1+Nvsjx+DQ7sPrbDJpg4mPjuzxn/Bx1+nHrLjo+JHHCSOPE6cNcdzg0UNx7OC000cNz8VjpnnuOecamncwWHbk5ch+BiuPvHvo9PWmztTMAx169Ns+074ebr7hnQw/effSZ18zfC7OtP3/H/0/Xf8f57XS0CMTNTTyNbLONK8Jk9d69Gc9PA3DczfLyLIVh01mnrP/zR433nGzDsY8yXgnrTVxueHFM83/9E3w+LpzsQs/PO3YGr/itK0e+n9GofHO8yTjXWsCjneeJxvv8R+59PRpu/pfG+9M17q1H/4+/p+51g2e/Fo3C+1gy0sWmfla97onHuJjzuPpczT7TCs90bVu50OW3X14/+Of/Fq39vDYRz/mWjdqMFh0tenXuuEL36TRg/2HXyw7/GLy6MGxwy+We/jFnIPzh1+8/J07bLvF8II1p8/J0sP7HT926GH3C1e8dfGpB06duvrIWMaPfexYR46PcTPezyeMnTaZ07edvt/hVafv95ZnTntv0sh+J/wL+52+LY33rvmmvTd5ZL8TZ9rv6CfZ7/RtH3c+LDH0yIXrCa43k2a63oz8jTP9xz3ma7ZpX/NePBjMeyb5zrTu/3jNpPN3jicZ74SJy602PL6Zzt9HDkc6fy+dfPXwvWLewWCwwGAwds3pY/8XG3qi8c765OOdCOOd9cnGe+Vx263zvzDewQzjfcxxtsn6046VNUeOs8n/wvE7fduZr2OjH3532mV/zX/mOjbucdexPWYZNdNkz9AT/c62Baw/7flCj/6ee+1Jx0yf+9Ez7fd/+p1ths8yBNexMTP9PT9qzRsGQzTnux+/6mVDBz35nI8ePPZvi+lzPn3bJ5vzyf/MnD/nyef8n/09eYkXTnt/9Ezjn3HO19vv2ftOn/PZZtrv/zTnk5/83vH4OR8/GE1zvvT90+btya6nTzTn07edPufDH3GVsbMO1hi+Z43M+aR/Zs4X+t85zueC9ac93/KRReccdeobp8/5zHP8P835pH91zsc9cpwv+vB7Lxg1mG22wc6b7bTTjstM+z795bLTvvO16N5rp83zk91Ln8ho+rZPdl6s/s8YjfmnjIb+J6OFZ30io0dPrSN32PEZ/6/XotX/VaMBX4uuPmbavD3Z70VPNOfTt6X74IIzbD/z36Hrr/Pw793zzHQfnL4J3gfPOWvtvafvcmSzB2ca5vT76gMzLJ9lhuX3z7B89Az7mXH92WZYfu8My4c/wmwzrD+dddzw37wjy6c8uvrY4V+exo0sv2+G5eMf3XbR1WdYPmGG5ZNmWD7x0UNj0ckzLJ88w/prDv7Fpv836W1mvsjXP1v//ddd/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+4h+44+9yRY2DUYDBlMO350MjjYPeh9W5/zfDjYDAYveKJU9d7qsf7FDd03rWTp4y5et07jtp8/mOXOfWeA/4Lzp7//E9Q/04P+28zNBiMnN9jthkMButOWH/DJQaDwXpTT1xx1OCR9xYafm/VsaMGg/2HHrOD2R9ZZ2j34XU2mbTBxMFgjpE1xj3uhz7uPHrMiouOH3mcMPI4cdr1adzg0eN17OC000cNZn14+aPNPedcQ/MOBsuOvBzZz2DFaQ/zXjF9vakzNfNAhx79ts+0r4ebb/hHDD/ZeevJzx2eq5m2/z/T9Gv1NqP+x1U7/93l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u/jX/jpb/thJ1l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5i3vojrPPHTkGRg0GUwbTng/tPvI4GDr5tBePHCKjd7nq6MOe6vE+xQ2dd+3kKWOuXveOozaf/9hlTr3ngP+Cs+c//xPUv9PD/tsMDQYj5/eYbQaDwboT1t9wicFgcNjRV+0yavDIewsNv7fq2FGDwf5Dj9nB7I+sM7T78DqbTNpg4mAwx8ga4x73Qx93Hj1mxUXHjzxOGHmcOO36NG7w6PE6dnDa6aMGsz68/NHmnnOuoXkHg2VHXo7sZ7DitId5r5i+3tSZmnmgQ49+22fa18PNN/wjhp/sNc+1Jw/P1Uzb/59p+rV6m1H/46qd/+7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5S/uoTvOPnfkGBg1GEwZTHs+auRxaPebb9ptw+HH4dfzr7n3tU/1eJ/ihs67dvKUMVeve8dRm89/7DKn3nPAf8HZ85//Cerfadh/juPHDQbbb/RUD6Wegjr/3eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvLX9xDd5x97sjTUY8uHbV7xwU2dN61k6eMuXrdO47afP5jlzn1ngOe6gH9uz2B/x75Yxb/PfPHLP4fzx+z+H8if8ziv1f+mMX/k/ljFv+988cs/p/KH7P4fzp/zOK/T/6YxX/f/DGL/375Yxb/z+SPWfw/mz9m8f9c/pjFf//8MYv/AfljFv/P549Z/A/MH7P4H5Q/ZvH/Qv6Yxf/g/DGL/yH5Yxb/L+aPWfy/lD9m8f9y/pjF/yv5Yxb/r+aPWfy/lj9m8f96/pjF/xv5Yxb/Q/PHLP6H5Y9Z/A/PH7P4H5E/ZvE/Mn/M4n9U/pjF/+j8MYv/MfljFv9j88cs/sflj1n8j88fs/h/M3/M4n9C/pjF/8T8MYv/SfljFv+T88cs/qfkj1n8v5U/ZvH/dv6Yxf/U/DGL/2n5Yxb/0/PHLP5n5I9Z/L+TP2bxPzN/zOJ/Vv6Yxf/s/DGL/3fzxyz+38sfs/ifkz9m8T83f8zif17+mMX//Pwxi/8F+WMW/+/nj1n8f5A/ZvH/Yf6Yxf9H+WMW/x/nj1n8f5I/ZvG/MH/M4n9R/pjF/6f5Yxb/i/PHLP4/yx+z+F+SP2bxvzR/zOJ/Wf6Yxf/y/DGL/xX5Yxb/K/PHLP5X5Y9Z/H+eP2bx/0X+mMX/l/ljFv9f5Y9Z/K/OH7P4X5M/ZvH/df6Yxf83+WMW/2vzxyz+v80fs/hflz9m8b8+f8zif0P+mMX/d/ljFv8b88cs/jflj1n8b84fs/j/Pn/M4v+H/DGL/x/zxyz+t+SPWfz/lD9m8b81f8zif1v+mMX/9vwxi/8d+WMW/z/nj1n878wfs/jflT9m8f9L/pjF/+78MYv/X/PHLP5/yx+z+P89f8zi/4/8MYv/PfljFv9788cs/vflj1n8788fs/g/kD9m8Z+SP2bxfzB/zOL/UP6YxX9q/pjEf5ZB/pjFfyh/zOI/Kn/M4j9L/pjFf9b8MYv/6Pwxi/9s+WMW/9nzxyz+c+SPWfznzB+z+M+VP2bxnzt/zOI/T/6YxX/e/DGL/9Pyxyz+8+WPWfzH5I9Z/OfPH7P4j80fs/gvkD9m8V8wf8zi//T8MYv/M/LHLP7PzB+z+C+UP2bxf1b+mMV/4fwxi/+z88cs/s/JH7P4L5I/ZvF/bv6Yxf95+WMW/3H5Yxb/5+ePWfxfkP/jmnXk0eD/wvwxy/m/aP6YxX+x/DGL/4vyxyz+i+ePWfyXyB+z+L84f8zi/5L8MYv/S/PHLP4vyx+z+C+ZP2bxf3n+mMV/qfwxi//S+WMW/2Xyxyz+y+aPWfyXyx+z+C+fP2bxf0X+mMV/hfwxi/+K+WMW/5Xyxyz+K+ePWfxfmT9m8V8lf8ziv2r+mMX/VfljFv9X549Z/F+TP2bxH58/ZvGfkD9m8Z+YP2bxXy1/zOK/ev6YxX+N/DGL/6T8MYv/ZJX/LP/0mhb/NVX+/3wW/7Xyxyz+r80fs/i/Ln/M4r92/pjFf538MYv/uvljFv/X549Z/NfLH7P4vyF/zOK/fv6YxX+D/DGL/4b5Yxb/jfLHLP5vzB+z+G+cP2bx3yR/zOL/pvwxi/+b88cs/m/JH7P4vzV/zOL/tvwxi//b88cs/u/IH7P4b5o/ZvHfLH/M4r95/pjF/535Yxb/LfLHLP5b5o9Z/LfKH7P4b50/ZvF/V/6YxX+b/DGL/7vzxyz+78kfs/hvmz9m8d8uf8ziv33+mMV/h/wxi/9788cs/u/LH7P475g/ZvF/f/6YxX+n/DGL/wfyxyz+H8wfs/h/KH/M4r9z/pjFf5f8MYv/rvljFv8P549Z/D+SP2bx/2j+mMV/t/wxi//H8scs/rvnj1n898gfs/jvmT9m8f94/pjF/xP5Yxb/vfLHLP6fzB+z+O+dP2bx/1T+mMX/0/ljFv998scs/vvmj1n898sfs/h/Jn/M4v/Z/DGL/+fyxyz+++ePWfwPyB+z+H8+f8zif2D+mMX/oPwxi/8X8scs/gfnj1n8D8kfs/h/MX/M4v+l/DGL/5fzxyz+X8kfs/h/NX/M4v+1/DGL/9fzxyz+38gfs/gfmj9m8T8sf8zif3j+mMX/iPwxi/+R+WMW/6Pyxyz+R+ePWfyPyR+z+B+bP2bxPy5/zOJ/fP6Yxf+b+WMW/xPyxyz+J+aPWfxPyh+z+J+cP2bxPyV/zOL/rfwxi/+388cs/qfmj1n8T8sfs/ifnj9m8T8jf8zi/538MYv/mfljFv+z8scs/mfnj1n8v5s/ZvH/Xv6Yxf+c/DGL/7n5Yxb/8/LHLP7n549Z/C/IH7P4fz9/zOL/g/wxi/8P88cs/j/KH7P4/zh/zOL/k/wxi/+F+WMW/4vyxyz+P80fs/hfnD9m8f9Z/pjF/5L8MYv/pfljFv/L8scs/pfnj1n8r8gfs/hfmT9m8b8qf8zi//P8MYv/L/LHLP6/zB+z+P8qf8zif3X+mMX/mvwxi/+v88cs/r/JH7P4X5s/ZvH/bf6Yxf+6/DGL//X5Yxb/G/LHLP6/yx+z+N+YP2bxvyl/zOJ/c/6Yxf/3+WMW/z/kj1n8/5g/ZvG/JX/M4v+n/DGL/635Yxb/2/LHLP63549Z/O/IH7P4/zl/zOJ/Z/6Yxf+u/DGL/1/yxyz+d+ePWfz/mj9m8f9b/pjF/+/5Yxb/f+SPWfzvyR+z+N+bP2bxvy9/zOJ/f/6Yxf+B/DGL/5T8MYv/g/ljFv+H8scs/lPzxyT+sw7yxyz+Q/ljFv9R+WMW/1nyxyz+s+aPWfxH549Z/GfLH7P4z54/ZvGfI3/M4j9n/pjFf678MYv/3PljFv958scs/vPmj1n8n5Y/ZvGfL3/M4j8mf8ziP3/+mMV/bP6YxX+B/DGL/4L5Yxb/p+ePWfyfkT9m8X9m/pjFf6H8MYv/s/LHLP4L549Z/J+dP2bxf07+mMV/kfwxi/9z88cs/s/LH7P4j8sfs/g/P3/M4v+C/DGL/wvzxyz+i+aPWfwXyx+z+L8of8ziv3j+mMV/ifwxi/+L88cs/i/JH7P4vzR/zOL/svwxi/+S+WMW/5fnj1n8l8ofs/gvnT9m8V8mf8ziv2z+mMV/ufwxi//y+WMW/1fkj1n8V8gfs/ivmD9m8V8pf8ziv3L+mMX/lfljFv9V8scs/qvmj1n8X5U/ZvF/df6Yxf81+WMW//H5Yxb/CfljFv+J+WMW/9Xyxyz+q+ePWfzXyB+z+E/KH7P4T84fs/ivmT9m8V8rf8zi/9r8MYv/6/LHLP5r549Z/NfJH7P4r5s/ZvF/ff6YxX+9/DGL/xsGl+cPWfzX7/zHLP4b5I9Z/DfMH7P4b5Q/ZvF/Y/6YxX/j/DGL/yb5Yxb/N+WPWfzfnD9m8X9L/pjF/635Yxb/t+WPWfzfnj9m8X9H/pjFf9P8MYv/ZvljFv/N88cs/u/MH7P4b5E/ZvHfMn/M4r9V/pjFf+v8MYv/u/LHLP7b5I9Z/N+dP2bxf0/+mMV/2/wxi/92+WMW/+3zxyz+O+SPWfzfmz9m8X9f/pjFf8f8MYv/+/PHLP475Y9Z/D+QP2bx/2D+mMX/Q/ljFv+d88cs/rvkj1n8d80fs/h/OH/M4v+R/DGL/0fzxyz+u+WPWfw/lj9m8d89f8ziv0f+mMV/z/wxi//H88cs/p/IH7P475U/ZvH/ZP6YxX/v/DGL/6fyxyz+n84fs/jvkz9m8d83f8ziv1/+mMX/M/ljFv/P5o9Z/D+XP2bx3z9/zOJ/QP6Yxf/z+WMW/wPzxyz+B+WPWfy/kD9m8T84f8zif0j+mMX/i/ljFv8v5Y9Z/L+cP2bx/0r+mMX/q/ljFv+v5Y9Z/L+eP2bx/0b+mMX/0Pwxi/9h+WMW/8Pzxyz+R+SPWfyPzB+z+B+VP2bxPzp/zOJ/TP6Yxf/Y/DGL/3H5Yxb/4/PHLP7fzB+z+J+QP2bxPzF/zOJ/Uv6Yxf/k/DGL/yn5Yxb/b+WPWfy/nT9m8T81f8zif1r+mMX/9Pwxi/8Z+WMW/+/kj1n8z8wfs/iflT9m8T87f8zi/938MYv/9/LHLP7n5I9Z/M/NH7P4n5c/ZvE/P3/M4n9B/pjF//v5Yxb/H+SPWfx/mD9m8f9R/pjF/8f5Yxb/n+SPWfwvzB+z+F+UP2bx/2n+mMX/4vwxi//P8scs/pfkj1n8L80fs/hflj9m8b88f8zif0X+mMX/yvwxi/9V+WMW/5/nj1n8f5E/ZvH/Zf6Yxf9X+WMW/6vzxyz+1+SPWfx/nT9m8f9N/pjF/9r8MYv/b/PHLP7X5Y9Z/K/PH7P435A/ZvH/Xf6Yxf/G/DGL/035Yxb/m/PHLP6/zx+z+P8hf8zi/8f8MYv/LfljFv8/5Y9Z/G/NH7P435Y/ZvG/PX/M4n9H/pjF/8/5Yxb/O/PHLP535Y9Z/P+SP2bxvzt/zOL/1/wxi//f8scs/n/PH7P4/yN/zOJ/T/6Yxf/e/DGL/335Yxb/+/PHLP4P5I9Z/Kfkj1n8H8wfs/g/lD9m8Z+aPybxHz3IH7P4D+WPWfxH5Y9Z/GfJH7P4z5o/ZvEfnT9m8Z8tf8ziP3v+mMV/jvwxi/+c+WMW/7nyxyz+c+ePWfznyR+z+M+bP2bxf1r+mMV/vvwxi/+Y/DGL//z5Yxb/sfljFv8F8scs/gvmj1n8n54/ZvF/Rv6Yxf+Z+WMW/4Xyxyz+z8ofs/gvnD9m8X92/pjF/zn5Yxb/RfLHLP7PzR+z+D8vf8ziPy5/zOL//Pwxi/8L8scs/i/MH7P4L5o/ZvFfLH/M4v+i/DGL/+L5Yxb/JfLHLP4vzh+z+L8kf8zi/9L8MYv/y/LHLP5L5o9Z/F+eP2bxXyp/zOK/dP6YxX+Z/DGL/7L5Yxb/5fLHLP7L549Z/F+RP2bxXyF/zOK/Yv6YxX+l/DGL/8r5Yxb/V+aPWfxXyR+z+K+aP2bxf1X+mMX/1fljFv/X5I9Z/Mfnj1n8J+SPWfwn5o9Z/FfLH7P4r54/ZvFfI3/M4j8pf8ziPzl/zOK/Zv6YxX+t/DGL/2vzxyz+r8sfs/ivnT9m8V8nf8ziv27+mMX/9fljFv/18scs/m/IH7P4r58/ZvHfIH/M4r9h/pjFf6P8MYv/G/PHLP4b549Z/DfJH7P4vyl/zOL/5vwxi/9b8scs/m/NH7P4vy1/zOL/9vwxi/878scs/pvmj1n8N8sfs/hvnj9m8X9n/pjFf4v8MYv/lvljFv+t8scs/lvnj1n835U/ZvHfJn/M4v/u/DGL/3vyxyz+2+aPWfy3yx+z+G+fP2bx3yF/zOL/3vwxi//78scs/jvmj1n8358/ZvHfKX/M4v+B/DGL/wfzxyz+H8ofs/jvnD9m8d8lf8ziv2v+mMX/w/ljFv+P5I9Z/D+aP2bx3y1/zOL/sfwxi//u+WMW/z3yxyz+e+aPWfw/nj9m8f9E/pjFf6/8MYv/J/PHLP57549Z/D+VP2bx/3T+mMV/n/wxi/+++WMW//3yxyz+n8kfs/h/Nn/M4v+5/DGL//75Yxb/A/LHLP6fzx+z+B+YP2bxPyh/zOL/hfwxi//B+WMW/0Pyxyz+X8wfs/h/KX/M4v/l/DGL/1fyxyz+X80fs/h/LX/M4v/1/DGL/zfyxyz+h+aPWfwPyx+z+B+eP2bxPyJ/zOJ/ZP6Yxf+o/DGL/9H5Yxb/Y/LHLP7H5o9Z/I/LH7P4H58/ZvH/Zv6Yxf+E/DGL/4n5Yxb/k/LHLP4n549Z/E/JH7P4fyt/zOL/7fwxi/+p+WMW/9Pyxyz+p+ePWfzPyB+z+H8nf8zif2b+mMX/rPwxi//Z+WMW/+/mj1n8v5c/ZvE/J3/M4n9u/pjF/7z8MYv/+fljFv8L8scs/t/PH7P4/yB/zOL/w/wxi/+P8scs/j/OH7P4/yR/zOJ/Yf6Yxf+i/DGL/0/zxyz+F+ePWfx/lj9m8b8kf8zif2n+mMX/svwxi//l+WMW/yvyxyz+V+aPWfyvyh+z+P88f8zi/4v8MYv/L/PHLP6/yh+z+F+dP2bxvyZ/zOL/6/wxi/9v8scs/tfmj1n8f5s/ZvG/Ln/M4n99/pjF/4b8MYv/7/LHLP435o9Z/G/KH7P435w/ZvH/ff6Yxf8P+WMW/z/mj1n8b8kfs/j/KX/M4n9r/pjF/7b8MYv/7fljFv878scs/n/OH7P435k/ZvG/K3/M4v+X/DGL/935Yxb/v+aPWfz/lj9m8f97/pjF/x/5Yxb/e/LHLP735o9Z/O/LH7P4358/ZvF/IH/M4j8lf8zi/2D+mMX/ofwxi//U/DGJ/2yD/DGL/1D+mMV/VP6YxX+W/DGL/6z5Yxb/0fljFv/Z8scs/rPnj1n858gfs/jPmT9m8Z8rf8ziP3f+mMV/nvwxi/+8+WMW/6flj1n858sfs/iPyR+z+M+fP2bxH5s/ZvFfIH/M4r9g/pjF/+n5Yxb/Z+SPWfyfmT9m8V8of8zi/6z8MYv/wvljFv9n549Z/J+TP2bxXyR/zOL/3Pwxi//z8scs/uPyxyz+z88fs/i/IH/M4v/C/DGL/6L5Yxb/xfLHLP4vyh+z+C+eP2bxXyJ/zOL/4vwxi/9L8scs/i/NH7P4vyx/zOK/ZP6Yxf/l+WMW/6Xyxyz+S+ePWfyXyR+z+C+bP2bxXy5/zOK/fP6Yxf8V+WMW/xXyxyz+K+aPWfxXyh+z+K+cP2bxf2X+mMV/lfwxi/+q+WMW/1flj1n8X50/ZvF/Tf6YxX98/pjFf0L+mMV/Yv6YxX+1/DGL/+r5Yxb/NfLHLP6T8scs/pPzxyz+a+aPWfzXyh+z+L82f8zi/7r8MYv/2vljFv918scs/uvmj1n8X58/ZvFfL3/M4v+G/DGL//r5Yxb/DfLHLP4b5o9Z/DfKH7P4vzF/zOK/cf6YxX+T/DGL/5vyxyz+b84fs/i/JX/M4v/W/DGL/9vyxyz+b88fs/i/I3/M4r9p/pjFf7P8MYv/5vljFv935o9Z/LfIH7P4b5k/ZvHfKn/M4r91/pjF/135Yxb/bfLHLP7vzh+z+L8nf8ziv23+mMV/u/wxi//2+WMW/x3yxyz+780fs/i/L3/M4r9j/pjF//35Yxb/nfLHLP4fyB+z+H8wf8zi/6H8MYv/zvljFv9d8scs/rvmj1n8P5w/ZvH/SP6Yxf+j+WMW/93yxyz+H8sfs/jvnj9m8d8jf8ziv2f+mMX/4/ljFv9P5I9Z/PfKH7P4fzJ/zOK/d/6Yxf9T+WMW/0/nj1n898kfs/jvmz9m8d8vf8zi/5n8MYv/Z/PHLP6fyx+z+O+fP2bxPyB/zOL/+fwxi/+B+WMW/4Pyxyz+X8gfs/gfnD9m8T8kf8zi/8X8MYv/l/LHLP5fzh+z+H8lf8zi/9X8MYv/1/LHLP5fzx+z+H8jf8zif2j+mMX/sPwxi//h+WMW/yPyxyz+R+aPWfyPyh+z+B+dP2bxPyZ/zOJ/bP6Yxf+4/DGL//H5Yxb/b+aPWfxPyB+z+J+YP2bxPyl/zOJ/cv6Yxf+U/DGL/7fyxyz+384fs/ifmj9m8T8tf8zif3r+mMX/jPwxi/938scs/mfmj1n8z8ofs/ifnT9m8f9u/pjF/3v5Yxb/c/LHLP7n5o9Z/M/LH7P4n58/ZvG/IH/M4v/9/DGL/w/yxyz+P8wfs/j/KH/M4v/j/DGL/0/yxyz+F+aPWfwvyh+z+P80f8zif3H+mMX/Z/ljFv9L8scs/pfmj1n8L8sfs/hfnj9m8b8if8zif2X+mMX/qvwxi//P88cs/r/IH7P4/zJ/zOL/q/wxi//V+WMW/2vyxyz+v84fs/j/Jn/M4n9t/pjF/7f5Yxb/6/LHLP7X549Z/G/IH7P4/y5/zOJ/Y/6Yxf+m/DGL/835Yxb/3+ePWfz/kD9m8f9j/pjF/5b8MYv/n/LHLP635o9Z/G/LH7P4354/ZvG/I3/M4v/n/DGL/535Yxb/u/LHLP5/yR+z+N+dP2bx/2v+mMX/b/ljFv+/549Z/P+RP2bxvyd/zOJ/b/6Yxf++/DGL//35Yxb/B/LHLP5T8scs/g/mj1n8H8ofs/hPzR+T+M8+yB+z+A/lj1n8R+WPWfxnyR+z+M+aP2bxH50/ZvGfLX/M4j97/pjFf478MYv/nPljFv+58scs/nPnj1n858kfs/jPmz9m8X9a/pjFf778MYv/mPwxi//8+WMW/7H5Yxb/BfLHLP4L5o9Z/J+eP2bxf0b+mMX/mfljFv+F8scs/s/KH7P4L5w/ZvF/dv6Yxf85+WMW/0Xyxyz+z80fs/g/L3/M4j8uf8zi//z8MYv/C/LHLP4vzB+z+C+aP2bxXyx/zOL/ovwxi//i+WMW/yXyxyz+L84fs/i/JH/M4v/S/DGL/8vyxyz+S+aPWfxfnj9m8V8qf8ziv3T+mMV/mfwxi/+y+WMW/+Xyxyz+y+ePWfxfkT9m8V8hf8ziv2L+mMV/pfwxi//K+WMW/1fmj1n8V8kfs/ivmj9m8X9V/pjF/9X5Yxb/1+SPWfzH549Z/Cfkj1n8J+aPWfxXyx+z+K+eP2bxXyN/zOI/KX/M4j85f8ziv2b+mMV/rfwxi/9r88cs/q/LH7P4r50/ZvFfJ3/M4r9u/pjF//X5Yxb/9fLHLP5vyB+z+K+fP2bx3yB/zOK/Yf6YxX+j/DGL/xvzxyz+G+ePWfw3yR+z+L8pf8zi/+b8MYv/W/LHLP5vzR+z+L8tf8zi//b8MYv/O/LHLP6b5o9Z/DfLH7P4b54/ZvF/Z/6YxX+L/DGL/5b5Yxb/rfLHLP5b549Z/N+VP2bx3yZ/zOL/7vwxi/978scs/tvmj1n8t8sfs/hvnz9m8d8hf8zi/978MYv/+/LHLP475o9Z/N+fP2bx3yl/zOL/gfwxi/8H88cs/h/KH7P475w/ZvHfJX/M4r9r/pjF/8P5Yxb/j+SPWfw/mj9m8d8tf8zi/7H8MYv/7vljFv898scs/nvmj1n8P54/ZvH/RP6YxX+v/DGL/yfzxyz+e+ePWfw/lT9m8f90/pjFf5/8MYv/vvljFv/98scs/p/JH7P4fzZ/zOL/ufwxi//++WMW/wPyxyz+n88fs/gfmD9m8T8of8zi/4X8MYv/wfljFv9D8scs/l/MH7P4fyl/zOL/5fwxi/9X8scs/l/NH7P4fy1/zOL/9fwxi/838scs/ofmj1n8D8sfs/gfnj9m8T8if8zif2T+mMX/qPwxi//R+WMW/2Pyxyz+x+aPWfyPyx+z+B+fP2bx/2b+mMX/hPwxi/+J+WMW/5Pyxyz+J+ePWfxPyR+z+H8rf8zi/+38MYv/qfljFv/T8scs/qfnj1n8z8gfs/h/J3/M4n9m/pjF/6z8MYv/2fljFv/v5o9Z/L+XP2bxPyd/zOJ/bv6Yxf+8/DGL//n5Yxb/C/LHLP7fzx+z+P8gf8zi/8P8MYv/j/LHLP4/zh+z+P8kf8zif2H+mMX/ovwxi/9P88cs/hfnj1n8f5Y/ZvG/JH/M4n9p/pjF/7L8MYv/5fljFv8r8scs/lfmj1n8r8ofs/j/PH/M4v+L/DGL/y/zxyz+v8ofs/hfnT9m8b8mf8zi/+v8MYv/b/LHLP7X5o9Z/H+bP2bxvy5/zOJ/ff6Yxf+G/DGL/+/yxyz+N+aPWfxvyh+z+N+cP2bx/33+mMX/D/ljFv8/5o9Z/G/JH7P4/yl/zOJ/a/6Yxf+2/DGL/+35Yxb/O/LHLP5/zh+z+N+ZP2bxvyt/zOL/l/wxi//d+WMW/7/mj1n8/5Y/ZvH/e/6Yxf8f+WMW/3vyxyz+9+aPWfzvyx+z+N+fP2bxfyB/zOI/JX/M4v9g/pjF/6H8MYv/1Pwxif8cg/wxi/9Q/pjFf1T+mMV/lvwxi/+s+WMW/9H5Yxb/2fLHLP6z549Z/OfIH7P4z5k/ZvGfK3/M4j93/pjFf578MYv/vPljFv+n5Y9Z/OfLH7P4j8kfs/jPnz9m8R+bP2bxXyB/zOK/YP6Yxf/p+WMW/2fkj1n8n5k/ZvFfKH/M4v+s/DGL/8L5Yxb/Z+ePWfyfkz9m8V8kf8zi/9z8MYv/8/LHLP7j8scs/s/PH7P4vyB/zOL/wvwxi/+i+WMW/8Xyxyz+L8ofs/gvnj9m8V8if8zi/+L8MYv/S/LHLP4vzR+z+L8sf8ziv2T+mMX/5fljFv+l8scs/kvnj1n8l8kfs/gvmz9m8V8uf8ziv3z+mMX/FfljFv8V8scs/ivmj1n8V8ofs/ivnD9m8X9l/pjFf5X8MYv/qvljFv9X5Y9Z/F+dP2bxf03+mMV/fP6YxX9C/pjFf2L+mMV/tfwxi//q+WMW/zXyxyz+k/LHLP6T88cs/mvmj1n818ofs/i/Nn/M4v+6/DGL/9r5Yxb/dfLHLP7r5o9Z/F+fP2bxXy9/zOL/hvwxi//6+WMW/w3yxyz+G+aPWfw3yh+z+L8xf8ziv3H+mMV/k/wxi/+b8scs/m/OH7P4vyV/zOL/1vwxi//b8scs/m/PH7P4vyN/zOK/af6YxX+z/DGL/+b5Yxb/d+aPWfy3yB+z+G+ZP2bx3yp/zOK/df6Yxf9d+WMW/23yxyz+784fs/i/J3/M4r9t/pjFf7v8MYv/9vljFv8d8scs/u/NH7P4vy9/zOK/Y/6Yxf/9+WMW/53yxyz+H8gfs/h/MH/M4v+h/DGL/875Yxb/XfLHLP675o9Z/D+cP2bx/0j+mMX/o/ljFv/d8scs/h/LH7P4754/ZvHfI3/M4r9n/pjF/+P5Yxb/T+SPWfz3yh+z+H8yf8ziv3f+mMX/U/ljFv9P549Z/PfJH7P475s/ZvHfL3/M4v+Z/DGL/2fzxyz+n8sfs/jvnz9m8T8gf8zi//n8MYv/gfljFv+D8scs/l/IH7P4H5w/ZvE/JH/M4v/F/DGL/5fyxyz+X84fs/h/JX/M4v/V/DGL/9fyxyz+X88fs/h/I3/M4n9o/pjF/7D8MYv/4fljFv8j8scs/kfmj1n8j8ofs/gfnT9m8T8mf8zif2z+mMX/uPwxi//x+WMW/2/mj1n8T8gfs/ifmD9m8T8pf8zif3L+mMX/lPwxi/+38scs/t/OH7P4n5o/ZvE/LX/M4n96/pjF/4z8MYv/d/LHLP5n5o9Z/M/KH7P4n50/ZvH/bv6Yxf97+WMW/3Pyxyz+5+aPWfzPyx+z+J+fP2bxvyB/zOL//fwxi/8P8scs/j/MH7P4/yh/zOL/4/wxi/9P8scs/hfmj1n8L8ofs/j/NH/M4n9x/pjF/2f5Yxb/S/LHLP6X5o9Z/C/LH7P4X54/ZvG/In/M4n9l/pjF/6r8MYv/z/PHLP6/yB+z+P8yf8zi/6v8MYv/1fljFv9r8scs/r/OH7P4/yZ/zOJ/bf6Yxf+3+WMW/+vyxyz+1+ePWfxvyB+z+P8uf8zif2P+mMX/pvwxi//N+WMW/9/nj1n8/5A/ZvH/Y/6Yxf+W/DGL/5/yxyz+t+aPWfxvyx+z+N+eP2bxvyN/zOL/5/wxi/+d+WMW/7vyxyz+f8kfs/jfnT9m8f9r/pjF/2/5Yxb/v+ePWfz/kT9m8b8nf8zif2/+mMX/vvwxi//9+WMW/wfyxyz+U/LHLP4P5o9Z/B/KH7P4T80fk/jPOcgfs/gP5Y9Z/Eflj1n8Z8kfs/jPmj9m8R+dP2bxny1/zOI/e/6YxX+O/DGL/5z5Yxb/ufLHLP5z549Z/OfJH7P4z5s/ZvF/Wv6YxX++/DGL/5j8MYv//PljFv+x+WMW/wXyxyz+C+aPWfyfnj9m8X9G/pjF/5n5Yxb/hfLHLP7Pyh+z+C+cP2bxf3b+mMX/OfljFv9F8scs/s/NH7P4Py9/zOI/Ln/M4v/8/DGL/wvyxyz+L8wfs/gvmj9m8V8sf8zi/6L8MYv/4vljFv8l8scs/i/OH7P4vyR/zOL/0vwxi//L8scs/kvmj1n8X54/ZvFfKn/M4r90/pjFf5n8MYv/svljFv/l8scs/svnj1n8X5E/ZvFfIX/M4r9i/pjFf6X8MYv/yvljFv9X5o9Z/FfJH7P4r5o/ZvF/Vf6Yxf/V+WMW/9fkj1n8x+ePWfwn5I9Z/Cfmj1n8V8sfs/ivnj9m8V8jf8ziPyl/zOI/OX/M4r9m/pjFf638MYv/a/PHLP6vyx+z+K+dP2bxXyd/zOK/bv6Yxf/1+WMW//Xyxyz+b8gfs/ivnz9m8d8gf8ziv2H+mMV/o/wxi/8b88cs/hvnj1n8N8kfs/i/KX/M4v/m/DGL/1vyxyz+b80fs/i/LX/M4v/2/DGL/zvyxyz+m+aPWfw3yx+z+G+eP2bxf2f+mMV/i/wxi/+W+WMW/63yxyz+W+ePWfzflT9m8d8mf8zi/+78MYv/e/LHLP7b5o9Z/LfLH7P4b58/ZvHfIX/M4v/e/DGL//vyxyz+O+aPWfzfnz9m8d8pf8zi/4H8MYv/B/PHLP4fyh+z+O+cP2bx3yV/zOK/a/6Yxf/D+WMW/4/kj1n8P5o/ZvHfLX/M4v+x/DGL/+75Yxb/PfLHLP575o9Z/D+eP2bx/0T+mMV/r/wxi/8n88cs/nvnj1n8P5U/ZvH/dP6YxX+f/DGL/775Yxb//fLHLP6fyR+z+H82f8zi/7n8MYv//vljFv8D8scs/p/PH7P4H5g/ZvE/KH/M4v+F/DGL/8H5Yxb/Q/LHLP5fzB+z+H8pf8zi/+X8MYv/V/LHLP5fzR+z+H8tf8zi//X8MYv/N/LHLP6H5o9Z/A/LH7P4H54/ZvE/In/M4n9k/pjF/6j8MYv/0fljFv9j8scs/sfmj1n8j8sfs/gfnz9m8f9m/pjF/4T8MYv/ifljFv+T8scs/ifnj1n8T8kfs/h/K3/M4v/t/DGL/6n5Yxb/0/LHLP6n549Z/M/IH7P4fyd/zOJ/Zv6Yxf+s/DGL/9n5Yxb/7+aPWfy/lz9m8T8nf8zif27+mMX/vPwxi//5+WMW/wvyxyz+388fs/j/IH/M4v/D/DGL/4/yxyz+P84fs/j/JH/M4n9h/pjF/6L8MYv/T/PHLP4X549Z/H+WP2bxvyR/zOJ/af6Yxf+y/DGL/+X5Yxb/K/LHLP5X5o9Z/K/KH7P4/zx/zOL/i/wxi/8v88cs/r/KH7P4X50/ZvG/Jn/M4v/r/DGL/2/yxyz+1+aPWfx/mz/2WP/RT/Vw/v2ewP+6/DHL+X99/pjF/4b8MYv/7/LHLP435o9Z/G/KH7P435w/ZvH/ff6Yxf8P+WMW/z/mj1n8b8kfs/j/KX/M4n9r/pjF/7b8MYv/7fljFv878scs/n/OH7P435k/ZvG/K3/M4v+X/DGL/935Yxb/v+aPWfz/lj9m8f97/pjF/x/5Yxb/e/LHLP735o9Z/O/LH7P4358/ZvF/IH/M4j8lf8zi/2D+mMX/ofwxi//U/DGJ/1yD/DGL/1D+mMV/VP6YxX+W/DGL/6z5Yxb/0fljFv/Z8scs/rPnj1n858gfs/jPmT9m8Z8rf+y/33+OR97K//H99/s/3Fzz5I9Z/OfNH7P4Py1/zOI/X/6YxX9M/pjFf/78MYv/2Pwxi/8C+WMW/wXzxyz+T88fs/g/I3/M4v/M/DGL/0L5Yxb/Z+WPWfwXzh+z+D87f8zi/5z8MYv/IvljFv/n5o9Z/J+XP2bxH5c/ZvF/fv6Yxf8F+WMW/xfmj1n8F80fs/gvlj9m8X9R/pjFf/H8MYv/EvljFv8X549Z/F+SP2bxf2n+mMX/ZfljFv8l88cs/i/PH7P4L5U/ZvFfOn/M4r9M/pjFf9n8MYv/cvljFv/l88cs/q/IH7P4r5A/ZvFfMX/M4r9S/pjFf+X8MYv/K/PHLP6r5I9Z/FfNH7P4vyp/zOL/6vwxi/9r8scs/uPzxyz+E/LHLP4T88cs/qvlj1n8V88fs/ivkT9m8Z+UP2bxn5w/ZvFfM3/M4r9W/pjF/7X5Yxb/1+WPWfzXzh+z+K+TP2bxXzd/zOL/+vwxi/96+WMW/zfkj1n8188fs/hvkD9m8d8wf8ziv1H+mMX/jfljFv+N88cs/pvkj1n835Q/ZvF/c/6Yxf8t+WMW/7fmj1n835Y/ZvF/e/6Yxf8d+WMW/03zxyz+m+WPWfw3zx+z+L8zf8ziv0X+mMV/y/wxi/9W+WMW/63zxyz+78ofs/hvkz9m8X93/pjF/z35Yxb/bfPHLP7b5Y9Z/LfPH7P475A/ZvF/b/6Yxf99+WMW/x3zxyz+788fs/jvlD9m8f9A/pjF/4P5Yxb/D+WPWfx3zh+z+O+SP2bx3zV/zOL/4fwxi/9H8scs/h/NH7P475Y/ZvH/WP6YxX/3/DGL/x75Yxb/PfPHLP4fzx+z+H8if8ziv1f+mMX/k/ljFv+988cs/p/KH7P4fzp/zOK/T/6YxX/f/DGL/375Yxb/z+SPWfw/mz9m8f9c/pjFf//8MYv/AfljFv/P549Z/A/MH7P4H5Q/ZvH/Qv6Yxf/g/DGL/yH5Yxb/L+aPWfy/lD9m8f9y/pjF/yv5Yxb/r+aPWfy/lj9m8f96/pjF/xv5Yxb/Q/PHLP6H5Y9Z/A/PH7P4H5E/ZvE/Mn/M4n9U/pjF/+j8MYv/MfljFv9j88cs/sflj1n8j88fs/h/M3/M4n9C/pjF/8T8MYv/SfljFv+T88cs/qfkj1n8v5U/ZvH/dv6Yxf/U/DGL/2n5Yxb/0/PHLP5n5I9Z/L+TP2bxPzN/zOJ/Vv6Yxf/s/DGL/3fzxyz+38sfs/ifkz9m8T83f8zif17+mMX//Pwxi/8F+WMW/+/nj1n8f5A/ZvH/Yf6Yxf9H+WMW/x/nj1n8f5I/ZvG/MH/M4n9R/pjF/6f5Yxb/i/PHLP4/yx+z+F+SP2bxvzR/zOJ/Wf6Yxf/y/DGL/xX5Yxb/K/PHLP5X5Y9Z/H+eP2bx/0X+mMX/l/ljFv9f5Y9Z/K/OH7P4X5M/ZvH/df6Yxf83+WMW/2vzxyz+v80fs/hflz9m8b8+f8zif0P+mMX/d/ljFv8b88cs/jflj1n8b84fs/j/Pn/M4v+H/DGL/x/zxyz+t+SPWfz/lD9m8b81f8zif1v+mMX/9vwxi/8d+WMW/z/nj1n878wfs/jflT9m8f9L/pjF/+78MYv/X/PHLP5/yx+z+P89f8zi/4/8MYv/PfljFv9788cs/vflj1n8788fs/g/kD9m8Z+SP2bxfzB/zOL/UP6YxX9q/pjEf+5B/pjFfyh/zOI/Kn/M4j9L/pjFf9b8MYv/6Pwxi/9s+WMW/9nzxyz+c+SPWfznzB+z+M+VP2bxnzt/zOI/T/6YxX/e/DGL/9Pyxyz+8+WPWfzH5I9Z/OfPH7P4j80fs/gvkD9m8V8wf8zi//T8MYv/M/LHLP7PzB+z+C+UP2bxf1b+mMV/4fwxi/+z88cs/s/JH7P4L5I/ZvF/bv6Yxf95+WMW/3H5Yxb/5+ePWfxfkD9m8X9h/pjFf9H8MYv/YvljFv8X5Y9Z/BfPH7P4L5E/ZvF/cf6Yxf8l+WMW/5fmj1n8X5Y/ZvFfMn/M4v/y/DGL/1L5Yxb/pfPHLP7L5I9Z/JfNH7P4L5c/ZvFfPn/M4v+K/DGL/wr5Yxb/FfPHLP4r5Y9Z/FfOH7P4vzJ/zOK/Sv6YxX/V/DGL/6vyxyz+r84fs/i/Jn/M4j8+f8ziPyF/zOI/MX/M4r9a/pjFf/X8MYv/GvljFv9J+WMW/8n5Yxb/NfPHLP5r5Y9Z/F+bP2bxf13+mMV/7fwxi/86+WMW/3Xzxyz+r88fs/ivlz9m8X9D/pjFf/38MYv/BvljFv8N88cs/hvlj1n835g/ZvHfOH/M4r9J/pjF/035Yxb/N+ePWfzfkj9m8X9r/pjF/235Yxb/t+ePWfzfkT9m8d80f8ziv1n+mMV/8/wxi/8788cs/lvkj1n8t8wfs/hvlT9m8d86f8zi/678MYv/NvljFv93549Z/N+TP2bx3zZ/zOK/Xf6YxX/7/DGL/w75Yxb/9+aPWfzflz9m8d8xf8zi//78MYv/TvljFv8P5I9Z/D+YP2bx/1D+mMV/5/wxi/8u+WMW/13zxyz+H84fs/h/JH/M4v/R/DGL/275Yxb/j+WPWfx3zx+z+O+RP2bx3zN/zOL/8fwxi/8n8scs/nvlj1n8P5k/ZvHfO3/M4v+p/DGL/6fzxyz+++SPWfz3zR+z+O+XP2bx/0z+mMX/s/ljFv/P5Y9Z/PfPH7P4H5A/ZvH/fP6Yxf/A/DGL/0H5Yxb/L+SPWfwPzh+z+B+SP2bx/2L+mMX/S/ljFv8v549Z/L+SP2bx/2r+mMX/a/ljFv+v549Z/L+RP2bxPzR/zOJ/WP6Yxf/w/DGL/xH5Yxb/I/PHLP5H5Y9Z/I/OH7P4H5M/ZvE/Nn/M4n9c/pjF//j8MYv/N/PHLP4n5I9Z/E/MH7P4n5Q/ZvE/OX/M4n9K/pjF/1v5Yxb/b+ePWfxPzR+z+J+WP2bxPz1/zOJ/Rv6Yxf87+WMW/zPzxyz+Z+WPWfzPzh+z+H83f8zi/738MYv/OfljFv9z88cs/uflj1n8z88fs/hfkD9m8f9+/pjF/wf5Yxb/H+aPWfx/lD9m8f9x/pjF/yf5Yxb/C/PHLP4X5Y9Z/H+aP2bxvzh/zOL/s/wxi/8l+WMW/0vzxyz+l+WPWfwvzx+z+F+RP2bxvzJ/zOJ/Vf6Yxf/n+WMW/1/kj1n8f5k/ZvH/Vf6Yxf/q/DGL/zX5Yxb/X+ePWfx/kz9m8b82f8zi/9v8MYv/dfljFv/r88cs/jfkj1n8f5c/ZvG/MX/M4n9T/pjF/+b8MYv/7/PHLP5/yB+z+P8xf8zif0v+mMX/T/ljFv9b88cs/rflj1n8b88fs/jfkT9m8f9z/pjF/878MYv/XfljFv+/5I9Z/O/OH7P4/zV/zOL/t/wxi//f88cs/v/IH7P435M/ZvG/N3/M4n9f/pjF//78MYv/A/ljFv8p+WMW/wfzxyz+D+WPWfyn5o9J/OcZ5I9Z/Ifyxyz+o/LHLP6z5I9Z/GfNH7P4j84fs/jPlj9m8Z89f8ziP0f+mMV/zvwxi/9c+WMW/7nzxyz+8+SPWfznzR+z+D8tf8ziP1/+mMV/TP6YxX/+/DGL/9j8MYv/AvljFv8F88cs/k/PH7P4PyN/zOL/zPwxi/9C+WMW/2flj1n8F84fs/g/O3/M4v+c/DGL/yL5Yxb/5+aPWfyflz9m8R+XP2bxf37+mMX/BfljFv8X5o9Z/BfNH7P4L5Y/ZvF/Uf6YxX/x/DGL/xL5Yxb/F+ePWfxfkj9m8X9p/pjF/2X5Yxb/JfPHLP4vzx+z+C+VP2bxXzp/zOK/TP6YxX/Z/DGL/3L5Yxb/5fPHLP6vyB+z+K+QP2bxXzF/zOK/Uv6YxX/l/DGL/yvzxyz+q+SPWfxXzR+z+L8qf8zi/+r8MYv/a/LHLP7j88cs/hPyxyz+E/PHLP6r5Y9Z/FfPH7P4r5E/ZvGflD9m8Z+cP2bxXzN/zOK/Vv6Yxf+1+WMW/9flj1n8184fs/ivkz9m8V83f8zi//r8MYv/evljFv835I9Z/NfPH7P4b5A/ZvHfMH/M4r9R/pjF/435Yxb/jfPHLP6b5I9Z/N+UP2bxf3P+mMX/LfljFv+35o9Z/N+WP2bxf3v+mMX/HfljFv9N88cs/pvlj1n8N88fs/i/M3/M4r9F/pjFf8v8MYv/VvljFv+t88cs/u/KH7P4b5M/ZvF/d/6Yxf89+WMW/23zxyz+2+WPWfy3zx+z+O+QP/aI/1Yn/1f7vzd/zHL+vy9/zOK/Y/6Yxf/9+WMW/53yxyz+H8gfs/h/MH/M4v+h/DGL/875Yxb/XfLHLP675o9Z/D+cP2bx/0j+mMX/o/ljFv/d8scs/h/LH7P4754/ZvHfI3/M4r9n/pjF/+P5Yxb/T+SPWfz3yh+z+H8yf8ziv3f+mMX/U/ljFv9P549Z/PfJH7P475s/ZvHfL3/M4v+Z/DGL/2fzxyz+n8sfs/jvnz9m8T8gf8zi//n8MYv/gfljFv+D8scs/l/IH7P4H5w/ZvE/JH/M4v/F/DGL/5fyxyz+X84fs/h/JX/M4v/V/DGL/9fyxyz+X88fs/h/I3/M4n9o/pjF/7D8MYv/4fljFv8j8scs/kfmj1n8j8ofs/gfnT9m8T8mf8zif2z+mMX/uPwxi//x+WMW/2/mj1n8T8gfs/ifmD9m8T8pf8zif3L+mMX/lPwxi/+38scs/t/OH7P4n5o/ZvE/LX/M4n96/pjF/4z8MYv/d/LHLP5n5o9Z/M/KH7P4n50/ZvH/bv6Yxf97+WMW/3Pyxyz+5+aPWfzPyx+z+J+fP2bxvyB/zOL//fwxi/8P8scs/j/MH7P4/yh/zOL/4/wxi/9P8scs/hfmj1n8L8ofs/j/NH/M4n9x/pjF/2f5Yxb/S/LHLP6X5o9Z/C/LH7P4X54/ZvG/In/M4n9l/pjF/6r8MYv/z/PHLP6/yB+z+P8yf8zi/6v8MYv/1fljFv9r8scs/r/OH7P4/yZ/zOJ/bf6Yxf+3+WMW/+vyxyz+1+ePWfxvyB+z+P8uf8zif2P+mMX/pvwxi//N+WMW/9/nj1n8/5A/ZvH/Y/6Yxf+W/DGL/5/yxyz+t+aPWfxvyx+z+N+eP2bxvyN/zOL/5/wxi/+d+WMW/7vyxyz+f8kfs/jfnT9m8f9r/pjF/2/5Yxb/v+ePWfz/kT9m8b8nf8zif2/+mMX/vvwxi//9+WMW/wfyxyz+U/LHLP4P5o9Z/B/KH7P4T80fk/jPO8gfs/gP5Y9Z/Eflj1n8Z8kfs/jPmj9m8R+dP2bxny1/zOI/e/6YxX+O/DGL/5z5Yxb/ufLHLP5z549Z/OfJH7P4z5s/ZvF/Wv6YxX++/DGL/5j8MYv//PljFv+x+WMW/wXyxyz+C+aPWfyfnj9m8X9G/pjF/5n5Yxb/hfLHLP7Pyh+z+C+cP2bxf3b+mMX/OfljFv9F8scs/s/NH7P4Py9/zOI/Ln/M4v/8/DGL/wvyxyz+L8wfs/gvmj9m8V8sf8zi/6L8MYv/4vljFv8l8scs/i/OH7P4vyR/zOL/0vwxi//L8scs/kvmj1n8X54/ZvFfKn/M4r90/pjFf5n8MYv/svljFv/l8scs/svnj1n8X5E/ZvFfIX/M4r9i/pjFf6X8MYv/yvljFv9X5o9Z/FfJH7P4r5o/ZvF/Vf6Yxf/V+WMW/9fkj1n8x+ePWfwn5I9Z/Cfmj1n8V8sfs/ivnj9m8V8jf8ziPyl/zOI/OX/M4r9m/pjFf638MYv/a/PHLP6vyx+z+K+dP2bxXyd/zOK/bv6Yxf/1+WMW//Xyxyz+b8gfs/ivnz9m8d8gf8ziv2H+mMV/o/wxi/8b88cs/hvnj1n8N8kfs/i/KX/M4v/m/DGL/1vyxyz+b80fs/i/LX/M4v/2/DGL/zvyxyz+m+aPWfw3yx+z+G+eP2bxf2f+mMV/i/wxi/+W+WMW/63yxyz+W+ePWfzflT9m8d8mf8zi/+78MYv/e/LHLP7b5o9Z/LfLH7P4b58/ZvHfIX/M4v/e/DGL//vyxyz+O+aPWfzfnz9m8d8pf8zi/4H8MYv/B/PHLP4fyh+z+O+cP2bx3yV/zOK/a/6Yxf/D+WMW/4/kj1n8P5o/ZvHfLX/M4v+x/DGL/+75Yxb/PfLHLP575o9Z/D+eP2bx/0T+mMV/r/wxi/8n88cs/nvnj1n8P5U/ZvH/dP6YxX+f/DGL/775Yxb//fLHLP6fyR+z+H82f8zi/7n8MYv//vljFv8D8scs/p/PH7P4H5g/ZvE/KH/M4v+F/DGL/8H5Yxb/Q/LHLP5fzB+z+H8pf8zi/+X8MYv/V/LHLP5fzR+z+H8tf8zi//X8MYv/N/LHLP6H5o9Z/A/LH7P4H54/ZvE/In/M4n9k/pjF/6j8MYv/0fljFv9j8scs/sfmj1n8j8sfs/gfnz9m8f9m/pjF/4T8MYv/ifljFv+T8scs/ifnj1n8T8kfs/h/K3/M4v/t/DGL/6n5Yxb/0/LHLP6n549Z/M/IH7P4fyd/zOJ/Zv6Yxf+s/DGL/9n5Yxb/7+aPWfy/lz9m8T8nf8zif27+mMX/vPwxi//5+WMW/wvyxyz+388fs/j/IH/M4v/D/DGL/4/yxyz+P84fs/j/JH/M4n9h/pjF/6L8MYv/T/PHLP4X549Z/H+WP2bxvyR/zOJ/af6Yxf+y/DGL/+X5Yxb/K/LHLP5X5o9Z/K/KH7P4/zx/zOL/i/wxi/8v88cs/r/KH7P4X50/ZvG/Jn/M4v/r/DGL/2/yxyz+1+aPWfx/mz9m8b8uf8zif33+mMX/hvwxi//v8scs/jfmj1n8b8ofs/jfnD9m8f99/pjF/w/5Yxb/P+aPWfxvyR+z+P8pf8zif2v+mMX/tvwxi//t+WMW/zvyxyz+f84fs/jfmT9m8b8rf8zi/5f8MYv/3fljFv+/5o9Z/P+WP2bx/3v+mMX/H/ljFv978scs/vfmj1n878sfs/jfnz9m8X8gf8ziPyV/zOL/YP6Yxf+h/DGL/9T8MYn/0wb5Yxb/ofwxi/+o/DGL/yz5Yxb/WfPHLP6j88cs/rPlj1n8Z88fs/jPkT9m8Z8zf8ziP1f+mMV/7vwxi/88+WMW/3nzxyz+T8sfs/jPlz9m8R+TP2bxnz9/zOI/Nn/M4r9A/pjFf8H8MYv/0/PHLP7PyB+z+D8zf8ziv1D+mMX/WfljFv+F88cs/s/OH7P4Pyd/zOK/SP6Yxf+5+WMW/+flj1n8x+WPWfyfnz9m8X9B/pjF/4X5Yxb/RfPHLP6L5Y9Z/F+UP2bxXzx/zOK/RP6Yxf/F+WMW/5fkj1n8X5o/ZvF/Wf6YxX/J/DGL/8vzxyz+S+WPWfyXzh+z+C+TP2bxXzZ/zOK/XP6YxX/5/DGL/yvyxyz+K+SPWfxXzB+z+K+UP2bxXzl/zOL/yvwxi/8q+WMW/1Xzxyz+r8ofs/i/On/M4v+a/DGL//j8MYv/hPwxi//E/DGL/2r5Yxb/1UX+c/wL61r81xD5/ytZ/Cflj1n8J+ePWfzXzB+z+K+VP2bxf23+mMX/dfljFv+188cs/uvkj1n8180fs/i/Pn/M4r9e/pjF/w35Yxb/9fPHLP4b5I9Z/DfMH7P4b5Q/ZvF/Y/6YxX/j/DGL/yb5Yxb/N+WPWfzfnD9m8X9L/pjF/635Yxb/t+WPWfzfnj9m8X9H/pjFf9P8MYv/ZvljFv/N88cs/u/MH7P4b5E/ZvHfMn/M4r9V/pjFf+v8MYv/u/LHLP7b5I9Z/N+dP2bxf0/+mMV/2/wxi/92+WMW/+3zxyz+O+SPWfzfmz9m8X9f/pjFf8f8MYv/+/PHLP475Y9Z/D+QP2bx/2D+mMX/Q/ljFv+d88cs/rvkj1n8d80fs/h/OH/M4v+R/DGL/0fzxyz+u+WPWfw/lj9m8d89f8ziv0f+mMV/z/wxi//H88cs/p/IH7P475U/ZvH/ZP6YxX/v/DGL/6fyxyz+n84fs/jvkz9m8d83f8ziv1/+mMX/M/ljFv/P5o9Z/D+XP2bx3z9/zOJ/QP6Yxf/z+WMW/wPzxyz+B+WPWfy/kD9m8T84f8zif0j+mMX/i/ljFv8v5Y9Z/L+cP2bx/0r+mMX/q/ljFv+v5Y9Z/L+eP2bx/0b+mMX/0Pwxi/9h+WMW/8Pzxyz+R+SPWfyPzB+z+B+VP2bxPzp/zOJ/TP6Yxf/Y/DGL/3H5Yxb/4/PHLP7fzB+z+J+QP2bxPzF/zOJ/Uv6Yxf/k/DGL/yn5Yxb/b+WPWfy/nT9m8T81f8zif1r+mMX/9Pwxi/8Z+WMW/+/kj1n8z8wfs/iflT9m8T87f8zi/938MYv/9/LHLP7n5I9Z/M/NH7P4n5c/ZvE/P3/M4n9B/pjF//v5Yxb/H+SPWfx/mD9m8f9R/pjF/8f5Yxb/n+SPWfwvzB+z+F+UP2bx/2n+mMX/4vwxi//P8scs/pfkj1n8L80fs/hflj9m8b88f8zif0X+mMX/yvwxi/9V+WMW/5/nj1n8f5E/ZvH/Zf6Yxf9X+WMW/6vzxyz+1+SPWfx/nT9m8f9N/pjF/9r8MYv/b/PHLP7X5Y9Z/K/PH7P435A/ZvH/Xf6Yxf/G/DGL/035Yxb/m/PHLP6/zx+z+P8hf8zi/8f8MYv/LfljFv8/5Y9Z/G/NH7P435Y/ZvG/PX/M4n9H/pjF/8/5Yxb/O/PHLP535Y9Z/P+SP2bxvzt/zOL/1/wxi//f8scs/n/PH7P4/yN/zOJ/T/6Yxf/e/DGL/335Yxb/+/PHLP4P5I9Z/Kfkj1n8H8wfs/g/lD9m8Z+aPybxn2+QP2bxH8ofs/iPyh+z+M+SP2bxnzX/xzTLyKPFf3T+mMV/tvwxi//s+WMW/znyxyz+c+aPWfznyh+z+M+dP2bxnyd/zOI/b/6Yxf9p+WMW//nyxyz+Y/LHLP7z549Z/Mfmj1n8F8gfs/gvmD9m8X96/pjF/xn5Yxb/Z+aPWfwXyh+z+D8rf8ziv3D+mMX/2fljFv/n5I9Z/BfJH7P4Pzd/zOL/vPwxi/+4/DGL//Pzxyz+L8gfs/i/MH/M4r9o/pjFf7H8MYv/i/LHLP6L549Z/JfIH7P4vzh/zOL/kvwxi/9L88cs/i/LH7P4L5k/ZvF/ef6YxX+p/DGL/9L5Yxb/ZfLHLP7L5o9Z/JfLH7P4L58/ZvF/Rf6YxX+F/DGL/4r5Yxb/lfLHLP4r549Z/F+ZP2bxXyV/zOK/av6Yxf9V+WMW/1fnj1n8X5M/ZvEfnz9m8Z+QP2bxn5g/ZvFfLX/M4r96/pjFf438MYv/pPwxi//k/DGL/5r5Yxb/tfLHLP6vzR+z+L8uf8ziv3b+mMV/nfwxi/+6+WMW/9fnj1n818sfs/i/IX/M4r9+/pjFf4P8MYv/hvljFv+N8scs/m/MH7P4b5w/ZvHfJH/M4v+m/DGL/5vzxyz+b8kfs/i/NX/M4v+2/DGL/9vzxyz+78gfs/hvmj9m8d8sf8ziv3n+mMX/nfljFv8t8scs/lvmj1n8t8ofs/hvnT9m8X9X/pjFf5v8MYv/u/PHLP7vyR+z+G+bP2bx3y5/zOK/ff6YxX+H/DGL/3vzxyz+78sfs/jvmD9m8X9//pjFf6f8MYv/B/LHLP4fzB+z+H8of8ziv3P+mMV/l/wxi/+u+WMW/w/nj1n8P5I/ZvH/aP6YxX+3/DGL/8fyxyz+u+ePWfz3yB+z+O+ZP2bx///Yo6cEUAgACIDZeNm2bdu2bdv1kW3btm3btm3zAnuCduYKc6D/qOX/IP9Ry//B/qOW/0P8Ry3/h/qPWv4P8x+1/B/uP2r5P8J/1PJ/pP+o5f8o/1HL/9H+o5b/Y/xHLf/H+o9a/o/zH7X8H+8/avk/wX/U8n+i/6jl/yT/Ucv/yf6jlv9T/Ect/6f6j1r+T/Mftfyf7j9q+T/Df9Tyf6b/qOX/LP9Ry//Z/qOW/3P8Ry3/5/qPWv7P8x+1/J/vP2r5v8B/1PJ/of+o5f8i/1HL/8X+o5b/S/xHLf+X+o9a/i/zH7X8X+4/avm/wn/U8n+l/6jl/yr/Ucv/1f6jlv9r/Ect/9f6j1r+r/Mftfxf7z9q+b/Bf9Tyf6P/qOX/Jv9Ry//N/qOW/1v8Ry3/t/qPWv5v8x+1/N/uP2r5v8N/1PJ/p/+o5f8u/1HL/93+o5b/e/xHLf/3+o9a/u/zH7X83+8/avl/wH/U8v+g/6jl/yH/Ucv/w/6jlv9H/Ect/4/6j1r+H/Mftfw/7j9q+X/Cf9Ty/6T/qOX/Kf9Ry//T/qOW/2f8Ry3/z/qPWv6f8x+1/D/vP2r5f8F/1PL/ov+o5f8l/1HL/8v+o5b/V/xHLf+v+o9a/l/zH7X8v+4/avl/w3/U8v+m/6jl/y3/Ucv/2/6jlv93/Ect/+/6j1r+3/Mftfy/7z9q+f/Af9Ty/6H/qOX/I/9Ry//H/qOW/0/8Ry3/n/qPWv4/8x+1/H/uP2r5/8J/1PL/pf+o5f8r/1HL/9f+o5b/b/xHLf/f+o9a/r/zH7X8f+8/avn/wX/U8v+j/6jl/yf/Ucv/z/6jlv9f/Ect/7/6j1r+f/Mftfz/7j9q+f/Df9Ty/6f/qOX/L/9Ry//f/qOW/3/8Ry3///qPSv4HDOQ/avkf2H/U8j+I/6jlf1D/Ucv/YP6jlv/B/Uct/0P4j1r+h/QftfwP5T9q+R/af9TyP4z/qOV/WP9Ry/9w/qOW/+H9Ry3/I/iPWv5H9B+1/A/wH7X8j+Q/avkf2X/U8j+K/6jlf1T/Ucv/aP6jlv/R/Uct/2P4j1r+x/QftfyP5T9q+R/bf9TyP47/qOV/XP9Ry/94/qOW//H9Ry3/E/iPWv4n9B+1/E/kP2r5n9h/1PI/if+o5X9S/1HL/2T+o5b/yf1HLf9T+I9a/qf0H7X8T+U/avmf2n/U8j+N/6jlf1r/Ucv/dP6jlv/p/Uct/zP4j1r+Z/QftfzP5D9q+Z/Zf9TyP4v/qOV/Vv9Ry/9s/qOW/9n9Ry3/c/iPWv7n9B+1/M/lP2r5n9t/1PI/j/+o5X9e/1HL/3z+o5b/+f1HLf8L+I9a/hf0H7X8L+Q/avlf2H/U8r+I/6jlf1H/Ucv/Yv6jlv/F/Uct/0v4j1r+l/Qftfwv5T9q+V/af9Tyv4z/qOV/Wf9Ry/9y/qOW/+X9Ry3/K/iPWv5X9B+1/K/kP2r5X9l/1PK/iv+o5X9V/1HL/2r+o5b/1f1HLf9r+I9a/tf0H7X8r+U/avlf23/U8r+O/6jlf13/Ucv/ev6jlv/1/Uct/xv4j1r+N/Qftfxv5D9q+d/Yf9Tyv4n/qOV/U/9Ry/9m/qOW/839Ry3/W/iPWv639B+1/G/lP2r539p/1PK/jf+o5X9b/1HL/3b+o5b/7f1HLf87+I9a/nf0H7X87+Q/avnf2X/U8r+L/6jlf1f/Ucv/bv6jlv/d/Uct/3v4j1r+9/Qftfzv5T9q+d/bf9Tyv4//qOV/X/9Ry/9+/qOW//39Ry3/B/iP/nf/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAf+zbbWydZeHH8bvbOsb+/JMRF1yGJptcKCTCbPeQ8YKwydhWB914HgMc3dqNjXabXYddAffwYhIhPEgyyRIlypahhJnQSAwEK4ho0EVNNPgAiEIUjRMh6Ja4WHPa09Ieu8Zz1etalM/nRc+577Pfva3Jd/e9wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/ns1NC48Mr5m2KnxQw8+eLil73XO0ZU3H/htz4UDr+WPl41wyXFDD3p7e3vnPDd7R/nwlKIoSj/bzvLxpMpx6fo767/Q2X8UFvS8tOT4lJ83Hjmw5vRH6rqP3l/bd7a2uGndhtaWj40rinBxbdFZOqirKYqwuLa4r3RQXzpYUls8UjqY3XdwavHt0sH5aze3NpdOLI3+nsH/iobGncX4YcUWw/40GNr/zvpv3TnwOsolB642oSj3f0XX99+q+GzACfofuH5YWNl/1b9B4ISq6/+FBQOvo1zyX+7/k59a9cpIn524/4Hrh4/rH9IZ4fl/WKOVz/0Vz/8zRrjk4P6qmq7jpf4vve3ZmeVTE/6d5/93rx8urux/3LDn/9Jz/KKB5/9TiiJcMsZvB7ynNDTuOjLa/X/0/idMr9jUDO3/jPbN+0v9P77ke0+UT9VW2f+iUe7/45ZW/FqB6jQ0frm34v5fRf/FR0a45GD/bz/x64dL/T/2+wfOHPJZNf1fUtn/rI62LbO2bu86b0Nb0/qW9S2b6mbPnzOvvm7eBXNn9T0S9H8d43cF3hvGdv8vJldsaoqiZXB/TfeBp0v9z33wwTnlU5Oq7H/xqPf/Ge7/MKIPjSsmTiw6mzo62uv6vw4c1vd/7f9hI/Rfxd//zzqn/MNqy681RTFtcH/XmXevKPX/zqFnd5dPTayy/yWj9r9g8OcFIozx/t9csRnW/8FDL/U9/y+79+AZ5VPV/v1/6aj9v+r+D2PR0FjxP/z8h5X631VcFtlpaPDf/yCdHP0/9s4NPXHr8An9Qzo5+v/d546eG7cOy/QP6eTof8LGB56PW4dL9Q/p5Oh/+dT5K+LW4TL9Qzo5+l/76rl/jluHRv1DOjn6P+dLuzvj1mG5/iGdHP0/1D5nW9w6rNA/pJOj/5+e9tBrcetwuf4hnRz9Hzt2z41x63CF/iGdHP137zn7B3HrcKX+IZ0c/V++bmGIW4er9A/p5Oh/+rQ/Ph63DlfrH9LJ0f+8P/39tLh1uEb/kE6O/u/4/Ip9cetwrf4hnRz9j7/+lRfj1mGl/iGdHP0vPXvbwrh1uE7/kE6O/pt/0twbtw6r9A/p5Oh/1td/tCFuHa7XP6STo//Dyx/dE7cON+gf0snR/566YkrcOtyof0gnR/9f++7ph+LW4ZP6h3Ry9P+bp56cH7cOq/UP6eTo/7kP3P6NuHW4Sf+QTo7+713z4llx69Ckf0gnR/8P733+i3HrsEb/kE6O/t94o+3/4tZhrf4hnRz9T5506utx69Csf0gnR/8Lb/1Ke9w6tOgf0snRf9vu7h/GrcM6/UM6Ofr/8PFpq+LWYb3+IZ0c/a+cu/f9cetws/4hnRz9v2/Zhbvi1mGD/iGdHP1f1PPRi+LWYaP+IZ0c/Xc889mvxq3DLfqHdHL0v3fma4vj1qFV/5BOjv5fXr30x3Hr0KZ/SCdH/289et2muHXYpH9IJ0f/T/7s7WNx67BZ/5BOjv7//4JFf41bhy36h3Ry9L94yZtr49bhU/qHdHL0v7H7Hy/HrUO7/iGdHP3PPHz1srh12Kp/SCdH/985r25/3Dp06B/SydH/nVfuq49bh236h3Ry9L//4F13x63DrfqHdHL0/+YvZkyPW4dP6x/SydH//VMOXRu3Dp36h3Ry9P/LTbXPxK3Ddv1DOjn6/9u+qTvi1qFL/5BOjv6ffr3nD3HrcJv+IZ0c/a+e8KuJcetwu/4hnRz9T+3acl/cOtyhf0gnR//z72k6P24dPqN/SCdH/1v/8sI349Zhh/4hna3bu25pam1taffGG2+8GXxzsv9kAlJ7N/qT/SsBAAAAAAAAAAAAAABOJMc/JzrZv0cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+yQ4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRC9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBXAAAA//+O1eBI") open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x26e1, 0x0) pipe(&(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) splice(r0, 0x0, r2, 0x0, 0x88000cc, 0x0) write$eventfd(r1, &(0x7f0000000240), 0xffffff14) 5.158740757s ago: executing program 1 (id=1527): r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r1 = socket$unix(0x1, 0x2, 0x0) r2 = socket$unix(0x1, 0x2, 0x0) connect$unix(r2, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r2, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x3ec0) connect$unix(r1, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) ppoll(&(0x7f0000000200)=[{r1, 0xc210}, {r2, 0x116}], 0x2, 0x0, 0x0, 0x0) readv(r0, &(0x7f0000000000)=[{&(0x7f00000003c0)=""/150, 0x96}], 0x1) 4.91844909s ago: executing program 7 (id=1529): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9) r1 = eventfd2(0x0, 0x0) io_setup(0x6, &(0x7f0000000140)=0x0) io_submit(r2, 0x1, &(0x7f00000000c0)=[&(0x7f0000000000)={0x1802, 0x0, 0x0, 0x5, 0x5, r0, 0x0, 0x0, 0x0, 0x0, 0x3, r1}]) r3 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000480)={'bridge0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2c}}, 0x14) sendto$inet6(r0, &(0x7f0000000800)="4103082c1116480401020200c52cf7c25975e005b02f000006892f000300897c6b118777faffffff3066090cb600c5471d130a66321a54e7df305fbe258161b6fd8f2428652265d94c6fdbaefc57376a57c2feffff188be9427c323ef024a37016d2a7f9ab6e7941a6fc4f95aa73c1dfff4941f6503b5bd8c91db22cd33795481c94085fa12cdc679ac2a5d7b5d99b93fb07acb0da680e78b74c74aae8d7690d5986a9af81622a0ac210bc7b5ca5fed11cb54d046642670041e846bb184ff5d39fe8516d2d2a8d84e6e7dfcb2b8a8023444db513a3d7a124b59f0a5cd36489dbbb75cce3145d0ea3c3aa21af7cbcbc7a7575db782e757ca543109f5ddcec4930aa91f4119ea3d1f56140cb86cfe0724b23904ef5d05c725ee23918a502b1afe09fb0757d", 0xfc13, 0x880, 0x0, 0xfffffffffffffef0) 4.538915457s ago: executing program 1 (id=1531): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000480)=ANY=[@ANYBLOB="1500000065ffff097b00000800395032303030"], 0x15) r2 = dup(r1) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001900)=@base={0x9, 0x4, 0x7fe5, 0x1}, 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000580)='kmem_cache_free\x00', r4}, 0x18) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) 4.272197339s ago: executing program 7 (id=1532): socket$kcm(0x10, 0x2, 0x0) r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000300), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000040)=0x1800, 0x4) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r2, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0) syz_usb_connect(0x0, 0x3f, 0x0, 0x0) 4.00948778s ago: executing program 3 (id=1534): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000010000850000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) sendmsg$nl_route_sched(r0, 0x0, 0x0) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x90, 0x0, 0x7, {0xfffffffffffffffc, 0x0, 0x1, 0xffff, 0xfffffff8, 0x200, {0x6, 0x40000000005, 0xb5b, 0x400000d, 0x1000, 0x0, 0x7d59, 0x7fff, 0x480, 0x2000, 0x10001, 0x0, 0x0, 0xa0f, 0x2}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x4001}, 0xfea3) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c0000005e000102"], 0x1c}}, 0x0) 3.753488378s ago: executing program 1 (id=1535): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r3, {0x0, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0xfffffffd, 0x400, 0x20000008, 0x6, 0x7}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x10}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000700)={0x0, 0x1e5, &(0x7f00000006c0)={&(0x7f0000000440)=@deltaction={0x28, 0x32, 0x101, 0x0, 0x0, {}, [@TCA_ACT_TAB={0x14, 0x1, [{0x10, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}]}]}, 0x28}}, 0x0) 3.568132667s ago: executing program 4 (id=1536): sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r0 = socket(0x2a, 0x2, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0x6}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x1a3, 0x655c, 0x4, 0x40, 0x7fffffff, 0x7fffffff, 0x80, 0xffffffff, 0x1}}}}]}, 0x58}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=@newtfilter={0x50, 0x2c, 0xd27, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r1, {0xe}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_flower={{0xb}, {0x20, 0x2, [@TCA_FLOWER_KEY_CT_LABELS={0x14, 0x61, "17184b82875cdbd656f60b992bd954c8"}, @TCA_FLOWER_KEY_CT_MARK={0x8, 0x5f, 0x40}]}}]}, 0x50}}, 0x4000) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x4c}}, 0x0) 3.391462771s ago: executing program 3 (id=1537): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f00000013c0)=0x80000000001, 0x4) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f00000002c0)="e8", 0xfffffffffffffd79, 0x2000c850, 0x0, 0x4d) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(r0, r1, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffc000/0x4000)=nil, 0xc00, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x5a}, &(0x7f0000001380)=0x40) 2.830053444s ago: executing program 3 (id=1538): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000240)=0x9, 0x4) bind$inet6(r0, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x31, &(0x7f0000001600), 0x4) r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f0000000200)=[{&(0x7f0000000400)="580000001500add427323b472545b4560a117fffffff81000e220e227f000008925aa80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000240)=0x9, 0x4) bind$inet6(r2, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) 2.71906003s ago: executing program 4 (id=1539): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), 0xffffffffffffffff) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$MAP_LOOKUP_ELEM(0x2, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$ETHTOOL_MSG_LINKINFO_GET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000640)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001a0000000c00018008000100", @ANYRES32=r4], 0x20}, 0x1, 0x0, 0x0, 0x4000800}, 0x0) 2.437629163s ago: executing program 1 (id=1540): socket$nl_generic(0x10, 0x3, 0x10) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='mmap_lock_acquire_returned\x00', r1}, 0x18) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0) 2.381646223s ago: executing program 3 (id=1541): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000006000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d6c2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x2, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @pic={0x9, 0x7, 0x1, 0x4, 0x2, 0x1, 0x1, 0xff, 0x5, 0x0, 0xe, 0x9, 0xa, 0x2, 0xd, 0x5}}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x6, 0x7, 0x5, 0x180, 0x0, 0x0, 0xf1, 0x9, 0x8, 0x5, 0x0, 0x9, 0x0, 0x0, 0x0, 0xbd9], 0x1, 0x3c4212}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.134413221s ago: executing program 4 (id=1542): setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x27, 0x0, 0x0) r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000003d40), 0x4) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_mreq(r1, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8) syz_emit_ethernet(0x3e, &(0x7f0000000040)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x20, 0xfc, 0x2, 0x0, @rand_addr=0x1c, @multicast1=0xe0000300}, @dest_unreach={0x3, 0x6, 0x0, 0x0, 0xfa, 0x9, {0x5, 0x4, 0x0, 0x3d, 0xfff6, 0x65, 0x5, 0x1, 0x4, 0x3, @private=0xa010102, @local}}}}}}, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC_PROXY(r2, 0x0, 0xd2, &(0x7f00000000c0)={@multicast1=0x1c, @empty=0xe0000300, 0x0, "fc79348df081496d0420922f45a71c1daa8b610468cd140526c41efcd3a4a422", 0x3, 0x1, 0x85}, 0x3c) 2.075995349s ago: executing program 6 (id=1543): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000200)={@dev}, 0x14) r1 = socket$inet6(0xa, 0x80002, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x200c8004, &(0x7f00000000c0)={0xa, 0xe1d, 0x0, @mcast2}, 0x1c) sendto$inet6(r1, &(0x7f00000009c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab5809ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358ac21154159130e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b75d78f1b79f5a6bb6f0645e267770ef7e8f3a92148091217450ce8581e54223eeb6486205a209bf1fe854d211c03f8c3140fc3979d824082990d119473d20e94f253c9621fac339560ae46cb24b88bf2d01559bb658e343257b90f233b81bc5c398be3bbddb23a1e", 0xffd6, 0xc001, 0x0, 0xffffffffffffff0c) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x3, 0x4) setsockopt$inet6_udp_int(r1, 0x88, 0x1, &(0x7f0000000080), 0x4) 1.759144447s ago: executing program 7 (id=1544): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in={0x2, 0x4e21, @loopback}], 0x10) sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000000)="fd", 0x1}], 0x1, 0x0, 0x0, 0x804c044}, 0x881) r1 = dup(r0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x106, 0x2}}, 0x20) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r1, &(0x7f0000000180)={0x4, 0x8, 0xfa00, {0xffffffffffffffff, 0x4}}, 0x29fdf) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r1, &(0x7f00000000c0)={0x4, 0x8, 0xfa00, {0xffffffffffffffff, 0x5}}, 0xfd87) setsockopt$inet_sctp_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000040)={0x2, 0x6, 0x2, 0x40, 0x4, 0x6, 0x49, 0x1, 0xfc, 0xa, 0x4, 0x7, 0xc9, 0x68}, 0xe) 1.526338106s ago: executing program 4 (id=1545): bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x0, 0x0, &(0x7f00000001c0)='GPL\x00', 0xfffffffa, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) r0 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x0, 0x400, 0x2, 0x332}, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) r3 = socket(0x2a, 0x2, 0x0) getsockname$packet(r3, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_OPENAT={0x12, 0x7c, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x148, 0x10000, 0x12345}) io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0) 1.258571521s ago: executing program 6 (id=1546): socket(0x40000000015, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) setrlimit(0x4, &(0x7f0000000180)={0x3b}) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000002c0)="2e00000010008188040f80ec59acbc0413010048100000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r1 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x38, 0x1403, 0x1, 0x70bd2a, 0x25dfdbfe, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'bond0\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x20000000) 1.154732321s ago: executing program 7 (id=1547): r0 = io_uring_setup(0x17ba, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1}) close_range(r0, 0xffffffffffffffff, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r1, &(0x7f0000000180)={0x28, 0x0, 0x2710}, 0x10) listen(r1, 0x0) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r2, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) 839.311476ms ago: executing program 3 (id=1548): sendmsg$rds(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440), 0x0, 0x0, 0x0, 0x20000800}, 0x4000008) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in={{0x2, 0x0, @empty}}, 0x5, 0x12, 0x0, 0x3}, 0x9c) r0 = syz_io_uring_setup(0x466c, &(0x7f0000000280)={0x0, 0x0, 0x10100}, &(0x7f00000000c0)=0x0, &(0x7f0000000140)=0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB='3'], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RENAMEAT={0x23, 0x30, 0x0, r3, 0x0, 0x0, r3}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_SYNC_CANCEL(r0, 0x18, &(0x7f0000000100)={0x7fff, r3, 0x4, {0x101}, 0x1}, 0x1) 743.4856ms ago: executing program 1 (id=1549): r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000003d40), 0x4) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_mreq(r1, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8) syz_emit_ethernet(0x3e, &(0x7f0000000040)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x20, 0xfc, 0x2, 0x0, @rand_addr=0x1c, @multicast1=0xe0000300}, @dest_unreach={0x3, 0x6, 0x0, 0x0, 0xfa, 0x9, {0x5, 0x4, 0x0, 0x3d, 0xfff6, 0x65, 0x5, 0x1, 0x4, 0x3, @private=0xa010102, @local}}}}}}, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) setsockopt$MRT_ADD_MFC_PROXY(r2, 0x0, 0xd2, &(0x7f00000000c0)={@multicast1=0x1c, @empty=0xe0000300, 0x0, "8a79348df081496d0420922f45a71c1daa8b610468cd140526c41efcd3a4a422", 0x3, 0x1, 0x85}, 0x3c) 729.100071ms ago: executing program 4 (id=1550): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000180)={0x50, 0x0, r1, {0x7, 0x29, 0x0, 0xffffffff85000014, 0x5, 0x7, 0x0, 0x0, 0x0, 0x0, 0x1}}, 0x50) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x4b) syz_fuse_handle_req(r0, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006380)={0x20, 0x0, 0x0, {0x0, 0x8}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_fuse_handle_req(r0, &(0x7f00000067c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001b00", 0x2000, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='x\x00'], 0x0, 0x0, 0x0, 0x0}) getdents(r2, 0x0, 0x0) 641.979165ms ago: executing program 6 (id=1551): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0x2}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000100)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x18, 0x0, &(0x7f0000000280)=[@decrefs, @request_death={0x400c6313}], 0x0, 0x0, 0x0}) 426.453252ms ago: executing program 7 (id=1552): iopl(0x3) r0 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) close(r0) r2 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x1a1) fcntl$setlease(r2, 0x400, 0x1) execve(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) 184.198001ms ago: executing program 1 (id=1553): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x80801) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000140)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x0, &(0x7f0000000100), 0xc06620, 0x4) syz_clone(0x8d002240, 0x0, 0x0, 0x0, 0x0, 0x0) 103.125815ms ago: executing program 4 (id=1554): ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, 0xfffffffffffffffe) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x0) r0 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e20, @remote}}, 0x80, 0x0, 0x0, 0x0, 0x18}, 0x0) r1 = socket$inet(0x2, 0x5, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x7d, &(0x7f0000000000)=@assoc_value, &(0x7f0000000140)=0x8) 62.405759ms ago: executing program 6 (id=1555): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) writev(r0, &(0x7f0000000540)=[{&(0x7f0000000000)="89e7ee2c21fe62a3b47380c988ca", 0x4a}, {&(0x7f0000000040)="8fac99b31b6cf86d622f", 0x6}, {&(0x7f0000000080)="49dafdf0920cc0a52de279ab7ac1", 0xe}], 0x3) 0s ago: executing program 3 (id=1556): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64-generic\x00'}, 0x58) accept4(r0, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') getdents(r1, &(0x7f0000000ec0)=""/4096, 0x1000) kernel console output (not intermixed with test programs): 373.380645][ T7597] netlink: 4 bytes leftover after parsing attributes in process `syz.3.547'. [ 373.417896][ T7597] netlink: 4 bytes leftover after parsing attributes in process `syz.3.547'. [ 374.106838][ T6212] libceph: connect (1)[c::]:6789 error -101 [ 374.113345][ T6212] libceph: mon0 (1)[c::]:6789 connect error [ 374.127857][ T7605] netlink: 8 bytes leftover after parsing attributes in process `syz.2.551'. [ 374.180196][ T7600] ceph: No mds server is up or the cluster is laggy [ 374.353939][ T6212] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 374.570338][ T6212] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 374.582632][ T6212] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 374.592781][ T6212] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 374.606186][ T6212] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 374.615851][ T6212] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 374.695773][ T6212] usb 4-1: config 0 descriptor?? [ 375.182221][ T6212] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 375.910854][ T7629] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 375.925380][ T7629] gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 375.933616][ T7629] gretap1: entered promiscuous mode [ 375.939141][ T7629] gretap1: entered allmulticast mode [ 376.652964][ T7639] loop4: detected capacity change from 0 to 512 [ 376.674305][ T7639] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 376.728017][ T7639] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a043c11c, mo2=0002] [ 376.776760][ T7639] System zones: 1-12 [ 376.808526][ T7639] EXT4-fs error (device loop4): ext4_iget_extra_inode:5104: inode #15: comm syz.4.560: corrupted in-inode xattr: e_value size too large [ 376.907359][ T7639] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.560: couldn't read orphan inode 15 (err -117) [ 376.950548][ T7639] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 377.021594][ T7647] netlink: 'syz.0.563': attribute type 10 has an invalid length. [ 377.037882][ T7647] 8021q: adding VLAN 0 to HW filter on device bond0 [ 377.051591][ T7647] team0: Port device bond0 added [ 377.079514][ T7639] EXT4-fs warning (device loop4): dx_probe:801: inode #2: comm syz.4.560: Unrecognised inode hash code 4 [ 377.094108][ T7639] EXT4-fs warning (device loop4): dx_probe:934: inode #2: comm syz.4.560: Corrupt directory, running e2fsck is recommended [ 377.296601][ T5823] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 377.408667][ T6212] usb 4-1: USB disconnect, device number 5 [ 377.707805][ T42] IPVS: starting estimator thread 0... [ 377.824257][ T7658] IPVS: using max 240 ests per chain, 12000 per kthread [ 378.195340][ T7671] netlink: 24 bytes leftover after parsing attributes in process `syz.3.569'. [ 378.977499][ T7680] netlink: 'syz.4.575': attribute type 21 has an invalid length. [ 378.985827][ T7680] netlink: 132 bytes leftover after parsing attributes in process `syz.4.575'. [ 379.010260][ T7680] netlink: 28 bytes leftover after parsing attributes in process `syz.4.575'. [ 379.019614][ T7680] netlink: 'syz.4.575': attribute type 7 has an invalid length. [ 379.027634][ T7680] netlink: 'syz.4.575': attribute type 8 has an invalid length. [ 379.036158][ T7680] netlink: 4 bytes leftover after parsing attributes in process `syz.4.575'. [ 379.060275][ T7680] gretap0: entered promiscuous mode [ 379.075244][ T7680] batadv_slave_1: entered promiscuous mode [ 379.084309][ T7680] erspan0: entered promiscuous mode [ 379.813908][ T6212] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 379.997300][ T6212] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 380.008888][ T6212] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 380.019095][ T6212] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 380.028512][ T6212] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 380.087973][ T6212] usb 5-1: config 0 descriptor?? [ 380.253021][ T5438] libceph: connect (1)[c::]:6789 error -101 [ 380.259971][ T5438] libceph: mon0 (1)[c::]:6789 connect error [ 380.288148][ T7697] netlink: 4 bytes leftover after parsing attributes in process `syz.1.581'. [ 380.341602][ T7697] hsr_slave_1 (unregistering): left promiscuous mode [ 380.395658][ T7699] ceph: No mds server is up or the cluster is laggy [ 381.064695][ T30] audit: type=1800 audit(1754471779.686:145): pid=7716 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.587" name="bus" dev="overlay" ino=588 res=0 errno=0 [ 381.143900][ T6212] uclogic 0003:256C:006D.0004: interface is invalid, ignoring [ 381.349670][ T42] usb 5-1: USB disconnect, device number 3 [ 381.714838][ T7723] sctp: [Deprecated]: syz.0.590 (pid 7723) Use of int in max_burst socket option. [ 381.714838][ T7723] Use struct sctp_assoc_value instead [ 382.022633][ T7726] Illegal XDP return value 4294967274 on prog (id 83) dev syz_tun, expect packet loss! [ 383.485968][ T7755] bond0: (slave syz_tun): Releasing backup interface [ 384.043050][ T7762] geneve2: entered promiscuous mode [ 384.524113][ T7770] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 384.589783][ T7770] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 384.644689][ T7770] bond0 (unregistering): Released all slaves [ 384.829887][ T7780] netlink: 'syz.3.614': attribute type 1 has an invalid length. [ 384.901691][ T7780] bond1: entered promiscuous mode [ 384.911797][ T7780] 8021q: adding VLAN 0 to HW filter on device bond1 [ 384.963457][ T7783] netlink: 3 bytes leftover after parsing attributes in process `syz.3.614'. [ 384.993031][ T7783] batadv0: entered promiscuous mode [ 384.998694][ T7783] batadv0: entered allmulticast mode [ 385.015081][ T7783] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 385.030091][ T7783] bond1: (slave batadv0): making interface the new active one [ 385.042076][ T7783] bond1: (slave batadv0): Enslaving as an active interface with an up link [ 385.390061][ T7772] ceph: No mds server is up or the cluster is laggy [ 385.395435][ T7787] loop4: detected capacity change from 0 to 512 [ 385.424313][ T7787] EXT4-fs (loop4): blocks per group (34) and clusters per group (32768) inconsistent [ 385.587560][ T7790] binder: 7789:7790 ioctl c0306201 200000000640 returned -22 [ 386.762149][ T7803] loop4: detected capacity change from 0 to 32768 [ 386.926144][ T7803] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,journal_flush_delay=2013266920,journal_reclaim_delay=10,nojournal_transaction_names [ 386.926304][ T7803] allowing incompatible features above 0.0: (unknown version) [ 386.926396][ T7803] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 386.926512][ T7803] with devices loop4 [ 386.980533][ T7803] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): Using encoding defined by superblock: utf8-12.1.0 [ 386.991876][ T7803] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): initializing new filesystem [ 387.015831][ T7803] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): going read-write [ 387.087132][ T7803] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): marking superblocks [ 387.140546][ T7803] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): initializing freespace [ 387.174019][ T7803] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): done initializing freespace [ 387.196919][ T7803] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): reading snapshots table [ 387.206118][ T7803] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): reading snapshots done [ 387.291929][ T7803] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): done starting filesystem [ 387.649430][ T5823] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutting down [ 387.657861][ T5823] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): going read-only [ 387.666161][ T5823] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): finished waiting for writes to stop [ 387.753890][ T5823] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): flushing journal and stopping allocators, journal seq 3 [ 387.961415][ T5823] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): flushing journal and stopping allocators complete, journal seq 3 [ 388.053515][ T5823] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): clean shutdown complete, journal seq 4 [ 388.114762][ T5823] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): marking filesystem clean [ 388.173550][ T7831] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 388.297287][ T5823] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [ 390.621255][ T30] audit: type=1326 audit(1754471789.226:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7864 comm="syz.1.644" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f273498eb69 code=0x7ffc0000 [ 390.646674][ T30] audit: type=1326 audit(1754471789.236:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7864 comm="syz.1.644" exe="/root/syz-executor" sig=0 arch=c000003e syscall=122 compat=0 ip=0x7f273498eb69 code=0x7ffc0000 [ 390.670180][ T30] audit: type=1326 audit(1754471789.236:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7864 comm="syz.1.644" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f273498eb69 code=0x7ffc0000 [ 390.814750][ T7868] loop3: detected capacity change from 0 to 256 [ 392.142832][ T7887] loop4: detected capacity change from 0 to 16 [ 392.217242][ T7887] erofs (device loop4): rootino(nid 36) is not a directory(i_mode 26222) [ 392.597792][ T7883] loop3: detected capacity change from 0 to 32768 [ 392.600423][ T7883] XFS: ikeep mount option is deprecated. [ 392.689937][ T7883] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 392.908326][ T7883] XFS (loop3): Ending clean mount [ 392.918012][ T7883] XFS (loop3): Quotacheck needed: Please wait. [ 392.948575][ T7883] XFS (loop3): Quotacheck: Done. [ 393.139070][ T5817] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 395.128003][ T7918] loop1: detected capacity change from 0 to 40427 [ 395.198039][ T7918] F2FS-fs (loop1): invalid crc value [ 395.565341][ T7918] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 395.583814][ T7918] F2FS-fs (loop1): Start checkpoint disabled! [ 395.625676][ T7918] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 395.945415][ T7923] loop0: detected capacity change from 0 to 40427 [ 396.039996][ T7923] F2FS-fs (loop0): build fault injection rate: 14 [ 396.046857][ T7923] F2FS-fs (loop0): build fault injection type: 0x3bfe8c [ 396.071830][ T7923] F2FS-fs (loop0): invalid crc value [ 396.109647][ C1] F2FS-fs (loop0): inject read IO error in f2fs_read_end_io of bio_endio+0xe27/0xf80 [ 396.153423][ T74] kworker/u8:5: attempt to access beyond end of device [ 396.153423][ T74] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 396.155762][ C0] F2FS-fs (loop0): inject read IO error in f2fs_read_end_io of bio_endio+0xe27/0xf80 [ 396.169947][ T74] CPU: 1 UID: 0 PID: 74 Comm: kworker/u8:5 Not tainted 6.16.0-syzkaller-11845-ga530a36bb548 #0 PREEMPT(none) [ 396.170117][ T74] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 396.170276][ T74] Workqueue: writeback wb_workfn (flush-7:1) [ 396.170547][ T74] Call Trace: [ 396.170610][ T74] [ 396.170670][ T74] __dump_stack+0x26/0x30 [ 396.170879][ T74] dump_stack_lvl+0x1df/0x270 [ 396.171090][ T74] dump_stack+0x1e/0x25 [ 396.171277][ T74] f2fs_handle_critical_error+0xa6f/0xc20 [ 396.171522][ T74] f2fs_stop_checkpoint+0x65/0x80 [ 396.171715][ T74] f2fs_write_end_io+0x101c/0x1bc0 [ 396.171971][ T74] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 396.172171][ T74] bio_endio+0xe27/0xf80 [ 396.172396][ T74] submit_bio_noacct+0x214/0x2710 [ 396.172677][ T74] submit_bio+0x5a9/0x5d0 [ 396.172902][ T74] f2fs_submit_write_bio+0x92/0x250 [ 396.173087][ T74] __submit_merged_bio+0x16f/0x6a0 [ 396.173303][ T74] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 396.173511][ T74] __submit_merged_write_cond+0x458/0x9a0 [ 396.173743][ T74] f2fs_write_data_pages+0x4bb2/0x5480 [ 396.174044][ T74] ? kmsan_internal_poison_memory+0x4a/0xa0 [ 396.174349][ T74] ? kmem_cache_free+0x191/0xec0 [ 396.174561][ T74] ? kmsan_get_metadata+0xfb/0x160 [ 396.174740][ T74] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 396.174984][ T74] ? kmsan_get_metadata+0xfb/0x160 [ 396.175186][ T74] ? kmsan_get_metadata+0xfb/0x160 [ 396.175360][ T74] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 396.175545][ T74] ? kmsan_get_metadata+0xfb/0x160 [ 396.175741][ T74] ? kmsan_get_metadata+0xfb/0x160 [ 396.175920][ T74] ? kmsan_get_metadata+0xfb/0x160 [ 396.176101][ T74] ? kmsan_get_metadata+0xfb/0x160 [ 396.176286][ T74] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 396.176487][ T74] ? kmsan_get_metadata+0xfb/0x160 [ 396.176683][ T74] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 396.176883][ T74] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 396.177080][ T74] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 396.177272][ T74] do_writepages+0x3f2/0x860 [ 396.177428][ T74] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 396.177614][ T74] ? queue_io+0x741/0x790 [ 396.177759][ T74] ? kmsan_get_metadata+0xfb/0x160 [ 396.177962][ T74] __writeback_single_inode+0x101/0x1190 [ 396.178142][ T74] ? kmsan_get_metadata+0xfb/0x160 [ 396.178334][ T74] writeback_sb_inodes+0xac1/0x1cb0 [ 396.178605][ T74] ? kmsan_get_metadata+0xfb/0x160 [ 396.178836][ T74] wb_writeback+0x4ce/0xc00 [ 396.179013][ T74] ? queue_io+0x441/0x790 [ 396.179207][ T74] wb_workfn+0x397/0x1910 [ 396.179436][ T74] ? kmsan_get_metadata+0xfb/0x160 [ 396.179668][ T74] ? __pfx_wb_workfn+0x10/0x10 [ 396.179878][ T74] process_scheduled_works+0xb91/0x1d80 [ 396.180175][ T74] worker_thread+0xedf/0x1590 [ 396.180438][ T74] kthread+0xd59/0xf00 [ 396.180608][ T74] ? __pfx_worker_thread+0x10/0x10 [ 396.180851][ T74] ? __pfx_kthread+0x10/0x10 [ 396.181000][ T74] ret_from_fork+0x1e3/0x310 [ 396.181146][ T74] ? __pfx_kthread+0x10/0x10 [ 396.181294][ T74] ret_from_fork_asm+0x1a/0x30 [ 396.181517][ T74] [ 396.182779][ T74] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 396.792132][ T7923] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 396.801472][ T7923] F2FS-fs (loop0): inject page alloc in f2fs_grab_cache_folio of f2fs_get_tmp_folio+0x38/0x50 [ 396.824347][ T7923] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 396.971441][ T7923] F2FS-fs (loop0): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x831/0x19b0 [ 396.989363][ T7923] F2FS-fs (loop0): inject dquot initialize in f2fs_dquot_initialize of f2fs_mkdir+0xfa/0x900 [ 397.002747][ T7923] F2FS-fs (loop0): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x831/0x19b0 [ 397.017190][ T7923] F2FS-fs (loop0): inject no more block in inc_valid_block_count of f2fs_reserve_new_blocks+0x179/0xe70 [ 397.208242][ T5812] syz-executor: attempt to access beyond end of device [ 397.208242][ T5812] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 397.222737][ T5812] CPU: 1 UID: 0 PID: 5812 Comm: syz-executor Not tainted 6.16.0-syzkaller-11845-ga530a36bb548 #0 PREEMPT(none) [ 397.222878][ T5812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 397.222974][ T5812] Call Trace: [ 397.223024][ T5812] [ 397.223077][ T5812] __dump_stack+0x26/0x30 [ 397.223267][ T5812] dump_stack_lvl+0x1df/0x270 [ 397.223451][ T5812] dump_stack+0x1e/0x25 [ 397.223622][ T5812] f2fs_handle_critical_error+0xa6f/0xc20 [ 397.223823][ T5812] f2fs_stop_checkpoint+0x65/0x80 [ 397.223992][ T5812] f2fs_write_end_io+0x101c/0x1bc0 [ 397.224212][ T5812] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 397.224380][ T5812] bio_endio+0xe27/0xf80 [ 397.224558][ T5812] submit_bio_noacct+0x214/0x2710 [ 397.224789][ T5812] submit_bio+0x5a9/0x5d0 [ 397.224974][ T5812] f2fs_submit_write_bio+0x92/0x250 [ 397.225131][ T5812] __submit_merged_bio+0x16f/0x6a0 [ 397.225289][ T5812] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 397.225478][ T5812] __submit_merged_write_cond+0x458/0x9a0 [ 397.225685][ T5812] f2fs_write_data_pages+0x4bb2/0x5480 [ 397.226017][ T5812] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 397.226213][ T5812] ? __pfx_lru_cache_disable+0x1/0x10 [ 397.226403][ T5812] ? filter_irq_stacks+0x49/0x190 [ 397.226606][ T5812] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 397.226784][ T5812] ? stack_depot_save_flags+0x35/0x7b0 [ 397.226954][ T5812] ? kmsan_get_metadata+0xfb/0x160 [ 397.227167][ T5812] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 397.227435][ T5812] ? kmsan_get_metadata+0xfb/0x160 [ 397.227592][ T5812] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 397.227759][ T5812] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 397.227940][ T5812] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 397.228125][ T5812] do_writepages+0x3f2/0x860 [ 397.228272][ T5812] ? _raw_spin_unlock+0x30/0x50 [ 397.228452][ T5812] ? wbc_attach_and_unlock_inode+0x131/0x680 [ 397.228671][ T5812] filemap_fdatawrite+0x207/0x260 [ 397.228902][ T5812] f2fs_sync_dirty_inodes+0x2ab/0x9e0 [ 397.229144][ T5812] f2fs_write_checkpoint+0xfe2/0x2b00 [ 397.229486][ T5812] kill_f2fs_super+0x2ff/0x970 [ 397.229696][ T5812] ? __pfx_kill_f2fs_super+0x10/0x10 [ 397.229894][ T5812] deactivate_locked_super+0xcb/0x3c0 [ 397.230055][ T5812] deactivate_super+0x12f/0x140 [ 397.230205][ T5812] cleanup_mnt+0x6fb/0x780 [ 397.230374][ T5812] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 397.230589][ T5812] ? __pfx___cleanup_mnt+0x10/0x10 [ 397.230770][ T5812] __cleanup_mnt+0x22/0x30 [ 397.230934][ T5812] task_work_run+0x209/0x2b0 [ 397.231089][ T5812] exit_to_user_mode_loop+0x2a6/0x330 [ 397.231285][ T5812] do_syscall_64+0x1e3/0x210 [ 397.231429][ T5812] ? irqentry_exit+0x16/0x60 [ 397.231583][ T5812] ? clear_bhb_loop+0x40/0x90 [ 397.231755][ T5812] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 397.231918][ T5812] RIP: 0033:0x7faba7d8fe97 [ 397.232035][ T5812] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 397.232153][ T5812] RSP: 002b:00007fff581bbba8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 397.232335][ T5812] RAX: 0000000000000000 RBX: 00007faba7e11bdd RCX: 00007faba7d8fe97 [ 397.232432][ T5812] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff581bbc60 [ 397.232512][ T5812] RBP: 00007fff581bbc60 R08: 0000000000000000 R09: 0000000000000000 [ 397.232591][ T5812] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff581bccf0 [ 397.232682][ T5812] R13: 00007faba7e11bdd R14: 0000000000060ec3 R15: 00007fff581bcd30 [ 397.232801][ T5812] [ 397.580954][ T5812] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 397.591350][ T5812] CPU: 1 UID: 0 PID: 5812 Comm: syz-executor Not tainted 6.16.0-syzkaller-11845-ga530a36bb548 #0 PREEMPT(none) [ 397.591507][ T5812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 397.591590][ T5812] Call Trace: [ 397.591643][ T5812] [ 397.591695][ T5812] __dump_stack+0x26/0x30 [ 397.591881][ T5812] dump_stack_lvl+0x1df/0x270 [ 397.592069][ T5812] dump_stack+0x1e/0x25 [ 397.592239][ T5812] f2fs_handle_critical_error+0xa6f/0xc20 [ 397.592471][ T5812] f2fs_stop_checkpoint+0x65/0x80 [ 397.592672][ T5812] f2fs_write_end_io+0x101c/0x1bc0 [ 397.592899][ T5812] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 397.593102][ T5812] bio_endio+0xe27/0xf80 [ 397.593311][ T5812] submit_bio_noacct+0x214/0x2710 [ 397.593566][ T5812] submit_bio+0x5a9/0x5d0 [ 397.593769][ T5812] f2fs_submit_write_bio+0x92/0x250 [ 397.593943][ T5812] __submit_merged_bio+0x16f/0x6a0 [ 397.594108][ T5812] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 397.594310][ T5812] __submit_merged_write_cond+0x458/0x9a0 [ 397.594500][ T5812] f2fs_write_data_pages+0x4bb2/0x5480 [ 397.594842][ T5812] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 397.595017][ T5812] ? __pfx_lru_cache_disable+0x1/0x10 [ 397.595215][ T5812] ? filter_irq_stacks+0x49/0x190 [ 397.595425][ T5812] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 397.595618][ T5812] ? stack_depot_save_flags+0x35/0x7b0 [ 397.595793][ T5812] ? kmsan_get_metadata+0xfb/0x160 [ 397.595973][ T5812] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 397.596205][ T5812] ? kmsan_get_metadata+0xfb/0x160 [ 397.596367][ T5812] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 397.596537][ T5812] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 397.596723][ T5812] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 397.596903][ T5812] do_writepages+0x3f2/0x860 [ 397.597047][ T5812] ? _raw_spin_unlock+0x30/0x50 [ 397.597279][ T5812] ? wbc_attach_and_unlock_inode+0x131/0x680 [ 397.597532][ T5812] filemap_fdatawrite+0x207/0x260 [ 397.597782][ T5812] f2fs_sync_dirty_inodes+0x2ab/0x9e0 [ 397.597993][ T5812] f2fs_write_checkpoint+0xfe2/0x2b00 [ 397.598369][ T5812] kill_f2fs_super+0x2ff/0x970 [ 397.598578][ T5812] ? __pfx_kill_f2fs_super+0x10/0x10 [ 397.598769][ T5812] deactivate_locked_super+0xcb/0x3c0 [ 397.598942][ T5812] deactivate_super+0x12f/0x140 [ 397.599095][ T5812] cleanup_mnt+0x6fb/0x780 [ 397.599296][ T5812] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 397.599515][ T5812] ? __pfx___cleanup_mnt+0x10/0x10 [ 397.599691][ T5812] __cleanup_mnt+0x22/0x30 [ 397.599864][ T5812] task_work_run+0x209/0x2b0 [ 397.600024][ T5812] exit_to_user_mode_loop+0x2a6/0x330 [ 397.600191][ T5812] do_syscall_64+0x1e3/0x210 [ 397.600359][ T5812] ? irqentry_exit+0x16/0x60 [ 397.600486][ T5812] ? clear_bhb_loop+0x40/0x90 [ 397.600642][ T5812] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 397.600796][ T5812] RIP: 0033:0x7faba7d8fe97 [ 397.600905][ T5812] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 397.601026][ T5812] RSP: 002b:00007fff581bbba8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 397.601161][ T5812] RAX: 0000000000000000 RBX: 00007faba7e11bdd RCX: 00007faba7d8fe97 [ 397.601257][ T5812] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff581bbc60 [ 397.601345][ T5812] RBP: 00007fff581bbc60 R08: 0000000000000000 R09: 0000000000000000 [ 397.601433][ T5812] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff581bccf0 [ 397.601526][ T5812] R13: 00007faba7e11bdd R14: 0000000000060ec3 R15: 00007fff581bcd30 [ 397.601652][ T5812] [ 397.950568][ T5812] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 399.061264][ T5809] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 399.086490][ T5809] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 399.098331][ T5809] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 399.118971][ T5809] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 399.142626][ T5809] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 400.804273][ T7938] chnl_net:caif_netlink_parms(): no params data found [ 400.959710][ T7961] policy can only be matched on NF_INET_PRE_ROUTING [ 400.959808][ T7961] unable to load match [ 401.173589][ T5809] Bluetooth: hci2: command tx timeout [ 401.683714][ T7972] ipip0: entered promiscuous mode [ 401.897170][ T7974] loop3: detected capacity change from 0 to 2048 [ 402.165917][ T7938] bridge0: port 1(bridge_slave_0) entered blocking state [ 402.173670][ T7938] bridge0: port 1(bridge_slave_0) entered disabled state [ 402.181393][ T7938] bridge_slave_0: entered allmulticast mode [ 402.191116][ T7938] bridge_slave_0: entered promiscuous mode [ 402.285364][ T7938] bridge0: port 2(bridge_slave_1) entered blocking state [ 402.292930][ T7938] bridge0: port 2(bridge_slave_1) entered disabled state [ 402.300932][ T7938] bridge_slave_1: entered allmulticast mode [ 402.313831][ T7938] bridge_slave_1: entered promiscuous mode [ 402.541590][ T7938] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 402.571024][ T7938] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 402.779860][ T7938] team0: Port device team_slave_0 added [ 402.832906][ T7938] team0: Port device team_slave_1 added [ 403.135322][ T7938] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 403.142464][ T7938] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 403.169096][ T7938] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 403.254361][ T5809] Bluetooth: hci2: command tx timeout [ 403.263875][ T42] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 403.294624][ T7938] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 403.301767][ T7938] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 403.328276][ T7938] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 403.443695][ T42] usb 5-1: Using ep0 maxpacket: 32 [ 403.457110][ T42] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 403.468524][ T42] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 403.478233][ T42] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 403.534744][ T42] usb 5-1: config 0 descriptor?? [ 403.651359][ T7938] hsr_slave_0: entered promiscuous mode [ 403.663535][ T7938] hsr_slave_1: entered promiscuous mode [ 403.672329][ T7938] debugfs: 'hsr0' already exists in 'hsr' [ 403.678388][ T7938] Cannot create hsr debugfs directory [ 403.699155][ T7993] loop3: detected capacity change from 0 to 2048 [ 404.380219][ T7995] loop0: detected capacity change from 0 to 32768 [ 404.401312][ T42] hub 5-1:0.0: USB hub found [ 404.414797][ T42] hub 5-1:0.0: 1 port detected [ 404.482545][ T7995] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 404.834849][ T7995] XFS (loop0): Ending clean mount [ 405.014962][ T5812] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 405.118266][ T8014] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 405.151787][ T5867] usb 5-1: USB disconnect, device number 4 [ 405.332045][ T7938] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 405.341248][ T5809] Bluetooth: hci2: command tx timeout [ 406.110787][ T8019] loop1: detected capacity change from 0 to 32768 [ 406.122239][ T42] usb 5-1-port1: config error [ 406.156292][ T7938] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 406.181603][ T7938] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 406.229719][ T7938] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 406.263872][ T8019] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 406.524861][ T5807] (syz-executor,5807,0):ocfs2_inode_is_valid_to_delete:948 ERROR: Skipping delete of system file 72 [ 406.628635][ T5807] ocfs2: Unmounting device (7,1) on (node local) [ 407.028196][ T7938] 8021q: adding VLAN 0 to HW filter on device bond0 [ 407.157467][ T7938] 8021q: adding VLAN 0 to HW filter on device team0 [ 407.434148][ T5809] Bluetooth: hci2: command tx timeout [ 407.671797][ T7938] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 407.682793][ T7938] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 407.889940][ T8031] loop0: detected capacity change from 0 to 32768 [ 407.937784][ T1114] bridge0: port 1(bridge_slave_0) entered blocking state [ 407.945413][ T1114] bridge0: port 1(bridge_slave_0) entered forwarding state [ 407.964865][ T1114] bridge0: port 2(bridge_slave_1) entered blocking state [ 407.972385][ T1114] bridge0: port 2(bridge_slave_1) entered forwarding state [ 408.261993][ T8031] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names [ 408.262165][ T8031] allowing incompatible features above 0.0: (unknown version) [ 408.262257][ T8031] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 408.309693][ T8031] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0 [ 408.318227][ T8031] bcachefs (loop0): initializing new filesystem [ 408.335463][ T8031] bcachefs (loop0): going read-write [ 408.418538][ T8031] bcachefs (loop0): marking superblocks [ 408.478851][ T8031] bcachefs (loop0): initializing freespace [ 408.506450][ T8031] bcachefs (loop0): done initializing freespace [ 408.526061][ T8031] bcachefs (loop0): reading snapshots table [ 408.532382][ T8031] bcachefs (loop0): reading snapshots done [ 408.616222][ T8031] bcachefs (loop0): done starting filesystem [ 409.106947][ T8058] loop1: detected capacity change from 0 to 256 [ 409.121732][ T8058] vfat: Deprecated parameter 'posix' [ 409.128256][ T8058] FAT-fs: "posix" option is obsolete, not supported now [ 409.312531][ T5812] bcachefs (loop0): shutting down [ 409.325151][ T5812] bcachefs (loop0): going read-only [ 409.392967][ T5812] bcachefs (loop0): finished waiting for writes to stop [ 409.470449][ T5812] bcachefs (loop0): flushing journal and stopping allocators, journal seq 5 [ 409.807268][ T5812] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 5 [ 409.833063][ T7938] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 409.883794][ T5812] bcachefs (loop0): clean shutdown complete, journal seq 6 [ 409.898626][ T5812] bcachefs (loop0): marking filesystem clean [ 410.038172][ T5812] bcachefs (loop0): shutdown complete [ 410.634610][ T8073] loop1: detected capacity change from 0 to 2364 [ 411.660886][ T7938] veth0_vlan: entered promiscuous mode [ 411.755496][ T7938] veth1_vlan: entered promiscuous mode [ 412.011394][ T7938] veth0_macvtap: entered promiscuous mode [ 412.075506][ T7938] veth1_macvtap: entered promiscuous mode [ 412.270324][ T7938] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 412.344033][ T7938] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 412.417665][ T1156] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 412.440542][ T1156] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 412.462735][ T1156] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 412.472900][ T1156] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 414.018518][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 414.025833][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 417.660373][ T8169] loop3: detected capacity change from 0 to 40427 [ 417.676811][ T8169] F2FS-fs (loop3): Image doesn't support compression [ 417.683819][ T8169] F2FS-fs (loop3): build fault injection rate: 690 [ 417.693387][ T8169] F2FS-fs (loop3): invalid crc value [ 418.002245][ T8169] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 418.022380][ T8169] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 419.045189][ T8180] loop0: detected capacity change from 0 to 32768 [ 419.064226][ T8180] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.744 (8180) [ 419.140394][ T8180] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 419.154624][ T8180] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm [ 419.164113][ T8180] BTRFS info (device loop0): disk space caching is enabled [ 419.171516][ T8180] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 419.319438][ T8180] BTRFS info (device loop0): rebuilding free space tree [ 419.367445][ T8197] netlink: 24 bytes leftover after parsing attributes in process `syz.1.747'. [ 419.468034][ T8180] BTRFS info (device loop0): disabling free space tree [ 419.483439][ T8180] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 419.495427][ T8180] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 419.906037][ T5000] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 419.914900][ T5000] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 419.952753][ T1156] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 419.963349][ T1156] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 419.980180][ T5812] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 421.523768][ T5867] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 421.714909][ T5867] usb 2-1: Using ep0 maxpacket: 32 [ 421.775032][ T5867] usb 2-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c [ 421.785830][ T5867] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 421.794318][ T5867] usb 2-1: Product: syz [ 421.798693][ T5867] usb 2-1: Manufacturer: syz [ 421.804272][ T5867] usb 2-1: SerialNumber: syz [ 421.880496][ T5867] usb 2-1: config 0 descriptor?? [ 421.933501][ T5867] gspca_main: gspca_topro-2.14.0 probing 06a2:0003 [ 422.245131][ T8228] netlink: 24 bytes leftover after parsing attributes in process `syz.4.757'. [ 423.287636][ T8240] netlink: 4 bytes leftover after parsing attributes in process `syz.0.761'. [ 423.352585][ T5867] gspca_topro: Sensor cx0342 [ 423.580066][ T5867] usb 2-1: USB disconnect, device number 3 [ 424.994634][ T8269] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 426.196430][ T8296] Scaler: ================= START STATUS ================= [ 426.205811][ T8296] Scaler: ================== END STATUS ================== [ 427.330627][ T8314] syzkaller0: entered promiscuous mode [ 427.336549][ T8314] syzkaller0: entered allmulticast mode [ 428.556609][ T8333] loop4: detected capacity change from 0 to 4096 [ 428.641094][ T8334] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 428.704341][ T30] audit: type=1800 audit(1754471827.316:149): pid=8333 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.797" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 430.354860][ T8354] sctp: [Deprecated]: syz.1.805 (pid 8354) Use of struct sctp_assoc_value in delayed_ack socket option. [ 430.354860][ T8354] Use struct sctp_sack_info instead [ 430.670835][ T8349] loop0: detected capacity change from 0 to 40427 [ 430.688158][ T8349] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 430.696241][ T8349] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 430.770048][ T8349] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 431.200308][ T8349] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 431.354183][ T8349] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 431.361621][ T8349] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 434.382761][ T8385] tipc: Started in network mode [ 434.388353][ T8385] tipc: Node identity aaaaaaaaaa3b, cluster identity 4711 [ 434.397529][ T8385] tipc: Enabled bearer , priority 27 [ 435.268696][ T8394] netlink: 750 bytes leftover after parsing attributes in process `syz.1.819'. [ 435.554073][ T6212] tipc: Node number set to 9546410 [ 435.713669][ T8402] netlink: 4 bytes leftover after parsing attributes in process `syz.4.822'. [ 436.581491][ T8418] netlink: 28 bytes leftover after parsing attributes in process `syz.0.829'. [ 436.591115][ T8418] netlink: 'syz.0.829': attribute type 7 has an invalid length. [ 436.599831][ T8418] netlink: 'syz.0.829': attribute type 8 has an invalid length. [ 436.608271][ T8418] netlink: 4 bytes leftover after parsing attributes in process `syz.0.829'. [ 437.685395][ T8437] overlayfs: upper fs does not support tmpfile. [ 438.657864][ T8443] loop4: detected capacity change from 0 to 32768 [ 438.805523][ T8443] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names [ 438.805700][ T8443] allowing incompatible features above 0.0: (unknown version) [ 438.805843][ T8443] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 438.851528][ T8443] bcachefs (loop4): Using encoding defined by superblock: utf8-12.1.0 [ 438.860411][ T8443] bcachefs (loop4): initializing new filesystem [ 438.880885][ T8443] bcachefs (loop4): going read-write [ 438.905683][ T8443] bcachefs (loop4): marking superblocks [ 438.960981][ T8443] bcachefs (loop4): initializing freespace [ 438.996501][ T8443] bcachefs (loop4): done initializing freespace [ 439.016907][ T8443] bcachefs (loop4): reading snapshots table [ 439.023370][ T8443] bcachefs (loop4): reading snapshots done [ 439.129017][ T8443] bcachefs (loop4): done starting filesystem [ 439.411828][ T5823] bcachefs (loop4): shutting down [ 439.418499][ T5823] bcachefs (loop4): going read-only [ 439.424863][ T5823] bcachefs (loop4): finished waiting for writes to stop [ 439.487217][ T5823] bcachefs (loop4): flushing journal and stopping allocators, journal seq 3 [ 439.706476][ T5823] bcachefs (loop4): flushing journal and stopping allocators complete, journal seq 3 [ 439.780062][ T5823] bcachefs (loop4): clean shutdown complete, journal seq 4 [ 439.816219][ T5823] bcachefs (loop4): marking filesystem clean [ 439.948032][ T5823] bcachefs (loop4): shutdown complete [ 442.007530][ T8498] loop0: detected capacity change from 0 to 32768 [ 442.016862][ T8498] btrfs: Deprecated parameter 'usebackuproot' [ 442.023242][ T8498] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 442.035234][ T8498] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.856 (8498) [ 442.060539][ T8498] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 442.071144][ T8498] BTRFS info (device loop0): using crc32c (crc32c-lib) checksum algorithm [ 442.160773][ T1156] BTRFS warning (device loop0): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0 [ 442.174767][ T8498] BTRFS error (device loop0): failed to load root extent [ 442.182095][ T8498] BTRFS warning (device loop0): try to load backup roots slot 1 [ 442.203659][ T1156] BTRFS warning (device loop0): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0 [ 442.217345][ T8498] BTRFS warning (device loop0): couldn't read tree root [ 442.224830][ T8498] BTRFS warning (device loop0): try to load backup roots slot 2 [ 442.233676][ T1156] BTRFS error (device loop0): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 442.244608][ T8498] BTRFS warning (device loop0): couldn't read tree root [ 442.254624][ T8498] BTRFS warning (device loop0): try to load backup roots slot 3 [ 442.316439][ T8498] BTRFS info (device loop0): rebuilding free space tree [ 442.360026][ T8498] BTRFS info (device loop0): disabling free space tree [ 442.367398][ T8498] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 442.377479][ T8498] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 442.398474][ T8524] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 443.381391][ T5812] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 443.754896][ T8547] netlink: 240 bytes leftover after parsing attributes in process `syz.3.866'. [ 445.916345][ T8560] loop0: detected capacity change from 0 to 40427 [ 446.006453][ T8560] F2FS-fs (loop0): Image doesn't support compression [ 446.013896][ T8560] F2FS-fs (loop0): build fault injection rate: 690 [ 446.025172][ T8560] F2FS-fs (loop0): invalid crc value [ 446.377780][ T8560] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 446.404668][ T8560] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 446.635117][ T5812] syz-executor: attempt to access beyond end of device [ 446.635117][ T5812] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 446.653815][ T5812] CPU: 0 UID: 0 PID: 5812 Comm: syz-executor Not tainted 6.16.0-syzkaller-11845-ga530a36bb548 #0 PREEMPT(none) [ 446.653972][ T5812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 446.654054][ T5812] Call Trace: [ 446.654105][ T5812] [ 446.654158][ T5812] __dump_stack+0x26/0x30 [ 446.654332][ T5812] dump_stack_lvl+0x1df/0x270 [ 446.654525][ T5812] dump_stack+0x1e/0x25 [ 446.654692][ T5812] f2fs_handle_critical_error+0xa6f/0xc20 [ 446.654908][ T5812] f2fs_stop_checkpoint+0x65/0x80 [ 446.655083][ T5812] f2fs_write_end_io+0x101c/0x1bc0 [ 446.655315][ T5812] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 446.655500][ T5812] bio_endio+0xe27/0xf80 [ 446.655719][ T5812] submit_bio_noacct+0x214/0x2710 [ 446.655985][ T5812] submit_bio+0x5a9/0x5d0 [ 446.656198][ T5812] f2fs_submit_write_bio+0x92/0x250 [ 446.656370][ T5812] __submit_merged_bio+0x16f/0x6a0 [ 446.656554][ T5812] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 446.656740][ T5812] __submit_merged_write_cond+0x458/0x9a0 [ 446.656958][ T5812] f2fs_write_data_pages+0x4bb2/0x5480 [ 446.657256][ T5812] ? trace_pid_list_is_set+0x1a0/0x1f0 [ 446.657447][ T5812] ? __update_load_avg_cfs_rq+0xe9/0x1010 [ 446.657639][ T5812] ? __update_load_avg_se+0xa96/0x11c0 [ 446.657824][ T5812] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 446.658017][ T5812] ? kmsan_get_metadata+0xfb/0x160 [ 446.658195][ T5812] ? kmsan_get_metadata+0xfb/0x160 [ 446.658358][ T5812] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 446.658531][ T5812] ? kmsan_get_metadata+0xfb/0x160 [ 446.658719][ T5812] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 446.658882][ T5812] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 446.659063][ T5812] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 446.659231][ T5812] do_writepages+0x3f2/0x860 [ 446.659375][ T5812] ? _raw_spin_unlock+0x30/0x50 [ 446.659552][ T5812] ? wbc_attach_and_unlock_inode+0x131/0x680 [ 446.659756][ T5812] filemap_fdatawrite+0x207/0x260 [ 446.659985][ T5812] f2fs_sync_dirty_inodes+0x2ab/0x9e0 [ 446.660191][ T5812] f2fs_write_checkpoint+0xfe2/0x2b00 [ 446.660499][ T5812] kill_f2fs_super+0x2ff/0x970 [ 446.660698][ T5812] ? __pfx_kill_f2fs_super+0x10/0x10 [ 446.660881][ T5812] deactivate_locked_super+0xcb/0x3c0 [ 446.661042][ T5812] deactivate_super+0x12f/0x140 [ 446.661187][ T5812] cleanup_mnt+0x6fb/0x780 [ 446.661359][ T5812] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 446.661583][ T5812] ? __pfx___cleanup_mnt+0x10/0x10 [ 446.661759][ T5812] __cleanup_mnt+0x22/0x30 [ 446.661934][ T5812] task_work_run+0x209/0x2b0 [ 446.662096][ T5812] exit_to_user_mode_loop+0x2a6/0x330 [ 446.662283][ T5812] do_syscall_64+0x1e3/0x210 [ 446.662443][ T5812] ? irqentry_exit+0x16/0x60 [ 446.662573][ T5812] ? clear_bhb_loop+0x40/0x90 [ 446.662730][ T5812] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 446.662890][ T5812] RIP: 0033:0x7faba7d8fe97 [ 446.662998][ T5812] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 446.663123][ T5812] RSP: 002b:00007fff581bbba8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 446.663255][ T5812] RAX: 0000000000000000 RBX: 00007faba7e11bdd RCX: 00007faba7d8fe97 [ 446.663354][ T5812] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff581bbc60 [ 446.663453][ T5812] RBP: 00007fff581bbc60 R08: 0000000000000000 R09: 0000000000000000 [ 446.663550][ T5812] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff581bccf0 [ 446.663640][ T5812] R13: 00007faba7e11bdd R14: 000000000006cff2 R15: 00007fff581bcd30 [ 446.663770][ T5812] [ 447.015007][ T5812] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 448.301928][ T8576] loop3: detected capacity change from 0 to 32768 [ 448.785112][ T8576] JBD2: Ignoring recovery information on journal [ 449.036920][ T8576] ocfs2: Mounting device (7,3) on (node local, slot 0) with writeback data mode. [ 449.595202][ T8583] loop4: detected capacity change from 0 to 32768 [ 449.639490][ T8583] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.881 (8583) [ 449.712459][ T8583] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 449.727014][ T8583] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm [ 449.737576][ T8583] BTRFS info (device loop4): using free-space-tree [ 449.786740][ T5817] ocfs2: Unmounting device (7,3) on (node local) [ 450.395956][ T5823] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 450.864859][ T6212] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 451.081911][ T6212] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 451.093577][ T6212] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 451.103756][ T6212] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 451.113035][ T6212] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 451.243575][ T6212] usb 2-1: config 0 descriptor?? [ 451.794684][ T6212] cp2112 0003:10C4:EA90.0005: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.1-1/input0 [ 451.957201][ T6212] cp2112 0003:10C4:EA90.0005: Part Number: 0x00 Device Version: 0x00 [ 452.533867][ T8633] loop4: detected capacity change from 0 to 512 [ 452.601306][ T6212] cp2112 0003:10C4:EA90.0005: error reading lock byte: -71 [ 452.625269][ T6212] usb 2-1: USB disconnect, device number 4 [ 452.747924][ T8633] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 452.761141][ T8633] ext4 filesystem being mounted at /163/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 453.112455][ T5823] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 453.554143][ T8652] tipc: Enabling of bearer rejected, failed to enable media [ 454.064204][ T6212] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 454.366708][ T6212] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 454.379439][ T6212] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 454.391162][ T6212] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 454.402824][ T6212] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 454.416347][ T6212] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 454.425799][ T6212] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 454.628352][ T8667] netlink: 24 bytes leftover after parsing attributes in process `syz.4.909'. [ 454.757063][ T8661] loop0: detected capacity change from 0 to 32768 [ 454.804622][ T6212] usb 6-1: config 0 descriptor?? [ 454.812921][ T8656] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 455.002265][ T8661] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names [ 455.002417][ T8661] allowing incompatible features above 0.0: (unknown version) [ 455.002490][ T8661] features: lz4 [ 455.037851][ T8661] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0 [ 455.050043][ T8661] bcachefs (loop0): initializing new filesystem [ 455.069854][ T8661] bcachefs (loop0): going read-write [ 455.097942][ T8661] bcachefs (loop0): marking superblocks [ 455.202913][ T8661] bcachefs (loop0): initializing freespace [ 455.237085][ T8661] bcachefs (loop0): done initializing freespace [ 455.274524][ T8661] bcachefs (loop0): reading snapshots table [ 455.280794][ T8661] bcachefs (loop0): reading snapshots done [ 455.335599][ T6212] plantronics 0003:047F:FFFF.0006: reserved main item tag 0xd [ 455.382270][ T8661] bcachefs (loop0): done starting filesystem [ 455.526524][ T6212] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 455.638733][ T5867] usb 6-1: USB disconnect, device number 2 [ 456.006927][ T5812] bcachefs (loop0): shutting down [ 456.012377][ T5812] bcachefs (loop0): going read-only [ 456.050022][ T5812] bcachefs (loop0): finished waiting for writes to stop [ 456.154546][ T5812] bcachefs (loop0): flushing journal and stopping allocators, journal seq 3 [ 456.473994][ T5812] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 3 [ 456.606584][ T5812] bcachefs (loop0): clean shutdown complete, journal seq 4 [ 456.663912][ T5812] bcachefs (loop0): marking filesystem clean [ 456.768937][ T8686] loop4: detected capacity change from 0 to 40427 [ 456.784035][ T8686] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 456.795338][ T8686] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 456.862603][ T5812] bcachefs (loop0): shutdown complete [ 456.884625][ T8686] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 457.177874][ T8686] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 457.200887][ T8686] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 457.208325][ T8686] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 457.349058][ T8686] syz.4.912: attempt to access beyond end of device [ 457.349058][ T8686] loop4: rw=2049, sector=77824, nr_sectors = 520 limit=40427 [ 460.157178][ T8725] batadv_slave_1: entered promiscuous mode [ 460.212696][ T8725] lo: entered promiscuous mode [ 460.231094][ T8724] lo: left promiscuous mode [ 460.237650][ T8724] batadv_slave_1: left promiscuous mode [ 460.940854][ T8729] netlink: 'syz.3.929': attribute type 1 has an invalid length. [ 461.059230][ T8729] 8021q: adding VLAN 0 to HW filter on device bond2 [ 461.356597][ T8729] bond2: (slave gretap1): making interface the new active one [ 461.369805][ T8729] bond2: (slave gretap1): Enslaving as an active interface with an up link [ 461.660345][ T8738] netlink: 168 bytes leftover after parsing attributes in process `syz.5.931'. [ 463.883068][ C1] vcan0: j1939_tp_rxtimer: 0xffff88804d216600: rx timeout, send abort [ 463.893612][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88804d216600: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session. [ 466.647191][ T8806] netlink: 8 bytes leftover after parsing attributes in process `syz.4.962'. [ 466.754634][ T8802] loop3: detected capacity change from 0 to 2048 [ 466.894225][ T8802] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 466.953889][ T8802] ext4 filesystem being mounted at /210/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 467.108364][ T30] audit: type=1800 audit(1754471865.726:150): pid=8802 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.960" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 467.386221][ T5817] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 469.082556][ T8841] netlink: 12 bytes leftover after parsing attributes in process `syz.1.973'. [ 469.298708][ T8848] loop3: detected capacity change from 0 to 64 [ 469.306438][ T8844] fuse: root generation should be zero [ 469.443712][ T8845] loop4: detected capacity change from 0 to 2048 [ 469.529117][ T8845] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 469.637854][ T8854] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 470.635833][ T8864] netlink: 24 bytes leftover after parsing attributes in process `syz.3.979'. [ 470.683571][ T8862] loop5: detected capacity change from 0 to 32768 [ 470.692621][ T8862] XFS: ikeep mount option is deprecated. [ 470.792861][ T8862] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 471.093880][ T5819] Bluetooth: hci0: command 0x0406 tx timeout [ 471.343437][ T8862] XFS (loop5): Ending clean mount [ 471.357099][ T8862] XFS (loop5): Quotacheck needed: Please wait. [ 471.400576][ T8862] XFS (loop5): Quotacheck: Done. [ 471.616626][ T7938] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 474.067633][ T8901] loop3: detected capacity change from 0 to 1024 [ 474.161171][ T8901] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 475.037782][ T8907] netlink: 'syz.3.994': attribute type 39 has an invalid length. [ 475.451162][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 475.458478][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 475.885378][ T5809] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 475.915965][ T5809] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 475.939347][ T5809] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 475.957203][ T5809] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 475.971747][ T5809] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 476.951755][ T8932] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1002'. [ 477.820785][ T8934] loop3: detected capacity change from 0 to 40427 [ 477.904120][ T8934] F2FS-fs (loop3): build fault injection rate: 14 [ 477.910779][ T8934] F2FS-fs (loop3): build fault injection type: 0x3bfe8c [ 477.941166][ T8934] F2FS-fs (loop3): invalid crc value [ 478.054737][ C1] F2FS-fs (loop3): inject read IO error in f2fs_read_end_io of bio_endio+0xe27/0xf80 [ 478.066394][ T5819] Bluetooth: hci1: command tx timeout [ 478.102965][ C0] F2FS-fs (loop3): inject read IO error in f2fs_read_end_io of bio_endio+0xe27/0xf80 [ 478.397921][ T8917] chnl_net:caif_netlink_parms(): no params data found [ 478.424181][ T8934] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 478.433429][ T8934] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of f2fs_get_tmp_folio+0x38/0x50 [ 478.463483][ T8934] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 478.480740][ T8934] F2FS-fs (loop3): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x831/0x19b0 [ 478.516040][ T8934] F2FS-fs (loop3): inject dquot initialize in f2fs_dquot_initialize of f2fs_mkdir+0xfa/0x900 [ 478.528613][ T8934] F2FS-fs (loop3): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x831/0x19b0 [ 478.543540][ T8934] F2FS-fs (loop3): inject checkpoint error in f2fs_balance_fs of f2fs_mkdir+0x84e/0x900 [ 478.553809][ T8934] CPU: 0 UID: 0 PID: 8934 Comm: syz.3.1001 Not tainted 6.16.0-syzkaller-11845-ga530a36bb548 #0 PREEMPT(none) [ 478.553965][ T8934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 478.554048][ T8934] Call Trace: [ 478.554101][ T8934] [ 478.554159][ T8934] __dump_stack+0x26/0x30 [ 478.554337][ T8934] dump_stack_lvl+0x1df/0x270 [ 478.554527][ T8934] dump_stack+0x1e/0x25 [ 478.554689][ T8934] f2fs_handle_critical_error+0xa6f/0xc20 [ 478.554914][ T8934] f2fs_stop_checkpoint+0x65/0x80 [ 478.555096][ T8934] f2fs_balance_fs+0x6f9/0x940 [ 478.555269][ T8934] ? f2fs_mkdir+0x84e/0x900 [ 478.555456][ T8934] ? kmsan_get_metadata+0xfb/0x160 [ 478.555641][ T8934] f2fs_mkdir+0x84e/0x900 [ 478.555848][ T8934] ? __pfx_f2fs_mkdir+0x10/0x10 [ 478.556034][ T8934] vfs_mkdir+0x4ea/0x850 [ 478.556226][ T8934] do_mkdirat+0x41a/0xf30 [ 478.556415][ T8934] __x64_sys_mkdirat+0xc1/0x140 [ 478.556599][ T8934] x64_sys_call+0x338/0x3e20 [ 478.556798][ T8934] do_syscall_64+0xd9/0x210 [ 478.556964][ T8934] ? irqentry_exit+0x16/0x60 [ 478.557102][ T8934] ? clear_bhb_loop+0x40/0x90 [ 478.557270][ T8934] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 478.557433][ T8934] RIP: 0033:0x7fc6bad8eb69 [ 478.557539][ T8934] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 478.557669][ T8934] RSP: 002b:00007fc6bbcaf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 478.557820][ T8934] RAX: ffffffffffffffda RBX: 00007fc6bafb5fa0 RCX: 00007fc6bad8eb69 [ 478.557925][ T8934] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 478.558024][ T8934] RBP: 00007fc6bae11df1 R08: 0000000000000000 R09: 0000000000000000 [ 478.558114][ T8934] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 478.558213][ T8934] R13: 0000000000000000 R14: 00007fc6bafb5fa0 R15: 00007ffc731e7d48 [ 478.558348][ T8934] [ 478.558405][ T8934] F2FS-fs (loop3): Stopped filesystem due to reason: 1 [ 478.848271][ T8961] netlink: 'syz.4.1008': attribute type 12 has an invalid length. [ 479.573342][ T8971] block device autoloading is deprecated and will be removed. [ 480.069563][ T8917] bridge0: port 1(bridge_slave_0) entered blocking state [ 480.077486][ T8917] bridge0: port 1(bridge_slave_0) entered disabled state [ 480.085421][ T8917] bridge_slave_0: entered allmulticast mode [ 480.095350][ T8917] bridge_slave_0: entered promiscuous mode [ 480.131367][ T8917] bridge0: port 2(bridge_slave_1) entered blocking state [ 480.144081][ T5819] Bluetooth: hci1: command tx timeout [ 480.144723][ T8917] bridge0: port 2(bridge_slave_1) entered disabled state [ 480.157416][ T8917] bridge_slave_1: entered allmulticast mode [ 480.167618][ T8917] bridge_slave_1: entered promiscuous mode [ 480.253636][ T6212] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 480.381459][ T8917] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 480.464539][ T8917] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 480.486815][ T6212] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 480.497463][ T6212] usb 6-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 480.506859][ T6212] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 480.638365][ T6212] usb 6-1: config 0 descriptor?? [ 480.684697][ T6212] pwc: Askey VC010 type 2 USB webcam detected. [ 480.871401][ T8917] team0: Port device team_slave_0 added [ 480.928897][ T8917] team0: Port device team_slave_1 added [ 481.102071][ T6212] pwc: recv_control_msg error -32 req 02 val 2b00 [ 481.123925][ T6212] pwc: recv_control_msg error -32 req 02 val 2700 [ 481.132990][ T6212] pwc: recv_control_msg error -32 req 02 val 2c00 [ 481.186582][ T6212] pwc: recv_control_msg error -32 req 04 val 1000 [ 481.248879][ T8917] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 481.257002][ T8917] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 481.288369][ T8917] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 481.377537][ T8985] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1017'. [ 481.387228][ T8985] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1017'. [ 481.410135][ T6212] pwc: recv_control_msg error -32 req 04 val 1400 [ 481.421951][ T6212] pwc: recv_control_msg error -71 req 02 val 2000 [ 481.430106][ T6212] pwc: recv_control_msg error -71 req 02 val 2100 [ 481.443037][ T8917] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 481.450316][ T8917] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 481.481324][ T8917] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 481.499744][ T6212] pwc: recv_control_msg error -71 req 04 val 1500 [ 481.523890][ T6212] pwc: recv_control_msg error -71 req 02 val 2500 [ 481.544672][ T6212] pwc: recv_control_msg error -71 req 02 val 2400 [ 481.553832][ T6212] pwc: recv_control_msg error -71 req 02 val 2600 [ 481.573797][ T6212] pwc: recv_control_msg error -71 req 02 val 2900 [ 481.603778][ T6212] pwc: recv_control_msg error -71 req 02 val 2800 [ 481.626373][ T6212] pwc: recv_control_msg error -71 req 04 val 1100 [ 481.653955][ T6212] pwc: recv_control_msg error -71 req 04 val 1200 [ 481.679813][ T6212] pwc: Registered as video103. [ 481.687469][ T6212] input: PWC snapshot button as /devices/platform/dummy_hcd.5/usb6/6-1/input/input8 [ 481.782350][ T6212] usb 6-1: USB disconnect, device number 3 [ 481.929193][ T8917] hsr_slave_0: entered promiscuous mode [ 481.948691][ T8917] hsr_slave_1: entered promiscuous mode [ 481.957795][ T8917] debugfs: 'hsr0' already exists in 'hsr' [ 481.963818][ T8917] Cannot create hsr debugfs directory [ 482.223683][ T5819] Bluetooth: hci1: command tx timeout [ 482.713868][ T8917] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 482.743963][ T8917] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 482.785370][ T8917] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 482.795016][ T1878] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 482.915969][ T8917] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 483.001004][ T1878] usb 6-1: config 0 has too many interfaces: 204, using maximum allowed: 32 [ 483.012873][ T1878] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 483.024237][ T1878] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 204 [ 483.033873][ T1878] usb 6-1: New USB device found, idVendor=28bd, idProduct=0909, bcdDevice= 0.00 [ 483.034491][ T9001] warning: `syz.4.1024' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 483.043530][ T1878] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 483.087349][ T1878] usb 6-1: config 0 descriptor?? [ 483.324639][ T9005] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1025'. [ 483.532343][ T24] usb 6-1: USB disconnect, device number 4 [ 484.295068][ T5819] Bluetooth: hci1: command tx timeout [ 484.424072][ T8917] 8021q: adding VLAN 0 to HW filter on device bond0 [ 484.557232][ T8917] 8021q: adding VLAN 0 to HW filter on device team0 [ 484.648656][ T1142] bridge0: port 1(bridge_slave_0) entered blocking state [ 484.656293][ T1142] bridge0: port 1(bridge_slave_0) entered forwarding state [ 484.754892][ T1142] bridge0: port 2(bridge_slave_1) entered blocking state [ 484.762511][ T1142] bridge0: port 2(bridge_slave_1) entered forwarding state [ 485.578852][ T9035] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1036'. [ 486.811846][ T8917] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 487.873362][ T24] IPVS: starting estimator thread 0... [ 487.984708][ T9068] IPVS: using max 240 ests per chain, 12000 per kthread [ 488.677441][ T9065] loop5: detected capacity change from 0 to 40427 [ 488.691292][ T9065] F2FS-fs (loop5): build fault injection rate: 14 [ 488.698146][ T9065] F2FS-fs (loop5): build fault injection type: 0x3bfe8c [ 488.708745][ T9065] F2FS-fs (loop5): invalid crc value [ 489.688726][ C0] F2FS-fs (loop5): inject read IO error in f2fs_read_end_io of bio_endio+0xe27/0xf80 [ 489.734006][ C0] F2FS-fs (loop5): inject read IO error in f2fs_read_end_io of bio_endio+0xe27/0xf80 [ 490.086982][ T9065] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 490.096448][ T9065] F2FS-fs (loop5): inject page alloc in f2fs_grab_cache_folio of f2fs_get_tmp_folio+0x38/0x50 [ 490.160178][ T9065] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 490.239191][ T9065] F2FS-fs (loop5): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x831/0x19b0 [ 490.287157][ T9065] F2FS-fs (loop5): inject dquot initialize in f2fs_dquot_initialize of f2fs_create+0x169/0xa10 [ 490.326189][ T9065] F2FS-fs (loop5): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x831/0x19b0 [ 490.355236][ T9065] F2FS-fs (loop5): inject inconsistent footer in sanity_check_node_footer of f2fs_get_dnode_of_data+0x129f/0x2fc0 [ 490.368098][ T9065] F2FS-fs (loop5): inconsistent node block, node_type:0, nid:16, node_footer[nid:16,ino:3,ofs:431431,cpver:0,blkaddr:0] [ 490.424715][ T9065] F2FS-fs (loop5): inject dquot initialize in f2fs_dquot_initialize of f2fs_new_inode+0x945/0x1e20 [ 490.552599][ T7938] syz-executor: attempt to access beyond end of device [ 490.552599][ T7938] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 490.568087][ T7938] CPU: 1 UID: 0 PID: 7938 Comm: syz-executor Not tainted 6.16.0-syzkaller-11845-ga530a36bb548 #0 PREEMPT(none) [ 490.568260][ T7938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 490.568341][ T7938] Call Trace: [ 490.568394][ T7938] [ 490.568441][ T7938] __dump_stack+0x26/0x30 [ 490.568616][ T7938] dump_stack_lvl+0x1df/0x270 [ 490.568801][ T7938] dump_stack+0x1e/0x25 [ 490.568972][ T7938] f2fs_handle_critical_error+0xa6f/0xc20 [ 490.569190][ T7938] f2fs_stop_checkpoint+0x65/0x80 [ 490.569364][ T7938] f2fs_write_end_io+0x101c/0x1bc0 [ 490.569613][ T7938] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 490.569804][ T7938] bio_endio+0xe27/0xf80 [ 490.570006][ T7938] submit_bio_noacct+0x214/0x2710 [ 490.570265][ T7938] submit_bio+0x5a9/0x5d0 [ 490.570474][ T7938] f2fs_submit_write_bio+0x92/0x250 [ 490.570645][ T7938] __submit_merged_bio+0x16f/0x6a0 [ 490.570807][ T7938] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 490.570997][ T7938] __submit_merged_write_cond+0x458/0x9a0 [ 490.571211][ T7938] f2fs_write_data_pages+0x4bb2/0x5480 [ 490.571542][ T7938] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 490.571716][ T7938] ? __pfx_lru_cache_disable+0x1/0x10 [ 490.571913][ T7938] ? filter_irq_stacks+0x49/0x190 [ 490.572120][ T7938] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 490.572296][ T7938] ? stack_depot_save_flags+0x35/0x7b0 [ 490.572467][ T7938] ? kmsan_get_metadata+0xfb/0x160 [ 490.572644][ T7938] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 490.572893][ T7938] ? kmsan_get_metadata+0xfb/0x160 [ 490.573056][ T7938] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 490.573213][ T7938] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 490.573379][ T7938] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 490.573546][ T7938] do_writepages+0x3f2/0x860 [ 490.573688][ T7938] ? _raw_spin_unlock+0x30/0x50 [ 490.573855][ T7938] ? wbc_attach_and_unlock_inode+0x131/0x680 [ 490.574065][ T7938] filemap_fdatawrite+0x207/0x260 [ 490.574324][ T7938] f2fs_sync_dirty_inodes+0x2ab/0x9e0 [ 490.574555][ T7938] f2fs_write_checkpoint+0xfe2/0x2b00 [ 490.574854][ T7938] kill_f2fs_super+0x2ff/0x970 [ 490.575076][ T7938] ? __pfx_kill_f2fs_super+0x10/0x10 [ 490.575258][ T7938] deactivate_locked_super+0xcb/0x3c0 [ 490.575415][ T7938] deactivate_super+0x12f/0x140 [ 490.575566][ T7938] cleanup_mnt+0x6fb/0x780 [ 490.575770][ T7938] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 490.576009][ T7938] ? __pfx___cleanup_mnt+0x10/0x10 [ 490.576207][ T7938] __cleanup_mnt+0x22/0x30 [ 490.576397][ T7938] task_work_run+0x209/0x2b0 [ 490.576574][ T7938] exit_to_user_mode_loop+0x2a6/0x330 [ 490.576758][ T7938] do_syscall_64+0x1e3/0x210 [ 490.576934][ T7938] ? irqentry_exit+0x16/0x60 [ 490.577064][ T7938] ? clear_bhb_loop+0x40/0x90 [ 490.577217][ T7938] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 490.577369][ T7938] RIP: 0033:0x7f3f57d8fe97 [ 490.577476][ T7938] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 490.577596][ T7938] RSP: 002b:00007fff2add5798 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 490.577732][ T7938] RAX: 0000000000000000 RBX: 00007f3f57e11bdd RCX: 00007f3f57d8fe97 [ 490.577827][ T7938] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff2add5850 [ 490.577921][ T7938] RBP: 00007fff2add5850 R08: 0000000000000000 R09: 0000000000000000 [ 490.578007][ T7938] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff2add68e0 [ 490.578100][ T7938] R13: 00007f3f57e11bdd R14: 0000000000077bc9 R15: 00007fff2add6920 [ 490.578230][ T7938] [ 490.958434][ T7938] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 491.069866][ T9086] loop3: detected capacity change from 0 to 512 [ 491.083015][ T8917] veth0_vlan: entered promiscuous mode [ 491.255642][ T8917] veth1_vlan: entered promiscuous mode [ 491.356518][ T8917] veth0_macvtap: entered promiscuous mode [ 491.379939][ T8917] veth1_macvtap: entered promiscuous mode [ 491.541581][ T8917] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 491.600409][ T8917] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 491.658913][ T1114] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 491.688590][ T1114] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 491.723797][ T1114] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 491.733792][ T8859] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 491.744401][ T30] audit: type=1326 audit(1754471890.316:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9089 comm="syz.1.1053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f273498eb69 code=0x7fc00000 [ 491.770983][ T30] audit: type=1326 audit(1754471890.316:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9089 comm="syz.1.1053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f273498eb69 code=0x7fc00000 [ 491.793950][ T30] audit: type=1326 audit(1754471890.386:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9089 comm="syz.1.1053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f273498eb69 code=0x7fc00000 [ 491.868660][ T9086] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 491.882645][ T9086] ext4 filesystem being mounted at /231/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 491.992386][ T30] audit: type=1326 audit(1754471890.446:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9089 comm="syz.1.1053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f273498eb69 code=0x7fc00000 [ 492.019117][ T30] audit: type=1326 audit(1754471890.446:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9089 comm="syz.1.1053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f273498eb69 code=0x7fc00000 [ 492.194120][ T1878] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 492.360018][ T30] audit: type=1326 audit(1754471890.976:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9089 comm="syz.1.1053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f273498eb69 code=0x7fc00000 [ 492.439364][ T1878] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 492.451467][ T1878] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 492.465120][ T1878] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 492.476927][ T1878] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 492.490249][ T1878] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 492.499818][ T1878] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 492.608719][ T1878] usb 5-1: config 0 descriptor?? [ 492.624382][ T9097] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 492.695783][ T5817] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 493.135172][ T1878] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 493.148579][ T1878] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 493.159138][ T1878] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 493.166938][ T1878] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 493.174805][ T1878] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 493.312455][ T1878] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 494.032687][ T9115] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1058'. [ 494.132196][ T9115] 8021q: adding VLAN 0 to HW filter on device bond3 [ 494.342568][ T9115] vlan2: entered allmulticast mode [ 494.348014][ T9115] bond3: entered allmulticast mode [ 494.597166][ T9122] loop5: detected capacity change from 0 to 1024 [ 494.855086][ T9122] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=4284479424 (8568958848 ns) > initial count (3416987714 ns). Using initial count to start timer. [ 495.281411][ T5867] usb 5-1: USB disconnect, device number 5 [ 496.665973][ T9149] netlink: 'syz.3.1069': attribute type 10 has an invalid length. [ 496.781609][ T9149] team0: Port device dummy0 added [ 496.885987][ T9152] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1071'. [ 496.921334][ T9156] netlink: 14544 bytes leftover after parsing attributes in process `syz.4.1072'. [ 498.104966][ T8858] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 498.113022][ T8858] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 498.216148][ T8856] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 498.224846][ T8856] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 498.653714][ T1878] usb 6-1: new low-speed USB device number 5 using dummy_hcd [ 498.889053][ T1878] usb 6-1: config 0 has no interfaces? [ 498.897359][ T1878] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 498.906821][ T1878] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 498.965803][ T1878] usb 6-1: config 0 descriptor?? [ 499.708003][ T9191] netlink: 2048 bytes leftover after parsing attributes in process `syz.6.1084'. [ 499.717761][ T9191] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1084'. [ 500.013711][ T9195] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1085'. [ 500.178140][ T9197] fuse: Bad value for 'fd' [ 501.343531][ T1878] usb 6-1: USB disconnect, device number 5 [ 502.333501][ T30] audit: type=1326 audit(1754471900.946:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9225 comm="syz.1.1097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f273498eb69 code=0x7ffc0000 [ 502.360570][ T30] audit: type=1326 audit(1754471900.946:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9225 comm="syz.1.1097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=161 compat=0 ip=0x7f273498eb69 code=0x7ffc0000 [ 502.385053][ T30] audit: type=1326 audit(1754471900.946:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9225 comm="syz.1.1097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f273498eb69 code=0x7ffc0000 [ 502.407865][ T30] audit: type=1326 audit(1754471900.946:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9225 comm="syz.1.1097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7f273498eb69 code=0x7ffc0000 [ 502.430646][ T30] audit: type=1326 audit(1754471900.956:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9225 comm="syz.1.1097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f273498eb69 code=0x7ffc0000 [ 502.453850][ T30] audit: type=1326 audit(1754471900.956:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9225 comm="syz.1.1097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=429 compat=0 ip=0x7f273498eb69 code=0x7ffc0000 [ 502.480547][ T30] audit: type=1326 audit(1754471900.956:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9225 comm="syz.1.1097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f273498eb69 code=0x7ffc0000 [ 502.504770][ T30] audit: type=1326 audit(1754471900.956:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9225 comm="syz.1.1097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=155 compat=0 ip=0x7f273498eb69 code=0x7ffc0000 [ 502.527537][ T30] audit: type=1326 audit(1754471900.956:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9225 comm="syz.1.1097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f273498eb69 code=0x7ffc0000 [ 502.738866][ T9233] tipc: Failed to remove unknown binding: 66,3,3/0:1099522931/1099522932 [ 503.052061][ T9239] loop4: detected capacity change from 0 to 256 [ 503.123827][ T9239] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x99a53d99, utbl_chksum : 0xe619d30d) [ 503.172001][ T9239] exFAT-fs (loop4): valid_size(150994954) is greater than size(10) [ 503.189097][ T30] audit: type=1800 audit(1754471901.806:166): pid=9239 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1101" name="file1" dev="loop4" ino=1048614 res=0 errno=0 [ 504.077151][ T9257] netlink: 'syz.1.1109': attribute type 1 has an invalid length. [ 504.226302][ T9256] team0: Device macvlan2 is up. Set it down before adding it as a team port [ 504.468025][ T9259] bond1: (slave bridge1): making interface the new active one [ 504.478344][ T9259] bond1: (slave bridge1): Enslaving as an active interface with an up link [ 505.197069][ T9261] loop6: detected capacity change from 0 to 32768 [ 505.253660][ T9261] XFS (loop6): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 505.415032][ T9275] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1114'. [ 506.121357][ T9287] loop4: detected capacity change from 0 to 256 [ 506.210620][ T9287] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 506.953082][ T9261] XFS (loop6): Ending clean mount [ 507.000938][ T9261] XFS (loop6): Quotacheck needed: Please wait. [ 507.079007][ T9292] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1117'. [ 507.137768][ T9261] XFS (loop6): Quotacheck: Done. [ 507.304711][ T8917] XFS (loop6): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 509.166929][ T9320] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1128'. [ 509.357497][ T9325] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1121'. [ 509.684247][ T9332] overlayfs: failed to clone upperpath [ 509.943872][ T1878] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 510.244048][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 510.345738][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 510.354391][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 510.363624][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 510.541813][ T9336] loop6: detected capacity change from 0 to 32768 [ 510.550046][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 510.643925][ T1878] usb 6-1: Using ep0 maxpacket: 8 [ 510.681790][ T1878] usb 6-1: config 0 has no interfaces? [ 510.688123][ T1878] usb 6-1: New USB device found, idVendor=0c2e, idProduct=0720, bcdDevice=9b.f7 [ 510.697668][ T1878] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 510.732290][ T1878] usb 6-1: config 0 descriptor?? [ 511.129920][ T1878] usb 6-1: USB disconnect, device number 6 [ 511.258502][ T0] NOHZ tick-stop error: local softirq work is pending, handler #48!!! [ 511.271091][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 511.294513][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 511.370504][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 511.876797][ T9348] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1141'. [ 513.772485][ T9364] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 513.871604][ T1878] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 514.068002][ T1878] usb 5-1: Using ep0 maxpacket: 32 [ 514.112868][ T1878] usb 5-1: config 0 has an invalid interface number: 184 but max is 0 [ 514.122673][ T1878] usb 5-1: config 0 has no interface number 0 [ 514.129867][ T1878] usb 5-1: config 0 interface 184 has no altsetting 0 [ 514.262345][ T1878] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 514.272298][ T1878] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 514.280795][ T1878] usb 5-1: Product: syz [ 514.285418][ T1878] usb 5-1: Manufacturer: syz [ 514.290222][ T1878] usb 5-1: SerialNumber: syz [ 514.496049][ T1878] usb 5-1: config 0 descriptor?? [ 514.554018][ T1878] smsc75xx v1.0.0 [ 514.561064][ T9359] loop6: detected capacity change from 0 to 65536 [ 514.666993][ T9359] XFS (loop6): Mounting V5 Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2 [ 514.775381][ T9359] XFS (loop6): Ending clean mount [ 514.787207][ T9359] XFS (loop6): Quotacheck needed: Please wait. [ 514.867019][ T9359] XFS (loop6): Quotacheck: Done. [ 515.112691][ T8917] XFS (loop6): Unmounting Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2 [ 515.288356][ T1878] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 515.299661][ T1878] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 516.147549][ T1878] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -71 [ 516.158973][ T1878] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -71 [ 516.169809][ T1878] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 516.186874][ T1878] smsc75xx 5-1:0.184: probe with driver smsc75xx failed with error -71 [ 516.298723][ T1878] usb 5-1: USB disconnect, device number 6 [ 516.330068][ T9396] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1157'. [ 518.123800][ T9419] evm: overlay not supported [ 518.673735][ T9427] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1169'. [ 519.115921][ T9424] loop6: detected capacity change from 0 to 4096 [ 519.420484][ T9424] ntfs3(loop6): Failed to initialize $Extend/$ObjId. [ 519.964053][ T6212] usb 5-1: new full-speed USB device number 7 using dummy_hcd [ 520.160392][ T6212] usb 5-1: config 0 has no interfaces? [ 520.168252][ T6212] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 520.181434][ T6212] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 520.198244][ T9446] overlayfs: failed to clone upperpath [ 520.284476][ T6212] usb 5-1: config 0 descriptor?? [ 520.508495][ T6212] usb 5-1: USB disconnect, device number 7 [ 522.348438][ T9471] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1184'. [ 522.407183][ T9471] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1184'. [ 523.317522][ T9483] loop3: detected capacity change from 0 to 8 [ 523.400742][ T9483] SQUASHFS error: xz decompression failed, data probably corrupt [ 523.408992][ T9483] SQUASHFS error: Failed to read block 0x108: -5 [ 523.415877][ T9483] SQUASHFS error: Unable to read metadata cache entry [106] [ 523.423600][ T9483] SQUASHFS error: Unable to read inode 0x11f [ 523.575421][ T5809] Bluetooth: hci2: command 0x0406 tx timeout [ 523.695985][ T9486] netlink: 'syz.4.1190': attribute type 1 has an invalid length. [ 523.752757][ T9489] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1190'. [ 523.768621][ T9489] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1190'. [ 524.087889][ T9489] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 524.106797][ T9489] gretap1: entered promiscuous mode [ 526.026285][ T9518] netlink: 76 bytes leftover after parsing attributes in process `syz.6.1201'. [ 526.099312][ T9514] loop5: detected capacity change from 0 to 1024 [ 526.227766][ T4199] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 526.237886][ T4199] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 526.313683][ T4199] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 526.327432][ T4199] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 526.396447][ T8859] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 526.406074][ T8859] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 526.447565][ T8859] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 526.457560][ T8859] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 526.541264][ T9514] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 526.683117][ T9523] Bluetooth: hci0: unsupported parameter 65535 [ 526.689654][ T9523] Bluetooth: hci0: invalid length 0, exp 2 for type 4 [ 526.694526][ T9525] loop3: detected capacity change from 0 to 128 [ 526.821060][ T9525] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 526.951390][ T9529] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 527.069001][ T7938] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 527.486062][ T5817] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 527.991311][ T9538] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2856151591 (22849212728 ns) > initial count (5743301600 ns). Using initial count to start timer. [ 529.988048][ T9575] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1224'. [ 530.178682][ T9578] loop6: detected capacity change from 0 to 7 [ 530.226526][ T9578] Dev loop6: unable to read RDB block 7 [ 530.232409][ T9578] loop6: unable to read partition table [ 530.274072][ T9578] loop6: partition table beyond EOD, truncated [ 530.280494][ T9578] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 530.633940][ T9586] netlink: 'syz.5.1229': attribute type 8 has an invalid length. [ 531.934613][ T5809] Bluetooth: hci2: Unknown advertising packet type: 0x18 [ 531.934751][ T5809] Bluetooth: hci2: Unknown advertising packet type: 0x1e [ 531.960734][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 531.960823][ T30] audit: type=1326 audit(531.911:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9604 comm="syz.4.1236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce44d8eb69 code=0x7fc00000 [ 532.374036][ T5819] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 532.586763][ T9611] syzkaller0: entered promiscuous mode [ 532.592478][ T9611] syzkaller0: entered allmulticast mode [ 532.658710][ T30] audit: type=1326 audit(532.611:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9604 comm="syz.4.1236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fce44d8eb69 code=0x7fc00000 [ 532.685641][ T30] audit: type=1326 audit(532.611:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9604 comm="syz.4.1236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce44d8eb69 code=0x7fc00000 [ 532.709487][ T30] audit: type=1326 audit(532.611:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9604 comm="syz.4.1236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce44d8eb69 code=0x7fc00000 [ 532.737408][ T30] audit: type=1326 audit(532.611:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9604 comm="syz.4.1236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce44d8eb69 code=0x7fc00000 [ 532.759598][ T30] audit: type=1326 audit(532.611:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9604 comm="syz.4.1236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce44d8eb69 code=0x7fc00000 [ 532.786155][ T30] audit: type=1326 audit(532.611:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9604 comm="syz.4.1236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce44d8eb69 code=0x7fc00000 [ 532.809765][ T30] audit: type=1326 audit(532.611:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9604 comm="syz.4.1236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce44d8eb69 code=0x7fc00000 [ 532.831901][ T30] audit: type=1326 audit(532.611:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9604 comm="syz.4.1236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce44d8eb69 code=0x7fc00000 [ 532.854102][ T30] audit: type=1326 audit(532.611:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9604 comm="syz.4.1236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce44d8eb69 code=0x7fc00000 [ 533.934078][ T6212] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 534.123687][ T6212] usb 7-1: Using ep0 maxpacket: 32 [ 534.174026][ T6212] usb 7-1: config 0 has an invalid interface number: 85 but max is 0 [ 534.182360][ T6212] usb 7-1: config 0 has no interface number 0 [ 534.188916][ T6212] usb 7-1: config 0 interface 85 has no altsetting 0 [ 534.276076][ T6212] usb 7-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 534.285895][ T6212] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 534.294718][ T6212] usb 7-1: Product: syz [ 534.299121][ T6212] usb 7-1: Manufacturer: syz [ 534.306572][ T6212] usb 7-1: SerialNumber: syz [ 534.415908][ T6212] usb 7-1: config 0 descriptor?? [ 534.455405][ T6212] appletouch 7-1:0.85: Could not find int-in endpoint [ 534.462541][ T6212] appletouch 7-1:0.85: probe with driver appletouch failed with error -5 [ 534.473852][ T6212] usbhid 7-1:0.85: couldn't find an input interrupt endpoint [ 534.607444][ T9648] overlayfs: invalid redirect (./file0) [ 534.684292][ T6212] usb 7-1: USB disconnect, device number 2 [ 535.098132][ T9657] overlayfs: failed to clone upperpath [ 536.534846][ T1878] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 536.826270][ T1878] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 536.838653][ T1878] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 69, changing to 10 [ 536.850390][ T1878] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 17408, setting to 1024 [ 536.890884][ T1878] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 536.910312][ T1878] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 536.921443][ T1878] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 536.946194][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 536.952803][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 537.124819][ T1878] usb 5-1: config 0 descriptor?? [ 537.290303][ T9697] netlink: 40 bytes leftover after parsing attributes in process `syz.6.1268'. [ 537.300039][ T9697] tipc: Invalid UDP bearer configuration [ 537.300404][ T9697] tipc: Enabling of bearer rejected, failed to enable media [ 537.610492][ T1878] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 539.236893][ T30] kauditd_printk_skb: 31 callbacks suppressed [ 539.236975][ T30] audit: type=1326 audit(539.171:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9712 comm="syz.5.1275" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3f57d8eb69 code=0x0 [ 539.659732][ T6213] usb 5-1: USB disconnect, device number 8 [ 540.751865][ T9728] loop4: detected capacity change from 0 to 4096 [ 540.794825][ T9728] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [ 541.014595][ T9728] ntfs3(loop4): Mark volume as dirty due to NTFS errors [ 541.895088][ T5819] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 541.903833][ T5819] Bluetooth: hci4: Injecting HCI hardware error event [ 541.911293][ T5819] Bluetooth: hci4: hardware error 0x00 [ 543.806738][ T9774] loop5: detected capacity change from 0 to 32768 [ 543.844812][ T9774] syz.5.1300: attempt to access beyond end of device [ 543.844812][ T9774] loop5: rw=1, sector=4680032, nr_sectors = 8 limit=32768 [ 543.858908][ T9774] metapage_write_end_io: I/O error [ 543.864346][ T9774] ERROR: (device loop5): release_metapage: metapage_write_one() failed [ 543.864346][ T9774] [ 543.875826][ T9774] ERROR: (device loop5): remounting filesystem as read-only [ 543.885022][ T9774] blkno = 8ed2c, nblocks = 1 [ 543.889786][ T9774] ERROR: (device loop5): dbUpdatePMap: blocks are outside the map [ 543.889786][ T9774] [ 543.903401][ T9774] UFO tlock:0xffffc90001803240 [ 543.967440][ T9774] read_mapping_page failed! [ 543.972132][ T9774] bread failed! [ 543.977421][ T9774] jfs_lookup: dtSearch returned -5 [ 543.983003][ T5819] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 544.079103][ T4199] kworker/u8:24: attempt to access beyond end of device [ 544.079103][ T4199] loop5: rw=1, sector=4680032, nr_sectors = 8 limit=32768 [ 544.093912][ T4199] metapage_write_end_io: I/O error [ 544.183025][ T113] blkno = 8ed2c, nblocks = 4 [ 544.188141][ T113] ERROR: (device loop5): dbUpdatePMap: blocks are outside the map [ 544.188141][ T113] [ 544.198902][ T113] ERROR: (device loop5): remounting filesystem as read-only [ 544.214515][ T7938] syz-executor: attempt to access beyond end of device [ 544.214515][ T7938] loop5: rw=1, sector=4680032, nr_sectors = 8 limit=32768 [ 544.228810][ T7938] metapage_write_end_io: I/O error [ 544.887072][ T9791] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1307'. [ 544.897274][ T9791] netlink: 64 bytes leftover after parsing attributes in process `syz.6.1307'. [ 544.910724][ T9791] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1307'. [ 545.105771][ T5819] Bluetooth: hci1: link tx timeout [ 545.111431][ T5819] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa [ 545.123408][ T5809] Bluetooth: hci1: link tx timeout [ 545.130956][ T5809] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa [ 545.141136][ T5809] Bluetooth: hci1: link tx timeout [ 545.146819][ T5809] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa [ 545.163385][ T5809] Bluetooth: hci1: link tx timeout [ 545.168776][ T5809] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa [ 545.197280][ T5809] Bluetooth: hci1: link tx timeout [ 545.202566][ T5809] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa [ 545.210756][ T5809] Bluetooth: hci1: link tx timeout [ 545.216458][ T5809] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa [ 546.993650][ T9809] loop3: detected capacity change from 0 to 32768 [ 547.004970][ T9809] btrfs: Deprecated parameter 'usebackuproot' [ 547.011333][ T9809] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 547.025724][ T9809] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1315 (9809) [ 547.055928][ T9809] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 547.066458][ T9809] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm [ 547.075408][ T9809] BTRFS info (device loop3): using free-space-tree [ 547.248176][ T5809] Bluetooth: hci1: command 0x0406 tx timeout [ 547.406114][ T1142] BTRFS warning (device loop3): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0 [ 547.424374][ T9809] BTRFS error (device loop3): failed to load root extent [ 547.431703][ T9809] BTRFS warning (device loop3): try to load backup roots slot 1 [ 547.475551][ T1142] BTRFS warning (device loop3): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0 [ 547.489392][ T9809] BTRFS warning (device loop3): couldn't read tree root [ 547.496910][ T9809] BTRFS warning (device loop3): try to load backup roots slot 2 [ 547.512177][ T1142] BTRFS error (device loop3): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 547.529899][ T9809] BTRFS warning (device loop3): couldn't read tree root [ 547.537475][ T9809] BTRFS warning (device loop3): try to load backup roots slot 3 [ 547.592532][ T9809] BTRFS info (device loop3): rebuilding free space tree [ 547.632200][ T9809] BTRFS info (device loop3): checking UUID tree [ 547.941478][ T5817] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 548.990047][ T9849] loop6: detected capacity change from 0 to 1024 [ 549.528898][ T1156] hfsplus: b-tree write err: -5, ino 3 [ 549.968970][ T9859] netlink: 'syz.4.1328': attribute type 39 has an invalid length. [ 550.306890][ T9863] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 550.357884][ T9864] loop6: detected capacity change from 0 to 1024 [ 550.388519][ T9864] EXT4-fs: Ignoring removed nomblk_io_submit option [ 550.397104][ T9869] loop4: detected capacity change from 0 to 512 [ 550.406650][ T9869] EXT4-fs: Ignoring removed i_version option [ 550.413035][ T9869] EXT4-fs: mb_optimize_scan should be set to 0 or 1. [ 550.477896][ T9864] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 550.914589][ T8917] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 551.185577][ T9877] loop4: detected capacity change from 0 to 2048 [ 551.255053][ T9881] loop6: detected capacity change from 0 to 256 [ 551.276426][ T9877] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 551.294336][ T9881] exFAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 551.308684][ T9881] exFAT-fs (loop6): Medium has reported failures. Some data may be lost. [ 551.353705][ T9881] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 551.427551][ T30] audit: type=1800 audit(551.371:210): pid=9881 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1336" name="control" dev="loop6" ino=1048621 res=0 errno=0 [ 551.539841][ T9877] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.1334: bg 0: block 234: padding at end of block bitmap is not set [ 551.594934][ T9877] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 122 with error 117 [ 551.607965][ T9877] EXT4-fs (loop4): This should not happen!! Data will be lost [ 551.607965][ T9877] [ 552.118149][ T5823] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 552.576594][ T9903] team0: Port device team_slave_0 removed [ 552.836021][ T9906] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1344'. [ 554.841623][ T6212] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 555.034592][ T6212] usb 4-1: Using ep0 maxpacket: 16 [ 555.046668][ T6212] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 555.062084][ T6212] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 555.201782][ T6212] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 555.211307][ T6212] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 555.219668][ T6212] usb 4-1: Product: syz [ 555.224230][ T6212] usb 4-1: Manufacturer: syz [ 555.229086][ T6212] usb 4-1: SerialNumber: syz [ 555.261447][ T6212] usb 4-1: config 0 descriptor?? [ 555.280963][ T6212] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 555.290981][ T6212] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class) [ 555.899481][ T6212] em28xx 4-1:0.0: unknown em28xx chip ID (0) [ 555.926939][ T6212] em28xx 4-1:0.0: Config register raw data: 0xfffffffb [ 556.144808][ T9940] netlink: 'syz.1.1355': attribute type 10 has an invalid length. [ 556.762500][ T9946] overlayfs: failed to clone upperpath [ 556.829556][ T30] audit: type=1804 audit(556.781:211): pid=9948 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1359" name="/newroot/263/file0" dev="tmpfs" ino=1425 res=1 errno=0 [ 557.265066][ T9950] bridge: RTM_NEWNEIGH with invalid ether address [ 557.328680][ T6212] em28xx 4-1:0.0: Unknown AC97 audio processor detected! [ 557.363534][ T6212] em28xx 4-1:0.0: couldn't setup AC97 register 2 [ 557.383644][ T6212] em28xx 4-1:0.0: couldn't setup AC97 register 4 [ 557.483509][ T9944] loop6: detected capacity change from 0 to 40427 [ 557.502754][ T6212] em28xx 4-1:0.0: couldn't setup AC97 register 6 [ 557.512803][ T9944] F2FS-fs (loop6): build fault injection rate: 14 [ 557.519588][ T9944] F2FS-fs (loop6): build fault injection type: 0x3bfe8c [ 557.528201][ T6212] em28xx 4-1:0.0: couldn't setup AC97 register 54 [ 557.543105][ T9944] F2FS-fs (loop6): invalid crc value [ 557.571679][ T6212] em28xx 4-1:0.0: couldn't setup AC97 register 56 [ 557.581736][ C0] F2FS-fs (loop6): inject read IO error in f2fs_read_end_io of bio_endio+0xe27/0xf80 [ 557.607555][ C0] F2FS-fs (loop6): inject read IO error in f2fs_read_end_io of bio_endio+0xe27/0xf80 [ 557.893493][ T6212] usb 4-1: USB disconnect, device number 6 [ 557.966255][ T9944] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 557.975866][ T9944] F2FS-fs (loop6): inject page alloc in f2fs_grab_cache_folio of f2fs_get_tmp_folio+0x38/0x50 [ 558.080209][ T9944] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 558.150470][ T9944] F2FS-fs (loop6): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x831/0x19b0 [ 558.202023][ T30] audit: type=1800 audit(558.121:212): pid=9944 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1357" name="file1" dev="loop6" ino=10 res=0 errno=0 [ 558.322514][ T9944] F2FS-fs (loop6): inject page alloc in f2fs_grab_cache_folio of f2fs_write_begin+0x2e2/0x4900 [ 558.604456][ T8917] syz-executor: attempt to access beyond end of device [ 558.604456][ T8917] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 558.618990][ T8917] CPU: 0 UID: 0 PID: 8917 Comm: syz-executor Not tainted 6.16.0-syzkaller-11845-ga530a36bb548 #0 PREEMPT(none) [ 558.619151][ T8917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 558.619237][ T8917] Call Trace: [ 558.619289][ T8917] [ 558.619341][ T8917] __dump_stack+0x26/0x30 [ 558.619514][ T8917] dump_stack_lvl+0x1df/0x270 [ 558.619695][ T8917] dump_stack+0x1e/0x25 [ 558.619861][ T8917] f2fs_handle_critical_error+0xa6f/0xc20 [ 558.620078][ T8917] f2fs_stop_checkpoint+0x65/0x80 [ 558.620257][ T8917] f2fs_write_end_io+0x101c/0x1bc0 [ 558.620486][ T8917] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 558.620661][ T8917] bio_endio+0xe27/0xf80 [ 558.620863][ T8917] submit_bio_noacct+0x214/0x2710 [ 558.621112][ T8917] submit_bio+0x5a9/0x5d0 [ 558.621312][ T8917] f2fs_submit_write_bio+0x92/0x250 [ 558.621483][ T8917] __submit_merged_bio+0x16f/0x6a0 [ 558.621647][ T8917] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 558.621831][ T8917] __submit_merged_write_cond+0x458/0x9a0 [ 558.622019][ T8917] f2fs_write_data_pages+0x4bb2/0x5480 [ 558.622285][ T8917] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 558.622490][ T8917] ? kmsan_get_metadata+0xfb/0x160 [ 558.622667][ T8917] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 558.622852][ T8917] ? free_unref_folios+0x29ad/0x2a20 [ 558.623043][ T8917] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 558.623257][ T8917] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 558.623474][ T8917] ? kmsan_get_metadata+0xfb/0x160 [ 558.623626][ T8917] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 558.623805][ T8917] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 558.623984][ T8917] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 558.624165][ T8917] do_writepages+0x3f2/0x860 [ 558.624319][ T8917] ? _raw_spin_unlock+0x30/0x50 [ 558.624505][ T8917] ? wbc_attach_and_unlock_inode+0x131/0x680 [ 558.624732][ T8917] filemap_fdatawrite+0x207/0x260 [ 558.624990][ T8917] f2fs_sync_dirty_inodes+0x2ab/0x9e0 [ 558.625241][ T8917] f2fs_write_checkpoint+0xfe2/0x2b00 [ 558.625575][ T8917] kill_f2fs_super+0x2ff/0x970 [ 558.625800][ T8917] ? __pfx_kill_f2fs_super+0x10/0x10 [ 558.625998][ T8917] deactivate_locked_super+0xcb/0x3c0 [ 558.626181][ T8917] deactivate_super+0x12f/0x140 [ 558.626343][ T8917] cleanup_mnt+0x6fb/0x780 [ 558.626534][ T8917] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 558.626782][ T8917] ? __pfx___cleanup_mnt+0x10/0x10 [ 558.626988][ T8917] __cleanup_mnt+0x22/0x30 [ 558.627181][ T8917] task_work_run+0x209/0x2b0 [ 558.627362][ T8917] exit_to_user_mode_loop+0x2a6/0x330 [ 558.627545][ T8917] do_syscall_64+0x1e3/0x210 [ 558.627702][ T8917] ? irqentry_exit+0x16/0x60 [ 558.627834][ T8917] ? clear_bhb_loop+0x40/0x90 [ 558.627991][ T8917] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 558.628144][ T8917] RIP: 0033:0x7f4d22f8fe97 [ 558.628251][ T8917] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 558.628375][ T8917] RSP: 002b:00007ffda580ccb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 558.628509][ T8917] RAX: 0000000000000000 RBX: 00007f4d23011bdd RCX: 00007f4d22f8fe97 [ 558.628603][ T8917] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffda580cd70 [ 558.628690][ T8917] RBP: 00007ffda580cd70 R08: 0000000000000000 R09: 0000000000000000 [ 558.628785][ T8917] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffda580de00 [ 558.628881][ T8917] R13: 00007f4d23011bdd R14: 0000000000088542 R15: 00007ffda580de40 [ 558.629012][ T8917] [ 558.979695][ T8917] F2FS-fs (loop6): Stopped filesystem due to reason: 3 [ 560.977564][ T5809] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 560.987089][ T5809] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 560.997739][ T5809] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 561.055474][ T5809] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 561.087142][ T5809] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 562.024111][ T9980] chnl_net:caif_netlink_parms(): no params data found [ 563.175236][ T5809] Bluetooth: hci5: command tx timeout [ 563.651353][ T9980] bridge0: port 1(bridge_slave_0) entered blocking state [ 563.659420][ T9980] bridge0: port 1(bridge_slave_0) entered disabled state [ 563.667502][ T9980] bridge_slave_0: entered allmulticast mode [ 563.677351][ T9980] bridge_slave_0: entered promiscuous mode [ 563.805046][ T9980] bridge0: port 2(bridge_slave_1) entered blocking state [ 563.812678][ T9980] bridge0: port 2(bridge_slave_1) entered disabled state [ 563.820836][ T9980] bridge_slave_1: entered allmulticast mode [ 563.830551][ T9980] bridge_slave_1: entered promiscuous mode [ 564.189865][ T9980] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 564.265791][ T9980] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 564.299812][T10024] fuse: Bad value for 'fd' [ 564.477468][ T9980] team0: Port device team_slave_0 added [ 564.594299][ T9980] team0: Port device team_slave_1 added [ 564.932060][ T9980] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 564.939512][ T9980] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 564.952503][T10029] overlayfs: failed to clone upperpath [ 564.967473][ T9980] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 565.046981][ T30] audit: type=1800 audit(564.981:213): pid=10020 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1380" name="/" dev="9p" ino=2 res=0 errno=0 [ 565.146815][ T9980] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 565.154141][ T9980] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 565.180623][ T9980] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 565.194891][T10035] orangefs_devreq_open: device cannot be opened in blocking mode [ 565.253621][ T5809] Bluetooth: hci5: command tx timeout [ 565.661930][ T9980] hsr_slave_0: entered promiscuous mode [ 565.672520][ T9980] hsr_slave_1: entered promiscuous mode [ 565.681521][ T9980] debugfs: 'hsr0' already exists in 'hsr' [ 565.687600][ T9980] Cannot create hsr debugfs directory [ 565.784536][T10043] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1390'. [ 565.940432][T10043] netlink: 'syz.3.1390': attribute type 2 has an invalid length. [ 566.248980][T10047] netlink: 'syz.1.1392': attribute type 83 has an invalid length. [ 566.381549][T10051] netlink: 'syz.1.1392': attribute type 83 has an invalid length. [ 566.672137][T10054] CUSE: unknown device info "±" [ 566.678535][T10054] CUSE: unknown device info "" [ 566.684482][T10054] CUSE: unknown device info "," [ 566.689500][T10054] CUSE: unknown device info "" [ 566.696200][T10054] CUSE: DEVNAME unspecified [ 567.165328][T10061] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1397'. [ 567.228362][ T9980] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 567.306752][ T9980] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 567.345230][ T9980] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 567.358198][ T5809] Bluetooth: hci5: command tx timeout [ 567.407794][ T9980] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 567.475310][T10062] loop6: detected capacity change from 0 to 2048 [ 567.487257][T10064] overlayfs: failed to clone upperpath [ 567.520397][T10062] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 567.863859][T10070] overlayfs: failed to clone upperpath [ 568.284310][T10077] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1403'. [ 568.376872][ T9980] 8021q: adding VLAN 0 to HW filter on device bond0 [ 568.515035][ T9980] 8021q: adding VLAN 0 to HW filter on device team0 [ 568.575754][ T8858] bridge0: port 1(bridge_slave_0) entered blocking state [ 568.583414][ T8858] bridge0: port 1(bridge_slave_0) entered forwarding state [ 568.670240][ T8861] bridge0: port 2(bridge_slave_1) entered blocking state [ 568.677970][ T8861] bridge0: port 2(bridge_slave_1) entered forwarding state [ 569.027241][ T9980] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 569.259734][ T30] audit: type=1326 audit(569.201:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10084 comm="syz.4.1407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce44d8eb69 code=0x7ffc0000 [ 569.384911][ T30] audit: type=1326 audit(569.271:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10084 comm="syz.4.1407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7fce44d8eb69 code=0x7ffc0000 [ 569.407533][ T30] audit: type=1326 audit(569.271:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10084 comm="syz.4.1407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce44d8eb69 code=0x7ffc0000 [ 569.416308][ T5809] Bluetooth: hci5: command tx timeout [ 569.432950][ T30] audit: type=1326 audit(569.271:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10084 comm="syz.4.1407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce44d8eb69 code=0x7ffc0000 [ 569.434224][ T30] audit: type=1326 audit(569.281:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10084 comm="syz.4.1407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fce44d8eb69 code=0x7ffc0000 [ 569.482662][ T30] audit: type=1326 audit(569.281:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10084 comm="syz.4.1407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce44d8eb69 code=0x7ffc0000 [ 569.505004][ T30] audit: type=1326 audit(569.281:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10084 comm="syz.4.1407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce44d8eb69 code=0x7ffc0000 [ 569.527413][ T30] audit: type=1326 audit(569.291:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10084 comm="syz.4.1407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fce44d8eb69 code=0x7ffc0000 [ 569.551789][ T30] audit: type=1326 audit(569.291:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10084 comm="syz.4.1407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce44d8eb69 code=0x7ffc0000 [ 570.552533][T10105] overlayfs: failed to resolve './bus': -2 [ 570.815506][ T9980] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 574.066502][ T9980] veth0_vlan: entered promiscuous mode [ 574.159640][ T9980] veth1_vlan: entered promiscuous mode [ 574.296965][T10156] netlink: 164 bytes leftover after parsing attributes in process `syz.1.1429'. [ 574.449881][ T9980] veth0_macvtap: entered promiscuous mode [ 574.490417][ T9980] veth1_macvtap: entered promiscuous mode [ 574.765133][ T9980] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 574.907140][ T9980] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 575.003676][ T8861] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 575.112913][ T8861] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 575.122173][ T8861] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 575.152953][ T8861] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 576.911123][T10199] netlink: 1272 bytes leftover after parsing attributes in process `syz.1.1441'. [ 580.094277][T10252] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1456'. [ 580.105075][T10252] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1456'. [ 580.128767][ T3763] tipc: Subscription rejected, illegal request [ 580.906009][T10263] 9pnet: p9_errstr2errno: server reported unknown error [ 581.302355][ T8856] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 581.313840][ T8856] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 581.530958][ T3763] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 581.539423][ T3763] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 581.662508][T10278] netlink: 'syz.4.1466': attribute type 7 has an invalid length. [ 581.671930][T10278] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1466'. [ 582.220117][ T5809] Bluetooth: hci1: unexpected event 0x3e length: 283 > 260 [ 582.220261][ T5809] Bluetooth: hci1: unexpected subevent 0x0d length: 282 > 260 [ 582.239500][ T5809] Bluetooth: hci1: adv larger than maximum supported [ 582.239602][ T5809] Bluetooth: hci1: adv larger than maximum supported [ 582.955672][T10293] serio: Serial port ptm0 [ 584.444507][T10319] ------------[ cut here ]------------ [ 584.450170][T10319] WARNING: CPU: 1 PID: 10319 at mm/page_alloc.c:5124 __alloc_frozen_pages_noprof+0x806/0xf00 [ 584.461287][T10319] Modules linked in: [ 584.465606][T10319] CPU: 1 UID: 0 PID: 10319 Comm: syz.7.1484 Not tainted 6.16.0-syzkaller-11845-ga530a36bb548 #0 PREEMPT(none) [ 584.477859][T10319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 584.494333][T10319] RIP: 0010:__alloc_frozen_pages_noprof+0x806/0xf00 [ 584.501229][T10319] Code: fe ff ff 8b 3a e8 fa 39 18 00 f6 c3 01 0f 85 b6 f8 ff ff 48 c7 c7 c7 04 c9 92 e8 35 2d 18 00 c6 00 00 c6 05 c2 7a 49 10 01 90 <0f> 0b 90 31 db 31 c9 31 c0 e9 7c fe ff ff 89 7d a0 e8 c4 39 18 00 [ 584.524309][T10319] RSP: 0018:ffff8880591fb5c0 EFLAGS: 00010282 [ 584.530637][T10319] RAX: ffff88823f82b4c7 RBX: 0000000000000000 RCX: 0000000000b3b528 [ 584.540219][T10319] RDX: ffff88823f1084c4 RSI: 0000000000000001 RDI: ffffffff92c904c4 [ 584.548999][T10319] RBP: ffff8880591fb680 R08: ffffea000000000f R09: 0000000000000000 [ 584.557541][T10319] R10: ffff8880589fb5c8 R11: 0000000000000002 R12: 000000000000002a [ 584.565887][T10319] R13: 0000000000040d40 R14: 0000000000000000 R15: ffff88804f5dcce0 [ 584.574276][T10319] FS: 00007f308928d6c0(0000) GS:ffff8881aa79a000(0000) knlGS:0000000000000000 [ 584.589233][T10319] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 584.598049][T10319] CR2: 00007fce45ae56c0 CR3: 000000006a7d0000 CR4: 00000000003526f0 [ 584.606420][T10319] Call Trace: [ 584.609857][T10319] [ 584.612931][T10319] ? policy_nodemask+0x885/0xab0 [ 584.618408][T10319] alloc_pages_mpol+0x328/0x860 [ 584.623665][T10319] alloc_frozen_pages_noprof+0xf7/0x200 [ 584.629484][T10319] ___kmalloc_large_node+0xa8/0x3b0 [ 584.636400][T10319] __kmalloc_large_node_noprof+0x3f/0x1f0 [ 584.642435][T10319] ? p9_client_clunk+0x2da/0x3f0 [ 584.648280][T10319] __kmalloc_noprof+0xbad/0x1310 [ 584.653638][T10319] ? v9fs_fid_get_acl+0xdb/0x380 [ 584.658881][T10319] ? v9fs_fid_xattr_get+0x465/0x5b0 [ 584.664588][T10319] v9fs_fid_get_acl+0xdb/0x380 [ 584.672088][T10319] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 584.678887][T10319] v9fs_get_acl+0xd3/0x7b0 [ 584.683774][T10319] v9fs_inode_from_fid_dotl+0x4be/0x6b0 [ 584.695577][T10319] v9fs_mount+0xcf7/0x1450 [ 584.700301][T10319] legacy_get_tree+0x113/0x2c0 [ 584.707376][T10319] ? __pfx_v9fs_mount+0x10/0x10 [ 584.712465][T10319] ? __pfx_legacy_get_tree+0x10/0x10 [ 584.718405][T10319] vfs_get_tree+0xb0/0x5c0 [ 584.723238][T10319] ? mount_capable+0x99/0x100 [ 584.728161][T10319] do_new_mount+0x733/0x1420 [ 584.732998][T10319] ? apparmor_capable+0x32d/0x410 [ 584.739680][T10319] ? kmsan_get_metadata+0xfb/0x160 [ 584.745682][T10319] path_mount+0x6db/0x1e90 [ 584.750398][T10319] ? user_path_at+0x32d/0x3d0 [ 584.755498][T10319] __se_sys_mount+0x6eb/0x7d0 [ 584.760485][T10319] __x64_sys_mount+0xe4/0x150 [ 584.765804][T10319] x64_sys_call+0x3604/0x3e20 [ 584.770786][T10319] do_syscall_64+0xd9/0x210 [ 584.775850][T10319] ? irqentry_exit+0x16/0x60 [ 584.780682][T10319] ? clear_bhb_loop+0x40/0x90 [ 584.785838][T10319] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 584.798134][T10319] RIP: 0033:0x7f308838eb69 [ 584.802846][T10319] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 584.824798][T10319] RSP: 002b:00007f308928d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 584.834085][T10319] RAX: ffffffffffffffda RBX: 00007f30885b5fa0 RCX: 00007f308838eb69 [ 584.843831][T10319] RDX: 0000200000000b80 RSI: 00002000000003c0 RDI: 0000000000000000 [ 584.852030][T10319] RBP: 00007f3088411df1 R08: 0000200000000500 R09: 0000000000000000 [ 584.861009][T10319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 584.869450][T10319] R13: 0000000000000000 R14: 00007f30885b5fa0 R15: 00007ffe12996b48 [ 584.877880][T10319] [ 584.881061][T10319] ---[ end trace 0000000000000000 ]--- [ 585.379726][T10328] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1487'. [ 585.554181][ T30] kauditd_printk_skb: 4 callbacks suppressed [ 585.554264][ T30] audit: type=1804 audit(585.501:227): pid=10335 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.1489" name="/newroot/326/file0" dev="fuse" ino=1 res=1 errno=0 [ 586.315546][ T30] audit: type=1326 audit(586.261:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10342 comm="syz.1.1493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f273498eb69 code=0x7ffc0000 [ 586.342036][ T30] audit: type=1326 audit(586.261:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10342 comm="syz.1.1493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f273498eb69 code=0x7ffc0000 [ 586.365836][ T30] audit: type=1326 audit(586.261:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10342 comm="syz.1.1493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7f273498eb69 code=0x7ffc0000 [ 586.389698][ T30] audit: type=1326 audit(586.271:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10342 comm="syz.1.1493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f273498eb69 code=0x7ffc0000 [ 586.548976][ T30] audit: type=1326 audit(586.371:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10342 comm="syz.1.1493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=217 compat=0 ip=0x7f273498eb69 code=0x7ffc0000 [ 586.571334][ T30] audit: type=1326 audit(586.371:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10342 comm="syz.1.1493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f273498eb69 code=0x7ffc0000 [ 586.594653][ T30] audit: type=1326 audit(586.371:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10342 comm="syz.1.1493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f273498eb69 code=0x7ffc0000 [ 587.022910][T10355] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1497'. [ 587.089683][T10355] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1497'. [ 587.251346][T10357] bridge0: port 3(syz_tun) entered blocking state [ 587.258717][T10357] bridge0: port 3(syz_tun) entered disabled state [ 587.266137][T10357] syz_tun: entered allmulticast mode [ 587.274958][T10357] syz_tun: entered promiscuous mode [ 587.387259][T10360] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1499'. [ 590.813832][ T1878] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 591.028221][ T1878] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 591.044006][ T1878] usb 8-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00 [ 591.055048][ T1878] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 591.122563][ T1878] usb 8-1: config 0 descriptor?? [ 591.583278][ T1878] sony 0003:054C:0268.0009: item fetching failed at offset 0/3 [ 591.606697][ T1878] sony 0003:054C:0268.0009: parse failed [ 591.612913][ T1878] sony 0003:054C:0268.0009: probe with driver sony failed with error -22 [ 591.849097][ T6213] usb 8-1: USB disconnect, device number 2 [ 593.578803][T10444] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 593.853728][T10444] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 594.072474][T10444] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 594.282127][T10444] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 594.386054][T10455] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1536'. [ 594.448708][T10455] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1536'. [ 594.873387][ T8861] netdevsim netdevsim7 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 594.886646][ T8861] netdevsim netdevsim7 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 594.908839][ T8861] netdevsim netdevsim7 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 594.955685][ T8861] netdevsim netdevsim7 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 595.554697][T10466] kvm: pic: non byte read [ 595.590414][T10466] kvm: pic: level sensitive irq not supported [ 595.599893][T10466] kvm: pic: non byte read [ 595.659139][T10472] syz_tun: entered allmulticast mode [ 595.664922][T10466] kvm: pic: level sensitive irq not supported [ 595.665451][T10466] kvm: pic: non byte read [ 595.706650][T10466] kvm: pic: level sensitive irq not supported [ 595.706984][T10466] kvm: pic: non byte read [ 595.733208][T10470] syz_tun: left allmulticast mode [ 595.777936][T10466] kvm: pic: level sensitive irq not supported [ 595.778274][T10466] kvm: pic: non byte read [ 595.827127][T10466] kvm: pic: level sensitive irq not supported [ 595.827416][T10466] kvm: pic: non byte read [ 595.884663][T10466] kvm: pic: level sensitive irq not supported [ 595.884981][T10466] kvm: pic: non byte read [ 595.942943][T10466] kvm: pic: level sensitive irq not supported [ 595.943921][T10466] kvm: pic: non byte read [ 596.016361][T10466] kvm: pic: level sensitive irq not supported [ 596.016683][T10466] kvm: pic: non byte read [ 596.556943][T10486] netlink: 'syz.6.1546': attribute type 10 has an invalid length. [ 596.590586][T10486] 8021q: adding VLAN 0 to HW filter on device team0 [ 596.607074][T10486] bond0: (slave team0): Enslaving as an active interface with an up link [ 596.650502][T10486] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 596.700898][T10486] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 597.148707][T10496] binder: 10495:10496 ioctl c0306201 2000000001c0 returned -22 [ 597.544000][ T7938] jfs_flush_journal: synclist not empty [ 597.549820][ T7938] ===================================================== [ 597.557215][ T7938] BUG: KMSAN: uninit-value in hex_dump_to_buffer+0xefb/0xf30 [ 597.567594][ T7938] hex_dump_to_buffer+0xefb/0xf30 [ 597.572837][ T7938] print_hex_dump+0x10d/0x330 [ 597.584016][ T7938] jfs_flush_journal+0x13ed/0x1670 [ 597.594475][ T7938] jfs_umount+0x1e3/0x720 [ 597.601382][ T7938] jfs_put_super+0x112/0x3d0 [ 597.606371][ T7938] generic_shutdown_super+0x1ad/0x4b0 [ 597.611936][ T7938] kill_block_super+0x42/0xd0 [ 597.617025][ T7938] deactivate_locked_super+0xcb/0x3c0 [ 597.622569][ T7938] deactivate_super+0x12f/0x140 [ 597.627786][ T7938] cleanup_mnt+0x6fb/0x780 [ 597.632420][ T7938] __cleanup_mnt+0x22/0x30 [ 597.638876][ T7938] task_work_run+0x209/0x2b0 [ 597.645037][ T7938] exit_to_user_mode_loop+0x2a6/0x330 [ 597.650604][ T7938] do_syscall_64+0x1e3/0x210 [ 597.657314][ T7938] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 597.664369][ T7938] [ 597.666785][ T7938] Uninit was stored to memory at: [ 597.672020][ T7938] hex_dump_to_buffer+0xef4/0xf30 [ 597.677357][ T7938] print_hex_dump+0x10d/0x330 [ 597.682230][ T7938] jfs_flush_journal+0x13ed/0x1670 [ 597.688230][ T7938] jfs_umount+0x1e3/0x720 [ 597.698023][ T7938] jfs_put_super+0x112/0x3d0 [ 597.702807][ T7938] generic_shutdown_super+0x1ad/0x4b0 [ 597.710126][ T7938] kill_block_super+0x42/0xd0 [ 597.715138][ T7938] deactivate_locked_super+0xcb/0x3c0 [ 597.720677][ T7938] deactivate_super+0x12f/0x140 [ 597.725904][ T7938] cleanup_mnt+0x6fb/0x780 [ 597.730594][ T7938] __cleanup_mnt+0x22/0x30 [ 597.735406][ T7938] task_work_run+0x209/0x2b0 [ 597.740202][ T7938] exit_to_user_mode_loop+0x2a6/0x330 [ 597.747047][ T7938] do_syscall_64+0x1e3/0x210 [ 597.751774][ T7938] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 597.758308][ T7938] [ 597.760734][ T7938] Uninit was created at: [ 597.765773][ T7938] kmem_cache_alloc_noprof+0x81b/0xec0 [ 597.771510][ T7938] mempool_alloc_slab+0x36/0x50 [ 597.776684][ T7938] mempool_alloc_noprof+0xf9/0x540 [ 597.781975][ T7938] __get_metapage+0xa1d/0x1790 [ 597.787104][ T7938] diWrite+0x58f/0x2190 [ 597.791405][ T7938] txCommit+0xcc0/0x93d0 [ 597.801582][ T7938] jfs_mkdir+0x1271/0x13a0 [ 597.808073][ T7938] vfs_mkdir+0x4ea/0x850 [ 597.812477][ T7938] do_mkdirat+0x41a/0xf30 [ 597.817184][ T7938] __x64_sys_mkdirat+0xc1/0x140 [ 597.822199][ T7938] x64_sys_call+0x338/0x3e20 [ 597.827185][ T7938] do_syscall_64+0xd9/0x210 [ 597.831840][ T7938] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 597.838020][ T7938] [ 597.840462][ T7938] CPU: 1 UID: 0 PID: 7938 Comm: syz-executor Tainted: G W 6.16.0-syzkaller-11845-ga530a36bb548 #0 PREEMPT(none) [ 597.855201][ T7938] Tainted: [W]=WARN [ 597.859093][ T7938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 597.869866][ T7938] ===================================================== [ 597.877075][ T7938] Disabling lock debugging due to kernel taint [ 597.883468][ T7938] Kernel panic - not syncing: kmsan.panic set ... [ 597.890028][ T7938] CPU: 1 UID: 0 PID: 7938 Comm: syz-executor Tainted: G B W 6.16.0-syzkaller-11845-ga530a36bb548 #0 PREEMPT(none) [ 597.903615][ T7938] Tainted: [B]=BAD_PAGE, [W]=WARN [ 597.908732][ T7938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 597.918939][ T7938] Call Trace: [ 597.922328][ T7938] [ 597.925360][ T7938] __dump_stack+0x26/0x30 [ 597.929921][ T7938] dump_stack_lvl+0x53/0x270 [ 597.934739][ T7938] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 597.940826][ T7938] dump_stack+0x1e/0x25 [ 597.945189][ T7938] vpanic+0x361/0xc50 [ 597.949354][ T7938] panic+0x15d/0x160 [ 597.953467][ T7938] kmsan_report+0x31c/0x320 [ 597.958155][ T7938] ? __msan_warning+0x1b/0x30 [ 597.962986][ T7938] ? hex_dump_to_buffer+0xefb/0xf30 [ 597.968341][ T7938] ? print_hex_dump+0x10d/0x330 [ 597.973326][ T7938] ? jfs_flush_journal+0x13ed/0x1670 [ 597.978770][ T7938] ? jfs_umount+0x1e3/0x720 [ 597.983392][ T7938] ? jfs_put_super+0x112/0x3d0 [ 597.988325][ T7938] ? generic_shutdown_super+0x1ad/0x4b0 [ 597.994032][ T7938] ? kill_block_super+0x42/0xd0 [ 597.999058][ T7938] ? deactivate_locked_super+0xcb/0x3c0 [ 598.004761][ T7938] ? deactivate_super+0x12f/0x140 [ 598.009974][ T7938] ? cleanup_mnt+0x6fb/0x780 [ 598.014731][ T7938] ? __cleanup_mnt+0x22/0x30 [ 598.019514][ T7938] ? task_work_run+0x209/0x2b0 [ 598.024425][ T7938] ? exit_to_user_mode_loop+0x2a6/0x330 [ 598.030136][ T7938] ? do_syscall_64+0x1e3/0x210 [ 598.035048][ T7938] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 598.041273][ T7938] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 598.047524][ T7938] ? kmsan_get_metadata+0xfb/0x160 [ 598.052811][ T7938] ? kmsan_get_metadata+0xfb/0x160 [ 598.058214][ T7938] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 598.064759][ T7938] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 598.071032][ T7938] ? kmsan_get_metadata+0xfb/0x160 [ 598.076324][ T7938] __msan_warning+0x1b/0x30 [ 598.080970][ T7938] hex_dump_to_buffer+0xefb/0xf30 [ 598.086155][ T7938] ? print_hex_dump+0x5e/0x330 [ 598.091071][ T7938] ? jfs_flush_journal+0x13ed/0x1670 [ 598.096529][ T7938] print_hex_dump+0x10d/0x330 [ 598.101402][ T7938] ? kmsan_get_metadata+0xfb/0x160 [ 598.106710][ T7938] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 598.112707][ T7938] jfs_flush_journal+0x13ed/0x1670 [ 598.118003][ T7938] ? kmsan_get_metadata+0xfb/0x160 [ 598.123294][ T7938] jfs_umount+0x1e3/0x720 [ 598.127793][ T7938] jfs_put_super+0x112/0x3d0 [ 598.132543][ T7938] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 598.138548][ T7938] ? __pfx_jfs_put_super+0x10/0x10 [ 598.143832][ T7938] generic_shutdown_super+0x1ad/0x4b0 [ 598.149383][ T7938] kill_block_super+0x42/0xd0 [ 598.154255][ T7938] ? __pfx_kill_block_super+0x10/0x10 [ 598.159798][ T7938] deactivate_locked_super+0xcb/0x3c0 [ 598.165334][ T7938] deactivate_super+0x12f/0x140 [ 598.170337][ T7938] cleanup_mnt+0x6fb/0x780 [ 598.174918][ T7938] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 598.181566][ T7938] ? __pfx___cleanup_mnt+0x10/0x10 [ 598.186887][ T7938] __cleanup_mnt+0x22/0x30 [ 598.191486][ T7938] task_work_run+0x209/0x2b0 [ 598.196261][ T7938] exit_to_user_mode_loop+0x2a6/0x330 [ 598.201813][ T7938] do_syscall_64+0x1e3/0x210 [ 598.206576][ T7938] ? irqentry_exit+0x16/0x60 [ 598.211327][ T7938] ? clear_bhb_loop+0x40/0x90 [ 598.216171][ T7938] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 598.222235][ T7938] RIP: 0033:0x7f3f57d8fe97 [ 598.226754][ T7938] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 598.246524][ T7938] RSP: 002b:00007fff2add5798 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 598.255101][ T7938] RAX: 0000000000000000 RBX: 00007f3f57e11bdd RCX: 00007f3f57d8fe97 [ 598.263289][ T7938] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff2add5850 [ 598.271383][ T7938] RBP: 00007fff2add5850 R08: 0000000000000000 R09: 0000000000000000 [ 598.279503][ T7938] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff2add68e0 [ 598.287612][ T7938] R13: 00007f3f57e11bdd R14: 0000000000084cd4 R15: 00007fff2add6920 [ 598.295771][ T7938] [ 598.299272][ T7938] Kernel Offset: disabled [ 598.303663][ T7938] Rebooting in 86400 seconds..