last executing test programs: 19m49.20343694s ago: executing program 32 (id=46): r0 = userfaultfd(0x1) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0xa5}) r1 = socket$inet6(0xa, 0x2, 0x0) mmap(&(0x7f00009ff000/0x600000)=nil, 0x600000, 0x0, 0x11, r1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000000100)={&(0x7f0000ffa000/0x3000)=nil, 0x3000}) 18m40.648768995s ago: executing program 33 (id=247): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.current\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f00000004c0), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) mprotect(&(0x7f000081b000/0x2000)=nil, 0x2000, 0x4) ftruncate(r0, 0x0) 17m51.387509764s ago: executing program 34 (id=394): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x40801, 0x0) r1 = epoll_create(0x802) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000300)={0x20002009}) ioctl$FS_IOC_GETFLAGS(r0, 0x5437, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') 16m23.296120519s ago: executing program 35 (id=721): mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0) mknod$loop(&(0x7f0000000140)='./file0\x00', 0x6000, 0x1) unlink(&(0x7f0000000040)='./file0\x00') mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1) 15m29.170878178s ago: executing program 36 (id=862): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x2800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) close_range(r1, r1, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) madvise(&(0x7f0000130000/0xd000)=nil, 0xd000, 0x66) 11m37.848491045s ago: executing program 37 (id=1870): syz_mount_image$exfat(&(0x7f00000005c0), &(0x7f0000000640)='./bus\x00', 0x3010050, &(0x7f0000000680)=ANY=[@ANYRES32=0x0], 0x1, 0x14fe, &(0x7f0000001c00)="$eJzs3Au0ztXWMPA511p/NklPkvuaa/55kssiSXJJSCRJkiS5JSRJkoTEJrckJCH3JPeQ3GIn9/st9yQ5kiQJCUnWN3Q6n/e8nfftnO+c7/V9Z8/fGGvsNff/mfNZa889nv9ljL2/7Ti4av1qlesyM/xT8M9fUgEgBQD6AcA1ABABQKlspbIBDoNMGlP/uTcR/1oPTbvSKxBXkvQ/fZP+p2/S//RN+p++Sf/TN+l/+ib9T9+k/0KkZ1un575WRvod/3PP/0Ge//8/R87//0YOFxvz5fpi13f6B1Kk/+mb9D99k/6nb9L/9E36n75J///NRQCV/pvD0v/0TfovRHp2pZ8/y7iy40r//gkhhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGESB/OhcsMAPxlfqXXJYQQQgghhBBCiH+dkPFKr0AIIYQQQgghhBD/9yEo0GAgggyQEVIgE2SGqyALXA1Z4RpIwLWQDa6D7HA95ICckAtyQx7IC/nAAoEDhhjyQwFIwg1QEG6EQlAYikBR8FAMisNNUAJuhpJwC5SCW6E03AZloCyUg/JwO1SAO6AiVILKcCdUgbugKlSDu6E63AM14F6oCfdBLbgfasMDUAcehLrwENSDh6E+PAIN4FFoCI2gMTSBpv9H+S9CV3gJukF3SIUe0BNehl7QG/pAX+gHr0B/eBUGwGswEAbBYHgdhsAbMBTehGEwHEbAWzASRsFoGANjYRyMh7dhArwDE+FdmASTYQpMhWkwHWbAezATZsFseB/mwAcwF+bBfFgAC+FDWASLIQ0+giXwMSyFZbAcVsBKWAWrYQ2shXWwHjbARtgEm2ELbIVPYBtshx2wE3bBbtgDn8Je+Az2weewH774B/PP/qf8TggIqFChQYMZMAOmYApmxsyYBbNgVsyKCUxgNsyG2TE75sAcmAtzYR7Mg/kwHxISMjLmx/yYxCQWxIJYCAthESyCHj0Wx+JYAm/GklgSS2EpLI2lsQyWxbJYHstjBayAFbEiVsbKWAWrYFWsinfj3XgP1sAaWBNrYi2shbWxNtbBOlgX62I9rIf1sT42wAbYEBtiY2yMTbEpNsNm2BybY0tsia2wFbbG1tgG22BbbIvtsB22x/bYATtgR+yInbAzdsYX8UV8CV/C7lhF9cCe2BN7YS/sg32xL76C/fFVfBVfw4E4CAfj6/g6voFD8QwOw+EpgCOwghqFo3EMshqH43E8TsAJOBEn4iScjJNxKk7D6TgDZ+BMnIWz8H2cgx/gBzgP5+ECXIgLcREuxjRMwyV4FpfiMlyOK3AlrsKVuAbX4hpcjxtwPW7CTbgFt+An+Alux+24E3fibtyNn+Kn+Bl+hgNxP+7HA3gAD+JBPISH8DAexiN4BI/iUTyGx/A4HscTeBJP4Uk8jafxDJ7Fc3gOz+N5vIDP5/m63u7C6waCusQoozKoDCpFpajMKrPKorKorCqrSqiEyqayqewqu8qhcqhcKpfKo/KofCqfIkWKVazyq/wqqZKqoCqoCqlCqogqorzyqrgqrkqoEqqkKqlKqVtVaXWbKqPKqha+vCqvKqiWvqKqpCqryqqKuktVVdVUNVVdVVc1VA1VU9VUtVQtVVs9oOqoHtgHH1KXOlNfDcIGajA2VI1UY9VEvYGPqWZqKDZXLVRL9YQajsOwtWrm26inVVs1GtupZ9UYfE51UOOwo3pBdVKdVRf1ouqqmvtuGX77CFRTsZfqrfqovmom3qUudayqek0NVIPUYPW6WoBvqKHqTTVMDVcj1FtqpBqlRqsxaqwap8art9UE9Y6aqN5Vk9RkNUVNVdPUdDVDvadmqllqtnpfzVEfqLlqnpqvFqiF6kO1SC1WaeojtUR9rJaqZWq5WqFWqlVqtVqj1qp1ar3aoDaqTWqz2qK2qk/UNrVd7VA71S61W+1Rn6q96jO1T32u9qsv1AH1J3VQfakOqa/UYfW1OqK+UUfVt+qY+k4dV9+rE+qkOqV+UKfVj+qMOqvOqZ/UefWzuqB+URdVUKBRK6210ZHOoDPqFJ1JZ9ZX6Sz6ap1VX6MT+lqdTV+ns+vrdQ6dU+fSuXUenVfn01aTdpp1rPPrAjqpb9AF9Y26kC6si+ii2utiuri+SZfQN+uS+hZdSt+qS+vbdBldVpfT5fXtuoK+Q1fUlXRlfaeuou/SVXU1fbeuru/RNfS9uqa+T9fS9+va+gFdRz+o6+qHdD39sK6vH9EN9KO6oW6kG+smuql+TDfTj+vmuoVuqZ/QrfSTurV+SrfRT+u2+hndTj+r2+vndAf9vO6oX9CddGfdRf+iL+qgu+nuOlX30D31y7qX7q376L66n35F99ev6gH6NT1QD9KD9et6iH5DD9Vv6mF6uB6h39Ij9Sg9Wo/RY/U4PV6/rSfod/RE/a6epCfrKXqqnqan6z6/VZr9d+S/8zfyB/z67lv0Vv2J3qa36x16p96ld+s9eo/eq/fqfXqf3q/36wP6gD6oD+pD+pA+rA/rI/qIPqqP6mP6mD6uj+sT+qT+Sf+gT+sf9Rl9Vp/VP+nz+ry+8NvPAAwaZbQxJjIZTEaTYjKZzOYqk8VcbbKaa0zCXGuymetMdnO9yWFymlwmt8lj8pp8xhoyzrCJTX5TwCTNDaagudEUMoVNEVPUeFPMFDc3/dP5f7S+pqapaWaameamuWlpWppWppVpbVqbNqaNaWvamnamnWlv2psOpoPpaDqaTqaT6WK6mK6mq+lmuplUk2p6mpdNL9Pb9DF9TT/ziulv+psBZoAZaAaawWawGWKGmKFmqBlmhpkRZoQZaUaa0Wa0GWvGmvFmvJlgJpiJZqKZZCaZKWaKmWammRlmhplpZprZZraZY+aYuWaumW/mm4VmoVlkFpk0k2aWmCVmqVlmlpkVZoVZZVaZNWaNWWfWmQ1mg9lkNpmlZqvZaraZbWaH2WF2mV1mj9lj9pq9Zp/ZZ/ab/eaAOWAOmoPmkDlkDpvD5og5Yo6ao+aYOWaOm+PmhDlhTplT5rQ5bc6YM+acOWfOm/PmgrlgLpqLly77IhWpyEQmyhBliFKilChzlDnKEmWJskZZo0SUiLJF2aLs0fVRjihnlCvKHeWJ8kapYCOKXMRRHOWPCkTJ6IaoYHRjVCgqHBWJikY+KhYVj26KSkQ3RyWjW6JS0a1R6ei2qExUNioXlY9ujypEd0QVo0pR5ejOqEp0V1Q1qhbdHVWP7olqRPdGNaP7olrR/VHt6IGoTvRgVDd6KKoXPRzVjx6JGkSPRg2jRlHjqEnU9F9aP4QzOR/33Wx3m2p72J72ZdvL9rZ9bF/bz75i+9tX7QD7mh1oB9nB9nU7xL5hh9o37TA73I6wb9mRdpQdbcfYsXacHW/fthPsO3aifddOspPtFDvVTrPT7Qz7np1pZ9nZ9n07x35g59p5dr5dYBfaD+0iu9im2Y/sEvuxXWqX2eV2hV1pV9nVdo1da9fZ9XaD3Wg32c12i91qP7Hb7Ha7w+60u+xuu8d+avfaz+w++7ndb7+wB+yf7EH7pT1kv7KH7df2iP3GHrXf2mP2O3vcfm9P2JP2lP3BnrY/2jP2rD1nf7Ln7c/2gv3FXrTh0sX9pdM7GTKUgTJQCqVQZspMWSgLZaWslKAEZaNslJ2yUw7KQbkoF+WhPJSP8tElTEz5KT8lKUkFqSAVokJUhIqQJ0/FqTiVoBJUkkpSKSpFpak0laEyVI7K0e10O91Bd1AlqkR30p10F91F1agaVafqVINqUE2qSbWoFtWm2lSH6lBdqkv1qB7Vp/rUgBpQQ2pIjakxNaWm1IyaUXNqTi2pJbWiVtSaWlMbakNtqS21o3bUntpTB+pAHakjdaJO1IW6UFfqSt2oG6VSKvWkntSLelEf6kP9qB/1p/40gAbQQBpIg2kwDaEhNJSG0jAaTiPoLRpJo2g0jaGxNI7G03iaQBNoIk2kSTSJptAUmkbTaAbNoJk0k2bTbJpDc2guzaX5NJ8W0kJaRIsojdJoCS2hpbSUltNyWkkraTWtprW0ltbTetpIG2kzbaattJW20TbaQTtoF+2iPbSH9tJe2kf7aD/tpwN0gA7SQTpEh+gwHaYjdISO0lE6RsfoOB2nE3SCTtEpOk2n6QydoXN0js7Tz3SBfqGLFCjFKcjsrnJZ3NUuq7vGpbhM7lIcAcClOJfL7fK4vC6fsy6Hy/lXMTnnCrnCrogr6rwr5oq7m34Xl3FlXTlX3t3uKrg7XMXfxdXdPa6Gu9fVdPe5au7uv4pruftdbfeIq+MedXVdI1fPNXH13SOugXvUNXSNXGPXxLVyT7rW7inXxj3t2rpnfhcvcovdWrfOrXcb3F73mTvnfnJH3bfuvPvZdXPdXT/3iuvvXnUD3GtuoBv0u3iEe8uNdKPcaDfGjXXjfhdPcVPdNDfdzXDvuZlu1u/ihe5DN8elublunpvvFvwaX1pTmvvILXEfu6VumVvuVriVbpVb7db877WucJvcZrfF7XGfum1uu9vhdrpdbvev8aV97HOfu/3uC3fEfeMOui/dIXfMHXZf/xpf2t8x95077r53J9xJd8r94E67H90Zd/bX/V/a+w/uF3fRBQeMrFiz4YgzcEZO4Uycma/iLHw1Z+VrOMHXcja+jrPz9ZyDc3Iuzs15OC/nY8vEjpljzs8FOMk3cEG+kQtxYS7CRdlzMS7ON3EJvplL8i1cim/l0nwbl+GyXI7L8+1cge/gilyJK/OdXCUErsrV+G6uzvdwDb6Xa/J9XIvv59r8ANfhB7kuP8T1+GGuz49wA36UG3IjbsxNuCk/xs34cW7OLbglP8Gt+EluzU9xG36a2/Iz3I6f5fb8HHfg57kjv8CduDN34Re5K7/E3bg7p3IP7skvcy/uzX24L/fjV7g/v8oD+DUeyIN4ML/OQ/gNHspv8jAeziP4LR7Jo3g0j+GxPI7H89s8gd/hifwuT+LJPIWn8jSezjP4PZ7Js3g2v89z+AOey/N4Pi/ghfwhL+LFnMYf8RL+mJfyMl7OK3glr+LVvIbX8jpezxt4I2/izbyFt/InvI238w7eybt4N+/hT3kvf8b7+HPez1/wAf4TH+Qv+RB/xYf5az7C3/BR/paP8Xd8nL/nE3yST/EPfJp/5DN8ls/xT3yef+YL/Atf5MAQY6xiHZs4ijPEGeOUOFOcOb4qzhJfHWeNr4kT8bVxtvi6OHt8fZwjzhnninPHeeK8cb7YxhS7mOM4zh8XiJPxDXHB+Ma4UFw4LhIXjX1cLC4e3xSXiG+OS8a3xKXiW+PS8W1xmbhs/Mh95ePb4wrxHXHFuFJcOb4zrhLfFVeNq8V3x9Xje+Ia8b1xzfi+uGR8f1w7fiCuEz8Y140fiuvFD8f140fiBvGjccO4Udw4bhI3jR+Lm8WPx83jFnHL+Im4Vfxk3Dp+Km4TPx23jZ/5w+OpcY+4Z/xy/HIcwr16fnJBcmHyw+Si5OJkWvKj5JLkx8mlyWXJ5ckVyZXJVcnVyTXJtcl1yfXJDcmNyU3JzcktyRCqZQSPXnntjY98Bp/Rp/hMPrO/ymfxV/us/hqf8Nf6bP46n91f73P4nD6Xz+3z+Lw+n7eevPPsY5/fF/BJf4Mv6G/0hXxhX8QX9d4X88V9E9/UN/XN/OO+uW/hW/on/BP+Sf+kf8o/5Z/2bf0zvp1/1rf3z/kO/nn/vH/Bd/KdfRf/ou/qX/LdfHef6lN9T9/T9/K9fB/fx/fz/Xx/398P8AP8QD/QD/aD/RA/xA/1Q/0wP8yP8CP8SD/Sj/aj/Vg/1o/34/0EP8FP9BP9JD/JT/FT/DQ/zc/wM/xMP9PP9rP9nEJz/Fw/18/38/1Cv9Av8ot8mk/zS/wSv9Qv9cv9cr/Sr/Sr/Wq/1q/16/16v9Fv9Jv9Zr/Vb/Xb/Da/w+/wu/wuv8fv8Xv9Xr/P7/P7/X5/wB/wB/1Bf8h/5Q/7r/0R/40/6r/1x/x3/rj/3p/wJ/0p/4M/7X/0Z/xZf87/5M/7n/0F/4u/6IMfn3g7MSHxTmJi4t3EpMTkxJTE1MS0xPTEjMR7iZmJWYnZifcTcxIfJOYm5iXmJxYkFiY+TCxKLE6kJT5KLEl8nFiaWJZYnliRWJlYlQgh77Y45A8FQjLcEAqGG0OhUDgUCUWDD8VC8XBTKBFuDiXDLaFUuDWUDreFMqFsKBceDQ1Do9A4NAlNw2OhWXg8NA8tQsvwRGgVngytw1OhTXg6tA3PhHbh2dA+PBc6hOdDx/BC6BQ6hy7hxdA1vBS6he4hNfQIPcPLoVfoHfqEvqFfeCX0D6+GAeG1MDAMCoPD62FIeCMMDW+GYWF4GBHeCiPDqDA6jAljw7gwPrwdJoR3wsTwbpgUJocpYWqYFqaHGeG9MDPMCrPD+2FO+CDMDfPC/LAgLAwfhkVhcUgLH4Ul4eOwNCwLy8OKsDKsCqvDmrA2rAvrw4awMWwKm8OWsDV8EraF7WFH2Bl2hd1hT/g07A2fhX3h87A/fBEOhD+Fg+HLcCh8FQ6Hr8OR8E04Gr4Nx8J34Xj4PpwIJ8Op8EM4HX4MZ8LZcC78FM6Hn8OF8Eu4KH+zJoQQQgjxd9F/cLzH3/heBgBQv817AsDV23Mf/s81N+b487y3ytMqAQBPd+/40F9GlSqpqam/vXaphqjAPABI/HX9v8TLoCU8CW2gBZT4m+vrrTqf5z+on7wVIPN/yEmBy/Hl+jf/F/Ufe2LEotLxuWz/Tf15AIUKXM7JBJfjy/VL/hf1czb7g/Vn+nI8QPP/kJMFLseX6xeHx+EZaPNXrxRCCCGEEEIIIf6styrX/o/uny/dn+cxl3MywuX4j+7PhRBCCCGEEEIIceU917nLU4+1adOi/d83wd+eC/xjWTKRiUz+P5tc6U8mIYQQQgghxL/a5Yv+K70SIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBAi/fqf+HdiV3qPQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghxJX2vwIAAP//fdA42A==") syz_mount_image$exfat(0x0, &(0x7f0000000040)='./bus\x00', 0x38400a, 0x0, 0x0, 0x0, &(0x7f0000000100)) syz_mount_image$fuse(0x0, &(0x7f0000000b80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x400a8, 0x0, 0x4, 0x0, 0x0) syz_open_dev$usbmon(0x0, 0x1, 0x8000) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) 10m40.378597011s ago: executing program 38 (id=2089): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000640)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x38, r1, 0x5, 0x70bd25, 0x8, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_VHT_CAPABILITY={0x10, 0x9d, {0x1000, {0xca4b, 0x1, 0x5, 0x7}}}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x4) 9m55.852472252s ago: executing program 39 (id=2257): socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/raw6\x00') socket(0xa, 0x3, 0x3a) preadv(r0, &(0x7f00000003c0)=[{&(0x7f0000000440)=""/192, 0xc0}], 0x1, 0xd6, 0x807) 8m14.173842979s ago: executing program 40 (id=2630): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000000000207d1e5a2d00000000000109022400010000000009040000010300000009210000000122080009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000140)={0x24, 0x0, 0x0, &(0x7f0000001240)=ANY=[@ANYBLOB="002208000000a20100c3"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000000), 0x0, 0x880) ioctl$HIDIOCGFLAG(r1, 0x8004480e, &(0x7f0000000080)) 8m14.115060233s ago: executing program 3 (id=2638): r0 = socket(0x2, 0x80805, 0x0) sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000100)='a', 0x1}], 0x1, 0x0, 0x0, 0x44}], 0x1, 0x0) setsockopt$inet_sctp_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x20, 0x8f, 0x2, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x4}, 0xe) sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="300000000000000084000000010000000000000004"], 0x30}], 0x1, 0x0) recvfrom$rxrpc(r0, 0x0, 0x0, 0x10100, 0x0, 0x0) 8m13.000163399s ago: executing program 3 (id=2640): ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4a, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x5, 0x14, 0x0, &(0x7f0000000000)="259a53f271a76d2608004c6588a80a38667d2f15", 0x0, 0x7f, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 8m11.895789074s ago: executing program 3 (id=2643): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x7, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='illinois\x00', 0x9) r1 = socket$inet6(0x10, 0x2, 0x4) sendto$inet6(r1, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0) 8m10.29267223s ago: executing program 3 (id=2648): syz_mount_image$minix(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00e611ed6229b237ad2a184a94283e2b34c24caf7280c18475708140abe763dfb52cdb0ba0cdc8c572346d0a832984b36248c4fa844eda0af4b1652605421a7821dcfde12aa77458d811a84538a156b05b0ec3eaf24a90ceb5b7463d9fd38b49d41fbfa868653605702abe43d9c2c30aed4da0b8cc18c6b369f086a965442c1217f19a67a534064b7236a6660000000000"], 0x1, 0x17b, &(0x7f0000000300)="$eJzs28tO4nAUx/FfoVyGuTHDXJLJLGY1mc1QwAR1h49CoBJiUSJuICbqe7hx58PJwp0rMZS2SmWFtEX5fjacHydND4s/nBAQgI3V0B8ZMpSdht/54lnJSHokADGZeI/3EwCbJ32X9AQAkjHek/qSbm5PW0pn/bXgp19M+w2/n8o92x/GF9Iv0+sbeb0L7xdX0l//eqOw8PpC0H+/sP9PRe/+H/RRn/RZRX3RV5W8fju4/scLtyEAADaDoXI4zz2R0n7XsStBzri5qoI5y1k314L+LG8FOefmcuvIaUf4KgAsI6Xy9dMcPv/p0Pk3vfMP4PUbDEcHTcexj2Mq/O8HYr3pagqdr8UYKykyWosxKBYUptZijITfmABEzjrp9a3BcPS/22t27I59WK/V67uVne2q5S7+1vz6D+ANefzQT3oSAAAAAAAAAAAAAACwrG/6nvQIAAAAAGIS2b+IDEmX4pfFAAAAAAAAAAAAAAAAAABE4CEAAP//gNgaag==") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000240)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) chdir(&(0x7f0000000000)='./file0\x00') r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108) getdents64(r0, 0x0, 0x0) 8m9.658134918s ago: executing program 3 (id=2652): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0xf) bind$netlink(r0, &(0x7f0000000a40)={0x10, 0x0, 0x25dfdbfb, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) syz_usb_connect(0x0, 0x24, &(0x7f00000004c0)={{0x12, 0x1, 0x141, 0x30, 0xf5, 0x69, 0x20, 0x5ac, 0x219, 0xf072, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x55, 0x7, 0x0, 0x3, 0x49, 0x2}}]}}]}}, 0x0) 8m8.893556754s ago: executing program 3 (id=2656): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x202) syz_mount_image$ext4(&(0x7f0000000040)='ext2\x00', &(0x7f0000000080)='./file0\x00', 0x180c081, &(0x7f0000000000), 0x2c, 0x516, &(0x7f0000000740)="$eJzs3c9vG1kdAPCvnV9umm6ysIcFAVuWhYKq2om7G632wnJBQqvVIi2cEGqjxI2i2HEUO6UJkUjPXJGoxAn+BA5IHJB64s4NblzKAalABWqQEPJq7HGbOHFiNXHcxp+PNPJ7MxN/v8/SvBc/2/MCGFpXI2I3IsYj4nZETKf7M+kWH7a25LynT3YW957sLGai0fj0n6PpmTuL7fPbLqfPmYv4JKlPHBG3trW9ulAulzbSeqFeWS/UtrZvrFQWlkvLpbVicX5ufvb9m+8Vz6ytb1V++/i7Kx/98A+///KjP+1+66dJzt9OjyVtO7NA+7Rel7GY2rcveeU+6kewARhJ2zM+6ER4IdmI+FxEvJ2Wn8kNLicAoL8ajeloTO+vd5fp4RwA4OWXvOefikw2n77/n4psNp9vzuHl3ojJbLlaq1+/U91cW4rmHNZMjGXvrJRLs+lc4UyMZZL6XLP8vF7sqN+MiNcj4hcTl5r1/GK1vDSof3oAYMhd7hj//zPRGv974BMCAHiVGckBYPgcHv/HBpIHAHB+vP8HgOGzb/w/6re6AMAFlOv47T8AcPGdOP//Zvzsx+eTCgBwTnz+DwBD5fsff5xsjb30/tdLd7c2V6t3byyVaqv5yuZifrG6sZ5frlaXm/fsqZz0fOVqdX3u3di8V6iXavVCbWv7VqW6uVa/1byv962SHxYAwOC9/tbDv2QiYveDS80t2ms5+EIAXHgucxheI4NOABiY0UEnAAyM+Xggc8Lxrl8RetD9by6dIh+g/659ocv8//H/G/y/cT7pAX1k/h+G1+nm/80ewKvM/D8Mr0YjYz1/ABgyPbyD9xVBuOBe+PN/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGGJTzS2TzadrgU9FNpvPR1yJiJkYy9xZKZdmI+K1iPjzxNhEUp8bdNIAwCll/55J1/+6Nv3OVOfR8cx/J5qPEfGTX336y3sL9frGXLL/X8/21x+k+4tHBpjofxsAgH1GO3e0x+n2ON5e3/fpk53F9naeCT7+Tmtx0STuXrq1U28ln4uxiJj8d+ZAYzJntDDx7v2IeLOz/dlnx2fSlU874yexr/QtfjRbOHUgfvZA/GzzWOsxeS0+fwa5wLB5mPQ/Hx51/WXjavMxvf4yBzvTXPz8cOf6Atr9316js/9rXe+fXMk1+5qj+r+rvcZ494/f63rs/kjji6MRe4f63/aK0Llm6aj47/QY/69f+srb3Y41fh1xLY6L3yoV6pX1Qm1r+8ZKZWG5tFxaKxbn5+Zn37/5XrHQnKMutGeqD/vHB9df697+iMku8XMntP/rPbb/N/+7/aOvHhP/m187Kn423jgmfjImfqPH+AuTv+u6fHcSf6lL+0cPxB8/8HfJvus9xn/0t+2lHk8FAM5BbWt7daFcLm0onLaQ69czX35JGqhwTGEkyu35qJcin1MXBtwxAX33/KIfdCYAAAAAAAAAAAAAAEA3tR+kt/zr44/hBt1GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALq7PAgAA//+iDcmp") ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000780)={0xfffffffe, 0x0, 0x0, 'queue0\x00', 0x48}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r0, 0x40bc5311, &(0x7f0000000100)={0x80, 0x1, 'client1\x00', 0xffffffff80000004, "00000000ffffffe3", "71a19060009f0000000000005c4100a0200010040400", 0x800000, 0x40}) write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4) 8m6.819061555s ago: executing program 41 (id=2656): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x202) syz_mount_image$ext4(&(0x7f0000000040)='ext2\x00', &(0x7f0000000080)='./file0\x00', 0x180c081, &(0x7f0000000000), 0x2c, 0x516, &(0x7f0000000740)="$eJzs3c9vG1kdAPCvnV9umm6ysIcFAVuWhYKq2om7G632wnJBQqvVIi2cEGqjxI2i2HEUO6UJkUjPXJGoxAn+BA5IHJB64s4NblzKAalABWqQEPJq7HGbOHFiNXHcxp+PNPJ7MxN/v8/SvBc/2/MCGFpXI2I3IsYj4nZETKf7M+kWH7a25LynT3YW957sLGai0fj0n6PpmTuL7fPbLqfPmYv4JKlPHBG3trW9ulAulzbSeqFeWS/UtrZvrFQWlkvLpbVicX5ufvb9m+8Vz6ytb1V++/i7Kx/98A+///KjP+1+66dJzt9OjyVtO7NA+7Rel7GY2rcveeU+6kewARhJ2zM+6ER4IdmI+FxEvJ2Wn8kNLicAoL8ajeloTO+vd5fp4RwA4OWXvOefikw2n77/n4psNp9vzuHl3ojJbLlaq1+/U91cW4rmHNZMjGXvrJRLs+lc4UyMZZL6XLP8vF7sqN+MiNcj4hcTl5r1/GK1vDSof3oAYMhd7hj//zPRGv974BMCAHiVGckBYPgcHv/HBpIHAHB+vP8HgOGzb/w/6re6AMAFlOv47T8AcPGdOP//Zvzsx+eTCgBwTnz+DwBD5fsff5xsjb30/tdLd7c2V6t3byyVaqv5yuZifrG6sZ5frlaXm/fsqZz0fOVqdX3u3di8V6iXavVCbWv7VqW6uVa/1byv962SHxYAwOC9/tbDv2QiYveDS80t2ms5+EIAXHgucxheI4NOABiY0UEnAAyM+Xggc8Lxrl8RetD9by6dIh+g/659ocv8//H/G/y/cT7pAX1k/h+G1+nm/80ewKvM/D8Mr0YjYz1/ABgyPbyD9xVBuOBe+PN/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGGJTzS2TzadrgU9FNpvPR1yJiJkYy9xZKZdmI+K1iPjzxNhEUp8bdNIAwCll/55J1/+6Nv3OVOfR8cx/J5qPEfGTX336y3sL9frGXLL/X8/21x+k+4tHBpjofxsAgH1GO3e0x+n2ON5e3/fpk53F9naeCT7+Tmtx0STuXrq1U28ln4uxiJj8d+ZAYzJntDDx7v2IeLOz/dlnx2fSlU874yexr/QtfjRbOHUgfvZA/GzzWOsxeS0+fwa5wLB5mPQ/Hx51/WXjavMxvf4yBzvTXPz8cOf6Atr9316js/9rXe+fXMk1+5qj+r+rvcZ494/f63rs/kjji6MRe4f63/aK0Llm6aj47/QY/69f+srb3Y41fh1xLY6L3yoV6pX1Qm1r+8ZKZWG5tFxaKxbn5+Zn37/5XrHQnKMutGeqD/vHB9df697+iMku8XMntP/rPbb/N/+7/aOvHhP/m187Kn423jgmfjImfqPH+AuTv+u6fHcSf6lL+0cPxB8/8HfJvus9xn/0t+2lHk8FAM5BbWt7daFcLm0onLaQ69czX35JGqhwTGEkyu35qJcin1MXBtwxAX33/KIfdCYAAAAAAAAAAAAAAEA3tR+kt/zr44/hBt1GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALq7PAgAA//+iDcmp") ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000780)={0xfffffffe, 0x0, 0x0, 'queue0\x00', 0x48}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r0, 0x40bc5311, &(0x7f0000000100)={0x80, 0x1, 'client1\x00', 0xffffffff80000004, "00000000ffffffe3", "71a19060009f0000000000005c4100a0200010040400", 0x800000, 0x40}) write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4) 7m12.108285924s ago: executing program 7 (id=2856): prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r0 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc89a, 0xc000, 0x3, 0x1b7}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=@ipv6_newroute={0x1c, 0x18, 0x1, 0x0, 0x0, {0xa, 0x0, 0x20}}, 0x1c}}, 0x0) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 7m11.483595884s ago: executing program 7 (id=2860): socket(0x1d, 0x2, 0x6) r0 = syz_io_uring_setup(0x890, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x1, 0xbfdffffc}, &(0x7f00000000c0)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x85c3}}) io_uring_enter(r0, 0x7323, 0x0, 0x5, 0x0, 0x0) 7m10.339630067s ago: executing program 7 (id=2865): r0 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040)) openat$audio(0xffffffffffffff9c, &(0x7f0000000080), 0x40000000048601, 0x0) r1 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65) ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(r1, 0xc0984124, 0x0) 7m10.020041281s ago: executing program 7 (id=2867): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262) move_mount(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', r0, &(0x7f0000000100)='./file0\x00', 0x204) 7m9.654313951s ago: executing program 7 (id=2871): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x11) setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000000)=0xffff2652, 0x4) 7m9.136747376s ago: executing program 7 (id=2873): syz_io_uring_setup(0x1f87, &(0x7f0000000080)={0x0, 0x0, 0x13580}, &(0x7f0000000100), &(0x7f0000000380)) r0 = syz_io_uring_setup(0x88d, &(0x7f0000000400)={0x0, 0xaee2, 0x800, 0x2, 0x2002ab}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0) 7m7.285442688s ago: executing program 42 (id=2873): syz_io_uring_setup(0x1f87, &(0x7f0000000080)={0x0, 0x0, 0x13580}, &(0x7f0000000100), &(0x7f0000000380)) r0 = syz_io_uring_setup(0x88d, &(0x7f0000000400)={0x0, 0xaee2, 0x800, 0x2, 0x2002ab}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0) 3m37.942618423s ago: executing program 0 (id=3926): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010008020000001800006600000008000300", @ANYRES32=r3, @ANYBLOB="08002600940900000800b7"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 3m35.316319251s ago: executing program 0 (id=3947): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000340)=[@sack_perm, @window={0x3, 0x6, 0x7}, @mss={0x2, 0x7}, @sack_perm, @timestamp, @timestamp, @mss={0x2, 0x80000001}, @mss={0x2, 0x9}], 0x8) r1 = socket$inet6(0x10, 0x2, 0x4) sendto$inet6(r1, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0) 3m34.655821049s ago: executing program 0 (id=3953): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xcc}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) sendmmsg$inet6(r0, &(0x7f00000003c0)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback, 0x280020}, 0x1c, &(0x7f00000000c0)=[{&(0x7f0000000540)='\x00', 0x1}], 0x1}}], 0x1, 0x20008050) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f0000000240)={0x0, 0x1, 0x19f8}, 0x8) 3m34.365518711s ago: executing program 0 (id=3956): syz_mount_image$iso9660(&(0x7f0000000d40), &(0x7f0000000280)='./file0\x00', 0x0, &(0x7f0000000b80)=ANY=[], 0x1, 0x5ca, &(0x7f0000001480)="$eJzs3MFuG8cZAOBZW4ppBTUKBG0cx0A2Tg7uwQpJ1TKE9GB2tZI2IbnELhXIpyKopdSolABNCzS+FL6kDdCip56LXHroE/Sl8gwqllzJpGSJjmJBKvp9gLXD5b8z/4wXMxLB2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhChZbTZbUehm/c2t+GTJapH3Tnn/oL7/TB2mzE/8DFEIUfUvNBrh5vjUzTeex/6k+nEnvDl+9WZoVIdGePr6T3/84RtzV6oL56MonJLQK3F9+uUXV8b5HJ748qunv/10d3f7d+edyCW1nvazMs96nfU0zso8Xllebn6wsVbGa1k3LR+Vw7QXJ0XaGeZFfDd5GEJYWYrTxUf5Zn99tdNN47vJz+LWysqDe+1mczn+aHGQdooy73/w0WKZbGTdbtZfH8VUb99rvxMeVDfix9kwHqaNXhzvPNndXpqVZBXUepmg9qygdrPdbrXa7dby/ZX7D5rNxvh2+NfhibnmEeHoJXPnf9Ny6bwWJiaOgznutVc1h8NZ7Sd/v+gUAAAAgHMWjT5jj0afy98cldaybtqcitmPrl9YfgAAAMAPF4XR9+ui+ot5N0N0/O//Cb6zAgAAAP+D/nLqHrsQRaEcXIsO/uwfbL0f7XWqUmfv6vjU1aM1DtduRTfqSkaH5bn6VZLejt4aB711EP1dfdiZzmM+HM0jKor56NmZE6ii5sJfw61xzK3H4+PjOq7ekbiwlnXTxSTvftgKnc6NK8N0a/iHz5/8MYSi2L/6Tb93Iwo7T3a3F3/9xe7jUS7Pqlqe7UXj6qLTc7kWng9G+P3hvsd65B9O93h+9EFM1etv+r2FcbvNyf7XmxGvvPx/QPg6vD2OeXthfFyY7n+jarO1+ILeT2bRGmy9f61u7CV7fiSL2+OY23ffqw7v3a3fmZ/Ioj0ri3Y9/n+qxv9MY3FCFpNjsTQri6XJu+AMWQBclJ2jq9Cx9f/Yunt8lhvv6T9llts5/beManGeubr/Jsxq5evw7jjm3Vtzz1ekIzN6c9aM3nzJdf3wN5QjWfw73PnnP0LYDHcOgk9aY6t2/za1qkZ731YXfHus3XqneSi77f39EK7Xy+9XT+892fv0s+3Ptj9vt5eWmz9vNu+3w/yoG/XhxeN1NVh7AP6vpcV30cLwz1FRZINftVZWWp3hRhoXefJxXGSr62mc9YdpkWx0+utpPCjyYZ7k3arwSbaalnG5ORjkxTBey4t4kJfZ1ujJL3H96Jcy7XX6wywpB920U6ZxkveHnWQYr2ZlEg82f9nNyo20GF1cDtIkW8uSzjDL+3GZbxZJuhjHZZpOBGaraX+YrWVVsR8PiqzXKR7Fn+TdzV4ar6ZlUmSDYT6u8KCtrL+WF71RtYsXPdgAcEl8Geon2B0+yu57F0JjRsxF9xEAmHZ0lb52YqRnAAAAAAAAAAAAAAAAwEWZ3K73i/qRPj94R+BBofGK6plRaEyfefj6i4LfOfc0vlchhDB3CdK4hIUohHAJ0jj9HjuvwsFznk6Kma/fP2sT1eDODv5RFXNRMxIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnOy/AQAA///WGYzf") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f}) r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x8020000) mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x8000, &(0x7f0000001dc0)={0xf, 0x89, 0x40000, {r1}}, 0x20) 3m33.523088456s ago: executing program 0 (id=3963): syz_emit_ethernet(0x66, &(0x7f00000001c0)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaaaa08004500"], 0x0) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000002100)) ioctl$VHOST_GET_VRING_ENDIAN(r0, 0x4028af11, &(0x7f00000001c0)) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000001980)=0x1) 3m32.842307111s ago: executing program 0 (id=3969): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000020000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000000c0)=r3, 0x4) bpf$ENABLE_STATS(0x20, 0x0, 0x0) sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) 3m31.569500964s ago: executing program 43 (id=3969): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000020000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000000c0)=r3, 0x4) bpf$ENABLE_STATS(0x20, 0x0, 0x0) sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) 2m24.485315792s ago: executing program 4 (id=4264): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) syz_mount_image$bcachefs(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x2800000, &(0x7f0000000040)=ANY=[], 0xfd, 0x5a7a, &(0x7f0000006680)="$eJzs3WuQXNV9IPBzu3s0Lz1GAgcZzGiQ0Ybg2BrxKj9SsZJN7BQQSi5SDmJlw4BGRLYkVHoEECSILHhRAS6cIpXg5ANxYXYxiosq2BiFMuGxEmtjq9h4qS1MrZ3F/uAtwqIKoKVcXs/W9NzT032779yenh4hid+vYG7fM6f/99xzT9++/9NX0wEAAID3hEN37Dx62em/+90/G3/71t/7h623hcFytbwvVhhKlze+Wy3kWOqtLK8us+PiV2/+xk9Hrv3t7zw68PV3Dm48a9MPf+eUa5/8wsUH7v/rZ95a9PgvXy2KG8fTudPryetJCH3fPvIXXzr4wmmTZcniyZ+lvSEsTZY9szQJ4fb6EKM/DyFsTFeWZ+I/9vb5myaXt93V21C+JFPPeH9vmzzOSQhhz9EbPhR+9Fvrb//+im/+Xc/+1/ZOV0n66sZTCIuvrn9+TwihP/1/UhxtcTwm6XJdCGGg7nkfLWjXB9to96TVmfK4fka6XJAuBwvixd+vzKyXMvWy61FPZjlQsL25ymtHp/WKLMysJ12KG+W1M5YvTZffSpfnzjJ+Od2HchJKSajUmr8lmR4joe64JSGpHsu+2nqpdmxDuv+Z9SSzXsqsl3sy+1XdbjrQyknSWB7rZcrj6biSlp9Vf65u4fK6x/X13h/L0hfqO9k6maCDTQ9q+1UV23VkhrYcC6W6c1Cr8tqBTw/GYFo2mCxres5EC/F3B9ffvaq84dlDQzntSB5N0vhJR/H3fG/pws8/sm939n29Fv/qUhq/1FH8H19y+I0r933tq7nx743xyx3FP++pgdcvee6Olbn9cyT2T6Wj+GOvPn/PilOv2Z/b/gdi/L6O4q89cLh30dGnns5t/2jsn/6O4r/yiU/95OGXnngtN36I8Qc6ir/hwPYv9w4fPSc3/tOxfwY7Gz9v7r/o5eHhn43kxX8xxl/UUfyH9vZ+/MEld12ce3zXxf4Z6ij+pWc/efvCo0+cmXfuTB7o1jsnwHvTKek11p3peqd55lzV5Qt/NVKZuuZbmP6/qJsbylx8ZvMEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOiG933ov376f3126PVKut6bPnilNLWM5QtCSPpDCDt3je3YtXnbdSNfuH73jm1jW0bGdo2Mb9u146aRC359ZMf49i1jN03+dvTD5089b1lIppbJmU3b7p2YmCgNNZbF7f3bs/f/aNVH//e/hDD6vh8MV3Lbv/r+rQ+e2uJnRrJ24pNbd1/2gwv/Nt2vobRdQy3aNTExMRFy2vV/rvjFg39+5KfnhDD6KzO16/lXfvMfGxpULZiOkyr1hqkG9SYDLdtRa3XanthflU2bt4yPzty/k88v5+zHv7v5tZ9vuvErv5jq377c/Wizf/vXTmwp/eX6S//fX94yVVDUrnfruE/2dzkn5mS74l7E9sX+60v7e3G6X4tz9quSs193fP/pl759+r639obRypsrmo910X71pAOgJ3l/W9uNWxhIljaU96X14xGPz1u9a+v21Ttv2vPhzVvHrhu/bnzbx9ZcsOai0QsvunB1dc9Xd3n/4/b/TZv7f2zG05I/3vut+LO98dTYrgWz7o/JdhX3R32L8l5/A5d/6b6P3f/cZVMFReeVWLt2PkmXA5PHeU2oG2/NfdVqv4qOTwhhpFU/vPHWxeG0/7H59qLzUP2Rqf+ZkaydeGHlv/7tR/9m+W9MFRyT83x9gzo8z9daPd2ean/1pcdj4jjt3970bNqbDLZs15oXnuu5+9C//EmtfQsWhBvHdu3asWbq58K0pQuTM1q2K1sa92tF9Wc5pN0SasO0xXid1BOm2pc9f8bq2V4dTH83mCxruV9Z8XcH19+9qrzh2UN5PZ08OrXF/rBoapl8IKfmlswTy7UGt9r+8fr6Kxofw5/+m8c/+/jfX9A0Ps6b+lm0X0nOfn3zpYfu+/pX/sPfd2+/Pv2bh4f+9X/+0aqpgmNwXglzOq+UpxpSa3XanqT+vHJeCEWvvxWh9X7kvv5Krfen6PWX3c50/dbxRjLrg6Hc0ev1vKcGXr/kuTtW5r5ej8z0eq3f2VsanlcueL0eL+9L2ddXUmlsx/y9vhoGSrJ24jt3nrL3mVvXnT5VUPR+Wavdalyf30b+kbNf/3jly8PXj/z7/96988Y3fv2xq344tvZPpwo6P+6xLd057n1p//bl9G+t1THvrO/fj1x7/ZaNU+VF/fzuXf+my4L8J55Kdt6054tjW7aM79jZ3n61+34at5Pt5U7fT+PZbVnBfpWa9mv+HrTTX+2+3mL7N3bcX42vt8GQdPS+sOd7Sxd+/pF9u4eanpVu6OpSGr/UUfwfX3L4jSv3fe2rufHvjfErHcUfe/X5e1aces3+3PgPJGn8vuL4i0NT/LUHDvcuOvrU07nxR2P7+ztq/yuf+NRPHn7piddy44cYf7Cz/n9z/0UvDw//LDf+i0m6nclrpBAee/v8TVPrSehJX2+xHT0N7QrZ9SSzXsqsl+vXS3EWId1AOUkay2O9tPysura08oc55fEqrG/51PKduB6yD2YuP96U6s79rcqLrlMBAE528fP/eA0aP/8fTy+U8mcaYNpc87DlOXFjHjY9n9P4GevyNH58fpwHHP5IGJ1c3jYydaE/288R4ushO88Zt3POBxtjtJyfOFC/ker2m+Y5i+bfV2bWY7um5ssrdXloqjmvqYQ25t+btzPz/Htm94s/zxq5s6lZI3XzVtnj15POmLW63yHT3spkhLzxkZ0Xi/dzDC8O66rba3N8ZO+jicchex9N3M7pmRNnp/fR5I2PoeZ+aGhXHB+x3gzjo9rk4s8jm49fmKF/p49f62jZ4zeL4903WX++P5/twrxhy1PasZs3nN/Pw46LeckW8Y/xvOTCpvjpC+x4nzeM5bGfKm3OJ342p7xb84nxdBHbdWSGthwL5hOBk1XM/+N7xGT+P3kB/n8z9YrylOxVY4yXe59Qzk3YRXlH8316Ax29j284sP3LvcNHz8m9znm63fv0tjesDRTc91PUj6sy64X9mDNBU5TvZbdT1O/Z+zIGw6KO+v2hvfd//MEld12c2+/rpt5Ii/v9voa1RQX9fgLkC63jyxdOpnyhOX6X7mMomj/Lz0fKtXbMSz6S3vg0X/nIH+SUzzYfGWh6UNuvquM3H5l+I23IR3qObbsAgBNHzP9rn5+l+f8/xwuL9DqiKG89N7Me4+XmrTnXJ3l56++nyxsz9QfTf1Ex2+vmS89+8vaFR584MzdveaDdPPQ/NawNFeahc8ubc/OIdd25Xzw3j6jlWXPLE3PbX8sT55an53xMW5enzy2Pzu2fWh7dOA9w3+HpTGOm+HEeIDd+bR6gi3nuL6crHbs8t2C+LrOxuNrufN2xzqMnS3oWN+5nY1480J08Ov3ns/OVR1+eUz7bPHqw6UFtv6qO3zy6sVweDQCcrGL+Hy/jqvl/bwjPxQr98cHcPmfPzQu6dN2e/XsgtfgvzkteOR2/S5//Fud98523zndeP9/zEif657/zPS80VP0DnvM1T/au3e86L3nxP9cetZ0XpxuVFwMAcDyL+X9M8+Pn/89l6s01P2nK33qmLiGn85MTLz+vr3cC5+dXhGOVn/eeyPn5iT7/Nb/3yZxc+f+0Dj8Xf2fiJM7/q22W/wMAnJBi/h//2WP8+3//JV3P/t36NvP0B7K38/oc3efoQZ7eRp7e5Xm2GL/+PoATeB6gPPd5gP5jfn98/3T9k2keoKonmAwAADgB9FQzpeZ/Z/+5dJn9d/Z5/y7/ypz67aqkl8fX7NoxPn7V7u0bx3aNX7Xt+o3jO6+6YcfmXbvGa9fOc8sbc/OWNG/sCZW0P1rXy+ZtS9K/h7Ak5+8hZOvHsGdUHzT/PYTsZvsL/o7A9PFrr715x680Q/1W4yPveOfF/8Oc+lHt+F/7R+ddtWnnVZu3bd61eWzL5j3jjfWGqv+Suv3vzYyfU87q+1IzP5qUZv/9nfHwzK0dpaZ29KT9kff97EmmHUvTlizN+/6DnHZ/97/9+R+fPfGLh0MYfV/5A3Pqv2TtxH++Yvz3dx36wfbJ9pdmbH+tZtquou8rzdaP+1PZcv3OXR/adP3ubdlvlOxMnM8o1dbn6b6G9OVfbnN+YkNO+Wz//X656cHxqe35CQAAGsTP/+P1bPz88CvpBVQsL8zTt03Vm+vnx7l5+mh7eXr2e8mK8vRs/bi/7ebpfXPM07PbL8rTW9Vvlafn5d158f8gp/5stT9OOrjPo5L2wyP7dueOk6vbGyfZ7zMoGifZ+rMdJ8kcx0l2+0XjpFX9VuMk77jnxf9MTv08ReOhUhsPc7svJ3c83NveePi1zHrReMjWn+14KM1xPGS3XzQeWtVvNR7yjm9z/MYJgu7M/04OjOq4GL/qhut3fLGu3nx//0VoviWjnfYtmH7u/H7/R6fa79/5ve9r7u0PYW21JK/98fOBBbNqf7v3lc29/UX9P4v7yhaHpvvKctv/4txmwtpv/6zuS7wt/q7d73fJyKve/PxjNV+bDrui+8+K5nHX55TPdh53QdOD45N5XHj3xPw/Xs3F/P+udNntj4FO/O9J6+D++3gO9j1m+f3f5nXMe+79PPuRu/dzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgJNCb2V5dXnojp1HLzv9d7/7Z+Nv3/p7/7D1tl+9+Rs/Hbn2t7/z6MDX3zm48axNP/ydU6598gsXH7j/r595a9Hjv3y1MPBQ9Wfl3HS1L4Tk9SSEvm8f+YsvHXzhtMmyJIRQTob2hrA0WfbM0iQTYfTnIYSNtXY2/vKxt8/fNLm87a7ehvIlmSDZ/QqD5die+naGcGPhHnEC6kvH2Z6jN3wo/Oi31t/+/RXf/Lue/a/tna6S9NWNpxAWX13//J4QQn/6/6Q42pbHJ6fLdSGEgbrnfbSgXR9ss/2rc9bPSJcL0uVgQZz4+5WZ9VKmXnY96sks6/a1v2DTHclrR6f1iizMrGdPRnOV185YvjRdfitdnjvL+OX4fxJKSajUmr8lmR4joe64JSGpHsu+2nqpdmxDuv+Z9SSzXsqsl3sy+1XdbjrQyknSWB7rZcrj6biSlp9Vf65u4fKc8veny770hfpOXA/ZB1MGmx7U9qsqtuvIDG1J/cfWxZXiZ7ahVHcOalVeO/DpwRhMywaTZU3PmWgh/u7g+rtXlTc8e2gopx3Jo0kaP+ko/p7vLV34+Uf27V6eF//qUhq/1FH8H19y+I0r933tq7nx743xyx3FP++pgdcvee6Olbn9cyT2T6Wj+GOvPn/PilOv2Z/b/gdi/L6O4q89cLh30dGnns5t/2jsn/6O4r/yiU/95OGXnngtN36I8Qc6ir/hwPYv9w4fPSc3/tOxfwY7Gz9v7r/o5eHhn43kxX8xxl/UUfyH9t7/8QeX3HVx7vFdF/tnqKP4l5795O0Ljz5xZt65M3mgW++cAO9Np6TXWHem653mmXNVly/81Uhl6ppvYfr/om5uKGNyO4vnMT4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACenf7rlgs9d8cnPrK8kISQ5dSZaiL8rL1i7dqSD7Y69+vw9K069Zn992fIO4gAAAADFYh5eqpX0heXhhqQ/nNGyfpwjOCOuJY3l2TmEGCc7R9BpnFKLOKUO4pS71J5Kl+L0dCnOgi7F6e1SnL6COH2hvTj9M8SpTI6ANtszMGN72o8z2KU4C7sUZ1EmRKdxFnepPUu6FGdoxjjtj8OlXYqzrEtxTulSnFO7FOd9XYrzK12Kc1qX4mTnlGc7DhelNU/Pi1N9UC6MU0nKtV+0mk8/Ld3OmXPczmDBdhYVvR+3uZ3+NrfzwczzSrPcTl+b27lgjttJ2tzOr81xO6WC7cRxe2O2fXE7ca3N8X9Tl+Ls6VKcm7sU55YuxfmTLsX50y7FuTU0XpzONg5Au2L+P53vDYXeym+EgfSMk50FiPnuiurP5ve7vBNSjPeBTPmConjZRD0Tb8Vs25edQMjEW5kp72mIV6nlIzPE66uPtyrzy5n29xNrW7etPt65mfLeGeI17AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAP/dMsFn7vik59ZH5Iw+V9LEy3E35UXrF070sF2D66/e1V5w7OH6st6Kx0EAgAAAArFPLynVtIXeitrQm+yoKFeXzoP0Jeul4emlsOLw7rJZTJSqq4PJEtnfF4lfd7qXVu3r955054Pb946dt34dePbPrbmgjUXjV540YWrN23eMj469TOE3oJ4IYTq9MPOm/Z8cWzLlvEdO6cKs+1fnj5vebqepM8b/kgYnVzelrZ/WcH2Sk3bm78HxUcPAAAAAAAAAAAAAAAAAAAAAAD+P7v2GyJpXQcA/PvMzM6Mq5cb/hsP7xzOU6ys9FpDS9wHggT/HC5CzFqbHHmStHqH3onZpAepKUWgHBwXvujCJE1645+UyD8cGGYJ7XWESvmiXhRahoovQpnY3Xnm38442yS35/X5vJjnme/v+/t9f7+H4+D7zAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABxa8/XJ2drU9Mx4EpEMyGn0kY3li2laHaHuV57c/oPS+nfO7IyVCiMsBAAAAAyV9eFjrUg5SoV85OPkxW8bomMg2n0/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw/2e+Pjlbm5qeOTqJSAbkNPrIxvLFNK2OUPfVtx7+7Evr1/+tM1YZYR0AAABguKwPz7Ui5ajEaTGWnLzQ+bei2buBtT3zl/LasnXWrTCv993BoLzTVph3xgrzPjYkb3PzenMAAADAh1/W/xdakYkoFdYs64ez/n9YX5/lndqTl29eq51J76u4kiQAAABgBbL+v9SKVKJUqLT69ZX2+xvaocWfzrP5w363z+af3pOXzR/2e/5lzavf6QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgw2O+Pjlbm5qeyScRyYCcRh/ZWL6YptUR6m56avwfl+y/Y0NnrFQYYSEAAABgqKwPb7fe5SgVxmMsjl7s+9dfdN+jX3r08cmIWGrzi8W4ecuOHTdsWviMTVneOS/sH/v+c69/e1neOUufq3ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgAzNfn5ytTU3PHJVEJANyGn1kY/limlZHqPvK57/4lwcPPvFaZ6wywjoAAADAcFkf3u79y1GJYhTjxMVvnb3+glzP/EHvDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAjx43fvOUbW+bmtt7gZnVuGvmIw2Ab/+NN9s/pcNnPh/+mvNrbWN3/lwAAgA/eqZFE47900uWrvWsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBwMF+fnK1NTc+Uk4hkQE4jU2oHsrF8MU2rI9RNn3yxtOadp57pjFVGWAcAAAAYLuvD271/OSoxFmNxwuK3fu8EGgv9/8Qh3CQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwWJmvT87WpqZn1iQRyYCcRh/ZWL6YptUR6j6wa+/n7j/2exd3xkqFERYCAAAAhsr68GIrUo5S4eNRilOa3+e6JyT55rX/e4H2vO1d08ZXPK/eNS//fvOSQkRr3l09Jys0T7M0r5ytN7F0bdWrtuflmvOqHfMq0Spfbc1bfFi7u6qtGXK+5U8eAAAADp2s/y+1IhNRKpQ6+v+fNq9HNa+D+tzcod04AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHDYma9PztampmeSJCIZkNPoIxvLF9O0OkLdW3770WO++rO7d3bGKiOsAwAAAAyX9eHt3r8clVgXH4l1i31/THTnZ3n/rL17/73/+uuZEWefeGB9oXfZH2U3v37lwqd7PyJy3dm5iGOb9ZIB9X7z+3tv2th498GIs0/In7KsXrx/ve4l08Zjta2X7XjuwPYhDwcAAACOEFn/P9aKTESpcP3A/j/rvIf0/y2LDfixN+36xfHNz2ZH3jMjN9GslxtQ7wsbH/7z6ef9/fWF/n95vU+27j6997r7j+8quBTpkaSNqet2bj5w7r5cduql+vme+tlz+fK3Xvv3NTff8+5S/XKUm/G1PVtZqrb8s6d8pI253J6ZS9/bU++uXxhw/jt+98zBX629++2F+m+dOt6qf0b0q7908sLA+nFU2hi/4s7d5+/dv7m7fkRU+9V/4+2L46Q/Xnt77/nH42DXwp1PvvOz9wGkjRc2vLnvvPsqF3TXT3rqZ8//5wcf2P2Te777eFY/+1uRM0+LFdbP9dR//q7jdj172+Vru+vnBpz/6StfWr+t+p0/9J7/6q5VCwN3sfz8D531yFUvb0lv7R0CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4sszXJ2drU9MzuSQiGZDT6CMbyxfTtDpC3VcvefGNK+/+8Q87Y5UR1gEAAACGy/rwdu9fjkoUoxjji33/Y7Wtl+147sD2mFgaTZrXwty2G3d84pptO6+/epV2DgAAAKzUq5cki/1/oRWZiFJhY4w1+/+p63ZuPnDuvlzW/+cWrklEXHPt3Nazo5X3/F3H7Xr2tsvXtt4TRCz+WUB5Ie8z7byLLnxx4s0/ff30vnmb2nkvbHhz33n3VS7I8qIz75xovZ946KxHrnp5S3pra3+deZ/62ra55uuJbN3xK+7cff7e/Ztz2XuM5nW8uW6WN5fbM3Ppe3vquYkoLYznm3nl5rkBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgOXm65OztanpmchHJANyGp2agWwsX0zT6gh1L934y9uPeeeJdZ2xUmGEhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP+wAwcCAAAAAED+r41QVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhf36CY2j7OMA/jy7yZtNNmmT9gWjYppWRamHFgURvaioSCtS8FQpUm3tQRQEEaUeTKUVS1W8CFYvRVRQoxQq2FgsrZKK/4oXDyooVA9CKQY0S/Ggks0zm81kpxs3KiifDyxPnmdmvvObmWefzQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwL9KT9dwvT2x56Ha7Rfc/MkT904/fut7D+y67LE3fhjdduPHB/tePTu5ffWOr29aue3IfRsm9r90/JeBd3471Tb40dlmbepWQohnYgiV96eef3Ly0/NmxmIIoRwHx0IYiiuOD8VcwvpfQwjbG3XO33ho+qodM+2ufT3zxpfnQvLXFarlrJ5Zg/Pr5b+lkubZztojV4Rvb9i8+/NVb7/VPX56bG6XOLNPOc2nEJZtbT6+O4TQmz4zstk2nB2c2k0hhL6m465pU9fFi6x/XQi1XL/uwtT+L7XVNjnZ9jW5fim3X76f6c61fW3Ot1RFdbTdr7ez8/Xn+vnFaKkada5rPT6U2ndTu/ZP5pezTwylGLoa5d8f5+ZIaHpuMcT6s6w0+qXGsw3p+nP9mOuXcv1yd+666udNE60c4/zxbL/ceLYcd6Xx1c1rdQt3FIyfn9pK+qKezfoh/8es6oI/GtdVl9U1dY5a/gmlpjWo1XjjwaeHUU1j1bhiwTG/t5Btm9z89KXlLR+cGCyoIx6MKT92lL/zs6H+u97c+/BwUf7WUsovdZT/3caTP9259+UXC/Ofy/LLHeVfebTvzMYP96wpvD9TcyvIYvJj6mfb7j710TOr/n/PeKtnXc88kN3/Skf1Xz9xsmegdvRYYf3rs/vT21H+N9fd8v3rXx4+XZgfsvy+jvK3TDz4bM9I7fLC/GOzX4VqfYZ2MH9+Hr/6q5GRH0eL8r/I7v9Ai/zYNv+1sf3XvrJ834bC+bkpuz+DKX/hD9u58m+75Mju/trhi4rWznhgsb+wALSyMv2P9VTqt3vPPDRdavmeuVRN7wsvjHbN/gL1p8/AX3minJnzLPsb8wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgD/YgQMSAAAAAEH/X7cjUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgqAAD//0wFDK4=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42042, 0x14a) fallocate(r0, 0x10, 0x0, 0x7ffc) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x40200, 0xccdd1fb7bef78a6) 2m22.61490116s ago: executing program 4 (id=4268): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x16) r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x280}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, &(0x7f0000000040)={{&(0x7f000040a000/0x800000)=nil, 0x800000}}) 2m18.561355472s ago: executing program 4 (id=4299): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) r1 = eventfd2(0x1, 0x1) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000001c0)={0x0, r1}) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000000)={0x0, r1}) close(0x3) 2m17.696413586s ago: executing program 4 (id=4303): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$cgroup2(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x800010, 0x0) chroot(&(0x7f0000000100)='./file0\x00') syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000240)='./file0/../file0\x00') 2m16.614501703s ago: executing program 4 (id=4308): r0 = socket$l2tp(0x2, 0x2, 0x73) bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000240)={0x2, 0x4e24, @local}, 0x10) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000040)="2e00000011008108090f9becdb4cb92e264831371900000069bd6efb2502eaf60d002700020400bf050005001201", 0x2e}, {0x0}], 0x2}, 0x0) sendmmsg$inet(r0, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0) 2m16.058194211s ago: executing program 4 (id=4311): r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, &(0x7f0000000440), 0x10) listen(r0, 0x5) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000000), 0x10) connect$vsock_stream(r1, 0x0, 0x0) 2m14.822350081s ago: executing program 44 (id=4311): r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, &(0x7f0000000440), 0x10) listen(r0, 0x5) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000000), 0x10) connect$vsock_stream(r1, 0x0, 0x0) 1m37.847274968s ago: executing program 1 (id=4479): r0 = landlock_create_ruleset(&(0x7f0000000000)={0x10, 0x3, 0x3}, 0x18, 0x0) landlock_restrict_self(r0, 0x2) r1 = landlock_create_ruleset(&(0x7f00000000c0)={0x4, 0x0, 0x2}, 0x18, 0x0) landlock_restrict_self(r1, 0x0) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0x3}, 0x1c) 1m37.087716096s ago: executing program 1 (id=4483): prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) syz_mount_image$msdos(&(0x7f00000001c0), &(0x7f0000000a40)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x100c404, &(0x7f0000000300)={[{@dots}, {@dots}, {@fat=@discard}, {@fat=@uid={'uid', 0x3d, 0xee00}}, {@dots}, {@fat=@uid}, {@dots}, {@dots}, {@nodots}, {@dots}, {@dots}, {@dots}, {@nodots}, {@fat=@dmask={'dmask', 0x3d, 0xac2}}, {@fat=@errors_continue}, {@fat=@nfs}, {@nodots}, {@fat=@showexec}, {@nodots}, {@fat=@uid}, {@nodots}, {@fat=@allow_utime={'allow_utime', 0x3d, 0x4}}]}, 0x1, 0x208, &(0x7f0000000800)="$eJzs3c9qE10UAPCTfGky+XDRnSAIIy50VdQnqEgFMSBUstBdQVdm1W5SN+1j+Aq+lw8gXWUjV9KZ/DGdxBhoptXfb5Mz99ybe26GmQRCblIUvt39ElnWiOZ+7MeoEbvRjInzqNStbgYAbrpRSvE9FequBQDYjjXe/39suSQA4Jq9fff+9fNe7+Awz7OIi/Nhf9gvHov8y1e9gyf5pd3ZqIvhsP/fNP80X/zsMM7vxP9l/lkxPp+m2xHRb8fjh0V+nHvxppf/Or4TH5YVveQLCQAAAAAAAAAAAAAAAAAAAAAAuC3uRz5Rub/P3t5ivlvmi6O5/YEW9u9pxb1WeTjbHiidbWNRAAAAAAAAAAAAAAAAAAAAcMucnH7+dDQYfDyeBZ2ImG9pVfRZHjTKJ16rc/1BM/5kVFYu7mjQLaMNJm2UL9H1LrA7f3Kzy5rXHR6tm3J2Ng3yLczVrbp2pkFK46D6Kphsi7F0eDsiVs/+6HDT4kcppcHXB8cnp5FWdp7dIzpbuxsBAAAAAAAAAAAAAAAAAMC/be5X31dkdRQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADWY/f//OLjasjI4i4g78dvOk7l2Iqt1rQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPy9fgYAAP//quodgA==") renameat2(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000140)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) process_madvise(r1, 0x0, 0x0, 0x4, 0x0) 1m36.164924274s ago: executing program 1 (id=4487): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x141800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0x5}) r2 = eventfd2(0x0, 0x0) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000000)={r2}) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000100)=ANY=[@ANYBLOB="01000000000000000000000002"]) 1m35.490948124s ago: executing program 1 (id=4490): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x84000, 0x0) 1m34.366441518s ago: executing program 1 (id=4496): r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000040)={0x4, "abacd211119ca94c63377526aeb5ab2c7b9ca5fa07558139ede6dc06270ee042", 0xffffffffffffffff}) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000100)={0x8, "b546baa5cc590d3033de259c2996817bb959ebab028deda501009bdeffafde25", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r2, 0xc0303e03, &(0x7f00000001c0)={"0180bced01eb0100000000000000000700000000000000c900", r3, 0xffffffffffffffff}) ioctl$SYNC_IOC_FILE_INFO(r4, 0xc0383e04, &(0x7f00000000c0)={""/32, 0x0, 0x0, 0x0, 0x0, 0x0}) 1m33.824652561s ago: executing program 1 (id=4499): socket$inet6_udp(0xa, 0x2, 0x0) r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000080)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108) r1 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000440)={'syz_tun\x00', 0x101}) setsockopt$inet6_group_source_req(r0, 0x29, 0x2d, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @private2}}}, 0x108) 1m32.666458414s ago: executing program 45 (id=4499): socket$inet6_udp(0xa, 0x2, 0x0) r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000080)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108) r1 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000440)={'syz_tun\x00', 0x101}) setsockopt$inet6_group_source_req(r0, 0x29, 0x2d, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @private2}}}, 0x108) 8.547269199s ago: executing program 9 (id=4876): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000380)={'veth0_vlan\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={@private2, 0x0, r2}) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet6_mreq(r3, 0x29, 0x1b, &(0x7f0000000040)={@private2, r2}, 0x14) 7.907052226s ago: executing program 9 (id=4879): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) syz_mount_image$ocfs2(&(0x7f00000026c0), &(0x7f0000004780)='./file0\x00', 0x200000, &(0x7f0000000340)=ANY=[@ANYBLOB="6a6f75726e616c5f6173796e635f636f6d6d69742c636f686572656e63793d66756c6c2c6572726f72733d636f6e74696e75652c6865617274626561743d6e6f6e652c6572726f72733d636f6e74696e75652c6e6f696e74722c67727071756f74612c001796fa694353e3807803df5ea6fd4d6e6a2613d336eb62b863dcd89e37b45f8bd04199a14c48b3e553e035ab300ba3c60c27682a8ab5656969d829535c0862f6e3a35f15fe4d50c0d5c74631344625d6224c436474bb101ff47a14c51e342ca291c09c35d9d31b06b6b86cb9dccae387b5f1e7c5e1d445d52845a3fa4c77234ea9d37c8a277c85e69a85cc6ffeb225bebbca91b569b80ee303c9a21c58db5d96fb87f1713e0e9b896e37becae2e7a978259a0847e9fb08dcb8b9f84f616463da2507db1b3489769e99"], 0x1, 0x4703, &(0x7f0000004800)="$eJzs212IXFcBB/BzZ1ezmybb/UibpOnHJBFctCybPlXrQ1yrNpo2H9pWU2Wd3Ww3q7M76+6MFgxSgyAKghIEFT+oCqUvtSAG+lKLUPADaRVKRdH6IlKogg8GbaArM3Nvdu6d2d7JTtLS9veDdvaee8+5Z/a/99w590wKseqphdXiwmqxtFSszN6/ekvxc5VybXEuFF4lr/X56c6VyEn2r50j7/vAR+65JYQ/HPvah9bW1tZC3XDo6EDLz+f/fXq29TVRyNSpt9u5taY/1h556edveaUj8pwIIexo61ddXwjhY78IYUsIYSQuG41fB0MI20IIUQjh0d/868cDvXShxdl7X3ju2JnD+85MPf7YMxfmj254YBTCd8u7b55ffHF/323Pv+MynR4AAF7RB48fufvo5IHwZBSGzvW3f17fGb8mn4/vfNun7nq4f33/Gt3pexVDBQAAgIz1+f9w9HKH9bpkZS1ZEnzigRN3PxWt7zexfX07dNeR298/eSBe/43a9t8aF/3zvX2NNdTsum92/XckU7/z+u/6eR7+6rO/XHrr5vuf9C8573CIChOp7UJhYiKEY1PN7V3R1kK5slp95/2V2tLJzZ/3jSKdf3b1fn1Bv9v8RzPV89b/d3/i8z8b7O/lHYyF7F9tfbvY/qdMB+n8Nx7Lf/KlqKv8xzL18vK/4+nt53+1pZd3kD0jlyKdf/NC3Nd6QLE5ANTz/2Z/fv47Mu3n5f/9qXOPntjE93/q48xwVO/rQGoEeDku3+ArTGSk828GkRo641/kRtf//zL5X5NpPy//Oyv/+N3ferj/bzT+j0/10uabRzr/ZhDF1BHr1/9IIf/6vzbTfl7+vz3152c/2dO9uj3/ev/H3f+7ks4/vhGnB8/Gb7Lb8X9npv28/HeN3ffQwib6/eHBuJ9DURhr+dbpufotbGh9vboxpanvXt7ESd4E0vk3f2upS2eo+dK4/ofzx/9dmfbz8n9oz9ffc7qn7/92Hv8njf9dSec/2Ci7lPxfyuS/O9N+Xv4/PP33v9x3mcf/+vZB+Xclnf/Wtv3rz38KXc3/rsvUz3v+s2/0qUf+2sP8P+lfct7k+U/yHGI8aj7/obN0/ldteFy39/89mXp51/+3/vP80/t7Gf+jAU8AepDOf1uzsMMEsNv8r8+0n5f/F+758sf/tIn5X+MT30CSf8v8f0uz/Kjxvyvp/Lc3C1P/GOrBxv8b9/+oPff/ZvK/IdN+Xv4XDk30f+Uy3//r/R/v8Cibdun8hzY8rp7/77u4/9+YqZeX/xf3/vTFm3v6/B/CpLn+pqXzv3rD4xrX/0B+/jdl6uXl/51v/PqJB3vo/9t7qEs2/+a9PnU5xZ/Nu53/FzPt5+X/o/HzZ/dfgfnfre7/XUnn31w1v5T8s/P/vZn28/L/3pEfrPRfgec/d8gfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgU0bj1+EQFSZS24XCxEQIY/H2rrA1mimdnJ4pV2Y/sxrCjri8GEaj+XJlplSeXliqnJybLpXLldkQron37wgD0Wq5Up1eLC1fe7GtwejUXGmlOjNXqoYQdsbl14ftSVszC9XF0nLj2KTOVVHps7VKtTRRW51bCbsvlm9LyudXKrXl6y62dXWhsrJ8qrQ0fXJh5d2Tk5OTYc/FPo9Ecw9U55aqzd4299brJHWHo5Y309h9Q8v5Pl2prSyVyo3yG1vqlCuzpXJLnZtazlddqS3Nlqpz0+XKfHK+YkvdlvfW2L033jceRlLvL6mbdTB+vf3Q8Y8eP3ygbX8xSue9VFucm9ze+W8CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDeuJ29717dDCH3NrUII4WDyQxT/l3L23heeO3bm8L4zU48/9syF+aOdjgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg/+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVh535equjiOACfGd/7WiCltBFyGRgiojsJC/pFJJXXyJZtWge1SsigKDCMaFkQBEHtooKgVVD5F0QtXLaqNrVoYRBBxehMXu4IN7zQMed5YDgzzL1nvjBw78z5HA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD6cXbHYlfWXtq1eWnr7g+hMz/3fwhhNFne/7y3I/SEEL5+mTkdVmkLPU39v5mcGy9fNfm9t3/84fXRZO31F98trtsdknSo4XhnkqZDQ2vvf6O6M/hsejAJIY1dCFEsjD05UwshdMQuhCh+fpy/mP2+/xe7EKLo/3C3K7v/tdiFEMXW3Z/6avkzHtVzvn5hsPG/v9UjeBuP6KxDb09eeZe6qZX3Mn//T/LN+2A1zJ448v557CKIZnZu6mjsGgAAgL/rXIv8P2xZ3r9/OQk93eXc/1tT/t/b1P/q+f+Ke9tvjM20FUJsK41NZsfD+9rpc+M7NXD19uua8Z6qkv9Xm/y/2uT/1Sb/rzb5f7XJ/8m8kv9X0uObexZfxC6CaOT/AABQPYeOT0zVh0eyl/9NPzrLeX1f3tbzPP3BremBRw3jRvLDf9vhYxMHDg6P5Pe9PCC4sv5DunT2ez7fo7ktTDbNu2i1/kPv04X5a53lT9T/cP5GUV9xXes/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC/2J17GgbBKAyj321F1EarogkLPwk+0MCIAKQwowEdTBiAgRBQwEDOWe5NnuUFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnu9f5XXx/aUx0muNSFPZZdf+OZ5mP3PfDsv77HHjVgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjYgQMZAAAAAGH+1nm0HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgKcCAAD//wTsyzo=") unlinkat(0xffffffffffffff9c, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) write$binfmt_aout(r0, &(0x7f0000000480)={{0x107, 0x23, 0xc5, 0xb6, 0x76, 0x20, 0xf7, 0x906}, "", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x720) 5.500378169s ago: executing program 9 (id=4884): r0 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r0, 0x10f, 0x87, &(0x7f00000008c0), 0x43) r1 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f00000008c0), 0x43) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[], 0xfdef) recvmsg(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000001500)=""/4098, 0x1002}], 0x1}, 0x400001e2) 5.49066016s ago: executing program 2 (id=4885): r0 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x40, 0x16, 0xa, 0x203, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}]}]}], {0x14}}, 0x68}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000600)={{0x14}, [@NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x2}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x54}, 0x1, 0x0, 0x0, 0x40080}, 0x0) 5.467339682s ago: executing program 5 (id=4886): ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, &(0x7f0000000000)={0x1ff, 0x802, 0x8, 0x1b, 0x402, 0x3}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, &(0x7f0000000000), 0xd) 4.866408667s ago: executing program 8 (id=4887): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = syz_io_uring_setup(0x5c2, &(0x7f0000000280)={0x0, 0x0, 0x3080, 0x8003, 0x25f}, &(0x7f0000000240)=0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000004c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x68, 0x3, r0, 0x0, 0x0, 0x0, 0x1, 0x1, {0x2}}) io_uring_enter(r2, 0x6e2, 0x600, 0x1, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) 4.784174007s ago: executing program 5 (id=4888): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) sendto$inet(r0, &(0x7f00000004c0)="3ce2de4d8d957a8de4e490b6cd03b988d4edef164bd3377aa381b5f50b7ca414516489f78cd7208982e9bde22b2b7c1c7606d565477f3db9d2b077283644c0f27ab52a863a42863e06944e40a0b3c5d21c8cbe102e7f726263f28aef1bc12a069063d4c30e8f329fdb36859be727fbef4314161e5fb5f01ae00a2634d5cdecca2089c62e32f4c919886b2b88d237e287318739bec0364caf15889f38a312ef6621c0f21709a4bf2b16274cf933f6ad8fcc9c2024bc1b4713f650e860f93ae93b2361956b3e80c38c5fd29b5c1b5d7ce67edc856a8dc0ba54cee53de9a48c131389426bd06ec7c695add357934fc0321f0d3d7982e4fe5a0039decc491a663afd02facb08dd9695f854c7b031d9af8bd7350897996b5208b23030cc0feb84570730eaf24b9f2ac05d0feb3be07a29f887095f36f3c8f0e77e45509acd14a5be4a1572dd4cd1231087b830fa03e071571d4abd694710ef140469cf6df8a59839aafe046a5bffb97e5247be901789eafd726ba090337a2c49207e6b900c7e982472e6aac70e5d52ca2c1bab47b1f6d00f9601e2281686c21f770ae96e0ffec4b30496d012fa00958f794cdbd721bd155cae87", 0x109e8, 0x805, 0x0, 0x6) recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x0, &(0x7f0000000d00)=[{&(0x7f0000000980)=""/146, 0x92}, {&(0x7f0000000080)=""/43, 0x2b}, {&(0x7f0000000a80)=""/242, 0xf2}, {&(0x7f0000000b80)=""/143, 0x8f}], 0x4}, 0x2}], 0x1, 0x22, 0x0) 4.765576443s ago: executing program 2 (id=4889): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r1, 0xaf01, 0x0) r2 = eventfd2(0x1, 0x1) ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f00000001c0)={0x0, r2}) close_range(r0, 0xffffffffffffffff, 0x0) 4.466492643s ago: executing program 5 (id=4890): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = open(&(0x7f0000000000)='.\x00', 0x800000, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r0, 0xc0189378, 0x0) 3.960119427s ago: executing program 8 (id=4891): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) r1 = syz_io_uring_setup(0x110, &(0x7f00000004c0)={0x0, 0xfad9}, &(0x7f0000000240)=0x0, &(0x7f00000000c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x241}}) io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0) 3.657901838s ago: executing program 5 (id=4892): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) mlock2(&(0x7f0000627000/0x3000)=nil, 0x3000, 0x0) mremap(&(0x7f0000532000/0x3000)=nil, 0x3000, 0x1000, 0x3, &(0x7f0000190000/0x1000)=nil) mlock(&(0x7f0000626000/0x5000)=nil, 0x5000) 3.467328346s ago: executing program 2 (id=4893): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='tlb_flush\x00'}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000005ec0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000005f00)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000006000)={0x0, 0x0, &(0x7f0000005fc0)={&(0x7f0000000000)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002dbd0600ffdbdb252100000008000300", @ANYRES32=r2, @ANYBLOB="0600eb00000800000400ec000a00060008021100000100000600f70000ff000008009e"], 0x44}, 0x1, 0x0, 0x0, 0x4048020}, 0x28000) 3.396768686s ago: executing program 6 (id=4894): r0 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000700)=@req3={0x6, 0x0, 0x7, 0x8, 0x2, 0x1, 0x1}, 0x1c) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2b, &(0x7f0000000800)={0x7, {{0xa, 0x4e21, 0x6d7, @loopback, 0x8}}, {{0xa, 0x4e20, 0x5, @loopback, 0x6508}}}, 0x108) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r2, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 3.264192581s ago: executing program 8 (id=4895): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x4, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000000)=0x20, 0x4) setsockopt$sock_attach_bpf(r1, 0x1, 0x34, &(0x7f00000000c0)=r0, 0x4) listen(r1, 0x0) close(r1) 3.093682825s ago: executing program 9 (id=4896): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) r1 = eventfd2(0xa, 0x0) r2 = eventfd2(0x2, 0x0) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x0, r2}) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f00000000c0)={0x0, r1}) 2.876161368s ago: executing program 6 (id=4897): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1, 0x31, 0xffffffffffffffff, 0x8871b000) mremap(&(0x7f00006bd000/0x2000)=nil, 0x2000, 0x4000, 0x3, &(0x7f0000721000/0x4000)=nil) munmap(&(0x7f0000a88000/0x1000)=nil, 0x1000) mremap(&(0x7f000061c000/0x13000)=nil, 0x13000, 0x4000, 0x3, &(0x7f0000fb0000/0x4000)=nil) mremap(&(0x7f0000303000/0x3000)=nil, 0x3000, 0x3000, 0x3, &(0x7f0000968000/0x3000)=nil) munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000) 2.322608032s ago: executing program 2 (id=4898): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000000)=0x400, 0x4) bind$inet6(r0, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @mcast2, 0x2}, 0x1c) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000040)=0x8, 0x4) bind$inet6(r1, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @mcast2, 0x2}, 0x1c) 2.228546071s ago: executing program 8 (id=4899): madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x16) r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x280}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f000040a000/0x800000)=nil, 0x800000}, 0x1}) syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f000064b000/0x400000)=nil) 2.135221145s ago: executing program 6 (id=4900): ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, &(0x7f0000000000)={0x0, 0x802, 0x6, 0x7fff, 0x402, 0x6}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, &(0x7f0000000000), 0xd) 2.133415638s ago: executing program 9 (id=4901): syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000002900)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000010, &(0x7f00000022c0)=ANY=[], 0x1, 0x6e0, &(0x7f0000000f00)="$eJzs3c9rHOcZB/DvrFay1g2unDiNKSkVNqQFU1u2cFoXStVSig+hhPSQs7DlWGRtB1spTiiN05b2VOghf0Ba0K2HUujdxb30kt5y1TFQ6MX0YFLKlpmd/SXt2pIsSzb5fMxo3pn3nXeeeeadGe3Kywb4wrp4Ks27KXLx1Gu3y+WN9cX2xvriobq6naQsN5Jmd5bielLcS5bK+mJoytB8i49WL7zx6f2Nz7pLzXqq2k/1t5vdVshj9nGnnjJf9zc/dsvpbfXf7asKL88luVTPR81st6+RhmXSTtZzOHCdLe7sZPOJ1zvw9Os9nYruc3PEB0nmksP1k7n6naC+OzT2N8q9t6O7HAAAADyjPrlx0BEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAs6f+/v+inhr1PPMpet//P9NbV5efQkvbbnn3icYBAAAAAAAAALs2tZPGX3+QB7mdI73lTlH9zf9EtXAsn3eSL+Xd3MpKbuZ0bmc5a1nLzZxNMjfU0czt5bW1m2f7W5bGb3lu7JbnHvOoAQAAAAAAAOCL7ZdpDf7+DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAT4MimerOqulYPc9cGs0M6nIn+WeSmYOOdweKcSvv7n8cAAAA8Fhmd7HNlx/kQW7nSG+5U1Sv+b9SvV6ezbu5nrWsZi3trORy/Rq6fNXf2FhfbG+sL14rp3J5tN8f/HtHYczUPUxVS+P2fLxq0cqVrFZrTudSFczlNLr7Ppkc78UzFNeQD8uYiu/XthlZs05rubPfT3oXYU+MvhXReEjL1iC4pJ+RhTq2csuj3QwU1Rs1yeZMPPLsNEeW5qpep/t7OptG/52fY08g54freXk8v3miOd+pfiYaqTJxrjf6ymvm4ZlIvvHXP715tX397atXbp16eg7pEaYmrN88JhaHMvHSM52J5g7bL1SZeLG/fDE/zk9zKvN5PTezmp9lOWtZSaeuX67Hc/lz7uGZWhpZev1RkczU56V7zrYT03x+VJWWc6La9khWU+RGLmclr1b/zuVsvp3zOZ8LQ2f4xYlxV8dWXfWNzVd970z/bWzwJ79ZF8q7228Hd7mlhx3xpNG5V7r3/jKvR4fy2h319/utjg5dBwt1lv6b5PledqbHdr6be2Pzq3Wh3MevHvGc2F9zdSbKC6j3lOhF90I3E83qWbR1nP+hU26X9vVO5+ryOxP6v7Np+ZV6Xg6r9a89qnXP+FOxt8rx8nxm6zvJ6Ogo617o32WG6jqDsdytG33iltuV13Pze+UBd6/Un+RGNQC2Xqkz9e9wW3s6V9W9NLZusao7PlQ38vtWbqSdy/uQPwB24x9v9otzOTzT+lfrk9bHrV+3rrZem/3hoe8cenkm03+f/m5zYeqVxsvFX/JxfjF4/Q8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOzerffef3u53V65Ob7QmFw1Umhl85pJPR8a309Rf6HPNvb1TBRmk4ysqb7naN/DaNVhzE5s0/kg2ff89L5EcHyb35WF5pYRNa6wNLLmz1s7/HCHERbbuy6eYKGR/d3pVMYPgAO8KQH74szatXfO3Hrv/W+tXlt+a+WtlevT589fWLhw/tXFM1dW2ysL3Z+D9v87yGCBPTV46B90JAAAAAAAAAAAAMB2jftgwInnNn12ZXef8fA/CwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA9cfFUmndT5OzC6YVyeWN9sV1OvfKgZTNJo5EUP0+Ke8lSulPmhror8sd76YzZz0erF9749P7GZ4O+mt32SaOeT/bw2iR36inzSabq+WMY6e/SY/dX/Kd3DGXCPu90OkuPFx/sjf8HAAD//1ZO9vk=") syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r0 = io_uring_setup(0x9, &(0x7f0000000040)={0x0, 0x20c8a1, 0x1c881, 0x8, 0xd1}) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 1.772675224s ago: executing program 2 (id=4902): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x8c66) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000180)={0xfffffffffffffffc, 0x0, 0x2, r2}) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000002300)={0x27800000000, 0x0, 0x1, r2}) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000080)={0x27800000006, 0x0, 0x4, r2, 0x1}) 1.712386557s ago: executing program 6 (id=4903): r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_open_procfs(0x0, 0x0) read$FUSE(r1, 0x0, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x3a, &(0x7f0000000100)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x18, 0x0, @wg=@data={0x4, 0x3, 0x3}}}}}}, 0x0) syz_emit_ethernet(0x3a, &(0x7f0000000480)={@multicast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x11, 0x0, @loopback, @multicast1}, {0x0, 0x4e20, 0x18, 0x0, @wg=@data={0x4, 0x1, 0x1}}}}}}, 0x0) 1.317200285s ago: executing program 6 (id=4904): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000005c0)={@in={{0x2, 0x4e22, @local}}, 0x0, 0x0, 0x3e, 0x0, "da865796a1ebec9378578b7f3fefae99d53a3fbe17c43a28e136f2dd08804fa555e53a0fb54280149a7cbc1d1744509c77c20357e05c28a49b617695f1119b3e8097ac4d28f3aa3c96c057352bee5704"}, 0xd8) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 1.22702726s ago: executing program 9 (id=4905): prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x8) syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c6261636b67726f756e645f67633d6f6e2c6e6f757365725f78617474722c6e6f71756f74612c64697361626c655f726f6c6c5f666f72776172642c67635f6d657267652c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c6673796e635f6d6f64653d7374726963742c646973636172645f756e69743d73656374696f6e2c636865636b706f696e743d64697361626c652c6e6f696e6c696e655f64656e7472792c00ec6da92d1c80a6c720380e3c2c55bf27596d2776ce408c4bb19b149757508e1c7e919c6c2047023baa412d14fa75c8cac6e5f103e13ea52708af0a7c5da8af4ecb6612"], 0x2, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f00000002c0), 0x4) fdatasync(r0) 1.05422243s ago: executing program 2 (id=4906): r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e28, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[], 0x30}}, 0x40) 952.508375ms ago: executing program 8 (id=4907): r0 = socket(0x11, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000005c0)={'gre0\x00', 0x0}) bind$packet(r0, &(0x7f0000000180)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0xe9, 0x4) sendmsg$netlink(r0, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000700)=ANY=[@ANYBLOB="02011400012918000e3580009f0001140000002f0600ac141430e0000003808a8972bd0b72e41082b1a3d2061fd7fdfe4b88942a31f48597e36e039b1c599db6e466749c2d4c8303a0f7fbda34fb8825f80200e3c0aba61f6304a80500ffffca88faca"], 0xdd12}], 0x1}, 0x10) 919.334007ms ago: executing program 5 (id=4908): r0 = socket$unix(0x1, 0x5, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) r2 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r2, &(0x7f0000000000), 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000080000000000000000000a1400000010"], 0x28}}, 0x0) sendmsg$can_bcm(r2, &(0x7f00000005c0)={&(0x7f0000000180)={0x1d, r1}, 0x10, &(0x7f00000001c0)={&(0x7f0000000cc0)=ANY=[@ANYBLOB="04000000000000000000010000000000", @ANYRES64=0x0, @ANYRES64=0xea60, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000000001"], 0x38}, 0x2}, 0x0) 694.939109ms ago: executing program 6 (id=4909): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = memfd_create(&(0x7f0000000280)='\x00\x00\x00\x00\x00\x00z\x9b\xb6\xe8t;\xfc\x02\x00\x00\x009\xa0\x8b\x14d\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\x1c)5\x98\xa3\xfa\a\xf9\x98\xbb}\xeb\x86P=\xe51\x9d,\xb7\xe6_M\xbe\x19\xea#\xff[\xd1\xc3\x9a\xa3\x1b\xf9\xe9\x1d \xce1\xc9\x9f\xb0\x14\xc2\xeb\xf9\xceE\xad\xa4\x92\f\xef\x87g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajn\xd7\n\r\x802\xd7\x1b$\x95tO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xda\x8a#t>r\xae\xe8\xc9)', 0x0) r2 = fanotify_init(0x200, 0x0) r3 = dup(r1) fanotify_mark(r2, 0x201, 0x48001002, r3, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 39.609534ms ago: executing program 8 (id=4910): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000480)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000100)={0x1d, r1, 0x0, {0x1, 0x1, 0x4}, 0x1}, 0x18) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000080)="00810100004000000010e8b5295b576680976ce2", 0x14}], 0x1}, 0x48045) readv(r0, &(0x7f0000000400)=[{0x0}, {&(0x7f00000000c0)=""/20, 0x14}], 0x2) 0s ago: executing program 5 (id=4911): syz_open_dev$sndmidi(0x0, 0x2, 0x141102) rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca0000c441f96ec80fc4c60066400fe2def3ad46c7045300101000f00fc01ec422e10399c5c1202066410f6f15040000000000e1f563df", 0xdc000006, 0x0}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000000000), 0xffffffffffffffff) getsockopt$ARPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000000)=ANY=[@ANYBLOB='fil'], 0x0) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) kernel console output (not intermixed with test programs): c97e9b59d [ 1248.693379][T18699] loop4: detected capacity change from 0 to 764 [ 1248.723635][T18699] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 1248.997564][T18703] netlink: 4 bytes leftover after parsing attributes in process `syz.9.4155'. [ 1249.011033][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1249.017647][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 1249.025010][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 1249.033113][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 1249.041832][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 1249.049924][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 1249.058683][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 1249.066676][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 1249.075420][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 1249.083506][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 1249.092258][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 1249.100328][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 1249.109078][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 1249.117061][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 1249.125821][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 1249.133923][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 1249.142691][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 1249.150776][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 1249.159548][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 1249.167526][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 1249.176358][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 1249.184439][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 1249.193184][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 1249.201265][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 1249.210000][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 1249.218084][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 1249.226719][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 1249.234805][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 1249.243565][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 1249.251651][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 1249.260389][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 1249.268534][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 1249.277182][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 1249.285264][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 1249.294006][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 1249.302112][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 1249.310855][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 1249.318937][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 1249.327590][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 1249.335665][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 1249.344399][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 1249.352488][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 1249.361238][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 1249.369318][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 1249.378038][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 1249.386018][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 1249.394756][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 1249.402839][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 1249.411580][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 1249.419667][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 1249.428406][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 1249.436387][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 1249.445144][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 1249.453248][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 1250.043682][T18711] netlink: 8 bytes leftover after parsing attributes in process `syz.9.4158'. [ 1250.054929][T18711] IPVS: Unknown mcast interface: vcan0 [ 1250.560368][T18726] loop9: detected capacity change from 0 to 512 [ 1250.608761][T18726] EXT4-fs error (device loop9): ext4_iget_extra_inode:5104: inode #15: comm syz.9.4164: corrupted in-inode xattr: invalid ea_ino [ 1250.637729][T18726] EXT4-fs error (device loop9): ext4_orphan_get:1397: comm syz.9.4164: couldn't read orphan inode 15 (err -117) [ 1250.725133][T18726] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1251.524087][T18734] loop5: detected capacity change from 0 to 32768 [ 1251.614935][T18734] bcachefs (loop5): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,background_compression=lz4,recovery_pass_last=initialize_subvolumes,nojournal_transaction_names,read_only,no_data_io [ 1251.615100][T18734] allowing incompatible features above 0.0: (unknown version) [ 1251.615191][T18734] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 1251.639722][T10107] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1251.671360][T18734] bcachefs (loop5): Using encoding defined by superblock: utf8-12.1.0 [ 1251.681039][T18734] bcachefs (loop5): invalid journal entry, version=1.7: mi_btree_bitmap type=blacklist in superblock: invalid journal seq blacklist entry: bad size, fixing [ 1251.697739][T18734] bcachefs (loop5): recovering from clean shutdown, journal seq 10 [ 1251.707180][T18734] bcachefs (loop5): Version upgrade required: [ 1251.707180][T18734] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 1251.707180][T18734] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive [ 1251.707180][T18734] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance [ 1251.821639][T18734] bcachefs (loop5): btree node read error at btree alloc level 0/0 [ 1251.821745][T18734] u64s 11 type btree_ptr_v2 283673999966207:U64_MAX:U32_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0 [ 1251.821859][T18734] loop5 node offset 0/24 bset u64s 0: incorrect max key SPOS_MAX [ 1251.821948][T18734] loop5 btree validate error [ 1251.822017][T18734] flagging btree alloc lost data [ 1251.822092][T18734] running recovery pass check_topology (2), currently at recovery_pass_empty (0) [ 1251.822183][T18734] ret btree_node_read_err_bad_node [ 1251.879974][T18734] bcachefs (loop5): error reading btree root btree=alloc level=0: btree_node_read_error, fixing [ 1251.923686][T18734] bcachefs (loop5): check_topology... done [ 1251.938628][T18734] bcachefs (loop5): accounting_read... done [ 1251.949952][T18734] bcachefs (loop5): alloc_read... done [ 1251.960522][T18734] bcachefs (loop5): Fixed errors, running fsck a second time to verify fs is clean [ 1251.974394][T18734] bcachefs (loop5): done starting filesystem [ 1252.105178][ T30] audit: type=1800 audit(1509.160:193): pid=18734 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.4168" name="file1" dev="loop5" ino=536870912 res=0 errno=0 [ 1252.193818][T14276] bcachefs (loop5): shutting down [ 1252.250849][T14276] bcachefs (loop5): shutdown complete [ 1252.454264][T18748] netlink: 48 bytes leftover after parsing attributes in process `syz.2.4174'. [ 1252.748413][T18745] overlayfs: statfs failed on './file0' [ 1254.634971][T18770] loop4: detected capacity change from 0 to 32768 [ 1254.739466][T18770] ocfs2: Slot 0 on device (7,4) was already allocated to this node! [ 1254.800801][T18776] netlink: 132 bytes leftover after parsing attributes in process `syz.8.4185'. [ 1254.944011][T18770] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 1255.217239][T18106] ocfs2: Unmounting device (7,4) on (node local) [ 1255.903015][T18794] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1256.461636][T18789] loop5: detected capacity change from 0 to 32768 [ 1256.865992][T18799] loop9: detected capacity change from 0 to 1024 [ 1256.891702][T18799] EXT4-fs: Ignoring removed bh option [ 1257.036387][T18799] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1257.203392][T18799] EXT4-fs error (device loop9): ext4_xattr_set_entry:1660: inode #15: comm syz.9.4195: corrupted xattr entries [ 1257.341734][T18799] EXT4-fs (loop9): Remounting filesystem read-only [ 1257.348809][T18799] EXT4-fs warning (device loop9): ext4_xattr_block_set:2190: inode #19: comm syz.9.4195: dec ref error=-30 [ 1257.656362][T18810] loop8: detected capacity change from 0 to 1024 [ 1257.683427][T18810] EXT4-fs: Ignoring removed mblk_io_submit option [ 1257.695610][T18810] ext4: Bad value for 'stripe' [ 1257.737262][T10107] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1258.397403][T18823] netlink: 204 bytes leftover after parsing attributes in process `syz.8.4203'. [ 1258.783306][T18828] loop2: detected capacity change from 0 to 512 [ 1258.955185][T18828] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1259.081890][T18832] loop4: detected capacity change from 0 to 4096 [ 1259.401945][T18844] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 1259.449095][T18844] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 1259.455517][T11862] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1261.090373][T18856] loop4: detected capacity change from 0 to 40427 [ 1261.095023][T18860] loop9: detected capacity change from 0 to 32768 [ 1261.146862][T18860] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop9 (7:9) scanned by syz.9.4217 (18860) [ 1261.151751][T18856] F2FS-fs (loop4): invalid crc value [ 1261.175413][T18860] BTRFS info (device loop9): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1261.186061][T18860] BTRFS info (device loop9): using sha256 (sha256-lib) checksum algorithm [ 1261.465071][T18856] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 1261.475895][T18856] F2FS-fs (loop4): Start checkpoint disabled! [ 1261.511119][T18856] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 1261.576869][ T30] audit: type=1800 audit(1518.625:194): pid=18856 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.4215" name="file1" dev="loop4" ino=10 res=0 errno=0 [ 1261.581306][T18856] syz.4.4215: attempt to access beyond end of device [ 1261.581306][T18856] loop4: rw=2049, sector=45096, nr_sectors = 128 limit=40427 [ 1261.696423][ T4326] kworker/u8:26: attempt to access beyond end of device [ 1261.696423][ T4326] loop4: rw=2049, sector=45224, nr_sectors = 8 limit=40427 [ 1261.710991][ T4326] CPU: 1 UID: 0 PID: 4326 Comm: kworker/u8:26 Tainted: G W syzkaller #0 PREEMPT(none) [ 1261.711165][ T4326] Tainted: [W]=WARN [ 1261.711218][ T4326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 1261.711325][ T4326] Workqueue: writeback wb_workfn (flush-7:4) [ 1261.711548][ T4326] Call Trace: [ 1261.711598][ T4326] [ 1261.711650][ T4326] __dump_stack+0x26/0x30 [ 1261.711823][ T4326] dump_stack_lvl+0x1df/0x270 [ 1261.711993][ T4326] dump_stack+0x1e/0x25 [ 1261.712146][ T4326] f2fs_handle_critical_error+0xa6f/0xc20 [ 1261.712377][ T4326] f2fs_stop_checkpoint+0x65/0x80 [ 1261.712512][ T4326] f2fs_write_end_io+0x101c/0x1bc0 [ 1261.712693][ T4326] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 1261.712841][ T4326] bio_endio+0xeb1/0x1010 [ 1261.713006][ T4326] submit_bio_noacct+0x213/0x2750 [ 1261.713231][ T4326] submit_bio+0x57c/0x630 [ 1261.713405][ T4326] f2fs_submit_write_bio+0x92/0x250 [ 1261.713595][ T4326] __submit_merged_bio+0x16f/0x6a0 [ 1261.713786][ T4326] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1261.713965][ T4326] __submit_merged_write_cond+0x458/0x9a0 [ 1261.714178][ T4326] f2fs_write_data_pages+0x4bb2/0x5480 [ 1261.714446][ T4326] ? t_next+0x2c0/0x460 [ 1261.714608][ T4326] ? kmsan_get_metadata+0xfb/0x160 [ 1261.714770][ T4326] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1261.714944][ T4326] ? __update_load_avg_cfs_rq+0xd7f/0x1010 [ 1261.715141][ T4326] ? kmsan_get_metadata+0xfb/0x160 [ 1261.715302][ T4326] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1261.715476][ T4326] ? __rb_insert_augmented+0xad0/0x11b0 [ 1261.715669][ T4326] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 1261.715821][ T4326] ? __pfx_min_vruntime_cb_rotate+0x10/0x10 [ 1261.715972][ T4326] ? kmsan_get_metadata+0xfb/0x160 [ 1261.716127][ T4326] ? kmsan_get_metadata+0xfb/0x160 [ 1261.716287][ T4326] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1261.716452][ T4326] ? kmsan_get_metadata+0xfb/0x160 [ 1261.716613][ T4326] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1261.716783][ T4326] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 1261.716925][ T4326] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 1261.717064][ T4326] do_writepages+0x3ef/0x860 [ 1261.717206][ T4326] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1261.717380][ T4326] ? writeback_sb_inodes+0x21/0x1cb0 [ 1261.717524][ T4326] ? kmsan_get_metadata+0xfb/0x160 [ 1261.717705][ T4326] __writeback_single_inode+0x101/0x1190 [ 1261.717873][ T4326] ? kmsan_get_metadata+0xfb/0x160 [ 1261.718048][ T4326] writeback_sb_inodes+0xac1/0x1cb0 [ 1261.718293][ T4326] ? kmsan_get_metadata+0xfb/0x160 [ 1261.718500][ T4326] wb_writeback+0x4ce/0xc00 [ 1261.718661][ T4326] ? queue_io+0x4c1/0x790 [ 1261.718819][ T4326] wb_workfn+0x397/0x1910 [ 1261.719002][ T4326] ? kmsan_get_metadata+0xfb/0x160 [ 1261.719185][ T4326] ? __pfx_wb_workfn+0x10/0x10 [ 1261.719362][ T4326] process_scheduled_works+0xb8e/0x1d80 [ 1261.719613][ T4326] worker_thread+0xedf/0x1590 [ 1261.719843][ T4326] kthread+0xd59/0xf00 [ 1261.719978][ T4326] ? __pfx_worker_thread+0x10/0x10 [ 1261.720193][ T4326] ? __pfx_kthread+0x10/0x10 [ 1261.720331][ T4326] ret_from_fork+0x233/0x380 [ 1261.720472][ T4326] ? __pfx_kthread+0x10/0x10 [ 1261.720617][ T4326] ret_from_fork_asm+0x1a/0x30 [ 1261.720828][ T4326] [ 1262.030019][ T4326] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 1262.063420][T18860] BTRFS info (device loop9): enabling ssd optimizations [ 1262.070571][T18860] BTRFS info (device loop9): enabling free space tree [ 1262.210689][T10107] BTRFS info (device loop9): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1262.296900][T18887] netlink: 104 bytes leftover after parsing attributes in process `syz.5.4224'. [ 1262.587455][T18889] netlink: 24 bytes leftover after parsing attributes in process `syz.8.4226'. [ 1262.626229][ T5907] libceph: connect (1)[c::]:6789 error -101 [ 1262.632772][ T5907] libceph: mon0 (1)[c::]:6789 connect error [ 1262.726142][ T42] libceph: connect (1)[c::]:6789 error -101 [ 1262.732769][ T42] libceph: mon0 (1)[c::]:6789 connect error [ 1262.892383][ T5907] libceph: connect (1)[c::]:6789 error -101 [ 1262.898708][ T5907] libceph: mon0 (1)[c::]:6789 connect error [ 1263.004259][ T42] libceph: connect (1)[c::]:6789 error -101 [ 1263.010572][ T42] libceph: mon0 (1)[c::]:6789 connect error [ 1263.385009][T18896] ceph: No mds server is up or the cluster is laggy [ 1263.386744][T18893] ceph: No mds server is up or the cluster is laggy [ 1263.425673][T18903] netlink: 'syz.5.4229': attribute type 12 has an invalid length. [ 1263.436034][ T5907] libceph: connect (1)[c::]:6789 error -101 [ 1263.442443][ T5907] libceph: mon0 (1)[c::]:6789 connect error [ 1263.902178][T18909] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1264.327435][T18917] netlink: 4 bytes leftover after parsing attributes in process `syz.8.4233'. [ 1264.803638][T18913] loop4: detected capacity change from 0 to 32768 [ 1264.934817][T18913] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names [ 1264.934976][T18913] allowing incompatible features above 0.0: (unknown version) [ 1264.935057][T18913] features: lz4 [ 1264.970944][T18913] bcachefs (loop4): Using encoding defined by superblock: utf8-12.1.0 [ 1264.980603][T18913] bcachefs (loop4): initializing new filesystem [ 1265.001701][T18913] bcachefs (loop4): going read-write [ 1265.026038][T18913] bcachefs (loop4): marking superblocks [ 1265.137930][T18913] bcachefs (loop4): initializing freespace [ 1265.171512][T18913] bcachefs (loop4): done initializing freespace [ 1265.204808][T18913] bcachefs (loop4): reading snapshots table [ 1265.216891][T18913] bcachefs (loop4): reading snapshots done [ 1265.432706][T18913] bcachefs (loop4): done starting filesystem [ 1265.672436][T18913] bcachefs (loop4): going read-only [ 1265.677858][T18913] bcachefs (loop4): finished waiting for writes to stop [ 1265.746468][T18913] bcachefs (loop4): flushing journal and stopping allocators, journal seq 2 [ 1265.907262][T18913] bcachefs (loop4): flushing journal and stopping allocators complete, journal seq 2 [ 1265.925218][T18944] loop2: detected capacity change from 0 to 128 [ 1265.970314][T18913] bcachefs (loop4): clean shutdown complete, journal seq 3 [ 1265.980290][T18913] bcachefs (loop4): marking filesystem clean [ 1266.033508][T18944] vfat: Unknown parameter 'ÿÿ' [ 1266.377447][T18106] bcachefs (loop4): shutting down [ 1266.524831][T18106] bcachefs (loop4): shutdown complete [ 1267.525007][T18952] loop9: detected capacity change from 0 to 32768 [ 1267.772582][T18952] bcachefs (loop9): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names [ 1267.772716][T18952] allowing incompatible features above 0.0: (unknown version) [ 1267.772809][T18952] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 1267.811808][T18952] bcachefs (loop9): Using encoding defined by superblock: utf8-12.1.0 [ 1267.820283][T18952] bcachefs (loop9): initializing new filesystem [ 1267.839191][T18952] bcachefs (loop9): going read-write [ 1267.941316][T18952] bcachefs (loop9): marking superblocks [ 1267.992457][T18952] bcachefs (loop9): initializing freespace [ 1268.019119][T18952] bcachefs (loop9): done initializing freespace [ 1268.038837][T18952] bcachefs (loop9): reading snapshots table [ 1268.045091][T18952] bcachefs (loop9): reading snapshots done [ 1268.172980][T18952] bcachefs (loop9): done starting filesystem [ 1268.503769][T18967] loop8: detected capacity change from 0 to 32768 [ 1268.654057][T10107] bcachefs (loop9): shutting down [ 1268.659726][T10107] bcachefs (loop9): going read-only [ 1268.665117][T10107] bcachefs (loop9): finished waiting for writes to stop [ 1268.672112][T18967] ocfs2: Mounting device (7,8) on (node local, slot 0) with ordered data mode. [ 1268.694440][T10107] bcachefs (loop9): flushing journal and stopping allocators, journal seq 3 [ 1268.866093][T14977] ocfs2: Unmounting device (7,8) on (node local) [ 1268.926338][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 1268.933752][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 1268.963126][T10107] bcachefs (loop9): flushing journal and stopping allocators complete, journal seq 3 [ 1268.995271][T10107] bcachefs (loop9): clean shutdown complete, journal seq 4 [ 1269.019357][T10107] bcachefs (loop9): marking filesystem clean [ 1269.140913][T10107] bcachefs (loop9): shutdown complete [ 1270.445350][T18993] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4242'. [ 1270.454849][T18993] netlink: 'syz.4.4242': attribute type 30 has an invalid length. [ 1270.490143][T18993] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4242'. [ 1270.500744][T18993] netlink: 'syz.4.4242': attribute type 30 has an invalid length. [ 1270.570866][ T9112] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1270.598345][ T42] usb 9-1: new high-speed USB device number 12 using dummy_hcd [ 1270.623554][ T9112] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1270.676723][ T9112] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1270.723390][ T9112] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1270.747364][T18987] loop2: detected capacity change from 0 to 32768 [ 1270.807334][ T42] usb 9-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 1270.816798][ T42] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1270.825984][ T42] usb 9-1: Product: syz [ 1270.830512][ T42] usb 9-1: Manufacturer: syz [ 1270.835283][ T42] usb 9-1: SerialNumber: syz [ 1270.872833][T18987] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 1270.920203][T19000] loop4: detected capacity change from 0 to 512 [ 1270.934879][T19000] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 1270.986705][T19000] EXT4-fs (loop4): invalid journal inode [ 1270.993089][T19000] EXT4-fs (loop4): can't get journal size [ 1270.995280][T19005] netlink: 'syz.5.4259': attribute type 21 has an invalid length. [ 1271.007190][T19005] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4259'. [ 1271.021675][T19005] netlink: 'syz.5.4259': attribute type 21 has an invalid length. [ 1271.029989][T19005] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4259'. [ 1271.044531][T19000] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e056c118, mo2=0002] [ 1271.058694][T19000] System zones: 1-12, 13-13 [ 1271.074389][T19000] EXT4-fs (loop4): 1 truncate cleaned up [ 1271.083782][T19000] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1271.222372][T18987] XFS (loop2): Ending clean mount [ 1271.307490][T19000] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.4258: bg 0: block 255: padding at end of block bitmap is not set [ 1271.355497][T19000] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 1271.358578][T11862] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 1271.543335][T18106] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1272.016340][ T42] lan78xx 9-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x0000011c. ret = -EPROTO [ 1272.028786][ T42] lan78xx 9-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 1272.039082][ T42] lan78xx 9-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 1272.159528][ T42] lan78xx 9-1:1.0: probe with driver lan78xx failed with error -71 [ 1272.241441][ T42] usb 9-1: USB disconnect, device number 12 [ 1272.969388][T19015] loop4: detected capacity change from 0 to 32768 [ 1273.118026][T19015] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names [ 1273.118193][T19015] allowing incompatible features above 0.0: (unknown version) [ 1273.118283][T19015] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 1273.169398][T19015] bcachefs (loop4): Using encoding defined by superblock: utf8-12.1.0 [ 1273.177918][T19015] bcachefs (loop4): initializing new filesystem [ 1273.198790][T19015] bcachefs (loop4): going read-write [ 1273.230263][T19029] loop8: detected capacity change from 0 to 128 [ 1273.238929][T19015] bcachefs (loop4): marking superblocks [ 1273.290821][T19015] bcachefs (loop4): initializing freespace [ 1273.318138][T19015] bcachefs (loop4): done initializing freespace [ 1273.337637][T19015] bcachefs (loop4): reading snapshots table [ 1273.343875][T19015] bcachefs (loop4): reading snapshots done [ 1273.417280][ T30] audit: type=1800 audit(1530.481:195): pid=19029 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.4266" name="file2" dev="loop8" ino=1048824 res=0 errno=0 [ 1273.427826][T19015] bcachefs (loop4): done starting filesystem [ 1273.522256][T19029] FAT-fs (loop8): error, invalid access to FAT (entry 0x00000100) [ 1273.530563][T19029] FAT-fs (loop8): Filesystem has been set read-only [ 1273.538233][T19029] syz.8.4266: attempt to access beyond end of device [ 1273.538233][T19029] loop8: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 1273.722768][T19038] loop9: detected capacity change from 0 to 512 [ 1273.772254][ T30] audit: type=1804 audit(1530.821:196): pid=19015 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.4264" name="/newroot/31/file0/file1" dev="loop4" ino=4098 res=1 errno=0 [ 1273.887026][T19038] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1273.926925][T18106] bcachefs (loop4): shutting down [ 1273.932273][T18106] bcachefs (loop4): going read-only [ 1273.938121][T18106] bcachefs (loop4): finished waiting for writes to stop [ 1273.964085][T18106] bcachefs (loop4): flushing journal and stopping allocators, journal seq 3 [ 1274.144868][T18106] bcachefs (loop4): flushing journal and stopping allocators complete, journal seq 3 [ 1274.185637][T18106] bcachefs (loop4): clean shutdown complete, journal seq 4 [ 1274.195242][T18106] bcachefs (loop4): marking filesystem clean [ 1274.250334][T18106] bcachefs (loop4): shutdown complete [ 1274.390151][T10107] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1274.550681][T19047] loop8: detected capacity change from 0 to 1024 [ 1274.706175][T19049] netlink: 'syz.5.4273': attribute type 12 has an invalid length. [ 1275.257558][T19063] netlink: 104 bytes leftover after parsing attributes in process `syz.8.4277'. [ 1277.934818][T19107] Invalid ELF header magic: != ELF [ 1279.563733][T19126] loop2: detected capacity change from 0 to 512 [ 1279.643306][T19126] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 1279.733616][T19126] EXT4-fs (loop2): 1 truncate cleaned up [ 1279.741525][T19126] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1279.887155][T19126] EXT4-fs error (device loop2): ext4_generic_delete_entry:2668: inode #2: block 13: comm syz.2.4305: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0 [ 1279.973614][T19126] EXT4-fs (loop2): Remounting filesystem read-only [ 1279.980495][T19126] EXT4-fs warning (device loop2): ext4_rename_delete:3731: inode #2: comm syz.2.4305: Deleting old file: nlink 5, error=-117 [ 1280.365962][T11862] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1280.381337][T19138] loop9: detected capacity change from 0 to 8 [ 1280.421809][T19138] unable to read id index table [ 1281.879580][T19144] loop8: detected capacity change from 0 to 64 [ 1281.969749][T19147] netlink: 'syz.5.4316': attribute type 10 has an invalid length. [ 1281.979962][T19147] bridge0: port 2(bridge_slave_1) entered disabled state [ 1281.988449][T19147] bridge0: port 1(bridge_slave_0) entered disabled state [ 1282.014493][T19147] bridge0: port 2(bridge_slave_1) entered blocking state [ 1282.022237][T19147] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1282.030916][T19147] bridge0: port 1(bridge_slave_0) entered blocking state [ 1282.038605][T19147] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1282.064497][T19147] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 1282.099017][T19149] loop6: detected capacity change from 0 to 7 [ 1282.128960][T19149] Dev loop6: unable to read RDB block 7 [ 1282.135832][T19149] loop6: unable to read partition table [ 1282.214895][T19149] loop6: partition table beyond EOD, truncated [ 1282.221605][T19149] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1282.239277][ T5826] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1282.252561][ T5826] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1282.263610][ T5826] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1282.280998][ T5826] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1282.304395][ T5826] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1282.653499][T19157] netlink: 'syz.8.4318': attribute type 4 has an invalid length. [ 1282.797392][T19157] netlink: 'syz.8.4318': attribute type 4 has an invalid length. [ 1283.139849][T19151] chnl_net:caif_netlink_parms(): no params data found [ 1284.309374][T19151] bridge0: port 1(bridge_slave_0) entered blocking state [ 1284.317278][T19151] bridge0: port 1(bridge_slave_0) entered disabled state [ 1284.325203][T19151] bridge_slave_0: entered allmulticast mode [ 1284.334776][T19151] bridge_slave_0: entered promiscuous mode [ 1284.405085][ T5826] Bluetooth: hci1: command tx timeout [ 1284.423311][T19151] bridge0: port 2(bridge_slave_1) entered blocking state [ 1284.432789][T19151] bridge0: port 2(bridge_slave_1) entered disabled state [ 1284.442548][T19151] bridge_slave_1: entered allmulticast mode [ 1284.452786][T19151] bridge_slave_1: entered promiscuous mode [ 1284.520584][ T11] usb 10-1: new high-speed USB device number 24 using dummy_hcd [ 1284.688300][ T11] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1284.699683][ T11] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1284.746174][T19151] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1284.780760][ T11] usb 10-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1284.790314][ T11] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1284.798592][ T11] usb 10-1: SerialNumber: syz [ 1284.841328][T19151] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1285.022465][T19151] team0: Port device team_slave_0 added [ 1285.043876][ T11] usb 10-1: 0:2 : does not exist [ 1285.071211][T19151] team0: Port device team_slave_1 added [ 1285.134056][ T11] usb 10-1: USB disconnect, device number 24 [ 1285.359515][T19151] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1285.374059][T19151] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1285.401193][T19151] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1285.481213][T19151] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1285.488433][T19151] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1285.515127][T19151] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1286.261797][T19151] hsr_slave_0: entered promiscuous mode [ 1286.272080][T19151] hsr_slave_1: entered promiscuous mode [ 1286.280970][T19151] debugfs: 'hsr0' already exists in 'hsr' [ 1286.286861][T19151] Cannot create hsr debugfs directory [ 1286.298932][T19200] loop2: detected capacity change from 0 to 512 [ 1286.423548][T19196] loop8: detected capacity change from 0 to 40427 [ 1286.480983][ T5826] Bluetooth: hci1: command tx timeout [ 1286.491008][T19196] F2FS-fs (loop8): invalid crc value [ 1286.761042][T19196] F2FS-fs (loop8): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 1286.779305][T19196] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5 [ 1286.866174][ T30] audit: type=1800 audit(1543.907:197): pid=19196 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.4334" name="bus" dev="loop8" ino=10 res=0 errno=0 [ 1286.985792][T14977] syz-executor: attempt to access beyond end of device [ 1286.985792][T14977] loop8: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 1287.002283][T14977] CPU: 0 UID: 0 PID: 14977 Comm: syz-executor Tainted: G W syzkaller #0 PREEMPT(none) [ 1287.002458][T14977] Tainted: [W]=WARN [ 1287.002510][T14977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 1287.002595][T14977] Call Trace: [ 1287.002650][T14977] [ 1287.002698][T14977] __dump_stack+0x26/0x30 [ 1287.002876][T14977] dump_stack_lvl+0x1df/0x270 [ 1287.003054][T14977] dump_stack+0x1e/0x25 [ 1287.003208][T14977] f2fs_handle_critical_error+0xa6f/0xc20 [ 1287.003441][T14977] f2fs_stop_checkpoint+0x65/0x80 [ 1287.003576][T14977] f2fs_write_end_io+0x101c/0x1bc0 [ 1287.003768][T14977] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 1287.003907][T14977] bio_endio+0xeb1/0x1010 [ 1287.004073][T14977] submit_bio_noacct+0x213/0x2750 [ 1287.004284][T14977] submit_bio+0x57c/0x630 [ 1287.004458][T14977] f2fs_submit_write_bio+0x92/0x250 [ 1287.004651][T14977] __submit_merged_bio+0x16f/0x6a0 [ 1287.004844][T14977] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1287.005022][T14977] __submit_merged_write_cond+0x458/0x9a0 [ 1287.005234][T14977] f2fs_write_data_pages+0x4bb2/0x5480 [ 1287.005494][T14977] ? t_next+0x2c0/0x460 [ 1287.005660][T14977] ? __update_load_avg_cfs_rq+0xe9/0x1010 [ 1287.005863][T14977] ? __update_load_avg_se+0xa96/0x11c0 [ 1287.006055][T14977] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1287.006229][T14977] ? kmsan_get_metadata+0xfb/0x160 [ 1287.006381][T14977] ? kmsan_get_metadata+0xfb/0x160 [ 1287.006549][T14977] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 1287.006701][T14977] ? kmsan_get_metadata+0xfb/0x160 [ 1287.006868][T14977] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1287.007030][T14977] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 1287.007172][T14977] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 1287.007310][T14977] do_writepages+0x3ef/0x860 [ 1287.007463][T14977] ? _raw_spin_unlock+0x30/0x50 [ 1287.007626][T14977] ? wbc_attach_and_unlock_inode+0x131/0x680 [ 1287.007852][T14977] filemap_fdatawrite+0x207/0x260 [ 1287.008098][T14977] f2fs_sync_dirty_inodes+0x2ab/0x9e0 [ 1287.008287][T14977] f2fs_write_checkpoint+0xfe2/0x2b00 [ 1287.008571][T14977] kill_f2fs_super+0x2ff/0x970 [ 1287.008752][T14977] ? __pfx_kill_f2fs_super+0x10/0x10 [ 1287.008910][T14977] deactivate_locked_super+0xcb/0x3c0 [ 1287.009077][T14977] deactivate_super+0x12f/0x140 [ 1287.009230][T14977] cleanup_mnt+0x6fb/0x780 [ 1287.009406][T14977] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 1287.009568][T14977] ? __pfx___cleanup_mnt+0x10/0x10 [ 1287.009761][T14977] __cleanup_mnt+0x22/0x30 [ 1287.009940][T14977] task_work_run+0x206/0x2b0 [ 1287.010108][T14977] exit_to_user_mode_loop+0x2a6/0x330 [ 1287.010276][T14977] do_syscall_64+0x1e3/0x210 [ 1287.010410][T14977] ? irqentry_exit+0x16/0x60 [ 1287.010585][T14977] ? clear_bhb_loop+0x40/0x90 [ 1287.010740][T14977] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1287.010891][T14977] RIP: 0033:0x7f2c4af8fed7 [ 1287.010994][T14977] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 1287.011117][T14977] RSP: 002b:00007fff93330158 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 1287.011250][T14977] RAX: 0000000000000000 RBX: 00007f2c4b011c05 RCX: 00007f2c4af8fed7 [ 1287.011340][T14977] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff93330210 [ 1287.011428][T14977] RBP: 00007fff93330210 R08: 0000000000000000 R09: 0000000000000000 [ 1287.011513][T14977] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff933312a0 [ 1287.011609][T14977] R13: 00007f2c4b011c05 R14: 000000000013a32a R15: 00007fff933312e0 [ 1287.011744][T14977] [ 1287.362504][T14977] F2FS-fs (loop8): Stopped filesystem due to reason: 3 [ 1287.441753][T19212] loop9: detected capacity change from 0 to 1024 [ 1287.452518][T19212] EXT4-fs: Invalid want_extra_isize 5 [ 1288.020454][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 1288.408940][ T5907] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 1288.561199][ T5826] Bluetooth: hci1: command tx timeout [ 1288.609931][ T5907] usb 3-1: Using ep0 maxpacket: 16 [ 1288.691858][ T5907] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1288.703326][ T5907] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1288.713487][ T5907] usb 3-1: New USB device found, idVendor=0458, idProduct=5012, bcdDevice= 0.00 [ 1288.724839][ T5907] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1288.744630][ T5907] usb 3-1: config 0 descriptor?? [ 1288.800589][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 1289.610756][ T5907] input: HID 0458:5012 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0458:5012.0024/input/input42 [ 1289.805870][ T5907] input: HID 0458:5012 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0458:5012.0024/input/input43 [ 1289.962574][T19151] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1289.994454][ T5907] kye 0003:0458:5012.0024: input,hiddev0,hidraw0: USB HID v0.09 Device [HID 0458:5012] on usb-dummy_hcd.2-1/input0 [ 1290.161829][T19151] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1290.297647][T19151] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1290.348858][T19151] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1290.642474][ T5826] Bluetooth: hci1: command tx timeout [ 1290.778346][ C0] kye 0003:0458:5012.0024: usb_submit_urb(ctrl) failed: -1 [ 1291.406633][T19151] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1291.560806][T19151] 8021q: adding VLAN 0 to HW filter on device team0 [ 1291.581792][ T5877] usb 3-1: USB disconnect, device number 21 [ 1291.685160][ T9122] bridge0: port 1(bridge_slave_0) entered blocking state [ 1291.692780][ T9122] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1291.818198][ T9122] bridge0: port 2(bridge_slave_1) entered blocking state [ 1291.825791][ T9122] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1292.029111][T19244] netlink: 31 bytes leftover after parsing attributes in process `syz.8.4353'. [ 1292.548809][T19256] netlink: 8 bytes leftover after parsing attributes in process `syz.8.4358'. [ 1292.646836][T19256] netlink: 8 bytes leftover after parsing attributes in process `syz.8.4358'. [ 1293.349899][T19266] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1293.364276][T19266] 8021q: adding VLAN 0 to HW filter on device team0 [ 1293.477406][T19266] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1293.709037][T19151] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1293.952997][T19275] loop9: detected capacity change from 0 to 2048 [ 1294.040212][T19275] UDF-fs: error (device loop9): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 1294.120302][T19275] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1294.136910][T19151] veth0_vlan: entered promiscuous mode [ 1294.253720][T19151] veth1_vlan: entered promiscuous mode [ 1294.546256][T19151] veth0_macvtap: entered promiscuous mode [ 1294.607291][T19151] veth1_macvtap: entered promiscuous mode [ 1294.980738][T19151] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1295.038657][T19151] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1295.076392][ T5878] usb 10-1: new full-speed USB device number 25 using dummy_hcd [ 1295.118266][ T9100] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1295.163543][ T9100] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1295.178123][ T4326] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1295.221212][ T4326] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1295.297766][ T5878] usb 10-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 1295.307719][ T5878] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1295.316139][ T5878] usb 10-1: Product: syz [ 1295.320566][ T5878] usb 10-1: Manufacturer: syz [ 1295.325726][ T5878] usb 10-1: SerialNumber: syz [ 1295.404100][ T5878] usb 10-1: config 0 descriptor?? [ 1295.667447][ T5878] usb 10-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 1296.711710][ T5878] dvb_usb_rtl28xxu 10-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 1296.758864][ T5878] usb 10-1: USB disconnect, device number 25 [ 1298.632632][T19333] loop9: detected capacity change from 0 to 2048 [ 1298.750764][T19333] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1299.194123][ T3747] EXT4-fs error (device loop9): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 281 free clusters [ 1299.251602][ T3747] EXT4-fs (loop9): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 498 with error 28 [ 1299.264852][ T3747] EXT4-fs (loop9): This should not happen!! Data will be lost [ 1299.264852][ T3747] [ 1299.274925][ T3747] EXT4-fs (loop9): Total free blocks count 0 [ 1299.281080][ T3747] EXT4-fs (loop9): Free/Dirty block details [ 1299.287524][ T3747] EXT4-fs (loop9): free_blocks=4096 [ 1299.293001][ T3747] EXT4-fs (loop9): dirty_blocks=512 [ 1299.298359][ T3747] EXT4-fs (loop9): Block reservation details [ 1299.304636][ T3747] EXT4-fs (loop9): i_reserved_data_blocks=32 [ 1299.470314][T10107] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1300.304450][T19351] loop2: detected capacity change from 0 to 40427 [ 1300.323668][T19351] F2FS-fs (loop2): build fault injection rate: 14 [ 1300.330300][T19351] F2FS-fs (loop2): build fault injection type: 0x3bfe8c [ 1300.341653][T19351] F2FS-fs (loop2): invalid crc value [ 1300.392489][ C0] F2FS-fs (loop2): inject read IO error in f2fs_read_end_io of bio_endio+0xeb1/0x1010 [ 1300.422507][ C0] F2FS-fs (loop2): inject read IO error in f2fs_read_end_io of bio_endio+0xeb1/0x1010 [ 1300.809218][T19351] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 1300.818673][T19351] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_folio of f2fs_get_tmp_folio+0x38/0x50 [ 1300.836060][T19351] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 1300.895722][T19351] F2FS-fs (loop2): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x831/0x19b0 [ 1300.917909][T19351] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_folio of f2fs_new_inode_folio+0xb9/0x100 [ 1301.018182][T11862] syz-executor: attempt to access beyond end of device [ 1301.018182][T11862] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 1301.035071][T11862] CPU: 0 UID: 0 PID: 11862 Comm: syz-executor Tainted: G W syzkaller #0 PREEMPT(none) [ 1301.035246][T11862] Tainted: [W]=WARN [ 1301.035297][T11862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 1301.035378][T11862] Call Trace: [ 1301.035431][T11862] [ 1301.035481][T11862] __dump_stack+0x26/0x30 [ 1301.035654][T11862] dump_stack_lvl+0x1df/0x270 [ 1301.035827][T11862] dump_stack+0x1e/0x25 [ 1301.035976][T11862] f2fs_handle_critical_error+0xa6f/0xc20 [ 1301.036208][T11862] f2fs_stop_checkpoint+0x65/0x80 [ 1301.036343][T11862] f2fs_write_end_io+0x101c/0x1bc0 [ 1301.036527][T11862] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 1301.036670][T11862] bio_endio+0xeb1/0x1010 [ 1301.036834][T11862] submit_bio_noacct+0x213/0x2750 [ 1301.037048][T11862] submit_bio+0x57c/0x630 [ 1301.037218][T11862] f2fs_submit_write_bio+0x92/0x250 [ 1301.037410][T11862] __submit_merged_bio+0x16f/0x6a0 [ 1301.037593][T11862] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1301.037790][T11862] __submit_merged_write_cond+0x458/0x9a0 [ 1301.038000][T11862] f2fs_write_data_pages+0x4bb2/0x5480 [ 1301.038274][T11862] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1301.038442][T11862] ? folios_put_refs+0x1/0xb10 [ 1301.038632][T11862] ? filter_irq_stacks+0x49/0x190 [ 1301.038765][T11862] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1301.038933][T11862] ? stack_depot_save_flags+0x35/0x7b0 [ 1301.039079][T11862] ? kmsan_get_metadata+0xfb/0x160 [ 1301.039253][T11862] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 1301.039409][T11862] ? kmsan_get_metadata+0xfb/0x160 [ 1301.039571][T11862] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1301.039735][T11862] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 1301.039876][T11862] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 1301.040015][T11862] do_writepages+0x3ef/0x860 [ 1301.040167][T11862] ? _raw_spin_unlock+0x30/0x50 [ 1301.040329][T11862] ? wbc_attach_and_unlock_inode+0x131/0x680 [ 1301.040543][T11862] filemap_fdatawrite+0x207/0x260 [ 1301.040790][T11862] f2fs_sync_dirty_inodes+0x2ab/0x9e0 [ 1301.040970][T11862] f2fs_write_checkpoint+0xfe2/0x2b00 [ 1301.041245][T11862] kill_f2fs_super+0x2ff/0x970 [ 1301.041411][T11862] ? __pfx_kill_f2fs_super+0x10/0x10 [ 1301.041561][T11862] deactivate_locked_super+0xcb/0x3c0 [ 1301.041739][T11862] deactivate_super+0x12f/0x140 [ 1301.041895][T11862] cleanup_mnt+0x6fb/0x780 [ 1301.042073][T11862] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 1301.042238][T11862] ? __pfx___cleanup_mnt+0x10/0x10 [ 1301.042423][T11862] __cleanup_mnt+0x22/0x30 [ 1301.042599][T11862] task_work_run+0x206/0x2b0 [ 1301.042776][T11862] exit_to_user_mode_loop+0x2a6/0x330 [ 1301.042941][T11862] do_syscall_64+0x1e3/0x210 [ 1301.043073][T11862] ? irqentry_exit+0x16/0x60 [ 1301.043250][T11862] ? clear_bhb_loop+0x40/0x90 [ 1301.043401][T11862] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1301.043550][T11862] RIP: 0033:0x7f10e4b8fed7 [ 1301.043661][T11862] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 1301.043773][T11862] RSP: 002b:00007ffe6c379508 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 1301.043901][T11862] RAX: 0000000000000000 RBX: 00007f10e4c11c05 RCX: 00007f10e4b8fed7 [ 1301.043989][T11862] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe6c3795c0 [ 1301.044082][T11862] RBP: 00007ffe6c3795c0 R08: 0000000000000000 R09: 0000000000000000 [ 1301.044170][T11862] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe6c37a650 [ 1301.044264][T11862] R13: 00007f10e4c11c05 R14: 000000000013da4f R15: 00007ffe6c37a690 [ 1301.044396][T11862] [ 1301.394641][T11862] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 1302.068755][ T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1302.080425][ T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1302.209482][ T3775] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1302.220938][ T3775] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1302.527438][T19384] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4403'. [ 1303.594588][T19402] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4409'. [ 1303.604314][T19402] netlink: 'syz.5.4409': attribute type 7 has an invalid length. [ 1303.612434][T19402] netlink: 'syz.5.4409': attribute type 8 has an invalid length. [ 1303.620319][T19402] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4409'. [ 1303.748980][T19403] loop8: detected capacity change from 0 to 1024 [ 1303.931916][T19403] EXT4-fs (loop8): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 1304.114277][T19403] EXT4-fs error (device loop8): ext4_map_blocks:814: inode #15: comm syz.8.4410: lblock 0 mapped to illegal pblock 0 (length 6) [ 1304.128300][ T30] audit: type=1800 audit(1561.206:198): pid=19403 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.4410" name="file1" dev="loop8" ino=15 res=0 errno=0 [ 1304.182071][T19403] EXT4-fs error (device loop8): ext4_ext_remove_space:2955: inode #15: comm syz.8.4410: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0) [ 1304.371112][ T3775] EXT4-fs error (device loop8): ext4_map_blocks:814: inode #15: comm kworker/u8:18: lblock 0 mapped to illegal pblock 0 (length 1) [ 1304.425088][ T3775] EXT4-fs (loop8): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 [ 1304.437973][ T3775] EXT4-fs (loop8): This should not happen!! Data will be lost [ 1304.437973][ T3775] [ 1304.449668][T19421] loop9: detected capacity change from 0 to 512 [ 1304.462400][T14977] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 1304.501661][T19421] EXT4-fs: Ignoring removed oldalloc option [ 1304.529934][T19421] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode [ 1304.569813][T19421] EXT4-fs (loop9): 1 truncate cleaned up [ 1304.577881][T19421] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1304.998736][T10107] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1306.175723][T19440] loop2: detected capacity change from 0 to 32768 [ 1306.465080][T19440] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,recovery_pass_last=snapshots_read,nojournal_transaction_names,noexcl,read_only,no_data_io [ 1306.465241][T19440] allowing incompatible features above 0.0: (unknown version) [ 1306.465334][T19440] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 1306.511012][T19440] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0 [ 1306.521122][T19440] bcachefs (loop2): invalid journal entry, version=1.7: mi_btree_bitmap type=clock in superblock: bad rw, fixing [ 1306.535018][T19440] bcachefs (loop2): invalid journal entry, version=1.7: mi_btree_bitmap type=data_usage in superblock: invalid journal entry usage: no devices in entry free: 0/0 [], fixing [ 1306.555873][T19440] bcachefs (loop2): recovering from clean shutdown, journal seq 10 [ 1306.565312][T19440] bcachefs (loop2): Version upgrade required: [ 1306.565312][T19440] Version upgrade from 0.27: fragmentation_lru to 1.7: mi_btree_bitmap incomplete [ 1306.565312][T19440] Doing incompatible version upgrade from 0.27: fragmentation_lru to 1.28: inode_has_case_insensitive [ 1306.565312][T19440] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance [ 1306.749236][T19440] bcachefs (loop2): btree node read error at btree alloc level 0/0 [ 1306.749342][T19440] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0 [ 1306.749461][T19440] loop2 node offset 0/24 bset u64s 0: invalid bkey format: field 2 too large: 4294967295 + 11015804688548233216 > 4294967295 [ 1306.749570][T19440] u64s 3 fields 64:0, 64:0, 32:11015804688548233216, 0:0, 0:0, 0:0 [ 1306.749663][T19440] loop2 btree validate error [ 1306.749734][T19440] flagging btree alloc lost data [ 1306.749808][T19440] running recovery pass check_topology (2), currently at recovery_pass_empty (0) [ 1306.749896][T19440] ret btree_node_read_err_bad_node [ 1306.822232][T19440] bcachefs (loop2): error reading btree root btree=alloc level=0: btree_node_read_error, fixing [ 1306.930737][T19440] bcachefs (loop2): invalid bkey in btree_node btree=freespace level=0: u64s 5 type set 0:35:0 len 0 ver 0 [ 1306.930849][T19440] size == 0, deleting [ 1306.953744][T19440] bcachefs (loop2): error reading btree root btree=freespace level=0: btree_node_read_error, fixing [ 1307.021285][T19440] bcachefs (loop2): btree node read error at btree backpointers level 0/0 [ 1307.021405][T19440] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 4a8b0fa43a9980a6 written 24 min_key POS_MIN durability: 1 ptr: 0:37:0 gen 0 [ 1307.021517][T19440] loop2 node offset 0/24 bset u64s 0: checksum error, type none: got should be [ 1307.021606][T19440] loop2 btree validate error [ 1307.021678][T19440] flagging btree backpointers lost data [ 1307.021748][T19440] ret fsck_errors_not_fixed [ 1307.073433][T19440] bcachefs (loop2): error reading btree root btree=backpointers level=0: btree_node_read_error, fixing [ 1307.115028][T19440] bcachefs (loop2): check_topology... done [ 1307.149122][T19440] bcachefs (loop2): accounting_read... done [ 1307.167210][T19440] bcachefs (loop2): alloc_read... done [ 1307.180365][T19440] bcachefs (loop2): snapshots_read... done [ 1307.192314][T19440] bcachefs (loop2): Fixed errors, running fsck a second time to verify fs is clean [ 1307.216273][T19440] bcachefs (loop2): done starting filesystem [ 1307.599317][T19447] loop9: detected capacity change from 0 to 32768 [ 1307.624158][T11862] bcachefs (loop2): shutting down [ 1307.704530][T19447] JBD2: Ignoring recovery information on journal [ 1307.881538][T11862] bcachefs (loop2): shutdown complete [ 1308.245325][T19460] loop8: detected capacity change from 0 to 256 [ 1308.277235][T19460] exfat: Deprecated parameter 'namecase' [ 1308.424139][T19460] exFAT-fs (loop8): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d) [ 1308.665925][T19456] loop1: detected capacity change from 0 to 40427 [ 1308.683647][T19456] F2FS-fs (loop1): invalid crc value [ 1308.731853][T19447] ocfs2: Mounting device (7,9) on (node local, slot 0) with ordered data mode. [ 1308.989678][T19456] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 1309.001857][T19456] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 1309.062049][T19471] loop8: detected capacity change from 0 to 128 [ 1309.194358][T19151] syz-executor: attempt to access beyond end of device [ 1309.194358][T19151] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 1309.209046][T19151] CPU: 1 UID: 0 PID: 19151 Comm: syz-executor Tainted: G W syzkaller #0 PREEMPT(none) [ 1309.209220][T19151] Tainted: [W]=WARN [ 1309.209275][T19151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 1309.209359][T19151] Call Trace: [ 1309.209410][T19151] [ 1309.209464][T19151] __dump_stack+0x26/0x30 [ 1309.209632][T19151] dump_stack_lvl+0x1df/0x270 [ 1309.209808][T19151] dump_stack+0x1e/0x25 [ 1309.209966][T19151] f2fs_handle_critical_error+0xa6f/0xc20 [ 1309.210206][T19151] f2fs_stop_checkpoint+0x65/0x80 [ 1309.210346][T19151] f2fs_write_end_io+0x101c/0x1bc0 [ 1309.210531][T19151] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 1309.210671][T19151] bio_endio+0xeb1/0x1010 [ 1309.210839][T19151] submit_bio_noacct+0x213/0x2750 [ 1309.211077][T19151] submit_bio+0x57c/0x630 [ 1309.211245][T19151] f2fs_submit_write_bio+0x92/0x250 [ 1309.211437][T19151] __submit_merged_bio+0x16f/0x6a0 [ 1309.211614][T19151] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1309.211790][T19151] __submit_merged_write_cond+0x458/0x9a0 [ 1309.212005][T19151] f2fs_write_data_pages+0x4bb2/0x5480 [ 1309.212271][T19151] ? t_next+0x2c0/0x460 [ 1309.212443][T19151] ? __update_load_avg_cfs_rq+0xe9/0x1010 [ 1309.212641][T19151] ? __update_load_avg_se+0xa96/0x11c0 [ 1309.212840][T19151] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1309.213020][T19151] ? kmsan_get_metadata+0xfb/0x160 [ 1309.213189][T19151] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 1309.213346][T19151] ? kmsan_get_metadata+0xfb/0x160 [ 1309.213505][T19151] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1309.213671][T19151] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 1309.213808][T19151] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 1309.213947][T19151] do_writepages+0x3ef/0x860 [ 1309.214106][T19151] ? _raw_spin_unlock+0x30/0x50 [ 1309.214266][T19151] ? wbc_attach_and_unlock_inode+0x131/0x680 [ 1309.214485][T19151] filemap_fdatawrite+0x207/0x260 [ 1309.214718][T19151] f2fs_sync_dirty_inodes+0x2ab/0x9e0 [ 1309.214903][T19151] f2fs_write_checkpoint+0xfe2/0x2b00 [ 1309.215188][T19151] kill_f2fs_super+0x2ff/0x970 [ 1309.215359][T19151] ? __pfx_kill_f2fs_super+0x10/0x10 [ 1309.215513][T19151] deactivate_locked_super+0xcb/0x3c0 [ 1309.215688][T19151] deactivate_super+0x12f/0x140 [ 1309.215844][T19151] cleanup_mnt+0x6fb/0x780 [ 1309.216018][T19151] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 1309.216186][T19151] ? __pfx___cleanup_mnt+0x10/0x10 [ 1309.216377][T19151] __cleanup_mnt+0x22/0x30 [ 1309.216554][T19151] task_work_run+0x206/0x2b0 [ 1309.216715][T19151] exit_to_user_mode_loop+0x2a6/0x330 [ 1309.216882][T19151] do_syscall_64+0x1e3/0x210 [ 1309.217022][T19151] ? irqentry_exit+0x16/0x60 [ 1309.217192][T19151] ? clear_bhb_loop+0x40/0x90 [ 1309.217338][T19151] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1309.217487][T19151] RIP: 0033:0x7f550558fed7 [ 1309.217593][T19151] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 1309.217716][T19151] RSP: 002b:00007ffd71e17848 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 1309.217870][T19151] RAX: 0000000000000000 RBX: 00007f5505611c05 RCX: 00007f550558fed7 [ 1309.217962][T19151] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd71e17900 [ 1309.218058][T19151] RBP: 00007ffd71e17900 R08: 0000000000000000 R09: 0000000000000000 [ 1309.218146][T19151] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd71e18990 [ 1309.218238][T19151] R13: 00007f5505611c05 R14: 000000000013fa0a R15: 00007ffd71e189d0 [ 1309.218367][T19151] [ 1309.564232][T19151] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 1309.600266][T19471] EXT4-fs (loop8): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1309.694570][T10107] ocfs2: Unmounting device (7,9) on (node local) [ 1310.398404][T14977] EXT4-fs (loop8): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1311.363023][T19484] bond0: option min_links: invalid value (18446744072132493311) [ 1311.371315][T19484] bond0: option min_links: allowed values 0 - 2147483647 [ 1312.626488][ T5907] usb 9-1: new high-speed USB device number 13 using dummy_hcd [ 1312.797263][ T5907] usb 9-1: Using ep0 maxpacket: 16 [ 1312.842067][ T5907] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 1312.854057][ T5907] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 1312.914344][ T5907] usb 9-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1312.926347][ T5907] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1312.934553][ T5907] usb 9-1: Product: syz [ 1312.940091][ T5907] usb 9-1: Manufacturer: syz [ 1312.944870][ T5907] usb 9-1: SerialNumber: syz [ 1313.025816][ T5907] usb 9-1: config 0 descriptor?? [ 1313.050532][ T5907] em28xx 9-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1313.062724][ T5907] em28xx 9-1:0.0: Audio interface 0 found (Vendor Class) [ 1314.182819][T19516] pimreg: entered allmulticast mode [ 1314.277399][ T5907] em28xx 9-1:0.0: unknown em28xx chip ID (0) [ 1314.285742][ T5907] em28xx 9-1:0.0: Config register raw data: 0xfffffffb [ 1314.302123][T19516] pimreg: left allmulticast mode [ 1314.510093][ T5907] em28xx 9-1:0.0: AC97 chip type couldn't be determined [ 1314.517413][ T5907] em28xx 9-1:0.0: No AC97 audio processor [ 1314.551036][ T5907] usb 9-1: USB disconnect, device number 13 [ 1314.559447][ T5907] em28xx 9-1:0.0: Disconnecting em28xx [ 1314.596947][ T5907] em28xx 9-1:0.0: Freeing device [ 1314.938002][T19526] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4456'. [ 1316.153514][T19533] loop9: detected capacity change from 0 to 32768 [ 1316.221386][T19533] XFS (loop9): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 1316.692722][T19533] XFS (loop9): Ending clean mount [ 1316.706697][T19533] XFS (loop9): Quotacheck needed: Please wait. [ 1316.765009][T19533] XFS (loop9): Quotacheck: Done. [ 1316.957539][T10107] XFS (loop9): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 1317.584800][ T30] audit: type=1326 audit(1574.673:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19575 comm="syz.1.4473" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f550558eba9 code=0x0 [ 1317.719542][T19582] overlayfs: failed to clone upperpath [ 1318.191406][T19588] macvlan2: entered promiscuous mode [ 1318.201373][T19588] team_slave_0: entered promiscuous mode [ 1318.207421][T19588] team_slave_1: entered promiscuous mode [ 1318.213436][T19588] team0: entered promiscuous mode [ 1318.226702][T19588] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 1318.242677][T19588] bond0: (slave macvlan2): Enslaving as an active interface with an up link [ 1318.838046][ T5907] Process accounting resumed [ 1319.082712][T19589] loop2: detected capacity change from 0 to 40427 [ 1319.093549][T19589] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 1319.101508][T19589] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 1319.145051][T19589] F2FS-fs (loop2): invalid crc value [ 1319.457582][T19589] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 1319.479076][T19589] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 1319.486495][T19589] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 1319.661672][T19607] loop1: detected capacity change from 0 to 256 [ 1319.730730][T19605] loop8: detected capacity change from 0 to 512 [ 1320.141866][T19605] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1320.379129][ T30] audit: type=1800 audit(1577.464:200): pid=19615 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.4482" name="file2" dev="loop8" ino=16 res=0 errno=0 [ 1320.600291][T14977] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1321.051210][T19623] overlayfs: workdir and upperdir must be separate subtrees [ 1322.893601][T19614] loop9: detected capacity change from 0 to 32768 [ 1323.012696][T19645] 9pnet_fd: Insufficient options for proto=fd [ 1324.994755][T16380] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1325.010854][T16380] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1325.022223][T16380] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1325.052096][T16380] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1325.076120][T16380] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1325.801724][T19661] chnl_net:caif_netlink_parms(): no params data found [ 1327.117279][T19661] bridge0: port 1(bridge_slave_0) entered blocking state [ 1327.128659][T19661] bridge0: port 1(bridge_slave_0) entered disabled state [ 1327.141433][T19661] bridge_slave_0: entered allmulticast mode [ 1327.151101][T19661] bridge_slave_0: entered promiscuous mode [ 1327.172311][T19661] bridge0: port 2(bridge_slave_1) entered blocking state [ 1327.182237][T19661] bridge0: port 2(bridge_slave_1) entered disabled state [ 1327.190058][T19661] bridge_slave_1: entered allmulticast mode [ 1327.190889][T16380] Bluetooth: hci1: command tx timeout [ 1327.199736][T19661] bridge_slave_1: entered promiscuous mode [ 1327.355013][T19661] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1327.421367][T19661] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1327.726259][T19661] team0: Port device team_slave_0 added [ 1327.796814][T19661] team0: Port device team_slave_1 added [ 1328.085461][T19661] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1328.093188][T19661] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1328.120161][T19661] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1328.170964][T19661] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1328.178210][T19661] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1328.205567][T19661] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1328.224116][T19714] ------------[ cut here ]------------ [ 1328.230262][T19714] WARNING: CPU: 0 PID: 19714 at fs/exec.c:119 path_noexec+0x2ac/0x310 [ 1328.238884][T19714] Modules linked in: [ 1328.243012][T19714] CPU: 0 UID: 0 PID: 19714 Comm: syz.2.4526 Tainted: G W syzkaller #0 PREEMPT(none) [ 1328.249005][T19717] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1328.256219][T19714] Tainted: [W]=WARN [ 1328.265925][T19714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 1328.276462][T19714] RIP: 0010:path_noexec+0x2ac/0x310 [ 1328.282069][T19714] Code: 49 89 ff 8b 7d d4 e8 23 61 e1 ff 4c 89 ff e9 c8 fe ff ff 44 89 e7 e8 13 61 e1 ff 4d 85 ed 0f 85 a3 fe ff ff e8 f5 9c 3e ff 90 <0f> 0b 90 48 8b 7d c0 4c 8b 37 e8 d5 55 e1 ff 48 8b 00 48 89 45 c8 [ 1328.302142][T19714] RSP: 0018:ffff88812b2f3bc0 EFLAGS: 00010283 [ 1328.308572][T19714] RAX: ffffffff82b6688b RBX: ffff888116ffac20 RCX: 0000000000080000 [ 1328.316744][T19714] RDX: ffffc90010822000 RSI: 0000000000000057 RDI: 0000000000000058 [ 1328.325042][T19714] RBP: ffff88812b2f3c00 R08: ffffea000000000f R09: 0000000000000003 [ 1328.333391][T19714] R10: 0000000000000003 R11: 0000000000000002 R12: 0000000000000000 [ 1328.341687][T19714] R13: 0000000000000000 R14: ffff8881408f8aa0 R15: 0000000000000000 [ 1328.351759][T19714] FS: 00007f10e5b036c0(0000) GS:ffff8881aa691000(0000) knlGS:0000000000000000 [ 1328.361686][T19714] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1328.368600][T19714] CR2: 0000001b31321ff8 CR3: 0000000118536000 CR4: 00000000003526f0 [ 1328.376756][T19714] Call Trace: [ 1328.380943][T19714] [ 1328.384024][T19714] do_mmap+0x1570/0x1d70 [ 1328.389163][T19714] vm_mmap_pgoff+0x40d/0x770 [ 1328.394046][T19714] ksys_mmap_pgoff+0x51b/0x7c0 [ 1328.399186][T19714] __x64_sys_mmap+0x19c/0x260 [ 1328.404110][T19714] x64_sys_call+0x18a7/0x3e20 [ 1328.409169][T19714] do_syscall_64+0xd9/0x210 [ 1328.413884][T19714] ? irqentry_exit+0x16/0x60 [ 1328.418850][T19714] ? clear_bhb_loop+0x40/0x90 [ 1328.423762][T19714] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1328.430027][T19714] RIP: 0033:0x7f10e4b8eba9 [ 1328.434628][T19714] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1328.456984][T19714] RSP: 002b:00007f10e5b03038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1328.466393][T19714] RAX: ffffffffffffffda RBX: 00007f10e4dd5fa0 RCX: 00007f10e4b8eba9 [ 1328.474732][T19714] RDX: 0000000002000000 RSI: 0000000000003000 RDI: 0000200000000000 [ 1328.483102][T19714] RBP: 00007f10e4c11e19 R08: 0000000000000005 R09: 0000000000003000 [ 1328.491389][T19714] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000000000 [ 1328.499658][T19714] R13: 00007f10e4dd6038 R14: 00007f10e4dd5fa0 R15: 00007ffe6c37a278 [ 1328.507856][T19714] [ 1328.511142][T19714] ---[ end trace 0000000000000000 ]--- [ 1328.811783][T19661] hsr_slave_0: entered promiscuous mode [ 1328.824105][T19661] hsr_slave_1: entered promiscuous mode [ 1328.832930][T19661] debugfs: 'hsr0' already exists in 'hsr' [ 1328.838920][T19661] Cannot create hsr debugfs directory [ 1329.259522][T16380] Bluetooth: hci1: command tx timeout [ 1330.336743][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 1330.343890][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 1330.417024][T19661] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1330.473895][T19661] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1330.524505][T19661] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1330.556292][T19661] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1331.341962][T16380] Bluetooth: hci1: command tx timeout [ 1331.370490][T19661] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1331.507815][T19661] 8021q: adding VLAN 0 to HW filter on device team0 [ 1331.557450][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 1331.564938][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1331.609848][ T9122] bridge0: port 2(bridge_slave_1) entered blocking state [ 1331.617546][ T9122] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1332.679235][T19772] netlink: 'syz.8.4547': attribute type 2 has an invalid length. [ 1332.687620][T19772] netlink: 'syz.8.4547': attribute type 1 has an invalid length. [ 1332.695511][T19772] netlink: 'syz.8.4547': attribute type 8 has an invalid length. [ 1332.703665][T19772] netlink: 44 bytes leftover after parsing attributes in process `syz.8.4547'. [ 1333.184506][T19661] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1333.416913][T16380] Bluetooth: hci1: command tx timeout [ 1334.100938][T19794] netlink: 'syz.5.4555': attribute type 10 has an invalid length. [ 1334.131295][T19794] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 1335.109083][ T5878] usb 10-1: new high-speed USB device number 26 using dummy_hcd [ 1335.166788][T19661] veth0_vlan: entered promiscuous mode [ 1335.263007][T19661] veth1_vlan: entered promiscuous mode [ 1335.287890][ T5878] usb 10-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 1335.298141][ T5878] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1335.368717][ T5878] usb 10-1: config 0 descriptor?? [ 1336.492973][T19661] veth0_macvtap: entered promiscuous mode [ 1336.520842][T19661] veth1_macvtap: entered promiscuous mode [ 1336.760228][T19661] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1336.770972][ T5878] usb 10-1: Cannot set autoneg [ 1336.780216][ T5878] MOSCHIP usb-ethernet driver 10-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 1336.835843][ T5878] usb 10-1: USB disconnect, device number 26 [ 1336.869481][T19661] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1337.191642][ T9100] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1337.218980][ T53] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1337.293421][ T53] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1337.381731][ T53] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1339.608984][T19854] loop9: detected capacity change from 0 to 32768 [ 1339.618346][T19854] btrfs: Deprecated parameter 'usebackuproot' [ 1339.624719][T19854] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 1339.640929][T19854] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop9 (7:9) scanned by syz.9.4576 (19854) [ 1339.677689][T19854] BTRFS info (device loop9): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1339.689584][T19854] BTRFS info (device loop9): using sha256 (sha256-lib) checksum algorithm [ 1339.698546][T19854] workqueue: max_active 40574 requested for btrfs-worker is out of range, clamping between 1 and 2048 [ 1339.717948][T19854] workqueue: max_active 40574 requested for btrfs-delalloc is out of range, clamping between 1 and 2048 [ 1339.739673][T19854] workqueue: max_active 40574 requested for btrfs-endio is out of range, clamping between 1 and 2048 [ 1339.764262][T19854] workqueue: max_active 40574 requested for btrfs-endio-meta is out of range, clamping between 1 and 2048 [ 1339.778162][T19854] workqueue: max_active 40574 requested for btrfs-rmw is out of range, clamping between 1 and 2048 [ 1339.803715][T19854] workqueue: max_active 40574 requested for btrfs-endio-write is out of range, clamping between 1 and 2048 [ 1339.835529][T19854] workqueue: max_active 40574 requested for btrfs-compressed-write is out of range, clamping between 1 and 2048 [ 1339.928111][T19854] BTRFS info (device loop9): rebuilding free space tree [ 1339.959202][T19854] BTRFS info (device loop9): setting nodatasum [ 1339.966088][T19854] BTRFS info (device loop9): enabling ssd optimizations [ 1339.973329][T19854] BTRFS info (device loop9): disabling tree log [ 1339.979746][T19854] BTRFS info (device loop9): enabling free space tree [ 1339.986757][T19854] BTRFS info (device loop9): force clearing of disk cache [ 1339.994204][T19854] BTRFS info (device loop9): doing ref verification [ 1340.000974][T19854] BTRFS info (device loop9): trying to use backup root at mount time [ 1340.447801][T10107] BTRFS info (device loop9): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1343.010034][T19914] loop9: detected capacity change from 0 to 512 [ 1343.088300][T19914] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode [ 1343.231736][T19914] EXT4-fs (loop9): 1 truncate cleaned up [ 1343.239601][T19914] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1343.546628][T19914] EXT4-fs warning (device loop9): ext4_block_to_path:107: block 1937076852 > max in inode 13 [ 1343.622008][ T30] audit: type=1800 audit(1600.656:201): pid=19914 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.4585" name="file0" dev="loop9" ino=13 res=0 errno=0 [ 1343.688744][T10107] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1344.496767][ T3669] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1344.505616][ T3669] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1344.678805][T19942] 9pnet: p9_errstr2errno: server reported unknown error fs [ 1344.846813][ T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1344.855482][ T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1346.097957][T19971] syz.9.4612: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 1346.113805][T19971] CPU: 0 UID: 0 PID: 19971 Comm: syz.9.4612 Tainted: G W syzkaller #0 PREEMPT(none) [ 1346.113985][T19971] Tainted: [W]=WARN [ 1346.114038][T19971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 1346.114124][T19971] Call Trace: [ 1346.114179][T19971] [ 1346.114231][T19971] __dump_stack+0x26/0x30 [ 1346.114416][T19971] dump_stack_lvl+0x1df/0x270 [ 1346.114599][T19971] dump_stack+0x1e/0x25 [ 1346.114761][T19971] warn_alloc+0x470/0x690 [ 1346.114935][T19971] ? kmsan_get_metadata+0xfb/0x160 [ 1346.115116][T19971] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1346.115297][T19971] __vmalloc_node_range_noprof+0x133/0x2360 [ 1346.115458][T19971] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1346.115636][T19971] ? should_fail_ex+0x45/0x8a0 [ 1346.115780][T19971] ? kmsan_get_metadata+0xfb/0x160 [ 1346.115943][T19971] ? kmsan_get_metadata+0xfb/0x160 [ 1346.116106][T19971] ? kmsan_get_metadata+0xfb/0x160 [ 1346.116266][T19971] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1346.116449][T19971] ? kmsan_get_metadata+0xfb/0x160 [ 1346.116619][T19971] vmalloc_user_noprof+0xce/0x140 [ 1346.116757][T19971] ? xskq_create+0x11d/0x290 [ 1346.116914][T19971] xskq_create+0x11d/0x290 [ 1346.117071][T19971] xsk_init_queue+0xfd/0x1d0 [ 1346.117221][T19971] xsk_setsockopt+0x968/0xfe0 [ 1346.117380][T19971] ? __pfx_xsk_setsockopt+0x10/0x10 [ 1346.117518][T19971] __sys_setsockopt+0x43e/0x580 [ 1346.117723][T19971] __x64_sys_setsockopt+0xf4/0x1a0 [ 1346.117923][T19971] x64_sys_call+0x27c9/0x3e20 [ 1346.118113][T19971] do_syscall_64+0xd9/0x210 [ 1346.118246][T19971] ? irqentry_exit+0x16/0x60 [ 1346.118430][T19971] ? clear_bhb_loop+0x40/0x90 [ 1346.118587][T19971] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1346.118735][T19971] RIP: 0033:0x7fa17838eba9 [ 1346.118842][T19971] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1346.118968][T19971] RSP: 002b:00007fa179303038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1346.119102][T19971] RAX: ffffffffffffffda RBX: 00007fa1785d5fa0 RCX: 00007fa17838eba9 [ 1346.119206][T19971] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000004 [ 1346.119294][T19971] RBP: 00007fa178411e19 R08: 0000000000000004 R09: 0000000000000000 [ 1346.119395][T19971] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000 [ 1346.119487][T19971] R13: 00007fa1785d6038 R14: 00007fa1785d5fa0 R15: 00007fff28f1b218 [ 1346.119620][T19971] [ 1346.366448][T19971] Mem-Info: [ 1346.371402][T19971] active_anon:4185 inactive_anon:1 isolated_anon:0 [ 1346.371402][T19971] active_file:17008 inactive_file:41034 isolated_file:0 [ 1346.371402][T19971] unevictable:768 dirty:400 writeback:0 [ 1346.371402][T19971] slab_reclaimable:4505 slab_unreclaimable:25746 [ 1346.371402][T19971] mapped:29568 shmem:1519 pagetables:1472 [ 1346.371402][T19971] sec_pagetables:0 bounce:0 [ 1346.371402][T19971] kernel_misc_reclaimable:0 [ 1346.371402][T19971] free:339698 free_pcp:23264 free_cma:0 [ 1346.390452][T19974] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4613'. [ 1346.417074][T19971] Node 0 active_anon:16876kB inactive_anon:4kB active_file:68032kB inactive_file:163936kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:118272kB dirty:1600kB writeback:0kB shmem:4540kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:5120kB pagetables:5540kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1346.417400][T19971] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:32kB pagetables:348kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1346.417699][T19971] Node 0 DMA free:4080kB boost:0kB min:164kB low:204kB high:244kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1346.418055][T19971] lowmem_reserve[]: 0 928 1241 1241 1241 [ 1346.418349][T19971] Node 0 DMA32 free:474020kB boost:0kB min:36820kB low:46024kB high:55228kB reserved_highatomic:0KB free_highatomic:0KB active_anon:2100kB inactive_anon:4kB active_file:63412kB inactive_file:67704kB unevictable:0kB writepending:428kB present:3129332kB managed:951024kB mlocked:0kB bounce:0kB free_pcp:45628kB local_pcp:22572kB free_cma:0kB [ 1346.559452][T19971] lowmem_reserve[]: 0 0 312 312 312 [ 1346.572417][T19971] Node 0 Normal free:19680kB boost:4096kB min:17112kB low:20364kB high:23616kB reserved_highatomic:0KB free_highatomic:0KB active_anon:14776kB inactive_anon:0kB active_file:4620kB inactive_file:96232kB unevictable:1536kB writepending:1172kB present:1048580kB managed:320476kB mlocked:0kB bounce:0kB free_pcp:10468kB local_pcp:5648kB free_cma:0kB [ 1346.606117][T19971] lowmem_reserve[]: 0 0 0 0 0 [ 1346.612905][T19971] Node 1 Normal free:861012kB boost:0kB min:40100kB low:50124kB high:60148kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194300kB managed:987120kB mlocked:0kB bounce:0kB free_pcp:36788kB local_pcp:21400kB free_cma:0kB [ 1346.644638][T19971] lowmem_reserve[]: 0 0 0 0 0 [ 1346.649987][T19971] Node 0 DMA: 0*4kB 0*8kB 1*16kB (U) 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 1*1024kB (U) 1*2048kB (U) 0*4096kB = 4080kB [ 1346.666012][T19971] Node 0 DMA32: 34*4kB (ME) 3*8kB (ME) 62*16kB (UME) 33*32kB (UME) 104*64kB (UME) 162*128kB (UME) 432*256kB (UME) 264*512kB (UME) 192*1024kB (UME) 1*2048kB (M) 0*4096kB = 474016kB [ 1346.688308][T19971] Node 0 Normal: 478*4kB (ME) 271*8kB (ME) 151*16kB (UME) 68*32kB (UME) 48*64kB (UME) 18*128kB (UME) 10*256kB (ME) 2*512kB (UM) 0*1024kB 1*2048kB (M) 0*4096kB = 19680kB [ 1346.708097][T19971] Node 1 Normal: 9*4kB (UME) 6*8kB (UE) 8*16kB (UME) 8*32kB (UME) 22*64kB (UME) 14*128kB (UME) 9*256kB (UM) 4*512kB (U) 9*1024kB (UME) 4*2048kB (U) 204*4096kB (UM) = 861012kB [ 1346.728277][T19971] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1346.738132][T19971] Node 0 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 1346.747869][T19971] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1346.757705][T19971] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 1346.761107][T19974] team0 (unregistering): Port device team_slave_0 removed [ 1346.767361][T19971] 59491 total pagecache pages [ 1346.782668][T19971] 1 pages in swap cache [ 1346.786961][T19971] Free swap = 124992kB [ 1346.791373][T19971] Total swap = 124996kB [ 1346.795664][T19971] 2097051 pages RAM [ 1346.799733][T19971] 0 pages HighMem/MovableOnly [ 1346.804529][T19971] 1531372 pages reserved [ 1346.808901][T19971] 0 pages cma reserved [ 1346.882078][T19974] team0 (unregistering): Port device team_slave_1 removed [ 1347.279273][ T9102] unregister_netdevice: waiting for batadv_slave_0 to become free. Usage count = 2 [ 1347.292545][ T9102] ref_tracker: netdev@ffff88804de36558 has 1/1 users at [ 1347.292545][ T9102] batadv_hard_if_event+0x13ca/0x30c0 [ 1347.292545][ T9102] raw_notifier_call_chain+0xdd/0x410 [ 1347.292545][ T9102] call_netdevice_notifiers_info+0x1ac/0x2b0 [ 1347.292545][ T9102] register_netdevice+0x22d4/0x25d0 [ 1347.292545][ T9102] veth_newlink+0xcfe/0x1630 [ 1347.292545][ T9102] rtnl_newlink_create+0x419/0x1250 [ 1347.292545][ T9102] rtnl_newlink+0x2f13/0x3a90 [ 1347.292545][ T9102] rtnetlink_rcv_msg+0x106f/0x14b0 [ 1347.292545][ T9102] netlink_rcv_skb+0x54a/0x680 [ 1347.292545][ T9102] rtnetlink_rcv+0x35/0x40 [ 1347.292545][ T9102] netlink_unicast+0xf01/0x12b0 [ 1347.292545][ T9102] netlink_sendmsg+0x10b3/0x1250 [ 1347.292545][ T9102] __sock_sendmsg+0x330/0x3d0 [ 1347.292545][ T9102] __sys_sendto+0x593/0x720 [ 1347.292545][ T9102] __x64_sys_sendto+0x130/0x200 [ 1347.292545][ T9102] x64_sys_call+0x3910/0x3e20 [ 1347.292545][ T9102] [ 1347.455433][T19979] netlink: 27 bytes leftover after parsing attributes in process `syz.8.4615'. [ 1348.335150][T19981] loop2: detected capacity change from 0 to 40427 [ 1348.364004][T19981] F2FS-fs (loop2): invalid crc value [ 1348.691901][T19981] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 1348.720256][T19981] F2FS-fs (loop2): Start checkpoint disabled! [ 1348.754281][T19981] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 1348.802299][ T30] audit: type=1800 audit(1605.888:202): pid=19981 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.4616" name="file1" dev="loop2" ino=10 res=0 errno=0 [ 1348.893456][ T9112] kworker/u8:8: attempt to access beyond end of device [ 1348.893456][ T9112] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 1348.909574][ T9112] CPU: 1 UID: 0 PID: 9112 Comm: kworker/u8:8 Tainted: G W syzkaller #0 PREEMPT(none) [ 1348.909745][ T9112] Tainted: [W]=WARN [ 1348.909796][ T9112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 1348.909902][ T9112] Workqueue: writeback wb_workfn (flush-7:2) [ 1348.910121][ T9112] Call Trace: [ 1348.910173][ T9112] [ 1348.910228][ T9112] __dump_stack+0x26/0x30 [ 1348.910384][ T9112] dump_stack_lvl+0x1df/0x270 [ 1348.910557][ T9112] dump_stack+0x1e/0x25 [ 1348.910709][ T9112] f2fs_handle_critical_error+0xa6f/0xc20 [ 1348.910940][ T9112] f2fs_stop_checkpoint+0x65/0x80 [ 1348.911075][ T9112] f2fs_write_end_io+0x101c/0x1bc0 [ 1348.911267][ T9112] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 1348.911402][ T9112] bio_endio+0xeb1/0x1010 [ 1348.911559][ T9112] submit_bio_noacct+0x213/0x2750 [ 1348.911772][ T9112] submit_bio+0x57c/0x630 [ 1348.911939][ T9112] f2fs_submit_write_bio+0x92/0x250 [ 1348.912127][ T9112] __submit_merged_bio+0x16f/0x6a0 [ 1348.912309][ T9112] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1348.912484][ T9112] __submit_merged_write_cond+0x458/0x9a0 [ 1348.912695][ T9112] f2fs_write_data_pages+0x4bb2/0x5480 [ 1348.912969][ T9112] ? t_next+0x2c0/0x460 [ 1348.913141][ T9112] ? kmsan_get_metadata+0xfb/0x160 [ 1348.913301][ T9112] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1348.913477][ T9112] ? __update_load_avg_cfs_rq+0xd7f/0x1010 [ 1348.913678][ T9112] ? kmsan_get_metadata+0xfb/0x160 [ 1348.913837][ T9112] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1348.914014][ T9112] ? __rb_insert_augmented+0x80/0x11b0 [ 1348.914211][ T9112] ? __pfx_min_vruntime_cb_rotate+0x10/0x10 [ 1348.914361][ T9112] ? kmsan_get_metadata+0xfb/0x160 [ 1348.914519][ T9112] ? kmsan_get_metadata+0xfb/0x160 [ 1348.914677][ T9112] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1348.914857][ T9112] ? kmsan_get_metadata+0xfb/0x160 [ 1348.915018][ T9112] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1348.915189][ T9112] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 1348.915329][ T9112] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 1348.915469][ T9112] do_writepages+0x3ef/0x860 [ 1348.915612][ T9112] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1348.915789][ T9112] ? writeback_sb_inodes+0x21/0x1cb0 [ 1348.915935][ T9112] ? kmsan_get_metadata+0xfb/0x160 [ 1348.916120][ T9112] __writeback_single_inode+0x101/0x1190 [ 1348.916286][ T9112] ? kmsan_get_metadata+0xfb/0x160 [ 1348.916465][ T9112] writeback_sb_inodes+0xac1/0x1cb0 [ 1348.916706][ T9112] ? kmsan_get_metadata+0xfb/0x160 [ 1348.916909][ T9112] wb_writeback+0x4ce/0xc00 [ 1348.917073][ T9112] ? queue_io+0x4c1/0x790 [ 1348.917233][ T9112] wb_workfn+0x397/0x1910 [ 1348.917421][ T9112] ? kmsan_get_metadata+0xfb/0x160 [ 1348.917608][ T9112] ? __pfx_wb_workfn+0x10/0x10 [ 1348.917793][ T9112] process_scheduled_works+0xb8e/0x1d80 [ 1348.918051][ T9112] worker_thread+0xedf/0x1590 [ 1348.918284][ T9112] kthread+0xd59/0xf00 [ 1348.918421][ T9112] ? __pfx_worker_thread+0x10/0x10 [ 1348.918639][ T9112] ? __pfx_kthread+0x10/0x10 [ 1348.918779][ T9112] ret_from_fork+0x233/0x380 [ 1348.918920][ T9112] ? __pfx_kthread+0x10/0x10 [ 1348.919062][ T9112] ret_from_fork_asm+0x1a/0x30 [ 1348.919277][ T9112] [ 1349.226240][ T9112] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 1350.561676][T20011] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 1350.569164][T20011] overlayfs: failed to set xattr on upper [ 1350.575017][T20011] overlayfs: ...falling back to redirect_dir=nofollow. [ 1350.582320][T20011] overlayfs: ...falling back to index=off. [ 1350.588516][T20011] overlayfs: ...falling back to xino=off. [ 1350.594499][T20011] overlayfs: conflicting lowerdir path [ 1350.907571][ T5878] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 1351.068722][ T5878] usb 7-1: Using ep0 maxpacket: 8 [ 1351.108030][ T5878] usb 7-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 1351.117582][ T5878] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1351.125783][ T5878] usb 7-1: Product: syz [ 1351.130290][ T5878] usb 7-1: Manufacturer: syz [ 1351.135064][ T5878] usb 7-1: SerialNumber: syz [ 1351.199807][ T5878] usb 7-1: config 0 descriptor?? [ 1351.471144][ T5878] usb 7-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 1351.893262][ T5878] dvb_usb_rtl28xxu 7-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 1351.941356][ T5878] usb 7-1: USB disconnect, device number 14 [ 1352.077180][T20027] loop8: detected capacity change from 0 to 512 [ 1352.175463][T20027] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1352.273382][T20027] EXT4-fs error (device loop8): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 1352.339176][T20027] EXT4-fs (loop8): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 3 with error 28 [ 1352.352205][T20027] EXT4-fs (loop8): This should not happen!! Data will be lost [ 1352.352205][T20027] [ 1352.362212][T20027] EXT4-fs (loop8): Total free blocks count 0 [ 1352.368540][T20027] EXT4-fs (loop8): Free/Dirty block details [ 1352.374597][T20027] EXT4-fs (loop8): free_blocks=65280 [ 1352.380404][T20027] EXT4-fs (loop8): dirty_blocks=3 [ 1352.385601][T20027] EXT4-fs (loop8): Block reservation details [ 1352.392014][T20027] EXT4-fs (loop8): i_reserved_data_blocks=3 [ 1352.575064][T20037] netlink: 27 bytes leftover after parsing attributes in process `syz.2.4638'. [ 1352.719017][T14977] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1354.782056][T20059] loop9: detected capacity change from 0 to 32768 [ 1354.791210][T20059] btrfs: Deprecated parameter 'usebackuproot' [ 1354.797617][T20059] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 1354.807565][T20059] btrfs: Deprecated parameter 'usebackuproot' [ 1354.813818][T20059] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 1354.828305][T20059] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop9 (7:9) scanned by syz.9.4648 (20059) [ 1354.851240][T20059] BTRFS info (device loop9): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1354.865662][T20059] BTRFS info (device loop9): using sha256 (sha256-lib) checksum algorithm [ 1354.875829][T20059] workqueue: max_active 40574 requested for btrfs-worker is out of range, clamping between 1 and 2048 [ 1354.911693][T20059] workqueue: max_active 40574 requested for btrfs-delalloc is out of range, clamping between 1 and 2048 [ 1354.938989][T20059] workqueue: max_active 40574 requested for btrfs-endio is out of range, clamping between 1 and 2048 [ 1354.980373][T20059] workqueue: max_active 40574 requested for btrfs-endio-meta is out of range, clamping between 1 and 2048 [ 1355.004845][T20057] loop2: detected capacity change from 0 to 4096 [ 1355.006160][T20059] workqueue: max_active 40574 requested for btrfs-rmw is out of range, clamping between 1 and 2048 [ 1355.024123][T20059] workqueue: max_active 40574 requested for btrfs-endio-write is out of range, clamping between 1 and 2048 [ 1355.041257][T20059] workqueue: max_active 40574 requested for btrfs-compressed-write is out of range, clamping between 1 and 2048 [ 1355.085314][T20057] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [ 1355.261438][T20059] BTRFS info (device loop9): rebuilding free space tree [ 1355.302010][T20059] BTRFS info (device loop9): setting nodatasum [ 1355.308796][T20059] BTRFS info (device loop9): enabling ssd optimizations [ 1355.316062][T20059] BTRFS info (device loop9): enabling free space tree [ 1355.323002][T20059] BTRFS info (device loop9): force clearing of disk cache [ 1355.330786][T20059] BTRFS info (device loop9): doing ref verification [ 1355.337844][T20059] BTRFS info (device loop9): trying to use backup root at mount time [ 1355.432697][T20063] loop6: detected capacity change from 0 to 4096 [ 1355.577398][T10107] BTRFS info (device loop9): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1355.684947][T20057] ntfs3(loop2): ino=1a, mi_enum_attr [ 1355.690636][T20057] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 1356.102881][ T30] audit: type=1800 audit(1613.192:203): pid=20063 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.4650" name="file1" dev="loop6" ino=33 res=0 errno=0 [ 1356.146604][ T30] audit: type=1804 audit(1613.242:204): pid=20063 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.4650" name="/newroot/8/file1/file1" dev="loop6" ino=33 res=1 errno=0 [ 1358.054521][T20099] loop6: detected capacity change from 0 to 32768 [ 1360.664036][T20141] loop8: detected capacity change from 0 to 1024 [ 1360.697321][T20141] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1360.705078][T20141] EXT4-fs: Ignoring removed nobh option [ 1360.710845][T20141] EXT4-fs: Ignoring removed bh option [ 1360.871711][T20141] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1361.134429][T20150] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4680'. [ 1361.363848][T14977] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1362.150153][T20155] loop6: detected capacity change from 0 to 32768 [ 1362.274974][T20155] XFS (loop6): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 1362.657122][T20155] XFS (loop6): Ending clean mount [ 1362.693202][T20155] XFS (loop6): Quotacheck needed: Please wait. [ 1362.761922][T20155] XFS (loop6): Quotacheck: Done. [ 1362.779238][T20157] loop9: detected capacity change from 0 to 32768 [ 1362.935481][T20157] XFS (loop9): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 1362.980254][T19661] XFS (loop6): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 1363.233459][T20157] XFS (loop9): Ending clean mount [ 1363.244857][T20157] XFS (loop9): Quotacheck needed: Please wait. [ 1363.299295][T20157] XFS (loop9): Quotacheck: Done. [ 1363.499011][T10107] XFS (loop9): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 1364.408593][T20194] loop2: detected capacity change from 0 to 128 [ 1364.492390][T20194] EXT4-fs: Ignoring removed nobh option [ 1364.593069][T20194] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1365.009059][T11862] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1365.180258][ T5877] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 1365.427355][ T5877] usb 7-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 1365.436987][ T5877] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1365.446110][ T5877] usb 7-1: Product: syz [ 1365.450849][ T5877] usb 7-1: Manufacturer: syz [ 1365.455615][ T5877] usb 7-1: SerialNumber: syz [ 1365.662040][T20219] input: syz0 as /devices/virtual/input/input44 [ 1366.792665][ T5877] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x0000011c. ret = -EPROTO [ 1366.805107][ T5877] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 1366.815491][ T5877] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 1366.920339][ T5877] lan78xx 7-1:1.0: probe with driver lan78xx failed with error -71 [ 1367.084705][ T5877] usb 7-1: USB disconnect, device number 15 [ 1368.063428][T20236] loop9: detected capacity change from 0 to 32768 [ 1368.133083][T20236] XFS (loop9): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 1368.372981][T20236] XFS (loop9): Ending clean mount [ 1368.932511][T10107] XFS (loop9): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 1369.040539][T20258] loop8: detected capacity change from 0 to 32768 [ 1369.052749][T20258] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop8 (7:8) scanned by syz.8.4716 (20258) [ 1369.079529][T20258] BTRFS info (device loop8): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1369.093395][T20258] BTRFS info (device loop8): using sha256 (sha256-lib) checksum algorithm [ 1369.265503][T20258] BTRFS info (device loop8): rebuilding free space tree [ 1369.305026][T20258] BTRFS info (device loop8): disabling free space tree [ 1369.312486][T20258] BTRFS info (device loop8): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 1369.322429][T20258] BTRFS info (device loop8): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 1369.359439][T20258] BTRFS info (device loop8): enabling ssd optimizations [ 1369.366586][T20258] BTRFS info (device loop8): force clearing of disk cache [ 1369.374222][T20258] BTRFS info (device loop8): enabling auto defrag [ 1369.381023][T20258] BTRFS info (device loop8): doing ref verification [ 1369.429734][ T30] audit: type=1800 audit(1626.559:205): pid=20258 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.4716" name="file1" dev="loop8" ino=260 res=0 errno=0 [ 1369.670720][T14977] BTRFS info (device loop8): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1370.030975][T20286] macsec1: entered promiscuous mode [ 1370.036383][T20286] macsec1: entered allmulticast mode [ 1371.652576][T20299] loop6: detected capacity change from 0 to 32768 [ 1371.719513][T20299] XFS (loop6): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 1371.992127][T20299] XFS (loop6): Ending clean mount [ 1372.120465][T19661] XFS (loop6): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 1373.592040][T20334] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4734'. [ 1375.012465][T20344] loop6: detected capacity change from 0 to 32768 [ 1375.219666][T20344] bcachefs (loop6): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,str_hash=crc32c,noacl,usrquota,grpquota,nojournal_transaction_names,allocator_stuck_timeout=256 [ 1375.219819][T20344] allowing incompatible features above 0.0: (unknown version) [ 1375.219912][T20344] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 1375.267164][T20344] bcachefs (loop6): Using encoding defined by superblock: utf8-12.1.0 [ 1375.275664][T20344] bcachefs (loop6): initializing new filesystem [ 1375.294416][T20344] bcachefs (loop6): going read-write [ 1375.324218][T20344] bcachefs (loop6): marking superblocks [ 1375.377545][T20344] bcachefs (loop6): initializing freespace [ 1375.404104][T20344] bcachefs (loop6): done initializing freespace [ 1375.425763][T20344] bcachefs (loop6): reading snapshots table [ 1375.435440][T20344] bcachefs (loop6): reading snapshots done [ 1375.606449][T20344] bcachefs (loop6): done starting filesystem [ 1375.756467][ T30] audit: type=1800 audit(1632.872:206): pid=20344 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.4744" name="file1" dev="loop6" ino=4098 res=0 errno=0 [ 1375.776848][ C0] vkms_vblank_simulate: vblank timer overrun [ 1375.906765][T19661] bcachefs (loop6): shutting down [ 1375.912073][T19661] bcachefs (loop6): going read-only [ 1375.954927][T19661] bcachefs (loop6): finished waiting for writes to stop [ 1375.973990][T19661] bcachefs (loop6): flushing journal and stopping allocators, journal seq 3 [ 1376.170082][T19661] bcachefs (loop6): flushing journal and stopping allocators complete, journal seq 3 [ 1376.199417][T19661] bcachefs (loop6): clean shutdown complete, journal seq 4 [ 1376.228354][T19661] bcachefs (loop6): marking filesystem clean [ 1376.356467][T19661] bcachefs (loop6): shutdown complete [ 1377.364314][T20391] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1377.414759][T20392] netlink: 'syz.9.4760': attribute type 39 has an invalid length. [ 1377.440372][T20392] bridge0: port 1(bridge_slave_0) entered disabled state [ 1377.551780][T20392] bridge_slave_0 (unregistering): left allmulticast mode [ 1377.559232][T20392] bridge_slave_0 (unregistering): left promiscuous mode [ 1377.566778][T20392] bridge0: port 1(bridge_slave_0) entered disabled state [ 1379.386712][T20402] loop2: detected capacity change from 0 to 40427 [ 1379.442236][T20402] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 1379.450373][T20402] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 1379.485042][T20400] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1379.494210][T20400] overlayfs: missing 'lowerdir' [ 1379.578226][T20402] F2FS-fs (loop2): invalid crc value [ 1379.909435][T20402] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 1379.931294][T20402] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 1379.942204][T20402] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 1380.056754][T20402] syz.2.4764: attempt to access beyond end of device [ 1380.056754][T20402] loop2: rw=34817, sector=77824, nr_sectors = 2048 limit=40427 [ 1380.268714][T11862] syz-executor: attempt to access beyond end of device [ 1380.268714][T11862] loop2: rw=2051, sector=77824, nr_sectors = 2560 limit=40427 [ 1380.303278][T11862] F2FS-fs (loop2): Issue discard(9728, 9728, 320) failed, ret: -5 [ 1383.348176][T20458] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4783'. [ 1383.855059][T20468] hsr0: entered promiscuous mode [ 1383.893538][T20468] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4788'. [ 1385.001314][T20488] netlink: 'syz.2.4798': attribute type 1 has an invalid length. [ 1385.108733][T20488] bond1: entered promiscuous mode [ 1385.115450][T20488] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1385.833427][T20487] loop6: detected capacity change from 0 to 40427 [ 1385.913466][T20487] F2FS-fs (loop6): build fault injection rate: 14 [ 1385.920410][T20487] F2FS-fs (loop6): build fault injection type: 0x3bfe8c [ 1385.931857][T20487] F2FS-fs (loop6): invalid crc value [ 1386.057368][ C1] F2FS-fs (loop6): inject read IO error in f2fs_read_end_io of bio_endio+0xeb1/0x1010 [ 1386.084315][ C1] F2FS-fs (loop6): inject read IO error in f2fs_read_end_io of bio_endio+0xeb1/0x1010 [ 1386.375127][T20487] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 1386.387867][T20487] F2FS-fs (loop6): inject page alloc in f2fs_grab_cache_folio of f2fs_get_tmp_folio+0x38/0x50 [ 1386.403312][T20487] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 1386.430300][T20492] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1386.439029][T20492] bond1: (slave ip6gre1): The slave device specified does not support setting the MAC address [ 1386.450623][T20492] bond1: (slave ip6gre1): Setting fail_over_mac to active for active-backup mode [ 1386.474634][T20492] bond1: (slave ip6gre1): making interface the new active one [ 1386.485597][T20492] ip6gre1: entered promiscuous mode [ 1386.499397][T20492] bond1: (slave ip6gre1): Enslaving as an active interface with an up link [ 1386.511411][T20487] F2FS-fs (loop6): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x831/0x19b0 [ 1386.531043][T20487] F2FS-fs (loop6): inject dquot initialize in f2fs_dquot_initialize of f2fs_unlink+0x132/0xef0 [ 1386.686182][T19661] syz-executor: attempt to access beyond end of device [ 1386.686182][T19661] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 1386.703855][T19661] CPU: 1 UID: 0 PID: 19661 Comm: syz-executor Tainted: G W syzkaller #0 PREEMPT(none) [ 1386.704041][T19661] Tainted: [W]=WARN [ 1386.704095][T19661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 1386.704181][T19661] Call Trace: [ 1386.704235][T19661] [ 1386.704286][T19661] __dump_stack+0x26/0x30 [ 1386.704460][T19661] dump_stack_lvl+0x1df/0x270 [ 1386.704640][T19661] dump_stack+0x1e/0x25 [ 1386.704797][T19661] f2fs_handle_critical_error+0xa6f/0xc20 [ 1386.705040][T19661] f2fs_stop_checkpoint+0x65/0x80 [ 1386.705182][T19661] f2fs_write_end_io+0x101c/0x1bc0 [ 1386.705375][T19661] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 1386.705518][T19661] bio_endio+0xeb1/0x1010 [ 1386.705683][T19661] submit_bio_noacct+0x213/0x2750 [ 1386.705906][T19661] submit_bio+0x57c/0x630 [ 1386.706077][T19661] f2fs_submit_write_bio+0x92/0x250 [ 1386.706266][T19661] __submit_merged_bio+0x16f/0x6a0 [ 1386.706451][T19661] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1386.706629][T19661] __submit_merged_write_cond+0x458/0x9a0 [ 1386.706844][T19661] f2fs_write_data_pages+0x4bb2/0x5480 [ 1386.707134][T19661] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1386.707306][T19661] ? folios_put_refs+0x1/0xb10 [ 1386.707492][T19661] ? filter_irq_stacks+0x49/0x190 [ 1386.707627][T19661] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1386.707802][T19661] ? stack_depot_save_flags+0x35/0x7b0 [ 1386.707954][T19661] ? kmsan_get_metadata+0xfb/0x160 [ 1386.708125][T19661] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 1386.708287][T19661] ? kmsan_get_metadata+0xfb/0x160 [ 1386.708447][T19661] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1386.708612][T19661] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 1386.708755][T19661] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 1386.708901][T19661] do_writepages+0x3ef/0x860 [ 1386.709052][T19661] ? _raw_spin_unlock+0x30/0x50 [ 1386.709214][T19661] ? wbc_attach_and_unlock_inode+0x131/0x680 [ 1386.709427][T19661] filemap_fdatawrite+0x207/0x260 [ 1386.709663][T19661] f2fs_sync_dirty_inodes+0x2ab/0x9e0 [ 1386.709846][T19661] f2fs_write_checkpoint+0xfe2/0x2b00 [ 1386.710131][T19661] kill_f2fs_super+0x2ff/0x970 [ 1386.710306][T19661] ? __pfx_kill_f2fs_super+0x10/0x10 [ 1386.710461][T19661] deactivate_locked_super+0xcb/0x3c0 [ 1386.710638][T19661] deactivate_super+0x12f/0x140 [ 1386.710795][T19661] cleanup_mnt+0x6fb/0x780 [ 1386.710987][T19661] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 1386.711153][T19661] ? __pfx___cleanup_mnt+0x10/0x10 [ 1386.711342][T19661] __cleanup_mnt+0x22/0x30 [ 1386.711525][T19661] task_work_run+0x206/0x2b0 [ 1386.711694][T19661] exit_to_user_mode_loop+0x2a6/0x330 [ 1386.711887][T19661] do_syscall_64+0x1e3/0x210 [ 1386.712022][T19661] ? irqentry_exit+0x16/0x60 [ 1386.712194][T19661] ? clear_bhb_loop+0x40/0x90 [ 1386.712347][T19661] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1386.712493][T19661] RIP: 0033:0x7fb49018fed7 [ 1386.712598][T19661] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 1386.712721][T19661] RSP: 002b:00007ffd069befc8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 1386.712854][T19661] RAX: 0000000000000000 RBX: 00007fb490211c05 RCX: 00007fb49018fed7 [ 1386.712955][T19661] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd069bf080 [ 1386.713042][T19661] RBP: 00007ffd069bf080 R08: 0000000000000000 R09: 0000000000000000 [ 1386.713131][T19661] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd069c0110 [ 1386.713225][T19661] R13: 00007fb490211c05 R14: 00000000001522be R15: 00007ffd069c0150 [ 1386.713356][T19661] [ 1387.066866][T19661] F2FS-fs (loop6): Stopped filesystem due to reason: 3 [ 1388.116456][T20506] loop2: detected capacity change from 0 to 4096 [ 1388.238209][T20506] NILFS (loop2): invalid segment: Checksum error in segment payload [ 1388.246751][T20506] NILFS (loop2): trying rollback from an earlier position [ 1388.562101][T20506] NILFS (loop2): recovery complete [ 1388.652747][T20510] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1389.538943][ T5878] usb 10-1: new full-speed USB device number 27 using dummy_hcd [ 1389.798365][ T5878] usb 10-1: unable to get BOS descriptor or descriptor too short [ 1389.810724][ T5878] usb 10-1: not running at top speed; connect to a high speed hub [ 1389.883004][ T5878] usb 10-1: config 4 has an invalid interface number: 147 but max is 0 [ 1389.891717][ T5878] usb 10-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 1389.902366][ T5878] usb 10-1: config 4 has no interface number 0 [ 1390.015795][ T5878] usb 10-1: string descriptor 0 read error: -22 [ 1390.023725][ T5878] usb 10-1: New USB device found, idVendor=04f2, idProduct=b746, bcdDevice=8e.6e [ 1390.033211][ T5878] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1390.148110][ T5878] usb 10-1: Found UVC 0.00 device (04f2:b746) [ 1390.155431][ T5878] usb 10-1: No valid video chain found. [ 1390.306195][T20524] netlink: 4 bytes leftover after parsing attributes in process `syz.8.4810'. [ 1390.362598][ T5878] usb 10-1: USB disconnect, device number 27 [ 1391.597057][T20531] loop6: detected capacity change from 0 to 40427 [ 1391.633909][T20531] F2FS-fs (loop6): build fault injection rate: 690 [ 1391.648753][T20531] F2FS-fs (loop6): invalid crc value [ 1391.938707][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 1392.014397][T20531] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 1392.059296][T20531] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 1392.132662][T20531] syz.6.4803: attempt to access beyond end of device [ 1392.132662][T20531] loop6: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 1392.147835][T20531] CPU: 1 UID: 0 PID: 20531 Comm: syz.6.4803 Tainted: G W syzkaller #0 PREEMPT(none) [ 1392.148015][T20531] Tainted: [W]=WARN [ 1392.148071][T20531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 1392.148157][T20531] Call Trace: [ 1392.148212][T20531] [ 1392.148264][T20531] __dump_stack+0x26/0x30 [ 1392.148440][T20531] dump_stack_lvl+0x1df/0x270 [ 1392.148626][T20531] dump_stack+0x1e/0x25 [ 1392.148790][T20531] f2fs_handle_critical_error+0xa6f/0xc20 [ 1392.149031][T20531] f2fs_stop_checkpoint+0x65/0x80 [ 1392.149174][T20531] f2fs_write_end_io+0x101c/0x1bc0 [ 1392.149364][T20531] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 1392.149506][T20531] bio_endio+0xeb1/0x1010 [ 1392.149677][T20531] submit_bio_noacct+0x213/0x2750 [ 1392.149905][T20531] submit_bio+0x57c/0x630 [ 1392.150081][T20531] f2fs_submit_write_bio+0x92/0x250 [ 1392.150272][T20531] __submit_merged_bio+0x16f/0x6a0 [ 1392.150453][T20531] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1392.150629][T20531] __submit_merged_write_cond+0x458/0x9a0 [ 1392.150846][T20531] f2fs_write_data_pages+0x4bb2/0x5480 [ 1392.151120][T20531] ? kmsan_get_metadata+0xfb/0x160 [ 1392.151276][T20531] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1392.151464][T20531] ? folios_put_refs+0x1/0xb10 [ 1392.151642][T20531] ? filter_irq_stacks+0x49/0x190 [ 1392.151794][T20531] ? stack_depot_save_flags+0x35/0x7b0 [ 1392.151934][T20531] ? lru_gen_add_folio+0xd66/0x1190 [ 1392.152140][T20531] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 1392.152299][T20531] ? kmsan_get_metadata+0xfb/0x160 [ 1392.152457][T20531] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1392.152623][T20531] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 1392.152766][T20531] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 1392.152906][T20531] do_writepages+0x3ef/0x860 [ 1392.153056][T20531] ? _raw_spin_unlock+0x30/0x50 [ 1392.153222][T20531] ? wbc_attach_and_unlock_inode+0x131/0x680 [ 1392.153449][T20531] filemap_fdatawrite+0x207/0x260 [ 1392.153703][T20531] f2fs_sync_dirty_inodes+0x2ab/0x9e0 [ 1392.153887][T20531] f2fs_write_checkpoint+0xfe2/0x2b00 [ 1392.154162][T20531] f2fs_issue_checkpoint+0x491/0x700 [ 1392.154321][T20531] ? kmsan_get_metadata+0xfb/0x160 [ 1392.154481][T20531] ? kmsan_get_metadata+0xfb/0x160 [ 1392.154638][T20531] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 1392.154822][T20531] f2fs_sync_fs+0x1ee/0x440 [ 1392.155016][T20531] f2fs_do_sync_file+0xdcd/0x31c0 [ 1392.155294][T20531] f2fs_sync_file+0x107/0x180 [ 1392.155451][T20531] ? __pfx_f2fs_sync_file+0x10/0x10 [ 1392.155616][T20531] __x64_sys_fdatasync+0x12c/0x260 [ 1392.155819][T20531] x64_sys_call+0x3d70/0x3e20 [ 1392.156007][T20531] do_syscall_64+0xd9/0x210 [ 1392.156143][T20531] ? irqentry_exit+0x16/0x60 [ 1392.156325][T20531] ? clear_bhb_loop+0x40/0x90 [ 1392.156478][T20531] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1392.156628][T20531] RIP: 0033:0x7fb49018eba9 [ 1392.156741][T20531] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1392.156873][T20531] RSP: 002b:00007fb490fa7038 EFLAGS: 00000246 ORIG_RAX: 000000000000004b [ 1392.157011][T20531] RAX: ffffffffffffffda RBX: 00007fb4903d5fa0 RCX: 00007fb49018eba9 [ 1392.157117][T20531] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 1392.157206][T20531] RBP: 00007fb490211e19 R08: 0000000000000000 R09: 0000000000000000 [ 1392.157299][T20531] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1392.157386][T20531] R13: 00007fb4903d6038 R14: 00007fb4903d5fa0 R15: 00007ffd069bfd38 [ 1392.157520][T20531] [ 1392.508457][T20531] F2FS-fs (loop6): Stopped filesystem due to reason: 3 [ 1392.515620][T20531] CPU: 1 UID: 0 PID: 20531 Comm: syz.6.4803 Tainted: G W syzkaller #0 PREEMPT(none) [ 1392.515816][T20531] Tainted: [W]=WARN [ 1392.515878][T20531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 1392.515971][T20531] Call Trace: [ 1392.516029][T20531] [ 1392.516090][T20531] __dump_stack+0x26/0x30 [ 1392.516271][T20531] dump_stack_lvl+0x1df/0x270 [ 1392.516446][T20531] dump_stack+0x1e/0x25 [ 1392.516606][T20531] f2fs_handle_critical_error+0xa6f/0xc20 [ 1392.516848][T20531] f2fs_stop_checkpoint+0x65/0x80 [ 1392.516989][T20531] f2fs_write_end_io+0x101c/0x1bc0 [ 1392.517172][T20531] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 1392.517312][T20531] bio_endio+0xeb1/0x1010 [ 1392.517483][T20531] submit_bio_noacct+0x213/0x2750 [ 1392.517710][T20531] submit_bio+0x57c/0x630 [ 1392.517886][T20531] f2fs_submit_write_bio+0x92/0x250 [ 1392.518073][T20531] __submit_merged_bio+0x16f/0x6a0 [ 1392.518256][T20531] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1392.518437][T20531] __submit_merged_write_cond+0x458/0x9a0 [ 1392.518660][T20531] f2fs_write_data_pages+0x4bb2/0x5480 [ 1392.518939][T20531] ? kmsan_get_metadata+0xfb/0x160 [ 1392.519105][T20531] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1392.519282][T20531] ? folios_put_refs+0x1/0xb10 [ 1392.519460][T20531] ? filter_irq_stacks+0x49/0x190 [ 1392.519611][T20531] ? stack_depot_save_flags+0x35/0x7b0 [ 1392.519758][T20531] ? lru_gen_add_folio+0xd66/0x1190 [ 1392.519970][T20531] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 1392.520128][T20531] ? kmsan_get_metadata+0xfb/0x160 [ 1392.520292][T20531] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1392.520460][T20531] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 1392.520605][T20531] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 1392.520749][T20531] do_writepages+0x3ef/0x860 [ 1392.520901][T20531] ? _raw_spin_unlock+0x30/0x50 [ 1392.521066][T20531] ? wbc_attach_and_unlock_inode+0x131/0x680 [ 1392.521289][T20531] filemap_fdatawrite+0x207/0x260 [ 1392.521537][T20531] f2fs_sync_dirty_inodes+0x2ab/0x9e0 [ 1392.521733][T20531] f2fs_write_checkpoint+0xfe2/0x2b00 [ 1392.522025][T20531] f2fs_issue_checkpoint+0x491/0x700 [ 1392.522179][T20531] ? kmsan_get_metadata+0xfb/0x160 [ 1392.522342][T20531] ? kmsan_get_metadata+0xfb/0x160 [ 1392.522502][T20531] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 1392.522685][T20531] f2fs_sync_fs+0x1ee/0x440 [ 1392.522881][T20531] f2fs_do_sync_file+0xdcd/0x31c0 [ 1392.523159][T20531] f2fs_sync_file+0x107/0x180 [ 1392.523317][T20531] ? __pfx_f2fs_sync_file+0x10/0x10 [ 1392.523474][T20531] __x64_sys_fdatasync+0x12c/0x260 [ 1392.523673][T20531] x64_sys_call+0x3d70/0x3e20 [ 1392.523863][T20531] do_syscall_64+0xd9/0x210 [ 1392.523996][T20531] ? irqentry_exit+0x16/0x60 [ 1392.524176][T20531] ? clear_bhb_loop+0x40/0x90 [ 1392.524328][T20531] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1392.524479][T20531] RIP: 0033:0x7fb49018eba9 [ 1392.524583][T20531] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1392.524714][T20531] RSP: 002b:00007fb490fa7038 EFLAGS: 00000246 ORIG_RAX: 000000000000004b [ 1392.524849][T20531] RAX: ffffffffffffffda RBX: 00007fb4903d5fa0 RCX: 00007fb49018eba9 [ 1392.524955][T20531] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 1392.525041][T20531] RBP: 00007fb490211e19 R08: 0000000000000000 R09: 0000000000000000 [ 1392.525134][T20531] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1392.525221][T20531] R13: 00007fb4903d6038 R14: 00007fb4903d5fa0 R15: 00007ffd069bfd38 [ 1392.525354][T20531] [ 1392.876353][T20531] F2FS-fs (loop6): Stopped filesystem due to reason: 3 [ 1393.427730][T20541] binder: 20538:20541 ioctl c0306201 200000000080 returned -14 [ 1393.508002][T20541] binder: 20538:20541 ioctl c0306201 200000000180 returned -22 [ 1393.617633][T20544] netlink: 8 bytes leftover after parsing attributes in process `syz.8.4815'. [ 1394.008304][T20540] loop2: detected capacity change from 0 to 32768 [ 1394.020184][T20540] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.4817 (20540) [ 1394.050811][T20540] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1394.070685][T20540] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm [ 1394.207581][T20553] input: syz1 as /devices/virtual/input/input45 [ 1394.304373][T20540] BTRFS info (device loop2): rebuilding free space tree [ 1394.342446][T20540] BTRFS info (device loop2): disabling free space tree [ 1394.349933][T20540] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 1394.360019][T20540] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 1394.389259][T20540] BTRFS info (device loop2): enabling ssd optimizations [ 1394.398544][T20540] BTRFS info (device loop2): force clearing of disk cache [ 1394.405915][T20540] BTRFS info (device loop2): enabling auto defrag [ 1394.412512][T20540] BTRFS info (device loop2): doing ref verification [ 1394.686672][T11862] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1394.857800][T20566] netlink: 'syz.5.4821': attribute type 5 has an invalid length. [ 1395.649108][T20576] loop8: detected capacity change from 0 to 1024 [ 1395.808505][ T30] audit: type=1800 audit(1652.942:207): pid=20576 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.4827" name=3A1B dev="loop8" ino=26 res=0 errno=0 [ 1396.125694][T19449] hfsplus: b-tree write err: -5, ino 4 [ 1396.810011][T20598] netlink: 'syz.9.4833': attribute type 13 has an invalid length. [ 1396.818359][T20598] netlink: 'syz.9.4833': attribute type 17 has an invalid length. [ 1397.205691][T20598] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1397.238042][T20601] netdevsim netdevsim8 netdevsim0: entered promiscuous mode [ 1398.249172][T20606] loop2: detected capacity change from 0 to 32768 [ 1398.261864][T20606] BTRFS warning: excessive commit interval 2147483647, use with care [ 1398.420035][T20606] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.4837 (20606) [ 1398.569522][T20607] loop6: detected capacity change from 0 to 40427 [ 1398.581863][T20607] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12 [ 1398.590650][T20607] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock [ 1398.601046][T20606] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 1398.611731][T20606] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm [ 1398.620905][T20606] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 1398.674149][T20607] F2FS-fs (loop6): invalid crc value [ 1398.798202][T20621] netlink: 12 bytes leftover after parsing attributes in process `syz.9.4840'. [ 1399.007956][T20607] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 1399.025059][T20607] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0 [ 1399.032314][T20607] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 1399.087397][T20606] BTRFS info (device loop2): rebuilding free space tree [ 1399.128731][T20606] BTRFS info (device loop2): disabling free space tree [ 1399.136516][T20606] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 1399.146719][T20606] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 1399.201305][T20606] BTRFS info (device loop2): setting nodatasum [ 1399.212991][T20606] BTRFS info (device loop2): enabling ssd optimizations [ 1399.220123][T20606] BTRFS info (device loop2): turning off barriers [ 1399.227850][T20606] BTRFS info (device loop2): turning on flush-on-commit [ 1399.236649][T20606] BTRFS info (device loop2): enabling disk space caching [ 1399.247085][T20606] BTRFS info (device loop2): force clearing of disk cache [ 1399.254588][T20606] BTRFS info (device loop2): doing ref verification [ 1399.261356][T20606] BTRFS info (device loop2): max_inline set to 0 [ 1399.965970][T11862] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 1402.272810][T20645] loop8: detected capacity change from 0 to 40427 [ 1402.338534][T20645] F2FS-fs (loop8): invalid crc value [ 1402.647161][T20645] F2FS-fs (loop8): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 1402.663647][T20645] F2FS-fs (loop8): Start checkpoint disabled! [ 1402.717846][T20645] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e6 [ 1402.974116][T20657] netlink: 'syz.9.4851': attribute type 22 has an invalid length. [ 1402.982423][T20657] netlink: 4 bytes leftover after parsing attributes in process `syz.9.4851'. [ 1403.015352][ T53] netdevsim netdevsim9 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1403.036691][ T53] netdevsim netdevsim9 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1403.109601][ T53] netdevsim netdevsim9 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1403.153245][T20657] netlink: 'syz.9.4851': attribute type 22 has an invalid length. [ 1403.162125][T20657] netlink: 4 bytes leftover after parsing attributes in process `syz.9.4851'. [ 1403.194301][T19449] netdevsim netdevsim9 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1403.568920][T20661] loop6: detected capacity change from 0 to 1024 [ 1405.232877][T20672] Process accounting resumed [ 1406.308188][T20693] input: syz1 as /devices/virtual/input/input46 [ 1406.332745][T20694] loop6: detected capacity change from 0 to 256 [ 1406.778582][T20694] FAT-fs (loop6): Directory bread(block 64) failed [ 1406.785597][T20694] FAT-fs (loop6): Directory bread(block 65) failed [ 1406.793373][T20694] FAT-fs (loop6): Directory bread(block 66) failed [ 1406.801174][T20694] FAT-fs (loop6): Directory bread(block 67) failed [ 1406.808020][T20694] FAT-fs (loop6): Directory bread(block 68) failed [ 1406.814879][T20694] FAT-fs (loop6): Directory bread(block 69) failed [ 1406.821891][T20694] FAT-fs (loop6): Directory bread(block 70) failed [ 1406.828590][T20694] FAT-fs (loop6): Directory bread(block 71) failed [ 1406.835757][T20694] FAT-fs (loop6): Directory bread(block 72) failed [ 1406.842618][T20694] FAT-fs (loop6): Directory bread(block 73) failed [ 1409.600147][T20730] loop9: detected capacity change from 0 to 32768 [ 1409.754034][T20730] (syz.9.4879,20730,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 1409.776360][T20730] (syz.9.4879,20730,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 1410.009804][T20735] loop6: detected capacity change from 0 to 32768 [ 1410.060576][T20730] JBD2: Ignoring recovery information on journal [ 1410.220953][T20730] ocfs2: Mounting device (7,9) on (node local, slot 0) with ordered data mode. [ 1410.230178][T20735] bcachefs (loop6): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,metadata_target=invalid label 246,noinodes_use_key_cache,journal_flush_delay=3,journal_reclaim_delay=1000,nocow [ 1410.230342][T20735] allowing incompatible features above 0.0: (unknown version) [ 1410.230433][T20735] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 1410.230590][T20735] bcachefs (loop6): Using encoding defined by superblock: utf8-12.1.0 [ 1410.230732][T20735] bcachefs (loop6): initializing new filesystem [ 1410.280504][T20735] bcachefs (loop6): going read-write [ 1410.365338][T20735] bcachefs (loop6): marking superblocks [ 1410.415523][T20735] bcachefs (loop6): initializing freespace [ 1410.446822][T20735] bcachefs (loop6): done initializing freespace [ 1410.466790][T20735] bcachefs (loop6): reading snapshots table [ 1410.473157][T20735] bcachefs (loop6): reading snapshots done [ 1410.554821][T20735] bcachefs (loop6): done starting filesystem [ 1410.812934][T20735] bcachefs (loop6): shutting down [ 1410.818280][T20735] bcachefs (loop6): going read-only [ 1410.823656][T20735] bcachefs (loop6): finished waiting for writes to stop [ 1410.845879][T20735] bcachefs (loop6): flushing journal and stopping allocators, journal seq 4 [ 1411.090613][T20735] bcachefs (loop6): flushing journal and stopping allocators complete, journal seq 7 [ 1411.113963][T20735] bcachefs (loop6): clean shutdown complete, journal seq 8 [ 1411.123266][T20735] bcachefs (loop6): marking filesystem clean [ 1411.135014][T10107] ocfs2: Unmounting device (7,9) on (node local) [ 1411.166505][T20735] bcachefs (loop6): shutdown complete [ 1414.556508][T20797] Bluetooth: hci0: unsupported parameter 32767 [ 1414.562974][T20797] Bluetooth: hci0: unsupported parameter 32767 [ 1414.779273][T20798] loop9: detected capacity change from 0 to 1024 [ 1416.554582][T20808] loop9: detected capacity change from 0 to 40427 [ 1416.579941][T20808] F2FS-fs (loop9): invalid crc value [ 1416.892401][T20808] F2FS-fs (loop9): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 1416.912116][T20808] F2FS-fs (loop9): Start checkpoint disabled! [ 1416.939019][ C1] ===================================================== [ 1416.946323][ C1] BUG: KMSAN: uninit-value in can_receive+0x12c/0x4a0 [ 1416.953482][ C1] can_receive+0x12c/0x4a0 [ 1416.958150][ C1] can_rcv+0x1ff/0x3b0 [ 1416.962361][ C1] __netif_receive_skb+0x474/0xac0 [ 1416.967816][ C1] process_backlog+0x485/0xa00 [ 1416.972726][ C1] __napi_poll+0xda/0x8a0 [ 1416.977331][ C1] net_rx_action+0xa59/0x1ac0 [ 1416.982158][ C1] handle_softirqs+0x166/0x6e0 [ 1416.987156][ C1] __irq_exit_rcu+0x66/0x180 [ 1416.991888][ C1] irq_exit_rcu+0x12/0x20 [ 1416.996466][ C1] sysvec_apic_timer_interrupt+0x84/0x90 [ 1417.002296][ C1] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 1417.008546][ C1] _raw_spin_unlock_irqrestore+0x33/0x60 [ 1417.014437][ C1] hrtimer_start_range_ns+0x149a/0x1900 [ 1417.020150][ C1] j1939_tp_schedule_txtimer+0xc7/0x110 [ 1417.025970][ C1] j1939_sk_sendmsg+0x1bb4/0x2760 [ 1417.027782][T20808] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e6 [ 1417.031140][ C1] __sock_sendmsg+0x330/0x3d0 [ 1417.043469][ C1] ____sys_sendmsg+0x7e0/0xd80 [ 1417.048517][ C1] ___sys_sendmsg+0x271/0x3b0 [ 1417.053378][ C1] __x64_sys_sendmsg+0x211/0x3e0 [ 1417.058611][ C1] x64_sys_call+0x1dfd/0x3e20 [ 1417.063485][ C1] do_syscall_64+0xd9/0x210 [ 1417.068221][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1417.074345][ C1] [ 1417.076737][ C1] Uninit was created at: [ 1417.081195][ C1] __kmalloc_node_track_caller_noprof+0x96d/0x12f0 [ 1417.087978][ C1] kmalloc_reserve+0x22f/0x4b0 [ 1417.092911][ C1] pskb_expand_head+0x1fc/0x1610 [ 1417.098142][ C1] do_xdp_generic+0xa79/0x1690 [ 1417.103094][ C1] __netif_receive_skb_core+0x2524/0x6df0 [ 1417.109107][ C1] __netif_receive_skb+0xcc/0xac0 [ 1417.114412][ C1] process_backlog+0x485/0xa00 [ 1417.119314][ C1] __napi_poll+0xda/0x8a0 [ 1417.123925][ C1] net_rx_action+0xa59/0x1ac0 [ 1417.128744][ C1] handle_softirqs+0x166/0x6e0 [ 1417.133655][ C1] __irq_exit_rcu+0x66/0x180 [ 1417.138494][ C1] irq_exit_rcu+0x12/0x20 [ 1417.142962][ C1] sysvec_apic_timer_interrupt+0x84/0x90 [ 1417.148916][ C1] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 1417.155144][ C1] [ 1417.157576][ C1] CPU: 1 UID: 0 PID: 20821 Comm: syz.8.4910 Tainted: G W syzkaller #0 PREEMPT(none) [ 1417.168804][ C1] Tainted: [W]=WARN [ 1417.172681][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 1417.182939][ C1] ===================================================== [ 1417.190045][ C1] Disabling lock debugging due to kernel taint [ 1417.196376][ C1] Kernel panic - not syncing: kmsan.panic set ... [ 1417.202906][ C1] CPU: 1 UID: 0 PID: 20821 Comm: syz.8.4910 Tainted: G B W syzkaller #0 PREEMPT(none) [ 1417.214038][ C1] Tainted: [B]=BAD_PAGE, [W]=WARN [ 1417.219144][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 1417.229309][ C1] Call Trace: [ 1417.232690][ C1] [ 1417.235620][ C1] __dump_stack+0x26/0x30 [ 1417.240138][ C1] dump_stack_lvl+0x53/0x270 [ 1417.244911][ C1] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1417.250909][ C1] dump_stack+0x1e/0x25 [ 1417.255239][ C1] vpanic+0x361/0xc50 [ 1417.259411][ C1] panic+0x15d/0x160 [ 1417.263521][ C1] kmsan_report+0x31c/0x320 [ 1417.268192][ C1] ? __msan_warning+0x1b/0x30 [ 1417.273014][ C1] ? can_receive+0x12c/0x4a0 [ 1417.277749][ C1] ? can_rcv+0x1ff/0x3b0 [ 1417.282127][ C1] ? __netif_receive_skb+0x474/0xac0 [ 1417.287604][ C1] ? process_backlog+0x485/0xa00 [ 1417.292695][ C1] ? __napi_poll+0xda/0x8a0 [ 1417.297397][ C1] ? net_rx_action+0xa59/0x1ac0 [ 1417.302397][ C1] ? handle_softirqs+0x166/0x6e0 [ 1417.307487][ C1] ? __irq_exit_rcu+0x66/0x180 [ 1417.312401][ C1] ? irq_exit_rcu+0x12/0x20 [ 1417.317044][ C1] ? sysvec_apic_timer_interrupt+0x84/0x90 [ 1417.323050][ C1] ? asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 1417.329368][ C1] ? _raw_spin_unlock_irqrestore+0x33/0x60 [ 1417.335360][ C1] ? hrtimer_start_range_ns+0x149a/0x1900 [ 1417.341249][ C1] ? j1939_tp_schedule_txtimer+0xc7/0x110 [ 1417.347144][ C1] ? j1939_sk_sendmsg+0x1bb4/0x2760 [ 1417.352516][ C1] ? __sock_sendmsg+0x330/0x3d0 [ 1417.357522][ C1] ? ____sys_sendmsg+0x7e0/0xd80 [ 1417.362647][ C1] ? ___sys_sendmsg+0x271/0x3b0 [ 1417.367687][ C1] ? __x64_sys_sendmsg+0x211/0x3e0 [ 1417.372987][ C1] ? x64_sys_call+0x1dfd/0x3e20 [ 1417.378034][ C1] ? do_syscall_64+0xd9/0x210 [ 1417.382854][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1417.389083][ C1] ? kmsan_get_metadata+0xfb/0x160 [ 1417.394369][ C1] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1417.400369][ C1] ? __netif_receive_skb_core+0x6670/0x6df0 [ 1417.406474][ C1] ? rb_insert_color+0x9c1/0x1020 [ 1417.411689][ C1] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 1417.418189][ C1] ? kmsan_get_metadata+0xfb/0x160 [ 1417.423476][ C1] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1417.429454][ C1] ? kmsan_get_metadata+0xfb/0x160 [ 1417.434732][ C1] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 1417.441225][ C1] ? kmsan_get_metadata+0xfb/0x160 [ 1417.446520][ C1] __msan_warning+0x1b/0x30 [ 1417.451180][ C1] can_receive+0x12c/0x4a0 [ 1417.455761][ C1] can_rcv+0x1ff/0x3b0 [ 1417.459979][ C1] ? __pfx_can_rcv+0x10/0x10 [ 1417.464730][ C1] __netif_receive_skb+0x474/0xac0 [ 1417.470036][ C1] ? kmsan_get_metadata+0xfb/0x160 [ 1417.475351][ C1] process_backlog+0x485/0xa00 [ 1417.480287][ C1] ? __pfx_process_backlog+0x10/0x10 [ 1417.485725][ C1] __napi_poll+0xda/0x8a0 [ 1417.490257][ C1] ? kmsan_get_metadata+0xfb/0x160 [ 1417.495549][ C1] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1417.501547][ C1] net_rx_action+0xa59/0x1ac0 [ 1417.506372][ C1] ? kmsan_get_metadata+0xfb/0x160 [ 1417.511659][ C1] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 1417.518162][ C1] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 1417.524442][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 1417.529712][ C1] handle_softirqs+0x166/0x6e0 [ 1417.534660][ C1] __irq_exit_rcu+0x66/0x180 [ 1417.539412][ C1] irq_exit_rcu+0x12/0x20 [ 1417.543901][ C1] sysvec_apic_timer_interrupt+0x84/0x90 [ 1417.549748][ C1] [ 1417.552758][ C1] [ 1417.555773][ C1] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 1417.561940][ C1] RIP: 0010:_raw_spin_unlock_irqrestore+0x33/0x60 [ 1417.568549][ C1] Code: 56 53 48 89 f3 49 89 fe e8 1a 97 b5 f1 4c 89 f7 e8 22 8a b5 f1 c6 00 00 41 c6 06 00 f7 c3 00 02 00 00 74 01 fb be 04 00 00 00 <48> c7 c7 28 30 58 95 e8 31 8c b5 f1 65 ff 0d 42 fd 75 04 74 0a 5b [ 1417.588332][ C1] RSP: 0018:ffff8880b02b3888 EFLAGS: 00000206 [ 1417.594548][ C1] RAX: ffff88823fbb5440 RBX: 0000000000000292 RCX: 0000000000b3e723 [ 1417.602651][ C1] RDX: ffff88823fb07440 RSI: 0000000000000004 RDI: ffff88813fd91440 [ 1417.610762][ C1] RBP: ffff8880b02b3898 R08: ffffea000000000f R09: 0000000000000000 [ 1417.618863][ C1] R10: ffff88804169c0c0 R11: ffffffff8189aa50 R12: ffff888041e9c0e8 [ 1417.626969][ C1] R13: 0000000000000010 R14: ffff88813fd91440 R15: ffff88801c4d4ce0 [ 1417.635079][ C1] ? __pfx_lapic_next_event+0x10/0x10 [ 1417.640665][ C1] ? _raw_spin_unlock_irqrestore+0x1e/0x60 [ 1417.646686][ C1] hrtimer_start_range_ns+0x149a/0x1900 [ 1417.652470][ C1] j1939_tp_schedule_txtimer+0xc7/0x110 [ 1417.658209][ C1] j1939_sk_sendmsg+0x1bb4/0x2760 [ 1417.663471][ C1] ? __pfx_j1939_sk_sendmsg+0x10/0x10 [ 1417.669011][ C1] ? __pfx_j1939_sk_sendmsg+0x10/0x10 [ 1417.674571][ C1] __sock_sendmsg+0x330/0x3d0 [ 1417.679409][ C1] ____sys_sendmsg+0x7e0/0xd80 [ 1417.684414][ C1] ___sys_sendmsg+0x271/0x3b0 [ 1417.689332][ C1] ? __rcu_read_unlock+0x6d/0xd0 [ 1417.694436][ C1] ? __fget_files+0x3b4/0x4a0 [ 1417.699305][ C1] ? __fget_files+0x3b9/0x4a0 [ 1417.704188][ C1] ? kmsan_get_metadata+0xfb/0x160 [ 1417.709480][ C1] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1417.715481][ C1] __x64_sys_sendmsg+0x211/0x3e0 [ 1417.720628][ C1] ? kmsan_get_metadata+0xfb/0x160 [ 1417.725928][ C1] x64_sys_call+0x1dfd/0x3e20 [ 1417.730804][ C1] do_syscall_64+0xd9/0x210 [ 1417.735460][ C1] ? irqentry_exit+0x16/0x60 [ 1417.740241][ C1] ? clear_bhb_loop+0x40/0x90 [ 1417.745097][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1417.751149][ C1] RIP: 0033:0x7f2c4af8eba9 [ 1417.755676][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1417.775450][ C1] RSP: 002b:00007f2c4be92038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1417.784028][ C1] RAX: ffffffffffffffda RBX: 00007f2c4b1d5fa0 RCX: 00007f2c4af8eba9 [ 1417.792130][ C1] RDX: 0000000000048045 RSI: 0000200000000140 RDI: 0000000000000003 [ 1417.800218][ C1] RBP: 00007f2c4b011e19 R08: 0000000000000000 R09: 0000000000000000 [ 1417.808306][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1417.816394][ C1] R13: 00007f2c4b1d6038 R14: 00007f2c4b1d5fa0 R15: 00007fff93330ec8 [ 1417.824526][ C1] [ 1417.827893][ C1] Kernel Offset: disabled [ 1417.832256][ C1] Rebooting in 86400 seconds..