last executing test programs: 2.182799915s ago: executing program 2 (id=3): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bridge0\x00', 0x0}) r2 = getpid() prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) setsockopt$bt_l2cap_L2CAP_OPTIONS(0xffffffffffffffff, 0x6, 0x1, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0xfffffffffffffcdd) r4 = socket(0x10, 0x2, 0x0) write(r4, &(0x7f0000000040), 0x0) recvmmsg(r4, &(0x7f0000002ec0), 0x400000000000ec0, 0x2, &(0x7f00000001c0)={0x77359400}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x26c0, 0x0) timer_create(0x7, 0x0, 0x0) rseq(&(0x7f0000000040), 0x20, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_open_dev$sndctrl(0x0, 0x0, 0x0) r5 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r5, 0xc0045516, &(0x7f0000000b00)=0x6) io_setup(0x7, &(0x7f0000000280)=0x0) getpgid(r2) io_submit(r6, 0x1, &(0x7f0000000080)=[0x0]) r7 = openat$dsp(0xffffff9c, &(0x7f0000000080), 0x82040, 0x0) ioctl$SOUND_MIXER_WRITE_RECSRC(r7, 0xc0044dff, &(0x7f0000000100)=0x9) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x401, 0xfffffffc, 0x80, {0x0, 0x0, 0x0, 0x0, 0x1403, 0x8002}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4001}, 0x0) 1.067692083s ago: executing program 1 (id=2): syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000100)='./file1\x00', 0x1000803, &(0x7f0000002ac0)=ANY=[], 0x2, 0x1fb, &(0x7f0000000b00)="$eJzsmb+L1EAUx78z+bHnIQc2FjYWHniil02yKtdccYKlIJyilsGLx2nuVvYi3B0ILjY22lkItjaWFhZWFv4FtlqoIFq4pZ0wMpNJMsTskl1Xm30f2NnvTN6+mffYfIsEBEHMLF8+//z0+MLKlTMADmMRLb3+3SpjuBH/8dm9009XLz5/9eHFu52F+2+q+RgAIZrv7wJ4u2YhBbOzFSGwUF5fLLKWXAXHKa2vgcHL5C+hyCYxGG7omNuG7h7SIom9m91k49ZWEvtyCOQQyqFj7iUPNegzbACYU6cTwjzN7v7BnShJ4l5VOCLf549L4wo+on/qfGscq8i7J4SMv/7oYV/OdW/gg+teAgE4Aq07YFjXegUteJ5XtsSo/5hd5rea1P9PxJOmwS+VOLLcLLOji5n8YPk98l+7MXvCmUoeVl2RN3SxcnSQe6AZ83XsvdxJT/jNnXLrlHEBiJzKP/z9fJJc+ovMbk2jClH6k3T2k4Y/2bAL/2in23fbu/sHy1vb0Wa8Ge+EYee8f9b3z4VtZUTZOML/5pQ/zRv5nSGxLnOxF6VpL9gD0l5QzMNsLAvA+uvuD/UbrvzPxtIJNVWeqspu1e/B9Ierb6mWrPrIB0NrIgiCIAiCIAiCIAiCIAiCqOc4GLI3YYLpB6J1hJfVE8rfAQAA//9DhGHK") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000) fadvise64(r0, 0xaa1f, 0xff39, 0x3) ppoll(&(0x7f0000000380)=[{0xffffffffffffffff, 0x4000}], 0x1, 0x0, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000d80)=ANY=[], 0xc) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000500)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$inet_sctp(0x2, 0x1, 0x84) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10) r3 = gettid() process_vm_writev(r3, &(0x7f0000000000), 0x0, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) r4 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000500)=@raw={'raw\x00', 0x3c1, 0x3, 0x290, 0x0, 0x168, 0x0, 0x0, 0xa, 0x340, 0x250, 0x250, 0x340, 0x250, 0x3, 0x0, {[{{@ipv6={@private0={0xfc, 0x0, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x33}, [0xff, 0x0, 0xff, 0xff000000], [0xffffff00, 0xff000000, 0xff, 0xff000000], 'xfrm0\x00', 'veth1_to_bond\x00', {}, {0xff}, 0x0, 0x3, 0x2}, 0x0, 0xa8, 0xe8, 0x0, {0x0, 0x28e}}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x0, 0x0, "48c01c5140d722edd3fb24545886bbd1be494201b400"}}}, {{@uncond, 0x0, 0xa8, 0xd8}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2, {{}, {0x0, 0x8}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x2f0) 950.196825ms ago: executing program 2 (id=5): prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) fanotify_mark(0xffffffffffffffff, 0x105, 0x4800003a, r1, 0x0) mkdir(&(0x7f0000000100)='./file1\x00', 0x13b) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r2 = open(&(0x7f0000000580)='./file1\x00', 0x80342, 0x1df2a23c5997fa5f) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x8, 0x1000000000003, 0x5, 0x8, 0x3, 0x1, {0x5, 0x17f, 0x20ff, 0x5, 0x89, 0xd615, 0xb, 0x7fffffff, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x3ff, 0x1}}, {0x0, 0x13}}}, 0xa0) sendfile(r2, r2, &(0x7f0000000080), 0x7f03) 398.200624ms ago: executing program 0 (id=1): bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x23, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x1}, 0x8) sendto$inet6(r0, &(0x7f0000000340)="04", 0x1, 0x0, &(0x7f0000000240)={0xa, 0x4e20, 0xfffffff9, @rand_addr=' \x01\x00'}, 0x1c) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000280)={0x0, 0x0, 0x8}, 0x8) 51.360779ms ago: executing program 2 (id=6): syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000005600)='./file0\x00', 0x0, &(0x7f0000000040)={[{@compress_algo={'compress', 0x3d, 'zstd'}}]}, 0x1, 0x559a, &(0x7f0000005680)="$eJzs3X2QVWUdB/Bzd1lYZGI3BMGBFShfQEIhpVRS7kBBuDJtkjU2GQtioaAwzBI1ii04WLgam1kz5QxCiwjDUmszGmXlygyQk9PWjIPIgjLThjG9SMXEFjU2e+99Lveey+5eyVxfPh9m99zn/s7znOeeOX/c72WfcyMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACIoujgjtr/rB1ZV75+06hFt199cPSq0RNWVDWdHHWg+rzdl/absWjovuntdw6b0bH6SPX65tsu6IyiRKpfItN/3vSPX/+FufPmlIcBaz+Z3lZWdnfIdNfD6Ub/vCe7+uX/zI+iqCw2QGlmu7s0p52IHyBaXjhgj8pmbVsycEGyduvmp+ouX7J1XOFLp0t5X0+gr2Suq45T11Iy9bsktke2nXPpJfIu0XT/+AX3prwIAOB1mVST2mTfjmbe4mbb9fF6rJ2MtRtj7fAOoTG3cSbS4/bvbp5j4vU+mmcyHRUGdDvPWD1z/rPtmnj/WDsWNV7HPPN3zUSa8u7muSxW76t5AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALyVvFa3Ys34z714sOyX549bvfLk4WvLL3zoq/8uWXrzS68dqlnzl7ah+6a33zlsRsfqI9Xrm2+7oDOKKlP9EunuiWknXr1kYvWcUeuf+N7ETc+OP16aGTds++XsHO0PD66siKIFOZWOMOzRwVFUk19INaPvFhZuTT2YHQoAAAC8k5yb+l2SbafjYFleO5FKk4nUvyAdFstmbVsycEGyduvmp+ouX7J13JmPV9PNeMnTjpdtV576SeQE4xB/4+OdqoddlxeM07P4iPE8P+X5l1+oGHHtT5+pOu+mlde/NPKax9tmfnP48UX7K+8YtGrc2CsK8n9lz/k/nDn5HwAAgP+F/B8fp2e95f/PzK+75Y5HvnJszD2HVw66+8H9G4eVH7nplsn7/jj8hosvvqz2xoL8PybvkAX5P8w45P+S6MzyPwAAALyV/b/zf7JgnJ71lv/bhzff/MB7Di2sbOt4evtlK/b0X3j1RUMOPHTR3In3XjdozPkNBfl/UnH5v1/utMOTz4UJL66IoknFn1QAAAAgT/h/91MfLYS8nv7kIJ7XW+dtGd3y6swvTxj78KH6P1Vtnvj5jUMe37lh5jd2PXf3/RPbzi7I/8ni8n/Zm/NyAQAAgCI0HTpnxNBPJ38e3X/01vnf/+yuR+9b+sWrLtnbOWvC2l9UP72jviD/1xSX/wf0zcsBAAAATuPE+GsW/mPnkd9e1/yJ+5qO/v5Lq0p/NaNp9/62hqZ/bh81e/XkgvxfW1z+Pyuzzax8SHfaE/4K4VsVUVTe9WBZurA3apyWLQAAAABvkJDT75ryfMm9A6edu2Xub06Me+KFPZ/aN3vxhnPWTGp69n2tiz9y4WMF+X9Zz/f/D3c6COv/8+7/V7D+P6eQvuvfVDcGAAAA4N2ocD1/uD1++psLuvv+/WLX///w6xv+mqiqf/ID8342q/P9zT/Z2zr1wZNVf5hz/OGW5MgnL32xIP/XF5f/S3O3b+T3/wEAAMAZeLt9/9+NBeP0rLf7/7c980j1o1d+6GtXza2buuN3H77iz68Mn9qwPXpl+UfbFx342K5fF+T/xuLyf9gOyn15reH83FMRRSO6HmTuJrgtTHdxrNBSllNIn/hYj7mhR6bQMiCnkLIs1uODFVE0tutBfazw3lBojBWODc4UNsYKbaGQuR6yhR/ECq3hSvvO4Mx044Ufh0JmgUVLWEExKLskItbj79316Cqctkd79uAAAADvKiE8Z7JsWX4zikfZlkRvO5zV2w4lve1Q2tsO/WI7xHfs7vmoNr8Qnv/Rt294ecBdD2yom7Jl04KqhrPX/euxyZNuX7Z2Z93SziF/W7euIP9vLC7/h1PRP73pbv1/FNb/Z77XMLv+vzYUKmOFllCoid8xoCYcIx12G8IxKmsyPY6NyBYAAADgHS18LlDax/MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/7J373FW1nXiwL8zzIUZhplRMS+RISaKwTCMKYaZID/TnwQOq6WFJgSDjgxCXEzQTUTd1VzB2+ZtE0jdtIwoNbVUeGnekspLsKl5SfHSK41lS5Js133NnPM9nPOcOc5BQBn3/f5jzvecz/f6nMuc7/M85/sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/N2z85GVfeHmfj/xg3cKBi1eP+krfI4cMn3DMNTceu/jhb0/e777f//8+aw575sydR60955XRi245de+3QmjuKFeSKl5y6F/XNQwePabvotuvGbz0kYF/qUjXm46HXu1/StN3zoutru0dwh0lIZQlA4NrUoHy9P2aWF/fmhB2CJsCmRIt1akSyYbDA1UhLAmbApmq7qoKoSYrcOwT9624uD1xRVUIe4cQKpNtPFuZaqMqGRhQkQpUJwPTy1KBv76TkgncWZoKwBaLb4bMi355c26G+s7LFXj9lW+1jn2wksPrERP1hfO9MXIbdypLRfKB5i162vKqY5vIe3us9G7rBu+2vO18iact+4tU+hvKO5tClaF0csuUiXPaZsdHSkNDQ49CNW2j5/np9WdN2px0t3kdxg7Ub5XX4aoLe49d/OhRw2+tG35Dn0ELN25pNwtt3m2tMqRfc93meYxG+DzpBm+/vG9J/XzpCiHsf9v42798wcs3L7h87K4HPbHTsDc+u/vdLT+75YTxxx++fsVXf//jvPl//bvP/+PLOd6W5uSOrb5dm5qbx0dqYmJdbWpuDgAAAN1Gd9hr+srq/5722X3HDX185OrqW2+659SL7/v8tT9r3a/t4bE77fj8vvN+lDf/71fc8f94yL8me7QrQxjRkTi3LoRdOx5PBW6O3flqXQh7dqSacwMjE4GVIezWkRiYqSpRomcs0S8ReLU2HRiRCDwYA82JwI0xcEkicF4MLE8EJsXAykTgsBgIrbnj2K82PY6iA1UxMCG1EZfHsxD+XBtbS2yrZzJVAQAAbCXp2WF57t2scx22NEOcXi6v6ipDPAO7YIbKRA3JGWxmWlWwhrKuaijtqobMuOe/+/Dzai7pqua80zBKcjNcWXXLpT8aNumNu2e8tOG0Iz7x2quP1S/96afXXfPGU9Mr79/j8ofz5v+N7z7/r+ykIyV5x/9DGNfxN+YuTUfaMvEJzTkZAAAAgC3w1sADvvydsq/NfeH3jwz75K+vfez1lQ9/dO8zb1v7/Bk/+NZ3au4fnTf/H1Hc+f9xn0iPrMxhVdwNMbUuhMbcQKrag/MDqaPevdIBAAAA6A4yx+Mzx8Jb07epU7ST8+n8/M2bmT8e+B/Raf7131p2/Y6feGT2Q7W3zXhqw+NfWTl64bEz3xh05dmP7HvoQU+N/Gze/L+5uPP/q3NvU514MPbi8roQemYFHoq9bA906BcDLxyaG0iP/8G4AS6KVaVPTMhUdVEsMSEGGhOBJYVKPJYpsWtuIP1kZRo/NzOO1nSJrAAAAAC87+LugHhcPp7/v2LBXZf9x41/umzVgUtnnzz98de+V1H5zknL7zyxzwX39li008hJefP/CZt3/n/HPDjv9P62XiEMKQuhR/KHAauqUwsDxkBNSTpxT3Wqrh7JqhZUh3Bw+8CSVb2YXv+/LLnG4JNVqapiYNf+N60f0J64oSqEIdmBNeOXHtCemJMIZBr/YlUIH28fbbLxn/RMNV6ebPyqniHskRXIVDWpZwjtjVUkq7q/Mn0dg2RVyytD2CkrkKlqWGUIcwMA3VX8Xzo5+8FZc+dNndjW1jJzGybiTvyqMKW1raVh0vS2yZUF+jQ50eecdYzOyR9TsZe++V16jaLVx0ytKyad+aFgY3Zb6R35eWcOpu/HL0PlHeNsKs+5u39yyPvuld9EyPoqVWjIpdt4yNXZlWx6EvPqj/krQq/Qc86slpkNZ0ycPXvm0NTfYrM3pf7G40ypbTU0ua2qO+tbES+PgstlJbzXbTUgu5Ihs6fNGDJr7rzBrdMmntxycstpwz7VNKxp6P5NjUPaB5X+28VIB3RWc2Kk7ywtclhbcaS7l2VV8n58aEhISHS3xE2Xj39m0UcXV3538UmXPHH++WefcvrOt1057ft9p48fdOXnlkz9et78f8a7z//jp0784E+vz1Do+H99PMyfenzTYf4JMbCk2OP/9YWO5mdODOiXCMyPgfkO8wMAAPDhEHdHxr2Zcad07SvfOP1/Tjii9NA/HP2LpqGDdrnw1qkDbnx94+kf23vekmvLKvKv/ze/uN//b6X1/zNL1x9VaJn/gbFEY6H1/5PL/GfW/59faP3/5DL/mfX/l3wA6//PyQQSm+TP1v8HAAA+DN6/9f+7XN4/eYGAvAxdLu+fvEBAXoYul/Ev9gIBm73+/89/XrbDx47YrW/ZF56YuNedB/7mpGkP7vKjUVev+3RT/TfPWPPzZXnz/0uKm/9buB8AAAC2Hyfs+6UBC14a8vVzpj/ww8Ezdn7purOfH3HPL4/75MYxfddVr+v76bz5/5Li5v/v//p/odD5//0KBZoLLQxo/T8AAAC6qULr//3t42d987p+O24Y1O/M29+6emrJ8L2fO/XXbRc9NOrwj435xyWTrs2b/y8vbv4fT7sozckde/N2bWpNu5Bc025dbeYnAwAAANA9lIaGhvIi8+YsjDryvbf5dHop0HdLZ9vtE6vWnHvvdX8fcvP5C9Ydf3rtQUf+oeyQOydf99KCU/boX/Pc2rz5/8ri5v85v8tYdWHvsYsfPWr427fWDb+hz6CFGzcd/wcAAAC2nWL3SwAAAAAAAAAAAAAAAB+8Y1b95Kz/+uWY4+4cNu/qR3d+/OT//PqsM1on/aLtiHUHPLv0hk/tk/f7/zCuo1yh3//H6/7F3xf0yckdW+16/b/0/WNHL5vbsWThqtoQ9soOTF0wdYeQvjb/PtmBFScO3KU9sSBZ4u7nDnu5PXFSMnDk4B03tCc+kwhMiIsk7pYMxKsqbuidCMTlFZ9MBuL2WJ4MVKQDF/ZOjaMkua3+UJPaViXJbfV0TQh1WYHMtrqjJtVGSXKAVyQCmQF+LRmIAxybDpQme7WsV6pXMVATiy7uleoVAADbrfgtsDxMaW1raYxf4ePt7mW5t1HOkmXn5FdbUmTzv0svTbb6mKl1xaR7JL+LbrrWeHmobB/C0Lyvq9lZSjpGuXVq6WLT9Skw5K5WeystUC5pczddReERVaVG1DBpetvk8i4Hvn/XWZrKuswyNG+yk52ltGOTFlFLEX0pYkRFbpsiuhzvl4aGhh6JXMNjsD7k6OoVUezv9bPX+Sv0KsjOs3zUQQOOW/bcgRMWPXnQtKnhI5e9M2Li5FmHXPHiU0vnjxw0oUfe/L++uPl/Zfa4NqQvBjA/Xlnv4LoQJhQ5IgAAAPjwO+W05y674P5LX32hecDL04dcuuK3c6+aV1Z783mHP3336W+OX3jSlsYHDHtj6Kl3/ebcjU2jHrqy99X3X7PTkXU//H/Vvea+tWLQmy/cvVfe/L9fcfP/uAcrfSg4tbdjZbz+/7l1IXRcWr8+Fbg5DverdSHs2ZFqjiVSF9Q/KpZoTAVujjtMBsYSE5pzq+oZA8sTgVdr04GVicCDMZDeS3FTSO/KubQ2hAM6UuNyS8yIJeoTgaNjoF8i0BADjYlA7xgYkQi83jsdaE4EHo2B0Jq7rW7tnd5WAAAAmyM9zyrPvRuS87zlZV1lKOkqQ3VXGUq7ylDZVYZCo4j3fxwzlCdOXinJylSerLUqUUtehngx/M3uV16G8FhuzmTBvKbj+QeZ8w1KcjNccWbF9Dc/33/R8UPGrB/ftPhzc38a/uHtOW9d8OYvz6977pqNJXnz/8bi5v/Vubep1h+M8/9N1/9LBR6K3bs8njreLwZeODQ3kN4x8GCc7F6Uqao5XSI9ab8olhgRA/0SgRkxMCIRmDAuHViyS24gPdPONH5upvHWdImsAAAAALzv4g6CuJsmzv+fXTv+iWnjf3vQZX1nLzx/+VFffvrXx736i3t73v3d/osebitZuzpv/j+iuPl/bK9XdmPnxd6s7R3CHSWbepMJDK5JBeJ+jJr48/i+NSHskLWDI1OipTpVoiLRcHigKvUL9YpkVXdVpdYYiPePfeK+FRe3J66oCmHvrL0vmTaerUy1UZUMDKhIBaqTgellqUDc85MJ3FmaCsAWy+wVjC+o9KkuGfWdlyvw+vuwXBM0Oby8faCd5OvsN1fbSmXygfQ+1YzNe9ryqmObyHt7rPRu647vtnrvtuwvUulvKO9sClWG0sktUybOaZsdH8n+JWuebfQ8Z/9KtZj0Vngdzn/vve1aZbIDjYmPj8bOy3X+OiyJ1a26sPfYxY8eNfzWuuE39Bm0cGPR3Sgg/lB45rCr6rM377ZWGdKvuW73edLs86Q7/hvo52kLIYy7d+xFjYfcuHDSiP7X73xH7fDLvzT4lkMbnx1XM2eXw8e89sV5efP/5uLm/2WJ2w4b48acVRfCvlkbd1Xc/KPqUp+DWYHUp+RO+YHUIfeXagt+cgIAAMDWltndkdlf0Jq+TZ0Qnpwn5+dv3sz8cX/FiE7zF9vv/lecsnL0hAN/23f8XoccvM9Zdy04er+/Tbz+tT9Wj5z0wPd+tfr6vPn/hHef//dMdNPxf8f/2UYc/+/U9r4rumfygflbtCs6rzq2Ccf/O7W9v9sc/++U4/+O/3fG8f8uOP7fqe39acv7ljTDl64Qwr9f/vm/vX3Pbv02LC393pQH5vU//rLvL1r2k52f+efH/mn69H33/FXe/H9GcfN/6/91vmhfZv2/CYXW/5tRaP2/+db/AwAAtqkCC80l53l5q/flZUiu3peXocsFArtcYtD6f5u9/t+L/3Lpgr2mjv3GiWc9dnDvR+tHrRkz6O8nvbrnmuuevHLoIyf8/dt58//5xc3/48uhV3br3WX9v37jClR1SQzMsDAgAAAA26NCOwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4YJ31xynnjVjw+J+ap39l/fLx32nd8fGHprzefMQPRy87es0pu5xyb581hz1z5s6j1p7zyuhFt5y691shtHaUK0kVLzn0r+saBo8e03fR7dcMXvrIwL9UpustT99+NCd3bPXt2hCWZD1SExPratvvbAocO3rZ3LL2xKraEPbKDkxdMHWH9sSNtSHskx1YceLAXdoTC5Il7n7usJfbEyclA0cO3nFDe+Iz6UBJsrv/1jvV3ZJkdy/uHUJdViDT3VN751aVaeOIdKA02cZ3a1JtxEBNLHpVTaqNGGiLJVp7hjCkLIQeyaoeqUxV1SNZ1U8rU1X1SFZ1dmUIB4cQypJVPV+RqqosOfLHKlJVxcCu/W9aP6A9sbQihCHZgTXjlx7QnpiZCGQaP6YihI+3v2SSjd9anmq8PNn4v5aHsEcIoSJZ4s2yVImKZIkXy0LYKSuwaSOWhTA38OEQP30mZz84a+68qRPb2lpmbsNERbqtqjClta2lYdL0tsmViT4VUpKVfuec9z72360/a1L77epjptYVky5Llyvv6HJTec7d/bf33sd+VWdXsun5yKs/5q8IvULPObNaZjacMXH27JlDU3+Lzd6U+tsjHU1tq6HdZVsNyK5kyOxpM4bMmjtvcOu0iSe3nNxy2rBPNQ1rGrp/U+OQ9kGl/26NkS59/0e6e1lWJe/H+19CQqK7JUpzPt0at/fP8bwv+ps6Wh4qOz6g86YV2VlKOka5NQY98j2O+L18TelyREPzJg55WZq6zrJ/3mRiU5aqVJaOr3V5k8Psmko7Nmm8XxoaGnoU2g71uXezN+8bW7B5n05vumLTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwv+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCjtwLAAAAAAgzN86jJ4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4FAAD//+GI8JI=") r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x105042, 0x5f) r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_ext={0x1c, 0xf, &(0x7f0000000540)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, {}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000000c0)='GPL\x00', 0xfffffff8, 0x0, 0x0, 0x41000, 0xd, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x25ad0, r1, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) writev(r0, &(0x7f0000000040)=[{&(0x7f0000000240)="0bcb93b7b7c4", 0xf6d}], 0x1) truncate(&(0x7f0000000900)='./file1\x00', 0xcd) 0s ago: executing program 3 (id=4): sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004000}, 0x14) prlimit64(0x0, 0x7, &(0x7f0000000180)={0x2, 0x3}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x1c, 0x3a, 0xb, 0x0, 0x0, {0x4}, [@nested={0x4}, @nested={0x4, 0x9}]}, 0x1c}}, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.52' (ED25519) to the list of known hosts. [ 64.109929][ T5756] cgroup: Unknown subsys name 'net' [ 64.277360][ T5756] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 65.604713][ T5756] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 67.571152][ T5774] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 67.579405][ T5774] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 67.587025][ T5774] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 67.595141][ T5774] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 67.602996][ T5778] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 67.603354][ T5774] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 67.617919][ T5774] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 67.618294][ T5778] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 67.632611][ T5779] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 67.640353][ T5779] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 67.648705][ T5778] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 67.656693][ T5779] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 67.664163][ T5778] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 67.671837][ T5779] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 67.682670][ T5779] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 67.690082][ T5779] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 67.697376][ T5774] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 67.705704][ T5774] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 67.706099][ T5779] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 67.720084][ T5774] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 67.720412][ T5779] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 67.734774][ T5774] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 67.769410][ T5771] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 67.777101][ T5771] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 68.097001][ T5766] chnl_net:caif_netlink_parms(): no params data found [ 68.243942][ T5775] chnl_net:caif_netlink_parms(): no params data found [ 68.263472][ T5767] chnl_net:caif_netlink_parms(): no params data found [ 68.298191][ T5766] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.305417][ T5766] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.313421][ T5766] bridge_slave_0: entered allmulticast mode [ 68.320041][ T5766] bridge_slave_0: entered promiscuous mode [ 68.370311][ T5766] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.377513][ T5766] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.384748][ T5766] bridge_slave_1: entered allmulticast mode [ 68.391419][ T5766] bridge_slave_1: entered promiscuous mode [ 68.439036][ T5766] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.455602][ T5769] chnl_net:caif_netlink_parms(): no params data found [ 68.468110][ T5766] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.534404][ T5775] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.542011][ T5775] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.549111][ T5775] bridge_slave_0: entered allmulticast mode [ 68.562070][ T5775] bridge_slave_0: entered promiscuous mode [ 68.570532][ T5775] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.580516][ T5775] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.587705][ T5775] bridge_slave_1: entered allmulticast mode [ 68.595346][ T5775] bridge_slave_1: entered promiscuous mode [ 68.608936][ T5767] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.616222][ T5767] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.623821][ T5767] bridge_slave_0: entered allmulticast mode [ 68.630394][ T5767] bridge_slave_0: entered promiscuous mode [ 68.661976][ T5766] team0: Port device team_slave_0 added [ 68.668123][ T5767] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.675517][ T5767] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.682684][ T5767] bridge_slave_1: entered allmulticast mode [ 68.689232][ T5767] bridge_slave_1: entered promiscuous mode [ 68.721118][ T5766] team0: Port device team_slave_1 added [ 68.752496][ T5775] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.764589][ T5775] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.784756][ T5766] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 68.791799][ T5766] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.818107][ T5766] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 68.833536][ T5767] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.883697][ T5766] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 68.890647][ T5766] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.917058][ T5766] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 68.935564][ T5767] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.956247][ T5769] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.963593][ T5769] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.970720][ T5769] bridge_slave_0: entered allmulticast mode [ 68.977660][ T5769] bridge_slave_0: entered promiscuous mode [ 68.986903][ T5775] team0: Port device team_slave_0 added [ 69.022248][ T5769] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.029382][ T5769] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.036581][ T5769] bridge_slave_1: entered allmulticast mode [ 69.044802][ T5769] bridge_slave_1: entered promiscuous mode [ 69.057203][ T5775] team0: Port device team_slave_1 added [ 69.076872][ T5767] team0: Port device team_slave_0 added [ 69.119431][ T5766] hsr_slave_0: entered promiscuous mode [ 69.126218][ T5766] hsr_slave_1: entered promiscuous mode [ 69.147703][ T5767] team0: Port device team_slave_1 added [ 69.155426][ T5769] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.168221][ T5769] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.216901][ T5775] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.224453][ T5775] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.250898][ T5775] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.264258][ T5775] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.271201][ T5775] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.297354][ T5775] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.346108][ T5767] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.353385][ T5767] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.379852][ T5767] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.393306][ T5767] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.400254][ T5767] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.426198][ T5767] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.439430][ T5769] team0: Port device team_slave_0 added [ 69.448214][ T5769] team0: Port device team_slave_1 added [ 69.524531][ T5769] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.531563][ T5769] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.557721][ T5769] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.570420][ T5769] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.577626][ T5769] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.604312][ T5769] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.629059][ T5775] hsr_slave_0: entered promiscuous mode [ 69.635601][ T5775] hsr_slave_1: entered promiscuous mode [ 69.642133][ T5775] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 69.649882][ T5775] Cannot create hsr debugfs directory [ 69.673270][ T5767] hsr_slave_0: entered promiscuous mode [ 69.679536][ T5767] hsr_slave_1: entered promiscuous mode [ 69.686237][ T5767] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 69.694069][ T5767] Cannot create hsr debugfs directory [ 69.711994][ T5776] Bluetooth: hci0: command tx timeout [ 69.791438][ T5776] Bluetooth: hci2: command tx timeout [ 69.791454][ T5771] Bluetooth: hci1: command tx timeout [ 69.807076][ T5769] hsr_slave_0: entered promiscuous mode [ 69.816440][ T5769] hsr_slave_1: entered promiscuous mode [ 69.823257][ T5769] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 69.830797][ T5769] Cannot create hsr debugfs directory [ 69.871519][ T5776] Bluetooth: hci3: command tx timeout [ 70.035510][ T5766] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 70.045746][ T5766] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 70.060549][ T5766] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 70.070971][ T5766] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 70.153541][ T5767] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 70.174236][ T5767] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 70.185310][ T5767] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 70.197172][ T5767] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 70.268866][ T5775] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 70.290029][ T5775] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 70.299671][ T5775] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 70.309182][ T5775] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 70.394041][ T5769] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 70.404587][ T5769] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 70.424392][ T5769] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 70.437162][ T5769] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 70.478589][ T5766] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.539338][ T5767] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.564345][ T5766] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.588631][ T5767] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.608261][ T3449] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.615481][ T3449] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.625786][ T3449] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.632926][ T3449] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.652946][ T3449] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.660057][ T3449] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.686354][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.693478][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.713712][ T5775] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.784840][ T5775] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.806276][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.813429][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.843916][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.851022][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.907076][ T5769] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.984990][ T5769] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.008447][ T2911] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.015676][ T2911] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.036342][ T2911] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.043521][ T2911] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.267829][ T5767] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.328898][ T5766] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.382815][ T5767] veth0_vlan: entered promiscuous mode [ 71.422608][ T5767] veth1_vlan: entered promiscuous mode [ 71.460878][ T5775] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.476764][ T1284] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.483938][ T5766] veth0_vlan: entered promiscuous mode [ 71.491862][ T1284] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.526773][ T5766] veth1_vlan: entered promiscuous mode [ 71.537565][ T5769] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.571178][ T5775] veth0_vlan: entered promiscuous mode [ 71.584811][ T5775] veth1_vlan: entered promiscuous mode [ 71.597356][ T5767] veth0_macvtap: entered promiscuous mode [ 71.626060][ T5767] veth1_macvtap: entered promiscuous mode [ 71.656358][ T5767] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 71.672074][ T5767] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 71.709146][ T5769] veth0_vlan: entered promiscuous mode [ 71.718856][ T5766] veth0_macvtap: entered promiscuous mode [ 71.728309][ T5767] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.739100][ T5767] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.749749][ T5767] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.758695][ T5767] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.776504][ T5775] veth0_macvtap: entered promiscuous mode [ 71.786378][ T5775] veth1_macvtap: entered promiscuous mode [ 71.807507][ T5776] Bluetooth: hci0: command tx timeout [ 71.820356][ T5769] veth1_vlan: entered promiscuous mode [ 71.828796][ T5766] veth1_macvtap: entered promiscuous mode [ 71.852183][ T5775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 71.863430][ T5775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 71.873447][ T5776] Bluetooth: hci1: command tx timeout [ 71.880705][ T5775] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 71.882616][ T5776] Bluetooth: hci2: command tx timeout [ 71.914665][ T5775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 71.925682][ T5775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 71.937296][ T5775] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 71.947839][ T5775] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.958198][ T5775] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.961632][ T5776] Bluetooth: hci3: command tx timeout [ 71.968089][ T5775] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.981154][ T5775] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.993372][ T5766] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.004382][ T5766] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.015304][ T5766] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.025954][ T5766] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.040042][ T5766] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.069053][ T5766] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.079759][ T5766] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.090136][ T5766] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.100815][ T5766] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.113482][ T5766] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.163907][ T5766] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.174250][ T5766] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.183648][ T5766] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.193709][ T5766] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.229348][ T5769] veth0_macvtap: entered promiscuous mode [ 72.240153][ T5769] veth1_macvtap: entered promiscuous mode [ 72.269135][ T2911] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.292770][ T2911] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.324392][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.335988][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.346150][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.360997][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.371811][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.382603][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.394710][ T5769] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.427769][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.439464][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.450402][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.460843][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.470850][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.481999][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.492951][ T5769] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.517037][ T5769] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.526714][ T5769] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.535577][ T5769] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.544683][ T5769] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.558018][ T3449] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.566820][ T3449] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.639570][ T3449] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.661044][ T3449] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.709845][ T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.755857][ T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.813122][ T3449] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.828378][ T3449] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.842079][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 72.850346][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 72.858865][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 72.867360][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 72.893612][ T5865] Zero length message leads to an empty skb [ 73.221799][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 73.310803][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 73.361698][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 73.515671][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 73.618115][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 73.814923][ T3449] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.841211][ T3449] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.871740][ T5776] Bluetooth: hci0: command tx timeout [ 73.931731][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.939804][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.952569][ T5776] Bluetooth: hci2: command tx timeout [ 73.958249][ T5776] Bluetooth: hci1: command tx timeout [ 74.006331][ T5869] syz.1.2[5869]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 74.026272][ T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.034206][ T5776] Bluetooth: hci3: command tx timeout [ 74.037925][ T5869] loop1: detected capacity change from 0 to 16 [ 74.062816][ T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.199073][ T5869] erofs: (device loop1): mounted with root inode @ nid 36. [ 74.272233][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 74.792196][ T5869] erofs: (device loop1): erofs_find_target_block: corrupted dir block 8200 @ nid 36 [ 74.951034][ T5873] erofs: (device loop1): z_erofs_readahead: readahead error at folio 26 @ nid 36 [ 74.960397][ T5873] erofs: (device loop1): z_erofs_readahead: readahead error at folio 25 @ nid 36 [ 74.970399][ T5873] erofs: (device loop1): z_erofs_readahead: readahead error at folio 24 @ nid 36 [ 74.979605][ T5873] erofs: (device loop1): z_erofs_readahead: readahead error at folio 23 @ nid 36 [ 74.988778][ T5873] erofs: (device loop1): z_erofs_readahead: readahead error at folio 22 @ nid 36 [ 74.998375][ T5873] erofs: (device loop1): z_erofs_readahead: readahead error at folio 21 @ nid 36 [ 75.007518][ T5873] erofs: (device loop1): z_erofs_readahead: readahead error at folio 20 @ nid 36 [ 75.016709][ T5873] erofs: (device loop1): z_erofs_readahead: readahead error at folio 18 @ nid 36 [ 75.025852][ T5873] erofs: (device loop1): z_erofs_readahead: readahead error at folio 16 @ nid 36 [ 75.035089][ T5873] erofs: (device loop1): z_erofs_readahead: readahead error at folio 12 @ nid 36 [ 75.044428][ T5873] syz.1.2: attempt to access beyond end of device [ 75.044428][ T5873] loop1: rw=524288, sector=720, nr_sectors = 16 limit=16 [ 75.058428][ T5873] syz.1.2: attempt to access beyond end of device [ 75.058428][ T5873] loop1: rw=524288, sector=525144, nr_sectors = 16 limit=16 [ 75.072392][ T5873] syz.1.2: attempt to access beyond end of device [ 75.072392][ T5873] loop1: rw=524288, sector=16, nr_sectors = 8 limit=16 [ 75.085663][ T5873] syz.1.2: attempt to access beyond end of device [ 75.085663][ T5873] loop1: rw=524288, sector=13716630376, nr_sectors = 8 limit=16 [ 75.099739][ T5873] ================================================================== [ 75.107778][ T5873] BUG: KASAN: slab-use-after-free in z_erofs_transform_plain+0x38c/0x460 [ 75.116184][ T5873] Read of size 4095 at addr ffff88801e789400 by task syz.1.2/5873 [ 75.123973][ T5873] [ 75.126308][ T5873] CPU: 1 PID: 5873 Comm: syz.1.2 Not tainted 6.6.94-syzkaller #0 [ 75.134022][ T5873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 75.144066][ T5873] Call Trace: [ 75.147333][ T5873] [ 75.150247][ T5873] dump_stack_lvl+0x16c/0x230 [ 75.154913][ T5873] ? __lock_acquire+0x7c80/0x7c80 [ 75.159922][ T5873] ? show_regs_print_info+0x20/0x20 [ 75.165107][ T5873] ? load_image+0x3b0/0x3b0 [ 75.169595][ T5873] ? __virt_addr_valid+0x469/0x540 [ 75.174698][ T5873] print_report+0xac/0x230 [ 75.179096][ T5873] ? z_erofs_transform_plain+0x38c/0x460 [ 75.184718][ T5873] kasan_report+0x117/0x150 [ 75.189207][ T5873] ? z_erofs_transform_plain+0x38c/0x460 [ 75.194829][ T5873] kasan_check_range+0x288/0x290 [ 75.199751][ T5873] ? z_erofs_transform_plain+0x38c/0x460 [ 75.205364][ T5873] __asan_memcpy+0x29/0x70 [ 75.209767][ T5873] z_erofs_transform_plain+0x38c/0x460 [ 75.215209][ T5873] ? z_erofs_lz4_decompress+0x1720/0x1720 [ 75.220911][ T5873] z_erofs_decompress_queue+0x16fb/0x2650 [ 75.226623][ T5873] ? z_erofs_onlinepage_endio+0x350/0x350 [ 75.232336][ T5873] ? slab_free_freelist_hook+0x130/0x1b0 [ 75.237990][ T5873] ? bio_truncate+0x6f0/0x6f0 [ 75.242685][ T5873] ? z_erofs_decompressqueue_endio+0x5a0/0x5a0 [ 75.248858][ T5873] z_erofs_runqueue+0x18a3/0x19d0 [ 75.253908][ T5873] ? z_erofs_do_read_page+0x3680/0x3680 [ 75.259473][ T5873] ? _raw_spin_unlock+0x28/0x40 [ 75.264312][ T5873] ? lockref_put_or_lock+0x72/0xb0 [ 75.269406][ T5873] z_erofs_readahead+0xa7c/0xd50 [ 75.274325][ T5873] ? z_erofs_read_folio+0x540/0x540 [ 75.279499][ T5873] ? __mod_lruvec_page_state+0xa5/0x420 [ 75.285026][ T5873] ? folio_add_lru+0x320/0xd50 [ 75.289769][ T5873] ? blk_start_plug+0x6e/0x1a0 [ 75.294511][ T5873] read_pages+0x177/0x840 [ 75.298818][ T5873] ? __lock_acquire+0x7c80/0x7c80 [ 75.303819][ T5873] ? page_cache_ra_unbounded+0x770/0x770 [ 75.309427][ T5873] ? folio_add_lru+0xd50/0xd50 [ 75.314173][ T5873] ? folio_add_lru+0x54f/0xd50 [ 75.318916][ T5873] ? filemap_add_folio+0x192/0x3c0 [ 75.324003][ T5873] page_cache_ra_unbounded+0x692/0x770 [ 75.329440][ T5873] force_page_cache_ra+0x2c1/0x320 [ 75.334531][ T5873] generic_fadvise+0x44f/0x730 [ 75.339300][ T5873] ? dump_task+0x5f0/0x5f0 [ 75.343697][ T5873] ? __fget_files+0x28/0x4d0 [ 75.348269][ T5873] ? __fdget+0x180/0x210 [ 75.352494][ T5873] __x64_sys_fadvise64+0x140/0x180 [ 75.357587][ T5873] do_syscall_64+0x55/0xb0 [ 75.361989][ T5873] ? clear_bhb_loop+0x40/0x90 [ 75.366643][ T5873] ? clear_bhb_loop+0x40/0x90 [ 75.371317][ T5873] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 75.377208][ T5873] RIP: 0033:0x7f8cded8e929 [ 75.381609][ T5873] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.401192][ T5873] RSP: 002b:00007f8cdfc39038 EFLAGS: 00000246 ORIG_RAX: 00000000000000dd [ 75.409581][ T5873] RAX: ffffffffffffffda RBX: 00007f8cdefb6080 RCX: 00007f8cded8e929 [ 75.417530][ T5873] RDX: 000000000000ff39 RSI: 000000000000aa1f RDI: 0000000000000004 [ 75.425482][ T5873] RBP: 00007f8cdee10b39 R08: 0000000000000000 R09: 0000000000000000 [ 75.433430][ T5873] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 75.441386][ T5873] R13: 0000000000000000 R14: 00007f8cdefb6080 R15: 00007ffe29a2dd08 [ 75.449338][ T5873] [ 75.452336][ T5873] [ 75.454636][ T5873] The buggy address belongs to the physical page: [ 75.461034][ T5873] page:ffffea000079e240 refcount:2 mapcount:0 mapping:ffff88805da587c8 index:0x1 pfn:0x1e789 [ 75.471182][ T5873] memcg:ffff88801b7f6000 [ 75.475406][ T5873] aops:z_erofs_cache_aops ino:0 [ 75.480248][ T5873] flags: 0xfff40000008028(uptodate|lru|private|node=0|zone=1|lastcpupid=0x7ff) [ 75.489165][ T5873] page_type: 0xffffffff() [ 75.493468][ T5873] raw: 00fff40000008028 ffffea0000bdd688 ffffea0000b801c8 ffff88805da587c8 [ 75.502026][ T5873] raw: 0000000000000001 ffff88805da84000 00000002ffffffff ffff88801b7f6000 [ 75.510578][ T5873] page dumped because: kasan: bad access detected [ 75.516965][ T5873] page_owner tracks the page as allocated [ 75.522651][ T5873] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5869, tgid 5867 (syz.1.2), ts 74772686225, free_ts 74683760197 [ 75.544155][ T5873] post_alloc_hook+0x1cd/0x210 [ 75.548898][ T5873] get_page_from_freelist+0x195c/0x19f0 [ 75.554421][ T5873] __alloc_pages+0x1e3/0x460 [ 75.558991][ T5873] z_erofs_do_read_page+0x20c0/0x3680 [ 75.564341][ T5873] z_erofs_read_folio+0x213/0x540 [ 75.569340][ T5873] filemap_read_folio+0x167/0x760 [ 75.574341][ T5873] do_read_cache_folio+0x470/0x7e0 [ 75.579429][ T5873] erofs_bread+0x16f/0x630 [ 75.583820][ T5873] erofs_namei+0x28c/0xf00 [ 75.588210][ T5873] erofs_lookup+0x135/0x310 [ 75.592686][ T5873] __lookup_slow+0x281/0x3b0 [ 75.597250][ T5873] lookup_slow+0x53/0x70 [ 75.601465][ T5873] link_path_walk+0x970/0xe00 [ 75.606117][ T5873] path_openat+0x283/0x3190 [ 75.610593][ T5873] do_filp_open+0x1c5/0x3d0 [ 75.615068][ T5873] do_sys_openat2+0x12c/0x1c0 [ 75.619727][ T5873] page last free stack trace: [ 75.624375][ T5873] free_unref_page_prepare+0x7ce/0x8e0 [ 75.629805][ T5873] free_unref_page+0x32/0x2e0 [ 75.634456][ T5873] __slab_free+0x35e/0x410 [ 75.638845][ T5873] qlist_free_all+0x75/0xe0 [ 75.643336][ T5873] kasan_quarantine_reduce+0x143/0x160 [ 75.648768][ T5873] __kasan_slab_alloc+0x22/0x80 [ 75.653595][ T5873] slab_post_alloc_hook+0x6e/0x4d0 [ 75.658679][ T5873] kmem_cache_alloc+0x11e/0x2e0 [ 75.663502][ T5873] getname_flags+0xbb/0x500 [ 75.667987][ T5873] user_path_at_empty+0x2c/0x60 [ 75.672815][ T5873] __se_sys_chroot+0x94/0x3b0 [ 75.677469][ T5873] do_syscall_64+0x55/0xb0 [ 75.681887][ T5873] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 75.687761][ T5873] [ 75.690059][ T5873] Memory state around the buggy address: [ 75.695660][ T5873] ffff88801e789f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 75.703695][ T5873] ffff88801e789f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 75.711741][ T5873] >ffff88801e78a000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.719779][ T5873] ^ [ 75.723820][ T5873] ffff88801e78a080: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 75.731852][ T5873] ffff88801e78a100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 75.739884][ T5873] ================================================================== [ 75.749164][ T5873] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 75.756347][ T5873] CPU: 1 PID: 5873 Comm: syz.1.2 Not tainted 6.6.94-syzkaller #0 [ 75.764039][ T5873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 75.774070][ T5873] Call Trace: [ 75.777327][ T5873] [ 75.780236][ T5873] dump_stack_lvl+0x16c/0x230 [ 75.784894][ T5873] ? show_regs_print_info+0x20/0x20 [ 75.790071][ T5873] ? load_image+0x3b0/0x3b0 [ 75.794563][ T5873] panic+0x2c0/0x710 [ 75.798442][ T5873] ? bpf_jit_dump+0xd0/0xd0 [ 75.802927][ T5873] ? _raw_spin_unlock_irqrestore+0xa9/0x110 [ 75.808802][ T5873] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 75.814683][ T5873] ? _raw_spin_unlock+0x40/0x40 [ 75.819523][ T5873] ? print_memory_metadata+0x314/0x400 [ 75.824965][ T5873] ? z_erofs_transform_plain+0x38c/0x460 [ 75.830575][ T5873] check_panic_on_warn+0x84/0xa0 [ 75.835490][ T5873] ? z_erofs_transform_plain+0x38c/0x460 [ 75.841101][ T5873] end_report+0x6f/0x140 [ 75.845324][ T5873] kasan_report+0x128/0x150 [ 75.849809][ T5873] ? z_erofs_transform_plain+0x38c/0x460 [ 75.855423][ T5873] kasan_check_range+0x288/0x290 [ 75.860338][ T5873] ? z_erofs_transform_plain+0x38c/0x460 [ 75.865949][ T5873] __asan_memcpy+0x29/0x70 [ 75.870347][ T5873] z_erofs_transform_plain+0x38c/0x460 [ 75.875792][ T5873] ? z_erofs_lz4_decompress+0x1720/0x1720 [ 75.881494][ T5873] z_erofs_decompress_queue+0x16fb/0x2650 [ 75.887207][ T5873] ? z_erofs_onlinepage_endio+0x350/0x350 [ 75.892907][ T5873] ? slab_free_freelist_hook+0x130/0x1b0 [ 75.898525][ T5873] ? bio_truncate+0x6f0/0x6f0 [ 75.903182][ T5873] ? z_erofs_decompressqueue_endio+0x5a0/0x5a0 [ 75.909317][ T5873] z_erofs_runqueue+0x18a3/0x19d0 [ 75.914339][ T5873] ? z_erofs_do_read_page+0x3680/0x3680 [ 75.919879][ T5873] ? _raw_spin_unlock+0x28/0x40 [ 75.924723][ T5873] ? lockref_put_or_lock+0x72/0xb0 [ 75.929817][ T5873] z_erofs_readahead+0xa7c/0xd50 [ 75.934742][ T5873] ? z_erofs_read_folio+0x540/0x540 [ 75.939922][ T5873] ? __mod_lruvec_page_state+0xa5/0x420 [ 75.945452][ T5873] ? folio_add_lru+0x320/0xd50 [ 75.950225][ T5873] ? blk_start_plug+0x6e/0x1a0 [ 75.954991][ T5873] read_pages+0x177/0x840 [ 75.959328][ T5873] ? __lock_acquire+0x7c80/0x7c80 [ 75.964334][ T5873] ? page_cache_ra_unbounded+0x770/0x770 [ 75.969950][ T5873] ? folio_add_lru+0xd50/0xd50 [ 75.974702][ T5873] ? folio_add_lru+0x54f/0xd50 [ 75.979450][ T5873] ? filemap_add_folio+0x192/0x3c0 [ 75.984560][ T5873] page_cache_ra_unbounded+0x692/0x770 [ 75.990002][ T5873] force_page_cache_ra+0x2c1/0x320 [ 75.995092][ T5873] generic_fadvise+0x44f/0x730 [ 75.999841][ T5873] ? dump_task+0x5f0/0x5f0 [ 76.004240][ T5873] ? __fget_files+0x28/0x4d0 [ 76.008816][ T5873] ? __fdget+0x180/0x210 [ 76.013041][ T5873] __x64_sys_fadvise64+0x140/0x180 [ 76.018137][ T5873] do_syscall_64+0x55/0xb0 [ 76.022537][ T5873] ? clear_bhb_loop+0x40/0x90 [ 76.027194][ T5873] ? clear_bhb_loop+0x40/0x90 [ 76.031859][ T5873] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 76.037758][ T5873] RIP: 0033:0x7f8cded8e929 [ 76.042153][ T5873] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.061735][ T5873] RSP: 002b:00007f8cdfc39038 EFLAGS: 00000246 ORIG_RAX: 00000000000000dd [ 76.070126][ T5873] RAX: ffffffffffffffda RBX: 00007f8cdefb6080 RCX: 00007f8cded8e929 [ 76.078080][ T5873] RDX: 000000000000ff39 RSI: 000000000000aa1f RDI: 0000000000000004 [ 76.086065][ T5873] RBP: 00007f8cdee10b39 R08: 0000000000000000 R09: 0000000000000000 [ 76.094015][ T5873] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 76.101961][ T5873] R13: 0000000000000000 R14: 00007f8cdefb6080 R15: 00007ffe29a2dd08 [ 76.109913][ T5873] [ 76.113138][ T5873] Kernel Offset: disabled [ 76.117447][ T5873] Rebooting in 86400 seconds..