program: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) socket$inet6_tcp(0xa, 0x1, 0x0) (async) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000000)=0x5, 0x4) bind$inet6(r1, &(0x7f0000000080)={0xa, 0xce22, 0x0, @empty}, 0x1c) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000000)=0x5, 0x4) bind$inet6(r2, &(0x7f0000000080)={0xa, 0xce22, 0x0, @ipv4}, 0x1c) (async) bind$inet6(r2, &(0x7f0000000080)={0xa, 0xce22, 0x0, @ipv4}, 0x1c) r3 = socket$qrtr(0x2a, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r3, 0x8914, &(0x7f0000000000)={'wlan1\x00'}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file3\x00', 0xa08802, &(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYRESDEC, @ANYRESDEC], 0x1, 0x693, &(0x7f0000000ec0)="$eJzs3c1rHOcdB/DvrFay1gVHSWwnLYGKGNJSU1uycFqVQtweig+hBBcaCr0IW46F106QlaKE0qrv1x7yB6QHHQq9tNC7IYWe2h4KoTfRQwkUekkvurnM7Ky0trTKrixprebzMbPzzDyv89uZZzS7mA3wqXX1fJr3U+Tq+VdXy+2N9bn2xvrciTq7naRMN5JmZ5XiblJ8kFxJZ8lny511+aJfP+8tzV/78OONjzpbzXqpyjf2qjeYtXrJdJKxer3T+L7au963vd19vV4vbO0pto6wDNi5buBg1B7ssDZM9ce8boEnQdG5b+4wlZxMMln/HZB6dmgc7egO3lCzHAAAABxTT21mM6s5NepxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwHFSpDVWrTpLo5ueTtH9/f+Jel/q9LXGiMf8OO6PegAAAAAAAAAAcAA+v5nNrOZUkr+X2w863+y/WL2erl4/k7dzL4tZzoWsZiErWclyZpNM9TQ0sbqwsrI8O0DNS7vWvLS/8f9+f9UAAAAAAAAA4P/NT3O1+v4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeGEUy1llVy+lueiqNZpLJJBNlubXkb930MVHstvP+0Y8DAAAAHsvkPuo8tZnNrOZUd/tBUT3zn62elyfzdu5mJUtZSTuLuVE/Q5dP/Y2N9bn2xvrcnY31uarj7z/o6LTzjf8MNYyqxXQ+e9i95+erEq3czFK150KuV4O5kUZVs/R8PZ6t5eFOflKOqfVKbcCR3ajXZWe/7vcpwkFoDFthqqo0vhWRmXpsZUNP7x2JT3x3mnv2NJvG1ic/p/foqXtIxZAxP9mtl+SXj8T8lX/99nsDNnMItiLRSBWJSz1n39mN9bmx9I158oU//u71W+27t2/dvHf+0E6jo/LoOTHXE4nn9j77nvBINIcsP1NF4szW9tV8K9/J+UzntSxnKT/IQlaymHpmzEJ9PpevUz1RSnZE6spDW6990kgm6velM4sOMqbpnKhSC3mxqnsqSynyZm5kMS9X/y5lNl/J5VzOfM87fKbvO1wdWzXTNoa76s99MduX+q/KmXqwesmfBy04vM4ttYzr0z1x7Z1zp6q83j3bUXpmgPvRkHNj83N1ouzjZ/u5bRyaRyMx2xOJZ/eOxG+qa+Ne++7t5VsLb/Vpf+2R7ZfGt9O/OMw789DK8+WZTNYzycNnR5n37NYs83C8JupvXDp5jR15Z6q8ouheqd/e5UotIz5flT67a0uXqrznduaN1SP/xz978h76eytv/mU08QRgSCe/dHKi9e/WX1vvt37eutV6dfKbJ7564oWJjP9p/GvNmbGXGi8Uf8j7+dH28z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB/99559/ZCu724vHui0T/rYBNF/UM+/co008oRDOMoE0Wy1n4wdrAtZ/THNUCi+yOCj9vO61eeiMM51omxJPWeHyfb50/9FnV+Ce27/x3ZDAUclosrd966eO+dd7+8dGfhjcU3Fu+OX748PzN/+eW5izeX2osznddRjxI4DNt/D4x6JAAAAAAAAAAAAMCgjuJ/GvR0Nz3CQwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOqavn0xxPkdmZCzPl9sb6XLtcuuntks0kjUZS/DApPkiupLNkqqe5ol8/7y3NX/vw442Ptttqdss39qo3mLV6yXSSsXq9w8T+2rver72BFVtHWAbsXDdwMGr/CwAA//8xgggQ") setxattr$trusted_overlay_upper(&(0x7f0000000280)='./file1\x00', &(0x7f0000000240), &(0x7f0000001400)=ANY=[], 0x841, 0x0) (async) setxattr$trusted_overlay_upper(&(0x7f0000000280)='./file1\x00', &(0x7f0000000240), &(0x7f0000001400)=ANY=[], 0x841, 0x0) lremovexattr(&(0x7f0000000240)='./file1\x00', &(0x7f00000000c0)=@known='trusted.overlay.upper\x00') r6 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xf4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8264, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x2018, 0x0, 0x80000000, 0x4, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xf4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8264, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x2018, 0x0, 0x80000000, 0x4, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) unshare(0x22020600) (async) unshare(0x22020600) syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f00000002c0)='./file1\x00', 0x8c0, &(0x7f0000000340)=ANY=[@ANYBLOB='acl,heartbeat=none,dir_resv_level=00003,coherency=full,coherency=full,localflocks,coherency=full,noacl,\x00'/119, @ANYBLOB="2d81167ce471c0ae99b4f078ccbec85d44f5f66d8256815bc9a0e02b4b1d31ee59ea9d8cdbbaf25b00ff37cd9445027bc0a305f4d989c5758e0b8ee488f581da6ba9b38fa615955cb56b9d4eb6954e931ad460a2afe3c17aa3eb8737be3915cc778b2e6943a6faf4fb1eb9c82cd5", @ANYRESHEX], 0x1, 0x4421, &(0x7f0000004500)="$eJzs3c9PHGUfAPBnBt63UNsKtYeamLiJTTRqCPSk0kRKaSm0WFNtY7xsF9i26MI2sBgPPeCtiScTD8ZDo4k3Tg0Hr/VP8OKxnpvowYuJSSNmd2eBGXbDSliwzeeTlNl5fu9+d5595jB94kTl9txSbm4pV1jIlWduLp3OfVYuLc8XQ7xPDrp/2tOJOIn9wbly7sIH10+H8NPsL4/X19fXQ1V3aGpoy+s//7g7s/XYEGfqVNtt3tpe+TiEcGLbuKq6Qggf/RhCFEI4m6SNJsfeEMKxUM+7fvfLG7k9Gs2DR8Uz+SdT99aGT02u3l9r/d6jEL4tvfjmrfnfXuka/vX1PeoeAAAAAAAAAAAAAAAAAICn3PjVK9feHxwKD6PQvRptf153PDm2ej52fc+83Pk3CwAAAAAAAAAAAAAAAAAAAP9Rm8//56LjTZ7/H0uOIy3qr7/b+THSORPvXRk7PziU7P8ebct/K0n6/WxX6G+y73t2//ezmfrN93/f3s9uNcbX6LcvRPFA6jyOBwZC+D7Z+P1kdDgulZcqb9wsLy/M7tkwnlrp+Nd3709FJ9nQv934j2ba7/z+/y9s+zZVz2/s3VfsmZaOf1fLcj98EbUV/3OZevsRf3YvHf/uWlrv1gIj9QmgGv+vuneO/1im/U7F/1gIIRdVx5pLzQDVNUw1vdV6hbR0/P9XS0tNnckH2er6/ysT//OZ9g9q/l/J/hDRVDr+/6+l9aRKbF7//fHO1/+FTPsHEf/q+Ff8/rclHf9D9cTuVJHaJ9nu/D+eab9T8b8WJ+M8FqW+AatRPb3V/1dHWjr+PdvyN+//4rbWfxcz9ffr/q/Rb+P+rzH9vxbV7/9oLh3/3pbl2r3+JzL1Oj3/j9TWf+xWOv6Ha2nptXNf7W+78Z/MtN+p+NdWJT2N+G/OJ38fqqd/Z/3XlnT8n6snxltLrNT+1tZ/0c7r/0uZ9g9i/Vcd/0rc2V6fFen4H2lZrhr/n9v4/b+cqdf5+IcwaK2/a+n4H21Zrnb99+wc/6lMvU7H/9VONg4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwFBhNjn0higdS53E8MBDCueT8ZDgcTRdm89Ol8synSyGMJem5cDy6VSpPF0r5uYXybDFfKJXKMyGcT/JPhJ5oqVSu5OcLdy5stNUb3S4WFivTxUIlhDCepL8Ujjbamp6rzBfuhBAubuQ9H5cX79wuLORn5xbfGRwcHAwTG2Poj4qfV4oLlXrv9dwQJjfq9kVbBlfLvrQxliPRJ+XlxYVCqZZ+eUudUnmmUNpSZyrJ+zr0R5XF5YWZQqWYL5VvNfo7SCPJcWzi6odXLw9ty78R1Y+j+zssAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP6lh8NvfxNC6K6fxSGEXJS8iJJ/KQ8eFc/kn0zdWxs+Nbl6f+1xszIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/7ADBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFXfpHaSCI4gD8Ziy09BhWy25nu6KIFq4InkCP4WH0KF7CO1ikSJsiBJJZCPsHtkmq72sezI+Z92AeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyz2+de+vdROR4mp7GfH7+fd/nD+X+n03ff/iDDNyOk8v3f1D3ZR/T6P8thyt2rxPN+uvj5iovZ/Bngz36WDcZ2hu3+bm6/teR8pVRLQlv0k5V9WytwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAHTtwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYgWMBAAAAAGH+1lH0bQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPArAAD//z8QH1I=") openat(0xffffffffffffff9c, &(0x7f0000000640)='./file1\x00', 0x105042, 0x0) (async) r8 = openat(0xffffffffffffff9c, &(0x7f0000000640)='./file1\x00', 0x105042, 0x0) ioctl$FICLONERANGE(r8, 0x4020940d, &(0x7f00000000c0)={{r8}, 0x0, 0x0, 0x100000}) ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000000)=0x15) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) (async) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) ioctl$TCSETS(r7, 0x40204706, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x0, 0x0, "3eccd8f9d20000000000001000000200000500"}) syz_emit_ethernet(0x16e, &(0x7f0000000000)={@local, @local, @void, {@ipv6={0x86dd, @tipc_packet={0xc, 0x6, "2c1137", 0x138, 0x6, 0x0, @loopback, @mcast2, {[@fragment={0x4, 0x0, 0x80, 0x1, 0x0, 0x6, 0x68}, @dstopts={0xcd, 0x2, '\x00', [@jumbo={0xc2, 0x4, 0x6}, @jumbo={0xc2, 0x4, 0x6}, @pad1, @ra={0x5, 0x2, 0x6}]}, @dstopts={0x2f, 0x0, '\x00', [@padn]}, @routing={0x5c, 0x6, 0x2, 0x81, 0x0, [@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, @private2, @private0]}, @dstopts={0x73, 0xb, '\x00', [@calipso={0x7, 0x38, {0x0, 0xc, 0x7, 0x6, [0x6, 0x7, 0x7, 0x2, 0x277879ac, 0x7]}}, @enc_lim={0x4, 0x1, 0x1}, @padn, @generic={0x8, 0x19, "4de8c188045f8b77e186c5454f1ca239db86d0d77c322dfc70"}]}], @name_distributor={{0x60, 0x0, 0x0, 0x0, 0x0, 0xa, 0xb, 0x2, 0x5, 0x0, 0x0, 0xfff9, 0x8, 0x2, 0x4e23, 0x4e24, 0x2, 0x1, 0x0, 0x0, 0x1}, [{0x4, 0x8, 0x1, 0x2, 0xac1, 0x80, 0x9, 0x200}, {0x7f, 0xffff, 0x7f, 0xf8e, 0x400, 0x3, 0x3, 0xffffff9}]}}}}}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r6) (async) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r6) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) (async) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r10, @ANYBLOB="0800050007000000"], 0x24}}, 0x0) (async) sendmsg$NL80211_CMD_SET_INTERFACE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r10, @ANYBLOB="0800050007000000"], 0x24}}, 0x0) r11 = signalfd4(r5, &(0x7f0000000300)={[0x2]}, 0x8, 0x80000) mmap(&(0x7f0000280000/0x3000)=nil, 0x3000, 0x1000009, 0x129011, r11, 0xc7f39000) [ 85.015139][ T4689] Bluetooth: hci0: command tx timeout [ 85.149476][ T5344] loop0: detected capacity change from 0 to 1024 [ 85.215412][ T5344] hfsplus: request for non-existent node 211 in B*Tree [ 85.224640][ T5344] hfsplus: request for non-existent node 211 in B*Tree [ 85.232550][ T5345] ================================================================== [ 85.236247][ T5345] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0xc0/0x2a0 [ 85.239681][ T5345] Read of size 8 at addr ffff888035a4ecc8 by task syz.0.0/5345 [ 85.242866][ T5345] [ 85.243954][ T5345] CPU: 0 UID: 0 PID: 5345 Comm: syz.0.0 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 85.243994][ T5345] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.244001][ T5345] Call Trace: [ 85.244011][ T5345] [ 85.244017][ T5345] dump_stack_lvl+0x189/0x250 [ 85.244036][ T5345] ? __kasan_check_byte+0x12/0x40 [ 85.244051][ T5345] ? __pfx_dump_stack_lvl+0x10/0x10 [ 85.244062][ T5345] ? lock_release+0x4b/0x3e0 [ 85.244075][ T5345] ? __virt_addr_valid+0x4a5/0x5c0 [ 85.244090][ T5345] print_report+0xd2/0x2b0 [ 85.244100][ T5345] ? hfsplus_bnode_read+0xc0/0x2a0 [ 85.244111][ T5345] kasan_report+0x118/0x150 [ 85.244124][ T5345] ? hfsplus_bnode_read+0xc0/0x2a0 [ 85.244136][ T5345] hfsplus_bnode_read+0xc0/0x2a0 [ 85.244147][ T5345] hfsplus_bnode_dump+0x300/0x450 [ 85.244158][ T5345] ? __pfx_hfsplus_bnode_dump+0x10/0x10 [ 85.244170][ T5345] ? hfsplus_bnode_write_u16+0x8b/0xd0 [ 85.244181][ T5345] ? hfsplus_bnode_move+0x393/0xb90 [ 85.244192][ T5345] ? __pfx___hfsplus_brec_find+0x10/0x10 [ 85.244204][ T5345] hfsplus_brec_remove+0x480/0x550 [ 85.244226][ T5345] __hfsplus_delete_attr+0x1d4/0x360 [ 85.244240][ T5345] ? __pfx___hfsplus_delete_attr+0x10/0x10 [ 85.244255][ T5345] ? hfsplus_attr_build_key+0xee/0x260 [ 85.244268][ T5345] hfsplus_delete_attr+0x231/0x2d0 [ 85.244282][ T5345] ? __pfx_hfsplus_delete_attr+0x10/0x10 [ 85.244296][ T5345] ? hfsplus_find_init+0x8c/0x1d0 [ 85.244307][ T5345] ? hfsplus_find_init+0x15a/0x1d0 [ 85.244320][ T5345] __hfsplus_setxattr+0x71c/0x1f40 [ 85.244334][ T5345] ? do_raw_spin_lock+0x121/0x290 [ 85.244352][ T5345] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 85.244410][ T5345] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.244426][ T5345] ? __pfx___hfsplus_setxattr+0x10/0x10 [ 85.244438][ T5345] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 85.244468][ T5345] ? __kasan_kmalloc+0x93/0xb0 [ 85.244479][ T5345] ? hfsplus_setxattr+0x102/0x180 [ 85.244494][ T5345] hfsplus_setxattr+0x11e/0x180 [ 85.244508][ T5345] hfsplus_trusted_setxattr+0x40/0x60 [ 85.244523][ T5345] ? __pfx_hfsplus_trusted_setxattr+0x10/0x10 [ 85.244536][ T5345] __vfs_removexattr+0x431/0x470 [ 85.244554][ T5345] __vfs_removexattr_locked+0x1ed/0x230 [ 85.244568][ T5345] vfs_removexattr+0x80/0x1b0 [ 85.244582][ T5345] path_removexattrat+0x35d/0x690 [ 85.244592][ T5345] ? __pfx_path_removexattrat+0x10/0x10 [ 85.244610][ T5345] ? rcu_is_watching+0x15/0xb0 [ 85.244624][ T5345] __x64_sys_lremovexattr+0x65/0x80 [ 85.244640][ T5345] do_syscall_64+0xfa/0x3b0 [ 85.244650][ T5345] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.244664][ T5345] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.244674][ T5345] ? clear_bhb_loop+0x60/0xb0 [ 85.244686][ T5345] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.244698][ T5345] RIP: 0033:0x7f43d8b8e929 [ 85.244710][ T5345] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.244720][ T5345] RSP: 002b:00007f43d9a10038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c6 [ 85.244733][ T5345] RAX: ffffffffffffffda RBX: 00007f43d8db6080 RCX: 00007f43d8b8e929 [ 85.244741][ T5345] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000200000000240 [ 85.244748][ T5345] RBP: 00007f43d8c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 85.244754][ T5345] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.244760][ T5345] R13: 0000000000000000 R14: 00007f43d8db6080 R15: 00007ffc04501058 [ 85.244771][ T5345] [ 85.244775][ T5345] [ 85.391883][ T5345] Allocated by task 5345: [ 85.393696][ T5345] kasan_save_track+0x3e/0x80 [ 85.395665][ T5345] __kasan_kmalloc+0x93/0xb0 [ 85.397558][ T5345] __kmalloc_noprof+0x27a/0x4f0 [ 85.399526][ T5345] __hfs_bnode_create+0xf3/0x810 [ 85.401654][ T5345] hfsplus_bnode_find+0x224/0xd20 [ 85.404081][ T5345] hfsplus_brec_find+0x15c/0x500 [ 85.406209][ T5345] hfsplus_attr_exists+0x163/0x1d0 [ 85.408362][ T5345] __hfsplus_setxattr+0x33e/0x1f40 [ 85.410548][ T5345] hfsplus_setxattr+0x11e/0x180 [ 85.412607][ T5345] hfsplus_trusted_setxattr+0x40/0x60 [ 85.414733][ T5345] __vfs_setxattr+0x439/0x480 [ 85.416692][ T5345] __vfs_setxattr_noperm+0x12d/0x660 [ 85.418863][ T5345] vfs_setxattr+0x16b/0x2f0 [ 85.420797][ T5345] filename_setxattr+0x274/0x600 [ 85.422752][ T5345] path_setxattrat+0x364/0x3a0 [ 85.424621][ T5345] __x64_sys_setxattr+0xbc/0xe0 [ 85.426467][ T5345] do_syscall_64+0xfa/0x3b0 [ 85.428233][ T5345] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.430390][ T5345] [ 85.431348][ T5345] The buggy address belongs to the object at ffff888035a4ec00 [ 85.431348][ T5345] which belongs to the cache kmalloc-192 of size 192 [ 85.436660][ T5345] The buggy address is located 48 bytes to the right of [ 85.436660][ T5345] allocated 152-byte region [ffff888035a4ec00, ffff888035a4ec98) [ 85.442200][ T5345] [ 85.443266][ T5345] The buggy address belongs to the physical page: [ 85.445741][ T5345] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x35a4e [ 85.449143][ T5345] ksm flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 85.452329][ T5345] page_type: f5(slab) [ 85.454005][ T5345] raw: 04fff00000000000 ffff88801a4413c0 ffffea0000d9aa40 dead000000000003 [ 85.457833][ T5345] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 85.461890][ T5345] page dumped because: kasan: bad access detected [ 85.464518][ T5345] page_owner tracks the page as allocated [ 85.466879][ T5345] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52c00(GFP_NOIO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 31, tgid 31 (kworker/u4:2), ts 12552512276, free_ts 12536764833 [ 85.473974][ T5345] post_alloc_hook+0x240/0x2a0 [ 85.476190][ T5345] get_page_from_freelist+0x21e4/0x22c0 [ 85.478505][ T5345] __alloc_frozen_pages_noprof+0x181/0x370 [ 85.481062][ T5345] allocate_slab+0x65/0x3b0 [ 85.482992][ T5345] ___slab_alloc+0xbfc/0x1480 [ 85.485115][ T5345] __kvmalloc_node_noprof+0x429/0x5f0 [ 85.487496][ T5345] sbitmap_init_node+0x2c9/0x630 [ 85.489652][ T5345] blk_mq_alloc_and_init_hctx+0x4ea/0xd60 [ 85.492211][ T5345] __blk_mq_realloc_hw_ctxs+0x169/0x400 [ 85.494386][ T5345] blk_mq_init_allocated_queue+0x400/0x1490 [ 85.496959][ T5345] blk_mq_alloc_queue+0x197/0x290 [ 85.499250][ T5345] scsi_alloc_sdev+0x76d/0xb50 [ 85.501409][ T5345] scsi_probe_and_add_lun+0x1cb/0x4520 [ 85.503710][ T5345] __scsi_add_device+0x193/0x230 [ 85.505833][ T5345] ata_scsi_scan_host+0x1ff/0x680 [ 85.508039][ T5345] async_run_entry_fn+0xa8/0x3f0 [ 85.510234][ T5345] page last free pid 1096 tgid 1096 stack trace: [ 85.512995][ T5345] __free_frozen_pages+0xc71/0xe70 [ 85.515252][ T5345] bio_free_pages+0x17a/0x240 [ 85.517425][ T5345] bio_copy_kern_endio_read+0x2c3/0x300 [ 85.519802][ T5345] blk_update_request+0x5eb/0xe70 [ 85.522001][ T5345] scsi_end_request+0x7c/0x830 [ 85.523879][ T5345] scsi_io_completion+0x131/0x390 [ 85.526048][ T5345] ata_scsi_simulate+0x2ffb/0x3b50 [ 85.528199][ T5345] __ata_scsi_queuecmd+0x200/0xf60 [ 85.530289][ T5345] ata_scsi_queuecmd+0x3d4/0x5c0 [ 85.532369][ T5345] scsi_queue_rq+0x1c8e/0x2cc0 [ 85.534310][ T5345] blk_mq_dispatch_rq_list+0x4bd/0x1900 [ 85.536616][ T5345] __blk_mq_sched_dispatch_requests+0x350/0x1570 [ 85.539123][ T5345] blk_mq_sched_dispatch_requests+0xd7/0x190 [ 85.541666][ T5345] blk_mq_run_hw_queue+0x404/0x4f0 [ 85.543899][ T5345] blk_execute_rq+0x1d9/0x3f0 [ 85.545866][ T5345] scsi_execute_cmd+0x45a/0x1130 [ 85.547843][ T5345] [ 85.548846][ T5345] Memory state around the buggy address: [ 85.550850][ T5345] ffff888035a4eb80: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 85.553856][ T5345] ffff888035a4ec00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 85.557348][ T5345] >ffff888035a4ec80: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 85.560885][ T5345] ^ [ 85.563474][ T5345] ffff888035a4ed00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 85.566859][ T5345] ffff888035a4ed80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 85.570051][ T5345] ================================================================== [ 85.681182][ T5345] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 85.684183][ T5345] CPU: 0 UID: 0 PID: 5345 Comm: syz.0.0 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 85.689393][ T5345] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.693702][ T5345] Call Trace: [ 85.694995][ T5345] [ 85.696127][ T5345] dump_stack_lvl+0x99/0x250 [ 85.697930][ T5345] ? __asan_memcpy+0x40/0x70 [ 85.699697][ T5345] ? __pfx_dump_stack_lvl+0x10/0x10 [ 85.701668][ T5345] ? __pfx__printk+0x10/0x10 [ 85.703442][ T5345] panic+0x2db/0x790 [ 85.705130][ T5345] ? __pfx_preempt_schedule+0x10/0x10 [ 85.707462][ T5345] ? __pfx_panic+0x10/0x10 [ 85.709237][ T5345] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 85.711723][ T5345] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 85.714324][ T5345] ? hfsplus_bnode_read+0xc0/0x2a0 [ 85.716442][ T5345] check_panic_on_warn+0x89/0xb0 [ 85.718476][ T5345] ? hfsplus_bnode_read+0xc0/0x2a0 [ 85.720482][ T5345] end_report+0x78/0x160 [ 85.722241][ T5345] kasan_report+0x129/0x150 [ 85.724163][ T5345] ? hfsplus_bnode_read+0xc0/0x2a0 [ 85.726435][ T5345] hfsplus_bnode_read+0xc0/0x2a0 [ 85.728535][ T5345] hfsplus_bnode_dump+0x300/0x450 [ 85.730692][ T5345] ? __pfx_hfsplus_bnode_dump+0x10/0x10 [ 85.732625][ T5345] ? hfsplus_bnode_write_u16+0x8b/0xd0 [ 85.734987][ T5345] ? hfsplus_bnode_move+0x393/0xb90 [ 85.737349][ T5345] ? __pfx___hfsplus_brec_find+0x10/0x10 [ 85.739740][ T5345] hfsplus_brec_remove+0x480/0x550 [ 85.741959][ T5345] __hfsplus_delete_attr+0x1d4/0x360 [ 85.744125][ T5345] ? __pfx___hfsplus_delete_attr+0x10/0x10 [ 85.746801][ T5345] ? hfsplus_attr_build_key+0xee/0x260 [ 85.748849][ T5345] hfsplus_delete_attr+0x231/0x2d0 [ 85.751110][ T5345] ? __pfx_hfsplus_delete_attr+0x10/0x10 [ 85.753545][ T5345] ? hfsplus_find_init+0x8c/0x1d0 [ 85.755604][ T5345] ? hfsplus_find_init+0x15a/0x1d0 [ 85.757822][ T5345] __hfsplus_setxattr+0x71c/0x1f40 [ 85.760055][ T5345] ? do_raw_spin_lock+0x121/0x290 [ 85.762234][ T5345] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 85.764827][ T5345] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.767123][ T5345] ? __pfx___hfsplus_setxattr+0x10/0x10 [ 85.769580][ T5345] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 85.772168][ T5345] ? __kasan_kmalloc+0x93/0xb0 [ 85.774284][ T5345] ? hfsplus_setxattr+0x102/0x180 [ 85.776487][ T5345] hfsplus_setxattr+0x11e/0x180 [ 85.778620][ T5345] hfsplus_trusted_setxattr+0x40/0x60 [ 85.780843][ T5345] ? __pfx_hfsplus_trusted_setxattr+0x10/0x10 [ 85.783406][ T5345] __vfs_removexattr+0x431/0x470 [ 85.785510][ T5345] __vfs_removexattr_locked+0x1ed/0x230 [ 85.787825][ T5345] vfs_removexattr+0x80/0x1b0 [ 85.790019][ T5345] path_removexattrat+0x35d/0x690 [ 85.792192][ T5345] ? __pfx_path_removexattrat+0x10/0x10 [ 85.794474][ T5345] ? rcu_is_watching+0x15/0xb0 [ 85.796345][ T5345] __x64_sys_lremovexattr+0x65/0x80 [ 85.798391][ T5345] do_syscall_64+0xfa/0x3b0 [ 85.800205][ T5345] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.802327][ T5345] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.804785][ T5345] ? clear_bhb_loop+0x60/0xb0 [ 85.806449][ T5345] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.809050][ T5345] RIP: 0033:0x7f43d8b8e929 [ 85.811301][ T5345] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.820752][ T5345] RSP: 002b:00007f43d9a10038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c6 [ 85.824325][ T5345] RAX: ffffffffffffffda RBX: 00007f43d8db6080 RCX: 00007f43d8b8e929 [ 85.827935][ T5345] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000200000000240 [ 85.831314][ T5345] RBP: 00007f43d8c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 85.834627][ T5345] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.838126][ T5345] R13: 0000000000000000 R14: 00007f43d8db6080 R15: 00007ffc04501058 [ 85.841478][ T5345] [ 85.843140][ T5345] Kernel Offset: disabled [ 85.845037][ T5345] Rebooting in 86400 seconds..