last executing test programs: 2.097559381s ago: executing program 3 (id=4): syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000a00)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0) r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000000000401e04003100000000000109022400010000000009040000010300010009210101000122050009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000080)={0x2c, &(0x7f0000000040)={0x10, 0x19, 0x5, {0x5, 0x5, "87912e"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 821.391336ms ago: executing program 1 (id=2): r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000c00)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x8000, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xf}, {0xffff, 0xffff}, {0x6abae6172411e6b9}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x14, 0x2, [@TCA_HHF_EVICT_TIMEOUT={0x8, 0x6, 0x3}, @TCA_HHF_ADMIT_BYTES={0x8, 0x5, 0xa}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x801}, 0x22004800) 590.722023ms ago: executing program 1 (id=6): r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, r0, 0x1, 0x70bd25, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_PHY={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4080}, 0x4084) 434.678426ms ago: executing program 4 (id=5): r0 = userfaultfd(0x1) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000080)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000340)={{&(0x7f0000ffa000/0x4000)=nil, 0x4000}, 0x5}) 308.747788ms ago: executing program 1 (id=7): syz_mount_image$hfs(&(0x7f0000000180), &(0x7f0000000080)='./file0\x00', 0x84, &(0x7f0000000100)=ANY=[@ANYRES32=0x0, @ANYRES8], 0x8b, 0x2db, &(0x7f00000002c0)="$eJzs3c1q1Fwcx/HfSaYz6dM+ffLYiiAupFp0JW3diJsBKeIluFHUzgjFocVaQd04uBYvwL0bL8CLcCWCa125cit0FzlJpnMyk8xbmUmL3w9o05Pz8j95meQfmEYA/lq3tr5/uP7T/jOSL1/STcmzqy6qIumszgXPdw92DlrNxqCOfCmQokAyUtzS9NXZ3m3mNQ2UtkiF9reKFt0yTEcUVaMfZQeBMgXpTz9vpSfV0rPTdyufJnM9v7d9qV1SLCeFOdShXmip7DgAAOUyyfXdS6/zi+n9u+dJa+ll373+f/u35HiP54oOyw6hZM71P86yImP373/xqm6+F6dwdr3XyRLHHcfePFaVHFmZG0yTzSr7k8U4Fm/+8U6reW17r9Xw9Eb1mHHzwhVJdTXSnDWViba/69WcsqyqinobrCe/XYjnMGfnsNmNv153qiznDTrp1h6F+Wy+mPsm1Hs1ju7/KpFJho/izZ7uqdtz3fjXi7rbe3rP/gyTWgWz/D8e5Hx2ww6cpV+UkSjdUpGv7AOCMBtnNbdVNX604Ehmt1E0UtrPsvJabQ5ptWJbfXRadY/m4pbTZt6Zu2ZVv/RJW879v2e39pr6z8z8TuKa6ZExcD6VuGboFrUv5Nb0xp8LxtTdxm/1SDe09OzlqycPW63mvl2w59t+pmR6C5rhWCz0LHQOgpMSz2QL9jPWLVHY3K9MZSyvt6Q6+ab7nSwEGla51i0J3Jlu3kl2nlO5c1qPEEbnAd7QUGf5sYSydHd6cZ3XswwIs2Y/PEyS/zn5ynqcItn/wgH36dGw2zanx42c3KB2VPEfpyeTPp8vzoAWcjO4tsbIuS5dlS47hUNyrlBnpPmBcz1NzJa+6gHP/wEAAAAAAAAAAAAAAAAAAE6bWXxbwxmOv+gDAAAAAAAAAAAAAAAAAAAAAMAEit//G2iC9/9qxPf/Zr4HMPL7f2vHmCiAPn8CAAD//3Wlb9A=") syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x2029c1b, 0x0, 0x1, 0x0, &(0x7f0000000080)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) 308.425728ms ago: executing program 3 (id=8): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10) sendto$inet6(r0, &(0x7f0000000300), 0x16, 0x3b00, 0x0, 0xfffffffffffffdfd) 307.787695ms ago: executing program 2 (id=3): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000080)='./file2\x00', 0x1000000, &(0x7f0000000040)=ANY=[@ANYBLOB='resuid=', @ANYRESDEC, @ANYRES64=0x0], 0xff, 0x54fb, &(0x7f000000ab40)="$eJzs3EtvG1UUAODjpOmbEiEW7DpShZRItVWnD8GuQCseolVUYMEKHNux3NqeKHackBULlogF/wSBxIolv4EFa3aIBYgdEshzJ9DwkEBxYtJ8nzQ+c6+vz5xrVZXOTOQATqzF7OcfK3EpzkXEfERcjCjOK+VRuJ3CcxFxOSLmHjsq5fzvE6cj4nxEXJokTzkr5VufXh1fufnDGz999c2ZUxc++/Lb2e0amLXnI6K/kc63+ynmnRQflvONcbeI/RvjMqY3+o/KcZ7idnutyLDd2FvXKOL1Tlqfb2wNJ3G912hOYqe7XsxvDNIFh+POXp7iAw8bm8W41V4rYneYF7Gzm+ra2U3/t+0ORylPq8z3QZE+RqO9mObbO+20n41HRWwORuV8ypu32juTOC5jeblo5r1WUcfaQb7p/7c3u4OtnWzc3hx280F2s1Z/oVa/Va1v5q32qH2j2ui3bt3Iljq9ybLqqN3o3+7keafXrjXz/nK21Gk2q/V6tnSnvdZtDLJ6vXa9dq16c7k8u5q9ev+drNfKlibx5e5ga9TtDbP1fDNLn1jOVmrXX1zOrtSzt+6tZqsP7t69t/r2e3fevf/SvddfKRf9paxsaeXaykq1fq26Ul8+Qfv/qCx6ivuHA6nMugCA4+e/9v+Z/h+YgsPr/zcfRBx+/x/6/6k4Vv3vSe//D2H/cCD6fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAE+u7hc9fK04W0/hCOf9UOfVMOa5ExFxE/Po35uP0vpzzZZ6Ff1i/8Kcavq5EkWFyjTPlcT4ibpfHL08f9rcAAAAAT64vPrz8SerW08virAviKKWbNnMX359SvkpELCx+P6Vsc5OXZ6eUrPj3fSp2ppStuIF1dkrJ0i23U9PK9q/M7wtnHwuVFOaOtBwAAOBI7O8EjrYLAQAA4Ch9POsCmI1K7D3K3HsWXPzl/R8PBM/tGwEAAADHUGXWBQAAAACHruj//f4fAAAAPNnS7/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8xs793CYORHEAfjZ4Yf9p0Wrv28reoIwtYY97jCggTVACaSENUAO5pYQIIjwOChGJInlsK+j7JDOMBT9mEBzmjTQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB06a5aL26ufl+3zdnt28kzGwAAAOCcbbVe1E9mqf+1uf+9ufWz6RcRUUbEubX7KD6dZI6anOqV11cvxnAbUSccPmPSXF8i4k9zPfzo+lsAAACAy7VZruZptZ4eZkMPiD6lok357W+mvCIiqtl9prTykPcrU1j9+x7H/0xpdQFrmiksldzGudLepf67H6t202dNkZry7fdnmzsAANCj0UnT7yoEAACAPv0begAMo4inrczjVuAkNc323ueTHgAAAPABFUMPAAAAAOhcvf53/h8AAABctnT+HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF3aVuvFZrmat83Z7dvJMxsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHtmfdxQIgTAIg73rO5O5/2GlQVNTkyoQPv7GYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAN7/7y/+JqXEmmXttLD2PJGunxtapsXduHP1hfP0aAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgYn9eUiAEgiAK5oz/nfT9DysJegYRIqDhUUUtGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCLfvfL/4mpcSaZO20sHY8ka1eNravG3oPG0YPx9m8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgYud+XuOo4gCAv5nZ2dqquEbZQ0QUPOjFbre1tTfxoAQP/glCSLc1duuPNgdbipCLN8k5F9GjiKDEW/6HnBPIJd5y2EMEz8rMziSTH+D6ozOb5POBN++7wzDv+2Yh5DvvJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUBq9exAn2aEzjuPi3Obe44Ws3zrSZ9ZXtmezlsVRnUmfDi9XP0Td5hIBAADg/EjK+j6EsJOuzWV93Mnr/7S8Jqv5v3t2HJf1/NG6v+zL2j9rv/6y++L+QJ3xONlNby8OB1eOp9J6crOcbs/97RWt/Mnn716S/AuJP1h+YZTmzzP6ZmPjvXYeXqgjWwDg37hc9kVQ/j6U9f0mEwPg3GhVCu+y/k86zeYEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUIfRcni6jKMQwmzrIM5s7T1eOKlfX9meLduN1dWV6j2zW6QhhNuLw8GVGucy7R48fHR3fjgc3K8/eCWE0NTo7xTTv/vRBBeH0MjzEfxPQVx82dOSz+kIGvyhBADAmZQWLavrd9K1uexcNBPCn98frv9fr8Rhwvp/9+Mbm9WxqvV/v7YZTr/e0r3Pew8ePnpz8d78ncGdwadvXe2/3b928/r1m738XUnPGxMAAAD+m3bRqvV/PHN8/f9SJQ4T1v9ffNv/qjpWov4/0cGiX9OZAAAAnG/Pv/rH79EJ56N2O3w5v7R0vz8+7n++Oj42kOo/dqFo1fo/mWk6KwAAAKAOo+Xo0Pr/rUocJlz/f+aHl36q3jMJIVws1v8vL3w2vFXfdKZaHX9O3PQcAQAAaNbFolXX/9N8/3+8v+UhDiG88do4Lv4N4ET1f/L+1z9Wx6ru/79W3xSnUtwdP4+874bQ6jadEQAAAGfZU0XLiv3f0rW5T36+9GHb/n8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAuv0VAAD//1p3Pl8=") r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_PRE_FAULT_MEMORY(r2, 0xc040aed5, &(0x7f0000000280)={0x10000, 0x108000}) 160.369759ms ago: executing program 4 (id=9): iopl(0x3) flock(0xffffffffffffffff, 0x9) 0s ago: executing program 3 (id=10): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42) ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000001ac0)={r0, 0x1000, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, "339f020bbe82695cadca00000000000000000d0ec0c1b4e9b1c4369d03ffff50ceaac594b1b3d741dd23691c58d665000000000000000000000000fffffff500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e77a68e174f000000000000000010e200"}}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.222' (ED25519) to the list of known hosts. [ 84.547110][ T5818] cgroup: Unknown subsys name 'net' [ 84.678806][ T5818] cgroup: Unknown subsys name 'cpuset' [ 84.687952][ T5818] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 86.279449][ T5818] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 90.917886][ T5837] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 90.919507][ T5841] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 90.931037][ T5838] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 90.934156][ T5841] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 90.941420][ T5838] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 90.950599][ T5841] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 90.956222][ T5838] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 90.962172][ T5841] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 90.969324][ T5838] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 90.977648][ T5841] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 90.983204][ T5838] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 90.989165][ T5841] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 91.003293][ T5841] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 91.013922][ T5841] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 91.014755][ T5152] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 91.021496][ T5841] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 91.031184][ T5152] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 91.042947][ T5838] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 91.052121][ T5838] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 91.062900][ T5838] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 91.074452][ T5838] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 91.089192][ T5838] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 91.105016][ T5838] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 91.125784][ T5838] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 91.133631][ T5838] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 91.530949][ T5829] chnl_net:caif_netlink_parms(): no params data found [ 91.786773][ T5839] chnl_net:caif_netlink_parms(): no params data found [ 91.820936][ T5829] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.828483][ T5829] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.836404][ T5829] bridge_slave_0: entered allmulticast mode [ 91.844610][ T5829] bridge_slave_0: entered promiscuous mode [ 91.922438][ T5829] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.930434][ T5829] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.940030][ T5829] bridge_slave_1: entered allmulticast mode [ 91.948535][ T5829] bridge_slave_1: entered promiscuous mode [ 92.036731][ T5829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.054681][ T5829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.103265][ T5833] chnl_net:caif_netlink_parms(): no params data found [ 92.128969][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.136371][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.143574][ T5839] bridge_slave_0: entered allmulticast mode [ 92.151240][ T5839] bridge_slave_0: entered promiscuous mode [ 92.163557][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.171299][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.179140][ T5839] bridge_slave_1: entered allmulticast mode [ 92.186866][ T5839] bridge_slave_1: entered promiscuous mode [ 92.294715][ T5829] team0: Port device team_slave_0 added [ 92.368951][ T5829] team0: Port device team_slave_1 added [ 92.403173][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.417017][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.496151][ T5839] team0: Port device team_slave_0 added [ 92.517940][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.525361][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.552432][ T5829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.566264][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.573282][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.599368][ T5829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.611710][ T5830] chnl_net:caif_netlink_parms(): no params data found [ 92.631888][ T5839] team0: Port device team_slave_1 added [ 92.671047][ T5847] chnl_net:caif_netlink_parms(): no params data found [ 92.695985][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.703290][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.716439][ T5833] bridge_slave_0: entered allmulticast mode [ 92.723865][ T5833] bridge_slave_0: entered promiscuous mode [ 92.742021][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.749274][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.756866][ T5833] bridge_slave_1: entered allmulticast mode [ 92.764459][ T5833] bridge_slave_1: entered promiscuous mode [ 92.793225][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.800336][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.826624][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.891616][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.898685][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.927693][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.994274][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.017194][ T5829] hsr_slave_0: entered promiscuous mode [ 93.025243][ T5829] hsr_slave_1: entered promiscuous mode [ 93.025288][ T5838] Bluetooth: hci1: command tx timeout [ 93.063656][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.104778][ T5838] Bluetooth: hci3: command tx timeout [ 93.185664][ T5835] Bluetooth: hci2: command tx timeout [ 93.191553][ T5838] Bluetooth: hci4: command tx timeout [ 93.197396][ T5835] Bluetooth: hci0: command tx timeout [ 93.209709][ T5833] team0: Port device team_slave_0 added [ 93.243887][ T5839] hsr_slave_0: entered promiscuous mode [ 93.250536][ T5839] hsr_slave_1: entered promiscuous mode [ 93.256993][ T5839] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 93.265053][ T5839] Cannot create hsr debugfs directory [ 93.286469][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.293713][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.301365][ T5830] bridge_slave_0: entered allmulticast mode [ 93.310454][ T5830] bridge_slave_0: entered promiscuous mode [ 93.319463][ T5847] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.327318][ T5847] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.335171][ T5847] bridge_slave_0: entered allmulticast mode [ 93.342515][ T5847] bridge_slave_0: entered promiscuous mode [ 93.351969][ T5833] team0: Port device team_slave_1 added [ 93.379592][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.387126][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.394732][ T5830] bridge_slave_1: entered allmulticast mode [ 93.402026][ T5830] bridge_slave_1: entered promiscuous mode [ 93.409728][ T5847] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.417570][ T5847] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.425155][ T5847] bridge_slave_1: entered allmulticast mode [ 93.432478][ T5847] bridge_slave_1: entered promiscuous mode [ 93.526926][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.534183][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.560602][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.574653][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.581651][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.607847][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.686397][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.700245][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.712751][ T5847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.786453][ T5847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.891865][ T5830] team0: Port device team_slave_0 added [ 93.902995][ T5847] team0: Port device team_slave_0 added [ 93.938502][ T5830] team0: Port device team_slave_1 added [ 93.950839][ T5847] team0: Port device team_slave_1 added [ 93.980270][ T5833] hsr_slave_0: entered promiscuous mode [ 93.986814][ T5833] hsr_slave_1: entered promiscuous mode [ 93.992972][ T5833] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 94.000754][ T5833] Cannot create hsr debugfs directory [ 94.116725][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 94.123746][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 94.150695][ T5847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 94.163928][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 94.171405][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 94.199206][ T5847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.249294][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 94.256551][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 94.282903][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 94.296511][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 94.303599][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 94.329963][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.478996][ T5830] hsr_slave_0: entered promiscuous mode [ 94.485957][ T5830] hsr_slave_1: entered promiscuous mode [ 94.492186][ T5830] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 94.499944][ T5830] Cannot create hsr debugfs directory [ 94.506139][ T5829] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 94.520168][ T5829] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 94.578815][ T5829] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 94.598048][ T5847] hsr_slave_0: entered promiscuous mode [ 94.606151][ T5847] hsr_slave_1: entered promiscuous mode [ 94.612450][ T5847] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 94.620300][ T5847] Cannot create hsr debugfs directory [ 94.659098][ T5829] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 94.842654][ T5839] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 94.880881][ T5839] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 94.916064][ T5839] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 94.968363][ T5839] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 95.064549][ T5833] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 95.093300][ T5833] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 95.104455][ T5838] Bluetooth: hci1: command tx timeout [ 95.113008][ T5833] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 95.134625][ T5833] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 95.184409][ T5838] Bluetooth: hci3: command tx timeout [ 95.267938][ T5830] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 95.276310][ T5838] Bluetooth: hci4: command tx timeout [ 95.276950][ T55] Bluetooth: hci2: command tx timeout [ 95.288155][ T5835] Bluetooth: hci0: command tx timeout [ 95.314650][ T5830] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 95.326465][ T5830] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 95.339793][ T5830] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 95.438910][ T5847] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 95.452181][ T5847] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 95.490201][ T5829] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.498961][ T5847] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 95.512197][ T5847] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 95.555705][ T5829] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.601813][ T1151] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.609239][ T1151] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.656741][ T1151] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.664110][ T1151] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.691750][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.722498][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.802697][ T5839] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.862004][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.869513][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.913970][ T1151] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.921330][ T1151] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.946123][ T5833] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.964645][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.983213][ T82] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.990964][ T82] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.018737][ T82] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.026038][ T82] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.110481][ T5830] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.166566][ T1151] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.173923][ T1151] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.217669][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.247558][ T1151] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.254798][ T1151] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.284655][ T5847] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.342642][ T5847] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.450423][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.457858][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.480610][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.487842][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.505090][ T5829] veth0_vlan: entered promiscuous mode [ 96.598404][ T5829] veth1_vlan: entered promiscuous mode [ 96.839634][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.908797][ T5829] veth0_macvtap: entered promiscuous mode [ 96.940156][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.963403][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.991610][ T5829] veth1_macvtap: entered promiscuous mode [ 97.092125][ T5833] veth0_vlan: entered promiscuous mode [ 97.113378][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.139946][ T5833] veth1_vlan: entered promiscuous mode [ 97.151387][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.179300][ T5829] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.195754][ T5835] Bluetooth: hci1: command tx timeout [ 97.203353][ T9] cfg80211: failed to load regulatory.db [ 97.211374][ T5829] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.220671][ T5829] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.229897][ T5829] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.264722][ T5835] Bluetooth: hci3: command tx timeout [ 97.301261][ T5847] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.344504][ T5835] Bluetooth: hci4: command tx timeout [ 97.359230][ T5835] Bluetooth: hci0: command tx timeout [ 97.364961][ T55] Bluetooth: hci2: command tx timeout [ 97.383541][ T5830] veth0_vlan: entered promiscuous mode [ 97.460581][ T5833] veth0_macvtap: entered promiscuous mode [ 97.491280][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.500924][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.505539][ T5830] veth1_vlan: entered promiscuous mode [ 97.519116][ T5833] veth1_macvtap: entered promiscuous mode [ 97.586192][ T5847] veth0_vlan: entered promiscuous mode [ 97.613896][ T1151] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.626152][ T1151] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.642190][ T5847] veth1_vlan: entered promiscuous mode [ 97.665943][ T5839] veth0_vlan: entered promiscuous mode [ 97.687931][ T5833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 97.702707][ T5833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.716768][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.756222][ T5839] veth1_vlan: entered promiscuous mode [ 97.769939][ T5833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.782097][ T5833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.796218][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.817837][ T5829] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 97.852841][ T5839] veth0_macvtap: entered promiscuous mode [ 97.873429][ T5830] veth0_macvtap: entered promiscuous mode [ 97.889803][ T5839] veth1_macvtap: entered promiscuous mode [ 97.901612][ T5847] veth0_macvtap: entered promiscuous mode [ 97.923029][ T5830] veth1_macvtap: entered promiscuous mode [ 97.943102][ T5833] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.962319][ T5833] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.971265][ T5833] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.980147][ T5833] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.012002][ T5847] veth1_macvtap: entered promiscuous mode [ 98.049192][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.062324][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.074585][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.085255][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.096959][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.122102][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.132950][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.143223][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.154517][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.167051][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.179334][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.190457][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.200884][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.212840][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.223210][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.234740][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.245261][ T9] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 98.257371][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.270584][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.282438][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.292401][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.303563][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.314817][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.325585][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.335520][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.346384][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.358259][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.378868][ T5847] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.389190][ T5847] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.400877][ T5847] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.409932][ T5847] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.423881][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 98.436324][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 98.443554][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.454775][ T9] usb 4-1: New USB device found, idVendor=041e, idProduct=3100, bcdDevice= 0.00 [ 98.466809][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 98.478863][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.481275][ T9] usb 4-1: config 0 descriptor?? [ 98.493984][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.506673][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.516922][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.527496][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.539389][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.548186][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.558957][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.569090][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.579712][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.589843][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.602387][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.612921][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.624349][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.636838][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.655921][ T5839] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.664996][ T5839] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.673776][ T5839] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.682645][ T5839] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.710093][ T5830] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.719384][ T5830] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.732850][ T5830] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.742416][ T5830] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.830490][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.849379][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.912922][ T9] creative-sb0540 0003:041E:3100.0001: item fetching failed at offset 2/5 [ 98.923103][ T9] creative-sb0540 0003:041E:3100.0001: parse failed [ 98.933074][ T9] creative-sb0540 0003:041E:3100.0001: probe with driver creative-sb0540 failed with error -22 [ 98.974251][ T1112] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.982136][ T1112] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.066967][ T69] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.087899][ T69] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.112768][ T9] usb 4-1: USB disconnect, device number 2 [ 99.137985][ T69] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.138019][ T69] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.270242][ T1112] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.280967][ T5835] Bluetooth: hci1: command tx timeout [ 99.295194][ T1112] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.307972][ T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.317885][ T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.344639][ T5835] Bluetooth: hci3: command tx timeout [ 99.406131][ T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.425779][ T5835] Bluetooth: hci0: command tx timeout [ 99.431283][ T5835] Bluetooth: hci2: command tx timeout [ 99.437113][ T55] Bluetooth: hci4: command tx timeout [ 99.449634][ T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.549298][ T69] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.578791][ T69] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.868638][ T5933] loop1: detected capacity change from 0 to 64 [ 100.122176][ T5933] ================================================================== [ 100.130317][ T5933] BUG: KASAN: slab-out-of-bounds in hfs_bnode_read+0x16a/0x200 [ 100.137939][ T5933] Write of size 94 at addr ffff88802f4cd700 by task syz.1.7/5933 [ 100.145949][ T5933] [ 100.148329][ T5933] CPU: 1 UID: 0 PID: 5933 Comm: syz.1.7 Not tainted 6.15.0-rc1-next-20250408-syzkaller #0 PREEMPT(full) [ 100.148357][ T5933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 100.148371][ T5933] Call Trace: [ 100.148380][ T5933] [ 100.148389][ T5933] dump_stack_lvl+0x241/0x360 [ 100.148427][ T5933] ? __pfx_dump_stack_lvl+0x10/0x10 [ 100.148458][ T5933] ? rcu_is_watching+0x15/0xb0 [ 100.148486][ T5933] ? __virt_addr_valid+0x183/0x530 [ 100.148516][ T5933] ? lock_release+0x4e/0x3e0 [ 100.148542][ T5933] ? __virt_addr_valid+0x183/0x530 [ 100.148570][ T5933] ? __virt_addr_valid+0x183/0x530 [ 100.148607][ T5933] print_report+0x16e/0x5b0 [ 100.148638][ T5933] ? __virt_addr_valid+0x183/0x530 [ 100.148667][ T5933] ? __virt_addr_valid+0x183/0x530 [ 100.148695][ T5933] ? __virt_addr_valid+0x45f/0x530 [ 100.148723][ T5933] ? __phys_addr+0xba/0x170 [ 100.148753][ T5933] ? hfs_bnode_read+0x16a/0x200 [ 100.148778][ T5933] kasan_report+0x143/0x180 [ 100.148809][ T5933] ? hfs_bnode_read+0x16a/0x200 [ 100.148843][ T5933] kasan_check_range+0x28f/0x2a0 [ 100.148873][ T5933] ? hfs_bnode_read+0x16a/0x200 [ 100.148898][ T5933] __asan_memcpy+0x40/0x70 [ 100.148923][ T5933] hfs_bnode_read+0x16a/0x200 [ 100.148951][ T5933] hfs_bnode_read_key+0x174/0x240 [ 100.148978][ T5933] ? __pfx_hfs_bnode_read_key+0x10/0x10 [ 100.149003][ T5933] ? do_raw_spin_unlock+0x13c/0x8b0 [ 100.149039][ T5933] hfs_brec_insert+0x7f7/0xbe0 [ 100.149077][ T5933] ? __pfx_hfs_brec_insert+0x10/0x10 [ 100.149109][ T5933] hfs_cat_create+0x3de/0x760 [ 100.149143][ T5933] ? __pfx_hfs_cat_create+0x10/0x10 [ 100.149181][ T5933] ? _raw_spin_unlock+0x28/0x50 [ 100.149210][ T5933] ? hfs_new_inode+0x8df/0xba0 [ 100.149246][ T5933] hfs_create+0x66/0xe0 [ 100.149274][ T5933] ? __pfx_hfs_create+0x10/0x10 [ 100.149303][ T5933] path_openat+0x194b/0x35d0 [ 100.149347][ T5933] ? __pfx_path_openat+0x10/0x10 [ 100.149373][ T5933] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.149405][ T5933] do_filp_open+0x284/0x4e0 [ 100.149434][ T5933] ? __pfx_do_filp_open+0x10/0x10 [ 100.149460][ T5933] ? do_raw_spin_lock+0x151/0x370 [ 100.149510][ T5933] do_sys_openat2+0x12b/0x1d0 [ 100.149534][ T5933] ? __pfx_do_sys_openat2+0x10/0x10 [ 100.149555][ T5933] ? arch_do_signal_or_restart+0x4ed/0x840 [ 100.149582][ T5933] __x64_sys_openat+0x249/0x2a0 [ 100.149603][ T5933] ? __pfx___x64_sys_openat+0x10/0x10 [ 100.149626][ T5933] ? do_syscall_64+0xb6/0x230 [ 100.149650][ T5933] do_syscall_64+0xf3/0x230 [ 100.149671][ T5933] ? clear_bhb_loop+0x45/0xa0 [ 100.149695][ T5933] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.149716][ T5933] RIP: 0033:0x7f85f858d169 [ 100.149744][ T5933] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 100.149763][ T5933] RSP: 002b:00007f85f9440038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 100.149787][ T5933] RAX: ffffffffffffffda RBX: 00007f85f87a5fa0 RCX: 00007f85f858d169 [ 100.149803][ T5933] RDX: 000000000000275a RSI: 00002000000001c0 RDI: ffffffffffffff9c [ 100.149818][ T5933] RBP: 00007f85f860e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 100.149832][ T5933] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 100.149852][ T5933] R13: 0000000000000000 R14: 00007f85f87a5fa0 R15: 00007ffcf6d842e8 [ 100.149875][ T5933] [ 100.149883][ T5933] [ 100.481320][ T5933] Allocated by task 5933: [ 100.485657][ T5933] kasan_save_track+0x3f/0x80 [ 100.490486][ T5933] __kasan_kmalloc+0x9d/0xb0 [ 100.495099][ T5933] __kmalloc_noprof+0x28e/0x4d0 [ 100.499965][ T5933] hfs_find_init+0x92/0x1f0 [ 100.504480][ T5933] hfs_cat_create+0x181/0x760 [ 100.509178][ T5933] hfs_create+0x66/0xe0 [ 100.513342][ T5933] path_openat+0x194b/0x35d0 [ 100.517953][ T5933] do_filp_open+0x284/0x4e0 [ 100.522563][ T5933] do_sys_openat2+0x12b/0x1d0 [ 100.527420][ T5933] __x64_sys_openat+0x249/0x2a0 [ 100.532310][ T5933] do_syscall_64+0xf3/0x230 [ 100.537513][ T5933] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.543413][ T5933] [ 100.545740][ T5933] The buggy address belongs to the object at ffff88802f4cd700 [ 100.545740][ T5933] which belongs to the cache kmalloc-96 of size 96 [ 100.559632][ T5933] The buggy address is located 0 bytes inside of [ 100.559632][ T5933] allocated 78-byte region [ffff88802f4cd700, ffff88802f4cd74e) [ 100.573537][ T5933] [ 100.575907][ T5933] The buggy address belongs to the physical page: [ 100.582354][ T5933] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2f4cd [ 100.591135][ T5933] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 100.598347][ T5933] page_type: f5(slab) [ 100.602333][ T5933] raw: 00fff00000000000 ffff88801b041280 dead000000000122 0000000000000000 [ 100.610955][ T5933] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 100.619921][ T5933] page dumped because: kasan: bad access detected [ 100.626357][ T5933] page_owner tracks the page as allocated [ 100.632076][ T5933] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1112, tgid 1112 (kworker/u8:6), ts 100099276733, free_ts 99856881592 [ 100.651552][ T5933] post_alloc_hook+0x1f4/0x240 [ 100.656330][ T5933] get_page_from_freelist+0x3948/0x3ae0 [ 100.661886][ T5933] __alloc_frozen_pages_noprof+0x211/0x5b0 [ 100.667726][ T5933] alloc_pages_mpol+0x339/0x690 [ 100.672660][ T5933] allocate_slab+0x8f/0x3a0 [ 100.677218][ T5933] ___slab_alloc+0xc3b/0x1500 [ 100.681906][ T5933] __slab_alloc+0x58/0xa0 [ 100.686251][ T5933] __kmalloc_cache_noprof+0x26a/0x370 [ 100.691814][ T5933] dst_cow_metrics_generic+0x56/0x1c0 [ 100.697227][ T5933] icmp6_dst_alloc+0x270/0x420 [ 100.702013][ T5933] ndisc_send_skb+0x3fd/0x1560 [ 100.706890][ T5933] ndisc_send_ns+0xce/0x160 [ 100.711408][ T5933] addrconf_dad_work+0xb2f/0x16a0 [ 100.716463][ T5933] process_scheduled_works+0xac3/0x18e0 [ 100.722045][ T5933] worker_thread+0x870/0xd50 [ 100.726678][ T5933] kthread+0x7b7/0x940 [ 100.731119][ T5933] page last free pid 5839 tgid 5839 stack trace: [ 100.737704][ T5933] __free_frozen_pages+0xdeb/0x10c0 [ 100.742912][ T5933] __slab_free+0x2c6/0x390 [ 100.747388][ T5933] qlist_free_all+0x9a/0x140 [ 100.752130][ T5933] kasan_quarantine_reduce+0x14f/0x170 [ 100.757623][ T5933] __kasan_slab_alloc+0x23/0x80 [ 100.762521][ T5933] kmem_cache_alloc_noprof+0x1e1/0x390 [ 100.768015][ T5933] getname_flags+0xb6/0x530 [ 100.772564][ T5933] vfs_fstatat+0x43/0x150 [ 100.776940][ T5933] __x64_sys_newfstatat+0x11f/0x1a0 [ 100.782164][ T5933] do_syscall_64+0xf3/0x230 [ 100.786672][ T5933] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.792574][ T5933] [ 100.794900][ T5933] Memory state around the buggy address: [ 100.800566][ T5933] ffff88802f4cd600: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc [ 100.808728][ T5933] ffff88802f4cd680: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 100.816795][ T5933] >ffff88802f4cd700: 00 00 00 00 00 00 00 00 00 06 fc fc fc fc fc fc [ 100.824893][ T5933] ^ [ 100.831390][ T5933] ffff88802f4cd780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 100.839654][ T5933] ffff88802f4cd800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 100.847740][ T5933] ================================================================== [ 100.865035][ T5935] loop2: detected capacity change from 0 to 40427 [ 100.937205][ T5933] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 100.944493][ T5933] CPU: 0 UID: 0 PID: 5933 Comm: syz.1.7 Not tainted 6.15.0-rc1-next-20250408-syzkaller #0 PREEMPT(full) [ 100.955731][ T5933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 100.965840][ T5933] Call Trace: [ 100.969164][ T5933] [ 100.972125][ T5933] dump_stack_lvl+0x241/0x360 [ 100.976873][ T5933] ? __pfx_dump_stack_lvl+0x10/0x10 [ 100.982142][ T5933] ? __pfx__printk+0x10/0x10 [ 100.986891][ T5933] ? vscnprintf+0x5d/0x90 [ 100.991275][ T5933] panic+0x349/0x880 [ 100.995248][ T5933] ? check_panic_on_warn+0x21/0xb0 [ 101.000418][ T5933] ? __pfx_panic+0x10/0x10 [ 101.004924][ T5933] ? _raw_spin_unlock_irqrestore+0x134/0x140 [ 101.010979][ T5933] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 101.017595][ T5933] ? print_report+0x519/0x5b0 [ 101.022379][ T5933] check_panic_on_warn+0x86/0xb0 [ 101.027358][ T5933] ? hfs_bnode_read+0x16a/0x200 [ 101.032341][ T5933] end_report+0x77/0x160 [ 101.036612][ T5933] kasan_report+0x154/0x180 [ 101.041133][ T5933] ? hfs_bnode_read+0x16a/0x200 [ 101.045998][ T5933] kasan_check_range+0x28f/0x2a0 [ 101.050949][ T5933] ? hfs_bnode_read+0x16a/0x200 [ 101.055900][ T5933] __asan_memcpy+0x40/0x70 [ 101.060335][ T5933] hfs_bnode_read+0x16a/0x200 [ 101.065143][ T5933] hfs_bnode_read_key+0x174/0x240 [ 101.070212][ T5933] ? __pfx_hfs_bnode_read_key+0x10/0x10 [ 101.075819][ T5933] ? do_raw_spin_unlock+0x13c/0x8b0 [ 101.081162][ T5933] hfs_brec_insert+0x7f7/0xbe0 [ 101.085977][ T5933] ? __pfx_hfs_brec_insert+0x10/0x10 [ 101.091299][ T5933] hfs_cat_create+0x3de/0x760 [ 101.096015][ T5933] ? __pfx_hfs_cat_create+0x10/0x10 [ 101.101270][ T5933] ? _raw_spin_unlock+0x28/0x50 [ 101.106167][ T5933] ? hfs_new_inode+0x8df/0xba0 [ 101.110964][ T5933] hfs_create+0x66/0xe0 [ 101.115140][ T5933] ? __pfx_hfs_create+0x10/0x10 [ 101.120112][ T5933] path_openat+0x194b/0x35d0 [ 101.124734][ T5933] ? __pfx_path_openat+0x10/0x10 [ 101.129695][ T5933] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.135785][ T5933] do_filp_open+0x284/0x4e0 [ 101.140313][ T5933] ? __pfx_do_filp_open+0x10/0x10 [ 101.145453][ T5933] ? do_raw_spin_lock+0x151/0x370 [ 101.150536][ T5933] do_sys_openat2+0x12b/0x1d0 [ 101.155333][ T5933] ? __pfx_do_sys_openat2+0x10/0x10 [ 101.160575][ T5933] ? arch_do_signal_or_restart+0x4ed/0x840 [ 101.166404][ T5933] __x64_sys_openat+0x249/0x2a0 [ 101.171269][ T5933] ? __pfx___x64_sys_openat+0x10/0x10 [ 101.176663][ T5933] ? do_syscall_64+0xb6/0x230 [ 101.181453][ T5933] do_syscall_64+0xf3/0x230 [ 101.186074][ T5933] ? clear_bhb_loop+0x45/0xa0 [ 101.190875][ T5933] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.196825][ T5933] RIP: 0033:0x7f85f858d169 [ 101.201296][ T5933] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 101.221102][ T5933] RSP: 002b:00007f85f9440038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 101.229537][ T5933] RAX: ffffffffffffffda RBX: 00007f85f87a5fa0 RCX: 00007f85f858d169 [ 101.237523][ T5933] RDX: 000000000000275a RSI: 00002000000001c0 RDI: ffffffffffffff9c [ 101.245823][ T5933] RBP: 00007f85f860e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 101.253888][ T5933] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 101.262216][ T5933] R13: 0000000000000000 R14: 00007f85f87a5fa0 R15: 00007ffcf6d842e8 [ 101.270219][ T5933] [ 101.273910][ T5933] Kernel Offset: disabled [ 101.278352][ T5933] Rebooting in 86400 seconds..