last executing test programs: 4.162298445s ago: executing program 1 (id=57): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='ns\x00') getdents(r0, &(0x7f0000000580)=""/137, 0x18) getdents(r0, 0x0, 0x1f) 3.902180902s ago: executing program 1 (id=60): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x30, r1, 0x1, 0x70bd2b, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @empty}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3b}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x40}, 0x0) 3.701416118s ago: executing program 1 (id=64): r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000000000406605043000000000000109022400010000400009040002010300030009210910040122070009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000040)={0x24, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0x9, {0x9}}}, 0x0) 2.304090886s ago: executing program 2 (id=80): unshare(0x24020400) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, &(0x7f0000000040)=0xfffffffffffffffe, r0, 0x0, 0x11, 0x8) 1.996615135s ago: executing program 2 (id=83): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000001ec0), 0xffffffffffffffff) sendmsg$TIPC_NL_PUBL_GET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)={0x44, r1, 0xf03, 0x0, 0x0, {}, [@TIPC_NLA_SOCK={0x30, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0xfffffffffffffff6}, @TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8}, @TIPC_NLA_CON_FLAG, @TIPC_NLA_CON_FLAG={0x8}]}]}]}, 0x44}}, 0x0) 1.962073945s ago: executing program 3 (id=84): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_HALT_POLL(r1, 0x4068aea3, &(0x7f0000000100)={0xb6, 0x0, 0xffffffffedd33574}) 1.684294923s ago: executing program 1 (id=87): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r0 = shmget(0x0, 0x1000, 0xa04, &(0x7f0000ffd000/0x1000)=nil) shmctl$IPC_RMID(r0, 0x0) 1.647706734s ago: executing program 2 (id=88): r0 = syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='mnt\x00', 0x4, &(0x7f0000000000), 0x0, 0x24d, &(0x7f00000009c0)="$eJzs3T9oY3UAB/Dve0k8exfl1EUQTkFEtFDOTXA5F4UDPQ4RQYUTERflKtQWt9bJxUFnlU4uRdysjtKluCiCU9UOdRG0OFgcdIgkr5VqU1ubNE99nw+85L3k9+/xft9fQuCRAI11PsmlJK0k00k6SYr9Be6qtvO7h8tT69eSXu+Jn4pBueq4slfvXJKlJA8mWSuLvNROFlaf2fpl49F735zv3PP+6tNTEz3JXdtbm4/tvHfljY8uP7DwxVc/XClyKd0/ndf4FUNeaxfJrafR2b9E0a57BBzH1dc+/Lqf+9uS3D3Ifydlqov31twNa53c/+5hdd/+8cs7JjlWYPx6vU7/M3CpBzROmaSbopxJUu2X5cxM9R3+m9bZ8uXZuVenX5ydv/5C3SsVMC7dZPORT858fO4v+f++VeUf+A874he2fv6fvLrybX9/pzW0yIWbTmVgQN36+Z9+bvG+HJ5/4H9K/qG55B+aS/6hueQfmkv+obnkH5pL/qG55B+aS/6hufbnHwBolt6Zuu9ABupS9/oDAAAAAAAAAAAAAAAAAAActDy1fm1vm1Sfn72TbD+cpD2s/9bg/4iTGwePZ38u+sX+UFTVRvLsnSM2MKIPar77+ubvxtLMiS/D5xfy+FhGcEKL15Ol15NcbLcPzr9id/4donN0+7cc8X7n+X8y2vF76Kl6+/9tpd7+L28kn/bXn4vD1p8ytw+eh68/3eNNgb/1yq8jNgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDE/B4AAP//e+xttA==") mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r0, 0xc0506617, &(0x7f0000000040)={@desc={0x1, 0x0, @desc2}, 0x40, 0x0, '\x00', @a}) 1.534596137s ago: executing program 3 (id=90): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ENDIAN(r0, 0x4008af13, &(0x7f0000000180)={0x0, 0xfbfffffe}) 1.43148678s ago: executing program 1 (id=91): syz_mount_image$jfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x4000, &(0x7f0000000140)=ANY=[@ANYBLOB="696f636861727365743d6d616363726f617469616e2c646973636172643d3078303030303030303030303030303030332c6e6f646973636172642c6572726f72733d636f6e74696e75652c696f636861727365743d6d6163637972696c6c69632c0067add4ceeca11a757cb8702b1b4a0ff322839e69b507d7478e0706b00408dc59283f5cf8e6972cdb3f50680fc9602ed27c1f6b47a91f941f154ae205d34a9b7a7c67efa0c0e2a70251d664fce12a0000800100000000b7672c4e1566a61a0ade4b6c9d78151053d9fb31fd2cfc77f269f873e14e5fe3c46c0acbb22d40391ae31d2025dcd947adf76739ae4ecbe39b131cab48d99bd1b630040b37e2b09d7816e0b93981de1147532cf2f46d4d4904f68fb43cd165b9", @ANYRES16=0x0, @ANYRES16], 0x1, 0x6246, &(0x7f0000006740)="$eJzs3c2OHFfZB/Cn+ms+/MaxsojyWghNEgMJIf4MxhAgyQIWbFggb5GtySSycADZBjmRhceaDQsuAoTEEhBLVlxAFmzZcQFYspGArFKoPOeMa5pu99jOdPXM+f2kcdVTp2r6lP5d092uqj4BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMT3vvuDM1VEXPp5WnAs4v+iH9GLWGnqtYhYWTuW1x9ExAvxoDmej4jhUkSVG5+NeCMiPj4ace/+rfVm0dk99uM7f/zbb3945Pt//f3w1L//dKP/5rT1bt781b/+fPvJ9xcAAABKVNd1XaWP+cfT5/te150CAOYiv/7XSV6uXrh6c8H6o1arD3w9XLD+qOdRt9WT3W4XEbHZ3qZ5z+B0PAAcMJvxSdddoEPyL9ogIo503QlgoVVdd4B9ce/+rfUq5Vu1Xw/WttvztSC78t+sdu7vmDadZfwak3k9v7aiH89N6c/KnPqwSHL+vfH8L223j9J6+53/vEzLf7R961Nxcv798fzHHJ78exPzL1XOf/BY+fflDwAAAAAACyz///+xjs//Lj39ruzJo87/rs2pDwAAAAAAAADwWXva8f92VMb/AwAAgEXVfFZv/Prow2XTvoutWX6xinhmbH2gMOlmmdWu+wEAAAAAAAAAAAAAJRlsX8N7sYoYRsQzq6t1XTc/beP143ra7Q+60vcfStb1H3kAANj28dGxe/mriOWIuJi+62+4urpa18srq/VqvbKU38+Olpbrldbn2jxtli2N9vCGeDCqm1+23Nqubdbn5Vnt47+veaxR3d9Dx+ajw8ABICK2X43ueUU6ZOr62ej6XQ4Hg+P/8HH8sxddP08BAACA/VfXdV2lr/M+ns7597ruFAAwF/n1f/y8gFqtVqvV6sNXt9WT3W4XEbHZ3qZ5z2A4fgA4YDbjk667QIfkX7RBRLzQdSeAhVZ13QH2xb37t9arlG/Vfj1I47vna0F25b9ZPdgubz9pOsv4NSbzen5tRT+em9Kf5+fUh0WS8++N539pu32U1tvv/OdlWv7Nfh7roD9dy/n3x/Mfc3jy703Mv1Q5/8Fj5d+XPwAAAAAALLD8///HFur87+hJd2emR53/Xdu3RwUAAAAAAACA/XXv/q31fN9rPv//uQnruf/zcMr5V/IvUs4/3f+/c+HNK2Pr9Vvzd995mP8/799a/92Nf/x/nu41/6U8U6VnVpWeEVV6pGqQpk+4Y1NsDfuj5pGGVa8/SNf81MP34kpcjY04vWvdXjoeHraf2dXe9HT4oL3ub7ef3dU+2GnP25/b1T5MVzrVK7n9ZKzHT+JqvPugvWlbmrH/yzPa6xntOf++479IOf9B66fJfzW1V2PTxt07vf857tvTSY/z9pXP//L0/u/OTFtxZ+LyZv9emntvYvsvzpFR/Oz6xrWTNy/fuHHtTKTJrqVnI00+Yzn/YfrJ+b/y8nZ7/rvfPl7v3hk9dv6LYisGO8/ttib/l1vzzf6+Oue+dSHnP0o/Of93U/vk4/8g59+fmv9rHfQHAAAAAAAAAAAAAAAAHqWu6we3iL4dEefT/T9d3ZsJAMxXfv2vk7x8XnX/Sbf/w+796Kr/avWc62rB+jPX+tN6sfqjXsj6PwvWn4Wr2+rJ3moXEfGX9jbNe4ZfTPplAMAi+zQi/t51J+iM/AuWv++vmZ7oujPAXF3/8KMfXb56dePa9a57AgAAAAAAAAA8qTz+51pr/OcTdV3fHltv1/iv78Ta047/OcgzOwOMThmouv/4+/QoW71Rv9cabvzFmDb+93Bn7lHjfw9mPN5wRvtoRvvSjPblGe0Tb/Royfm/2Brv/EREHB8bfr2E8V/Hx7wvQc7/pdbzucn/S2PrtfOvf3OQ8+/tyv/UjQ9+eur6hx+9fuWDy+9vvL/x43Nnzpw+d/78hQsXTr135erG6e1/O+zx/sr557GvXQdalpx/zlz+Zcn5fyHV8i9Lzv+LqZZ/WXL++f2e/MuS88+ffeRflpz/q6mWf1ly/l9OtfzLkvN/LdXyL0vO/yupln9Zcv6vp1r+Zcn5n0y1/MuS8z+V6j3mv7Lf/WI+cv75DJfjvyw5/3xlg/zLkvM/m2r5lyXnfy7V8i9Lzv+NVMu/LDn/r6Za/mXJ+Z9PtfzLkvP/WqrlX5ac/4VUy78sOf+vp1r+Zcn5fyPV8i9Lzv/NVMu/LDn/b6Za/mXJ+X8r1fIvS87/26mWf1ly/m+lWv5lefj9/2lmOcaXmDFjpriZrv8yAQAAAAAAAAAAAADj5nE5cdf7CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwH/ZgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRX27i1Grru+A/iZvXnjQGIgpE5qwsYxwTib7PoSX2hdTLg23EpCKPSC7XrXZsE3vHYJNKodBUokjIoq2oaHtoBQm5cKq+KBVoDygFpVqkTaB/qCqFB5iKqAAlJVWgFbzZz//78zs7Mzu97x+sw5n48U/7wzZ+acOXNmdr/efOcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADN7nzD7KdqWZbVarX8gk1Z9qL6vGFiU+OS117f7QMAAADW7ueNP1+4OV1waAU3alrmn+749lcXFhYWsvcN/+no5xYW0hUTWTa6Icsa10VXvv/+WvMywRPZeG2o6euhHqsf7nH9SI/rR3tcP9bj+g09rh/vcf2SHbDEDVkt3dm2xl835bs0uyUbbVy3rcOtnqhtGKrvu3TbrNa4zcLo8WwuO5nNZtMty+fL1hrLf/3O+rremsV1DTWta0v9CPnxY8fiNtTCPt7Wsq7F+4x++Pps4ic/fuzYX59//rZOs+duaLm/fDu3b61v5yfCJfm21rINaZ/E7Rxq2s4tHZ6T4ZbtrDVuV/97+3a+sMLtHF7czHXV/pyPZ0ONvz/b2E8jtazDftoSLvvpXVmWXVrc7PZllqwrG8o2tlwytPj8jOdHZP0+6ofSS7ORVR2nd67gOK3PmW2tx2n7ayI+/3eG240ssw3NT9MPHx9ret5/tnA1x2lUf9TLvVbaj8F+v1aKcgzG4+LZxoN+suMxuC08/sfuXv4Y7HjsdDgG0+NuOga39joGh8aGG9ucnoRa4zaLx+DOluWHG2uqNeZzd3c/BqfOnzo7Nf+xj987d+roidkTs6d379w5vXvv3v37908dnzs5O53/eZV7u/g2ZkPpNbA17Lv4Gnh127LNh+rCF8eWvP9e7etwvMvrcFPbsv1+HY60P7ja+rwglx7T+WvjPfWdPn55KFvmNdZ4fnas/XWYHnfT63Ck6XXY8XtKh9fhyApeh/Vlzu5Y2c8sI03/ddqG5b8XrO0Y3NR0DLb/PNJ+DPb755GiHIPj4bj47o7lvxdsCdv75ORqfx4ZXnIMpocb3nvql6Sf98f3N0an4/L2+hU3jmUX5mfP3ffo0fPnz+3MwlgXL2s6VtqP141NjylbcrwOrfp4PTR3x5O3d7h8U9hX4/fW/xhf9rmqL7Pnvu7PVeO7W+f92XLpriyMPlvv/dnpu3l9f45l2ee/9fhD33js829Ydn/W8+Ynptb+s3jKpU3vv6PLvP/G3P+LfH3prp4YHh3JX7/Dae+Mtrwftz5VI433rlpj3S9Mrez9eDT8t97vx7d0eT/e3LZsv9+PR9sfXHw/rvX61461aX8+x8NxcnK6+/txfZnNu1Z7TI50fT++K8xa2P+vCUkh5aKmY2e54zata2RkNDyukbiG1uN0d8vyoyGb1df19K6rO06335Xf13B6dIvW6zidaFu238dp+rev5Y7TWq9/fbs67c/neDgubtnd/TitL/PMnrW/d94Q/9r03jnW6xgcHR6rb/NoOggb7/fZwg3xGLwvO5adyU5mM41rxxrHU62xrsn7V3YMjoX/1vu9cnOXY3B727L9PgbT97Hljr3ayNIH3wftz+d4OC6eur/7MVhf5o37+vuz6/ZwSVqm6WfX9n9fW+7fvG5v203X6lgZCdv5rX3d/222vszJ/avNmd330z3hkhs77Kf21+9yr6mZbH320+awnc/vX34/1benvsznDqzweDqUZdnFjzzw7Nb6U5//fuXvLnznqy2/d+n0O52LH3ngRy8+/o+r2X4ABt8v8rEx/17X9Juplfz+HwAAABgIMfcPhZnI/wAAAFAaMffH/ys8kf8BAACgNGLuHwkzqUj+3/zG5+d+cTFLzfyFIF6fdsOD+XKx4zodvp5YWFS//IEvz/73P1xc2bqHsiz72YN/0HH5zQ/G7cpNhO288qbWy5f46r0rWveRRy6m9Tb3178Q7j8+npUeBp0quNNZln395s801jPx/suN+cyDRxrzoUtPPlFf5oUD+dfx9s+9LF/+L0L599Dxoy23fy7shx+EOf22zvsj3u4rl1+zZd97F9cXb1fbelPjYT/1gfx+4+fkfPaJfPm4n5fb/m98+umv1Jd/9FWdt//iUOftfzrc75fD/N9X5Ms3Pwf1r+PtPhm2P64v3u6+L32z4/Zf+VS+/Nk358sdCTOuf3v4etubn59r3l+P1o62PK7sLflycf3T3/njxvXx/uL9t2//+OHLLfuj/fh45t/y+5lqWz5eHtcT/X3b+uv303x8xvU//UdHWvZzr/Vfeei5V9Tvt33997Qtd/YjOxrrX7y/1k9s+stPfqbj+uL2HPrbsy2P59C7w+s4rP+pD4TjMVz/f1fy+2v/dIUj7259/4nLf2HTxZbHE731J/n6r7zuRGNuGL9h440vevFNl15Z33dZ9uyG/P56rf/EX51p2f4v3prvj3h97Oi3r385cf3nPjp5+sz8hbmZtFcfu7nx2Tlvz7cnbu/N4b21/evDZ85/cPbcxPTEdJZNlPcj9K7al8L8UT4udV96Yck76I5HwvN5+59/fePd//rpePm/vye//PLb8u9brw7LfTZcvik8f6tb/1JP3Xlr4/VdeyZs4cLSzwteiy3b/mv/ihYMj7/954J4vJ99+Qcb+6F+XeP7Rnxdr3H7vzeT38/Xwn5dCJ/MvPXWxfU1Lx8/G+Hyw/nrfc37L7zNxef1b8Lz/Y4f5Pcftys+3u+Fn2O+ubn1/S4eH1+7ONR+/41P8bgU3k+yS/n1cam4vy+/cGvHzYufQ5Jduq3x9Z+k+7ltVQ9zOfMfm586OXf6wqNT52fnz0/Nf+zjh0+duXD6/OHGZ3ke/lCv2y++P21svD/NzO7dkzXerc7k4xq73tt/9pFjM/um756ZPX70wvHzj5ydPXfi2Pz8sdmZ+buPHj8++9Fet5+bObhz14Hd+3ZNnpibObj/wIHdBybnTp+pb0a+UT3snf7w5Olzhxs3mT+458DO++/fMz156szM7MF909OTF3rdvvG9abJ+69+fPDd78uj5uVOzk/NzH589uPPA3r27en4a4Kmzx+cnps5dOD11YX723FT+WCbONy6uf+/rdXvKaf4/8p9n29XyD+LL3nXP3vT5rHVffnzZu8oXafsA0efDZ9H880vO7l/J1zH3j4aZVCT/AwAAQBXE3D8WZiL/AwAAQGnE3L8hzET+BwAAgNKIuX88zKQi+b90/f/NF1e0fv3/vvT/Fy7q/+v/D2L//+Gi9f/z9wv9//5Ya/9e/z/Q/9f/1//X/9f/pw+K1v+Puf+GLKtk/gcAAIAqiLl/Y5iJ/A8AAAClEXP/jWEm8j8AAACURsz9LwozqUj+1//X/3f+f/1//f/O69f/H0z6/93p//eg/z+VVav/f6mf26//r//PUkXr/8fc/+Iwk4rkfwAAAKiCmPtvCjOR/wEAAKA0Yu6/OcxE/gcAAIDSiLl/U5hJRfK//r/+v/6//r/+f+f16/8PJv3/7vT/e9D/d/5//X/9f/qqaP3/mPtfEmZSkfwPAAAAVRBz/0vDTOR/AAAAKJ6Rq7tZzP0vCzNZkv+vcgUAAADAdRdz/y1ZWxG8Ir//1//X/y9+/39Duk7/X/8/K2T/fzjT/y8O/f/u9P970P/X/9f/1/+nr4rW/2/k/mw8e3mYSUXyPwAAAFRBzP23hpnI/wAAAFAaMff/UpiJ/A8AAAClEXP/5jCTiuR//X/9/+L3/53/X/+/6P1/5/8vEv3/7vT/e9D/1//X/9f/p6+K1v+Puf+2MJOK5H8AAACogpj7bw8zkf8BAACgNGLu/+UwE/kfAAAASiPm/i1hJhXJ//r/Be//x+ao/r/+v/6//r/+/4ro/3en/9+D/r/+v/6//j99VbT+f8z9rwgzqUj+BwAAgCqIuf+OMBP5HwAAAEoj5v5XhpnI/wAAAFAaMfdPhJlUJP/r/xe8/5/34Mec/1//X/9f/1//f2X0/7vT/+9B/1//vy/9/4WLHfr/G3rdXv+fMipa/z/m/jvDTCqS/wEAAKAKYu7fGmYi/wMAAEBpxNx/V5iJ/A8AAAClEXP/tjCTiuR//f+B6P9n+v/6//r/+v/6/yuj/9+d/n8P+v/6/87/r/9PXxWt/x9z/6vCTCqS/wEAAKAKYu6/O8xE/gcAAIDSiLn/1WEm8j8AAACURsz928NMKpL/9f/1//X/9f/1/zuvX/9/MK21f1//UUD/X/9f/1//X/9f/5/+KFr/P+b+14SZVCT/AwAAQBXE3L8jzET+BwAAgNKIuf+eMBP5HwAAAEoj5v7JMJOK5H/9f/1//X/9f/3/zuvX/x9Mzv/fnf5/D/r/+v/6//r/9FXR+v8x998bZlKR/A8AAABVEHP/fWEm8j8AAACURsz9U2Em8j8AAACURsz902EmFcn/+v/6//r/+v+r6v+/cvF+9f9z+v/Fov/fnf5/DyXp/4+u6kEvut79+bW63tvfn/7/qP4/pVK0/n/M/TvDTCqS/wEAAKAKYu7fFWYi/wMAAEBpxNy/O8xE/gcAAIDSiLl/T5hJRfK//r/+v/6//r/z/3dev/7/YNL/767//f/4EPX/i9T/v1rXuz8/6Nvv/P/6/yxVtP5/zP33h5lUJP8DAABAFcTcvzfMRP4HAACA0oi5f1+YifwPAAAApRFz//4wk4rkf/1//f/r2f/Pskv6//r/+v/6/32l/9+d8//3oP+v/6//r//PGj38h81fFa3/H3P/gTCTiuR/AAAAqIKY+18bZiL/AwAAQGnE3P8rYSbyPwAAAJRGzP2/GmZSkfyv/9/SPa8/XP1/5//X/9f/b9D/H0z6/93p//eg/6//r/+v/09fLdv/D9F7vfv/MfcfDDOpSP4HAACAKoi5/9fCTOR/AAAAKI2Y+18XZiL/AwAAQGnE3H8ozKQi+V//f/DO/x/rM/r/+v/6/+Xq/4/F+9X/X5M19O8bT63+f6D/r/+v/6//r/9PHxTt/P8x978+zKQi+R8AAACqIOb+B8JM5H8AAAAojZj73xBmIv8DAABAacTc/8Ywk4rkf/3/wev/O/+//r/+f65s/X/n/+8P5//vTv+/B/1//X/9f/1/+qpo/f+Y+98UZlKR/A8AAABVEHP/m8NM5H8AAAAojZj73xJmIv8DAABAacTc/9Ywk4rk/3Xv/zcVhfX/9f/1//X/9f/1//tt7f3/n4U9rf+v/6//r/+v/6//z1oVrf8fc/+vh5lUJP8DAABAFcTc/2CYifwPAAAApRFz/9vCTOR/AAAAKI2Y+98eZlKR/O/8//r/+v/6//r/ndev/z+YnP+/uwHr///8pnC5/n9O/7/Y27/a/v9I29fXpP///eX6/wsb2m+v/8+1ULT+f8z97wgzqUj+BwAAgCqIuf+dYSbyPwAAAJRGzP3vCjOR/wEAAKA0Yu7/jTCTiuR//f/6diy2l/X/y9r/H9L/1//X/68I/f/uBqz/Pwjn/x/W/1+k/+/8//r/tCta/z/m/neHmVQk/wMAAEAVxNz/UJiJ/A8AAAClEXP/w2Em8j8AAACURsz97wkzqUj+1/93/v9q9P+d/z/T/9f/rwj9/+70/3tw/n/9/6L1//9T/5/BVrT+f8z9j4SZVCT/AwAAQBXE3P/eMBP5HwAAAEoj5v7fDDOR/wEAAKA0Yu5/X5hJRfK//v+g9P8nBrT//7j+/zXs/99xU76c/r/+P4v0/7vT/+9B/1//v2j9f+f/Z8AVrf8fc//7w0xWnv/HV7wkAAAAcF3E3P9bYSYV+f0/AAAAVEHM/b8dZiL/AwAAQGnE3P87YSYVyf/6/4PS/3f+/0z/3/n/2x6P/r/+fyfr1/+P7zz6//r/+v+R/r/+v/4/7YrW/4+5/3fDTCqS/wEAAKAKYu7/QJiJ/A8AAAADodP/k90u5v7DYSbyPwAAAJRGzP1Hwkwqkv/1//X/9f8L2v//s63/8t1vv/PITv1//X/9/1VZ1/P/11/8zv+v/6//n+j/6//r/9OuaP3/mPuPhplUJP8DAABAFcTc/3thJvI/AAAAlEbM/cfCTOR/AAAAKI2Y+2fCTCqS//X/9f/1/wva/x/g8//H/aH/36pv/f/4pqv/31Hev09H0bXt/793sSeu/7/a/v9Yx0v1//X/B3n79f/1/1mqaP3/mPtnw0wqkv8BAACgCkLuHzqez8Ur5H8AAAAojZj7T4SZyP8AAABQGjH3fzDMpCL5X/9f/1//X//f+f87r79b/7824vz/RZX69z9tvFD0/9sUp//fmf6//v8gb7/+v/4/SxWt/x9z/1yYSUXyPwAAAFRBzP0fCjOR/wEAAKA0Yu7/cJiJ/A8AAAClEXP/yTCTiuR//X/9f/1//X/9/87rL+z5//X/u1pr/17/P9D/r3b//3/0//X/9f/pj6L1/2PuPxVm8v/s3UeTZfV5x/Hb9uDpKbzwzgtvXOWlXwILe22/AC+88cZVLi9wwDbODMY5YCEJZQmBckABBAIkgXIAJSSUQRLKOaCERqJGRffzPNPh9LndM7dvn/P/fz6LeUx7mntFTc3wm54vp5P9DwAAAD3I3X9l3GL/AwAAQDNy9/9Z3GL/AwAAQDNy9/953NLJ/tf/X0r/f6FS1v/vfv+T6P9/R/9/0Ovr//X/LdP/j9P/L6H/9/x//b/+n5WaWv+fu/8v4pZO9j8AAAD0IHf/X8Yt9j8AAAA0I3f/VXGL/Q8AAADNyN3/V3FLJ/t/T/+/seiz/8+M1/P/W+r/Pf//wNfX/+v/W7be/v/aJ3/m0//r//X/Qf9/qP7/9EGfr/+nRVPr/3P3/3Xc0sn+BwAAgB7k7v+buMX+BwAAgGbk7r86brH/AQAAoBm5+/82bulk/6/u+f9ntj4+0/6/6P/1/1sf0P/r//X/s+X5/+N66v+veujyKx+78zfuOsrr6//1/57/f7T+f+d/zED/z5Cp9f+5+/8ubulk/wMAAEAPcvf/fdxi/wMAAEAzcvf/Q9xi/wMAAEAzcvf/Y9zSyf5fXf8/6+f/F/2//n/rA/p//b/+f7b0/+N66v8v5vX1//p//b/n/7NaU+v/c/f/U9zSyf4HAACAHuTu/+e4xf4HAACAZuTuvyZusf8BAACgGbn7z8Ytnex//f/x9/9P6P/1/3H1//p//f/x0/+P0/8vof/X/+v/9f+s1NT6/9z918Ytnex/AAAA6EHu/n+JW+x/AAAAaEbu/uviFvsfAAAAmpG7/1/jlk72v/7f8//1//p//f/w6+v/50n/P07/v4T+/1L7+cv0//p//T87HbH/Pzfy0/ZK+v/c/f8Wt3Sy/wEAAKAHufv/PW6x/wEAAKAZufv/I26x/wEAAKAZufv/M27pZP/r//X/+n/9/0X3//t/6G3R/w/T/6+H/n/cZPr/jVODH9b/z77/9/x//b/+n12m9vz/3P3/Fbd0sv8BAACgB7n7/ztuGdn/R/7NfAAAAOBE5e7/n7jF1/8BAABg9rI6y93/v3FLJ/tf/6//1//r/z3/f/j1x/r/u3a8P/3/tOj/x02m/z+A/l//P+f3r//X/7Pf1Pr/3P3/F7d0sv8BAACgB7n7r49b7H8AAABoRu7+/49b7H8AAABoRu7+p8Qtnez/4f7/wv9f/384+v/d71//P/zjY1X9f/4d9f+j/f/vev5/n/T/49bf/5/W/+/+++v/j9FJv//G+/8zyz5f/8+QqfX/uftviFs62f8AAADQg9z9T41b7H8AAABoRu7+p8Ut9j8AAAA0I3f/0+OWTva/5//r//X/8+v/Pf9/20k+/3+x9v7/lP7/kPT/4zz/fwn9v/5f/+/5/6zU1Pr/3P03xi2d7H8AAADowY2PL7Z2/zMWC/sfAAAA5mjnnx3Y+wdKQ+7+Z8Yt9j8AAAA0I3f/s+KWTva//l//r//X/+v/h19/Wv2/5/8flv5/3Fz6/zP6/8G3N9P+/1Rj/f9NB33+FPr/a/T/TMyu/v/eCx8/qf4/d/+z45ZO9j8AAAD0IHf/c+IW+x8AAACakbv/uXGL/Q8AAADNyN3/vLilk/1/7P3/mYNfW/+v/9f/6//1//r/VdP/j5tL/+/5/031/57/7/n/+v+OXej/d/98eFL9f+7+58ctnex/AAAA6EHu/hfELfY/AAAANCN3/01xi/0PAAAAzcjd/8K4pZP97/n/+n/9v/5f/z/8+vr/edL/j9P/L6H/1//r//X/rNSu5//vcFL9f+7+m+OWTvY/AAAA9CB3/y1xi/0PAAAAzcjd/6K4xf4HAACAZuTuf3Hc0sn+1/8fb/+fH9f/6/8X+n/9v/5/Lbrt/zeGfiXa74D+/4E/Ofv7uz+i/9f/6//1//p/VmAS/f/5C/92mbv/JXFLJ/sfAAAAepC7/6Vxi/0PAAAAzcjd/7K4xf4HAACAZuTuf3nccsT9/2srfVfro//3/H/9v/5f/z/8+vr/eeq2/z8kz/9fQv+v/9f/6/9ZqUn0/zv+Onf/K+IWX/8HAACAZuTuf2XcYv8DAABAM3L3vypusf8BAACgGbn7Xx23dLL/9f/6f/2//l//P/z6R+//t38kbi6G6f/XQ/8/Tv+/hP5f/6//1/+zUlPr/3P33xq3dLL/AQAAoAe5+18Tt9j/AAAA0Izc/a+NW+x/AAAAaEbu/tfFLZ3sf/2//l//r//X/w+/vuf/z5P+f5z+f7FY3DbyBob6//On9f/6f/2//p+LNLX+P3f/6+OWTvY/AAAA9CB3/21xi/0PAAAAzcjdf3vcYv8DAABAM3L3vyFu6WT/6//1//p//b/+f/j19f/zpP8fp/9fwvP/9f/6f/0/KzW1/j93/x1xSyf7HwAAAHqQu//OuMX+BwAAgGbk7n9j3GL/AwAAQDNy998Vt3Sy//X/+n/9v/7/WPr/s/r/vfT/63F8/f9C/6//1/8vof/X/+v/2Wtd/f+5+Pl+Wf+fu//uuKWT/Q8AAAA9yN1/T9xi/wMAAEAzcve/KW6x/wEAAKAZufvfHLd0sv/1//p//b/+3/P/h19f/z9Pnv8/Tv+/hP5f/6//1/+zUuvq/w/q/ff+de7+t8Qtnex/AAAA6EHu/nvjFvsfAAAAmpG7/764xf4HAACAZuTuf2vc0sn+1//r/3f3/4uF/l//r//ftob+f3Oh/185/f84/f8S+v82+/9fWjTU/5858PP1/0zR1Pr/3P1vi1s62f8AAADQg9z9b49b7H8AAABoRu7+d8Qt9j8AAAA0I3f/O+OWlvb/Ewenb/Pv/0/v+UT9/2KxePhqz//X/4+8vv5/Mv1//VPV/6+O/n+c/n8J/X+b/b/n/+v/OTFT6/9z978rbmlp/wMAAEDncve/O26x/wEAAKAZufvfE7fY/wAAANCM3P3vjVs62f/z7//3fqL+f3FJz//X/299QP+v/9f/z9al9vc3b8avafp//b/+f7Cf3zjg33sW+n/9v/6fAVPr/3P3vy9u6WT/AwAAQA9y998ft9j/AAAA0Izc/Q/ELfY/AAAANCN3//vjlk72v/5f/6//n2f/v6n/1//r/wdN5fn/V1zxew/q//X/Lfb/Y/T/+n/9P3tNrf/P3f+BuKWT/Q8AAAA9yN3/wbjF/gcAAIBm5O7/UNxi/wMAAEAzcvd/OG7pZP/v7/8vW2wXqtuG+v9o1PT/O+j/d79//f/wjw/P/9f/6/+P31T6/2k8/3//r076/yX0//r/dfX/v7n/8/X/tGhq/X/u/gfjlk72PwAAAPQgd/9H4hb7HwAAAJqRu/+jcYv9DwAAAM3I3f9Q3NLJ/vf8f/2//l//r/8ffn39/zzp/8fp/5fQ/196P58/q+r/5/v8/1/W/7M6U+v/c/d/LG7ZGn6/9asX+T8TAAAAmJDc/R+PWzr5+j8AAAD0IHf/J+IW+x8AAACakbv/k3FLJ/tf/6//1//r//X/w6+v/58n/f84/f8S/fT/m0MfPOl+/lKd9Ptvpv/3/H9WaGr9f+7+T8Utnex/AAAAaNvjW9/m7v903GL/AwAAQDNy938mbrH/AQAAoBm5+x+OWzrZ//p//X/7/f8f6f/3vL7+f+39/3V36//XRv+fv6IP0/8v0U//P+ik+/m5v3/9v/6f/abW/+fufyRu6WT/AwAAQA9y9382brH/AQAAoBm5+z8Xt9j/AAAA0Izc/Z+PWzrZ//r/vvr/jUWP/b/n/+v/T7z/36L/X4/59P+3nBr6qOf/6//1//N9//p//T/7Ta3/z93/6MapLvc/AAAAzNUf/PafPnLY7/vo1rebiy/ELfY/AAAANCN3/xfjFvsfAAAAmpG7/0txSyf7X//fV//f5/P/9f/6f/1/T+bT/w/T/+v/9f/zff/6f/0/+02t/8/d/+W4ZcfwG/wP9AAAAAAn51eO9t1z938lbunk6/8AAADQg9z9X41b9u3/84f8U+0AAADA1OTu/1rc0snX//X/E+//F8fU/8f30/9v0//r/4deX/8/T/r/cZfY/5/f0P/r/0fo//X/+n/2mlr/n7v/njsWXe5/AAAAaNSu31H4+ta3m4tvxC32PwAAADQjd/834xb7HwAAAJqRu/9bcUsn+1//P/H+/6Ke/3+m/i/P/++8/79+c/D19f/6/5bp/8d5/v8S+n/9v/5f/89KHaH/3xqkx93/5+7/dtzSyf4HAACAHuTu/07cYv8DAABAM3L3fzdusf8BAACgGbn7vxe3dLL/9f8n0P/fcHqxONb+/xDP/9f/99H/H/D67fT/v3752fv/8I9vv1X/zwXr7P/zx4L+X/+v/9+m/9f/6//Za2rP/8/d//24pZP9DwAAAD3I3f9Y3GL/AwAAQDNy9/8gbnly/993Uu8KAAAAWKXc/T+MWzr5+r/+v8Xn/8+z/89/1ifQ/5+dX/+fTXHv/b/n/+v/9/P8/3H6/yX0//p//b/+n5WaWv+fu/9HcUsn+x8AAAB6kLv/x3FL7v+NI//WPQAAADAxuft/Erf4+j8AAAA0I3f/43FLJ/t/jv3/uT3vcfcn6v8XM+3/k+f/X/g8z//fpv/X/x+F/n+c/n8J/b/+X/+v/2elptb/5+7/adzSyf4HAACAHuTuPxe32P8AAADQjNz9P4tb7H8AAABoRu7+n8ctnez/Ofb/nv+v/9f/6/8X+n/9/wH0/+P0/0vo//X/+n/9Pys1tf4/d/8vAgAA///bQndU") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143041, 0x0) pwritev2(r0, &(0x7f00000001c0)=[{&(0x7f0000000080)="ff", 0x1}], 0x1, 0x1800, 0xfffffff7, 0x0) 1.365895932s ago: executing program 0 (id=92): mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9) r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) setsockopt$rose(r0, 0x104, 0x7, &(0x7f0000000080)=0x8, 0x4) 1.196055857s ago: executing program 3 (id=93): r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0) pipe2(&(0x7f0000000700)={0xffffffffffffffff, 0xffffffffffffffff}, 0x84800) splice(r0, 0x0, r1, 0x0, 0x2000, 0x0) 1.121612579s ago: executing program 2 (id=94): r0 = socket(0x10, 0x2, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000000)={0x10002, 0xffffffff, 0xd7c4, 0xfffffff9}, 0x10) write(r0, &(0x7f00000000c0)="240000001e005f0214fffffffffffff8070000001d00000000000000080009000d000000", 0x24) 1.109132499s ago: executing program 0 (id=95): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_REQ_SET_REG(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000003c0)={0x24, r1, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'aa\x00'}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000800}, 0x4000004) 1.026982961s ago: executing program 3 (id=96): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001400), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={0xffffffffffffffff}, 0x13f, 0x8}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000300)={0x3, 0x40, 0xfa02, {{0x6000000, 0xfffd, 0x10000, @empty, 0xffffffff}, {0xa, 0x1c, 0x2, @empty, 0x9}, r1, 0x73}}, 0x48) 849.903236ms ago: executing program 0 (id=97): r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, &(0x7f0000000040)={0x2, 'hsr0\x00', 0xc0008}, 0x18) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f00000002c0)={0x2, 'bridge0\x00'}, 0x18) 847.246916ms ago: executing program 3 (id=98): utimensat(0xffffffffffffff9c, 0x0, &(0x7f00000002c0)={{0x0, 0x3fffffff}}, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="e40000000201010800000000000000000a000000d00001800c000280050001000000000014000180080001000000000008000200000000002c00018014000300ff01000000000000000000000000000114000400ff0100000000000000000000000000010c00028005000100000000004700028005000100010000000600064000000000060005"], 0xe4}}, 0x0) 577.709444ms ago: executing program 2 (id=99): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000000), 0x10) sendmsg$can_bcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="05000000000600"/16, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\a'], 0x48}}, 0x0) 532.140635ms ago: executing program 0 (id=100): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)={0x3c, r1, 0x1, 0x70bd25, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x0, 0x47}}}}, [@NL80211_ATTR_TID_CONFIG={0x1c, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x8, 0xd, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x4}]}]}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x41}, 0x24000040) 516.281196ms ago: executing program 3 (id=101): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) readv(r0, &(0x7f0000000140)=[{&(0x7f00000001c0)=""/191, 0xbf}], 0x1) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000040)=0xc) 406.660459ms ago: executing program 0 (id=102): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$l2tp6(0xa, 0x2, 0x73) connect$inet6(r0, &(0x7f0000000400)={0xa, 0x4e24, 0x0, @loopback, 0xfffffb70}, 0x1c) 231.136863ms ago: executing program 0 (id=103): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)=0xffff0018) ioctl$SNDCTL_DSP_GETISPACE(r0, 0x8010500d, &(0x7f0000000040)) 162.839675ms ago: executing program 2 (id=104): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x3, 0x220108, 0xb, 0x1}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000380), &(0x7f0000000380), 0x2, r0}, 0x38) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x18, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x1, r0}, 0x38) 0s ago: executing program 1 (id=105): r0 = socket(0x10, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000c80)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local, @private2={0xfc, 0x2, '\x00', 0x5}, 0x7800, 0x7800, 0xfffffffc, 0xdc64}}) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', &(0x7f00000000c0)={'ip6_vti0\x00', r1, 0x0, 0x0, 0x2, 0x1000, 0x64, @private2={0xfc, 0x2, '\x00', 0x1}, @mcast2, 0x7, 0x0, 0xfffffffc}}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.68' (ED25519) to the list of known hosts. [ 79.381251][ T5755] cgroup: Unknown subsys name 'net' [ 79.520656][ T5755] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 81.144018][ T5755] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 82.691500][ T5768] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 82.704056][ T5768] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 82.721162][ T5773] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 82.730171][ T5773] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 82.739274][ T5773] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 82.748337][ T5773] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 82.757027][ T5773] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 82.764695][ T5773] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 82.773379][ T5773] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 82.781139][ T5773] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 82.790002][ T5773] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 82.802878][ T5773] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 82.854019][ T5781] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 82.861903][ T5781] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 82.869423][ T5778] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 82.870197][ T5781] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 82.884899][ T5779] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 82.893459][ T5778] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 82.893478][ T5781] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 82.908884][ T5781] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 82.913790][ T5778] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 82.928805][ T5778] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 82.945256][ T5778] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 82.957247][ T5778] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 83.380731][ T5771] chnl_net:caif_netlink_parms(): no params data found [ 83.450947][ T5770] chnl_net:caif_netlink_parms(): no params data found [ 83.500501][ T5767] chnl_net:caif_netlink_parms(): no params data found [ 83.606990][ T5771] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.614414][ T5771] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.622178][ T5771] bridge_slave_0: entered allmulticast mode [ 83.631840][ T5771] bridge_slave_0: entered promiscuous mode [ 83.645901][ T5772] chnl_net:caif_netlink_parms(): no params data found [ 83.681291][ T5771] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.688732][ T5771] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.696045][ T5771] bridge_slave_1: entered allmulticast mode [ 83.703609][ T5771] bridge_slave_1: entered promiscuous mode [ 83.735522][ T5770] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.742758][ T5770] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.749872][ T5770] bridge_slave_0: entered allmulticast mode [ 83.757464][ T5770] bridge_slave_0: entered promiscuous mode [ 83.797118][ T5770] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.806461][ T5770] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.813725][ T5770] bridge_slave_1: entered allmulticast mode [ 83.820682][ T5770] bridge_slave_1: entered promiscuous mode [ 83.847393][ T5771] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.859805][ T5771] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.900993][ T5767] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.908369][ T5767] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.916073][ T5767] bridge_slave_0: entered allmulticast mode [ 83.923598][ T5767] bridge_slave_0: entered promiscuous mode [ 83.949727][ T5770] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.962556][ T5770] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.972109][ T5767] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.979650][ T5767] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.986991][ T5767] bridge_slave_1: entered allmulticast mode [ 83.994664][ T5767] bridge_slave_1: entered promiscuous mode [ 84.062055][ T5771] team0: Port device team_slave_0 added [ 84.083818][ T5767] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.103951][ T5772] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.111135][ T5772] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.118509][ T5772] bridge_slave_0: entered allmulticast mode [ 84.126122][ T5772] bridge_slave_0: entered promiscuous mode [ 84.136829][ T5771] team0: Port device team_slave_1 added [ 84.155877][ T5770] team0: Port device team_slave_0 added [ 84.175938][ T5767] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.195217][ T5772] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.202347][ T5772] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.210184][ T5772] bridge_slave_1: entered allmulticast mode [ 84.217658][ T5772] bridge_slave_1: entered promiscuous mode [ 84.226927][ T5770] team0: Port device team_slave_1 added [ 84.245142][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.252208][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.281505][ T5771] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.295522][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.302613][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.328880][ T5771] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.389127][ T5767] team0: Port device team_slave_0 added [ 84.407981][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.415202][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.444442][ T5770] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.469928][ T5767] team0: Port device team_slave_1 added [ 84.479794][ T5772] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.494236][ T5772] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.511072][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.518154][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.544136][ T5770] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.613635][ T5771] hsr_slave_0: entered promiscuous mode [ 84.620108][ T5771] hsr_slave_1: entered promiscuous mode [ 84.666125][ T5770] hsr_slave_0: entered promiscuous mode [ 84.672688][ T5770] hsr_slave_1: entered promiscuous mode [ 84.679228][ T5770] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 84.687283][ T5770] Cannot create hsr debugfs directory [ 84.706398][ T5767] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.716449][ T5767] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.743030][ T5767] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.768985][ T5772] team0: Port device team_slave_0 added [ 84.784237][ T5772] team0: Port device team_slave_1 added [ 84.791258][ T5767] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.798520][ T5767] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.824895][ T5767] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.914674][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.921719][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.948936][ T5772] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.973767][ T51] Bluetooth: hci1: command tx timeout [ 84.973786][ T5778] Bluetooth: hci0: command tx timeout [ 84.974180][ T5778] Bluetooth: hci3: command tx timeout [ 85.006952][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.014336][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.040780][ T5772] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.063018][ T5778] Bluetooth: hci2: command tx timeout [ 85.125341][ T5767] hsr_slave_0: entered promiscuous mode [ 85.131779][ T5767] hsr_slave_1: entered promiscuous mode [ 85.138377][ T5767] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 85.146091][ T5767] Cannot create hsr debugfs directory [ 85.265865][ T5772] hsr_slave_0: entered promiscuous mode [ 85.272279][ T5772] hsr_slave_1: entered promiscuous mode [ 85.279131][ T5772] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 85.286849][ T5772] Cannot create hsr debugfs directory [ 85.514845][ T5771] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 85.547992][ T5771] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 85.565453][ T5771] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 85.576011][ T5771] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 85.661803][ T5770] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 85.672029][ T5770] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 85.684215][ T5770] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 85.701073][ T5770] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 85.778435][ T5767] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 85.804533][ T5767] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 85.816744][ T5767] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 85.841524][ T5767] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 85.948768][ T5772] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 85.960467][ T5772] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 85.971293][ T5772] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 85.994587][ T5772] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 86.014444][ T5771] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.117297][ T5771] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.138012][ T1316] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.145428][ T1316] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.200941][ T5770] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.215721][ T1316] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.223050][ T1316] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.257201][ T5767] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.291280][ T5770] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.316743][ T5767] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.337826][ T1299] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.345012][ T1299] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.365711][ T1316] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.372931][ T1316] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.411465][ T1316] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.418711][ T1316] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.429957][ T1316] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.437193][ T1316] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.466898][ T5772] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.536440][ T5772] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.559810][ T1221] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.567016][ T1221] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.605520][ T5770] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 86.660162][ T3522] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.667434][ T3522] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.777437][ T5772] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 86.788099][ T5772] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 87.058176][ T5082] Bluetooth: hci0: command tx timeout [ 87.058186][ T51] Bluetooth: hci3: command tx timeout [ 87.070357][ T5778] Bluetooth: hci1: command tx timeout [ 87.132977][ T5778] Bluetooth: hci2: command tx timeout [ 87.204185][ T5771] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.280290][ T5770] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.429806][ T5770] veth0_vlan: entered promiscuous mode [ 87.485640][ T5771] veth0_vlan: entered promiscuous mode [ 87.519644][ T5771] veth1_vlan: entered promiscuous mode [ 87.554751][ T5770] veth1_vlan: entered promiscuous mode [ 87.603305][ T5767] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.625382][ T5772] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.741199][ T5772] veth0_vlan: entered promiscuous mode [ 87.764288][ T5771] veth0_macvtap: entered promiscuous mode [ 87.773037][ T5767] veth0_vlan: entered promiscuous mode [ 87.799088][ T5771] veth1_macvtap: entered promiscuous mode [ 87.828772][ T5767] veth1_vlan: entered promiscuous mode [ 87.848294][ T5770] veth0_macvtap: entered promiscuous mode [ 87.868161][ T5770] veth1_macvtap: entered promiscuous mode [ 87.891983][ T5772] veth1_vlan: entered promiscuous mode [ 87.956615][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.999272][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.018287][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 88.030689][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.044265][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.053018][ T5771] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.061844][ T5771] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.071432][ T5771] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.081941][ T5771] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.099944][ T5767] veth0_macvtap: entered promiscuous mode [ 88.111792][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 88.125248][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.137927][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.155486][ T5767] veth1_macvtap: entered promiscuous mode [ 88.176677][ T5770] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.185880][ T5770] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.195462][ T5770] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.204697][ T5770] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.234486][ T5772] veth0_macvtap: entered promiscuous mode [ 88.260443][ T5772] veth1_macvtap: entered promiscuous mode [ 88.280157][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 88.296221][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.309359][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 88.323846][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.337236][ T5767] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.385813][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 88.404615][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.416080][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 88.426897][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.438442][ T5767] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.461407][ T5767] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.471515][ T5767] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.485093][ T5767] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.494137][ T5767] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.537845][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 88.550207][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.561298][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 88.571957][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.583086][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 88.593928][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.606194][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.630001][ T1221] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.640984][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 88.658539][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.668988][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 88.677034][ T1221] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.681686][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.697561][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 88.710657][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.723878][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.736513][ T5772] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.745603][ T5772] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.755852][ T5772] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.765660][ T5772] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.831061][ T3522] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.851931][ T3522] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.887517][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.897102][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.981678][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.993566][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.021456][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.042534][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.132746][ T5778] Bluetooth: hci1: command tx timeout [ 89.135402][ T5082] Bluetooth: hci0: command tx timeout [ 89.138210][ T51] Bluetooth: hci3: command tx timeout [ 89.165022][ T1299] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.176082][ T1299] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.194983][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.212778][ T5778] Bluetooth: hci2: command tx timeout [ 89.221699][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.346421][ T1221] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.360244][ T5837] syz.3.4[5837]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 89.386742][ T1221] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.697696][ T5845] loop0: detected capacity change from 0 to 256 [ 90.478791][ T5837] loop3: detected capacity change from 0 to 32768 [ 90.552993][ T5837] [ 90.552993][ T5837] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 90.552993][ T5837] [ 90.568149][ T5840] loop1: detected capacity change from 0 to 32768 [ 90.591476][ T5840] XFS: ikeep mount option is deprecated. [ 90.674018][ T5840] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 90.738105][ T5837] [ 90.738105][ T5837] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 90.738105][ T5837] [ 90.779754][ T5837] [ 90.779754][ T5837] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 90.779754][ T5837] [ 90.901584][ T5837] [ 90.901584][ T5837] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 90.901584][ T5837] [ 90.952706][ T5840] XFS (loop1): Ending clean mount [ 90.958955][ T5837] [ 90.958955][ T5837] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 90.958955][ T5837] [ 91.033132][ T5837] [ 91.033132][ T5837] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 91.033132][ T5837] [ 91.061545][ T5837] [ 91.061545][ T5837] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 91.061545][ T5837] [ 91.100301][ T112] [ 91.100301][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 91.100301][ T112] [ 91.149060][ T5837] [ 91.149060][ T5837] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 91.149060][ T5837] [ 91.207055][ T5837] [ 91.207055][ T5837] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 91.207055][ T5837] [ 91.218785][ T5778] Bluetooth: hci0: command tx timeout [ 91.223802][ T51] Bluetooth: hci1: command tx timeout [ 91.226162][ T5778] Bluetooth: hci3: command tx timeout [ 91.248371][ T5837] [ 91.248371][ T5837] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 91.248371][ T5837] [ 91.292774][ T5778] Bluetooth: hci2: command tx timeout [ 91.317742][ T5837] [ 91.317742][ T5837] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 91.317742][ T5837] [ 91.344207][ T5767] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 91.381626][ T111] [ 91.381626][ T111] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 91.381626][ T111] [ 91.437294][ T5770] [ 91.437294][ T5770] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 91.437294][ T5770] [ 91.460768][ T5770] [ 91.460768][ T5770] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 91.460768][ T5770] [ 91.783031][ T786] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 91.855185][ T5875] loop2: detected capacity change from 0 to 16 [ 91.938927][ T5875] erofs: (device loop2): mounted with root inode @ nid 36. [ 91.992862][ T786] usb 1-1: Using ep0 maxpacket: 16 [ 92.010402][ T786] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 92.018666][ T5875] Invalid ELF header len 10 [ 92.029674][ T5879] loop3: detected capacity change from 0 to 512 [ 92.043361][ T1186] cfg80211: failed to load regulatory.db [ 92.044490][ T786] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 92.107804][ T5879] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 92.116802][ T786] usb 1-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 92.156933][ T786] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 92.204162][ T786] usb 1-1: config 0 descriptor?? [ 92.231806][ T5879] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 92.266373][ T5879] ext4 filesystem being mounted at /1/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 92.456295][ T5879] EXT4-fs error (device loop3): ext4_empty_dir:3136: inode #12: comm syz.3.15: invalid size [ 92.593276][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 92.696346][ T5892] loop2: detected capacity change from 0 to 512 [ 92.745151][ T5892] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 92.773812][ T786] hid-multitouch 0003:1FD2:6007.0001: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.0-1/input0 [ 92.810067][ T5892] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 92.856176][ T5897] netlink: 8 bytes leftover after parsing attributes in process `syz.1.23'. [ 92.889410][ T5892] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2853: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 92.929060][ T5899] loop3: detected capacity change from 0 to 512 [ 93.035078][ T5892] EXT4-fs (loop2): 1 truncate cleaned up [ 93.042280][ T5892] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 93.074413][ T5899] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 93.125947][ T5899] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -2 [ 93.196546][ T1186] usb 1-1: USB disconnect, device number 2 [ 93.269496][ T5899] EXT4-fs (loop3): 1 truncate cleaned up [ 93.315055][ T5900] fido_id[5900]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory [ 93.330396][ T5899] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 93.417737][ T5899] ======================================================= [ 93.417737][ T5899] WARNING: The mand mount option has been deprecated and [ 93.417737][ T5899] and is ignored by this kernel. Remove the mand [ 93.417737][ T5899] option from the mount to silence this warning. [ 93.417737][ T5899] ======================================================= [ 93.531342][ T5899] EXT4-fs: group quota file already specified [ 93.619305][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.700496][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 94.149870][ T5932] netlink: 'syz.1.33': attribute type 8 has an invalid length. [ 94.220435][ T5934] netlink: 40 bytes leftover after parsing attributes in process `syz.2.34'. [ 94.906445][ T5956] loop2: detected capacity change from 0 to 4096 [ 94.953594][ T5806] usb 2-1: new low-speed USB device number 2 using dummy_hcd [ 94.997460][ T5961] loop0: detected capacity change from 0 to 2048 [ 95.035534][ T5961] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 95.062944][ T5961] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4 [ 95.093682][ T5961] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 95.167292][ T5806] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 95.192535][ T5806] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 8 [ 95.216349][ T5806] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 95.246899][ T5806] usb 2-1: New USB device found, idVendor=1345, idProduct=3008, bcdDevice= 0.00 [ 95.262627][ T1186] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 95.278776][ T5806] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.327714][ T5806] usb 2-1: config 0 descriptor?? [ 95.351113][ T5950] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 95.472527][ T1186] usb 4-1: Using ep0 maxpacket: 8 [ 95.488998][ T1186] usb 4-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 95.519213][ T1186] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 95.552586][ T1186] usb 4-1: Product: syz [ 95.563263][ T1186] usb 4-1: Manufacturer: syz [ 95.579361][ T1186] usb 4-1: SerialNumber: syz [ 95.599371][ T1186] usb 4-1: config 0 descriptor?? [ 95.630731][ T1186] gspca_main: sq930x-2.14.0 probing 2770:930c [ 95.755395][ T5975] loop2: detected capacity change from 0 to 2048 [ 95.795834][ T5975] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 95.814222][ T5975] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 95.848431][ T5806] sony 0003:1345:3008.0002: unknown main item tag 0x3 [ 95.872727][ T5806] sony 0003:1345:3008.0002: unknown main item tag 0x0 [ 95.889848][ T786] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 95.903159][ T5806] sony 0003:1345:3008.0002: unknown main item tag 0x0 [ 95.920276][ T5806] sony 0003:1345:3008.0002: unknown main item tag 0x0 [ 95.933044][ T5806] sony 0003:1345:3008.0002: unknown main item tag 0x0 [ 95.940935][ T5806] sony 0003:1345:3008.0002: unknown main item tag 0x0 [ 95.971440][ T5806] sony 0003:1345:3008.0002: unknown main item tag 0x0 [ 95.989758][ T5806] sony 0003:1345:3008.0002: unbalanced collection at end of report description [ 96.012416][ T5806] sony 0003:1345:3008.0002: parse failed [ 96.024335][ T5806] sony: probe of 0003:1345:3008.0002 failed with error -22 [ 96.059117][ T5806] usb 2-1: USB disconnect, device number 2 [ 96.096474][ T786] usb 1-1: Using ep0 maxpacket: 16 [ 96.115993][ T786] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 96.140752][ T786] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 96.183147][ T786] usb 1-1: New USB device found, idVendor=04d9, idProduct=a0c2, bcdDevice= 0.00 [ 96.202505][ T786] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 96.224831][ T786] usb 1-1: config 0 descriptor?? [ 96.302670][ T1186] gspca_sq930x: reg_w 0305 fd00 failed -71 [ 96.310092][ T1186] sq930x: probe of 4-1:0.0 failed with error -71 [ 96.336510][ T1186] usb 4-1: USB disconnect, device number 2 [ 96.631575][ T5990] capability: warning: `syz.2.52' uses 32-bit capabilities (legacy support in use) [ 96.650445][ T786] holtek_mouse 0003:04D9:A0C2.0003: ignoring exceeding usage max [ 96.670809][ T786] holtek_mouse 0003:04D9:A0C2.0003: item fetching failed at offset 39/41 [ 96.684835][ T786] holtek_mouse 0003:04D9:A0C2.0003: hid parse failed: -22 [ 96.692218][ T786] holtek_mouse: probe of 0003:04D9:A0C2.0003 failed with error -22 [ 96.808295][ T5994] loop1: detected capacity change from 0 to 2048 [ 96.878922][ T5994] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 96.986178][ T23] usb 1-1: USB disconnect, device number 3 [ 97.086997][ T5767] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 97.099488][ T6003] loop2: detected capacity change from 0 to 64 [ 97.334512][ T6006] [U]  [ 97.832742][ T23] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 97.899787][ T6029] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 97.937387][ T6029] loop2: detected capacity change from 0 to 128 [ 98.031525][ T5762] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 98.042346][ T23] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 98.067690][ T23] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 98.103916][ T23] usb 2-1: config 0 interface 0 has no altsetting 0 [ 98.116607][ T23] usb 2-1: New USB device found, idVendor=0566, idProduct=3004, bcdDevice= 0.00 [ 98.136014][ T23] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 98.175680][ T23] usb 2-1: config 0 descriptor?? [ 98.613354][ T23] monterey 0003:0566:3004.0004: unknown main item tag 0x0 [ 98.632629][ T23] monterey 0003:0566:3004.0004: unknown main item tag 0x0 [ 98.648399][ T23] monterey 0003:0566:3004.0004: unknown main item tag 0x0 [ 98.692688][ T23] monterey 0003:0566:3004.0004: unknown main item tag 0x0 [ 98.719620][ T23] monterey 0003:0566:3004.0004: hidraw0: USB HID v10.09 Device [HID 0566:3004] on usb-dummy_hcd.1-1/input0 [ 98.764475][ T6047] loop3: detected capacity change from 0 to 128 [ 98.843000][ T6047] FAT-fs (loop3): error, corrupted directory (invalid entries) [ 98.882997][ T6047] FAT-fs (loop3): Filesystem has been set read-only [ 98.912601][ T23] usb 2-1: USB disconnect, device number 3 [ 98.918337][ T6051] FAT-fs (loop3): error, corrupted directory (invalid entries) [ 98.949566][ T6048] fido_id[6048]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory [ 99.336192][ T6060] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 99.366934][ T6063] netlink: 32 bytes leftover after parsing attributes in process `syz.2.83'. [ 99.660623][ T6072] loop2: detected capacity change from 0 to 128 [ 99.692147][ T6072] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 99.746116][ T6072] ext4 filesystem being mounted at /28/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 100.088041][ T5771] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 100.432150][ T6091] netlink: 44 bytes leftover after parsing attributes in process `syz.3.98'. [ 100.453697][ T6091] netlink: 43 bytes leftover after parsing attributes in process `syz.3.98'. [ 100.479821][ T6091] netlink: 'syz.3.98': attribute type 6 has an invalid length. [ 100.482780][ T6095] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 786440, id = 0 [ 100.503623][ T6094] IPVS: stopping backup sync thread 6095 ... [ 100.510920][ T6091] netlink: 'syz.3.98': attribute type 5 has an invalid length. [ 100.529364][ T6091] netlink: 43 bytes leftover after parsing attributes in process `syz.3.98'. [ 100.736084][ T6080] loop1: detected capacity change from 0 to 32768 [ 100.787297][ T6080] [ 100.787297][ T6080] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 100.787297][ T6080] [ 100.879506][ T6080] ERROR: (device loop1): xtSearch: XT_GETPAGE: xtree page corrupt [ 100.879506][ T6080] [ 100.926476][ T6080] xtLookup: xtSearch returned -5 [ 100.936322][ T6080] ERROR: (device loop1): xtSearch: XT_GETPAGE: xtree page corrupt [ 100.936322][ T6080] [ 100.977630][ T6080] ERROR: (device loop1): xtSearch: XT_GETPAGE: xtree page corrupt [ 100.977630][ T6080] [ 101.017470][ T6080] xtLookup: xtSearch returned -5 [ 101.028354][ T6080] ERROR: (device loop1): xtTruncate: XT_GETPAGE: xtree page corrupt [ 101.028354][ T6080] [ 101.168611][ T12] [ 101.168611][ T12] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 101.168611][ T12] [ 101.200679][ T12] [ 101.200679][ T12] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 101.200679][ T12] [ 101.227826][ T5767] [ 101.227826][ T5767] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 101.227826][ T5767] [ 101.255161][ T5767] [ 101.255161][ T5767] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 101.255161][ T5767] [ 101.276110][ T111] [ 101.276110][ T111] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 101.276110][ T111] [ 101.322703][ T111] ================================================================== [ 101.330835][ T111] BUG: KASAN: slab-use-after-free in txEnd+0x32d/0x520 [ 101.337742][ T111] Write of size 8 at addr ffff88805a0b4840 by task jfsCommit/111 [ 101.345496][ T111] [ 101.347874][ T111] CPU: 1 PID: 111 Comm: jfsCommit Not tainted syzkaller #0 [ 101.355102][ T111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 101.365225][ T111] Call Trace: [ 101.368543][ T111] [ 101.371511][ T111] dump_stack_lvl+0x18c/0x250 [ 101.376248][ T111] ? __lock_acquire+0x7d40/0x7d40 [ 101.381354][ T111] ? show_regs_print_info+0x20/0x20 [ 101.386599][ T111] ? load_image+0x420/0x420 [ 101.391144][ T111] ? _raw_spin_lock_irqsave+0xc0/0x100 [ 101.396639][ T111] ? __virt_addr_valid+0x18c/0x540 [ 101.401794][ T111] ? __virt_addr_valid+0x469/0x540 [ 101.406949][ T111] print_report+0xa8/0x210 [ 101.411416][ T111] ? txEnd+0x32d/0x520 [ 101.415516][ T111] kasan_report+0x117/0x150 [ 101.420066][ T111] ? txEnd+0x32d/0x520 [ 101.424184][ T111] kasan_check_range+0x241/0x290 [ 101.429169][ T111] txEnd+0x32d/0x520 [ 101.433099][ T111] jfs_lazycommit+0x5a4/0xa70 [ 101.437827][ T111] ? txFreelock+0x5a0/0x5a0 [ 101.442456][ T111] ? do_task_dead+0xd0/0xd0 [ 101.447001][ T111] ? __kthread_parkme+0x7a/0x1c0 [ 101.451987][ T111] kthread+0x2fa/0x390 [ 101.456089][ T111] ? txFreelock+0x5a0/0x5a0 [ 101.460628][ T111] ? kthread_blkcg+0xd0/0xd0 [ 101.465251][ T111] ret_from_fork+0x48/0x80 [ 101.469703][ T111] ? kthread_blkcg+0xd0/0xd0 [ 101.474326][ T111] ret_from_fork_asm+0x11/0x20 [ 101.479169][ T111] [ 101.482210][ T111] [ 101.484554][ T111] Allocated by task 6080: [ 101.488905][ T111] kasan_set_track+0x4e/0x70 [ 101.493528][ T111] __kasan_kmalloc+0x8f/0xa0 [ 101.498149][ T111] lmLogOpen+0x2df/0xfb0 [ 101.502432][ T111] jfs_mount_rw+0xef/0x670 [ 101.506882][ T111] jfs_fill_super+0x598/0xad0 [ 101.511588][ T111] mount_bdev+0x221/0x2d0 [ 101.515947][ T111] legacy_get_tree+0xea/0x180 [ 101.520658][ T111] vfs_get_tree+0x8c/0x280 [ 101.525110][ T111] do_new_mount+0x24b/0xa40 [ 101.529644][ T111] __se_sys_mount+0x2e7/0x3d0 [ 101.534358][ T111] do_syscall_64+0x55/0xa0 [ 101.538806][ T111] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 101.544739][ T111] [ 101.547085][ T111] Freed by task 5767: [ 101.551090][ T111] kasan_set_track+0x4e/0x70 [ 101.555715][ T111] kasan_save_free_info+0x2e/0x50 [ 101.560782][ T111] ____kasan_slab_free+0x126/0x1e0 [ 101.565971][ T111] slab_free_freelist_hook+0x130/0x1a0 [ 101.571471][ T111] __kmem_cache_free+0xba/0x1e0 [ 101.576368][ T111] lmLogClose+0x297/0x520 [ 101.580733][ T111] jfs_umount+0x2ef/0x3c0 [ 101.585102][ T111] jfs_put_super+0x8c/0x190 [ 101.589640][ T111] generic_shutdown_super+0x134/0x2b0 [ 101.595053][ T111] kill_block_super+0x44/0x90 [ 101.599767][ T111] deactivate_locked_super+0x97/0x100 [ 101.605179][ T111] cleanup_mnt+0x43b/0x4d0 [ 101.609630][ T111] task_work_run+0x1d4/0x260 [ 101.614264][ T111] exit_to_user_mode_loop+0xe6/0x110 [ 101.619679][ T111] exit_to_user_mode_prepare+0xee/0x180 [ 101.625291][ T111] syscall_exit_to_user_mode+0x1a/0x50 [ 101.630816][ T111] do_syscall_64+0x61/0xa0 [ 101.635290][ T111] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 101.641216][ T111] [ 101.643559][ T111] The buggy address belongs to the object at ffff88805a0b4800 [ 101.643559][ T111] which belongs to the cache kmalloc-1k of size 1024 [ 101.657648][ T111] The buggy address is located 64 bytes inside of [ 101.657648][ T111] freed 1024-byte region [ffff88805a0b4800, ffff88805a0b4c00) [ 101.671484][ T111] [ 101.673849][ T111] The buggy address belongs to the physical page: [ 101.680294][ T111] page:ffffea0001682c00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5a0b0 [ 101.690480][ T111] head:ffffea0001682c00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 101.699469][ T111] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 101.707490][ T111] page_type: 0xffffffff() [ 101.711937][ T111] raw: 00fff00000000840 ffff888017c41dc0 dead000000000100 dead000000000122 [ 101.720558][ T111] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 101.729175][ T111] page dumped because: kasan: bad access detected [ 101.735631][ T111] page_owner tracks the page as allocated [ 101.741381][ T111] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 1299, tgid 1299 (kworker/u4:6), ts 91773098464, free_ts 26975459342 [ 101.763570][ T111] post_alloc_hook+0x1c1/0x200 [ 101.768387][ T111] get_page_from_freelist+0x1951/0x19e0 [ 101.773970][ T111] __alloc_pages+0x1f0/0x460 [ 101.778600][ T111] alloc_slab_page+0x5d/0x160 [ 101.783310][ T111] new_slab+0x87/0x2d0 [ 101.787439][ T111] ___slab_alloc+0xc5d/0x12f0 [ 101.792174][ T111] __kmem_cache_alloc_node+0x19e/0x250 [ 101.797721][ T111] __kmalloc_node_track_caller+0xa2/0x230 [ 101.803488][ T111] kmalloc_reserve+0x116/0x240 [ 101.808285][ T111] pskb_expand_head+0x180/0x1190 [ 101.813261][ T111] batadv_skb_head_push+0x166/0x200 [ 101.818498][ T111] batadv_send_skb_packet+0xeb/0x650 [ 101.823821][ T111] batadv_iv_send_outstanding_bat_ogm_packet+0x69c/0x850 [ 101.830883][ T111] process_scheduled_works+0xa5d/0x15d0 [ 101.836474][ T111] worker_thread+0xa55/0xfc0 [ 101.841111][ T111] kthread+0x2fa/0x390 [ 101.845304][ T111] page last free stack trace: [ 101.849997][ T111] free_unref_page_prepare+0x7b2/0x8c0 [ 101.855509][ T111] free_unref_page+0x32/0x2e0 [ 101.860230][ T111] free_contig_range+0xa1/0x150 [ 101.865114][ T111] destroy_args+0x80/0x850 [ 101.869565][ T111] debug_vm_pgtable+0x411/0x440 [ 101.874451][ T111] do_one_initcall+0x242/0x790 [ 101.879254][ T111] do_initcall_level+0x137/0x1f0 [ 101.884231][ T111] do_initcalls+0x69/0xd0 [ 101.888605][ T111] kernel_init_freeable+0x3ed/0x580 [ 101.893844][ T111] kernel_init+0x1d/0x1c0 [ 101.898214][ T111] ret_from_fork+0x48/0x80 [ 101.902669][ T111] ret_from_fork_asm+0x11/0x20 [ 101.907476][ T111] [ 101.910004][ T111] Memory state around the buggy address: [ 101.915663][ T111] ffff88805a0b4700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 101.923754][ T111] ffff88805a0b4780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 101.931850][ T111] >ffff88805a0b4800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 101.939945][ T111] ^ [ 101.946128][ T111] ffff88805a0b4880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 101.954253][ T111] ffff88805a0b4900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 101.962343][ T111] ================================================================== [ 102.038974][ T111] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 102.046226][ T111] CPU: 0 PID: 111 Comm: jfsCommit Not tainted syzkaller #0 [ 102.053449][ T111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 102.063530][ T111] Call Trace: [ 102.066832][ T111] [ 102.069788][ T111] dump_stack_lvl+0x18c/0x250 [ 102.074510][ T111] ? show_regs_print_info+0x20/0x20 [ 102.079753][ T111] ? load_image+0x420/0x420 [ 102.084300][ T111] panic+0x2dc/0x730 [ 102.088239][ T111] ? bpf_jit_dump+0xd0/0xd0 [ 102.092783][ T111] ? _raw_spin_unlock_irqrestore+0x111/0x120 [ 102.098801][ T111] ? _raw_spin_unlock+0x40/0x40 [ 102.103689][ T111] ? print_memory_metadata+0x314/0x400 [ 102.109191][ T111] ? txEnd+0x32d/0x520 [ 102.113295][ T111] check_panic_on_warn+0x84/0xa0 [ 102.118278][ T111] ? txEnd+0x32d/0x520 [ 102.122381][ T111] end_report+0x6f/0x130 [ 102.126660][ T111] kasan_report+0x128/0x150 [ 102.131209][ T111] ? txEnd+0x32d/0x520 [ 102.135327][ T111] kasan_check_range+0x241/0x290 [ 102.140309][ T111] txEnd+0x32d/0x520 [ 102.144243][ T111] jfs_lazycommit+0x5a4/0xa70 [ 102.148957][ T111] ? txFreelock+0x5a0/0x5a0 [ 102.153672][ T111] ? do_task_dead+0xd0/0xd0 [ 102.158210][ T111] ? __kthread_parkme+0x7a/0x1c0 [ 102.163201][ T111] kthread+0x2fa/0x390 [ 102.167307][ T111] ? txFreelock+0x5a0/0x5a0 [ 102.171839][ T111] ? kthread_blkcg+0xd0/0xd0 [ 102.176459][ T111] ret_from_fork+0x48/0x80 [ 102.180914][ T111] ? kthread_blkcg+0xd0/0xd0 [ 102.185541][ T111] ret_from_fork_asm+0x11/0x20 [ 102.190354][ T111] [ 102.193961][ T111] Kernel Offset: disabled [ 102.198289][ T111] Rebooting in 86400 seconds..