last executing test programs: 2m19.642908675s ago: executing program 32 (id=204): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0xb5, 0x40, 0x33, 0x40, 0x1a86, 0x7522, 0x3536, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xe4, 0xd6, 0x24}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f0000000340)={0x0, 0x0, 0x2, "53bf"}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) 2m10.433426638s ago: executing program 33 (id=277): r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f0000000080)=0x100000, 0x4) getsockopt$XDP_STATISTICS(r0, 0x11b, 0x7, &(0x7f0000000280), &(0x7f0000000380)=0x30) 1m34.96057033s ago: executing program 34 (id=572): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) r1 = syz_open_dev$vim2m(&(0x7f0000000580), 0x7, 0x2) pread64(r0, &(0x7f0000000180)=""/81, 0x51, 0x0) ioctl$vim2m_VIDIOC_G_FMT(r1, 0xc0285629, &(0x7f0000000080)={0x3, @win={{}, 0x0, 0x0, 0x0, 0x0, 0x0}}) 1m20.584371701s ago: executing program 0 (id=651): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) flock(0xffffffffffffffff, 0x1f) 1m19.072777443s ago: executing program 0 (id=663): syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f00000003c0)='./mnt\x00', 0x0, &(0x7f0000000400), 0x0, 0x237, &(0x7f0000000740)="$eJzs3TFoO1UcB/DvXRJr2yBVF0FQQUS0UOomuNRFoSCliAgqVERclFaoLW6tk4MOOqt0ciniZnWULsVFEZyqdqiLoMXB4qBDJLlWqo0opub+/O/zgUvukvfu946777ssRwI01kyShSStJLNJOkmKiw3uqpaZs82dyYOVpNd7/Kdi0K7arpz3m06yneTBJPtlkRfbyebe08e/HD5675sbnXve33tqcqwHeebk+Oix0/eWXv9o8YHNL776YanIQrp/Oq6rVwz5rF0kt/wfxa4RRbvuEfBvLL/64df93N+a5O5B/jspU528t9Zv2O/k/nf/ru/bP355+zjHCly9Xq/Tvwdu94DGKZN0U5RzSar1spybq37Df9OaKl9aW39l9oW1jdXn656pgKvSTY4e+WTi4+m/5P/7VpV/4PrVzRtHTyzvfttfP23VPRpgnPr3/9lnt+6L/EPjyD80l/xDc8k/NJf8Q3PJPzSX/ENzyT80l/xDc8k/NNfF/AMAzdKbqPsJZKAudc8/AAAAAAAAAAAAAAAAAADAZTuTByvny7hqfvZOcvJwkvaw+q3B/xEnNw5ep34u+s3+UFTdRvLMnSPuYEQf1Pz09U3f1Vv/8zvqrb+1mmy/lmS+3b58/RVn199/d/M/fN95bsQCI3royXrr/7Zbb/3Fw+TT/vwzP2z+KXPb4H34/NPtn78R67/864g7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYGx+DwAA///MmG20") r0 = openat(0xffffffffffffff9c, &(0x7f0000000540)='mnt\x00', 0x0, 0x0) r1 = add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000100)={'syz', 0x1}, &(0x7f0000000240)=ANY=[@ANYBLOB="01"], 0x29, 0xfffffffffffffffd) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r0, 0xc0506617, &(0x7f00000002c0)={@id={0x2, 0x0, @d}, 0x0, r1}) 1m18.6481609s ago: executing program 0 (id=667): syz_emit_vhci(&(0x7f00000000c0)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0xfffffffffffffff2}, @HCI_OP_LE_SET_ADV_ENABLE={{0xa}, 0xcb}}}, 0x7) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) openat$pfkey(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) 1m18.206827918s ago: executing program 0 (id=671): syz_mount_image$squashfs(&(0x7f0000000040), &(0x7f00000001c0)='./file1\x00', 0x80041b, &(0x7f00000000c0)=ANY=[], 0x21, 0x1ab, &(0x7f0000000600)="$eJzKKC4sZmBgYPj7sSaZwYEBDNgY+BhuMzIysDAwMMgzQsTc2CH0KzYIrQflv2CB0JpQ8UVQ+j8UFFdWZSfm5KQW0ZCBXY4J4hAGUkwEqUeXuvIxlp9Uc4YUg5GMgBplYDLimSHhSB0Dvwy0d4pYBkWoEs9gxJRCcO0bmRjeglP69Y81ySBGArSUAomlQDAjshpQbB5BUiPFAsaMzAz/4WpAhR+Io87AwKBfklugX1xZpZuZm5iemp6aZ2RkbGZgYmBgaqSflpmTagAhGZGsgBVRIBpU9oLKVE4keVYGBoZ70AKWiwEJvIRYC3MaVJ4RWS+oHP4PLaQ1lBlQABOSXhjNyHAArheqjQEUBCEMagwcDAwM5Q2MSKIqYFNYGMBe8mBgZGCGcgyhzmVghNvFAZbQS87PSWlnYGRghGlbzsACN8PwMQMrmMOGcCNExtiiASbUDqVVoLQHlF4OpR9DaVidBauLWMAmPIHyNBpATqxILCkpMmQ7D9ViCKr1wGJGbDBZI4EG5AAD2fqJDdVzMuwMo2AUjIJRMApGwSgYBUMMAAIAAP//uDpY8w==") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_FIEMAP(r0, 0x801c581f, 0x0) 1m17.915996682s ago: executing program 0 (id=675): r0 = socket$inet_sctp(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) sendto$inet(r0, &(0x7f0000000300)="ab", 0x1, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f00000003c0)={0x0, 0x10, "3440cd38eb0b4d61319132e6f8f2732b"}, &(0x7f0000000080)=0x18) 1m17.238348267s ago: executing program 0 (id=685): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) 1m16.721921089s ago: executing program 35 (id=685): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) 51.258840361s ago: executing program 3 (id=916): syz_mount_image$hfsplus(&(0x7f0000000180), &(0x7f0000000000)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x4812, &(0x7f0000002140)=ANY=[], 0x11, 0x6b1, &(0x7f0000000240)="$eJzs3c9vHGf9B/D3rNc/NpVct03TfL+qVNNIBWGRxLFSCJcEhFCQKlQFCc5W4zRWNmlwXJT2QFxA4sqBP6AcwgVOIISEhBSpnOFWcbM4VULi0lPaA4N2dnazdnf9I2m8Drxe1ux8nnlmn/nMZ3ZmdleyNsD/rIsLad5LKxcXXrvdaW/eXWpv3l263o0b7STTSRpJsztLcSMpPkgupDvl/zoL6+GKUdv55eq5Sx9+vPlRt9XMg/E6D63RCTb3shcb9ZT5JBP1/BFsGe+Nhxtv+kFY9CvTKdiJXuFg3CaTlFv88NiDnmHKiYHGyPMdeHIU3fvmgO75P5ccSTLTu6FtdDsbB5/hrvZ1Ldp4fHkAAADAofH0/TvJ7cyOOw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4ktS//1/UU6MXz6fo/f7/1MBv7E+NOd3Rds5sphfcaxxEMgAAAAAAAADweL10P7+5VJazvXZZpPH9ibpxtHp8Km/nVlaylpO5neWsZz1rWUwyNzDQ1O3l9fW1xbzcfeanZVmOeOaZoc88s8eEW4++zwAAAAAAAADwX+R8Pf9JLmZ2zLkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAWRTLRnVXT0V48l0YzyUySqc56G8nfevGT7N64EwAAAIAD8PT93M/tzPbaZVF95j9Wfe6fydu5kfWsZj3trORy9V1A91N/Y/PuUnvz7tL1zvTZcb/xrwfx72d3TaMaMd3vHoZv+Xi1RitXslotOZk38lbauZxG9cyO4718huf1Xien4nxXWWZ6LwW6XM87e/6Len44zFUVmexX5HQnt6Jbx2d2rsTg0XmILS2m0f/m5+g+an5+x60U/y7LbnSktyR56ju713xyXzvzSLZX4szAq+/YzpVIvviH3/7gavvGtavFxkJvl+YPLvd9eGn44ul/9I5QrxJdG1nJ0kAlXthzJa7cWjg8J9S+NLe0Gnm+H1/Mt/O9LGQ+r2ctq/lRlrOelcznW1W0XL+eO49zO1fqwpbW67vlNFUfl4ltOX3h6e58p5xerp47m9V8N2/lclbyavV3Jov5as7mbM4NHOHn93DWN4ac9X8cnfyJL9VBK8nP6/nh0KnrMwN1HbzmzlV9g0saKes7y7Of27Wxr/n/ddA5Ej8dOAfHr1+JmfTvEr3snutVYHJoJX5VXVZutW9cW7u6fHPbuMXG8O29kq27f3guJJ3Xy7P9a8TWV0en77mhfYtV39F+X2N7369b/b7dztSp+j3cZ0c6U/W9MLRvqeo7PtDXeb81k2Qln5Zl2X2/BcChd+TLR6Za/2z9tfV+62etq63XZr45/bXpF6cy+ZfJrzdPT7zSeLH4Xd7Pj7P7J3QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGBXt95599pyu72yti0oy/LOiK7HEqSZbFny5z8NrFP91liSvQ/YWftCI6mWNFMH+0vszsPtznsPW4S/18fkQAr+uQQzI18/24NPyrI8HDnvJShrhyWfcQRjvSwBB+DU+vWbp2698+5XVq8vv7ny5sqNc2fPnjt97uyrS6eurLZnxp0e8BhV9/rqfc64MwEAAAAAAAAAAAD2am//nFP0lzST7Pt/ewAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAewcWFNO+lyOLpk6c77c27S+3O1IsfrPlJkkaSYj4pPkgupDtlbmC4YtR2NpJLH368+VG31aynav3Go+/FRj1lPslEPR9iZtjC8s6o8YpqnJujx9ujol+ZTsFO9AoH4/afAAAA//9HqBXl") r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000000f80)=""/4085, 0xff5) unlink(&(0x7f0000000280)='./file1\x00') 50.416746465s ago: executing program 3 (id=925): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-avx2\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000006240)=[{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000440)="1e", 0x1}], 0x1, 0x0, 0x0, 0x4010}], 0x1, 0x20000010) 50.219224904s ago: executing program 3 (id=928): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x8}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x44090}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_TEST(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)={0x40, 0xb, 0x6, 0x801, 0x0, 0x0, {0x7, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x18, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @rand_addr=0x64010101}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x40}, 0x1, 0x0, 0x0, 0x20008041}, 0x8190) 49.779271523s ago: executing program 3 (id=933): syz_mount_image$udf(&(0x7f00000000c0), &(0x7f0000000180)='./file0\x00', 0x3810082, &(0x7f0000000380)={[{@volume={'volume', 0x3d, 0x3e}}, {@gid}, {@dmode={'dmode', 0x3d, 0x4}}, {@rootdir={'rootdir', 0x3d, 0x401}}, {@iocharset={'iocharset', 0x3d, 'cp1251'}}, {@gid_forget}, {@volume={'volume', 0x3d, 0x1}}, {@iocharset={'iocharset', 0x3d, 'maccroatian'}}, {@longad}]}, 0x1, 0xc32, &(0x7f0000001a40)="$eJzs3U1sXNd9N+D/uRyKI/l9KyZ2FCeNi0lbpLJiufqKqViFO6pptgFkWQjF7AJwJI7UgSmSIKlGNtKC6aaLLgIURRdZEWiNAikaGE0RdMm0LpBsvCiy6opoYSMoumCLAFkFLO6dM9KQIm1GFCVKeh6b+s3ce86dc+4Z3ysLOvcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDxe6+dP3EyPexWAAAP0sXxr5445f4PAE+Uy/7/HwAAAAAAAAAAAAAA9rsURTwdKeYurqXJ6n1X/UJn8OatidGxrasdTFXNgap8+VM/eer0mS+9NHK2lxc6Mx9R/377bLwxfvl849XZG3Pz7YWF9lRjYqZzdXaqveMj7Lb+ZseqE9C48ebNqWvXFhqnXjy9Yfet4Q+HnjoyfG7k+ePP9cpOjI6Njd8pUu8vX7vnhnRtN8PjQBRxPFK88L2fplZEFLH7c1F/sGO/2cGqE8eqTkyMjlUdme60ZhbLnZd6J6KIaPRVavbO0dZjEbXBB9qH7TUjlsrmlw0+VnZvfK4137oy3W5cas0vdhY7szOXUre1ZX8aUcTZFLEcEatDdx9uMIqoRYrvHF5LVyJioHcevlhNDN6+HcUe9nEHynY2BiOWi0dgzPaxoSji9Ujxs/eOxtV8namuNV+IeL3MH0S8U+YrEan8YpyJ+GCL7xGPploU8efl+J9bS1PV9aB3XbnwtcZXZq7N9pXtXVd+yfvDXVeKh3R/OLgpH4x9fm2qRxGt6oq/lu79NzsAAAAAAAAAAAAAAAAA3G8Ho4jPRIrX/u2PqnnFUc1LP3xu5PeH/3//nPFnP+Y4ZdkXI2Kp2Nmc3AN5YuCldCmlhzyX+ElWjyL+OM//+9bDbgwAAAAAAAAAAAAAAAAAAMATrYifRIqX3z+alqN/TfHOzPXG5daV6e6qsL21f3trpq+vr683UjebOSdzLuVczrmSczVnFLl+zmbOyZxLOZdzruRczRkDuX7OZs7JnEs5l3Ou5FzNGbVcP2cz52TOpZzLOVdyruaMfbJ2LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA46SIIn4RKb79jbUUKSKaEZPRzZWhh906AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA0lIr4fqRo/EHz9rZaRKTq366j5S9nonmgzE9Gc6TMV6J5PmerylrzWw+h/ezOYCrix5FiqP7u7QHP4z/YfXf7axDvfPPOu8/WujnQ2zn84dBTRw6fGxn7tWe3e522asCxC52Zm7caE6NjY+N9m2v50z/Zt204f25xf7pORCy89fabrenp9vy9vyi/Aruo/gi9SLUnpadeVC+iti+a8XD6zhOgvP9/ECl++/1/793wu/f/evy/7rvbd/j4+Z/cuf+/vPlAO7z/1zbXy/f/8p6+1f3/6b5tL+ffjQzWIuqLN+YGj0TUF956+3jnRut6+3p75syJE18eGfny6RODByLq1zrT7b5X9+V0AQAAAAAAAAAAAAAAADw4qYjfjRStH6+lRkTcquZrDZ8bef74cwMxUM232jBv+43xy+cbr87emJtvLyy0pxoTM52rs1PtnX5cvZruNTE6tied+VgH97j9B+uvzs69Nd+5/oeLW+4/VD9/ZWFxvnV1691xMIqIZv+WY1WDJ0bHqkZPd1ozVdVLW06m/+UNpiL+I1JcPdNIn8/b8vz/zTP8N8z/X9p8oD2a//+Jvm3lZ6ZUxM8jxW/9xbPx+aqdh+Kuc5bL/U2kOHb2c7lcHCjL9drQfa5Ad2ZgWfZ/IsU//GJj2d58yKfvlD254xP7iCjH/3Ck+P6ffTd+PW/b+PyHrcf/0OYD7dH4P9O37dCG5xXsuuvk8T8eKV55+t34jbzto57/0Xv2xtFc+PbzOfZo/D/Vt204f+5v3p+uAwAAAAAAAAAAPNIGUxF/Gyl+OFZLL+VtO/n7f1ObD7RHf//r033bpu7PekUf+2LXJxUAAAAA9onBVMRPIsX1xXdvz6HeOP+7b/7n79yZ/zmaNu2t/pzvV6rnBtzPP//rN5w/d3L33QYAAAAAAAAAAAAAAAAAAIB9JaUiXsrrqU9W8/mntl1PfSVSvPZfL+Ry6UhZrrcO/HD1a/3i7Mzx89PTs1dbi60r0+3G+Fzrarus+0ykWPvrz+W6RbW+em+9+e4a73fWYp+PFGN/1yvbXYu9tzb5M72yS+2TZdlPRIr//PuNZXvrWH/qznFPlWX/KlJ8/Z+2LnvkTtnTZdnvRooffb3RK3uoLNt7Puqn75R98epssQejAgAAAAAAAAAAAAAAAAAAwJNmMBXxp5Hiv28s357Ln9f/H+x7W3nnm33r/W9yq1rnf7ha/3+71/ey/n/1XIGl7T4VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeTymKeDtSzF1cSytD5fuu+oXOzM1bE6NjW1c7mKqaA1X58qd+8tTpM196aeRsLz+6/v32mXhj/PL5xquzN+bm2wsL7anGxEzn6uxUe8dH2G39zY5VJ6Bx482bU9euLTROvXh6w+5bwx8OPXVk+NzI88ef65WdGB0bG+8rUxu850+/S9pm+4Eo4i8jxQvf+2n64VBEEbs/Fx/z3dlrB6tOHKs6MTE6VnVkutOaWSx3XuqdiCKi0Vep2TtHD2AsdqUZsVQ2v2zwsbJ743Ot+daV6XbjUmt+sbPYmZ25lLqtLfvTiCLOpojliFgduvtwg1HEm5HiO4fX0j8PRQz0zsMXL45/9cSp7dtR7GEfd6BsZ2MwYrn4qDHbosNsMBRF/GOk+Nl7R+NfhiJq0f2JL0S8XuYPIt6J7nin8otxJuIDp/WxUYsi/rcc/3Nr6b2h8nrQu65c+FrjKzPXZvvK9q4rj/z94UHa5/eTehTxo+qKv5b+1X/XAAAAAAAAAAAAAAAAAPtIEb8aKV5+/2iq5gffnlPcmbneuNy6Mt2d1teb+9ebM72+vr7eSN1s5pzMuZRzOedKztWcUeT6OZtl1tfXJ/P7pZzLOVdyruaMgVw/ZzPnZM6lnMs5V3Ku5oxarp+zmXMy51LO5ZwrOVdzxj6ZuwcAAAAAAAAAAAAAAAAAADxeiuqfFN/+xlpaH6rWlx7o7VuxHuhj7/8CAAD//0pa+Ck=") mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x1008009, &(0x7f00000008c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@uuid_off}]}) 49.085587252s ago: executing program 3 (id=938): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001940)={0x3, 0x0, [{0x2, 0xbd, &(0x7f00000005c0)=""/189}, {0xf000, 0xe4, &(0x7f0000000780)=""/228}, {0x0, 0x0, 0x0}]}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001e80)) 48.694886647s ago: executing program 3 (id=942): symlinkat(&(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00') r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) fchdir(r0) umount2(&(0x7f0000000180)='./file0/file0/file0/file0/file0\x00', 0x0) 48.380395203s ago: executing program 36 (id=942): symlinkat(&(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00') r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) fchdir(r0) umount2(&(0x7f0000000180)='./file0/file0/file0/file0/file0\x00', 0x0) 45.017236845s ago: executing program 2 (id=971): syz_mount_image$minix(&(0x7f00000001c0), &(0x7f0000000040)='./file2\x00', 0x1200808, &(0x7f0000000080)=ANY=[@ANYRES8=0x0, @ANYRES16=0x0, @ANYBLOB="7665b56bff7d13a2d819dd99d7b7fb44d89826e61bdd16b72b7b4b28466b2dd5276d640c15e37c725cc51cf9ccb08269fbbcf21642cf3700d39319aedab841312becd7508764407fc111e219d48aff23cec7bff40e31ce41ce552026be34aef66f44ef30690a7b52e1dd15b63c9d5de5b8fd41279c39eaa7c3660cdf0466414f5b966df46c5dd09f5d724a4d956293d161bf6a0aab3287558cfa91db1a051d07", @ANYRES32, @ANYRESOCT=0x0, @ANYRES16, @ANYRES8=0x0], 0x1, 0x1e5, &(0x7f0000000400)="$eJzs20tu00Acx/HfJGkSQ4HyXCCkILGADUmaikqsWs7BqmrTqsIFhNkkQsJcAM7AObgMB4AFO1YY+ZGm9aM1E9y0zfez8Xh+/dvjuu6MolgAFtamHsrIqBnuPGivfLltStU1qx4YgMoFyfZPYMOxqgJwXtR/p3uSFYA/n/EAOCs/X0jfJf349WFb9eyqPsz9SV5rZfNP0v1Gkpu2nPT64qv0eFJvrmTrG/E2zq/mHv/Jo8n5l3VN13VDK7qpW8aXifKdw/p7VmsgAAAWjVH3tLwr1QvSePLOrgqmlrT7LTurTzW1u+8OB6fka4V5K8q722/cnRPOAiBPrdTzX6wePX/9wrwR5avJXttukAAq4Y3GLbnu8J03Cif5qDF+teX+U8OxqirTMJUdOb/RTPUEHyUd9mzaHjnQsR7n6O+543VmH7yJP6VROnLKlNeUF720GMZGNlqSNNtNMb5V+fJn5V7XbI0NlfrhTs69sG60zuiP/3hj3v+ZAFSt9/7gbc8bjZ/uH2ztDfeGrwf9/vP1Z2ur64NetLLvnby+B3BxTSd9Hfk2EAAAAAAAAAAAAAAAuEju6G64Sb+2CwAAAOAS+m/vDDVU+LrVvK8RAAAAAAAAAAAAAAAAAIDL5m8AAAD//3E6Bko=") mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./bus\x00', 0x0) rename(&(0x7f00000001c0)='./bus\x00', &(0x7f0000000240)='./file0\x00') 44.680351004s ago: executing program 2 (id=972): r0 = syz_mount_image$btrfs(&(0x7f0000000200), &(0x7f0000005600)='./file0\x00', 0x800, &(0x7f0000000240), 0x0, 0x559e, &(0x7f0000005680)="$eJzs3X9sVeX9B/BzWwoN+C39jhUYfxAgBoMkyJYtjqB4MQa24eKlgsKcCEQlBivYRDcYqUWSZcaghU4EF5GQaDJjscM/FMywy7CMZfzY5hZjs4JSaZZsAzVrHDG69N77XO49l9tembNOXy/SnvPcz3me+9yT88d9X/qcGwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAURUcSc9+d0f3i0ZE1X77/Hz+e+OjGn4zfvX/roVvu23T/gjMjbto5a1nf+mlN8zdsbDjS/PS+ObdGUSLdL5Htf9u136q/88bbvlsdBly+MLOtrS31lJmuJzON4QUP9vcr/FkRRVFVbIDK7PbV7E5FwQC53cbiAQf0Tuui6O7J8ya1dT01bklyYU/xS6df9VBPYKhkr6ue89dSMv27InZErp136SUKLtFM//gF96m8CADgY5mZSm9yb0ezb3Fz7eZ4PdZOxtotsXZ4h9CS37gYmXGHl5rnpHh9iOaZzESFESXnGatnz3+unYr3j7VjUeNjzLPw0GykqS41z7Wx+lDNEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCzZOzxo2tWtD2y575fdtQceff9OVc+8KWOw22LT4y8eunKHWum/HTWsr7105rmb9jYcKT56X1zbo2i2nS/RKZ74kTL5b9NjZ3fvXfcG427n6vpq8yOG7bD8g6OXg87s0ZH0cq8Sk8Y9q81UZQqLKSb0Y7iwl3pnW+HAgAAAJ8nX0n/rsi1M3GwqqCdSKfJRPpfkAmL77Quiu6ePG9SW9dT45YkF/Zc/HipEuMlLzherl17/ieRF4xD/I2Pd74eDm0sGmdg8RHjef7SMWPefmty/eSvT5v7xA3PjOru+r8nZ2xJ/bGu5oUrru+tf/a6ovxfO3D+D2dO/gcAAOA/If/HxxnYYPn/jqVTt7z+i2Grft3a8MTB+h1/bv3OMzsXneq54Ud9L09N3v7o1UX5f1LBUxbl/zDjkP8roovL/wAAAPBZ9t/O/8micQY2WP5vONM3+wcHX6vr+PucxXt+9dAVi8+e/tv8U7t3DV9zR8v6uoeuLMr/M8vL/8Pypx0e/F2Y8OrRUTSz/JMKAAAAFAj/737+o4WQ1zOfHMTz+rX/vKp5380ffPMbD97zpzff/s2xA7MnrdteN/PgyzfVf1j5ve3dRfk/WV7+r/p0Xi4AAABQhuePrpw773jPucfPvtB18vDu3pMznjyzrqnvdOslLatXbTr2WlH+T5WX/0cMzcsBAAAALuDeO59bsfnVl/oe2H/X2Ck9FVc1XpK4ZduOqU0TPuq8tPfy7VuL8v/y8vL/yOw2u/Ih06kz/BVC6+goqu7fWZspHIparskVAAAAgE9IyOlbP1ixbOzOsb3jj59+rObQG4dn/2Vt55yN13RXdW/uXNZ4WdH9AkJiL3X//3Cng7D+v+D+f0Xr//MKmbv+zXZjAAAAAL6Iitfzh9vjZ765oNT375e7/n9J3cQTiba33lv11XMHzo1ZsP/7129aV9/be8+El37/wz9M/6i6KP83l5f/K/O3n+T3/wEAAMBF+F/7/r+lReMMbLD7/zdV9DWsWrd3+uota7csTCw7UH3qwdV731+w5l9Tb36+qea6A0X5v6W8/B+2o/JfXkc4P5tGR9H4/p3s3QR/Hqa7OlZor8orZE58rMeNoUe20D4ir5C2Ntbja6OjaHL/TnOs8P+h0BIrnK3JFnbFCsdCIXs95Ap7YoWOcKVtq8lON154MRSyCyzawwqKUbklEbEe75Xq0V+4YI+u3JMDAAB8oYTwnM2yVYXNKB5l2xODHTBysAMqBjugcrADhsUOiB9Y6vFoeWEhPH575yMbNjVMSb7y8NzHfvbms40T9j1+WV3v5g9f2XbvxJ3TW6YW5f9d5eX/cCqGZzal1v9HYf1/9nsNc+v/l4dCbazQHgqp+B0DUuE5MmH34fActalsj7PjcwUAAAD4XAufC1QO8TwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/s3evcdJVd0JAj/d9INumqaNE9GMk3TUgGakaWwNw+AoaoxGRZpZddxkNBBoEGmE8FgFURtQZxziZ3ztrJnoCAoiu+qHGFeDwUhcxIw6iWLiA/Cxjq7r+h6VGM2E/XTfOkXVrS67EFDa+X7/6DpVv/O89eg69946FwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/xjuPfjlk4YunP0PHzace8nqqqmL/kfH6Mv+cNW3vvjUPy5b9G9h/i9GnLll3kEXHjd/wbR/6Vi++ogzQmjtKleWFC977oqvPtS613HP3jFw48wbb63fUpWpNxMP/Tr/lGfuXBxbfbF/CHeXhVCRDgypSwKVmft1sb5960LYI2wLZEu01SYl0g2HB2pCWBK2BbJVra4JoS4ncMqG+++7vDNxTU0IXwkhVKfbeKY6aaMmHRhUlQRq04HpFUngt1sT2cBPypMA7LD4Zsi+6Fe15mdo6L5ckddf5U7r2KcrPbw+MdFQPN/rR+3iTuWoSj/QukNPW0F17BIFb4+13m294N1WsJ2v8LTlfpHKfEPZui1UHcontk0aP6d9dnykPDQ19SlW0y56np9+e/6E7Un3mtdh7EDDTnkdXvrYiun9lo2+9OrNvxqz4ayaA3a0m0/lbNLc9K5WHTKvuV7zPEajfJ70grdfwbekRl+6Qghbzz17xtfnTDz7iD63PLnu1QcfrNty9pwFvzhz4nmLLj55w7/Pf6lg/t/w0fP/+HKOt+V5uWOrH9Ync/P4SF1MvFmfzM0BAACg1+gNe01Xnv/6X73+/bWtMxed/u23Dj73w71afz3i/gFVB7yxrqn1/I2ff6Vg/t9Y2vH/eMi/Lne0a0MY1ZVYNCCEvbseTwIrY3e+OyCEL3elWvMDR6UCa0PYpytxULaqVIm+sURjKvByfSYwKhVYHwOtqcDyGLgiFbg4BlalAhNiYG0qcHQMhCn54/hqfWYcJQdqYmBcshFXxbMQ3qmPraW21aZsVQAAADtJZnZYmX8351yHHc0Qp5eranrKEM/ALpqhOlVDegabnVYVraGipxrKe6ohO+6Ojx5+Qc1lPdVccBpGWX6GG9f85X2LXjzsC2P3mvj5xUMvmPKz8eGst++uerx5yYtv7XvEzesK5v/NHz3/r+6mI2UFx/9DGNv1N+Yuz0Tas/FxrXkZAAAAgB1w0R//xR61Lw85oGHT+2X3zl/7xKMrfrl5j1NOf3/c8a//8PCaxnsL5v+jSjv/P+4T6ZOTOTwSd0NMHRBCc34gqXZkYSA56t0vEwAAAIDeIHs8PnssfErmNjlFOz2fLszfup3544H/Ud3m//09/7P2jq3/+mLZBd89d0TNgKX/9GrHhBNOPvqW47/1zj4VB/yyvGD+31ra+f+1+bdJJ9bHXlw9IIS+OYEHYy87A10aY+D5I/MDmfGvjxtgcawqc2JCtqrFscS4GGhOBZYUK/FotsTe+YHMk5VtfFF2HFMyJXICAAAA8ImLuwPicfl4/n/LGSNO++vvzfrbha88eN7qCy75q+Ed80eedP/THzbMvXJp2PTmEQXz/3Hbd/5/1zy44PT+9n4hDK0IoU/6hwGP1CYLA8ZAXVkmcW9tUlefdFULa0MY2TmwdFUvZNb/r0ivMfh4TVJVDOy93y1vD+pMLKsJYWhu4IlvLz2sMzEnFcg2flpNCF/qHG268bv6Jo1Xphu/tm8IX8wJZKua0DeEzsaq0lX9r+rMdQzSVa2qDmHPnEC2quHVIcwNAPRW8X/pxNwHZ82dN3V8e3vbzF2YiDvxa8KkKe1tTROmt0+sLtKniak+561jtKBwTKVe+mZTZo2ixSsnV5aSzv5QsDm3rcyO/IIzBzP345ehyq5xHlKZd7clPeQD9y9sIuR8lSo25PJdPOTa3Eq2PYkF9cf8VaFf6DtnVtvMpvPGz549c1jyt9TshyR/43GmZFsNS2+r2u76VsLLo+hyWSkfd1sNyq1k6OxpM4bOmjtvyJRp4ye3TW47p+XQP2sZMXz410YM7RxUc/K3h5EO6q7m1Ei3Li1xWDtxpF+oyKnkk/jQkJCQ6G2J/f7L5odH77n+nOt/9tqPz+/3zdPu3fvImT889KqpD1Xve/ji24ccWDD/n/HR8//4qRM/+DPrMxQ7/t8QD/Mnj287zD8uBpaUevy/odjR/OyJAY2pQEcMdDjMDwAAwGdD3B0Z92bGndKbb1m/buOSlrk/aHin5dY17Utvuum+U39y58ATvjQ47LXhuhM+VzD/7yjt9/87af3/7NL1JxRb5v+gWKK52Pr/6WX+s+v/dxRb/z+9zH92/f8ln8L6/3OygdQmecf6/wAAwGfBJ7f+f4/L+6cvEFCQocfl/dMXCCjI0OMy/qVeIGC71/9f8+Bff6Wq35g7/qTlN/WXvPZ39xzWeuS6zTP/5Etb10+877qxt6wpmP9fUdr838L9AAAAsPv4z5ddU3H02Xff0bJu6sZxbw5+98m3lgzq80HF0Q+3j3xh4Bu3nlcw/19S2vz/k1//LxQ7/7+xWKC12MKA1v8DAACglyq2/t89Q1sa/zCm/x+eHvab5Q/ePPqnj/z898v3+/mJPyvfZ8Gxz8+8bFLB/H9VafP/eNpFeV7u2JsP65M17UJ6Tbs367M/GQAAAIDeoTw0NVWWmDdvYdSjPn6bT2eWAv2odK7vvXLt2ZtfmH7c46ev+7uaEwbvOWHaBasa/2b4gXd+ftQley7ddGrB/H9tafP/vN9lXPrYiun9lo2+9MOrN/9qzIazag7YdvwfAAAA2HVK3S8BAAAAAAAAAAAAAAB8+s7tWHzhI8uOfe+bt//F/kcseXXwbXcd+Lsh/V664qoHJq1648zJXy/4/X8Y21Wu2O//43X/4u8L/igvd2y15/X/MvdPOfH2uV1LFj5SH8L+uYGpC6fuETLX5h+cG7jvjIMGdiYWpkusefbolzoT30kHjh/yuS2dicNTgXFxkcR90oF4VcUt/VOBuLzi4+lA3B6r0oGqTOCy/sk4ytLb6pW6ZFuVpbfVxroQBuQEstvq7rqkjbL0AK9JBbID/F46EAd4ciZQnu7V7f2SXsVAXSx6Q7+kVwAA7Lbit8DKMGlKe1tz/Aofb79QkX8b5S1ZtqCw2rISm9+UWZps8crJlaWk+6S/i2671nhlqO4cwrCCr6u5Wcq6Rrlzaulh0/1RkSH3tNpbeZFyadu76aqKj6gmGVHThOntEyt7HHhLz1kOqegxy7CCyU5ulvKuTVpCLSX0pYQRlbhtSuhyvF8empr6pHL9eQw2hDw9vSJK/b1+7jp/xV4FuXluO/TKt758zE+f++CfP/9E/2+cVnP7rO+/e+KvX7//wEOOuG5C05otBfP/htLm/9W549qSuRhAR7yy3sgBIYwrcUQAAADw2XfbRbfecfr09a9MWlvx5GOPTS0fc3rl1vl3zp93ycZ7Fx9/2cErdjR+2Fm//f5vBu//b89e9dJPR+7zwA03/58nD3v8z3//8I8eeqduZZ+x7xXM/xtLm//HPViZQ8HJ3o618fr/iwaE0HVp/YYksDIO97sDQvhyV6o1lkguqH9CLNGcBFbGHSYHxRLjWvOr6hsDq1KBl+szgbWpwPoYyOyluCVkduVcWR/CYV2psfklZsQSDanAmBhoTAWaYqA5FegfA6NSgdf6ZwKtqcDDMRCm5G+rH/fPbCsAAIDtkZlnVebfDel53qqKnjKU9ZShtqcM5T1lqO4pQ7FRxPt3xAyVqZNXynIyVaZrrUnVUpAhXgx/u/tVkCE8mp8zXbCg6Xj+QfZ8g7L8DFf+4NlT1w+e/tDqzcd8beBt/zhkz4Obp9e9t+CGp3475pzrnv/TQQXz/+bS5v+1+bdJ6+vj/H/b9f+SwIOxe1fHU8cbY+D5I/MDmR0D6+Nkd3G2qtZMicykfXEsMSoGGlOBGTEwKhUYNzYTWDIwP5CZaWcbX5RtfEqmRE4AAAAAPnFxB0HcTRPn/zce9YOr3x8wccuyeTPvH9vyxMmjv3H1XT+6d/9ld767YvCAce99p2D+P6q0+X9sr19uYxfH3rzYP4S7y7b1JhsYUpcE4n6Muvjz+H3rQtgjZwdHtkRbbVKiKtVweKAm+YV6Vbqq1TXJGgPx/ikb7r/v8s7ENTUhfCVn70u2jWeqkzZq0oFBVUmgNh2YXpEE4p6fbOAn5UkAdlh2r2B8QWVOdclq6L5ckdffZ+WaoOnhFewD7SZfd7+52lWq0w9k9qlmbd/TVlAdu0TB22Otd1tvfLc1eLflfpHKfEPZui1UHcontk0aP6d9dnwk95esBXbR85z7K9VS0jvhddjx8Xvbs+p0B5pTHx/N3Zfr/nVYFqu79LEV0/stG33p1Zt/NWbDWTUHlNyNIuIPhX+05X9XPpWzeXe16pB5zfW6z5NWnye98d9Ao6cthHDZ9cfsu+TdX+/33A3Pnbqu7Maxr/7lrHs2Lf+bysNHrXv/yaGjLy+Y/7eWNv+vSN12+V3cmLMGhHBgzsZ9JG7+YwYkn4M5geRTcs/CQHLI/V/ri35yAgAAwM6W3d2R3V8wJXObnBCenicX5m/dzvxxf8WobvOX2u9j121cedLQN6474G8vOPGNv7/28Kceuv6ysnXL//vYD1avuXzxe08UzP/HffT8v2+qm47/O/7PLuL4f7d2913RfdMPdOzQruiC6tglHP/v1u7+bnP8v1uO/zv+3x3H/3vg+H+3dvenreBb0gxfujonwdff+fPfTbzpg7mN+x180lPPHDrxun+6quXuu0555b+de9601761uWD+P6O0+b/1/7pftC+7/t+4Yuv/zSi2/l+H9f8AAIBdqshCc+l5XsHqfQUZ0qv3FWTocYHAHpcYtP7fdq//t3Dkv1904Q+fb7n2nTvHXb5m07Fnvvr0utXPzFpx3Lnnv9V6112tBfP/jtLm//Hl0C+39d6y/l/j2CJVXREDMywMCAAAwO6o2A4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPl2HnvbO+5d8/R/aBv1ixc1/f+v/+7/P1q594JvfuGn4L6f86RllazZcM+LMLfMOuvC4+Qum/UvH8tVHnBHClK5yZUnxsueu+OpDrXsd9+wdAzfOvPHW+i3VmXorM7d/nJc7tvphfQhLch6pi4k36zvvbAuccuLtcys6E4/Uh7B/bmDqwql7dCaW14cwODdw3xkHDexMLEyXWPPs0S91Jr6TDhw/5HNbOhOHZwJl6e5e1z/pblm6u5f3D2FATiDb3bP751eVbeO4TKA83caKuqSNGKiLRa+tS9qIgfZYYkrfEIZWhNAnXdU/VydV9UlXdU91UlWfdFUXVYcwMoRQka7quaqkqor0yB+tSqqKgb33u+XtQZ2JpVUhDM0NPPHtpYd1JmamAtnG/1NVCF/qfMmkG/9xZdJ4Zbrx/1oZwhdDCFXpEu9VJCWq0iVeqAhhz5zAto1YEcLcwGdD/PSZmPvgrLnzpo5vb2+buQsTVZm2asKkKe1tTROmt0+sTvWpmLKc9NYFH3/sm96eP6HzdvHKyZWlpCsy5Sq7unxIZd7dlt2997FftbmVbHs+CuqP+atCv9B3zqy2mU3njZ89e+aw5G+p2Q9J/vbJRJNtNay3bKtBuZUMnT1txtBZc+cNmTJt/OS2yW3ntBz6Zy0jhg//2oihnYNqTv7ujJEu/eRH+oWKnEo+ife/hIREb0uU5326Ne/un+MFX/S3dbQyVHd9QBdMK3KzlHWNcmcM+qiPOeKP8zWlxxENK5g4FGQ5pOcsLQWTiW1ZapIsXV/rCiaHuTWVd23SeL88NDX1KbYdGvLv5m7e13dg8z6d2XSlpgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCwAAAAAIMzfOoyeDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4FAAA//8fSxmR") ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(r0, 0x4008941a, &(0x7f0000000080)=0x2) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$BTRFS_IOC_SEND(r0, 0x40489426, &(0x7f0000000400)={{r1}, 0x0, 0x0, 0x5, 0x0, 0x3}) 42.49079035s ago: executing program 2 (id=989): r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) syz_emit_ethernet(0x4a, &(0x7f0000000080)={@broadcast, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "101040", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x70}}}}}}}, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000000)={@local, @random="03fd00b38eb8", @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x18, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x11, 0x0, 0x0, {[@sack_perm={0x4, 0x2}]}}}}}}}}, 0x0) 41.636795051s ago: executing program 2 (id=992): syz_mount_image$udf(&(0x7f00000000c0), &(0x7f0000000180)='./file0\x00', 0x3810082, &(0x7f0000000380)={[{@volume={'volume', 0x3d, 0x3e}}, {@gid}, {@dmode={'dmode', 0x3d, 0x4}}, {@rootdir={'rootdir', 0x3d, 0x401}}, {@iocharset={'iocharset', 0x3d, 'cp1251'}}, {@gid_forget}, {@volume={'volume', 0x3d, 0x1}}, {@iocharset={'iocharset', 0x3d, 'maccroatian'}}, {@longad}]}, 0x1, 0xc32, &(0x7f0000001a40)="$eJzs3U1sXNd9N+D/uRyKI/l9KyZ2FCeNi0lbpLJiufqKqViFO6pptgFkWQjF7AJwJI7UgSmSIKlGNtKC6aaLLgIURRdZEWiNAikaGE0RdMm0LpBsvCiy6opoYSMoumCLAFkFLO6dM9KQIm1GFCVKeh6b+s3ce86dc+4Z3ysLOvcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDxe6+dP3EyPexWAAAP0sXxr5445f4PAE+Uy/7/HwAAAAAAAAAAAAAA9rsURTwdKeYurqXJ6n1X/UJn8OatidGxrasdTFXNgap8+VM/eer0mS+9NHK2lxc6Mx9R/377bLwxfvl849XZG3Pz7YWF9lRjYqZzdXaqveMj7Lb+ZseqE9C48ebNqWvXFhqnXjy9Yfet4Q+HnjoyfG7k+ePP9cpOjI6Njd8pUu8vX7vnhnRtN8PjQBRxPFK88L2fplZEFLH7c1F/sGO/2cGqE8eqTkyMjlUdme60ZhbLnZd6J6KIaPRVavbO0dZjEbXBB9qH7TUjlsrmlw0+VnZvfK4137oy3W5cas0vdhY7szOXUre1ZX8aUcTZFLEcEatDdx9uMIqoRYrvHF5LVyJioHcevlhNDN6+HcUe9nEHynY2BiOWi0dgzPaxoSji9Ujxs/eOxtV8namuNV+IeL3MH0S8U+YrEan8YpyJ+GCL7xGPploU8efl+J9bS1PV9aB3XbnwtcZXZq7N9pXtXVd+yfvDXVeKh3R/OLgpH4x9fm2qRxGt6oq/lu79NzsAAAAAAAAAAAAAAAAA3G8Ho4jPRIrX/u2PqnnFUc1LP3xu5PeH/3//nPFnP+Y4ZdkXI2Kp2Nmc3AN5YuCldCmlhzyX+ElWjyL+OM//+9bDbgwAAAAAAAAAAAAAAAAAAMATrYifRIqX3z+alqN/TfHOzPXG5daV6e6qsL21f3trpq+vr683UjebOSdzLuVczrmSczVnFLl+zmbOyZxLOZdzruRczRkDuX7OZs7JnEs5l3Ou5FzNGbVcP2cz52TOpZzLOVdyruaMfbJ2LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA46SIIn4RKb79jbUUKSKaEZPRzZWhh906AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA0lIr4fqRo/EHz9rZaRKTq366j5S9nonmgzE9Gc6TMV6J5PmerylrzWw+h/ezOYCrix5FiqP7u7QHP4z/YfXf7axDvfPPOu8/WujnQ2zn84dBTRw6fGxn7tWe3e522asCxC52Zm7caE6NjY+N9m2v50z/Zt204f25xf7pORCy89fabrenp9vy9vyi/Aruo/gi9SLUnpadeVC+iti+a8XD6zhOgvP9/ECl++/1/793wu/f/evy/7rvbd/j4+Z/cuf+/vPlAO7z/1zbXy/f/8p6+1f3/6b5tL+ffjQzWIuqLN+YGj0TUF956+3jnRut6+3p75syJE18eGfny6RODByLq1zrT7b5X9+V0AQAAAAAAAAAAAAAAADw4qYjfjRStH6+lRkTcquZrDZ8bef74cwMxUM232jBv+43xy+cbr87emJtvLyy0pxoTM52rs1PtnX5cvZruNTE6tied+VgH97j9B+uvzs69Nd+5/oeLW+4/VD9/ZWFxvnV1691xMIqIZv+WY1WDJ0bHqkZPd1ozVdVLW06m/+UNpiL+I1JcPdNIn8/b8vz/zTP8N8z/X9p8oD2a//+Jvm3lZ6ZUxM8jxW/9xbPx+aqdh+Kuc5bL/U2kOHb2c7lcHCjL9drQfa5Ad2ZgWfZ/IsU//GJj2d58yKfvlD254xP7iCjH/3Ck+P6ffTd+PW/b+PyHrcf/0OYD7dH4P9O37dCG5xXsuuvk8T8eKV55+t34jbzto57/0Xv2xtFc+PbzOfZo/D/Vt204f+5v3p+uAwAAAAAAAAAAPNIGUxF/Gyl+OFZLL+VtO/n7f1ObD7RHf//r033bpu7PekUf+2LXJxUAAAAA9onBVMRPIsX1xXdvz6HeOP+7b/7n79yZ/zmaNu2t/pzvV6rnBtzPP//rN5w/d3L33QYAAAAAAAAAAAAAAAAAAIB9JaUiXsrrqU9W8/mntl1PfSVSvPZfL+Ry6UhZrrcO/HD1a/3i7Mzx89PTs1dbi60r0+3G+Fzrarus+0ykWPvrz+W6RbW+em+9+e4a73fWYp+PFGN/1yvbXYu9tzb5M72yS+2TZdlPRIr//PuNZXvrWH/qznFPlWX/KlJ8/Z+2LnvkTtnTZdnvRooffb3RK3uoLNt7Puqn75R98epssQejAgAAAAAAAAAAAAAAAAAAwJNmMBXxp5Hiv28s357Ln9f/H+x7W3nnm33r/W9yq1rnf7ha/3+71/ey/n/1XIGl7T4VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeTymKeDtSzF1cSytD5fuu+oXOzM1bE6NjW1c7mKqaA1X58qd+8tTpM196aeRsLz+6/v32mXhj/PL5xquzN+bm2wsL7anGxEzn6uxUe8dH2G39zY5VJ6Bx482bU9euLTROvXh6w+5bwx8OPXVk+NzI88ef65WdGB0bG+8rUxu850+/S9pm+4Eo4i8jxQvf+2n64VBEEbs/Fx/z3dlrB6tOHKs6MTE6VnVkutOaWSx3XuqdiCKi0Vep2TtHD2AsdqUZsVQ2v2zwsbJ743Ot+daV6XbjUmt+sbPYmZ25lLqtLfvTiCLOpojliFgduvtwg1HEm5HiO4fX0j8PRQz0zsMXL45/9cSp7dtR7GEfd6BsZ2MwYrn4qDHbosNsMBRF/GOk+Nl7R+NfhiJq0f2JL0S8XuYPIt6J7nin8otxJuIDp/WxUYsi/rcc/3Nr6b2h8nrQu65c+FrjKzPXZvvK9q4rj/z94UHa5/eTehTxo+qKv5b+1X/XAAAAAAAAAAAAAAAAAPtIEb8aKV5+/2iq5gffnlPcmbneuNy6Mt2d1teb+9ebM72+vr7eSN1s5pzMuZRzOedKztWcUeT6OZtl1tfXJ/P7pZzLOVdyruaMgVw/ZzPnZM6lnMs5V3Ku5oxarp+zmXMy51LO5ZwrOVdzxj6ZuwcAAAAAAAAAAAAAAAAAADxeiuqfFN/+xlpaH6rWlx7o7VuxHuhj7/8CAAD//0pa+Ck=") mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x1008009, &(0x7f00000008c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@uuid_off}]}) 40.868618401s ago: executing program 2 (id=997): mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x0, 0x31, 0xffffffffffffffff, 0x0) syz_mount_image$udf(&(0x7f0000000f00), &(0x7f00000000c0)='./file0\x00', 0xa00000, &(0x7f0000000000)={[{@lastblock={'lastblock', 0x3d, 0x6}}, {@iocharset={'iocharset', 0x3d, 'utf8'}}, {@utf8}, {@unhide}, {@adinicb}, {@shortad}, {@volume={'volume', 0x3d, 0x6}}, {@iocharset={'iocharset', 0x3d, 'cp865'}}, {@dmode={'dmode', 0x3d, 0x4}}]}, 0x1, 0xc43, &(0x7f00000010c0)="$eJzs3U9sHNd9B/DfGy3FldxWTOwqThoHm7ZIZcZy9S+mYhXuqqbZBpBlIhRzC8CVSKkLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBAhQIWMzsW3FJkbYskhIlfz429Z2deW/mvZn1jCzozQsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIOL3Xrl46nTaZsOhh9AYAOCBuDz21VNntnv+AwCPrSs7/f8/AAAAAAAAAAAAAABwUKQo4slIMXd5LU1Unzvql9p9t26PD49sX+1IqmoeqsqXP/XTZ86e+9ILQ+e7eak98wH199pn4rWxKxcbL8/enJufWliYmmyMz7SvzU5O3fMedlt/q8HqBDRuvn5r8vr1hcaZ589u2nx74P3+J44PXBh69uQz3bLjwyMjYxtF6r3la/fdkI6dRngcjiJORornvvfT1IqIInZ/LuoP9tpvdaTqxGDVifHhkaoj0+3WzGK5cbR7IoqIRk+lZvccbX8totb3QPuws2bEUtn8ssGDZffG5lrzravTU43R1vxie7E9OzOaOq0t+9OIIs6niOWIWO2/e3d9UUQtUnzn2Fq6mt/6UZ2HL1YDg3duR7GPfbwHZTsbfRHLxSNwzQ6w/iji1Ujxs3dOxLV8n6nuNV+IeLXMH0S8VeZLEan8YpyLeG+b7xGPploU8efl9b+wliar+0H3vnLpa42vzFyf7Snbva98xOfDXXeKh/R8OLIlH4wDfm+qRxGt6o6/lu7/NzsAAAAAAAAAAAAAAAAA7LUjUcSnI8Ur//ZH1bjiqMalH7sw9PsDv9w7ZvzpD9lPWfb5iFgq7m1M7uE8MHA0jab0kMcSf5zVo4g/zuP/vvWwGwMAAAAAAAAAAAAAAAAAAPCxVsRPIsWL755Iy9E7p3h75kbjSuvqdGdW2O7cv90509fX19cbqZPNnBM5l3Iu51zJuZozilw/ZzPnRM6lnMs5V3Ku5oxDuX7OZs6JnEs5l3Ou5FzNGbVcP2cz50TOpZzLOVdyruaMAzJ3LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA46SIIn4RKb79jbUUKSKaERPRyZX+h906AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDUn4r4fqRo/EHzzrpaRKTq344T5S/nonm4zE9Gc6jMl6J5MWerylrzWw+h/exOXyrix5Giv/72nQuer39f59Odr0G89c2NT5+pdfJQd+PA+/1PHD92YWjkc0/vtJy2a8DgpfbMrduN8eGRkbGe1bV89E/2rBvIxy32putExMIbb77emp6emr//hfIrsIvqj9BCqn1cemqhWojagWjGw+n7JvWHdYNiX5XP//cixW+/++/dB37n+V+PX+p8uvOEj5//ycbz/8WtO7rH539ta738/C+f6ds9/5/sWfdi/t1IXy2ivnhzru94RH3hjTdPtm+2bkzdmJo5d+rUl4eGvnz2VN/hiPr19vRUz9KenC4AAAAAAAAAAAAAAACABycV8buRovXjtdSIiNvVeK2BC0PPnnzmUByqxlttGrf92tiVi42XZ2/OzU8tLExNNsZn2tdmJ6fu9XD1arjX+PDIvnTmQx3Z5/Yfqb88O/fGfPvGHy5uu/1o/eLVhcX51rXtN8eRKCKavWsGqwaPD49UjZ5ut2aqqqPbDqb/6PpSEf8RKa6da6TP53V5/P/WEf6bxv8vbd3RHo7//9zRjfF/n+gpWh4zpSJ+Hil+6y+ejs9X7Twad52zXO5vIsXg+c/mcnG4LNdtQ+e9Ap2RgWXZ/4kU//CLzWW74yGf3Ch7+iOd3EdAef2PRYrv/9l349fzus3vf9j++h/duqN9ev/DUz3rjm56X8Guu06+/icjxUtPvh2/Ua35vw98/0f33RsnOoU33s+xT9f/V3vWDeTj/uZedR4AAAAAAAAAAOAR1peK+NtI8cORWnohr7uXv/83uXVH+/T3vz7Vs25yb+Yr+tCFXZ9UAAAAADgg+lIRP4kUNxbfvjOGevP4757xn7+zMf5zOG3ZWv05369U7w3Yyz//6zWQjzux+24DAAAAAAAAAAAAAAAAAADAgZJSES/k+dQnqvH8kzvOp74SKV75r+dyuXS8LNedB36g+rV+eXbm5MXp6dl6LLauTk81xuZa16bKuk9FirW//myuW1Tzq3fnm+/M8b4xF/t8pBj5u27Zzlzs3bnJn9ooe7os+4lI8Z9/v7lsnpo6zx1dlT1Tlv2rSPH1f9q+7PGNsmfLst+NFD/6eqNb9mhZtvt+1E9tlH3+2myxD1cFAAAAAAAAAAAAAAAAAACAj5u+VMSfRor/vrl8Zyx/nv+/r+dj5a1v9sz3v8Xtap7/gWr+/52W72f+/+q9Aks7HRUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB5PKYp4M1LMXV5LK/3l5476pfbMrdvjwyPbVzuSqpqHqvLlT/30mbPnvvTC0PlufnD9vfbpeG3sysXGy7M35+anFhamJhvjM+1rs5NT97yH3dbfarA6AY2br9+avH59oXHm+bObNt8eeL//ieMDF4aePflMt+z48MjIWE+ZWt99H/0uaYf1h6OIv4wUz33vp+mH/RFF7P5cfMh3Z78dqToxWHVifHik6sh0uzWzWG4c7Z6IIqLRU6nZPUcP4FrsSjNiqWx+2eDBsntjc6351tXpqcZoa36xvdienRlNndaW/WlEEedTxHJErPbfvbu+KOL1SPGdY2vpn/sjDnXPwxcvj3311Jmd21HsYx/vQdnORl/EcvEIXLMDrD+K+MdI8bN3TsS/9EfUovMTX4h4tcwfRLwVneudyi/GuYj3tvke8WiqRRH/W17/C2vpnf7yftC9r1z6WuMrM9dne8p27yuP/PPhQTrg96Z6FPGj6o6/lv7Vf9cAAAAAAAAAAAAAAAAAB0gRvxYpXnz3RKrGB98ZU9yeudG40ro63RnW1x371x0zvb6+vt5InWzmnMi5lHM550rO1ZxR5Po5m2XW19cn8uelnMs5V3Ku5oxDuX7OZs6JnEs5l3Ou5FzNGbVcP2cz50TOpZzLOVdyruaMAzJ2DwAAAAAAAAAAAAAAAAAAeLwU1T8pvv2NtbTe35lfeiI6uWI+0Mfe/wcAAP//dsP5HA==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) pwritev2(r0, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5412, 0x0, 0x0) 40.380172887s ago: executing program 2 (id=1002): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x481, 0x0) syz_usb_connect$hid(0xf63067478e218e8, 0x36, &(0x7f00000000c0)=ANY=[], 0x0) writev(r0, &(0x7f0000000780)=[{&(0x7f00000004c0)='4', 0x1}], 0x1) write(r0, 0x0, 0x0) 40.146507135s ago: executing program 37 (id=1002): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x481, 0x0) syz_usb_connect$hid(0xf63067478e218e8, 0x36, &(0x7f00000000c0)=ANY=[], 0x0) writev(r0, &(0x7f0000000780)=[{&(0x7f00000004c0)='4', 0x1}], 0x1) write(r0, 0x0, 0x0) 24.814356945s ago: executing program 4 (id=1122): bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="05"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000200)={r1, 0x4, 0x0, 0x72}, &(0x7f0000000280)=0x10) 24.40191885s ago: executing program 4 (id=1126): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f00000000c0)={0x1f, 0x0, @any, 0x0, 0x2}, 0xe) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r1, &(0x7f0000000140)={0x1f, 0x0, @any, 0x0, 0x2}, 0xe) 24.056450346s ago: executing program 4 (id=1130): r0 = mq_open(&(0x7f000084dff0)='rmdF\x17\x16\xbc\xec', 0x6e93ebbbcc0884f2, 0x0, 0x0) mq_timedsend(r0, 0x0, 0x0, 0x0, 0x0) mq_notify(r0, &(0x7f0000001400)={0x0, 0x3d}) mq_timedsend(r0, 0x0, 0x0, 0x5, 0x0) 23.851779334s ago: executing program 4 (id=1133): syz_mount_image$msdos(&(0x7f00000001c0), &(0x7f0000000040)='./file0\x00', 0xcc04, &(0x7f0000000780)={[{@fat=@tz_utc}, {@fat=@gid={'gid', 0x3d, 0xee01}}, {@nodots}, {@dots}, {@fat=@time_offset={'time_offset', 0x3d, 0x2d8}}, {@dots}, {@dots}, {@nodots}, {}, {@dots}, {@dots}, {@nodots}, {@nodots}, {@fat=@usefree}, {@fat=@flush}, {@fat=@sys_immutable}, {@dots}, {@fat=@showexec}, {@nodots}, {@fat=@errors_continue}, {@dots}, {@nodots}]}, 0x1, 0x1fe, &(0x7f0000000480)="$eJzs3c1qE1EUAOCTmOZHXHQnCMKIC10V9QkqUkEMCJWAuhPsyqySTeqmfQxfwffyAaSrbPRKnEknjWmIhcxo/b5Nzsw5l7n3Dplkk5MUua+3P0e324jmfuzHtBG70Yy50wAArpNpSvEt5eqeCwBQjQ0+/79XPCUAYMtev3338mm/f3CYZd2Is9PJYDLIX/P88xf9g0fZL7vlqLPJZHDjPP84W/7uMMvvxM0i/yQfn52n2xExaMfD+3l+lnv2qp9dHN+JD1teOwAAAAAAAAAAAAAAAAAAAAAA1OVuZHMr+/vs7S3ne0U+P1roD7TUv6cVd1rFYdkeKJ1UsSgAAAAAAAAAAAAAAAAAAAD4x4yPP318PxwejcqgExELZ5pF5YWay4NGUb5Rcf1Bc9N1zYJWeaY335U/v2ij2KLtLrC3+uZuEkTrb7k7y8GbDYuzCubTW7u9Kc2C1e+CeVuMS4e3I2L91R8cXnXy05TS8Mu90fg40tri8hnRqexpBAAAAAAAAAAAAAAAAAAA/7eFX33/plvHhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgBuX//18hOImIW7Gu5kc6Go3n19qJbr2LBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Nr6GQAA//+/ECGI") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0) pivot_root(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='./file0/../file0\x00') 23.549367812s ago: executing program 4 (id=1139): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x1c, 0x2, [@TCA_FQ_INITIAL_QUANTUM={0x8}, @TCA_FQ_FLOW_DEFAULT_RATE={0x8}, @TCA_FQ_QUANTUM={0x8}]}}]}, 0x48}}, 0x0) 23.158703258s ago: executing program 4 (id=1144): r0 = socket$kcm(0x10, 0x2, 0x4) close(r0) socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x3, &(0x7f00000011c0)=[{&(0x7f0000000140)="5c00000013006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514000cc00800060081000200060008000364bc24eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000000e4509c5bbcd72c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 22.744599303s ago: executing program 38 (id=1144): r0 = socket$kcm(0x10, 0x2, 0x4) close(r0) socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x3, &(0x7f00000011c0)=[{&(0x7f0000000140)="5c00000013006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514000cc00800060081000200060008000364bc24eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000000e4509c5bbcd72c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 10.320754084s ago: executing program 9 (id=1231): r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000000)={@multicast2, @loopback}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB="e00000027f0000010000000003"], 0x1c) setsockopt$inet_mreqsrc(r0, 0x0, 0x25, &(0x7f0000000100)={@multicast2, @loopback, @empty}, 0xc) 9.601092699s ago: executing program 9 (id=1233): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x1}, 0x8) sendto$inet6(r0, &(0x7f0000000140)="f4", 0x1, 0x0, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @rand_addr=' \x01\x00'}, 0x1c) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f00000002c0)={0x0, 0x0, 0x5}, 0x8) 9.226360183s ago: executing program 9 (id=1237): syz_mount_image$xfs(&(0x7f0000000040), &(0x7f0000009740)='./file2\x00', 0x0, &(0x7f0000000440)={[{@usrquota}, {@sysvgroups}, {@grpid}]}, 0x1, 0x9751, &(0x7f000001c600)="$eJzs3QnYbXPBsPHnTM4xD6mklClEZmWWeZ7nqZB5FpJ5SIYomaJIyJAhJVFIpmYlopBkjEaESsbzXcd5DqfTzVvv936f3u77vq7n7L3Xs/Z6/vv/W2s9e5+LszZecb1lBwamGhjbuNtXuungmYZc+cTKixw39z4LXzXRjI8MLh419mbE4MMRQwZvhw4MDAwZ3M7gsqF7XH7F0DFPGDr+diebeNIhkw0MbDP4cOnB24XH3ky+7bj1Rk8QD/TQMT/umLFfY3/owMDAxGPuHD77GfuOv53BcV3/Dy9U2sbLrLTiK1Yvu42Zv+GD98f/mmjs1+RbDAxMvvkA7x9DXt9X9NLPX/riC57c73Uex/+KNl5mpVUm8B9zLA4bXLbwmGN8wmPQ2IT7+Zb773rC4BQOGe/89b+ujZdZcfWBVz/PD9y7xI63jX7pvDl034GBofsNDAzdf2Bg6AEDA0MPHBgYetDr7VL/d72uO19VVVW9Li2z7ILLjvm8N8H7gVHj3tfS+8LLHn9gi8EP/8MGBoaeO/az4NCzBgYm3/L1fTVVVVVVVVVVRS2z7ILLwef/qV7r8/+mF6x/UZ//q6qqqqqqqv73tMoyyy445rP+BJ//p3utz/93nX/A84P/7f/CY5/14uv6GqqqqqqqqqrqtVt3jZc+/086wef/GV/r8/+Rqz4z7v+tHvf3Bi+Mt8kh4/33BM+Nt3zYeOs/O97y4eMtH3/9UQMDQ/cYXP78K4uH7jswMDDRP64/9OBX/j/mEcPHW37IeMsnGm/5oWNe5+B2nhlv+VmDYx2z/sjxlp8z3nZG/TNzW1VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVfXP9uKjV1/7yjXfDx4Y7/rtL1/HffDfBRhy6fW33vq6DfTfoyH/+O8hHPp6j+n/tjHOoy6acWBgtw1e76HU69CQ13sA9bqWv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/mLe5Xr/y897va87Za/ZnDVhZe7e7Hlx3/ujuPdH/X/ddSvW/+p1/8f2HHIwMCg71RjXNdcZt315xgYGFh+sbuXW2jg5e8tMuZ7i08zbGDYS0+d46U/R4x4lS1PO/bm0MFVB7dx6UvbX2X02cOGTDCI8VryugfP22Hjpxea8Ha2V38dQ8fdWWf4U+eMHj169N8tHOzV9tNx2x/3WiZ0Hhz7HGPGPu/eu+4x71777T/3jrtutf2222+726ILLLDwQgvPt+gC82634y7bzjf2z1ebsxlf+nPYPzNn0004Z48uM/6cTfjaXm3OZnztOXtpi2fue+w+4+Zs+L84Z8Nee85m3HHwB40YGDGw5UtzM2RgYMTwEQP7jnkw/8gxe9DgutONWXeJaYYODBz/ygsdc2/ky/vgkEPHrLPxiustOzAw1eAaU/3D2P7xOB3/pYyb/BGDP2TE4DxMNfDKrjh0j8uvGDrmCX83zZNNPOmQyQYGthl8uPTg7aKD39163HqjJ4gHOkZ5yDFjv172mHjMndP3GfHQ+Nt5FYL/if5bv///wWuRIS9P1JDBr8F1xnots9Iqr/ysl6ZhzNwNG1y28BiTCefsf7J/GO+Mo8YcXq863lWWWXbBMYsnmP9xT8H9a487r7h2cN9aeOyzXvxvo/C5Y/Wx3/xnzh0Dr33uGPbK3VeWbnvzDBOeO1Z79SH+3XExbo5GTrDSq5075jtiyUPGbH/gtc8dq+84+HJfOXcMHRgYMWzcuWPMiWSiEQPHj3mwwJgHI0cMXDDmwYIvPZh44PoxD+bZevddthmzYNS4OZlvzHaXnmbISy/+rEnmPGn0SaNHDx8cy8ETnFgH948Zx//9uMw0Y6dt3HNpu/te9vztL540evREg9s95F/Y7rjn0nbnO2/s90YObvesCbY77DW2O+65446HMau+dDzMMeTlHeFVjt8VJzh+B98zvvTrYsgEXxON/Zp8i4GByTcn33/1vEPH71SvMd5lll1wuTHje7XzLx2/Zy24xlyDu9uwgYGh544d+9CzBgYm3/JfGeurjXfUa493WRjvqNca78gb1rjjf2C8Q8Yb79/tZ2sfMXZfGTW4n53zL+y/45474XlsxHgMo/6Z89jS/3AeO2zY0AkGP16v9h5oG1h/7P3pXt7acjvd+ti4uZ9waP/Ve6BRr30em2rHCZ63/pYDQ2jOL71liVuGnPzacz5i4O/fq4+b83HPfa05H/mPcz7kH+Z8kdee83/2feccs4z9/rDXmPPjrp/6vHFzPtG/OOcj/9U5HxgYRnO+w41j5+21zqevNufjnvv3cz58YIWBgYFZB+d8on9mP5/vf2Y/nwTWH3v/4ZcXXXLkyGnHO8cM+VfmfKJ/cc7Xuv/l/XzWl74389CBiSYa2Hervffec/6xf457uMDYP/lcdMGdY+f5tX6XvprRuOe+1nEx/J8xmvF/xmj64f+4/rgPHeMeD73vsmH/3XPR8H/NaMha1/O56Oinx87ba70verU5H/dc+j0443jPn/Bz3bprvPS+e9IJfg++/BGWfg+ecs/E847b5ODTXphgmON+rz433vJh463/7HjLh4+3/Lm/n/ahewwuf/6VxUP3HXOI/+P6Qw9+hXXEeB+phx4y3vLxTnlDx+xiMw5u55nxlp/1yil0xHhvr4eeM952/m/++u3vdttxf8e344Qn+fpPrb//d5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3Gvcv3/Q8dd//+6lU+7ePBazSNOvP7Co17v8b7O/Udf/3/Q9++u/3/UhdefOHTg5e+95vXZx67zb3l99oXH3ky+7bj1Jrw+OA/01a/Pfse8B0w18P/n+uz/rcYdq//Edfw6/7vL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zFvcr1/68fvD10qdtnu23wQugjplrw4Ede7/G+zv1HX/9/0Pfvrv//yMELTjV04OXvveb1/8eu47j+/w63rfT8wL/x9f/HHatd/7/+i/J3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3F8/f8hg7cD1+88ZMZJx9yOeXzqUjdf8XqP93XuP/X6/6MumnFgYLcNXu+h1OtQ5393+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/uMHr/w+Mvf7/uIYs3X6BwfX//3f3Kv7L5I9Z/JfNH7P4L5c/ZvFfPn/M4r9C/pjFf8X8MYv/SvljFv+V88cs/qvkj1n8V80fs/ivlj9m8V89f8ziv0b+mMV/zfwxi/9a+WMW/7Xzxyz+6+SPWfzXHRgYGPl6jenfOIv/eh3/mMV//fwxi/8G+WMW/w3zxyz+G+WPWfw3zh+z+G+SP2bx3zR/zOK/Wf6YxX/z/DGL//vzxyz+H8gfs/hvkT9m8d8yf8ziv1X+mMX/g/ljFv+t88cs/tvkj1n8t80fs/hvlz9m8d8+f8ziv0P+mMV/x/wxi/9O+WMW/53zxyz+u+SPWfx3zR+z+O+WP2bx3z1/zOK/R/6Yxf9D+WMW/z3zxyz+e+WPWfz3zh+z+H84f8ziv0/+mMX/I/ljFv9988cs/vvlj1n8988fs/gfkD9m8T8wf8zif1D+mMX/4Pwxi/8h+WMW/0Pzxyz+h+WPWfw/mj9m8T88f8zi/7H8MYv/EfljFv8j88cs/kflj1n8j84fs/h/PH/M4n9M/pjF/9j8MYv/J/LHLP6fzB+z+B+XP2bx/1T+mMX/+Pwxi/8J+WMW/xPzxyz+J+WPWfxPzh+z+H86f8zif0r+mMX/1Pwxi/9n8scs/p/NH7P4n5Y/ZvE/PX/M4v+5/DGL/xn5Yxb/z+ePWfzPzB+z+J+VP2bxPzt/zOL/hfwxi/85+WMW/3Pzxyz+5+WPWfzPzx+z+H8xf8zif0H+mMX/wvwxi/9F+WMW/4vzxyz+X8ofs/hfkj9m8f+y3H+BUbzc4v8Vuf+rZfG/NH/M4v/V/DGL/2X5Yxb/r+WPWfwvzx+z+F+RP2bx/3r+mMX/G/ljFv8r88cs/lflj1n8r84fs/h/M3/M4n9N/pjF/1v5Yxb/a/PHLP7X5Y9Z/K/PH7P435A/ZvG/MX/M4v/t/DGL/3fyxyz+380fs/h/L3/M4v/9/DGL/w/yxyz+P8wfs/jflD9m8f9R/pjF/8f5Yxb/m/PHLP4/yR+z+N+SP2bxvzV/zOL/0/wxi/9t+WMW/9vzxyz+P8sfs/j/PH/M4n9H/pjF/878MYv/XfljFv9f5I9Z/O/OH7P4/zJ/zOJ/T/6Yxf9X+WMW/3vzxyz+9+WPWfzvzx+z+D+QP2bxfzB/zOL/UP6Yxf/X+WMW/4fzxyz+j+SPWfx/kz9m8f9t/pjF/3f5Yxb/3+ePWfz/kD9m8f9j/pjF/9H8MYv/Y/ljFv/H88cs/n/KH7P4P5E/ZvF/Mn/M4v9U/pjF/8/5Yxb/v+SPWfz/mj9m8X86f8zi/7f8MYv/M/ljFv9n88cs/s/lj1n8n88fs/i/kD9m8X8xf8ziPzp/TOL/0t38/zGL/5D8MYv/0Pwxi/+w/DGL//D8MYv/iPwxi/9E+WMW/5H5Yxb/UfljFv+J88cs/pPkj1n8J80fs/hPlj9m8Z88f8ziP0X+mMV/yvwxi/9U+WMW/6nzxyz+0+SPWfzfkD9m8Z82f8zi/8b8MYv/m/LHLP5vzh+z+E+XP2bxf0v+mMV/+vwxi/9b88cs/m/LH7P4z5A/ZvF/e/6Yxf8d+WMW/xnzxyz+M+WPWfxnzh+z+M+SP2bxnzV/zOL/zvwxi/9s+WMW/9nzxyz+c+SPWfzflT9m8Z8zf8ziP1f+mMX/3fljFv+588cs/vPkj1n8580fs/jPlz9m8Z8/f8ziv0D+mMV/wfwxi/9C+WMW//fkj1n835s/ZvFfOH/M4r9I/pjFf9H8MYv/YvljFv/F88cs/kvkj1n8l8wfs/gvlT9m8X9f/pjFf+n8MYv/MvljFv9l88cs/svlj1n8l88fs/ivkD9m8V8xf8ziv1L+mMV/5fwxi/8q+WMW/1Xzxyz+q+WPWfxXzx+z+K+RP2bxXzN/zOK/Vv6YxX/t/DGL/zr5Yxb/dfPHLP7r5Y9Z/NfPH7P4b5A/ZvHfMH/M4r9R/pjFf+P8MYv/JvljFv9N88cs/pvlj1n8N88fs/i/P3/M4v+B/DGL/xb5Yxb/LfPHLP5b5Y9Z/D+YP2bx3zp/zOK/Tf6YxX/b/DGL/3b5Yxb/7fPHLP475I9Z/HfMH7P475Q/ZvHfOX/M4r9L/pjFf9f8MYv/bvljFv/d88cs/nvkj1n8P5Q/ZvHfM3/M4r9X/pjFf+/8MYv/h/PHLP775I9Z/D+SP2bx3zd/zOK/X/6YxX///DGL/wH5Yxb/A/PHLP4H5Y9Z/A/OH7P4H5I/ZvE/NH/M4n9Y/pjF/6P5Yxb/w/PHLP4fyx+z+B+RP2bxPzJ/zOJ/VP6Yxf/o/DGL/8fzxyz+x+SPWfyPzR+z+H8if8zi/8n8MYv/cfljFv9P5Y9Z/I/PH7P4n5A/ZvE/MX/M4n9S/pjF/+T8MYv/p/PHLP6n5I9Z/E/NH7P4fyZ/zOL/2fwxi/9p+WMW/9Pzxyz+n8sfs/ifkT9m8f98/pjF/8z8MYv/WfljFv+z88cs/l/IH7P4n5M/ZvE/N3/M4n9e/pjF//z8MYv/F/PHLP4X5I9Z/C/MH7P4X5Q/ZvG/OH/M4v+l/DGL/yX5Yxb/L+ePWfy/kj9m8b80f8zi/9X8MYv/ZfljFv+v5Y9Z/C/PH7P4X5E/ZvH/ev6Yxf8b+WMW/yvzxyz+V+WPWfyvzh+z+H8zf8zif03+mMX/W/ljFv9r88cs/tflj1n8r88fs/jfkD9m8b8xf8zi/+38MYv/d/LHLP7fzR+z+H8vf8zi//38MYv/D/LHLP4/zB+z+N+UP2bx/1H+mMX/x/ljFv+b88cs/j/JH7P435I/ZvG/NX/M4v/T/DGL/235Yxb/2/PHLP4/yx+z+P88f8zif0f+mMX/zvwxi/9d+WMW/1/kj1n8784fs/j/Mn/M4n9P/pjF/1f5Yxb/e/PHLP735Y9Z/O/PH7P4P5A/ZvF/MH/M4v9Q/pjF/9f5Yxb/h/PHLP6P5I9Z/H+TP2bx/23+mMX/d/ljFv/f549Z/P+QP2bx/2P+mMX/0fwxi/9j+WMW/8fzxyz+f8ofs/g/kT9m8X8yf8zi/1T+mMX/z/ljFv+/5I9Z/P+aP2bxfzp/zOL/t/wxi/8z+WMW/2fzxyz+z+WPWfyfzx+z+L+QP2bxfzF/zOI/On9M4j9sIH/M4j8kf8ziPzR/zOI/LH/M4j88f8ziPyJ/zOI/Uf6YxX9k/pjFf1T+mMV/4vwxi/8k+WMW/0nzxyz+k+WPWfwnzx+z+E+RP2bxnzJ/zOI/Vf6YxX/q/DGL/zT5Yxb/N+SPWfynzR+z+L8xf8zi/6b8MYv/m/PHLP7T5Y9Z/N+SP2bxnz5/zOL/1vwxi//b8scs/jPkj1n8354/ZvF/R/6YxX/G/DGL/0z5Yxb/mfPHLP6z5I9Z/GfNH7P4vzN/zOI/W/6YxX/2/DGL/xz5Yxb/d+WPWfznzB+z+M+VP2bxf3f+mMV/7vwxi/88+WMW/3nzxyz+8+WPWfznzx+z+C+QP2bxXzB/zOK/UP6Yxf89+WMW//fmj1n8F84fs/gvkj9m8V80f8ziv1j+mMV/8fwxi/8S+WMW/yXzxyz+S+WPWfzflz9m8V86f8ziv0z+mMV/2fwxi/9y+WMW/+Xzxyz+K+SPWfxXzB+z+K+UP2bxXzl/zOK/Sv6YxX/V/DGL/2r5Yxb/1fPHLP5r5I9Z/NfMH7P4r5U/ZvFfO3/M4r9O/pjFf938MYv/evljFv/188cs/hvkj1n8N8wfs/hvlD9m8d84f8ziv0n+mMV/0/wxi/9m+WMW/83zxyz+788fs/h/IH/M4r9F/pjFf8v8MYv/VvljFv8P5o9Z/LfOH7P4b5M/ZvHfNn/M4r9d/pjFf/v8MYv/DvljFv8d88cs/jvlj1n8d84fs/jvkj9m8d81f8ziv1v+mMV/9/wxi/8e+WMW/w/lj1n898wfs/jvlT9m8d87f8zi/+H8MYv/PvljFv+P5I9Z/PfNH7P475c/ZvHfP3/M4n9A/pjF/8D8MYv/QfljFv+D88cs/ofkj1n8D80fs/gflj9m8f9o/pjF//D8MYv/x/LHLP5H5I9Z/I/MH7P4H5U/ZvE/On/M4v/x/DGL/zH5Yxb/Y/PHLP6fyB+z+H8yf8zif1z+mMX/U/ljFv/j88cs/ifkj1n8T8wfs/iflD9m8T85f8zi/+n8MYv/KfljFv9T88cs/p/JH7P4fzZ/zOJ/Wv6Yxf/0/DGL/+fyxyz+Z+SPWfw/nz9m8T8zf8zif1b+mMX/7Pwxi/8X8scs/ufkj1n8z80fs/iflz9m8T8/f8zi/8X8MYv/BfljFv8L88cs/hflj1n8L84fs/h/KX/M4n9J/pjF/8v5Yxb/r+SPWfwvzR+z+H81f8zif1n+mMX/a/ljFv/L88cs/lfkj1n8v54/ZvH/Rv6Yxf/K/DGL/1X5Yxb/q/PHLP7fzB+z+F+TP2bx/1b+2H+2/8t7wLBr88f+s/1fbth1+WMW/+vzxyz+N+SPWfxvzB+z+H87f8zi/538MYv/d/PHLP7fyx+z+H8/f8zi/4P8MYv/D/PHLP435Y9Z/H+UP2bx/3H+mMX/5vwxi/9P8scs/rfkj1n8b80fs/j/NH/M4n9b/pjF//b8MYv/z/LHLP4/zx+z+N+RP2bxvzN/zOJ/V/6Yxf8X+WMW/7vzxyz+v8wfs/jfkz9m8f9V/pjF/978MYv/ffljFv/788cs/g/kj1n8H8wfs/g/lD9m8f91/pjF/+H8MYv/I/ljFv/f5I9Z/H+bP2bx/13+mMX/9/ljFv8/5I9Z/P+YP2bxfzR/zOL/WP6Yxf/x/DGL/5/yxyz+T+SPWfyfzB+z+D+VP2bx/3P+mMX/L/ljFv+/5o9Z/J/OH7P4/y1/zOL/TP6Yxf/Z/DGL/3P5Yxb/5/PHLP4v5I9Z/F/MH7P4j84fk/gPH8gfs/gPyR+z+A/NH7P4D8sfs/gPzx+z+I/IH7P4T5Q/ZvEfmT9m8R+VP2bxnzh/zOI/Sf6YxX/S/DGL/2T5Yxb/yfPHLP5T5I9Z/KfMH7P4T5U/ZvGfOn/M4j9N/pjF/w35Yxb/afPHLP5vzB+z+L8pf8zi/+b8MYv/dPljFv+35I9Z/KfPH7P4vzV/zOL/tvwxi/8M+WMW/7fnj1n835E/ZvGfMX/M4j9T/pjFf+b8MYv/LPljFv9Z88cs/u/MH7P4z5Y/ZvGfPX/M4j9H/pjF/135Yxb/OfPHLP5z5Y9Z/N+dP2bxnzt/zOI/T/6YxX/e/DGL/3z5Yxb/+fPHLP4L5I9Z/BfMH7P4L5Q/ZvF/T/6Yxf+9+WMW/4Xzxyz+i+SPWfwXzR+z+C+WP2bxXzx/zOK/RP6YxX/J/DGL/1L5Yxb/9+WPWfyXzh+z+C+TP2bxXzZ/zOK/XP6YxX/5/DGL/wr5Yxb/FfPHLP4r5Y9Z/FfOH7P4r5I/ZvFfNX/M4r9a/pjFf/X8MYv/GvljFv8188cs/mvlj1n8184fs/ivkz9m8V83f8ziv17+mMV//fwxi/8G+WMW/w3zxyz+G+WPWfw3zh+z+G+SP2bx3zR/zOK/Wf6YxX/z/DGL//vzxyz+H8gfs/hvkT9m8d8yf8ziv1X+mMX/g/ljFv+t88cs/tvkj1n8t80fs/hvlz9m8d8+f8ziv0P+mMV/x/wxi/9O+WMW/53zxyz+u+SPWfx3zR+z+O+WP2bx3z1/zOK/R/6Yxf9D+WMW/z3zxyz+e+WPWfz3zh+z+H84f8ziv0/+mMX/I/ljFv9988cs/vvlj1n8988fs/gfkD9m8T8wf8zif1D+mMX/4Pwxi/8h+WMW/0Pzxyz+h+WPWfw/mj9m8T88f8zi/7H8MYv/EfljFv8j88cs/kflj1n8j84fs/h/PH/M4n9M/pjF/9j8MYv/J/LHLP6fzB+z+B+XP2bx/1T+mMX/+Pwxi/8J+WMW/xPzxyz+J+WPWfxPzh+z+H86f8zif0r+mMX/1Pwxi/9n8sf+s/0nHrd0+Gfzx/6z/V9u+Gn5Yxb/0/PHLP6fyx+z+J+RP2bx/3z+mMX/zPwxi/9Z+WMW/7Pzxyz+X8gfs/ifkz9m8T83f8zif17+mMX//Pwxi/8X88cs/hfkj1n8L8wfs/hflD9m8b84f8zi/6X8MYv/JfljFv8v549Z/L+SP2bxvzR/zOL/1fwxi/9l+WMW/6/lj1n8L88fs/hfkT9m8f96/pjF/xv5Yxb/K/PHLP5X5Y9Z/K/OH7P4fzN/zOJ/Tf6Yxf9b+WMW/2vzxyz+1+WPWfyvzx+z+N+QP2bxvzF/zOL/7fwxi/938scs/t/NH7P4fy9/zOL//fwxi/8P8scs/j/MH7P435Q/ZvH/Uf6Yxf/H+WMW/5vzxyz+P8kfs/jfkj9m8b81f8zi/9P8MYv/bfljFv/b88cs/j/LH7P4/zx/zOJ/R/6Yxf/O/DGL/135Yxb/X+SPWfzvzh+z+P8yf8zif0/+mMX/V/ljFv9788cs/vflj1n8788fs/g/kD9m8X8wf8zi/1D+mMX/1/ljFv+H88cs/o/kj1n8f5M/ZvH/bf6Yxf93+WMW/9/nj1n8/5A/ZvH/49/7tysMZvF/NHTM4v9Y/pjF//H8MYv/n/LHLP5P5I9Z/J/MH7P4P5U/ZvH/c/6Yxf8v+WMW/7/mj1n8n84fs/j/LX/M4v9M/pjF/9n8MYv/c/ljFv/n88cs/i/kj1n8X8wfs/iPzh+T+I8YyB+z+A/JH7P4D80fs/gPyx+z+A/PH7P4j8gfs/hPlD9m8R+ZP2bxH5U/ZvGfOH/M4j9J/pjFf9L8MYv/ZPljFv/J88cs/lPkj1n8p8wfs/hPlT9m8Z86f8ziP03+mMX/DfljFv9p88cs/m/MH7P4vyl/zOL/5vwxi/90+WMW/7fkj1n8p88fs/i/NX/M4v+2/DGL/wz5Yxb/t+ePWfzfkT9m8Z8xf8ziP1P+mMV/5vwxi/8s+WMW/1nzxyz+78wfs/jPlj9m8Z89f8ziP0f+mMX/XfljFv8588cs/nPlj1n8350/ZvGfO3/M4j9P/pjFf978MYv/fPljFv/588cs/gvkj1n8F8wfs/gvlD9m8X9P/pjF/735Yxb/hfPHLP6L5I9Z/BfNH7P4L5Y/ZvFfPH/M4r9E/pjFf8n8MYv/UvljFv/35Y9Z/JfOH7P4L5M/ZvFfNn/M4r9c/pjFf/n8MYv/CvljFv8V88cs/ivlj1n8V84fs/ivkj9m8V81f8ziv1r+mMV/9fwxi/8a+WMW/zXzxyz+a+WPWfzXzh+z+K+TP2bxXzd/zOK/Xv6YxX/9/DGL/wb5Yxb/DfPHLP4b5Y9Z/DfOH7P4b5I/ZvHfNH/M4r9Z/pjFf/P8MYv/+/PHLP4fyB+z+G+RP2bx3zJ/zOK/Vf6Yxf+D+WMW/63zxyz+2+SPWfy3zR+z+G+XP2bx3z5/zOK/Q/6YxX/H/DGL/075Yxb/nfPHLP675I9Z/HfNH7P475Y/ZvHfPX/M4r9H/pjF/0P5Yxb/PfPHLP575Y9Z/PfOH7P4fzh/zOK/T/6Yxf8j+WMW/33zxyz+++WPWfz3zx+z+B/wKv7D/3+N6980i/+BHf+Yxf+g/DGL/8H5Yxb/Q/LHLP6H5o9Z/A/LH7P4fzR/zOJ/eP6Yxf9j+WMW/yPyxyz+R+aPWfyPyh+z+B+dP2bx/3j+mMX/mPwxi/+x+WMW/0/kj1n8P5k/ZvE/Ln/M4v+p/DGL//H5Yxb/E/LHLP4n5o9Z/E/KH7P4n5w/ZvH/dP6Yxf+U/DGL/6n5Yxb/z+SPWfw/mz9m8T8tf8zif3r+mMX/c/ljFv8z8scs/p/PH7P4n5k/ZvE/K3/M4n92/pjF/wv5Yxb/c/LHLP7n5o9Z/M/LH7P4n58/ZvH/Yv6Yxf+C/DGL/4X5Yxb/i/LHLP4X549Z/L+UP2bxvyR/zOL/5fwxi/9X8scs/pfmj1n8v5o/ZvG/LH/M4v+1/DGL/+X5Yxb/K/LHLP5fzx+z+H8jf8zif2X+mMX/qvwxi//V+WMW/2/mj1n8r8kfs/h/K3/M4n9t/pjF/7r8MYv/9fljFv8b8scs/jfmj1n8v50/ZvH/Tv6Yxf+7+WMW/+/lj1n8v58/ZvH/Qf6Yxf+H+WMW/5vyxyz+P8ofs/j/OH/M4n9z/pjF/yf5Yxb/W/LHLP635o9Z/H+aP2bxvy1/zOJ/e/6Yxf9n+WMW/5/nj1n878gfs/jfmT9m8b8rf8zi/4v8MYv/3fljFv9f5o9Z/O/JH7P4/yp/zOJ/b/6Yxf++/DGL//35Yxb/B/LHLP4P5o9Z/B/KH7P4/zp/zOL/cP6Yxf+R/DGL/2/yxyz+v80fs/j/Ln/M4v/7/DGL/x/yxyz+f8wfs/g/mj9m8X8sf8zi/3j+mMX/T/ljFv8n8scs/k/mj1n8n8ofs/j/OX/M4v+X/DGL/1/zxyz+T+ePWfz/lj9m8X8mf8zi/2z+mMX/ufwxi//z+WMW/xfyxyz+L+aPWfxH549J/CcayB+z+A/JH7P4D80fs/gPyx+z+A/PH7P4j8gfs/hPlD9m8R+ZP2bxH5U/ZvGfOH/M4j9J/pjFf9L8MYv/ZPljFv/J88cs/lPkj1n8p8wfs/hPlT9m8Z86f8ziP03+mMX/DfljFv9p88cs/m/MH7P4vyl/zOL/5vwxi/90+WMW/7fkj1n8p88fs/i/NX/M4v+2/DGL/wz5Yxb/t+ePWfzfkT9m8Z8xf8ziP1P+mMV/5vwxi/8s+WMW/1nzxyz+78wfs/jPlj9m8Z89f8ziP0f+mMX/XfljFv8588cs/nPlj1n8350/ZvGfO3/M4j9P/pjFf978MYv/fPljFv/588cs/gvkj1n8F8wfs/gvlD9m8X9P/pjF/735Yxb/hfPHLP6L5I9Z/BfNH7P4L5Y/ZvFfPH/M4r9E/pjFf8n8MYv/UvljFv/35Y9Z/JfOH7P4L5M/ZvFfNn/M4r9c/pjFf/n8MYv/CvljFv8V88cs/ivlj1n8V84fs/ivkj9m8V81f8ziv1r+mMV/9fwxi/8a+WMW/zXzxyz+a+WPWfzXzh+z+K+TP2bxXzd/zOK/Xv6YxX/9/DGL/wb5Yxb/DfPHLP4b5Y9Z/DfOH7P4b5I/ZvHfNH/M4r9Z/pjFf/P8MYv/+/PHLP4fyB+z+G+RP2bx3zJ/zOK/Vf6Yxf+D+WMW/63zxyz+2+SPWfy3zR+z+G+XP2bx3z5/zOK/Q/6YxX/H/DGL/075Yxb/nfPHLP675I9Z/HfNH7P475Y/ZvHfPX/M4r9H/pjF/0P5Yxb/PfPHLP575Y9Z/PfOH7P4fzh/zOK/T/6Yxf8j+WMW/33zxyz+++WPWfz3zx+z+B+QP2bxPzB/zOJ/UP6Yxf/g/DGL/yH5Yxb/Q/PHLP6H5Y9Z/D+aP2bxPzx/zOL/sfwxi/8R+WMW/yPzxyz+R+WPWfyPzh+z+H88f8zif0z+mMX/2Pwxi/8n8scs/p/MH7P4H5c/ZvH/VP6Yxf/4/DGL/wn5Yxb/E/PHLP4n5Y9Z/E/OH7P4fzp/zOJ/Sv6Yxf/U/DGL/2fyxyz+n80fs/iflj9m8T89f8zi/7n8MYv/GfljFv/P549Z/M/MH7P4n5U/ZvE/O3/M4v+F/DGL/zn5Yxb/c/PHLP7n5Y9Z/M/PH7P4fzF/zOJ/Qf6Yxf/C/DGL/0X5Yxb/i/PHLP5fyh+z+F+SP2bx/3L+mMX/K/ljFv9L88cs/l/NH7P4X5Y/ZvH/Wv6Yxf/y/DGL/xX5Yxb/r+ePWfy/kT9m8b8yf8zif1X+mMX/6vwxi/8388cs/tfkj1n8v5U/ZvG/Nn/M4n9d/pjF//r8MYv/DfljFv8b88cs/t/OH7P4fyd/zOL/3fwxi//38scs/t/PH7P4/yB/zOL/w/wxi/9N+WMW/x/lj1n8f5w/ZvG/OX/M4v+T/DGL/y35Yxb/W/PHLP4/zR+z+N+WP2bxvz1/zOL/s/wxi//P88cs/nfkj1n878wfs/jflT9m8f9F/pjF/+78MYv/L/PHLP735I9Z/H+VP2bxvzd/zOJ/X/6Yxf/+/DGL/wP5Yxb/B/PHLP4P5Y9Z/H+dP2bxfzh/zOL/SP6Yxf83+WMW/9/mj1n8f5c/ZvH/ff6Yxf8P+WMW/z/mj1n8H80fs/g/lj9m8X88f8zi/6f8MYv/E/ljFv8n88cs/k/lj1n8/5w/ZvH/S/6Yxf+v+WMW/6fzxyz+f8sfs/g/kz9m8X82f8zi/1z+mMX/+fwxi/8L+WMW/xfzxyz+o/PHJP4jB/LHLP5D8scs/kPzxyz+w/LHLP7D88cs/iPyxyz+E+WPWfxH5o9Z/Eflj1n8J84fs/hPkj9m8Z80f8ziP1n+mMV/8vwxi/8U+WMW/ynzxyz+U+WPWfynzh+z+E+TP2bxf0P+mMV/2vwxi/8b88cs/m/KH7P4vzl/zOI/Xf6Yxf8t+WMW/+nzxyz+b80fs/i/LX/M4j9D/pjF/+35Yxb/d+SPWfxnzB+z+M+UP2bxnzl/zOI/S/6YxX/W/DGL/zvzxyz+s+WPWfxnzx+z+M+RP2bxf1f+mMV/zvwxi/9c+WMW/3fnj1n8584fs/jPkz9m8Z83f8ziP1/+mMV//vwxi/8C+WMW/wXzxyz+C+WPWfzfkz9m8X9v/pjFf+H8MYv/IvljFv9F88cs/ovlj1n8F88fs/gvkT9m8V8yf8ziv1T+mMX/ffljFv+l88cs/svkj1n8l80fs/gvlz9m8V8+f8ziv0L+mMV/xfwxi/9K+WMW/5Xzxyz+q+SPWfxXzR+z+K+WP2bxXz1/zOK/Rv6YxX/N/DGL/1r5Yxb/tfPHLP7r5I9Z/NfNH7P4r5c/ZvFfP3/M4r9B/pjFf8P8MYv/RvljFv+N88cs/pvkj1n8N80fs/hvlj9m8d88f8zi//78MYv/B/LHLP5b5I9Z/LfMH7P4b5U/ZvH/YP6YxX/r/DGL/zb5Yxb/bfPHLP7b5Y9Z/LfPH7P475A/ZvHfMX/M4r9T/pjFf+f8MYv/LvljFv9d88cs/rvlj1n8d88fs/jvkT9m8f9Q/pjFf8/8MYv/XvljFv+988cs/h/OH7P475M/ZvH/SP6YxX/f/DGL/375Yxb//fPHLP4H5I9Z/A/MH7P4H5Q/ZvE/OH/M4n9I/pjF/9D8MYv/YfljFv+P5o9Z/A/PH7P4fyx/zOJ/RP6Yxf/I/DGL/1H5Yxb/o/PHLP4fzx+z+B+TP2bxPzZ/zOL/ifwxi/8n88cs/sflj1n8P5U/ZvE/Pn/M4n9C/pjF/8T8MYv/SfljFv+T88cs/p/OH7P4n5I/ZvE/NX/M4v+Z/DGL/2fzxyz+p+WPWfxPzx+z+H8uf8zif0b+mMX/8/ljFv8z88cs/mflj1n8z84fs/h/IX/M4n9O/pjF/9z8MYv/efljFv/z88cs/l/MH7P4X5A/ZvG/MH/M4n9R/pjF/+L8MYv/l/LHLP6X5I9Z/L+cP2bx/0r+mMX/0vwxi/9X88cs/pflj1n8v5Y/ZvG/PH/M4n9F/pjF/+v5Yxb/b+SPWfyvzB+z+F+VP2bxvzp/zOL/zfwxi/81+WMW/2/lj1n8r9X5jx79z6xl8b9O5//PZfG/Pn/M4n9D/pjF/8b8MYv/t/PHLP7fyR+z+H83f8zi/738MYv/9/PHLP4/yB+z+P8wf8zif1P+mMX/R/ljFv8f549Z/G/OH7P4/yR/zOJ/S/6Yxf/W/DGL/0/zxyz+t+WPWfxvzx+z+P8sf8zi//P8MYv/HfljFv8788cs/nflj1n8f5E/ZvG/O3/M4v/L/DGL/z35Yxb/X+WPWfzvzR+z+N+XP2bxvz9/zOL/QP6Yxf/B/DGL/0P5Yxb/X+ePWfwfzh+z+D+SP2bx/03+mMX/t/ljFv/f5Y9Z/H+fP2bx/0P+mMX/j/ljFv9H88cs/o/lj1n8H88fs/j/KX/M4v9E/pjF/8n8MYv/U/ljFv8/549Z/P+SP2bx/2v+mMX/6fwxi//f8scs/s/kj1n8n80fs/g/lz9m8X8+f8zi/0L+mMX/xfwxi//o/DGJ/6iB/DGL/5D8MYv/0Pwxi/+w/DGL//D8MYv/iPwxi/9E+WMW/5H5Yxb/UfljFv+J88cs/pPkj1n8J80fs/hPlj9m8Z88f8ziP0X+mMV/yvwxi/9U+WMW/6nzxyz+0+SPWfzfkD9m8Z82f8zi/8b8MYv/m/LHLP5vzh+z+E+XP2bxf0v+mMV/+vwxi/9b88cs/m/LH7P4z5A/ZvF/e/6Yxf8d+WMW/xnzxyz+M+WPWfxnzh+z+M+SP2bxnzV/zOL/zvwxi/9s+WMW/9nzxyz+c+SPWfzflT9m8Z8zf8ziP1f+mMX/3fljFv+588cs/vPkj1n8580fs/jPlz9m8Z8/f8ziv0D+mMV/wfwxi/9C+WMW//fkj1n835s/ZvFfOH/M4r9I/pjFf9H8MYv/YvljFv/F88cs/kvkj1n8l8wfs/gvlT9m8X9f/pjFf+n8MYv/MvljFv9l88cs/svlj1n8l88fs/ivkD9m8V8xf8ziv1L+mMV/5fwxi/8q+WMW/1Xzxyz+q+WPWfxXzx+z+K+RP2bxXzN/zOK/Vv6YxX/t/DGL/zr5Yxb/dfPHLP7r5Y9Z/NfPH7P4b5A/ZvHfMH/M4r9R/pjFf+P8MYv/JvljFv9N88cs/pvlj1n8N88fs/i/P3/M4v+B/DGL/xb5Yxb/LfPHLP5b5Y9Z/D+YP2bx3zp/zOK/Tf6YxX/b/DGL/3b5Yxb/7fPHLP475I9Z/HfMH7P475Q/ZvHfOX/M4r9L/pjFf9f8MYv/bvljFv/d88cs/nvkj1n8P5Q/ZvHfM3/M4r9X/pjFf+/8MYv/h/PHLP775I9Z/D+SP2bx3zd/zOK/X/6YxX///DGL/wH5Yxb/A/PHLP4H5Y9Z/A/OH7P4H5I/ZvE/NH/M4n9Y/pjF/6P5Yxb/w/PHLP4fyx+z+B+RP2bxPzJ/zOJ/VP6Yxf/o/DGL/8fzxyz+x+SPWfyPzR+z+H8if8zi/8n8MYv/cfljFv9P5Y9Z/I/PH7P4n5A/ZvE/MX/M4n9S/pjF/+T8MYv/p/PHLP6n5I9Z/E/NH7P4fyZ/zOL/2fwxi/9pdv+RvNjif7rd/1Wy+H8uf8zif0b+mMX/8/ljFv8z88cs/mflj1n8z84fs/h/IX/M4n9O/pjF/9z8MYv/efljFv/z88cs/l/MH7P4X5A/ZvG/MH/M4n9R/pjF/+L8MYv/l/LHLP6X5I9Z/L+cP2bx/0r+mMX/0vwxi/9X88cs/pflj1n8v5Y/ZvG/PH/M4n9F/pjF/+v5Yxb/b+SPWfyvzB+z+F+VP2bxvzp/zOL/zfwxi/81+WMW/2/lj1n8r80fs/hflz9m8b8+f8zif0P+mMX/xvwxi/+388cs/t/JH7P4fzd/zOL/vfwxi//388cs/j/IH7P4/zB/zOJ/U/6Yxf9H+WMW/x/nj1n8b84fs/j/JH/M4n9L/pjF/9b8MYv/T/PHLP635Y9Z/G/PH7P4/yx/zOL/8/wxi/8d+WMW/zvzxyz+d+WPWfx/kT9m8b87f8zi/8v8MYv/PfljFv9f5Y9Z/O/NH7P435c/ZvG/P3/M4v9A/pjF/8H8MYv/Q/ljFv9f549Z/B/OH7P4P5I/ZvH/Tf6Yxf+3+WMW/9/lj1n8f58/ZvH/Q/6Yxf+P+WMW/0fzxyz+j+WPWfwfzx+z+P8pf8zi/8SY13r46zWof98s/k92/GMW/6fyxyz+f84fs/j/JX/M4v/X/DGL/9P5Yxb/v+WPWfyfyR+z+D+bP2bxfy5/zOL/fP6Yxf+F/DGL/4v5Yxb/0fljEv+JB/LHLP5D8scs/kPzxyz+w/LHLP7D88cs/iPyxyz+E+WPWfxH5o9Z/Eflj1n8J84fs/hPkj9m8Z80f8ziP1n+mMV/8vwxi/8U+WMW/ynzxyz+U+WPWfynzh+z+E+TP2bxf0P+mMV/2vwxi/8b88cs/m/KH7P4vzl/zOI/Xf6Yxf8t+WMW/+nzxyz+b80fs/i/LX/M4j9D/pjF/+35Yxb/d+SPWfxnzB+z+M+UP2bxnzl/zOI/S/6YxX/W/DGL/zvzxyz+s+WPWfxnzx+z+M+RP2bxf1f+mMV/zvwxi/9c+WMW/3fnj1n8584fs/jPkz9m8Z83f8ziP1/+mMV//vwxi/8C+WMW/wUHrwFTf5/Ff6GOf8zi/578MYv/e/PHLP4L549Z/BfJH7P4L5o/ZvFfLH/M4r94/pjFf4n8MYv/kvljFv+l8scs/u/LH7P4L50/ZvFfJn/M4r9s/pjFf7n8MYv/8vljFv8V8scs/ivmj1n8V8ofs/ivnD9m8V8lf8ziv2r+mMV/tfwxi//q+WMW/zXyxyz+a+aPWfzXyh+z+K+dP2bxXyd/zOK/bv6YxX+9/DGL//r5Yxb/DfLHLP4b5o9Z/DfKH7P4b5w/ZvHfJH/M4r9p/pjFf7P8MYv/5vljFv/3549Z/D+QP2bx3yJ/zOK/Zf6YxX+r/DGL/wfzxyz+W+ePWfy3yR+z+G+bP2bx3y5/zOK/ff6YxX+H/DGL/475Yxb/nfLHLP47549Z/HfJH7P475o/ZvHfLX/M4r97/pjFf4/8MYv/h/LHLP575o9Z/PfKH7P4750/ZvH/cP6YxX+f/DGL/0fyxyz+++aPWfz3yx+z+O+fP2bxPyB/zOJ/YP6Yxf+g/DGL/8H5Yxb/Q/LHLP6H5o9Z/A/LH7P4fzR/zOJ/eP6Yxf9j+WMW/yPyxyz+R+aPWfyPyh+z+B+dP2bx/3j+mMX/mPwxi/+x+WMW/0/k/3KPXvfKfYv/J/PHLP7H5Y9Z/D+VP2bxPz5/zOJ/Qv6Yxf/E/DGL/0n5Yxb/k/PHLP6fzh+z+J+SP2bxPzV/zOL/mfwxi/9n88cs/qflj1n8T88fs/h/Ln/M4n9G/pjF//P5Yxb/M/PHLP5n5Y9Z/M/OH7P4fyF/zOJ/Tv6Yxf/c/DGL/3n5Yxb/8/PHLP5fzB+z+F+QP2bxvzB/zOJ/Uf6Yxf/i/DGL/5fyxyz+l+SPWfy/nD9m8f9K/pjF/9L8MYv/V/PHLP6X5Y9Z/L+WP2bxvzx/zOJ/Rf6Yxf/r+WMW/2/kj1n8r8wfs/hflT9m8b86/39olMj/m/ljFv9r8scs/t/KH7P4X5s/ZvG/Ln/M4n99/pjF/4b8MYv/jfljFv9v549Z/L+TP2bx/27+mMX/e/ljFv/v549Z/H+QP2bx/2H+mMX/pvwxi/+P8scs/j/OH7P435w/ZvH/Sf6Yxf+W/DGL/635Yxb/n+aPWfxvyx+z+N+eP2bx/1n+mMX/5/ljFv878scs/nfmj1n878ofs/j/In/M4n93/pjF/5f5Yxb/e/LHLP6/yh+z+N+bP2bxvy9/zOJ/f/6Yxf+B/DGL/4P5Yxb/h/LHLP6/zh+z+D+cP2bxfyR/zOL/m/wxi/9v88cs/r/LH7P4/z5/zOL/h/wxi/8f88cs/o/mj1n8H8sfs/g/nj9m8f9T/pjF/4n8MYv/k/ljFv+n8scs/n/OH7P4/yV/zOL/1/wxi//T+WMW/7/lj1n8n8kfs/g/mz9m8X8uf8zi/3z+mMX/hfwxi/+L+WMW/9H5YxL/SQbyxyz+Q/LHLP5D88cs/sPyxyz+w/PHLP4j8scs/hPlj1n8R+aPWfxH5Y9Z/CfOH7P4T5I/ZvGfNH/M4j9Z/pjFf/L8MYv/FPljFv8p88cs/lPlj1n8p84fs/hPkz9m8X9D/pjFf9r8MYv/G/PHLP5vyh+z+L85f8ziP13+mMX/LfljFv/p88cs/m/NH7P4vy1/zOI/Q/6Yxf/t+WMW/3fkj1n8Z8wfs/jPlD9m8Z85f8ziP0v+mMV/1vwxi/8788cs/rPlj1n8Z88fs/jPkT9m8X9X/pjFf878MYv/XPljFv93549Z/OfOH7P4z5M/ZvGfN3/M4j9f/pjFf/78MYv/AvljFv8F88cs/gvlj1n835M/ZvF/b/6YxX/h/DGL/yL5Yxb/RfPHLP6L5Y9Z/BfPH7P4L5E/ZvFfMn/M4r9U/pjF/335Yxb/pfPHLP7L5I9Z/JfNH7P4L5c/ZvFfPn/M4r9C/pjFf8X8MYv/SvljFv+V88cs/qvkj1n8V80fs/ivlj9m8V89f8ziv0b+mMV/zfwxi/9a+WMW/7Xzxyz+6+SPWfzXzR+z+K+XP2bxXz9/zOK/Qf6YxX/D/DGL/0b5Yxb/jfPHLP6b5I9Z/DfNH7P4b5Y/ZvHfPH/M4v/+/DGL/wfyxyz+W+SPWfy3zB+z+G+VP2bx/2D+mMV/6/wxi/82+WMW/23zxyz+2+WPWfy3zx+z+O+QP2bx3zF/zOK/U/6YxX/n/DGL/y75Yxb/XfPHLP675Y9Z/HfPH7P475E/ZvH/UP6YxX/P/DGL/175Yxb/vfPHLP4fzh+z+O+TP2bx/0j+mMV/3/wxi/9++WMW//3zxyz+B+SPWfwPzB+z+B+UP2bxPzh/zOJ/SP6Yxf/Q/DGL/2H5Yxb/j+aPWfwPzx+z+H8sf8zif0T+mMX/yPwxi/9R+WMW/6Pzxyz+H88fs/gfkz9m8T82f8zi/4n8MYv/J/PHLP7H5Y9Z/D+VP2bxPz5/zOJ/Qv6Yxf/E/DGL/0n5Yxb/k/PHLP6fzh+z+J+SP2bxPzV/zOL/mfwxi/9n88cs/qflj1n8T88fs/h/Ln/M4n9G/pjF//P5Yxb/M/PHLP5n5Y9Z/M/OH7P4fyF/zOJ/Tv6Yxf/c/DGL/3n5Yxb/8/PHLP5fzB+z+F+QP2bxvzB/zOJ/Uf6Yxf/i/DGL/5fyxyz+l+SPWfy/nD9m8f9K/pjF/9L8MYv/V/PHLP6X5Y9Z/L+WP2bxvzx/zOJ/Rf6Yxf/r+WMW/2/kj1n8r8wfs/hflT9m8b86f8zi/838MYv/NfljFv9v5Y9Z/K/NH7P4X5c/ZvG/Pn/M4n9D/pjF/8b8MYv/t/PHLP7fyR+z+H83f8zi/738MYv/9/PHLP4/yB+z+P8wf8zif1P+mMX/R/ljFv8f549Z/G/OH7P4/yR/zOJ/S/6Yxf/W/DGL/0/zxyz+t+WPWfxvzx+z+P8sf8zi//P8MYv/HfljFv8788cs/nflj1n8f5E/ZvG/O3/M4v/L/DGL/z35Yxb/X+WPWfzvzR+z+N+XP2bxvz9/zOL/QP6Yxf/B/DGL/0P5Yxb/X+ePWfwfzh+z+D+SP2bx/03+mMX/t/ljFv/f5Y9Z/H+fP2bx/0P+mMX/j/ljFv9H88cs/o/lj1n8H88fs/j/KX/M4v9E/pjF/8n8MYv/U/ljFv8/549Z/P+SP2bx/2v+mMX/6fwxi//f8scs/s/kj1n8n80fs/g/lz9m8X8+f8zi/0L+mMX/xfwxi//o/DGJ/6QD+WMW/yH5Yxb/ofljFv9h+WMW/+H5Yxb/EfljFv+J8scs/iPzxyz+o/LHLP4T549Z/CfJH7P4T5o/ZvGfLH/M4j95/pjFf4r8MYv/lPljFv+p8scs/lPnj1n8p8kfs/i/IX/M4j9t/pjF/435Yxb/N+WPWfzfnD9m8Z8uf8zi/5b8MYv/9PljFv+35o9Z/N+WP2bxnyF/zOL/9vwxi/87/mv/y/+fjuvfNIv/jB3/mMV/pvwxi//M+WMW/1nyxyz+s+aPWfzfmT9m8Z8tf8ziP3v+mMV/jvwxi/+78scs/nPmj1n858ofs/i/O3/M4j93/pjFf578MYv/vPljFv/58scs/vPnj1n8F8gfs/gvmD9m8V8of8zi/578MYv/e/PHLP4L549Z/BfJH7P4L5o/ZvFfLH/M4r94/pjFf4n8MYv/kvljFv+l8scs/u/LH7P4L50/ZvFfJn/M4r9s/pjFf7n8MYv/8vljFv8V8scs/ivmj1n8V8ofs/ivnD9m8V8lf8ziv2r+mMV/tfwxi//q+WMW/zXyxyz+a+aPWfzXyh+z+K+dP2bxXyd/zOK/bv6YxX+9/DGL//r5Yxb/DfLHLP4b5o9Z/DfKH7P4b5w/ZvHfJH/M4r9p/pjFf7P8MYv/5vljFv/3549Z/D+QP2bx3yJ/zOK/Zf6YxX+r/DGL/wfzxyz+W+ePWfy3yR+z+G+bP2bx3y5/zOK/ff6YxX+H/DGL/475Yxb/nfLHLP47549Z/HfJH7P475o/ZvHfLX/M4r97/pjFf4/8MYv/h/LHLP575o9Z/PfKH7P4750/ZvH/cP6YxX+f/DGL/0fyxyz+++aPWfz3yx+z+O+fP2bxPyB/zOJ/YP6Yxf+g/DGL/8H5Yxb/Q/LHLP6H5o9Z/A/LH7P4fzR/zOJ/eP6Yxf9j+WMW/yPyxyz+R+aPWfyPyh+z+B+dP2bx/3j+mMX/mPwxi/+x+WMW/0/kj1n8P5k/ZvE/Ln/M4v+p/DGL//H5Yxb/E/LHLP4n5o9Z/E/KH7P4n5w/ZvH/dP6Yxf+U/DGL/6n5Yxb/z+SPWfw/mz9m8T8tf8zif3r+mMX/c/ljFv8z8scs/p/PH7P4n5k/ZvE/K3/M4n92/pjF/wv5Yxb/c/LHLP7n5o9Z/M/LH7P4n58/ZvH/Yv6Yxf+C/DGL/4X5Yxb/i/LHLP4X549Z/L+UP2bxvyR/zOL/5fwxi/9X8scs/pfmj1n8v5o/ZvG/LH/M4v+1/DGL/+X5Yxb/K/LHLP5fzx+z+H8jf8zif2X+mMX/qvwxi//V+WMW/2/mj1n8r8kfs/h/K3/M4n9t/pjF/7r8MYv/9fljFv8b8scs/jfmj1n8v50/ZvH/Tv6Yxf+7+WMW/+/lj1n8v58/ZvH/Qf6Yxf+H+WMW/5vyxyz+P8ofs/j/OH/M4n9z/pjF/yf5Yxb/W/LHLP635o9Z/H+aP2bxvy1/zOJ/e/6Yxf9n+WMW/5/nj1n878gfs/jfmT9m8b8rf8zi/4v8MYv/3fljFv9f5o9Z/O/JH7P4/yp/zOJ/b/6Yxf++/DGL//35Yxb/B/LHLP4P5o9Z/B/KH7P4/zp/zOL/cP6Yxf+R/DGL/2/yxyz+v80fs/j/Ln/M4v/7/DGL/x/yxyz+f8wfs/g/mj9m8X8sf8zi/3j+mMX/T/ljFv8n8scs/k/mj1n8n8ofs/j/OX/M4v+X/DGL/1/zxyz+T+ePWfz/lj9m8X8mf8zi/2z+mMX/ufwxi//z+WMW/xfyxyz+L+aPWfxH549J/CcbyB+z+A/JH7P4D80fs/gPyx+z+A/PH7P4j8gfs/hPlD9m8R+ZP2bxH5U/ZvGfOH/M4j9J/pjFf9L8MYv/ZPljFv/J88cs/lPkj1n8p8wfs/hPlT9m8Z86f8ziP03+mMX/DfljFv9p88cs/m/MH7P4vyl/zOL/5vwxi/90+WMW/7fkj1n8p88fs/i/NX/M4v+2/DGL/wz5Yxb/t+ePWfzfkT9m8Z8xf8ziP1P+mMV/5vwxi/8s+WMW/1nzxyz+78wfs/jPlj9m8Z89f8ziP0f+mMX/XfljFv8588cs/nPlj1n8350/ZvGfO3/M4j9P/pjFf978MYv/fPljFv/588cs/gvkj1n8F8wfs/gvlD9m8X9P/pjF/735Yxb/hfPHLP6L5I9Z/BfNH7P4L5Y/ZvFfPH/M4r9E/pjFf8n8MYv/UvljFv/35Y9Z/JfOH7P4L5M/ZvFfNn/M4r9c/pjFf/n8MYv/CvljFv8V88cs/ivlj1n8V84fs/ivkj9m8V81f8ziv1r+mMV/9fwxi/8a+WMW/zX/a//h/0/H9W+axX+tjn/M4r92/pjFf538MYv/uvljFv/18scs/uvnj1n8N8gfs/hvmD9m8d8of8ziv3H+mMV/k/wxi/+m+WMW/83yxyz+m+ePWfzfnz9m8f9A/pjFf4v8MYv/lvljFv+t8scs/h/MH7P4b50/ZvHfJn/M4r9t/pjFf7v8MYv/9vljFv8d8scs/jvmj1n8d8ofs/jvnD9m8d8lf8ziv6vN/95z/6nVLP672fz/ySz+u+ePWfz3yB+z+H8of8ziv2f+mMV/r/wxi//e+WMW/w/nj1n898kfs/h/JH/M4r9v/pjFf7/8MYv//vljFv8D8scs/gfmj1n8D8ofs/gfnD9m8T8kf8zif2j+mMX/sPwxi/9H88cs/ofnj1n8P5Y/ZvE/In/M4n9k/pjF/6j8MYv/0fljFv+P549Z/I/JH7P4H5s/ZvH/RP6Yxf+T+WMW/+Pyxyz+n8ofs/gfnz9m8T8hf8zif2L+mMX/pPwxi//J+WMW/0/nj1n8T8kfs/ifmj9m8f9M/pjF/7P5Yxb/0/LHLP6n549Z/D+XP2bxPyN/zOL/+fwxi/+Z+WMW/7Pyxyz+Z+ePWfy/kD9m8T8nf8zif27+mMX/vPwxi//5+WMW/y/mj1n8L8gfs/hfmD9m8b8of8zif3H+mMX/S/ljFv9L8scs/l/OH7P4fyV/zOJ/af6Yxf+r+WMW/8vyxyz+X8sfs/hfnj9m8b8if8zi//X8MYv/N/LHLP5X5o9Z/K/KH7P4X50/ZvH/Zv6Yxf+a/DGL/7fyxyz+1+aPWfyvyx+z+F+fP2bxvyF/zOJ/Y/6Yxf/b+WMW/+/kj1n8v5s/ZvH/Xv6Yxf/7+WMW/x/kj1n8f/ia/iP/34/r3zSL/00d/5jF/0f5Yxb/H+ePWfxvzh+z+P8kf8zif0v+mMX/1vwxi/9P88cs/rflj1n8b88fs/j/LH/M4v/z/DGL/x35Yxb/O/PHLP535Y9Z/H+RP2bxvzt/zOL/y/wxi/89+WMW/1/lj1n8780fs/jflz9m8b8/f8zi/0D+mMX/wfwxi/9D+WMW/1/nj1n8H84fs/g/kj9m8f9N/pjF/7f5Yxb/3+WPWfx/nz9m8f9D/pjF/4/5Yxb/R/PHLP6P5Y9Z/B/PH7P4/yl/zOL/RP6Yxf/J/DGL/1P5Yxb/P+ePWfz/kj9m8f9r/pjF/+n8MYv/3/LHLP7P5I9Z/J/NH7P4P5c/ZvF/Pn/M4v9C/pjF/8X8MYv/6Pwxif/kA/ljFv8h+WMW/6H5Yxb/YfljFv/h+WMW/xH5Yxb/ifLHLP4j88cs/qPyxyz+E+ePWfwnyR+z+E+aP2bxnyx/zOI/ef6YxX+K/DGL/5T5Yxb/qfLHLP5T549Z/KfJH7P4vyF/zOI/bf6Yxf+N+WMW/zflj1n835w/ZvGfLn/M4v+W/DGL//T5Yxb/t+aPWfzflj9m8Z8hf8zi//b8MYv/O/LHLP4z5o9Z/GfKH7P4z5w/ZvGfJX/M4j9r/pjF/535Yxb/2fLHLP6z549Z/OfIH7P4vyt/zOI/Z/6YxX+u/DGL/7vzxyz+c+ePWfznyR+z+M+bP2bxny9/zOI/f/6YxX+B/DGL/4L5Yxb/hfLHLP7vyR+z+L83f8ziv3D+mMV/kfwxi/+i+WMW/8Xyxyz+i+ePWfyXyB+z+C+ZP2bxXyp/zOL/vvwxi//S+WMW/2Xyxyz+y+aPWfyXyx+z+C+fP2bxXyF/zOK/Yv6YxX+l/DGL/8r5Yxb/VfLHLP6r5o9Z/FfLH7P4r54/ZvFfI3/M4r9m/pjFf638MYv/2vljFv918scs/uvmj1n818sfs/ivnz9m8d8gf8ziv2H+mMV/o/wxi//G+WMW/03yxyz+m+aPWfw3yx+z+G+eP2bxf3/+mMX/A/ljFv8t8scs/lvmj1n8t8ofs/h/MH/M4r91/pjFf5v8MYv/tvljFv/t8scs/tvnj1n8d8gfs/jvmD9m8d8pf8ziv3P+mMV/l/wxi/+u+WMW/93yxyz+u+ePWfz3yB+z+H8of8ziv2f+mMV/r/wxi//e+WMW/w/nj1n898kfs/h/JH/M4r9v/pjFf7/8MYv//vljFv8D8scs/gfmj1n8D8ofs/gfnD9m8T8kf8zif2j+mMX/sPwxi/9H88cs/ofnj1n8P5Y/ZvE/In/M4n9k/pjF/6j8MYv/0fljFv+P549Z/I/JH7P4H5s/ZvH/RP6Yxf+T+WMW/+Pyxyz+n8ofs/gfnz9m8T8hf8zif2L+mMX/pPwxi//J+WMW/0/nj1n8T8kfs/ifmj9m8f9M/pjF/7P5Yxb/0/LHLP6n549Z/D+XP2bxPyN/zOL/+fwxi/+Z+WMW/7Pyxyz+Z+ePWfy/kD9m8T8nf8zif27+mMX/vPwxi//5+WMW/y/mj1n8L8gfs/hfmD9m8b8of8zif3H+mMX/S/ljFv9L8scs/l/OH7P4fyV/zOJ/af6Yxf+r+WMW/8vyxyz+X8sfs/hfnj9m8b8if8zi//X8MYv/N/LHLP5X5o9Z/K/KH7P4X50/ZvH/Zv6Yxf+a/DGL/7fyxyz+1+aPWfyvyx+z+F+fP2bxvyF/zOJ/Y/6Yxf/b+WMW/+/kj1n8v5s/ZvH/Xv6Yxf/7+WMW/x/kj1n8f5g/ZvG/KX/M4v+j/DGL/4/zxyz+N+ePWfx/kj9m8b8lf8zif2v+mMX/p/ljFv/b8scs/rfnj1n8f5Y/ZvH/ef6Yxf+O/DGL/535Yxb/u/LHLP6/yB+z+N+dP2bx/2X+mMX/nvwxi/+v8scs/vfmj1n878sfs/jfnz9m8X8gf8zi/2D+mMX/ofwxi/+v88cs/g/nj1n8H8kfs/j/Jn/M4v/b/DGL/+/yxyz+v88fs/j/IX/M4v/H/DGL/6P5Yxb/x/LHLP6P549Z/P+UP2bxfyJ/zOL/ZP6Yxf+p/DGL/5/zxyz+f8kfs/j/NX/M4v90/pjF/2/5Yxb/Z/LHLP7P5o9Z/J/LH7P4P58/ZvF/IX/M4v9i/pjFf3T+mMR/ioH8MYv/kPwxi//Q/DGL/7D8MYv/8Pwxi/+I/DGL/0T5Yxb/kfljFv9R+WMW/4nzxyz+k+SPWfwnzR+z+E+WP2bxnzx/zOI/Rf6YxX/K/DGL/1T5Yxb/qfPHLP7T5I9Z/N+QP2bxnzZ/zOL/xvwxi/+b8scs/m/OH7P4T5c/ZvF/S/6YxX/6/DGL/1vzxyz+b8sfs/jPkD9m8X97/pjF/x35Yxb/GfPHLP4z5Y9Z/GfOH7P4z5I/ZvGfNX/M4v/O/DGL/2z5Yxb/2fPHLP5z5I9Z/N+VP2bxnzN/zOI/V/6Yxf/d+WMW/7nzxyz+8+SPWfznzR+z+M+XP2bxnz9/zOK/QP6YxX/B/DGL/0L5Yxb/9+SPWfzfmz9m8V84f8ziv0j+mMV/0fwxi/9i+WMW/8Xzxyz+S+SPWfyXzB+z+C+VP2bxf1/+mMV/6fwxi/8y+WMW/2Xzxyz+y+WPWfyXzx+z+K+QP2bxXzF/zOK/Uv6YxX/l/DGL/yr5Yxb/VfPHLP6r5Y9Z/FfPH7P4r5E/ZvFfM3/M4r9W/pjFf+38MYv/OvljFv9188cs/uvlj1n8188fs/hvkD9m8d8wf8ziv1H+mMV/4/wxi/8m+WMW/03zxyz+m+WPWfw3zx+z+L8/f8zi/4H8MYv/FvljFv8t88cs/lvlj1n8P5g/ZvHfOn/M4r9N/pjFf9v8MYv/dvljFv/t88cs/jvkj1n8d8wfs/jvlD9m8d85f8ziv0v+mMV/1/wxi/9u+WMW/93zxyz+e+SPWfw/lD9m8d8zf8ziv1f+mMV/7/wxi/+H88cs/vvkj1n8P5I/ZvHfN3/M4r9f/pjFf//8MYv/AfljFv8D88cs/gflj1n8D84fs/gfkj9m8T80f8zif1j+mMX/o/ljFv/D88cs/h/LH7P4H5E/ZvE/Mn/M4n9U/pjF/+j8MYv/x/PHLP7H5I9Z/I/NH7P4fyJ/zOL/yfwxi/9x+WMW/0/lj1n8j88fs/ifkD9m8T8xf8zif1L+mMX/5Pwxi/+n88cs/qfkj1n8T80fs/h/Jn/M4v/Z/DGL/2n5Yxb/0/PHLP6fyx+z+J+RP2bx/3z+mMX/zPwxi/9Z+WMW/7Pzxyz+X8gfs/ifkz9m8T83f8zif17+mMX//Pwxi/8X88cs/hfkj1n8L8wfs/hflD9m8b84f8zi/6X8MYv/JfljFv8v549Z/L+SP2bxvzR/zOL/1fwxi/9l+WMW/6/lj1n8L88fs/hfkT9m8f96/pjF/xv5Yxb/K/PHLP5X5Y9Z/K/OH7P4fzN/zOJ/Tf6Yxf9b+WMW/2vzxyz+1+WPWfyvzx+z+N+QP2bxvzF/zOL/7fwxi/938scs/t/NH7P4fy9/zOL//fwxi/8P8scs/j/MH7P435Q/ZvH/Uf6Yxf/H+WMW/5vzxyz+P8kfs/jfkj9m8b81f8zi/9P8MYv/bfljFv/b88cs/j/LH7P4/zx/zOJ/R/6Yxf/O/DGL/135Yxb/X+SPWfzvzh+z+P8yf8zif0/+mMX/V/ljFv9788cs/vflj1n8788fs/g/kD9m8X8wf8zi/1D+mMX/1/ljFv+H88cs/o/kj1n8f5M/ZvH/bf6Yxf93+WMW/9/nj1n8/5A/ZvH/Y/6Yxf/R/DGL/2P5Yxb/x/PHLP5/yh+z+D+RP2bxfzJ/zOL/VP6Yxf/P+WMW/7/kj1n8/5o/ZvF/On/M4v+3/DGL/zP5Yxb/Z/PHLP7P5Y9Z/J/PH7P4v5A/ZvF/MX/M4j86f0ziP+VA/pjFf0j+mMV/aP6YxX9Y/pjFf3j+mMV/RP6YxX+i/DGL/8j8MYv/qPwxi//E+WMW/0nyxyz+k+aPWfwnyx+z+E+eP2bxnyJ/zOI/Zf6YxX+q/DGL/9T5Yxb/afLHLP5vyB+z+E+bP2bxf2P+mMX/TfljFv83549Z/KfLH7P4vyV/zOI/ff6Yxf+t+WMW/7flj1n8Z8gfs/i/PX/M4v+O/DGL/4z5Yxb/mfLHLP4z549Z/GfJH7P4z5o/ZvF/Z/6YxX+2/DGL/+z5Yxb/OfLHLP7vyh+z+M+ZP2bxnyt/zOL/7vwxi//c+WMW/3nyxyz+8+aPWfznyx+z+M+fP2bxXyB/zOK/YP6YxX+h/DGL/3vyxyz+780fs/gvnD9m8V8kf8ziv2j+mMV/sfwxi//i+WMW/yXyxyz+S+aPWfyXyh+z+L8vf8ziv3T+mMV/mfwxi/+y+WMW/+Xyxyz+y+ePWfxXyB+z+K+YP2bxXyl/zOK/cv6YxX+V/DGL/6r5Yxb/1fLHLP6r549Z/NfIH7P4r5k/ZvFfK3/M4r92/pjFf538MYv/uvljFv/18scs/uvnj1n8N8gfs/hvmD9m8d8of8ziv3H+mMV/k/wxi/+m+WMW/83yxyz+m+ePWfz/D/v2HmRnXd9x/OxufrsBYwgYAREM4RolkGSJBJBIxbbT1DGOlU7V1pZIQkhIxFzEJFYICihY0CBaoFYKGKvYCBJbAW+hqFCJFa1ivTXiBS+VgGgDrbbbOcluzG6+7LBPnjzM5Pt6/bG756zfw+U944ezmX2N/qEs/f9c/1CW/n+hfyhL/zP0D2XpP0f/UJb+r9U/lKX/mfqHsvSfq38oS/95+oey9D9L/1CW/vP1D2Xpf7b+oSz9F+gfytJ/of6hLP3P0T+Upf8i/UNZ+i/WP5Sl/+v0D2Xpf67+oSz9X69/KEv/JfqHsvRfqn8oS/9l+oey9F+ufyhL/zfoH8rS/zz9Q1n6v1H/UJb+K/QPZem/Uv9Qlv6r9A9l6f8m/UNZ+v+l/qEs/d+sfyhL//P1D2Xpf4H+oSz9V+sfytL/Qv1DWfq/Rf9Qlv5v1T+Upf9F+oey9L9Y/1CW/pfoH8rS/236h7L0f7v+oSz9L9U/lKX/ZfqHsvR/h/6hLP3/Sv9Qlv6X6x/K0v8K/UNZ+r9T/1CW/u/SP5Sl/xr9Q1n6X6l/KEv/d+sfytL/Kv1DWfq/R/9Qlv7v1T+Upf9f6x/K0v9q/UNZ+l+jfyhL/2v1D2Xp/zf6h7L0f5/+oSz9/1b/UJb+79c/lKX/dfqHsvT/O/1DWfpfr38oS/8b9A9l6X+j/qEs/T+gfyhL/7X6h7L0/6D+oSz9/17/UJb+H9I/lKX/h/UPZel/k/6hLP0/on8oS/9/0D+Upf86/UNZ+n9U/1CW/jfrH8rS/xb9Q1n6f0z/UJb+t+ofytJ/vf47mLb9qyz9P65/KEv/f9Q/lKX/P+kfytL/E/qHsvS/Tf9Qlv636x/K0v8O/UNZ+n9S/1CW/p/SP5Sl/6f1D2Xp/xn9Q1n6f1b/UJb+G/QPZel/p/6hLP3/Wf9Qlv536R/K0v9z+oey9P+8/qEs/b+gfyhL/7v1D2Xpf4/+oSz9/0X/UJb+X9Q/lKX/vfqHsvTfqH8oS/8v6R/K0v9f9Q9l6f9l/UNZ+t+nfyhL/6/oH8rS/6v6h7L0/zf9Q1n6f03/UJb+X9c/lKX//fqHsvT/hv6hLP3/Xf9Qlv7f1D+Upf+39A9l6f9t/UNZ+n9H/1CW/t/VP5Sl/3/oH8rSf5P+oSz9v6d/KEv/B/QPZen/ff1DWfr/QP9Qlv4/1D+Upf+P9A9l6f+g/qEs/X+sfyhL/5/oH8rS/6f6h7L0/5n+oSz9/1P/UJb+P9c/lKX/Q/qHsvTfrH8oS/+H9Q9l6f+I/qEs/X+hfyhL/0f1D2Xp/0v9Q1n6/0r/UJb+/6V/KEv/LfqHsvR/TP9Qlv6P6x/K0v+/9Q9l6f8/+oey9P+1/qEs/X+jfyhL///VP5Sl///pH8rSv0//UJL+41r6h7L079A/lKV/p/6hLP279A9l6T9K/1CW/kX/UJb+3fqHsvTv0T+Upf9o/UNZ+u+lfyhL/731D2Xp/zT9Q1n6j9E/lKX/0/UPZek/Vv9Qlv776B/K0n+c/qEs/ffVP5Sl/376h7L0f4b+oSz9x+sfytL/mfqHsvTfX/9Qlv4H6B/a8/uP2/4t/Xe25/ffatyz9A9l6X+Q/qEs/Z+tfyhL/4P1D2Xpf4j+oSz9n6N/KEv/CfqHsvQ/VP9Qlv4T9Q9l6X+Y/qEs/Q/XP5Sl/xH6h7L0P1L/UJb+R+kfytL/aP1DWfpP0j+Upf9z9Q9l6f88/UNZ+h+jfyhL/8n6h7L0P1b/UJb+x+kfytJ/iv6hLP2n6h/K0n+a/qEs/Xv1D2Xpf7z+oSz9p+sfytL/+fqHsvQ/Qf9Qlv4z9A9l6X+i/qEs/U/SP5Sl/8n6h7L0f4H+oSz9T9E/lKX/TP1DWfq/UP9Qlv6n6h/a4/oDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwO60bOWqc+YsWjRvqS984QtfbP/iqf5/JgAAoG6//Y/+p/rvBAAAANhdZs1+0UNdHYOe6trxwSFfmrf18/THXnn22u9/dubA5/5vvyR4yc4dH/T19fXdfe8jr+x/2NNqtdp/td/pfzx66HH79S+YefHUbY9K64vnT+y47Rd/cOIVx5434/buQx8sW58trTPOWrBo3tTOVqt0ldaK9oNpHa1W6S6td7Uf9LYf9JTWh9oPjt/6YK/WhvaD4848d9Hc9hM7/aUBII1Zs1e3ugYtdmvQfw3suP8XzLxl0sDnYV5y4NVGtfr3/+I/vu3bQ7434An2f+D1S8fQ/R/xPyAAsJOR7f9dtwx8HuYld3r/f/+kLVdH33vi/R94/dJp/wGgfsHP/wdt9NCf+w/5+f+hwUtuvz/vHSuua+//aWe+bHz/U6OezM//f/v6pWvo/ncO+vl/R6tVRg38/L+n1SplF/91AEAKs2Zf+NBw7/+H3/9RBw256dhx/7tu3dTZ3v83jrnqyv6nygj3f9Rw7/9ftmHw3ysA8OTMmn1935D3/yPY/9ZRwUtu3/8bfznq5e39f/TmzuU7fG8k+1+G7v+U5YtfP2XZylXHLlg8Z/68+fNed1Jv74zpM6ae1Dtl608Etn3cxX8pALCH27X3/629h9x0tFo/2n4/vueSde39P2vMmMP6nxo9wv3vHvb9//e8/weAQQ7rbHV3t1bMWb586bRtHwce9m77uO1/Fuz/CP78//CB3wMY+J3BjlbrwO33a/fdcEV7/y/pfNNH+5/qHuH+9wy3/6cP+V1FAODJ2cX3/3OH3Aza/833LXxxe//fvvG6sf1PjfTP/0cPu/9neP8PAFXMmr1730S39/93P3/ZA9Wuy15+/w8A6tfE/k/62q/+rNp12dv+A0D9mtj/G7esurfadXma/QeA+jWx/x2rf3h4tesyxv4DQP2a2P/Lblj48WrX5en2HwDq18T+P7h+/F7VrstY+w8A9Wti/xevufb91a7LPvYfAOrXxP5fe+eH31ntuoyz/wBQvyb2f98fHH1gteuyr/0HgPo1sf9vfvRVa6tdl/3sPwDUr4n933LfN3qrXZdn2H8AqF8T+3/6B2d9q9p1GW//AaB+Tez/povufmm16/JM+w8A9Wti/9e/5/ZHql2X/e0/ANSvif0/8RMz5le7LgfYfwCoXxP73z12wRHVrsuB9h8A6tfE/l8++cfrq12XZ9l/AKhfE/v/wMxrxla7LgfZfwCoXxP7v3DCAddUuy7Ptv8AUL8m9v+eBZcuqXZdDrb/AFC/Jvb/xS/pqbjb5RD7DwD1a2L/p7x65Z9Wuy7Psf8AUL8m9v8DKx7bWO26TLD/AFC/3bf/r9r6sb3/d/56wspqr1EOtf8AUL8m3v//4TfXbK52XSbafwCoXxP7f9Q9D7+i2nU5zP4DQP2a2P91P5vzuWrX5XD7DwD1a2L/93lf3+Rq1+UI+w8A9Wti/y/6zJJPVrsuR9p/AKhfE/v/k5v36a52XY6y/wBQvyb2/8zLL1xT7bocbf8BoH5N7P9rpm/6arXrMsn+A0D9mtj/+/d/+e9Vuy7Ptf8AUL8m9v+OnimPV7suz7P/AFC/JvZ/2pHXn1vtuhxj/wGgfk3s/7tfcerbql2XyfYfAOrXxP4fuORj46pdl2PtPwDUr4n9X37Gl9dVuy7H2X8AqF8T+9932otOrnZdpth/AKhfE/s/er+lx1S7LlPtPwDUr4n9f+vU33yq2nWZZv8BoH5N7P/DE9/SUe269Np/AKhfE/s/t2vMe6tdl+PtPwDUr4n9/8Ibrjy/2nWZbv8BoH5N7P9L/+Tgn1a7Ls+3/wBQvyb2f+Lvv/b0atflBPsPAPVrYv9vmvvzu6pdlxn2HwDq18T+X/XdW1dXuy4n2n8AqF8T+z+h75QDql2Xk+w/ANSvif1ftvm0m6pdl5PtPwDUr4n9f3zjxpnVrssL7D8A1K+J/X/1HX/09WrX5RT7DwD1a2L/v3L1d06rdl1m2n8AqF8T+//pS2/oq3ZdXmj/AaB+Tez/CR+ZfHa163Kq/QcAAAAAAAAAAAAAAAAgo2UrV50zZ9GieUt34xdP9T8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw/+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCjtwIAMAAAAgzN86j/YDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANwUAAP//ihD1Ww==") bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000040), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) ioctl$FS_IOC_GETFSMAP(r0, 0x40285881, &(0x7f00000000c0)=ANY=[]) 6.617195973s ago: executing program 9 (id=1255): syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x410c84, &(0x7f0000000340), 0x1, 0x775, &(0x7f0000001180)="$eJzs3c9rXNUeAPDvnSRNm/a95MGD9+oqIGigdGJqbBVcVFyIYKGga9thMg01k0zJTEoTAlpEcCOouBB007U/6s6tP7b6X7gQS9W0WHEhkTu5t502M2mSJpnqfD5wM+fceyfnfOf+OGfmHu4NoGeNpn8KEYcj4t0kYjibn0TEQDPVH3Fybb1bK8vldEpidfXlX5LmOjdXlsvR8p7UwSzz/4j45q2II4X15dYXl2ZK1WplPsuPN2YvjNcXl46eny1NV6Yrc8cnJiePnXjqxPGdi/W375cOXXvvhcc/P/nHm/+7+s63SZyMQ9my1jh2ymiMZp/JQPoR3uX5nS6sy5JuV4BtSQ/NvrWjPA7HcPQ1UwDAP9nrEbEKAPSYRPsPAD0m/x3g5spyOZ+6+4vE3rr+XETsX4s/v765tqQ/u2a3v3kddOhmcteVkSQiRnag/NGI+PjLVz9Np9il65AA7bxxOSLOjoyuP/8n68YsbNUTGyzbl72O3jPf+Q/2zldp/+fpdv2/wu3+T7Tp/wy2OXa3477H/4EdKGQDaf/v2Zaxbbda4s+M9GW5fzX7fAPJufPVSnpu+3dEjMXAYJqf2KCMsRt/3ui0rLX/9+v7r32Slp++3lmj8FP/4N3vmSo1Sg8Sc6vrlyMe6W8Xf3J7+ycd+r+nN1nGi8+8/VGnZWn8abz5tD7+yEYn7Y7VKxGPtd3+d0a0JRuOTxxv7g7j+U7Rxhc/fDjUqfzW7Z9Oafn5d4G9kG7/oY3jH0lax2vWt17Gd1eGv+607P7xt9//9yWvNNN5P+JSqdGYn4jYl7y0fv6xO+/N8/n6afxjj7Y//jfa/9PvhGc3GX//tZ8/2378uyuNf2pL23/riau3Zvo6lb+57T/ZTI1lczZz/ttsBR/kswMAAAAAAAAAAAAAAAAAAAAAAACAzSpExKFICsXb6UKhWFx7hvd/Y6hQrdUbR87VFuamovms7JEYKOS3uhxuuR/qRHY//Dx/7J78kxHxn4j4YPBAkt9HcarLsQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA7mCH5/+nfhzsdu0AgF2zv9sVAAD2nPYfAHqP9h8Aeo/2HwB6j/YfAHqP9h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBddvrUqXRa/X1luZzmpy4uLszULh6dqtRnirML5WK5Nn+hOF2rTVcrxXJt9n7/r1qrXZiMuYVL441KvTFeX1w6M1tbmGucOT9bmq6cqQzsSVQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsDX1xaWZUrVamZfYRmL14ahG9xN92e70sNRnTxPJw1GNHU50+cQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8DfxVwAAAP//02Ii/w==") mount$overlay(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) chdir(&(0x7f0000000240)='./file0\x00') readlink(&(0x7f0000000040)='./file1\x00', &(0x7f0000000080)=""/233, 0xe9) 6.394336328s ago: executing program 1 (id=1258): recvmmsg(0xffffffffffffffff, &(0x7f0000005400)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=""/4096, 0x1000}}, {{0x0, 0x0, &(0x7f0000005100)=[{0x0}, {&(0x7f0000004f40)=""/101, 0x65}], 0x2}}], 0x2, 0x0, 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x36, 0x0, 0x0, 0x20000000}, 0xa}], 0x400000000000172, 0x0) 5.999130282s ago: executing program 7 (id=1261): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1e7d, 0x319c, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000400)={0x2c, &(0x7f0000000280)={0x40, 0x7, 0x7, {0x7, 0x0, "5a7da32917"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000080)={0x2c, 0x0, 0x0, 0x0, &(0x7f00000002c0)={0x20, 0x1, 0x3, '\x00\x00\x00'}, 0x0}) 5.876889752s ago: executing program 1 (id=1263): r0 = syz_usb_connect(0x2, 0x36, &(0x7f0000000900)=ANY=[@ANYBLOB="52010000ead4a320d118af1e6309010203010902240001f60720400904a67602ab52634a09050b002000f84c090905aa46"], 0x0) syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000f40)={0x14, 0x0, &(0x7f0000000f00)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000001240)={0x24, 0x0, &(0x7f0000000080)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x401}}, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000001880)={0x2c, &(0x7f0000000000)={0x0, 0x13, 0x2, "17c0"}, 0x0, 0x0, 0x0, 0x0}) 5.192711745s ago: executing program 9 (id=1280): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0) write$UHID_INPUT(r0, &(0x7f0000000940)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa108c3528fe9b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df32b8af0783653136f8a04c03690312125c7ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b5458f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb32bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bd6c108fab3590bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad5c26c8014118d8374ca9f285779dfee7715a403908146a74de61b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd5224b07d18a44fec4f6f1a6f65158bb6adcc295bf2dd7dea107f59d7e03c61fe5822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d080000000000000014f6f2377bcfc78e2e86368c138510a04cedf7175af8c2034fae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad529888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bdd277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b8b74e26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd4829bbc2850cd4901389e6ea6e86041e0efa1158f334e7afda0e11c2fb0e6df6364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeabaf18647ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b56037d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de286c6692abb5f092e4e3a15283217e03d02a4054f34af3a65ef6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be7504f5bae22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b29674bfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b7bcf455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36ef416f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d3d926a14265647bc8b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acce062ae37f2ff921707abba139bccdf42bfd174d29b540161b4113c4e1a13f3a62bc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95199967f097ba7b55bbd271d818690c4238406b40a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e2ee6670a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad252c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086ee8c7971b8077a13e58a8e8bea39c8e06b251909f02cb0080abf020f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e8075f4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d672250658bb513b7312517d1f88c61c7ba5f9647cd619281c5b391b48606ee39fb4171103df2e09d7cfd56c06c721f7c24ad8cce383623fc2dcb15ac56438ea331820ae59c8c474e36fc73f7b1b3b86df1b42490815501681aafbf7e871b4b9686efae6c45ecfca60a640a6f071dfd31f9437c3d03086164b48c1ed802986864bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720fdd6a92f52be0676427a56e32e5bc5085b25f90add38a76f2fce6f8f0ef74f4659698549646bd63175adf77b5cdcfe676e1b1a9af15102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889581c750c34586ef46eab7a9176337536bb6001e676546b987f36b1fe4b9f6e46a8ce73eb22ebbb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2576effbeb521173736e5c9557450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce5b9f842629049931146af40a8a1256ba373a88d09dc00cdf4453cc6ba78572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d4fefe5c97941ca9688cb85adf38fd10f5811cdd8e074a21bbfc9541c71465b08d7321281b68ed52bfab789b9c83849c09d52376d419b1e7ba367603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e00686a3ed499cfb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7004757ac328ec5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9f058cc048f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921b69eb4d85c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11c39d6fdcf5926d6ad5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e60fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cd8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46512739116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ef299fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002af6a6b6a2dc9cfaeefa70557886c4d12924a038813f2bc8e89e4cfa69705d1ef3c4658f8616278b588011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b42e7d62fbcfc1c2cfb01fcf0db5e8a162bdb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef172a28c96d9bdb1f598eab31c6baf0321312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682d113e715f2f3ee506abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e7418b545b992b1dd98e2ee53355f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff05201528f4358fe67f61288bf042a8f3c2e0f8b4997b8fb74996b80d465489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa500a0000000000006a8308af8ce6441d5ad8a2f3d477eb5307af0dfae6644493f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fbbb32b5c9517886287a18eacd8dbfda9b91db693cb12e42cba5988280e09e51e72b91a0f360656d8f21cc1eb3248ac345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28267852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2175523ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303f8936a33bae5cbc96b29a5c724d5b50e1614144c2acd03bd90de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4ad8ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc5fe8a692060069fcbcdcba7c523d3c424aa3b0c6556387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64aa61da8cab3b423e7adc4c4700418a65e87225710e1691f6d9cb2eb63cce5b605ce0a4a89cf519767e00845397c5e381141a0ed8a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de422bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4309531f13ecb1a775d0bd881a00", 0xfffffffffffffe43}}, 0x1006) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x10012, r0, 0x0) mq_timedsend(r0, 0x0, 0x0, 0xffffffffffff0000, &(0x7f0000000080)) 4.82690042s ago: executing program 9 (id=1270): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) 4.27803136s ago: executing program 39 (id=1270): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) 3.550314492s ago: executing program 5 (id=1273): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), r0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_SETPARAMS(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x38, r1, 0x15, 0x70bd25, 0x25dfdbfe, {}, [@IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0x7f}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x2}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT={0x8, 0x2c, 0x5}]}, 0x38}, 0x1, 0x0, 0x0, 0x11}, 0x40004) 3.49870186s ago: executing program 7 (id=1274): syz_mount_image$erofs(&(0x7f0000000040), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x17d, &(0x7f0000001ac0)="$eJzsmLFP+kAUx7/vyg/yMy6uLg4SxcHSFjUuxLA5mogaNwlUghYx0EGYdPH/cHZwdvOPMM7qYFwY3Uxqej3oQQR10MT4PsPj+7h313evyXcoGIb5szw+vNyvFe+EAWASaaTU/89GXCO0+tfb83Jraj1/OfeUv041robPIwBB8PnnJwDcFAz4Kg+Cwd1p9VuE6OstCCwovQOCqfQeBLaVdkHYVfpA042w3jT3a55rlhteJRRWGOwwOGHIDffXPSNUtP5IW2+1O4clz3Ob3yg+ml+3IJDX+tPfV282ljY/GwK20jkQNpVeRao3m2gk2v2nE/H5xg/fnwULFr9NxP4UXBDmNX9KaP6R9evH2Va7s1irl6pu1T1ynNyKtWRZy05WGlEUx/jff+lPE9r5/0bUJimJk5LvN+0o9nMniu85rpD+J5CZjfLQ+5Mju4nWSe0jqTLGmHKGYRiGYRiGYRiGYRiGYZgvMAOSX0EldIo4GcDZkNVvAQAA///an3MA") chdir(&(0x7f00000001c0)='./file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') statx(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0xf0cb2f4a0c2cfc5d, &(0x7f0000000080)) 3.261682403s ago: executing program 5 (id=1275): r0 = syz_open_dev$vbi(&(0x7f00000001c0), 0x1, 0x2) r1 = fcntl$dupfd(r0, 0x0, r0) write$binfmt_script(r1, &(0x7f0000000100), 0xfffffd9d) ioctl$VIDIOC_STREAMON(r0, 0x40045612, &(0x7f0000000080)) 3.152697709s ago: executing program 7 (id=1277): syz_mount_image$hfs(&(0x7f0000000180), &(0x7f0000000040)='./bus\x00', 0x2810880, &(0x7f0000000300)=ANY=[], 0x88, 0x290, &(0x7f0000000d80)="$eJzs3U1r1EAcx/HfZNPt1taaWkUQD1IteJK2XsRLQYqvwZOo3RWKSwWtoF4snsUX4N2LL8AX4UkEz3ry5AvoLTKzSXeiedi2dsel3w/sGpN5+E+STeYfKBGAE+v2xvcPN37aj5Faakm6JUV202XFks7rQuf59s7WTr/XrWuoJXXkPkZyNc1fZTa3e2VVbT1XI5PY/8Wa89fheKRpmv4IHQRC6mT/tso2RtJ09uts+YUn3W7oAAIze9rTC82HjgMAEJYZ3N+j7D4/l83fo0hazm77/v3/2+nA8R7VXugAAvPu/y7LSo09vmfcpmG+51I4uz3Ks8SD9mMnj20NzqzCBNM0ZZUulmjm0Va/d33zSb8b6Y3WM16xc5LW1c1y1kxDtEsluWlRW6O3VmPWjWHKjmGtIv7Fsk4P32Mz89l8MfdMovfq7s//4tTY7l0Eyf6RujM1jH+lukU3ymRQqmKUC66Ti8UdWzvKVlVGonxPLaj4gCApxtkurdXWH7UGo1utHp2tMb1YWmutvpY9N2N99GoNz+bqmsfNvDN3zZJ+6ZM2vPl/ZPf2skb5ZdoyrmR2ZuTjKc0NY1cy8VftXiptMzrceHAob/VQNzX/7OWrxw/6/d5TFk7QQn4S/C/x/LuFeDx9tY+86zo6UGGprkx+6Ryhwfwi3dhpmMsSxmt40KvLvB5nQBg3e/Ewg/zPy1dWXIpkv5KaeXraNG3zWlytyA3Ouu9TXksmez5fnQHNVmdwo+ZcV65JV72VDTlXYuOcqR3rJDEb+qr7PP8HAAAAAAAAAAAAAAAAAACYNOP424zQYwQAAAAAAAAAAAAAAAAAAAAAYNJVv/+3o2N8/2/hZTq8/xcI43cAAAD//9jYdJM=") syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x800053, 0x0, 0xfc, 0x0, &(0x7f00000000c0)) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) renameat2(r0, &(0x7f0000000180)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f0000000200)='./file0\x00', 0x4) 3.027801204s ago: executing program 1 (id=1279): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000000c0)='contention_begin\x00', r0, 0x0, 0x2}, 0x18) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000140)=0x200000000) 2.898282376s ago: executing program 5 (id=1281): syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000001040)='./file1\x00', 0x4040, &(0x7f00000015c0)=ANY=[@ANYBLOB='lastblock=00000000000000000000,umask=00000000000000000000002,dmode=00000000000000000077777,novrs,shortad,shortad,undelete,iocharset=cp437,shortad,umask=00000000000000000000006,dmode=00000000000000000000011,fileset=00000000000000000011,uid=', @ANYRES64, @ANYRES32, @ANYBLOB="cdf7c0c4ada580d5d36bd90806b670b73bb5112f75ca483652cf9b8a22555c3af34a84c5747ac51aa890ca205a0f27d7dde81ad3a01f21810b6de2d56be05416c54e1c6e8459e1643b129327581f7716b38db3d3f3bbeb6d1b846a2aad654e1795850a1f82ac738387d9c3009d18eb2a78258fcc4ac4eb6a12a5650e10ebf077d9ab33f24de7cbffe0", @ANYRESHEX], 0x2, 0xc3e, &(0x7f0000001780)="$eJzs3U9sHNd9B/DfGy3Fld1WTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIhRzC8AVSakLUyRBUo1spAVToOihhwBF0UNOBFqjQIoGRlMEPTKtCyQXAy1y6olIYSMoemCLADkFLGb2rbikSJsRRYmSPh+b+u7Ovjfz3rz1jCzozQsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIOL3Xr146nS6c3v9QTQGALgvLo9++dSZbe7/AMCj68oO//8PAAAAAAAAAAAAAAAcGCmKeCpSzF1eS+PV+476pXbfzVtjQ8PbVzuSqpqHqvLlT/30mbPnvvDi4PluXmrPfEj9e+3T8frolYuNV2ZvzM1PLSxMTTbGZtoTs5NTu97DXutvdaI6AY0bb9ycvHZtoXHmhbObPr418EH/k8cGLgw+d/LZbtmxoeHh0Y0im57AULvrhnTsNMPjcBRxMlI8/52fpFZEFLH3c1G/v2O/1ZGqEyeqTowNDVcdmW63ZhbLD0e6J6KIaPRUanbP0fZjEbW++9qHnTUjlsrmlw0+UXZvdK4137o6PdUYac0vthfbszMjqdPasj+NKOJ8iliOiNX+O3fXF0XUIsW3jq6lqxFxqHsePl9NDN65HcU+9nEXynY2+iKWi4dgzA6w/ijitUjx03ePx0S+zlTXms9FvFbm9yLeLvPliFR+Mc5FvL/N94iHUy2K+Ity/C+spcnqetC9rlz6SuNLM9dme8p2ryu/4P1h05Xi33/8wO4PR7bk/XHAr031KKJVXfHX0t3/ZgcAAAAAAAAAAAAAAACAe+1IFPGpSPHqf/xRNa84qnnpRy8M/v7AL/fOGX/mI/ZTln0hIpaK3c3JPZwnBo6kkZQe8Fzix1k9ivjjPP/vGw+6MQAAAAAAAAAAAAAAAAAAAI+1In4UKV5673hajt41xdsz1xtXWlenO6vCdtf+7a6Zvr6+vt5InWzmHM+5lHM550rO1ZxR5Po5mznHcy7lXM65knM1ZxzK9XM2c47nXMq5nHMl52rOqOX6OZs5x3Mu5VzOuZJzNWcckLV7AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeJUUU8fNI8c2vraVIEdGMGI9OrvQ/6NYBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKX+VMR3I0XjD5q3t9UiIlX/dhwvfzkXzcNlfjyag2W+HM2LOVtV1prfeADtZ2/6UhE/jBT99XduD3ge/77Ou9tfg3j76xvvPl3r5KHuhwMf9D957OiFweFfe2an12m7Bpy41J65easxNjQ8PNqzuZaP/vGebQP5uMW96ToRsfDmW2+0pqen5u/+RfkV2EP1h+hFqj0uPfWiehG1A9GMB9N3HgPl/f/9SPHb7/1n94bfuf/X45c6727f4eNnf7Jx/39p6452ef+vba2X7//lPX27+/9TPdteyr8b6atF1BdvzPUdi6gvvPnWyfaN1vWp61Mz506d+uLg4BfPnuo7HFG/1p6e6nl1T04XAAAAAAAAAAAAAAAAwP2TivjdSNH64VpqRMStar7WwIXB504+eygOVfOtNs3bfn30ysXGK7M35uanFhamJhtjM+2J2cmp3R6uXk33Ghsa3pfOfKQj+9z+I/VXZufenG9f/8PFbT9/on7x6sLifGti+4/jSBQRzd4tJ6oGjw0NV42ebrdmqqoj206m/8X1pSJ+HCkmzjXSZ/O2PP9/6wz/TfP/l7buaJ/m/3+sZ1t5zJSK+Fmk+K2/fCY+W7XzibjjnOVyfxspTpz/TC4Xh8ty3TZ0nivQmRlYlv3fSPGPP99ctjsf8qmNsqd3fWIfEuX4H40U3/3zb8ev522bn/+w/fg/sXVH+zT+T/dse2LT8wr23HXy+J+MFC8/9U78Rt72Yc//6D5743gufPv5HPs0/p/o2TaQj/ub96brAAAAAAAAAAAAD7W+VMTfRYrvD9fSi3nbbv7+3+TWHe3T3//6ZM+2yXuzXtFHvtjzSQUAAACAA6IvFfGjSHF98Z3bc6g3z//umf/5OxvzP4fSlk+rP+f7leq5Affyz/96DeTjju+92wAAAAAAAAAAAAAAAAAAAHCgpFTEi3k99fFqPv/kjuupr0SKV//7+VwuHSvLddeBH6h+rV+enTl5cXp6dqK12Lo6PdUYnWtNTJV1n44Ua3/zmVy3qNZX764331njfWMt9vlIMfz33bKdtdi7a5M/vVH2dFn2Y5Hiv/5hc9nuOtaf2Ch7piz715Hiq/+8fdljG2XPlmW/HSl+8NVGt+wTZdnu81E/uVH2hYnZYh9GBQAAAAAAAAAAAAAAAAAAgMdNXyriTyPF/9xYvj2XP6//39fztvL213vW+9/iVrXO/0C1/v9Or+9m/f/quQJLOx0VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeTSmKeCtSzF1eSyv95fuO+qX2zM1bY0PD21c7kqqah6ry5U/99Jmz577w4uD5bn54/XvpzyLiU/H66JWLjVdmb8zNTy0sTE02xmbaE7OTU7vey17rb3WiOgGNG2/cnLx2baFx5oWzmz6+NfBB/5PHBi4MPnfy2W7ZsaHh4dGeMrW+uz76HdIO2w9HEX8VKZ7/zk/S9/sjitj7ufiI785+O1J14kTVibGh4aoj0+3WzGL54Uj3RBQRjZ5Kze45ug9jsSfNiKWy+WWDT5TdG51rzbeuTk81Rlrzi+3F9uzMSOq0tuxPI4o4nyKWI2K1/87d9UURb0SKbx1dS//SH3Goex4+f3n0y6fO7NyOYh/7uAtlOxt9EcvFQzBmB1h/FPFPkeKn7x6Pf+2PqEXnJz4X8VqZ34t4OzrjncovxrmI97f5HvFwqkUR/1eO/4W19G5/eT0oL+AxNNy49JXGl2auzfaU7V5XHvr7w/10wK9N9SjiB9UVfy39m/+uAQAAAAAAAAAAAAAAAA6QIn41Urz03vFUzQ++Pae4PXO9caV1dbozra879687Z3p9fX29kTrZzDmecynncs6VnKs5o8j1czbLrK+vj+f3SzmXc67kXM0Zh3L9nM2c4zmXci7nXMm5mjNquX7OZs7xnEs5l3Ou5FzNGQdk7h4AAAAAAAAAAAAAAAAAAPBoKap/Unzza2tpvb+zvvR4dHLFeqCPvP8PAAD//3H7+nQ=") mkdir(&(0x7f0000000000)='./control\x00', 0x0) r0 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x60) lseek(r0, 0x8, 0x1) 2.712008109s ago: executing program 7 (id=1282): syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x10400, &(0x7f00000006c0), 0xfe, 0x246, &(0x7f0000000840)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000001400), 0x208e24b) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) 2.455866219s ago: executing program 1 (id=1285): r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000004640)={&(0x7f0000005b00)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x1, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0xc, 0x2, [@TCA_HHF_QUANTUM={0x8, 0x2, 0x8}]}}]}, 0x38}}, 0x8000) 2.206138088s ago: executing program 5 (id=1287): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r0}, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000640)=ANY=[@ANYBLOB="640000001000010000000002000000000000000a040000001200010000000001"], 0x64}}, 0x4004000) 2.047652914s ago: executing program 7 (id=1288): r0 = syz_usb_connect$printer(0x5, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000030020f003176c400000000001090224725100000000090400001207010300090501020000000000090582020002"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000700)={0x44, &(0x7f0000000280)={0x40}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGMASK(r1, 0x604, 0x0) 2.046630436s ago: executing program 6 (id=1289): r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'macsec0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_INC_SCI={0x5, 0xf, 0x1}]}}}]}, 0x3c}}, 0x0) 1.871230483s ago: executing program 5 (id=1290): capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x9) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_netdev_private(r0, 0x89f0, &(0x7f0000000000)) 1.751136395s ago: executing program 1 (id=1291): syz_mount_image$xfs(&(0x7f00000000c0), &(0x7f0000009780)='./file0\x00', 0x0, &(0x7f0000000080)={[{@sysvgroups}, {@gqnoenforce}, {@nolazytime}, {@ikeep}, {@lazytime}]}, 0x1, 0x9730, &(0x7f0000012f40)="$eJzs3QeYJHWhcP1ZYMkZRERRVFSMRAkiShAQCRIVFBAkSw5KUJKIBEVBQMk555xzzjnnnHPOfM+yu4rrget93/t+3HvPOc+zO9PVVTXV/1931cxUT/eS8yw258DA6ANDm2JgxG69a86FNt5xziv33WmvU6cYc/zJh00etsCkwy5OOmjYx5EGBgZGGraeYdPGeuykk0caGOW96f9orDHGHDTOwMB0wy7OPuzjTEM/TPT48PneHaERN3TQ3y8O2n7ov/cab8iXGPLJ0rdcdO7AwMD471t+yCLT/MsNlbbkHPPO8w+rv7sNsRo87PP3/xt16L+JHhwYmOi+Ab5/vH/eQR/BTRryNcff8aHR1/0Ivvb/uJacY975RvAf8lgcedi0mYY8xkd8DBob8X5+yyqz7jFsCN+7vw0MDNnF/dNj5X9ES84xzwIDH7yfH3hkzHHPfPe9/eZYzw0MjPX8wMBYLwwMjPXiwMBYLw0MjPXyR+1S/3fNMef0cw55vA+/PIx9+H15fLpf7Lv6S/sMDAyMNnSesd4ZerwYe4rhx4Sqqqr6790cc04/Fxz/R/+w4/9WW89xW8f/qqqq/7nNN8ec0w85jo9w/B/7w47/P7jppjWG/u5/9pmGLvXOR3sjqqqq6j/VPPPh8X/8Dzv+j7fDDQd0/K+qqvqf26ILvnf8H3uE4//EH3b8X2P+uy4fNt/w7xveft8q33v+2LDpb75v+sjvm/7G+6YPft963j//qO+b/tr7po8+MDDWY8Omv/WPyWM9N2SZf13PWK/84/k4k47yvumvvm/6qO+b/tqwbRoyfbT3TX/7ffOP/o/pYw/5b4phX/f1Dxnqqqqq/zYtOv08cw2873n2wyYPf2I/Pi/02GO3vvuj2t6qqqqqqqqq+s/3ztNnnPOPv/n+9MD7/nb173/DOuz3AoOOO++66z6yDf3v0aB//X3IFh/1Nv3fNsR59COmGBhYa4mPelPqI+h/zN+q1/+T8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/cR9w/v/vf/8/cN9Xdhg26yyT3XX/Yv9YctKB1YZ9dutdcy602kew7R9B/1vP/w+sNmhgYJjv+EMsF5pj0cWnGhgYWOz+uyabceDv18085LpZJxz5vT/mHBiY6r3/B0/6AWse9i4L7725w8R/X8dx761/vnf3H3nQCBvxvmY794GDV13y1RlG/PilD74df39/iaVe2X/K4X/LMtIIM43+AQsPX//w2zKi87Btn2rItk+9wZrrTL3+xpt8fbU1l19lpVVWWmu66aadYfoZZ5jum7NMvfJqa6w0zdD/P2DMhr51xcj/zpiNPeKYPT3H+8dsxNs2wSkH45j967t6/NMq3lvj+bM9csXwMRvl3xyz4V9v5A8fsylWG/aFJh0YPLDce0MzaGBg0lEGD2w05MK0ow0MTDp42LyTDpn32xOONDCw4z9u6KBhLzY6dJ5BWwyZ57/Z+5bMMmxENh0+34ivsz7ihv5H71ty4ti73DXC+5b8v+r/6Pj/L14zD/r7QA1/A4Rh8wz1+ojfZ+JftneKUd47yH3Q9n7I6+K8F92/1lz18SX+q14Xh7Z37A/Z3g95Hb8P3N6ppn12z6Gr+i/b3hH2dQsMvfLf2dcNfPi+bmRafqWrJx9xXzf/B2/iPz2Oh4/RaCPM9EH7uh3nP3/zIesf+PB93QKrDXvxgH/s60YaGJh05OH7uiE7vlEHD+w45MJ0Qy6MNnjgsCEXpn/vwhgD5w258I0V1l5jxUHvvczAsPVOM2S9s084aOgD6OaDVx1tl3ffHWXYtrwy1j9v67D7xxTvP57PMeGwwRy27PD1Dpl1+Hpf22bodaMOW++r/4n1Dl+WtnfSs4deN9qw9b42wnoHf8h6hy/7L4+HqQb90xNVYX/zkb6vET1+R/+Q7f2Q1+HG+9t77lMu+8h/wetwD/qg7R3lw7f3g9435AO394krntzvv+p1w+l+dt++Q+8row+7n739n7j/Dl92xP3Y0BcCGbrbH/3f2Y9N8S/7sS1HHmmEwX5fH/R97oow/7BHxN/XtuJBr642fOwHj7De/+j73PfdlkGwHxt/hJ/nBm2+38AgGvPH1nhxw3d2/vAxHzzwzz9bDB/z4ct+2JiP9u+M+ac+fMxH/D75g8Z8qs8PvX7wCNv//jFfZLfZbx4+5qOOsN7/aMxH+/Bjx7+O+cDAYBrzHScbOm4ftj/9oDEfvuzwMR/ydWadcJSBuQcGBqYcNuaj/jtjPul/zf18TJh/6Ocr/X3SczMu/LXhYz7iGP9HYz7qf3LMN7vv7/fzKd+77nMjDYw66sBGy2+wwXrTDv1/+MXphv7P+6LnVhw6zh92LP0go+HLftjjYpR/x2j8f8to0H9kNNkoH2T0j4fWyAcv+vz/6b5olP+s0Xm8Lzpt3qHj9mHfF33QmA9flo6DE79v+RF/Dv2Q18/C2/Te+My/7fCf9/47vH7W8J93/0e+ftbw30muNuJOvv7d+v2/u/zd5e8uf3f5i/uA8/9TDD///+7YB04y7IfOwVfPfNvsH/X2fsT9rz7/P8z3n87/z37bzFcP+dFq2HUfen526Dz/Lc/PzjT0w0SPD59vxPODI27of3R+dt9dN7j6/6fzs/9HDX+s/hs/F7f/d5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+Yv7gPP/0wx/HsDDiy/0w2EnQgdvOu3Rm37U2/sR97/6/P8w3386/7/p0dNuOtLA36/70PP/Q+dxnP9/YMHNl/nvfP5/+GO18//1H5S/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+Yv7gPP/sw9/HsCRs839heHPB7hxu/33/Ki39yPuf+v5/97/31v7f3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+4Yef/B0Z4m8SFu19gcP7/f3Yf4L9I/pjFf9H8MYv/YvljFv/F88cs/kvkj1n8f5Q/ZvH/cf6YxX/J/DGL/1L5Yxb/n+SPWfx/mj9m8V86f8ziv0z+mMV/2fwxi//P8scs/svlj1n8l88fs/j/PH/M4r9C/pjFf8X8MYv/SvljFv+V88cs/qvkj1n8V80fs/ivlj9m8f9F/pjFf/X8MYv/GvljFv8188cs/mvlj1n8184fs/ivkz9m8V83f8ziv17+mMV//fwxi/8G+WMW/1/mj1n8f5U/ZvHfMH/M4r9R/pjFf+P8MYv/JvljFv9f549Z/H+TP2bx3zR/zOK/Wf6YxX/z/DGL/xb5Yxb/LfPHLP6/zR+z+G+VP2bx/13+mMV/6/wxi//v88cs/tvkj1n8t80fs/hvlz9m8d8+f8zi/4f8MYv/H/PHLP475I9Z/P+UP2bx/3P+mMV/x/wxi/9O+WMW/7/kj1n8d84fs/jvkj9m8d81f8zi/9f8MYv/3/LHLP675Y9Z/HfPH7P475E/ZvHfM3/M4r9X/pjFf+/8MYv/PvljFv9988cs/vvlj1n8988fs/gfkD9m8T8wf8zif1D+mMX/4Pwxi/8h+WMW/0Pzxyz+h+WPWfwPzx+z+B+RP2bxPzJ/zOJ/VP6Yxf/o/DGL/zH5Yxb/Y/PHLP7H5Y9Z/I/PH7P4n5A/ZvE/MX/M4n9S/pjF/+T8MYv/KfljFv9T88cs/qflj1n8T88fs/ifkT9m8T8zf8zif1b+mMX/7Pwxi/85+WMW/3Pzxyz+5+WPWfzPzx+z+F+QP2bxvzB/zOJ/Uf6Yxf/i/DGL/yX5Yxb/S/PHLP6X5Y9Z/C/PH7P4X5E/ZvG/Mn/M4n9V/pjF/+r8MYv/NfljFv9r88cs/tflj1n8r88fs/jfkD9m8b8xf8zif1P+mMX/5vwxi/8t+WMW/1vzxyz+t+WPWfxvzx+z+N+RP2bxvzN/zOJ/V/6Yxf/u/DGL/z35Yxb/e/PHLP735Y9Z/O/PH7P4P5A/ZvF/MH/M4v9Q/pjF/+H8MYv/I/ljFv9H88cs/o/lj1n8H88fs/g/kT9m8X8yf8zi/1T+mMX/6fwxi/8z+WMW/2fzxyz+z+WPWfyfzx+z+L+QP2bxfzF/zOL/Uv6Yxf/l/DGL/yv5Yxb/V/PHLP6v5Y9Z/F/PH7P4v5E/ZvF/M3/M4v9W/pjF/+38MYv/O/ljFv9388ck/oMG8scs/oPyxyz+I+WPWfxHzh+z+I+SP2bxH5w/ZvEfNX/M4j9a/pjFf/T8MYv/GPljFv8x88cs/mPlj1n8x84fs/iPkz9m8R83f8ziP17+mMV//Pwxi/8E+WMW/wnzxyz+E+WPWfwnzh+z+H8sf8ziP0n+mMX/4/ljFv9J88cs/p/IH7P4T5Y/ZvH/ZP6Yxf9T+WMW/8nzxyz+n84fs/h/Jn/M4j9F/pjF/7P5Yxb/z+WPWfw/nz9m8Z8yf8zi/4X8MYv/F/PHLP5fyh+z+E+VP2bx/3L+mMX/K/ljFv+v5o9Z/L+WP2bx/3r+mMX/G/ljFv+p88cs/tPkj1n8p80fs/hPlz9m8Z8+f8ziP0P+mMX/m/ljFv8Z88cs/jPlj1n8Z84fs/jPkj9m8f9W/pjFf9b8MYv/t/PHLP6z5Y9Z/L+TP2bx/27+mMV/9vwxi/8c+WMW/znzxyz+c+WPWfy/lz9m8Z87f8ziP0/+mMV/3vwxi//388cs/vPlj1n8f5A/ZvGfP3/M4r9A/pjFf8H8MYv/QvljFv8f5o9Z/BfOH7P4L5I/ZvFfNH/M4r9Y/pjFf/H8MYv/EvljFv8f5Y9Z/H+cP2bxXzJ/zOK/VP6Yxf8n+WMW/5/mj1n8l84fs/gvkz9m8V82f8zi/7P8MYv/cvljFv/l88cs/j/PH7P4r5A/ZvFfMX/M4r9S/pjFf+X8MYv/KvljFv9V88cs/qvlj1n8f5E/ZvFfPX/M4r9G/pjFf838MYv/WvljFv+188cs/uvkj1n8180fs/ivlz9m8V8/f8ziv0H+mMX/l/ljFv9f5Y9Z/DfMH7P4b5Q/ZvHfOH/M4r9J/pjF/9f5Yxb/3+SPWfw3zR+z+G+WP2bx3zx/zOK/Rf6YxX/L/DGL/2/zxyz+W+WPWfx/lz9m8d86f8zi//v8MYv/NvljFv9t88cs/tvlj1n8t88fs/j/IX/M4v/H/DGL/w75Yxb/P+WPWfz/nD9m8d8xf8ziv1P+mMX/L/ljFv+d88cs/rvkj1n8d80fs/j/NX/M4v+3/DGL/275Yxb/3fPHLP575I9Z/PfMH7P475U/ZvHfO3/M4r9P/pjFf9/8MYv/fvljFv/988cs/gfkj1n8D8wfs/gflD9m8T84f8zif0j+mMX/0Pwxi/9h+WMW/8Pzxyz+R+SPWfyPzB+z+B+VP2bxPzp/zOJ/TP6Yxf/Y/DGL/3H5Yxb/4/PHLP4n5I9Z/E/MH7P4n5Q/ZvE/OX/M4n9K/pjF/9T8MYv/afljFv/T88cs/mfkj1n8z8wfs/iflT9m8T87f8zif07+mMX/3Pwxi/95+WMW//Pzxyz+F+SPWfwvzB+z+F+UP2bxvzh/zOJ/Sf6Yxf/S/DGL/2X5Yxb/y/PHLP5X5I9Z/K/MH7P4X5U/ZvG/On/M4n9N/pjF/9r8MYv/dfljFv/r88cs/jfkj1n8b8wfs/jflD9m8b85f8zif0v+mMX/1vwxi/9t+WMW/9vzxyz+d+SPWfzvzB+z+N+VP2bxvzt/zOJ/T/6Yxf/e/DGL/335Yxb/+/PHLP4P5I9Z/B/MH7P4P5Q/ZvF/OH/M4v9I/pjF/9H8MYv/Y/ljFv/H88cs/k/kj1n8n8wfs/g/lT9m8X86f8zi/0z+mMX/2fwxi/9z+WMW/+fzxyz+L+SPWfxfzB+z+L+UP2bxfzl/zOL/Sv6Yxf/V/DGL/2v5Yxb/1/PHLP5v5I9Z/N/MH7P4v5U/ZvF/O3/M4v9O/pjF/938MYn/e5/m/69Z/Aflj1n8R8ofs/iPnD9m8R8lf8ziPzh/zOI/av6YxX+0/DGL/+j5Yxb/MfLHLP5j5o9Z/MfKH7P4j50/ZvEfJ3/M4j9u/pjFf7z8MYv/+PljFv8J8scs/hPmj1n8J8ofs/hPnD9m8f9Y/pjFf5L8MYv/x/PHLP6T5o9Z/D+RP2bxnyx/zOL/yfwxi/+n8scs/pPnj1n8P50/ZvH/TP6YxX+K/DGL/2fzxyz+n8sfs/h/Pn/M4j9l/pjF/wv5Yxb/L+aPWfy/lD9m8Z8qf8zi/+X8MYv/V/LHLP5fzR+z+H8tf8zi//X8MYv/N/LHLP5T549Z/KfJH7P4T5s/ZvGfLn/M4j99/pjFf4b8MYv/N/PHLP4z5o9Z/GfKH7P4z5w/ZvGfJX/M4v+t/DGL/6z5Yxb/b+ePWfxnyx+z+H8nf8zi/938MYv/7PljFv858scs/nPmj1n858ofs/h/L3/M4j93/pjFf578MYv/vPljFv/v549Z/OfLH7P4/yB/zOI/f/6YxX+B/DGL/4L5Yxb/hfLHLP4/zB+z+C+cP2bxXyR/zOK/aP6YxX+x/DGL/+L5Yxb/JfLHLP4/yh+z+P84f8ziv2T+mMV/qfwxi/9P8scs/j/NH7P4L50/ZvFfJn/M4r9s/pjF/2f5Yxb/5fLHLP7L549Z/H+eP2bxXyF/zOK/Yv6YxX+l/DGL/8r5Yxb/VfLHLP6r5o9Z/FfLH7P4/yJ/zOK/ev6YxX+N/DGL/5r5Yxb/tfLHLP5r549Z/NfJH7P4r5s/ZvFfL3/M4r9+/pjFf4P8MYv/L/PHLP6/yh+z+G+YP2bx3yh/zOK/cf6YxX+T/DGL/6/zxyz+v8kfs/hvmj9m8d8sf8ziv3n+mMV/i/wxi/+W+WMW/9/mj1n8t8ofs/j/Ln/M4r91/pjF//f5Yxb/bfLHLP7b5o9Z/LfLH7P4b58/ZvH/Q/6Yxf+P+WMW/x3yxyz+f8ofs/j/OX/M4r9j/pjFf6f8MYv/X/LHLP47549Z/HfJH7P475o/ZvH/a/6Yxf9v+WMW/93yxyz+u+ePWfz3yB+z+O+ZP2bx3yt/zOK/d/6YxX+f/DGL/775Yxb//fLHLP77549Z/A/IH7P4H5g/ZvE/KH/M4n9w/pjF/5D8MYv/ofljFv/D8scs/ofnj1n8j8gfs/gfmT9m8T8qf8zif3T+mMX/mPwxi/+x+WMW/+Pyxyz+x+ePWfxPyB+z+J+YP2bxPyl/zOJ/cv6Yxf+U/DGL/6n5Yxb/0/LHLP6n549Z/M/IH7P4n5k/ZvE/K3/M4n92/pjF/5z8MYv/ufljFv/z8scs/ufnj1n8L8gfs/hfmD9m8b8of8zif3H+mMX/kvwxi/+l+WMW/8vyxyz+l+ePWfyvyB+z+F+ZP2bxvyp/zOJ/df6Yxf+a/DGL/7X5Yxb/6/LHLP7X549Z/G/IH7P435g/ZvG/KX/M4n9z/pjF/5b8MYv/rfljFv/b8scs/rfnj1n878gfs/jfmT9m8b8rf8zif3f+mMX/nvwxi/+9+WMW//vyxyz+9+ePWfwfyB+z+D+YP2bxfyh/zOL/cP6Yxf+R/DGL/6P5Yxb/x/LHLP6P549Z/J/IH7P4P5k/ZvF/Kn/M4v90/pjF/5n8MYv/s/ljFv/n8scs/s/nj1n8X8gfs/i/mD9m8X8pf8zi/3L+mMX/lfwxi/+r+WMW/9fyxyz+r+ePWfzfyB+z+L+ZP2bxfyt/zOL/dv6Yxf+d/DGL/7v5YxL/kQfyxyz+g/LHLP4j5Y9Z/EfOH7P4j5I/ZvEfnD9m8R81f8ziP1r+mMV/9Pwxi/8Y+WMW/zHzxyz+Y+WPWfzHzh+z+I+TP2bxHzd/zOI/Xv6YxX/8/DGL/wT5Yxb/CfPHLP4T5Y9Z/CfOH7P4fyx/zOI/Sf6Yxf/j+WMW/0nzxyz+n8gfs/hPlj9m8f9k/pjF/1P5Yxb/yfPHLP6fzh+z+H8mf8ziP0X+mMX/s/ljFv/P5Y9Z/D+fP2bxnzJ/zOL/hfwxi/8X88cs/l/KH7P4T5U/ZvH/cv6Yxf8r+WMW/6/mj1n8v5Y/ZvH/ev6Yxf8b+WMW/6nzxyz+0+SPWfynzR+z+E+XP2bxnz5/zOI/Q/6Yxf+b+WMW/xnzxyz+M+WPWfxnzh+z+M+SP2bx/1b+mMV/1vwxi/+388cs/rPlj1n8v5M/ZvH/bv6YxX/2/DGL/xz5Yxb/OfPHLP5z5Y9Z/L+XP2bxnzt/zOI/T/6YxX/e/DGL//fzxyz+8+WPWfx/kD9m8Z8/f8ziv0D+mMV/wfwxi/9C+WMW/x/mj1n8F84fs/gvkj9m8V80f8ziv1j+mMV/8fwxi/8S+WMW/x/lj1n8f5w/ZvFfMn/M4r9U/pjF/yf5Yxb/n+aPWfyXzh+z+C+TP2bxXzZ/zOL/s/wxi/9y+WMW/+Xzxyz+P88fs/ivkD9m8V8xf8ziv1L+mMV/5fwxi/8q+WMW/1Xzxyz+q+WPWfx/kT9m8V89f8ziv0b+mMV/zfwxi/9a+WMW/7Xzxyz+6+SPWfzXzR+z+K+XP2bxXz9/zOK/Qf6Yxf+X+WMW/1/lj1n8N8wfs/hvlD9m8d84f8ziv0n+mMX/1/ljFv/f5I9Z/DfNH7P4b5Y/ZvHfPH/M4r9F/pjFf8v8MYv/b/PHLP5b5Y9Z/H+XP2bx3zp/zOL/+/wxi/82+WMW/23zxyz+2+WPWfy3zx+z+P8hf8zi/8f8MYv/DvljFv8/5Y9Z/P+cP2bx3zF/zOK/U/6Yxf8v+WMW/53zxyz+u+SPWfx3zR+z+P81f8zi/7f8MYv/bvljFv/d88cs/nvkj1n898wfs/jvlT9m8d87f8ziv0/+mMV/3/wxi/9++WMW//3zxyz+B+SPWfwPzB+z+B+UP2bxPzh/zOJ/SP6Yxf/Q/DGL/2H5Yxb/w/PHLP5H5I9Z/I/MH7P4H5U/ZvE/On/M4n9M/pjF/9j8MYv/cfljFv/j88cs/ifkj1n8T8wfs/iflD9m8T85f8zif0r+mMX/1Pwxi/9p+WMW/9Pzxyz+Z+SPWfzPzB+z+J+VP2bxPzt/zOJ/Tv6Yxf/c/DGL/3n5Yxb/8/PHLP4X5I9Z/C/MH7P4X5Q/ZvG/OH/M4n9J/pjF/9L8MYv/ZfljFv/L88cs/lfkj1n8r8wfs/hflT9m8b86f8zif03+mMX/2vwxi/91+WMW/+vzxyz+N+SPWfxvzB+z+N+UP2bxvzl/zOJ/S/6Yxf/W/DGL/235Yxb/2/PHLP535I9Z/O/MH7P435U/ZvG/O3/M4n9P/pjF/978MYv/ffljFv/788cs/g/kj1n8H8wfs/g/lD9m8X84f8zi/0j+mMX/0fwxi/9j+WMW/8fzxyz+T+SPWfyfzB+z+D+VP2bxfzp/zOL/TP6Yxf/Z/DGL/3P5Yxb/5/PHLP4v5I9Z/F/MH7P4v5Q/ZvF/OX/M4v9K/pjF/9X8MYv/a/ljFv/X88cs/m/kj1n838wfs/i/lT9m8X87f8zi/07+mMX/3fwxif8oA/ljFv9B+WMW/5Hyxyz+I+ePWfxHyR+z+A/OH7P4j5o/ZvEfLX/M4j96/pjFf4z8MYv/mPljFv+x8scs/mPnj1n8x8kfs/iPmz9m8R8vf8ziP37+mMV/gvwxi/+E+WMW/4nyxyz+E+ePWfw/lj9m8Z8kf8zi//H8MYv/pPljFv9P5I9Z/CfLH7P4fzJ/zOL/qfwxi//k+WMW/0/nj1n8P5M/ZvGfIn/M4v/Z/DGL/+fyxyz+n88fs/hPmT9m8f9C/pjF/4v5Yxb/L+WPWfynyh+z+H85f8zi/5X8MYv/V/PHLP5fyx+z+H89f8zi/438MYv/1PljFv9p8scs/tPmj1n8p8sfs/hPnz9m8Z8hf8zi/838MYv/jPljFv+Z8scs/jPnj1n8Z8kfs/h/K3/M4j9r/pjF/9v5Yxb/2fLHLP7fyR+z+H83f8ziP3v+mMV/jvwxi/+c+WMW/7nyxyz+38sfs/jPnT9m8Z8nf8ziP2/+mMX/+/ljFv/58scs/j/IH7P4z58/ZvFfIH/M4r9g/pjFf6H8MYv/D/PHLP4L549Z/BfJH7P4L5o/ZvFfLH/M4r94/pjFf4n8MYv/j/LHLP4/zh+z+C+ZP2bxXyp/zOL/k/wxi/9P88cs/kvnj1n8l8kfs/gvmz9m8f9Z/pjFf7n8MYv/8vljFv+f549Z/FfIH7P4r5g/ZvFfKX/M4r9y/pjFf5X8MYv/qvljFv/V8scs/r/IH7P4r54/ZvFfI3/M4r9m/pjFf638MYv/2vljFv918scs/uvmj1n818sfs/ivnz9m8d8gf8zi/8v8MYv/r/LHLP4b5o9Z/DfKH7P4b5w/ZvHfJH/M4v/r/DGL/2/yxyz+m+aPWfw3yx+z+G+eP2bx3yJ/zOK/Zf6Yxf+3+WMW/63yxyz+v8sfs/hvnT9m8f99/pjFf5v8MYv/tvljFv/t8scs/tvnj1n8/5A/ZvH/Y/6YxX+H/DGL/5/yxyz+f84fs/jvmD9m8d8pf8zi/5f8MYv/zvljFv9d8scs/rvmj1n8/5o/ZvH/W/6YxX+3/DGL/+75Yxb/PfLHLP575o9Z/PfKH7P4750/ZvHfJ3/M4r9v/pjFf7/8MYv//vljFv8D8scs/gfmj1n8D8ofs/gfnD9m8T8kf8zif2j+mMX/sPwxi//h+WMW/yPyxyz+R+aPWfyPyh+z+B+dP2bxPyZ/zOJ/bP6Yxf+4/DGL//H5Yxb/E/LHLP4n5o9Z/E/KH7P4n5w/ZvE/JX/M4n9q/pjF/7T8MYv/6fljFv8z8scs/mfmj1n8z8ofs/ifnT9m8T8nf8zif27+mMX/vPwxi//5+WMW/wvyxyz+F+aPWfwvyh+z+F+cP2bxvyR/zOJ/af6Yxf+y/DGL/+X5Yxb/K/LHLP5X5o9Z/K/KH7P4X50/ZvG/Jn/M4n9t/pjF/7r8MYv/9fljFv8b8scs/jfmj1n8b8ofs/jfnD9m8b8lf8zif2v+mMX/tvwxi//t+WMW/zvyxyz+d+aPWfzvyh+z+N+dP2bxvyd/zOJ/b/6Yxf++/DGL//35Yxb/B/LHLP4P5o9Z/B/KH7P4P5w/ZvF/JH/M4v9o/pjF/7H8MYv/4/ljFv8n8scs/k/mj1n8n8ofs/g/nT9m8X8mf8zi/2z+mMX/ufwxi//z+WMW/xfyxyz+L+aPWfxfyh+z+L+cP2bxfyV/zOL/av6Yxf+1/DGL/+v5Yxb/N/LHLP5v5o9Z/N/KH7P4v50/ZvF/J3/M4v9u/pjEf/BA/pjFf1D+mMV/pPwxi//I+WMW/1Hyxyz+g/PHLP6j5o9Z/EfLH7P4j54/ZvEfI3/M4j9m/pjFf6z8MYv/2PljFv9x8scs/uPmj1n8x8sfs/iPnz9m8Z8gf8ziP2H+mMV/ovwxi//E+WMW/4/lj1n8J8kfs/h/PH/M4j9p/pjF/xP5Yxb/yfLHLP6fzB+z+H8qf8ziP3n+mMX/0/ljFv/P5I9Z/KfIH7P4fzZ/zOL/ufwxi//n88cs/lPmj1n8v5A/ZvH/Yv6Yxf9L+WMW/6nyxyz+X84fs/h/JX/M4v/V/DGL/9fyxyz+X88fs/h/I3/M4j91/pjFf5r8MYv/tPljFv/p8scs/tPnj1n8Z8gfs/h/M3/M4j9j/pjFf6b8MYv/zPljFv9Z8scs/t/KH7P4z5o/ZvH/dv6YxX+2/DGL/3fyxyz+380fs/jPnj9m8Z8jf8ziP2f+mMV/rvwxi//38scs/nPnj1n858kfs/jPmz9m8f9+/pjFf778MYv/D/LHLP7z549Z/BfIH7P4L5g/ZvFfKH/M4v/D/DGL/8L5Yxb/RfLHLP6L5o9Z/BfLH7P4L54/ZvFfIn/M4v+j/DGL/4/zxyz+S+aPWfyXyh+z+P8kf8zi/9P8MYv/0vljFv9l8scs/svmj1n8f5Y/ZvFfLn/M4r98/pjF/+f5Yxb/FfLHLP4r5o9Z/FfKH7P4r5w/ZvFfJX/M4r9q/pjFf7X8MYv/L/LHLP6r549Z/NfIH7P4r5k/ZvFfK3/M4r92/pjFf538MYv/uvljFv/18scs/uvnj1n8N8gfs/j/Mn/M4v+r/DGL/4b5Yxb/jfLHLP4b549Z/DfJH7P4/zp/zOL/m/wxi/+m+WMW/83yxyz+m+ePWfy3yB+z+G+ZP2bx/23+mMV/q/wxi//v8scs/lvnj1n8f58/ZvHfJn/M4r9t/pjFf7v8MYv/9vljFv8/5I9Z/P+YP2bx3yF/zOL/p/wxi/+f88cs/jvmj1n8d8ofs/j/JX/M4r9z/pjFf5f8MYv/rvljFv+/5o9Z/P+WP2bx3y1/zOK/e/6YxX+P/DGL/575Yxb/vfLHLP57549Z/PfJH7P475s/ZvHfL3/M4r9//pjF/4D8MYv/gfljFv+D8scs/gfnj1n8D8kfs/gfmj9m8T8sf8zif3j+mMX/iPwxi/+R+WMW/6Pyxyz+R+ePWfyPyR+z+B+bP2bxPy5/zOJ/fP6Yxf+E/DGL/4n5Yxb/k/LHLP4n549Z/E/JH7P4n5o/ZvE/LX/M4n96/pjF/4z8MYv/mfljFv+z8scs/mfnj1n8z8kfs/ifmz9m8T8vf8zif37+mMX/gvwxi/+F+WMW/4vyxyz+F+ePWfwvyR+z+F+aP2bxvyx/zOJ/ef6Yxf+K/DGL/5X5Yxb/q/LHLP5X549Z/K/JH7P4X5s/ZvG/Ln/M4n99/pjF/4b8MYv/jfljFv+b8scs/jfnj1n8b8kfs/jfmj9m8b8tf8zif3v+mMX/jvwxi/+d+WMW/7vyxyz+d+ePWfzvyR+z+N+bP2bxvy9/zOJ/f/6Yxf+B/DGL/4P5Yxb/h/LHLP4P549Z/B/JH7P4P5o/ZvF/LH/M4v94/pjF/4n8MYv/k/ljFv+n8scs/k/nj1n8n8kfs/g/mz9m8X8uf8zi/3z+mMX/hfwxi/+L+WMW/5fyxyz+L+ePWfxfyR+z+L+aP2bxfy1/zOL/ev6Yxf+N/DGL/5v5Yxb/t/LHLP5v549Z/N/JH7P4v5s/JvEfdSB/zOI/KH/M4j9S/pjFf+T8MYv/KPljFv/B+WMW/1Hzxyz+o+WPWfxHzx+z+I+RP2bxHzN/zOI/Vv6YxX/s/DGL/zj5Yxb/cfPHLP7j5Y9Z/MfPH7P4T5A/ZvGfMH/M4j9R/pjFf+L8MYv/x/LHLP6T5I9Z/D+eP2bxnzR/zOL/ifwxi/9k+WMW/0/mj1n8P5U/ZvGfPH/M4v/p/DGL/2fyxyz+U+SPWfw/mz9m8f9c/pjF//P5Yxb/KfPHLP5fyB+z+H8xf8zi/6X8MYv/VPljFv8v549Z/L+SP2bx/2r+mMX/a/ljFv+v549Z/L+RP2bxnzp/zOI/Tf6YxX/a/DGL/3T5Yxb/6fPHLP4z5I9Z/L+ZP2bxnzF/zOI/U/6YxX/m/DGL/yz5Yxb/b+WPWfxnzR+z+H87f8ziP1v+mMX/O/ljFv/v5o9Z/GfPH7P4z5E/ZvGfM3/M4j9X/pjF/3v5Yxb/ufPHLP7z5I9Z/OfNH7P4fz9/zOI/X/6Yxf8H+WMW//nzxyz+C+SPWfwXzB+z+C+UP2bx/2H+mMV/4fwxi/8i+WMW/0Xzxyz+i+WPWfwXzx+z+C+RP2bx/1H+mMX/x/ljFv8l88cs/kvlj1n8f5I/ZvH/af6YxX/p/DGL/zL5Yxb/ZfPHLP4/yx+z+C+XP2bxXz5/zOL/8/wxi/8K+WMW/xXzxyz+K+WPWfxXzh+z+K+SP2bxXzV/zOK/Wv6Yxf8X+WMW/9Xzxyz+a+SPWfzXzB+z+K+VP2bxXzt/zOK/Tv6YxX/d/DGL/3r5Yxb/9fPHLP4b5I9Z/H+ZP2bx/1X+mMV/w/wxi/9G+WMW/43zxyz+m+SPWfx/nT9m8f9N/pjFf9P8MYv/ZvljFv/N88cs/lvkj1n8t8wfs/j/Nn/M4r9V/pjF/3f5Yxb/rfPHLP6/zx+z+G+TP2bx3zZ/zOK/Xf6YxX/7/DGL/x/yxyz+f8wfs/jvkD9m8f9T/pjF/8/5Yxb/HfPHLP475Y9Z/P+SP2bx3zl/zOK/S/6YxX/X/DGL/1/zxyz+f8sfs/jvlj9m8d89f8ziv0f+mMV/z/wxi/9e+WMW/73zxyz+++SPWfz3zR+z+O+XP2bx3z9/zOJ/QP6Yxf/A/DGL/0H5Yxb/g/PHLP6H5I9Z/A/NH7P4H5Y/ZvE/PH/M4n9E/pjF/8j8MYv/UfljFv+j88cs/sfkj1n8j80fs/gflz9m8T8+f8zif0L+mMX/xPwxi/9J+WMW/5Pzxyz+p+SPWfxPzR+z+J+WP2bxPz1/zOJ/Rv6Yxf/M/DGL/1n5Yxb/s/PHLP7n5I9Z/M/NH7P4n5c/ZvE/P3/M4n9B/pjF/8L8MYv/RfljFv+L88cs/pfkj1n8L80fs/hflj9m8b88f8zif0X+mMX/yvwxi/9V+WMW/6vzxyz+1+SPWfyvzR+z+F+XP2bxvz5/zOJ/Q/6Yxf/G/DGL/035Yxb/m/PHLP635I9Z/G/NH7P435Y/ZvG/PX/M4n9H/pjF/878MYv/XfljFv+788cs/vfkj1n8780fs/jflz9m8b8/f8zi/0D+mMX/wfwxi/9D+WMW/4fzxyz+j+SPWfwfzR+z+D+WP2bxfzx/zOL/RP6Yxf/J/DGL/1P5Yxb/p/PHLP7P5I9Z/J/NH7P4P5c/ZvF/Pn/M4v9C/pjF/8X8MYv/S/ljFv+X88cs/q/kj1n8X80fs/i/lj9m8X89f8zi/0b+mMX/zfwxi/9b+WMW/7fzxyz+7+SPWfzfzR+T+I82kD9m8R+UP2bxHyl/zOI/cv6YxX+U/DGL/+D8MYv/qPljFv/R8scs/qPnj1n8x8gfs/iPmT9m8R8rf8ziP3b+mMV/nPwxi/+4+WMW//Hyxyz+4+ePWfwnyB+z+E+YP2bxnyh/zOI/cf6Yxf9j+WMW/0nyxyz+H88fs/hPmj9m8f9E/pjFf7L8MYv/J/PHLP6fyh+z+E+eP2bx/3T+mMX/M/ljFv8p8scs/p/NH7P4fy5/zOL/+fwxi/+U+WMW/y/kj1n8v5g/ZvH/Uv6YxX+q/DGL/5fzxyz+X8kfs/h/NX/M4v+1/DGL/9fzxyz+38gfs/hPnT9m8Z8mf8ziP23+mMV/uvwxi//0+WMW/xnyxyz+38wfs/jPmD9m8Z8pf8ziP3P+mMV/lvwxi/+38scs/rPmj1n8v50/ZvGfLX/M4v+d/DGL/3fzxyz+s+ePWfznyB+z+M+ZP2bxnyt/zOL/vfwxi//c+WMW/3nyxyz+8+aPWfy/nz9m8Z8vf8zi/4P8MYv//PljFv8F8scs/gvmj1n8F8ofs/j/MH/M4r9w/pjFf5H8MYv/ovljFv/F8scs/ovnj1n8l8gfs/j/KH/M4v/j/DGL/5L5Yxb/pfLHLP4/yR+z+P80f8ziv3T+mMV/mfwxi/+y+WMW/5/lj1n8l8sfs/gvnz9m8f95/pjFf4X8MYv/ivljFv+V8scs/ivnj1n8V8kfs/ivmj9m8V8tf8zi/4v8MYv/6vljFv818scs/mvmj1n818ofs/ivnT9m8V8nf8ziv27+mMV/vfwxi//6+WMW/w3yxyz+v8wfs/j/Kn/M4r9h/pjFf6P8MYv/xvljFv9N8scs/r/OH7P4/yZ/zOK/af6YxX+z/DGL/+b5Yxb/LfLHLP5b5o9Z/H+bP2bx3yp/zOL/u/wxi//W+WMW/9/nj1n8t8kfs/hvmz9m8d8uf8ziv33+mMX/D/ljFv8/5o9Z/HfIH7P4/yl/zOL/5/wxi/+O+WMW/53yxyz+f8kfs/jvnD9m8d8lf8ziv2v+mMX/r/ljFv+/5Y9Z/HfLH7P4754/ZvHfI3/M4r9n/pjFf6/8MYv/3vljFv998scs/vvmj1n898sfs/jvnz9m8T8gf8zif2D+mMX/oPwxi//B+WMW/0Pyxyz+h+aPWfwPyx+z+B+eP2bxPyJ/zOJ/ZP6Yxf+o/DGL/9H5Yxb/Y/LHLP7H5o9Z/I/LH7P4H58/ZvE/IX/M4n9i/pjF/6T8MYv/yfljFv9T8scs/qfmj1n8T8sfs/ifnj9m8T8jf8zif2b+mMX/rPwxi//Z+WMW/3Pyxyz+5+aPWfzPyx+z+J+fP2bxvyB/zOJ/Yf6Yxf+i/DGL/8X5Yxb/S/LHLP6X5o9Z/C/LH7P4X54/ZvG/In/M4n9l/pjF/6r8MYv/1fljFv9r8scs/tfmj1n8r8sfs/hfnz9m8b8hf8zif2P+mMX/pvwxi//N+WMW/1vyxyz+t+aPWfxvyx+z+N+eP2bxvyN/zOJ/Z/6Yxf+u/DGL/935Yxb/e/LHLP735o9Z/O/LH7P4358/ZvF/IH/M4v9g/pjF/6H8MYv/w/ljFv9H8scs/o/mj1n8H8sfs/g/nj9m8X8if8zi/2T+mMX/qfwxi//T+WMW/2fyxyz+z+aPWfyfyx+z+D+fP2bxfyF/zOL/Yv6Yxf+l/DGL/8v5Yxb/V/LHLP6v5o9Z/F/LH7P4v54/ZvF/I3/M4v9m/pjF/638MYv/2/ljFv938scs/u/mj0n8Rx/IH7P4D8ofs/iPlD9m8R85f8ziP0r+mMV/cP6YxX/U/DGL/2j5Yxb/0fPHLP5j5I9Z/MfMH7P4j5U/ZvEfO3/M4j9O/pjFf9z8MYv/ePljFv/x88cs/hPkj1n8J8wfs/hPlD9m8Z84f8zi/7H8MYv/JPljFv+P549Z/CfNH7P4fyJ/zOI/Wf6Yxf+T+WMW/0/lj1n8J88fs/h/On/M4v+Z/DGL/xT5Yxb/z+aPWfw/lz9m8f98/pjFf8r8MYv/F/LHLP5fzB+z+H8pf8ziP1X+mMX/y/ljFv+v5I9Z/L+aP2bx/1r+mMX/6/ljFv9v5I9Z/KfOH7P4T5M/ZvGfNn/M4j9d/pjFf/r8MYv/DPljFv9v5o9Z/GfMH7P4z5Q/ZvGfOX/M4j9L/pjF/1v5Yxb/WfPHLP7fzh+z+M+WP2bx/07+mMX/u/ljFv/Z88cs/nPkj1n858wfs/jPlT9m8f9e/pjFf+78MYv/PPljFv9588cs/t/PH7P4z5c/ZvH/Qf6YxX/+/DGL/wL5Yxb/BfPHLP4L5Y9Z/H+YP2bxXzh/zOK/SP6YxX/R/DGL/2L5Yxb/xfPHLP5L5I9Z/H+UP2bx/3H+mMV/yfwxi/9S+WMW/5/kj1n8f5o/ZvFfOn/M4r9M/pjFf9n8MYv/z/LHLP7L5Y9Z/JfPH7P4/zx/zOK/Qv6YxX/F/DGL/0r5Yxb/lfPHLP6r5I9Z/FfNH7P4r5Y/ZvH/Rf6YxX/1/DGL/xr5Yxb/NfPHLP5r5Y9Z/NfOH7P4r5M/ZvFfN3/M4r9e/pjFf/38MYv/BvljFv9f5o9Z/H+VP2bx3zB/zOK/Uf6YxX/j/DGL/yb5Yxb/X+ePWfx/kz9m8d80f8ziv1n+mMV/8/wxi/8W+WMW/y3zxyz+v80fs/hvlT9m8f9d/pjFf+v8MYv/7/PHLP7b5I9Z/LfNH7P4b5c/ZvHfPn/M4v+H/DGL/x/zxyz+O+SPWfz/lD9m8f9z/pjFf8f8MYv/TvljFv+/5I9Z/HfOH7P475I/ZvHfNX/M4v/X/DGL/9/yxyz+u+WPWfx3zx+z+O+RP2bx3zN/zOK/V/6YxX/v/DGL/z75Yxb/ffPHLP775Y9Z/PfPH7P4H5A/ZvE/MH/M4n9Q/pjF/+D8MYv/IfljFv9D88cs/oflj1n8D88fs/gfkT9m8T8yf8zif1T+mMX/6Pwxi/8x+WMW/2Pzxyz+x+WPWfyPzx+z+J+QP2bxPzF/zOJ/Uv6Yxf/k/DGL/yn5Yxb/U/PHLP6n5Y9Z/E/PH7P4n5E/ZvE/M3/M4n9W/pjF/+z8MYv/OfljFv9z88cs/uflj1n8z88fs/hfkD9m8b8wf8zif1H+mMX/4vwxi/8l+WMW/0vzxyz+l+WPWfwvzx+z+F+RP2bxvzJ/zOJ/Vf6Yxf/q/DGL/zX5Yxb/a/PHLP7X5Y9Z/K/PH7P435A/ZvG/MX/M4n9T/pjF/+b8MYv/LfljFv9b88cs/rflj1n8b88fs/jfkT9m8b8zf8zif1f+mMX/7vwxi/89+WMW/3vzxyz+9+WPWfzvzx+z+D+QP2bxfzB/zOL/UP6Yxf/h/DGL/yP5Yxb/R/PHLP6P5Y9Z/B/PH7P4P5E/ZvF/Mn/M4v9U/pjF/+n8MYv/M/ljFv9n88cs/s/lj1n8n88fs/i/kD9m8X8xf8zi/1L+mMX/5fwxi/8r+WMW/1fzxyz+r+WPWfxfzx+z+L+RP2bxfzN/zOL/Vv6Yxf/t/DGL/zv5Yxb/d/PHJP5jDOSPWfwH5Y9Z/EfKH7P4j5w/ZvEfJX/M4j84f8ziP2r+mMV/tPwxi//o+WMW/zHyxyz+Y+aPWfzHyh+z+I+dP2bxHyd/zOI/bv6YxX+8/DGL//j5Yxb/CfLHLP4T5o9Z/CfKH7P4T5w/ZvH/WP6YxX+S/DGL/8fzxyz+k+aPWfw/kT9m8Z8sf8zi/8n8MYv/p/LHLP6T549Z/D+dP2bx/0z+mMV/ivwxi/9n88cs/p/LH7P4fz5/zOI/Zf6Yxf8L+WMW/y/mj1n8v5Q/ZvGfKn/M4v/l/DGL/1fyxyz+X80fs/h/LX/M4v/1/DGL/zfyxyz+U+ePWfynyR+z+E+bP2bxny5/zOI/ff6YxX+G/DGL/zfzxyz+M+aPWfxnyh+z+M+cP2bxnyV/zOL/rfwxi/+s+WMW/2/nj1n8Z8sfs/h/J3/M4v/d/DGL/+z5Yxb/OfLHLP5z5o9Z/OfKH7P4fy9/zOI/d/6YxX+e/DGL/7z5Yxb/7+ePWfznyx+z+P8gf8ziP3/+mMV/gfwxi/+C+WMW/4Xyxyz+P8wfs/gvnD9m8V8kf8ziv2j+mMV/sfwxi//i+WMW/yXyxyz+P8ofs/j/OH/M4r9k/pjFf6n8MYv/T/LHLP4/zR+z+C+dP2bxXyZ/zOK/bP6Yxf9n+WMW/+Xyxyz+y+ePWfx/nj9m8V8hf8ziv2L+mMV/pfwxi//K+WMW/1Xyxyz+q+aPWfxXyx+z+P8if8ziv3r+mMV/jfwxi/+a+WMW/7Xyxyz+a+ePWfzXyR+z+K+bP2bxXy9/zOK/fv6YxX+D/DGL/y/zxyz+v8ofs/hvmD9m8d8of8ziv3H+mMV/k/wxi/+v88cs/r/JH7P4b5o/ZvHfLH/M4r95/pjFf4v8MYv/lvljFv/f5o9Z/LfKH7P4/y5/zOK/df6Yxf/3+WMW/23yxyz+2+aPWfy3yx+z+G+fP2bx/0P+mMX/j/ljFv8d8scs/n/KH7P4/zl/zOK/Y/6YxX+n/DGL/1/yxyz+O+ePWfx3yR+z+O+aP2bx/2v+mMX/b/ljFv/d8scs/rvnj1n898gfs/jvmT9m8d8rf8ziv3f+mMV/n/wxi/+++WMW//3yxyz+++ePWfwPyB+z+B+YP2bxPyh/zOJ/cP6Yxf+Q/DGL/6H5Yxb/w/LHLP6H549Z/I/IH7P4H5k/ZvE/Kn/M4n90/pjF/5j8MYv/sfljFv/j8scs/sfnj1n8T8gfs/ifmD9m8T8pf8zif3L+mMX/lPwxi/+p+WMW/9Pyxyz+p+ePWfzPyB+z+J+ZP2bxPyt/zOJ/dv6Yxf+c/DGL/7n5Yxb/8/LHLP7n549Z/C/IH7P4X5g/ZvG/KH/M4n9x/pjF/5L8MYv/pfljFv/L8scs/pfnj1n8r8gfs/hfmT9m8b8qf8zif3X+mMX/mvwxi/+1+WMW/+vyxyz+1+ePWfxvyB+z+N+YP2bxvyl/zOJ/c/6Yxf+W/DGL/635Yxb/2/LHLP63549Z/O/IH7P435k/ZvG/K3/M4n93/pjF/578MYv/vfljFv/78scs/vfnj1n8H8gfs/g/mD9m8X8of8zi/3D+mMX/kfwxi/+j+WMW/8fyxyz+j+ePWfyfyB+z+D+ZP2bxfyp/zOL/dP6Yxf+Z/DGL/7P5Yxb/5/LHLP7P549Z/F/IH7P4v5g/ZvF/KX/M4v9y/pjF/5X8MYv/q/ljFv/X8scs/q/nj1n838gfs/i/mT9m8X8rf8zi/3b+mMX/nfwxi/+7+WMS/zEH8scs/oPyxyz+I+WPWfxHzh+z+I+SP2bxH5w/ZvEfNX/M4j9a/pjFf/T8MYv/GPljFv8x88cs/mPlj1n8x84fs/iPkz9m8R83f8ziP17+mMV//Pwxi/8E+WMW/wnzxyz+E+WPWfwnzh+z+H8sf8ziP0n+mMX/4/ljFv9J88cs/p/IH7P4T5Y/ZvH/ZP6Yxf9T+WMW/8nzxyz+n84fs/h/Jn/M4j9F/pjF/7P5Yxb/z+WPWfw/nz9m8Z8yf8zi/4X8MYv/F/PHLP5fyh+z+E+VP2bx/3L+mMX/K/ljFv+v5o9Z/L+WP2bx/3r+mMX/G/ljFv+p88cs/tPkj1n8p80fs/hPlz9m8Z8+f8ziP0P+mMX/m/ljFv8Z88cs/jPlj1n8Z84fs/jPkj9m8f9W/pjFf9b8MYv/t/PHLP6z5Y9Z/L+TP2bx/27+mMV/9vwxi/8c+WMW/znzxyz+c+WPWfy/lz9m8Z87f8ziP0/+mMV/3vwxi//388cs/vPlj1n8f5A/ZvGfP3/M4r9A/pjFf8H8MYv/QvljFv8f5o9Z/BfOH7P4L5I/ZvFfNH/M4r9Y/pjFf/H8MYv/EvljFv8f5Y9Z/H+cP2bxXzJ/zOK/VP6Yxf8n+WMW/5/mj1n8l84fs/gvkz9m8V82f8zi/7P8MYv/cvljFv/l88cs/j/PH7P4r5A/ZvFfMX/M4r9S/pjFf+X8MYv/KvljFv9V88cs/qvlj1n8f5E/ZvFfPX/M4r9G/pjFf838MYv/WvljFv+188cs/uvkj1n8180fs/ivlz9m8V8/f8ziv0H+mMX/l/ljFv9f5Y9Z/DfMH7P4b5Q/ZvHfOH/M4r9J/pjF/9f5Yxb/3+SPWfw3zR+z+G+WP2bx3zx/zOK/Rf6YxX/L/DGL/2/zxyz+W+WPWfx/lz9m8d86f8zi//v8MYv/NvljFv9t88cs/tvlj1n8t88fs/j/IX/M4v/H/DGL/w75Yxb/P+WPWfz/nD9m8d8xf8ziv1P+mMX/L/ljFv+d88cs/rvkj1n8d80fs/j/NX/M4v+3/DGL/275Yxb/3fPHLP575I9Z/PfMH7P475U/ZvHfO3/M4r9P/pjFf9/8MYv/fvljFv/988cs/gfkj1n8D8wfs/gflD9m8T84f8zif0j+mMX/0Pwxi/9h+WMW/8Pzxyz+R+SPWfyPzB+z+B+VP2bxPzp/zOJ/TP6Yxf/Y/DGL/3H5Yxb/4/PHLP4n5I9Z/E/MH7P4n5Q/ZvE/OX/M4n9K/pjF/9T8MYv/afljFv/T88cs/mfkj1n8z8wfs/iflT9m8T87f8zif07+mMX/3Pwxi/95+WMW//Pzxyz+F+SPWfwvzB+z+F+UP2bxvzh/zOJ/Sf6Yxf/S/DGL/2X5Yxb/y/PHLP5X5I9Z/K/MH7P4X5U/ZvG/On/M4n9N/pjF/9r8MYv/dfljFv/r88cs/jfkj1n8b8wfs/jflD9m8b85f8zif0v+mMX/1vwxi/9t+WMW/9vzxyz+d+SPWfzvzB+z+N+VP2bxvzt/zOJ/T/6Yxf/e/DGL/335Yxb/+/PHLP4P5I9Z/B/MH7P4P5Q/ZvF/OH/M4v9I/pjF/9H8MYv/Y/ljFv/H88cs/k/kj1n8n8wfs/g/lT9m8X86f8zi/0z+mMX/2fwxi/9z+WMW/+fzxyz+L+SPWfxfzB+z+L+UP2bxfzl/zOL/Sv6Yxf/V/DGL/2v5Yxb/1/PHLP5v5I9Z/N/MH7P4v5U/ZvF/O3/M4v9O/pjF/938MYn/WAP5Yxb/QfljFv+R8scs/iPnj1n8R8kfs/gPzh+z+I+aP2bxHy1/zOI/ev6YxX+M/DGL/5j5Yxb/sfLHLP5j549Z/MfJH7P4j5s/ZvEfL3/M4j9+/pjFf4L8MYv/hPljFv+J8scs/hPnj1n8P5Y/ZvGfJH/M4v/x/DGL/6T5Yxb/T+SPWfwnyx+z+H8yf8zi/6n8MYv/5PljFv9P549Z/D+TP2bxnyJ/zOL/2fwxi//n8scs/p/PH7P4T5k/ZvH/Qv6Yxf+L+WMW/y/lj1n8p8ofs/h/OX/M4v+V/DGL/1fzxyz+X8sfs/h/PX/M4v+N/DGL/9T5Yxb/afLHLP7T5o9Z/KfLH7P4T58/ZvGfIX/M4v/N/DGL/4z5Yxb/mfLHLP4z549Z/GfJH7P4fyt/zOI/a/6Yxf/b+WMW/9nyxyz+38kfs/h/N3/M4j97/pjFf478MYv/nPljFv+58scs/t/LH7P4z50/ZvGfJ3/M4j9v/pjF//v5Yxb/+fLHLP4/yB+z+M+fP2bxXyB/zOK/YP6YxX+h/DGL/w/zxyz+C+ePWfwXyR+z+C+aP2bxXyx/zOK/eP6YxX+J/DGL/4/yxyz+P84fs/gvmT9m8V8qf8zi/5P8MYv/T/PHLP5L549Z/JfJH7P4L5s/ZvH/Wf6YxX+5/DGL//L5Yxb/n+ePWfxXyB+z+K+YP2bxXyl/zOK/cv6YxX+V/DGL/6r5Yxb/1fLHLP6/yB+z+K+eP2bxXyN/zOK/Zv6YxX+t/DGL/9r5Yxb/dfLHLP7r5o9Z/NfLH7P4r58/ZvHfIH/M4v/L/DGL/6/yxyz+G+aPWfw3yh+z+G+cP2bx3yR/zOL/6/wxi/9v8scs/pvmj1n8N8sfs/hvnj9m8d8if8ziv2X+mMX/t/ljFv+t8scs/r/LH7P4b50/ZvH/ff6YxX+b/DGL/7b5Yxb/7fLHLP7b549Z/P+QP2bx/2P+mMV/h/wxi/+f8scs/n/OH7P475g/ZvHfKX/M4v+X/DGL/875Yxb/XfLHLP675o9Z/P+aP2bx/1v+mMV/t/wxi//u+WMW/z3yxyz+e+aPWfz3yh+z+O+dP2bx3yd/zOK/b/6YxX+//DGL//75Yxb/A/LHLP4H5o9Z/A/KH7P4H5w/ZvE/JH/M4n9o/pjF/7D8MYv/4fljFv8j8scs/kfmj1n8j8ofs/gfnT9m8T8mf8zif2z+mMX/uPwxi//x+WMW/xPyxyz+J+aPWfxPyh+z+J+cP2bxPyV/zOJ/av6Yxf+0/DGL/+n5Yxb/M/LHLP5n5o9Z/M/KH7P4n50/ZvE/J3/M4n9u/pjF/7z8MYv/+fljFv8L8scs/hfmj1n8L8ofs/hfnD9m8b8kf8zif2n+mMX/svwxi//l+WMW/yvyxyz+V+aPWfyvyh+z+F+dP2bxvyZ/zOJ/bf6Yxf+6/DGL//X5Yxb/G/LHLP435o9Z/G/KH7P435w/ZvG/JX/M4n9r/pjF/7b8MYv/7fljFv878scs/nfmj1n878ofs/jfnT9m8b8nf8zif2/+mMX/vvwxi//9+WMW/wfyxyz+D+aPWfwfyh+z+D+cP2bxfyR/zOL/aP6Yxf+x/DGL/+P5Yxb/J/LHLP5P5o9Z/J/KH7P4P50/ZvF/Jn/M4v9s/pjF/7n8MYv/8/ljFv8X8scs/i/mj1n8X8ofs/i/nD9m8X8lf8zi/2r+mMX/tfwxi//r+WMW/zfyxyz+b+aPWfzfyh+z+L+dP2bxfyd/zOL/bv6YxH/sgfwxi/+g/DGL/0j5Yxb/kfPHLP6j5I9Z/Afnj1n8R80fs/iPlj9m8R89f8ziP0b+mMV/zPwxi/9Y+WMW/7Hzxyz+4+SPWfzHzR+z+I+XP2bxHz9/zOI/Qf6YxX/C/DGL/0T5Yxb/ifPHLP4fyx+z+E+SP2bx/3j+mMV/0vwxi/8n8scs/pPlj1n8P5k/ZvH/VP6YxX/y/DGL/6fzxyz+n8kfs/hPkT9m8f9s/pjF/3P5Yxb/z+ePWfynzB+z+H8hf8zi/8X8MYv/l/LHLP5T5Y9Z/L+cP2bx/0r+mMX/q/ljFv+v5Y9Z/L+eP2bx/0b+mMV/6vwxi/80+WMW/2nzxyz+0+WPWfynzx+z+M+QP2bx/2b+mMV/xvwxi/9M+WMW/5nzxyz+s+SPWfy/lT9m8Z81f8zi/+38MYv/bPljFv/v5I9Z/L+bP2bxnz1/zOI/R/6YxX/O/DGL/1z5Yxb/7+WPWfznzh+z+M+TP2bxnzd/zOL//fwxi/98+WMW/x/kj1n8588fs/gvkD9m8V8wf8ziv1D+mMX/h/ljFv+F88cs/ovkj1n8F80fs/gvlj9m8V88f8ziv0T+mMX/R/ljFv8f549Z/JfMH7P4L5U/ZvH/Sf6Yxf+n+WMW/6Xzxyz+y+SPWfyXzR+z+P8sf8ziv1z+mMV/+fwxi//P88cs/ivkj1n8V8wfs/ivlD9m8V85f8ziv0r+mMV/1fwxi/9q+WMW/1/kj1n8V88fs/ivkT9m8V8zf8ziv1b+mMV/7fwxi/86+WMW/3Xzxyz+6+WPWfzXzx+z+G+QP2bx/2X+mMX/V/ljFv8N88cs/hvlj1n8N84fs/hvkj9m8f91/pjF/zf5Yxb/TfPHLP6b5Y9Z/DfPH7P4b5E/ZvHfMn/M4v/b/DGL/1b5Yxb/3+WPWfy3zh+z+P8+f8ziv03+mMV/2/wxi/92+WMW/+3zxyz+f8gfs/j/MX/M4r9D/pjF/0/5Yxb/P+ePWfx3zB+z+O+UP2bx/0v+mMV/5/wxi/8u+WMW/13zxyz+f80fs/j/LX/M4r9b/pjFf/f8MYv/HvljFv8988cs/nvlj1n8984fs/jvkz9m8d83f8ziv1/+mMV///wxi/8B+WMW/wPzxyz+B+WPWfwPzh+z+B+SP2bxPzR/zOJ/WP6Yxf/w/DGL/xH5Yxb/I/PHLP5H5Y9Z/I/OH7P4H5M/ZvE/Nn/M4n9c/pjF//j8MYv/CfljFv8T88cs/iflj1n8T84fs/ifkj9m8T81f8zif1r+mMX/9Pwxi/8Z+WMW/zPzxyz+Z+WPWfzPzh+z+J+TP2bxPzd/zOJ/Xv6Yxf/8/DGL/wX5Yxb/C/PHLP4X5Y9Z/C/OH7P4X5I/ZvG/NH/M4n9Z/pjF//L8MYv/FfljFv8r88cs/lflj1n8r84fs/hfkz9m8b82f8zif13+mMX/+vwxi/8N+WMW/xvzxyz+N+WPWfxvzh+z+N+SP2bxvzV/zOJ/W/6Yxf/2/DGL/x35Yxb/O/PHLP535Y9Z/O/OH7P435M/ZvG/N3/M4n9f/pjF//78MYv/A/ljFv8H88cs/g/lj1n8H84fs/g/kj9m8X80f8zi/1j+mMX/8fwxi/8T+WMW/yfzxyz+T+WPWfyfzh+z+D+TP2bxfzZ/zOL/XP6Yxf/5/DGL/wv5Yxb/F/PHLP4v5Y9Z/F/OH7P4v5I/ZvF/NX/M4v9a/pjF//X8MYv/G/ljFv8388cs/m/lj1n8384fs/i/kz9m8X83f0ziP85A/pjFf1D+mMV/pPwxi//I+WMW/1Hyxyz+g/PHLP6j5o9Z/EfLH7P4j54/ZvEfI3/M4j9m/pjFf6z8MYv/2PljFv9x8scs/uPmj1n8x8sfs/iPnz9m8Z8gf8ziP2H+mMV/ovwxi//E+WMW/4/lj1n8J8kfs/h/PH/M4j9p/pjF/xP5Yxb/yfLHLP6fzB+z+H8qf8ziP3n+mMX/0/ljFv/P5I9Z/KfIH7P4fzZ/zOL/ufwxi//n88cs/lPmj1n8v5A/ZvH/Yv6Yxf9L+WMW/6nyxyz+X84fs/h/JX/M4v/V/DGL/9fyxyz+X88fs/h/I3/M4j91/pjFf5r8MYv/tPljFv/p8scs/tPnj1n8Z8gfs/h/M3/M4j9j/pjFf6b8MYv/zPljFv9Z8scs/t/KH7P4z5o/ZvH/dv6YxX+2/DGL/3fyxyz+380fs/jPnj9m8Z8jf8ziP2f+mMV/rvwxi//38scs/nPnj1n858kfs/jPmz9m8f9+/pjFf778MYv/D/LHLP7z549Z/BfIH7P4L5g/ZvFfKH/M4v/D/DGL/8L5Yxb/RfLHLP6L5o9Z/BfLH7P4L54/ZvFfIn/M4v+j/DGL/4/zxyz+S+aPWfyXyh+z+P8kf8zi/9P8MYv/0vljFv9l8scs/svmj1n8f5Y/ZvFfLn/M4r98/pjF/+f5Yxb/FfLHLP4r5o9Z/FfKH7P4r5w/ZvFfJX/M4r9q/pjFf7X8MYv/L/LHLP6r549Z/NfIH7P4r5k/ZvFfK3/M4r92/pjFf538MYv/uvljFv/18scs/uvnj1n8N8gfs/j/Mn/M4v+r/DGL/4b5Yxb/jfLHLP4b549Z/DfJH7P4/zp/zOL/m/wxi/+m+WMW/83yxyz+m+ePWfy3yB+z+G+ZP2bx/23+mMV/q/wxi//v8scs/lvnj1n8f58/ZvHfJn/M4r9t/pjFf7v8MYv/9vljFv8/5I9Z/P+YP2bx3yF/zOL/p/wxi/+f88cs/jvmj1n8d8ofs/j/JX/M4r9z/pjFf5f8MYv/rvljFv+/5o9Z/P+WP2bx3y1/zOK/e/6YxX+P/DGL/575Yxb/vfLHLP57549Z/PfJH7P475s/ZvHfL3/M4r9//pjF/4D8MYv/gfljFv+D8scs/gfnj1n8D8kfs/gfmj9m8T8sf8zif3j+mMX/iPwxi/+R+WMW/6Pyxyz+R+ePWfyPyR+z+B+bP2bxPy5/zOJ/fP6Yxf+E/DGL/4n5Yxb/k/LHLP4n549Z/E/JH7P4n5o/ZvE/LX/M4n96/pjF/4z8MYv/mfljFv+z8scs/mfnj1n8z8kfs/ifmz9m8T8vf8zif37+mMX/gvwxi/+F+WMW/4vyxyz+F+ePWfwvyR+z+F+aP2bxvyx/zOJ/ef6Yxf+K/DGL/5X5Yxb/q/LHLP5X549Z/K/JH7P4X5s/ZvG/Ln/M4n99/pjF/4b8MYv/jfljFv+b8scs/jfnj1n8b8kfs/jfmj9m8b8tf8zif3v+mMX/jvwxi/+d+WMW/7vyxyz+d+ePWfzvyR+z+N+bP2bxvy9/zOJ/f/6Yxf+B/DGL/4P5Yxb/h/LHLP4P549Z/B/JH7P4P5o/ZvF/LH/M4v94/pjF/4n8MYv/k/ljFv+n8scs/k/nj1n8n8kfs/g/mz9m8X8uf8zi/3z+mMX/hfwxi/+L+WMW/5fyxyz+L+ePWfxfyR+z+L+aP2bxfy1/zOL/ev6Yxf+N/DGL/5v5Yxb/t/LHLP5v549Z/N/JH7P4v5s/JvEfdyB/zOI/KH/M4j9S/pjFf+T8MYv/KPljFv/B+WMW/1Hzxyz+o+WPWfxHzx+z+I+RP2bxHzN/zOI/Vv6YxX/s/DGL/zj5Yxb/cfPHLP7j5Y9Z/MfPH7P4T5A/ZvGfMH/M4j9R/pjFf+L8MYv/x/LHLP6T5I9Z/D+eP2bxnzR/zOL/ifwxi/9k+WMW/0/mj1n8P5U/ZvGfPH/M4v/p/DGL/2fyxyz+U+SPWfw/mz9m8f9c/pjF//P5Yxb/KfPHLP5fyB+z+H8xf8zi/6X8MYv/VPljFv8v549Z/L+SP2bx/2r+mMX/a/ljFv+v549Z/L+RP2bxnzp/zOI/Tf6YxX/a/DGL/3T5Yxb/6fPHLP4z5I9Z/L+ZP2bxnzF/zOI/U/6YxX/m/DGL/yz5Yxb/b+WPWfxnzR+z+H87f8ziP1v+mMX/O/ljFv/v5o9Z/GfPH7P4z5E/ZvGfM3/M4j9X/pjF/3v5Yxb/ufPHLP7z5I9Z/OfNH7P4fz9/zOI/X/6Yxf8H+WMW//nzxyz+C+SPWfwXzB+z+C+UP2bx/2H+mMV/4fwxi/8i+WMW/0Xzxyz+i+WPWfwXzx+z+C+RP2bx/1H+mMX/x/ljFv8l88cs/kvlj1n8f5I/ZvH/af6YxX/p/DGL/zL5Yxb/ZfPHLP4/yx+z+C+XP2bxXz5/zOL/8/wxi/8K+WMW/xXzxyz+K+WPWfxXzh+z+K+SP2bxXzV/zOK/Wv6Yxf8X+WMW/9Xzxyz+a+SPWfzXzB+z+K+VP2bxXzt/zOK/Tv6YxX/d/DGL/3r5Yxb/9fPHLP4b5I9Z/H+ZP2bx/1X+mMV/w/wxi/9G+WMW/43zxyz+m+SPWfx/nT9m8f9N/pjFf9P8MYv/ZvljFv/N88cs/lvkj1n8t8wfs/j/Nn/M4r9V/pjF/3f5Yxb/rfPHLP6/zx+z+G+TP2bx3zZ/zOK/Xf6YxX/7/DGL/x/yxyz+f8wfs/jvkD9m8f9T/pjF/8/5Yxb/HfPHLP475Y9Z/P+SP2bx3zl/zOK/S/6YxX/X/DGL/1/zxyz+f8sfs/jvlj9m8d89f8ziv0f+mMV/z/wxi/9e+WMW/73zxyz+++SPWfz3zR+z+O+XP2bx3z9/zOJ/QP6Yxf/A/DGL/0H5Yxb/g/PHLP6H5I9Z/A/NH7P4H5Y/ZvE/PH/M4n9E/pjF/8j8MYv/UfljFv+j88cs/sfkj1n8j80fs/gflz9m8T8+f8zif0L+mMX/xPwxi/9J+WMW/5Pzxyz+p+SPWfxPzR+z+J+WP2bxPz1/zOJ/Rv6Yxf/M/DGL/1n5Yxb/s/PHLP7n5I9Z/M/NH7P4n5c/ZvE/P3/M4n9B/pjF/8L8MYv/RfljFv+L88cs/pfkj1n8L80fs/hflj9m8b88f8zif0X+mMX/yvwxi/9V+WMW/6vzxyz+1+SPWfyvzR+z+F+XP2bxvz5/zOJ/Q/6Yxf/G/DGL/035Yxb/m/PHLP635I9Z/G/NH7P435Y/ZvG/PX/M4n9H/pjF/878MYv/XfljFv+788cs/vfkj1n8780fs/jflz9m8b8/f8zi/0D+mMX/wfwxi/9D+WMW/4fzxyz+j+SPWfwfzR+z+D+WP2bxfzx/zOL/RP6Yxf/J/DGL/1P5Yxb/p/PHLP7P5I9Z/J/NH7P4P5c/ZvF/Pn/M4v9C/pjF/8X8MYv/S/ljFv+X88cs/q/kj1n8X80fs/i/lj9m8X89f8zi/0b+mMX/zfwxi/9b+WMW/7fzxyz+7+SPWfzfzR+T+I83kD9m8R+UP2bxHyl/zOI/cv6YxX+U/DGL/+D8MYv/qPljFv/R8scs/qPnj1n8x8gfs/iPmT9m8R8rf8ziP3b+mMV/nPwxi/+4+WMW//Hyxyz+4+ePWfwnyB+z+E+YP2bxnyh/zOI/cf6Yxf9j+WMW/0nyxyz+H88fs/hPmj9m8f9E/pjFf7L8MYv/J/PH/j/26MEADAQAAtjbGuBt27Zt27Zt27Zt27ZtW3UXuAl6yQpp+Z/Yf9TyP4n/qOV/Uv9Ry/9k/qOW/8n9Ry3/U/iPWv6n9B+1/E/lP2r5n9p/1PI/jf+o5X9a/1HL/3T+o5b/6f1HLf8z+I9a/mf0H7X8z+Q/avmf2X/U8j+L/6jlf1b/Ucv/bP6jlv/Z/Uct/3P4j1r+5/QftfzP5T9q+Z/bf9TyP4//qOV/Xv9Ry/98/qOW//n9Ry3/C/iPWv4X9B+1/C/kP2r5X9h/1PK/iP+o5X9R/1HL/2L+o5b/xf1HLf9L+I9a/pf0H7X8L+U/avlf2n/U8r+M/6jlf1n/Ucv/cv6jlv/l/Uct/yv4j1r+V/Qftfyv5D9q+V/Zf9Tyv4r/qOV/Vf9Ry/9q/qOW/9X9Ry3/a/iPWv7X9B+1/K/lP2r5X9t/1PK/jv+o5X9d/1HL/3r+o5b/9f1HLf8b+I9a/jf0H7X8b+Q/avnf2H/U8r+J/6jlf1P/Ucv/Zv6jlv/N/Uct/1v4j1r+t/Qftfxv5T9q+d/af9Tyv43/qOV/W/9Ry/92/qOW/+39Ry3/O/iPWv539B+1/O/kP2r539l/1PK/i/+o5X9X/1HL/27+o5b/3f1HLf97+I9a/vf0H7X87+U/avnf23/U8r+P/6jlf1//Ucv/fv6jlv/9/Uct/wf4j1r+D/Qftfwf5D9q+T/Yf9Tyf4j/qOX/UP9Ry/9h/qOW/8P9Ry3/R/iPWv6P9B+1/B/lP2r5P9p/1PJ/jP+o5f9Y/1HL/3H+o5b/4/1HLf8n+I9a/k/0H7X8n+Q/avk/2X/U8n+K/6jl/1T/Ucv/af6jlv/T/Uct/2f4j1r+z/Qftfyf5T9q+T/bf9Tyf47/qOX/XP9Ry/95/qOW//P9Ry3/F/iPWv4v9B+1/F/kP2r5v9h/1PJ/if+o5f9S/1HL/2X+o5b/y/1HLf9X+I9a/q/0H7X8X+U/avm/2n/U8n+N/6jl/1r/Ucv/df6jlv/r/Uct/zf4j1r+b/Qftfzf5D9q+b/Zf9Tyf4v/qOX/Vv9Ry/9t/qOW/9v9Ry3/d/iPWv7v9B+1/N/lP2r5v9t/1PJ/j/+o5f9e/1HL/33+o5b/+/1HLf8P+I9a/h/0H7X8P+Q/avl/2H/U8v+I/6jl/1H/Ucv/Y/6jlv/H/Uct/0/4j1r+n/Qftfw/5T9q+X/af9Ty/4z/qOX/Wf9Ry/9z/qOW/+f9Ry3/L/iPWv5f9B+1/L/kP2r5f9l/1PL/iv+o5f9V/1HL/2v+o5b/1/1HLf9v+I9a/t/0H7X8v+U/avl/23/U8v+O/6jl/13/Ucv/e/6jlv/3/Uct/x/4j1r+P/Qftfx/5D9q+f/Yf9Ty/4n/qOX/U/9Ry/9n/qOW/8/9Ry3/X/iPWv6/9B+1/H/lP2r5/9p/1PL/jf+o5f9b/1HL/3f+o5b/7/1HLf8/+I9a/n/0H7X8/+Q/avn/2X/U8v+L/6jl/1f/Ucv/b/6jlv/f/Uct/3/4j1r+//Qftfz/5T9q+f/bf9Ty/4//qOX/X/9Ry/9//qOW///9Ry3/A/xHLf8D/Uct/4P8Ry3/g/1HLf9D/Ect/0P9Ry3/w/xHJf8TjeQ/avkf2X/U8j+K/6jlf1T/Ucv/aP6jlv/R/Uct/2P4j1r+x/QftfyP5T9q+R/bf9TyP47/qOV/XP9Ry/94/qOW//H9Ry3/E/iPWv4n9B+NcP8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADCcvbuNzass/Dh+urZ7+rN/N+fwGjIYbLqJK1u7MhlsPtTHgqk6FgMmkC2sjEph7iG4gVoNSgzGMBkJIuo2dRNIjBkvhgkIK4lKnIrGiWiIQ1AXMTVMZETjUnO3vUt7r23Wq17XXuzzedHe55Tf6bbku3PK1gwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgpc3bbrlhbUdH2yYvvPDCi4EXp/p3JiC116I/1T8SAAAAAAAAAAAAAABgJDm+nehU/xwBAAAAAOB009L6ru7qqiGnqgcfzPl5W+/7plevvH7P84+vLL/v//Dlw1xywuCDnp6enpeau2b2H04qiqL02ab3H0+uHJeu39l1+fa+o1D89tnm1m3bmw/u/MrXH547dfqc2t6ztcWa69o72pZMKIpQXVtsLR00VBVFmFhbbC8dNJYOJtUW95cOlvYeTCkOlA4uvHZDx7rSiRM+NZx2Wlo/W1QPKbYY8rvB4P47uzbtKr8f5ZLlq9UU/f3XNf9wb8XHykbov3z9UFXZ/5h/gsCIxtb/7QvL70e55An3/0fb61YN97GR+y9fP0zQP6QzzPP/kEZ7n/f37J8xwvP/3GEuObD/6V9WdpX6v+mXL9T3n6o5mef/0ufrOwrVlf1PGPL8X3qOryk//08qilA7zl8OOK20tH6ue7T7f2X3Q/uvOatiUzW4/6Or9lSX+j981wPv7z9Ve1L9D1w/1Ixy/6/6zIGhP1ZgbFpad/dU3P/H0H+xYJhLDvQ/f/exq0r9n7HzyL5BHxtL/7WV/S/ecuMnFm/edkt9+41r17etb7upsbGhaemypsaLli/ufSToezvOXxU4PYzv/l9MrdhUFUXbwH7Rh5e9VOr/4Ln/+Fv/qclj7H/iqPf/59z/YVjnTygmTiy2rt2yZVND39vyYWPf277/bJj+T/z6f8T+55X/P2D56+7SF+QD+9+886sfKfV/76RVD/SfmjjG/ieN1n/na58XiDDO+/+6is2Q/ttf/c66Uv9/euX4of5TY/36f/Ko/e9y/4fxaGmt+As//2Ol/lf/6/Bwf05wEsIUf/4H6eTof+u0X3wzbh2m6h/SydH/0s1tkX/ZNvyf/iGdHP3/akfVkbh1OEP/kE6O/r/W/eDGuHWYpn9IJ0f/+2c/8lTcOvy//iGdHP0fXz/9qrh1qNM/pJOj/8u+tHd13DpM1z+kk6P/qlemPRG3DjP0D+nk6L++6uxPxa3D6/QP6eTo/7rOh1+MW4eZ+od0cvT/+Z2/jvw+nfB6/UM6Ofp/6o9bd8Stwyz9Qzo5+n9hVnt93DqcqX9IJ0f/99/wxCNx6/AG/UM6Ofp/+lsfPBa3DkH/kE6O/r/x7JE1ceswW/+QTo7+9y089oe4dThL/5BOjv7//dGrPxC3Dm/UP6STo/+wf/l349bhbP1DOjn6v+LJuxri1mGO/iGdHP13rrjtzrh1OEf/kE6O/puaF86OW4dz9Q/p5Oh/xp//fnfcOszVP6STo/+P3ffeyn/3+ySF8/QP6eTo/+YNqx+NW4fz9Q/p5Oh/5YyeC+LWYZ7+IZ0c/R8+et+P4tZhvv4hnRz9333nkivi1uFN+od0cvT/g1vP645bhzfrH9LJ0f/LtXfcGrcOC/QP6eTo/8s/q1kWtw4L9Q/p5Oj/xw99f1fcOrxF/5BOjv5ffN9j58StwwX6h3Ry9L/74llfjFuHt+of0snR/7uf2bg+bh0W6R/SydH/5L2/Pxq3DvX6h3Ry9D9/1cEPxa3DhfqHdHL0v2HRmt/FrcNi/UM6Ofp/5sDTh+LWYYn+IZ0c/e947NPNcevQoH9IJ0f/j1/W8Z+4dWjUP6STo/9/Nv3k43HrsFT/kE6O/s889O0vxK1Dk/4hnRz9X/3g5Jlx63CR/iGdHP1vvGb29+LWYZn+IZ0c/V8y96FL49bhbfqHdHL0/56/rrg5bh0u1j+kk6P/unvueS5uHZbrH9LJ0f+8a2+/Jm4dLtE/pJOj/+vn1D8Ztw6X6h/SydH/HcdbFsStwwr9Qzo5+u+67fl9ceuwUv+QTo7+uz/5cl3cOrxd/5BOjv73Trny3rh1eIf+AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOC/7MCBAAAAAACQ/2sjVFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWEHDmQAAAAAhPlb59F+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAnwIAAP//r0PLXg==") chown(&(0x7f0000000000)='./file2\x00', 0x0, 0xee01) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_service_time\x00', 0x275a, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x800fee}) 1.626964431s ago: executing program 6 (id=1292): sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[@sndinfo={0x20}], 0x20}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5000000000010000000000000000000000000000180001801400018008000100ac1414bb08000200ac0314bb240002801400018008b2a6eb93c60a14bd000100ac1414aa080002"], 0x50}}, 0x0) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="d824000028000100020000080000000001"], 0x24d8}], 0x1}, 0x0) 1.472806748s ago: executing program 8 (id=1293): r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000000)={&(0x7f00002b9000/0x400000)=nil, &(0x7f0000779000/0x1000)=nil, 0x400000, 0x3, 0x2}) 1.314734232s ago: executing program 6 (id=1294): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000000)=0x2, 0x4) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) poll(&(0x7f0000000300)=[{r0, 0x1040}], 0x1, 0x81) 1.242265856s ago: executing program 8 (id=1295): r0 = syz_io_uring_setup(0xd2, &(0x7f0000000480), &(0x7f0000000140)=0x0, &(0x7f0000000580)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000940)=@IORING_OP_UNLINKAT={0x24, 0x9, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r0, 0x47ba, 0x0, 0x0, 0x0, 0x0) 1.020666664s ago: executing program 8 (id=1296): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) pipe2(&(0x7f0000000000)={0x0, 0x0}, 0x0) fcntl$setstatus(r1, 0x4, 0x42800) close_range(r0, 0xffffffffffffffff, 0x0) 902.885727ms ago: executing program 6 (id=1297): r0 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000200)={0x1d, r1, 0x1}, 0x18) write$P9_RWSTAT(r0, &(0x7f00000005c0)={0x7}, 0x7) 790.824645ms ago: executing program 8 (id=1298): capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000080)) r0 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) 787.189847ms ago: executing program 6 (id=1299): sendmsg$NL80211_CMD_SET_BEACON(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x13b0}, 0x1, 0x0, 0x0, 0x4048004}, 0x80080) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0) preadv(r0, &(0x7f0000000280), 0x25, 0x0, 0x1000) 598.502535ms ago: executing program 6 (id=1300): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000041436120410e5150e8d5000000010902f98a5c01000000090401001186eee2000905821704"], 0x0) syz_usb_connect$cdc_ecm(0x1, 0x0, 0x0, &(0x7f0000000580)={0x0, 0x0, 0x14, &(0x7f0000000100)={0x5, 0xf, 0x14, 0x2, [@generic={0x3, 0x10, 0x2}, @ssp_cap={0xc, 0x10, 0xa, 0x3, 0x0, 0xcd, 0xf00f, 0x5}]}}) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xfffffffffffffddf, &(0x7f00000000c0)=ANY=[]) syz_usb_control_io(r0, 0x0, 0x0) 590.858019ms ago: executing program 8 (id=1301): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000004c0)={'veth1_to_hsr\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000e00)=@newlink={0x44, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r2}, @IFLA_MASTER={0x8, 0x3}]}, 0x44}}, 0x0) 320.44958ms ago: executing program 1 (id=1302): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000400)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r0, &(0x7f0000003700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010060000000000015008300000008000300", @ANYRES32=r2], 0x50}}, 0x0) 142.835745ms ago: executing program 5 (id=1303): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0) mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000) syz_clone3(&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_clone3(&(0x7f0000000140)={0x4000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 23.677372ms ago: executing program 8 (id=1304): pipe(&(0x7f00000045c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f00000002c0)={0x30, 0x5, 0x0, {0x0, 0x4, 0x5, 0x3}}, 0x30) r2 = socket$inet(0x2, 0xa, 0x7) splice(r0, 0x0, r2, 0x0, 0x8000, 0x0) 0s ago: executing program 7 (id=1305): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x8, 0x0, 0x7fff7ffc}]}) r0 = syz_io_uring_setup(0x22d, &(0x7f0000000180)={0x0, 0xdd68, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0}) io_uring_enter(r0, 0x7a98, 0x0, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): und nat_bits in checkpoint [ 200.727220][ T1083] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 200.771851][ T1083] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 200.828115][ T8098] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5 [ 200.843284][ T9] rc_core: IR keymap rc-hauppauge not found [ 200.849231][ T9] Registered IR keymap rc-empty [ 200.854671][ T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 200.866968][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 200.875417][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 200.883521][ T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 200.907387][ T9] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 200.925824][ T8098] syz.8.760: attempt to access beyond end of device [ 200.925824][ T8098] loop8: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 200.936932][ T8141] loop2: detected capacity change from 0 to 128 [ 200.955954][ T9] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input12 [ 200.969638][ T8141] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 200.973278][ T8098] F2FS-fs (loop8): inject write IO error in f2fs_write_end_io of bio_endio+0x6dc/0x820 [ 201.000003][ T8141] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 201.027959][ T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 201.036810][ T29] audit: type=1800 audit(1731716404.541:133): pid=8141 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.774" name="bus" dev="loop2" ino=1048634 res=0 errno=0 [ 201.074459][ T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 201.104063][ T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 201.127435][ T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 201.173517][ T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 201.185711][ T1083] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 201.206486][ T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 201.260974][ T7560] syz-executor: attempt to access beyond end of device [ 201.260974][ T7560] loop8: rw=2049, sector=45104, nr_sectors = 16 limit=40427 [ 201.263628][ T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 201.322759][ T7560] F2FS-fs (loop8): Stopped filesystem due to reason: 3 [ 201.323968][ T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 201.340873][ T7560] F2FS-fs (loop8): Stopped filesystem due to reason: 3 [ 201.413359][ T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 201.451334][ T8126] loop5: detected capacity change from 0 to 40427 [ 201.474507][ T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 201.492524][ T8126] F2FS-fs (loop5): invalid crc value [ 201.544056][ T9] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 201.572573][ T8126] F2FS-fs (loop5): Found nat_bits in checkpoint [ 201.583933][ T9] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 201.604255][ T9] usb 4-1: USB disconnect, device number 5 [ 201.787159][ T8126] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 201.858053][ T8150] f2fs_ckpt-7:5: attempt to access beyond end of device [ 201.858053][ T8150] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 201.907557][ T8150] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 202.144954][ T8161] loop9: detected capacity change from 0 to 512 [ 202.177362][ T8161] EXT4-fs: Ignoring removed nomblk_io_submit option [ 202.240310][ T8161] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode [ 202.404059][ T8161] EXT4-fs (loop9): 1 orphan inode deleted [ 202.409853][ T8161] EXT4-fs (loop9): 1 truncate cleaned up [ 202.416814][ T8161] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 202.475462][ T8161] EXT4-fs error (device loop9): ext4_inlinedir_to_tree:1402: inode #12: block 7: comm syz.9.782: path /2/bus/file0: bad entry in directory: directory entry overrun - offset=788, inode=13, rec_len=784, size=60 fake=0 [ 202.516253][ T8161] EXT4-fs (loop9): Remounting filesystem read-only [ 202.539725][ T11] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 202.577538][ T7897] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 202.653541][ T47] usb 9-1: new high-speed USB device number 3 using dummy_hcd [ 202.893442][ T47] usb 9-1: Using ep0 maxpacket: 8 [ 202.906555][ T47] usb 9-1: config 0 has an invalid interface number: 1 but max is 0 [ 202.915875][ T47] usb 9-1: config 0 has no interface number 0 [ 202.925983][ T47] usb 9-1: New USB device found, idVendor=0b48, idProduct=1003, bcdDevice=7b.54 [ 202.936981][ T47] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 202.969992][ T47] usb 9-1: Product: syz [ 202.987498][ T47] usb 9-1: Manufacturer: syz [ 203.006771][ T47] usb 9-1: SerialNumber: syz [ 203.020040][ T8187] mmap: syz.5.783 (8187) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 203.130499][ T8189] netlink: 'syz.9.795': attribute type 10 has an invalid length. [ 203.134408][ T8193] loop6: detected capacity change from 0 to 128 [ 203.148123][ T47] usb 9-1: config 0 descriptor?? [ 203.165900][ T47] usb 9-1: selecting invalid altsetting 1 [ 203.172884][ T47] dvb_ttusb_budget: ttusb_init_controller: error [ 203.179549][ T47] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 203.187575][ T8189] 8021q: adding VLAN 0 to HW filter on device team0 [ 203.191661][ T8193] VFS: Found a Xenix FS (block size = 512) on device loop6 [ 203.218116][ T8193] sysv_free_block: getblk() failed [ 203.223771][ T8193] sysv_free_block: getblk() failed [ 203.238212][ T8193] sysv_free_block: getblk() failed [ 203.242368][ T8189] bond0: (slave team0): Enslaving as an active interface with an up link [ 203.244463][ T8193] sysv_free_block: getblk() failed [ 203.262016][ T8193] sysv_free_block: getblk() failed [ 203.267528][ T8193] sysv_free_block: getblk() failed [ 203.282944][ T8193] sysv_free_block: getblk() failed [ 203.292992][ T8194] netlink: 'syz.9.795': attribute type 10 has an invalid length. [ 203.311142][ T8193] sysv_free_block: getblk() failed [ 203.333872][ T8193] sysv_free_block: getblk() failed [ 203.342914][ T8194] bond0: (slave team0): Releasing backup interface [ 203.352468][ T8193] sysv_free_block: getblk() failed [ 203.369662][ T47] DVB: Unable to find symbol stv0299_attach() [ 203.393740][ T8193] sysv_free_block: getblk() failed [ 203.403515][ T8194] bridge0: port 3(team0) entered blocking state [ 203.411460][ T8193] sysv_free_block: getblk() failed [ 203.417727][ T8193] sysv_free_block: getblk() failed [ 203.433435][ T8193] sysv_free_block: getblk() failed [ 203.438687][ T8193] sysv_free_block: getblk() failed [ 203.444152][ T8194] bridge0: port 3(team0) entered disabled state [ 203.450877][ T47] DVB: Unable to find symbol tda8083_attach() [ 203.462420][ T8194] team0: entered allmulticast mode [ 203.468918][ T8194] team_slave_0: entered allmulticast mode [ 203.475820][ T8193] sysv_free_block: getblk() failed [ 203.481520][ T47] dvb_ttusb_budget: no frontend driver found for device [0b48:1003] [ 203.490008][ T8193] sysv_free_block: getblk() failed [ 203.495295][ T8194] team_slave_1: entered allmulticast mode [ 203.502563][ T47] usb 9-1: USB disconnect, device number 3 [ 203.508626][ T8193] sysv_free_block: getblk() failed [ 203.515548][ T8194] team0: entered promiscuous mode [ 203.520985][ T8193] sysv_free_block: getblk() failed [ 203.527806][ T8193] sysv_free_block: getblk() failed [ 203.533915][ T8194] team_slave_0: entered promiscuous mode [ 203.542422][ T8194] team_slave_1: entered promiscuous mode [ 203.555776][ T8193] sysv_free_block: getblk() failed [ 203.572404][ T8193] sysv_free_block: getblk() failed [ 203.581323][ T8193] sysv_free_block: getblk() failed [ 203.612557][ T8193] sysv_free_block: getblk() failed [ 203.623399][ T8193] sysv_free_block: getblk() failed [ 203.629087][ T8193] sysv_free_block: getblk() failed [ 203.635543][ T8193] sysv_free_block: getblk() failed [ 203.640899][ T8193] sysv_free_block: getblk() failed [ 203.648875][ T8193] sysv_free_block: getblk() failed [ 203.654335][ T8193] sysv_free_block: getblk() failed [ 203.659637][ T8193] sysv_free_block: getblk() failed [ 203.692410][ T8193] sysv_free_block: getblk() failed [ 203.708061][ T8193] sysv_free_block: getblk() failed [ 203.732723][ T8193] sysv_free_block: getblk() failed [ 203.746123][ T8193] sysv_free_block: getblk() failed [ 203.756236][ T8193] sysv_free_block: getblk() failed [ 203.778548][ T8193] sysv_free_block: trying to free block not in datazone [ 203.805713][ T8196] sysv_free_block: getblk() failed [ 203.823318][ T8196] sysv_free_block: getblk() failed [ 203.828633][ T8196] sysv_free_block: getblk() failed [ 203.847258][ T8196] sysv_free_block: getblk() failed [ 203.852438][ T8196] sysv_free_block: getblk() failed [ 203.882185][ T8206] loop9: detected capacity change from 0 to 256 [ 203.890113][ T8206] exfat: Deprecated parameter 'namecase' [ 203.898099][ T8196] sysv_free_block: getblk() failed [ 203.906069][ T8206] exfat: Deprecated parameter 'utf8' [ 203.911958][ T8196] sysv_free_block: getblk() failed [ 203.917568][ T8206] exfat: Deprecated parameter 'namecase' [ 203.937629][ T8206] exfat: Deprecated parameter 'utf8' [ 203.947828][ T8196] sysv_free_block: getblk() failed [ 203.973537][ T8196] sysv_free_block: getblk() failed [ 203.987417][ T8206] exFAT-fs (loop9): failed to load upcase table (idx : 0x00012153, chksum : 0x555ffa9e, utbl_chksum : 0xe619d30d) [ 204.006528][ T8196] sysv_free_block: getblk() failed [ 204.038184][ T8196] sysv_free_block: getblk() failed [ 204.054443][ T8196] sysv_free_block: getblk() failed [ 204.059620][ T8196] sysv_free_block: getblk() failed [ 204.090017][ T8196] sysv_free_block: getblk() failed [ 204.121536][ T8196] sysv_free_block: trying to free block not in datazone [ 204.179339][ T8196] sysv_free_block: trying to free block not in datazone [ 204.286306][ T6536] sysv_free_block: getblk() failed [ 204.294619][ T6536] sysv_free_block: getblk() failed [ 204.310447][ T6536] sysv_free_block: trying to free block not in datazone [ 204.332233][ T6536] sysv_free_block: getblk() failed [ 204.353769][ T6536] sysv_free_block: getblk() failed [ 204.359123][ T6536] sysv_free_block: getblk() failed [ 204.388812][ T6536] sysv_free_block: getblk() failed [ 204.416358][ T6536] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 204.889969][ T8240] netlink: 'syz.6.816': attribute type 12 has an invalid length. [ 204.926349][ T8240] netlink: 'syz.6.816': attribute type 11 has an invalid length. [ 204.955418][ T8240] netlink: 190580 bytes leftover after parsing attributes in process `syz.6.816'. [ 205.357961][ T8217] loop8: detected capacity change from 0 to 32768 [ 205.458121][ T8263] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 205.509484][ T8217] XFS (loop8): Mounting V5 Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4 [ 205.731396][ T8217] XFS (loop8): Ending clean mount [ 205.752178][ T8278] @: renamed from vlan0 (while UP) [ 205.784706][ T8217] XFS (loop8): Quotacheck needed: Please wait. [ 205.860117][ T8281] loop3: detected capacity change from 0 to 64 [ 205.890629][ T8217] XFS (loop8): Quotacheck: Done. [ 205.953872][ T8217] XFS (loop8): User initiated shutdown received. [ 205.960405][ T8217] XFS (loop8): Log I/O Error (0x6) detected at xfs_fs_goingdown+0x160/0x190 (fs/xfs/xfs_fsops.c:454). Shutting down filesystem. [ 206.012609][ T8217] XFS (loop8): Please unmount the filesystem and rectify the problem(s) [ 206.045236][ T8290] loop5: detected capacity change from 0 to 64 [ 206.081010][ T7560] XFS (loop8): Unmounting Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4 [ 206.595913][ T8298] loop5: detected capacity change from 0 to 4096 [ 206.662125][ T8309] loop2: detected capacity change from 0 to 512 [ 206.682046][ T8298] ntfs3(loop5): Different NTFS sector size (1024) and media sector size (512). [ 206.706236][ T8309] EXT4-fs: Ignoring removed i_version option [ 206.720412][ T29] audit: type=1326 audit(1731716410.171:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8305 comm="syz.3.846" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6849b7e719 code=0x0 [ 206.807544][ T8309] EXT4-fs: Ignoring removed nobh option [ 206.829194][ T8298] ntfs3(loop5): Failed to load $Extend (-22). [ 206.851263][ T8309] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 206.872068][ T8298] ntfs3(loop5): Failed to initialize $Extend. [ 206.915380][ T8309] EXT4-fs (loop2): 1 truncate cleaned up [ 206.922099][ T8309] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 207.160903][ T5849] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 207.346951][ T8332] [U] ú^C [ 207.699460][ T8338] loop3: detected capacity change from 0 to 2048 [ 207.790088][ T8341] netlink: 4 bytes leftover after parsing attributes in process `syz.2.859'. [ 207.845389][ T8339] loop8: detected capacity change from 0 to 4096 [ 208.251625][ T8316] loop9: detected capacity change from 0 to 40427 [ 208.294614][ T8316] F2FS-fs (loop9): Invalid log_blocksize (268), supports only 12 [ 208.302453][ T8316] F2FS-fs (loop9): Can't find valid F2FS filesystem in 1th superblock [ 208.312248][ T8327] loop6: detected capacity change from 0 to 32768 [ 208.328101][ T8316] F2FS-fs (loop9): invalid crc value [ 208.342963][ T8316] F2FS-fs (loop9): Found nat_bits in checkpoint [ 208.399474][ T8327] XFS (loop6): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 208.425734][ T8316] F2FS-fs (loop9): Try to recover 1th superblock, ret: 0 [ 208.448091][ T8316] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5 [ 208.671300][ T8329] loop5: detected capacity change from 0 to 32768 [ 208.677544][ T8327] XFS (loop6): Ending clean mount [ 208.686776][ T8327] XFS (loop6): Quotacheck needed: Please wait. [ 208.843028][ T8329] XFS (loop5): Mounting V5 Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4 [ 208.858658][ T8327] XFS (loop6): Quotacheck: Done. [ 208.989466][ T8338] loop3: detected capacity change from 0 to 32768 [ 209.014201][ T6536] XFS (loop6): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 209.045980][ T8338] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.858 (8338) [ 209.068823][ T8329] XFS (loop5): Ending clean mount [ 209.092534][ T8329] XFS (loop5): Quotacheck needed: Please wait. [ 209.138605][ T8338] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 209.159830][ T8329] XFS (loop5): Quotacheck: Done. [ 209.181622][ T8338] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 209.193942][ T8338] BTRFS info (device loop3): using free-space-tree [ 209.245613][ T8379] loop2: detected capacity change from 0 to 2048 [ 209.253720][ T5905] usb 9-1: new high-speed USB device number 4 using dummy_hcd [ 209.266919][ T8329] XFS (loop5): User initiated shutdown received. [ 209.273642][ T8329] XFS (loop5): Log I/O Error (0x6) detected at xfs_fs_goingdown+0x160/0x190 (fs/xfs/xfs_fsops.c:454). Shutting down filesystem. [ 209.303235][ T8329] XFS (loop5): Please unmount the filesystem and rectify the problem(s) [ 209.418790][ T5905] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 209.441564][ T5905] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 209.453903][ T5905] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 209.465283][ T5905] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 209.478374][ T5905] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 209.488235][ T5905] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 209.500691][ T5905] usb 9-1: config 0 descriptor?? [ 209.502689][ T5840] XFS (loop5): Unmounting Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4 [ 209.508242][ T8377] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22 [ 209.532499][ T8379] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 209.678781][ T8400] loop6: detected capacity change from 0 to 256 [ 209.759542][ T5849] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 209.804189][ T8400] FAT-fs (loop6): Directory bread(block 1285) failed [ 209.947726][ T5905] plantronics 0003:047F:FFFF.0006: unknown main item tag 0xd [ 209.961141][ T5905] plantronics 0003:047F:FFFF.0006: No inputs registered, leaving [ 210.046218][ T5857] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0 [ 210.054948][ T5857] Bluetooth: hci5: Injecting HCI hardware error event [ 210.064504][ T5857] Bluetooth: hci5: hardware error 0x00 [ 210.087167][ T8411] loop5: detected capacity change from 0 to 128 [ 210.096588][ T5905] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.8-1/input0 [ 210.097070][ T8338] BTRFS error (device loop3): target device shortad,umask=00000000 00000000000003,ioc|arset=cp863,gid=çÉO°Ýz+Gx#ïdÌzHj(çÇô1*Á·JpNa7ö€&íÓÕè¿ò|­{Yh¿Ö÷ß–´_ño'±êþSúMÌ Ö$3”ü’š¶¨¿œú¢ª‘{Ñ‹ôYVÉŠ1î…I+3TОޘî¶ü²®_Ö00000000000000000000,novrs,anchor=00000000000000000002,nostrict,unhide,uid=00000000000000000000, is invalid! [ 210.119243][ T8411] VFS: Found a Xenix FS (block size = 512) on device loop5 [ 210.175352][ T8411] syz.5.875: attempt to access beyond end of device [ 210.175352][ T8411] loop5: rw=0, sector=8767744, nr_sectors = 1 limit=128 [ 210.202298][ T8411] Buffer I/O error on dev loop5, logical block 8767744, async page read [ 210.212224][ T8412] loop6: detected capacity change from 0 to 2048 [ 210.224200][ T8412] EXT4-fs: Ignoring removed mblk_io_submit option [ 210.233483][ T8411] syz.5.875: attempt to access beyond end of device [ 210.233483][ T8411] loop5: rw=0, sector=13269809, nr_sectors = 1 limit=128 [ 210.267603][ T5959] usb 9-1: USB disconnect, device number 4 [ 210.280211][ T8412] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 210.296569][ T8411] Buffer I/O error on dev loop5, logical block 13269809, async page read [ 210.311880][ T8411] syz.5.875: attempt to access beyond end of device [ 210.311880][ T8411] loop5: rw=0, sector=1157, nr_sectors = 1 limit=128 [ 210.326990][ T8411] Buffer I/O error on dev loop5, logical block 1157, async page read [ 210.335312][ T8411] syz.5.875: attempt to access beyond end of device [ 210.335312][ T8411] loop5: rw=0, sector=3211264, nr_sectors = 1 limit=128 [ 210.350652][ T8411] Buffer I/O error on dev loop5, logical block 3211264, async page read [ 210.360468][ T8411] syz.5.875: attempt to access beyond end of device [ 210.360468][ T8411] loop5: rw=0, sector=8768635, nr_sectors = 1 limit=128 [ 210.374091][ T5838] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 210.397355][ T8411] Buffer I/O error on dev loop5, logical block 8768635, async page read [ 210.408870][ T8411] syz.5.875: attempt to access beyond end of device [ 210.408870][ T8411] loop5: rw=0, sector=13466417, nr_sectors = 1 limit=128 [ 210.424055][ T8411] Buffer I/O error on dev loop5, logical block 13466417, async page read [ 210.432569][ T8411] syz.5.875: attempt to access beyond end of device [ 210.432569][ T8411] loop5: rw=0, sector=209285, nr_sectors = 1 limit=128 [ 210.448738][ T8411] Buffer I/O error on dev loop5, logical block 209285, async page read [ 210.459300][ T8411] syz.5.875: attempt to access beyond end of device [ 210.459300][ T8411] loop5: rw=0, sector=8767744, nr_sectors = 1 limit=128 [ 210.472872][ T8411] Buffer I/O error on dev loop5, logical block 8767744, async page read [ 210.489294][ T6536] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 210.515806][ T8411] syz.5.875: attempt to access beyond end of device [ 210.515806][ T8411] loop5: rw=0, sector=13269809, nr_sectors = 1 limit=128 [ 210.554889][ T8411] Buffer I/O error on dev loop5, logical block 13269809, async page read [ 210.582554][ T8411] syz.5.875: attempt to access beyond end of device [ 210.582554][ T8411] loop5: rw=0, sector=1157, nr_sectors = 1 limit=128 [ 210.623847][ T8411] Buffer I/O error on dev loop5, logical block 1157, async page read [ 210.653762][ T29] audit: type=1800 audit(1731716414.151:135): pid=8411 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.875" name="/" dev="loop5" ino=2 res=0 errno=0 [ 210.765188][ T5840] sysv_free_block: trying to free block not in datazone [ 210.805898][ T5840] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 210.971870][ T8428] netlink: 8 bytes leftover after parsing attributes in process `syz.9.884'. [ 211.154983][ T8438] loop3: detected capacity change from 0 to 512 [ 211.178316][ T8438] loop3: detected capacity change from 0 to 512 [ 211.186593][ T8438] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 211.195714][ T8438] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 211.244318][ T8438] EXT4-fs (loop3): warning: checktime reached, running e2fsck is recommended [ 211.266310][ T8438] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 211.281080][ T8438] System zones: 0-2, 18-18, 34-34 [ 211.290665][ T8438] EXT4-fs warning (device loop3): ext4_update_dynamic_rev:1135: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 211.313496][ T9] IPVS: starting estimator thread 0... [ 211.323409][ T8438] EXT4-fs (loop3): 1 truncate cleaned up [ 211.343273][ T8438] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 211.413487][ T8448] IPVS: using max 14 ests per chain, 33600 per kthread [ 211.427582][ T8438] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: none. [ 211.632549][ T5838] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 211.744615][ T8463] loop5: detected capacity change from 0 to 512 [ 211.779660][ T8467] netlink: 156 bytes leftover after parsing attributes in process `syz.2.898'. [ 211.801314][ T8463] EXT4-fs error (device loop5): ext4_orphan_get:1388: inode #15: comm syz.5.897: casefold flag without casefold feature [ 211.822576][ T8467] netlink: 'syz.2.898': attribute type 2 has an invalid length. [ 211.849780][ T8467] netlink: 60 bytes leftover after parsing attributes in process `syz.2.898'. [ 211.855132][ T8465] loop9: detected capacity change from 0 to 512 [ 211.866884][ T8472] loop3: detected capacity change from 0 to 512 [ 211.875981][ T8463] EXT4-fs error (device loop5): ext4_orphan_get:1391: comm syz.5.897: couldn't read orphan inode 15 (err -117) [ 211.881903][ T8472] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 211.901591][ T8463] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 211.903119][ T8472] EXT4-fs (loop3): 1 truncate cleaned up [ 211.921194][ T8472] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 211.923434][ T8465] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode [ 211.993754][ T8465] EXT4-fs (loop9): 1 orphan inode deleted [ 212.006998][ T8465] EXT4-fs (loop9): 1 truncate cleaned up [ 212.014996][ T8465] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 212.043656][ T47] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 212.099482][ T5838] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 212.123539][ T5857] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 212.201011][ T7897] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 212.215517][ T5840] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 212.243379][ T47] usb 7-1: Using ep0 maxpacket: 16 [ 212.250688][ T47] usb 7-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 212.271163][ T47] usb 7-1: config 0 interface 0 altsetting 1 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 212.310583][ T47] usb 7-1: config 0 interface 0 altsetting 1 endpoint 0x89 has invalid wMaxPacketSize 0 [ 212.363096][ T47] usb 7-1: config 0 interface 0 has no altsetting 0 [ 212.390121][ T47] usb 7-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 212.409701][ T47] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 212.453219][ T47] usb 7-1: Product: syz [ 212.457896][ T47] usb 7-1: Manufacturer: syz [ 212.503296][ T47] usb 7-1: SerialNumber: syz [ 212.517403][ T47] usb 7-1: config 0 descriptor?? [ 212.757027][ T47] usb 7-1: Can not set alternate setting to 1, error: -71 [ 212.765206][ T47] synaptics_usb 7-1:0.0: probe with driver synaptics_usb failed with error -71 [ 212.802717][ T47] usb 7-1: USB disconnect, device number 7 [ 213.273512][ T8] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 213.434677][ T8] usb 7-1: Using ep0 maxpacket: 16 [ 213.468384][ T8] usb 7-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 213.494005][ T8] usb 7-1: config 0 interface 0 altsetting 1 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 213.557916][ T8] usb 7-1: config 0 interface 0 altsetting 1 endpoint 0x89 has invalid wMaxPacketSize 0 [ 213.569174][ T8497] loop8: detected capacity change from 0 to 512 [ 213.598067][ T8478] loop2: detected capacity change from 0 to 40427 [ 213.598596][ T8497] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode [ 213.614074][ T8] usb 7-1: config 0 interface 0 has no altsetting 0 [ 213.639170][ T8478] F2FS-fs (loop2): Small segment_count (9 < 1 * 24) [ 213.653592][ T8] usb 7-1: language id specifier not provided by device, defaulting to English [ 213.665314][ T8497] EXT4-fs (loop8): 1 truncate cleaned up [ 213.673956][ T8478] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 213.682559][ T8497] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 213.725265][ T8] usb 7-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 213.741936][ T8] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 213.747093][ T8478] F2FS-fs (loop2): Found nat_bits in checkpoint [ 213.763953][ T8] usb 7-1: Manufacturer:  [ 213.768598][ T8] usb 7-1: SerialNumber: syz [ 213.785242][ T8] usb 7-1: config 0 descriptor?? [ 213.830908][ T8482] loop9: detected capacity change from 0 to 40427 [ 213.911505][ T8478] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 213.913327][ T8488] loop3: detected capacity change from 0 to 32768 [ 213.921096][ T8497] Process accounting resumed [ 213.936876][ T8478] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 213.937019][ T8482] F2FS-fs (loop9): invalid crc value [ 213.961190][ T8497] EXT4-fs error (device loop8): ext4_xattr_ibody_find:2240: inode #15: comm syz.8.912: corrupted in-inode xattr: overlapping e_value [ 213.972866][ T8488] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 213.996982][ T8482] F2FS-fs (loop9): Found nat_bits in checkpoint [ 213.997752][ T8] input:  as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/input/input14 [ 214.017182][ T5193] synaptics_usb 7-1:0.0: synusb_open - usb_submit_urb failed, error: -90 [ 214.028164][ T8513] Process accounting resumed [ 214.034608][ T5193] synaptics_usb 7-1:0.0: synusb_open - usb_submit_urb failed, error: -90 [ 214.043632][ T5193] synaptics_usb 7-1:0.0: synusb_open - usb_submit_urb failed, error: -90 [ 214.054292][ T5193] synaptics_usb 7-1:0.0: synusb_open - usb_submit_urb failed, error: -90 [ 214.063102][ T8497] EXT4-fs (loop8): Remounting filesystem read-only [ 214.070747][ T8478] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 214.074522][ T8497] EXT4-fs warning (device loop8): ext4_xattr_set_entry:1771: inode #15: comm syz.8.912: unable to update i_inline_off [ 214.078375][ T8478] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 214.105515][ T8478] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 214.132753][ T8478] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 214.165763][ T8478] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 214.197572][ T8478] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 214.202468][ T47] usb 7-1: USB disconnect, device number 8 [ 214.245079][ T8488] XFS (loop3): Ending clean mount [ 214.255523][ T8478] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 214.262735][ T8478] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 214.278705][ T8478] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 214.298313][ T8488] XFS (loop3): Quotacheck needed: Please wait. [ 214.304155][ T8478] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 214.311978][ T8478] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 214.353282][ T8478] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 214.360600][ T8478] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 214.412794][ T7560] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 214.441988][ T8478] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 214.462472][ T8488] XFS (loop3): Quotacheck: Done. [ 214.469065][ T8478] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 214.496637][ T8478] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 214.540272][ T8478] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 214.555830][ T8482] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5 [ 214.602699][ T8478] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 214.656266][ T5838] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 214.775849][ T8478] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 214.782880][ T8478] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 214.885573][ T8478] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 214.930425][ T8478] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 214.972503][ T8478] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 214.982282][ T7897] F2FS-fs (loop9): Stopped filesystem due to reason: 3 [ 215.021135][ T8478] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 215.063351][ T8478] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 215.070297][ T8478] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 215.103247][ T8478] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 215.110169][ T8478] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 215.144147][ T8478] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 215.151197][ T8478] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 215.176682][ T8478] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 215.192552][ T8478] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 215.361293][ T8527] loop3: detected capacity change from 0 to 1024 [ 215.454226][ T8533] netlink: 40 bytes leftover after parsing attributes in process `syz.5.924'. [ 215.475348][ T8531] loop8: detected capacity change from 0 to 1024 [ 215.486736][ T8527] hfsplus: invalid extended attribute record [ 215.517195][ T8531] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 215.548281][ T2987] hfsplus: b-tree write err: -5, ino 8 [ 215.564352][ T47] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 215.739045][ T47] usb 7-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65 [ 215.759610][ T47] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 215.793263][ T47] usb 7-1: Product: syz [ 215.797732][ T47] usb 7-1: Manufacturer: syz [ 215.802362][ T47] usb 7-1: SerialNumber: syz [ 215.893729][ T47] usb 7-1: config 0 descriptor?? [ 216.100443][ T8545] loop8: detected capacity change from 0 to 2048 [ 216.136326][ T47] cx82310_eth 7-1:0.0: probe with driver cx82310_eth failed with error -22 [ 216.211456][ T8545] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 216.279261][ T8553] loop3: detected capacity change from 0 to 2048 [ 216.315711][ T8553] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 216.317627][ T8547] loop5: detected capacity change from 0 to 4096 [ 216.350351][ T8547] ntfs3(loop5): Different NTFS sector size (1024) and media sector size (512). [ 216.366658][ T5844] Bluetooth: hci1: command 0x0406 tx timeout [ 216.372874][ T5858] Bluetooth: hci4: command 0x0406 tx timeout [ 216.379084][ T5858] Bluetooth: hci3: command 0x0406 tx timeout [ 216.391408][ T8555] loop9: detected capacity change from 0 to 128 [ 216.430062][ T8555] VFS: Found a Xenix FS (block size = 512) on device loop9 [ 216.430192][ T8553] overlayfs: upper fs needs to support d_type. [ 216.451139][ T8553] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 216.458429][ T8553] overlayfs: failed to set xattr on upper [ 216.465440][ T8553] overlayfs: ...falling back to redirect_dir=nofollow. [ 216.472824][ T8553] overlayfs: ...falling back to index=off. [ 216.481708][ T8555] sysv_free_block: getblk() failed [ 216.490206][ T8555] sysv_free_block: getblk() failed [ 216.495866][ T8555] sysv_free_block: getblk() failed [ 216.501407][ T8555] sysv_free_block: getblk() failed [ 216.507011][ T8555] sysv_free_block: getblk() failed [ 216.512423][ T8555] sysv_free_block: getblk() failed [ 216.517883][ T8555] sysv_free_block: getblk() failed [ 216.523693][ T8555] sysv_free_block: getblk() failed [ 216.529094][ T8555] sysv_free_block: getblk() failed [ 216.538591][ T8555] sysv_free_block: getblk() failed [ 216.544373][ T8555] sysv_free_block: getblk() failed [ 216.550576][ T8555] sysv_free_block: getblk() failed [ 216.557181][ T47] cxacru 7-1:0.0: usbatm_usb_probe: bind failed: -19! [ 216.567481][ T8555] sysv_free_block: getblk() failed [ 216.573043][ T8555] sysv_free_block: getblk() failed [ 216.596101][ T8555] sysv_free_block: getblk() failed [ 216.601631][ T8555] sysv_free_block: getblk() failed [ 216.607126][ T8555] sysv_free_block: getblk() failed [ 216.612447][ T8555] sysv_free_block: getblk() failed [ 216.618560][ T8555] sysv_free_block: getblk() failed [ 216.623834][ T8555] sysv_free_block: getblk() failed [ 216.629216][ T8555] sysv_free_block: getblk() failed [ 216.634957][ T8555] sysv_free_block: getblk() failed [ 216.640501][ T8555] sysv_free_block: getblk() failed [ 216.641935][ T8559] delete_channel: no stack [ 216.646602][ T8555] sysv_free_block: getblk() failed [ 216.656201][ T8555] sysv_free_block: getblk() failed [ 216.661665][ T8555] sysv_free_block: getblk() failed [ 216.667378][ T8555] sysv_free_block: getblk() failed [ 216.672829][ T8555] sysv_free_block: getblk() failed [ 216.679013][ T8555] sysv_free_block: getblk() failed [ 216.684574][ T8555] sysv_free_block: getblk() failed [ 216.689964][ T8555] sysv_free_block: getblk() failed [ 216.695994][ T8555] sysv_free_block: getblk() failed [ 216.701809][ T8555] sysv_free_block: getblk() failed [ 216.707800][ T8555] sysv_free_block: getblk() failed [ 216.713575][ T8555] sysv_free_block: getblk() failed [ 216.718812][ T8555] sysv_free_block: getblk() failed [ 216.724088][ T8555] sysv_free_block: trying to free block not in datazone [ 216.731816][ T8558] sysv_free_block: getblk() failed [ 216.749263][ T8558] sysv_free_block: getblk() failed [ 216.756385][ T8558] sysv_free_block: getblk() failed [ 216.761667][ T8558] sysv_free_block: getblk() failed [ 216.767828][ T8558] sysv_free_block: getblk() failed [ 216.773361][ T8558] sysv_free_block: getblk() failed [ 216.778193][ T5838] UDF-fs: error (device loop3): udf_read_inode: (ino 1317) failed !bh [ 216.778921][ T8558] sysv_free_block: getblk() failed [ 216.787166][ T5838] UDF-fs: error (device loop3): udf_read_inode: (ino 1317) failed !bh [ 216.792081][ T8558] sysv_free_block: getblk() failed [ 216.807336][ T8558] sysv_free_block: getblk() failed [ 216.812572][ T8558] sysv_free_block: getblk() failed [ 216.818089][ T8558] sysv_free_block: getblk() failed [ 216.824105][ T8558] sysv_free_block: getblk() failed [ 216.829380][ T8558] sysv_free_block: getblk() failed [ 216.836612][ T8558] sysv_free_block: getblk() failed [ 216.842060][ T8558] sysv_free_block: trying to free block not in datazone [ 216.849168][ T8558] sysv_free_block: trying to free block not in datazone [ 216.927093][ T5905] usb 7-1: USB disconnect, device number 9 [ 216.937715][ T7897] sysv_free_block: getblk() failed [ 216.944095][ T7897] sysv_free_block: getblk() failed [ 216.949392][ T7897] sysv_free_block: trying to free block not in datazone [ 216.957212][ T7897] sysv_free_block: getblk() failed [ 216.962649][ T7897] sysv_free_block: getblk() failed [ 216.968424][ T7897] sysv_free_block: getblk() failed [ 216.976914][ T7897] sysv_free_block: getblk() failed [ 216.982300][ T7897] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 217.714027][ T8578] loop9: detected capacity change from 0 to 2048 [ 217.914482][ T8581] loop6: detected capacity change from 0 to 4096 [ 217.939503][ T5848] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 217.952220][ T8581] ntfs3(loop6): Different NTFS sector size (1024) and media sector size (512). [ 217.975056][ T5848] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 218.025806][ T5848] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 218.041170][ T5848] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 218.059465][ T5848] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 218.071325][ T5848] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 218.134351][ T8569] loop2: detected capacity change from 0 to 40427 [ 218.213794][ T8569] F2FS-fs (loop2): invalid crc value [ 218.239876][ T8569] F2FS-fs (loop2): Found nat_bits in checkpoint [ 218.424195][ T8578] loop9: detected capacity change from 0 to 32768 [ 218.458178][ T8578] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop9 (7:9) scanned by syz.9.946 (8578) [ 218.485581][ T8578] BTRFS info (device loop9): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 218.500160][ T8593] netlink: 8 bytes leftover after parsing attributes in process `syz.5.950'. [ 218.524627][ T8578] BTRFS info (device loop9): using crc32c (crc32c-intel) checksum algorithm [ 218.537161][ T8569] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 218.561966][ T8578] BTRFS info (device loop9): using free-space-tree [ 218.610050][ T8587] bio_check_eod: 6 callbacks suppressed [ 218.610077][ T8587] f2fs_ckpt-7:2: attempt to access beyond end of device [ 218.610077][ T8587] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 218.631972][ T8587] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 218.869274][ T8578] BTRFS error (device loop9): target device shortad,umask=00000000 00000000000003,ioc|arset=cp863,gid=çÉO°Ýz+Gx#ïdÌzHj(çÇô1*Á·JpNa7ö€&íÓÕè¿ò|­{Yh¿Ö÷ß–´_ño'±êþSúMÌ Ö$3”ü’š¶¨¿œú¢ª‘{Ñ‹ôYVÉŠ1î…I+3TОޘî¶ü²®_Ö00000000000000000000,novrs,anchor=00000000000000000002,nostrict,unhide,uid=00000000000000000000, is invalid! [ 218.876184][ T8579] chnl_net:caif_netlink_parms(): no params data found [ 219.038819][ T8620] netlink: 12 bytes leftover after parsing attributes in process `syz.6.955'. [ 219.055255][ T7897] BTRFS info (device loop9): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 219.152701][ T8623] loop5: detected capacity change from 0 to 1024 [ 219.166800][ T29] audit: type=1326 audit(1731716422.661:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8626 comm="" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3cc877e719 code=0x7ffc0000 [ 219.208787][ T29] audit: type=1326 audit(1731716422.691:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8626 comm="" exe="/root/syz-executor" sig=0 arch=c000003e syscall=131 compat=0 ip=0x7f3cc877e719 code=0x7ffc0000 [ 219.255098][ T29] audit: type=1326 audit(1731716422.691:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8626 comm="" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3cc877e719 code=0x7ffc0000 [ 219.363556][ T8623] hfsplus: xattr searching failed [ 219.370301][ T8623] hfsplus: bad catalog folder thread [ 219.440641][ T8630] overlayfs: missing 'lowerdir' [ 219.552125][ T8579] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.581672][ T8579] bridge0: port 1(bridge_slave_0) entered disabled state [ 219.600341][ T8579] bridge_slave_0: entered allmulticast mode [ 219.609381][ T8579] bridge_slave_0: entered promiscuous mode [ 219.620553][ T8579] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.624878][ T8635] loop9: detected capacity change from 0 to 512 [ 219.627827][ T8579] bridge0: port 2(bridge_slave_1) entered disabled state [ 219.642236][ T8579] bridge_slave_1: entered allmulticast mode [ 219.650672][ T8579] bridge_slave_1: entered promiscuous mode [ 219.714910][ T8635] EXT4-fs (loop9): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 219.785540][ T8635] EXT4-fs (loop9): revision level too high, forcing read-only mode [ 219.785829][ T8635] EXT4-fs (loop9): orphan cleanup on readonly fs [ 219.835440][ T8635] EXT4-fs error (device loop9): ext4_read_block_bitmap_nowait:482: comm syz.9.957: Invalid block bitmap block 0 in block_group 0 [ 219.859923][ T8635] EXT4-fs (loop9): Remounting filesystem read-only [ 219.860362][ T8635] Quota error (device loop9): write_blk: dquota write failed [ 219.860473][ T8635] Quota error (device loop9): qtree_write_dquot: Error -28 occurred while creating quota [ 219.860589][ T8635] EXT4-fs (loop9): 1 orphan inode deleted [ 219.932679][ T8635] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 219.989719][ T8579] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 220.013126][ T8579] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 220.065063][ T8] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 220.228959][ T8] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 220.251144][ T8] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 220.275434][ T5852] Bluetooth: hci1: command tx timeout [ 220.285253][ T8] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 220.313220][ T8] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 220.333981][ T8] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 220.347879][ T8] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 220.365220][ T8] usb 6-1: config 0 descriptor?? [ 220.370938][ T8639] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 220.509732][ T8645] loop6: detected capacity change from 0 to 32768 [ 220.556624][ T8579] team0: Port device team_slave_0 added [ 220.584776][ T8579] team0: Port device team_slave_1 added [ 220.608702][ T8645] ERROR: (device loop6): diAllocBit: iag inconsistent [ 220.608702][ T8645] [ 220.637815][ T8645] ialloc: diAlloc returned -5! [ 220.832174][ T8] plantronics 0003:047F:FFFF.0007: unknown main item tag 0xd [ 220.888158][ T8] plantronics 0003:047F:FFFF.0007: No inputs registered, leaving [ 220.902110][ T8] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 220.984044][ T8579] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 220.991061][ T8579] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 221.070842][ T8579] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 221.096363][ T8] usb 6-1: USB disconnect, device number 9 [ 221.103456][ T8660] loop2: detected capacity change from 0 to 64 [ 221.129230][ T8579] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 221.146148][ T8579] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 221.227387][ T8579] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 221.294993][ T8651] loop8: detected capacity change from 0 to 32768 [ 221.302715][ T8651] XFS: attr2 mount option is deprecated. [ 221.342928][ T8651] XFS (loop8): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 221.375118][ T8667] loop6: detected capacity change from 0 to 2048 [ 221.424399][ T8579] hsr_slave_0: entered promiscuous mode [ 221.424606][ T8651] XFS (loop8): Ending clean mount [ 221.437924][ T8651] XFS (loop8): Quotacheck needed: Please wait. [ 221.449909][ T8579] hsr_slave_1: entered promiscuous mode [ 221.467986][ T7897] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 221.483980][ T8579] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 221.506985][ T8651] XFS (loop8): Quotacheck: Done. [ 221.512149][ T8579] Cannot create hsr debugfs directory [ 221.701454][ T8674] loop9: detected capacity change from 0 to 1024 [ 221.744191][ T8674] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 221.769709][ T7560] XFS (loop8): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 222.045606][ T7897] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 222.061743][ T8680] loop5: detected capacity change from 0 to 512 [ 222.169802][ T8680] loop5: detected capacity change from 0 to 512 [ 222.203672][ T8680] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended [ 222.232938][ T8682] vxcan1: tx address claim with dest, not broadcast [ 222.242047][ T8680] EXT4-fs (loop5): mounting ext2 file system using the ext4 subsystem [ 222.284548][ T8680] EXT4-fs (loop5): warning: checktime reached, running e2fsck is recommended [ 222.391769][ T8667] loop6: detected capacity change from 0 to 32768 [ 222.423387][ T5852] Bluetooth: hci1: command tx timeout [ 222.442815][ T8667] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.969 (8667) [ 222.464415][ T8667] BTRFS info (device loop6): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 222.483250][ T8667] BTRFS info (device loop6): using crc32c (crc32c-intel) checksum algorithm [ 222.499606][ T8667] BTRFS info (device loop6): using free-space-tree [ 222.509301][ T8680] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 222.522284][ T8680] System zones: 0-2, 18-18, 34-34 [ 222.557263][ T8696] ecryptfs_parse_options: eCryptfs: unrecognized option [&@] [ 222.575081][ T8696] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 222.588293][ T8680] EXT4-fs warning (device loop5): ext4_update_dynamic_rev:1135: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 222.614210][ T8696] Error parsing options; rc = [-22] [ 222.670753][ T8680] EXT4-fs (loop5): 1 truncate cleaned up [ 222.684859][ T8680] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 222.761814][ T8680] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: none. [ 222.771917][ T8672] loop2: detected capacity change from 0 to 32768 [ 222.786826][ T8672] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.972 (8672) [ 222.830980][ T8672] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 222.845815][ T8672] BTRFS info (device loop2): using sha256 (sha256-ni) checksum algorithm [ 222.854506][ T8672] BTRFS info (device loop2): using free-space-tree [ 222.870458][ T5840] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 222.931567][ T8667] BTRFS error (device loop6): target device shortad,umask=00000000 00000000000003,ioc|arset=cp863,gid=çÉO°Ýz+Gx#ïdÌzHj(çÇô1*Á·JpNa7ö€&íÓÕè¿ò|­{Yh¿Ö÷ß–´_ño'±êþSúMÌ Ö$3”ü’š¶¨¿œú¢ª‘{Ñ‹ôYVÉŠ1î…I+3TОޘî¶ü²®_Ö00000000000000000000,novrs,anchor=00000000000000000002,nostrict,unhide,uid=00000000000000000000, is invalid! [ 222.962827][ C0] vkms_vblank_simulate: vblank timer overrun [ 223.054136][ T9] usb 9-1: new high-speed USB device number 5 using dummy_hcd [ 223.062339][ T6536] BTRFS info (device loop6): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 223.245823][ T9] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 223.273317][ T9] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 223.288198][ T8579] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 223.306042][ T9] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 223.342481][ T9] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 223.373233][ T8579] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 223.385942][ T8700] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22 [ 223.399770][ T8579] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 223.421511][ T9] usb 9-1: Quirk or no altset; falling back to MIDI 1.0 [ 223.461085][ T8579] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 223.464033][ T5849] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 223.850247][ T8579] 8021q: adding VLAN 0 to HW filter on device bond0 [ 223.903228][ T8579] 8021q: adding VLAN 0 to HW filter on device team0 [ 223.978598][ T1083] bridge0: port 1(bridge_slave_0) entered blocking state [ 223.986114][ T1083] bridge0: port 1(bridge_slave_0) entered forwarding state [ 223.996925][ T1083] bridge0: port 2(bridge_slave_1) entered blocking state [ 224.004282][ T1083] bridge0: port 2(bridge_slave_1) entered forwarding state [ 224.187738][ T8737] loop5: detected capacity change from 0 to 32768 [ 224.224407][ T5904] usb 7-1: new full-speed USB device number 10 using dummy_hcd [ 224.231015][ T8579] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 224.242719][ T8579] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 224.266194][ T47] usb 9-1: USB disconnect, device number 5 [ 224.386916][ T5904] usb 7-1: config 0 has an invalid interface number: 8 but max is 0 [ 224.403197][ T5904] usb 7-1: config 0 has no interface number 0 [ 224.429294][ T5904] usb 7-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 224.435305][ T8752] loop2: detected capacity change from 0 to 2048 [ 224.440668][ T5852] Bluetooth: hci1: command tx timeout [ 224.461721][ T5904] usb 7-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 224.474493][ T5904] usb 7-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 224.483794][ T5904] usb 7-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 224.491921][ T5904] usb 7-1: Product: syz [ 224.496347][ T5904] usb 7-1: SerialNumber: syz [ 224.501436][ T8737] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 224.503111][ T5904] usb 7-1: config 0 descriptor?? [ 224.538971][ T8752] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 224.566337][ T5904] cm109 7-1:0.8: invalid payload size 0, expected 4 [ 224.616983][ T5904] input: CM109 USB driver as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.8/input/input16 [ 224.715280][ T8752] overlayfs: upper fs needs to support d_type. [ 224.744244][ T8752] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 224.751281][ T8752] overlayfs: failed to set xattr on upper [ 224.755311][ T8737] XFS (loop5): Ending clean mount [ 224.777677][ T8737] XFS (loop5): Quotacheck needed: Please wait. [ 224.792065][ T8752] overlayfs: ...falling back to redirect_dir=nofollow. [ 224.822636][ T8752] overlayfs: ...falling back to index=off. [ 224.835461][ T8743] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 224.894137][ T8743] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 224.905853][ T8737] XFS (loop5): Quotacheck: Done. [ 224.985316][ T8766] loop9: detected capacity change from 0 to 512 [ 225.014992][ C1] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 225.015533][ T9] usb 7-1: USB disconnect, device number 10 [ 225.022153][ C1] cm109 7-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 225.040531][ T9] cm109 7-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 225.081464][ T5849] UDF-fs: error (device loop2): udf_read_inode: (ino 1317) failed !bh [ 225.093540][ T8766] loop9: detected capacity change from 0 to 512 [ 225.101253][ T8766] EXT4-fs (loop9): feature flags set on rev 0 fs, running e2fsck is recommended [ 225.110424][ T8766] EXT4-fs (loop9): mounting ext2 file system using the ext4 subsystem [ 225.121068][ T5849] UDF-fs: error (device loop2): udf_read_inode: (ino 1317) failed !bh [ 225.138380][ T8579] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 225.149840][ T8766] EXT4-fs (loop9): warning: checktime reached, running e2fsck is recommended [ 225.173836][ T8766] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 225.202556][ T8766] System zones: 0-2, 18-18, 34-34 [ 225.227252][ T8766] EXT4-fs warning (device loop9): ext4_update_dynamic_rev:1135: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 225.249187][ T8766] EXT4-fs (loop9): 1 truncate cleaned up [ 225.256261][ T8766] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 225.286117][ T5840] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 225.361603][ T8766] EXT4-fs (loop9): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: none. [ 225.492286][ T7897] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 225.526780][ T5849] syz-executor (5849) used greatest stack depth: 16160 bytes left [ 225.900727][ T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 225.933502][ T5959] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 226.083333][ T5959] usb 6-1: Using ep0 maxpacket: 16 [ 226.091663][ T5959] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 226.142700][ T5959] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 226.178081][ T5959] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 226.187599][ T8795] netlink: 184 bytes leftover after parsing attributes in process `syz.8.1007'. [ 226.204887][ T5959] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 226.225525][ T8795] netlink: 'syz.8.1007': attribute type 1 has an invalid length. [ 226.252250][ T5959] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 226.307032][ T5959] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 226.326294][ T5959] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 226.349906][ T5959] usb 6-1: Manufacturer: syz [ 226.374541][ T5959] usb 6-1: config 0 descriptor?? [ 226.514929][ T5848] Bluetooth: hci1: command tx timeout [ 226.521021][ T5857] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 226.531410][ T5848] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 226.543315][ T5848] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 226.551906][ T5848] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 226.560121][ T5848] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 226.570577][ T5848] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 226.637991][ T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 226.638418][ T8781] loop5: detected capacity change from 0 to 512 [ 226.711216][ T8781] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 226.744733][ T8781] EXT4-fs (loop5): 1 truncate cleaned up [ 226.751875][ T8781] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 226.794377][ T8809] loop8: detected capacity change from 0 to 256 [ 226.863282][ T5959] rc_core: IR keymap rc-hauppauge not found [ 226.869434][ T5959] Registered IR keymap rc-empty [ 226.876284][ T5959] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 226.917694][ T5959] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 226.941057][ T8] usb 10-1: new high-speed USB device number 2 using dummy_hcd [ 226.953839][ T5959] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0 [ 226.975039][ T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 226.995368][ T8691] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1217: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 227.025724][ T5959] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input17 [ 227.052815][ T5959] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 227.100354][ T8579] veth0_vlan: entered promiscuous mode [ 227.108662][ T5959] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 227.115838][ T8579] veth1_vlan: entered promiscuous mode [ 227.137123][ T8579] veth0_macvtap: entered promiscuous mode [ 227.158528][ T8579] veth1_macvtap: entered promiscuous mode [ 227.173374][ T5959] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 227.175764][ T8579] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 227.191469][ T8579] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 227.202096][ T8579] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 227.210324][ T5959] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 227.212682][ T8579] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 227.230894][ T8579] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 227.242344][ T8579] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 227.254300][ T8579] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 227.265233][ T8579] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 227.275416][ T8579] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 227.287429][ T8579] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 227.299570][ T8579] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 227.309264][ T5959] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 227.346089][ T8] usb 10-1: Using ep0 maxpacket: 8 [ 227.353550][ T5959] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 227.363749][ T8] usb 10-1: config index 0 descriptor too short (expected 74, got 45) [ 227.383632][ T8] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 227.410350][ T5959] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 227.412613][ T8] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 227.447221][ T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 227.454881][ T5959] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 227.466482][ T8] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 227.513485][ T8] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 227.529528][ T8579] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 227.540220][ T5959] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 227.540606][ T8579] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 227.573595][ T8] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 227.588414][ T8579] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 227.599512][ T5959] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 227.603276][ T8] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 227.620732][ T8579] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 227.645138][ T5959] mceusb 6-1:0.0: Registered with mce emulator interface version 1 [ 227.655029][ T5959] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 227.674112][ T8579] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 227.684874][ T8579] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 227.685455][ T5959] usb 6-1: USB disconnect, device number 10 [ 227.694857][ T8579] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 227.712284][ T8579] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 227.722873][ T8579] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 227.734536][ T8579] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 227.744698][ T8579] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 227.756505][ T8579] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 227.769566][ T8579] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 227.830493][ T8579] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 227.843720][ T5848] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 227.855029][ T8] usb 10-1: GET_CAPABILITIES returned 0 [ 227.861285][ T8] usbtmc 10-1:16.0: can't read capabilities [ 227.867303][ T5848] CPU: 0 UID: 0 PID: 5848 Comm: kworker/u9:4 Not tainted 6.12.0-rc7-syzkaller-00187-gf868cd251776 #0 [ 227.878203][ T5848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 227.888382][ T5848] Workqueue: hci0 hci_rx_work [ 227.893116][ T5848] Call Trace: [ 227.896426][ T5848] [ 227.899386][ T5848] dump_stack_lvl+0x16c/0x1f0 [ 227.904131][ T5848] sysfs_warn_dup+0x7f/0xa0 [ 227.908690][ T5848] sysfs_create_dir_ns+0x24d/0x2b0 [ 227.913862][ T5848] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 227.917582][ T8579] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 227.919527][ T5848] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 227.933777][ T5848] ? kobject_add_internal+0x12d/0x990 [ 227.939220][ T5848] ? srso_alias_return_thunk+0x5/0xfbef5 [ 227.944932][ T5848] ? do_raw_spin_unlock+0x172/0x230 [ 227.950224][ T5848] kobject_add_internal+0x2c8/0x990 [ 227.955480][ T5848] kobject_add+0x16f/0x240 [ 227.959953][ T5848] ? __pfx_kobject_add+0x10/0x10 [ 227.964939][ T5848] ? class_to_subsys+0x3e/0x160 [ 227.969839][ T5848] ? srso_alias_return_thunk+0x5/0xfbef5 [ 227.975513][ T5848] ? do_raw_spin_unlock+0x172/0x230 [ 227.980758][ T5848] ? srso_alias_return_thunk+0x5/0xfbef5 [ 227.986552][ T5848] ? kobject_put+0xab/0x5a0 [ 227.991101][ T5848] ? srso_alias_return_thunk+0x5/0xfbef5 [ 227.996778][ T5848] device_add+0x289/0x1a70 [ 228.001237][ T5848] ? __pfx_dev_set_name+0x10/0x10 [ 228.006312][ T5848] ? __pfx_device_add+0x10/0x10 [ 228.011232][ T5848] ? srso_alias_return_thunk+0x5/0xfbef5 [ 228.016914][ T5848] ? mgmt_send_event_skb+0x2f2/0x460 [ 228.022260][ T5848] hci_conn_add_sysfs+0x17e/0x230 [ 228.027324][ T5848] le_conn_complete_evt+0x1078/0x1d80 [ 228.032937][ T5848] ? srso_alias_return_thunk+0x5/0xfbef5 [ 228.038804][ T5848] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 228.044580][ T5848] ? trace_contention_end+0xea/0x140 [ 228.049994][ T5848] ? srso_alias_return_thunk+0x5/0xfbef5 [ 228.055679][ T5848] ? __mutex_lock+0x1a6/0x9c0 [ 228.060405][ T5848] hci_le_conn_complete_evt+0x23c/0x370 [ 228.066013][ T5848] hci_le_meta_evt+0x2e5/0x5d0 [ 228.070814][ T5848] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 228.076939][ T5848] hci_event_packet+0x669/0x1180 [ 228.081930][ T5848] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 228.087248][ T5848] ? __pfx_hci_event_packet+0x10/0x10 [ 228.092667][ T5848] ? __entry_text_end+0x1020c5/0x1020c9 [ 228.098252][ T5848] ? mark_held_locks+0x9f/0xe0 [ 228.103050][ T5848] ? kcov_remote_start+0x3cf/0x6e0 [ 228.108219][ T5848] ? lockdep_hardirqs_on+0x7c/0x110 [ 228.113457][ T5848] ? srso_alias_return_thunk+0x5/0xfbef5 [ 228.119135][ T5848] hci_rx_work+0x2c6/0x1610 [ 228.123675][ T5848] ? lock_acquire+0x2f/0xb0 [ 228.128209][ T5848] ? process_one_work+0x921/0x1ba0 [ 228.133359][ T5848] process_one_work+0x9c8/0x1ba0 [ 228.138345][ T5848] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 228.144018][ T5848] ? __pfx_process_one_work+0x10/0x10 [ 228.149429][ T5848] ? srso_alias_return_thunk+0x5/0xfbef5 [ 228.155111][ T5848] ? srso_alias_return_thunk+0x5/0xfbef5 [ 228.160873][ T5848] ? assign_work+0x1a0/0x250 [ 228.165525][ T5848] worker_thread+0x6c8/0xf00 [ 228.170166][ T5848] ? __pfx_worker_thread+0x10/0x10 [ 228.175323][ T5848] kthread+0x2c4/0x3a0 [ 228.179433][ T5848] ? _raw_spin_unlock_irq+0x23/0x50 [ 228.184688][ T5848] ? __pfx_kthread+0x10/0x10 [ 228.189324][ T5848] ret_from_fork+0x48/0x80 [ 228.193771][ T5848] ? __pfx_kthread+0x10/0x10 [ 228.198406][ T5848] ret_from_fork_asm+0x1a/0x30 [ 228.203265][ T5848] [ 228.206384][ C0] vkms_vblank_simulate: vblank timer overrun [ 228.214719][ T5848] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 228.229647][ T5848] Bluetooth: hci0: failed to register connection device [ 228.247507][ T8579] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 228.256426][ T8579] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 228.272385][ T8] usb 10-1: USB disconnect, device number 2 [ 228.307181][ T5840] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 228.367012][ T8811] loop6: detected capacity change from 0 to 32768 [ 228.380938][ T8811] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.1013 (8811) [ 228.440957][ T8811] BTRFS info (device loop6): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 228.455565][ T8811] BTRFS info (device loop6): using crc32c (crc32c-intel) checksum algorithm [ 228.464845][ T8811] BTRFS info (device loop6): using free-space-tree [ 228.586868][ T29] audit: type=1326 audit(1731716432.081:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8829 comm="syz.8.1020" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2faef7e719 code=0x0 [ 228.673889][ T5852] Bluetooth: hci4: command tx timeout [ 228.765863][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 228.781291][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 228.808136][ T12] bridge_slave_1: left allmulticast mode [ 228.823326][ T12] bridge_slave_1: left promiscuous mode [ 228.833623][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 228.854870][ T12] bridge_slave_0: left allmulticast mode [ 228.860645][ T12] bridge_slave_0: left promiscuous mode [ 228.868856][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 228.909395][ T6536] BTRFS info (device loop6): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 229.677715][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 229.712741][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 229.738582][ T12] bond0 (unregistering): Released all slaves [ 229.821892][ T8800] chnl_net:caif_netlink_parms(): no params data found [ 230.753566][ T5852] Bluetooth: hci4: command tx timeout [ 230.768605][ T8878] netlink: 209852 bytes leftover after parsing attributes in process `syz.5.1033'. [ 230.797152][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 230.811914][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 230.819066][ T8878] openvswitch: netlink: VXLAN extension 45 out of range max 1 [ 230.903353][ T5939] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 231.112201][ T5939] usb 7-1: New USB device found, idVendor=2770, idProduct=9052, bcdDevice=15.f5 [ 231.130039][ T5939] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 231.156098][ T5939] usb 7-1: Product: syz [ 231.160344][ T5939] usb 7-1: Manufacturer: syz [ 231.176289][ T5939] usb 7-1: SerialNumber: syz [ 231.243782][ T5939] usb 7-1: config 0 descriptor?? [ 231.282441][ T8891] vxcan1: tx address claim with dest, not broadcast [ 231.285554][ T5939] gspca_main: sq905c-2.14.0 probing 2770:9052 [ 231.361801][ T12] hsr_slave_0: left promiscuous mode [ 231.464521][ T12] hsr_slave_1: left promiscuous mode [ 231.492707][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 231.532873][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 231.572432][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 231.694544][ T12] veth1_macvtap: left promiscuous mode [ 231.700275][ T12] veth0_macvtap: left promiscuous mode [ 231.710511][ T12] veth1_vlan: left promiscuous mode [ 231.723391][ T12] veth0_vlan: left promiscuous mode [ 231.874082][ T9] usb 10-1: new high-speed USB device number 3 using dummy_hcd [ 232.036619][ T9] usb 10-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 232.057541][ T9] usb 10-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 232.073509][ T8913] binder: 8912:8913 ioctl 40046205 0 returned -22 [ 232.090195][ T9] usb 10-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 232.100421][ T8913] binder: 8912:8913 ioctl c0306201 20000040 returned -11 [ 232.106881][ T5939] usb 7-1: USB disconnect, device number 11 [ 232.123795][ T9] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 232.157416][ T8903] raw-gadget.1 gadget.9: fail, usb_ep_enable returned -22 [ 232.171681][ T9] usb 10-1: Quirk or no altset; falling back to MIDI 1.0 [ 232.394921][ T8918] xt_CT: You must specify a L4 protocol and not use inversions on it [ 232.462833][ T5939] usb 10-1: USB disconnect, device number 3 [ 232.834865][ T5903] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 232.842554][ T5852] Bluetooth: hci4: command tx timeout [ 233.003319][ T5903] usb 5-1: Using ep0 maxpacket: 32 [ 233.025100][ T5903] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 233.059243][ T5903] usb 5-1: config 0 has no interface number 0 [ 233.084154][ T5903] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 233.104037][ T5903] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 233.112124][ T5903] usb 5-1: Product: syz [ 233.143821][ T5903] usb 5-1: Manufacturer: syz [ 233.153371][ T5903] usb 5-1: SerialNumber: syz [ 233.179952][ T5903] usb 5-1: config 0 descriptor?? [ 233.191876][ T5903] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 233.216956][ T8936] loop5: detected capacity change from 0 to 4096 [ 233.228399][ T8936] ntfs3(loop5): Different NTFS sector size (2048) and media sector size (512). [ 233.419004][ T5903] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 233.480626][ T5903] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 233.504262][ T8940] loop8: detected capacity change from 0 to 512 [ 233.596150][ T8940] EXT4-fs error (device loop8): ext4_validate_block_bitmap:431: comm syz.8.1058: bg 0: block 5: invalid block bitmap [ 233.683310][ T8940] EXT4-fs error (device loop8) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 233.726426][ T8940] EXT4-fs error (device loop8): ext4_free_branches:1020: inode #11: comm syz.8.1058: invalid indirect mapped block 3 (level 2) [ 233.782351][ T8940] EXT4-fs (loop8): 1 orphan inode deleted [ 233.799750][ T8940] EXT4-fs (loop8): 1 truncate cleaned up [ 233.821647][ T8940] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 233.839417][ T8932] loop6: detected capacity change from 0 to 32768 [ 233.858353][ T8932] XFS: attr2 mount option is deprecated. [ 233.895448][ T5904] usb 5-1: USB disconnect, device number 3 [ 233.900566][ C0] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 233.906201][ T5904] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 233.922173][ T8940] EXT4-fs error (device loop8): empty_inline_dir:1848: inode #12: block 7: comm syz.8.1058: bad entry in directory: rec_len % 4 != 0 - offset=4, inode=4278190093, rec_len=255, size=60 fake=0 [ 233.941608][ C1] vkms_vblank_simulate: vblank timer overrun [ 233.953902][ T5904] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 233.966772][ T5904] quatech2 5-1:0.51: device disconnected [ 233.986353][ T8932] XFS (loop6): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 234.002094][ T8940] EXT4-fs warning (device loop8): empty_inline_dir:1851: bad inline directory (dir #12) - inode 4278190093, rec_len 255, name_len 0inline size 60 [ 234.006098][ T12] team0 (unregistering): Port device team_slave_1 removed [ 234.083821][ T8932] XFS (loop6): Ending clean mount [ 234.097355][ T8932] XFS (loop6): Quotacheck needed: Please wait. [ 234.172921][ T8932] XFS (loop6): Quotacheck: Done. [ 234.187622][ T12] team0 (unregistering): Port device team_slave_0 removed [ 234.241171][ T7560] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 234.370899][ T6536] XFS (loop6): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 234.562599][ T8964] loop4: detected capacity change from 0 to 128 [ 234.571308][ T8964] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (16076!=39978) [ 234.625689][ T8964] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 ro without journal. Quota mode: none. [ 234.760308][ T8579] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 234.914102][ T5852] Bluetooth: hci4: command tx timeout [ 234.936158][ T29] audit: type=1326 audit(1731716438.421:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8971 comm="syz.4.1067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5ea97e719 code=0x7ffc0000 [ 234.958475][ C1] vkms_vblank_simulate: vblank timer overrun [ 234.975281][ T29] audit: type=1326 audit(1731716438.441:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8971 comm="syz.4.1067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5ea97e719 code=0x7ffc0000 [ 234.998274][ T29] audit: type=1326 audit(1731716438.441:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8971 comm="syz.4.1067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe5ea97e719 code=0x7ffc0000 [ 235.021027][ T29] audit: type=1326 audit(1731716438.441:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8971 comm="syz.4.1067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5ea97e719 code=0x7ffc0000 [ 235.043635][ C1] vkms_vblank_simulate: vblank timer overrun [ 235.050430][ T29] audit: type=1326 audit(1731716438.441:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8971 comm="syz.4.1067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5ea97e719 code=0x7ffc0000 [ 235.072780][ C1] vkms_vblank_simulate: vblank timer overrun [ 235.079871][ T29] audit: type=1326 audit(1731716438.441:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8971 comm="syz.4.1067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=8 compat=0 ip=0x7fe5ea97e719 code=0x7ffc0000 [ 235.102636][ T29] audit: type=1326 audit(1731716438.441:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8971 comm="syz.4.1067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5ea97e719 code=0x7ffc0000 [ 235.124994][ C1] vkms_vblank_simulate: vblank timer overrun [ 235.131640][ T29] audit: type=1326 audit(1731716438.441:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8971 comm="syz.4.1067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5ea97e719 code=0x7ffc0000 [ 235.154526][ T29] audit: type=1326 audit(1731716438.441:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8971 comm="syz.4.1067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=78 compat=0 ip=0x7fe5ea97e719 code=0x7ffc0000 [ 235.176691][ C1] vkms_vblank_simulate: vblank timer overrun [ 235.183422][ T29] audit: type=1326 audit(1731716438.441:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8971 comm="syz.4.1067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5ea97e719 code=0x7ffc0000 [ 235.469691][ T8800] bridge0: port 1(bridge_slave_0) entered blocking state [ 235.477223][ T8800] bridge0: port 1(bridge_slave_0) entered disabled state [ 235.484743][ T8800] bridge_slave_0: entered allmulticast mode [ 235.491951][ T8800] bridge_slave_0: entered promiscuous mode [ 235.512125][ T8966] netlink: 156 bytes leftover after parsing attributes in process `syz.5.1065'. [ 235.516891][ T8979] loop4: detected capacity change from 0 to 4096 [ 235.532228][ T8966] netlink: 'syz.5.1065': attribute type 2 has an invalid length. [ 235.551341][ T8966] netlink: 60 bytes leftover after parsing attributes in process `syz.5.1065'. [ 235.592135][ T8800] bridge0: port 2(bridge_slave_1) entered blocking state [ 235.613916][ T8800] bridge0: port 2(bridge_slave_1) entered disabled state [ 235.642377][ T8800] bridge_slave_1: entered allmulticast mode [ 235.667442][ T8800] bridge_slave_1: entered promiscuous mode [ 235.913770][ T8800] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 235.976091][ T8800] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 236.227122][ T8800] team0: Port device team_slave_0 added [ 236.241851][ T9001] netlink: 209852 bytes leftover after parsing attributes in process `syz.6.1081'. [ 236.257208][ T8800] team0: Port device team_slave_1 added [ 236.285986][ T9001] openvswitch: netlink: Multiple metadata blocks provided [ 236.301859][ T9003] loop6: detected capacity change from 0 to 7 [ 236.321795][ T9003] buffer_io_error: 4 callbacks suppressed [ 236.321817][ T9003] Buffer I/O error on dev loop6, logical block 0, async page read [ 236.393589][ T9003] Buffer I/O error on dev loop6, logical block 0, async page read [ 236.409890][ T8800] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 236.423656][ T9003] Buffer I/O error on dev loop6, logical block 0, async page read [ 236.431948][ T8800] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 236.432002][ T8800] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 236.442182][ T8800] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 236.457960][ C1] vkms_vblank_simulate: vblank timer overrun [ 236.473269][ T9003] Buffer I/O error on dev loop6, logical block 0, async page read [ 236.492694][ T8800] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 236.520001][ T8800] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 236.551749][ T9003] Buffer I/O error on dev loop6, logical block 0, async page read [ 236.561806][ T9003] Buffer I/O error on dev loop6, logical block 0, async page read [ 236.608784][ T9003] Buffer I/O error on dev loop6, logical block 0, async page read [ 236.621057][ T9003] ldm_validate_partition_table(): Disk read failed. [ 236.639061][ T9003] Buffer I/O error on dev loop6, logical block 0, async page read [ 236.649203][ T9003] Buffer I/O error on dev loop6, logical block 0, async page read [ 236.657306][ T9003] Buffer I/O error on dev loop6, logical block 0, async page read [ 236.681873][ T9013] netlink: 'syz.4.1087': attribute type 11 has an invalid length. [ 236.713552][ T9003] Dev loop6: unable to read RDB block 0 [ 236.743448][ T9003] loop6: unable to read partition table [ 236.749278][ T9003] loop6: partition table beyond EOD, truncated [ 236.794483][ T9003] loop_reread_partitions: partition scan of loop6 (þ被xüŸÑø éÚ¬§½dƤ´à–ƒÝ¡¯¨â·û [ 236.794483][ T9003] ) failed (rc=-5) [ 236.827266][ T8800] hsr_slave_0: entered promiscuous mode [ 236.903571][ T8800] hsr_slave_1: entered promiscuous mode [ 236.947548][ T8800] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 236.955925][ T8800] Cannot create hsr debugfs directory [ 236.977388][ T9019] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1091'. [ 237.076552][ T9027] loop6: detected capacity change from 0 to 256 [ 237.078694][ T12] IPVS: stop unused estimator thread 0... [ 237.127128][ T9028] loop5: detected capacity change from 0 to 256 [ 237.166558][ T9028] exFAT-fs (loop5): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 237.546649][ T9038] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 237.998311][ T8800] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 238.026588][ T9015] loop8: detected capacity change from 0 to 40427 [ 238.047928][ T8800] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 238.055541][ T9015] F2FS-fs (loop8): invalid crc value [ 238.066920][ T9015] F2FS-fs (loop8): Found nat_bits in checkpoint [ 238.094426][ T8800] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 238.122681][ T8800] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 238.342011][ T8800] 8021q: adding VLAN 0 to HW filter on device bond0 [ 238.344469][ T9015] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5 [ 238.365478][ T8800] 8021q: adding VLAN 0 to HW filter on device team0 [ 238.418038][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 238.425371][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 238.501272][ T9015] syz.8.1089: attempt to access beyond end of device [ 238.501272][ T9015] loop8: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 238.559626][ T1083] bridge0: port 2(bridge_slave_1) entered blocking state [ 238.566829][ T1083] bridge0: port 2(bridge_slave_1) entered forwarding state [ 238.692836][ T9015] F2FS-fs (loop8): Stopped filesystem due to reason: 3 [ 238.712780][ T9039] loop4: detected capacity change from 0 to 40427 [ 238.744794][ T9039] F2FS-fs (loop4): Found nat_bits in checkpoint [ 238.799591][ T8800] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 239.055726][ T9039] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 239.374390][ T8579] syz-executor: attempt to access beyond end of device [ 239.374390][ T8579] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 239.429333][ T8579] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 239.439443][ T8800] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 239.509797][ T8800] veth0_vlan: entered promiscuous mode [ 239.523963][ T8800] veth1_vlan: entered promiscuous mode [ 239.557616][ T8800] veth0_macvtap: entered promiscuous mode [ 239.567313][ T8800] veth1_macvtap: entered promiscuous mode [ 239.589556][ T8800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 239.600149][ T8800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.611213][ T8800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 239.622216][ T8800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.632846][ T8800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 239.645243][ T8800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.655364][ T8800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 239.673892][ T8800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.683861][ T8800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 239.694526][ T8800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.706011][ T8800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 239.716861][ T8800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.728968][ T8800] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 239.767406][ T8800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 239.783287][ T8800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.794026][ T8800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 239.809466][ T8800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.819493][ T8800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 239.830742][ T8800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.841347][ T8800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 239.852554][ T8800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.863234][ T8800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 239.876444][ T8800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.887256][ T8800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 239.897801][ T8800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.909542][ T8800] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 239.921375][ T8800] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.930182][ T8800] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.940240][ T8800] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.950499][ T8800] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.972573][ T9044] loop6: detected capacity change from 0 to 40427 [ 239.997408][ T9044] F2FS-fs (loop6): build fault injection attr: rate: 690, type: 0x1fffff [ 240.016381][ T9054] loop9: detected capacity change from 0 to 32768 [ 240.030324][ T9054] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop9 (7:9) scanned by syz.9.1104 (9054) [ 240.033262][ T9044] F2FS-fs (loop6): Image doesn't support compression [ 240.065131][ T9054] BTRFS info (device loop9): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 240.088486][ T9054] BTRFS info (device loop9): using crc32c (crc32c-intel) checksum algorithm [ 240.120194][ T1149] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 240.132966][ T1083] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 240.134548][ T9044] F2FS-fs (loop6): Image doesn't support compression [ 240.149024][ T9044] F2FS-fs (loop6): build fault injection attr: rate: 0, type: 0x4 [ 240.158317][ T9054] BTRFS info (device loop9): using free-space-tree [ 240.158884][ T9044] F2FS-fs (loop6): invalid crc value [ 240.171804][ T1083] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 240.175238][ T1149] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 240.182300][ T9044] F2FS-fs (loop6): Found nat_bits in checkpoint [ 240.474562][ T9044] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 240.475869][ T9078] loop4: detected capacity change from 0 to 1024 [ 240.500193][ T9078] EXT4-fs: Ignoring removed orlov option [ 240.509331][ T9078] EXT4-fs (loop4): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 240.561936][ T9044] syz.6.1112: attempt to access beyond end of device [ 240.561936][ T9044] loop6: rw=0, sector=77824, nr_sectors = 8 limit=40427 [ 240.614981][ T29] kauditd_printk_skb: 2 callbacks suppressed [ 240.615008][ T29] audit: type=1800 audit(1731716444.051:152): pid=9044 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1112" name="bus" dev="loop6" ino=10 res=0 errno=0 [ 240.662753][ T6536] syz-executor: attempt to access beyond end of device [ 240.662753][ T6536] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 240.678061][ T6536] F2FS-fs (loop6): Stopped filesystem due to reason: 3 [ 240.740453][ T9078] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 240.924215][ T9109] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1118'. [ 241.171430][ T8579] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 241.233810][ T7897] BTRFS info (device loop9): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 241.660432][ T9122] loop1: detected capacity change from 0 to 256 [ 241.764785][ T9122] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 241.848733][ T9130] loop9: detected capacity change from 0 to 64 [ 241.945147][ T29] audit: type=1800 audit(1731716445.441:153): pid=9122 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1125" name="file1" dev="loop1" ino=1048648 res=0 errno=0 [ 241.974474][ T9128] loop5: detected capacity change from 0 to 2048 [ 241.992720][ T9128] EXT4-fs (loop5): Invalid log block size: 196609 [ 242.231499][ T9144] loop1: detected capacity change from 0 to 1024 [ 242.247267][ T9145] loop4: detected capacity change from 0 to 256 [ 242.384929][ T9144] hfsplus: request for non-existent node 134217728 in B*Tree [ 242.422373][ T9144] hfsplus: request for non-existent node 134217728 in B*Tree [ 242.563283][ T47] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 242.759244][ T47] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 242.804948][ T47] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 242.831407][ T47] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 242.868240][ T47] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 242.908766][ T9150] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 242.933299][ T5939] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 242.968340][ T47] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 243.062976][ T1083] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 243.115817][ T5939] usb 2-1: New USB device found, idVendor=05ac, idProduct=0290, bcdDevice=dc.1b [ 243.133299][ T5939] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 243.172502][ T5939] usb 2-1: config 0 descriptor?? [ 243.215833][ T5939] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input18 [ 243.299242][ T1083] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 243.359383][ T9] usb 6-1: USB disconnect, device number 11 [ 243.450037][ T5959] usb 2-1: USB disconnect, device number 3 [ 243.486231][ T1083] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 243.533364][ T5939] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 243.639859][ T1083] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 243.698028][ T5939] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 243.720680][ T5939] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 243.739365][ T5939] usb 7-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 243.760479][ T5848] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 243.771148][ T5848] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 243.775057][ T5939] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 243.787641][ T5848] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 243.800006][ T5848] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 243.808895][ T5848] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 243.816528][ T5848] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 243.820766][ T5939] usb 7-1: config 0 descriptor?? [ 243.835410][ T1083] bridge_slave_1: left allmulticast mode [ 243.841192][ T1083] bridge_slave_1: left promiscuous mode [ 243.853540][ T1083] bridge0: port 2(bridge_slave_1) entered disabled state [ 243.881891][ T1083] bridge_slave_0: left allmulticast mode [ 243.913870][ T1083] bridge_slave_0: left promiscuous mode [ 243.947179][ T1083] bridge0: port 1(bridge_slave_0) entered disabled state [ 243.952983][ T9178] loop9: detected capacity change from 0 to 2048 [ 244.030037][ T9180] xt_CT: You must specify a L4 protocol and not use inversions on it [ 244.072745][ T9183] NILFS (loop9): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 244.255244][ T9178] syz.9.1150: attempt to access beyond end of device [ 244.255244][ T9178] loop9: rw=0, sector=19791209300040, nr_sectors = 2 limit=2048 [ 244.293606][ T9178] NILFS (loop9): I/O error reading meta-data file (ino=6, block-offset=1) [ 244.307949][ T5939] hid-thrustmaster 0003:044F:B65D.0008: unknown main item tag 0x0 [ 244.312505][ T9186] syz.9.1150: attempt to access beyond end of device [ 244.312505][ T9186] loop9: rw=0, sector=19791209300040, nr_sectors = 2 limit=2048 [ 244.355542][ T5939] hid-thrustmaster 0003:044F:B65D.0008: hidraw0: USB HID v0.00 Device [HID 044f:b65d] on usb-dummy_hcd.6-1/input0 [ 244.370073][ T9186] NILFS (loop9): I/O error reading meta-data file (ino=6, block-offset=1) [ 244.379703][ T9190] netlink: 20 bytes leftover after parsing attributes in process `syz.8.1155'. [ 244.384573][ T5939] hid-thrustmaster 0003:044F:B65D.0008: Wrong number of endpoints? [ 244.512976][ T9183] NILFS (loop9): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 244.543659][ T9183] NILFS error (device loop9): nilfs_bmap_propagate: broken bmap (inode number=4) [ 244.585900][ C1] hid-thrustmaster 0003:044F:B65D.0008: Unknown packet type 0x0, unable to proceed further with wheel init [ 244.599367][ T9183] Remounting filesystem read-only [ 244.616700][ T9194] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1156'. [ 244.731960][ T9196] loop9: detected capacity change from 0 to 256 [ 244.739807][ T9196] exfat: Deprecated parameter 'utf8' [ 244.745402][ T9196] exfat: Deprecated parameter 'utf8' [ 244.760671][ T9196] exFAT-fs (loop9): failed to load upcase table (idx : 0x00010000, chksum : 0xfc5055c6, utbl_chksum : 0xe619d30d) [ 244.804564][ T5903] usb 7-1: USB disconnect, device number 12 [ 245.051300][ T9185] loop5: detected capacity change from 0 to 32768 [ 245.058856][ T9185] XFS: ikeep mount option is deprecated. [ 245.103380][ T9185] XFS (loop5): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 245.162086][ T9185] XFS (loop5): Ending clean mount [ 245.169529][ T9185] XFS (loop5): Quotacheck needed: Please wait. [ 245.226663][ T9185] XFS (loop5): Quotacheck: Done. [ 245.248008][ T1083] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 245.265519][ T1083] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 245.280139][ T1083] bond0 (unregistering): Released all slaves [ 245.339697][ T9207] IPVS: sync thread started: state = MASTER, mcast_ifn = hsr0, syncid = 0, id = 0 [ 245.513607][ T5840] XFS (loop5): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 245.743746][ T5959] usb 10-1: new high-speed USB device number 4 using dummy_hcd [ 245.954027][ T5848] Bluetooth: hci1: command tx timeout [ 245.964144][ T5959] usb 10-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 245.983191][ T5959] usb 10-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 246.033292][ T5959] usb 10-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 246.070108][ T5959] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 246.133715][ T9209] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22 [ 246.147235][ T5959] usb 10-1: Quirk or no altset; falling back to MIDI 1.0 [ 246.289445][ T1083] hsr_slave_0: left promiscuous mode [ 246.302518][ T1083] hsr_slave_1: left promiscuous mode [ 246.418604][ T1083] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 246.433599][ T1083] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 246.465670][ T1083] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 246.480994][ T1083] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 246.568063][ T9220] loop1: detected capacity change from 0 to 40427 [ 246.706272][ T9220] F2FS-fs (loop1): build fault injection attr: rate: 690, type: 0x1fffff [ 246.728961][ T1083] veth1_macvtap: left promiscuous mode [ 246.734998][ T1083] veth0_macvtap: left promiscuous mode [ 246.740901][ T1083] veth1_vlan: left promiscuous mode [ 246.746460][ T1083] veth0_vlan: left promiscuous mode [ 246.793804][ T5939] usb 10-1: USB disconnect, device number 4 [ 246.879651][ T9232] loop6: detected capacity change from 0 to 40427 [ 246.903735][ T9220] F2FS-fs (loop1): Image doesn't support compression [ 246.905896][ T9232] F2FS-fs (loop6): Small segment_count (9 < 1 * 24) [ 246.919790][ T9220] F2FS-fs (loop1): Image doesn't support compression [ 246.927579][ T9232] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock [ 246.935534][ T9220] F2FS-fs (loop1): build fault injection attr: rate: 0, type: 0x4 [ 246.956063][ T9232] F2FS-fs (loop6): Found nat_bits in checkpoint [ 246.982811][ T9220] F2FS-fs (loop1): invalid crc value [ 247.038732][ T9220] F2FS-fs (loop1): Found nat_bits in checkpoint [ 247.090084][ T9232] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0 [ 247.119496][ T9220] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 247.127964][ T9232] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 247.162340][ T29] audit: type=1800 audit(1731716450.651:154): pid=9220 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1165" name="bus" dev="loop1" ino=10 res=0 errno=0 [ 247.206153][ T29] audit: type=1800 audit(1731716450.691:155): pid=9220 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1165" name="bus" dev="loop1" ino=10 res=0 errno=0 [ 247.381668][ T6536] syz-executor: attempt to access beyond end of device [ 247.381668][ T6536] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 247.404597][ T8800] syz-executor: attempt to access beyond end of device [ 247.404597][ T8800] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 247.433028][ T6536] F2FS-fs (loop6): Stopped filesystem due to reason: 3 [ 247.443529][ T8800] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 248.033311][ T5848] Bluetooth: hci1: command tx timeout [ 248.300636][ T1083] team0 (unregistering): Port device team_slave_1 removed [ 248.355414][ T1083] team0 (unregistering): Port device team_slave_0 removed [ 249.031438][ T9173] chnl_net:caif_netlink_parms(): no params data found [ 249.960597][ T9273] loop9: detected capacity change from 0 to 40427 [ 249.975390][ T9173] bridge0: port 1(bridge_slave_0) entered blocking state [ 249.975944][ T9273] F2FS-fs (loop9): build fault injection attr: rate: 690, type: 0x1fffff [ 249.991357][ T9273] F2FS-fs (loop9): Image doesn't support compression [ 249.998315][ T9273] F2FS-fs (loop9): Image doesn't support compression [ 250.006094][ T9273] F2FS-fs (loop9): build fault injection attr: rate: 0, type: 0x4 [ 250.023289][ T9173] bridge0: port 1(bridge_slave_0) entered disabled state [ 250.036233][ T9173] bridge_slave_0: entered allmulticast mode [ 250.043636][ T9173] bridge_slave_0: entered promiscuous mode [ 250.052674][ T9173] bridge0: port 2(bridge_slave_1) entered blocking state [ 250.059919][ T9173] bridge0: port 2(bridge_slave_1) entered disabled state [ 250.067955][ T9173] bridge_slave_1: entered allmulticast mode [ 250.076094][ T9173] bridge_slave_1: entered promiscuous mode [ 250.110106][ T9273] F2FS-fs (loop9): invalid crc value [ 250.129094][ T5848] Bluetooth: hci1: command tx timeout [ 250.175117][ T9273] F2FS-fs (loop9): Found nat_bits in checkpoint [ 250.277003][ T9173] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 250.290084][ T9173] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 250.350293][ T9304] netlink: 209844 bytes leftover after parsing attributes in process `syz.6.1196'. [ 250.705285][ T9302] loop8: detected capacity change from 0 to 32768 [ 250.708297][ T9173] team0: Port device team_slave_0 added [ 250.719294][ T9273] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5 [ 250.786900][ T9173] team0: Port device team_slave_1 added [ 250.858573][ T29] audit: type=1800 audit(1731716454.351:156): pid=9273 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.1185" name="bus" dev="loop9" ino=10 res=0 errno=0 [ 250.907529][ T9173] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 250.924843][ T9173] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 250.928443][ T9291] loop5: detected capacity change from 0 to 32768 [ 250.950971][ C0] vkms_vblank_simulate: vblank timer overrun [ 250.961054][ T9173] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 250.968807][ T29] audit: type=1800 audit(1731716454.421:157): pid=9273 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.1185" name="bus" dev="loop9" ino=10 res=0 errno=0 [ 251.025062][ T9173] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 251.039926][ T9302] XFS (loop8): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 251.053576][ T9173] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 251.080996][ T9173] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 251.093454][ T5939] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 251.130233][ T7897] syz-executor: attempt to access beyond end of device [ 251.130233][ T7897] loop9: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 251.145348][ T7897] F2FS-fs (loop9): Stopped filesystem due to reason: 3 [ 251.303469][ T5939] usb 2-1: Using ep0 maxpacket: 16 [ 251.307053][ T9173] hsr_slave_0: entered promiscuous mode [ 251.392832][ T9173] hsr_slave_1: entered promiscuous mode [ 251.400258][ T5939] usb 2-1: config 0 has an invalid interface number: 105 but max is 0 [ 251.411860][ T5939] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 251.432308][ T5939] usb 2-1: config 0 has no interface number 0 [ 251.445124][ T9302] XFS (loop8): Ending clean mount [ 251.451147][ T9173] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 251.453889][ T5939] usb 2-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 251.459361][ T9173] Cannot create hsr debugfs directory [ 251.505882][ T9302] XFS (loop8): Quotacheck needed: Please wait. [ 251.513313][ T5939] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 251.521352][ T5939] usb 2-1: Product: syz [ 251.533213][ T5939] usb 2-1: Manufacturer: syz [ 251.537935][ T5939] usb 2-1: SerialNumber: syz [ 251.562619][ T5939] usb 2-1: config 0 descriptor?? [ 251.570216][ T9302] XFS (loop8): Quotacheck: Done. [ 251.675196][ T9329] loop5: detected capacity change from 0 to 16 [ 251.691874][ T7560] XFS (loop8): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 251.724501][ T9329] erofs: (device loop5): mounted with root inode @ nid 36. [ 251.914408][ T5939] usb 2-1: Found UVC 0.00 device syz (046d:08f3) [ 251.921121][ T5939] usb 2-1: No valid video chain found. [ 251.977918][ T5939] usb 2-1: USB disconnect, device number 4 [ 252.193406][ T5848] Bluetooth: hci1: command tx timeout [ 252.397852][ T9345] netlink: 'syz.6.1210': attribute type 10 has an invalid length. [ 252.472659][ T9345] syz_tun: entered promiscuous mode [ 252.515658][ T9345] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 252.788569][ T9173] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 252.877100][ T9173] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 252.967125][ T9173] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 253.012293][ T9173] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 253.060376][ T9354] loop9: detected capacity change from 0 to 32768 [ 253.067649][ T9354] XFS: ikeep mount option is deprecated. [ 253.224371][ T9354] XFS (loop9): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 253.409369][ T9173] 8021q: adding VLAN 0 to HW filter on device bond0 [ 253.446363][ T9173] 8021q: adding VLAN 0 to HW filter on device team0 [ 253.488852][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 253.496029][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 253.538776][ T9354] XFS (loop9): Ending clean mount [ 253.567191][ T9354] XFS (loop9): Quotacheck needed: Please wait. [ 253.598287][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 253.605557][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 253.642085][ T9354] XFS (loop9): Quotacheck: Done. [ 253.757318][ T9173] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 253.968641][ T7897] XFS (loop9): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 254.379596][ T9173] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 254.483404][ T47] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 254.683513][ T47] usb 6-1: Using ep0 maxpacket: 32 [ 254.691786][ T47] usb 6-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 254.708694][ T9361] loop6: detected capacity change from 0 to 32768 [ 254.741187][ T47] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 254.764356][ T9361] XFS: ikeep mount option is deprecated. [ 254.769378][ T9366] loop8: detected capacity change from 0 to 40427 [ 254.777345][ T47] usb 6-1: config 0 descriptor?? [ 254.780778][ T47] gspca_main: sunplus-2.14.0 probing 041e:400b [ 254.824255][ T9366] F2FS-fs (loop8): build fault injection attr: rate: 690, type: 0x1fffff [ 254.832888][ T9366] F2FS-fs (loop8): Image doesn't support compression [ 254.922727][ T9366] F2FS-fs (loop8): heap/no_heap options were deprecated [ 254.930330][ T9366] F2FS-fs (loop8): Image doesn't support compression [ 254.943772][ T9366] F2FS-fs (loop8): invalid crc value [ 254.959966][ T9361] XFS (loop6): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 254.978343][ T9366] F2FS-fs (loop8): Found nat_bits in checkpoint [ 255.225721][ T9405] serio: Serial port ptm0 [ 255.268041][ T9361] XFS (loop6): Ending clean mount [ 255.290769][ T9361] XFS (loop6): Quotacheck needed: Please wait. [ 255.331522][ T9366] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5 [ 255.369606][ T9173] veth0_vlan: entered promiscuous mode [ 255.420676][ T9173] veth1_vlan: entered promiscuous mode [ 255.436285][ T9361] XFS (loop6): Quotacheck: Done. [ 255.494478][ T9366] F2FS-fs (loop8): inject alloc nid in f2fs_alloc_nid of f2fs_get_dnode_of_data+0x425/0x2110 [ 255.608919][ T9173] veth0_macvtap: entered promiscuous mode [ 255.637558][ T9173] veth1_macvtap: entered promiscuous mode [ 255.647949][ T6536] XFS (loop6): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 255.657929][ T9173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 255.668799][ T9173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.679001][ T9173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 255.690306][ T9173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.701055][ T9173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 255.711940][ T9173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.722132][ T9173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 255.733331][ T9173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.743342][ T9173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 255.753965][ T9173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.763935][ T9173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 255.775360][ T9173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.788453][ T9173] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 255.802916][ T9173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 255.813875][ T9173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.823958][ T9173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 255.834468][ T9173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.844194][ T7560] syz-executor: attempt to access beyond end of device [ 255.844194][ T7560] loop8: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 255.844364][ T9173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 255.859530][ T7560] F2FS-fs (loop8): Stopped filesystem due to reason: 3 [ 255.868942][ T9173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.868972][ T9173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 255.869000][ T9173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.869027][ T9173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 255.869055][ T9173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.927964][ T9173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 255.938516][ T9173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.950151][ T9173] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 255.954074][ T7560] F2FS-fs (loop8): Stopped filesystem due to reason: 3 [ 255.960822][ T9173] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.973038][ T9173] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.981948][ T9173] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.991163][ T9173] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 256.124902][ T47] gspca_sunplus: reg_w_riv err -71 [ 256.130148][ T47] sunplus 6-1:0.0: probe with driver sunplus failed with error -71 [ 256.236793][ T47] usb 6-1: USB disconnect, device number 12 [ 256.401791][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 256.450358][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 256.550835][ T2987] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 256.584086][ T2987] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 257.373963][ T5959] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 257.605461][ T9423] loop1: detected capacity change from 0 to 32768 [ 257.703612][ T5959] usb 7-1: Using ep0 maxpacket: 16 [ 257.714050][ T5959] usb 7-1: config 0 has an invalid interface number: 251 but max is 0 [ 257.725026][ T5959] usb 7-1: config 0 has no interface number 0 [ 257.732065][ T5959] usb 7-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16 [ 257.771779][ T5959] usb 7-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 257.799409][ T5959] usb 7-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 257.853312][ T5959] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 257.903354][ T5959] usb 7-1: Product: syz [ 257.913342][ T5959] usb 7-1: Manufacturer: syz [ 257.950635][ T5959] usb 7-1: SerialNumber: syz [ 257.984162][ T5959] usb 7-1: config 0 descriptor?? [ 257.994012][ T9439] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 258.015749][ T9439] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 258.019239][ T9437] loop9: detected capacity change from 0 to 32768 [ 258.159115][ T9464] serio: Serial port ptm0 [ 258.285291][ T9439] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 258.524243][ T9439] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 258.567160][ T9437] XFS (loop9): Mounting V5 Filesystem ca7e2101-b8f1-4838-8e2d-7637b90620e6 [ 258.905134][ T9437] XFS (loop9): Ending clean mount [ 258.912373][ T9437] XFS (loop9): Quotacheck needed: Please wait. [ 258.919484][ T9479] loop8: detected capacity change from 0 to 2048 [ 259.019748][ T9479] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 259.051658][ T5959] asix 7-1:0.251 (unnamed net_device) (uninitialized): Interface mode not supported by driver [ 259.078386][ T9437] XFS (loop9): Quotacheck: Done. [ 259.085914][ T5959] asix 7-1:0.251: probe with driver asix failed with error -524 [ 259.355707][ T7897] XFS (loop9): Unmounting Filesystem ca7e2101-b8f1-4838-8e2d-7637b90620e6 [ 259.414729][ T7560] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 259.424860][ T5959] usb 7-1: USB disconnect, device number 13 [ 259.796517][ T9500] netlink: 'syz.8.1257': attribute type 10 has an invalid length. [ 259.841964][ T9500] syz_tun: entered promiscuous mode [ 259.912897][ T9500] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 260.174651][ T9505] loop9: detected capacity change from 0 to 2048 [ 260.255030][ T9505] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 260.333362][ T5959] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 260.364128][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.370489][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 260.460163][ T9518] serio: Serial port ptm0 [ 260.533541][ T963] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 260.553365][ T5959] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 260.583590][ T5959] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 260.620187][ T5959] usb 8-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 260.649167][ T5959] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 260.702482][ T5959] usb 8-1: config 0 descriptor?? [ 260.819194][ T963] usb 2-1: config 246 has an invalid interface number: 166 but max is 0 [ 260.853243][ T963] usb 2-1: config 246 has no interface number 0 [ 260.859638][ T963] usb 2-1: config 246 interface 166 altsetting 118 has an endpoint descriptor with address 0xAA, changing to 0x8A [ 260.942670][ T963] usb 2-1: config 246 interface 166 altsetting 118 endpoint 0x8A has invalid wMaxPacketSize 0 [ 260.973304][ T963] usb 2-1: config 246 interface 166 has no altsetting 0 [ 260.974823][ T7897] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 261.000805][ T963] usb 2-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice= 9.63 [ 261.025362][ T963] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 261.044401][ T963] usb 2-1: Product: syz [ 261.048656][ T963] usb 2-1: Manufacturer: syz [ 261.096306][ T963] usb 2-1: SerialNumber: syz [ 261.131263][ T5959] isku 0003:1E7D:319C.0009: hidraw0: USB HID v0.00 Device [HID 1e7d:319c] on usb-dummy_hcd.7-1/input0 [ 261.483698][ T1149] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 261.525723][ T9507] loop6: detected capacity change from 0 to 32768 [ 261.572131][ T5959] usb 8-1: USB disconnect, device number 3 [ 261.627049][ T9507] XFS (loop6): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 261.833550][ T963] usb 2-1: Limiting number of CPorts to U8_MAX [ 261.843260][ T963] usb 2-1: Unknown endpoint type found, address 0x0b [ 261.850268][ T963] usb 2-1: Not enough endpoints found in device, aborting! [ 261.901093][ T1149] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 262.123935][ T9] usb 2-1: USB disconnect, device number 5 [ 262.129806][ T9523] loop8: detected capacity change from 0 to 32768 [ 262.130582][ T9523] XFS: ikeep mount option is deprecated. [ 262.159369][ T5852] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 262.184811][ T5852] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 262.202407][ T5852] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 262.206441][ T9507] XFS (loop6): Ending clean mount [ 262.221820][ T9523] XFS (loop8): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 262.222474][ T5852] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 262.240451][ T5852] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 262.247869][ T5852] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 262.295215][ T1149] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 262.323522][ T9507] XFS (loop6): Quotacheck needed: Please wait. [ 262.381155][ T9523] XFS (loop8): Ending clean mount [ 262.383357][ T9507] XFS (loop6): Quotacheck: Done. [ 262.392930][ T9523] XFS (loop8): Quotacheck needed: Please wait. [ 262.521468][ T9550] loop7: detected capacity change from 0 to 16 [ 262.600915][ T9523] XFS (loop8): Quotacheck: Done. [ 262.637913][ T9550] erofs: (device loop7): mounted with root inode @ nid 36. [ 262.723223][ T6536] XFS (loop6): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 262.844389][ T7560] XFS (loop8): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 263.015760][ T9556] loop7: detected capacity change from 0 to 64 [ 263.172328][ T1149] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 263.259284][ T9562] loop5: detected capacity change from 0 to 2048 [ 263.302288][ T9562] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 263.406824][ T9568] loop7: detected capacity change from 0 to 128 [ 263.508662][ T9537] chnl_net:caif_netlink_parms(): no params data found [ 263.645068][ T9568] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 263.674805][ T9568] ext4 filesystem being mounted at /11/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 263.906722][ T9582] netlink: 'syz.5.1287': attribute type 1 has an invalid length. [ 263.929125][ T9582] netlink: 56 bytes leftover after parsing attributes in process `syz.5.1287'. [ 264.071056][ T9173] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 264.263408][ T1149] team0: left allmulticast mode [ 264.268546][ T1149] team_slave_0: left allmulticast mode [ 264.275104][ T1149] team_slave_1: left allmulticast mode [ 264.293911][ T1149] team0: left promiscuous mode [ 264.298747][ T1149] team_slave_0: left promiscuous mode [ 264.302171][ T5852] Bluetooth: hci5: command tx timeout [ 264.322901][ T1149] team_slave_1: left promiscuous mode [ 264.328734][ T1149] bridge0: port 3(team0) entered disabled state [ 264.356959][ T1149] bridge_slave_1: left allmulticast mode [ 264.379065][ T1149] bridge_slave_1: left promiscuous mode [ 264.385564][ T1149] bridge0: port 2(bridge_slave_1) entered disabled state [ 264.429979][ T9594] netlink: 'syz.6.1292': attribute type 1 has an invalid length. [ 264.450527][ T1149] bridge_slave_0: left allmulticast mode [ 264.456380][ T1149] bridge_slave_0: left promiscuous mode [ 264.462094][ T1149] bridge0: port 1(bridge_slave_0) entered disabled state [ 264.463435][ T5959] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 264.470445][ T9594] netlink: 9352 bytes leftover after parsing attributes in process `syz.6.1292'. [ 264.500537][ T9594] netlink: 'syz.6.1292': attribute type 1 has an invalid length. [ 264.509748][ T9594] netlink: 'syz.6.1292': attribute type 2 has an invalid length. [ 264.518544][ T9594] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1292'. [ 264.625011][ T5959] usb 8-1: Using ep0 maxpacket: 32 [ 264.646761][ T5959] usb 8-1: config index 0 descriptor too short (expected 29220, got 36) [ 264.664706][ T5959] usb 8-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 264.692809][ T5959] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 264.721712][ T5959] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 264.755713][ T5959] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 264.788353][ T5959] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 264.817382][ T5959] usb 8-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 264.837073][ T5959] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 264.863006][ T5959] usb 8-1: config 0 descriptor?? [ 265.090217][ T5959] usblp 8-1:0.0: usblp0: USB Bidirectional printer dev 4 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 265.292805][ T5959] usb 8-1: USB disconnect, device number 4 [ 265.322556][ T5959] usblp0: removed [ 265.334879][ T9593] loop1: detected capacity change from 0 to 32768 [ 265.348665][ T9593] XFS: ikeep mount option is deprecated. [ 265.393600][ T9593] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 265.457694][ T9593] XFS (loop1): Ending clean mount [ 265.474843][ T9593] XFS (loop1): Quotacheck needed: Please wait. [ 265.542170][ T9593] XFS (loop1): Quotacheck: Done. [ 265.645834][ T8800] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 265.658761][ T1149] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 265.667887][ T963] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 265.702117][ T1149] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 265.722240][ T1149] bond0 (unregistering): Released all slaves [ 265.833965][ T9537] bridge0: port 1(bridge_slave_0) entered blocking state [ 265.847201][ T9537] bridge0: port 1(bridge_slave_0) entered disabled state [ 265.856773][ T1149] IPVS: stopping master sync thread 9207 ... [ 265.871967][ T9537] bridge_slave_0: entered allmulticast mode [ 265.883648][ T963] usb 7-1: Using ep0 maxpacket: 32 [ 265.891338][ T963] usb 7-1: config index 0 descriptor too short (expected 35577, got 27) [ 265.908803][ T963] usb 7-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 265.918911][ T9537] bridge_slave_0: entered promiscuous mode [ 265.933379][ T963] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 265.962923][ T963] usb 7-1: config 1 has no interface number 0 [ 265.972261][ T963] usb 7-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 266.024499][ T963] usb 7-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 266.069089][ T963] usb 7-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 266.081974][ T963] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 266.098633][ T963] snd_usb_pod 7-1:1.1: Line 6 Pocket POD found [ 266.116735][ C0] ================================================================== [ 266.122516][ T9627] syz.8.1304 uses obsolete (PF_INET,SOCK_PACKET) [ 266.124982][ C0] BUG: KASAN: use-after-free in __rhashtable_lookup.constprop.0+0x426/0x550 [ 266.140058][ C0] Read of size 4 at addr ffff888065178008 by task ksoftirqd/0/16 [ 266.147827][ C0] [ 266.150185][ C0] CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.12.0-rc7-syzkaller-00187-gf868cd251776 #0 [ 266.160819][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 266.170996][ C0] Call Trace: [ 266.174299][ C0] [ 266.177244][ C0] dump_stack_lvl+0x116/0x1f0 [ 266.182049][ C0] print_report+0xc3/0x620 [ 266.186515][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.192194][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.197882][ C0] ? __phys_addr+0xc6/0x150 [ 266.202526][ C0] kasan_report+0xd9/0x110 [ 266.206985][ C0] ? __rhashtable_lookup.constprop.0+0x426/0x550 [ 266.213364][ C0] ? __rhashtable_lookup.constprop.0+0x426/0x550 [ 266.219762][ C0] __rhashtable_lookup.constprop.0+0x426/0x550 [ 266.225969][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.231764][ C0] ? lock_acquire+0x2f/0xb0 [ 266.236299][ C0] ? ila_nf_input+0x1bd/0x620 [ 266.241017][ C0] ila_nf_input+0x1ee/0x620 [ 266.245563][ C0] ? __pfx_ila_nf_input+0x10/0x10 [ 266.250807][ C0] nf_hook_slow+0xbe/0x200 [ 266.255357][ C0] nf_hook.constprop.0+0x42e/0x750 [ 266.260523][ C0] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 266.265759][ C0] ? __pfx_nf_hook.constprop.0+0x10/0x10 [ 266.271453][ C0] ? sock_wfree+0x46a/0x880 [ 266.276087][ C0] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 266.281322][ C0] ? __pfx_ipv6_rcv+0x10/0x10 [ 266.286073][ C0] ipv6_rcv+0xa4/0x680 [ 266.290222][ C0] ? __pfx_ipv6_rcv+0x10/0x10 [ 266.294956][ C0] __netif_receive_skb_one_core+0x12e/0x1e0 [ 266.300897][ C0] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 266.307355][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.313115][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.319227][ C0] ? trace_lock_acquire+0x14a/0x1d0 [ 266.324562][ C0] ? process_backlog+0x3f1/0x15f0 [ 266.329621][ C0] ? process_backlog+0x3f1/0x15f0 [ 266.334767][ C0] __netif_receive_skb+0x1d/0x160 [ 266.340007][ C0] process_backlog+0x443/0x15f0 [ 266.344900][ C0] __napi_poll.constprop.0+0xba/0x550 [ 266.350310][ C0] net_rx_action+0xa92/0x1010 [ 266.355129][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 266.360386][ C0] ? __switch_to+0x749/0x1180 [ 266.365111][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.370784][ C0] ? sched_clock+0x38/0x60 [ 266.375277][ C0] ? sched_clock_cpu+0x6d/0x4d0 [ 266.380256][ C0] handle_softirqs+0x216/0x8f0 [ 266.385148][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 266.390478][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.396149][ C0] ? rcu_is_watching+0x12/0xc0 [ 266.400953][ C0] ? __pfx_run_ksoftirqd+0x10/0x10 [ 266.406101][ C0] ? smpboot_thread_fn+0x59d/0xa30 [ 266.411252][ C0] run_ksoftirqd+0x3a/0x60 [ 266.415800][ C0] smpboot_thread_fn+0x664/0xa30 [ 266.420892][ C0] ? __kthread_parkme+0x148/0x220 [ 266.425959][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 266.431457][ C0] kthread+0x2c4/0x3a0 [ 266.435567][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 266.440841][ C0] ? __pfx_kthread+0x10/0x10 [ 266.445558][ C0] ret_from_fork+0x48/0x80 [ 266.450030][ C0] ? __pfx_kthread+0x10/0x10 [ 266.454671][ C0] ret_from_fork_asm+0x1a/0x30 [ 266.459493][ C0] [ 266.462541][ C0] [ 266.464877][ C0] The buggy address belongs to the physical page: [ 266.471297][ C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88806517e000 pfn:0x65178 [ 266.481380][ C0] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 266.488591][ C0] page_type: f0(buddy) [ 266.492683][ C0] raw: 00fff00000000000 ffffea00009d2c08 ffffea0001fa8008 0000000000000000 [ 266.501296][ C0] raw: ffff88806517e000 0000000000000003 00000000f0000000 0000000000000000 [ 266.509981][ C0] page dumped because: kasan: bad access detected [ 266.516599][ C0] page_owner tracks the page as freed [ 266.521975][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 7897, tgid 7897 (syz-executor), ts 189869743966, free_ts 265856709971 [ 266.542772][ C0] post_alloc_hook+0x2d1/0x350 [ 266.547687][ C0] get_page_from_freelist+0xfce/0x2f80 [ 266.553181][ C0] __alloc_pages_noprof+0x223/0x25a0 [ 266.558499][ C0] ___kmalloc_large_node+0x84/0x1b0 [ 266.563774][ C0] __kmalloc_large_node_noprof+0x1c/0x70 [ 266.569454][ C0] __kmalloc_node_noprof.cold+0x5/0x5f [ 266.574951][ C0] __kvmalloc_node_noprof+0x6f/0x1a0 [ 266.580336][ C0] bucket_table_alloc.isra.0+0x86/0x460 [ 266.585926][ C0] rhashtable_init_noprof+0x41a/0x7e0 [ 266.591336][ C0] ila_xlat_init_net+0xb5/0x110 [ 266.596453][ C0] ops_init+0x1e2/0x5f0 [ 266.600911][ C0] setup_net+0x21f/0x860 [ 266.605197][ C0] copy_net_ns+0x2b4/0x6b0 [ 266.609662][ C0] create_new_namespaces+0x3ea/0xad0 [ 266.615020][ C0] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 266.620689][ C0] ksys_unshare+0x45d/0xa40 [ 266.625234][ C0] page last free pid 1149 tgid 1149 stack trace: [ 266.631597][ C0] free_unref_page+0x661/0x1080 [ 266.636474][ C0] __folio_put+0x32a/0x450 [ 266.640920][ C0] kvfree+0x47/0x50 [ 266.644751][ C0] rhashtable_free_and_destroy+0x16c/0x990 [ 266.650597][ C0] ila_xlat_exit_net+0x59/0xa0 [ 266.655400][ C0] ops_exit_list+0xb3/0x180 [ 266.659946][ C0] cleanup_net+0x5b7/0xb40 [ 266.664411][ C0] process_one_work+0x9c8/0x1ba0 [ 266.669371][ C0] worker_thread+0x6c8/0xf00 [ 266.673986][ C0] kthread+0x2c4/0x3a0 [ 266.678091][ C0] ret_from_fork+0x48/0x80 [ 266.682532][ C0] ret_from_fork_asm+0x1a/0x30 [ 266.687426][ C0] [ 266.689754][ C0] Memory state around the buggy address: [ 266.695391][ C0] ffff888065177f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 266.703642][ C0] ffff888065177f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 266.711726][ C0] >ffff888065178000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 266.719971][ C0] ^ [ 266.724316][ C0] ffff888065178080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 266.732480][ C0] ffff888065178100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 266.740732][ C0] ================================================================== [ 266.748945][ C0] Disabling lock debugging due to kernel taint [ 266.755140][ C0] ================================================================== [ 266.762414][ T5852] Bluetooth: hci5: command tx timeout [ 266.763193][ C0] BUG: KASAN: use-after-free in __rhashtable_lookup.constprop.0+0x43d/0x550 [ 266.763257][ C0] Read of size 4 at addr ffff888065178000 by task ksoftirqd/0/16 [ 266.763289][ C0] [ 266.763304][ C0] CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Tainted: G B 6.12.0-rc7-syzkaller-00187-gf868cd251776 #0 [ 266.763363][ C0] Tainted: [B]=BAD_PAGE [ 266.763378][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 266.763403][ C0] Call Trace: [ 266.763416][ C0] [ 266.763431][ C0] dump_stack_lvl+0x116/0x1f0 [ 266.763483][ C0] print_report+0xc3/0x620 [ 266.763527][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.763579][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.763629][ C0] ? __phys_addr+0xc6/0x150 [ 266.763683][ C0] kasan_report+0xd9/0x110 [ 266.763726][ C0] ? __rhashtable_lookup.constprop.0+0x43d/0x550 [ 266.763787][ C0] ? __rhashtable_lookup.constprop.0+0x43d/0x550 [ 266.763857][ C0] __rhashtable_lookup.constprop.0+0x43d/0x550 [ 266.763916][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.763966][ C0] ? lock_acquire+0x2f/0xb0 [ 266.764005][ C0] ? ila_nf_input+0x1bd/0x620 [ 266.764060][ C0] ila_nf_input+0x1ee/0x620 [ 266.764113][ C0] ? __pfx_ila_nf_input+0x10/0x10 [ 266.764164][ C0] nf_hook_slow+0xbe/0x200 [ 266.764221][ C0] nf_hook.constprop.0+0x42e/0x750 [ 266.764284][ C0] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 266.764324][ C0] ? __pfx_nf_hook.constprop.0+0x10/0x10 [ 266.764386][ C0] ? sock_wfree+0x46a/0x880 [ 266.764441][ C0] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 266.764486][ C0] ? __pfx_ipv6_rcv+0x10/0x10 [ 266.764551][ C0] ipv6_rcv+0xa4/0x680 [ 266.931911][ C0] ? __pfx_ipv6_rcv+0x10/0x10 [ 266.936641][ C0] __netif_receive_skb_one_core+0x12e/0x1e0 [ 266.942661][ C0] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 266.949114][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.954788][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.960465][ C0] ? trace_lock_acquire+0x14a/0x1d0 [ 266.965703][ C0] ? process_backlog+0x3f1/0x15f0 [ 266.970788][ C0] ? process_backlog+0x3f1/0x15f0 [ 266.975854][ C0] __netif_receive_skb+0x1d/0x160 [ 266.980917][ C0] process_backlog+0x443/0x15f0 [ 266.985801][ C0] __napi_poll.constprop.0+0xba/0x550 [ 266.991211][ C0] net_rx_action+0xa92/0x1010 [ 266.995932][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 267.001070][ C0] ? __switch_to+0x749/0x1180 [ 267.005788][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 267.011462][ C0] ? sched_clock+0x38/0x60 [ 267.016014][ C0] ? sched_clock_cpu+0x6d/0x4d0 [ 267.020910][ C0] handle_softirqs+0x216/0x8f0 [ 267.025712][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 267.031029][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 267.036702][ C0] ? rcu_is_watching+0x12/0xc0 [ 267.041504][ C0] ? __pfx_run_ksoftirqd+0x10/0x10 [ 267.046651][ C0] ? smpboot_thread_fn+0x59d/0xa30 [ 267.051800][ C0] run_ksoftirqd+0x3a/0x60 [ 267.056258][ C0] smpboot_thread_fn+0x664/0xa30 [ 267.061238][ C0] ? __kthread_parkme+0x148/0x220 [ 267.066300][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 267.071800][ C0] kthread+0x2c4/0x3a0 [ 267.075914][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 267.081161][ C0] ? __pfx_kthread+0x10/0x10 [ 267.085785][ C0] ret_from_fork+0x48/0x80 [ 267.090229][ C0] ? __pfx_kthread+0x10/0x10 [ 267.094859][ C0] ret_from_fork_asm+0x1a/0x30 [ 267.099761][ C0] [ 267.102792][ C0] [ 267.105127][ C0] The buggy address belongs to the physical page: [ 267.111540][ C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88806517e000 pfn:0x65178 [ 267.121624][ C0] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 267.128747][ C0] page_type: f0(buddy) [ 267.132838][ C0] raw: 00fff00000000000 ffffea00009d2c08 ffffea0001fa8008 0000000000000000 [ 267.141616][ C0] raw: ffff88806517e000 0000000000000003 00000000f0000000 0000000000000000 [ 267.150211][ C0] page dumped because: kasan: bad access detected [ 267.156630][ C0] page_owner tracks the page as freed [ 267.162004][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 7897, tgid 7897 (syz-executor), ts 189869743966, free_ts 265856709971 [ 267.182712][ C0] post_alloc_hook+0x2d1/0x350 [ 267.187500][ C0] get_page_from_freelist+0xfce/0x2f80 [ 267.192985][ C0] __alloc_pages_noprof+0x223/0x25a0 [ 267.198298][ C0] ___kmalloc_large_node+0x84/0x1b0 [ 267.203536][ C0] __kmalloc_large_node_noprof+0x1c/0x70 [ 267.209209][ C0] __kmalloc_node_noprof.cold+0x5/0x5f [ 267.214700][ C0] __kvmalloc_node_noprof+0x6f/0x1a0 [ 267.220016][ C0] bucket_table_alloc.isra.0+0x86/0x460 [ 267.225593][ C0] rhashtable_init_noprof+0x41a/0x7e0 [ 267.230999][ C0] ila_xlat_init_net+0xb5/0x110 [ 267.235977][ C0] ops_init+0x1e2/0x5f0 [ 267.240189][ C0] setup_net+0x21f/0x860 [ 267.244473][ C0] copy_net_ns+0x2b4/0x6b0 [ 267.248932][ C0] create_new_namespaces+0x3ea/0xad0 [ 267.254257][ C0] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 267.259947][ C0] ksys_unshare+0x45d/0xa40 [ 267.264488][ C0] page last free pid 1149 tgid 1149 stack trace: [ 267.270824][ C0] free_unref_page+0x661/0x1080 [ 267.275698][ C0] __folio_put+0x32a/0x450 [ 267.280165][ C0] kvfree+0x47/0x50 [ 267.283995][ C0] rhashtable_free_and_destroy+0x16c/0x990 [ 267.289842][ C0] ila_xlat_exit_net+0x59/0xa0 [ 267.294646][ C0] ops_exit_list+0xb3/0x180 [ 267.299187][ C0] cleanup_net+0x5b7/0xb40 [ 267.303646][ C0] process_one_work+0x9c8/0x1ba0 [ 267.308605][ C0] worker_thread+0x6c8/0xf00 [ 267.313220][ C0] kthread+0x2c4/0x3a0 [ 267.317324][ C0] ret_from_fork+0x48/0x80 [ 267.321760][ C0] ret_from_fork_asm+0x1a/0x30 [ 267.326594][ C0] [ 267.328920][ C0] Memory state around the buggy address: [ 267.334557][ C0] ffff888065177f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 267.342634][ C0] ffff888065177f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 267.350719][ C0] >ffff888065178000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 267.358974][ C0] ^ [ 267.363049][ C0] ffff888065178080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 267.371158][ C0] ffff888065178100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 267.379230][ C0] ================================================================== [ 267.387405][ C0] ================================================================== [ 267.395483][ C0] BUG: KASAN: use-after-free in __rhashtable_lookup.constprop.0+0x430/0x550 [ 267.404217][ C0] Read of size 4 at addr ffff888065178004 by task ksoftirqd/0/16 [ 267.411954][ C0] [ 267.414301][ C0] CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Tainted: G B 6.12.0-rc7-syzkaller-00187-gf868cd251776 #0 [ 267.426405][ C0] Tainted: [B]=BAD_PAGE [ 267.430567][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 267.440636][ C0] Call Trace: [ 267.443930][ C0] [ 267.446961][ C0] dump_stack_lvl+0x116/0x1f0 [ 267.451661][ C0] print_report+0xc3/0x620 [ 267.456106][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 267.461756][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 267.467403][ C0] ? __phys_addr+0xc6/0x150 [ 267.471950][ C0] kasan_report+0xd9/0x110 [ 267.476374][ C0] ? __rhashtable_lookup.constprop.0+0x430/0x550 [ 267.482726][ C0] ? __rhashtable_lookup.constprop.0+0x430/0x550 [ 267.489078][ C0] __rhashtable_lookup.constprop.0+0x430/0x550 [ 267.495526][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 267.501347][ C0] ? lock_acquire+0x2f/0xb0 [ 267.505886][ C0] ? ila_nf_input+0x1bd/0x620 [ 267.510583][ C0] ila_nf_input+0x1ee/0x620 [ 267.515193][ C0] ? __pfx_ila_nf_input+0x10/0x10 [ 267.520234][ C0] nf_hook_slow+0xbe/0x200 [ 267.524670][ C0] nf_hook.constprop.0+0x42e/0x750 [ 267.529807][ C0] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 267.535010][ C0] ? __pfx_nf_hook.constprop.0+0x10/0x10 [ 267.540845][ C0] ? sock_wfree+0x46a/0x880 [ 267.545381][ C0] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 267.550590][ C0] ? __pfx_ipv6_rcv+0x10/0x10 [ 267.555297][ C0] ipv6_rcv+0xa4/0x680 [ 267.559391][ C0] ? __pfx_ipv6_rcv+0x10/0x10 [ 267.564097][ C0] __netif_receive_skb_one_core+0x12e/0x1e0 [ 267.570180][ C0] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 267.576607][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 267.582257][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 267.587901][ C0] ? trace_lock_acquire+0x14a/0x1d0 [ 267.593116][ C0] ? process_backlog+0x3f1/0x15f0 [ 267.598171][ C0] ? process_backlog+0x3f1/0x15f0 [ 267.603220][ C0] __netif_receive_skb+0x1d/0x160 [ 267.608257][ C0] process_backlog+0x443/0x15f0 [ 267.613122][ C0] __napi_poll.constprop.0+0xba/0x550 [ 267.618510][ C0] net_rx_action+0xa92/0x1010 [ 267.623211][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 267.628358][ C0] ? __switch_to+0x749/0x1180 [ 267.633054][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 267.638710][ C0] ? sched_clock+0x38/0x60 [ 267.643150][ C0] ? sched_clock_cpu+0x6d/0x4d0 [ 267.648020][ C0] handle_softirqs+0x216/0x8f0 [ 267.652800][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 267.658102][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 267.663751][ C0] ? rcu_is_watching+0x12/0xc0 [ 267.668530][ C0] ? __pfx_run_ksoftirqd+0x10/0x10 [ 267.673652][ C0] ? smpboot_thread_fn+0x59d/0xa30 [ 267.678778][ C0] run_ksoftirqd+0x3a/0x60 [ 267.683206][ C0] smpboot_thread_fn+0x664/0xa30 [ 267.688183][ C0] ? __kthread_parkme+0x148/0x220 [ 267.693223][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 267.698697][ C0] kthread+0x2c4/0x3a0 [ 267.702782][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 267.708008][ C0] ? __pfx_kthread+0x10/0x10 [ 267.712616][ C0] ret_from_fork+0x48/0x80 [ 267.717041][ C0] ? __pfx_kthread+0x10/0x10 [ 267.721651][ C0] ret_from_fork_asm+0x1a/0x30 [ 267.726447][ C0] [ 267.729463][ C0] [ 267.731778][ C0] The buggy address belongs to the physical page: [ 267.738177][ C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88806517e000 pfn:0x65178 [ 267.748244][ C0] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 267.755608][ C0] page_type: f0(buddy) [ 267.759690][ C0] raw: 00fff00000000000 ffffea00009d2c08 ffffea0001fa8008 0000000000000000 [ 267.768279][ C0] raw: ffff88806517e000 0000000000000003 00000000f0000000 0000000000000000 [ 267.776856][ C0] page dumped because: kasan: bad access detected [ 267.783261][ C0] page_owner tracks the page as freed [ 267.788617][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 7897, tgid 7897 (syz-executor), ts 189869743966, free_ts 265856709971 [ 267.809042][ C0] post_alloc_hook+0x2d1/0x350 [ 267.813818][ C0] get_page_from_freelist+0xfce/0x2f80 [ 267.819298][ C0] __alloc_pages_noprof+0x223/0x25a0 [ 267.824608][ C0] ___kmalloc_large_node+0x84/0x1b0 [ 267.829892][ C0] __kmalloc_large_node_noprof+0x1c/0x70 [ 267.835543][ C0] __kmalloc_node_noprof.cold+0x5/0x5f [ 267.841018][ C0] __kvmalloc_node_noprof+0x6f/0x1a0 [ 267.846313][ C0] bucket_table_alloc.isra.0+0x86/0x460 [ 267.851873][ C0] rhashtable_init_noprof+0x41a/0x7e0 [ 267.857258][ C0] ila_xlat_init_net+0xb5/0x110 [ 267.862127][ C0] ops_init+0x1e2/0x5f0 [ 267.866300][ C0] setup_net+0x21f/0x860 [ 267.870558][ C0] copy_net_ns+0x2b4/0x6b0 [ 267.874998][ C0] create_new_namespaces+0x3ea/0xad0 [ 267.880299][ C0] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 267.886032][ C0] ksys_unshare+0x45d/0xa40 [ 267.890572][ C0] page last free pid 1149 tgid 1149 stack trace: [ 267.896890][ C0] free_unref_page+0x661/0x1080 [ 267.901750][ C0] __folio_put+0x32a/0x450 [ 267.906176][ C0] kvfree+0x47/0x50 [ 267.909987][ C0] rhashtable_free_and_destroy+0x16c/0x990 [ 267.915811][ C0] ila_xlat_exit_net+0x59/0xa0 [ 267.920591][ C0] ops_exit_list+0xb3/0x180 [ 267.925114][ C0] cleanup_net+0x5b7/0xb40 [ 267.929550][ C0] process_one_work+0x9c8/0x1ba0 [ 267.934491][ C0] worker_thread+0x6c8/0xf00 [ 267.939346][ C0] kthread+0x2c4/0x3a0 [ 267.943427][ C0] ret_from_fork+0x48/0x80 [ 267.947865][ C0] ret_from_fork_asm+0x1a/0x30 [ 267.952657][ C0] [ 267.954973][ C0] Memory state around the buggy address: [ 267.960595][ C0] ffff888065177f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 267.968831][ C0] ffff888065177f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 267.976897][ C0] >ffff888065178000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 267.984952][ C0] ^ [ 267.989014][ C0] ffff888065178080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 267.997076][ C0] ffff888065178100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 268.005133][ C0] ================================================================== [ 268.013245][ C1] ================================================================== [ 268.021328][ C1] BUG: KASAN: use-after-free in __rhashtable_lookup.constprop.0+0x426/0x550 [ 268.030030][ C1] Read of size 4 at addr ffff888065178008 by task kworker/u8:5/1083 [ 268.038012][ C1] [ 268.040334][ C1] CPU: 1 UID: 0 PID: 1083 Comm: kworker/u8:5 Tainted: G B 6.12.0-rc7-syzkaller-00187-gf868cd251776 #0 [ 268.052675][ C1] Tainted: [B]=BAD_PAGE [ 268.056820][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 268.066875][ C1] Workqueue: events_unbound toggle_allocation_gate [ 268.073390][ C1] Call Trace: [ 268.076752][ C1] [ 268.079615][ C1] dump_stack_lvl+0x116/0x1f0 [ 268.084308][ C1] print_report+0xc3/0x620 [ 268.088735][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 268.094380][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 268.100024][ C1] ? __phys_addr+0xc6/0x150 [ 268.104653][ C1] kasan_report+0xd9/0x110 [ 268.109109][ C1] ? __rhashtable_lookup.constprop.0+0x426/0x550 [ 268.115460][ C1] ? __rhashtable_lookup.constprop.0+0x426/0x550 [ 268.121809][ C1] __rhashtable_lookup.constprop.0+0x426/0x550 [ 268.127981][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 268.133626][ C1] ? lock_acquire+0x2f/0xb0 [ 268.138138][ C1] ? ila_nf_input+0x1bd/0x620 [ 268.142834][ C1] ila_nf_input+0x1ee/0x620 [ 268.147353][ C1] ? __pfx_ila_nf_input+0x10/0x10 [ 268.152414][ C1] nf_hook_slow+0xbe/0x200 [ 268.156856][ C1] nf_hook.constprop.0+0x42e/0x750 [ 268.161994][ C1] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 268.167199][ C1] ? __pfx_nf_hook.constprop.0+0x10/0x10 [ 268.172875][ C1] ? sock_wfree+0x46a/0x880 [ 268.177397][ C1] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 268.182603][ C1] ? __pfx_ipv6_rcv+0x10/0x10 [ 268.187302][ C1] ipv6_rcv+0xa4/0x680 [ 268.191396][ C1] ? __pfx_ipv6_rcv+0x10/0x10 [ 268.196101][ C1] __netif_receive_skb_one_core+0x12e/0x1e0 [ 268.202014][ C1] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 268.208438][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 268.214110][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 268.219758][ C1] ? trace_lock_acquire+0x14a/0x1d0 [ 268.224977][ C1] ? process_backlog+0x3f1/0x15f0 [ 268.230015][ C1] ? process_backlog+0x3f1/0x15f0 [ 268.235222][ C1] __netif_receive_skb+0x1d/0x160 [ 268.240274][ C1] process_backlog+0x443/0x15f0 [ 268.245239][ C1] __napi_poll.constprop.0+0xba/0x550 [ 268.250628][ C1] net_rx_action+0xa92/0x1010 [ 268.255324][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 268.260445][ C1] ? __entry_text_end+0x1020c5/0x1020c9 [ 268.266005][ C1] ? lock_acquire+0x2f/0xb0 [ 268.270512][ C1] ? ktime_get+0xd9/0x1a0 [ 268.274861][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 268.280508][ C1] ? sched_clock+0x38/0x60 [ 268.284949][ C1] ? sched_clock_cpu+0x6d/0x4d0 [ 268.289822][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 268.295468][ C1] ? rcu_is_watching+0x12/0xc0 [ 268.300251][ C1] handle_softirqs+0x216/0x8f0 [ 268.305038][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 268.310339][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 268.315989][ C1] irq_exit_rcu+0xbb/0x120 [ 268.320417][ C1] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 268.326061][ C1] [ 268.328992][ C1] [ 268.331920][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 268.337919][ C1] RIP: 0010:smp_call_function_many_cond+0x45d/0x1300 [ 268.344607][ C1] Code: 4d 48 b8 00 00 00 00 00 fc ff df 4d 89 f4 4c 89 f5 49 c1 ec 03 83 e5 07 49 01 c4 83 c5 03 e8 8a 1b 0c 00 f3 90 41 0f b6 04 24 <40> 38 c5 7c 08 84 c0 0f 85 a4 0c 00 00 8b 43 08 31 ff 83 e0 01 41 [ 268.364231][ C1] RSP: 0018:ffffc90003fc7998 EFLAGS: 00000293 [ 268.370305][ C1] RAX: 0000000000000000 RBX: ffff8880b8646940 RCX: ffffffff81815eec [ 268.378278][ C1] RDX: ffff8880274b8000 RSI: ffffffff81815ec6 RDI: 0000000000000005 [ 268.386249][ C1] RBP: 0000000000000003 R08: 0000000000000005 R09: 0000000000000000 [ 268.394220][ C1] R10: 0000000000000001 R11: 0000000000000000 R12: ffffed10170c8d29 [ 268.402193][ C1] R13: 0000000000000001 R14: ffff8880b8646948 R15: ffff8880b8740140 [ 268.410173][ C1] ? smp_call_function_many_cond+0x47c/0x1300 [ 268.416254][ C1] ? smp_call_function_many_cond+0x456/0x1300 [ 268.422419][ C1] ? smp_call_function_many_cond+0x456/0x1300 [ 268.428497][ C1] ? __pfx_do_sync_core+0x10/0x10 [ 268.433538][ C1] ? __pfx_do_sync_core+0x10/0x10 [ 268.438577][ C1] on_each_cpu_cond_mask+0x40/0x90 [ 268.443701][ C1] text_poke_bp_batch+0x561/0x760 [ 268.448748][ C1] ? __kmalloc_node_track_caller_noprof+0xe5/0x430 [ 268.455266][ C1] ? __pfx_text_poke_bp_batch+0x10/0x10 [ 268.460831][ C1] ? __jump_label_patch+0x1db/0x400 [ 268.466048][ C1] ? srso_alias_return_thunk+0xc1/0xfbef5 [ 268.471876][ C1] ? arch_jump_label_transform_queue+0xc0/0x120 [ 268.478144][ C1] text_poke_finish+0x30/0x40 [ 268.482836][ C1] arch_jump_label_transform_apply+0x1c/0x30 [ 268.488838][ C1] jump_label_update+0x1d7/0x400 [ 268.493798][ C1] static_key_enable_cpuslocked+0x1b7/0x270 [ 268.499732][ C1] static_key_enable+0x1a/0x20 [ 268.504519][ C1] toggle_allocation_gate+0xfc/0x260 [ 268.509813][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 268.515476][ C1] ? __pfx_toggle_allocation_gate+0x10/0x10 [ 268.521383][ C1] ? trace_lock_acquire+0x14a/0x1d0 [ 268.526603][ C1] ? process_one_work+0x921/0x1ba0 [ 268.531724][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 268.537474][ C1] ? lock_acquire+0x2f/0xb0 [ 268.541983][ C1] ? process_one_work+0x921/0x1ba0 [ 268.547102][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 268.552954][ C1] process_one_work+0x9c8/0x1ba0 [ 268.557915][ C1] ? __pfx_batadv_nc_worker+0x10/0x10 [ 268.563316][ C1] ? __pfx_process_one_work+0x10/0x10 [ 268.568697][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 268.574349][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 268.579994][ C1] ? assign_work+0x1a0/0x250 [ 268.584649][ C1] worker_thread+0x6c8/0xf00 [ 268.589276][ C1] ? __pfx_worker_thread+0x10/0x10 [ 268.594397][ C1] kthread+0x2c4/0x3a0 [ 268.598487][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 268.603739][ C1] ? __pfx_kthread+0x10/0x10 [ 268.608367][ C1] ret_from_fork+0x48/0x80 [ 268.612884][ C1] ? __pfx_kthread+0x10/0x10 [ 268.617780][ C1] ret_from_fork_asm+0x1a/0x30 [ 268.622590][ C1] [ 268.625618][ C1] [ 268.628125][ C1] The buggy address belongs to the physical page: [ 268.634532][ C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88806517e000 pfn:0x65178 [ 268.644616][ C1] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 268.651824][ C1] page_type: f0(buddy) [ 268.655921][ C1] raw: 00fff00000000000 ffffea00009d2c08 ffffea0001fa8008 0000000000000000 [ 268.664521][ C1] raw: ffff88806517e000 0000000000000003 00000000f0000000 0000000000000000 [ 268.673191][ C1] page dumped because: kasan: bad access detected [ 268.679714][ C1] page_owner tracks the page as freed [ 268.685079][ C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 7897, tgid 7897 (syz-executor), ts 189869743966, free_ts 265856709971 [ 268.705593][ C1] post_alloc_hook+0x2d1/0x350 [ 268.710372][ C1] get_page_from_freelist+0xfce/0x2f80 [ 268.715878][ C1] __alloc_pages_noprof+0x223/0x25a0 [ 268.721184][ C1] ___kmalloc_large_node+0x84/0x1b0 [ 268.726413][ C1] __kmalloc_large_node_noprof+0x1c/0x70 [ 268.732157][ C1] __kmalloc_node_noprof.cold+0x5/0x5f [ 268.737636][ C1] __kvmalloc_node_noprof+0x6f/0x1a0 [ 268.742931][ C1] bucket_table_alloc.isra.0+0x86/0x460 [ 268.748511][ C1] rhashtable_init_noprof+0x41a/0x7e0 [ 268.753899][ C1] ila_xlat_init_net+0xb5/0x110 [ 268.758857][ C1] ops_init+0x1e2/0x5f0 [ 268.763033][ C1] setup_net+0x21f/0x860 [ 268.767295][ C1] copy_net_ns+0x2b4/0x6b0 [ 268.771822][ C1] create_new_namespaces+0x3ea/0xad0 [ 268.777129][ C1] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 268.782869][ C1] ksys_unshare+0x45d/0xa40 [ 268.787397][ C1] page last free pid 1149 tgid 1149 stack trace: [ 268.793724][ C1] free_unref_page+0x661/0x1080 [ 268.798616][ C1] __folio_put+0x32a/0x450 [ 268.803045][ C1] kvfree+0x47/0x50 [ 268.806859][ C1] rhashtable_free_and_destroy+0x16c/0x990 [ 268.812684][ C1] ila_xlat_exit_net+0x59/0xa0 [ 268.817467][ C1] ops_exit_list+0xb3/0x180 [ 268.821990][ C1] cleanup_net+0x5b7/0xb40 [ 268.826512][ C1] process_one_work+0x9c8/0x1ba0 [ 268.831460][ C1] worker_thread+0x6c8/0xf00 [ 268.836061][ C1] kthread+0x2c4/0x3a0 [ 268.840148][ C1] ret_from_fork+0x48/0x80 [ 268.844568][ C1] ret_from_fork_asm+0x1a/0x30 [ 268.849552][ C1] [ 268.851881][ C1] Memory state around the buggy address: [ 268.857525][ C1] ffff888065177f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 268.865593][ C1] ffff888065177f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 268.873655][ C1] >ffff888065178000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 268.882250][ C1] ^ [ 268.886572][ C1] ffff888065178080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 268.894632][ C1] ffff888065178100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 268.902687][ C1] ================================================================== [ 268.910785][ C0] ================================================================== [ 268.910799][ C1] vkms_vblank_simulate: vblank timer overrun [ 268.924830][ C0] BUG: KASAN: use-after-free in __rhashtable_lookup.constprop.0+0x516/0x550 [ 268.933535][ C0] Read of size 8 at addr ffff88806517af40 by task ksoftirqd/0/16 [ 268.941250][ C0] [ 268.943575][ C0] CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Tainted: G B 6.12.0-rc7-syzkaller-00187-gf868cd251776 #0 [ 268.955664][ C0] Tainted: [B]=BAD_PAGE [ 268.959811][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 268.969875][ C0] Call Trace: [ 268.973151][ C0] [ 268.976109][ C0] dump_stack_lvl+0x116/0x1f0 [ 268.980805][ C0] print_report+0xc3/0x620 [ 268.985232][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 268.990880][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 268.996611][ C0] ? __phys_addr+0xc6/0x150 [ 269.001136][ C0] kasan_report+0xd9/0x110 [ 269.005565][ C0] ? __rhashtable_lookup.constprop.0+0x516/0x550 [ 269.011915][ C0] ? __rhashtable_lookup.constprop.0+0x516/0x550 [ 269.018268][ C0] __rhashtable_lookup.constprop.0+0x516/0x550 [ 269.024439][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.030093][ C0] ? lock_acquire+0x2f/0xb0 [ 269.034607][ C0] ila_nf_input+0x1ee/0x620 [ 269.039128][ C0] ? __pfx_ila_nf_input+0x10/0x10 [ 269.044170][ C0] nf_hook_slow+0xbe/0x200 [ 269.048607][ C0] nf_hook.constprop.0+0x42e/0x750 [ 269.053746][ C0] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 269.058951][ C0] ? __pfx_nf_hook.constprop.0+0x10/0x10 [ 269.064607][ C0] ? sock_wfree+0x46a/0x880 [ 269.069128][ C0] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 269.074335][ C0] ? __pfx_ipv6_rcv+0x10/0x10 [ 269.079041][ C0] ipv6_rcv+0xa4/0x680 [ 269.083246][ C0] ? __pfx_ipv6_rcv+0x10/0x10 [ 269.087963][ C0] __netif_receive_skb_one_core+0x12e/0x1e0 [ 269.093876][ C0] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 269.100478][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.106129][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.111777][ C0] ? trace_lock_acquire+0x14a/0x1d0 [ 269.117011][ C0] ? process_backlog+0x3f1/0x15f0 [ 269.122048][ C0] ? process_backlog+0x3f1/0x15f0 [ 269.127196][ C0] __netif_receive_skb+0x1d/0x160 [ 269.132235][ C0] process_backlog+0x443/0x15f0 [ 269.137130][ C0] __napi_poll.constprop.0+0xba/0x550 [ 269.142563][ C0] net_rx_action+0xa92/0x1010 [ 269.147277][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 269.152427][ C0] ? __switch_to+0x749/0x1180 [ 269.157243][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.162899][ C0] ? sched_clock+0x38/0x60 [ 269.167339][ C0] ? sched_clock_cpu+0x6d/0x4d0 [ 269.172234][ C0] handle_softirqs+0x216/0x8f0 [ 269.177017][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 269.182320][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.187999][ C0] ? rcu_is_watching+0x12/0xc0 [ 269.192803][ C0] ? __pfx_run_ksoftirqd+0x10/0x10 [ 269.197929][ C0] ? smpboot_thread_fn+0x59d/0xa30 [ 269.203060][ C0] run_ksoftirqd+0x3a/0x60 [ 269.207494][ C0] smpboot_thread_fn+0x664/0xa30 [ 269.212450][ C0] ? __kthread_parkme+0x148/0x220 [ 269.217495][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 269.222977][ C0] kthread+0x2c4/0x3a0 [ 269.227094][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 269.232324][ C0] ? __pfx_kthread+0x10/0x10 [ 269.236935][ C0] ret_from_fork+0x48/0x80 [ 269.241362][ C0] ? __pfx_kthread+0x10/0x10 [ 269.246235][ C0] ret_from_fork_asm+0x1a/0x30 [ 269.251033][ C0] [ 269.254050][ C0] [ 269.256368][ C0] The buggy address belongs to the physical page: [ 269.262794][ C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6517a [ 269.271559][ C0] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 269.278683][ C0] raw: 00fff00000000000 0000000000000000 ffffea0001945e90 0000000000000000 [ 269.287275][ C0] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 269.295856][ C0] page dumped because: kasan: bad access detected [ 269.302261][ C0] page_owner tracks the page as freed [ 269.307709][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 7897, tgid 7897 (syz-executor), ts 189869743966, free_ts 265856709971 [ 269.328230][ C0] post_alloc_hook+0x2d1/0x350 [ 269.333096][ C0] get_page_from_freelist+0xfce/0x2f80 [ 269.338568][ C0] __alloc_pages_noprof+0x223/0x25a0 [ 269.343910][ C0] ___kmalloc_large_node+0x84/0x1b0 [ 269.349128][ C0] __kmalloc_large_node_noprof+0x1c/0x70 [ 269.354782][ C0] __kmalloc_node_noprof.cold+0x5/0x5f [ 269.360258][ C0] __kvmalloc_node_noprof+0x6f/0x1a0 [ 269.365551][ C0] bucket_table_alloc.isra.0+0x86/0x460 [ 269.371116][ C0] rhashtable_init_noprof+0x41a/0x7e0 [ 269.376505][ C0] ila_xlat_init_net+0xb5/0x110 [ 269.381374][ C0] ops_init+0x1e2/0x5f0 [ 269.385548][ C0] setup_net+0x21f/0x860 [ 269.389914][ C0] copy_net_ns+0x2b4/0x6b0 [ 269.394354][ C0] create_new_namespaces+0x3ea/0xad0 [ 269.399652][ C0] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 269.405299][ C0] ksys_unshare+0x45d/0xa40 [ 269.409824][ C0] page last free pid 1149 tgid 1149 stack trace: [ 269.416147][ C0] free_unref_page+0x661/0x1080 [ 269.421096][ C0] __folio_put+0x32a/0x450 [ 269.425520][ C0] kvfree+0x47/0x50 [ 269.429329][ C0] rhashtable_free_and_destroy+0x16c/0x990 [ 269.435157][ C0] ila_xlat_exit_net+0x59/0xa0 [ 269.440635][ C0] ops_exit_list+0xb3/0x180 [ 269.445763][ C0] cleanup_net+0x5b7/0xb40 [ 269.450206][ C0] process_one_work+0x9c8/0x1ba0 [ 269.455149][ C0] worker_thread+0x6c8/0xf00 [ 269.459747][ C0] kthread+0x2c4/0x3a0 [ 269.463830][ C0] ret_from_fork+0x48/0x80 [ 269.468255][ C0] ret_from_fork_asm+0x1a/0x30 [ 269.473043][ C0] [ 269.475362][ C0] Memory state around the buggy address: [ 269.480988][ C0] ffff88806517ae00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 269.489071][ C0] ffff88806517ae80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 269.497146][ C0] >ffff88806517af00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 269.505636][ C0] ^ [ 269.511890][ C0] ffff88806517af80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 269.519969][ C0] ffff88806517b000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 269.528027][ C0] ================================================================== [ 269.536115][ C1] ================================================================== [ 269.544240][ C1] BUG: KASAN: use-after-free in __rhashtable_lookup.constprop.0+0x43d/0x550 [ 269.552943][ C1] Read of size 4 at addr ffff888065178000 by task kworker/u8:5/1083 [ 269.560926][ C1] [ 269.563249][ C1] CPU: 1 UID: 0 PID: 1083 Comm: kworker/u8:5 Tainted: G B 6.12.0-rc7-syzkaller-00187-gf868cd251776 #0 [ 269.575606][ C1] Tainted: [B]=BAD_PAGE [ 269.579773][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 269.589839][ C1] Workqueue: events_unbound toggle_allocation_gate [ 269.596383][ C1] Call Trace: [ 269.599678][ C1] [ 269.602523][ C1] dump_stack_lvl+0x116/0x1f0 [ 269.607224][ C1] print_report+0xc3/0x620 [ 269.611672][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.617324][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.622984][ C1] ? __phys_addr+0xc6/0x150 [ 269.627524][ C1] kasan_report+0xd9/0x110 [ 269.631955][ C1] ? __rhashtable_lookup.constprop.0+0x43d/0x550 [ 269.638656][ C1] ? __rhashtable_lookup.constprop.0+0x43d/0x550 [ 269.645013][ C1] __rhashtable_lookup.constprop.0+0x43d/0x550 [ 269.651209][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.656864][ C1] ? lock_acquire+0x2f/0xb0 [ 269.661374][ C1] ? ila_nf_input+0x1bd/0x620 [ 269.666072][ C1] ila_nf_input+0x1ee/0x620 [ 269.670771][ C1] ? __pfx_ila_nf_input+0x10/0x10 [ 269.676002][ C1] nf_hook_slow+0xbe/0x200 [ 269.680439][ C1] nf_hook.constprop.0+0x42e/0x750 [ 269.685575][ C1] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 269.690796][ C1] ? __pfx_nf_hook.constprop.0+0x10/0x10 [ 269.696631][ C1] ? sock_wfree+0x46a/0x880 [ 269.701156][ C1] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 269.706394][ C1] ? __pfx_ipv6_rcv+0x10/0x10 [ 269.711191][ C1] ipv6_rcv+0xa4/0x680 [ 269.715373][ C1] ? __pfx_ipv6_rcv+0x10/0x10 [ 269.720074][ C1] __netif_receive_skb_one_core+0x12e/0x1e0 [ 269.726003][ C1] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 269.732427][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.738074][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.743829][ C1] ? trace_lock_acquire+0x14a/0x1d0 [ 269.749048][ C1] ? process_backlog+0x3f1/0x15f0 [ 269.754092][ C1] ? process_backlog+0x3f1/0x15f0 [ 269.759304][ C1] __netif_receive_skb+0x1d/0x160 [ 269.764342][ C1] process_backlog+0x443/0x15f0 [ 269.769209][ C1] __napi_poll.constprop.0+0xba/0x550 [ 269.774615][ C1] net_rx_action+0xa92/0x1010 [ 269.779308][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 269.784430][ C1] ? __entry_text_end+0x1020c5/0x1020c9 [ 269.789992][ C1] ? lock_acquire+0x2f/0xb0 [ 269.794499][ C1] ? ktime_get+0xd9/0x1a0 [ 269.798852][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.804508][ C1] ? sched_clock+0x38/0x60 [ 269.808964][ C1] ? sched_clock_cpu+0x6d/0x4d0 [ 269.813919][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.819589][ C1] ? rcu_is_watching+0x12/0xc0 [ 269.824370][ C1] handle_softirqs+0x216/0x8f0 [ 269.829150][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 269.834449][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.840102][ C1] irq_exit_rcu+0xbb/0x120 [ 269.844532][ C1] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 269.850171][ C1] [ 269.853106][ C1] [ 269.856032][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 269.862044][ C1] RIP: 0010:smp_call_function_many_cond+0x45d/0x1300 [ 269.868736][ C1] Code: 4d 48 b8 00 00 00 00 00 fc ff df 4d 89 f4 4c 89 f5 49 c1 ec 03 83 e5 07 49 01 c4 83 c5 03 e8 8a 1b 0c 00 f3 90 41 0f b6 04 24 <40> 38 c5 7c 08 84 c0 0f 85 a4 0c 00 00 8b 43 08 31 ff 83 e0 01 41 [ 269.888349][ C1] RSP: 0018:ffffc90003fc7998 EFLAGS: 00000293 [ 269.894440][ C1] RAX: 0000000000000000 RBX: ffff8880b8646940 RCX: ffffffff81815eec [ 269.902415][ C1] RDX: ffff8880274b8000 RSI: ffffffff81815ec6 RDI: 0000000000000005 [ 269.910389][ C1] RBP: 0000000000000003 R08: 0000000000000005 R09: 0000000000000000 [ 269.918361][ C1] R10: 0000000000000001 R11: 0000000000000000 R12: ffffed10170c8d29 [ 269.926335][ C1] R13: 0000000000000001 R14: ffff8880b8646948 R15: ffff8880b8740140 [ 269.934315][ C1] ? smp_call_function_many_cond+0x47c/0x1300 [ 269.940393][ C1] ? smp_call_function_many_cond+0x456/0x1300 [ 269.946474][ C1] ? smp_call_function_many_cond+0x456/0x1300 [ 269.952551][ C1] ? __pfx_do_sync_core+0x10/0x10 [ 269.957598][ C1] ? __pfx_do_sync_core+0x10/0x10 [ 269.962641][ C1] on_each_cpu_cond_mask+0x40/0x90 [ 269.967765][ C1] text_poke_bp_batch+0x561/0x760 [ 269.972813][ C1] ? __kmalloc_node_track_caller_noprof+0xe5/0x430 [ 269.979330][ C1] ? __pfx_text_poke_bp_batch+0x10/0x10 [ 269.984895][ C1] ? __jump_label_patch+0x1db/0x400 [ 269.990147][ C1] ? srso_alias_return_thunk+0xc1/0xfbef5 [ 269.995973][ C1] ? arch_jump_label_transform_queue+0xc0/0x120 [ 270.002243][ C1] text_poke_finish+0x30/0x40 [ 270.006942][ C1] arch_jump_label_transform_apply+0x1c/0x30 [ 270.012946][ C1] jump_label_update+0x1d7/0x400 [ 270.017909][ C1] static_key_enable_cpuslocked+0x1b7/0x270 [ 270.023832][ C1] static_key_enable+0x1a/0x20 [ 270.028622][ C1] toggle_allocation_gate+0xfc/0x260 [ 270.033921][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 270.039573][ C1] ? __pfx_toggle_allocation_gate+0x10/0x10 [ 270.045496][ C1] ? trace_lock_acquire+0x14a/0x1d0 [ 270.050898][ C1] ? process_one_work+0x921/0x1ba0 [ 270.056023][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 270.061671][ C1] ? lock_acquire+0x2f/0xb0 [ 270.066183][ C1] ? process_one_work+0x921/0x1ba0 [ 270.071303][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 270.076956][ C1] process_one_work+0x9c8/0x1ba0 [ 270.081910][ C1] ? __pfx_batadv_nc_worker+0x10/0x10 [ 270.087309][ C1] ? __pfx_process_one_work+0x10/0x10 [ 270.092692][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 270.098344][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 270.104012][ C1] ? assign_work+0x1a0/0x250 [ 270.108629][ C1] worker_thread+0x6c8/0xf00 [ 270.113236][ C1] ? __pfx_worker_thread+0x10/0x10 [ 270.118440][ C1] kthread+0x2c4/0x3a0 [ 270.122525][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 270.127754][ C1] ? __pfx_kthread+0x10/0x10 [ 270.132360][ C1] ret_from_fork+0x48/0x80 [ 270.136782][ C1] ? __pfx_kthread+0x10/0x10 [ 270.141479][ C1] ret_from_fork_asm+0x1a/0x30 [ 270.146362][ C1] [ 270.149387][ C1] [ 270.151721][ C1] The buggy address belongs to the physical page: [ 270.158124][ C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88806517e000 pfn:0x65178 [ 270.168646][ C1] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 270.175761][ C1] page_type: f0(buddy) [ 270.179835][ C1] raw: 00fff00000000000 ffffea00009d2c08 ffffea0001fa8008 0000000000000000 [ 270.188423][ C1] raw: ffff88806517e000 0000000000000003 00000000f0000000 0000000000000000 [ 270.197017][ C1] page dumped because: kasan: bad access detected [ 270.203420][ C1] page_owner tracks the page as freed [ 270.208870][ C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 7897, tgid 7897 (syz-executor), ts 189869743966, free_ts 265856709971 [ 270.229552][ C1] post_alloc_hook+0x2d1/0x350 [ 270.234322][ C1] get_page_from_freelist+0xfce/0x2f80 [ 270.239794][ C1] __alloc_pages_noprof+0x223/0x25a0 [ 270.245087][ C1] ___kmalloc_large_node+0x84/0x1b0 [ 270.250397][ C1] __kmalloc_large_node_noprof+0x1c/0x70 [ 270.256051][ C1] __kmalloc_node_noprof.cold+0x5/0x5f [ 270.261545][ C1] __kvmalloc_node_noprof+0x6f/0x1a0 [ 270.266853][ C1] bucket_table_alloc.isra.0+0x86/0x460 [ 270.272417][ C1] rhashtable_init_noprof+0x41a/0x7e0 [ 270.277804][ C1] ila_xlat_init_net+0xb5/0x110 [ 270.282670][ C1] ops_init+0x1e2/0x5f0 [ 270.286842][ C1] setup_net+0x21f/0x860 [ 270.291105][ C1] copy_net_ns+0x2b4/0x6b0 [ 270.295542][ C1] create_new_namespaces+0x3ea/0xad0 [ 270.300842][ C1] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 270.306485][ C1] ksys_unshare+0x45d/0xa40 [ 270.311010][ C1] page last free pid 1149 tgid 1149 stack trace: [ 270.317332][ C1] free_unref_page+0x661/0x1080 [ 270.322187][ C1] __folio_put+0x32a/0x450 [ 270.326608][ C1] kvfree+0x47/0x50 [ 270.330415][ C1] rhashtable_free_and_destroy+0x16c/0x990 [ 270.336239][ C1] ila_xlat_exit_net+0x59/0xa0 [ 270.341017][ C1] ops_exit_list+0xb3/0x180 [ 270.345697][ C1] cleanup_net+0x5b7/0xb40 [ 270.350134][ C1] process_one_work+0x9c8/0x1ba0 [ 270.355074][ C1] worker_thread+0x6c8/0xf00 [ 270.359668][ C1] kthread+0x2c4/0x3a0 [ 270.363751][ C1] ret_from_fork+0x48/0x80 [ 270.368175][ C1] ret_from_fork_asm+0x1a/0x30 [ 270.373060][ C1] [ 270.375372][ C1] Memory state around the buggy address: [ 270.380997][ C1] ffff888065177f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 270.389057][ C1] ffff888065177f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 270.397121][ C1] >ffff888065178000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 270.405179][ C1] ^ [ 270.409251][ C1] ffff888065178080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 270.417314][ C1] ffff888065178100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 270.425373][ C1] ================================================================== [ 270.433493][ C0] ================================================================== [ 270.433505][ C1] vkms_vblank_simulate: vblank timer overrun [ 270.447629][ C0] BUG: KASAN: use-after-free in __rhashtable_lookup.constprop.0+0x548/0x550 [ 270.456507][ C0] Read of size 8 at addr ffff888065178030 by task ksoftirqd/0/16 [ 270.464248][ C0] [ 270.466573][ C0] CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Tainted: G B 6.12.0-rc7-syzkaller-00187-gf868cd251776 #0 [ 270.478656][ C0] Tainted: [B]=BAD_PAGE [ 270.482803][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 270.492965][ C0] Call Trace: [ 270.496241][ C0] [ 270.499173][ C0] dump_stack_lvl+0x116/0x1f0 [ 270.503871][ C0] print_report+0xc3/0x620 [ 270.508296][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 270.513943][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 270.519679][ C0] ? __phys_addr+0xc6/0x150 [ 270.524207][ C0] kasan_report+0xd9/0x110 [ 270.528636][ C0] ? __rhashtable_lookup.constprop.0+0x548/0x550 [ 270.534986][ C0] ? __rhashtable_lookup.constprop.0+0x548/0x550 [ 270.541337][ C0] __rhashtable_lookup.constprop.0+0x548/0x550 [ 270.547510][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 270.553158][ C0] ? lock_acquire+0x2f/0xb0 [ 270.557762][ C0] ila_nf_input+0x1ee/0x620 [ 270.562282][ C0] ? __pfx_ila_nf_input+0x10/0x10 [ 270.567409][ C0] nf_hook_slow+0xbe/0x200 [ 270.571856][ C0] nf_hook.constprop.0+0x42e/0x750 [ 270.576999][ C0] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 270.582216][ C0] ? __pfx_nf_hook.constprop.0+0x10/0x10 [ 270.587888][ C0] ? sock_wfree+0x46a/0x880 [ 270.592411][ C0] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 270.597620][ C0] ? __pfx_ipv6_rcv+0x10/0x10 [ 270.602320][ C0] ipv6_rcv+0xa4/0x680 [ 270.606416][ C0] ? __pfx_ipv6_rcv+0x10/0x10 [ 270.611118][ C0] __netif_receive_skb_one_core+0x12e/0x1e0 [ 270.617027][ C0] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 270.623540][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 270.629191][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 270.634943][ C0] ? trace_lock_acquire+0x14a/0x1d0 [ 270.640161][ C0] ? process_backlog+0x3f1/0x15f0 [ 270.645225][ C0] ? process_backlog+0x3f1/0x15f0 [ 270.650281][ C0] __netif_receive_skb+0x1d/0x160 [ 270.655319][ C0] process_backlog+0x443/0x15f0 [ 270.660184][ C0] __napi_poll.constprop.0+0xba/0x550 [ 270.665569][ C0] net_rx_action+0xa92/0x1010 [ 270.670262][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 270.675382][ C0] ? __switch_to+0x749/0x1180 [ 270.680080][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 270.685727][ C0] ? sched_clock+0x38/0x60 [ 270.690163][ C0] ? sched_clock_cpu+0x6d/0x4d0 [ 270.695030][ C0] handle_softirqs+0x216/0x8f0 [ 270.699895][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 270.705280][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 270.710925][ C0] ? rcu_is_watching+0x12/0xc0 [ 270.715704][ C0] ? __pfx_run_ksoftirqd+0x10/0x10 [ 270.720828][ C0] ? smpboot_thread_fn+0x59d/0xa30 [ 270.725959][ C0] run_ksoftirqd+0x3a/0x60 [ 270.730386][ C0] smpboot_thread_fn+0x664/0xa30 [ 270.735340][ C0] ? __kthread_parkme+0x148/0x220 [ 270.740382][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 270.745863][ C0] kthread+0x2c4/0x3a0 [ 270.749947][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 270.755173][ C0] ? __pfx_kthread+0x10/0x10 [ 270.759779][ C0] ret_from_fork+0x48/0x80 [ 270.764201][ C0] ? __pfx_kthread+0x10/0x10 [ 270.768917][ C0] ret_from_fork_asm+0x1a/0x30 [ 270.773710][ C0] [ 270.776724][ C0] [ 270.779039][ C0] The buggy address belongs to the physical page: [ 270.785440][ C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88806517e000 pfn:0x65178 [ 270.795590][ C0] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 270.802696][ C0] page_type: f0(buddy) [ 270.806769][ C0] raw: 00fff00000000000 ffffea00009d2c08 ffffea0001fa8008 0000000000000000 [ 270.815357][ C0] raw: ffff88806517e000 0000000000000003 00000000f0000000 0000000000000000 [ 270.823937][ C0] page dumped because: kasan: bad access detected [ 270.830337][ C0] page_owner tracks the page as freed [ 270.835693][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 7897, tgid 7897 (syz-executor), ts 189869743966, free_ts 265856709971 [ 270.856112][ C0] post_alloc_hook+0x2d1/0x350 [ 270.860898][ C0] get_page_from_freelist+0xfce/0x2f80 [ 270.866363][ C0] __alloc_pages_noprof+0x223/0x25a0 [ 270.871656][ C0] ___kmalloc_large_node+0x84/0x1b0 [ 270.876869][ C0] __kmalloc_large_node_noprof+0x1c/0x70 [ 270.882518][ C0] __kmalloc_node_noprof.cold+0x5/0x5f [ 270.888010][ C0] __kvmalloc_node_noprof+0x6f/0x1a0 [ 270.893304][ C0] bucket_table_alloc.isra.0+0x86/0x460 [ 270.898862][ C0] rhashtable_init_noprof+0x41a/0x7e0 [ 270.904283][ C0] ila_xlat_init_net+0xb5/0x110 [ 270.909166][ C0] ops_init+0x1e2/0x5f0 [ 270.913340][ C0] setup_net+0x21f/0x860 [ 270.917606][ C0] copy_net_ns+0x2b4/0x6b0 [ 270.922044][ C0] create_new_namespaces+0x3ea/0xad0 [ 270.927513][ C0] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 270.933177][ C0] ksys_unshare+0x45d/0xa40 [ 270.937700][ C0] page last free pid 1149 tgid 1149 stack trace: [ 270.944023][ C0] free_unref_page+0x661/0x1080 [ 270.948902][ C0] __folio_put+0x32a/0x450 [ 270.953337][ C0] kvfree+0x47/0x50 [ 270.957157][ C0] rhashtable_free_and_destroy+0x16c/0x990 [ 270.962984][ C0] ila_xlat_exit_net+0x59/0xa0 [ 270.967764][ C0] ops_exit_list+0xb3/0x180 [ 270.972283][ C0] cleanup_net+0x5b7/0xb40 [ 270.976720][ C0] process_one_work+0x9c8/0x1ba0 [ 270.981662][ C0] worker_thread+0x6c8/0xf00 [ 270.986256][ C0] kthread+0x2c4/0x3a0 [ 270.990336][ C0] ret_from_fork+0x48/0x80 [ 270.994758][ C0] ret_from_fork_asm+0x1a/0x30 [ 270.999546][ C0] [ 271.001866][ C0] Memory state around the buggy address: [ 271.007488][ C0] ffff888065177f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 271.015548][ C0] ffff888065177f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 271.023797][ C0] >ffff888065178000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 271.031864][ C0] ^ [ 271.037489][ C0] ffff888065178080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 271.045567][ C0] ffff888065178100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 271.053631][ C0] ================================================================== [ 271.061728][ C1] ================================================================== [ 271.069817][ C1] BUG: KASAN: use-after-free in __rhashtable_lookup.constprop.0+0x430/0x550 [ 271.078549][ C1] Read of size 4 at addr ffff888065178004 by task kworker/u8:5/1083 [ 271.086548][ C1] [ 271.088893][ C1] CPU: 1 UID: 0 PID: 1083 Comm: kworker/u8:5 Tainted: G B 6.12.0-rc7-syzkaller-00187-gf868cd251776 #0 [ 271.101356][ C1] Tainted: [B]=BAD_PAGE [ 271.105521][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 271.115603][ C1] Workqueue: events_unbound toggle_allocation_gate [ 271.122168][ C1] Call Trace: [ 271.125467][ C1] [ 271.128332][ C1] dump_stack_lvl+0x116/0x1f0 [ 271.133064][ C1] print_report+0xc3/0x620 [ 271.137531][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.143214][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.148897][ C1] ? __phys_addr+0xc6/0x150 [ 271.153458][ C1] kasan_report+0xd9/0x110 [ 271.158004][ C1] ? __rhashtable_lookup.constprop.0+0x430/0x550 [ 271.164481][ C1] ? __rhashtable_lookup.constprop.0+0x430/0x550 [ 271.170869][ C1] __rhashtable_lookup.constprop.0+0x430/0x550 [ 271.177079][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.182766][ C1] ? lock_acquire+0x2f/0xb0 [ 271.187308][ C1] ? ila_nf_input+0x1bd/0x620 [ 271.192043][ C1] ila_nf_input+0x1ee/0x620 [ 271.196611][ C1] ? __pfx_ila_nf_input+0x10/0x10 [ 271.201692][ C1] nf_hook_slow+0xbe/0x200 [ 271.206178][ C1] nf_hook.constprop.0+0x42e/0x750 [ 271.211367][ C1] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 271.216595][ C1] ? __pfx_nf_hook.constprop.0+0x10/0x10 [ 271.222283][ C1] ? sock_wfree+0x46a/0x880 [ 271.226832][ C1] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 271.232053][ C1] ? __pfx_ipv6_rcv+0x10/0x10 [ 271.236865][ C1] ipv6_rcv+0xa4/0x680 [ 271.241079][ C1] ? __pfx_ipv6_rcv+0x10/0x10 [ 271.245969][ C1] __netif_receive_skb_one_core+0x12e/0x1e0 [ 271.251898][ C1] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 271.258330][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.263994][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.269674][ C1] ? trace_lock_acquire+0x14a/0x1d0 [ 271.275004][ C1] ? process_backlog+0x3f1/0x15f0 [ 271.280052][ C1] ? process_backlog+0x3f1/0x15f0 [ 271.285104][ C1] __netif_receive_skb+0x1d/0x160 [ 271.290163][ C1] process_backlog+0x443/0x15f0 [ 271.295048][ C1] __napi_poll.constprop.0+0xba/0x550 [ 271.300450][ C1] net_rx_action+0xa92/0x1010 [ 271.305275][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 271.310426][ C1] ? __entry_text_end+0x1020c5/0x1020c9 [ 271.315990][ C1] ? lock_acquire+0x2f/0xb0 [ 271.320506][ C1] ? ktime_get+0xd9/0x1a0 [ 271.324870][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.330547][ C1] ? sched_clock+0x38/0x60 [ 271.335069][ C1] ? sched_clock_cpu+0x6d/0x4d0 [ 271.339957][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.345616][ C1] ? rcu_is_watching+0x12/0xc0 [ 271.350514][ C1] handle_softirqs+0x216/0x8f0 [ 271.355301][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 271.360609][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.366282][ C1] irq_exit_rcu+0xbb/0x120 [ 271.370738][ C1] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 271.376388][ C1] [ 271.379319][ C1] [ 271.382252][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 271.388252][ C1] RIP: 0010:smp_call_function_many_cond+0x45d/0x1300 [ 271.394975][ C1] Code: 4d 48 b8 00 00 00 00 00 fc ff df 4d 89 f4 4c 89 f5 49 c1 ec 03 83 e5 07 49 01 c4 83 c5 03 e8 8a 1b 0c 00 f3 90 41 0f b6 04 24 <40> 38 c5 7c 08 84 c0 0f 85 a4 0c 00 00 8b 43 08 31 ff 83 e0 01 41 [ 271.414595][ C1] RSP: 0018:ffffc90003fc7998 EFLAGS: 00000293 [ 271.420673][ C1] RAX: 0000000000000000 RBX: ffff8880b8646940 RCX: ffffffff81815eec [ 271.428670][ C1] RDX: ffff8880274b8000 RSI: ffffffff81815ec6 RDI: 0000000000000005 [ 271.437088][ C1] RBP: 0000000000000003 R08: 0000000000000005 R09: 0000000000000000 [ 271.445074][ C1] R10: 0000000000000001 R11: 0000000000000000 R12: ffffed10170c8d29 [ 271.453068][ C1] R13: 0000000000000001 R14: ffff8880b8646948 R15: ffff8880b8740140 [ 271.461055][ C1] ? smp_call_function_many_cond+0x47c/0x1300 [ 271.467174][ C1] ? smp_call_function_many_cond+0x456/0x1300 [ 271.473373][ C1] ? smp_call_function_many_cond+0x456/0x1300 [ 271.479499][ C1] ? __pfx_do_sync_core+0x10/0x10 [ 271.484587][ C1] ? __pfx_do_sync_core+0x10/0x10 [ 271.489665][ C1] on_each_cpu_cond_mask+0x40/0x90 [ 271.494806][ C1] text_poke_bp_batch+0x561/0x760 [ 271.499873][ C1] ? __kmalloc_node_track_caller_noprof+0xe5/0x430 [ 271.506398][ C1] ? __pfx_text_poke_bp_batch+0x10/0x10 [ 271.511971][ C1] ? __jump_label_patch+0x1db/0x400 [ 271.517210][ C1] ? srso_alias_return_thunk+0xc1/0xfbef5 [ 271.522956][ C1] ? arch_jump_label_transform_queue+0xc0/0x120 [ 271.529230][ C1] text_poke_finish+0x30/0x40 [ 271.534025][ C1] arch_jump_label_transform_apply+0x1c/0x30 [ 271.540058][ C1] jump_label_update+0x1d7/0x400 [ 271.545041][ C1] static_key_enable_cpuslocked+0x1b7/0x270 [ 271.550994][ C1] static_key_enable+0x1a/0x20 [ 271.555786][ C1] toggle_allocation_gate+0xfc/0x260 [ 271.561177][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.566845][ C1] ? __pfx_toggle_allocation_gate+0x10/0x10 [ 271.572772][ C1] ? trace_lock_acquire+0x14a/0x1d0 [ 271.578003][ C1] ? process_one_work+0x921/0x1ba0 [ 271.583136][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.588814][ C1] ? lock_acquire+0x2f/0xb0 [ 271.593344][ C1] ? process_one_work+0x921/0x1ba0 [ 271.598493][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.604246][ C1] process_one_work+0x9c8/0x1ba0 [ 271.609228][ C1] ? __pfx_batadv_nc_worker+0x10/0x10 [ 271.614631][ C1] ? __pfx_process_one_work+0x10/0x10 [ 271.620017][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.625682][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.631355][ C1] ? assign_work+0x1a0/0x250 [ 271.636000][ C1] worker_thread+0x6c8/0xf00 [ 271.640698][ C1] ? __pfx_worker_thread+0x10/0x10 [ 271.645918][ C1] kthread+0x2c4/0x3a0 [ 271.650024][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 271.655268][ C1] ? __pfx_kthread+0x10/0x10 [ 271.659905][ C1] ret_from_fork+0x48/0x80 [ 271.664345][ C1] ? __pfx_kthread+0x10/0x10 [ 271.668982][ C1] ret_from_fork_asm+0x1a/0x30 [ 271.673798][ C1] [ 271.676848][ C1] [ 271.679186][ C1] The buggy address belongs to the physical page: [ 271.685608][ C1] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x65178 [ 271.694476][ C1] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 271.702983][ C1] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 271.710531][ C1] page_type: f5(slab) [ 271.714620][ C1] raw: 00fff00000000040 ffff88801b042140 dead000000000122 0000000000000000 [ 271.723224][ C1] raw: 0000000000000000 0000000000040004 00000001f5000000 0000000000000000 [ 271.731832][ C1] head: 00fff00000000040 ffff88801b042140 dead000000000122 0000000000000000 [ 271.740529][ C1] head: 0000000000000000 0000000000040004 00000001f5000000 0000000000000000 [ 271.749225][ C1] head: 00fff00000000003 ffffea0001945e01 ffffffffffffffff 0000000000000000 [ 271.757992][ C1] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 271.766664][ C1] page dumped because: kasan: bad access detected [ 271.773071][ C1] page_owner tracks the page as allocated [ 271.778781][ C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 45, tgid 45 (kworker/u8:3), ts 271126665473, free_ts 265856709971 [ 271.799384][ C1] post_alloc_hook+0x2d1/0x350 [ 271.804169][ C1] get_page_from_freelist+0xfce/0x2f80 [ 271.809661][ C1] __alloc_pages_noprof+0x223/0x25a0 [ 271.814961][ C1] alloc_pages_mpol_noprof+0x2c9/0x610 [ 271.820442][ C1] new_slab+0x2c9/0x410 [ 271.824635][ C1] ___slab_alloc+0xdac/0x1880 [ 271.829357][ C1] __slab_alloc.constprop.0+0x56/0xb0 [ 271.834783][ C1] __kmalloc_node_track_caller_noprof+0x355/0x430 [ 271.841225][ C1] kmalloc_reserve+0xef/0x2c0 [ 271.845917][ C1] __alloc_skb+0x164/0x380 [ 271.850369][ C1] nsim_dev_trap_report_work+0x2a4/0xc90 [ 271.856018][ C1] process_one_work+0x9c8/0x1ba0 [ 271.860968][ C1] worker_thread+0x6c8/0xf00 [ 271.865574][ C1] kthread+0x2c4/0x3a0 [ 271.869696][ C1] ret_from_fork+0x48/0x80 [ 271.874131][ C1] ret_from_fork_asm+0x1a/0x30 [ 271.878952][ C1] page last free pid 1149 tgid 1149 stack trace: [ 271.885370][ C1] free_unref_page+0x661/0x1080 [ 271.890247][ C1] __folio_put+0x32a/0x450 [ 271.894686][ C1] kvfree+0x47/0x50 [ 271.898517][ C1] rhashtable_free_and_destroy+0x16c/0x990 [ 271.904354][ C1] ila_xlat_exit_net+0x59/0xa0 [ 271.909164][ C1] ops_exit_list+0xb3/0x180 [ 271.913714][ C1] cleanup_net+0x5b7/0xb40 [ 271.918216][ C1] process_one_work+0x9c8/0x1ba0 [ 271.923174][ C1] worker_thread+0x6c8/0xf00 [ 271.927793][ C1] kthread+0x2c4/0x3a0 [ 271.931883][ C1] ret_from_fork+0x48/0x80 [ 271.936308][ C1] ret_from_fork_asm+0x1a/0x30 [ 271.941105][ C1] [ 271.943447][ C1] Memory state around the buggy address: [ 271.949100][ C1] ffff888065177f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 271.957602][ C1] ffff888065177f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 271.965679][ C1] >ffff888065178000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 271.973755][ C1] ^ [ 271.977823][ C1] ffff888065178080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 271.985995][ C1] ffff888065178100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 271.994074][ C1] ================================================================== [ 272.002166][ C1] vkms_vblank_simulate: vblank timer overrun [ 272.008291][ C1] ================================================================== [ 272.016361][ C1] BUG: KASAN: slab-use-after-free in __rht_bucket_nested+0x456/0x4b0 [ 272.024456][ C1] Read of size 4 at addr ffff888065178004 by task kworker/u8:5/1083 [ 272.032462][ C1] [ 272.034787][ C1] CPU: 1 UID: 0 PID: 1083 Comm: kworker/u8:5 Tainted: G B 6.12.0-rc7-syzkaller-00187-gf868cd251776 #0 [ 272.047153][ C1] Tainted: [B]=BAD_PAGE [ 272.051312][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 272.061460][ C1] Workqueue: events_unbound toggle_allocation_gate [ 272.067984][ C1] Call Trace: [ 272.071285][ C1] [ 272.074131][ C1] dump_stack_lvl+0x116/0x1f0 [ 272.078866][ C1] print_report+0xc3/0x620 [ 272.083315][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 272.089081][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 272.094763][ C1] ? __phys_addr+0xc6/0x150 [ 272.099293][ C1] kasan_report+0xd9/0x110 [ 272.103733][ C1] ? __rht_bucket_nested+0x456/0x4b0 [ 272.109069][ C1] ? __rht_bucket_nested+0x456/0x4b0 [ 272.114392][ C1] __rht_bucket_nested+0x456/0x4b0 [ 272.119548][ C1] rht_bucket_nested+0x1a/0x40 [ 272.124345][ C1] __rhashtable_lookup.constprop.0+0x419/0x550 [ 272.130557][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 272.136214][ C1] ? lock_acquire+0x2f/0xb0 [ 272.140748][ C1] ? ila_nf_input+0x1bd/0x620 [ 272.145461][ C1] ila_nf_input+0x1ee/0x620 [ 272.150012][ C1] ? __pfx_ila_nf_input+0x10/0x10 [ 272.155069][ C1] nf_hook_slow+0xbe/0x200 [ 272.159540][ C1] nf_hook.constprop.0+0x42e/0x750 [ 272.164694][ C1] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 272.169928][ C1] ? __pfx_nf_hook.constprop.0+0x10/0x10 [ 272.175689][ C1] ? sock_wfree+0x46a/0x880 [ 272.180216][ C1] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 272.185439][ C1] ? __pfx_ipv6_rcv+0x10/0x10 [ 272.190174][ C1] ipv6_rcv+0xa4/0x680 [ 272.194281][ C1] ? __pfx_ipv6_rcv+0x10/0x10 [ 272.199015][ C1] __netif_receive_skb_one_core+0x12e/0x1e0 [ 272.204939][ C1] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 272.211393][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 272.217055][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 272.222714][ C1] ? trace_lock_acquire+0x14a/0x1d0 [ 272.227946][ C1] ? process_backlog+0x3f1/0x15f0 [ 272.233013][ C1] ? process_backlog+0x3f1/0x15f0 [ 272.238054][ C1] __netif_receive_skb+0x1d/0x160 [ 272.243200][ C1] process_backlog+0x443/0x15f0 [ 272.248111][ C1] __napi_poll.constprop.0+0xba/0x550 [ 272.253522][ C1] net_rx_action+0xa92/0x1010 [ 272.258269][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 272.263407][ C1] ? __entry_text_end+0x1020c5/0x1020c9 [ 272.269090][ C1] ? lock_acquire+0x2f/0xb0 [ 272.273617][ C1] ? ktime_get+0xd9/0x1a0 [ 272.277994][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 272.283701][ C1] ? sched_clock+0x38/0x60 [ 272.288190][ C1] ? sched_clock_cpu+0x6d/0x4d0 [ 272.293064][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 272.298872][ C1] ? rcu_is_watching+0x12/0xc0 [ 272.303672][ C1] handle_softirqs+0x216/0x8f0 [ 272.308499][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 272.313812][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 272.319482][ C1] irq_exit_rcu+0xbb/0x120 [ 272.323960][ C1] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 272.329659][ C1] [ 272.332595][ C1] [ 272.335545][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 272.341563][ C1] RIP: 0010:smp_call_function_many_cond+0x45d/0x1300 [ 272.348345][ C1] Code: 4d 48 b8 00 00 00 00 00 fc ff df 4d 89 f4 4c 89 f5 49 c1 ec 03 83 e5 07 49 01 c4 83 c5 03 e8 8a 1b 0c 00 f3 90 41 0f b6 04 24 <40> 38 c5 7c 08 84 c0 0f 85 a4 0c 00 00 8b 43 08 31 ff 83 e0 01 41 [ 272.368052][ C1] RSP: 0018:ffffc90003fc7998 EFLAGS: 00000293 [ 272.374134][ C1] RAX: 0000000000000000 RBX: ffff8880b8646940 RCX: ffffffff81815eec [ 272.382292][ C1] RDX: ffff8880274b8000 RSI: ffffffff81815ec6 RDI: 0000000000000005 [ 272.390274][ C1] RBP: 0000000000000003 R08: 0000000000000005 R09: 0000000000000000 [ 272.398445][ C1] R10: 0000000000000001 R11: 0000000000000000 R12: ffffed10170c8d29 [ 272.406690][ C1] R13: 0000000000000001 R14: ffff8880b8646948 R15: ffff8880b8740140 [ 272.414675][ C1] ? smp_call_function_many_cond+0x47c/0x1300 [ 272.420767][ C1] ? smp_call_function_many_cond+0x456/0x1300 [ 272.426861][ C1] ? smp_call_function_many_cond+0x456/0x1300 [ 272.432947][ C1] ? __pfx_do_sync_core+0x10/0x10 [ 272.437998][ C1] ? __pfx_do_sync_core+0x10/0x10 [ 272.443066][ C1] on_each_cpu_cond_mask+0x40/0x90 [ 272.448322][ C1] text_poke_bp_batch+0x561/0x760 [ 272.453401][ C1] ? __kmalloc_node_track_caller_noprof+0xe5/0x430 [ 272.459962][ C1] ? __pfx_text_poke_bp_batch+0x10/0x10 [ 272.465540][ C1] ? __jump_label_patch+0x1db/0x400 [ 272.470787][ C1] ? srso_alias_return_thunk+0xc1/0xfbef5 [ 272.476555][ C1] ? arch_jump_label_transform_queue+0xc0/0x120 [ 272.482831][ C1] text_poke_finish+0x30/0x40 [ 272.487538][ C1] arch_jump_label_transform_apply+0x1c/0x30 [ 272.493556][ C1] jump_label_update+0x1d7/0x400 [ 272.498555][ C1] static_key_enable_cpuslocked+0x1b7/0x270 [ 272.504698][ C1] static_key_enable+0x1a/0x20 [ 272.509525][ C1] toggle_allocation_gate+0xfc/0x260 [ 272.514920][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 272.520575][ C1] ? __pfx_toggle_allocation_gate+0x10/0x10 [ 272.526493][ C1] ? trace_lock_acquire+0x14a/0x1d0 [ 272.531737][ C1] ? process_one_work+0x921/0x1ba0 [ 272.536865][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 272.542608][ C1] ? lock_acquire+0x2f/0xb0 [ 272.547124][ C1] ? process_one_work+0x921/0x1ba0 [ 272.552255][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 272.557912][ C1] process_one_work+0x9c8/0x1ba0 [ 272.562873][ C1] ? __pfx_batadv_nc_worker+0x10/0x10 [ 272.568366][ C1] ? __pfx_process_one_work+0x10/0x10 [ 272.573774][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 272.579433][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 272.585093][ C1] ? assign_work+0x1a0/0x250 [ 272.589825][ C1] worker_thread+0x6c8/0xf00 [ 272.594457][ C1] ? __pfx_worker_thread+0x10/0x10 [ 272.599603][ C1] kthread+0x2c4/0x3a0 [ 272.603704][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 272.608979][ C1] ? __pfx_kthread+0x10/0x10 [ 272.613599][ C1] ret_from_fork+0x48/0x80 [ 272.618045][ C1] ? __pfx_kthread+0x10/0x10 [ 272.622664][ C1] ret_from_fork_asm+0x1a/0x30 [ 272.627855][ C1] [ 272.630876][ C1] [ 272.633405][ C1] Allocated by task 45: [ 272.637585][ C1] kasan_save_stack+0x33/0x60 [ 272.642272][ C1] kasan_save_track+0x14/0x30 [ 272.646960][ C1] __kasan_kmalloc+0xaa/0xb0 [ 272.651594][ C1] __kmalloc_node_track_caller_noprof+0x20f/0x430 [ 272.658054][ C1] kmalloc_reserve+0xef/0x2c0 [ 272.662742][ C1] __alloc_skb+0x164/0x380 [ 272.667182][ C1] nsim_dev_trap_report_work+0x2a4/0xc90 [ 272.673028][ C1] process_one_work+0x9c8/0x1ba0 [ 272.677976][ C1] worker_thread+0x6c8/0xf00 [ 272.682576][ C1] kthread+0x2c4/0x3a0 [ 272.686671][ C1] ret_from_fork+0x48/0x80 [ 272.691131][ C1] ret_from_fork_asm+0x1a/0x30 [ 272.695921][ C1] [ 272.698245][ C1] Freed by task 45: [ 272.702221][ C1] kasan_save_stack+0x33/0x60 [ 272.706913][ C1] kasan_save_track+0x14/0x30 [ 272.711614][ C1] kasan_save_free_info+0x3b/0x60 [ 272.716665][ C1] __kasan_slab_free+0x51/0x70 [ 272.721437][ C1] kfree+0x14f/0x4b0 [ 272.725364][ C1] skb_free_head+0x108/0x1d0 [ 272.729987][ C1] skb_release_data+0x560/0x730 [ 272.734866][ C1] consume_skb+0xbf/0x100 [ 272.739235][ C1] nsim_dev_trap_report_work+0x878/0xc90 [ 272.744892][ C1] process_one_work+0x9c8/0x1ba0 [ 272.749857][ C1] worker_thread+0x6c8/0xf00 [ 272.754456][ C1] kthread+0x2c4/0x3a0 [ 272.758543][ C1] ret_from_fork+0x48/0x80 [ 272.762977][ C1] ret_from_fork_asm+0x1a/0x30 [ 272.767942][ C1] [ 272.770279][ C1] The buggy address belongs to the object at ffff888065178000 [ 272.770279][ C1] which belongs to the cache kmalloc-4k of size 4096 [ 272.784348][ C1] The buggy address is located 4 bytes inside of [ 272.784348][ C1] freed 4096-byte region [ffff888065178000, ffff888065179000) [ 272.798083][ C1] [ 272.800402][ C1] The buggy address belongs to the physical page: [ 272.806821][ C1] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x65178 [ 272.815879][ C1] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 272.824403][ C1] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 272.831968][ C1] page_type: f5(slab) [ 272.835959][ C1] raw: 00fff00000000040 ffff88801b042140 dead000000000122 0000000000000000 [ 272.844564][ C1] raw: 0000000000000000 0000000000040004 00000001f5000000 0000000000000000 [ 272.853185][ C1] head: 00fff00000000040 ffff88801b042140 dead000000000122 0000000000000000 [ 272.861889][ C1] head: 0000000000000000 0000000000040004 00000001f5000000 0000000000000000 [ 272.870568][ C1] head: 00fff00000000003 ffffea0001945e01 ffffffffffffffff 0000000000000000 [ 272.879262][ C1] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 272.888198][ C1] page dumped because: kasan: bad access detected [ 272.894618][ C1] page_owner tracks the page as allocated [ 272.900327][ C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 45, tgid 45 (kworker/u8:3), ts 271126665473, free_ts 265856709971 [ 272.921033][ C1] post_alloc_hook+0x2d1/0x350 [ 272.925821][ C1] get_page_from_freelist+0xfce/0x2f80 [ 272.931326][ C1] __alloc_pages_noprof+0x223/0x25a0 [ 272.937002][ C1] alloc_pages_mpol_noprof+0x2c9/0x610 [ 272.942486][ C1] new_slab+0x2c9/0x410 [ 272.946760][ C1] ___slab_alloc+0xdac/0x1880 [ 272.951465][ C1] __slab_alloc.constprop.0+0x56/0xb0 [ 272.956879][ C1] __kmalloc_node_track_caller_noprof+0x355/0x430 [ 272.963929][ C1] kmalloc_reserve+0xef/0x2c0 [ 272.968655][ C1] __alloc_skb+0x164/0x380 [ 272.973095][ C1] nsim_dev_trap_report_work+0x2a4/0xc90 [ 272.978759][ C1] process_one_work+0x9c8/0x1ba0 [ 272.983718][ C1] worker_thread+0x6c8/0xf00 [ 272.988340][ C1] kthread+0x2c4/0x3a0 [ 272.992536][ C1] ret_from_fork+0x48/0x80 [ 272.996969][ C1] ret_from_fork_asm+0x1a/0x30 [ 273.001806][ C1] page last free pid 1149 tgid 1149 stack trace: [ 273.008144][ C1] free_unref_page+0x661/0x1080 [ 273.013006][ C1] __folio_put+0x32a/0x450 [ 273.017458][ C1] kvfree+0x47/0x50 [ 273.021276][ C1] rhashtable_free_and_destroy+0x16c/0x990 [ 273.027109][ C1] ila_xlat_exit_net+0x59/0xa0 [ 273.031985][ C1] ops_exit_list+0xb3/0x180 [ 273.036601][ C1] cleanup_net+0x5b7/0xb40 [ 273.041154][ C1] process_one_work+0x9c8/0x1ba0 [ 273.046108][ C1] worker_thread+0x6c8/0xf00 [ 273.050725][ C1] kthread+0x2c4/0x3a0 [ 273.054987][ C1] ret_from_fork+0x48/0x80 [ 273.059415][ C1] ret_from_fork_asm+0x1a/0x30 [ 273.064221][ C1] [ 273.066576][ C1] Memory state around the buggy address: [ 273.072290][ C1] ffff888065177f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 273.080360][ C1] ffff888065177f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 273.088427][ C1] >ffff888065178000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 273.096526][ C1] ^ [ 273.100595][ C1] ffff888065178080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 273.108669][ C1] ffff888065178100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 273.116851][ C1] ================================================================== [ 273.124946][ C1] vkms_vblank_simulate: vblank timer overrun [ 273.130994][ C1] ------------[ cut here ]------------ [ 273.136600][ C1] UBSAN: shift-out-of-bounds in lib/rhashtable.c:1188:34 [ 273.143691][ C1] shift exponent 4294936704 is too large for 32-bit type 'int' [ 273.151257][ C1] CPU: 1 UID: 0 PID: 1083 Comm: kworker/u8:5 Tainted: G B 6.12.0-rc7-syzkaller-00187-gf868cd251776 #0 [ 273.163614][ C1] Tainted: [B]=BAD_PAGE [ 273.167779][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 273.177932][ C1] Workqueue: events_unbound toggle_allocation_gate [ 273.184467][ C1] Call Trace: [ 273.187855][ C1] [ 273.190704][ C1] dump_stack_lvl+0x16c/0x1f0 [ 273.195507][ C1] __ubsan_handle_shift_out_of_bounds+0x2a5/0x480 [ 273.201998][ C1] __rht_bucket_nested.cold+0x18/0x14a [ 273.207477][ C1] rht_bucket_nested+0x1a/0x40 [ 273.212266][ C1] __rhashtable_lookup.constprop.0+0x419/0x550 [ 273.218545][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 273.224317][ C1] ? lock_acquire+0x2f/0xb0 [ 273.228869][ C1] ? ila_nf_input+0x1bd/0x620 [ 273.233604][ C1] ila_nf_input+0x1ee/0x620 [ 273.238161][ C1] ? __pfx_ila_nf_input+0x10/0x10 [ 273.243234][ C1] nf_hook_slow+0xbe/0x200 [ 273.247704][ C1] nf_hook.constprop.0+0x42e/0x750 [ 273.252855][ C1] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 273.258100][ C1] ? __pfx_nf_hook.constprop.0+0x10/0x10 [ 273.263807][ C1] ? sock_wfree+0x46a/0x880 [ 273.268457][ C1] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 273.273680][ C1] ? __pfx_ipv6_rcv+0x10/0x10 [ 273.278401][ C1] ipv6_rcv+0xa4/0x680 [ 273.282529][ C1] ? __pfx_ipv6_rcv+0x10/0x10 [ 273.287326][ C1] __netif_receive_skb_one_core+0x12e/0x1e0 [ 273.293271][ C1] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 273.299724][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 273.305396][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 273.311071][ C1] ? trace_lock_acquire+0x14a/0x1d0 [ 273.316296][ C1] ? process_backlog+0x3f1/0x15f0 [ 273.321342][ C1] ? process_backlog+0x3f1/0x15f0 [ 273.326394][ C1] __netif_receive_skb+0x1d/0x160 [ 273.331463][ C1] process_backlog+0x443/0x15f0 [ 273.336339][ C1] __napi_poll.constprop.0+0xba/0x550 [ 273.342081][ C1] net_rx_action+0xa92/0x1010 [ 273.346801][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 273.351964][ C1] ? __entry_text_end+0x1020c5/0x1020c9 [ 273.357551][ C1] ? lock_acquire+0x2f/0xb0 [ 273.362070][ C1] ? ktime_get+0xd9/0x1a0 [ 273.366450][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 273.372105][ C1] ? sched_clock+0x38/0x60 [ 273.376554][ C1] ? sched_clock_cpu+0x6d/0x4d0 [ 273.381447][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 273.387189][ C1] ? rcu_is_watching+0x12/0xc0 [ 273.391997][ C1] handle_softirqs+0x216/0x8f0 [ 273.396787][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 273.402100][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 273.407777][ C1] irq_exit_rcu+0xbb/0x120 [ 273.412315][ C1] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 273.417994][ C1] [ 273.420939][ C1] [ 273.423889][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 273.429906][ C1] RIP: 0010:smp_call_function_many_cond+0x45d/0x1300 [ 273.436609][ C1] Code: 4d 48 b8 00 00 00 00 00 fc ff df 4d 89 f4 4c 89 f5 49 c1 ec 03 83 e5 07 49 01 c4 83 c5 03 e8 8a 1b 0c 00 f3 90 41 0f b6 04 24 <40> 38 c5 7c 08 84 c0 0f 85 a4 0c 00 00 8b 43 08 31 ff 83 e0 01 41 [ 273.456432][ C1] RSP: 0018:ffffc90003fc7998 EFLAGS: 00000293 [ 273.462533][ C1] RAX: 0000000000000000 RBX: ffff8880b8646940 RCX: ffffffff81815eec [ 273.470531][ C1] RDX: ffff8880274b8000 RSI: ffffffff81815ec6 RDI: 0000000000000005 [ 273.478512][ C1] RBP: 0000000000000003 R08: 0000000000000005 R09: 0000000000000000 [ 273.486495][ C1] R10: 0000000000000001 R11: 0000000000000000 R12: ffffed10170c8d29 [ 273.494477][ C1] R13: 0000000000000001 R14: ffff8880b8646948 R15: ffff8880b8740140 [ 273.502464][ C1] ? smp_call_function_many_cond+0x47c/0x1300 [ 273.508574][ C1] ? smp_call_function_many_cond+0x456/0x1300 [ 273.514665][ C1] ? smp_call_function_many_cond+0x456/0x1300 [ 273.520765][ C1] ? __pfx_do_sync_core+0x10/0x10 [ 273.525834][ C1] ? __pfx_do_sync_core+0x10/0x10 [ 273.530910][ C1] on_each_cpu_cond_mask+0x40/0x90 [ 273.536062][ C1] text_poke_bp_batch+0x561/0x760 [ 273.541118][ C1] ? __kmalloc_node_track_caller_noprof+0xe5/0x430 [ 273.547651][ C1] ? __pfx_text_poke_bp_batch+0x10/0x10 [ 273.553336][ C1] ? __jump_label_patch+0x1db/0x400 [ 273.558583][ C1] ? srso_alias_return_thunk+0xc1/0xfbef5 [ 273.564352][ C1] ? arch_jump_label_transform_queue+0xc0/0x120 [ 273.570653][ C1] text_poke_finish+0x30/0x40 [ 273.575359][ C1] arch_jump_label_transform_apply+0x1c/0x30 [ 273.581373][ C1] jump_label_update+0x1d7/0x400 [ 273.586450][ C1] static_key_enable_cpuslocked+0x1b7/0x270 [ 273.592427][ C1] static_key_enable+0x1a/0x20 [ 273.597245][ C1] toggle_allocation_gate+0xfc/0x260 [ 273.602566][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 273.608224][ C1] ? __pfx_toggle_allocation_gate+0x10/0x10 [ 273.614228][ C1] ? trace_lock_acquire+0x14a/0x1d0 [ 273.619491][ C1] ? process_one_work+0x921/0x1ba0 [ 273.624625][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 273.630388][ C1] ? lock_acquire+0x2f/0xb0 [ 273.635620][ C1] ? process_one_work+0x921/0x1ba0 [ 273.640811][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 273.646483][ C1] process_one_work+0x9c8/0x1ba0 [ 273.651462][ C1] ? __pfx_batadv_nc_worker+0x10/0x10 [ 273.656880][ C1] ? __pfx_process_one_work+0x10/0x10 [ 273.662268][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 273.667928][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 273.673585][ C1] ? assign_work+0x1a0/0x250 [ 273.678232][ C1] worker_thread+0x6c8/0xf00 [ 273.683287][ C1] ? __pfx_worker_thread+0x10/0x10 [ 273.688553][ C1] kthread+0x2c4/0x3a0 [ 273.692666][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 273.697899][ C1] ? __pfx_kthread+0x10/0x10 [ 273.702511][ C1] ret_from_fork+0x48/0x80 [ 273.706948][ C1] ? __pfx_kthread+0x10/0x10 [ 273.711607][ C1] ret_from_fork_asm+0x1a/0x30 [ 273.716582][ C1] [ 273.719628][ C1] vkms_vblank_simulate: vblank timer overrun [ 273.725677][ C1] ---[ end trace ]--- [ 273.729848][ C1] Kernel panic - not syncing: UBSAN: panic_on_warn set ... [ 273.737046][ C1] CPU: 1 UID: 0 PID: 1083 Comm: kworker/u8:5 Tainted: G B 6.12.0-rc7-syzkaller-00187-gf868cd251776 #0 [ 273.749567][ C1] Tainted: [B]=BAD_PAGE [ 273.753719][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 273.763791][ C1] Workqueue: events_unbound toggle_allocation_gate [ 273.770349][ C1] Call Trace: [ 273.773645][ C1] [ 273.776496][ C1] dump_stack_lvl+0x3d/0x1f0 [ 273.781212][ C1] panic+0x71d/0x800 [ 273.785154][ C1] ? __pfx_panic+0x10/0x10 [ 273.789986][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 273.795648][ C1] ? __pfx__printk+0x10/0x10 [ 273.800272][ C1] ? check_panic_on_warn+0x1f/0xb0 [ 273.805429][ C1] check_panic_on_warn+0xab/0xb0 [ 273.810532][ C1] __ubsan_handle_shift_out_of_bounds+0x2cc/0x480 [ 273.817028][ C1] __rht_bucket_nested.cold+0x18/0x14a [ 273.822596][ C1] rht_bucket_nested+0x1a/0x40 [ 273.827472][ C1] __rhashtable_lookup.constprop.0+0x419/0x550 [ 273.833665][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 273.839349][ C1] ? lock_acquire+0x2f/0xb0 [ 273.843881][ C1] ? ila_nf_input+0x1bd/0x620 [ 273.848603][ C1] ila_nf_input+0x1ee/0x620 [ 273.853142][ C1] ? __pfx_ila_nf_input+0x10/0x10 [ 273.858212][ C1] nf_hook_slow+0xbe/0x200 [ 273.862666][ C1] nf_hook.constprop.0+0x42e/0x750 [ 273.867815][ C1] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 273.873033][ C1] ? __pfx_nf_hook.constprop.0+0x10/0x10 [ 273.878699][ C1] ? sock_wfree+0x46a/0x880 [ 273.883250][ C1] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 273.888502][ C1] ? __pfx_ipv6_rcv+0x10/0x10 [ 273.893222][ C1] ipv6_rcv+0xa4/0x680 [ 273.897375][ C1] ? __pfx_ipv6_rcv+0x10/0x10 [ 273.902173][ C1] __netif_receive_skb_one_core+0x12e/0x1e0 [ 273.908098][ C1] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 273.914580][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 273.920326][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 273.925991][ C1] ? trace_lock_acquire+0x14a/0x1d0 [ 273.931236][ C1] ? process_backlog+0x3f1/0x15f0 [ 273.936303][ C1] ? process_backlog+0x3f1/0x15f0 [ 273.941346][ C1] __netif_receive_skb+0x1d/0x160 [ 273.946487][ C1] process_backlog+0x443/0x15f0 [ 273.951384][ C1] __napi_poll.constprop.0+0xba/0x550 [ 273.956781][ C1] net_rx_action+0xa92/0x1010 [ 273.961490][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 273.966799][ C1] ? __entry_text_end+0x1020c5/0x1020c9 [ 273.972395][ C1] ? lock_acquire+0x2f/0xb0 [ 273.976914][ C1] ? ktime_get+0xd9/0x1a0 [ 273.981273][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 273.986937][ C1] ? sched_clock+0x38/0x60 [ 273.991410][ C1] ? sched_clock_cpu+0x6d/0x4d0 [ 273.996300][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 274.001957][ C1] ? rcu_is_watching+0x12/0xc0 [ 274.006762][ C1] handle_softirqs+0x216/0x8f0 [ 274.011573][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 274.016902][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 274.022561][ C1] irq_exit_rcu+0xbb/0x120 [ 274.027004][ C1] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 274.032656][ C1] [ 274.035598][ C1] [ 274.038534][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 274.044546][ C1] RIP: 0010:smp_call_function_many_cond+0x45d/0x1300 [ 274.051266][ C1] Code: 4d 48 b8 00 00 00 00 00 fc ff df 4d 89 f4 4c 89 f5 49 c1 ec 03 83 e5 07 49 01 c4 83 c5 03 e8 8a 1b 0c 00 f3 90 41 0f b6 04 24 <40> 38 c5 7c 08 84 c0 0f 85 a4 0c 00 00 8b 43 08 31 ff 83 e0 01 41 [ 274.071152][ C1] RSP: 0018:ffffc90003fc7998 EFLAGS: 00000293 [ 274.077238][ C1] RAX: 0000000000000000 RBX: ffff8880b8646940 RCX: ffffffff81815eec [ 274.085248][ C1] RDX: ffff8880274b8000 RSI: ffffffff81815ec6 RDI: 0000000000000005 [ 274.093338][ C1] RBP: 0000000000000003 R08: 0000000000000005 R09: 0000000000000000 [ 274.101351][ C1] R10: 0000000000000001 R11: 0000000000000000 R12: ffffed10170c8d29 [ 274.109637][ C1] R13: 0000000000000001 R14: ffff8880b8646948 R15: ffff8880b8740140 [ 274.117623][ C1] ? smp_call_function_many_cond+0x47c/0x1300 [ 274.123724][ C1] ? smp_call_function_many_cond+0x456/0x1300 [ 274.129925][ C1] ? smp_call_function_many_cond+0x456/0x1300 [ 274.136010][ C1] ? __pfx_do_sync_core+0x10/0x10 [ 274.141066][ C1] ? __pfx_do_sync_core+0x10/0x10 [ 274.146133][ C1] on_each_cpu_cond_mask+0x40/0x90 [ 274.151286][ C1] text_poke_bp_batch+0x561/0x760 [ 274.156339][ C1] ? __kmalloc_node_track_caller_noprof+0xe5/0x430 [ 274.162876][ C1] ? __pfx_text_poke_bp_batch+0x10/0x10 [ 274.168483][ C1] ? __jump_label_patch+0x1db/0x400 [ 274.173721][ C1] ? srso_alias_return_thunk+0xc1/0xfbef5 [ 274.179495][ C1] ? arch_jump_label_transform_queue+0xc0/0x120 [ 274.185833][ C1] text_poke_finish+0x30/0x40 [ 274.190561][ C1] arch_jump_label_transform_apply+0x1c/0x30 [ 274.196575][ C1] jump_label_update+0x1d7/0x400 [ 274.201721][ C1] static_key_enable_cpuslocked+0x1b7/0x270 [ 274.207656][ C1] static_key_enable+0x1a/0x20 [ 274.212474][ C1] toggle_allocation_gate+0xfc/0x260 [ 274.218062][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 274.223730][ C1] ? __pfx_toggle_allocation_gate+0x10/0x10 [ 274.229663][ C1] ? trace_lock_acquire+0x14a/0x1d0 [ 274.234890][ C1] ? process_one_work+0x921/0x1ba0 [ 274.240035][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 274.245712][ C1] ? lock_acquire+0x2f/0xb0 [ 274.250248][ C1] ? process_one_work+0x921/0x1ba0 [ 274.255402][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 274.261059][ C1] process_one_work+0x9c8/0x1ba0 [ 274.266040][ C1] ? __pfx_batadv_nc_worker+0x10/0x10 [ 274.271500][ C1] ? __pfx_process_one_work+0x10/0x10 [ 274.276901][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 274.282585][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 274.288262][ C1] ? assign_work+0x1a0/0x250 [ 274.293167][ C1] worker_thread+0x6c8/0xf00 [ 274.297823][ C1] ? __pfx_worker_thread+0x10/0x10 [ 274.302998][ C1] kthread+0x2c4/0x3a0 [ 274.307108][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 274.312344][ C1] ? __pfx_kthread+0x10/0x10 [ 274.316960][ C1] ret_from_fork+0x48/0x80 [ 274.321428][ C1] ? __pfx_kthread+0x10/0x10 [ 274.326217][ C1] ret_from_fork_asm+0x1a/0x30 [ 274.331020][ C1] [ 274.334273][ C1] Kernel Offset: disabled [ 274.338618][ C1] Rebooting in 86400 seconds..