PpnPRns4hI2ziZtHQjhz9vEscHds7gMjIbxmNjXRHLgkCRwO4azZxKqiqqREfyyxMgk8OZwHNiaBh2NgIgl8OgZuTwK3xMChJHBVDBxOApfGQJhuHsfPD+fjaDswEAObs414KJ6F8JPh2Fqyrb5VVAUAALBA8tlhT/Pd0rkOJ5shTi8PDbTKEM/Ars3Ql9SQzmCLaVVtDd2tauhsVUMx7n3HH36l5o5WNVdOw+hoznDpK/7w/BVfu+ELoUZl/j9+/Pl/3zwd6agc/w/hitm/MXdnHpkp4psnmjIAAAAAJ2HtG2a+9idnv+nNdfHK/H9je+f/x30iXaXM4dG4G2LbSAjjzYGs2jdXA9lR72V5AAAAAJaC4nh8cSx8Or/NTtFO59PV/BMnmD8e+N84b/5fCpOnb/vBUxvq+luZ/0+0d/7/YPNt1omHYy8+NhJCfynwSOxlIzBrZQx89+LmQD7+h+MGuC1WlZ+YUFR1WyyxOQbGk8DBuhLfKEqc2RzIn6yi8ZuLcUznJUoBAAAAeMHF3QHxuHw8///Ctd/70KaP7/1cXbnK/H/ziZ3/PzsPrpzeP7MshDXdIXSlPwx4dDBbGDAGhjryxFcHs7q60qpuGgzhosbA0qqeyNf/707XGDwykFUVA2e+9rNPn9dIfGoghDXlwGPvvWt2x8juJFA0/qsDIby6Mdq08S/0Z433pI3/QX8IryoFiqo+0B9Co7HetKoH+/LrGKRV/VlfCKeXAkVVb+wLYU8AYImK/0onyw/u2rN325aZmamdi5iI+/AHwtbpmamxq7bPTPbV9Gky6XPTMkY3VcfU2ebYj+ZLFN1z+dhIO+nid4Lj5b7k+/ErJw7m9+N3oZ7Zca7rabq7Ph3y68+pNpEO6cUY8mC5krknsVJ/zN8bloX+63ZN7Ry7Ycvu3TvXZn/bzb4u+xsPM2Xbam26rQbn61sbL492F0N/vtuq6TJXa3Zfs2PNrj17V09fs+Xqqaunrn3D+LrxdevHN7zpwjWNUY1nf1sM9fz5qk6Geuyu6hDavQbU8x3qK7tLlbwQnxoSEhJLLbHl4q/+5b1nfWJZ3cdPZf6/4/jz//ipEz/58/UZ6o7/j8bD/Nnjc4f5N8fAwXaP/4/WHc0vTgxYmQT2xcA+h/kBAAB4aYi7G+PezLhXuuem1WN//MlHnqwrV5n/72vv9/8LtP5/sXT95XXL/K+KJcbr1v9Pl/kv1v/fV7f+f7rMf7H+/8EXYf3/64pAskl+Yv1/AADgpeCFW/+/5fL+6QUCKhlaLu+fXiCgkqHlMv7tXiDghNf/f/tzr+u55iOvviXUqMz/b29v/m/hfgAAADh13HVkQ8eD//o/D9XFK/P/g+3N/1/49f9C3fn/K+sCE3ULA1r/DwAAgCWqbv2/9a/78ebP/WzFD+vKVeb/h9qb/8fTLjqbcsdanxvO1rQL6Zp2Tw0XPxkAAACApaEzjI21u6Jp08qolzz/Nh/PlwI9Xrrsr758zT8+8tb39tfVV5n/H25v/t/0u4xn73zP9WdNvuXG527dfs4Ta993wdG54/8AAADA4ml3vwQAAAAAAAAAAAAAAPDie3rv5Lv++ew7P1MXr/z+P1wx+3jd7//jdf/i7wte3pQ71tp6/b/8/pXvuHfP7JKFjw6HcE45sG3/ttNCfm3+88uBBzatOqOR2J+W+Mp3Lv1BI/H+NPC21S97ppG4KAlsjosknpUG4lUVn1meBOLyin+fBuL2OJQGevPA7y7PxtGRbqsfDWXbqiPdVo8PhTBSChTb6otDWRsd6QDvSALFAD+UBuIAfyUPdKa9undZ1qsYGIpF/2hZ1isAAE5Z8VtgT9g6PTM1Hr/Cx9tXdjffRk1Llt1UrbajzeaP5kuT3XP52Eg76a70u+jctcZ7Ql9jCGsrX1fLWTpmR7kwtbTYdC+vGXKr1d7a/XX2iW663voRDWQjGrtq+8xkT8uBr2+dZV13yyxrK5OdcpbO2U3aRi1t9KWNEbW5bdrocrzfGcbGupJcvxiDo6HJQr0iyuv81b0Kynn2Tb7xb75x7Nihuvoq8//R9ub/feVxPZNfDGBfvLLezSMhnNnmiAAAAIB2fevL/7Ru+yd+55709ort1956weCPLq4rV5n/r2xv/h93jOWHgrO9HYfj9f+L+f9oFrg7NveBkRBeM5uaiCWyC+pfHkuMZ4G74w6TVbHE5onmqvpj4FASeHI4DxxOAg/HQL6X4rMh35XzkeEQNsymrmgusSOWGE0C74yBlUlgLAbGk8DyGNiYBP59eR6YSAJfj4Ew3byt/ny5vSsAAMDzkM+zeprvhnSed6i7VYaOVhkGW2XobJWhr1WGulHE+/fFDD3JySsdpUw9aa0DSS2VDPFi+Cfcr0qG8I3mnGnBStPx/IPifIOO5gz/dtnrv33erlXtX/9/vL35/2Dzbdb6w3H+P3f9vyzwSOzex+Kp4ytj4LsXNwfyHQMPx8nubUVVE3mJfNJ+WyyxMQZWJoEdMbAxCWy+Ig8cPKM5kM+0i8ZvLhqfzkuUAgAAAPCCizsI4m6aOP//0/+++3MH/uHav64rV5n/b2xv/h/bW1Zu7Jai1uUhfLFjrjdFYPVQFoj7MYbiz+NXDIVwWmkHR1FiajAr0Zs0HB4ayH6h3ptWdf9AtsZAvH/lkQcfONBI3DEQwrmlvS9FG9/uy9oYSAPn9WaBwTSwvTsLxD0/ReBLnVkATlqxVzC+oPJTXQqj85eref29VK4Jmg6vsg90nnzz/eZqsfSlD+T7VAsn9rRVqmNRVN4eh73bluK7bdS7rfxFKv+Gcmwu1Bc6J6e2brluZnd8pPxL1opFep7Lv1JtJ70Ar8N9z7+3rfWlHRhPPj7G5y83/+uwI1b37J3vuf6sybfceOv2c55Y+74LjrbdjRrxh8Lv/uTLRsubd7H1hfw1t+Q+TyZ8nizFfwMrPW2NGexTv//V//jp4z+ri1fm/xPtzf+7k9tZz8aNuWskhNeXNu6jcfP/8kj2OVgKZJ+Sp1cD2SH37w3XfnICAADAQit2dxT7C6bz2+yE8HSeXM0/cYL54/6KjfPmb7ffW29+aP8P/+6Or9TFK/P/zcef//cn3XT83/F/Fonj//M61XdF96cP7DupXdGV6lgUjv/P61R/tzn+Py/H/x3/n4/j/y04/j+vU/1pq3xL2uFLVwjh6++/8+33bP+18+rilfn/jvbm/9b/m3/RvmL9v8116//tqFv/b5/1/wAAgEVVs9BcOs+rrN5XyZCu3lfJ0HKBwJZLDFr/74TX/3vrO//3+mOvuGRnqFGZ/+9rb/4fXw7Lyq0vlfX/Vl5RU9XtMbDDwoAAAACciup2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDievcvPLl8029eOF0X//4ZN3x478Cl931064GjmzZtOBJClrUjC3cMrui68JsDlz22f+fnz53qv/9AX16uJ789uyl3rPW54RAOlh4Ziomnhht35gJXvuPePd2NxKPDIZxTDmzbv+20RuLTwyGcXw48sGnVGY3E/rTEV75z6Q8aifengbetftkzjcRFeaAj7e4nl2fd7Ui7e2B5CCOlQNHdX1/eXFXRxmV5oDNt4zNDWRsxMBSLfnwoayMGZmKJ6f4Q1nSH0JVW9bW+rKqutKq/6Muq6kqr+q2+EC4KIXSnVX2nN6uqOx353/ZmVcXAma/97NPnNRIHe0NYUw489t67NjQSH0oCRePv6g3h1Y2XTNr4fT1Z4z1p43f0hPCqEEJvWuI/u7MSvWmJJ7pDOL0UKBr/YHcIewIvCfHDZ7L84K49e7dtmZmZ2rmIid68rYGwdXpmauyq7TOTfUmf6nSU0sduOn78eI4+feNVjdt7Lh8baSfdnZfrme3yup6mu+sXqvftOtHex34NliuZez4q9cf8vWFZ6L9u19TOsRu27N69c232t93s67K/XXk021ZrF2pbdbYoHz3fbXV+uZI1u6/ZsWbXnr2rp6/ZcvXU1VPXvmF83fi69eMb3nThmsaoxrO/CzHUu44fX4yhvrK7VMkL8QEgISGx1BKdTZ9u46f6P73KF/25jvaEvtkP6Mq0opylY3aUCzHoS6rxrkUadGVKUhnR2srEoZJlXess6yuTibksA1mW2e91lclhuabO2U0a73eGsbHazTLafLe8eX88z+Zt1+P5pms3DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/B87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3DqNnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBSAAAA//+3Rsqd") r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) ioctl$BTRFS_IOC_SNAP_CREATE(r1, 0x9408, 0x0) 01:46:43 executing program 0: openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0xc41, 0x0) 01:46:43 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0x0) setxattr$trusted_overlay_upper(&(0x7f0000002440)='./file0\x00', &(0x7f0000002480), 0x0, 0x0, 0x1) 01:46:43 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@bloom_filter={0x1e, 0x0, 0x3, 0x4}, 0x48) 01:46:43 executing program 1: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = dup(r0) mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:46:43 executing program 5: select(0x40, &(0x7f0000001000), 0x0, &(0x7f0000001080)={0x81}, 0x0) [ 408.402999][ T6665] 140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 408.456966][ T6665] 140548097556480-140548097601535: 0000000000000000 [ 408.465040][ T6665] 140548097601536-140548097605631: ffff88806b3de460 [ 408.474145][ T6665] 140548097605632-140548097736703: ffff88806b3de380 01:46:43 executing program 4: syz_usb_connect(0x0, 0x2d, &(0x7f0000000680)={{0x12, 0x1, 0x0, 0xad, 0xef, 0x64, 0x8, 0x1a72, 0x1002, 0xd273, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0xe9, 0xea, 0x7e, 0x0, [], [{{0x9, 0x5, 0x2, 0x0, 0x40, 0x1, 0x0, 0x80}}]}}]}}]}}, 0x0) 01:46:43 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./bus\x00', 0x2, &(0x7f0000000100)={[{@shortname_winnt}, {@uni_xlate}, {}, {@rodir}, {@shortname_lower}, {@iocharset={'iocharset', 0x3d, 'macromanian'}}, {@shortname_winnt}, {@rodir}, {@utf8no}, {@iocharset={'iocharset', 0x3d, 'macturkish'}}, {@utf8no}, {@iocharset={'iocharset', 0x3d, 'iso8859-2'}}, {@rodir}, {@rodir}, {@shortname_mixed}, {@fat=@check_strict}]}, 0x82, 0x25e, &(0x7f0000000580)="$eJzs3b9rU2sYB/AnTW6bW7ikw4Vyyx3iKEhoK+6VoiAUFCT4Y7LYitJEwUKgIm03Z8FRJ3cd/QMcRNwcXFWQqrjo1qFwJD1pakrSFml7iv18hvbhnPM97/uSF84bSN5c+78+N5OLiB8rUSzmojAxORGruRiKvshHajkAgD/JapLE9ySVdV8AgIPh+Q8AR88un/8XDrBLAMA+8/4fAI6ei1eubnzCrxhRf9CoNqrp//T86RtxK2oxuxxRirWIdKGQrhaaf8+emzozWm76PBTV+lIrv9So5jvyMRalGGrlk878WDm1nr/fTNVzjepfMdjKvx+M2RiPUvzbPT/+a77V/sb42u1XohRvr8edqMVMNLOb+cWxcnny/FS5s/8D69dtx4IJAAAAAAAAAAAAAAAAAAAAAIDfVSm3dd2/p1LpdT7Nt/fXGY1SrCUD3fbnGe2yP0+jWoiRQrZjBwAAAAAAAAAAAAAAAAAAgMNifqE/pmu12bvzC/fmehW3Xz97+Xdsf02zKO5wn7RIkrTp9pEkH7Fjas+Lf459eryXN8xFFqPoXTRfr8hF7E8Tr1Zu/ndyfvhUx6njJ0qXPjx6+jWLIXfMqB7FdP7dt8sjD9/sbevPtx7pPxwTYEsx/GRi+sXixy+7nj8AAAAAAAAAAAAAAAAAAMAB2/zSb9Y9AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDsbP7+/0bRFxGdR3oUucLO16wXWY8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB+BgAA//+v555g") open(&(0x7f0000000000)='./file0\x00', 0x1990c0, 0x0) [ 408.519580][ T6665] 140548097736704-140735437164543: 0000000000000000 01:46:43 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000100)={'tunl0\x00', &(0x7f0000000000)={'erspan0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @private=0xa010100, @empty}}}}) 01:46:43 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000f40)={0x1ec, r1, 0x1, 0x0, 0x0, {0x1, 0x0, 0x4}, [@WGDEVICE_A_PEERS={0x1c4, 0x8, 0x0, 0x1, [{0x30, 0x0, 0x0, 0x1, [@WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @b_g}]}, {0x190, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e24, @multicast2}}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e21, 0xfff, @ipv4={'\x00', '\xff\xff', @loopback}, 0x1}}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6}, @WGPEER_A_PUBLIC_KEY={0x24}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "4841716f6948dea02c54d08b2a2bb16cde99e4b8731c544bf9b7b97948d6b474"}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x3}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "1539ea10f102613ed9610a7d8a35e9c717258643c907acb0007b2c3063f5a248"}, @WGPEER_A_ALLOWEDIPS={0xd4, 0x9, 0x0, 0x1, [{0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @local}, {0x5, 0x3, 0x3}}]}, {0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @private=0xa010102}, {0x5, 0x3, 0x1}}]}, {0x70, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5}}]}, {0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @dev}, {0x5}}]}]}]}]}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg2\x00'}]}, 0x1ec}}, 0x0) [ 408.636088][ T6665] 140735437164544-140735437299711: ffff88806b3de0e0 [ 408.644117][ T7166] binder: 7156:7166 ioctl c0306201 20001480 returned -14 [ 408.650271][ T7167] loop0: detected capacity change from 0 to 256 01:46:43 executing program 1: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = dup(r0) mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:46:43 executing program 2: syz_usb_connect(0x0, 0x2d, &(0x7f0000000680)={{0x12, 0x1, 0x0, 0xad, 0xef, 0x64, 0x8, 0x1a72, 0x1002, 0xd273, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0xe9, 0xea, 0x7e, 0x0, [], [{{0x9, 0x5, 0x0, 0x0, 0x40}}]}}]}}]}}, 0x0) [ 408.710630][ T6665] 140735437299712-140735437316095: 0000000000000000 [ 408.776446][ T6665] 140735437316096-140735437332479: ffff88806b3de1c0 [ 408.780695][ T7167] FAT-fs (loop0): Directory bread(block 64) failed [ 408.783436][ T6665] 140735437332480-140735437340671: ffff88806b3de2a0 [ 408.783470][ T6665] 140735437340672-18446744073709551615: 0000000000000000 [ 408.783498][ T6665] Pass: 9294321 Run:9294425 [ 408.783514][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 [ 408.818801][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 408.820452][ T7167] FAT-fs (loop0): Directory bread(block 65) failed [ 408.828860][ T6665] Call Trace: [ 408.828871][ T6665] [ 408.828883][ T6665] dump_stack_lvl+0xd1/0x138 [ 408.828928][ T6665] mt_find.cold+0x8b/0x90 [ 408.828969][ T6665] ? mas_find+0x1d0/0x1d0 [ 408.829026][ T6665] find_vma+0x10c/0x1b0 [ 408.829057][ T6665] ? can_vma_merge_before+0x390/0x390 [ 408.862378][ T7167] FAT-fs (loop0): Directory bread(block 66) failed [ 408.864509][ T6665] ? walk_page_test+0x78/0x180 [ 408.864559][ T6665] walk_page_range+0x2b1/0x4a0 [ 408.872057][ T5176] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 408.875805][ T6665] ? __walk_page_range+0x780/0x780 [ 408.875866][ T6665] mlock_fixup+0x650/0x810 [ 408.875920][ T6665] apply_vma_lock_flags+0x23d/0x350 [ 408.875967][ T6665] ? mlock_fixup+0x810/0x810 [ 408.876030][ T6665] ? __ia32_sys_get_robust_list+0x400/0x400 [ 408.876077][ T6665] do_mlock+0x25a/0x6d0 [ 408.876124][ T6665] ? folio_evictable+0x270/0x270 [ 408.905935][ T7167] FAT-fs (loop0): Directory bread(block 67) failed [ 408.907620][ T6665] ? syscall_enter_from_user_mode+0x26/0xb0 [ 408.907668][ T6665] __x64_sys_mlock+0x59/0x80 [ 408.907698][ T6665] do_syscall_64+0x39/0xb0 [ 408.907741][ T6665] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 408.907776][ T6665] RIP: 0033:0x7fd3e6a8c0c9 [ 408.907800][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 408.907827][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 408.907856][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9 [ 408.907877][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000 [ 408.907895][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000 [ 408.907914][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 408.918974][ T7167] FAT-fs (loop0): Directory bread(block 68) failed [ 408.922844][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000 [ 408.922889][ T6665] [ 409.045720][ T7177] binder: BINDER_SET_CONTEXT_MGR already set [ 409.061896][ T7177] binder: 7172:7177 ioctl 4018620d 20000000 returned -16 [ 409.083155][ T7177] binder: 7172:7177 ioctl c0306201 20001480 returned -14 [ 409.096490][ T6665] index not increased! 20ffb000 <= 20ffb000 [ 409.102436][ T6665] BUG at mt_find:6473 (1) [ 409.109727][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e [ 409.118910][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 409.165783][ T7167] FAT-fs (loop0): Directory bread(block 69) failed [ 409.172845][ T7167] FAT-fs (loop0): Directory bread(block 70) failed [ 409.186060][ T7167] FAT-fs (loop0): Directory bread(block 71) failed [ 409.194736][ T7167] FAT-fs (loop0): Directory bread(block 72) failed [ 409.212301][ T7167] FAT-fs (loop0): Directory bread(block 73) failed [ 409.226623][ T6870] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 409.277536][ T5176] usb 5-1: Using ep0 maxpacket: 8 [ 409.445836][ T6665] 0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d [ 409.511597][ T6665] 0-536866815: 0000000000000000 [ 409.526825][ T6870] usb 3-1: Using ep0 maxpacket: 8 [ 409.534206][ T6665] 536866816-536870911: ffff888022f0e0e0 [ 409.546917][ T6665] 536870912-553627647: ffff888022f0e1c0 [ 409.556144][ T6665] 553627648-553635839: 0000000000000000 [ 409.572264][ T6665] 553635840-553627647: ffff8880272dc9a0 [ 409.581034][ T6665] 553627648-553644031: ffff8880272dc8c0 [ 409.597192][ T5176] usb 5-1: New USB device found, idVendor=1a72, idProduct=1002, bcdDevice=d2.73 [ 409.606270][ T5176] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 409.614964][ T6665] 553644032-553648127: ffff88807e16c7e0 [ 409.631706][ T6665] 553648128-553652223: ffff888022f0e2a0 [ 409.637803][ T6665] 553652224-116813594623: 0000000000000000 [ 409.643219][ T7171] loop3: detected capacity change from 0 to 32768 [ 409.643975][ T6665] 116813594624-116817788927: ffff888022f0e380 [ 409.644007][ T6665] 116817788928-93825002663935: 0000000000000000 [ 409.644034][ T6665] 93825002663936-93825002803199: [ 409.664016][ T6870] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 409.679928][ T6665] ffff888022f0e460 [ 409.679945][ T6665] 93825002803200-140548063096831: 0000000000000000 [ 409.679972][ T6665] 140548063096832-140548063100927: ffff888022f0e540 [ 409.680000][ T6665] 140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 [ 409.696794][ T5176] usb 5-1: Product: syz [ 409.699769][ T6665] ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d [ 409.740982][ T5176] usb 5-1: Manufacturer: syz [ 409.761995][ T6665] 140548063100928-140548071489535: ffff888022f0e620 [ 409.762029][ T6665] 140548071489536-140548073586687: ffff888022f0e700 [ 409.762058][ T6665] 140548073586688-140548075683839: ffff888022f0e7e0 [ 409.762087][ T6665] 140548075683840-140548077780991: ffff888022f0e8c0 [ 409.762112][ T6665] 140548077780992-140548079878143: ffff888022f0e9a0 [ 409.762140][ T6665] 140548079878144-140548084072447: ffff888022f0ea80 [ 409.762168][ T6665] 140548084072448-140548084219903: ffff888022f0eb60 [ 409.762196][ T6665] 140548084219904-140548084948991: ffff888022f0ec40 [ 409.762225][ T6665] 140548084948992-140548085284863: ffff888022f0ed20 [ 409.762252][ T6665] 140548085284864-140548085288959: 0000000000000000 [ 409.762279][ T6665] 140548085288960-140548085653503: [ 409.787883][ T5176] usb 5-1: SerialNumber: syz [ 409.823638][ T6665] ffff888022f0ee00 [ 409.844570][ T5176] usb 5-1: config 0 descriptor?? [ 409.849989][ T6665] 140548085653504-140548085690367: [ 409.865104][ T7171] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 409.871078][ T6665] ffff888022f0eee0 [ 409.881013][ T7171] BTRFS info (device loop3): force clearing of disk cache [ 409.888341][ T5176] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected [ 409.891538][ T7171] BTRFS info (device loop3): setting nodatasum [ 409.906473][ T6665] 140548085690368-140548085710847: 0000000000000000 [ 409.907127][ T7171] BTRFS info (device loop3): allowing degraded mounts [ 409.916786][ T6870] usb 3-1: New USB device found, idVendor=1a72, idProduct=1002, bcdDevice=d2.73 [ 409.920897][ T7171] BTRFS info (device loop3): enabling disk space caching [ 409.932436][ T6665] 140548085710848-140548097556479: [ 409.936963][ T7171] BTRFS info (device loop3): disk space caching is enabled [ 409.945120][ T5176] ftdi_sio ttyUSB0: unknown device type: 0xd273 [ 409.952012][ T6665] ffff88806b3de000 [ 409.958790][ T6870] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 409.961993][ T6665] 140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 409.980388][ T6870] usb 3-1: Product: syz [ 410.019434][ T6665] 140548097556480-140548097601535: 0000000000000000 [ 410.019471][ T6665] 140548097601536-140548097605631: ffff88806b3de460 [ 410.019499][ T6665] 140548097605632-140548097736703: ffff88806b3de380 [ 410.019527][ T6665] 140548097736704-140735437164543: 0000000000000000 [ 410.019554][ T6665] 140735437164544-140735437299711: ffff88806b3de0e0 [ 410.019583][ T6665] 140735437299712-140735437316095: 0000000000000000 [ 410.019608][ T6665] 140735437316096-140735437332479: [ 410.041468][ T6870] usb 3-1: Manufacturer: syz [ 410.050451][ T6665] ffff88806b3de1c0 [ 410.053248][ T6870] usb 3-1: SerialNumber: syz [ 410.071338][ T6665] 140735437332480-140735437340671: [ 410.098342][ T6870] usb 3-1: config 0 descriptor?? [ 410.108355][ T6665] ffff88806b3de2a0 [ 410.115312][ T6665] 140735437340672-18446744073709551615: 0000000000000000 [ 410.124211][ T6665] Pass: 9307756 Run:9307861 [ 410.128835][ T5174] usb 5-1: USB disconnect, device number 2 [ 410.128994][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 [ 410.144476][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 410.147030][ T5174] ftdi_sio 5-1:0.0: device disconnected [ 410.154533][ T6665] Call Trace: [ 410.154547][ T6665] [ 410.154559][ T6665] dump_stack_lvl+0xd1/0x138 [ 410.165421][ T6870] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 410.166309][ T6665] mt_find.cold+0x8b/0x90 [ 410.180807][ T6870] ftdi_sio ttyUSB0: unknown device type: 0xd273 [ 410.182652][ T6665] ? mas_find+0x1d0/0x1d0 [ 410.182707][ T6665] find_vma+0x10c/0x1b0 [ 410.197466][ T6665] ? can_vma_merge_before+0x390/0x390 [ 410.202885][ T6665] ? walk_page_test+0x78/0x180 [ 410.204266][ T7171] BTRFS info (device loop3): enabling ssd optimizations [ 410.207677][ T6665] walk_page_range+0x2b1/0x4a0 [ 410.207723][ T6665] ? __walk_page_range+0x780/0x780 [ 410.207785][ T6665] mlock_fixup+0x650/0x810 [ 410.216494][ T7171] BTRFS info (device loop3): auto enabling async discard [ 410.219453][ T6665] apply_vma_lock_flags+0x23d/0x350 [ 410.241263][ T6665] ? mlock_fixup+0x810/0x810 [ 410.245936][ T6665] ? __ia32_sys_get_robust_list+0x400/0x400 [ 410.251887][ T6665] do_mlock+0x25a/0x6d0 [ 410.252845][ T7171] BTRFS info (device loop3): clearing free space tree [ 410.256078][ T6665] ? folio_evictable+0x270/0x270 [ 410.267829][ T6665] ? syscall_enter_from_user_mode+0x26/0xb0 [ 410.273778][ T6665] __x64_sys_mlock+0x59/0x80 [ 410.278402][ T6665] do_syscall_64+0x39/0xb0 [ 410.282871][ T6665] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 410.283935][ T7171] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 410.288778][ T6665] RIP: 0033:0x7fd3e6a8c0c9 [ 410.288804][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 410.288833][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 410.288863][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9 [ 410.288883][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000 [ 410.288902][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000 [ 410.288922][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 410.288938][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000 [ 410.312037][ T7171] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 410.322561][ T6665] [ 410.325946][ T6665] index not increased! 20ffb000 <= 20ffb000 [ 410.374029][ T6870] usb 3-1: USB disconnect, device number 2 [ 410.397296][ T7171] BTRFS info (device loop3): checking UUID tree [ 410.408702][ T6665] BUG at mt_find:6473 (1) [ 410.413196][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e [ 410.414617][ T6870] ftdi_sio 3-1:0.0: device disconnected [ 410.424391][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 01:46:45 executing program 1: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = dup(r0) mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:46:45 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./bus\x00', 0x2, &(0x7f0000000100)={[{@shortname_winnt}, {@uni_xlate}, {}, {@rodir}, {@shortname_lower}, {@iocharset={'iocharset', 0x3d, 'macromanian'}}, {@shortname_winnt}, {@rodir}, {@utf8no}, {@iocharset={'iocharset', 0x3d, 'macturkish'}}, {@utf8no}, {@iocharset={'iocharset', 0x3d, 'iso8859-2'}}, {@rodir}, {@rodir}, {@shortname_mixed}, {@fat=@check_strict}]}, 0x82, 0x25e, &(0x7f0000000580)="$eJzs3b9rU2sYB/AnTW6bW7ikw4Vyyx3iKEhoK+6VoiAUFCT4Y7LYitJEwUKgIm03Z8FRJ3cd/QMcRNwcXFWQqrjo1qFwJD1pakrSFml7iv18hvbhnPM97/uSF84bSN5c+78+N5OLiB8rUSzmojAxORGruRiKvshHajkAgD/JapLE9ySVdV8AgIPh+Q8AR88un/8XDrBLAMA+8/4fAI6ei1eubnzCrxhRf9CoNqrp//T86RtxK2oxuxxRirWIdKGQrhaaf8+emzozWm76PBTV+lIrv9So5jvyMRalGGrlk878WDm1nr/fTNVzjepfMdjKvx+M2RiPUvzbPT/+a77V/sb42u1XohRvr8edqMVMNLOb+cWxcnny/FS5s/8D69dtx4IJAAAAAAAAAAAAAAAAAAAAAIDfVSm3dd2/p1LpdT7Nt/fXGY1SrCUD3fbnGe2yP0+jWoiRQrZjBwAAAAAAAAAAAAAAAAAAgMNifqE/pmu12bvzC/fmehW3Xz97+Xdsf02zKO5wn7RIkrTp9pEkH7Fjas+Lf459eryXN8xFFqPoXTRfr8hF7E8Tr1Zu/ndyfvhUx6njJ0qXPjx6+jWLIXfMqB7FdP7dt8sjD9/sbevPtx7pPxwTYEsx/GRi+sXixy+7nj8AAAAAAAAAAAAAAAAAAMAB2/zSb9Y9AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDsbP7+/0bRFxGdR3oUucLO16wXWY8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB+BgAA//+v555g") open(&(0x7f0000000000)='./file0\x00', 0x1990c0, 0x0) 01:46:45 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000f40)={0x1ec, r1, 0x1, 0x0, 0x0, {0x1, 0x0, 0x4}, [@WGDEVICE_A_PEERS={0x1c4, 0x8, 0x0, 0x1, [{0x30, 0x0, 0x0, 0x1, [@WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @b_g}]}, {0x190, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e24, @multicast2}}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e21, 0xfff, @ipv4={'\x00', '\xff\xff', @loopback}, 0x1}}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6}, @WGPEER_A_PUBLIC_KEY={0x24}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "4841716f6948dea02c54d08b2a2bb16cde99e4b8731c544bf9b7b97948d6b474"}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x3}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "1539ea10f102613ed9610a7d8a35e9c717258643c907acb0007b2c3063f5a248"}, @WGPEER_A_ALLOWEDIPS={0xd4, 0x9, 0x0, 0x1, [{0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @local}, {0x5, 0x3, 0x3}}]}, {0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @private=0xa010102}, {0x5, 0x3, 0x1}}]}, {0x70, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5}}]}, {0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @dev}, {0x5}}]}]}]}]}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg2\x00'}]}, 0x1ec}}, 0x0) 01:46:45 executing program 3: syz_mount_image$btrfs(&(0x7f00000051c0), &(0x7f0000005200)='./file0\x00', 0x1000008, &(0x7f0000000280)={[{@datacow}, {@clear_cache}, {@nodatasum}, {@rescan_uuid_tree}, {}, {@space_cache_v1}]}, 0xfe, 0x51ab, &(0x7f0000005280)="$eJzs3V9oVFceB/Az+aPxDyY+xV32wX1YWcUFWRF2UdggGF2Whdn1YVnYrFlZxT+7JUgDwb5YS2lBxGCgthSKD33pS0mlUFqqBAsthYogVloUW0teWiiESsGXlpK590xmzvVmxlQbq5+PJHfO/d1z7pnhPsx3zLkTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIRwcM3Kv+xaPb2urD7dP3bq6LLt507vP3ljaGjLlRAqtf2VvL5n+66/79+95689scPw37JtX1/ZkFnXz7PGkqads/2af/4TQuhOBujMtzs6G/pW0hOEI8UB53XgZv/o5u7BaxN3zmy8eP3QhuJTZ1bPYk9gseTX1fTctTRQ+92RHFFvN1x6laZLNOufXnA/yZMAAO7JpmptU387mr/FrbePpfWkPZC0x5N2fIcw3thYiGzcJWXzXJvWF2meA1lUWFo6z6Sev/71djXtn7STqHEP82w+NI80PWXzHEnqizVPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIfJqx9euvTcy+u3ldWn+8dOHV22/dzp/SdvDA1tuRJCX21/JStXlv+q8w+fLtt57fiRN36zr+ftk515v7jtajg4fBIf/LE3hL0Nlek47JerQqg2F2rN8FKxcLD24M+xAAAAwKPkF7XfHfV2Fge7m9qVWpqs1P5FWVg8cLN/dHP34LWJO2c2Xrx+aMPCx6uWjDdw1/Hq7b65n0pDMI7xNx1vrh4PPVIYZ37piGme/2zmyVsXJn7777L+hfzfN3/+j6+c/A8AAMCPIf+n48yvVf6/+s7zT3UN7n2vrH8h/69tOmUh/8cZx/zfERaW/wEAAOBh9qDz/0BhnPm1yv/fnZ86f/nb46+U9S/k/03t5f+uxmnHnR/FCR/uDWFTq6kDAAAAJeL/u899tBDzevbJQZrXO2ZGe6d6blwtG6+Q/wfay//d9/2ZAQAAAAv1v7F/Hb8wNn6zrF7I/9X28v/SBz5zAAAAoF37Tvz/3PoNIyvL6oX8P9xe/l+eb/OVD1mn9+NfIUz0htAz+2AkK3wQxv9ULwAAAAD3SczpX41u/f7jwel3y44r5P+R+e//H+90ENf/N93/r7D+v6GQ3fVvqxsDAAAA8DgqruePt8fPvrmg7Pv3213/f+uXO3b9d+c/vig7fyH/H2sv/3c2bu/n9/8BAADAAvzcvv/vn4Vx5tfq/v/fDN36et3hZwfL+hfy/3h7+T9uVzQ+van4+jzTG8Ka2Qf53QRfi6c7nBQmuxsK2Quf9Ngde+SFyaUNhZqRpMfve0P49eyDY0lhdSyMJ4WZVXnhbFK4HAv59VAvvJ4UpuKV9sKqfLpp4a1YyBdYTMYVFCvqSyKSHrfLeswW7trjev3kAAAAj5UYnvMs293cDGmUnay0OmB5qwM6Wh3Q2eqAruSA9MCy/WG4uRD3v7jtd7evPPHm06FEIf+fbS//x5diSbYpW/8f4vr//HsN6+v/h2OhLylMxkI1vWNANZ4jC7sn4jn6qnmPmTX1AgAAADzS4ucCnYs8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5g7/6D7KrqA4Cf/f0jm91FHAFJNYqA6ZDNJjFKK1MC1UFxpi4OdZw60UR2g9ssJCZhICnthEA7U5hUVKa1o0NDHUdpkUY6jlK1pEyBcaRTm7ZMxWhl/EFtaxnGSodSm87be8/d+87dm/dCdiFLP58/9p33vufnfT/2nXvvOxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD/h38ZWPMb+1f89Py6+PfPuOHDewcuve+jWw8c3bRpw5EQJmYf78jCHYMrui785sBlj+3f+flzp/rvP9Cbl8vjYVnjT2d+55ai1uUhfLEjhO40sHooC/Tk94difSuGQjgtzAWKElODWYm04fDQQAgHw1ygqOr+gRCGSoErjzz4wIFG4o6BEM4NIfSlbXy7L2tjIA2c15sFBtPA9u4s8F/HMkXgS51ZAE5afDMUL/pDE80ZRucvV/P661mwjr240uF1xcRofb4fX7LInSrpTR+YOKmnrVIdi6Ly9jjs3bYE3m2V7Xy7p638RSr/hnJsLtQXOientm65bmZ3fKQzjI111dW0SM/z40/feNWJpJfM6zB2YHRBXofP3vme68+afMuNt24/54m177vg6Ml2s27zLra+kL/mlszzGG30ebIE3n6Vb0krfekKIfzcB7tv6vrtI5+qi1fm/6PHn//Hl3O87WzKHWt9bjibm8dHhmLiqeFsbg4AAABLxlLYa/qjs1/xe6s61zxeV19l/r+yveP/8ZB/PpnPRns4hI2ziZtHQjhz9vEscHds7gMjIbxmNjXRHLgkCRwO4azZxKqiqqREfyyxMgk8OZwHNiaBh2NgIgl8OgZuTwK3xMChJHBVDBxOApfGQJhuHsfPD+fjaDswEAObs414KJ6F8JPh2Fqyrb5VVAUAALBA8tlhT/Pd0rkOJ5shTi8PDbTKEM/Ars3Ql9SQzmCLaVVtDd2tauhsVUMx7n3HH36l5o5WNVdOw+hoznDpK/7w/BVfu+ELoUZl/j9+/Pl/3zwd6agc/w/hitm/MXdnHpkp4psnmjIAAAAAJ2HtG2a+9idnv+nNdfHK/H9je+f/x30iXaXM4dG4G2LbSAjjzYGs2jdXA9lR72V5AAAAAJaC4nh8cSx8Or/NTtFO59PV/BMnmD8e+N84b/5fCpOnb/vBUxvq+luZ/0+0d/7/YPNt1omHYy8+NhJCfynwSOxlIzBrZQx89+LmQD7+h+MGuC1WlZ+YUFR1WyyxOQbGk8DBuhLfKEqc2RzIn6yi8ZuLcUznJUoBAAAAeMHF3QHxuHw8///Ctd/70KaP7/1cXbnK/H/ziZ3/PzsPrpzeP7MshDXdIXSlPwx4dDBbGDAGhjryxFcHs7q60qpuGgzhosbA0qqeyNf/707XGDwykFUVA2e+9rNPn9dIfGoghDXlwGPvvWt2x8juJFA0/qsDIby6Mdq08S/0Z433pI3/QX8IryoFiqo+0B9Co7HetKoH+/LrGKRV/VlfCKeXAkVVb+wLYU8AYImK/0onyw/u2rN325aZmamdi5iI+/AHwtbpmamxq7bPTPbV9Gky6XPTMkY3VcfU2ebYj+ZLFN1z+dhIO+nid4Lj5b7k+/ErJw7m9+N3oZ7Zca7rabq7Ph3y68+pNpEO6cUY8mC5krknsVJ/zN8bloX+63ZN7Ry7Ycvu3TvXZn/bzb4u+xsPM2Xbam26rQbn61sbL492F0N/vtuq6TJXa3Zfs2PNrj17V09fs+Xqqaunrn3D+LrxdevHN7zpwjWNUY1nf1sM9fz5qk6Geuyu6hDavQbU8x3qK7tLlbwQnxoSEhJLLbHl4q/+5b1nfWJZ3cdPZf6/4/jz//ipEz/58/UZ6o7/j8bD/Nnjc4f5N8fAwXaP/4/WHc0vTgxYmQT2xcA+h/kBAAB4aYi7G+PezLhXuuem1WN//MlHnqwrV5n/72vv9/8LtP5/sXT95XXL/K+KJcbr1v9Pl/kv1v/fV7f+f7rMf7H+/8EXYf3/64pAskl+Yv1/AADgpeCFW/+/5fL+6QUCKhlaLu+fXiCgkqHlMv7tXiDghNf/f/tzr+u55iOvviXUqMz/b29v/m/hfgAAADh13HVkQ8eD//o/D9XFK/P/g+3N/1/49f9C3fn/K+sCE3ULA1r/DwAAgCWqbv2/9a/78ebP/WzFD+vKVeb/h9qb/8fTLjqbcsdanxvO1rQL6Zp2Tw0XPxkAAACApaEzjI21u6Jp08qolzz/Nh/PlwI9Xrrsr758zT8+8tb39tfVV5n/H25v/t/0u4xn73zP9WdNvuXG527dfs4Ta993wdG54/8AAADA4ml3vwQAAAAAAAAAAAAAAPDie3rv5Lv++ew7P1MXr/z+P1wx+3jd7//jdf/i7wte3pQ71tp6/b/8/pXvuHfP7JKFjw6HcE45sG3/ttNCfm3+88uBBzatOqOR2J+W+Mp3Lv1BI/H+NPC21S97ppG4KAlsjosknpUG4lUVn1meBOLyin+fBuL2OJQGevPA7y7PxtGRbqsfDWXbqiPdVo8PhTBSChTb6otDWRsd6QDvSALFAD+UBuIAfyUPdKa9undZ1qsYGIpF/2hZ1isAAE5Z8VtgT9g6PTM1Hr/Cx9tXdjffRk1Llt1UrbajzeaP5kuT3XP52Eg76a70u+jctcZ7Ql9jCGsrX1fLWTpmR7kwtbTYdC+vGXKr1d7a/XX2iW663voRDWQjGrtq+8xkT8uBr2+dZV13yyxrK5OdcpbO2U3aRi1t9KWNEbW5bdrocrzfGcbGupJcvxiDo6HJQr0iyuv81b0Kynn2Tb7xb75x7Nihuvoq8//R9ub/feVxPZNfDGBfvLLezSMhnNnmiAAAAIB2fevL/7Ru+yd+55709ort1956weCPLq4rV5n/r2xv/h93jOWHgrO9HYfj9f+L+f9oFrg7NveBkRBeM5uaiCWyC+pfHkuMZ4G74w6TVbHE5onmqvpj4FASeHI4DxxOAg/HQL6X4rMh35XzkeEQNsymrmgusSOWGE0C74yBlUlgLAbGk8DyGNiYBP59eR6YSAJfj4Ew3byt/ny5vSsAAMDzkM+zeprvhnSed6i7VYaOVhkGW2XobJWhr1WGulHE+/fFDD3JySsdpUw9aa0DSS2VDPFi+Cfcr0qG8I3mnGnBStPx/IPifIOO5gz/dtnrv33erlXtX/9/vL35/2Dzbdb6w3H+P3f9vyzwSOzex+Kp4ytj4LsXNwfyHQMPx8nubUVVE3mJfNJ+WyyxMQZWJoEdMbAxCWy+Ig8cPKM5kM+0i8ZvLhqfzkuUAgAAAPCCizsI4m6aOP//0/+++3MH/uHav64rV5n/b2xv/h/bW1Zu7Jai1uUhfLFjrjdFYPVQFoj7MYbiz+NXDIVwWmkHR1FiajAr0Zs0HB4ayH6h3ptWdf9AtsZAvH/lkQcfONBI3DEQwrmlvS9FG9/uy9oYSAPn9WaBwTSwvTsLxD0/ReBLnVkATlqxVzC+oPJTXQqj85eref29VK4Jmg6vsg90nnzz/eZqsfSlD+T7VAsn9rRVqmNRVN4eh73bluK7bdS7rfxFKv+Gcmwu1Bc6J6e2brluZnd8pPxL1opFep7Lv1JtJ70Ar8N9z7+3rfWlHRhPPj7G5y83/+uwI1b37J3vuf6sybfceOv2c55Y+74LjrbdjRrxh8Lv/uTLRsubd7H1hfw1t+Q+TyZ8nizFfwMrPW2NGexTv//V//jp4z+ri1fm/xPtzf+7k9tZz8aNuWskhNeXNu6jcfP/8kj2OVgKZJ+Sp1cD2SH37w3XfnICAADAQit2dxT7C6bz2+yE8HSeXM0/cYL54/6KjfPmb7ffW29+aP8P/+6Or9TFK/P/zcef//cn3XT83/F/Fonj//M61XdF96cP7DupXdGV6lgUjv/P61R/tzn+Py/H/x3/n4/j/y04/j+vU/1pq3xL2uFLVwjh6++/8+33bP+18+rilfn/jvbm/9b/m3/RvmL9v8116//tqFv/b5/1/wAAgEVVs9BcOs+rrN5XyZCu3lfJ0HKBwJZLDFr/74TX/3vrO//3+mOvuGRnqFGZ/+9rb/4fXw7Lyq0vlfX/Vl5RU9XtMbDDwoAAAACciup2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDievcvPLl8029eOF0X//4ZN3x478Cl931064GjmzZtOBJClrUjC3cMrui68JsDlz22f+fnz53qv/9AX16uJ789uyl3rPW54RAOlh4Ziomnhht35gJXvuPePd2NxKPDIZxTDmzbv+20RuLTwyGcXw48sGnVGY3E/rTEV75z6Q8aifengbetftkzjcRFeaAj7e4nl2fd7Ui7e2B5CCOlQNHdX1/eXFXRxmV5oDNt4zNDWRsxMBSLfnwoayMGZmKJ6f4Q1nSH0JVW9bW+rKqutKq/6Muq6kqr+q2+EC4KIXSnVX2nN6uqOx353/ZmVcXAma/97NPnNRIHe0NYUw489t67NjQSH0oCRePv6g3h1Y2XTNr4fT1Z4z1p43f0hPCqEEJvWuI/u7MSvWmJJ7pDOL0UKBr/YHcIewIvCfHDZ7L84K49e7dtmZmZ2rmIid68rYGwdXpmauyq7TOTfUmf6nSU0sduOn78eI4+feNVjdt7Lh8baSfdnZfrme3yup6mu+sXqvftOtHex34NliuZez4q9cf8vWFZ6L9u19TOsRu27N69c232t93s67K/XXk021ZrF2pbdbYoHz3fbXV+uZI1u6/ZsWbXnr2rp6/ZcvXU1VPXvmF83fi69eMb3nThmsaoxrO/CzHUu44fX4yhvrK7VMkL8QEgISGx1BKdTZ9u46f6P73KF/25jvaEvtkP6Mq0opylY3aUCzHoS6rxrkUadGVKUhnR2srEoZJlXess6yuTibksA1mW2e91lclhuabO2U0a73eGsbHazTLafLe8eX88z+Zt1+P5pms3DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/B87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3DqNnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBSAAAA//+3Rsqd") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.current\x00', 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000180)=ANY=[], 0x208e24b) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) ioctl$BTRFS_IOC_SNAP_CREATE(r0, 0x9408, 0x0) [ 410.470340][ T6665] 0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d [ 410.561873][ T7198] loop0: detected capacity change from 0 to 256 [ 410.576514][ T7199] binder: 7196:7199 ioctl c0306201 20001480 returned -14 [ 410.583939][ T6665] 0-536866815: 0000000000000000 01:46:45 executing program 1: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0}) r3 = dup(r0) mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:46:45 executing program 4: syz_usb_connect(0x0, 0x2d, &(0x7f0000000680)={{0x12, 0x1, 0x0, 0xad, 0xef, 0x64, 0x8, 0x1a72, 0x1002, 0xd273, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0xe9, 0xea, 0x7e, 0x0, [], [{{0x9, 0x5, 0x2, 0x0, 0x40, 0x1, 0x0, 0x80}}]}}]}}]}}, 0x0) [ 410.613982][ T6665] 536866816-536870911: ffff888022f0e0e0 [ 410.649067][ T6665] 536870912-553627647: ffff888022f0e1c0 01:46:45 executing program 5: bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x5, 0x9, 0x4, 0x7ff}, 0x48) [ 410.724273][ T7198] FAT-fs (loop0): Directory bread(block 64) failed [ 410.751810][ T7198] FAT-fs (loop0): Directory bread(block 65) failed [ 410.765582][ T6665] 553627648-553635839: 0000000000000000 [ 410.777310][ T7205] binder: 7204:7205 unknown command 0 [ 410.788159][ T7198] FAT-fs (loop0): Directory bread(block 66) failed [ 410.800643][ T7205] binder: 7204:7205 ioctl c0306201 20001480 returned -22 [ 410.812442][ T7198] FAT-fs (loop0): Directory bread(block 67) failed [ 410.821096][ T6665] 553635840-553627647: ffff8880272dc9a0 01:46:45 executing program 1: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0}) r3 = dup(r0) mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 410.858978][ T7198] FAT-fs (loop0): Directory bread(block 68) failed [ 410.875922][ T6665] 553627648-553644031: ffff8880272dc8c0 [ 410.886207][ T7198] FAT-fs (loop0): Directory bread(block 69) failed 01:46:45 executing program 2: bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x2, 0x3, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x6}}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) [ 410.913461][ T6665] 553644032-553648127: ffff88807e16c7e0 [ 410.919463][ T7198] FAT-fs (loop0): Directory bread(block 70) failed [ 410.948373][ T7198] FAT-fs (loop0): Directory bread(block 71) failed [ 410.960658][ T6665] 553648128-553652223: ffff888022f0e2a0 [ 410.974488][ T7198] FAT-fs (loop0): Directory bread(block 72) failed 01:46:45 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x7, 0x0, 0x0, 0x0, 0x420}, 0x48) [ 411.008233][ T6665] 553652224-116813594623: 0000000000000000 [ 411.019296][ T7198] FAT-fs (loop0): Directory bread(block 73) failed [ 411.040699][ T7215] binder: 7213:7215 unknown command 0 [ 411.048298][ T6665] 116813594624-116817788927: ffff888022f0e380 [ 411.056607][ T5311] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 411.059552][ T7215] binder: 7213:7215 ioctl c0306201 20001480 returned -22 01:46:45 executing program 2: bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x2, 0x3, &(0x7f00000000c0)=@framed, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) 01:46:46 executing program 5: bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x5, 0x9, 0x4, 0x7ff}, 0x48) [ 411.114813][ T6665] 116817788928-93825002663935: 0000000000000000 [ 411.154726][ T6665] 93825002663936-93825002803199: ffff888022f0e460 01:46:46 executing program 1: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0}) r3 = dup(r0) mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 411.219592][ T6665] 93825002803200-140548063096831: 0000000000000000 [ 411.282591][ T6665] 140548063096832-140548063100927: ffff888022f0e540 [ 411.296471][ T5311] usb 5-1: Using ep0 maxpacket: 8 01:46:46 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./bus\x00', 0x2, &(0x7f0000000100)={[{@shortname_winnt}, {@uni_xlate}, {}, {@rodir}, {@shortname_lower}, {@iocharset={'iocharset', 0x3d, 'macromanian'}}, {@shortname_winnt}, {@rodir}, {@utf8no}, {@iocharset={'iocharset', 0x3d, 'macturkish'}}, {@utf8no}, {@iocharset={'iocharset', 0x3d, 'iso8859-2'}}, {@rodir}, {@rodir}, {@shortname_mixed}, {@fat=@check_strict}]}, 0x82, 0x25e, &(0x7f0000000580)="$eJzs3b9rU2sYB/AnTW6bW7ikw4Vyyx3iKEhoK+6VoiAUFCT4Y7LYitJEwUKgIm03Z8FRJ3cd/QMcRNwcXFWQqrjo1qFwJD1pakrSFml7iv18hvbhnPM97/uSF84bSN5c+78+N5OLiB8rUSzmojAxORGruRiKvshHajkAgD/JapLE9ySVdV8AgIPh+Q8AR88un/8XDrBLAMA+8/4fAI6ei1eubnzCrxhRf9CoNqrp//T86RtxK2oxuxxRirWIdKGQrhaaf8+emzozWm76PBTV+lIrv9So5jvyMRalGGrlk878WDm1nr/fTNVzjepfMdjKvx+M2RiPUvzbPT/+a77V/sb42u1XohRvr8edqMVMNLOb+cWxcnny/FS5s/8D69dtx4IJAAAAAAAAAAAAAAAAAAAAAIDfVSm3dd2/p1LpdT7Nt/fXGY1SrCUD3fbnGe2yP0+jWoiRQrZjBwAAAAAAAAAAAAAAAAAAgMNifqE/pmu12bvzC/fmehW3Xz97+Xdsf02zKO5wn7RIkrTp9pEkH7Fjas+Lf459eryXN8xFFqPoXTRfr8hF7E8Tr1Zu/ndyfvhUx6njJ0qXPjx6+jWLIXfMqB7FdP7dt8sjD9/sbevPtx7pPxwTYEsx/GRi+sXixy+7nj8AAAAAAAAAAAAAAAAAAMAB2/zSb9Y9AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDsbP7+/0bRFxGdR3oUucLO16wXWY8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB+BgAA//+v555g") open(&(0x7f0000000000)='./file0\x00', 0x1990c0, 0x0) 01:46:46 executing program 2: r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000740)={0x6, 0x3, &(0x7f0000000480)=@framed, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000680)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f00000007c0)="d792d55b9faaa2911ef4cff7e1ab154e92ec6086d7c1865a"}, 0x48) [ 411.346101][ T6665] 140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 [ 411.347619][ T7223] binder: 7221:7223 unknown command 0 [ 411.348637][ T6665] ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d [ 411.475239][ T7223] binder: 7221:7223 ioctl c0306201 20001480 returned -22 [ 411.600723][ T7230] loop0: detected capacity change from 0 to 256 [ 411.636682][ T5311] usb 5-1: New USB device found, idVendor=1a72, idProduct=1002, bcdDevice=d2.73 [ 411.645779][ T5311] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 411.650446][ T6665] 140548063100928-140548071489535: ffff888022f0e620 [ 411.676178][ T6665] 140548071489536-140548073586687: ffff888022f0e700 [ 411.687179][ T5311] usb 5-1: Product: syz [ 411.691383][ T5311] usb 5-1: Manufacturer: syz [ 411.700781][ T6665] 140548073586688-140548075683839: ffff888022f0e7e0 [ 411.707597][ T7230] FAT-fs (loop0): Directory bread(block 64) failed [ 411.708329][ T6665] 140548075683840-140548077780991: [ 411.714250][ T7230] FAT-fs (loop0): Directory bread(block 65) failed [ 411.714341][ T7230] FAT-fs (loop0): Directory bread(block 66) failed [ 411.720459][ T6665] ffff888022f0e8c0 [ 411.752175][ T6665] 140548077780992-140548079878143: ffff888022f0e9a0 [ 411.752611][ T5311] usb 5-1: SerialNumber: syz [ 411.769614][ T6665] 140548079878144-140548084072447: ffff888022f0ea80 [ 411.780528][ T5311] usb 5-1: config 0 descriptor?? [ 411.795774][ T7230] FAT-fs (loop0): Directory bread(block 67) failed [ 411.804997][ T7230] FAT-fs (loop0): Directory bread(block 68) failed [ 411.814489][ T7230] FAT-fs (loop0): Directory bread(block 69) failed [ 411.821319][ T7230] FAT-fs (loop0): Directory bread(block 70) failed [ 411.831117][ T5311] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected [ 411.838749][ T7230] FAT-fs (loop0): Directory bread(block 71) failed [ 411.842788][ T6665] 140548084072448-140548084219903: [ 411.851371][ T5311] ftdi_sio ttyUSB0: unknown device type: 0xd273 [ 411.865270][ T6665] ffff888022f0eb60 [ 411.870196][ T7230] FAT-fs (loop0): Directory bread(block 72) failed [ 411.881659][ T6665] 140548084219904-140548084948991: ffff888022f0ec40 [ 411.882983][ T7230] FAT-fs (loop0): Directory bread(block 73) failed [ 411.912522][ T6665] 140548084948992-140548085284863: ffff888022f0ed20 [ 411.946543][ T6665] 140548085284864-140548085288959: 0000000000000000 [ 411.966456][ T6665] 140548085288960-140548085653503: ffff888022f0ee00 [ 411.973458][ T6665] 140548085653504-140548085690367: ffff888022f0eee0 [ 411.983600][ T6665] 140548085690368-140548085710847: 0000000000000000 [ 411.992695][ T6665] 140548085710848-140548097556479: ffff88806b3de000 [ 412.000028][ T6665] 140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 412.053694][ T7208] loop3: detected capacity change from 0 to 32768 [ 412.070635][ T7208] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 412.081152][ T7208] BTRFS info (device loop3): force clearing of disk cache [ 412.088474][ T7208] BTRFS info (device loop3): setting nodatasum [ 412.094943][ T7208] BTRFS info (device loop3): allowing degraded mounts [ 412.104997][ T5311] usb 5-1: USB disconnect, device number 3 [ 412.129216][ T7208] BTRFS info (device loop3): enabling disk space caching [ 412.129719][ T5311] ftdi_sio 5-1:0.0: device disconnected [ 412.151796][ T6665] 140548097556480-140548097601535: 0000000000000000 [ 412.166207][ T6665] 140548097601536-140548097605631: ffff88806b3de460 [ 412.173842][ T7208] BTRFS info (device loop3): disk space caching is enabled [ 412.185407][ T6665] 140548097605632-140548097736703: ffff88806b3de380 [ 412.196793][ T6665] 140548097736704-140735437164543: 0000000000000000 [ 412.203856][ T6665] 140735437164544-140735437299711: ffff88806b3de0e0 [ 412.214104][ T6665] 140735437299712-140735437316095: 0000000000000000 [ 412.221762][ T6665] 140735437316096-140735437332479: ffff88806b3de1c0 [ 412.231004][ T6665] 140735437332480-140735437340671: ffff88806b3de2a0 [ 412.232089][ T7208] BTRFS info (device loop3): enabling ssd optimizations [ 412.238126][ T6665] 140735437340672-18446744073709551615: 0000000000000000 [ 412.238159][ T6665] Pass: 9339734 Run:9339840 [ 412.238174][ T6665] CPU: 0 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 [ 412.238205][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 412.238222][ T6665] Call Trace: [ 412.238230][ T6665] [ 412.238241][ T6665] dump_stack_lvl+0xd1/0x138 [ 412.238287][ T6665] mt_find.cold+0x8b/0x90 [ 412.238329][ T6665] ? mas_find+0x1d0/0x1d0 [ 412.256479][ T7208] BTRFS info (device loop3): auto enabling async discard [ 412.257104][ T6665] find_vma+0x10c/0x1b0 [ 412.268787][ T7208] BTRFS info (device loop3): clearing free space tree [ 412.276898][ T6665] ? can_vma_merge_before+0x390/0x390 [ 412.276940][ T6665] ? walk_page_test+0x78/0x180 [ 412.280357][ T7208] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 412.283155][ T6665] walk_page_range+0x2b1/0x4a0 [ 412.283201][ T6665] ? __walk_page_range+0x780/0x780 [ 412.343976][ T6665] mlock_fixup+0x650/0x810 [ 412.348443][ T6665] apply_vma_lock_flags+0x23d/0x350 [ 412.353686][ T6665] ? mlock_fixup+0x810/0x810 [ 412.358322][ T6665] ? __ia32_sys_get_robust_list+0x400/0x400 [ 412.364247][ T6665] do_mlock+0x25a/0x6d0 [ 412.368437][ T6665] ? folio_evictable+0x270/0x270 [ 412.373422][ T6665] ? syscall_enter_from_user_mode+0x26/0xb0 [ 412.379346][ T6665] __x64_sys_mlock+0x59/0x80 [ 412.383956][ T6665] do_syscall_64+0x39/0xb0 [ 412.388412][ T6665] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 412.394340][ T6665] RIP: 0033:0x7fd3e6a8c0c9 [ 412.398771][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 412.418394][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 412.426825][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9 [ 412.434809][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000 [ 412.442791][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000 [ 412.450770][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 412.458752][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000 [ 412.466752][ T6665] [ 412.475062][ T6665] index not increased! 20ffb000 <= 20ffb000 [ 412.483369][ T6665] BUG at mt_find:6473 (1) [ 412.486432][ T7208] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 412.488026][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e [ 412.506710][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 412.514764][ T7208] BTRFS info (device loop3): checking UUID tree [ 412.550464][ T6665] 0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d [ 412.616945][ T6665] 0-536866815: 0000000000000000 01:46:47 executing program 1: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0}) r3 = dup(r0) mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:46:47 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x12, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x48) [ 412.630360][ T6665] 536866816-536870911: ffff888022f0e0e0 [ 412.647821][ T6665] 536870912-553627647: ffff888022f0e1c0 [ 412.681054][ T7250] binder: 7248:7250 unknown command 0 [ 412.714744][ T6665] 553627648-553635839: 0000000000000000 [ 412.716718][ T7250] binder: 7248:7250 ioctl c0306201 20001480 returned -22 [ 412.782134][ T6665] 553635840-553627647: ffff8880272dc9a0 [ 412.806498][ T6665] 553627648-553644031: ffff8880272dc8c0 [ 412.812506][ T6665] 553644032-553648127: ffff88807e16c7e0 [ 412.819690][ T6665] 553648128-553652223: ffff888022f0e2a0 [ 412.825641][ T6665] 553652224-116813594623: 0000000000000000 01:46:47 executing program 4: r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c) connect$pppl2tp(r0, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x6, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x32) sendmmsg$inet(r0, &(0x7f0000004580)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 01:46:47 executing program 5: bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0xffff, 0x101, 0x300, 0x0, 0x1}, 0x48) 01:46:47 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./bus\x00', 0x2, &(0x7f0000000100)={[{@shortname_winnt}, {@uni_xlate}, {}, {@rodir}, {@shortname_lower}, {@iocharset={'iocharset', 0x3d, 'macromanian'}}, {@shortname_winnt}, {@rodir}, {@utf8no}, {@iocharset={'iocharset', 0x3d, 'macturkish'}}, {@utf8no}, {@iocharset={'iocharset', 0x3d, 'iso8859-2'}}, {@rodir}, {@rodir}, {@shortname_mixed}, {@fat=@check_strict}]}, 0x82, 0x25e, &(0x7f0000000580)="$eJzs3b9rU2sYB/AnTW6bW7ikw4Vyyx3iKEhoK+6VoiAUFCT4Y7LYitJEwUKgIm03Z8FRJ3cd/QMcRNwcXFWQqrjo1qFwJD1pakrSFml7iv18hvbhnPM97/uSF84bSN5c+78+N5OLiB8rUSzmojAxORGruRiKvshHajkAgD/JapLE9ySVdV8AgIPh+Q8AR88un/8XDrBLAMA+8/4fAI6ei1eubnzCrxhRf9CoNqrp//T86RtxK2oxuxxRirWIdKGQrhaaf8+emzozWm76PBTV+lIrv9So5jvyMRalGGrlk878WDm1nr/fTNVzjepfMdjKvx+M2RiPUvzbPT/+a77V/sb42u1XohRvr8edqMVMNLOb+cWxcnny/FS5s/8D69dtx4IJAAAAAAAAAAAAAAAAAAAAAIDfVSm3dd2/p1LpdT7Nt/fXGY1SrCUD3fbnGe2yP0+jWoiRQrZjBwAAAAAAAAAAAAAAAAAAgMNifqE/pmu12bvzC/fmehW3Xz97+Xdsf02zKO5wn7RIkrTp9pEkH7Fjas+Lf459eryXN8xFFqPoXTRfr8hF7E8Tr1Zu/ndyfvhUx6njJ0qXPjx6+jWLIXfMqB7FdP7dt8sjD9/sbevPtx7pPxwTYEsx/GRi+sXixy+7nj8AAAAAAAAAAAAAAAAAAMAB2/zSb9Y9AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDsbP7+/0bRFxGdR3oUucLO16wXWY8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB+BgAA//+v555g") open(&(0x7f0000000000)='./file0\x00', 0x1990c0, 0x0) 01:46:47 executing program 3: syz_mount_image$btrfs(&(0x7f00000051c0), &(0x7f0000005200)='./file0\x00', 0x1000008, &(0x7f0000000280)={[{@datacow}, {@clear_cache}, {@nodatasum}, {@rescan_uuid_tree}, {}, {@space_cache_v1}]}, 0xfe, 0x51ab, &(0x7f0000005280)="$eJzs3V9oVFceB/Az+aPxDyY+xV32wX1YWcUFWRF2UdggGF2Whdn1YVnYrFlZxT+7JUgDwb5YS2lBxGCgthSKD33pS0mlUFqqBAsthYogVloUW0teWiiESsGXlpK590xmzvVmxlQbq5+PJHfO/d1z7pnhPsx3zLkTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIRwcM3Kv+xaPb2urD7dP3bq6LLt507vP3ljaGjLlRAqtf2VvL5n+66/79+95689scPw37JtX1/ZkFnXz7PGkqads/2af/4TQuhOBujMtzs6G/pW0hOEI8UB53XgZv/o5u7BaxN3zmy8eP3QhuJTZ1bPYk9gseTX1fTctTRQ+92RHFFvN1x6laZLNOufXnA/yZMAAO7JpmptU387mr/FrbePpfWkPZC0x5N2fIcw3thYiGzcJWXzXJvWF2meA1lUWFo6z6Sev/71djXtn7STqHEP82w+NI80PWXzHEnqizVPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIfJqx9euvTcy+u3ldWn+8dOHV22/dzp/SdvDA1tuRJCX21/JStXlv+q8w+fLtt57fiRN36zr+ftk515v7jtajg4fBIf/LE3hL0Nlek47JerQqg2F2rN8FKxcLD24M+xAAAAwKPkF7XfHfV2Fge7m9qVWpqs1P5FWVg8cLN/dHP34LWJO2c2Xrx+aMPCx6uWjDdw1/Hq7b65n0pDMI7xNx1vrh4PPVIYZ37piGme/2zmyVsXJn7777L+hfzfN3/+j6+c/A8AAMCPIf+n48yvVf6/+s7zT3UN7n2vrH8h/69tOmUh/8cZx/zfERaW/wEAAOBh9qDz/0BhnPm1yv/fnZ86f/nb46+U9S/k/03t5f+uxmnHnR/FCR/uDWFTq6kDAAAAJeL/u899tBDzevbJQZrXO2ZGe6d6blwtG6+Q/wfay//d9/2ZAQAAAAv1v7F/Hb8wNn6zrF7I/9X28v/SBz5zAAAAoF37Tvz/3PoNIyvL6oX8P9xe/l+eb/OVD1mn9+NfIUz0htAz+2AkK3wQxv9ULwAAAAD3SczpX41u/f7jwel3y44r5P+R+e//H+90ENf/N93/r7D+v6GQ3fVvqxsDAAAA8DgqruePt8fPvrmg7Pv3213/f+uXO3b9d+c/vig7fyH/H2sv/3c2bu/n9/8BAADAAvzcvv/vn4Vx5tfq/v/fDN36et3hZwfL+hfy/3h7+T9uVzQ+van4+jzTG8Ka2Qf53QRfi6c7nBQmuxsK2Quf9Ngde+SFyaUNhZqRpMfve0P49eyDY0lhdSyMJ4WZVXnhbFK4HAv59VAvvJ4UpuKV9sKqfLpp4a1YyBdYTMYVFCvqSyKSHrfLeswW7trjev3kAAAAj5UYnvMs293cDGmUnay0OmB5qwM6Wh3Q2eqAruSA9MCy/WG4uRD3v7jtd7evPPHm06FEIf+fbS//x5diSbYpW/8f4vr//HsN6+v/h2OhLylMxkI1vWNANZ4jC7sn4jn6qnmPmTX1AgAAADzS4ucCnYs8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5g7/6D7KrqA4Cf/f0jm91FHAFJNYqA6ZDNJjFKK1MC1UFxpi4OdZw60UR2g9ssJCZhICnthEA7U5hUVKa1o0NDHUdpkUY6jlK1pEyBcaRTm7ZMxWhl/EFtaxnGSodSm87be8/d+87dm/dCdiFLP58/9p33vufnfT/2nXvvOxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD/h38ZWPMb+1f89Py6+PfPuOHDewcuve+jWw8c3bRpw5EQJmYf78jCHYMrui785sBlj+3f+flzp/rvP9Cbl8vjYVnjT2d+55ai1uUhfLEjhO40sHooC/Tk94difSuGQjgtzAWKElODWYm04fDQQAgHw1ygqOr+gRCGSoErjzz4wIFG4o6BEM4NIfSlbXy7L2tjIA2c15sFBtPA9u4s8F/HMkXgS51ZAE5afDMUL/pDE80ZRucvV/P661mwjr240uF1xcRofb4fX7LInSrpTR+YOKmnrVIdi6Ly9jjs3bYE3m2V7Xy7p638RSr/hnJsLtQXOientm65bmZ3fKQzjI111dW0SM/z40/feNWJpJfM6zB2YHRBXofP3vme68+afMuNt24/54m177vg6Ml2s27zLra+kL/mlszzGG30ebIE3n6Vb0krfekKIfzcB7tv6vrtI5+qi1fm/6PHn//Hl3O87WzKHWt9bjibm8dHhmLiqeFsbg4AAABLxlLYa/qjs1/xe6s61zxeV19l/r+yveP/8ZB/PpnPRns4hI2ziZtHQjhz9vEscHds7gMjIbxmNjXRHLgkCRwO4azZxKqiqqREfyyxMgk8OZwHNiaBh2NgIgl8OgZuTwK3xMChJHBVDBxOApfGQJhuHsfPD+fjaDswEAObs414KJ6F8JPh2Fqyrb5VVAUAALBA8tlhT/Pd0rkOJ5shTi8PDbTKEM/Ars3Ql9SQzmCLaVVtDd2tauhsVUMx7n3HH36l5o5WNVdOw+hoznDpK/7w/BVfu+ELoUZl/j9+/Pl/3zwd6agc/w/hitm/MXdnHpkp4psnmjIAAAAAJ2HtG2a+9idnv+nNdfHK/H9je+f/x30iXaXM4dG4G2LbSAjjzYGs2jdXA9lR72V5AAAAAJaC4nh8cSx8Or/NTtFO59PV/BMnmD8e+N84b/5fCpOnb/vBUxvq+luZ/0+0d/7/YPNt1omHYy8+NhJCfynwSOxlIzBrZQx89+LmQD7+h+MGuC1WlZ+YUFR1WyyxOQbGk8DBuhLfKEqc2RzIn6yi8ZuLcUznJUoBAAAAeMHF3QHxuHw8///Ctd/70KaP7/1cXbnK/H/ziZ3/PzsPrpzeP7MshDXdIXSlPwx4dDBbGDAGhjryxFcHs7q60qpuGgzhosbA0qqeyNf/707XGDwykFUVA2e+9rNPn9dIfGoghDXlwGPvvWt2x8juJFA0/qsDIby6Mdq08S/0Z433pI3/QX8IryoFiqo+0B9Co7HetKoH+/LrGKRV/VlfCKeXAkVVb+wLYU8AYImK/0onyw/u2rN325aZmamdi5iI+/AHwtbpmamxq7bPTPbV9Gky6XPTMkY3VcfU2ebYj+ZLFN1z+dhIO+nid4Lj5b7k+/ErJw7m9+N3oZ7Zca7rabq7Ph3y68+pNpEO6cUY8mC5krknsVJ/zN8bloX+63ZN7Ry7Ycvu3TvXZn/bzb4u+xsPM2Xbam26rQbn61sbL492F0N/vtuq6TJXa3Zfs2PNrj17V09fs+Xqqaunrn3D+LrxdevHN7zpwjWNUY1nf1sM9fz5qk6Geuyu6hDavQbU8x3qK7tLlbwQnxoSEhJLLbHl4q/+5b1nfWJZ3cdPZf6/4/jz//ipEz/58/UZ6o7/j8bD/Nnjc4f5N8fAwXaP/4/WHc0vTgxYmQT2xcA+h/kBAAB4aYi7G+PezLhXuuem1WN//MlHnqwrV5n/72vv9/8LtP5/sXT95XXL/K+KJcbr1v9Pl/kv1v/fV7f+f7rMf7H+/8EXYf3/64pAskl+Yv1/AADgpeCFW/+/5fL+6QUCKhlaLu+fXiCgkqHlMv7tXiDghNf/f/tzr+u55iOvviXUqMz/b29v/m/hfgAAADh13HVkQ8eD//o/D9XFK/P/g+3N/1/49f9C3fn/K+sCE3ULA1r/DwAAgCWqbv2/9a/78ebP/WzFD+vKVeb/h9qb/8fTLjqbcsdanxvO1rQL6Zp2Tw0XPxkAAACApaEzjI21u6Jp08qolzz/Nh/PlwI9Xrrsr758zT8+8tb39tfVV5n/H25v/t/0u4xn73zP9WdNvuXG527dfs4Ta993wdG54/8AAADA4ml3vwQAAAAAAAAAAAAAAPDie3rv5Lv++ew7P1MXr/z+P1wx+3jd7//jdf/i7wte3pQ71tp6/b/8/pXvuHfP7JKFjw6HcE45sG3/ttNCfm3+88uBBzatOqOR2J+W+Mp3Lv1BI/H+NPC21S97ppG4KAlsjosknpUG4lUVn1meBOLyin+fBuL2OJQGevPA7y7PxtGRbqsfDWXbqiPdVo8PhTBSChTb6otDWRsd6QDvSALFAD+UBuIAfyUPdKa9undZ1qsYGIpF/2hZ1isAAE5Z8VtgT9g6PTM1Hr/Cx9tXdjffRk1Llt1UrbajzeaP5kuT3XP52Eg76a70u+jctcZ7Ql9jCGsrX1fLWTpmR7kwtbTYdC+vGXKr1d7a/XX2iW663voRDWQjGrtq+8xkT8uBr2+dZV13yyxrK5OdcpbO2U3aRi1t9KWNEbW5bdrocrzfGcbGupJcvxiDo6HJQr0iyuv81b0Kynn2Tb7xb75x7Nihuvoq8//R9ub/feVxPZNfDGBfvLLezSMhnNnmiAAAAIB2fevL/7Ru+yd+55709ort1956weCPLq4rV5n/r2xv/h93jOWHgrO9HYfj9f+L+f9oFrg7NveBkRBeM5uaiCWyC+pfHkuMZ4G74w6TVbHE5onmqvpj4FASeHI4DxxOAg/HQL6X4rMh35XzkeEQNsymrmgusSOWGE0C74yBlUlgLAbGk8DyGNiYBP59eR6YSAJfj4Ew3byt/ny5vSsAAMDzkM+zeprvhnSed6i7VYaOVhkGW2XobJWhr1WGulHE+/fFDD3JySsdpUw9aa0DSS2VDPFi+Cfcr0qG8I3mnGnBStPx/IPifIOO5gz/dtnrv33erlXtX/9/vL35/2Dzbdb6w3H+P3f9vyzwSOzex+Kp4ytj4LsXNwfyHQMPx8nubUVVE3mJfNJ+WyyxMQZWJoEdMbAxCWy+Ig8cPKM5kM+0i8ZvLhqfzkuUAgAAAPCCizsI4m6aOP//0/+++3MH/uHav64rV5n/b2xv/h/bW1Zu7Jai1uUhfLFjrjdFYPVQFoj7MYbiz+NXDIVwWmkHR1FiajAr0Zs0HB4ayH6h3ptWdf9AtsZAvH/lkQcfONBI3DEQwrmlvS9FG9/uy9oYSAPn9WaBwTSwvTsLxD0/ReBLnVkATlqxVzC+oPJTXQqj85eref29VK4Jmg6vsg90nnzz/eZqsfSlD+T7VAsn9rRVqmNRVN4eh73bluK7bdS7rfxFKv+Gcmwu1Bc6J6e2brluZnd8pPxL1opFep7Lv1JtJ70Ar8N9z7+3rfWlHRhPPj7G5y83/+uwI1b37J3vuf6sybfceOv2c55Y+74LjrbdjRrxh8Lv/uTLRsubd7H1hfw1t+Q+TyZ8nizFfwMrPW2NGexTv//V//jp4z+ri1fm/xPtzf+7k9tZz8aNuWskhNeXNu6jcfP/8kj2OVgKZJ+Sp1cD2SH37w3XfnICAADAQit2dxT7C6bz2+yE8HSeXM0/cYL54/6KjfPmb7ffW29+aP8P/+6Or9TFK/P/zcef//cn3XT83/F/Fonj//M61XdF96cP7DupXdGV6lgUjv/P61R/tzn+Py/H/x3/n4/j/y04/j+vU/1pq3xL2uFLVwjh6++/8+33bP+18+rilfn/jvbm/9b/m3/RvmL9v8116//tqFv/b5/1/wAAgEVVs9BcOs+rrN5XyZCu3lfJ0HKBwJZLDFr/74TX/3vrO//3+mOvuGRnqFGZ/+9rb/4fXw7Lyq0vlfX/Vl5RU9XtMbDDwoAAAACciup2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDievcvPLl8029eOF0X//4ZN3x478Cl931064GjmzZtOBJClrUjC3cMrui68JsDlz22f+fnz53qv/9AX16uJ789uyl3rPW54RAOlh4Ziomnhht35gJXvuPePd2NxKPDIZxTDmzbv+20RuLTwyGcXw48sGnVGY3E/rTEV75z6Q8aifengbetftkzjcRFeaAj7e4nl2fd7Ui7e2B5CCOlQNHdX1/eXFXRxmV5oDNt4zNDWRsxMBSLfnwoayMGZmKJ6f4Q1nSH0JVW9bW+rKqutKq/6Muq6kqr+q2+EC4KIXSnVX2nN6uqOx353/ZmVcXAma/97NPnNRIHe0NYUw489t67NjQSH0oCRePv6g3h1Y2XTNr4fT1Z4z1p43f0hPCqEEJvWuI/u7MSvWmJJ7pDOL0UKBr/YHcIewIvCfHDZ7L84K49e7dtmZmZ2rmIid68rYGwdXpmauyq7TOTfUmf6nSU0sduOn78eI4+feNVjdt7Lh8baSfdnZfrme3yup6mu+sXqvftOtHex34NliuZez4q9cf8vWFZ6L9u19TOsRu27N69c232t93s67K/XXk021ZrF2pbdbYoHz3fbXV+uZI1u6/ZsWbXnr2rp6/ZcvXU1VPXvmF83fi69eMb3nThmsaoxrO/CzHUu44fX4yhvrK7VMkL8QEgISGx1BKdTZ9u46f6P73KF/25jvaEvtkP6Mq0opylY3aUCzHoS6rxrkUadGVKUhnR2srEoZJlXess6yuTibksA1mW2e91lclhuabO2U0a73eGsbHazTLafLe8eX88z+Zt1+P5pms3DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/B87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3DqNnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBSAAAA//+3Rsqd") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.current\x00', 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000180)=ANY=[], 0x208e24b) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) ioctl$BTRFS_IOC_SNAP_CREATE(r0, 0x9408, 0x0) 01:46:47 executing program 2: socket$nl_audit(0x10, 0x3, 0x9) openat$null(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) pkey_mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0xffffffffffffffff) [ 412.846455][ T6665] 116813594624-116817788927: ffff888022f0e380 [ 412.871742][ T7257] loop0: detected capacity change from 0 to 256 01:46:47 executing program 1: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0}) r3 = dup(r0) mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:46:47 executing program 2: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$RTC_UIE_ON(r0, 0x7003) pipe2$watch_queue(0x0, 0x80) [ 412.896379][ T6665] 116817788928-93825002663935: 0000000000000000 [ 412.903074][ T6665] 93825002663936-93825002803199: ffff888022f0e460 [ 412.997866][ T7257] FAT-fs (loop0): Directory bread(block 64) failed [ 413.004465][ T7257] FAT-fs (loop0): Directory bread(block 65) failed [ 413.021012][ T7265] binder: 7263:7265 unknown command 0 [ 413.048655][ T6665] 93825002803200-140548063096831: 0000000000000000 [ 413.062634][ T7265] binder: 7263:7265 ioctl c0306201 20001480 returned -22 [ 413.070159][ T7257] FAT-fs (loop0): Directory bread(block 66) failed [ 413.070205][ T7257] FAT-fs (loop0): Directory bread(block 67) failed [ 413.070288][ T7257] FAT-fs (loop0): Directory bread(block 68) failed [ 413.070327][ T7257] FAT-fs (loop0): Directory bread(block 69) failed 01:46:47 executing program 4: syz_mount_image$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) r0 = open$dir(&(0x7f0000000400)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000001e40)=@v1={0x0, @aes128, 0x0, @desc1}) chdir(&(0x7f0000000000)='./file0\x00') add_key$fscrypt_v1(&(0x7f0000000240), &(0x7f0000000180)={'fscrypt:', @desc1}, &(0x7f0000000100)={0x0, "615a091a55a8c9a640115d99d981b3886420589c6685d4982a83b71b906769e737201ac6cfa7804454156569cbf3a5be811debc957b5831b89b59d743e748c7c", 0x35}, 0x48, 0xffffffffffffffff) r1 = open(&(0x7f0000000300)='./file0\x00', 0x2c0c2, 0x0) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe7712208d387d41c31821c2a22d1325b556528e9b790b74053d1ed631c6ec8126d37c87216173138c00cef396868029af5b76bebac5e38b74d8bbc6ae66b6e202b6d505710377710ea7d43edf00e1a4c1c670bb4c263ce777da81abdd5ba5a5c82f67232f9b4d6f21b2e6afa8b38e4642b0daa2acbc0478d89b88e8b2094d4248855e5e81992e60be3afff0f3c3799350615489a901a659abdeca0c615a622ebf64175f990320e0356d4a11ed62eff72b709c23dd", 0x107) sendfile(r1, r2, 0x0, 0x11f06) 01:46:47 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x0, 0x0, 0x0, 0x0, 0x6, 0x1, 0x10000}, 0x48) [ 413.070408][ T7257] FAT-fs (loop0): Directory bread(block 70) failed [ 413.070445][ T7257] FAT-fs (loop0): Directory bread(block 71) failed [ 413.070531][ T7257] FAT-fs (loop0): Directory bread(block 72) failed [ 413.070568][ T7257] FAT-fs (loop0): Directory bread(block 73) failed 01:46:48 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@bloom_filter, 0x48) [ 413.095091][ T6665] 140548063096832-140548063100927: [ 413.209475][ T7270] syz-executor.4 (pid 7270) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 413.243670][ T6665] ffff888022f0e540 01:46:48 executing program 1: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0}) r3 = dup(r0) mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:46:48 executing program 2: clock_gettime(0x0, &(0x7f0000000180)={0x0}) futex_waitv(&(0x7f0000000140)=[{0x0, 0x0, 0x82}], 0x1, 0x0, &(0x7f0000000240)={r0}, 0x1) 01:46:48 executing program 0: open(&(0x7f0000000000)='./file0\x00', 0x1990c0, 0x0) [ 413.276645][ T6665] 140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d [ 413.422875][ T7278] binder: 7277:7278 unknown command 0 [ 413.468954][ T7278] binder: 7277:7278 ioctl c0306201 20001480 returned -22 [ 413.617756][ T6665] 140548063100928-140548071489535: ffff888022f0e620 [ 413.646526][ T6665] 140548071489536-140548073586687: ffff888022f0e700 [ 413.691004][ T6665] 140548073586688-140548075683839: ffff888022f0e7e0 [ 413.724398][ T6665] 140548075683840-140548077780991: ffff888022f0e8c0 [ 413.752751][ T6665] 140548077780992-140548079878143: ffff888022f0e9a0 [ 413.810537][ T6665] 140548079878144-140548084072447: ffff888022f0ea80 [ 413.851774][ T6665] 140548084072448-140548084219903: ffff888022f0eb60 [ 413.876067][ T6665] 140548084219904-140548084948991: ffff888022f0ec40 [ 413.906828][ T6665] 140548084948992-140548085284863: ffff888022f0ed20 [ 413.939458][ T6665] 140548085284864-140548085288959: 0000000000000000 [ 413.962256][ T6665] 140548085288960-140548085653503: ffff888022f0ee00 [ 413.996646][ T6665] 140548085653504-140548085690367: ffff888022f0eee0 [ 414.008688][ T7259] loop3: detected capacity change from 0 to 32768 [ 414.022206][ T6665] 140548085690368-140548085710847: 0000000000000000 [ 414.039175][ T7274] fscrypt: AES-128-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 414.059298][ T6665] 140548085710848-140548097556479: ffff88806b3de000 [ 414.060585][ T7274] fscrypt (sda1): Missing crypto API support for AES-128-CBC-ESSIV (API name: "essiv(cbc(aes),sha256)") [ 414.066665][ T7259] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 414.111623][ T7259] BTRFS info (device loop3): force clearing of disk cache 01:46:49 executing program 5: r0 = socket$inet6(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000001180)={0xa, 0x4e20}, 0x1c) connect$inet6(r0, &(0x7f00000010c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) getsockopt$bt_hci(r0, 0x84, 0x76, &(0x7f0000002280)=""/4077, &(0x7f0000000100)=0xfed) 01:46:49 executing program 2: msgsnd(0x0, &(0x7f0000000280)=ANY=[@ANYRES8], 0x0, 0x0) [ 414.133533][ T6665] 140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 414.143545][ T7259] BTRFS info (device loop3): setting nodatasum [ 414.237400][ T7259] BTRFS info (device loop3): allowing degraded mounts [ 414.256406][ T7259] BTRFS info (device loop3): enabling disk space caching [ 414.263492][ T7259] BTRFS info (device loop3): disk space caching is enabled [ 414.308218][ T6665] 140548097556480-140548097601535: 0000000000000000 [ 414.340494][ T6665] 140548097601536-140548097605631: ffff88806b3de460 [ 414.355561][ T6665] 140548097605632-140548097736703: ffff88806b3de380 [ 414.364560][ T6665] 140548097736704-140735437164543: 0000000000000000 [ 414.382627][ T6665] 140735437164544-140735437299711: ffff88806b3de0e0 [ 414.394386][ T6665] 140735437299712-140735437316095: 0000000000000000 [ 414.419788][ T6665] 140735437316096-140735437332479: ffff88806b3de1c0 [ 414.435490][ T6665] 140735437332480-140735437340671: ffff88806b3de2a0 [ 414.444430][ T6665] 140735437340672-18446744073709551615: 0000000000000000 [ 414.465259][ T6665] Pass: 9447178 Run:9447285 [ 414.470214][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 [ 414.480063][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 414.490146][ T6665] Call Trace: [ 414.493457][ T6665] [ 414.494030][ T7259] BTRFS info (device loop3): enabling ssd optimizations [ 414.496390][ T6665] dump_stack_lvl+0xd1/0x138 [ 414.496443][ T6665] mt_find.cold+0x8b/0x90 [ 414.496486][ T6665] ? mas_find+0x1d0/0x1d0 [ 414.496539][ T6665] find_vma+0x10c/0x1b0 [ 414.496570][ T6665] ? can_vma_merge_before+0x390/0x390 [ 414.496607][ T6665] ? walk_page_test+0x78/0x180 [ 414.496647][ T6665] walk_page_range+0x2b1/0x4a0 [ 414.525807][ T7259] BTRFS info (device loop3): auto enabling async discard [ 414.526295][ T6665] ? __walk_page_range+0x780/0x780 [ 414.548014][ T6665] mlock_fixup+0x650/0x810 [ 414.552500][ T6665] apply_vma_lock_flags+0x23d/0x350 [ 414.554604][ T7259] BTRFS info (device loop3): clearing free space tree [ 414.557730][ T6665] ? mlock_fixup+0x810/0x810 [ 414.557790][ T6665] ? __ia32_sys_get_robust_list+0x400/0x400 [ 414.557837][ T6665] do_mlock+0x25a/0x6d0 [ 414.557886][ T6665] ? folio_evictable+0x270/0x270 [ 414.557942][ T6665] ? syscall_enter_from_user_mode+0x26/0xb0 [ 414.557985][ T6665] __x64_sys_mlock+0x59/0x80 [ 414.558013][ T6665] do_syscall_64+0x39/0xb0 [ 414.558056][ T6665] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 414.558091][ T6665] RIP: 0033:0x7fd3e6a8c0c9 [ 414.609517][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 414.629150][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 414.637585][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9 [ 414.645568][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000 [ 414.653554][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000 [ 414.661538][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 414.669517][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000 [ 414.677523][ T6665] [ 414.685173][ T7259] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 414.695504][ T6665] index not increased! 20ffb000 <= 20ffb000 [ 414.701643][ T7259] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 414.716039][ T6665] BUG at mt_find:6473 (1) [ 414.717729][ T7259] BTRFS info (device loop3): checking UUID tree [ 414.722020][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e [ 414.741380][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 01:46:49 executing program 3: syz_mount_image$btrfs(&(0x7f00000051c0), &(0x7f0000005200)='./file0\x00', 0x1000008, &(0x7f0000000280)={[{@datacow}, {@clear_cache}, {@nodatasum}, {@rescan_uuid_tree}, {}, {@space_cache_v1}]}, 0xfe, 0x51ab, &(0x7f0000005280)="$eJzs3V9oVFceB/Az+aPxDyY+xV32wX1YWcUFWRF2UdggGF2Whdn1YVnYrFlZxT+7JUgDwb5YS2lBxGCgthSKD33pS0mlUFqqBAsthYogVloUW0teWiiESsGXlpK590xmzvVmxlQbq5+PJHfO/d1z7pnhPsx3zLkTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIRwcM3Kv+xaPb2urD7dP3bq6LLt507vP3ljaGjLlRAqtf2VvL5n+66/79+95689scPw37JtX1/ZkFnXz7PGkqads/2af/4TQuhOBujMtzs6G/pW0hOEI8UB53XgZv/o5u7BaxN3zmy8eP3QhuJTZ1bPYk9gseTX1fTctTRQ+92RHFFvN1x6laZLNOufXnA/yZMAAO7JpmptU387mr/FrbePpfWkPZC0x5N2fIcw3thYiGzcJWXzXJvWF2meA1lUWFo6z6Sev/71djXtn7STqHEP82w+NI80PWXzHEnqizVPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIfJqx9euvTcy+u3ldWn+8dOHV22/dzp/SdvDA1tuRJCX21/JStXlv+q8w+fLtt57fiRN36zr+ftk515v7jtajg4fBIf/LE3hL0Nlek47JerQqg2F2rN8FKxcLD24M+xAAAAwKPkF7XfHfV2Fge7m9qVWpqs1P5FWVg8cLN/dHP34LWJO2c2Xrx+aMPCx6uWjDdw1/Hq7b65n0pDMI7xNx1vrh4PPVIYZ37piGme/2zmyVsXJn7777L+hfzfN3/+j6+c/A8AAMCPIf+n48yvVf6/+s7zT3UN7n2vrH8h/69tOmUh/8cZx/zfERaW/wEAAOBh9qDz/0BhnPm1yv/fnZ86f/nb46+U9S/k/03t5f+uxmnHnR/FCR/uDWFTq6kDAAAAJeL/u899tBDzevbJQZrXO2ZGe6d6blwtG6+Q/wfay//d9/2ZAQAAAAv1v7F/Hb8wNn6zrF7I/9X28v/SBz5zAAAAoF37Tvz/3PoNIyvL6oX8P9xe/l+eb/OVD1mn9+NfIUz0htAz+2AkK3wQxv9ULwAAAAD3SczpX41u/f7jwel3y44r5P+R+e//H+90ENf/N93/r7D+v6GQ3fVvqxsDAAAA8DgqruePt8fPvrmg7Pv3213/f+uXO3b9d+c/vig7fyH/H2sv/3c2bu/n9/8BAADAAvzcvv/vn4Vx5tfq/v/fDN36et3hZwfL+hfy/3h7+T9uVzQ+van4+jzTG8Ka2Qf53QRfi6c7nBQmuxsK2Quf9Ngde+SFyaUNhZqRpMfve0P49eyDY0lhdSyMJ4WZVXnhbFK4HAv59VAvvJ4UpuKV9sKqfLpp4a1YyBdYTMYVFCvqSyKSHrfLeswW7trjev3kAAAAj5UYnvMs293cDGmUnay0OmB5qwM6Wh3Q2eqAruSA9MCy/WG4uRD3v7jtd7evPPHm06FEIf+fbS//x5diSbYpW/8f4vr//HsN6+v/h2OhLylMxkI1vWNANZ4jC7sn4jn6qnmPmTX1AgAAADzS4ucCnYs8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5g7/6D7KrqA4Cf/f0jm91FHAFJNYqA6ZDNJjFKK1MC1UFxpi4OdZw60UR2g9ssJCZhICnthEA7U5hUVKa1o0NDHUdpkUY6jlK1pEyBcaRTm7ZMxWhl/EFtaxnGSodSm87be8/d+87dm/dCdiFLP58/9p33vufnfT/2nXvvOxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD/h38ZWPMb+1f89Py6+PfPuOHDewcuve+jWw8c3bRpw5EQJmYf78jCHYMrui785sBlj+3f+flzp/rvP9Cbl8vjYVnjT2d+55ai1uUhfLEjhO40sHooC/Tk94difSuGQjgtzAWKElODWYm04fDQQAgHw1ygqOr+gRCGSoErjzz4wIFG4o6BEM4NIfSlbXy7L2tjIA2c15sFBtPA9u4s8F/HMkXgS51ZAE5afDMUL/pDE80ZRucvV/P661mwjr240uF1xcRofb4fX7LInSrpTR+YOKmnrVIdi6Ly9jjs3bYE3m2V7Xy7p638RSr/hnJsLtQXOientm65bmZ3fKQzjI111dW0SM/z40/feNWJpJfM6zB2YHRBXofP3vme68+afMuNt24/54m177vg6Ml2s27zLra+kL/mlszzGG30ebIE3n6Vb0krfekKIfzcB7tv6vrtI5+qi1fm/6PHn//Hl3O87WzKHWt9bjibm8dHhmLiqeFsbg4AAABLxlLYa/qjs1/xe6s61zxeV19l/r+yveP/8ZB/PpnPRns4hI2ziZtHQjhz9vEscHds7gMjIbxmNjXRHLgkCRwO4azZxKqiqqREfyyxMgk8OZwHNiaBh2NgIgl8OgZuTwK3xMChJHBVDBxOApfGQJhuHsfPD+fjaDswEAObs414KJ6F8JPh2Fqyrb5VVAUAALBA8tlhT/Pd0rkOJ5shTi8PDbTKEM/Ars3Ql9SQzmCLaVVtDd2tauhsVUMx7n3HH36l5o5WNVdOw+hoznDpK/7w/BVfu+ELoUZl/j9+/Pl/3zwd6agc/w/hitm/MXdnHpkp4psnmjIAAAAAJ2HtG2a+9idnv+nNdfHK/H9je+f/x30iXaXM4dG4G2LbSAjjzYGs2jdXA9lR72V5AAAAAJaC4nh8cSx8Or/NTtFO59PV/BMnmD8e+N84b/5fCpOnb/vBUxvq+luZ/0+0d/7/YPNt1omHYy8+NhJCfynwSOxlIzBrZQx89+LmQD7+h+MGuC1WlZ+YUFR1WyyxOQbGk8DBuhLfKEqc2RzIn6yi8ZuLcUznJUoBAAAAeMHF3QHxuHw8///Ctd/70KaP7/1cXbnK/H/ziZ3/PzsPrpzeP7MshDXdIXSlPwx4dDBbGDAGhjryxFcHs7q60qpuGgzhosbA0qqeyNf/707XGDwykFUVA2e+9rNPn9dIfGoghDXlwGPvvWt2x8juJFA0/qsDIby6Mdq08S/0Z433pI3/QX8IryoFiqo+0B9Co7HetKoH+/LrGKRV/VlfCKeXAkVVb+wLYU8AYImK/0onyw/u2rN325aZmamdi5iI+/AHwtbpmamxq7bPTPbV9Gky6XPTMkY3VcfU2ebYj+ZLFN1z+dhIO+nid4Lj5b7k+/ErJw7m9+N3oZ7Zca7rabq7Ph3y68+pNpEO6cUY8mC5krknsVJ/zN8bloX+63ZN7Ry7Ycvu3TvXZn/bzb4u+xsPM2Xbam26rQbn61sbL492F0N/vtuq6TJXa3Zfs2PNrj17V09fs+Xqqaunrn3D+LrxdevHN7zpwjWNUY1nf1sM9fz5qk6Geuyu6hDavQbU8x3qK7tLlbwQnxoSEhJLLbHl4q/+5b1nfWJZ3cdPZf6/4/jz//ipEz/58/UZ6o7/j8bD/Nnjc4f5N8fAwXaP/4/WHc0vTgxYmQT2xcA+h/kBAAB4aYi7G+PezLhXuuem1WN//MlHnqwrV5n/72vv9/8LtP5/sXT95XXL/K+KJcbr1v9Pl/kv1v/fV7f+f7rMf7H+/8EXYf3/64pAskl+Yv1/AADgpeCFW/+/5fL+6QUCKhlaLu+fXiCgkqHlMv7tXiDghNf/f/tzr+u55iOvviXUqMz/b29v/m/hfgAAADh13HVkQ8eD//o/D9XFK/P/g+3N/1/49f9C3fn/K+sCE3ULA1r/DwAAgCWqbv2/9a/78ebP/WzFD+vKVeb/h9qb/8fTLjqbcsdanxvO1rQL6Zp2Tw0XPxkAAACApaEzjI21u6Jp08qolzz/Nh/PlwI9Xrrsr758zT8+8tb39tfVV5n/H25v/t/0u4xn73zP9WdNvuXG527dfs4Ta993wdG54/8AAADA4ml3vwQAAAAAAAAAAAAAAPDie3rv5Lv++ew7P1MXr/z+P1wx+3jd7//jdf/i7wte3pQ71tp6/b/8/pXvuHfP7JKFjw6HcE45sG3/ttNCfm3+88uBBzatOqOR2J+W+Mp3Lv1BI/H+NPC21S97ppG4KAlsjosknpUG4lUVn1meBOLyin+fBuL2OJQGevPA7y7PxtGRbqsfDWXbqiPdVo8PhTBSChTb6otDWRsd6QDvSALFAD+UBuIAfyUPdKa9undZ1qsYGIpF/2hZ1isAAE5Z8VtgT9g6PTM1Hr/Cx9tXdjffRk1Llt1UrbajzeaP5kuT3XP52Eg76a70u+jctcZ7Ql9jCGsrX1fLWTpmR7kwtbTYdC+vGXKr1d7a/XX2iW663voRDWQjGrtq+8xkT8uBr2+dZV13yyxrK5OdcpbO2U3aRi1t9KWNEbW5bdrocrzfGcbGupJcvxiDo6HJQr0iyuv81b0Kynn2Tb7xb75x7Nihuvoq8//R9ub/feVxPZNfDGBfvLLezSMhnNnmiAAAAIB2fevL/7Ru+yd+55709ort1956weCPLq4rV5n/r2xv/h93jOWHgrO9HYfj9f+L+f9oFrg7NveBkRBeM5uaiCWyC+pfHkuMZ4G74w6TVbHE5onmqvpj4FASeHI4DxxOAg/HQL6X4rMh35XzkeEQNsymrmgusSOWGE0C74yBlUlgLAbGk8DyGNiYBP59eR6YSAJfj4Ew3byt/ny5vSsAAMDzkM+zeprvhnSed6i7VYaOVhkGW2XobJWhr1WGulHE+/fFDD3JySsdpUw9aa0DSS2VDPFi+Cfcr0qG8I3mnGnBStPx/IPifIOO5gz/dtnrv33erlXtX/9/vL35/2Dzbdb6w3H+P3f9vyzwSOzex+Kp4ytj4LsXNwfyHQMPx8nubUVVE3mJfNJ+WyyxMQZWJoEdMbAxCWy+Ig8cPKM5kM+0i8ZvLhqfzkuUAgAAAPCCizsI4m6aOP//0/+++3MH/uHav64rV5n/b2xv/h/bW1Zu7Jai1uUhfLFjrjdFYPVQFoj7MYbiz+NXDIVwWmkHR1FiajAr0Zs0HB4ayH6h3ptWdf9AtsZAvH/lkQcfONBI3DEQwrmlvS9FG9/uy9oYSAPn9WaBwTSwvTsLxD0/ReBLnVkATlqxVzC+oPJTXQqj85eref29VK4Jmg6vsg90nnzz/eZqsfSlD+T7VAsn9rRVqmNRVN4eh73bluK7bdS7rfxFKv+Gcmwu1Bc6J6e2brluZnd8pPxL1opFep7Lv1JtJ70Ar8N9z7+3rfWlHRhPPj7G5y83/+uwI1b37J3vuf6sybfceOv2c55Y+74LjrbdjRrxh8Lv/uTLRsubd7H1hfw1t+Q+TyZ8nizFfwMrPW2NGexTv//V//jp4z+ri1fm/xPtzf+7k9tZz8aNuWskhNeXNu6jcfP/8kj2OVgKZJ+Sp1cD2SH37w3XfnICAADAQit2dxT7C6bz2+yE8HSeXM0/cYL54/6KjfPmb7ffW29+aP8P/+6Or9TFK/P/zcef//cn3XT83/F/Fonj//M61XdF96cP7DupXdGV6lgUjv/P61R/tzn+Py/H/x3/n4/j/y04/j+vU/1pq3xL2uFLVwjh6++/8+33bP+18+rilfn/jvbm/9b/m3/RvmL9v8116//tqFv/b5/1/wAAgEVVs9BcOs+rrN5XyZCu3lfJ0HKBwJZLDFr/74TX/3vrO//3+mOvuGRnqFGZ/+9rb/4fXw7Lyq0vlfX/Vl5RU9XtMbDDwoAAAACciup2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDievcvPLl8029eOF0X//4ZN3x478Cl931064GjmzZtOBJClrUjC3cMrui68JsDlz22f+fnz53qv/9AX16uJ789uyl3rPW54RAOlh4Ziomnhht35gJXvuPePd2NxKPDIZxTDmzbv+20RuLTwyGcXw48sGnVGY3E/rTEV75z6Q8aifengbetftkzjcRFeaAj7e4nl2fd7Ui7e2B5CCOlQNHdX1/eXFXRxmV5oDNt4zNDWRsxMBSLfnwoayMGZmKJ6f4Q1nSH0JVW9bW+rKqutKq/6Muq6kqr+q2+EC4KIXSnVX2nN6uqOx353/ZmVcXAma/97NPnNRIHe0NYUw489t67NjQSH0oCRePv6g3h1Y2XTNr4fT1Z4z1p43f0hPCqEEJvWuI/u7MSvWmJJ7pDOL0UKBr/YHcIewIvCfHDZ7L84K49e7dtmZmZ2rmIid68rYGwdXpmauyq7TOTfUmf6nSU0sduOn78eI4+feNVjdt7Lh8baSfdnZfrme3yup6mu+sXqvftOtHex34NliuZez4q9cf8vWFZ6L9u19TOsRu27N69c232t93s67K/XXk021ZrF2pbdbYoHz3fbXV+uZI1u6/ZsWbXnr2rp6/ZcvXU1VPXvmF83fi69eMb3nThmsaoxrO/CzHUu44fX4yhvrK7VMkL8QEgISGx1BKdTZ9u46f6P73KF/25jvaEvtkP6Mq0opylY3aUCzHoS6rxrkUadGVKUhnR2srEoZJlXess6yuTibksA1mW2e91lclhuabO2U0a73eGsbHazTLafLe8eX88z+Zt1+P5pms3DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/B87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3DqNnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBSAAAA//+3Rsqd") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.current\x00', 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000180)=ANY=[], 0x208e24b) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) ioctl$BTRFS_IOC_SNAP_CREATE(r0, 0x9408, 0x0) 01:46:49 executing program 0: open(&(0x7f0000000000)='./file0\x00', 0x1990c0, 0x0) 01:46:49 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x40, r2, 0x1f, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME={0x24, 0x33, @action={@with_ht={{{}, {}, @broadcast, @device_a, @random="2f110eb97d77"}}, @sa_query_req}}]}, 0x40}}, 0x0) 01:46:49 executing program 1: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0563"], 0x0, 0x0, 0x0}) r3 = dup(r0) mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:46:49 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r1) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)={0x28, r2, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_TAGLST={0x4}, @NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}]}, 0x28}}, 0x0) 01:46:49 executing program 5: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r1) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)={0x24, r2, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x3}]}, 0x24}}, 0x0) [ 414.779772][ T6665] 0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d [ 414.834205][ T6665] 0-536866815: 0000000000000000 [ 414.861396][ T6665] 536866816-536870911: ffff888022f0e0e0 01:46:49 executing program 0: open(&(0x7f0000000000)='./file0\x00', 0x1990c0, 0x0) 01:46:49 executing program 4: syz_mount_image$fuse(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) open$dir(&(0x7f0000000180)='./file0\x00', 0x101000, 0x100) [ 414.890372][ T6665] 536870912-553627647: ffff888022f0e1c0 [ 414.919347][ T7324] binder: 7320:7324 unknown command 25349 01:46:49 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000b80)={0xffffffffffffffff}) getpeername(r0, 0x0, 0x0) [ 414.989193][ T6665] 553627648-553635839: 0000000000000000 [ 414.998185][ T7324] binder: 7320:7324 ioctl c0306201 20001480 returned -22 01:46:49 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./bus\x00', 0x2, &(0x7f0000000100)={[{@shortname_winnt}, {@uni_xlate}, {}, {@rodir}, {@shortname_lower}, {@iocharset={'iocharset', 0x3d, 'macromanian'}}, {@shortname_winnt}, {@rodir}, {@utf8no}, {@iocharset={'iocharset', 0x3d, 'macturkish'}}, {@utf8no}, {@iocharset={'iocharset', 0x3d, 'iso8859-2'}}, {@rodir}, {@rodir}, {@shortname_mixed}, {@fat=@check_strict}]}, 0x82, 0x25e, &(0x7f0000000580)="$eJzs3b9rU2sYB/AnTW6bW7ikw4Vyyx3iKEhoK+6VoiAUFCT4Y7LYitJEwUKgIm03Z8FRJ3cd/QMcRNwcXFWQqrjo1qFwJD1pakrSFml7iv18hvbhnPM97/uSF84bSN5c+78+N5OLiB8rUSzmojAxORGruRiKvshHajkAgD/JapLE9ySVdV8AgIPh+Q8AR88un/8XDrBLAMA+8/4fAI6ei1eubnzCrxhRf9CoNqrp//T86RtxK2oxuxxRirWIdKGQrhaaf8+emzozWm76PBTV+lIrv9So5jvyMRalGGrlk878WDm1nr/fTNVzjepfMdjKvx+M2RiPUvzbPT/+a77V/sb42u1XohRvr8edqMVMNLOb+cWxcnny/FS5s/8D69dtx4IJAAAAAAAAAAAAAAAAAAAAAIDfVSm3dd2/p1LpdT7Nt/fXGY1SrCUD3fbnGe2yP0+jWoiRQrZjBwAAAAAAAAAAAAAAAAAAgMNifqE/pmu12bvzC/fmehW3Xz97+Xdsf02zKO5wn7RIkrTp9pEkH7Fjas+Lf459eryXN8xFFqPoXTRfr8hF7E8Tr1Zu/ndyfvhUx6njJ0qXPjx6+jWLIXfMqB7FdP7dt8sjD9/sbevPtx7pPxwTYEsx/GRi+sXixy+7nj8AAAAAAAAAAAAAAAAAAMAB2/zSb9Y9AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDsbP7+/0bRFxGdR3oUucLO16wXWY8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB+BgAA//+v555g") open(0x0, 0x1990c0, 0x0) 01:46:49 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x41c0, 0x2c) 01:46:49 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x2, 0x4e24, @remote}, 0x10) [ 415.033464][ T6665] 553635840-553627647: ffff8880272dc9a0 [ 415.094748][ T6665] 553627648-553644031: ffff8880272dc8c0 [ 415.135814][ T27] audit: type=1800 audit(1673401609.938:36): pid=7341 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=1153 res=0 errno=0 [ 415.139430][ T7340] loop0: detected capacity change from 0 to 256 [ 415.174883][ T6665] 553644032-553648127: ffff88807e16c7e0 [ 415.206866][ T6665] 553648128-553652223: ffff888022f0e2a0 [ 415.216274][ T7176] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 415.230807][ T6665] 553652224-116813594623: 0000000000000000 [ 415.289249][ T7340] FAT-fs (loop0): Directory bread(block 64) failed [ 415.306506][ T6665] 116813594624-116817788927: ffff888022f0e380 [ 415.309093][ T7340] FAT-fs (loop0): Directory bread(block 65) failed [ 415.312960][ T6665] 116817788928-93825002663935: 0000000000000000 [ 415.312992][ T6665] 93825002663936-93825002803199: [ 415.351076][ T7340] FAT-fs (loop0): Directory bread(block 66) failed [ 415.358168][ T6665] ffff888022f0e460 [ 415.402800][ T7340] FAT-fs (loop0): Directory bread(block 67) failed [ 415.404005][ T6665] 93825002803200-140548063096831: 0000000000000000 [ 415.410990][ T7340] FAT-fs (loop0): Directory bread(block 68) failed [ 415.419419][ T6665] 140548063096832-140548063100927: ffff888022f0e540 [ 415.434926][ T6665] 140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d [ 415.476455][ T7340] FAT-fs (loop0): Directory bread(block 69) failed [ 415.500266][ T6665] 140548063100928-140548071489535: ffff888022f0e620 [ 415.515791][ T6665] 140548071489536-140548073586687: ffff888022f0e700 [ 415.535243][ T6665] 140548073586688-140548075683839: ffff888022f0e7e0 [ 415.537869][ T7340] FAT-fs (loop0): Directory bread(block 70) failed [ 415.548785][ T6665] 140548075683840-140548077780991: ffff888022f0e8c0 [ 415.548817][ T6665] 140548077780992-140548079878143: ffff888022f0e9a0 [ 415.548844][ T6665] 140548079878144-140548084072447: ffff888022f0ea80 [ 415.548872][ T6665] 140548084072448-140548084219903: ffff888022f0eb60 [ 415.548900][ T6665] 140548084219904-140548084948991: ffff888022f0ec40 [ 415.548927][ T6665] 140548084948992-140548085284863: ffff888022f0ed20 [ 415.548953][ T6665] 140548085284864-140548085288959: 0000000000000000 [ 415.548980][ T6665] 140548085288960-140548085653503: ffff888022f0ee00 [ 415.549008][ T6665] 140548085653504-140548085690367: [ 415.564037][ T7340] FAT-fs (loop0): Directory bread(block 71) failed [ 415.618771][ T6665] ffff888022f0eee0 [ 415.622522][ T6665] 140548085690368-140548085710847: 0000000000000000 [ 415.639328][ T7340] FAT-fs (loop0): Directory bread(block 72) failed [ 415.645894][ T7340] FAT-fs (loop0): Directory bread(block 73) failed [ 415.647846][ T6665] 140548085710848-140548097556479: ffff88806b3de000 [ 415.667254][ T6665] 140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 415.726184][ T6665] 140548097556480-140548097601535: 0000000000000000 [ 415.769017][ T6665] 140548097601536-140548097605631: ffff88806b3de460 [ 415.777335][ T6665] 140548097605632-140548097736703: ffff88806b3de380 [ 415.784522][ T6665] 140548097736704-140735437164543: 0000000000000000 [ 415.793587][ T6665] 140735437164544-140735437299711: ffff88806b3de0e0 [ 415.825898][ T6665] 140735437299712-140735437316095: 0000000000000000 [ 415.846477][ T6665] 140735437316096-140735437332479: ffff88806b3de1c0 [ 415.853779][ T6665] 140735437332480-140735437340671: ffff88806b3de2a0 [ 415.874798][ T6665] 140735437340672-18446744073709551615: 0000000000000000 [ 415.883905][ T6665] Pass: 9475556 Run:9475664 [ 415.896413][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 [ 415.906257][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 415.916332][ T6665] Call Trace: [ 415.919627][ T6665] [ 415.922577][ T6665] dump_stack_lvl+0xd1/0x138 [ 415.927214][ T6665] mt_find.cold+0x8b/0x90 [ 415.930660][ T7337] loop3: detected capacity change from 0 to 32768 [ 415.931569][ T6665] ? mas_find+0x1d0/0x1d0 [ 415.931619][ T6665] find_vma+0x10c/0x1b0 [ 415.946498][ T6665] ? can_vma_merge_before+0x390/0x390 [ 415.951910][ T6665] ? walk_page_test+0x78/0x180 [ 415.956709][ T6665] walk_page_range+0x2b1/0x4a0 [ 415.961518][ T6665] ? __walk_page_range+0x780/0x780 [ 415.966681][ T6665] mlock_fixup+0x650/0x810 [ 415.971138][ T6665] apply_vma_lock_flags+0x23d/0x350 [ 415.976373][ T6665] ? mlock_fixup+0x810/0x810 [ 415.981006][ T6665] ? __ia32_sys_get_robust_list+0x400/0x400 [ 415.986932][ T6665] do_mlock+0x25a/0x6d0 [ 415.991124][ T6665] ? folio_evictable+0x270/0x270 [ 415.996102][ T6665] ? syscall_enter_from_user_mode+0x26/0xb0 [ 416.002026][ T6665] __x64_sys_mlock+0x59/0x80 [ 416.006639][ T6665] do_syscall_64+0x39/0xb0 [ 416.011091][ T6665] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 416.017012][ T6665] RIP: 0033:0x7fd3e6a8c0c9 [ 416.021442][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 416.041071][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 416.049504][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9 [ 416.057493][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000 [ 416.065476][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000 [ 416.073460][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 416.081475][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000 [ 416.089486][ T6665] [ 416.104624][ T7337] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 416.113805][ T6665] index not increased! 20ffb000 <= 20ffb000 [ 416.115619][ T7337] BTRFS info (device loop3): force clearing of disk cache [ 416.126427][ T6665] BUG at mt_find:6473 (1) [ 416.127467][ T7337] BTRFS info (device loop3): setting nodatasum [ 416.133755][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e [ 416.137766][ T7337] BTRFS info (device loop3): allowing degraded mounts [ 416.155261][ T7337] BTRFS info (device loop3): enabling disk space caching [ 416.156444][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 416.166587][ T7337] BTRFS info (device loop3): disk space caching is enabled [ 416.211028][ T6665] 0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d [ 416.263428][ T6665] 0-536866815: 0000000000000000 [ 416.270523][ T6665] 536866816-536870911: ffff888022f0e0e0 [ 416.276632][ T6665] 536870912-553627647: ffff888022f0e1c0 [ 416.282575][ T6665] 553627648-553635839: 0000000000000000 [ 416.288850][ T6665] 553635840-553627647: ffff8880272dc9a0 [ 416.297861][ T6665] 553627648-553644031: ffff8880272dc8c0 [ 416.298929][ T7337] BTRFS info (device loop3): enabling ssd optimizations [ 416.303780][ T6665] 553644032-553648127: ffff88807e16c7e0 [ 416.303811][ T6665] 553648128-553652223: [ 416.311417][ T7337] BTRFS info (device loop3): auto enabling async discard [ 416.323480][ T6665] ffff888022f0e2a0 [ 416.337994][ T7337] BTRFS info (device loop3): clearing free space tree [ 416.343759][ T6665] 553652224-116813594623: 0000000000000000 [ 416.344884][ T7337] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 416.354409][ T6665] 116813594624-116817788927: ffff888022f0e380 [ 416.369158][ T6665] 116817788928-93825002663935: 0000000000000000 [ 416.370806][ T7337] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 416.375764][ T6665] 93825002663936-93825002803199: ffff888022f0e460 [ 416.396277][ T6665] 93825002803200-140548063096831: 0000000000000000 [ 416.403347][ T6665] 140548063096832-140548063100927: ffff888022f0e540 [ 416.405661][ T7337] BTRFS info (device loop3): checking UUID tree [ 416.417068][ T6665] 140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d [ 416.474442][ T6665] 140548063100928-140548071489535: ffff888022f0e620 [ 416.481687][ T6665] 140548071489536-140548073586687: ffff888022f0e700 [ 416.488770][ T6665] 140548073586688-140548075683839: ffff888022f0e7e0 [ 416.495744][ T6665] 140548075683840-140548077780991: ffff888022f0e8c0 [ 416.502777][ T6665] 140548077780992-140548079878143: ffff888022f0e9a0 [ 416.509823][ T6665] 140548079878144-140548084072447: ffff888022f0ea80 [ 416.516841][ T6665] 140548084072448-140548084219903: ffff888022f0eb60 01:46:51 executing program 3: syz_mount_image$btrfs(&(0x7f00000051c0), &(0x7f0000005200)='./file0\x00', 0x1000008, &(0x7f0000000280)={[{@datacow}, {@clear_cache}, {@nodatasum}, {@rescan_uuid_tree}, {}, {@space_cache_v1}]}, 0xfe, 0x51ab, &(0x7f0000005280)="$eJzs3V9oVFceB/Az+aPxDyY+xV32wX1YWcUFWRF2UdggGF2Whdn1YVnYrFlZxT+7JUgDwb5YS2lBxGCgthSKD33pS0mlUFqqBAsthYogVloUW0teWiiESsGXlpK590xmzvVmxlQbq5+PJHfO/d1z7pnhPsx3zLkTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIRwcM3Kv+xaPb2urD7dP3bq6LLt507vP3ljaGjLlRAqtf2VvL5n+66/79+95689scPw37JtX1/ZkFnXz7PGkqads/2af/4TQuhOBujMtzs6G/pW0hOEI8UB53XgZv/o5u7BaxN3zmy8eP3QhuJTZ1bPYk9gseTX1fTctTRQ+92RHFFvN1x6laZLNOufXnA/yZMAAO7JpmptU387mr/FrbePpfWkPZC0x5N2fIcw3thYiGzcJWXzXJvWF2meA1lUWFo6z6Sev/71djXtn7STqHEP82w+NI80PWXzHEnqizVPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIfJqx9euvTcy+u3ldWn+8dOHV22/dzp/SdvDA1tuRJCX21/JStXlv+q8w+fLtt57fiRN36zr+ftk515v7jtajg4fBIf/LE3hL0Nlek47JerQqg2F2rN8FKxcLD24M+xAAAAwKPkF7XfHfV2Fge7m9qVWpqs1P5FWVg8cLN/dHP34LWJO2c2Xrx+aMPCx6uWjDdw1/Hq7b65n0pDMI7xNx1vrh4PPVIYZ37piGme/2zmyVsXJn7777L+hfzfN3/+j6+c/A8AAMCPIf+n48yvVf6/+s7zT3UN7n2vrH8h/69tOmUh/8cZx/zfERaW/wEAAOBh9qDz/0BhnPm1yv/fnZ86f/nb46+U9S/k/03t5f+uxmnHnR/FCR/uDWFTq6kDAAAAJeL/u899tBDzevbJQZrXO2ZGe6d6blwtG6+Q/wfay//d9/2ZAQAAAAv1v7F/Hb8wNn6zrF7I/9X28v/SBz5zAAAAoF37Tvz/3PoNIyvL6oX8P9xe/l+eb/OVD1mn9+NfIUz0htAz+2AkK3wQxv9ULwAAAAD3SczpX41u/f7jwel3y44r5P+R+e//H+90ENf/N93/r7D+v6GQ3fVvqxsDAAAA8DgqruePt8fPvrmg7Pv3213/f+uXO3b9d+c/vig7fyH/H2sv/3c2bu/n9/8BAADAAvzcvv/vn4Vx5tfq/v/fDN36et3hZwfL+hfy/3h7+T9uVzQ+van4+jzTG8Ka2Qf53QRfi6c7nBQmuxsK2Quf9Ngde+SFyaUNhZqRpMfve0P49eyDY0lhdSyMJ4WZVXnhbFK4HAv59VAvvJ4UpuKV9sKqfLpp4a1YyBdYTMYVFCvqSyKSHrfLeswW7trjev3kAAAAj5UYnvMs293cDGmUnay0OmB5qwM6Wh3Q2eqAruSA9MCy/WG4uRD3v7jtd7evPPHm06FEIf+fbS//x5diSbYpW/8f4vr//HsN6+v/h2OhLylMxkI1vWNANZ4jC7sn4jn6qnmPmTX1AgAAADzS4ucCnYs8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5g7/6D7KrqA4Cf/f0jm91FHAFJNYqA6ZDNJjFKK1MC1UFxpi4OdZw60UR2g9ssJCZhICnthEA7U5hUVKa1o0NDHUdpkUY6jlK1pEyBcaRTm7ZMxWhl/EFtaxnGSodSm87be8/d+87dm/dCdiFLP58/9p33vufnfT/2nXvvOxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD/h38ZWPMb+1f89Py6+PfPuOHDewcuve+jWw8c3bRpw5EQJmYf78jCHYMrui785sBlj+3f+flzp/rvP9Cbl8vjYVnjT2d+55ai1uUhfLEjhO40sHooC/Tk94difSuGQjgtzAWKElODWYm04fDQQAgHw1ygqOr+gRCGSoErjzz4wIFG4o6BEM4NIfSlbXy7L2tjIA2c15sFBtPA9u4s8F/HMkXgS51ZAE5afDMUL/pDE80ZRucvV/P661mwjr240uF1xcRofb4fX7LInSrpTR+YOKmnrVIdi6Ly9jjs3bYE3m2V7Xy7p638RSr/hnJsLtQXOientm65bmZ3fKQzjI111dW0SM/z40/feNWJpJfM6zB2YHRBXofP3vme68+afMuNt24/54m177vg6Ml2s27zLra+kL/mlszzGG30ebIE3n6Vb0krfekKIfzcB7tv6vrtI5+qi1fm/6PHn//Hl3O87WzKHWt9bjibm8dHhmLiqeFsbg4AAABLxlLYa/qjs1/xe6s61zxeV19l/r+yveP/8ZB/PpnPRns4hI2ziZtHQjhz9vEscHds7gMjIbxmNjXRHLgkCRwO4azZxKqiqqREfyyxMgk8OZwHNiaBh2NgIgl8OgZuTwK3xMChJHBVDBxOApfGQJhuHsfPD+fjaDswEAObs414KJ6F8JPh2Fqyrb5VVAUAALBA8tlhT/Pd0rkOJ5shTi8PDbTKEM/Ars3Ql9SQzmCLaVVtDd2tauhsVUMx7n3HH36l5o5WNVdOw+hoznDpK/7w/BVfu+ELoUZl/j9+/Pl/3zwd6agc/w/hitm/MXdnHpkp4psnmjIAAAAAJ2HtG2a+9idnv+nNdfHK/H9je+f/x30iXaXM4dG4G2LbSAjjzYGs2jdXA9lR72V5AAAAAJaC4nh8cSx8Or/NTtFO59PV/BMnmD8e+N84b/5fCpOnb/vBUxvq+luZ/0+0d/7/YPNt1omHYy8+NhJCfynwSOxlIzBrZQx89+LmQD7+h+MGuC1WlZ+YUFR1WyyxOQbGk8DBuhLfKEqc2RzIn6yi8ZuLcUznJUoBAAAAeMHF3QHxuHw8///Ctd/70KaP7/1cXbnK/H/ziZ3/PzsPrpzeP7MshDXdIXSlPwx4dDBbGDAGhjryxFcHs7q60qpuGgzhosbA0qqeyNf/707XGDwykFUVA2e+9rNPn9dIfGoghDXlwGPvvWt2x8juJFA0/qsDIby6Mdq08S/0Z433pI3/QX8IryoFiqo+0B9Co7HetKoH+/LrGKRV/VlfCKeXAkVVb+wLYU8AYImK/0onyw/u2rN325aZmamdi5iI+/AHwtbpmamxq7bPTPbV9Gky6XPTMkY3VcfU2ebYj+ZLFN1z+dhIO+nid4Lj5b7k+/ErJw7m9+N3oZ7Zca7rabq7Ph3y68+pNpEO6cUY8mC5krknsVJ/zN8bloX+63ZN7Ry7Ycvu3TvXZn/bzb4u+xsPM2Xbam26rQbn61sbL492F0N/vtuq6TJXa3Zfs2PNrj17V09fs+Xqqaunrn3D+LrxdevHN7zpwjWNUY1nf1sM9fz5qk6Geuyu6hDavQbU8x3qK7tLlbwQnxoSEhJLLbHl4q/+5b1nfWJZ3cdPZf6/4/jz//ipEz/58/UZ6o7/j8bD/Nnjc4f5N8fAwXaP/4/WHc0vTgxYmQT2xcA+h/kBAAB4aYi7G+PezLhXuuem1WN//MlHnqwrV5n/72vv9/8LtP5/sXT95XXL/K+KJcbr1v9Pl/kv1v/fV7f+f7rMf7H+/8EXYf3/64pAskl+Yv1/AADgpeCFW/+/5fL+6QUCKhlaLu+fXiCgkqHlMv7tXiDghNf/f/tzr+u55iOvviXUqMz/b29v/m/hfgAAADh13HVkQ8eD//o/D9XFK/P/g+3N/1/49f9C3fn/K+sCE3ULA1r/DwAAgCWqbv2/9a/78ebP/WzFD+vKVeb/h9qb/8fTLjqbcsdanxvO1rQL6Zp2Tw0XPxkAAACApaEzjI21u6Jp08qolzz/Nh/PlwI9Xrrsr758zT8+8tb39tfVV5n/H25v/t/0u4xn73zP9WdNvuXG527dfs4Ta993wdG54/8AAADA4ml3vwQAAAAAAAAAAAAAAPDie3rv5Lv++ew7P1MXr/z+P1wx+3jd7//jdf/i7wte3pQ71tp6/b/8/pXvuHfP7JKFjw6HcE45sG3/ttNCfm3+88uBBzatOqOR2J+W+Mp3Lv1BI/H+NPC21S97ppG4KAlsjosknpUG4lUVn1meBOLyin+fBuL2OJQGevPA7y7PxtGRbqsfDWXbqiPdVo8PhTBSChTb6otDWRsd6QDvSALFAD+UBuIAfyUPdKa9undZ1qsYGIpF/2hZ1isAAE5Z8VtgT9g6PTM1Hr/Cx9tXdjffRk1Llt1UrbajzeaP5kuT3XP52Eg76a70u+jctcZ7Ql9jCGsrX1fLWTpmR7kwtbTYdC+vGXKr1d7a/XX2iW663voRDWQjGrtq+8xkT8uBr2+dZV13yyxrK5OdcpbO2U3aRi1t9KWNEbW5bdrocrzfGcbGupJcvxiDo6HJQr0iyuv81b0Kynn2Tb7xb75x7Nihuvoq8//R9ub/feVxPZNfDGBfvLLezSMhnNnmiAAAAIB2fevL/7Ru+yd+55709ort1956weCPLq4rV5n/r2xv/h93jOWHgrO9HYfj9f+L+f9oFrg7NveBkRBeM5uaiCWyC+pfHkuMZ4G74w6TVbHE5onmqvpj4FASeHI4DxxOAg/HQL6X4rMh35XzkeEQNsymrmgusSOWGE0C74yBlUlgLAbGk8DyGNiYBP59eR6YSAJfj4Ew3byt/ny5vSsAAMDzkM+zeprvhnSed6i7VYaOVhkGW2XobJWhr1WGulHE+/fFDD3JySsdpUw9aa0DSS2VDPFi+Cfcr0qG8I3mnGnBStPx/IPifIOO5gz/dtnrv33erlXtX/9/vL35/2Dzbdb6w3H+P3f9vyzwSOzex+Kp4ytj4LsXNwfyHQMPx8nubUVVE3mJfNJ+WyyxMQZWJoEdMbAxCWy+Ig8cPKM5kM+0i8ZvLhqfzkuUAgAAAPCCizsI4m6aOP//0/+++3MH/uHav64rV5n/b2xv/h/bW1Zu7Jai1uUhfLFjrjdFYPVQFoj7MYbiz+NXDIVwWmkHR1FiajAr0Zs0HB4ayH6h3ptWdf9AtsZAvH/lkQcfONBI3DEQwrmlvS9FG9/uy9oYSAPn9WaBwTSwvTsLxD0/ReBLnVkATlqxVzC+oPJTXQqj85eref29VK4Jmg6vsg90nnzz/eZqsfSlD+T7VAsn9rRVqmNRVN4eh73bluK7bdS7rfxFKv+Gcmwu1Bc6J6e2brluZnd8pPxL1opFep7Lv1JtJ70Ar8N9z7+3rfWlHRhPPj7G5y83/+uwI1b37J3vuf6sybfceOv2c55Y+74LjrbdjRrxh8Lv/uTLRsubd7H1hfw1t+Q+TyZ8nizFfwMrPW2NGexTv//V//jp4z+ri1fm/xPtzf+7k9tZz8aNuWskhNeXNu6jcfP/8kj2OVgKZJ+Sp1cD2SH37w3XfnICAADAQit2dxT7C6bz2+yE8HSeXM0/cYL54/6KjfPmb7ffW29+aP8P/+6Or9TFK/P/zcef//cn3XT83/F/Fonj//M61XdF96cP7DupXdGV6lgUjv/P61R/tzn+Py/H/x3/n4/j/y04/j+vU/1pq3xL2uFLVwjh6++/8+33bP+18+rilfn/jvbm/9b/m3/RvmL9v8116//tqFv/b5/1/wAAgEVVs9BcOs+rrN5XyZCu3lfJ0HKBwJZLDFr/74TX/3vrO//3+mOvuGRnqFGZ/+9rb/4fXw7Lyq0vlfX/Vl5RU9XtMbDDwoAAAACciup2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDievcvPLl8029eOF0X//4ZN3x478Cl931064GjmzZtOBJClrUjC3cMrui68JsDlz22f+fnz53qv/9AX16uJ789uyl3rPW54RAOlh4Ziomnhht35gJXvuPePd2NxKPDIZxTDmzbv+20RuLTwyGcXw48sGnVGY3E/rTEV75z6Q8aifengbetftkzjcRFeaAj7e4nl2fd7Ui7e2B5CCOlQNHdX1/eXFXRxmV5oDNt4zNDWRsxMBSLfnwoayMGZmKJ6f4Q1nSH0JVW9bW+rKqutKq/6Muq6kqr+q2+EC4KIXSnVX2nN6uqOx353/ZmVcXAma/97NPnNRIHe0NYUw489t67NjQSH0oCRePv6g3h1Y2XTNr4fT1Z4z1p43f0hPCqEEJvWuI/u7MSvWmJJ7pDOL0UKBr/YHcIewIvCfHDZ7L84K49e7dtmZmZ2rmIid68rYGwdXpmauyq7TOTfUmf6nSU0sduOn78eI4+feNVjdt7Lh8baSfdnZfrme3yup6mu+sXqvftOtHex34NliuZez4q9cf8vWFZ6L9u19TOsRu27N69c232t93s67K/XXk021ZrF2pbdbYoHz3fbXV+uZI1u6/ZsWbXnr2rp6/ZcvXU1VPXvmF83fi69eMb3nThmsaoxrO/CzHUu44fX4yhvrK7VMkL8QEgISGx1BKdTZ9u46f6P73KF/25jvaEvtkP6Mq0opylY3aUCzHoS6rxrkUadGVKUhnR2srEoZJlXess6yuTibksA1mW2e91lclhuabO2U0a73eGsbHazTLafLe8eX88z+Zt1+P5pms3DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/B87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3DqNnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBSAAAA//+3Rsqd") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.current\x00', 0x275a, 0x0) write$binfmt_script(r0, 0x0, 0x208e24b) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) ioctl$BTRFS_IOC_SNAP_CREATE(r1, 0x9408, 0x0) 01:46:51 executing program 1: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0563"], 0x0, 0x0, 0x0}) r3 = dup(r0) mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:46:51 executing program 2: syz_mount_image$fuse(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) mknodat$loop(r0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r1 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) openat(r1, &(0x7f0000000080)='./file0\x00', 0x4000, 0x34) 01:46:51 executing program 5: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r1) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)={0x24, r2, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x3}]}, 0x24}}, 0x0) 01:46:51 executing program 4: syz_mount_image$fuse(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) mknodat$loop(r0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) fchownat(0xffffffffffffff9c, &(0x7f0000000080)='./file0/file0\x00', 0x0, 0x0, 0x0) 01:46:51 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./bus\x00', 0x2, &(0x7f0000000100)={[{@shortname_winnt}, {@uni_xlate}, {}, {@rodir}, {@shortname_lower}, {@iocharset={'iocharset', 0x3d, 'macromanian'}}, {@shortname_winnt}, {@rodir}, {@utf8no}, {@iocharset={'iocharset', 0x3d, 'macturkish'}}, {@utf8no}, {@iocharset={'iocharset', 0x3d, 'iso8859-2'}}, {@rodir}, {@rodir}, {@shortname_mixed}, {@fat=@check_strict}]}, 0x82, 0x25e, &(0x7f0000000580)="$eJzs3b9rU2sYB/AnTW6bW7ikw4Vyyx3iKEhoK+6VoiAUFCT4Y7LYitJEwUKgIm03Z8FRJ3cd/QMcRNwcXFWQqrjo1qFwJD1pakrSFml7iv18hvbhnPM97/uSF84bSN5c+78+N5OLiB8rUSzmojAxORGruRiKvshHajkAgD/JapLE9ySVdV8AgIPh+Q8AR88un/8XDrBLAMA+8/4fAI6ei1eubnzCrxhRf9CoNqrp//T86RtxK2oxuxxRirWIdKGQrhaaf8+emzozWm76PBTV+lIrv9So5jvyMRalGGrlk878WDm1nr/fTNVzjepfMdjKvx+M2RiPUvzbPT/+a77V/sb42u1XohRvr8edqMVMNLOb+cWxcnny/FS5s/8D69dtx4IJAAAAAAAAAAAAAAAAAAAAAIDfVSm3dd2/p1LpdT7Nt/fXGY1SrCUD3fbnGe2yP0+jWoiRQrZjBwAAAAAAAAAAAAAAAAAAgMNifqE/pmu12bvzC/fmehW3Xz97+Xdsf02zKO5wn7RIkrTp9pEkH7Fjas+Lf459eryXN8xFFqPoXTRfr8hF7E8Tr1Zu/ndyfvhUx6njJ0qXPjx6+jWLIXfMqB7FdP7dt8sjD9/sbevPtx7pPxwTYEsx/GRi+sXixy+7nj8AAAAAAAAAAAAAAAAAAMAB2/zSb9Y9AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDsbP7+/0bRFxGdR3oUucLO16wXWY8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB+BgAA//+v555g") open(0x0, 0x1990c0, 0x0) [ 416.523808][ T6665] 140548084219904-140548084948991: ffff888022f0ec40 [ 416.531630][ T6665] 140548084948992-140548085284863: ffff888022f0ed20 [ 416.541793][ T6665] 140548085284864-140548085288959: 0000000000000000 [ 416.548840][ T6665] 140548085288960-140548085653503: ffff888022f0ee00 [ 416.561608][ T6665] 140548085653504-140548085690367: ffff888022f0eee0 [ 416.595098][ T7366] loop0: detected capacity change from 0 to 256 [ 416.611748][ T27] audit: type=1800 audit(1673401611.418:37): pid=7368 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=1179 res=0 errno=0 [ 416.657188][ T7367] binder: 7362:7367 unknown command 25349 [ 416.663068][ T6665] 140548085690368-140548085710847: 0000000000000000 [ 416.674794][ T7367] binder: 7362:7367 ioctl c0306201 20001480 returned -22 01:46:51 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@default_permissions}]}}, 0x0, 0x0, 0x0) 01:46:51 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}}, 0x0, 0x0, 0x0) [ 416.699893][ T6665] 140548085710848-140548097556479: ffff88806b3de000 01:46:51 executing program 1: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0563"], 0x0, 0x0, 0x0}) r3 = dup(r0) mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 416.767525][ T6665] 140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 416.805615][ T7366] FAT-fs (loop0): Directory bread(block 64) failed [ 416.856877][ T7366] FAT-fs (loop0): Directory bread(block 65) failed 01:46:51 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@default_permissions}]}}, 0x0, 0x0, 0x0) [ 416.881691][ T7366] FAT-fs (loop0): Directory bread(block 66) failed [ 416.903873][ T7380] binder: 7379:7380 unknown command 25349 [ 416.904662][ T7366] FAT-fs (loop0): Directory bread(block 67) failed 01:46:51 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}}, 0x0, 0x0, 0x0) [ 416.938803][ T7380] binder: 7379:7380 ioctl c0306201 20001480 returned -22 01:46:51 executing program 1: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="056304"], 0x0, 0x0, 0x0}) r3 = dup(r0) mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 416.985068][ T7366] FAT-fs (loop0): Directory bread(block 68) failed [ 417.026497][ T7366] FAT-fs (loop0): Directory bread(block 69) failed [ 417.056871][ T7366] FAT-fs (loop0): Directory bread(block 70) failed [ 417.064567][ T7366] FAT-fs (loop0): Directory bread(block 71) failed [ 417.086062][ T6665] 140548097556480-140548097601535: 0000000000000000 [ 417.123518][ T7388] binder: 7387:7388 unknown command 287493 [ 417.127038][ T6665] 140548097601536-140548097605631: ffff88806b3de460 [ 417.157456][ T7388] binder: 7387:7388 ioctl c0306201 20001480 returned -22 [ 417.170670][ T6665] 140548097605632-140548097736703: ffff88806b3de380 [ 417.179544][ T7366] FAT-fs (loop0): Directory bread(block 72) failed [ 417.186112][ T7366] FAT-fs (loop0): Directory bread(block 73) failed [ 417.206577][ T6665] 140548097736704-140735437164543: 0000000000000000 [ 417.213570][ T6665] 140735437164544-140735437299711: ffff88806b3de0e0 [ 417.251055][ T6665] 140735437299712-140735437316095: 0000000000000000 [ 417.293571][ T6665] 140735437316096-140735437332479: ffff88806b3de1c0 [ 417.316582][ T6665] 140735437332480-140735437340671: ffff88806b3de2a0 [ 417.323631][ T6665] 140735437340672-18446744073709551615: 0000000000000000 [ 417.356668][ T6665] Pass: 9505083 Run:9505192 [ 417.361217][ T6665] CPU: 0 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 [ 417.371056][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 417.381141][ T6665] Call Trace: [ 417.384444][ T6665] [ 417.387405][ T6665] dump_stack_lvl+0xd1/0x138 [ 417.392050][ T6665] mt_find.cold+0x8b/0x90 [ 417.396441][ T6665] ? mas_find+0x1d0/0x1d0 [ 417.400826][ T6665] find_vma+0x10c/0x1b0 [ 417.405022][ T6665] ? can_vma_merge_before+0x390/0x390 [ 417.410440][ T6665] ? walk_page_test+0x78/0x180 [ 417.415250][ T6665] walk_page_range+0x2b1/0x4a0 [ 417.420062][ T6665] ? __walk_page_range+0x780/0x780 [ 417.425239][ T6665] mlock_fixup+0x650/0x810 [ 417.429713][ T6665] apply_vma_lock_flags+0x23d/0x350 [ 417.434967][ T6665] ? mlock_fixup+0x810/0x810 [ 417.439620][ T6665] ? __ia32_sys_get_robust_list+0x400/0x400 [ 417.445559][ T6665] do_mlock+0x25a/0x6d0 [ 417.449766][ T6665] ? folio_evictable+0x270/0x270 [ 417.454758][ T6665] ? syscall_enter_from_user_mode+0x26/0xb0 [ 417.460697][ T6665] __x64_sys_mlock+0x59/0x80 [ 417.465314][ T6665] do_syscall_64+0x39/0xb0 [ 417.469775][ T6665] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 417.475695][ T6665] RIP: 0033:0x7fd3e6a8c0c9 [ 417.480124][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 417.499754][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 417.508192][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9 [ 417.516181][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000 [ 417.524167][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000 [ 417.532153][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 417.540143][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000 [ 417.548165][ T6665] [ 417.618172][ T6665] index not increased! 20ffb000 <= 20ffb000 [ 417.624215][ T6665] BUG at mt_find:6473 (1) [ 417.634627][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e [ 417.643558][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 417.695130][ T6665] 0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d [ 417.755518][ T6665] 0-536866815: 0000000000000000 [ 417.761325][ T6665] 536866816-536870911: ffff888022f0e0e0 [ 417.776733][ T6665] 536870912-553627647: ffff888022f0e1c0 [ 417.786185][ T6665] 553627648-553635839: 0000000000000000 [ 417.797885][ T7378] loop3: detected capacity change from 0 to 32768 [ 417.802666][ T6665] 553635840-553627647: ffff8880272dc9a0 [ 417.811697][ T6665] 553627648-553644031: ffff8880272dc8c0 [ 417.818330][ T7378] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 417.819187][ T6665] 553644032-553648127: ffff88807e16c7e0 [ 417.834291][ T6665] 553648128-553652223: ffff888022f0e2a0 [ 417.835336][ T7378] BTRFS info (device loop3): force clearing of disk cache [ 417.840745][ T6665] 553652224-116813594623: 0000000000000000 [ 417.853816][ T6665] 116813594624-116817788927: ffff888022f0e380 [ 417.856280][ T7378] BTRFS info (device loop3): setting nodatasum [ 417.860804][ T6665] 116817788928-93825002663935: 0000000000000000 [ 417.873431][ T6665] 93825002663936-93825002803199: ffff888022f0e460 [ 417.875303][ T7378] BTRFS info (device loop3): allowing degraded mounts [ 417.880703][ T6665] 93825002803200-140548063096831: 0000000000000000 [ 417.889421][ T7378] BTRFS info (device loop3): enabling disk space caching [ 417.895167][ T6665] 140548063096832-140548063100927: ffff888022f0e540 [ 417.913695][ T6665] 140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d [ 417.969974][ T6665] 140548063100928-140548071489535: ffff888022f0e620 [ 417.976385][ T7378] BTRFS info (device loop3): disk space caching is enabled [ 417.978379][ T6665] 140548071489536-140548073586687: ffff888022f0e700 [ 417.992388][ T6665] 140548073586688-140548075683839: ffff888022f0e7e0 [ 418.000622][ T6665] 140548075683840-140548077780991: ffff888022f0e8c0 [ 418.008685][ T6665] 140548077780992-140548079878143: ffff888022f0e9a0 [ 418.019905][ T6665] 140548079878144-140548084072447: ffff888022f0ea80 [ 418.027330][ T6665] 140548084072448-140548084219903: ffff888022f0eb60 [ 418.028233][ T7378] BTRFS info (device loop3): enabling ssd optimizations [ 418.034375][ T6665] 140548084219904-140548084948991: [ 418.041460][ T7378] BTRFS info (device loop3): auto enabling async discard [ 418.048879][ T6665] ffff888022f0ec40 [ 418.054917][ T7378] BTRFS info (device loop3): clearing free space tree [ 418.064556][ T6665] 140548084948992-140548085284863: [ 418.064745][ T7378] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 418.064780][ T7378] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 418.073439][ T6665] ffff888022f0ed20 [ 418.096281][ T6665] 140548085284864-140548085288959: 0000000000000000 [ 418.103486][ T6665] 140548085288960-140548085653503: ffff888022f0ee00 [ 418.111950][ T7378] BTRFS info (device loop3): checking UUID tree [ 418.118712][ T6665] 140548085653504-140548085690367: ffff888022f0eee0 [ 418.125705][ T6665] 140548085690368-140548085710847: 0000000000000000 [ 418.134665][ T6665] 140548085710848-140548097556479: ffff88806b3de000 01:46:53 executing program 3: syz_mount_image$btrfs(&(0x7f00000051c0), &(0x7f0000005200)='./file0\x00', 0x1000008, &(0x7f0000000280)={[{@datacow}, {@clear_cache}, {@nodatasum}, {@rescan_uuid_tree}, {}, {@space_cache_v1}]}, 0xfe, 0x51ab, &(0x7f0000005280)="$eJzs3V9oVFceB/Az+aPxDyY+xV32wX1YWcUFWRF2UdggGF2Whdn1YVnYrFlZxT+7JUgDwb5YS2lBxGCgthSKD33pS0mlUFqqBAsthYogVloUW0teWiiESsGXlpK590xmzvVmxlQbq5+PJHfO/d1z7pnhPsx3zLkTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIRwcM3Kv+xaPb2urD7dP3bq6LLt507vP3ljaGjLlRAqtf2VvL5n+66/79+95689scPw37JtX1/ZkFnXz7PGkqads/2af/4TQuhOBujMtzs6G/pW0hOEI8UB53XgZv/o5u7BaxN3zmy8eP3QhuJTZ1bPYk9gseTX1fTctTRQ+92RHFFvN1x6laZLNOufXnA/yZMAAO7JpmptU387mr/FrbePpfWkPZC0x5N2fIcw3thYiGzcJWXzXJvWF2meA1lUWFo6z6Sev/71djXtn7STqHEP82w+NI80PWXzHEnqizVPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIfJqx9euvTcy+u3ldWn+8dOHV22/dzp/SdvDA1tuRJCX21/JStXlv+q8w+fLtt57fiRN36zr+ftk515v7jtajg4fBIf/LE3hL0Nlek47JerQqg2F2rN8FKxcLD24M+xAAAAwKPkF7XfHfV2Fge7m9qVWpqs1P5FWVg8cLN/dHP34LWJO2c2Xrx+aMPCx6uWjDdw1/Hq7b65n0pDMI7xNx1vrh4PPVIYZ37piGme/2zmyVsXJn7777L+hfzfN3/+j6+c/A8AAMCPIf+n48yvVf6/+s7zT3UN7n2vrH8h/69tOmUh/8cZx/zfERaW/wEAAOBh9qDz/0BhnPm1yv/fnZ86f/nb46+U9S/k/03t5f+uxmnHnR/FCR/uDWFTq6kDAAAAJeL/u899tBDzevbJQZrXO2ZGe6d6blwtG6+Q/wfay//d9/2ZAQAAAAv1v7F/Hb8wNn6zrF7I/9X28v/SBz5zAAAAoF37Tvz/3PoNIyvL6oX8P9xe/l+eb/OVD1mn9+NfIUz0htAz+2AkK3wQxv9ULwAAAAD3SczpX41u/f7jwel3y44r5P+R+e//H+90ENf/N93/r7D+v6GQ3fVvqxsDAAAA8DgqruePt8fPvrmg7Pv3213/f+uXO3b9d+c/vig7fyH/H2sv/3c2bu/n9/8BAADAAvzcvv/vn4Vx5tfq/v/fDN36et3hZwfL+hfy/3h7+T9uVzQ+van4+jzTG8Ka2Qf53QRfi6c7nBQmuxsK2Quf9Ngde+SFyaUNhZqRpMfve0P49eyDY0lhdSyMJ4WZVXnhbFK4HAv59VAvvJ4UpuKV9sKqfLpp4a1YyBdYTMYVFCvqSyKSHrfLeswW7trjev3kAAAAj5UYnvMs293cDGmUnay0OmB5qwM6Wh3Q2eqAruSA9MCy/WG4uRD3v7jtd7evPPHm06FEIf+fbS//x5diSbYpW/8f4vr//HsN6+v/h2OhLylMxkI1vWNANZ4jC7sn4jn6qnmPmTX1AgAAADzS4ucCnYs8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5g7/6D7KrqA4Cf/f0jm91FHAFJNYqA6ZDNJjFKK1MC1UFxpi4OdZw60UR2g9ssJCZhICnthEA7U5hUVKa1o0NDHUdpkUY6jlK1pEyBcaRTm7ZMxWhl/EFtaxnGSodSm87be8/d+87dm/dCdiFLP58/9p33vufnfT/2nXvvOxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD/h38ZWPMb+1f89Py6+PfPuOHDewcuve+jWw8c3bRpw5EQJmYf78jCHYMrui785sBlj+3f+flzp/rvP9Cbl8vjYVnjT2d+55ai1uUhfLEjhO40sHooC/Tk94difSuGQjgtzAWKElODWYm04fDQQAgHw1ygqOr+gRCGSoErjzz4wIFG4o6BEM4NIfSlbXy7L2tjIA2c15sFBtPA9u4s8F/HMkXgS51ZAE5afDMUL/pDE80ZRucvV/P661mwjr240uF1xcRofb4fX7LInSrpTR+YOKmnrVIdi6Ly9jjs3bYE3m2V7Xy7p638RSr/hnJsLtQXOientm65bmZ3fKQzjI111dW0SM/z40/feNWJpJfM6zB2YHRBXofP3vme68+afMuNt24/54m177vg6Ml2s27zLra+kL/mlszzGG30ebIE3n6Vb0krfekKIfzcB7tv6vrtI5+qi1fm/6PHn//Hl3O87WzKHWt9bjibm8dHhmLiqeFsbg4AAABLxlLYa/qjs1/xe6s61zxeV19l/r+yveP/8ZB/PpnPRns4hI2ziZtHQjhz9vEscHds7gMjIbxmNjXRHLgkCRwO4azZxKqiqqREfyyxMgk8OZwHNiaBh2NgIgl8OgZuTwK3xMChJHBVDBxOApfGQJhuHsfPD+fjaDswEAObs414KJ6F8JPh2Fqyrb5VVAUAALBA8tlhT/Pd0rkOJ5shTi8PDbTKEM/Ars3Ql9SQzmCLaVVtDd2tauhsVUMx7n3HH36l5o5WNVdOw+hoznDpK/7w/BVfu+ELoUZl/j9+/Pl/3zwd6agc/w/hitm/MXdnHpkp4psnmjIAAAAAJ2HtG2a+9idnv+nNdfHK/H9je+f/x30iXaXM4dG4G2LbSAjjzYGs2jdXA9lR72V5AAAAAJaC4nh8cSx8Or/NTtFO59PV/BMnmD8e+N84b/5fCpOnb/vBUxvq+luZ/0+0d/7/YPNt1omHYy8+NhJCfynwSOxlIzBrZQx89+LmQD7+h+MGuC1WlZ+YUFR1WyyxOQbGk8DBuhLfKEqc2RzIn6yi8ZuLcUznJUoBAAAAeMHF3QHxuHw8///Ctd/70KaP7/1cXbnK/H/ziZ3/PzsPrpzeP7MshDXdIXSlPwx4dDBbGDAGhjryxFcHs7q60qpuGgzhosbA0qqeyNf/707XGDwykFUVA2e+9rNPn9dIfGoghDXlwGPvvWt2x8juJFA0/qsDIby6Mdq08S/0Z433pI3/QX8IryoFiqo+0B9Co7HetKoH+/LrGKRV/VlfCKeXAkVVb+wLYU8AYImK/0onyw/u2rN325aZmamdi5iI+/AHwtbpmamxq7bPTPbV9Gky6XPTMkY3VcfU2ebYj+ZLFN1z+dhIO+nid4Lj5b7k+/ErJw7m9+N3oZ7Zca7rabq7Ph3y68+pNpEO6cUY8mC5krknsVJ/zN8bloX+63ZN7Ry7Ycvu3TvXZn/bzb4u+xsPM2Xbam26rQbn61sbL492F0N/vtuq6TJXa3Zfs2PNrj17V09fs+Xqqaunrn3D+LrxdevHN7zpwjWNUY1nf1sM9fz5qk6Geuyu6hDavQbU8x3qK7tLlbwQnxoSEhJLLbHl4q/+5b1nfWJZ3cdPZf6/4/jz//ipEz/58/UZ6o7/j8bD/Nnjc4f5N8fAwXaP/4/WHc0vTgxYmQT2xcA+h/kBAAB4aYi7G+PezLhXuuem1WN//MlHnqwrV5n/72vv9/8LtP5/sXT95XXL/K+KJcbr1v9Pl/kv1v/fV7f+f7rMf7H+/8EXYf3/64pAskl+Yv1/AADgpeCFW/+/5fL+6QUCKhlaLu+fXiCgkqHlMv7tXiDghNf/f/tzr+u55iOvviXUqMz/b29v/m/hfgAAADh13HVkQ8eD//o/D9XFK/P/g+3N/1/49f9C3fn/K+sCE3ULA1r/DwAAgCWqbv2/9a/78ebP/WzFD+vKVeb/h9qb/8fTLjqbcsdanxvO1rQL6Zp2Tw0XPxkAAACApaEzjI21u6Jp08qolzz/Nh/PlwI9Xrrsr758zT8+8tb39tfVV5n/H25v/t/0u4xn73zP9WdNvuXG527dfs4Ta993wdG54/8AAADA4ml3vwQAAAAAAAAAAAAAAPDie3rv5Lv++ew7P1MXr/z+P1wx+3jd7//jdf/i7wte3pQ71tp6/b/8/pXvuHfP7JKFjw6HcE45sG3/ttNCfm3+88uBBzatOqOR2J+W+Mp3Lv1BI/H+NPC21S97ppG4KAlsjosknpUG4lUVn1meBOLyin+fBuL2OJQGevPA7y7PxtGRbqsfDWXbqiPdVo8PhTBSChTb6otDWRsd6QDvSALFAD+UBuIAfyUPdKa9undZ1qsYGIpF/2hZ1isAAE5Z8VtgT9g6PTM1Hr/Cx9tXdjffRk1Llt1UrbajzeaP5kuT3XP52Eg76a70u+jctcZ7Ql9jCGsrX1fLWTpmR7kwtbTYdC+vGXKr1d7a/XX2iW663voRDWQjGrtq+8xkT8uBr2+dZV13yyxrK5OdcpbO2U3aRi1t9KWNEbW5bdrocrzfGcbGupJcvxiDo6HJQr0iyuv81b0Kynn2Tb7xb75x7Nihuvoq8//R9ub/feVxPZNfDGBfvLLezSMhnNnmiAAAAIB2fevL/7Ru+yd+55709ort1956weCPLq4rV5n/r2xv/h93jOWHgrO9HYfj9f+L+f9oFrg7NveBkRBeM5uaiCWyC+pfHkuMZ4G74w6TVbHE5onmqvpj4FASeHI4DxxOAg/HQL6X4rMh35XzkeEQNsymrmgusSOWGE0C74yBlUlgLAbGk8DyGNiYBP59eR6YSAJfj4Ew3byt/ny5vSsAAMDzkM+zeprvhnSed6i7VYaOVhkGW2XobJWhr1WGulHE+/fFDD3JySsdpUw9aa0DSS2VDPFi+Cfcr0qG8I3mnGnBStPx/IPifIOO5gz/dtnrv33erlXtX/9/vL35/2Dzbdb6w3H+P3f9vyzwSOzex+Kp4ytj4LsXNwfyHQMPx8nubUVVE3mJfNJ+WyyxMQZWJoEdMbAxCWy+Ig8cPKM5kM+0i8ZvLhqfzkuUAgAAAPCCizsI4m6aOP//0/+++3MH/uHav64rV5n/b2xv/h/bW1Zu7Jai1uUhfLFjrjdFYPVQFoj7MYbiz+NXDIVwWmkHR1FiajAr0Zs0HB4ayH6h3ptWdf9AtsZAvH/lkQcfONBI3DEQwrmlvS9FG9/uy9oYSAPn9WaBwTSwvTsLxD0/ReBLnVkATlqxVzC+oPJTXQqj85eref29VK4Jmg6vsg90nnzz/eZqsfSlD+T7VAsn9rRVqmNRVN4eh73bluK7bdS7rfxFKv+Gcmwu1Bc6J6e2brluZnd8pPxL1opFep7Lv1JtJ70Ar8N9z7+3rfWlHRhPPj7G5y83/+uwI1b37J3vuf6sybfceOv2c55Y+74LjrbdjRrxh8Lv/uTLRsubd7H1hfw1t+Q+TyZ8nizFfwMrPW2NGexTv//V//jp4z+ri1fm/xPtzf+7k9tZz8aNuWskhNeXNu6jcfP/8kj2OVgKZJ+Sp1cD2SH37w3XfnICAADAQit2dxT7C6bz2+yE8HSeXM0/cYL54/6KjfPmb7ffW29+aP8P/+6Or9TFK/P/zcef//cn3XT83/F/Fonj//M61XdF96cP7DupXdGV6lgUjv/P61R/tzn+Py/H/x3/n4/j/y04/j+vU/1pq3xL2uFLVwjh6++/8+33bP+18+rilfn/jvbm/9b/m3/RvmL9v8116//tqFv/b5/1/wAAgEVVs9BcOs+rrN5XyZCu3lfJ0HKBwJZLDFr/74TX/3vrO//3+mOvuGRnqFGZ/+9rb/4fXw7Lyq0vlfX/Vl5RU9XtMbDDwoAAAACciup2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDievcvPLl8029eOF0X//4ZN3x478Cl931064GjmzZtOBJClrUjC3cMrui68JsDlz22f+fnz53qv/9AX16uJ789uyl3rPW54RAOlh4Ziomnhht35gJXvuPePd2NxKPDIZxTDmzbv+20RuLTwyGcXw48sGnVGY3E/rTEV75z6Q8aifengbetftkzjcRFeaAj7e4nl2fd7Ui7e2B5CCOlQNHdX1/eXFXRxmV5oDNt4zNDWRsxMBSLfnwoayMGZmKJ6f4Q1nSH0JVW9bW+rKqutKq/6Muq6kqr+q2+EC4KIXSnVX2nN6uqOx353/ZmVcXAma/97NPnNRIHe0NYUw489t67NjQSH0oCRePv6g3h1Y2XTNr4fT1Z4z1p43f0hPCqEEJvWuI/u7MSvWmJJ7pDOL0UKBr/YHcIewIvCfHDZ7L84K49e7dtmZmZ2rmIid68rYGwdXpmauyq7TOTfUmf6nSU0sduOn78eI4+feNVjdt7Lh8baSfdnZfrme3yup6mu+sXqvftOtHex34NliuZez4q9cf8vWFZ6L9u19TOsRu27N69c232t93s67K/XXk021ZrF2pbdbYoHz3fbXV+uZI1u6/ZsWbXnr2rp6/ZcvXU1VPXvmF83fi69eMb3nThmsaoxrO/CzHUu44fX4yhvrK7VMkL8QEgISGx1BKdTZ9u46f6P73KF/25jvaEvtkP6Mq0opylY3aUCzHoS6rxrkUadGVKUhnR2srEoZJlXess6yuTibksA1mW2e91lclhuabO2U0a73eGsbHazTLafLe8eX88z+Zt1+P5pms3DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/B87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3DqNnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBSAAAA//+3Rsqd") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.current\x00', 0x275a, 0x0) write$binfmt_script(r0, 0x0, 0x208e24b) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) ioctl$BTRFS_IOC_SNAP_CREATE(r1, 0x9408, 0x0) 01:46:53 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='loginuid\x00') read$sequencer(r0, 0x0, 0x0) 01:46:53 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000300)='io\x00') read$FUSE(r0, &(0x7f00000003c0)={0x2020}, 0x2020) 01:46:53 executing program 2: openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/uevent_helper', 0x0, 0x0) 01:46:53 executing program 1: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="056304"], 0x0, 0x0, 0x0}) r3 = dup(r0) mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:46:53 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./bus\x00', 0x2, &(0x7f0000000100)={[{@shortname_winnt}, {@uni_xlate}, {}, {@rodir}, {@shortname_lower}, {@iocharset={'iocharset', 0x3d, 'macromanian'}}, {@shortname_winnt}, {@rodir}, {@utf8no}, {@iocharset={'iocharset', 0x3d, 'macturkish'}}, {@utf8no}, {@iocharset={'iocharset', 0x3d, 'iso8859-2'}}, {@rodir}, {@rodir}, {@shortname_mixed}, {@fat=@check_strict}]}, 0x82, 0x25e, &(0x7f0000000580)="$eJzs3b9rU2sYB/AnTW6bW7ikw4Vyyx3iKEhoK+6VoiAUFCT4Y7LYitJEwUKgIm03Z8FRJ3cd/QMcRNwcXFWQqrjo1qFwJD1pakrSFml7iv18hvbhnPM97/uSF84bSN5c+78+N5OLiB8rUSzmojAxORGruRiKvshHajkAgD/JapLE9ySVdV8AgIPh+Q8AR88un/8XDrBLAMA+8/4fAI6ei1eubnzCrxhRf9CoNqrp//T86RtxK2oxuxxRirWIdKGQrhaaf8+emzozWm76PBTV+lIrv9So5jvyMRalGGrlk878WDm1nr/fTNVzjepfMdjKvx+M2RiPUvzbPT/+a77V/sb42u1XohRvr8edqMVMNLOb+cWxcnny/FS5s/8D69dtx4IJAAAAAAAAAAAAAAAAAAAAAIDfVSm3dd2/p1LpdT7Nt/fXGY1SrCUD3fbnGe2yP0+jWoiRQrZjBwAAAAAAAAAAAAAAAAAAgMNifqE/pmu12bvzC/fmehW3Xz97+Xdsf02zKO5wn7RIkrTp9pEkH7Fjas+Lf459eryXN8xFFqPoXTRfr8hF7E8Tr1Zu/ndyfvhUx6njJ0qXPjx6+jWLIXfMqB7FdP7dt8sjD9/sbevPtx7pPxwTYEsx/GRi+sXixy+7nj8AAAAAAAAAAAAAAAAAAMAB2/zSb9Y9AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDsbP7+/0bRFxGdR3oUucLO16wXWY8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB+BgAA//+v555g") open(0x0, 0x1990c0, 0x0) [ 418.142562][ T6665] 140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 418.194092][ T6665] 140548097556480-140548097601535: 0000000000000000 01:46:53 executing program 4: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000300)='net/dev_mcast\x00') read$FUSE(r1, &(0x7f00000003c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_LSEEK(r0, &(0x7f00000020c0)={0x18, 0x2f, r2}, 0x18) [ 418.239005][ T6665] 140548097601536-140548097605631: ffff88806b3de460 [ 418.263068][ T7414] loop0: detected capacity change from 0 to 256 [ 418.275918][ T7416] binder: 7409:7416 unknown command 287493 01:46:53 executing program 2: r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001940)={0x11, 0x3, &(0x7f0000000100)=@framed, &(0x7f0000000140)='syzkaller\x00', 0x4, 0x93, &(0x7f0000000180)=""/147, 0x0, 0x0, '\x00', 0x0, 0x0, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f00000018c0), 0x10}, 0x80) [ 418.286451][ T6665] 140548097605632-140548097736703: ffff88806b3de380 [ 418.296792][ T7416] binder: 7409:7416 ioctl c0306201 20001480 returned -22 [ 418.322362][ T6665] 140548097736704-140735437164543: 0000000000000000 01:46:53 executing program 1: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="056304"], 0x0, 0x0, 0x0}) r3 = dup(r0) mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:46:53 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000300)='io\x00') read$FUSE(r0, &(0x7f00000003c0)={0x2020}, 0x2020) [ 418.360860][ T6665] 140735437164544-140735437299711: ffff88806b3de0e0 [ 418.390214][ T7414] FAT-fs (loop0): Directory bread(block 64) failed 01:46:53 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r0) sendmsg$IEEE802154_ADD_IFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x20, r1, 0x1, 0x0, 0x0, {}, [@IEEE802154_ATTR_HW_ADDR={0xc}]}, 0x20}}, 0x0) 01:46:53 executing program 2: r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$DCCPDIAG_GETSOCK(r0, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f00000008c0)={0x4c, 0x13, 0xae09}, 0x4c}}, 0x0) [ 418.458754][ T7414] FAT-fs (loop0): Directory bread(block 65) failed [ 418.476589][ T6665] 140735437299712-140735437316095: 0000000000000000 [ 418.497347][ T7414] FAT-fs (loop0): Directory bread(block 66) failed [ 418.510141][ T6665] 140735437316096-140735437332479: ffff88806b3de1c0 [ 418.546585][ T7414] FAT-fs (loop0): Directory bread(block 67) failed [ 418.555514][ T7426] binder: 7422:7426 unknown command 287493 [ 418.564070][ T7414] FAT-fs (loop0): Directory bread(block 68) failed [ 418.565603][ T6665] 140735437332480-140735437340671: [ 418.584399][ T7414] FAT-fs (loop0): Directory bread(block 69) failed [ 418.605528][ T7426] binder: 7422:7426 ioctl c0306201 20001480 returned -22 [ 418.621912][ T6665] ffff88806b3de2a0 [ 418.641759][ T6665] 140735437340672-18446744073709551615: 0000000000000000 [ 418.657246][ T7414] FAT-fs (loop0): Directory bread(block 70) failed [ 418.691647][ T7414] FAT-fs (loop0): Directory bread(block 71) failed [ 418.706575][ T6665] Pass: 9532154 Run:9532264 [ 418.707919][ T7414] FAT-fs (loop0): Directory bread(block 72) failed [ 418.711105][ T6665] CPU: 0 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 [ 418.711137][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 418.737516][ T6665] Call Trace: [ 418.740821][ T6665] [ 418.743773][ T6665] dump_stack_lvl+0xd1/0x138 [ 418.748416][ T6665] mt_find.cold+0x8b/0x90 [ 418.750976][ T7414] FAT-fs (loop0): Directory bread(block 73) failed [ 418.752777][ T6665] ? mas_find+0x1d0/0x1d0 [ 418.752843][ T6665] find_vma+0x10c/0x1b0 [ 418.767825][ T6665] ? can_vma_merge_before+0x390/0x390 [ 418.773243][ T6665] ? walk_page_test+0x78/0x180 [ 418.778058][ T6665] walk_page_range+0x2b1/0x4a0 [ 418.782877][ T6665] ? __walk_page_range+0x780/0x780 [ 418.788055][ T6665] mlock_fixup+0x650/0x810 [ 418.792530][ T6665] apply_vma_lock_flags+0x23d/0x350 [ 418.797794][ T6665] ? mlock_fixup+0x810/0x810 [ 418.802451][ T6665] ? __ia32_sys_get_robust_list+0x400/0x400 [ 418.808400][ T6665] do_mlock+0x25a/0x6d0 [ 418.812612][ T6665] ? folio_evictable+0x270/0x270 [ 418.817621][ T6665] ? syscall_enter_from_user_mode+0x26/0xb0 [ 418.823572][ T6665] __x64_sys_mlock+0x59/0x80 [ 418.828198][ T6665] do_syscall_64+0x39/0xb0 [ 418.832667][ T6665] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 418.838598][ T6665] RIP: 0033:0x7fd3e6a8c0c9 [ 418.843043][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 418.862683][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 418.871135][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9 [ 418.879137][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000 [ 418.887139][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000 [ 418.895141][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 418.903135][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000 [ 418.911161][ T6665] [ 418.933683][ T6665] index not increased! 20ffb000 <= 20ffb000 [ 418.944595][ T6665] BUG at mt_find:6473 (1) [ 418.957714][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e [ 418.966260][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 419.084885][ T6665] 0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d [ 419.136678][ T6665] 0-536866815: 0000000000000000 [ 419.142082][ T6665] 536866816-536870911: ffff888022f0e0e0 [ 419.148057][ T6665] 536870912-553627647: ffff888022f0e1c0 [ 419.154258][ T6665] 553627648-553635839: 0000000000000000 [ 419.162480][ T6665] 553635840-553627647: ffff8880272dc9a0 [ 419.168519][ T6665] 553627648-553644031: ffff8880272dc8c0 [ 419.174592][ T6665] 553644032-553648127: ffff88807e16c7e0 [ 419.180575][ T6665] 553648128-553652223: ffff888022f0e2a0 [ 419.186722][ T6665] 553652224-116813594623: 0000000000000000 [ 419.192921][ T6665] 116813594624-116817788927: ffff888022f0e380 [ 419.201041][ T6665] 116817788928-93825002663935: 0000000000000000 [ 419.210150][ T6665] 93825002663936-93825002803199: ffff888022f0e460 [ 419.222799][ T6665] 93825002803200-140548063096831: 0000000000000000 [ 419.234207][ T6665] 140548063096832-140548063100927: ffff888022f0e540 [ 419.251412][ T6665] 140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d [ 419.274019][ T7425] loop3: detected capacity change from 0 to 32768 [ 419.319003][ T6665] 140548063100928-140548071489535: ffff888022f0e620 [ 419.326154][ T6665] 140548071489536-140548073586687: ffff888022f0e700 [ 419.331699][ T7425] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 419.333709][ T6665] 140548073586688-140548075683839: ffff888022f0e7e0 [ 419.349700][ T6665] 140548075683840-140548077780991: ffff888022f0e8c0 [ 419.352097][ T7425] BTRFS info (device loop3): force clearing of disk cache [ 419.357086][ T6665] 140548077780992-140548079878143: ffff888022f0e9a0 [ 419.371378][ T6665] 140548079878144-140548084072447: ffff888022f0ea80 [ 419.378703][ T6665] 140548084072448-140548084219903: ffff888022f0eb60 [ 419.385775][ T6665] 140548084219904-140548084948991: ffff888022f0ec40 [ 419.392865][ T7425] BTRFS info (device loop3): setting nodatasum [ 419.393314][ T6665] 140548084948992-140548085284863: ffff888022f0ed20 [ 419.399288][ T7425] BTRFS info (device loop3): allowing degraded mounts [ 419.406250][ T6665] 140548085284864-140548085288959: 0000000000000000 [ 419.422314][ T7425] BTRFS info (device loop3): enabling disk space caching [ 419.422382][ T6665] 140548085288960-140548085653503: [ 419.431100][ T7425] BTRFS info (device loop3): disk space caching is enabled [ 419.441005][ T6665] ffff888022f0ee00 [ 419.448634][ T6665] 140548085653504-140548085690367: ffff888022f0eee0 [ 419.455705][ T6665] 140548085690368-140548085710847: 0000000000000000 [ 419.463372][ T6665] 140548085710848-140548097556479: ffff88806b3de000 [ 419.469914][ T7425] BTRFS info (device loop3): enabling ssd optimizations [ 419.470769][ T6665] 140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 419.486168][ T7425] BTRFS info (device loop3): auto enabling async discard [ 419.529088][ T6665] 140548097556480-140548097601535: 0000000000000000 [ 419.545294][ T6665] 140548097601536-140548097605631: ffff88806b3de460 [ 419.552646][ T6665] 140548097605632-140548097736703: ffff88806b3de380 [ 419.553980][ T7425] BTRFS info (device loop3): clearing free space tree [ 419.560010][ T6665] 140548097736704-140735437164543: 0000000000000000 [ 419.573705][ T6665] 140735437164544-140735437299711: ffff88806b3de0e0 [ 419.580588][ T7425] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 419.581144][ T6665] 140735437299712-140735437316095: 0000000000000000 [ 419.597772][ T6665] 140735437316096-140735437332479: ffff88806b3de1c0 [ 419.599578][ T7425] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 419.604807][ T6665] 140735437332480-140735437340671: ffff88806b3de2a0 [ 419.623621][ T6665] 140735437340672-18446744073709551615: 0000000000000000 [ 419.631381][ T6665] Pass: 9534566 Run:9534677 [ 419.632857][ T7425] BTRFS info (device loop3): checking UUID tree [ 419.635971][ T6665] CPU: 0 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 [ 419.651914][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 419.661961][ T6665] Call Trace: [ 419.665230][ T6665] [ 419.668154][ T6665] dump_stack_lvl+0xd1/0x138 [ 419.672744][ T6665] mt_find.cold+0x8b/0x90 [ 419.677075][ T6665] ? mas_find+0x1d0/0x1d0 [ 419.681407][ T6665] find_vma+0x10c/0x1b0 [ 419.685559][ T6665] ? can_vma_merge_before+0x390/0x390 [ 419.690941][ T6665] ? walk_page_test+0x78/0x180 [ 419.695740][ T6665] walk_page_range+0x2b1/0x4a0 [ 419.700535][ T6665] ? __walk_page_range+0x780/0x780 [ 419.705691][ T6665] mlock_fixup+0x650/0x810 [ 419.710150][ T6665] apply_vma_lock_flags+0x23d/0x350 [ 419.715384][ T6665] ? mlock_fixup+0x810/0x810 [ 419.720020][ T6665] ? __ia32_sys_get_robust_list+0x400/0x400 [ 419.725963][ T6665] do_mlock+0x25a/0x6d0 [ 419.730163][ T6665] ? folio_evictable+0x270/0x270 [ 419.735147][ T6665] ? syscall_enter_from_user_mode+0x26/0xb0 [ 419.741076][ T6665] __x64_sys_mlock+0x59/0x80 [ 419.745690][ T6665] do_syscall_64+0x39/0xb0 [ 419.750139][ T6665] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 419.756057][ T6665] RIP: 0033:0x7fd3e6a8c0c9 [ 419.760491][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 419.780113][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 419.788552][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9 [ 419.796542][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000 [ 419.804528][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000 [ 419.812513][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 419.820501][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000 [ 419.828516][ T6665] [ 419.837209][ T6665] index not increased! 20ffb000 <= 20ffb000 [ 419.843173][ T6665] BUG at mt_find:6473 (1) [ 419.847605][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e [ 419.859525][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 01:46:54 executing program 3: syz_mount_image$btrfs(&(0x7f00000051c0), &(0x7f0000005200)='./file0\x00', 0x1000008, &(0x7f0000000280)={[{@datacow}, {@clear_cache}, {@nodatasum}, {@rescan_uuid_tree}, {}, {@space_cache_v1}]}, 0xfe, 0x51ab, &(0x7f0000005280)="$eJzs3V9oVFceB/Az+aPxDyY+xV32wX1YWcUFWRF2UdggGF2Whdn1YVnYrFlZxT+7JUgDwb5YS2lBxGCgthSKD33pS0mlUFqqBAsthYogVloUW0teWiiESsGXlpK590xmzvVmxlQbq5+PJHfO/d1z7pnhPsx3zLkTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIRwcM3Kv+xaPb2urD7dP3bq6LLt507vP3ljaGjLlRAqtf2VvL5n+66/79+95689scPw37JtX1/ZkFnXz7PGkqads/2af/4TQuhOBujMtzs6G/pW0hOEI8UB53XgZv/o5u7BaxN3zmy8eP3QhuJTZ1bPYk9gseTX1fTctTRQ+92RHFFvN1x6laZLNOufXnA/yZMAAO7JpmptU387mr/FrbePpfWkPZC0x5N2fIcw3thYiGzcJWXzXJvWF2meA1lUWFo6z6Sev/71djXtn7STqHEP82w+NI80PWXzHEnqizVPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIfJqx9euvTcy+u3ldWn+8dOHV22/dzp/SdvDA1tuRJCX21/JStXlv+q8w+fLtt57fiRN36zr+ftk515v7jtajg4fBIf/LE3hL0Nlek47JerQqg2F2rN8FKxcLD24M+xAAAAwKPkF7XfHfV2Fge7m9qVWpqs1P5FWVg8cLN/dHP34LWJO2c2Xrx+aMPCx6uWjDdw1/Hq7b65n0pDMI7xNx1vrh4PPVIYZ37piGme/2zmyVsXJn7777L+hfzfN3/+j6+c/A8AAMCPIf+n48yvVf6/+s7zT3UN7n2vrH8h/69tOmUh/8cZx/zfERaW/wEAAOBh9qDz/0BhnPm1yv/fnZ86f/nb46+U9S/k/03t5f+uxmnHnR/FCR/uDWFTq6kDAAAAJeL/u899tBDzevbJQZrXO2ZGe6d6blwtG6+Q/wfay//d9/2ZAQAAAAv1v7F/Hb8wNn6zrF7I/9X28v/SBz5zAAAAoF37Tvz/3PoNIyvL6oX8P9xe/l+eb/OVD1mn9+NfIUz0htAz+2AkK3wQxv9ULwAAAAD3SczpX41u/f7jwel3y44r5P+R+e//H+90ENf/N93/r7D+v6GQ3fVvqxsDAAAA8DgqruePt8fPvrmg7Pv3213/f+uXO3b9d+c/vig7fyH/H2sv/3c2bu/n9/8BAADAAvzcvv/vn4Vx5tfq/v/fDN36et3hZwfL+hfy/3h7+T9uVzQ+van4+jzTG8Ka2Qf53QRfi6c7nBQmuxsK2Quf9Ngde+SFyaUNhZqRpMfve0P49eyDY0lhdSyMJ4WZVXnhbFK4HAv59VAvvJ4UpuKV9sKqfLpp4a1YyBdYTMYVFCvqSyKSHrfLeswW7trjev3kAAAAj5UYnvMs293cDGmUnay0OmB5qwM6Wh3Q2eqAruSA9MCy/WG4uRD3v7jtd7evPPHm06FEIf+fbS//x5diSbYpW/8f4vr//HsN6+v/h2OhLylMxkI1vWNANZ4jC7sn4jn6qnmPmTX1AgAAADzS4ucCnYs8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5g7/6D7KrqA4Cf/f0jm91FHAFJNYqA6ZDNJjFKK1MC1UFxpi4OdZw60UR2g9ssJCZhICnthEA7U5hUVKa1o0NDHUdpkUY6jlK1pEyBcaRTm7ZMxWhl/EFtaxnGSodSm87be8/d+87dm/dCdiFLP58/9p33vufnfT/2nXvvOxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD/h38ZWPMb+1f89Py6+PfPuOHDewcuve+jWw8c3bRpw5EQJmYf78jCHYMrui785sBlj+3f+flzp/rvP9Cbl8vjYVnjT2d+55ai1uUhfLEjhO40sHooC/Tk94difSuGQjgtzAWKElODWYm04fDQQAgHw1ygqOr+gRCGSoErjzz4wIFG4o6BEM4NIfSlbXy7L2tjIA2c15sFBtPA9u4s8F/HMkXgS51ZAE5afDMUL/pDE80ZRucvV/P661mwjr240uF1xcRofb4fX7LInSrpTR+YOKmnrVIdi6Ly9jjs3bYE3m2V7Xy7p638RSr/hnJsLtQXOientm65bmZ3fKQzjI111dW0SM/z40/feNWJpJfM6zB2YHRBXofP3vme68+afMuNt24/54m177vg6Ml2s27zLra+kL/mlszzGG30ebIE3n6Vb0krfekKIfzcB7tv6vrtI5+qi1fm/6PHn//Hl3O87WzKHWt9bjibm8dHhmLiqeFsbg4AAABLxlLYa/qjs1/xe6s61zxeV19l/r+yveP/8ZB/PpnPRns4hI2ziZtHQjhz9vEscHds7gMjIbxmNjXRHLgkCRwO4azZxKqiqqREfyyxMgk8OZwHNiaBh2NgIgl8OgZuTwK3xMChJHBVDBxOApfGQJhuHsfPD+fjaDswEAObs414KJ6F8JPh2Fqyrb5VVAUAALBA8tlhT/Pd0rkOJ5shTi8PDbTKEM/Ars3Ql9SQzmCLaVVtDd2tauhsVUMx7n3HH36l5o5WNVdOw+hoznDpK/7w/BVfu+ELoUZl/j9+/Pl/3zwd6agc/w/hitm/MXdnHpkp4psnmjIAAAAAJ2HtG2a+9idnv+nNdfHK/H9je+f/x30iXaXM4dG4G2LbSAjjzYGs2jdXA9lR72V5AAAAAJaC4nh8cSx8Or/NTtFO59PV/BMnmD8e+N84b/5fCpOnb/vBUxvq+luZ/0+0d/7/YPNt1omHYy8+NhJCfynwSOxlIzBrZQx89+LmQD7+h+MGuC1WlZ+YUFR1WyyxOQbGk8DBuhLfKEqc2RzIn6yi8ZuLcUznJUoBAAAAeMHF3QHxuHw8///Ctd/70KaP7/1cXbnK/H/ziZ3/PzsPrpzeP7MshDXdIXSlPwx4dDBbGDAGhjryxFcHs7q60qpuGgzhosbA0qqeyNf/707XGDwykFUVA2e+9rNPn9dIfGoghDXlwGPvvWt2x8juJFA0/qsDIby6Mdq08S/0Z433pI3/QX8IryoFiqo+0B9Co7HetKoH+/LrGKRV/VlfCKeXAkVVb+wLYU8AYImK/0onyw/u2rN325aZmamdi5iI+/AHwtbpmamxq7bPTPbV9Gky6XPTMkY3VcfU2ebYj+ZLFN1z+dhIO+nid4Lj5b7k+/ErJw7m9+N3oZ7Zca7rabq7Ph3y68+pNpEO6cUY8mC5krknsVJ/zN8bloX+63ZN7Ry7Ycvu3TvXZn/bzb4u+xsPM2Xbam26rQbn61sbL492F0N/vtuq6TJXa3Zfs2PNrj17V09fs+Xqqaunrn3D+LrxdevHN7zpwjWNUY1nf1sM9fz5qk6Geuyu6hDavQbU8x3qK7tLlbwQnxoSEhJLLbHl4q/+5b1nfWJZ3cdPZf6/4/jz//ipEz/58/UZ6o7/j8bD/Nnjc4f5N8fAwXaP/4/WHc0vTgxYmQT2xcA+h/kBAAB4aYi7G+PezLhXuuem1WN//MlHnqwrV5n/72vv9/8LtP5/sXT95XXL/K+KJcbr1v9Pl/kv1v/fV7f+f7rMf7H+/8EXYf3/64pAskl+Yv1/AADgpeCFW/+/5fL+6QUCKhlaLu+fXiCgkqHlMv7tXiDghNf/f/tzr+u55iOvviXUqMz/b29v/m/hfgAAADh13HVkQ8eD//o/D9XFK/P/g+3N/1/49f9C3fn/K+sCE3ULA1r/DwAAgCWqbv2/9a/78ebP/WzFD+vKVeb/h9qb/8fTLjqbcsdanxvO1rQL6Zp2Tw0XPxkAAACApaEzjI21u6Jp08qolzz/Nh/PlwI9Xrrsr758zT8+8tb39tfVV5n/H25v/t/0u4xn73zP9WdNvuXG527dfs4Ta993wdG54/8AAADA4ml3vwQAAAAAAAAAAAAAAPDie3rv5Lv++ew7P1MXr/z+P1wx+3jd7//jdf/i7wte3pQ71tp6/b/8/pXvuHfP7JKFjw6HcE45sG3/ttNCfm3+88uBBzatOqOR2J+W+Mp3Lv1BI/H+NPC21S97ppG4KAlsjosknpUG4lUVn1meBOLyin+fBuL2OJQGevPA7y7PxtGRbqsfDWXbqiPdVo8PhTBSChTb6otDWRsd6QDvSALFAD+UBuIAfyUPdKa9undZ1qsYGIpF/2hZ1isAAE5Z8VtgT9g6PTM1Hr/Cx9tXdjffRk1Llt1UrbajzeaP5kuT3XP52Eg76a70u+jctcZ7Ql9jCGsrX1fLWTpmR7kwtbTYdC+vGXKr1d7a/XX2iW663voRDWQjGrtq+8xkT8uBr2+dZV13yyxrK5OdcpbO2U3aRi1t9KWNEbW5bdrocrzfGcbGupJcvxiDo6HJQr0iyuv81b0Kynn2Tb7xb75x7Nihuvoq8//R9ub/feVxPZNfDGBfvLLezSMhnNnmiAAAAIB2fevL/7Ru+yd+55709ort1956weCPLq4rV5n/r2xv/h93jOWHgrO9HYfj9f+L+f9oFrg7NveBkRBeM5uaiCWyC+pfHkuMZ4G74w6TVbHE5onmqvpj4FASeHI4DxxOAg/HQL6X4rMh35XzkeEQNsymrmgusSOWGE0C74yBlUlgLAbGk8DyGNiYBP59eR6YSAJfj4Ew3byt/ny5vSsAAMDzkM+zeprvhnSed6i7VYaOVhkGW2XobJWhr1WGulHE+/fFDD3JySsdpUw9aa0DSS2VDPFi+Cfcr0qG8I3mnGnBStPx/IPifIOO5gz/dtnrv33erlXtX/9/vL35/2Dzbdb6w3H+P3f9vyzwSOzex+Kp4ytj4LsXNwfyHQMPx8nubUVVE3mJfNJ+WyyxMQZWJoEdMbAxCWy+Ig8cPKM5kM+0i8ZvLhqfzkuUAgAAAPCCizsI4m6aOP//0/+++3MH/uHav64rV5n/b2xv/h/bW1Zu7Jai1uUhfLFjrjdFYPVQFoj7MYbiz+NXDIVwWmkHR1FiajAr0Zs0HB4ayH6h3ptWdf9AtsZAvH/lkQcfONBI3DEQwrmlvS9FG9/uy9oYSAPn9WaBwTSwvTsLxD0/ReBLnVkATlqxVzC+oPJTXQqj85eref29VK4Jmg6vsg90nnzz/eZqsfSlD+T7VAsn9rRVqmNRVN4eh73bluK7bdS7rfxFKv+Gcmwu1Bc6J6e2brluZnd8pPxL1opFep7Lv1JtJ70Ar8N9z7+3rfWlHRhPPj7G5y83/+uwI1b37J3vuf6sybfceOv2c55Y+74LjrbdjRrxh8Lv/uTLRsubd7H1hfw1t+Q+TyZ8nizFfwMrPW2NGexTv//V//jp4z+ri1fm/xPtzf+7k9tZz8aNuWskhNeXNu6jcfP/8kj2OVgKZJ+Sp1cD2SH37w3XfnICAADAQit2dxT7C6bz2+yE8HSeXM0/cYL54/6KjfPmb7ffW29+aP8P/+6Or9TFK/P/zcef//cn3XT83/F/Fonj//M61XdF96cP7DupXdGV6lgUjv/P61R/tzn+Py/H/x3/n4/j/y04/j+vU/1pq3xL2uFLVwjh6++/8+33bP+18+rilfn/jvbm/9b/m3/RvmL9v8116//tqFv/b5/1/wAAgEVVs9BcOs+rrN5XyZCu3lfJ0HKBwJZLDFr/74TX/3vrO//3+mOvuGRnqFGZ/+9rb/4fXw7Lyq0vlfX/Vl5RU9XtMbDDwoAAAACciup2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDievcvPLl8029eOF0X//4ZN3x478Cl931064GjmzZtOBJClrUjC3cMrui68JsDlz22f+fnz53qv/9AX16uJ789uyl3rPW54RAOlh4Ziomnhht35gJXvuPePd2NxKPDIZxTDmzbv+20RuLTwyGcXw48sGnVGY3E/rTEV75z6Q8aifengbetftkzjcRFeaAj7e4nl2fd7Ui7e2B5CCOlQNHdX1/eXFXRxmV5oDNt4zNDWRsxMBSLfnwoayMGZmKJ6f4Q1nSH0JVW9bW+rKqutKq/6Muq6kqr+q2+EC4KIXSnVX2nN6uqOx353/ZmVcXAma/97NPnNRIHe0NYUw489t67NjQSH0oCRePv6g3h1Y2XTNr4fT1Z4z1p43f0hPCqEEJvWuI/u7MSvWmJJ7pDOL0UKBr/YHcIewIvCfHDZ7L84K49e7dtmZmZ2rmIid68rYGwdXpmauyq7TOTfUmf6nSU0sduOn78eI4+feNVjdt7Lh8baSfdnZfrme3yup6mu+sXqvftOtHex34NliuZez4q9cf8vWFZ6L9u19TOsRu27N69c232t93s67K/XXk021ZrF2pbdbYoHz3fbXV+uZI1u6/ZsWbXnr2rp6/ZcvXU1VPXvmF83fi69eMb3nThmsaoxrO/CzHUu44fX4yhvrK7VMkL8QEgISGx1BKdTZ9u46f6P73KF/25jvaEvtkP6Mq0opylY3aUCzHoS6rxrkUadGVKUhnR2srEoZJlXess6yuTibksA1mW2e91lclhuabO2U0a73eGsbHazTLafLe8eX88z+Zt1+P5pms3DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/B87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3DqNnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBSAAAA//+3Rsqd") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.current\x00', 0x275a, 0x0) write$binfmt_script(r0, 0x0, 0x208e24b) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) ioctl$BTRFS_IOC_SNAP_CREATE(r1, 0x9408, 0x0) 01:46:54 executing program 4: r0 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$link(0x8, 0x0, r0) 01:46:54 executing program 2: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x18, 0x4, &(0x7f0000001140)=@framed={{}, [@call]}, &(0x7f0000001180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) 01:46:54 executing program 5: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x14, &(0x7f0000001280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) 01:46:54 executing program 1: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r3 = dup(0xffffffffffffffff) mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:46:54 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./bus\x00', 0x2, &(0x7f0000000100)={[{@shortname_winnt}, {@uni_xlate}, {}, {@rodir}, {@shortname_lower}, {@iocharset={'iocharset', 0x3d, 'macromanian'}}, {@shortname_winnt}, {@rodir}, {@utf8no}, {@iocharset={'iocharset', 0x3d, 'macturkish'}}, {@utf8no}, {@iocharset={'iocharset', 0x3d, 'iso8859-2'}}, {@rodir}, {@rodir}, {@shortname_mixed}, {@fat=@check_strict}]}, 0x82, 0x25e, &(0x7f0000000580)="$eJzs3b9rU2sYB/AnTW6bW7ikw4Vyyx3iKEhoK+6VoiAUFCT4Y7LYitJEwUKgIm03Z8FRJ3cd/QMcRNwcXFWQqrjo1qFwJD1pakrSFml7iv18hvbhnPM97/uSF84bSN5c+78+N5OLiB8rUSzmojAxORGruRiKvshHajkAgD/JapLE9ySVdV8AgIPh+Q8AR88un/8XDrBLAMA+8/4fAI6ei1eubnzCrxhRf9CoNqrp//T86RtxK2oxuxxRirWIdKGQrhaaf8+emzozWm76PBTV+lIrv9So5jvyMRalGGrlk878WDm1nr/fTNVzjepfMdjKvx+M2RiPUvzbPT/+a77V/sb42u1XohRvr8edqMVMNLOb+cWxcnny/FS5s/8D69dtx4IJAAAAAAAAAAAAAAAAAAAAAIDfVSm3dd2/p1LpdT7Nt/fXGY1SrCUD3fbnGe2yP0+jWoiRQrZjBwAAAAAAAAAAAAAAAAAAgMNifqE/pmu12bvzC/fmehW3Xz97+Xdsf02zKO5wn7RIkrTp9pEkH7Fjas+Lf459eryXN8xFFqPoXTRfr8hF7E8Tr1Zu/ndyfvhUx6njJ0qXPjx6+jWLIXfMqB7FdP7dt8sjD9/sbevPtx7pPxwTYEsx/GRi+sXixy+7nj8AAAAAAAAAAAAAAAAAAMAB2/zSb9Y9AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDsbP7+/0bRFxGdR3oUucLO16wXWY8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB+BgAA//+v555g") open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) [ 419.896838][ T6665] 0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d [ 419.950310][ T6665] 0-536866815: 0000000000000000 01:46:54 executing program 4: r0 = socket$vsock_stream(0x28, 0x1, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r0, &(0x7f0000001fc0)={0x0, 0x0, &(0x7f0000001f80)={0x0}}, 0x5) 01:46:54 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000001c0)={0x18, 0x3, 0x1, 0x201, 0x0, 0x0, {}, [@CTA_FILTER={0x4}]}, 0x18}}, 0x0) [ 419.990047][ T7455] loop0: detected capacity change from 0 to 256 [ 420.056074][ T6665] 536866816-536870911: ffff888022f0e0e0 [ 420.059235][ T7461] binder: BINDER_SET_CONTEXT_MGR already set 01:46:54 executing program 5: bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x2, [@int={0x0, 0x0, 0x0, 0x12}]}}, &(0x7f0000000100)=""/177, 0x2a, 0xb1, 0x1}, 0x20) [ 420.122305][ T6665] 536870912-553627647: ffff888022f0e1c0 [ 420.146807][ T7461] binder: 7456:7461 ioctl 4018620d 20000000 returned -16 [ 420.167138][ T7455] FAT-fs (loop0): Directory bread(block 64) failed [ 420.186528][ T7455] FAT-fs (loop0): Directory bread(block 65) failed [ 420.208029][ T7455] FAT-fs (loop0): Directory bread(block 66) failed 01:46:55 executing program 4: bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x1d, 0x3, &(0x7f0000000240)=@framed, &(0x7f00000000c0)='GPL\x00', 0x2, 0x90, &(0x7f0000000100)=""/144, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) [ 420.231850][ T7455] FAT-fs (loop0): Directory bread(block 67) failed [ 420.258152][ T6665] 553627648-553635839: 0000000000000000 [ 420.280098][ T7455] FAT-fs (loop0): Directory bread(block 68) failed [ 420.304612][ T6665] 553635840-553627647: ffff8880272dc9a0 [ 420.318781][ T7455] FAT-fs (loop0): Directory bread(block 69) failed 01:46:55 executing program 1: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r3 = dup(0xffffffffffffffff) mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:46:55 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_PKTINFO(r0, 0x10e, 0x3, &(0x7f0000000400)=0x909fdfc, 0x4) [ 420.350081][ T7455] FAT-fs (loop0): Directory bread(block 70) failed [ 420.358061][ T6665] 553627648-553644031: ffff8880272dc8c0 [ 420.379114][ T7455] FAT-fs (loop0): Directory bread(block 71) failed [ 420.393898][ T6665] 553644032-553648127: ffff88807e16c7e0 [ 420.427485][ T7455] FAT-fs (loop0): Directory bread(block 72) failed [ 420.448340][ T6665] 553648128-553652223: ffff888022f0e2a0 [ 420.466524][ T7455] FAT-fs (loop0): Directory bread(block 73) failed [ 420.485035][ T6665] 553652224-116813594623: 0000000000000000 [ 420.532558][ T7478] binder: BINDER_SET_CONTEXT_MGR already set [ 420.578270][ T6665] 116813594624-116817788927: ffff888022f0e380 [ 420.579683][ T7478] binder: 7476:7478 ioctl 4018620d 20000000 returned -16 [ 420.584724][ T6665] 116817788928-93825002663935: 0000000000000000 [ 420.584756][ T6665] 93825002663936-93825002803199: ffff888022f0e460 [ 420.584784][ T6665] 93825002803200-140548063096831: 0000000000000000 [ 420.750092][ T6665] 140548063096832-140548063100927: ffff888022f0e540 [ 420.798466][ T6665] 140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d [ 420.892049][ T6665] 140548063100928-140548071489535: ffff888022f0e620 [ 420.900894][ T6665] 140548071489536-140548073586687: ffff888022f0e700 [ 420.920251][ T6665] 140548073586688-140548075683839: ffff888022f0e7e0 [ 420.928463][ T6665] 140548075683840-140548077780991: ffff888022f0e8c0 [ 420.935532][ T6665] 140548077780992-140548079878143: ffff888022f0e9a0 [ 420.943098][ T6665] 140548079878144-140548084072447: ffff888022f0ea80 [ 420.950417][ T6665] 140548084072448-140548084219903: ffff888022f0eb60 [ 420.959594][ T6665] 140548084219904-140548084948991: ffff888022f0ec40 [ 420.969203][ T6665] 140548084948992-140548085284863: ffff888022f0ed20 [ 420.976275][ T6665] 140548085284864-140548085288959: 0000000000000000 [ 420.984805][ T6665] 140548085288960-140548085653503: ffff888022f0ee00 [ 420.992147][ T6665] 140548085653504-140548085690367: ffff888022f0eee0 [ 420.999709][ T6665] 140548085690368-140548085710847: 0000000000000000 [ 421.007005][ T6665] 140548085710848-140548097556479: ffff88806b3de000 [ 421.014078][ T6665] 140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 421.065934][ T6665] 140548097556480-140548097601535: 0000000000000000 [ 421.073367][ T6665] 140548097601536-140548097605631: ffff88806b3de460 [ 421.082904][ T6665] 140548097605632-140548097736703: ffff88806b3de380 [ 421.091608][ T6665] 140548097736704-140735437164543: 0000000000000000 [ 421.098956][ T6665] 140735437164544-140735437299711: ffff88806b3de0e0 [ 421.106026][ T6665] 140735437299712-140735437316095: 0000000000000000 [ 421.113472][ T6665] 140735437316096-140735437332479: ffff88806b3de1c0 [ 421.121708][ T6665] 140735437332480-140735437340671: ffff88806b3de2a0 [ 421.129127][ T6665] 140735437340672-18446744073709551615: 0000000000000000 [ 421.136993][ T6665] Pass: 9563089 Run:9563201 [ 421.141608][ T6665] CPU: 0 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 [ 421.151444][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 421.155057][ T7473] loop3: detected capacity change from 0 to 32768 [ 421.161499][ T6665] Call Trace: [ 421.161511][ T6665] [ 421.161521][ T6665] dump_stack_lvl+0xd1/0x138 [ 421.161565][ T6665] mt_find.cold+0x8b/0x90 [ 421.161605][ T6665] ? mas_find+0x1d0/0x1d0 [ 421.161655][ T6665] find_vma+0x10c/0x1b0 [ 421.161686][ T6665] ? can_vma_merge_before+0x390/0x390 [ 421.161723][ T6665] ? walk_page_test+0x78/0x180 [ 421.161765][ T6665] walk_page_range+0x2b1/0x4a0 [ 421.161808][ T6665] ? __walk_page_range+0x780/0x780 [ 421.161873][ T6665] mlock_fixup+0x650/0x810 [ 421.161930][ T6665] apply_vma_lock_flags+0x23d/0x350 [ 421.161979][ T6665] ? mlock_fixup+0x810/0x810 [ 421.162036][ T6665] ? __ia32_sys_get_robust_list+0x400/0x400 [ 421.162084][ T6665] do_mlock+0x25a/0x6d0 [ 421.162131][ T6665] ? folio_evictable+0x270/0x270 [ 421.241269][ T6665] ? syscall_enter_from_user_mode+0x26/0xb0 [ 421.247199][ T6665] __x64_sys_mlock+0x59/0x80 [ 421.251808][ T6665] do_syscall_64+0x39/0xb0 [ 421.256255][ T6665] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 421.262172][ T6665] RIP: 0033:0x7fd3e6a8c0c9 [ 421.266605][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 421.286236][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 421.294666][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9 [ 421.302646][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000 [ 421.310626][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000 [ 421.318606][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 421.326590][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000 [ 421.334591][ T6665] [ 421.354121][ T7473] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 421.357875][ T6665] index not increased! 20ffb000 <= 20ffb000 [ 421.365430][ T7473] BTRFS info (device loop3): force clearing of disk cache [ 421.370269][ T6665] BUG at mt_find:6473 (1) [ 421.381503][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e [ 421.390159][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 421.390951][ T7473] BTRFS info (device loop3): setting nodatasum [ 421.427234][ T6665] 0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d [ 421.427505][ T6665] 0-536866815: 0000000000000000 [ 421.427531][ T6665] 536866816-536870911: ffff888022f0e0e0 [ 421.427558][ T6665] 536870912-553627647: ffff888022f0e1c0 [ 421.427585][ T6665] 553627648-553635839: 0000000000000000 [ 421.427610][ T6665] 553635840-553627647: ffff8880272dc9a0 [ 421.427636][ T6665] 553627648-553644031: [ 421.443879][ T7473] BTRFS info (device loop3): allowing degraded mounts [ 421.501017][ T6665] ffff8880272dc8c0 [ 421.528038][ T6665] 553644032-553648127: ffff88807e16c7e0 [ 421.533973][ T6665] 553648128-553652223: ffff888022f0e2a0 [ 421.539843][ T7473] BTRFS info (device loop3): enabling disk space caching [ 421.539932][ T6665] 553652224-116813594623: 0000000000000000 [ 421.552767][ T7473] BTRFS info (device loop3): disk space caching is enabled [ 421.553097][ T6665] 116813594624-116817788927: ffff888022f0e380 [ 421.566847][ T6665] 116817788928-93825002663935: 0000000000000000 [ 421.574278][ T6665] 93825002663936-93825002803199: ffff888022f0e460 [ 421.581918][ T6665] 93825002803200-140548063096831: 0000000000000000 [ 421.590342][ T6665] 140548063096832-140548063100927: ffff888022f0e540 [ 421.597445][ T6665] 140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d [ 421.603330][ T7473] BTRFS info (device loop3): enabling ssd optimizations [ 421.652506][ T6665] 140548063100928-140548071489535: ffff888022f0e620 [ 421.652555][ T6665] 140548071489536-140548073586687: ffff888022f0e700 [ 421.652581][ T6665] 140548073586688-140548075683839: ffff888022f0e7e0 [ 421.652608][ T6665] 140548075683840-140548077780991: ffff888022f0e8c0 [ 421.652636][ T6665] 140548077780992-140548079878143: ffff888022f0e9a0 [ 421.652663][ T6665] 140548079878144-140548084072447: ffff888022f0ea80 [ 421.652690][ T6665] 140548084072448-140548084219903: ffff888022f0eb60 [ 421.652719][ T6665] 140548084219904-140548084948991: ffff888022f0ec40 [ 421.652746][ T6665] 140548084948992-140548085284863: ffff888022f0ed20 [ 421.652773][ T6665] 140548085284864-140548085288959: 0000000000000000 [ 421.652801][ T6665] 140548085288960-140548085653503: ffff888022f0ee00 [ 421.652829][ T6665] 140548085653504-140548085690367: ffff888022f0eee0 [ 421.652856][ T6665] 140548085690368-140548085710847: 0000000000000000 [ 421.652883][ T6665] 140548085710848-140548097556479: ffff88806b3de000 [ 421.652910][ T6665] 140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 [ 421.683960][ T7473] BTRFS info (device loop3): auto enabling async discard [ 421.688827][ T6665] contents: [ 421.712904][ T7473] BTRFS info (device loop3): clearing free space tree [ 421.718153][ T6665] 0000000000000000 140548097601535 [ 421.726535][ T7473] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 421.730863][ T6665] ffff88806b3de460 140548097605631 [ 421.737874][ T7473] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 421.752467][ T6665] ffff88806b3de380 140548097736703 [ 421.795591][ T7473] BTRFS info (device loop3): checking UUID tree [ 421.802862][ T6665] 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 421.873147][ T6665] 140548097556480-140548097601535: 0000000000000000 [ 421.885849][ T6665] 140548097601536-140548097605631: ffff88806b3de460 01:46:56 executing program 3: syz_mount_image$btrfs(&(0x7f00000051c0), &(0x7f0000005200)='./file0\x00', 0x1000008, &(0x7f0000000280)={[{@datacow}, {@clear_cache}, {@nodatasum}, {@rescan_uuid_tree}, {}, {@space_cache_v1}]}, 0xfe, 0x51ab, &(0x7f0000005280)="$eJzs3V9oVFceB/Az+aPxDyY+xV32wX1YWcUFWRF2UdggGF2Whdn1YVnYrFlZxT+7JUgDwb5YS2lBxGCgthSKD33pS0mlUFqqBAsthYogVloUW0teWiiESsGXlpK590xmzvVmxlQbq5+PJHfO/d1z7pnhPsx3zLkTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIRwcM3Kv+xaPb2urD7dP3bq6LLt507vP3ljaGjLlRAqtf2VvL5n+66/79+95689scPw37JtX1/ZkFnXz7PGkqads/2af/4TQuhOBujMtzs6G/pW0hOEI8UB53XgZv/o5u7BaxN3zmy8eP3QhuJTZ1bPYk9gseTX1fTctTRQ+92RHFFvN1x6laZLNOufXnA/yZMAAO7JpmptU387mr/FrbePpfWkPZC0x5N2fIcw3thYiGzcJWXzXJvWF2meA1lUWFo6z6Sev/71djXtn7STqHEP82w+NI80PWXzHEnqizVPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIfJqx9euvTcy+u3ldWn+8dOHV22/dzp/SdvDA1tuRJCX21/JStXlv+q8w+fLtt57fiRN36zr+ftk515v7jtajg4fBIf/LE3hL0Nlek47JerQqg2F2rN8FKxcLD24M+xAAAAwKPkF7XfHfV2Fge7m9qVWpqs1P5FWVg8cLN/dHP34LWJO2c2Xrx+aMPCx6uWjDdw1/Hq7b65n0pDMI7xNx1vrh4PPVIYZ37piGme/2zmyVsXJn7777L+hfzfN3/+j6+c/A8AAMCPIf+n48yvVf6/+s7zT3UN7n2vrH8h/69tOmUh/8cZx/zfERaW/wEAAOBh9qDz/0BhnPm1yv/fnZ86f/nb46+U9S/k/03t5f+uxmnHnR/FCR/uDWFTq6kDAAAAJeL/u899tBDzevbJQZrXO2ZGe6d6blwtG6+Q/wfay//d9/2ZAQAAAAv1v7F/Hb8wNn6zrF7I/9X28v/SBz5zAAAAoF37Tvz/3PoNIyvL6oX8P9xe/l+eb/OVD1mn9+NfIUz0htAz+2AkK3wQxv9ULwAAAAD3SczpX41u/f7jwel3y44r5P+R+e//H+90ENf/N93/r7D+v6GQ3fVvqxsDAAAA8DgqruePt8fPvrmg7Pv3213/f+uXO3b9d+c/vig7fyH/H2sv/3c2bu/n9/8BAADAAvzcvv/vn4Vx5tfq/v/fDN36et3hZwfL+hfy/3h7+T9uVzQ+van4+jzTG8Ka2Qf53QRfi6c7nBQmuxsK2Quf9Ngde+SFyaUNhZqRpMfve0P49eyDY0lhdSyMJ4WZVXnhbFK4HAv59VAvvJ4UpuKV9sKqfLpp4a1YyBdYTMYVFCvqSyKSHrfLeswW7trjev3kAAAAj5UYnvMs293cDGmUnay0OmB5qwM6Wh3Q2eqAruSA9MCy/WG4uRD3v7jtd7evPPHm06FEIf+fbS//x5diSbYpW/8f4vr//HsN6+v/h2OhLylMxkI1vWNANZ4jC7sn4jn6qnmPmTX1AgAAADzS4ucCnYs8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5g7/6D7KrqA4Cf/f0jm91FHAFJNYqA6ZDNJjFKK1MC1UFxpi4OdZw60UR2g9ssJCZhICnthEA7U5hUVKa1o0NDHUdpkUY6jlK1pEyBcaRTm7ZMxWhl/EFtaxnGSodSm87be8/d+87dm/dCdiFLP58/9p33vufnfT/2nXvvOxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD/h38ZWPMb+1f89Py6+PfPuOHDewcuve+jWw8c3bRpw5EQJmYf78jCHYMrui785sBlj+3f+flzp/rvP9Cbl8vjYVnjT2d+55ai1uUhfLEjhO40sHooC/Tk94difSuGQjgtzAWKElODWYm04fDQQAgHw1ygqOr+gRCGSoErjzz4wIFG4o6BEM4NIfSlbXy7L2tjIA2c15sFBtPA9u4s8F/HMkXgS51ZAE5afDMUL/pDE80ZRucvV/P661mwjr240uF1xcRofb4fX7LInSrpTR+YOKmnrVIdi6Ly9jjs3bYE3m2V7Xy7p638RSr/hnJsLtQXOientm65bmZ3fKQzjI111dW0SM/z40/feNWJpJfM6zB2YHRBXofP3vme68+afMuNt24/54m177vg6Ml2s27zLra+kL/mlszzGG30ebIE3n6Vb0krfekKIfzcB7tv6vrtI5+qi1fm/6PHn//Hl3O87WzKHWt9bjibm8dHhmLiqeFsbg4AAABLxlLYa/qjs1/xe6s61zxeV19l/r+yveP/8ZB/PpnPRns4hI2ziZtHQjhz9vEscHds7gMjIbxmNjXRHLgkCRwO4azZxKqiqqREfyyxMgk8OZwHNiaBh2NgIgl8OgZuTwK3xMChJHBVDBxOApfGQJhuHsfPD+fjaDswEAObs414KJ6F8JPh2Fqyrb5VVAUAALBA8tlhT/Pd0rkOJ5shTi8PDbTKEM/Ars3Ql9SQzmCLaVVtDd2tauhsVUMx7n3HH36l5o5WNVdOw+hoznDpK/7w/BVfu+ELoUZl/j9+/Pl/3zwd6agc/w/hitm/MXdnHpkp4psnmjIAAAAAJ2HtG2a+9idnv+nNdfHK/H9je+f/x30iXaXM4dG4G2LbSAjjzYGs2jdXA9lR72V5AAAAAJaC4nh8cSx8Or/NTtFO59PV/BMnmD8e+N84b/5fCpOnb/vBUxvq+luZ/0+0d/7/YPNt1omHYy8+NhJCfynwSOxlIzBrZQx89+LmQD7+h+MGuC1WlZ+YUFR1WyyxOQbGk8DBuhLfKEqc2RzIn6yi8ZuLcUznJUoBAAAAeMHF3QHxuHw8///Ctd/70KaP7/1cXbnK/H/ziZ3/PzsPrpzeP7MshDXdIXSlPwx4dDBbGDAGhjryxFcHs7q60qpuGgzhosbA0qqeyNf/707XGDwykFUVA2e+9rNPn9dIfGoghDXlwGPvvWt2x8juJFA0/qsDIby6Mdq08S/0Z433pI3/QX8IryoFiqo+0B9Co7HetKoH+/LrGKRV/VlfCKeXAkVVb+wLYU8AYImK/0onyw/u2rN325aZmamdi5iI+/AHwtbpmamxq7bPTPbV9Gky6XPTMkY3VcfU2ebYj+ZLFN1z+dhIO+nid4Lj5b7k+/ErJw7m9+N3oZ7Zca7rabq7Ph3y68+pNpEO6cUY8mC5krknsVJ/zN8bloX+63ZN7Ry7Ycvu3TvXZn/bzb4u+xsPM2Xbam26rQbn61sbL492F0N/vtuq6TJXa3Zfs2PNrj17V09fs+Xqqaunrn3D+LrxdevHN7zpwjWNUY1nf1sM9fz5qk6Geuyu6hDavQbU8x3qK7tLlbwQnxoSEhJLLbHl4q/+5b1nfWJZ3cdPZf6/4/jz//ipEz/58/UZ6o7/j8bD/Nnjc4f5N8fAwXaP/4/WHc0vTgxYmQT2xcA+h/kBAAB4aYi7G+PezLhXuuem1WN//MlHnqwrV5n/72vv9/8LtP5/sXT95XXL/K+KJcbr1v9Pl/kv1v/fV7f+f7rMf7H+/8EXYf3/64pAskl+Yv1/AADgpeCFW/+/5fL+6QUCKhlaLu+fXiCgkqHlMv7tXiDghNf/f/tzr+u55iOvviXUqMz/b29v/m/hfgAAADh13HVkQ8eD//o/D9XFK/P/g+3N/1/49f9C3fn/K+sCE3ULA1r/DwAAgCWqbv2/9a/78ebP/WzFD+vKVeb/h9qb/8fTLjqbcsdanxvO1rQL6Zp2Tw0XPxkAAACApaEzjI21u6Jp08qolzz/Nh/PlwI9Xrrsr758zT8+8tb39tfVV5n/H25v/t/0u4xn73zP9WdNvuXG527dfs4Ta993wdG54/8AAADA4ml3vwQAAAAAAAAAAAAAAPDie3rv5Lv++ew7P1MXr/z+P1wx+3jd7//jdf/i7wte3pQ71tp6/b/8/pXvuHfP7JKFjw6HcE45sG3/ttNCfm3+88uBBzatOqOR2J+W+Mp3Lv1BI/H+NPC21S97ppG4KAlsjosknpUG4lUVn1meBOLyin+fBuL2OJQGevPA7y7PxtGRbqsfDWXbqiPdVo8PhTBSChTb6otDWRsd6QDvSALFAD+UBuIAfyUPdKa9undZ1qsYGIpF/2hZ1isAAE5Z8VtgT9g6PTM1Hr/Cx9tXdjffRk1Llt1UrbajzeaP5kuT3XP52Eg76a70u+jctcZ7Ql9jCGsrX1fLWTpmR7kwtbTYdC+vGXKr1d7a/XX2iW663voRDWQjGrtq+8xkT8uBr2+dZV13yyxrK5OdcpbO2U3aRi1t9KWNEbW5bdrocrzfGcbGupJcvxiDo6HJQr0iyuv81b0Kynn2Tb7xb75x7Nihuvoq8//R9ub/feVxPZNfDGBfvLLezSMhnNnmiAAAAIB2fevL/7Ru+yd+55709ort1956weCPLq4rV5n/r2xv/h93jOWHgrO9HYfj9f+L+f9oFrg7NveBkRBeM5uaiCWyC+pfHkuMZ4G74w6TVbHE5onmqvpj4FASeHI4DxxOAg/HQL6X4rMh35XzkeEQNsymrmgusSOWGE0C74yBlUlgLAbGk8DyGNiYBP59eR6YSAJfj4Ew3byt/ny5vSsAAMDzkM+zeprvhnSed6i7VYaOVhkGW2XobJWhr1WGulHE+/fFDD3JySsdpUw9aa0DSS2VDPFi+Cfcr0qG8I3mnGnBStPx/IPifIOO5gz/dtnrv33erlXtX/9/vL35/2Dzbdb6w3H+P3f9vyzwSOzex+Kp4ytj4LsXNwfyHQMPx8nubUVVE3mJfNJ+WyyxMQZWJoEdMbAxCWy+Ig8cPKM5kM+0i8ZvLhqfzkuUAgAAAPCCizsI4m6aOP//0/+++3MH/uHav64rV5n/b2xv/h/bW1Zu7Jai1uUhfLFjrjdFYPVQFoj7MYbiz+NXDIVwWmkHR1FiajAr0Zs0HB4ayH6h3ptWdf9AtsZAvH/lkQcfONBI3DEQwrmlvS9FG9/uy9oYSAPn9WaBwTSwvTsLxD0/ReBLnVkATlqxVzC+oPJTXQqj85eref29VK4Jmg6vsg90nnzz/eZqsfSlD+T7VAsn9rRVqmNRVN4eh73bluK7bdS7rfxFKv+Gcmwu1Bc6J6e2brluZnd8pPxL1opFep7Lv1JtJ70Ar8N9z7+3rfWlHRhPPj7G5y83/+uwI1b37J3vuf6sybfceOv2c55Y+74LjrbdjRrxh8Lv/uTLRsubd7H1hfw1t+Q+TyZ8nizFfwMrPW2NGexTv//V//jp4z+ri1fm/xPtzf+7k9tZz8aNuWskhNeXNu6jcfP/8kj2OVgKZJ+Sp1cD2SH37w3XfnICAADAQit2dxT7C6bz2+yE8HSeXM0/cYL54/6KjfPmb7ffW29+aP8P/+6Or9TFK/P/zcef//cn3XT83/F/Fonj//M61XdF96cP7DupXdGV6lgUjv/P61R/tzn+Py/H/x3/n4/j/y04/j+vU/1pq3xL2uFLVwjh6++/8+33bP+18+rilfn/jvbm/9b/m3/RvmL9v8116//tqFv/b5/1/wAAgEVVs9BcOs+rrN5XyZCu3lfJ0HKBwJZLDFr/74TX/3vrO//3+mOvuGRnqFGZ/+9rb/4fXw7Lyq0vlfX/Vl5RU9XtMbDDwoAAAACciup2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDievcvPLl8029eOF0X//4ZN3x478Cl931064GjmzZtOBJClrUjC3cMrui68JsDlz22f+fnz53qv/9AX16uJ789uyl3rPW54RAOlh4Ziomnhht35gJXvuPePd2NxKPDIZxTDmzbv+20RuLTwyGcXw48sGnVGY3E/rTEV75z6Q8aifengbetftkzjcRFeaAj7e4nl2fd7Ui7e2B5CCOlQNHdX1/eXFXRxmV5oDNt4zNDWRsxMBSLfnwoayMGZmKJ6f4Q1nSH0JVW9bW+rKqutKq/6Muq6kqr+q2+EC4KIXSnVX2nN6uqOx353/ZmVcXAma/97NPnNRIHe0NYUw489t67NjQSH0oCRePv6g3h1Y2XTNr4fT1Z4z1p43f0hPCqEEJvWuI/u7MSvWmJJ7pDOL0UKBr/YHcIewIvCfHDZ7L84K49e7dtmZmZ2rmIid68rYGwdXpmauyq7TOTfUmf6nSU0sduOn78eI4+feNVjdt7Lh8baSfdnZfrme3yup6mu+sXqvftOtHex34NliuZez4q9cf8vWFZ6L9u19TOsRu27N69c232t93s67K/XXk021ZrF2pbdbYoHz3fbXV+uZI1u6/ZsWbXnr2rp6/ZcvXU1VPXvmF83fi69eMb3nThmsaoxrO/CzHUu44fX4yhvrK7VMkL8QEgISGx1BKdTZ9u46f6P73KF/25jvaEvtkP6Mq0opylY3aUCzHoS6rxrkUadGVKUhnR2srEoZJlXess6yuTibksA1mW2e91lclhuabO2U0a73eGsbHazTLafLe8eX88z+Zt1+P5pms3DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/B87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3DqNnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBSAAAA//+3Rsqd") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.current\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b) r1 = open(0x0, 0x0, 0x0) ioctl$BTRFS_IOC_SNAP_CREATE(r1, 0x9408, 0x0) 01:46:56 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x10e, 0xb, 0x0, 0x0) 01:46:56 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_inet_SIOCSIFDSTADDR(r0, 0x8918, &(0x7f0000000000)={'tunl0\x00', {0x2, 0x0, @loopback}}) 01:46:56 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000240)={'sit0\x00', &(0x7f0000000300)={'sit0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x7, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @rand_addr, @rand_addr, {[@timestamp_prespec={0x44, 0x4}, @generic={0x0, 0x2}]}}}}}) 01:46:56 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) ioctl$BLKBSZGET(r0, 0x1278, 0x0) 01:46:56 executing program 1: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r3 = dup(0xffffffffffffffff) mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:46:56 executing program 0: syz_open_dev$evdev(&(0x7f0000000000), 0x20000, 0x0) 01:46:56 executing program 2: syz_io_uring_setup(0x7fb, &(0x7f0000000100)={0x0, 0xe273, 0x8}, &(0x7f0000ffb000/0x5000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000180), &(0x7f00000001c0)) 01:46:56 executing program 4: r0 = openat$procfs(0xffffff9c, &(0x7f0000000000)='/proc/timer_list\x00', 0x0, 0x0) read$alg(r0, &(0x7f0000000080)=""/124, 0xfdef) [ 421.912728][ T6665] 140548097605632-140548097736703: ffff88806b3de380 [ 421.933533][ T6665] 140548097736704-140735437164543: 0000000000000000 01:46:56 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$KVM_CREATE_VM(r0, 0x8940, 0x20000000) [ 422.061204][ T7506] binder: BINDER_SET_CONTEXT_MGR already set 01:46:56 executing program 2: syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x3, [{0x4, &(0x7f0000000140)=@lang_id={0x4}}, {0x4, &(0x7f0000000180)=@string={0x4, 0x3, "82c4"}}, {0x4, &(0x7f0000000200)=@lang_id={0x4}}]}) 01:46:56 executing program 0: dup(0xffffffffffffffff) mkdir(&(0x7f00000010c0)='./file0\x00', 0x1) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x2000, 0x61) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat(0xffffffffffffffff, &(0x7f0000000500)='./file0\x00', 0x4000, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000003c0)=0xae) sched_setscheduler(0x0, 0x5, &(0x7f0000000200)=0x7ffc) newfstatat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f00000005c0), 0x0) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r3, 0x8982, &(0x7f0000000300)={0x0, 'ip_vti0\x00', {0x900}, 0x7ff}) r5 = open(&(0x7f00000000c0)='./bus\x00', 0x14da42, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x80001d00c0d0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xff) open(&(0x7f0000000340)='./bus\x00', 0x200, 0x140) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r7}, 0x10) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r7, 0x660c) mount$overlay(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000400), 0x10000, &(0x7f0000000440)={[{@upperdir={'upperdir', 0x3d, './bus'}}, {@xino_off}, {@xino_off}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@xino_off}, {@index_off}], [{@subj_type={'subj_type', 0x3d, 'ip_vti0\x00'}}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@fsmagic={'fsmagic', 0x3d, 0x2}}]}) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz0\x00', 0x1ff) [ 422.108990][ T7506] binder: 7501:7506 ioctl 4018620d 20000000 returned -16 [ 422.116128][ T6665] 140735437164544-140735437299711: ffff88806b3de0e0 [ 422.175491][ T6665] 140735437299712-140735437316095: 0000000000000000 [ 422.239118][ T6665] 140735437316096-140735437332479: ffff88806b3de1c0 [ 422.273207][ T6665] 140735437332480-140735437340671: ffff88806b3de2a0 [ 422.323924][ T6665] 140735437340672-18446744073709551615: 0000000000000000 [ 422.423157][ T27] audit: type=1800 audit(1673401617.218:38): pid=7524 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1161 res=0 errno=0 [ 422.543956][ T7525] overlayfs: unrecognized mount option "subj_type=ip_vti0" or missing value [ 422.880734][ T6665] Pass: 9591760 Run:9591873 [ 423.129560][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 [ 423.139429][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 423.149509][ T6665] Call Trace: [ 423.152811][ T6665] [ 423.155764][ T6665] dump_stack_lvl+0xd1/0x138 [ 423.160401][ T6665] mt_find.cold+0x8b/0x90 [ 423.164775][ T6665] ? mas_find+0x1d0/0x1d0 [ 423.169156][ T6665] find_vma+0x10c/0x1b0 [ 423.173358][ T6665] ? can_vma_merge_before+0x390/0x390 [ 423.178773][ T6665] ? walk_page_test+0x78/0x180 [ 423.179363][ T27] audit: type=1804 audit(1673401617.288:39): pid=7525 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir3878708150/syzkaller.BRy09z/131/bus" dev="sda1" ino=1161 res=1 errno=0 [ 423.183551][ T6665] walk_page_range+0x2b1/0x4a0 [ 423.213258][ T6665] ? __walk_page_range+0x780/0x780 [ 423.218437][ T6665] mlock_fixup+0x650/0x810 [ 423.222916][ T6665] apply_vma_lock_flags+0x23d/0x350 [ 423.228168][ T6665] ? mlock_fixup+0x810/0x810 [ 423.232830][ T6665] ? __ia32_sys_get_robust_list+0x400/0x400 [ 423.238774][ T6665] do_mlock+0x25a/0x6d0 [ 423.242990][ T6665] ? folio_evictable+0x270/0x270 [ 423.246529][ T5367] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 423.247966][ T6665] ? syscall_enter_from_user_mode+0x26/0xb0 [ 423.261323][ T6665] __x64_sys_mlock+0x59/0x80 [ 423.265945][ T6665] do_syscall_64+0x39/0xb0 [ 423.270416][ T6665] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 423.276351][ T6665] RIP: 0033:0x7fd3e6a8c0c9 [ 423.280795][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 423.300442][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 423.308890][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9 [ 423.316886][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000 [ 423.324887][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000 [ 423.332888][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 423.340888][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000 [ 423.348909][ T6665] [ 423.553815][ T6665] index not increased! 20ffb000 <= 20ffb000 [ 423.559994][ T6665] BUG at mt_find:6473 (1) [ 423.570446][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e [ 423.586002][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 [ 423.588037][ T7515] loop3: detected capacity change from 0 to 32768 [ 423.626972][ T5367] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 423.640418][ T6665] 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 423.647070][ T7515] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 423.651465][ T6665] 0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d [ 423.669141][ T7515] BTRFS info (device loop3): force clearing of disk cache [ 423.709863][ T6665] 0-536866815: 0000000000000000 [ 423.709895][ T6665] 536866816-536870911: ffff888022f0e0e0 [ 423.709923][ T6665] 536870912-553627647: ffff888022f0e1c0 [ 423.709951][ T6665] 553627648-553635839: 0000000000000000 [ 423.709977][ T6665] 553635840-553627647: ffff8880272dc9a0 [ 423.710003][ T6665] 553627648-553644031: ffff8880272dc8c0 [ 423.710029][ T6665] 553644032-553648127: ffff88807e16c7e0 [ 423.710053][ T6665] 553648128-553652223: ffff888022f0e2a0 [ 423.710080][ T6665] 553652224-116813594623: 0000000000000000 [ 423.710106][ T6665] 116813594624-116817788927: ffff888022f0e380 [ 423.710134][ T6665] 116817788928-93825002663935: 0000000000000000 [ 423.710170][ T6665] 93825002663936-93825002803199: ffff888022f0e460 [ 423.710197][ T6665] 93825002803200-140548063096831: 0000000000000000 [ 423.710224][ T6665] 140548063096832-140548063100927: ffff888022f0e540 [ 423.710252][ T6665] 140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 [ 423.734589][ T7515] BTRFS info (device loop3): setting nodatasum [ 423.738892][ T6665] ffff888022f0e8c0 140548077780991 [ 423.741728][ T7515] BTRFS info (device loop3): allowing degraded mounts [ 423.756968][ T6665] ffff888022f0e9a0 140548079878143 [ 423.761059][ T7515] BTRFS info (device loop3): enabling disk space caching [ 423.765483][ T6665] ffff888022f0ea80 140548084072447 [ 423.772632][ T7515] BTRFS info (device loop3): disk space caching is enabled [ 423.788009][ T6665] ffff888022f0eb60 140548084219903 [ 423.846632][ T5367] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 423.851673][ T6665] ffff888022f0ec40 140548084948991 [ 423.863051][ T5367] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 423.869920][ T6665] ffff888022f0ed20 140548085284863 [ 423.875129][ T7515] BTRFS info (device loop3): enabling ssd optimizations [ 423.884083][ T6665] 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 [ 423.889761][ T5367] usb 3-1: Manufacturer: ì’‚ [ 423.897583][ T7515] BTRFS info (device loop3): auto enabling async discard [ 423.903678][ T5367] usb 3-1: SerialNumber: syz [ 423.919610][ T7515] BTRFS info (device loop3): clearing free space tree [ 423.940608][ T6665] 000000000000000d [ 423.940631][ T6665] 140548063100928-140548071489535: ffff888022f0e620 [ 423.940661][ T6665] 140548071489536-140548073586687: ffff888022f0e700 [ 423.940690][ T6665] 140548073586688-140548075683839: ffff888022f0e7e0 [ 423.940718][ T6665] 140548075683840-140548077780991: ffff888022f0e8c0 [ 423.940746][ T6665] 140548077780992-140548079878143: [ 423.963325][ T7515] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 423.971956][ T6665] ffff888022f0e9a0 [ 423.988705][ T7515] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 423.990397][ T6665] 140548079878144-140548084072447: ffff888022f0ea80 [ 424.036563][ T6665] 140548084072448-140548084219903: ffff888022f0eb60 [ 424.038055][ T7515] BTRFS info (device loop3): checking UUID tree [ 424.043519][ T6665] 140548084219904-140548084948991: ffff888022f0ec40 [ 424.043551][ T6665] 140548084948992-140548085284863: ffff888022f0ed20 [ 424.043578][ T6665] 140548085284864-140548085288959: 0000000000000000 [ 424.113560][ T6665] 140548085288960-140548085653503: ffff888022f0ee00 [ 424.136388][ T6665] 140548085653504-140548085690367: ffff888022f0eee0 [ 424.143393][ T6665] 140548085690368-140548085710847: 0000000000000000 [ 424.167848][ T6665] 140548085710848-140548097556479: ffff88806b3de000 [ 424.174842][ T6665] 140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 424.237215][ T5367] usb 3-1: USB disconnect, device number 3 [ 424.256520][ T6665] 140548097556480-140548097601535: 0000000000000000 [ 424.265978][ T6665] 140548097601536-140548097605631: ffff88806b3de460 [ 424.289094][ T6665] 140548097605632-140548097736703: ffff88806b3de380 [ 424.305112][ T6665] 140548097736704-140735437164543: 0000000000000000 [ 424.331958][ T6665] 140735437164544-140735437299711: ffff88806b3de0e0 [ 424.350843][ T6665] 140735437299712-140735437316095: 0000000000000000 [ 424.365975][ T6665] 140735437316096-140735437332479: ffff88806b3de1c0 [ 424.381045][ T6665] 140735437332480-140735437340671: ffff88806b3de2a0 [ 424.393350][ T6665] 140735437340672-18446744073709551615: 0000000000000000 [ 424.413515][ T6665] Pass: 9615328 Run:9615442 [ 424.423715][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 [ 424.433562][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 424.443641][ T6665] Call Trace: [ 424.446941][ T6665] [ 424.449894][ T6665] dump_stack_lvl+0xd1/0x138 [ 424.454537][ T6665] mt_find.cold+0x8b/0x90 [ 424.458921][ T6665] ? mas_find+0x1d0/0x1d0 [ 424.463314][ T6665] find_vma+0x10c/0x1b0 [ 424.467511][ T6665] ? can_vma_merge_before+0x390/0x390 [ 424.472923][ T6665] ? walk_page_test+0x78/0x180 [ 424.477732][ T6665] walk_page_range+0x2b1/0x4a0 [ 424.482548][ T6665] ? __walk_page_range+0x780/0x780 [ 424.487725][ T6665] mlock_fixup+0x650/0x810 [ 424.492207][ T6665] apply_vma_lock_flags+0x23d/0x350 [ 424.497474][ T6665] ? mlock_fixup+0x810/0x810 [ 424.502133][ T6665] ? __ia32_sys_get_robust_list+0x400/0x400 [ 424.508078][ T6665] do_mlock+0x25a/0x6d0 [ 424.512308][ T6665] ? folio_evictable+0x270/0x270 [ 424.517310][ T6665] ? syscall_enter_from_user_mode+0x26/0xb0 [ 424.523253][ T6665] __x64_sys_mlock+0x59/0x80 [ 424.527877][ T6665] do_syscall_64+0x39/0xb0 [ 424.532341][ T6665] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 424.538267][ T6665] RIP: 0033:0x7fd3e6a8c0c9 [ 424.542715][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 424.562356][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 424.570811][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9 01:46:59 executing program 3: syz_mount_image$btrfs(&(0x7f00000051c0), &(0x7f0000005200)='./file0\x00', 0x1000008, &(0x7f0000000280)={[{@datacow}, {@clear_cache}, {@nodatasum}, {@rescan_uuid_tree}, {}, {@space_cache_v1}]}, 0xfe, 0x51ab, &(0x7f0000005280)="$eJzs3V9oVFceB/Az+aPxDyY+xV32wX1YWcUFWRF2UdggGF2Whdn1YVnYrFlZxT+7JUgDwb5YS2lBxGCgthSKD33pS0mlUFqqBAsthYogVloUW0teWiiESsGXlpK590xmzvVmxlQbq5+PJHfO/d1z7pnhPsx3zLkTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIRwcM3Kv+xaPb2urD7dP3bq6LLt507vP3ljaGjLlRAqtf2VvL5n+66/79+95689scPw37JtX1/ZkFnXz7PGkqads/2af/4TQuhOBujMtzs6G/pW0hOEI8UB53XgZv/o5u7BaxN3zmy8eP3QhuJTZ1bPYk9gseTX1fTctTRQ+92RHFFvN1x6laZLNOufXnA/yZMAAO7JpmptU387mr/FrbePpfWkPZC0x5N2fIcw3thYiGzcJWXzXJvWF2meA1lUWFo6z6Sev/71djXtn7STqHEP82w+NI80PWXzHEnqizVPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIfJqx9euvTcy+u3ldWn+8dOHV22/dzp/SdvDA1tuRJCX21/JStXlv+q8w+fLtt57fiRN36zr+ftk515v7jtajg4fBIf/LE3hL0Nlek47JerQqg2F2rN8FKxcLD24M+xAAAAwKPkF7XfHfV2Fge7m9qVWpqs1P5FWVg8cLN/dHP34LWJO2c2Xrx+aMPCx6uWjDdw1/Hq7b65n0pDMI7xNx1vrh4PPVIYZ37piGme/2zmyVsXJn7777L+hfzfN3/+j6+c/A8AAMCPIf+n48yvVf6/+s7zT3UN7n2vrH8h/69tOmUh/8cZx/zfERaW/wEAAOBh9qDz/0BhnPm1yv/fnZ86f/nb46+U9S/k/03t5f+uxmnHnR/FCR/uDWFTq6kDAAAAJeL/u899tBDzevbJQZrXO2ZGe6d6blwtG6+Q/wfay//d9/2ZAQAAAAv1v7F/Hb8wNn6zrF7I/9X28v/SBz5zAAAAoF37Tvz/3PoNIyvL6oX8P9xe/l+eb/OVD1mn9+NfIUz0htAz+2AkK3wQxv9ULwAAAAD3SczpX41u/f7jwel3y44r5P+R+e//H+90ENf/N93/r7D+v6GQ3fVvqxsDAAAA8DgqruePt8fPvrmg7Pv3213/f+uXO3b9d+c/vig7fyH/H2sv/3c2bu/n9/8BAADAAvzcvv/vn4Vx5tfq/v/fDN36et3hZwfL+hfy/3h7+T9uVzQ+van4+jzTG8Ka2Qf53QRfi6c7nBQmuxsK2Quf9Ngde+SFyaUNhZqRpMfve0P49eyDY0lhdSyMJ4WZVXnhbFK4HAv59VAvvJ4UpuKV9sKqfLpp4a1YyBdYTMYVFCvqSyKSHrfLeswW7trjev3kAAAAj5UYnvMs293cDGmUnay0OmB5qwM6Wh3Q2eqAruSA9MCy/WG4uRD3v7jtd7evPPHm06FEIf+fbS//x5diSbYpW/8f4vr//HsN6+v/h2OhLylMxkI1vWNANZ4jC7sn4jn6qnmPmTX1AgAAADzS4ucCnYs8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5g7/6D7KrqA4Cf/f0jm91FHAFJNYqA6ZDNJjFKK1MC1UFxpi4OdZw60UR2g9ssJCZhICnthEA7U5hUVKa1o0NDHUdpkUY6jlK1pEyBcaRTm7ZMxWhl/EFtaxnGSodSm87be8/d+87dm/dCdiFLP58/9p33vufnfT/2nXvvOxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD/h38ZWPMb+1f89Py6+PfPuOHDewcuve+jWw8c3bRpw5EQJmYf78jCHYMrui785sBlj+3f+flzp/rvP9Cbl8vjYVnjT2d+55ai1uUhfLEjhO40sHooC/Tk94difSuGQjgtzAWKElODWYm04fDQQAgHw1ygqOr+gRCGSoErjzz4wIFG4o6BEM4NIfSlbXy7L2tjIA2c15sFBtPA9u4s8F/HMkXgS51ZAE5afDMUL/pDE80ZRucvV/P661mwjr240uF1xcRofb4fX7LInSrpTR+YOKmnrVIdi6Ly9jjs3bYE3m2V7Xy7p638RSr/hnJsLtQXOientm65bmZ3fKQzjI111dW0SM/z40/feNWJpJfM6zB2YHRBXofP3vme68+afMuNt24/54m177vg6Ml2s27zLra+kL/mlszzGG30ebIE3n6Vb0krfekKIfzcB7tv6vrtI5+qi1fm/6PHn//Hl3O87WzKHWt9bjibm8dHhmLiqeFsbg4AAABLxlLYa/qjs1/xe6s61zxeV19l/r+yveP/8ZB/PpnPRns4hI2ziZtHQjhz9vEscHds7gMjIbxmNjXRHLgkCRwO4azZxKqiqqREfyyxMgk8OZwHNiaBh2NgIgl8OgZuTwK3xMChJHBVDBxOApfGQJhuHsfPD+fjaDswEAObs414KJ6F8JPh2Fqyrb5VVAUAALBA8tlhT/Pd0rkOJ5shTi8PDbTKEM/Ars3Ql9SQzmCLaVVtDd2tauhsVUMx7n3HH36l5o5WNVdOw+hoznDpK/7w/BVfu+ELoUZl/j9+/Pl/3zwd6agc/w/hitm/MXdnHpkp4psnmjIAAAAAJ2HtG2a+9idnv+nNdfHK/H9je+f/x30iXaXM4dG4G2LbSAjjzYGs2jdXA9lR72V5AAAAAJaC4nh8cSx8Or/NTtFO59PV/BMnmD8e+N84b/5fCpOnb/vBUxvq+luZ/0+0d/7/YPNt1omHYy8+NhJCfynwSOxlIzBrZQx89+LmQD7+h+MGuC1WlZ+YUFR1WyyxOQbGk8DBuhLfKEqc2RzIn6yi8ZuLcUznJUoBAAAAeMHF3QHxuHw8///Ctd/70KaP7/1cXbnK/H/ziZ3/PzsPrpzeP7MshDXdIXSlPwx4dDBbGDAGhjryxFcHs7q60qpuGgzhosbA0qqeyNf/707XGDwykFUVA2e+9rNPn9dIfGoghDXlwGPvvWt2x8juJFA0/qsDIby6Mdq08S/0Z433pI3/QX8IryoFiqo+0B9Co7HetKoH+/LrGKRV/VlfCKeXAkVVb+wLYU8AYImK/0onyw/u2rN325aZmamdi5iI+/AHwtbpmamxq7bPTPbV9Gky6XPTMkY3VcfU2ebYj+ZLFN1z+dhIO+nid4Lj5b7k+/ErJw7m9+N3oZ7Zca7rabq7Ph3y68+pNpEO6cUY8mC5krknsVJ/zN8bloX+63ZN7Ry7Ycvu3TvXZn/bzb4u+xsPM2Xbam26rQbn61sbL492F0N/vtuq6TJXa3Zfs2PNrj17V09fs+Xqqaunrn3D+LrxdevHN7zpwjWNUY1nf1sM9fz5qk6Geuyu6hDavQbU8x3qK7tLlbwQnxoSEhJLLbHl4q/+5b1nfWJZ3cdPZf6/4/jz//ipEz/58/UZ6o7/j8bD/Nnjc4f5N8fAwXaP/4/WHc0vTgxYmQT2xcA+h/kBAAB4aYi7G+PezLhXuuem1WN//MlHnqwrV5n/72vv9/8LtP5/sXT95XXL/K+KJcbr1v9Pl/kv1v/fV7f+f7rMf7H+/8EXYf3/64pAskl+Yv1/AADgpeCFW/+/5fL+6QUCKhlaLu+fXiCgkqHlMv7tXiDghNf/f/tzr+u55iOvviXUqMz/b29v/m/hfgAAADh13HVkQ8eD//o/D9XFK/P/g+3N/1/49f9C3fn/K+sCE3ULA1r/DwAAgCWqbv2/9a/78ebP/WzFD+vKVeb/h9qb/8fTLjqbcsdanxvO1rQL6Zp2Tw0XPxkAAACApaEzjI21u6Jp08qolzz/Nh/PlwI9Xrrsr758zT8+8tb39tfVV5n/H25v/t/0u4xn73zP9WdNvuXG527dfs4Ta993wdG54/8AAADA4ml3vwQAAAAAAAAAAAAAAPDie3rv5Lv++ew7P1MXr/z+P1wx+3jd7//jdf/i7wte3pQ71tp6/b/8/pXvuHfP7JKFjw6HcE45sG3/ttNCfm3+88uBBzatOqOR2J+W+Mp3Lv1BI/H+NPC21S97ppG4KAlsjosknpUG4lUVn1meBOLyin+fBuL2OJQGevPA7y7PxtGRbqsfDWXbqiPdVo8PhTBSChTb6otDWRsd6QDvSALFAD+UBuIAfyUPdKa9undZ1qsYGIpF/2hZ1isAAE5Z8VtgT9g6PTM1Hr/Cx9tXdjffRk1Llt1UrbajzeaP5kuT3XP52Eg76a70u+jctcZ7Ql9jCGsrX1fLWTpmR7kwtbTYdC+vGXKr1d7a/XX2iW663voRDWQjGrtq+8xkT8uBr2+dZV13yyxrK5OdcpbO2U3aRi1t9KWNEbW5bdrocrzfGcbGupJcvxiDo6HJQr0iyuv81b0Kynn2Tb7xb75x7Nihuvoq8//R9ub/feVxPZNfDGBfvLLezSMhnNnmiAAAAIB2fevL/7Ru+yd+55709ort1956weCPLq4rV5n/r2xv/h93jOWHgrO9HYfj9f+L+f9oFrg7NveBkRBeM5uaiCWyC+pfHkuMZ4G74w6TVbHE5onmqvpj4FASeHI4DxxOAg/HQL6X4rMh35XzkeEQNsymrmgusSOWGE0C74yBlUlgLAbGk8DyGNiYBP59eR6YSAJfj4Ew3byt/ny5vSsAAMDzkM+zeprvhnSed6i7VYaOVhkGW2XobJWhr1WGulHE+/fFDD3JySsdpUw9aa0DSS2VDPFi+Cfcr0qG8I3mnGnBStPx/IPifIOO5gz/dtnrv33erlXtX/9/vL35/2Dzbdb6w3H+P3f9vyzwSOzex+Kp4ytj4LsXNwfyHQMPx8nubUVVE3mJfNJ+WyyxMQZWJoEdMbAxCWy+Ig8cPKM5kM+0i8ZvLhqfzkuUAgAAAPCCizsI4m6aOP//0/+++3MH/uHav64rV5n/b2xv/h/bW1Zu7Jai1uUhfLFjrjdFYPVQFoj7MYbiz+NXDIVwWmkHR1FiajAr0Zs0HB4ayH6h3ptWdf9AtsZAvH/lkQcfONBI3DEQwrmlvS9FG9/uy9oYSAPn9WaBwTSwvTsLxD0/ReBLnVkATlqxVzC+oPJTXQqj85eref29VK4Jmg6vsg90nnzz/eZqsfSlD+T7VAsn9rRVqmNRVN4eh73bluK7bdS7rfxFKv+Gcmwu1Bc6J6e2brluZnd8pPxL1opFep7Lv1JtJ70Ar8N9z7+3rfWlHRhPPj7G5y83/+uwI1b37J3vuf6sybfceOv2c55Y+74LjrbdjRrxh8Lv/uTLRsubd7H1hfw1t+Q+TyZ8nizFfwMrPW2NGexTv//V//jp4z+ri1fm/xPtzf+7k9tZz8aNuWskhNeXNu6jcfP/8kj2OVgKZJ+Sp1cD2SH37w3XfnICAADAQit2dxT7C6bz2+yE8HSeXM0/cYL54/6KjfPmb7ffW29+aP8P/+6Or9TFK/P/zcef//cn3XT83/F/Fonj//M61XdF96cP7DupXdGV6lgUjv/P61R/tzn+Py/H/x3/n4/j/y04/j+vU/1pq3xL2uFLVwjh6++/8+33bP+18+rilfn/jvbm/9b/m3/RvmL9v8116//tqFv/b5/1/wAAgEVVs9BcOs+rrN5XyZCu3lfJ0HKBwJZLDFr/74TX/3vrO//3+mOvuGRnqFGZ/+9rb/4fXw7Lyq0vlfX/Vl5RU9XtMbDDwoAAAACciup2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDievcvPLl8029eOF0X//4ZN3x478Cl931064GjmzZtOBJClrUjC3cMrui68JsDlz22f+fnz53qv/9AX16uJ789uyl3rPW54RAOlh4Ziomnhht35gJXvuPePd2NxKPDIZxTDmzbv+20RuLTwyGcXw48sGnVGY3E/rTEV75z6Q8aifengbetftkzjcRFeaAj7e4nl2fd7Ui7e2B5CCOlQNHdX1/eXFXRxmV5oDNt4zNDWRsxMBSLfnwoayMGZmKJ6f4Q1nSH0JVW9bW+rKqutKq/6Muq6kqr+q2+EC4KIXSnVX2nN6uqOx353/ZmVcXAma/97NPnNRIHe0NYUw489t67NjQSH0oCRePv6g3h1Y2XTNr4fT1Z4z1p43f0hPCqEEJvWuI/u7MSvWmJJ7pDOL0UKBr/YHcIewIvCfHDZ7L84K49e7dtmZmZ2rmIid68rYGwdXpmauyq7TOTfUmf6nSU0sduOn78eI4+feNVjdt7Lh8baSfdnZfrme3yup6mu+sXqvftOtHex34NliuZez4q9cf8vWFZ6L9u19TOsRu27N69c232t93s67K/XXk021ZrF2pbdbYoHz3fbXV+uZI1u6/ZsWbXnr2rp6/ZcvXU1VPXvmF83fi69eMb3nThmsaoxrO/CzHUu44fX4yhvrK7VMkL8QEgISGx1BKdTZ9u46f6P73KF/25jvaEvtkP6Mq0opylY3aUCzHoS6rxrkUadGVKUhnR2srEoZJlXess6yuTibksA1mW2e91lclhuabO2U0a73eGsbHazTLafLe8eX88z+Zt1+P5pms3DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/B87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3DqNnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBSAAAA//+3Rsqd") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.current\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b) r1 = open(0x0, 0x0, 0x0) ioctl$BTRFS_IOC_SNAP_CREATE(r1, 0x9408, 0x0) 01:46:59 executing program 0: dup(0xffffffffffffffff) mkdir(&(0x7f00000010c0)='./file0\x00', 0x1) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x2000, 0x61) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat(0xffffffffffffffff, &(0x7f0000000500)='./file0\x00', 0x4000, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000003c0)=0xae) sched_setscheduler(0x0, 0x5, &(0x7f0000000200)=0x7ffc) newfstatat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f00000005c0), 0x0) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r3, 0x8982, &(0x7f0000000300)={0x0, 'ip_vti0\x00', {0x900}, 0x7ff}) r5 = open(&(0x7f00000000c0)='./bus\x00', 0x14da42, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x80001d00c0d0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xff) open(&(0x7f0000000340)='./bus\x00', 0x200, 0x140) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r7}, 0x10) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r7, 0x660c) mount$overlay(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000400), 0x10000, &(0x7f0000000440)={[{@upperdir={'upperdir', 0x3d, './bus'}}, {@xino_off}, {@xino_off}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@xino_off}, {@index_off}], [{@subj_type={'subj_type', 0x3d, 'ip_vti0\x00'}}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@fsmagic={'fsmagic', 0x3d, 0x2}}]}) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz0\x00', 0x1ff) 01:46:59 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_GET(r0, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={0x0}}, 0x0) 01:46:59 executing program 1: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) dup(r0) mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:46:59 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$KVM_CREATE_VM(r0, 0x8940, 0x20000000) 01:46:59 executing program 4: dup(0xffffffffffffffff) mkdir(&(0x7f00000010c0)='./file0\x00', 0x1) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x2000, 0x61) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat(0xffffffffffffffff, &(0x7f0000000500)='./file0\x00', 0x4000, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000003c0)=0xae) sched_setscheduler(0x0, 0x5, &(0x7f0000000200)=0x7ffc) newfstatat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f00000005c0), 0x0) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r3, 0x8982, &(0x7f0000000300)={0x0, 'ip_vti0\x00', {0x900}, 0x7ff}) r5 = open(&(0x7f00000000c0)='./bus\x00', 0x14da42, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x80001d00c0d0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xff) open(&(0x7f0000000340)='./bus\x00', 0x200, 0x140) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r7}, 0x10) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r7, 0x660c) mount$overlay(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000400), 0x10000, &(0x7f0000000440)={[{@upperdir={'upperdir', 0x3d, './bus'}}, {@xino_off}, {@xino_off}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@xino_off}, {@index_off}], [{@subj_type={'subj_type', 0x3d, 'ip_vti0\x00'}}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@fsmagic={'fsmagic', 0x3d, 0x2}}]}) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz0\x00', 0x1ff) [ 424.578814][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000 [ 424.586814][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000 [ 424.594812][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 424.600932][ T7555] binder_alloc: 7549: binder_alloc_buf, no vma [ 424.602784][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000 [ 424.602830][ T6665] 01:46:59 executing program 1: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) dup(r0) mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:46:59 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$KVM_CREATE_VM(r0, 0x8940, 0x20000000) [ 424.637805][ T6665] index not increased! 20ffb000 <= 20ffb000 [ 424.653482][ T6665] BUG at mt_find:6473 (1) [ 424.676465][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e 01:46:59 executing program 2: dup(0xffffffffffffffff) mkdir(&(0x7f00000010c0)='./file0\x00', 0x1) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x2000, 0x61) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat(0xffffffffffffffff, &(0x7f0000000500)='./file0\x00', 0x4000, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000003c0)=0xae) sched_setscheduler(0x0, 0x5, &(0x7f0000000200)=0x7ffc) newfstatat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f00000005c0), 0x0) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r3, 0x8982, &(0x7f0000000300)={0x0, 'ip_vti0\x00', {0x900}, 0x7ff}) r5 = open(&(0x7f00000000c0)='./bus\x00', 0x14da42, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x80001d00c0d0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xff) open(&(0x7f0000000340)='./bus\x00', 0x200, 0x140) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r7}, 0x10) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r7, 0x660c) mount$overlay(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000400), 0x10000, &(0x7f0000000440)={[{@upperdir={'upperdir', 0x3d, './bus'}}, {@xino_off}, {@xino_off}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@xino_off}, {@index_off}], [{@subj_type={'subj_type', 0x3d, 'ip_vti0\x00'}}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@fsmagic={'fsmagic', 0x3d, 0x2}}]}) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz0\x00', 0x1ff) [ 424.766020][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 [ 424.772032][ T27] audit: type=1800 audit(1673401619.578:40): pid=7558 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1172 res=0 errno=0 [ 424.820350][ T6665] | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 424.877510][ T7563] binder_alloc: 7559: binder_alloc_buf, no vma [ 424.921788][ T7570] overlayfs: unrecognized mount option "subj_type=ip_vti0" or missing value [ 424.947665][ T7567] overlayfs: unrecognized mount option "subj_type=ip_vti0" or missing value 01:46:59 executing program 1: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) dup(r0) mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 424.966652][ T27] audit: type=1800 audit(1673401619.618:41): pid=7562 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1180 res=0 errno=0 [ 424.988363][ T6665] 0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d [ 425.003844][ T27] audit: type=1804 audit(1673401619.698:42): pid=7566 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir661775221/syzkaller.6zod14/150/bus" dev="sda1" ino=1172 res=1 errno=0 [ 425.281435][ T7574] overlayfs: unrecognized mount option "subj_type=ip_vti0" or missing value [ 425.315741][ T7575] binder_alloc: 7573: binder_alloc_buf, no vma [ 425.373414][ T6665] 0-536866815: 0000000000000000 01:47:00 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$KVM_CREATE_VM(r0, 0x8940, 0x20000000) 01:47:00 executing program 1: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r3 = dup(r0) mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 425.415625][ T6665] 536866816-536870911: ffff888022f0e0e0 [ 425.517713][ T6665] 536870912-553627647: ffff888022f0e1c0 [ 425.538642][ T27] audit: type=1804 audit(1673401619.698:43): pid=7567 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir3878708150/syzkaller.BRy09z/132/bus" dev="sda1" ino=1180 res=1 errno=0 [ 425.597397][ T6665] 553627648-553635839: 0000000000000000 [ 425.620655][ T7577] binder: BINDER_SET_CONTEXT_MGR already set [ 425.638539][ T6665] 553635840-553627647: ffff8880272dc9a0 [ 425.656598][ T7577] binder: 7576:7577 ioctl 4018620d 20000000 returned -16 [ 425.700088][ T6665] 553627648-553644031: ffff8880272dc8c0 [ 425.715210][ T27] audit: type=1800 audit(1673401619.968:44): pid=7572 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=1171 res=0 errno=0 [ 425.767923][ T6665] 553644032-553648127: ffff88807e16c7e0 [ 425.794262][ T27] audit: type=1804 audit(1673401620.038:45): pid=7574 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir168840469/syzkaller.pSJJsG/139/bus" dev="sda1" ino=1171 res=1 errno=0 [ 425.831715][ T6665] 553648128-553652223: ffff888022f0e2a0 [ 425.866807][ T6665] 553652224-116813594623: 0000000000000000 [ 425.939978][ T6665] 116813594624-116817788927: ffff888022f0e380 [ 425.966217][ T6665] 116817788928-93825002663935: 0000000000000000 [ 426.007860][ T6665] 93825002663936-93825002803199: ffff888022f0e460 [ 426.014704][ T6665] 93825002803200-140548063096831: 0000000000000000 [ 426.086513][ T6665] 140548063096832-140548063100927: ffff888022f0e540 [ 426.098111][ T6665] 140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d [ 426.309106][ T6665] 140548063100928-140548071489535: ffff888022f0e620 [ 426.334306][ T6665] 140548071489536-140548073586687: ffff888022f0e700 [ 426.359290][ T6665] 140548073586688-140548075683839: ffff888022f0e7e0 [ 426.378138][ T6665] 140548075683840-140548077780991: ffff888022f0e8c0 [ 426.385956][ T6665] 140548077780992-140548079878143: ffff888022f0e9a0 [ 426.399750][ T6665] 140548079878144-140548084072447: ffff888022f0ea80 [ 426.433032][ T6665] 140548084072448-140548084219903: ffff888022f0eb60 [ 426.457472][ T6665] 140548084219904-140548084948991: ffff888022f0ec40 [ 426.464460][ T6665] 140548084948992-140548085284863: ffff888022f0ed20 [ 426.496413][ T6665] 140548085284864-140548085288959: 0000000000000000 [ 426.503419][ T6665] 140548085288960-140548085653503: ffff888022f0ee00 [ 426.545277][ T6665] 140548085653504-140548085690367: ffff888022f0eee0 [ 426.568599][ T6665] 140548085690368-140548085710847: 0000000000000000 [ 426.575601][ T6665] 140548085710848-140548097556479: ffff88806b3de000 [ 426.608590][ T6665] 140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 426.826386][ T6665] 140548097556480-140548097601535: 0000000000000000 [ 426.833397][ T6665] 140548097601536-140548097605631: ffff88806b3de460 [ 426.856380][ T6665] 140548097605632-140548097736703: ffff88806b3de380 [ 426.863411][ T6665] 140548097736704-140735437164543: 0000000000000000 [ 426.901320][ T6665] 140735437164544-140735437299711: ffff88806b3de0e0 [ 426.926547][ T6665] 140735437299712-140735437316095: 0000000000000000 [ 426.933541][ T6665] 140735437316096-140735437332479: ffff88806b3de1c0 [ 426.986361][ T6665] 140735437332480-140735437340671: ffff88806b3de2a0 [ 426.993567][ T6665] 140735437340672-18446744073709551615: 0000000000000000 [ 427.036529][ T6665] Pass: 9635490 Run:9635605 [ 427.041078][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 [ 427.050914][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 427.060997][ T6665] Call Trace: [ 427.064298][ T6665] [ 427.067258][ T6665] dump_stack_lvl+0xd1/0x138 [ 427.071898][ T6665] mt_find.cold+0x8b/0x90 [ 427.076279][ T6665] ? mas_find+0x1d0/0x1d0 [ 427.080681][ T6665] find_vma+0x10c/0x1b0 [ 427.084871][ T6665] ? can_vma_merge_before+0x390/0x390 [ 427.090292][ T6665] ? walk_page_test+0x78/0x180 [ 427.095105][ T6665] walk_page_range+0x2b1/0x4a0 [ 427.099921][ T6665] ? __walk_page_range+0x780/0x780 [ 427.105097][ T6665] mlock_fixup+0x650/0x810 [ 427.109576][ T6665] apply_vma_lock_flags+0x23d/0x350 [ 427.114831][ T6665] ? mlock_fixup+0x810/0x810 [ 427.119488][ T6665] ? __ia32_sys_get_robust_list+0x400/0x400 [ 427.125433][ T6665] do_mlock+0x25a/0x6d0 [ 427.129639][ T6665] ? folio_evictable+0x270/0x270 [ 427.134639][ T6665] ? syscall_enter_from_user_mode+0x26/0xb0 [ 427.140582][ T6665] __x64_sys_mlock+0x59/0x80 [ 427.145202][ T6665] do_syscall_64+0x39/0xb0 [ 427.149674][ T6665] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 427.155605][ T6665] RIP: 0033:0x7fd3e6a8c0c9 [ 427.160050][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 427.179690][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 427.188140][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9 [ 427.196138][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000 [ 427.204136][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000 [ 427.212145][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 427.220143][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000 [ 427.228168][ T6665] [ 427.286300][ T7582] loop3: detected capacity change from 0 to 32768 [ 427.330477][ T7582] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 427.363192][ T7582] BTRFS info (device loop3): force clearing of disk cache [ 427.395014][ T7582] BTRFS info (device loop3): setting nodatasum [ 427.412871][ T7582] BTRFS info (device loop3): allowing degraded mounts [ 427.425081][ T7582] BTRFS info (device loop3): enabling disk space caching [ 427.444057][ T7582] BTRFS info (device loop3): disk space caching is enabled [ 427.454899][ T6665] index not increased! 20ffb000 <= 20ffb000 [ 427.465708][ T6665] BUG at mt_find:6473 (1) [ 427.485194][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e [ 427.515300][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 427.555661][ T6665] 0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d [ 427.573697][ T7582] BTRFS info (device loop3): enabling ssd optimizations [ 427.615844][ T7582] BTRFS info (device loop3): auto enabling async discard [ 427.624010][ T7582] BTRFS info (device loop3): clearing free space tree [ 427.624799][ T6665] 0-536866815: [ 427.630968][ T7582] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 427.635118][ T6665] 0000000000000000 [ 427.644537][ T7582] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 427.659443][ T6665] 536866816-536870911: ffff888022f0e0e0 [ 427.659688][ T7582] BTRFS info (device loop3): checking UUID tree [ 427.665358][ T6665] 536870912-553627647: ffff888022f0e1c0 [ 427.665388][ T6665] 553627648-553635839: 0000000000000000 [ 427.683738][ T6665] 553635840-553627647: ffff8880272dc9a0 [ 427.689752][ T6665] 553627648-553644031: ffff8880272dc8c0 [ 427.696472][ T6665] 553644032-553648127: ffff88807e16c7e0 [ 427.702417][ T6665] 553648128-553652223: ffff888022f0e2a0 [ 427.714217][ T6665] 553652224-116813594623: 0000000000000000 [ 427.722348][ T6665] 116813594624-116817788927: ffff888022f0e380 [ 427.730532][ T6665] 116817788928-93825002663935: 0000000000000000 [ 427.745641][ T6665] 93825002663936-93825002803199: ffff888022f0e460 [ 427.757037][ T6665] 93825002803200-140548063096831: 0000000000000000 [ 427.763937][ T6665] 140548063096832-140548063100927: ffff888022f0e540 [ 427.786468][ T6665] 140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d [ 427.906394][ T6665] 140548063100928-140548071489535: ffff888022f0e620 [ 427.913401][ T6665] 140548071489536-140548073586687: ffff888022f0e700 [ 427.936607][ T6665] 140548073586688-140548075683839: ffff888022f0e7e0 [ 427.943602][ T6665] 140548075683840-140548077780991: ffff888022f0e8c0 [ 427.976600][ T6665] 140548077780992-140548079878143: ffff888022f0e9a0 [ 427.983598][ T6665] 140548079878144-140548084072447: ffff888022f0ea80 [ 428.006401][ T6665] 140548084072448-140548084219903: ffff888022f0eb60 [ 428.013399][ T6665] 140548084219904-140548084948991: ffff888022f0ec40 01:47:02 executing program 5: dup(0xffffffffffffffff) mkdir(&(0x7f00000010c0)='./file0\x00', 0x1) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x2000, 0x61) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat(0xffffffffffffffff, &(0x7f0000000500)='./file0\x00', 0x4000, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000003c0)=0xae) sched_setscheduler(0x0, 0x5, &(0x7f0000000200)=0x7ffc) newfstatat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f00000005c0), 0x0) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r3, 0x8982, &(0x7f0000000300)={0x0, 'ip_vti0\x00', {0x900}, 0x7ff}) r5 = open(&(0x7f00000000c0)='./bus\x00', 0x14da42, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x80001d00c0d0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xff) open(&(0x7f0000000340)='./bus\x00', 0x200, 0x140) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r7}, 0x10) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r7, 0x660c) mount$overlay(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000400), 0x10000, &(0x7f0000000440)={[{@upperdir={'upperdir', 0x3d, './bus'}}, {@xino_off}, {@xino_off}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@xino_off}, {@index_off}], [{@subj_type={'subj_type', 0x3d, 'ip_vti0\x00'}}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@fsmagic={'fsmagic', 0x3d, 0x2}}]}) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz0\x00', 0x1ff) 01:47:02 executing program 1: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r3 = dup(r0) mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:47:02 executing program 0: dup(0xffffffffffffffff) mkdir(&(0x7f00000010c0)='./file0\x00', 0x1) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x2000, 0x61) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat(0xffffffffffffffff, &(0x7f0000000500)='./file0\x00', 0x4000, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000003c0)=0xae) sched_setscheduler(0x0, 0x5, &(0x7f0000000200)=0x7ffc) newfstatat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f00000005c0), 0x0) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r3, 0x8982, &(0x7f0000000300)={0x0, 'ip_vti0\x00', {0x900}, 0x7ff}) r5 = open(&(0x7f00000000c0)='./bus\x00', 0x14da42, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x80001d00c0d0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xff) open(&(0x7f0000000340)='./bus\x00', 0x200, 0x140) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r7}, 0x10) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r7, 0x660c) mount$overlay(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000400), 0x10000, &(0x7f0000000440)={[{@upperdir={'upperdir', 0x3d, './bus'}}, {@xino_off}, {@xino_off}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@xino_off}, {@index_off}], [{@subj_type={'subj_type', 0x3d, 'ip_vti0\x00'}}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@fsmagic={'fsmagic', 0x3d, 0x2}}]}) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz0\x00', 0x1ff) 01:47:02 executing program 2: dup(0xffffffffffffffff) mkdir(&(0x7f00000010c0)='./file0\x00', 0x1) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x2000, 0x61) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat(0xffffffffffffffff, &(0x7f0000000500)='./file0\x00', 0x4000, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000003c0)=0xae) sched_setscheduler(0x0, 0x5, &(0x7f0000000200)=0x7ffc) newfstatat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f00000005c0), 0x0) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r3, 0x8982, &(0x7f0000000300)={0x0, 'ip_vti0\x00', {0x900}, 0x7ff}) r5 = open(&(0x7f00000000c0)='./bus\x00', 0x14da42, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x80001d00c0d0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xff) open(&(0x7f0000000340)='./bus\x00', 0x200, 0x140) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r7}, 0x10) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r7, 0x660c) mount$overlay(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000400), 0x10000, &(0x7f0000000440)={[{@upperdir={'upperdir', 0x3d, './bus'}}, {@xino_off}, {@xino_off}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@xino_off}, {@index_off}], [{@subj_type={'subj_type', 0x3d, 'ip_vti0\x00'}}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@fsmagic={'fsmagic', 0x3d, 0x2}}]}) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz0\x00', 0x1ff) 01:47:02 executing program 4: dup(0xffffffffffffffff) mkdir(&(0x7f00000010c0)='./file0\x00', 0x1) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x2000, 0x61) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat(0xffffffffffffffff, &(0x7f0000000500)='./file0\x00', 0x4000, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000003c0)=0xae) sched_setscheduler(0x0, 0x5, &(0x7f0000000200)=0x7ffc) newfstatat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f00000005c0), 0x0) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r3, 0x8982, &(0x7f0000000300)={0x0, 'ip_vti0\x00', {0x900}, 0x7ff}) r5 = open(&(0x7f00000000c0)='./bus\x00', 0x14da42, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x80001d00c0d0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xff) open(&(0x7f0000000340)='./bus\x00', 0x200, 0x140) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r7}, 0x10) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r7, 0x660c) mount$overlay(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000400), 0x10000, &(0x7f0000000440)={[{@upperdir={'upperdir', 0x3d, './bus'}}, {@xino_off}, {@xino_off}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@xino_off}, {@index_off}], [{@subj_type={'subj_type', 0x3d, 'ip_vti0\x00'}}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@fsmagic={'fsmagic', 0x3d, 0x2}}]}) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz0\x00', 0x1ff) 01:47:02 executing program 3: syz_mount_image$btrfs(&(0x7f00000051c0), &(0x7f0000005200)='./file0\x00', 0x1000008, &(0x7f0000000280)={[{@datacow}, {@clear_cache}, {@nodatasum}, {@rescan_uuid_tree}, {}, {@space_cache_v1}]}, 0xfe, 0x51ab, &(0x7f0000005280)="$eJzs3V9oVFceB/Az+aPxDyY+xV32wX1YWcUFWRF2UdggGF2Whdn1YVnYrFlZxT+7JUgDwb5YS2lBxGCgthSKD33pS0mlUFqqBAsthYogVloUW0teWiiESsGXlpK590xmzvVmxlQbq5+PJHfO/d1z7pnhPsx3zLkTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIRwcM3Kv+xaPb2urD7dP3bq6LLt507vP3ljaGjLlRAqtf2VvL5n+66/79+95689scPw37JtX1/ZkFnXz7PGkqads/2af/4TQuhOBujMtzs6G/pW0hOEI8UB53XgZv/o5u7BaxN3zmy8eP3QhuJTZ1bPYk9gseTX1fTctTRQ+92RHFFvN1x6laZLNOufXnA/yZMAAO7JpmptU387mr/FrbePpfWkPZC0x5N2fIcw3thYiGzcJWXzXJvWF2meA1lUWFo6z6Sev/71djXtn7STqHEP82w+NI80PWXzHEnqizVPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIfJqx9euvTcy+u3ldWn+8dOHV22/dzp/SdvDA1tuRJCX21/JStXlv+q8w+fLtt57fiRN36zr+ftk515v7jtajg4fBIf/LE3hL0Nlek47JerQqg2F2rN8FKxcLD24M+xAAAAwKPkF7XfHfV2Fge7m9qVWpqs1P5FWVg8cLN/dHP34LWJO2c2Xrx+aMPCx6uWjDdw1/Hq7b65n0pDMI7xNx1vrh4PPVIYZ37piGme/2zmyVsXJn7777L+hfzfN3/+j6+c/A8AAMCPIf+n48yvVf6/+s7zT3UN7n2vrH8h/69tOmUh/8cZx/zfERaW/wEAAOBh9qDz/0BhnPm1yv/fnZ86f/nb46+U9S/k/03t5f+uxmnHnR/FCR/uDWFTq6kDAAAAJeL/u899tBDzevbJQZrXO2ZGe6d6blwtG6+Q/wfay//d9/2ZAQAAAAv1v7F/Hb8wNn6zrF7I/9X28v/SBz5zAAAAoF37Tvz/3PoNIyvL6oX8P9xe/l+eb/OVD1mn9+NfIUz0htAz+2AkK3wQxv9ULwAAAAD3SczpX41u/f7jwel3y44r5P+R+e//H+90ENf/N93/r7D+v6GQ3fVvqxsDAAAA8DgqruePt8fPvrmg7Pv3213/f+uXO3b9d+c/vig7fyH/H2sv/3c2bu/n9/8BAADAAvzcvv/vn4Vx5tfq/v/fDN36et3hZwfL+hfy/3h7+T9uVzQ+van4+jzTG8Ka2Qf53QRfi6c7nBQmuxsK2Quf9Ngde+SFyaUNhZqRpMfve0P49eyDY0lhdSyMJ4WZVXnhbFK4HAv59VAvvJ4UpuKV9sKqfLpp4a1YyBdYTMYVFCvqSyKSHrfLeswW7trjev3kAAAAj5UYnvMs293cDGmUnay0OmB5qwM6Wh3Q2eqAruSA9MCy/WG4uRD3v7jtd7evPPHm06FEIf+fbS//x5diSbYpW/8f4vr//HsN6+v/h2OhLylMxkI1vWNANZ4jC7sn4jn6qnmPmTX1AgAAADzS4ucCnYs8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5g7/6D7KrqA4Cf/f0jm91FHAFJNYqA6ZDNJjFKK1MC1UFxpi4OdZw60UR2g9ssJCZhICnthEA7U5hUVKa1o0NDHUdpkUY6jlK1pEyBcaRTm7ZMxWhl/EFtaxnGSodSm87be8/d+87dm/dCdiFLP58/9p33vufnfT/2nXvvOxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD/h38ZWPMb+1f89Py6+PfPuOHDewcuve+jWw8c3bRpw5EQJmYf78jCHYMrui785sBlj+3f+flzp/rvP9Cbl8vjYVnjT2d+55ai1uUhfLEjhO40sHooC/Tk94difSuGQjgtzAWKElODWYm04fDQQAgHw1ygqOr+gRCGSoErjzz4wIFG4o6BEM4NIfSlbXy7L2tjIA2c15sFBtPA9u4s8F/HMkXgS51ZAE5afDMUL/pDE80ZRucvV/P661mwjr240uF1xcRofb4fX7LInSrpTR+YOKmnrVIdi6Ly9jjs3bYE3m2V7Xy7p638RSr/hnJsLtQXOientm65bmZ3fKQzjI111dW0SM/z40/feNWJpJfM6zB2YHRBXofP3vme68+afMuNt24/54m177vg6Ml2s27zLra+kL/mlszzGG30ebIE3n6Vb0krfekKIfzcB7tv6vrtI5+qi1fm/6PHn//Hl3O87WzKHWt9bjibm8dHhmLiqeFsbg4AAABLxlLYa/qjs1/xe6s61zxeV19l/r+yveP/8ZB/PpnPRns4hI2ziZtHQjhz9vEscHds7gMjIbxmNjXRHLgkCRwO4azZxKqiqqREfyyxMgk8OZwHNiaBh2NgIgl8OgZuTwK3xMChJHBVDBxOApfGQJhuHsfPD+fjaDswEAObs414KJ6F8JPh2Fqyrb5VVAUAALBA8tlhT/Pd0rkOJ5shTi8PDbTKEM/Ars3Ql9SQzmCLaVVtDd2tauhsVUMx7n3HH36l5o5WNVdOw+hoznDpK/7w/BVfu+ELoUZl/j9+/Pl/3zwd6agc/w/hitm/MXdnHpkp4psnmjIAAAAAJ2HtG2a+9idnv+nNdfHK/H9je+f/x30iXaXM4dG4G2LbSAjjzYGs2jdXA9lR72V5AAAAAJaC4nh8cSx8Or/NTtFO59PV/BMnmD8e+N84b/5fCpOnb/vBUxvq+luZ/0+0d/7/YPNt1omHYy8+NhJCfynwSOxlIzBrZQx89+LmQD7+h+MGuC1WlZ+YUFR1WyyxOQbGk8DBuhLfKEqc2RzIn6yi8ZuLcUznJUoBAAAAeMHF3QHxuHw8///Ctd/70KaP7/1cXbnK/H/ziZ3/PzsPrpzeP7MshDXdIXSlPwx4dDBbGDAGhjryxFcHs7q60qpuGgzhosbA0qqeyNf/707XGDwykFUVA2e+9rNPn9dIfGoghDXlwGPvvWt2x8juJFA0/qsDIby6Mdq08S/0Z433pI3/QX8IryoFiqo+0B9Co7HetKoH+/LrGKRV/VlfCKeXAkVVb+wLYU8AYImK/0onyw/u2rN325aZmamdi5iI+/AHwtbpmamxq7bPTPbV9Gky6XPTMkY3VcfU2ebYj+ZLFN1z+dhIO+nid4Lj5b7k+/ErJw7m9+N3oZ7Zca7rabq7Ph3y68+pNpEO6cUY8mC5krknsVJ/zN8bloX+63ZN7Ry7Ycvu3TvXZn/bzb4u+xsPM2Xbam26rQbn61sbL492F0N/vtuq6TJXa3Zfs2PNrj17V09fs+Xqqaunrn3D+LrxdevHN7zpwjWNUY1nf1sM9fz5qk6Geuyu6hDavQbU8x3qK7tLlbwQnxoSEhJLLbHl4q/+5b1nfWJZ3cdPZf6/4/jz//ipEz/58/UZ6o7/j8bD/Nnjc4f5N8fAwXaP/4/WHc0vTgxYmQT2xcA+h/kBAAB4aYi7G+PezLhXuuem1WN//MlHnqwrV5n/72vv9/8LtP5/sXT95XXL/K+KJcbr1v9Pl/kv1v/fV7f+f7rMf7H+/8EXYf3/64pAskl+Yv1/AADgpeCFW/+/5fL+6QUCKhlaLu+fXiCgkqHlMv7tXiDghNf/f/tzr+u55iOvviXUqMz/b29v/m/hfgAAADh13HVkQ8eD//o/D9XFK/P/g+3N/1/49f9C3fn/K+sCE3ULA1r/DwAAgCWqbv2/9a/78ebP/WzFD+vKVeb/h9qb/8fTLjqbcsdanxvO1rQL6Zp2Tw0XPxkAAACApaEzjI21u6Jp08qolzz/Nh/PlwI9Xrrsr758zT8+8tb39tfVV5n/H25v/t/0u4xn73zP9WdNvuXG527dfs4Ta993wdG54/8AAADA4ml3vwQAAAAAAAAAAAAAAPDie3rv5Lv++ew7P1MXr/z+P1wx+3jd7//jdf/i7wte3pQ71tp6/b/8/pXvuHfP7JKFjw6HcE45sG3/ttNCfm3+88uBBzatOqOR2J+W+Mp3Lv1BI/H+NPC21S97ppG4KAlsjosknpUG4lUVn1meBOLyin+fBuL2OJQGevPA7y7PxtGRbqsfDWXbqiPdVo8PhTBSChTb6otDWRsd6QDvSALFAD+UBuIAfyUPdKa9undZ1qsYGIpF/2hZ1isAAE5Z8VtgT9g6PTM1Hr/Cx9tXdjffRk1Llt1UrbajzeaP5kuT3XP52Eg76a70u+jctcZ7Ql9jCGsrX1fLWTpmR7kwtbTYdC+vGXKr1d7a/XX2iW663voRDWQjGrtq+8xkT8uBr2+dZV13yyxrK5OdcpbO2U3aRi1t9KWNEbW5bdrocrzfGcbGupJcvxiDo6HJQr0iyuv81b0Kynn2Tb7xb75x7Nihuvoq8//R9ub/feVxPZNfDGBfvLLezSMhnNnmiAAAAIB2fevL/7Ru+yd+55709ort1956weCPLq4rV5n/r2xv/h93jOWHgrO9HYfj9f+L+f9oFrg7NveBkRBeM5uaiCWyC+pfHkuMZ4G74w6TVbHE5onmqvpj4FASeHI4DxxOAg/HQL6X4rMh35XzkeEQNsymrmgusSOWGE0C74yBlUlgLAbGk8DyGNiYBP59eR6YSAJfj4Ew3byt/ny5vSsAAMDzkM+zeprvhnSed6i7VYaOVhkGW2XobJWhr1WGulHE+/fFDD3JySsdpUw9aa0DSS2VDPFi+Cfcr0qG8I3mnGnBStPx/IPifIOO5gz/dtnrv33erlXtX/9/vL35/2Dzbdb6w3H+P3f9vyzwSOzex+Kp4ytj4LsXNwfyHQMPx8nubUVVE3mJfNJ+WyyxMQZWJoEdMbAxCWy+Ig8cPKM5kM+0i8ZvLhqfzkuUAgAAAPCCizsI4m6aOP//0/+++3MH/uHav64rV5n/b2xv/h/bW1Zu7Jai1uUhfLFjrjdFYPVQFoj7MYbiz+NXDIVwWmkHR1FiajAr0Zs0HB4ayH6h3ptWdf9AtsZAvH/lkQcfONBI3DEQwrmlvS9FG9/uy9oYSAPn9WaBwTSwvTsLxD0/ReBLnVkATlqxVzC+oPJTXQqj85eref29VK4Jmg6vsg90nnzz/eZqsfSlD+T7VAsn9rRVqmNRVN4eh73bluK7bdS7rfxFKv+Gcmwu1Bc6J6e2brluZnd8pPxL1opFep7Lv1JtJ70Ar8N9z7+3rfWlHRhPPj7G5y83/+uwI1b37J3vuf6sybfceOv2c55Y+74LjrbdjRrxh8Lv/uTLRsubd7H1hfw1t+Q+TyZ8nizFfwMrPW2NGexTv//V//jp4z+ri1fm/xPtzf+7k9tZz8aNuWskhNeXNu6jcfP/8kj2OVgKZJ+Sp1cD2SH37w3XfnICAADAQit2dxT7C6bz2+yE8HSeXM0/cYL54/6KjfPmb7ffW29+aP8P/+6Or9TFK/P/zcef//cn3XT83/F/Fonj//M61XdF96cP7DupXdGV6lgUjv/P61R/tzn+Py/H/x3/n4/j/y04/j+vU/1pq3xL2uFLVwjh6++/8+33bP+18+rilfn/jvbm/9b/m3/RvmL9v8116//tqFv/b5/1/wAAgEVVs9BcOs+rrN5XyZCu3lfJ0HKBwJZLDFr/74TX/3vrO//3+mOvuGRnqFGZ/+9rb/4fXw7Lyq0vlfX/Vl5RU9XtMbDDwoAAAACciup2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDievcvPLl8029eOF0X//4ZN3x478Cl931064GjmzZtOBJClrUjC3cMrui68JsDlz22f+fnz53qv/9AX16uJ789uyl3rPW54RAOlh4Ziomnhht35gJXvuPePd2NxKPDIZxTDmzbv+20RuLTwyGcXw48sGnVGY3E/rTEV75z6Q8aifengbetftkzjcRFeaAj7e4nl2fd7Ui7e2B5CCOlQNHdX1/eXFXRxmV5oDNt4zNDWRsxMBSLfnwoayMGZmKJ6f4Q1nSH0JVW9bW+rKqutKq/6Muq6kqr+q2+EC4KIXSnVX2nN6uqOx353/ZmVcXAma/97NPnNRIHe0NYUw489t67NjQSH0oCRePv6g3h1Y2XTNr4fT1Z4z1p43f0hPCqEEJvWuI/u7MSvWmJJ7pDOL0UKBr/YHcIewIvCfHDZ7L84K49e7dtmZmZ2rmIid68rYGwdXpmauyq7TOTfUmf6nSU0sduOn78eI4+feNVjdt7Lh8baSfdnZfrme3yup6mu+sXqvftOtHex34NliuZez4q9cf8vWFZ6L9u19TOsRu27N69c232t93s67K/XXk021ZrF2pbdbYoHz3fbXV+uZI1u6/ZsWbXnr2rp6/ZcvXU1VPXvmF83fi69eMb3nThmsaoxrO/CzHUu44fX4yhvrK7VMkL8QEgISGx1BKdTZ9u46f6P73KF/25jvaEvtkP6Mq0opylY3aUCzHoS6rxrkUadGVKUhnR2srEoZJlXess6yuTibksA1mW2e91lclhuabO2U0a73eGsbHazTLafLe8eX88z+Zt1+P5pms3DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/B87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3DqNnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBSAAAA//+3Rsqd") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.current\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b) r1 = open(0x0, 0x0, 0x0) ioctl$BTRFS_IOC_SNAP_CREATE(r1, 0x9408, 0x0) [ 428.030552][ T6665] 140548084948992-140548085284863: ffff888022f0ed20 [ 428.041228][ T6665] 140548085284864-140548085288959: 0000000000000000 [ 428.048808][ T6665] 140548085288960-140548085653503: ffff888022f0ee00 01:47:02 executing program 1: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r3 = dup(r0) mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 428.088769][ T6665] 140548085653504-140548085690367: ffff888022f0eee0 [ 428.120789][ T6665] 140548085690368-140548085710847: 0000000000000000 [ 431.289153][ T7613] overlayfs: unrecognized mount option "subj_type=ip_vti0" or missing value [ 431.299050][ T7620] overlayfs: unrecognized mount option "subj_type=ip_vti0" or missing value [ 431.313271][ T7623] overlayfs: unrecognized mount option "subj_type=ip_vti0" or missing value [ 431.348181][ T27] audit: type=1800 audit(1673401624.238:46): pid=7616 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=1186 res=0 errno=0 [ 431.349079][ C1] clocksource: timekeeping watchdog on CPU1: Marking clocksource 'acpi_pm' as unstable because the skew is too large: [ 431.382327][ C1] clocksource: 'tsc' wd_nsec: 3092656787 wd_now: ded3c0cb72 wd_last: dd3e2d0438 mask: ffffffffffffffff [ 431.395314][ C1] clocksource: 'acpi_pm' cs_nsec: 0 cs_now: 28fe08 cs_last: 800ecd mask: ffffff [ 431.406294][ C1] clocksource: Clocksource 'acpi_pm' skewed -3092656787 ns (18446744070616 ms) over watchdog 'tsc' interval of 3092656787 ns (3092 ms) [ 431.422094][ C1] clocksource: 'tsc' (not 'acpi_pm') is current clocksource. [ 431.444035][ T27] audit: type=1800 audit(1673401624.428:47): pid=7617 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1187 res=0 errno=0 01:47:06 executing program 1: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r3 = dup(r0) mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) [ 432.092475][ T6665] 140548085710848-140548097556479: ffff88806b3de000 01:47:07 executing program 0: dup(0xffffffffffffffff) mkdir(&(0x7f00000010c0)='./file0\x00', 0x1) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x2000, 0x61) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat(0xffffffffffffffff, &(0x7f0000000500)='./file0\x00', 0x4000, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000003c0)=0xae) sched_setscheduler(0x0, 0x5, &(0x7f0000000200)=0x7ffc) newfstatat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f00000005c0), 0x0) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r3, 0x8982, &(0x7f0000000300)={0x0, 'ip_vti0\x00', {0x900}, 0x7ff}) r5 = open(&(0x7f00000000c0)='./bus\x00', 0x14da42, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x80001d00c0d0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xff) open(&(0x7f0000000340)='./bus\x00', 0x200, 0x140) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r7}, 0x10) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r7, 0x660c) mount$overlay(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000400), 0x10000, &(0x7f0000000440)={[{@upperdir={'upperdir', 0x3d, './bus'}}, {@xino_off}, {@xino_off}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@xino_off}, {@index_off}], [{@subj_type={'subj_type', 0x3d, 'ip_vti0\x00'}}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@fsmagic={'fsmagic', 0x3d, 0x2}}]}) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz0\x00', 0x1ff) [ 432.099633][ T6665] 140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 432.209365][ T27] audit: type=1800 audit(1673401624.438:48): pid=7618 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1188 res=0 errno=0 [ 432.274847][ T7632] binder: 7629:7632 ioctl c0306201 0 returned -14 [ 432.318774][ T27] audit: type=1804 audit(1673401625.208:49): pid=7618 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir3878708150/syzkaller.BRy09z/133/bus" dev="sda1" ino=1188 res=1 errno=0 [ 432.346040][ T6665] 140548097556480-140548097601535: 0000000000000000 [ 432.370327][ T7637] overlayfs: unrecognized mount option "subj_type=ip_vti0" or missing value [ 432.594191][ T6665] 140548097601536-140548097605631: ffff88806b3de460 [ 432.601469][ T6665] 140548097605632-140548097736703: ffff88806b3de380 [ 432.609175][ T6665] 140548097736704-140735437164543: 0000000000000000 [ 432.618321][ T6665] 140735437164544-140735437299711: ffff88806b3de0e0 01:47:07 executing program 1: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r3 = dup(r0) mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) [ 432.990941][ T7635] syz-executor.5 (7635) used greatest stack depth: 21920 bytes left 01:47:08 executing program 4: dup(0xffffffffffffffff) mkdir(&(0x7f00000010c0)='./file0\x00', 0x1) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x2000, 0x61) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat(0xffffffffffffffff, &(0x7f0000000500)='./file0\x00', 0x4000, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000003c0)=0xae) sched_setscheduler(0x0, 0x5, &(0x7f0000000200)=0x7ffc) newfstatat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f00000005c0), 0x0) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r3, 0x8982, &(0x7f0000000300)={0x0, 'ip_vti0\x00', {0x900}, 0x7ff}) r5 = open(&(0x7f00000000c0)='./bus\x00', 0x14da42, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x80001d00c0d0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xff) open(&(0x7f0000000340)='./bus\x00', 0x200, 0x140) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r7}, 0x10) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r7, 0x660c) mount$overlay(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000400), 0x10000, &(0x7f0000000440)={[{@upperdir={'upperdir', 0x3d, './bus'}}, {@xino_off}, {@xino_off}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@xino_off}, {@index_off}], [{@subj_type={'subj_type', 0x3d, 'ip_vti0\x00'}}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@fsmagic={'fsmagic', 0x3d, 0x2}}]}) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz0\x00', 0x1ff) 01:47:08 executing program 2: dup(0xffffffffffffffff) mkdir(&(0x7f00000010c0)='./file0\x00', 0x1) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x2000, 0x61) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat(0xffffffffffffffff, &(0x7f0000000500)='./file0\x00', 0x4000, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000003c0)=0xae) sched_setscheduler(0x0, 0x5, &(0x7f0000000200)=0x7ffc) newfstatat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f00000005c0), 0x0) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r3, 0x8982, &(0x7f0000000300)={0x0, 'ip_vti0\x00', {0x900}, 0x7ff}) r5 = open(&(0x7f00000000c0)='./bus\x00', 0x14da42, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x80001d00c0d0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xff) open(&(0x7f0000000340)='./bus\x00', 0x200, 0x140) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r7}, 0x10) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r7, 0x660c) mount$overlay(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000400), 0x10000, &(0x7f0000000440)={[{@upperdir={'upperdir', 0x3d, './bus'}}, {@xino_off}, {@xino_off}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@xino_off}, {@index_off}], [{@subj_type={'subj_type', 0x3d, 'ip_vti0\x00'}}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@fsmagic={'fsmagic', 0x3d, 0x2}}]}) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz0\x00', 0x1ff) [ 433.194426][ T6665] 140735437299712-140735437316095: 0000000000000000 [ 433.443535][ T27] audit: type=1800 audit(1673401627.038:50): pid=7630 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=1167 res=0 errno=0 [ 433.505199][ T7638] overlayfs: unrecognized mount option "subj_type=ip_vti0" or missing value [ 433.518028][ T27] audit: type=1800 audit(1673401627.198:51): pid=7621 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.4" name="bus" dev="sda1" ino=1187 res=0 errno=0 [ 433.538015][ T27] audit: type=1800 audit(1673401627.258:52): pid=7619 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.2" name="bus" dev="sda1" ino=1186 res=0 errno=0 [ 433.559865][ T27] audit: type=1800 audit(1673401627.378:53): pid=7639 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1189 res=0 errno=0 [ 433.581280][ T27] audit: type=1804 audit(1673401627.438:54): pid=7635 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir2603334418/syzkaller.6cD5tK/32/bus" dev="sda1" ino=1167 res=1 errno=0 [ 433.589676][ T7645] binder: 7644:7645 ioctl c0306201 0 returned -14 [ 433.606982][ T27] audit: type=1804 audit(1673401627.808:55): pid=7641 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir3878708150/syzkaller.BRy09z/134/bus" dev="sda1" ino=1189 res=1 errno=0 [ 433.640296][ T6665] 140735437316096-140735437332479: ffff88806b3de1c0 [ 433.679860][ T6665] 140735437332480-140735437340671: ffff88806b3de2a0 [ 433.708355][ T6665] 140735437340672-18446744073709551615: 0000000000000000 [ 433.769388][ T6665] Pass: 9682205 Run:9682321 [ 433.781916][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 [ 433.791765][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 433.801854][ T6665] Call Trace: [ 433.805159][ T6665] [ 433.808117][ T6665] dump_stack_lvl+0xd1/0x138 [ 433.812769][ T6665] mt_find.cold+0x8b/0x90 [ 433.817147][ T6665] ? mas_find+0x1d0/0x1d0 [ 433.821515][ T6665] find_vma+0x10c/0x1b0 [ 433.825691][ T6665] ? can_vma_merge_before+0x390/0x390 [ 433.831091][ T6665] ? walk_page_test+0x78/0x180 [ 433.835884][ T6665] walk_page_range+0x2b1/0x4a0 [ 433.840684][ T6665] ? __walk_page_range+0x780/0x780 [ 433.845844][ T6665] mlock_fixup+0x650/0x810 [ 433.850309][ T6665] apply_vma_lock_flags+0x23d/0x350 [ 433.855543][ T6665] ? mlock_fixup+0x810/0x810 [ 433.860188][ T6665] ? __ia32_sys_get_robust_list+0x400/0x400 [ 433.866118][ T6665] do_mlock+0x25a/0x6d0 [ 433.870309][ T6665] ? folio_evictable+0x270/0x270 [ 433.875289][ T6665] ? syscall_enter_from_user_mode+0x26/0xb0 [ 433.881214][ T6665] __x64_sys_mlock+0x59/0x80 [ 433.885820][ T6665] do_syscall_64+0x39/0xb0 [ 433.890274][ T6665] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 433.896192][ T6665] RIP: 0033:0x7fd3e6a8c0c9 [ 433.900618][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 433.920244][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 433.928704][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9 [ 433.936697][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000 [ 433.944692][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000 [ 433.952684][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 433.960682][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000 [ 433.968692][ T6665] [ 434.856627][ T7662] overlayfs: unrecognized mount option "subj_type=ip_vti0" or missing value [ 434.942232][ T7651] overlayfs: unrecognized mount option "subj_type=ip_vti0" or missing value [ 434.947034][ T6665] index not increased! 20ffb000 <= 20ffb000 [ 434.958197][ T6665] BUG at mt_find:6473 (1) [ 434.980575][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e [ 434.992876][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 435.044368][ T6665] 0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d [ 435.131003][ T7656] syz-executor.2 (7656) used greatest stack depth: 21464 bytes left [ 435.196869][ T6665] 0-536866815: 0000000000000000 [ 435.202234][ T6665] 536866816-536870911: ffff888022f0e0e0 [ 435.226613][ T6665] 536870912-553627647: ffff888022f0e1c0 [ 435.242035][ T6665] 553627648-553635839: 0000000000000000 [ 435.256523][ T6665] 553635840-553627647: ffff8880272dc9a0 [ 435.296462][ T6665] 553627648-553644031: ffff8880272dc8c0 [ 435.304676][ T6665] 553644032-553648127: ffff88807e16c7e0 [ 435.335535][ T6665] 553648128-553652223: ffff888022f0e2a0 [ 435.356401][ T6665] 553652224-116813594623: 0000000000000000 [ 435.366542][ T6665] 116813594624-116817788927: ffff888022f0e380 [ 435.413517][ T6665] 116817788928-93825002663935: 0000000000000000 [ 435.430141][ T6665] 93825002663936-93825002803199: ffff888022f0e460 [ 435.476261][ T6665] 93825002803200-140548063096831: 0000000000000000 [ 435.483562][ T6665] 140548063096832-140548063100927: ffff888022f0e540 [ 435.496535][ T6665] 140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d [ 435.616402][ T6665] 140548063100928-140548071489535: ffff888022f0e620 [ 435.623492][ T6665] 140548071489536-140548073586687: ffff888022f0e700 [ 435.646431][ T6665] 140548073586688-140548075683839: ffff888022f0e7e0 [ 435.653493][ T6665] 140548075683840-140548077780991: ffff888022f0e8c0 [ 435.676445][ T6665] 140548077780992-140548079878143: ffff888022f0e9a0 [ 435.683517][ T6665] 140548079878144-140548084072447: ffff888022f0ea80 [ 435.706472][ T6665] 140548084072448-140548084219903: ffff888022f0eb60 [ 435.735834][ T6665] 140548084219904-140548084948991: ffff888022f0ec40 [ 435.766016][ T6665] 140548084948992-140548085284863: ffff888022f0ed20 [ 435.774563][ T6665] 140548085284864-140548085288959: 0000000000000000 [ 435.802799][ T6665] 140548085288960-140548085653503: ffff888022f0ee00 [ 435.827970][ T6665] 140548085653504-140548085690367: ffff888022f0eee0 [ 435.835059][ T6665] 140548085690368-140548085710847: 0000000000000000 [ 435.855956][ T6665] 140548085710848-140548097556479: ffff88806b3de000 [ 435.886440][ T6665] 140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 436.026427][ T6665] 140548097556480-140548097601535: 0000000000000000 [ 436.035774][ T6665] 140548097601536-140548097605631: ffff88806b3de460 [ 436.060286][ T6665] 140548097605632-140548097736703: ffff88806b3de380 [ 436.083089][ T6665] 140548097736704-140735437164543: 0000000000000000 [ 436.098217][ T6665] 140735437164544-140735437299711: ffff88806b3de0e0 [ 436.113616][ T6665] 140735437299712-140735437316095: 0000000000000000 [ 436.128647][ T6665] 140735437316096-140735437332479: ffff88806b3de1c0 [ 436.140775][ T7666] loop3: detected capacity change from 0 to 32768 [ 436.147381][ T6665] 140735437332480-140735437340671: ffff88806b3de2a0 [ 436.173219][ T7666] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 436.193251][ T6665] 140735437340672-18446744073709551615: 0000000000000000 [ 436.213256][ T7666] BTRFS info (device loop3): force clearing of disk cache [ 436.223578][ T6665] Pass: 9696721 Run:9696838 [ 436.228539][ T7666] BTRFS info (device loop3): setting nodatasum [ 436.234835][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 [ 436.244673][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 436.254750][ T6665] Call Trace: [ 436.258048][ T6665] [ 436.260998][ T6665] dump_stack_lvl+0xd1/0x138 [ 436.265631][ T6665] mt_find.cold+0x8b/0x90 [ 436.270002][ T6665] ? mas_find+0x1d0/0x1d0 [ 436.274386][ T6665] find_vma+0x10c/0x1b0 [ 436.275206][ T7666] BTRFS info (device loop3): allowing degraded mounts [ 436.278553][ T6665] ? can_vma_merge_before+0x390/0x390 [ 436.278593][ T6665] ? walk_page_test+0x78/0x180 [ 436.278633][ T6665] walk_page_range+0x2b1/0x4a0 [ 436.278674][ T6665] ? __walk_page_range+0x780/0x780 [ 436.278734][ T6665] mlock_fixup+0x650/0x810 [ 436.286578][ T7666] BTRFS info (device loop3): enabling disk space caching [ 436.290848][ T6665] apply_vma_lock_flags+0x23d/0x350 [ 436.295582][ T7666] BTRFS info (device loop3): disk space caching is enabled [ 436.300326][ T6665] ? mlock_fixup+0x810/0x810 [ 436.300384][ T6665] ? __ia32_sys_get_robust_list+0x400/0x400 [ 436.300429][ T6665] do_mlock+0x25a/0x6d0 [ 436.343964][ T6665] ? folio_evictable+0x270/0x270 [ 436.348959][ T6665] ? syscall_enter_from_user_mode+0x26/0xb0 [ 436.354888][ T6665] __x64_sys_mlock+0x59/0x80 [ 436.359496][ T6665] do_syscall_64+0x39/0xb0 [ 436.363940][ T6665] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 436.369857][ T6665] RIP: 0033:0x7fd3e6a8c0c9 [ 436.374286][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 436.393907][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 436.402343][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9 [ 436.410328][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000 [ 436.418312][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000 [ 436.426295][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 436.434281][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000 [ 436.442283][ T6665] [ 436.454863][ T6665] index not increased! 20ffb000 <= 20ffb000 [ 436.463564][ T6665] BUG at mt_find:6473 (1) [ 436.468888][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e [ 436.478079][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 436.517353][ T6665] 0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d [ 436.574334][ T6665] 0-536866815: 0000000000000000 [ 436.582445][ T6665] 536866816-536870911: ffff888022f0e0e0 [ 436.595192][ T6665] 536870912-553627647: ffff888022f0e1c0 [ 436.601312][ T6665] 553627648-553635839: 0000000000000000 [ 436.607567][ T6665] 553635840-553627647: ffff8880272dc9a0 [ 436.616429][ T6665] 553627648-553644031: ffff8880272dc8c0 [ 436.624075][ T6665] 553644032-553648127: ffff88807e16c7e0 [ 436.632058][ T6665] 553648128-553652223: ffff888022f0e2a0 [ 436.637988][ T7666] BTRFS info (device loop3): enabling ssd optimizations [ 436.638015][ T7666] BTRFS info (device loop3): auto enabling async discard [ 436.643836][ T7666] BTRFS info (device loop3): clearing free space tree [ 436.645966][ T6665] 553652224-116813594623: 0000000000000000 [ 436.662635][ T7666] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 436.665932][ T6665] 116813594624-116817788927: [ 436.675777][ T7666] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 436.687468][ T6665] ffff888022f0e380 [ 436.694932][ T6665] 116817788928-93825002663935: 0000000000000000 [ 436.703857][ T6665] 93825002663936-93825002803199: ffff888022f0e460 [ 436.710911][ T6665] 93825002803200-140548063096831: 0000000000000000 [ 436.713696][ T7666] BTRFS info (device loop3): checking UUID tree [ 436.717926][ T6665] 140548063096832-140548063100927: ffff888022f0e540 [ 436.717967][ T6665] 140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d [ 436.806419][ T6665] 140548063100928-140548071489535: ffff888022f0e620 [ 436.813423][ T6665] 140548071489536-140548073586687: ffff888022f0e700 [ 436.834687][ T6665] 140548073586688-140548075683839: ffff888022f0e7e0 [ 436.841879][ T6665] 140548075683840-140548077780991: ffff888022f0e8c0 [ 436.850677][ T6665] 140548077780992-140548079878143: ffff888022f0e9a0 [ 436.860951][ T6665] 140548079878144-140548084072447: ffff888022f0ea80 [ 436.868100][ T6665] 140548084072448-140548084219903: ffff888022f0eb60 [ 436.886382][ T6665] 140548084219904-140548084948991: ffff888022f0ec40 [ 436.893416][ T6665] 140548084948992-140548085284863: ffff888022f0ed20 [ 436.929277][ T6665] 140548085284864-140548085288959: 0000000000000000 [ 436.936274][ T6665] 140548085288960-140548085653503: ffff888022f0ee00 [ 436.959794][ T6665] 140548085653504-140548085690367: ffff888022f0eee0 [ 436.974827][ T6665] 140548085690368-140548085710847: 0000000000000000 [ 436.988609][ T6665] 140548085710848-140548097556479: ffff88806b3de000 [ 436.995602][ T6665] 140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 437.091308][ T6665] 140548097556480-140548097601535: 0000000000000000 [ 437.098964][ T6665] 140548097601536-140548097605631: ffff88806b3de460 [ 437.105951][ T6665] 140548097605632-140548097736703: ffff88806b3de380 [ 437.113358][ T6665] 140548097736704-140735437164543: 0000000000000000 [ 437.123730][ T6665] 140735437164544-140735437299711: ffff88806b3de0e0 [ 437.131822][ T6665] 140735437299712-140735437316095: 0000000000000000 [ 437.142829][ T6665] 140735437316096-140735437332479: ffff88806b3de1c0 [ 437.150118][ T6665] 140735437332480-140735437340671: ffff88806b3de2a0 [ 437.157451][ T6665] 140735437340672-18446744073709551615: 0000000000000000 [ 437.164867][ T6665] Pass: 9717289 Run:9717407 [ 437.170021][ T6665] CPU: 0 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 [ 437.179859][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 437.189931][ T6665] Call Trace: [ 437.193216][ T6665] [ 437.196157][ T6665] dump_stack_lvl+0xd1/0x138 [ 437.200777][ T6665] mt_find.cold+0x8b/0x90 [ 437.205132][ T6665] ? mas_find+0x1d0/0x1d0 [ 437.209498][ T6665] find_vma+0x10c/0x1b0 [ 437.213673][ T6665] ? can_vma_merge_before+0x390/0x390 [ 437.219067][ T6665] ? walk_page_test+0x78/0x180 [ 437.223860][ T6665] walk_page_range+0x2b1/0x4a0 [ 437.228652][ T6665] ? __walk_page_range+0x780/0x780 [ 437.233805][ T6665] mlock_fixup+0x650/0x810 [ 437.238265][ T6665] apply_vma_lock_flags+0x23d/0x350 [ 437.243500][ T6665] ? mlock_fixup+0x810/0x810 [ 437.248133][ T6665] ? __ia32_sys_get_robust_list+0x400/0x400 [ 437.254057][ T6665] do_mlock+0x25a/0x6d0 [ 437.258249][ T6665] ? folio_evictable+0x270/0x270 [ 437.263232][ T6665] ? syscall_enter_from_user_mode+0x26/0xb0 [ 437.269151][ T6665] __x64_sys_mlock+0x59/0x80 [ 437.273758][ T6665] do_syscall_64+0x39/0xb0 [ 437.278204][ T6665] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 437.284115][ T6665] RIP: 0033:0x7fd3e6a8c0c9 [ 437.288541][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 437.308161][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 437.316596][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9 [ 437.324578][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000 [ 437.332562][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000 01:47:12 executing program 3: syz_mount_image$btrfs(&(0x7f00000051c0), &(0x7f0000005200)='./file0\x00', 0x1000008, &(0x7f0000000280)={[{@datacow}, {@clear_cache}, {@nodatasum}, {@rescan_uuid_tree}, {}, {@space_cache_v1}]}, 0xfe, 0x51ab, &(0x7f0000005280)="$eJzs3V9oVFceB/Az+aPxDyY+xV32wX1YWcUFWRF2UdggGF2Whdn1YVnYrFlZxT+7JUgDwb5YS2lBxGCgthSKD33pS0mlUFqqBAsthYogVloUW0teWiiESsGXlpK590xmzvVmxlQbq5+PJHfO/d1z7pnhPsx3zLkTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIRwcM3Kv+xaPb2urD7dP3bq6LLt507vP3ljaGjLlRAqtf2VvL5n+66/79+95689scPw37JtX1/ZkFnXz7PGkqads/2af/4TQuhOBujMtzs6G/pW0hOEI8UB53XgZv/o5u7BaxN3zmy8eP3QhuJTZ1bPYk9gseTX1fTctTRQ+92RHFFvN1x6laZLNOufXnA/yZMAAO7JpmptU387mr/FrbePpfWkPZC0x5N2fIcw3thYiGzcJWXzXJvWF2meA1lUWFo6z6Sev/71djXtn7STqHEP82w+NI80PWXzHEnqizVPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIfJqx9euvTcy+u3ldWn+8dOHV22/dzp/SdvDA1tuRJCX21/JStXlv+q8w+fLtt57fiRN36zr+ftk515v7jtajg4fBIf/LE3hL0Nlek47JerQqg2F2rN8FKxcLD24M+xAAAAwKPkF7XfHfV2Fge7m9qVWpqs1P5FWVg8cLN/dHP34LWJO2c2Xrx+aMPCx6uWjDdw1/Hq7b65n0pDMI7xNx1vrh4PPVIYZ37piGme/2zmyVsXJn7777L+hfzfN3/+j6+c/A8AAMCPIf+n48yvVf6/+s7zT3UN7n2vrH8h/69tOmUh/8cZx/zfERaW/wEAAOBh9qDz/0BhnPm1yv/fnZ86f/nb46+U9S/k/03t5f+uxmnHnR/FCR/uDWFTq6kDAAAAJeL/u899tBDzevbJQZrXO2ZGe6d6blwtG6+Q/wfay//d9/2ZAQAAAAv1v7F/Hb8wNn6zrF7I/9X28v/SBz5zAAAAoF37Tvz/3PoNIyvL6oX8P9xe/l+eb/OVD1mn9+NfIUz0htAz+2AkK3wQxv9ULwAAAAD3SczpX41u/f7jwel3y44r5P+R+e//H+90ENf/N93/r7D+v6GQ3fVvqxsDAAAA8DgqruePt8fPvrmg7Pv3213/f+uXO3b9d+c/vig7fyH/H2sv/3c2bu/n9/8BAADAAvzcvv/vn4Vx5tfq/v/fDN36et3hZwfL+hfy/3h7+T9uVzQ+van4+jzTG8Ka2Qf53QRfi6c7nBQmuxsK2Quf9Ngde+SFyaUNhZqRpMfve0P49eyDY0lhdSyMJ4WZVXnhbFK4HAv59VAvvJ4UpuKV9sKqfLpp4a1YyBdYTMYVFCvqSyKSHrfLeswW7trjev3kAAAAj5UYnvMs293cDGmUnay0OmB5qwM6Wh3Q2eqAruSA9MCy/WG4uRD3v7jtd7evPPHm06FEIf+fbS//x5diSbYpW/8f4vr//HsN6+v/h2OhLylMxkI1vWNANZ4jC7sn4jn6qnmPmTX1AgAAADzS4ucCnYs8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5g7/6D7KrqA4Cf/f0jm91FHAFJNYqA6ZDNJjFKK1MC1UFxpi4OdZw60UR2g9ssJCZhICnthEA7U5hUVKa1o0NDHUdpkUY6jlK1pEyBcaRTm7ZMxWhl/EFtaxnGSodSm87be8/d+87dm/dCdiFLP58/9p33vufnfT/2nXvvOxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD/h38ZWPMb+1f89Py6+PfPuOHDewcuve+jWw8c3bRpw5EQJmYf78jCHYMrui785sBlj+3f+flzp/rvP9Cbl8vjYVnjT2d+55ai1uUhfLEjhO40sHooC/Tk94difSuGQjgtzAWKElODWYm04fDQQAgHw1ygqOr+gRCGSoErjzz4wIFG4o6BEM4NIfSlbXy7L2tjIA2c15sFBtPA9u4s8F/HMkXgS51ZAE5afDMUL/pDE80ZRucvV/P661mwjr240uF1xcRofb4fX7LInSrpTR+YOKmnrVIdi6Ly9jjs3bYE3m2V7Xy7p638RSr/hnJsLtQXOientm65bmZ3fKQzjI111dW0SM/z40/feNWJpJfM6zB2YHRBXofP3vme68+afMuNt24/54m177vg6Ml2s27zLra+kL/mlszzGG30ebIE3n6Vb0krfekKIfzcB7tv6vrtI5+qi1fm/6PHn//Hl3O87WzKHWt9bjibm8dHhmLiqeFsbg4AAABLxlLYa/qjs1/xe6s61zxeV19l/r+yveP/8ZB/PpnPRns4hI2ziZtHQjhz9vEscHds7gMjIbxmNjXRHLgkCRwO4azZxKqiqqREfyyxMgk8OZwHNiaBh2NgIgl8OgZuTwK3xMChJHBVDBxOApfGQJhuHsfPD+fjaDswEAObs414KJ6F8JPh2Fqyrb5VVAUAALBA8tlhT/Pd0rkOJ5shTi8PDbTKEM/Ars3Ql9SQzmCLaVVtDd2tauhsVUMx7n3HH36l5o5WNVdOw+hoznDpK/7w/BVfu+ELoUZl/j9+/Pl/3zwd6agc/w/hitm/MXdnHpkp4psnmjIAAAAAJ2HtG2a+9idnv+nNdfHK/H9je+f/x30iXaXM4dG4G2LbSAjjzYGs2jdXA9lR72V5AAAAAJaC4nh8cSx8Or/NTtFO59PV/BMnmD8e+N84b/5fCpOnb/vBUxvq+luZ/0+0d/7/YPNt1omHYy8+NhJCfynwSOxlIzBrZQx89+LmQD7+h+MGuC1WlZ+YUFR1WyyxOQbGk8DBuhLfKEqc2RzIn6yi8ZuLcUznJUoBAAAAeMHF3QHxuHw8///Ctd/70KaP7/1cXbnK/H/ziZ3/PzsPrpzeP7MshDXdIXSlPwx4dDBbGDAGhjryxFcHs7q60qpuGgzhosbA0qqeyNf/707XGDwykFUVA2e+9rNPn9dIfGoghDXlwGPvvWt2x8juJFA0/qsDIby6Mdq08S/0Z433pI3/QX8IryoFiqo+0B9Co7HetKoH+/LrGKRV/VlfCKeXAkVVb+wLYU8AYImK/0onyw/u2rN325aZmamdi5iI+/AHwtbpmamxq7bPTPbV9Gky6XPTMkY3VcfU2ebYj+ZLFN1z+dhIO+nid4Lj5b7k+/ErJw7m9+N3oZ7Zca7rabq7Ph3y68+pNpEO6cUY8mC5krknsVJ/zN8bloX+63ZN7Ry7Ycvu3TvXZn/bzb4u+xsPM2Xbam26rQbn61sbL492F0N/vtuq6TJXa3Zfs2PNrj17V09fs+Xqqaunrn3D+LrxdevHN7zpwjWNUY1nf1sM9fz5qk6Geuyu6hDavQbU8x3qK7tLlbwQnxoSEhJLLbHl4q/+5b1nfWJZ3cdPZf6/4/jz//ipEz/58/UZ6o7/j8bD/Nnjc4f5N8fAwXaP/4/WHc0vTgxYmQT2xcA+h/kBAAB4aYi7G+PezLhXuuem1WN//MlHnqwrV5n/72vv9/8LtP5/sXT95XXL/K+KJcbr1v9Pl/kv1v/fV7f+f7rMf7H+/8EXYf3/64pAskl+Yv1/AADgpeCFW/+/5fL+6QUCKhlaLu+fXiCgkqHlMv7tXiDghNf/f/tzr+u55iOvviXUqMz/b29v/m/hfgAAADh13HVkQ8eD//o/D9XFK/P/g+3N/1/49f9C3fn/K+sCE3ULA1r/DwAAgCWqbv2/9a/78ebP/WzFD+vKVeb/h9qb/8fTLjqbcsdanxvO1rQL6Zp2Tw0XPxkAAACApaEzjI21u6Jp08qolzz/Nh/PlwI9Xrrsr758zT8+8tb39tfVV5n/H25v/t/0u4xn73zP9WdNvuXG527dfs4Ta993wdG54/8AAADA4ml3vwQAAAAAAAAAAAAAAPDie3rv5Lv++ew7P1MXr/z+P1wx+3jd7//jdf/i7wte3pQ71tp6/b/8/pXvuHfP7JKFjw6HcE45sG3/ttNCfm3+88uBBzatOqOR2J+W+Mp3Lv1BI/H+NPC21S97ppG4KAlsjosknpUG4lUVn1meBOLyin+fBuL2OJQGevPA7y7PxtGRbqsfDWXbqiPdVo8PhTBSChTb6otDWRsd6QDvSALFAD+UBuIAfyUPdKa9undZ1qsYGIpF/2hZ1isAAE5Z8VtgT9g6PTM1Hr/Cx9tXdjffRk1Llt1UrbajzeaP5kuT3XP52Eg76a70u+jctcZ7Ql9jCGsrX1fLWTpmR7kwtbTYdC+vGXKr1d7a/XX2iW663voRDWQjGrtq+8xkT8uBr2+dZV13yyxrK5OdcpbO2U3aRi1t9KWNEbW5bdrocrzfGcbGupJcvxiDo6HJQr0iyuv81b0Kynn2Tb7xb75x7Nihuvoq8//R9ub/feVxPZNfDGBfvLLezSMhnNnmiAAAAIB2fevL/7Ru+yd+55709ort1956weCPLq4rV5n/r2xv/h93jOWHgrO9HYfj9f+L+f9oFrg7NveBkRBeM5uaiCWyC+pfHkuMZ4G74w6TVbHE5onmqvpj4FASeHI4DxxOAg/HQL6X4rMh35XzkeEQNsymrmgusSOWGE0C74yBlUlgLAbGk8DyGNiYBP59eR6YSAJfj4Ew3byt/ny5vSsAAMDzkM+zeprvhnSed6i7VYaOVhkGW2XobJWhr1WGulHE+/fFDD3JySsdpUw9aa0DSS2VDPFi+Cfcr0qG8I3mnGnBStPx/IPifIOO5gz/dtnrv33erlXtX/9/vL35/2Dzbdb6w3H+P3f9vyzwSOzex+Kp4ytj4LsXNwfyHQMPx8nubUVVE3mJfNJ+WyyxMQZWJoEdMbAxCWy+Ig8cPKM5kM+0i8ZvLhqfzkuUAgAAAPCCizsI4m6aOP//0/+++3MH/uHav64rV5n/b2xv/h/bW1Zu7Jai1uUhfLFjrjdFYPVQFoj7MYbiz+NXDIVwWmkHR1FiajAr0Zs0HB4ayH6h3ptWdf9AtsZAvH/lkQcfONBI3DEQwrmlvS9FG9/uy9oYSAPn9WaBwTSwvTsLxD0/ReBLnVkATlqxVzC+oPJTXQqj85eref29VK4Jmg6vsg90nnzz/eZqsfSlD+T7VAsn9rRVqmNRVN4eh73bluK7bdS7rfxFKv+Gcmwu1Bc6J6e2brluZnd8pPxL1opFep7Lv1JtJ70Ar8N9z7+3rfWlHRhPPj7G5y83/+uwI1b37J3vuf6sybfceOv2c55Y+74LjrbdjRrxh8Lv/uTLRsubd7H1hfw1t+Q+TyZ8nizFfwMrPW2NGexTv//V//jp4z+ri1fm/xPtzf+7k9tZz8aNuWskhNeXNu6jcfP/8kj2OVgKZJ+Sp1cD2SH37w3XfnICAADAQit2dxT7C6bz2+yE8HSeXM0/cYL54/6KjfPmb7ffW29+aP8P/+6Or9TFK/P/zcef//cn3XT83/F/Fonj//M61XdF96cP7DupXdGV6lgUjv/P61R/tzn+Py/H/x3/n4/j/y04/j+vU/1pq3xL2uFLVwjh6++/8+33bP+18+rilfn/jvbm/9b/m3/RvmL9v8116//tqFv/b5/1/wAAgEVVs9BcOs+rrN5XyZCu3lfJ0HKBwJZLDFr/74TX/3vrO//3+mOvuGRnqFGZ/+9rb/4fXw7Lyq0vlfX/Vl5RU9XtMbDDwoAAAACciup2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDievcvPLl8029eOF0X//4ZN3x478Cl931064GjmzZtOBJClrUjC3cMrui68JsDlz22f+fnz53qv/9AX16uJ789uyl3rPW54RAOlh4Ziomnhht35gJXvuPePd2NxKPDIZxTDmzbv+20RuLTwyGcXw48sGnVGY3E/rTEV75z6Q8aifengbetftkzjcRFeaAj7e4nl2fd7Ui7e2B5CCOlQNHdX1/eXFXRxmV5oDNt4zNDWRsxMBSLfnwoayMGZmKJ6f4Q1nSH0JVW9bW+rKqutKq/6Muq6kqr+q2+EC4KIXSnVX2nN6uqOx353/ZmVcXAma/97NPnNRIHe0NYUw489t67NjQSH0oCRePv6g3h1Y2XTNr4fT1Z4z1p43f0hPCqEEJvWuI/u7MSvWmJJ7pDOL0UKBr/YHcIewIvCfHDZ7L84K49e7dtmZmZ2rmIid68rYGwdXpmauyq7TOTfUmf6nSU0sduOn78eI4+feNVjdt7Lh8baSfdnZfrme3yup6mu+sXqvftOtHex34NliuZez4q9cf8vWFZ6L9u19TOsRu27N69c232t93s67K/XXk021ZrF2pbdbYoHz3fbXV+uZI1u6/ZsWbXnr2rp6/ZcvXU1VPXvmF83fi69eMb3nThmsaoxrO/CzHUu44fX4yhvrK7VMkL8QEgISGx1BKdTZ9u46f6P73KF/25jvaEvtkP6Mq0opylY3aUCzHoS6rxrkUadGVKUhnR2srEoZJlXess6yuTibksA1mW2e91lclhuabO2U0a73eGsbHazTLafLe8eX88z+Zt1+P5pms3DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/B87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3DqNnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBSAAAA//+3Rsqd") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.current\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b) open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) ioctl$BTRFS_IOC_SNAP_CREATE(0xffffffffffffffff, 0x9408, 0x0) 01:47:12 executing program 1: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r3 = dup(r0) mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) 01:47:12 executing program 0: dup(0xffffffffffffffff) mkdir(&(0x7f00000010c0)='./file0\x00', 0x1) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x2000, 0x61) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat(0xffffffffffffffff, &(0x7f0000000500)='./file0\x00', 0x4000, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000003c0)=0xae) sched_setscheduler(0x0, 0x5, &(0x7f0000000200)=0x7ffc) newfstatat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f00000005c0), 0x0) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r3, 0x8982, &(0x7f0000000300)={0x0, 'ip_vti0\x00', {0x900}, 0x7ff}) r5 = open(&(0x7f00000000c0)='./bus\x00', 0x14da42, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x80001d00c0d0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xff) open(&(0x7f0000000340)='./bus\x00', 0x200, 0x140) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r7}, 0x10) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r7, 0x660c) mount$overlay(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000400), 0x10000, &(0x7f0000000440)={[{@upperdir={'upperdir', 0x3d, './bus'}}, {@xino_off}, {@xino_off}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@xino_off}, {@index_off}], [{@subj_type={'subj_type', 0x3d, 'ip_vti0\x00'}}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@fsmagic={'fsmagic', 0x3d, 0x2}}]}) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz0\x00', 0x1ff) 01:47:12 executing program 2: dup(0xffffffffffffffff) mkdir(&(0x7f00000010c0)='./file0\x00', 0x1) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x2000, 0x61) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat(0xffffffffffffffff, &(0x7f0000000500)='./file0\x00', 0x4000, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000003c0)=0xae) sched_setscheduler(0x0, 0x5, &(0x7f0000000200)=0x7ffc) newfstatat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f00000005c0), 0x0) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r3, 0x8982, &(0x7f0000000300)={0x0, 'ip_vti0\x00', {0x900}, 0x7ff}) r5 = open(&(0x7f00000000c0)='./bus\x00', 0x14da42, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x80001d00c0d0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xff) open(&(0x7f0000000340)='./bus\x00', 0x200, 0x140) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r7}, 0x10) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r7, 0x660c) mount$overlay(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000400), 0x10000, &(0x7f0000000440)={[{@upperdir={'upperdir', 0x3d, './bus'}}, {@xino_off}, {@xino_off}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@xino_off}, {@index_off}], [{@subj_type={'subj_type', 0x3d, 'ip_vti0\x00'}}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@fsmagic={'fsmagic', 0x3d, 0x2}}]}) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz0\x00', 0x1ff) 01:47:12 executing program 5: syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x9, 0x0, 0x7, [{{0x9, 0x4, 0x0, 0x1f, 0x2, 0x7, 0x1, 0x2, 0x3d, "", {{{0x9, 0x5, 0x1, 0x2, 0x40, 0x50, 0x0, 0xbc}}, [{{0x9, 0x5, 0x82, 0x2, 0x40, 0x7, 0x3f, 0x40}}]}}}]}}]}}, &(0x7f00000004c0)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x201, 0x4, 0x0, 0x40, 0xff, 0x7f}, 0x22, &(0x7f0000000100)={0x5, 0xf, 0x22, 0x2, [@ss_container_id={0x14, 0x10, 0x4, 0x0, "569d32bc8310a45d322601cc3a3af7c8"}, @generic={0x9, 0x10, 0xb, "d03ec3143e5b"}]}, 0x7, [{0xc8, &(0x7f0000000140)=@string={0xc8, 0x3, "a50aeaf687fb091af76b68814481c3fc0ce8e78801f7ff53db66c4a553d33321be5f14ea25e8da41113e5599438855fd881486f15fba18f76a5fdbb793985b1dc3eb3ffa192b486d04fb67fc7cd333ca08a49dbaab67f928b1a208a2afa1e53bf94c60b07de82d6d1b5602665950304bba05b90948c8f86c0bc4d64423da34050b288d1fbba8f4c00a40039ebbab941e43ea628f5c9bc1fe56617d583b09b381f9481a7de08ae0be523b8e2835b25b7d4792b9294bca3e6ba767d8872dda2311ea5f38cdc850"}}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x1401}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x42a}}, {0x85, &(0x7f00000002c0)=@string={0x85, 0x3, "ebe8ac684dc1f7e9324d35854adf3e68b1cda036e81157762cccc21f14100d15ac1b97e36c8d52796e41926c6f60a98c2fcca12711fc7aad675946732f4febb1d36f358582afd0af2338c0a1ebeee3229512a86adaa41eca0c6d4a84cb37033b1cfd30ce5ff4cb4ae14f0b90fe0426674876e300d3bdf37431254609fb6ae6f0eeae0f"}}, {0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0x419}}, {0x9b, &(0x7f00000003c0)=@string={0x9b, 0x3, "0c248e70d5231f9dfeaf9161d2f984878d520b481c239294c4aa31b7c65b17822eb926bb745d4cd58d1f1ab28b4e4c6f5579369f123a73c375c533e718db041280b7f9297ca168ac19627915eeefb739f397d8d75c9da9f254d0abc8b9f2b0856ef74934bdd9ca3321b1bcd362376910d6b1dd991b7a4a0dd5299b8f8d32c4e2e8e0bfb3ad95b2fbb00abdffa4c3a126e26d6e3f8a15c3b54d"}}, {0x4, &(0x7f0000000480)=@lang_id={0x4, 0x3, 0x5038}}]}) 01:47:12 executing program 4: r0 = socket$pppl2tp(0x18, 0x1, 0x1) recvmsg(r0, &(0x7f0000002800)={0x0, 0x0, 0x0}, 0x12040) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000000)={0x0, 'veth0_vlan\x00', {0x3}, 0x8001}) [ 437.340543][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 437.348525][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000 [ 437.356524][ T6665] [ 437.365152][ T6665] index not increased! 20ffb000 <= 20ffb000 [ 437.374379][ T6665] BUG at mt_find:6473 (1) [ 437.380442][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e 01:47:12 executing program 4: r0 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ffb000/0x4000)=nil) shmat(r0, &(0x7f0000ffc000/0x4000)=nil, 0x0) [ 437.430215][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 437.472999][ T7693] binder: 7687:7693 ioctl c0306201 0 returned -14 [ 438.850184][ T27] kauditd_printk_skb: 4 callbacks suppressed [ 438.852106][ T27] audit: type=1800 audit(1673401633.148:60): pid=7697 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1167 res=0 errno=0 [ 439.223774][ T7695] overlayfs: unrecognized mount option "subj_type=ip_vti0" or missing value [ 439.530044][ T7700] overlayfs: unrecognized mount option "subj_type=ip_vti0" or missing value [ 439.615916][ T6665] 0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d 01:47:14 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_int(r0, 0x6, 0x3, &(0x7f0000001080), &(0x7f00000010c0)=0x4) 01:47:14 executing program 1: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r3 = dup(r0) mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 439.678432][ T1207] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.684767][ T1207] ieee802154 phy1 wpan1: encryption failed: -22 01:47:14 executing program 2: dup(0xffffffffffffffff) mkdir(&(0x7f00000010c0)='./file0\x00', 0x1) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x2000, 0x61) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat(0xffffffffffffffff, &(0x7f0000000500)='./file0\x00', 0x4000, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000003c0)=0xae) sched_setscheduler(0x0, 0x5, &(0x7f0000000200)=0x7ffc) newfstatat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f00000005c0), 0x0) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r3, 0x8982, &(0x7f0000000300)={0x0, 'ip_vti0\x00', {0x900}, 0x7ff}) r5 = open(&(0x7f00000000c0)='./bus\x00', 0x14da42, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x80001d00c0d0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xff) open(&(0x7f0000000340)='./bus\x00', 0x200, 0x140) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r7}, 0x10) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r7, 0x660c) mount$overlay(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000400), 0x10000, &(0x7f0000000440)={[{@upperdir={'upperdir', 0x3d, './bus'}}, {@xino_off}, {@xino_off}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@xino_off}, {@index_off}], [{@subj_type={'subj_type', 0x3d, 'ip_vti0\x00'}}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@fsmagic={'fsmagic', 0x3d, 0x2}}]}) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz0\x00', 0x1ff) 01:47:14 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = dup2(r0, r0) write$P9_RGETATTR(r1, 0x0, 0x0) 01:47:14 executing program 4: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0) linkat(r0, &(0x7f0000000000)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) [ 439.731608][ T27] audit: type=1804 audit(1673401633.388:61): pid=7699 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir3878708150/syzkaller.BRy09z/135/bus" dev="sda1" ino=1167 res=1 errno=0 [ 439.875052][ T6665] 0-536866815: 0000000000000000 [ 439.883507][ T27] audit: type=1800 audit(1673401633.648:62): pid=7698 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=1168 res=0 errno=0 [ 439.908793][ T6665] 536866816-536870911: ffff888022f0e0e0 [ 439.934283][ T6665] 536870912-553627647: ffff888022f0e1c0 [ 439.966800][ T6665] 553627648-553635839: 0000000000000000 [ 440.098985][ T27] audit: type=1804 audit(1673401633.808:63): pid=7700 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir168840469/syzkaller.pSJJsG/142/bus" dev="sda1" ino=1168 res=1 errno=0 [ 440.143077][ T7720] overlayfs: unrecognized mount option "subj_type=ip_vti0" or missing value [ 440.276943][ T5309] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 440.330480][ T6665] 553635840-553627647: ffff8880272dc9a0 [ 440.352246][ T27] audit: type=1800 audit(1673401634.808:64): pid=7718 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=1168 res=0 errno=0 [ 440.783381][ T6665] 553627648-553644031: ffff8880272dc8c0 [ 440.789426][ T6665] 553644032-553648127: ffff88807e16c7e0 [ 440.795365][ T6665] 553648128-553652223: ffff888022f0e2a0 [ 440.801500][ T6665] 553652224-116813594623: 0000000000000000 [ 440.816992][ T6665] 116813594624-116817788927: ffff888022f0e380 [ 440.825099][ T6665] 116817788928-93825002663935: 0000000000000000 [ 440.835857][ T6665] 93825002663936-93825002803199: ffff888022f0e460 [ 440.843779][ T6665] 93825002803200-140548063096831: 0000000000000000 [ 440.851063][ T6665] 140548063096832-140548063100927: ffff888022f0e540 [ 440.858261][ T6665] 140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d [ 440.928846][ T27] audit: type=1804 audit(1673401634.878:65): pid=7719 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir168840469/syzkaller.pSJJsG/143/bus" dev="sda1" ino=1168 res=1 errno=0 [ 440.961356][ T6665] 140548063100928-140548071489535: ffff888022f0e620 [ 440.968444][ T6665] 140548071489536-140548073586687: ffff888022f0e700 [ 440.975420][ T6665] 140548073586688-140548075683839: ffff888022f0e7e0 [ 440.982518][ T6665] 140548075683840-140548077780991: ffff888022f0e8c0 [ 440.990432][ T6665] 140548077780992-140548079878143: ffff888022f0e9a0 [ 440.997940][ T6665] 140548079878144-140548084072447: ffff888022f0ea80 [ 441.013949][ T6665] 140548084072448-140548084219903: ffff888022f0eb60 [ 441.022887][ T6665] 140548084219904-140548084948991: ffff888022f0ec40 [ 441.044017][ T6665] 140548084948992-140548085284863: ffff888022f0ed20 [ 441.052949][ T6665] 140548085284864-140548085288959: 0000000000000000 [ 441.070366][ T6665] 140548085288960-140548085653503: ffff888022f0ee00 [ 441.086404][ T6665] 140548085653504-140548085690367: ffff888022f0eee0 [ 441.093911][ T6665] 140548085690368-140548085710847: 0000000000000000 [ 441.103558][ T6665] 140548085710848-140548097556479: ffff88806b3de000 [ 441.110931][ T6665] 140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 441.164213][ T6665] 140548097556480-140548097601535: 0000000000000000 [ 441.182210][ T6665] 140548097601536-140548097605631: ffff88806b3de460 [ 441.189524][ T6665] 140548097605632-140548097736703: ffff88806b3de380 [ 441.197290][ T6665] 140548097736704-140735437164543: 0000000000000000 [ 441.204269][ T6665] 140735437164544-140735437299711: ffff88806b3de0e0 [ 441.211923][ T6665] 140735437299712-140735437316095: 0000000000000000 [ 441.230180][ T6665] 140735437316096-140735437332479: ffff88806b3de1c0 [ 441.245360][ T6665] 140735437332480-140735437340671: ffff88806b3de2a0 [ 441.265719][ T6665] 140735437340672-18446744073709551615: 0000000000000000 [ 441.279898][ T6665] Pass: 9733775 Run:9733894 [ 441.284432][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 [ 441.294263][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 441.304342][ T6665] Call Trace: [ 441.307638][ T6665] [ 441.310605][ T6665] dump_stack_lvl+0xd1/0x138 [ 441.315253][ T6665] mt_find.cold+0x8b/0x90 [ 441.319630][ T6665] ? mas_find+0x1d0/0x1d0 [ 441.324014][ T6665] find_vma+0x10c/0x1b0 [ 441.328206][ T6665] ? can_vma_merge_before+0x390/0x390 [ 441.333621][ T6665] ? walk_page_test+0x78/0x180 [ 441.338435][ T6665] walk_page_range+0x2b1/0x4a0 [ 441.343244][ T6665] ? __walk_page_range+0x780/0x780 [ 441.348418][ T6665] mlock_fixup+0x650/0x810 [ 441.352900][ T6665] apply_vma_lock_flags+0x23d/0x350 [ 441.358151][ T6665] ? mlock_fixup+0x810/0x810 [ 441.362805][ T6665] ? __ia32_sys_get_robust_list+0x400/0x400 [ 441.368747][ T6665] do_mlock+0x25a/0x6d0 [ 441.372958][ T6665] ? folio_evictable+0x270/0x270 [ 441.377958][ T6665] ? syscall_enter_from_user_mode+0x26/0xb0 [ 441.383894][ T6665] __x64_sys_mlock+0x59/0x80 [ 441.388513][ T6665] do_syscall_64+0x39/0xb0 [ 441.392972][ T6665] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 441.398911][ T6665] RIP: 0033:0x7fd3e6a8c0c9 [ 441.403351][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 441.422987][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 441.431442][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9 [ 441.439443][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000 [ 441.447440][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000 [ 441.455436][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 441.463430][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000 [ 441.471471][ T6665] [ 441.481893][ T6665] index not increased! 20ffb000 <= 20ffb000 [ 441.487871][ T6665] BUG at mt_find:6473 (1) [ 441.492220][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e [ 441.504206][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 441.544098][ T6665] 0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d [ 441.596592][ T6665] 0-536866815: 0000000000000000 [ 441.601920][ T6665] 536866816-536870911: ffff888022f0e0e0 [ 441.608184][ T6665] 536870912-553627647: ffff888022f0e1c0 [ 441.614208][ T6665] 553627648-553635839: 0000000000000000 [ 441.620265][ T6665] 553635840-553627647: ffff8880272dc9a0 [ 441.626278][ T6665] 553627648-553644031: ffff8880272dc8c0 [ 441.632377][ T6665] 553644032-553648127: ffff88807e16c7e0 [ 441.639941][ T6665] 553648128-553652223: ffff888022f0e2a0 [ 441.645962][ T6665] 553652224-116813594623: 0000000000000000 [ 441.652308][ T6665] 116813594624-116817788927: ffff888022f0e380 [ 441.658893][ T6665] 116817788928-93825002663935: 0000000000000000 [ 441.665604][ T6665] 93825002663936-93825002803199: ffff888022f0e460 [ 441.672571][ T6665] 93825002803200-140548063096831: 0000000000000000 [ 441.680149][ T6665] 140548063096832-140548063100927: ffff888022f0e540 [ 441.687435][ T6665] 140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d [ 441.699077][ T7724] loop3: detected capacity change from 0 to 32768 [ 441.749077][ T6665] 140548063100928-140548071489535: ffff888022f0e620 [ 441.757667][ T6665] 140548071489536-140548073586687: ffff888022f0e700 [ 441.764728][ T6665] 140548073586688-140548075683839: ffff888022f0e7e0 [ 441.772137][ T6665] 140548075683840-140548077780991: ffff888022f0e8c0 [ 441.776013][ T7724] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 441.788781][ T7724] BTRFS info (device loop3): force clearing of disk cache [ 441.790819][ T6665] 140548077780992-140548079878143: [ 441.795904][ T7724] BTRFS info (device loop3): setting nodatasum [ 441.795933][ T7724] BTRFS info (device loop3): allowing degraded mounts [ 441.811073][ T6665] ffff888022f0e9a0 [ 441.814828][ T7724] BTRFS info (device loop3): enabling disk space caching [ 441.818719][ T6665] 140548079878144-140548084072447: ffff888022f0ea80 [ 441.826477][ T7724] BTRFS info (device loop3): disk space caching is enabled [ 441.832994][ T6665] 140548084072448-140548084219903: ffff888022f0eb60 [ 441.852096][ T6665] 140548084219904-140548084948991: ffff888022f0ec40 [ 441.859993][ T6665] 140548084948992-140548085284863: ffff888022f0ed20 [ 441.867258][ T6665] 140548085284864-140548085288959: 0000000000000000 [ 441.874331][ T6665] 140548085288960-140548085653503: ffff888022f0ee00 [ 441.881669][ T6665] 140548085653504-140548085690367: ffff888022f0eee0 [ 441.881746][ T7724] BTRFS info (device loop3): enabling ssd optimizations [ 441.895888][ T7724] BTRFS info (device loop3): auto enabling async discard [ 441.896964][ T6665] 140548085690368-140548085710847: 0000000000000000 [ 441.917098][ T6665] 140548085710848-140548097556479: ffff88806b3de000 [ 441.920881][ T7724] BTRFS info (device loop3): clearing free space tree [ 441.924062][ T6665] 140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 441.936552][ T7724] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 441.986538][ T6665] 140548097556480-140548097601535: 0000000000000000 [ 441.999852][ T6665] 140548097601536-140548097605631: ffff88806b3de460 [ 442.006897][ T6665] 140548097605632-140548097736703: ffff88806b3de380 [ 442.014084][ T6665] 140548097736704-140735437164543: 0000000000000000 [ 442.021126][ T6665] 140735437164544-140735437299711: ffff88806b3de0e0 [ 442.028487][ T6665] 140735437299712-140735437316095: 0000000000000000 [ 442.035468][ T6665] 140735437316096-140735437332479: ffff88806b3de1c0 [ 442.037024][ T7724] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 442.042530][ T6665] 140735437332480-140735437340671: ffff88806b3de2a0 [ 442.060943][ T6665] 140735437340672-18446744073709551615: 0000000000000000 [ 442.068429][ T6665] Pass: 9738149 Run:9738269 [ 442.073094][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 [ 442.082430][ T7724] BTRFS info (device loop3): checking UUID tree [ 442.082903][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 442.082921][ T6665] Call Trace: [ 442.082930][ T6665] [ 442.082942][ T6665] dump_stack_lvl+0xd1/0x138 [ 442.110031][ T6665] mt_find.cold+0x8b/0x90 [ 442.114401][ T6665] ? mas_find+0x1d0/0x1d0 [ 442.118762][ T6665] find_vma+0x10c/0x1b0 [ 442.122939][ T6665] ? can_vma_merge_before+0x390/0x390 [ 442.128331][ T6665] ? walk_page_test+0x78/0x180 [ 442.133126][ T6665] walk_page_range+0x2b1/0x4a0 [ 442.137907][ T6665] ? __walk_page_range+0x780/0x780 [ 442.143064][ T6665] mlock_fixup+0x650/0x810 [ 442.147511][ T6665] apply_vma_lock_flags+0x23d/0x350 [ 442.152764][ T6665] ? mlock_fixup+0x810/0x810 [ 442.157424][ T6665] ? __ia32_sys_get_robust_list+0x400/0x400 [ 442.163353][ T6665] do_mlock+0x25a/0x6d0 [ 442.167528][ T6665] ? folio_evictable+0x270/0x270 [ 442.172510][ T6665] ? syscall_enter_from_user_mode+0x26/0xb0 [ 442.178432][ T6665] __x64_sys_mlock+0x59/0x80 [ 442.183038][ T6665] do_syscall_64+0x39/0xb0 [ 442.187482][ T6665] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 442.193395][ T6665] RIP: 0033:0x7fd3e6a8c0c9 [ 442.197821][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 442.217443][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 442.225872][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9 [ 442.233856][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000 [ 442.241839][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000 [ 442.249824][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 442.257809][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000 [ 442.265811][ T6665] [ 442.277332][ T6665] index not increased! 20ffb000 <= 20ffb000 [ 442.288913][ T6665] BUG at mt_find:6473 (1) [ 442.306656][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e [ 442.325515][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 442.373285][ T6665] 0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d [ 442.514818][ T6665] 0-536866815: 0000000000000000 [ 442.526055][ T6665] 536866816-536870911: ffff888022f0e0e0 [ 442.537852][ T6665] 536870912-553627647: ffff888022f0e1c0 [ 442.543805][ T6665] 553627648-553635839: 0000000000000000 [ 442.565982][ T6665] 553635840-553627647: ffff8880272dc9a0 [ 442.576488][ T6665] 553627648-553644031: ffff8880272dc8c0 [ 442.590281][ T6665] 553644032-553648127: ffff88807e16c7e0 [ 442.596225][ T6665] 553648128-553652223: ffff888022f0e2a0 [ 442.602536][ T6665] 553652224-116813594623: 0000000000000000 [ 442.609012][ T6665] 116813594624-116817788927: ffff888022f0e380 01:47:17 executing program 3: syz_mount_image$btrfs(&(0x7f00000051c0), &(0x7f0000005200)='./file0\x00', 0x1000008, &(0x7f0000000280)={[{@datacow}, {@clear_cache}, {@nodatasum}, {@rescan_uuid_tree}, {}, {@space_cache_v1}]}, 0xfe, 0x51ab, &(0x7f0000005280)="$eJzs3V9oVFceB/Az+aPxDyY+xV32wX1YWcUFWRF2UdggGF2Whdn1YVnYrFlZxT+7JUgDwb5YS2lBxGCgthSKD33pS0mlUFqqBAsthYogVloUW0teWiiESsGXlpK590xmzvVmxlQbq5+PJHfO/d1z7pnhPsx3zLkTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIRwcM3Kv+xaPb2urD7dP3bq6LLt507vP3ljaGjLlRAqtf2VvL5n+66/79+95689scPw37JtX1/ZkFnXz7PGkqads/2af/4TQuhOBujMtzs6G/pW0hOEI8UB53XgZv/o5u7BaxN3zmy8eP3QhuJTZ1bPYk9gseTX1fTctTRQ+92RHFFvN1x6laZLNOufXnA/yZMAAO7JpmptU387mr/FrbePpfWkPZC0x5N2fIcw3thYiGzcJWXzXJvWF2meA1lUWFo6z6Sev/71djXtn7STqHEP82w+NI80PWXzHEnqizVPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIfJqx9euvTcy+u3ldWn+8dOHV22/dzp/SdvDA1tuRJCX21/JStXlv+q8w+fLtt57fiRN36zr+ftk515v7jtajg4fBIf/LE3hL0Nlek47JerQqg2F2rN8FKxcLD24M+xAAAAwKPkF7XfHfV2Fge7m9qVWpqs1P5FWVg8cLN/dHP34LWJO2c2Xrx+aMPCx6uWjDdw1/Hq7b65n0pDMI7xNx1vrh4PPVIYZ37piGme/2zmyVsXJn7777L+hfzfN3/+j6+c/A8AAMCPIf+n48yvVf6/+s7zT3UN7n2vrH8h/69tOmUh/8cZx/zfERaW/wEAAOBh9qDz/0BhnPm1yv/fnZ86f/nb46+U9S/k/03t5f+uxmnHnR/FCR/uDWFTq6kDAAAAJeL/u899tBDzevbJQZrXO2ZGe6d6blwtG6+Q/wfay//d9/2ZAQAAAAv1v7F/Hb8wNn6zrF7I/9X28v/SBz5zAAAAoF37Tvz/3PoNIyvL6oX8P9xe/l+eb/OVD1mn9+NfIUz0htAz+2AkK3wQxv9ULwAAAAD3SczpX41u/f7jwel3y44r5P+R+e//H+90ENf/N93/r7D+v6GQ3fVvqxsDAAAA8DgqruePt8fPvrmg7Pv3213/f+uXO3b9d+c/vig7fyH/H2sv/3c2bu/n9/8BAADAAvzcvv/vn4Vx5tfq/v/fDN36et3hZwfL+hfy/3h7+T9uVzQ+van4+jzTG8Ka2Qf53QRfi6c7nBQmuxsK2Quf9Ngde+SFyaUNhZqRpMfve0P49eyDY0lhdSyMJ4WZVXnhbFK4HAv59VAvvJ4UpuKV9sKqfLpp4a1YyBdYTMYVFCvqSyKSHrfLeswW7trjev3kAAAAj5UYnvMs293cDGmUnay0OmB5qwM6Wh3Q2eqAruSA9MCy/WG4uRD3v7jtd7evPPHm06FEIf+fbS//x5diSbYpW/8f4vr//HsN6+v/h2OhLylMxkI1vWNANZ4jC7sn4jn6qnmPmTX1AgAAADzS4ucCnYs8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5g7/6D7KrqA4Cf/f0jm91FHAFJNYqA6ZDNJjFKK1MC1UFxpi4OdZw60UR2g9ssJCZhICnthEA7U5hUVKa1o0NDHUdpkUY6jlK1pEyBcaRTm7ZMxWhl/EFtaxnGSodSm87be8/d+87dm/dCdiFLP58/9p33vufnfT/2nXvvOxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD/h38ZWPMb+1f89Py6+PfPuOHDewcuve+jWw8c3bRpw5EQJmYf78jCHYMrui785sBlj+3f+flzp/rvP9Cbl8vjYVnjT2d+55ai1uUhfLEjhO40sHooC/Tk94difSuGQjgtzAWKElODWYm04fDQQAgHw1ygqOr+gRCGSoErjzz4wIFG4o6BEM4NIfSlbXy7L2tjIA2c15sFBtPA9u4s8F/HMkXgS51ZAE5afDMUL/pDE80ZRucvV/P661mwjr240uF1xcRofb4fX7LInSrpTR+YOKmnrVIdi6Ly9jjs3bYE3m2V7Xy7p638RSr/hnJsLtQXOientm65bmZ3fKQzjI111dW0SM/z40/feNWJpJfM6zB2YHRBXofP3vme68+afMuNt24/54m177vg6Ml2s27zLra+kL/mlszzGG30ebIE3n6Vb0krfekKIfzcB7tv6vrtI5+qi1fm/6PHn//Hl3O87WzKHWt9bjibm8dHhmLiqeFsbg4AAABLxlLYa/qjs1/xe6s61zxeV19l/r+yveP/8ZB/PpnPRns4hI2ziZtHQjhz9vEscHds7gMjIbxmNjXRHLgkCRwO4azZxKqiqqREfyyxMgk8OZwHNiaBh2NgIgl8OgZuTwK3xMChJHBVDBxOApfGQJhuHsfPD+fjaDswEAObs414KJ6F8JPh2Fqyrb5VVAUAALBA8tlhT/Pd0rkOJ5shTi8PDbTKEM/Ars3Ql9SQzmCLaVVtDd2tauhsVUMx7n3HH36l5o5WNVdOw+hoznDpK/7w/BVfu+ELoUZl/j9+/Pl/3zwd6agc/w/hitm/MXdnHpkp4psnmjIAAAAAJ2HtG2a+9idnv+nNdfHK/H9je+f/x30iXaXM4dG4G2LbSAjjzYGs2jdXA9lR72V5AAAAAJaC4nh8cSx8Or/NTtFO59PV/BMnmD8e+N84b/5fCpOnb/vBUxvq+luZ/0+0d/7/YPNt1omHYy8+NhJCfynwSOxlIzBrZQx89+LmQD7+h+MGuC1WlZ+YUFR1WyyxOQbGk8DBuhLfKEqc2RzIn6yi8ZuLcUznJUoBAAAAeMHF3QHxuHw8///Ctd/70KaP7/1cXbnK/H/ziZ3/PzsPrpzeP7MshDXdIXSlPwx4dDBbGDAGhjryxFcHs7q60qpuGgzhosbA0qqeyNf/707XGDwykFUVA2e+9rNPn9dIfGoghDXlwGPvvWt2x8juJFA0/qsDIby6Mdq08S/0Z433pI3/QX8IryoFiqo+0B9Co7HetKoH+/LrGKRV/VlfCKeXAkVVb+wLYU8AYImK/0onyw/u2rN325aZmamdi5iI+/AHwtbpmamxq7bPTPbV9Gky6XPTMkY3VcfU2ebYj+ZLFN1z+dhIO+nid4Lj5b7k+/ErJw7m9+N3oZ7Zca7rabq7Ph3y68+pNpEO6cUY8mC5krknsVJ/zN8bloX+63ZN7Ry7Ycvu3TvXZn/bzb4u+xsPM2Xbam26rQbn61sbL492F0N/vtuq6TJXa3Zfs2PNrj17V09fs+Xqqaunrn3D+LrxdevHN7zpwjWNUY1nf1sM9fz5qk6Geuyu6hDavQbU8x3qK7tLlbwQnxoSEhJLLbHl4q/+5b1nfWJZ3cdPZf6/4/jz//ipEz/58/UZ6o7/j8bD/Nnjc4f5N8fAwXaP/4/WHc0vTgxYmQT2xcA+h/kBAAB4aYi7G+PezLhXuuem1WN//MlHnqwrV5n/72vv9/8LtP5/sXT95XXL/K+KJcbr1v9Pl/kv1v/fV7f+f7rMf7H+/8EXYf3/64pAskl+Yv1/AADgpeCFW/+/5fL+6QUCKhlaLu+fXiCgkqHlMv7tXiDghNf/f/tzr+u55iOvviXUqMz/b29v/m/hfgAAADh13HVkQ8eD//o/D9XFK/P/g+3N/1/49f9C3fn/K+sCE3ULA1r/DwAAgCWqbv2/9a/78ebP/WzFD+vKVeb/h9qb/8fTLjqbcsdanxvO1rQL6Zp2Tw0XPxkAAACApaEzjI21u6Jp08qolzz/Nh/PlwI9Xrrsr758zT8+8tb39tfVV5n/H25v/t/0u4xn73zP9WdNvuXG527dfs4Ta993wdG54/8AAADA4ml3vwQAAAAAAAAAAAAAAPDie3rv5Lv++ew7P1MXr/z+P1wx+3jd7//jdf/i7wte3pQ71tp6/b/8/pXvuHfP7JKFjw6HcE45sG3/ttNCfm3+88uBBzatOqOR2J+W+Mp3Lv1BI/H+NPC21S97ppG4KAlsjosknpUG4lUVn1meBOLyin+fBuL2OJQGevPA7y7PxtGRbqsfDWXbqiPdVo8PhTBSChTb6otDWRsd6QDvSALFAD+UBuIAfyUPdKa9undZ1qsYGIpF/2hZ1isAAE5Z8VtgT9g6PTM1Hr/Cx9tXdjffRk1Llt1UrbajzeaP5kuT3XP52Eg76a70u+jctcZ7Ql9jCGsrX1fLWTpmR7kwtbTYdC+vGXKr1d7a/XX2iW663voRDWQjGrtq+8xkT8uBr2+dZV13yyxrK5OdcpbO2U3aRi1t9KWNEbW5bdrocrzfGcbGupJcvxiDo6HJQr0iyuv81b0Kynn2Tb7xb75x7Nihuvoq8//R9ub/feVxPZNfDGBfvLLezSMhnNnmiAAAAIB2fevL/7Ru+yd+55709ort1956weCPLq4rV5n/r2xv/h93jOWHgrO9HYfj9f+L+f9oFrg7NveBkRBeM5uaiCWyC+pfHkuMZ4G74w6TVbHE5onmqvpj4FASeHI4DxxOAg/HQL6X4rMh35XzkeEQNsymrmgusSOWGE0C74yBlUlgLAbGk8DyGNiYBP59eR6YSAJfj4Ew3byt/ny5vSsAAMDzkM+zeprvhnSed6i7VYaOVhkGW2XobJWhr1WGulHE+/fFDD3JySsdpUw9aa0DSS2VDPFi+Cfcr0qG8I3mnGnBStPx/IPifIOO5gz/dtnrv33erlXtX/9/vL35/2Dzbdb6w3H+P3f9vyzwSOzex+Kp4ytj4LsXNwfyHQMPx8nubUVVE3mJfNJ+WyyxMQZWJoEdMbAxCWy+Ig8cPKM5kM+0i8ZvLhqfzkuUAgAAAPCCizsI4m6aOP//0/+++3MH/uHav64rV5n/b2xv/h/bW1Zu7Jai1uUhfLFjrjdFYPVQFoj7MYbiz+NXDIVwWmkHR1FiajAr0Zs0HB4ayH6h3ptWdf9AtsZAvH/lkQcfONBI3DEQwrmlvS9FG9/uy9oYSAPn9WaBwTSwvTsLxD0/ReBLnVkATlqxVzC+oPJTXQqj85eref29VK4Jmg6vsg90nnzz/eZqsfSlD+T7VAsn9rRVqmNRVN4eh73bluK7bdS7rfxFKv+Gcmwu1Bc6J6e2brluZnd8pPxL1opFep7Lv1JtJ70Ar8N9z7+3rfWlHRhPPj7G5y83/+uwI1b37J3vuf6sybfceOv2c55Y+74LjrbdjRrxh8Lv/uTLRsubd7H1hfw1t+Q+TyZ8nizFfwMrPW2NGexTv//V//jp4z+ri1fm/xPtzf+7k9tZz8aNuWskhNeXNu6jcfP/8kj2OVgKZJ+Sp1cD2SH37w3XfnICAADAQit2dxT7C6bz2+yE8HSeXM0/cYL54/6KjfPmb7ffW29+aP8P/+6Or9TFK/P/zcef//cn3XT83/F/Fonj//M61XdF96cP7DupXdGV6lgUjv/P61R/tzn+Py/H/x3/n4/j/y04/j+vU/1pq3xL2uFLVwjh6++/8+33bP+18+rilfn/jvbm/9b/m3/RvmL9v8116//tqFv/b5/1/wAAgEVVs9BcOs+rrN5XyZCu3lfJ0HKBwJZLDFr/74TX/3vrO//3+mOvuGRnqFGZ/+9rb/4fXw7Lyq0vlfX/Vl5RU9XtMbDDwoAAAACciup2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDievcvPLl8029eOF0X//4ZN3x478Cl931064GjmzZtOBJClrUjC3cMrui68JsDlz22f+fnz53qv/9AX16uJ789uyl3rPW54RAOlh4Ziomnhht35gJXvuPePd2NxKPDIZxTDmzbv+20RuLTwyGcXw48sGnVGY3E/rTEV75z6Q8aifengbetftkzjcRFeaAj7e4nl2fd7Ui7e2B5CCOlQNHdX1/eXFXRxmV5oDNt4zNDWRsxMBSLfnwoayMGZmKJ6f4Q1nSH0JVW9bW+rKqutKq/6Muq6kqr+q2+EC4KIXSnVX2nN6uqOx353/ZmVcXAma/97NPnNRIHe0NYUw489t67NjQSH0oCRePv6g3h1Y2XTNr4fT1Z4z1p43f0hPCqEEJvWuI/u7MSvWmJJ7pDOL0UKBr/YHcIewIvCfHDZ7L84K49e7dtmZmZ2rmIid68rYGwdXpmauyq7TOTfUmf6nSU0sduOn78eI4+feNVjdt7Lh8baSfdnZfrme3yup6mu+sXqvftOtHex34NliuZez4q9cf8vWFZ6L9u19TOsRu27N69c232t93s67K/XXk021ZrF2pbdbYoHz3fbXV+uZI1u6/ZsWbXnr2rp6/ZcvXU1VPXvmF83fi69eMb3nThmsaoxrO/CzHUu44fX4yhvrK7VMkL8QEgISGx1BKdTZ9u46f6P73KF/25jvaEvtkP6Mq0opylY3aUCzHoS6rxrkUadGVKUhnR2srEoZJlXess6yuTibksA1mW2e91lclhuabO2U0a73eGsbHazTLafLe8eX88z+Zt1+P5pms3DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/B87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3DqNnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBSAAAA//+3Rsqd") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.current\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b) open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) ioctl$BTRFS_IOC_SNAP_CREATE(0xffffffffffffffff, 0x9408, 0x0) 01:47:17 executing program 1: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r3 = dup(r0) mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 01:47:17 executing program 4: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, 0x0) 01:47:17 executing program 0: io_submit(0x0, 0x1, &(0x7f0000001900)=[&(0x7f0000001280)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) 01:47:17 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_int(r0, 0x6, 0x6ca, &(0x7f0000000040)=0x7, 0x4) 01:47:17 executing program 2: dup(0xffffffffffffffff) mkdir(&(0x7f00000010c0)='./file0\x00', 0x1) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x2000, 0x61) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat(0xffffffffffffffff, &(0x7f0000000500)='./file0\x00', 0x4000, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000003c0)=0xae) sched_setscheduler(0x0, 0x5, &(0x7f0000000200)=0x7ffc) newfstatat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f00000005c0), 0x0) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r3, 0x8982, &(0x7f0000000300)={0x0, 'ip_vti0\x00', {0x900}, 0x7ff}) r5 = open(&(0x7f00000000c0)='./bus\x00', 0x14da42, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x80001d00c0d0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xff) open(&(0x7f0000000340)='./bus\x00', 0x200, 0x140) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r7}, 0x10) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r7, 0x660c) mount$overlay(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000400), 0x10000, &(0x7f0000000440)={[{@upperdir={'upperdir', 0x3d, './bus'}}, {@xino_off}, {@xino_off}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@xino_off}, {@index_off}], [{@subj_type={'subj_type', 0x3d, 'ip_vti0\x00'}}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@fsmagic={'fsmagic', 0x3d, 0x2}}]}) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz0\x00', 0x1ff) [ 442.615551][ T6665] 116817788928-93825002663935: 0000000000000000 [ 442.622499][ T6665] 93825002663936-93825002803199: ffff888022f0e460 [ 442.632274][ T6665] 93825002803200-140548063096831: 0000000000000000 01:47:17 executing program 0: r0 = syz_open_dev$rtc(&(0x7f0000000340), 0x0, 0x0) ioctl$RTC_ALM_READ(r0, 0x4008700e, 0x0) 01:47:17 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) [ 442.659938][ T6665] 140548063096832-140548063100927: ffff888022f0e540 01:47:17 executing program 1: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r3 = dup(r0) mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 442.709556][ T6665] 140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d [ 442.786550][ T6665] 140548063100928-140548071489535: ffff888022f0e620 [ 442.793537][ T6665] 140548071489536-140548073586687: ffff888022f0e700 [ 442.844284][ T6665] 140548073586688-140548075683839: ffff888022f0e7e0 01:47:17 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae03, 0x3) 01:47:17 executing program 1: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r3 = dup(r0) mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000280), 0x0, 0x0, 0x0}) [ 442.891796][ T6665] 140548075683840-140548077780991: ffff888022f0e8c0 [ 442.951840][ T6665] 140548077780992-140548079878143: ffff888022f0e9a0 [ 442.977466][ T27] audit: type=1800 audit(1673401637.788:66): pid=7766 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=1167 res=0 errno=0 [ 442.998301][ T6665] 140548079878144-140548084072447: ffff888022f0ea80 01:47:17 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCSLCKTRMIOS(r0, 0x80045432, &(0x7f0000000040)) [ 443.092281][ T6665] 140548084072448-140548084219903: ffff888022f0eb60 [ 443.108151][ T7769] overlayfs: unrecognized mount option "subj_type=ip_vti0" or missing value [ 443.133544][ T27] audit: type=1804 audit(1673401637.868:67): pid=7769 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir168840469/syzkaller.pSJJsG/144/bus" dev="sda1" ino=1167 res=1 errno=0 [ 443.290224][ T6665] 140548084219904-140548084948991: ffff888022f0ec40 [ 443.313342][ T6665] 140548084948992-140548085284863: ffff888022f0ed20 [ 443.364098][ T6665] 140548085284864-140548085288959: 0000000000000000 [ 443.392065][ T6665] 140548085288960-140548085653503: ffff888022f0ee00 [ 443.402120][ T6665] 140548085653504-140548085690367: ffff888022f0eee0 [ 443.409612][ T6665] 140548085690368-140548085710847: 0000000000000000 [ 443.416999][ T6665] 140548085710848-140548097556479: ffff88806b3de000 [ 443.424113][ T6665] 140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 443.482899][ T6665] 140548097556480-140548097601535: 0000000000000000 [ 443.490156][ T6665] 140548097601536-140548097605631: ffff88806b3de460 [ 443.497570][ T6665] 140548097605632-140548097736703: ffff88806b3de380 [ 443.504644][ T6665] 140548097736704-140735437164543: 0000000000000000 [ 443.511766][ T6665] 140735437164544-140735437299711: ffff88806b3de0e0 [ 443.519012][ T6665] 140735437299712-140735437316095: 0000000000000000 [ 443.526090][ T6665] 140735437316096-140735437332479: ffff88806b3de1c0 [ 443.533772][ T6665] 140735437332480-140735437340671: ffff88806b3de2a0 [ 443.541410][ T6665] 140735437340672-18446744073709551615: 0000000000000000 [ 443.549009][ T6665] Pass: 9766049 Run:9766170 [ 443.553624][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 [ 443.563458][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 443.573538][ T6665] Call Trace: [ 443.576843][ T6665] [ 443.579804][ T6665] dump_stack_lvl+0xd1/0x138 [ 443.584446][ T6665] mt_find.cold+0x8b/0x90 [ 443.588828][ T6665] ? mas_find+0x1d0/0x1d0 [ 443.593206][ T6665] find_vma+0x10c/0x1b0 [ 443.597392][ T6665] ? can_vma_merge_before+0x390/0x390 [ 443.602804][ T6665] ? walk_page_test+0x78/0x180 [ 443.607614][ T6665] walk_page_range+0x2b1/0x4a0 [ 443.612429][ T6665] ? __walk_page_range+0x780/0x780 [ 443.617604][ T6665] mlock_fixup+0x650/0x810 [ 443.622090][ T6665] apply_vma_lock_flags+0x23d/0x350 [ 443.627344][ T6665] ? mlock_fixup+0x810/0x810 [ 443.631995][ T6665] ? __ia32_sys_get_robust_list+0x400/0x400 [ 443.637936][ T6665] do_mlock+0x25a/0x6d0 [ 443.642144][ T6665] ? folio_evictable+0x270/0x270 [ 443.647147][ T6665] ? syscall_enter_from_user_mode+0x26/0xb0 [ 443.653086][ T6665] __x64_sys_mlock+0x59/0x80 [ 443.657702][ T6665] do_syscall_64+0x39/0xb0 [ 443.662149][ T6665] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 443.668065][ T6665] RIP: 0033:0x7fd3e6a8c0c9 [ 443.672490][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 443.692112][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 443.700541][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9 [ 443.708523][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000 [ 443.716505][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000 [ 443.724485][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 443.732466][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000 [ 443.740468][ T6665] [ 444.007078][ T6665] index not increased! 20ffb000 <= 20ffb000 [ 444.019762][ T6665] BUG at mt_find:6473 (1) [ 444.028636][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e [ 444.037222][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 444.074343][ T6665] 0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d [ 444.126198][ T6665] 0-536866815: 0000000000000000 [ 444.138356][ T6665] 536866816-536870911: ffff888022f0e0e0 [ 444.151107][ T6665] 536870912-553627647: ffff888022f0e1c0 [ 444.162978][ T6665] 553627648-553635839: 0000000000000000 [ 444.175792][ T6665] 553635840-553627647: ffff8880272dc9a0 [ 444.191967][ T6665] 553627648-553644031: ffff8880272dc8c0 [ 444.206472][ T6665] 553644032-553648127: ffff88807e16c7e0 [ 444.216946][ T6665] 553648128-553652223: ffff888022f0e2a0 [ 444.229150][ T6665] 553652224-116813594623: 0000000000000000 [ 444.239887][ T6665] 116813594624-116817788927: ffff888022f0e380 [ 444.250937][ T6665] 116817788928-93825002663935: 0000000000000000 [ 444.262194][ T6665] 93825002663936-93825002803199: ffff888022f0e460 [ 444.274691][ T6665] 93825002803200-140548063096831: 0000000000000000 [ 444.287310][ T6665] 140548063096832-140548063100927: ffff888022f0e540 [ 444.300036][ T6665] 140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d [ 444.413121][ T6665] 140548063100928-140548071489535: ffff888022f0e620 [ 444.426955][ T6665] 140548071489536-140548073586687: ffff888022f0e700 [ 444.440705][ T6665] 140548073586688-140548075683839: ffff888022f0e7e0 [ 444.454547][ T6665] 140548075683840-140548077780991: ffff888022f0e8c0 [ 444.468313][ T6665] 140548077780992-140548079878143: ffff888022f0e9a0 [ 444.483637][ T6665] 140548079878144-140548084072447: ffff888022f0ea80 [ 444.496378][ T6665] 140548084072448-140548084219903: ffff888022f0eb60 [ 444.510154][ T6665] 140548084219904-140548084948991: ffff888022f0ec40 [ 444.522873][ T6665] 140548084948992-140548085284863: ffff888022f0ed20 [ 444.536660][ T6665] 140548085284864-140548085288959: 0000000000000000 [ 444.548177][ T6665] 140548085288960-140548085653503: ffff888022f0ee00 [ 444.558239][ T7774] loop3: detected capacity change from 0 to 32768 [ 444.564774][ T6665] 140548085653504-140548085690367: ffff888022f0eee0 [ 444.573806][ T6665] 140548085690368-140548085710847: 0000000000000000 [ 444.581605][ T6665] 140548085710848-140548097556479: ffff88806b3de000 [ 444.592257][ T6665] 140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 444.643164][ T7774] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 444.653207][ T7774] BTRFS info (device loop3): force clearing of disk cache [ 444.672959][ T7774] BTRFS info (device loop3): setting nodatasum [ 444.679454][ T7774] BTRFS info (device loop3): allowing degraded mounts [ 444.686264][ T7774] BTRFS info (device loop3): enabling disk space caching [ 444.691238][ T6665] 140548097556480-140548097601535: 0000000000000000 [ 444.693744][ T7774] BTRFS info (device loop3): disk space caching is enabled [ 444.712418][ T6665] 140548097601536-140548097605631: ffff88806b3de460 [ 444.719896][ T6665] 140548097605632-140548097736703: ffff88806b3de380 [ 444.727126][ T6665] 140548097736704-140735437164543: 0000000000000000 [ 444.734103][ T6665] 140735437164544-140735437299711: ffff88806b3de0e0 [ 444.741464][ T6665] 140735437299712-140735437316095: 0000000000000000 [ 444.748895][ T6665] 140735437316096-140735437332479: ffff88806b3de1c0 [ 444.752820][ T7774] BTRFS info (device loop3): enabling ssd optimizations [ 444.755854][ T6665] 140735437332480-140735437340671: ffff88806b3de2a0 [ 444.755886][ T6665] 140735437340672-18446744073709551615: 0000000000000000 [ 444.778171][ T7774] BTRFS info (device loop3): auto enabling async discard [ 444.780434][ T6665] Pass: 9772710 Run:9772832 [ 444.786202][ T7774] BTRFS info (device loop3): clearing free space tree [ 444.795975][ T6665] CPU: 0 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 [ 444.797059][ T7774] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 444.806263][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 444.806282][ T6665] Call Trace: [ 444.806291][ T6665] [ 444.806303][ T6665] dump_stack_lvl+0xd1/0x138 [ 444.806349][ T6665] mt_find.cold+0x8b/0x90 [ 444.818184][ T7774] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 444.826002][ T6665] ? mas_find+0x1d0/0x1d0 [ 444.826057][ T6665] find_vma+0x10c/0x1b0 [ 444.834709][ T7774] BTRFS info (device loop3): checking UUID tree [ 444.836812][ T6665] ? can_vma_merge_before+0x390/0x390 [ 444.836859][ T6665] ? walk_page_test+0x78/0x180 [ 444.836899][ T6665] walk_page_range+0x2b1/0x4a0 [ 444.880894][ T6665] ? __walk_page_range+0x780/0x780 [ 444.886014][ T6665] mlock_fixup+0x650/0x810 [ 444.890446][ T6665] apply_vma_lock_flags+0x23d/0x350 [ 444.895646][ T6665] ? mlock_fixup+0x810/0x810 [ 444.900245][ T6665] ? __ia32_sys_get_robust_list+0x400/0x400 [ 444.906144][ T6665] do_mlock+0x25a/0x6d0 [ 444.910322][ T6665] ? folio_evictable+0x270/0x270 [ 444.915309][ T6665] ? syscall_enter_from_user_mode+0x26/0xb0 [ 444.921229][ T6665] __x64_sys_mlock+0x59/0x80 [ 444.925813][ T6665] do_syscall_64+0x39/0xb0 [ 444.930234][ T6665] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 444.936126][ T6665] RIP: 0033:0x7fd3e6a8c0c9 [ 444.940546][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 444.960147][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 444.968555][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9 [ 444.976519][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000 [ 444.984484][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000 [ 444.992444][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 445.000420][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000 [ 445.008420][ T6665] [ 445.086658][ T6665] index not increased! 20ffb000 <= 20ffb000 [ 445.092600][ T6665] BUG at mt_find:6473 (1) [ 445.116371][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e [ 445.136442][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 445.226411][ T6665] 0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d [ 445.326613][ T6665] 0-536866815: 0000000000000000 [ 445.335287][ T6665] 536866816-536870911: ffff888022f0e0e0 [ 445.348124][ T6665] 536870912-553627647: ffff888022f0e1c0 [ 445.359872][ T6665] 553627648-553635839: 0000000000000000 [ 445.372547][ T6665] 553635840-553627647: ffff8880272dc9a0 [ 445.385271][ T6665] 553627648-553644031: ffff8880272dc8c0 [ 445.398087][ T6665] 553644032-553648127: ffff88807e16c7e0 [ 445.410887][ T6665] 553648128-553652223: ffff888022f0e2a0 [ 445.422551][ T6665] 553652224-116813594623: 0000000000000000 [ 445.466578][ T6665] 116813594624-116817788927: ffff888022f0e380 [ 445.473470][ T6665] 116817788928-93825002663935: 0000000000000000 [ 445.496410][ T6665] 93825002663936-93825002803199: ffff888022f0e460 [ 445.503225][ T6665] 93825002803200-140548063096831: 0000000000000000 01:47:20 executing program 3: syz_mount_image$btrfs(&(0x7f00000051c0), &(0x7f0000005200)='./file0\x00', 0x1000008, &(0x7f0000000280)={[{@datacow}, {@clear_cache}, {@nodatasum}, {@rescan_uuid_tree}, {}, {@space_cache_v1}]}, 0xfe, 0x51ab, &(0x7f0000005280)="$eJzs3V9oVFceB/Az+aPxDyY+xV32wX1YWcUFWRF2UdggGF2Whdn1YVnYrFlZxT+7JUgDwb5YS2lBxGCgthSKD33pS0mlUFqqBAsthYogVloUW0teWiiESsGXlpK590xmzvVmxlQbq5+PJHfO/d1z7pnhPsx3zLkTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIRwcM3Kv+xaPb2urD7dP3bq6LLt507vP3ljaGjLlRAqtf2VvL5n+66/79+95689scPw37JtX1/ZkFnXz7PGkqads/2af/4TQuhOBujMtzs6G/pW0hOEI8UB53XgZv/o5u7BaxN3zmy8eP3QhuJTZ1bPYk9gseTX1fTctTRQ+92RHFFvN1x6laZLNOufXnA/yZMAAO7JpmptU387mr/FrbePpfWkPZC0x5N2fIcw3thYiGzcJWXzXJvWF2meA1lUWFo6z6Sev/71djXtn7STqHEP82w+NI80PWXzHEnqizVPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIfJqx9euvTcy+u3ldWn+8dOHV22/dzp/SdvDA1tuRJCX21/JStXlv+q8w+fLtt57fiRN36zr+ftk515v7jtajg4fBIf/LE3hL0Nlek47JerQqg2F2rN8FKxcLD24M+xAAAAwKPkF7XfHfV2Fge7m9qVWpqs1P5FWVg8cLN/dHP34LWJO2c2Xrx+aMPCx6uWjDdw1/Hq7b65n0pDMI7xNx1vrh4PPVIYZ37piGme/2zmyVsXJn7777L+hfzfN3/+j6+c/A8AAMCPIf+n48yvVf6/+s7zT3UN7n2vrH8h/69tOmUh/8cZx/zfERaW/wEAAOBh9qDz/0BhnPm1yv/fnZ86f/nb46+U9S/k/03t5f+uxmnHnR/FCR/uDWFTq6kDAAAAJeL/u899tBDzevbJQZrXO2ZGe6d6blwtG6+Q/wfay//d9/2ZAQAAAAv1v7F/Hb8wNn6zrF7I/9X28v/SBz5zAAAAoF37Tvz/3PoNIyvL6oX8P9xe/l+eb/OVD1mn9+NfIUz0htAz+2AkK3wQxv9ULwAAAAD3SczpX41u/f7jwel3y44r5P+R+e//H+90ENf/N93/r7D+v6GQ3fVvqxsDAAAA8DgqruePt8fPvrmg7Pv3213/f+uXO3b9d+c/vig7fyH/H2sv/3c2bu/n9/8BAADAAvzcvv/vn4Vx5tfq/v/fDN36et3hZwfL+hfy/3h7+T9uVzQ+van4+jzTG8Ka2Qf53QRfi6c7nBQmuxsK2Quf9Ngde+SFyaUNhZqRpMfve0P49eyDY0lhdSyMJ4WZVXnhbFK4HAv59VAvvJ4UpuKV9sKqfLpp4a1YyBdYTMYVFCvqSyKSHrfLeswW7trjev3kAAAAj5UYnvMs293cDGmUnay0OmB5qwM6Wh3Q2eqAruSA9MCy/WG4uRD3v7jtd7evPPHm06FEIf+fbS//x5diSbYpW/8f4vr//HsN6+v/h2OhLylMxkI1vWNANZ4jC7sn4jn6qnmPmTX1AgAAADzS4ucCnYs8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5g7/6D7KrqA4Cf/f0jm91FHAFJNYqA6ZDNJjFKK1MC1UFxpi4OdZw60UR2g9ssJCZhICnthEA7U5hUVKa1o0NDHUdpkUY6jlK1pEyBcaRTm7ZMxWhl/EFtaxnGSodSm87be8/d+87dm/dCdiFLP58/9p33vufnfT/2nXvvOxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD/h38ZWPMb+1f89Py6+PfPuOHDewcuve+jWw8c3bRpw5EQJmYf78jCHYMrui785sBlj+3f+flzp/rvP9Cbl8vjYVnjT2d+55ai1uUhfLEjhO40sHooC/Tk94difSuGQjgtzAWKElODWYm04fDQQAgHw1ygqOr+gRCGSoErjzz4wIFG4o6BEM4NIfSlbXy7L2tjIA2c15sFBtPA9u4s8F/HMkXgS51ZAE5afDMUL/pDE80ZRucvV/P661mwjr240uF1xcRofb4fX7LInSrpTR+YOKmnrVIdi6Ly9jjs3bYE3m2V7Xy7p638RSr/hnJsLtQXOientm65bmZ3fKQzjI111dW0SM/z40/feNWJpJfM6zB2YHRBXofP3vme68+afMuNt24/54m177vg6Ml2s27zLra+kL/mlszzGG30ebIE3n6Vb0krfekKIfzcB7tv6vrtI5+qi1fm/6PHn//Hl3O87WzKHWt9bjibm8dHhmLiqeFsbg4AAABLxlLYa/qjs1/xe6s61zxeV19l/r+yveP/8ZB/PpnPRns4hI2ziZtHQjhz9vEscHds7gMjIbxmNjXRHLgkCRwO4azZxKqiqqREfyyxMgk8OZwHNiaBh2NgIgl8OgZuTwK3xMChJHBVDBxOApfGQJhuHsfPD+fjaDswEAObs414KJ6F8JPh2Fqyrb5VVAUAALBA8tlhT/Pd0rkOJ5shTi8PDbTKEM/Ars3Ql9SQzmCLaVVtDd2tauhsVUMx7n3HH36l5o5WNVdOw+hoznDpK/7w/BVfu+ELoUZl/j9+/Pl/3zwd6agc/w/hitm/MXdnHpkp4psnmjIAAAAAJ2HtG2a+9idnv+nNdfHK/H9je+f/x30iXaXM4dG4G2LbSAjjzYGs2jdXA9lR72V5AAAAAJaC4nh8cSx8Or/NTtFO59PV/BMnmD8e+N84b/5fCpOnb/vBUxvq+luZ/0+0d/7/YPNt1omHYy8+NhJCfynwSOxlIzBrZQx89+LmQD7+h+MGuC1WlZ+YUFR1WyyxOQbGk8DBuhLfKEqc2RzIn6yi8ZuLcUznJUoBAAAAeMHF3QHxuHw8///Ctd/70KaP7/1cXbnK/H/ziZ3/PzsPrpzeP7MshDXdIXSlPwx4dDBbGDAGhjryxFcHs7q60qpuGgzhosbA0qqeyNf/707XGDwykFUVA2e+9rNPn9dIfGoghDXlwGPvvWt2x8juJFA0/qsDIby6Mdq08S/0Z433pI3/QX8IryoFiqo+0B9Co7HetKoH+/LrGKRV/VlfCKeXAkVVb+wLYU8AYImK/0onyw/u2rN325aZmamdi5iI+/AHwtbpmamxq7bPTPbV9Gky6XPTMkY3VcfU2ebYj+ZLFN1z+dhIO+nid4Lj5b7k+/ErJw7m9+N3oZ7Zca7rabq7Ph3y68+pNpEO6cUY8mC5krknsVJ/zN8bloX+63ZN7Ry7Ycvu3TvXZn/bzb4u+xsPM2Xbam26rQbn61sbL492F0N/vtuq6TJXa3Zfs2PNrj17V09fs+Xqqaunrn3D+LrxdevHN7zpwjWNUY1nf1sM9fz5qk6Geuyu6hDavQbU8x3qK7tLlbwQnxoSEhJLLbHl4q/+5b1nfWJZ3cdPZf6/4/jz//ipEz/58/UZ6o7/j8bD/Nnjc4f5N8fAwXaP/4/WHc0vTgxYmQT2xcA+h/kBAAB4aYi7G+PezLhXuuem1WN//MlHnqwrV5n/72vv9/8LtP5/sXT95XXL/K+KJcbr1v9Pl/kv1v/fV7f+f7rMf7H+/8EXYf3/64pAskl+Yv1/AADgpeCFW/+/5fL+6QUCKhlaLu+fXiCgkqHlMv7tXiDghNf/f/tzr+u55iOvviXUqMz/b29v/m/hfgAAADh13HVkQ8eD//o/D9XFK/P/g+3N/1/49f9C3fn/K+sCE3ULA1r/DwAAgCWqbv2/9a/78ebP/WzFD+vKVeb/h9qb/8fTLjqbcsdanxvO1rQL6Zp2Tw0XPxkAAACApaEzjI21u6Jp08qolzz/Nh/PlwI9Xrrsr758zT8+8tb39tfVV5n/H25v/t/0u4xn73zP9WdNvuXG527dfs4Ta993wdG54/8AAADA4ml3vwQAAAAAAAAAAAAAAPDie3rv5Lv++ew7P1MXr/z+P1wx+3jd7//jdf/i7wte3pQ71tp6/b/8/pXvuHfP7JKFjw6HcE45sG3/ttNCfm3+88uBBzatOqOR2J+W+Mp3Lv1BI/H+NPC21S97ppG4KAlsjosknpUG4lUVn1meBOLyin+fBuL2OJQGevPA7y7PxtGRbqsfDWXbqiPdVo8PhTBSChTb6otDWRsd6QDvSALFAD+UBuIAfyUPdKa9undZ1qsYGIpF/2hZ1isAAE5Z8VtgT9g6PTM1Hr/Cx9tXdjffRk1Llt1UrbajzeaP5kuT3XP52Eg76a70u+jctcZ7Ql9jCGsrX1fLWTpmR7kwtbTYdC+vGXKr1d7a/XX2iW663voRDWQjGrtq+8xkT8uBr2+dZV13yyxrK5OdcpbO2U3aRi1t9KWNEbW5bdrocrzfGcbGupJcvxiDo6HJQr0iyuv81b0Kynn2Tb7xb75x7Nihuvoq8//R9ub/feVxPZNfDGBfvLLezSMhnNnmiAAAAIB2fevL/7Ru+yd+55709ort1956weCPLq4rV5n/r2xv/h93jOWHgrO9HYfj9f+L+f9oFrg7NveBkRBeM5uaiCWyC+pfHkuMZ4G74w6TVbHE5onmqvpj4FASeHI4DxxOAg/HQL6X4rMh35XzkeEQNsymrmgusSOWGE0C74yBlUlgLAbGk8DyGNiYBP59eR6YSAJfj4Ew3byt/ny5vSsAAMDzkM+zeprvhnSed6i7VYaOVhkGW2XobJWhr1WGulHE+/fFDD3JySsdpUw9aa0DSS2VDPFi+Cfcr0qG8I3mnGnBStPx/IPifIOO5gz/dtnrv33erlXtX/9/vL35/2Dzbdb6w3H+P3f9vyzwSOzex+Kp4ytj4LsXNwfyHQMPx8nubUVVE3mJfNJ+WyyxMQZWJoEdMbAxCWy+Ig8cPKM5kM+0i8ZvLhqfzkuUAgAAAPCCizsI4m6aOP//0/+++3MH/uHav64rV5n/b2xv/h/bW1Zu7Jai1uUhfLFjrjdFYPVQFoj7MYbiz+NXDIVwWmkHR1FiajAr0Zs0HB4ayH6h3ptWdf9AtsZAvH/lkQcfONBI3DEQwrmlvS9FG9/uy9oYSAPn9WaBwTSwvTsLxD0/ReBLnVkATlqxVzC+oPJTXQqj85eref29VK4Jmg6vsg90nnzz/eZqsfSlD+T7VAsn9rRVqmNRVN4eh73bluK7bdS7rfxFKv+Gcmwu1Bc6J6e2brluZnd8pPxL1opFep7Lv1JtJ70Ar8N9z7+3rfWlHRhPPj7G5y83/+uwI1b37J3vuf6sybfceOv2c55Y+74LjrbdjRrxh8Lv/uTLRsubd7H1hfw1t+Q+TyZ8nizFfwMrPW2NGexTv//V//jp4z+ri1fm/xPtzf+7k9tZz8aNuWskhNeXNu6jcfP/8kj2OVgKZJ+Sp1cD2SH37w3XfnICAADAQit2dxT7C6bz2+yE8HSeXM0/cYL54/6KjfPmb7ffW29+aP8P/+6Or9TFK/P/zcef//cn3XT83/F/Fonj//M61XdF96cP7DupXdGV6lgUjv/P61R/tzn+Py/H/x3/n4/j/y04/j+vU/1pq3xL2uFLVwjh6++/8+33bP+18+rilfn/jvbm/9b/m3/RvmL9v8116//tqFv/b5/1/wAAgEVVs9BcOs+rrN5XyZCu3lfJ0HKBwJZLDFr/74TX/3vrO//3+mOvuGRnqFGZ/+9rb/4fXw7Lyq0vlfX/Vl5RU9XtMbDDwoAAAACciup2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDievcvPLl8029eOF0X//4ZN3x478Cl931064GjmzZtOBJClrUjC3cMrui68JsDlz22f+fnz53qv/9AX16uJ789uyl3rPW54RAOlh4Ziomnhht35gJXvuPePd2NxKPDIZxTDmzbv+20RuLTwyGcXw48sGnVGY3E/rTEV75z6Q8aifengbetftkzjcRFeaAj7e4nl2fd7Ui7e2B5CCOlQNHdX1/eXFXRxmV5oDNt4zNDWRsxMBSLfnwoayMGZmKJ6f4Q1nSH0JVW9bW+rKqutKq/6Muq6kqr+q2+EC4KIXSnVX2nN6uqOx353/ZmVcXAma/97NPnNRIHe0NYUw489t67NjQSH0oCRePv6g3h1Y2XTNr4fT1Z4z1p43f0hPCqEEJvWuI/u7MSvWmJJ7pDOL0UKBr/YHcIewIvCfHDZ7L84K49e7dtmZmZ2rmIid68rYGwdXpmauyq7TOTfUmf6nSU0sduOn78eI4+feNVjdt7Lh8baSfdnZfrme3yup6mu+sXqvftOtHex34NliuZez4q9cf8vWFZ6L9u19TOsRu27N69c232t93s67K/XXk021ZrF2pbdbYoHz3fbXV+uZI1u6/ZsWbXnr2rp6/ZcvXU1VPXvmF83fi69eMb3nThmsaoxrO/CzHUu44fX4yhvrK7VMkL8QEgISGx1BKdTZ9u46f6P73KF/25jvaEvtkP6Mq0opylY3aUCzHoS6rxrkUadGVKUhnR2srEoZJlXess6yuTibksA1mW2e91lclhuabO2U0a73eGsbHazTLafLe8eX88z+Zt1+P5pms3DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/B87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3DqNnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBSAAAA//+3Rsqd") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.current\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b) open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) ioctl$BTRFS_IOC_SNAP_CREATE(0xffffffffffffffff, 0x9408, 0x0) 01:47:20 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x0, @remote}, 0xfffffd5d) 01:47:20 executing program 1: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r3 = dup(r0) mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000280), 0x0, 0x0, 0x0}) 01:47:20 executing program 4: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) connect$inet6(r0, &(0x7f0000000080)={0x1c, 0x1c, 0x3}, 0x1c) r1 = dup(r0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=""/48, 0x30}, 0x0) 01:47:20 executing program 5: r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x7, &(0x7f00000002c0), &(0x7f0000000440)=0x88) 01:47:20 executing program 2: r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x19, &(0x7f0000000140), 0x8) [ 445.520450][ T6665] 140548063096832-140548063100927: ffff888022f0e540 01:47:20 executing program 5: r0 = socket$inet_sctp(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x10, 0x2}, 0x10) connect$inet(r0, &(0x7f0000000000)={0xffffffffffffffd3, 0x2}, 0x10) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x15, 0x0, 0x0) [ 445.554698][ T6665] 140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d 01:47:20 executing program 0: syz_emit_ethernet(0x66, &(0x7f0000000240)={@local, @random="369adf19300e", @val, {@ipv6}}, 0x0) 01:47:20 executing program 2: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r0, &(0x7f0000000000)={0x1c}, 0x1c) r1 = dup2(r0, r0) connect$inet6(r1, &(0x7f0000000080)={0x1c, 0x1c, 0x1}, 0x1c) r2 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x25, &(0x7f0000000280)={0x1, [0x0]}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp_SCTP_AUTH_KEY(r1, 0x84, 0x13, &(0x7f0000000100)={r3}, 0x8) [ 445.635373][ T7806] binder: BINDER_SET_CONTEXT_MGR already set [ 445.651225][ T7806] binder: 7797:7806 ioctl 4018620d 20000000 returned -16 01:47:20 executing program 1: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r3 = dup(r0) mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000280), 0x0, 0x0, 0x0}) 01:47:20 executing program 0: bpf$OBJ_GET_MAP(0x7, &(0x7f0000001c80)={&(0x7f0000001c40)='./file0\x00'}, 0x10) 01:47:20 executing program 0: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000002880)={0xffffffffffffffff}) sendmsg$inet(r0, &(0x7f0000000500)={&(0x7f0000000000), 0x10, &(0x7f00000002c0)=[{&(0x7f0000000080)='b', 0x1}], 0x1, &(0x7f0000000300)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @multicast2, @multicast1}}}], 0x20}, 0x1) [ 445.859369][ T6665] 140548063100928-140548071489535: ffff888022f0e620 [ 445.930325][ T6665] 140548071489536-140548073586687: ffff888022f0e700 [ 446.011832][ T6665] 140548073586688-140548075683839: ffff888022f0e7e0 [ 446.051408][ T6665] 140548075683840-140548077780991: ffff888022f0e8c0 [ 446.087144][ T6665] 140548077780992-140548079878143: ffff888022f0e9a0 [ 446.105688][ T6665] 140548079878144-140548084072447: ffff888022f0ea80 [ 446.123552][ T6665] 140548084072448-140548084219903: ffff888022f0eb60 [ 446.133170][ T6665] 140548084219904-140548084948991: ffff888022f0ec40 [ 446.140728][ T6665] 140548084948992-140548085284863: ffff888022f0ed20 [ 446.226551][ T6665] 140548085284864-140548085288959: 0000000000000000 [ 446.233551][ T6665] 140548085288960-140548085653503: ffff888022f0ee00 [ 446.256402][ T6665] 140548085653504-140548085690367: ffff888022f0eee0 [ 446.263380][ T6665] 140548085690368-140548085710847: 0000000000000000 [ 446.273283][ T6665] 140548085710848-140548097556479: ffff88806b3de000 [ 446.282906][ T6665] 140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 446.396719][ T6665] 140548097556480-140548097601535: 0000000000000000 [ 446.403716][ T6665] 140548097601536-140548097605631: ffff88806b3de460 [ 446.426784][ T6665] 140548097605632-140548097736703: ffff88806b3de380 [ 446.433772][ T6665] 140548097736704-140735437164543: 0000000000000000 [ 446.456426][ T6665] 140735437164544-140735437299711: ffff88806b3de0e0 [ 446.463463][ T6665] 140735437299712-140735437316095: 0000000000000000 [ 446.477803][ T6665] 140735437316096-140735437332479: ffff88806b3de1c0 [ 446.484785][ T6665] 140735437332480-140735437340671: ffff88806b3de2a0 [ 446.492388][ T6665] 140735437340672-18446744073709551615: 0000000000000000 [ 446.501666][ T6665] Pass: 9821635 Run:9821758 [ 446.506199][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 [ 446.516032][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 446.526111][ T6665] Call Trace: [ 446.529415][ T6665] [ 446.532370][ T6665] dump_stack_lvl+0xd1/0x138 [ 446.537013][ T6665] mt_find.cold+0x8b/0x90 [ 446.541398][ T6665] ? mas_find+0x1d0/0x1d0 [ 446.545780][ T6665] find_vma+0x10c/0x1b0 [ 446.549975][ T6665] ? can_vma_merge_before+0x390/0x390 [ 446.555394][ T6665] ? walk_page_test+0x78/0x180 [ 446.560204][ T6665] walk_page_range+0x2b1/0x4a0 [ 446.564997][ T6665] ? __walk_page_range+0x780/0x780 [ 446.570148][ T6665] mlock_fixup+0x650/0x810 [ 446.574606][ T6665] apply_vma_lock_flags+0x23d/0x350 [ 446.579838][ T6665] ? mlock_fixup+0x810/0x810 [ 446.584470][ T6665] ? __ia32_sys_get_robust_list+0x400/0x400 [ 446.590395][ T6665] do_mlock+0x25a/0x6d0 [ 446.594589][ T6665] ? folio_evictable+0x270/0x270 [ 446.599568][ T6665] ? syscall_enter_from_user_mode+0x26/0xb0 [ 446.605487][ T6665] __x64_sys_mlock+0x59/0x80 [ 446.610102][ T6665] do_syscall_64+0x39/0xb0 [ 446.614556][ T6665] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 446.620475][ T6665] RIP: 0033:0x7fd3e6a8c0c9 [ 446.624902][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 446.644536][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 446.652976][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9 [ 446.660969][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000 [ 446.669001][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000 [ 446.676988][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 446.684999][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000 [ 446.693000][ T6665] [ 446.700943][ T6665] index not increased! 20ffb000 <= 20ffb000 [ 446.707007][ T6665] BUG at mt_find:6473 (1) [ 446.711461][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e [ 446.720359][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 446.759007][ T6665] 0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d [ 446.811509][ T6665] 0-536866815: 0000000000000000 [ 446.816907][ T6665] 536866816-536870911: ffff888022f0e0e0 [ 446.822921][ T6665] 536870912-553627647: ffff888022f0e1c0 [ 446.829001][ T6665] 553627648-553635839: 0000000000000000 [ 446.835025][ T6665] 553635840-553627647: ffff8880272dc9a0 [ 446.841122][ T6665] 553627648-553644031: ffff8880272dc8c0 [ 446.847207][ T6665] 553644032-553648127: ffff88807e16c7e0 [ 446.853221][ T6665] 553648128-553652223: ffff888022f0e2a0 [ 446.859272][ T6665] 553652224-116813594623: 0000000000000000 [ 446.867650][ T6665] 116813594624-116817788927: ffff888022f0e380 [ 446.874192][ T6665] 116817788928-93825002663935: 0000000000000000 [ 446.880995][ T6665] 93825002663936-93825002803199: ffff888022f0e460 [ 446.887946][ T6665] 93825002803200-140548063096831: 0000000000000000 [ 446.894919][ T6665] 140548063096832-140548063100927: ffff888022f0e540 [ 446.902039][ T6665] 140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d [ 446.960567][ T6665] 140548063100928-140548071489535: ffff888022f0e620 [ 446.969661][ T6665] 140548071489536-140548073586687: ffff888022f0e700 [ 446.976792][ T6665] 140548073586688-140548075683839: ffff888022f0e7e0 [ 446.983882][ T6665] 140548075683840-140548077780991: ffff888022f0e8c0 [ 446.991019][ T6665] 140548077780992-140548079878143: ffff888022f0e9a0 [ 446.998172][ T6665] 140548079878144-140548084072447: ffff888022f0ea80 [ 447.005234][ T6665] 140548084072448-140548084219903: ffff888022f0eb60 [ 447.012365][ T6665] 140548084219904-140548084948991: ffff888022f0ec40 [ 447.019488][ T6665] 140548084948992-140548085284863: ffff888022f0ed20 [ 447.026604][ T6665] 140548085284864-140548085288959: 0000000000000000 [ 447.033667][ T6665] 140548085288960-140548085653503: ffff888022f0ee00 [ 447.040820][ T6665] 140548085653504-140548085690367: ffff888022f0eee0 [ 447.047989][ T6665] 140548085690368-140548085710847: 0000000000000000 [ 447.055073][ T6665] 140548085710848-140548097556479: ffff88806b3de000 [ 447.062234][ T6665] 140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 447.067669][ T7825] loop3: detected capacity change from 0 to 32768 [ 447.126649][ T6665] 140548097556480-140548097601535: 0000000000000000 [ 447.133956][ T6665] 140548097601536-140548097605631: ffff88806b3de460 [ 447.136744][ T7825] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 447.143794][ T6665] 140548097605632-140548097736703: ffff88806b3de380 [ 447.157349][ T6665] 140548097736704-140735437164543: 0000000000000000 [ 447.159374][ T7825] BTRFS info (device loop3): force clearing of disk cache [ 447.164299][ T6665] 140735437164544-140735437299711: ffff88806b3de0e0 [ 447.164330][ T6665] 140735437299712-140735437316095: 0000000000000000 [ 447.180765][ T7825] BTRFS info (device loop3): setting nodatasum [ 447.186619][ T6665] 140735437316096-140735437332479: ffff88806b3de1c0 [ 447.186652][ T6665] 140735437332480-140735437340671: ffff88806b3de2a0 [ 447.186680][ T6665] 140735437340672-18446744073709551615: 0000000000000000 [ 447.186709][ T6665] Pass: 9826357 Run:9826481 [ 447.186725][ T6665] CPU: 0 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 [ 447.186757][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 447.200993][ T7825] BTRFS info (device loop3): allowing degraded mounts [ 447.206721][ T6665] Call Trace: [ 447.206732][ T6665] [ 447.206743][ T6665] dump_stack_lvl+0xd1/0x138 [ 447.214304][ T7825] BTRFS info (device loop3): enabling disk space caching [ 447.218600][ T6665] mt_find.cold+0x8b/0x90 [ 447.218647][ T6665] ? mas_find+0x1d0/0x1d0 [ 447.230204][ T7825] BTRFS info (device loop3): disk space caching is enabled [ 447.238495][ T6665] find_vma+0x10c/0x1b0 [ 447.238532][ T6665] ? can_vma_merge_before+0x390/0x390 [ 447.238567][ T6665] ? walk_page_test+0x78/0x180 [ 447.238609][ T6665] walk_page_range+0x2b1/0x4a0 [ 447.238651][ T6665] ? __walk_page_range+0x780/0x780 [ 447.238713][ T6665] mlock_fixup+0x650/0x810 [ 447.238769][ T6665] apply_vma_lock_flags+0x23d/0x350 [ 447.238817][ T6665] ? mlock_fixup+0x810/0x810 [ 447.238876][ T6665] ? __ia32_sys_get_robust_list+0x400/0x400 [ 447.238922][ T6665] do_mlock+0x25a/0x6d0 [ 447.238967][ T6665] ? folio_evictable+0x270/0x270 [ 447.275636][ T7825] BTRFS info (device loop3): enabling ssd optimizations [ 447.279366][ T6665] ? syscall_enter_from_user_mode+0x26/0xb0 [ 447.279414][ T6665] __x64_sys_mlock+0x59/0x80 [ 447.283593][ T7825] BTRFS info (device loop3): auto enabling async discard [ 447.288887][ T6665] do_syscall_64+0x39/0xb0 [ 447.288932][ T6665] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 447.288967][ T6665] RIP: 0033:0x7fd3e6a8c0c9 [ 447.288991][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 447.289019][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 447.289049][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9 [ 447.289069][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000 [ 447.289089][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000 [ 447.289109][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 447.289128][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000 [ 447.289169][ T6665] [ 447.309103][ T6665] index not increased! 20ffb000 <= 20ffb000 [ 447.327545][ T7825] BTRFS info (device loop3): clearing free space tree [ 447.328960][ T6665] BUG at mt_find:6473 (1) [ 447.333606][ T7825] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 447.340776][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e [ 447.348070][ T7825] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 447.358884][ T6665] 0-18446744073709551615: [ 447.368573][ T7825] BTRFS info (device loop3): checking UUID tree [ 447.381826][ T6665] node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 447.569275][ T6665] 0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d [ 447.675289][ T6665] 0-536866815: 0000000000000000 [ 447.686414][ T6665] 536866816-536870911: ffff888022f0e0e0 [ 447.699052][ T6665] 536870912-553627647: ffff888022f0e1c0 [ 447.705009][ T6665] 553627648-553635839: 0000000000000000 [ 447.721022][ T6665] 553635840-553627647: ffff8880272dc9a0 [ 447.733323][ T6665] 553627648-553644031: ffff8880272dc8c0 [ 447.756086][ T6665] 553644032-553648127: ffff88807e16c7e0 [ 447.762518][ T6665] 553648128-553652223: ffff888022f0e2a0 01:47:22 executing program 5: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xd, 0xd, 0x2, [@datasec={0x0, 0x0, 0x0, 0xf, 0x1, [], '['}]}}, &(0x7f0000000140)=""/197, 0x2a, 0xc5, 0x1}, 0x20) 01:47:22 executing program 4: openat$tun(0xffffffffffffff9c, 0x0, 0x442902, 0x0) 01:47:22 executing program 1: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r3 = dup(r0) mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:47:22 executing program 2: bpf$PROG_LOAD(0x4, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x93) 01:47:22 executing program 0: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000600)={0x0, &(0x7f0000000540)=""/189, 0x0, 0xbd, 0x3f}, 0x20) [ 447.778655][ T6665] 553652224-116813594623: 0000000000000000 01:47:22 executing program 4: bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x16, 0x0, 0x1300, 0x6, 0x0, 0x1}, 0x48) 01:47:22 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x19, 0x4, 0x4, 0x2}, 0x48) 01:47:22 executing program 1: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r3 = dup(r0) mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:47:22 executing program 0: r0 = syz_open_dev$sndctrl(&(0x7f0000000140), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r0, 0xc1205531, &(0x7f0000000000)={0x0, 0x0, 0x100, 0x0, '\x00', '\x00', '\x00', 0x0, 0x0, 0x0, 0x0, "7f8f93c565cf3339b5cd2971e4569289"}) 01:47:22 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000140), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0x4b47, 0x0) 01:47:22 executing program 5: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) ioctl$VHOST_VDPA_GET_IOVA_RANGE(r0, 0x4008af22, &(0x7f0000000280)) [ 447.847298][ T6665] 116813594624-116817788927: ffff888022f0e380 [ 447.870044][ T6665] 116817788928-93825002663935: 0000000000000000 01:47:22 executing program 4: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x9, 0x2, &(0x7f0000000000)=@raw=[@map_idx], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) [ 447.922231][ T6665] 93825002663936-93825002803199: ffff888022f0e460 [ 447.930875][ T6665] 93825002803200-140548063096831: 0000000000000000 [ 447.968278][ T6665] 140548063096832-140548063100927: ffff888022f0e540 01:47:22 executing program 0: syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001280)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x10, 0x46d, 0xc222, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x1, 0x0, 0x0, {0x9}}}]}}]}}, &(0x7f0000001700)={0x0, 0x0, 0x0, 0x0}) 01:47:22 executing program 1: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r3 = dup(r0) mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:47:22 executing program 2: ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, 0x0) syz_open_dev$evdev(&(0x7f0000001040), 0x0, 0x0) syz_usb_disconnect(0xffffffffffffffff) syz_usb_connect$hid(0x5, 0x3f, &(0x7f0000001280)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x10, 0x46d, 0xc222, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x0, 0x40, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x1, 0x1, 0x5, {0x9, 0x21, 0x1, 0x70, 0x1, {0x22, 0xebe}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0x3, 0x0, 0x40}}, [{{0x9, 0x5, 0x2, 0x3, 0x400, 0xb6, 0x0, 0x3}}]}}}]}}]}}, &(0x7f0000001700)={0xa, &(0x7f00000012c0)={0xa, 0x6, 0x201, 0x6, 0x1, 0x0, 0x10, 0xa3}, 0x3a, &(0x7f0000001300)={0x5, 0xf, 0x3a, 0x3, [@wireless={0xb, 0x10, 0x1, 0xe, 0x8, 0x65, 0x6, 0x8001, 0x1}, @generic={0x16, 0x10, 0xa, "fbc12d4d2925746182f184113a1f4f0c035f8c"}, @ssp_cap={0x14, 0x10, 0xa, 0x0, 0x2, 0xea, 0xf0f, 0x0, [0x0, 0xff00]}]}, 0x6, [{0x4, &(0x7f0000001380)=@lang_id={0x4, 0x3, 0xc09}}, {0x4, &(0x7f0000001440)=@lang_id={0x4, 0x3, 0x6ebad91a2dde650d}}, {0x0, 0x0}, {0xa9, &(0x7f0000001580)=@string={0xa9, 0x3, "c36fc75a1a6d38aa17d3f2aee058da363ad0025ca1a980efdffe1f26f4c3e55c301cef4416acf186065e8dc0abee8f2619db9531804237ad03ae8471cb1b50112d2e3f788703596e9a290bb1909757a96397d7fd2968902620dee8a015a6869dfcdab27055b3523ba4bee7bb49e5c2bc96e0bd409a56c4035e27ec5f8b65ed981f73eec534744fe80eb30f8784f5755649ca9a1820d8d330f53437c94d77bf59d8709c07bcb63e"}}, {0x4, &(0x7f0000001640)=@lang_id={0x4, 0x3, 0x843}}, {0x2f, &(0x7f0000001680)=@string={0x2f, 0x3, "a193c1f1fc4e44a3ae2fa6d8ca5cfdbd3a5bd0fe170a5e15faabf3397d26d74d138312fef87092991ad69a4d30"}}]}) [ 448.015705][ T6665] 140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d 01:47:22 executing program 4: syz_open_dev$evdev(0x0, 0x0, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001280)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x10, 0x46d, 0xc222, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x2, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x5, {0x9}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x0, 0x0, 0x40}}}}}]}}]}}, &(0x7f0000001700)={0x0, 0x0, 0x0, 0x0, 0x3, [{0x0, 0x0}, {0x4, &(0x7f0000001400)=@lang_id={0x4, 0x3, 0x2c01}}, {0x0, 0x0}]}) 01:47:23 executing program 1: syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001280)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x46d, 0xc222, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, {0x9}}}]}}]}}, &(0x7f0000001700)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) [ 448.280174][ T6665] 140548063100928-140548071489535: ffff888022f0e620 [ 448.306004][ T6665] 140548071489536-140548073586687: ffff888022f0e700 [ 448.326578][ T6665] 140548073586688-140548075683839: ffff888022f0e7e0 01:47:23 executing program 5: syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001280)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x46d, 0xc222, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, {0x9}}}]}}]}}, &(0x7f0000001700)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x4, &(0x7f0000001380)=@lang_id={0x4}}, {0x4, &(0x7f0000001440)=@lang_id={0x4}}]}) [ 448.351023][ T6665] 140548075683840-140548077780991: ffff888022f0e8c0 [ 448.370148][ T6665] 140548077780992-140548079878143: ffff888022f0e9a0 [ 448.381015][ T6665] 140548079878144-140548084072447: ffff888022f0ea80 [ 448.411809][ T6665] 140548084072448-140548084219903: ffff888022f0eb60 [ 448.444978][ T6665] 140548084219904-140548084948991: ffff888022f0ec40 [ 448.452730][ T7658] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 448.460358][ T2554] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 448.469586][ T6665] 140548084948992-140548085284863: ffff888022f0ed20 [ 448.477625][ T6665] 140548085284864-140548085288959: 0000000000000000 [ 448.485201][ T6665] 140548085288960-140548085653503: ffff888022f0ee00 [ 448.493014][ T6665] 140548085653504-140548085690367: ffff888022f0eee0 [ 448.502906][ T6665] 140548085690368-140548085710847: 0000000000000000 [ 448.513523][ T6665] 140548085710848-140548097556479: ffff88806b3de000 [ 448.523209][ T6665] 140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 448.527493][ T6515] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 448.627561][ T6665] 140548097556480-140548097601535: 0000000000000000 [ 448.634865][ T6665] 140548097601536-140548097605631: ffff88806b3de460 [ 448.644192][ T6665] 140548097605632-140548097736703: ffff88806b3de380 [ 448.646622][ T5169] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 448.651639][ T6665] 140548097736704-140735437164543: 0000000000000000 [ 448.669250][ T6665] 140735437164544-140735437299711: ffff88806b3de0e0 [ 448.676236][ T6665] 140735437299712-140735437316095: 0000000000000000 [ 448.694344][ T6665] 140735437316096-140735437332479: ffff88806b3de1c0 [ 448.703032][ T6665] 140735437332480-140735437340671: ffff88806b3de2a0 [ 448.716492][ T7658] usb 1-1: Using ep0 maxpacket: 16 [ 448.721924][ T2554] usb 5-1: Using ep0 maxpacket: 16 [ 448.722733][ T6665] 140735437340672-18446744073709551615: 0000000000000000 [ 448.735874][ T6665] Pass: 9855403 Run:9855528 [ 448.740945][ T6665] CPU: 0 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 [ 448.746523][ T5194] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 448.750761][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 448.750780][ T6665] Call Trace: [ 448.750790][ T6665] [ 448.750802][ T6665] dump_stack_lvl+0xd1/0x138 [ 448.750848][ T6665] mt_find.cold+0x8b/0x90 [ 448.783520][ T6665] ? mas_find+0x1d0/0x1d0 [ 448.787905][ T6665] find_vma+0x10c/0x1b0 [ 448.792090][ T6665] ? can_vma_merge_before+0x390/0x390 [ 448.797508][ T6665] ? walk_page_test+0x78/0x180 [ 448.802317][ T6665] walk_page_range+0x2b1/0x4a0 [ 448.807132][ T6665] ? __walk_page_range+0x780/0x780 [ 448.812311][ T6665] mlock_fixup+0x650/0x810 [ 448.816796][ T6665] apply_vma_lock_flags+0x23d/0x350 [ 448.822045][ T6665] ? mlock_fixup+0x810/0x810 [ 448.826706][ T6665] ? __ia32_sys_get_robust_list+0x400/0x400 [ 448.832656][ T6665] do_mlock+0x25a/0x6d0 [ 448.836871][ T6665] ? folio_evictable+0x270/0x270 [ 448.841877][ T6665] ? syscall_enter_from_user_mode+0x26/0xb0 [ 448.847821][ T6665] __x64_sys_mlock+0x59/0x80 [ 448.852443][ T6665] do_syscall_64+0x39/0xb0 [ 448.856906][ T6665] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 448.862836][ T6665] RIP: 0033:0x7fd3e6a8c0c9 01:47:23 executing program 3: syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001280)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x46d, 0xc222, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, {0x9}}}]}}]}}, &(0x7f0000001700)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x4, &(0x7f0000001380)=@lang_id={0x4}}, {0xc, &(0x7f0000001480)=@string={0xc, 0x3, "5e07b817fcd517daaca8"}}]}) [ 448.867289][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 448.886939][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 448.895393][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9 [ 448.903394][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000 [ 448.911399][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000 [ 448.919402][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 448.927402][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000 [ 448.935428][ T6665] [ 448.943478][ T6665] index not increased! 20ffb000 <= 20ffb000 [ 448.949516][ T6665] BUG at mt_find:6473 (1) [ 448.953868][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e [ 448.962410][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 448.999469][ T6665] 0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d [ 449.049394][ T6665] 0-536866815: 0000000000000000 [ 449.054819][ T6665] 536866816-536870911: ffff888022f0e0e0 [ 449.071202][ T6665] 536870912-553627647: ffff888022f0e1c0 [ 449.077316][ T6665] 553627648-553635839: 0000000000000000 [ 449.083251][ T6665] 553635840-553627647: ffff8880272dc9a0 [ 449.086715][ T7658] usb 1-1: unable to get BOS descriptor or descriptor too short [ 449.090606][ T6665] 553627648-553644031: [ 449.097044][ T2554] usb 5-1: unable to get BOS descriptor or descriptor too short [ 449.097052][ T6515] usb 2-1: Using ep0 maxpacket: 16 [ 449.097149][ T5169] usb 3-1: Using ep0 maxpacket: 16 [ 449.112122][ T6665] ffff8880272dc8c0 [ 449.124466][ T5194] usb 6-1: Using ep0 maxpacket: 16 [ 449.129945][ T6665] 553644032-553648127: ffff88807e16c7e0 [ 449.135869][ T6665] 553648128-553652223: ffff888022f0e2a0 [ 449.142261][ T6665] 553652224-116813594623: 0000000000000000 [ 449.149133][ T6665] 116813594624-116817788927: ffff888022f0e380 [ 449.155594][ T6665] 116817788928-93825002663935: 0000000000000000 [ 449.162520][ T6665] 93825002663936-93825002803199: ffff888022f0e460 [ 449.174012][ T6665] 93825002803200-140548063096831: 0000000000000000 [ 449.182859][ T2554] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 449.195847][ T7658] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 449.206431][ T6665] 140548063096832-140548063100927: ffff888022f0e540 [ 449.207030][ T7658] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 449.216579][ T6515] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 449.223936][ T6954] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 449.244869][ T7658] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 449.246164][ T6665] 140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d [ 449.333591][ T6665] 140548063100928-140548071489535: ffff888022f0e620 [ 449.341046][ T6665] 140548071489536-140548073586687: ffff888022f0e700 [ 449.346673][ T5194] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 449.351054][ T6665] 140548073586688-140548075683839: ffff888022f0e7e0 [ 449.366801][ T5169] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 182, changing to 11 [ 449.369226][ T6665] 140548075683840-140548077780991: ffff888022f0e8c0 [ 449.387580][ T6665] 140548077780992-140548079878143: ffff888022f0e9a0 [ 449.394644][ T6665] 140548079878144-140548084072447: ffff888022f0ea80 [ 449.402161][ T6665] 140548084072448-140548084219903: ffff888022f0eb60 [ 449.409720][ T6665] 140548084219904-140548084948991: ffff888022f0ec40 [ 449.417250][ T6665] 140548084948992-140548085284863: ffff888022f0ed20 [ 449.424957][ T6665] 140548085284864-140548085288959: 0000000000000000 [ 449.432050][ T6665] 140548085288960-140548085653503: ffff888022f0ee00 [ 449.452696][ T6665] 140548085653504-140548085690367: ffff888022f0eee0 [ 449.460951][ T6665] 140548085690368-140548085710847: 0000000000000000 [ 449.473083][ T6665] 140548085710848-140548097556479: ffff88806b3de000 [ 449.481272][ T7658] usb 1-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.40 [ 449.496058][ T6665] 140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 449.536457][ T6515] usb 2-1: string descriptor 0 read error: -22 [ 449.547017][ T7658] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 449.560300][ T2554] usb 5-1: string descriptor 0 read error: -22 [ 449.566594][ T6954] usb 4-1: Using ep0 maxpacket: 16 [ 449.571836][ T7658] usb 1-1: Product: syz [ 449.576019][ T7658] usb 1-1: Manufacturer: syz [ 449.581279][ T2554] usb 5-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.40 [ 449.590752][ T7658] usb 1-1: SerialNumber: syz [ 449.592833][ T6515] usb 2-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.40 [ 449.596110][ T2554] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 449.604852][ T6515] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 449.638995][ T6665] 140548097556480-140548097601535: 0000000000000000 [ 449.649684][ T6665] 140548097601536-140548097605631: ffff88806b3de460 [ 449.657329][ T5194] usb 6-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.40 [ 449.673208][ T5194] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 449.679174][ T6515] usbhid 2-1:1.0: couldn't find an input interrupt endpoint [ 449.684232][ T2554] usbhid 5-1:1.0: couldn't find an input interrupt endpoint [ 449.698664][ T6954] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 449.718283][ T6665] 140548097605632-140548097736703: ffff88806b3de380 [ 449.725276][ T6665] 140548097736704-140735437164543: 0000000000000000 [ 449.737602][ T6665] 140735437164544-140735437299711: ffff88806b3de0e0 [ 449.738859][ T5194] usb 6-1: Product: syz [ 449.751829][ T6665] 140735437299712-140735437316095: 0000000000000000 [ 449.757368][ T5194] usb 6-1: SerialNumber: syz [ 449.759848][ T5169] usb 3-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.40 [ 449.773471][ T5169] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 449.779906][ T6665] 140735437316096-140735437332479: ffff88806b3de1c0 [ 449.782112][ T5169] usb 3-1: Manufacturer: æ” [ 449.793622][ T5169] usb 3-1: SerialNumber: 濃嫇洚꨸팗껲壠㛚퀺専ꦡﻟ☟ì´å³¥á°°ä“¯ê°–蛱帆ì‚âšã†•äŠ€ê´·ê¸ƒç†„ᯋá…⸭砿·湙⦚넋éžê¥—é£ï·—æ ©âšêƒ¨ê˜•é¶†ç‚²ë•ã­’뺤믧볂䂽嚚τâžå¿¬æ–‹é£­çŒŸì—®ç´î¡ëŒŽèœï–„噵쩉ᢚビ㓵줷ç妿烘ޜ뚼 [ 449.796956][ T6665] 140735437332480-140735437340671: ffff88806b3de2a0 [ 449.835120][ T5194] usbhid 6-1:1.0: couldn't find an input interrupt endpoint [ 449.845778][ T6665] 140735437340672-18446744073709551615: 0000000000000000 [ 449.879548][ T6665] Pass: 9856244 Run:9856370 [ 449.887658][ T5194] usb 5-1: USB disconnect, device number 4 [ 449.894929][ T6515] usb 2-1: USB disconnect, device number 2 [ 449.897155][ T7658] usbhid 1-1:1.0: can't add hid device: -22 [ 449.915925][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 [ 449.925836][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 449.935910][ T6665] Call Trace: [ 449.939198][ T6665] [ 449.942139][ T6665] dump_stack_lvl+0xd1/0x138 [ 449.946771][ T6665] mt_find.cold+0x8b/0x90 [ 449.951134][ T6665] ? mas_find+0x1d0/0x1d0 [ 449.955470][ T6665] find_vma+0x10c/0x1b0 [ 449.959635][ T6665] ? can_vma_merge_before+0x390/0x390 [ 449.965047][ T6665] ? walk_page_test+0x78/0x180 [ 449.969856][ T6665] walk_page_range+0x2b1/0x4a0 [ 449.974651][ T6665] ? __walk_page_range+0x780/0x780 [ 449.979808][ T6665] mlock_fixup+0x650/0x810 [ 449.984263][ T6665] apply_vma_lock_flags+0x23d/0x350 [ 449.989496][ T6665] ? mlock_fixup+0x810/0x810 [ 449.994130][ T6665] ? __ia32_sys_get_robust_list+0x400/0x400 [ 450.000060][ T6665] do_mlock+0x25a/0x6d0 [ 450.004251][ T6665] ? folio_evictable+0x270/0x270 [ 450.009226][ T6665] ? syscall_enter_from_user_mode+0x26/0xb0 [ 450.015146][ T6665] __x64_sys_mlock+0x59/0x80 [ 450.019750][ T6665] do_syscall_64+0x39/0xb0 [ 450.024200][ T6665] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 450.030113][ T6665] RIP: 0033:0x7fd3e6a8c0c9 [ 450.034538][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 450.054174][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 450.062614][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9 [ 450.070599][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000 [ 450.078596][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000 [ 450.086591][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 450.094572][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000 [ 450.102583][ T6665] [ 450.110964][ T7658] usbhid: probe of 1-1:1.0 failed with error -22 [ 450.116496][ T6665] index not increased! 20ffb000 <= 20ffb000 [ 450.117863][ T6954] usb 4-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.40 [ 450.123178][ T6665] BUG at mt_find:6473 (1) [ 450.123197][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e [ 450.123228][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 [ 450.134430][ T7658] usb 1-1: USB disconnect, device number 2 [ 450.170798][ T6954] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 450.179374][ T6954] usb 4-1: Product: syz [ 450.184039][ T6954] usb 4-1: Manufacturer: ݞី헼ꢬ [ 450.189569][ T6954] usb 4-1: SerialNumber: syz [ 450.204910][ T6665] contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 450.211281][ T5174] usb 6-1: USB disconnect, device number 4 [ 450.250161][ T6665] 0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d [ 450.303334][ T6954] usbhid 4-1:1.0: couldn't find an input interrupt endpoint [ 450.317499][ T6665] 0-536866815: 0000000000000000 [ 450.331335][ T6665] 536866816-536870911: ffff888022f0e0e0 [ 450.344898][ T6665] 536870912-553627647: ffff888022f0e1c0 [ 450.351358][ T5169] usbhid 3-1:1.0: can't add hid device: -71 [ 450.351653][ T6665] 553627648-553635839: [ 450.357366][ T5169] usbhid: probe of 3-1:1.0 failed with error -71 [ 450.364579][ T5169] usb 3-1: USB disconnect, device number 4 [ 450.381555][ T6665] 0000000000000000 [ 450.385590][ T6665] 553635840-553627647: ffff8880272dc9a0 [ 450.392590][ T6665] 553627648-553644031: ffff8880272dc8c0 [ 450.399049][ T6665] 553644032-553648127: ffff88807e16c7e0 [ 450.405134][ T6665] 553648128-553652223: ffff888022f0e2a0 [ 450.412373][ T6665] 553652224-116813594623: 0000000000000000 [ 450.419254][ T6665] 116813594624-116817788927: ffff888022f0e380 [ 450.425850][ T6665] 116817788928-93825002663935: 0000000000000000 [ 450.432793][ T6665] 93825002663936-93825002803199: ffff888022f0e460 [ 450.439925][ T6665] 93825002803200-140548063096831: 0000000000000000 [ 450.451355][ T6665] 140548063096832-140548063100927: ffff888022f0e540 01:47:25 executing program 4: syz_emit_ethernet(0xa6, &(0x7f0000000000)={@broadcast, @remote, @void, {@ipv4={0x800, @gre={{0x15, 0x4, 0x0, 0x0, 0x98, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev, {[@generic={0x0, 0xf, "130eb1581ab4594bd8e92e590e"}, @rr={0x7, 0x3}, @generic={0x0, 0x9, "a5551c4e88729c"}, @lsrr={0x83, 0x13, 0x0, [@rand_addr, @multicast2, @multicast2, @broadcast]}, @rr={0x7, 0xf, 0x0, [@loopback, @local, @remote]}]}}}}}}, 0x0) [ 450.458844][ T6665] 140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d [ 450.521066][ T7658] usb 4-1: USB disconnect, device number 2 [ 450.528203][ T6665] 140548063100928-140548071489535: ffff888022f0e620 [ 450.539436][ T6665] 140548071489536-140548073586687: ffff888022f0e700 01:47:25 executing program 0: syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001280)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x10, 0x46d, 0xc222, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x1, 0x0, 0x0, {0x9}}}]}}]}}, &(0x7f0000001700)={0x0, 0x0, 0x0, 0x0}) 01:47:25 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000540)=@newlinkprop={0x50, 0x6c, 0x601, 0x0, 0x0, {}, [@IFLA_LINKMODE={0x5}, @IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x4}}}, @IFLA_ALT_IFNAME={0x14, 0x35, 'batadv_slave_0\x00'}]}, 0x50}}, 0x0) [ 450.565297][ T6665] 140548073586688-140548075683839: ffff888022f0e7e0 [ 450.581074][ T6665] 140548075683840-140548077780991: ffff888022f0e8c0 01:47:25 executing program 1: r0 = socket(0x1, 0x2, 0x0) sendmsg$MPTCP_PM_CMD_SET_LIMITS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 01:47:25 executing program 2: syz_emit_ethernet(0xcc1, &(0x7f0000001140)={@empty, @broadcast, @val={@void}, {@ipv4={0x800, @igmp={{0x4, 0x4, 0x0, 0x0, 0xcaf, 0x0, 0x0, 0x0, 0x2, 0x0, @multicast2, @local}, {0x0, 0x0, 0x0, @loopback, "8617f98400ed878332c762879259e225640120e480634770c18fa48f9b1ac5221e39bdd201c359c41eb647a44815ab4464e0df21f4a8d36bb93ae9824841b1f32ccf319a686b0f8d41fa2fcb7c9f6516f8a6dc53eb73bce7b1e15253886a17cb0fbf8f64158ca557e8a548ed68f4ae27b542208055fe3bb90a5b1a777481ec2abb68034110d697f1c691fee45de78e6fa43a261227186517ccad87425329566c684fdc44561fb767e351584aa429a442e74377a99ae75e6d206a614af75720fa81d6f07659980e989f173175ae36f182db1915092484715af9b7514ecf718ae24c51fd852b41d768b27734dae971d9d3b3bb27b392e6540509483e03f75478dbde6210b814c76f4afa7c090c19ba2bb6fb2d6d24c37de2525860cc1d2dbeca0f9a8549c4c3baecb0b370078db1c9d895000ade47c5c33070768e96edd4bc874bb3bbde1417e621a1cb0827b28d9940341c3456c772981396ca47de8f7817b728cb401284a3178a441e36b9d612396bbd16d0a139093ee53a45bb98150639e0b77d21a9c10788270eb6ba07daf283d183a897d3095eff9cdf071686ca51d53cae0e3fe6ef7642d7a4f4413bdcce6585aa42cc4d20737ea33e3048757a1ac497307b2f15e512e64ddf27bfb7874b8ec7adcac2d0704ca555c83c02bc46739aebc1a26db19396269d9250f61c7b5b1373a953bafb4271559578fe716de583d572d83f476bbd027f4032b18c44f21316b3d9a8121f133d76808013835e358c6c5b777fe8e2038f150cdfe054d245e47ddada73f1b6f1c07574f402ac9d0da3f9c97d11f864059dda55a1743b5e72457f881d50aa9fbbe5c37cb5a0f3daf38bf15dc74c16b956b4f91c455d2dcf70e95a3d1c2aeb2492e7ea884cd3c3c655f0d85b89f6d4a2a2fc630303f18d60e02ab27e45985c439e69daf4e1489f3c501ca476fe53d9323b746e8cdeda37e1026ab7ec3455ea92d163322a89854694c446e531956ad13063ac19d68ce47835de6fc8ec4c739baf6be44d9f573b41372c0938b98315ce04e047e4971c5a3ae61a2e020a8ffcc880d9acfb3d6a3fd7386fa5b17fdcf930fe516128bc79ca56bc120f27175a1cb6f005a461ed609d12d73c49341134af988879ab4b0f1f9845f80c6c7dee369194f20688016f059632a2a2b76e5f262b7177e13397de276c3687877e7dcc7d3838acf7ecf2e05fe9b33f55c6bd5b66806162b382540e7732a9fff4aeb7a859f4b93a7cd3974c75a5294afd2fb369d8a273afe74dd49b3cbcdb51771ec86d5b93d51c68662dd37a91887a349db1fe310176715a848b7bc0e96f52c9ea5dd89232a9a0a4d487045726b9c6591a22e0b875686f35e9ee7749bf3f1ca7fdb1a248650b0a3aa291531c477c8e3c184f80696e1c5db6f40c5b5612431c2ab0dbbb611ae9d762e0e3c49e32e10538ef6ab118cee2b8f61b83a031ab7bb306d42b5bc1a8475072cf0567edc140d1d6d7a657938a319c03ecf2411420559a23ca11e1dbf68009d51f01134b21548b6ca7573f91a44228882d2593bffcb2adfdb52a18b3e026b3e836c810dd98da1c0a5cf1550bc4a4f6ae772c2491eb2ea5526c79960379a0749f2a02d421fa90df8b60092e2742d7bdca92df762cc9786f2e7a098eddca5864705dc1c99de859e8f470e7467f54f8dbb942bcce47b5effac0b425cf4edca032561e01411bb3c363ddbb472425a8ec00559ef1cd6184f629afb3583e0aa499fb5620713a4a0d85940d80593a981c08ae069da59544a9a85db8ee969518c5b1bac691e8eda4f54e9338cf26d90f3b4c254cd16cc29fd614e36ff0dc9f060360b41c29460d2578403ffaec06c0c693d9aafd8ba6914b65f71e409fc3f3cb2f399c80518b4a7c555881a35b8394f7aafa6150bab61d6e86086eb96fb1e63b59241cd4846a8fd397342253af340611e3de771410f341da3454ec2b31744c71c2b5a99b10648cc2a4c26aef877dae469b01191feb39226d67f39d4b094f40bfbc34dd45cc01e40d5f6c1b269dda2fb94e413a98083ce935d46fe167723c657fb700efc7ab221bb8faf445c07d0f8c50af3e54b5aa2c7873c5b2b8119563a118dee369d3edea66728bcef359631d30e17e5381482bbbadf6265efdb2d6edb4ce6e39701533712026cd24ddfa6aedc8978f360c3f510ca8d61347177d96a8b90cb9dbf1f9d3d5c3e8589c6efe91d094146e73959d0ba08fcc6594e83dab8e4e26d29e144d8fdec2d9c8f33336901f2c61e78cf0908cade25cbf7282327f16e5afe0815d41337f55504f8b415e2420cab41e121b3858249c3b4f4b3bf77e0bf6af583451471a77e0031a052ac4d18807d6a25eb9968d5178ad173ee535016859a4c6a4d73820fe8443c1f26044a348e0e502e4bc0a6b60c1e0c00c6ad051b68d0fe001297060191a810ff0793d59c8482923aeaf66f3d0b407e6a047b13a141205f024de7eb87f4e7204a43e181bc38be3ef9cadfbb3641730ebfafd6e62f1fafb39e3c4df09f45995500f536d9a1c6d08c649f2b2d102b8d516c7e4911f3a3ca437c18d2b4093285b9a7725d3c5bacd61f8b93190eaa03747de824b2256d0db38ae69cab50f45eb9c52f9a16896e6276b2e81a5b1f324236b8125ac22cc2638f213a25381787951d8aa53ab5258582620fc05cd2eadf61e2b6533fa313ac327ce15d32e447e654a147c8f4527fd3fd18a880331dcedabc346fa3946ca88c55336103fde0a21d7cdce0699e241b99560039f27f591ee3e6d0b4c30accff68a843a091fb94075fb335815e260190557c771ee58163a64a2f34ed6fc1caab1a5390adfcd49bfca809358ca5190cf2ee85aae070944c9b7daecb565a1f048675c834718cde17afc9771769c06219b4891ab483c737bcd1cf22a2e053177c5aaff9c2409b6109ed5edbbb3ca5b8862a1ab8aece38c773757b806ed0e5289ba3767d3ac45628c1f7a5113c316d2dbaf3f87b1598c30b1f571bc3c11fb4fac77564bb595a49f96d922134bf0905f1f171095bdc72920e1a58e21506520c2d141fa1164dffcedffa10471df77c8d3318c02cfd79641aa703ae40e32afa864ccf1b64b66a4289c51c1bab0848c3a2e6fd7e9b4263bc300d06ab804338d4188cb61579e444085fd682910448ebd968e8ed0f0c13ea34c25571265113683a351d9df25fb0620a53fa031b244a50e5301c1ee33b97bdc689963d610432eaa97b0879137878d2153de4265c83c1eaea8c6e594914841862cd5d84ddabd78318307d77251d6a18c4a66e4dbe63674391f7e6fd08df229c0d2b81c036f89f4a253120dc276b3b17a10c10a2fb7a52b0a924d6ba47ec24ac248f35d3f839281ffbd14403da03a82eb3c5110bbe9ca528d204ebd4794c3547cde975168dbdbe961b774f13f514c39f589b64b2138b67cebdc459597fbc7735d982e7eea413cb9befa14f5885cdd0886000b607f7fcfab85a94acd63d7deb79525cd4e45e6dd1b06b1e6513cfd21a73ade168148e409dcdee0ecda24ba7ebf4046532c161f2f6ff4f091bfc994178f53767b69d677af26b312e879d71ff7868f24d71b8edc768aa0479acb49b387ef8b1c46a485aede1134447af14026988b2d49486f31a336486ade5495dc1e15824ba5e6164e480d168e13e321dcca19478fe461a0497eda844b363b292175c7fc098e1c77e78402e2bef3e3e13cabd162b884548bc209a45b91ac8395d300020a6390296d5ad7f4081e06dfaf89cf4b83bf5eb71e2cae13f957be9713674731e85d32ef362755968eb4bd40d692ebdb381d8100eea3da3fa48b3d6500cdfecf73b9bf254df83b55ffd090d5c3350f0e3694b6b201d13cbce1a6d556c223ae8d735b34bca6715831ceac65d1fd61d1bbe9d15abfbb0f69346ffca0b12dd5361f5dbb2e46f43187fea637c7221dc2986caed1fee7b54ee4aa5fcf18ded92f23859bae2c7598d63e6002c5ceb671b4fed9c3b38cecb15c89e26c52bd10dc49df6bd9102ab171807532f3def86d25869d5db9ce70fcf87b607f91b9e0edc246d8d139edcf8592528d23e8d84cf82a5ddaf1a465a2f2f3882ab2ad7a6e7a7419c438f3b596c6b954ff275203579217271b418937386976471850258c25dd51005f70d7cd2543930463234d18d62e68a15a70f1ba154ef3a5b14a38e2c6ca024d469c5549df8c2fa549064a37d8a90a7f8f4992bbac1d64d08bbc54bde4d113636f92f973e5c66eea9c8e4902f4929d57e7020952f38625824d4293862057104fae0bb07388a5e1f4c6e61f4b423648299ca97cf5e9ac30366d41bda04bbdaa7a9fa0f2aedd5e67351d8f300819e541b10eda1bc17c7bba7fb45a67b3ab20f26fd6a513a1c90d35956566c04c3f983496c79eab1f6456c890afe526e46fb836b99e2cb12f4ad9d2702b8632a3a259c5e13d5e605ec4eb136fc818c330731841dde4ca7dc0ab4678a1673ce6f1f460bb9ab14f653cfe06f75d8a47923058ed6e363d9d8c2e1e4eb7bf552edf396f46ba1c1aa700bc2fc68c11dee86e8454ff4fdd69567a80d68d35"}}}}}, 0x0) 01:47:25 executing program 4: syz_emit_ethernet(0xa6, &(0x7f0000000000)={@broadcast, @remote, @void, {@ipv4={0x800, @gre={{0x15, 0x4, 0x0, 0x0, 0x98, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev, {[@generic={0x0, 0xf, "130eb1581ab4594bd8e92e590e"}, @rr={0x7, 0x3}, @generic={0x0, 0x9, "a5551c4e88729c"}, @lsrr={0x83, 0x13, 0x0, [@rand_addr, @multicast2, @multicast2, @broadcast]}, @rr={0x7, 0xf, 0x0, [@loopback, @local, @remote]}]}}}}}}, 0x0) [ 450.634569][ T6665] 140548077780992-140548079878143: ffff888022f0e9a0 [ 450.681523][ T6665] 140548079878144-140548084072447: ffff888022f0ea80 01:47:25 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000080)={'ip6gre0\x00', &(0x7f0000000000)={'syztnl2\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @mcast1, @mcast1}}) 01:47:25 executing program 2: r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/slabinfo\x00', 0x0, 0x0) dup3(r1, r0, 0x0) 01:47:25 executing program 4: syz_emit_ethernet(0xa6, &(0x7f0000000000)={@broadcast, @remote, @void, {@ipv4={0x800, @gre={{0x15, 0x4, 0x0, 0x0, 0x98, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev, {[@generic={0x0, 0xf, "130eb1581ab4594bd8e92e590e"}, @rr={0x7, 0x3}, @generic={0x0, 0x9, "a5551c4e88729c"}, @lsrr={0x83, 0x13, 0x0, [@rand_addr, @multicast2, @multicast2, @broadcast]}, @rr={0x7, 0xf, 0x0, [@loopback, @local, @remote]}]}}}}}}, 0x0) [ 450.722575][ T6665] 140548084072448-140548084219903: ffff888022f0eb60 [ 450.759927][ T6665] 140548084219904-140548084948991: ffff888022f0ec40 01:47:25 executing program 2: syz_open_dev$loop(&(0x7f0000000940), 0x0, 0x4001) bpf$MAP_CREATE(0x0, 0x0, 0x0) [ 450.789689][ T6665] 140548084948992-140548085284863: ffff888022f0ed20 01:47:25 executing program 5: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x18, &(0x7f0000000200)=@filter={'filter\x00', 0xe, 0x4, 0x378, 0xffffffff, 0x250, 0x250, 0x0, 0xffffffff, 0xffffffff, 0x340, 0x340, 0x340, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28}}, {{@ipv6={@private0, @private1, [], [], 'hsr0\x00', 'syzkaller0\x00'}, 0x0, 0xa8, 0xe8}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "f4074efe36c370be29416839ad6d2a9ff6146b07278b03451a4510d5da25"}}, {{@ipv6={@remote, @mcast2, [], [], 'team0\x00', 'ipvlan1\x00'}, 0x0, 0xa8, 0xf0}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 450.831868][ T6665] 140548085284864-140548085288959: 0000000000000000 [ 450.856822][ T6665] 140548085288960-140548085653503: ffff888022f0ee00 [ 450.876716][ T6665] 140548085653504-140548085690367: ffff888022f0eee0 [ 450.892638][ T6665] 140548085690368-140548085710847: 0000000000000000 [ 450.905430][ T6665] 140548085710848-140548097556479: ffff88806b3de000 [ 450.906482][ T6954] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 450.916606][ T6665] 140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 450.978878][ T6665] 140548097556480-140548097601535: 0000000000000000 [ 450.996607][ T6665] 140548097601536-140548097605631: ffff88806b3de460 [ 451.003597][ T6665] 140548097605632-140548097736703: ffff88806b3de380 [ 451.010779][ T6665] 140548097736704-140735437164543: 0000000000000000 [ 451.018484][ T6665] 140735437164544-140735437299711: ffff88806b3de0e0 [ 451.025470][ T6665] 140735437299712-140735437316095: 0000000000000000 01:47:25 executing program 5: openat$zero(0xffffffffffffff9c, &(0x7f0000001ac0), 0x0, 0x0) 01:47:25 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x24, &(0x7f0000000300), 0x4) [ 451.037735][ T6665] 140735437316096-140735437332479: ffff88806b3de1c0 [ 451.044828][ T6665] 140735437332480-140735437340671: ffff88806b3de2a0 [ 451.078853][ T6665] 140735437340672-18446744073709551615: 0000000000000000 [ 451.104489][ T6665] Pass: 9862083 Run:9862210 [ 451.112598][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 [ 451.122447][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 451.132526][ T6665] Call Trace: [ 451.135832][ T6665] [ 451.138788][ T6665] dump_stack_lvl+0xd1/0x138 [ 451.143418][ T6665] mt_find.cold+0x8b/0x90 [ 451.147784][ T6665] ? mas_find+0x1d0/0x1d0 [ 451.152157][ T6665] find_vma+0x10c/0x1b0 [ 451.156332][ T6665] ? can_vma_merge_before+0x390/0x390 [ 451.161729][ T6665] ? walk_page_test+0x78/0x180 [ 451.166531][ T6665] walk_page_range+0x2b1/0x4a0 [ 451.171330][ T6665] ? __walk_page_range+0x780/0x780 [ 451.176488][ T6665] mlock_fixup+0x650/0x810 [ 451.180953][ T6665] apply_vma_lock_flags+0x23d/0x350 [ 451.186187][ T6665] ? mlock_fixup+0x810/0x810 [ 451.190818][ T6665] ? __ia32_sys_get_robust_list+0x400/0x400 [ 451.196740][ T6665] do_mlock+0x25a/0x6d0 [ 451.200947][ T6665] ? folio_evictable+0x270/0x270 [ 451.205939][ T6665] ? syscall_enter_from_user_mode+0x26/0xb0 [ 451.211863][ T6665] __x64_sys_mlock+0x59/0x80 [ 451.216468][ T6665] do_syscall_64+0x39/0xb0 [ 451.220918][ T6665] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 451.226831][ T6665] RIP: 0033:0x7fd3e6a8c0c9 [ 451.231268][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 451.250894][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 451.259323][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9 [ 451.267302][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000 [ 451.275284][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000 [ 451.283266][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 451.291243][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000 [ 451.299245][ T6665] [ 451.323510][ T6665] index not increased! 20ffb000 <= 20ffb000 [ 451.346478][ T6954] usb 1-1: Using ep0 maxpacket: 16 [ 451.365443][ T6665] BUG at mt_find:6473 (1) [ 451.373199][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e [ 451.384603][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 451.434782][ T6665] 0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d [ 451.485595][ T6665] 0-536866815: 0000000000000000 [ 451.491612][ T6665] 536866816-536870911: ffff888022f0e0e0 [ 451.497893][ T6665] 536870912-553627647: ffff888022f0e1c0 [ 451.503876][ T6665] 553627648-553635839: 0000000000000000 [ 451.510185][ T6665] 553635840-553627647: ffff8880272dc9a0 [ 451.516160][ T6665] 553627648-553644031: ffff8880272dc8c0 [ 451.522397][ T6665] 553644032-553648127: ffff88807e16c7e0 [ 451.528457][ T6665] 553648128-553652223: ffff888022f0e2a0 [ 451.534482][ T6665] 553652224-116813594623: 0000000000000000 [ 451.542000][ T6665] 116813594624-116817788927: ffff888022f0e380 [ 451.549299][ T6665] 116817788928-93825002663935: 0000000000000000 [ 451.555977][ T6665] 93825002663936-93825002803199: ffff888022f0e460 [ 451.562902][ T6665] 93825002803200-140548063096831: 0000000000000000 [ 451.569955][ T6665] 140548063096832-140548063100927: ffff888022f0e540 [ 451.577904][ T6954] usb 1-1: unable to get BOS descriptor or descriptor too short [ 451.581919][ T6665] 140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d [ 451.640978][ T6665] 140548063100928-140548071489535: ffff888022f0e620 [ 451.648072][ T6665] 140548071489536-140548073586687: ffff888022f0e700 [ 451.655051][ T6665] 140548073586688-140548075683839: ffff888022f0e7e0 [ 451.664903][ T6665] 140548075683840-140548077780991: ffff888022f0e8c0 [ 451.671966][ T6665] 140548077780992-140548079878143: ffff888022f0e9a0 [ 451.680684][ T6665] 140548079878144-140548084072447: ffff888022f0ea80 [ 451.688383][ T6665] 140548084072448-140548084219903: ffff888022f0eb60 [ 451.695448][ T6665] 140548084219904-140548084948991: ffff888022f0ec40 [ 451.702840][ T6665] 140548084948992-140548085284863: ffff888022f0ed20 [ 451.710115][ T6954] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 451.721157][ T6954] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 451.722655][ T6665] 140548085284864-140548085288959: [ 451.731292][ T6954] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 451.733533][ T6665] 0000000000000000 [ 451.753643][ T6665] 140548085288960-140548085653503: ffff888022f0ee00 [ 451.761072][ T6665] 140548085653504-140548085690367: ffff888022f0eee0 [ 451.769102][ T6665] 140548085690368-140548085710847: 0000000000000000 [ 451.778216][ T6665] 140548085710848-140548097556479: ffff88806b3de000 [ 451.785204][ T6665] 140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 451.835195][ T6665] 140548097556480-140548097601535: 0000000000000000 [ 451.843421][ T6665] 140548097601536-140548097605631: ffff88806b3de460 [ 451.850481][ T6665] 140548097605632-140548097736703: ffff88806b3de380 [ 451.857548][ T6665] 140548097736704-140735437164543: 0000000000000000 [ 451.864526][ T6665] 140735437164544-140735437299711: ffff88806b3de0e0 [ 451.871578][ T6665] 140735437299712-140735437316095: 0000000000000000 [ 451.880584][ T6665] 140735437316096-140735437332479: ffff88806b3de1c0 [ 451.890608][ T6665] 140735437332480-140735437340671: ffff88806b3de2a0 [ 451.898196][ T6665] 140735437340672-18446744073709551615: 0000000000000000 [ 451.905649][ T6665] Pass: 9862119 Run:9862247 [ 451.910831][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 [ 451.920671][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 451.930733][ T6665] Call Trace: [ 451.934002][ T6665] [ 451.936938][ T6665] dump_stack_lvl+0xd1/0x138 [ 451.941580][ T6665] mt_find.cold+0x8b/0x90 [ 451.945942][ T6665] ? mas_find+0x1d0/0x1d0 [ 451.950275][ T6665] find_vma+0x10c/0x1b0 [ 451.954425][ T6665] ? can_vma_merge_before+0x390/0x390 [ 451.959809][ T6665] ? walk_page_test+0x78/0x180 [ 451.964598][ T6665] walk_page_range+0x2b1/0x4a0 [ 451.969363][ T6665] ? __walk_page_range+0x780/0x780 [ 451.974482][ T6665] mlock_fixup+0x650/0x810 [ 451.978928][ T6665] apply_vma_lock_flags+0x23d/0x350 [ 451.984177][ T6665] ? mlock_fixup+0x810/0x810 [ 451.988830][ T6665] ? __ia32_sys_get_robust_list+0x400/0x400 [ 451.994753][ T6665] do_mlock+0x25a/0x6d0 [ 451.998932][ T6665] ? folio_evictable+0x270/0x270 [ 452.003925][ T6665] ? syscall_enter_from_user_mode+0x26/0xb0 [ 452.009851][ T6665] __x64_sys_mlock+0x59/0x80 [ 452.014432][ T6665] do_syscall_64+0x39/0xb0 [ 452.018864][ T6665] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 452.024781][ T6665] RIP: 0033:0x7fd3e6a8c0c9 [ 452.029189][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 452.048789][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 452.057208][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9 [ 452.065193][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000 [ 452.073161][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000 [ 452.081138][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 452.089123][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000 [ 452.097124][ T6665] [ 452.107194][ T6665] index not increased! 20ffb000 <= 20ffb000 [ 452.113169][ T6665] BUG at mt_find:6473 (1) [ 452.118113][ T6954] usb 1-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.40 [ 452.121396][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e [ 452.127642][ T6954] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 452.135688][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: [ 452.143938][ T6954] usb 1-1: Product: syz [ 452.152513][ T6665] 93708184875008 [ 452.154908][ T6954] usb 1-1: Manufacturer: syz [ 452.160099][ T6665] 20480 [ 452.163083][ T6954] usb 1-1: SerialNumber: syz [ 452.174975][ T6665] 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 452.203058][ T6665] 0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d [ 452.252891][ T6665] 0-536866815: 0000000000000000 [ 452.258560][ T6665] 536866816-536870911: ffff888022f0e0e0 [ 452.264589][ T6665] 536870912-553627647: ffff888022f0e1c0 [ 452.270700][ T6665] 553627648-553635839: 0000000000000000 [ 452.276750][ T6665] 553635840-553627647: ffff8880272dc9a0 [ 452.282723][ T6665] 553627648-553644031: ffff8880272dc8c0 [ 452.289894][ T6665] 553644032-553648127: ffff88807e16c7e0 [ 452.295874][ T6665] 553648128-553652223: ffff888022f0e2a0 [ 452.301889][ T6665] 553652224-116813594623: 0000000000000000 [ 452.308164][ T6665] 116813594624-116817788927: ffff888022f0e380 [ 452.314628][ T6665] 116817788928-93825002663935: 0000000000000000 [ 452.321554][ T6665] 93825002663936-93825002803199: ffff888022f0e460 [ 452.328471][ T6665] 93825002803200-140548063096831: 0000000000000000 [ 452.335406][ T6665] 140548063096832-140548063100927: ffff888022f0e540 [ 452.342458][ T6665] 140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d [ 452.401708][ T6665] 140548063100928-140548071489535: ffff888022f0e620 [ 452.409425][ T6665] 140548071489536-140548073586687: ffff888022f0e700 [ 452.416578][ T6665] 140548073586688-140548075683839: ffff888022f0e7e0 [ 452.423641][ T6665] 140548075683840-140548077780991: ffff888022f0e8c0 [ 452.430770][ T6665] 140548077780992-140548079878143: ffff888022f0e9a0 [ 452.437887][ T6665] 140548079878144-140548084072447: ffff888022f0ea80 [ 452.444873][ T6665] 140548084072448-140548084219903: ffff888022f0eb60 [ 452.451973][ T6665] 140548084219904-140548084948991: ffff888022f0ec40 [ 452.459025][ T6665] 140548084948992-140548085284863: ffff888022f0ed20 [ 452.466010][ T6665] 140548085284864-140548085288959: 0000000000000000 [ 452.473129][ T6665] 140548085288960-140548085653503: ffff888022f0ee00 [ 452.484928][ T6665] 140548085653504-140548085690367: ffff888022f0eee0 [ 452.492036][ T6665] 140548085690368-140548085710847: 0000000000000000 [ 452.499754][ T6665] 140548085710848-140548097556479: ffff88806b3de000 [ 452.506685][ T6954] usbhid 1-1:1.0: can't add hid device: -22 [ 452.509478][ T6665] 140548097556480-18446744073709551615: [ 452.512670][ T6954] usbhid: probe of 1-1:1.0 failed with error -22 [ 452.512707][ T6665] node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 452.537982][ T6954] usb 1-1: USB disconnect, device number 3 [ 452.589503][ T6665] 140548097556480-140548097601535: 0000000000000000 [ 452.600130][ T6665] 140548097601536-140548097605631: ffff88806b3de460 [ 452.607333][ T6665] 140548097605632-140548097736703: ffff88806b3de380 [ 452.614319][ T6665] 140548097736704-140735437164543: 0000000000000000 [ 452.622239][ T6665] 140735437164544-140735437299711: ffff88806b3de0e0 [ 452.629445][ T6665] 140735437299712-140735437316095: 0000000000000000 [ 452.636542][ T6665] 140735437316096-140735437332479: ffff88806b3de1c0 [ 452.643513][ T6665] 140735437332480-140735437340671: ffff88806b3de2a0 [ 452.650559][ T6665] 140735437340672-18446744073709551615: 0000000000000000 [ 452.658101][ T6665] Pass: 9862145 Run:9862274 [ 452.662665][ T6665] CPU: 0 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 [ 452.672464][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 452.682515][ T6665] Call Trace: [ 452.685787][ T6665] [ 452.688709][ T6665] dump_stack_lvl+0xd1/0x138 [ 452.693303][ T6665] mt_find.cold+0x8b/0x90 [ 452.697649][ T6665] ? mas_find+0x1d0/0x1d0 [ 452.702012][ T6665] find_vma+0x10c/0x1b0 [ 452.706164][ T6665] ? can_vma_merge_before+0x390/0x390 [ 452.711533][ T6665] ? walk_page_test+0x78/0x180 [ 452.716295][ T6665] walk_page_range+0x2b1/0x4a0 [ 452.721105][ T6665] ? __walk_page_range+0x780/0x780 [ 452.726280][ T6665] mlock_fixup+0x650/0x810 [ 452.730752][ T6665] apply_vma_lock_flags+0x23d/0x350 [ 452.736013][ T6665] ? mlock_fixup+0x810/0x810 [ 452.740612][ T6665] ? __ia32_sys_get_robust_list+0x400/0x400 [ 452.746512][ T6665] do_mlock+0x25a/0x6d0 [ 452.750672][ T6665] ? folio_evictable+0x270/0x270 [ 452.755621][ T6665] ? syscall_enter_from_user_mode+0x26/0xb0 [ 452.761517][ T6665] __x64_sys_mlock+0x59/0x80 [ 452.766100][ T6665] do_syscall_64+0x39/0xb0 [ 452.770533][ T6665] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 452.776455][ T6665] RIP: 0033:0x7fd3e6a8c0c9 [ 452.780863][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 452.800477][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 452.808925][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9 [ 452.816921][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000 [ 452.824930][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000 [ 452.832918][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 452.840882][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000 [ 452.848857][ T6665] [ 452.856135][ T6665] index not increased! 20ffb000 <= 20ffb000 [ 452.862215][ T6665] BUG at mt_find:6473 (1) [ 452.866702][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e [ 452.875242][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 452.913432][ T6665] 0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d [ 452.965372][ T6665] 0-536866815: 0000000000000000 [ 452.970761][ T6665] 536866816-536870911: ffff888022f0e0e0 [ 452.976852][ T6665] 536870912-553627647: ffff888022f0e1c0 [ 452.982825][ T6665] 553627648-553635839: 0000000000000000 [ 452.988868][ T6665] 553635840-553627647: ffff8880272dc9a0 01:47:27 executing program 1: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000980)='/proc/bus/input/handlers\x00', 0x0, 0x0) ioctl$LOOP_SET_CAPACITY(r0, 0x4c07) 01:47:27 executing program 4: syz_emit_ethernet(0xa6, &(0x7f0000000000)={@broadcast, @remote, @void, {@ipv4={0x800, @gre={{0x15, 0x4, 0x0, 0x0, 0x98, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev, {[@generic={0x0, 0xf, "130eb1581ab4594bd8e92e590e"}, @rr={0x7, 0x3}, @generic={0x0, 0x9, "a5551c4e88729c"}, @lsrr={0x83, 0x13, 0x0, [@rand_addr, @multicast2, @multicast2, @broadcast]}, @rr={0x7, 0xf, 0x0, [@loopback, @local, @remote]}]}}}}}}, 0x0) 01:47:27 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x42, &(0x7f0000000200)=@filter={'filter\x00', 0xe, 0x4, 0x378, 0xffffffff, 0x250, 0x250, 0x0, 0xffffffff, 0xffffffff, 0x340, 0x340, 0x340, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28}}, {{@ipv6={@private0, @private1, [], [], 'hsr0\x00', 'syzkaller0\x00'}, 0x0, 0xa8, 0xe8}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "f4074efe36c370be29416839ad6d2a9ff6146b07278b03451a4510d5da25"}}, {{@ipv6={@remote, @mcast2, [], [], 'team0\x00', 'ipvlan1\x00'}, 0x0, 0xa8, 0xf0}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 01:47:27 executing program 3: syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001280)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x46d, 0xc222, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, {0x9}}}]}}]}}, &(0x7f0000001700)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x4, &(0x7f0000001380)=@lang_id={0x4}}, {0xc, &(0x7f0000001480)=@string={0xc, 0x3, "5e07b817fcd517daaca8"}}]}) 01:47:27 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x8929, &(0x7f0000000080)={'ip6gre0\x00', 0x0}) 01:47:27 executing program 5: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x46, 0x0, 0x0) [ 452.994852][ T6665] 553627648-553644031: ffff8880272dc8c0 [ 453.000914][ T6665] 553644032-553648127: ffff88807e16c7e0 [ 453.008106][ T6665] 553648128-553652223: ffff888022f0e2a0 [ 453.014225][ T6665] 553652224-116813594623: 0000000000000000 01:47:27 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x6, 0x6c4, &(0x7f0000000000)={@empty}, 0x20) 01:47:27 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x8930, &(0x7f0000000080)={'ip6gre0\x00', 0x0}) 01:47:27 executing program 2: syz_clone3(&(0x7f0000003380)={0x0, &(0x7f0000002300), &(0x7f0000002280), &(0x7f00000022c0), {}, &(0x7f0000002240)=""/51, 0x33, &(0x7f0000003480)=""/4096, &(0x7f0000003340)=[0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0], 0x8}, 0x48) [ 453.055704][ T6665] 116813594624-116817788927: ffff888022f0e380 [ 453.088061][ T6665] 116817788928-93825002663935: 0000000000000000 01:47:27 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x6, 0x7, &(0x7f0000000000)={@empty}, 0x20) 01:47:27 executing program 5: r0 = socket(0x1, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'authenc(sha384-arm64,ecb-camellia-aesni-avx2)\x00'}, 0x58) 01:47:27 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x8, &(0x7f0000000200)=@filter={'filter\x00', 0xe, 0x4, 0x378, 0xffffffff, 0x250, 0x250, 0x0, 0xffffffff, 0xffffffff, 0x340, 0x340, 0x340, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28}}, {{@ipv6={@private0, @private1, [], [], 'hsr0\x00', 'syzkaller0\x00'}, 0x0, 0xa8, 0xe8}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "f4074efe36c370be29416839ad6d2a9ff6146b07278b03451a4510d5da25"}}, {{@ipv6={@remote, @mcast2, [], [], 'team0\x00', 'ipvlan1\x00'}, 0x0, 0xa8, 0xf0}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 01:47:27 executing program 4: r0 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x8923, &(0x7f0000000800)={'ip6gre0\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @mcast1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x700}}) [ 453.124639][ T6665] 93825002663936-93825002803199: ffff888022f0e460 01:47:28 executing program 2: clock_getres(0x0, &(0x7f00000008c0)) 01:47:28 executing program 0: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000380)='/sys/block/loop0', 0x0, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/cgroups\x00', 0x0, 0x0) dup3(r0, r1, 0x0) [ 453.185092][ T6665] 93825002803200-140548063096831: 0000000000000000 [ 453.210849][ T6665] 140548063096832-140548063100927: ffff888022f0e540 [ 453.262884][ T6665] 140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d [ 453.326586][ T5169] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 453.327351][ T7938] €: renamed from ip6gre0 (while UP) [ 453.380395][ T6665] 140548063100928-140548071489535: ffff888022f0e620 [ 453.389593][ T6665] 140548071489536-140548073586687: ffff888022f0e700 [ 453.396809][ T6665] 140548073586688-140548075683839: ffff888022f0e7e0 [ 453.403989][ T6665] 140548075683840-140548077780991: ffff888022f0e8c0 [ 453.416855][ T6665] 140548077780992-140548079878143: ffff888022f0e9a0 [ 453.425106][ T6665] 140548079878144-140548084072447: ffff888022f0ea80 [ 453.436192][ T6665] 140548084072448-140548084219903: ffff888022f0eb60 [ 453.444601][ T6665] 140548084219904-140548084948991: ffff888022f0ec40 [ 453.452488][ T6665] 140548084948992-140548085284863: ffff888022f0ed20 [ 453.459944][ T6665] 140548085284864-140548085288959: 0000000000000000 [ 453.467144][ T6665] 140548085288960-140548085653503: ffff888022f0ee00 [ 453.481675][ T6665] 140548085653504-140548085690367: ffff888022f0eee0 [ 453.492461][ T6665] 140548085690368-140548085710847: 0000000000000000 [ 453.521477][ T6665] 140548085710848-140548097556479: ffff88806b3de000 [ 453.542715][ T6665] 140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 453.593078][ T6665] 140548097556480-140548097601535: 0000000000000000 [ 453.600788][ T6665] 140548097601536-140548097605631: ffff88806b3de460 [ 453.608777][ T6665] 140548097605632-140548097736703: ffff88806b3de380 [ 453.615864][ T6665] 140548097736704-140735437164543: 0000000000000000 [ 453.624065][ T6665] 140735437164544-140735437299711: ffff88806b3de0e0 [ 453.624513][ T5169] usb 4-1: Using ep0 maxpacket: 16 [ 453.631438][ T6665] 140735437299712-140735437316095: 0000000000000000 [ 453.643536][ T6665] 140735437316096-140735437332479: ffff88806b3de1c0 [ 453.651475][ T6665] 140735437332480-140735437340671: ffff88806b3de2a0 [ 453.659514][ T6665] 140735437340672-18446744073709551615: 0000000000000000 [ 453.667160][ T6665] Pass: 9868404 Run:9868534 [ 453.671725][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 [ 453.681536][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 453.691611][ T6665] Call Trace: [ 453.694882][ T6665] [ 453.697820][ T6665] dump_stack_lvl+0xd1/0x138 [ 453.702458][ T6665] mt_find.cold+0x8b/0x90 [ 453.706818][ T6665] ? mas_find+0x1d0/0x1d0 [ 453.711154][ T6665] find_vma+0x10c/0x1b0 [ 453.715305][ T6665] ? can_vma_merge_before+0x390/0x390 [ 453.720693][ T6665] ? walk_page_test+0x78/0x180 [ 453.725508][ T6665] walk_page_range+0x2b1/0x4a0 [ 453.730317][ T6665] ? __walk_page_range+0x780/0x780 [ 453.735474][ T6665] mlock_fixup+0x650/0x810 [ 453.739937][ T6665] apply_vma_lock_flags+0x23d/0x350 [ 453.745172][ T6665] ? mlock_fixup+0x810/0x810 [ 453.749805][ T6665] ? __ia32_sys_get_robust_list+0x400/0x400 [ 453.755731][ T6665] do_mlock+0x25a/0x6d0 [ 453.759923][ T6665] ? folio_evictable+0x270/0x270 [ 453.764906][ T6665] ? syscall_enter_from_user_mode+0x26/0xb0 [ 453.770840][ T6665] __x64_sys_mlock+0x59/0x80 [ 453.775453][ T6665] do_syscall_64+0x39/0xb0 [ 453.779901][ T6665] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 453.785816][ T6665] RIP: 0033:0x7fd3e6a8c0c9 [ 453.790251][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 453.809871][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 453.818302][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9 [ 453.826285][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000 [ 453.834271][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000 [ 453.842256][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 453.850243][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000 [ 453.858255][ T6665] [ 453.865643][ T5169] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 453.879270][ T6665] index not increased! 20ffb000 <= 20ffb000 [ 453.885227][ T6665] BUG at mt_find:6473 (1) [ 453.889703][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e [ 453.898379][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 453.936498][ T6665] 0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d [ 453.985867][ T6665] 0-536866815: 0000000000000000 [ 453.991822][ T6665] 536866816-536870911: ffff888022f0e0e0 [ 453.998322][ T6665] 536870912-553627647: ffff888022f0e1c0 [ 454.004310][ T6665] 553627648-553635839: 0000000000000000 [ 454.010634][ T6665] 553635840-553627647: ffff8880272dc9a0 [ 454.016964][ T6665] 553627648-553644031: ffff8880272dc8c0 [ 454.022952][ T6665] 553644032-553648127: ffff88807e16c7e0 [ 454.031039][ T6665] 553648128-553652223: ffff888022f0e2a0 [ 454.037181][ T6665] 553652224-116813594623: 0000000000000000 [ 454.043369][ T6665] 116813594624-116817788927: ffff888022f0e380 [ 454.050033][ T6665] 116817788928-93825002663935: 0000000000000000 [ 454.056745][ T6665] 93825002663936-93825002803199: ffff888022f0e460 [ 454.063542][ T6665] 93825002803200-140548063096831: 0000000000000000 [ 454.070449][ T6665] 140548063096832-140548063100927: ffff888022f0e540 [ 454.076551][ T5169] usb 4-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.40 [ 454.077474][ T6665] 140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d [ 454.091318][ T5169] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 454.143820][ T6665] 140548063100928-140548071489535: ffff888022f0e620 [ 454.159954][ T5169] usb 4-1: Product: syz [ 454.160723][ T6665] 140548071489536-140548073586687: [ 454.164405][ T5169] usb 4-1: Manufacturer: ݞី헼ꢬ [ 454.164429][ T5169] usb 4-1: SerialNumber: syz [ 454.170394][ T6665] ffff888022f0e700 [ 454.184723][ T6665] 140548073586688-140548075683839: ffff888022f0e7e0 [ 454.191839][ T6665] 140548075683840-140548077780991: ffff888022f0e8c0 [ 454.198970][ T6665] 140548077780992-140548079878143: ffff888022f0e9a0 [ 454.205983][ T6665] 140548079878144-140548084072447: ffff888022f0ea80 [ 454.213036][ T6665] 140548084072448-140548084219903: ffff888022f0eb60 [ 454.220191][ T6665] 140548084219904-140548084948991: ffff888022f0ec40 [ 454.227313][ T6665] 140548084948992-140548085284863: ffff888022f0ed20 [ 454.228813][ T5169] usbhid 4-1:1.0: couldn't find an input interrupt endpoint [ 454.235181][ T6665] 140548085284864-140548085288959: 0000000000000000 [ 454.235213][ T6665] 140548085288960-140548085653503: ffff888022f0ee00 [ 454.235242][ T6665] 140548085653504-140548085690367: ffff888022f0eee0 [ 454.235270][ T6665] 140548085690368-140548085710847: 0000000000000000 [ 454.235297][ T6665] 140548085710848-140548097556479: ffff88806b3de000 [ 454.235326][ T6665] 140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 454.331903][ T6665] 140548097556480-140548097601535: 0000000000000000 [ 454.340110][ T6665] 140548097601536-140548097605631: ffff88806b3de460 [ 454.347175][ T6665] 140548097605632-140548097736703: ffff88806b3de380 [ 454.354144][ T6665] 140548097736704-140735437164543: 0000000000000000 [ 454.361715][ T6665] 140735437164544-140735437299711: ffff88806b3de0e0 [ 454.368758][ T6665] 140735437299712-140735437316095: 0000000000000000 [ 454.375721][ T6665] 140735437316096-140735437332479: ffff88806b3de1c0 [ 454.382705][ T6665] 140735437332480-140735437340671: ffff88806b3de2a0 [ 454.389748][ T6665] 140735437340672-18446744073709551615: 0000000000000000 [ 454.397350][ T6665] Pass: 9868404 Run:9868535 [ 454.401880][ T6665] CPU: 0 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 [ 454.411701][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 454.421749][ T6665] Call Trace: [ 454.425018][ T6665] [ 454.427939][ T6665] dump_stack_lvl+0xd1/0x138 [ 454.432538][ T6665] mt_find.cold+0x8b/0x90 [ 454.436872][ T6665] ? mas_find+0x1d0/0x1d0 [ 454.441211][ T6665] find_vma+0x10c/0x1b0 [ 454.445365][ T6665] ? can_vma_merge_before+0x390/0x390 [ 454.450739][ T6665] ? walk_page_test+0x78/0x180 [ 454.455504][ T6665] walk_page_range+0x2b1/0x4a0 [ 454.460285][ T6665] ? __walk_page_range+0x780/0x780 [ 454.465443][ T6665] mlock_fixup+0x650/0x810 [ 454.469905][ T6665] apply_vma_lock_flags+0x23d/0x350 [ 454.475147][ T6665] ? mlock_fixup+0x810/0x810 [ 454.479780][ T6665] ? __ia32_sys_get_robust_list+0x400/0x400 [ 454.485709][ T6665] do_mlock+0x25a/0x6d0 [ 454.489902][ T6665] ? folio_evictable+0x270/0x270 [ 454.494886][ T6665] ? syscall_enter_from_user_mode+0x26/0xb0 [ 454.500809][ T6665] __x64_sys_mlock+0x59/0x80 [ 454.505415][ T6665] do_syscall_64+0x39/0xb0 [ 454.509866][ T6665] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 454.515782][ T6665] RIP: 0033:0x7fd3e6a8c0c9 [ 454.520211][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 454.539843][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 454.548279][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9 [ 454.556262][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000 [ 454.564249][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000 [ 454.572232][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 454.580214][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000 [ 454.588215][ T6665] [ 454.605406][ T6665] index not increased! 20ffb000 <= 20ffb000 [ 454.611547][ T6665] BUG at mt_find:6473 (1) [ 454.615978][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e [ 454.624952][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 454.636893][ T6508] usb 4-1: USB disconnect, device number 3 [ 454.664508][ T6665] 0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d [ 454.722824][ T6665] 0-536866815: 0000000000000000 [ 454.728432][ T6665] 536866816-536870911: ffff888022f0e0e0 [ 454.734478][ T6665] 536870912-553627647: ffff888022f0e1c0 [ 454.740914][ T6665] 553627648-553635839: 0000000000000000 [ 454.748126][ T6665] 553635840-553627647: ffff8880272dc9a0 [ 454.754166][ T6665] 553627648-553644031: ffff8880272dc8c0 [ 454.760573][ T6665] 553644032-553648127: ffff88807e16c7e0 [ 454.766931][ T6665] 553648128-553652223: ffff888022f0e2a0 [ 454.772904][ T6665] 553652224-116813594623: 0000000000000000 [ 454.779375][ T6665] 116813594624-116817788927: ffff888022f0e380 [ 454.785886][ T6665] 116817788928-93825002663935: 0000000000000000 [ 454.792895][ T6665] 93825002663936-93825002803199: ffff888022f0e460 [ 454.800491][ T6665] 93825002803200-140548063096831: 0000000000000000 [ 454.807741][ T6665] 140548063096832-140548063100927: ffff888022f0e540 [ 454.814716][ T6665] 140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d [ 454.871138][ T6665] 140548063100928-140548071489535: ffff888022f0e620 [ 454.878423][ T6665] 140548071489536-140548073586687: ffff888022f0e700 [ 454.885404][ T6665] 140548073586688-140548075683839: ffff888022f0e7e0 [ 454.893302][ T6665] 140548075683840-140548077780991: ffff888022f0e8c0 [ 454.900451][ T6665] 140548077780992-140548079878143: ffff888022f0e9a0 [ 454.907751][ T6665] 140548079878144-140548084072447: ffff888022f0ea80 [ 454.914735][ T6665] 140548084072448-140548084219903: ffff888022f0eb60 [ 454.921931][ T6665] 140548084219904-140548084948991: ffff888022f0ec40 [ 454.929179][ T6665] 140548084948992-140548085284863: ffff888022f0ed20 [ 454.936160][ T6665] 140548085284864-140548085288959: 0000000000000000 [ 454.943616][ T6665] 140548085288960-140548085653503: ffff888022f0ee00 [ 454.951613][ T6665] 140548085653504-140548085690367: ffff888022f0eee0 [ 454.959407][ T6665] 140548085690368-140548085710847: 0000000000000000 [ 454.966591][ T6665] 140548085710848-140548097556479: ffff88806b3de000 [ 454.983036][ T6665] 140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 455.033176][ T6665] 140548097556480-140548097601535: 0000000000000000 [ 455.040967][ T6665] 140548097601536-140548097605631: ffff88806b3de460 [ 455.048462][ T6665] 140548097605632-140548097736703: ffff88806b3de380 [ 455.058064][ T6665] 140548097736704-140735437164543: 0000000000000000 [ 455.065146][ T6665] 140735437164544-140735437299711: ffff88806b3de0e0 [ 455.072585][ T6665] 140735437299712-140735437316095: 0000000000000000 [ 455.079932][ T6665] 140735437316096-140735437332479: ffff88806b3de1c0 [ 455.088975][ T6665] 140735437332480-140735437340671: ffff88806b3de2a0 [ 455.096095][ T6665] 140735437340672-18446744073709551615: 0000000000000000 [ 455.104116][ T6665] Pass: 9868431 Run:9868563 [ 455.108959][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 [ 455.118801][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 455.128883][ T6665] Call Trace: [ 455.132171][ T6665] [ 455.135100][ T6665] dump_stack_lvl+0xd1/0x138 [ 455.139712][ T6665] mt_find.cold+0x8b/0x90 [ 455.144076][ T6665] ? mas_find+0x1d0/0x1d0 [ 455.148438][ T6665] find_vma+0x10c/0x1b0 [ 455.152620][ T6665] ? can_vma_merge_before+0x390/0x390 [ 455.158012][ T6665] ? walk_page_test+0x78/0x180 [ 455.162826][ T6665] walk_page_range+0x2b1/0x4a0 [ 455.167641][ T6665] ? __walk_page_range+0x780/0x780 [ 455.172795][ T6665] mlock_fixup+0x650/0x810 [ 455.177238][ T6665] apply_vma_lock_flags+0x23d/0x350 [ 455.182483][ T6665] ? mlock_fixup+0x810/0x810 [ 455.187118][ T6665] ? __ia32_sys_get_robust_list+0x400/0x400 [ 455.193046][ T6665] do_mlock+0x25a/0x6d0 [ 455.197239][ T6665] ? folio_evictable+0x270/0x270 [ 455.202293][ T6665] ? syscall_enter_from_user_mode+0x26/0xb0 [ 455.208231][ T6665] __x64_sys_mlock+0x59/0x80 [ 455.212849][ T6665] do_syscall_64+0x39/0xb0 [ 455.217305][ T6665] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 455.223227][ T6665] RIP: 0033:0x7fd3e6a8c0c9 [ 455.227666][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 455.247296][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 455.255733][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9 [ 455.263721][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000 [ 455.271713][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000 [ 455.279701][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 455.287688][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000 [ 455.295693][ T6665] [ 455.303280][ T6665] index not increased! 20ffb000 <= 20ffb000 01:47:30 executing program 3: bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000fc0)={0x0, 0x0, 0x0, 0x0}, 0x38) 01:47:30 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x2b, &(0x7f0000000200)=@filter={'filter\x00', 0xe, 0x4, 0x378, 0xffffffff, 0x250, 0x250, 0x0, 0xffffffff, 0xffffffff, 0x340, 0x340, 0x340, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28}}, {{@ipv6={@private0, @private1, [], [], 'hsr0\x00', 'syzkaller0\x00'}, 0x0, 0xa8, 0xe8}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "f4074efe36c370be29416839ad6d2a9ff6146b07278b03451a4510d5da25"}}, {{@ipv6={@remote, @mcast2, [], [], 'team0\x00', 'ipvlan1\x00'}, 0x0, 0xa8, 0xf0}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 01:47:30 executing program 5: r0 = syz_open_dev$vcsu(&(0x7f0000000540), 0x0, 0x2) write$cgroup_pressure(r0, &(0x7f0000000580)={'some'}, 0x124000) 01:47:30 executing program 2: syz_emit_ethernet(0x36, &(0x7f0000000280)={@link_local, @random="1acd46740547", @void, {@ipv6={0x86dd, @generic={0x0, 0x6, '`tK', 0x0, 0x0, 0x0, @dev, @remote}}}}, 0x0) 01:47:30 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x1600bd81, 0x0, 0x0) 01:47:30 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x68, &(0x7f0000000040), 0x4) [ 455.309353][ T6665] BUG at mt_find:6473 (1) [ 455.313800][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e [ 455.322326][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 01:47:30 executing program 4: r0 = socket(0x1, 0x5, 0x0) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r0, 0x89e0, 0x0) 01:47:30 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_int(r0, 0x6, 0x6ce, 0x0, &(0x7f0000000040)) 01:47:30 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x1, &(0x7f0000001640), 0x4) 01:47:30 executing program 2: capset(&(0x7f0000001000)={0x0, 0xffffffffffffffff}, 0x0) 01:47:30 executing program 4: syz_emit_ethernet(0x6c, &(0x7f0000000100)={@remote, @random="56b266dd56d7", @val={@void}, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x5a, 0x0, 0x0, 0x0, 0x2f, 0x0, @multicast2, @private}, {{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [0x0]}, {0x8, 0x88be, 0x0, {{0x0, 0x1, 0x6}}}}}}}}, 0x0) 01:47:30 executing program 5: r0 = syz_open_dev$vcsu(&(0x7f0000000540), 0x0, 0x141002) read$FUSE(r0, 0x0, 0x0) [ 455.426464][ T6665] 0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d 01:47:30 executing program 3: r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) write$FUSE_GETXATTR(r0, 0x0, 0x0) 01:47:30 executing program 2: openat$procfs(0xffffffffffffff9c, &(0x7f0000001040)='/proc/asound/seq/clients\x00', 0x0, 0x0) 01:47:30 executing program 1: socketpair(0x10, 0x2, 0x6, &(0x7f0000000080)) 01:47:30 executing program 0: syz_emit_ethernet(0x6a, &(0x7f0000000100)={@remote, @random="56b266dd56d7", @val={@void}, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x2f, 0x0, @multicast2, @private}, {{0x0, 0x0, 0x1, 0x0, 0x0, 0x1}}}}}}, 0x0) [ 455.555751][ T6665] 0-536866815: 0000000000000000 01:47:30 executing program 4: r0 = syz_open_dev$vcsu(&(0x7f0000000000), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000ffa000/0x3000)=nil, 0x930, 0x0, 0x64010, r0, 0x0) 01:47:30 executing program 3: r0 = syz_open_dev$vcsu(&(0x7f0000000000), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000ffa000/0x3000)=nil, 0x930, 0x0, 0x13, r0, 0x0) 01:47:30 executing program 2: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@typedef={0x1, 0x0, 0x0, 0xc}]}}, &(0x7f0000000340)=""/176, 0x26, 0xb0, 0x1}, 0x20) [ 455.606551][ T6665] 536866816-536870911: ffff888022f0e0e0 [ 455.645004][ T6665] 536870912-553627647: ffff888022f0e1c0 01:47:30 executing program 1: r0 = socket$igmp(0x2, 0x3, 0x2) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @private=0xa010100}, 0x10) 01:47:30 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f00000007c0)={'ip6gre0\x00', 0x0}) 01:47:30 executing program 4: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x11, 0x40, &(0x7f0000000200)=@filter={'filter\x00', 0xe, 0x4, 0x378, 0xffffffff, 0x250, 0x250, 0x0, 0xffffffff, 0xffffffff, 0x340, 0x340, 0x340, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28}}, {{@ipv6={@private0, @private1, [], [], 'hsr0\x00', 'syzkaller0\x00'}, 0x0, 0xa8, 0xe8}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "f4074efe36c370be29416839ad6d2a9ff6146b07278b03451a4510d5da25"}}, {{@ipv6={@remote, @mcast2, [], [], 'team0\x00', 'ipvlan1\x00'}, 0x0, 0xa8, 0xf0}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 455.661283][ T6665] 553627648-553635839: 0000000000000000 01:47:30 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x2) getsockopt$inet6_int(r0, 0x29, 0x40, 0x0, &(0x7f0000000040)) 01:47:30 executing program 5: setreuid(0x0, 0xee00) syz_open_procfs$namespace(0x0, &(0x7f0000003d40)='ns/cgroup\x00') 01:47:30 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x890b, 0x0) 01:47:30 executing program 1: r0 = syz_open_dev$loop(&(0x7f00000001c0), 0x0, 0x0) ioctl$LOOP_SET_FD(r0, 0x301, 0xffffffffffffffff) [ 455.736653][ T6665] 553635840-553627647: ffff8880272dc9a0 01:47:30 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x2404c081, &(0x7f0000000140)={0xa, 0x0, 0x0, @local}, 0x1c) 01:47:30 executing program 4: openat$procfs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sysvipc/shm\x00', 0x0, 0x0) [ 455.816452][ T6665] 553627648-553644031: ffff8880272dc8c0 [ 455.822419][ T6665] 553644032-553648127: ffff88807e16c7e0 01:47:30 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x33, &(0x7f0000000200)=@filter={'filter\x00', 0xe, 0x4, 0x378, 0xffffffff, 0x250, 0x250, 0x0, 0xffffffff, 0xffffffff, 0x340, 0x340, 0x340, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28}}, {{@ipv6={@private0, @private1, [], [], 'hsr0\x00', 'syzkaller0\x00'}, 0x0, 0xa8, 0xe8}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "f4074efe36c370be29416839ad6d2a9ff6146b07278b03451a4510d5da25"}}, {{@ipv6={@remote, @mcast2, [], [], 'team0\x00', 'ipvlan1\x00'}, 0x0, 0xa8, 0xf0}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 01:47:30 executing program 0: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}}, &(0x7f0000000700)=""/4096, 0x1a, 0x1000, 0x1}, 0x20) 01:47:30 executing program 1: r0 = socket(0x28, 0x5, 0x0) bind$alg(r0, 0x0, 0x7) 01:47:30 executing program 2: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@union={0x0, 0x1, 0x0, 0x5, 0x0, 0x0, [{0x3}]}]}}, &(0x7f0000000340)=""/156, 0x32, 0x9c, 0x1}, 0x20) 01:47:30 executing program 4: syz_emit_ethernet(0x4e, &(0x7f0000001140)={@empty, @broadcast, @val={@void}, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x29, 0x0, @multicast2, @local}, {0x0, 0x0, 0x0, @loopback, "8617f98400ed878332c762879259e225640120e480634770c18fa48f9b1ac522"}}}}}, 0x0) [ 455.869822][ T6665] 553648128-553652223: ffff888022f0e2a0 01:47:30 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_inet_tcp_SIOCATMARK(r0, 0x8905, &(0x7f0000000040)) 01:47:30 executing program 3: r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) write$FUSE_GETXATTR(r0, &(0x7f0000000080)={0x18}, 0x18) 01:47:30 executing program 5: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f0000000280)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func_proto={0x0, 0x0, 0x0, 0x11}]}}, &(0x7f0000000340)=""/156, 0x26, 0x9c, 0x1}, 0x20) 01:47:30 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000800)={'ip6gre0\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @mcast1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x700}}) 01:47:30 executing program 4: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f0000000280)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x14, 0x14, 0x2, [@func_proto={0x0, 0x1, 0x0, 0x7, 0x0, [{}]}]}}, &(0x7f0000000340)=""/156, 0x2e, 0x9c, 0x1}, 0x20) [ 455.938416][ T6665] 553652224-116813594623: 0000000000000000 [ 455.971687][ T6665] 116813594624-116817788927: ffff888022f0e380 01:47:30 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x2) getsockopt$inet6_int(r0, 0x29, 0x4c, 0x0, &(0x7f0000000040)) 01:47:30 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x6, 0x3, &(0x7f0000000000)={@empty}, 0x20) [ 456.016607][ T6665] 116817788928-93825002663935: 0000000000000000 [ 456.023259][ T6665] 93825002663936-93825002803199: ffff888022f0e460 01:47:30 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_int(r0, 0x6, 0x15, 0x0, &(0x7f0000000040)) 01:47:30 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x43, &(0x7f0000000000)={@empty}, 0x20) 01:47:30 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000440), r1) sendmsg$NET_DM_CMD_START(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)={0x14, r2, 0x1}, 0x14}}, 0x0) 01:47:30 executing program 5: ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(0xffffffffffffffff, 0x40082102, &(0x7f0000000000)) ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(0xffffffffffffffff, 0x40082102, &(0x7f0000000580)) syz_clone(0x40108000, 0x0, 0x0, &(0x7f0000000040), &(0x7f0000000440), &(0x7f0000000480)="9fcd333d4c4f7e30b61706081cb99773edf084fe80c68ecbe3ea374e233e580ae92061f67951624c91d3dfb29fe16501b26a54ab2a25a1a9f7b758d99a6aa743dbc43ffe7b31b1b140beac51436a2af523e08419852ac4281add174a62d40763f65f58fa12b1be9e22308e1aa7284212f7") 01:47:30 executing program 1: setsockopt$bt_hci_HCI_FILTER(0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0) 01:47:30 executing program 2: r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x202200, 0x0) ioctl$KVM_TRANSLATE(r0, 0xc018ae85, 0x0) syz_clone(0x40108000, &(0x7f0000000380)="ecb2f27e8b0a0d8123830e8eb5f979e92eea23e3844ae1b84a864d4d741bfe0a51413ff75c7e8d2e41effbbab3f1b442a7df9e786082b6b1b736dfe739df1c7233c99e0def698a4f57d40a2c18f807d0ea31c149cfacb8fc3b7502053a2c49153d681630dc537ce785137ed27a54763e40566b0830135b31bcaaf8a61988baff1da197468b3e842368d71ece0f", 0x8d, 0x0, &(0x7f0000000440), &(0x7f0000000480)) write$tun(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[@ANYBLOB="04fc3ae1d434a96de4330e5ccdfac037ca4ba576eada2e9a10086d6ff81b75ebb83d61cb5098db8dc75a9b8e0a5dc84df10afd2b017b6fae4f739f294173c53a8804d76daa9b515dbae278cb30af32457721"], 0x59) [ 456.109425][ T6665] 93825002803200-140548063096831: 0000000000000000 01:47:30 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001d40)=ANY=[@ANYBLOB="2400000018000100000000000000000002"], 0x24}}, 0x0) 01:47:31 executing program 3: syz_mount_image$vfat(&(0x7f0000001200), &(0x7f0000000000)='./bus\x00', 0x10, &(0x7f0000000080)={[{@shortname_win95}, {@uni_xlate}, {@fat=@quiet}, {@shortname_lower}]}, 0xfd, 0x1206, &(0x7f0000001240)="$eJzs3M+LG2UYB/An7Wp3t+4PtVZbEF/0opexuwdPXhZpQVxQareggjB1JzYkm4RMWEgRqyevnv0LRDx6E8R/YC9ePAteZC8eC4ojmynWLKu4FR1dPp/LPOR5v+SdhAQmzJP9Fz/e6bbLrJ2P41SrFXPDiHQnRYpTcTpqH8Rz17/97snX33jzlY3NzctXU7qycW3thZTS8lNfvfXe509/PT57/YvlL8/E3urb+z+uf793fu/C/i/XbnbK1ClTfzBOeboxGIzzG70ibXfKbpbSa70iL4vU6ZfFaKbf7g2Gw0nK+9tLi8NRUZYp709St5ik8SCNR5OUv5t3+inLsrS0GPwdW5/dqaoqoqoeiAejqqpqIRbjbDwUS7EcKz8dNB+JR+NcPBbn4/F4Ii4sNL1nAAAAAAAAAAAAAAAAAAAAOHn+dP4/VuPhw/P/01VN7xoAAAAAAAAAAAAAAAAAAABOFvP/AAAAAAAAAAAAAAAAAAAA0Dzz/wAAAAAAAAAAAAAAAAAAAPAfMF8frqY0H7Hz0e7W7lZ9rB/faEcnelHEpViJn2M6/V+r6ysvb16+lKZW4/md23fzt3e3Ts/m16Z/J3Bkfq3Op9n8mVj8fX49VuLc0fn1I/Pz8ewzB/kP63wWK/HNOzGIXmzHQfZe/v21lF56dfNQ/uJ0HQAAAJwEWfrN7PV7q1X3sz/oH//3gUPX13Nxca7ZcyeinNzq5r1eMVIo7q9o3f0Y/7PP9clxFv/wafMvy/+9aPqbiX/DvTe96Z0AAAAAAAAAAABwHOXk1kL8pfsBb9737YRNnyMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC/sgPHAgAAAADC/K3T6NgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4KgAA//9gJexE") r0 = openat(0xffffffffffffff9c, &(0x7f0000000540)='./file2\x00', 0x6a142, 0x0) sendfile(r0, r0, 0x0, 0x4) 01:47:31 executing program 4: ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(0xffffffffffffffff, 0x40082102, &(0x7f0000000000)) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000001140)='/sys/block/ram5', 0x202200, 0x0) ioctl$KVM_TRANSLATE(r0, 0xc018ae85, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r0, 0x40082102, &(0x7f0000000580)) syz_clone(0x40108000, &(0x7f0000000380)="ecb2f27e8b0a0d8123830e8eb5f979e92eea23e3844ae1b84a864d4d741bfe0a51413ff75c7e8d2e41effbbab3f1b442a7df9e786082b6b1b736dfe739df1c7233c99e0def698a4f57d40a2c18f807d0ea31c149cfacb8fc3b7502053a2c49153d681630dc537ce785137ed27a54763e40566b0830135b31bcaaf8a61988baff1da197468b3e842368d71ece0f", 0x8d, &(0x7f0000000040), &(0x7f0000000440), &(0x7f0000000480)="9fcd333d4c4f7e30b61706081cb99773edf084fe80c68ecbe3ea374e233e580ae92061f67951624c91d3dfb29fe16501b26a54ab2a25a1a9f7b758d99a6aa743dbc43ffe7b31b1b140beac51436a2af523e08419852ac4281add174a62d40763f65f58fa12b1be9e22308e1aa7284212f71b7998b65950e79fac5f4a1419809b1f2faaa6ee3d760602b4e03f5955026c470888741151d8784e5fc9e59b3a19ce8507f284b0a69e6ee490a8964ea23f5a4d0a9e9f6e4c0a40061ffb5f151be812c515ad281377d6") write$tun(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[@ANYBLOB="04fc3ae1d434a96de4330e5ccdfac037ca4ba576eada2e9a10086d6ff81b75ebb83d61cb5098db8dc75a9b8e0a5dc84df10afd2b017b6fae4f739f294173c53a8804d76daa9b515dbae278cb30af324577219a43"], 0x59) 01:47:31 executing program 1: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/net\x00') r2 = fcntl$dupfd(r0, 0x0, r1) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x11}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000000)={'ip6gre0\x00', &(0x7f0000000100)={'syztnl0\x00', 0x0, 0x2f, 0x20, 0x81, 0x80, 0x12, @empty, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x20, 0xb079, 0x1}}) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000240)={0x0, @private, @dev}, &(0x7f0000000280)=0xc) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000002100)={'syztnl2\x00', &(0x7f0000002000)={'sit0\x00', r4, 0x10, 0x7800, 0x80000000, 0x9, {{0x2c, 0x4, 0x0, 0x1, 0xb0, 0x67, 0x0, 0x7, 0x2f, 0x0, @dev={0xac, 0x14, 0x14, 0x43}, @multicast1, {[@timestamp={0x44, 0x8, 0xab, 0x0, 0x3, [0x401]}, @timestamp_addr={0x44, 0x1c, 0x5d, 0x1, 0x7, [{@remote}, {@local, 0xfffffff9}, {@local, 0x7}]}, @ssrr={0x89, 0x23, 0x13, [@local, @multicast2, @initdev={0xac, 0x1e, 0x1, 0x0}, @local, @empty, @remote, @multicast1, @rand_addr=0x64010100]}, @end, @rr={0x7, 0x13, 0x86, [@private=0xa010100, @dev={0xac, 0x14, 0x14, 0x42}, @initdev={0xac, 0x1e, 0x1, 0x0}, @empty]}, @generic={0xc, 0xe, "9c49f7bd2331c6a109e599f5"}, @generic={0x7, 0x5, "27ec02"}, @rr={0x7, 0xf, 0x81, [@dev={0xac, 0x14, 0x14, 0x35}, @rand_addr=0x64010102, @broadcast]}, @ssrr={0x89, 0x1f, 0x23, [@rand_addr=0x64010101, @broadcast, @empty, @multicast2, @multicast1, @remote, @private=0xa010102]}]}}}}}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000240)={'syztnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', r3, 0x29, 0x10, 0x3, 0x8e, 0xd, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x7, 0x40}}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001f80)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000001f40)={&(0x7f0000000400)=@newchain={0x1b04, 0x64, 0x200, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x0, 0x9}, {0xd, 0x3}, {0xf, 0x3}}, [@TCA_RATE={0x6, 0x5, {0x40, 0xc7}}, @filter_kind_options=@f_cgroup={{0xb}, {0x1acc, 0x2, [@TCA_CGROUP_EMATCHES={0x4c, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x3, 0x0, 0x0, {{0x4, 0x8, 0xfff}, {0x4, 0x3, 0x2}}}]}, @TCA_EMATCH_TREE_LIST={0x34, 0x2, 0x0, 0x1, [@TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{0x11f, 0x3, 0xbd5a}, {0xe2, 0x1, 0x6, 0x8}}}, @TCF_EM_NBYTE={0x14, 0x3, 0x0, 0x0, {{0x5, 0x2, 0x7}, {0x8, 0x2, 0x1, "1109"}}}]}]}, @TCA_CGROUP_ACT={0x414, 0x1, [@m_sample={0x114, 0xc, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x6}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x2}]}, {0xd8, 0x6, "fa5cae7fde4ee747d195f2af1761a0f062fa7aa47c8b099c00726fcaccfb82d4535ce85cbaa59f7388fb37280d7fe20d7693f19b6d024ede8a2c198541b9c0ed2051c890a7fc88fcf25a3b9fb7036145eca64358668c0288ec57ba6cf9706f5bb2820a26b0e22830717219aaa3d4880ae3a54ce92d6d0edc354b9b8d0cdec2d5787a705f36b754bf617614925303cf5455308544e7cc922fb8772cfe1dc5b19a22383173d11153275fe44c9add168c66a4a8f43da0247880edee93a23834ee6f3697c57792dc2ccde0a37a3ef92dd232da5e6718"}, {0xc}, {0xc, 0x8, {0x3, 0x2}}}}, @m_ipt={0x12c, 0x17, 0x0, 0x0, {{0x8}, {0x84, 0x2, 0x0, 0x1, [@TCA_IPT_INDEX={0x8, 0x3, 0x942}, @TCA_IPT_TARG={0x66, 0x6, {0x101, 'filter\x00', 0x20, 0x1000, "91d2d14f9cecc52d824d7ca88897459820eba95badc4dbd441f572dcf0427dc47de2bc5be32a256c945df10786721c47aca7f3c2369864494eb6d724"}}, @TCA_IPT_INDEX={0x8, 0x3, 0x200}, @TCA_IPT_HOOK={0x8}]}, {0x83, 0x6, "8ce059aa545a3552d091bc11acb93061abe22daf024046be041849201bbe6ffe1083161850054a2b8598246bd7e5efb57d1d9d243e2b4f538509b4334b01de437bc796f15c8e03873aab58e007a0497f42dc735b9083736c6ab4e965ff398ec84733a42f41e0e01ba3027d1372f7c7a289f0d1bfe0eabf5d73c995b7568075"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_csum={0x70, 0x9, 0x0, 0x0, {{0x9}, {0x3c, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x7fff, 0x5, 0x1, 0x7f, 0x6}, 0x79}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x3, 0x2e892d1c, 0x1, 0x4, 0x5}, 0x52}}]}, {0xc, 0x6, "2d57f86517781551"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_nat={0xdc, 0xb, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0xffffffff, 0x693, 0x1, 0x2, 0x1}, @broadcast, @local, 0xffffff00, 0x1}}]}, {0x8a, 0x6, "4d157d7fcbde6a803a5259ebe7db131f1d53f8f03e5cc5f8331035364c284665e005268019b5eeee849285e196a43d66c9aaa7d472ee85018bec1b3584ea2cec59574e5969634f89ba4d7e761c706103f31aeeda50d45fc56ad58556203a1d125e63d1b846b67522f53dfc96bf3b535095259fccc9bffc55d2f36848f96c553516a6b02a2652"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1}}}}, @m_sample={0x84, 0x18, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_SAMPLE_RATE={0x8, 0x3, 0x3}, @TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x4}]}, {0x47, 0x6, "1a79e57062a4e985f826bc2821235976ef354badbb759bb3533c1faaa702f9f20abfd6688adc445b3f44c992d215e1ccb80f97c1f604644782f3be30103fc793fb3769"}, {0xc}, {0xc, 0x8, {0x0, 0x5}}}}]}, @TCA_CGROUP_ACT={0x12e0, 0x1, [@m_ipt={0x158, 0x10, 0x0, 0x0, {{0x8}, {0x114, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0x10d, 0x6, {0x800, 'filter\x00', 0xff, 0x2, "360df404a0a64bf029589d4e900a26065aa91775560cb49b6f5f54f3a9d10ab341b6ee335d0a62cf5e3746a13403832180d678d868390a62f5293912ca01e5c56968e456f4230058af3629306748d72ab7c375d7f0b82633d7e9d2526f2959a61328167d8554774f062cfab1f0d722ed548d79a254d95dc1faf7a2249e5b9fa9e4d5b81741c05270051674466b76be5b6a77a20d1972075cc8dc3ebe7aa0ca8622941263eebbd530cc8fded11e399d786e823a7769fefba71c2ba514ad3cd63a03eeca67f52fefe6202bac2219d299eda955962291c749b30f83c1fb8cf8b7aac9dd27"}}]}, {0x1f, 0x6, "afedfd9af8a4b80d42a5c72874a1dd766219480a22a26fa05ef931"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_pedit={0xefc, 0x15, 0x0, 0x0, {{0xa}, {0xea0, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe50, 0x2, {{{0x3ff, 0x5, 0x20000000, 0x1, 0xfffffffb}, 0xf0, 0x24, [{0x0, 0x80000001, 0x5, 0x0, 0x5, 0x10001}, {0x3, 0x3, 0x96, 0x0, 0xfffff4d3}]}, [{0xd73, 0x2, 0x8, 0x91, 0x8, 0x101}, {0x2, 0x1000, 0x28ac, 0x80, 0x7fffffff, 0x40}, {0x9, 0x0, 0x3, 0xffff, 0x2, 0x10001}, {0x1, 0x10000, 0x4, 0xff, 0x1, 0x7ff}, {0x1, 0x7fff, 0x2, 0x20, 0x2, 0x80000001}, {0x6, 0x8, 0x101, 0x4, 0xaeb, 0x6}, {0xc5, 0x7f, 0x400, 0x6, 0x1, 0x100}, {0x2, 0x800, 0x1000000, 0x7, 0x3ff, 0x2}, {0x2, 0xfb2, 0x400, 0x4, 0x7, 0x6}, {0x7f, 0x1, 0x5472, 0x40, 0x2, 0x2}, {0x0, 0x10001, 0xc96, 0x3a5f7058, 0x7fff, 0x80000}, {0x5, 0xcd7f, 0x7, 0xe1, 0x513eb84, 0x5e717d0d}, {0x8, 0x0, 0xde8, 0x0, 0xff28, 0x4}, {0x7, 0xd4, 0x660, 0x5, 0x1, 0x661}, {0x5, 0x101, 0xb8d, 0x0, 0x7, 0x8}, {0x1e, 0x200, 0x1, 0x9, 0x101, 0xcfc8}, {0x101, 0xff, 0x9, 0x1, 0x2, 0x8001}, {0x40, 0xddc25b10, 0x8000, 0x9c85, 0x7fffffff, 0x5}, {0x9, 0x0, 0x4, 0xffff, 0x3, 0x9}, {0x7ff, 0xaec, 0x1f, 0x4, 0x7, 0x8}, {0x3, 0x9, 0xdb08592, 0x8, 0xd1, 0x101}, {0x14d6, 0xd8, 0xfff, 0x5, 0x212, 0x7}, {0xfffffffe, 0x9, 0xe, 0xff, 0x8000, 0x4}, {0xff, 0x9, 0xffffffff, 0x800, 0x2, 0x8}, {0x1000, 0xe834, 0x72e2, 0x9, 0x7a1969b0, 0x40}, {0x1, 0xc6a6, 0x7fffffff, 0x5724a1c9, 0x3f, 0x1}, {0x80000000, 0x3, 0x2, 0x1, 0xe, 0x1f}, {0x2, 0xff, 0x2, 0x7, 0x7, 0x81}, {0x0, 0xbbf, 0x0, 0x1, 0x53d}, {0x6, 0x1, 0x3, 0x200, 0x1, 0x680}, {0x7, 0x0, 0x2, 0xcc6, 0x5f, 0xfffffff7}, {0xb50, 0x2, 0xd03, 0x8, 0x2, 0x4}, {0xf1, 0x615, 0xff, 0x40, 0x8, 0x5}, {0x80, 0x20, 0xffff, 0x5, 0x7}, {0xffff, 0x1, 0xb0c, 0x3, 0x7fff, 0xfffffffc}, {0xfffffc01, 0x80, 0x4, 0x0, 0x0, 0x6}, {0x2, 0x10000, 0x82, 0x0, 0x7, 0x5}, {0x0, 0x7ff, 0x80000001, 0x400, 0x1, 0x1}, {0x4, 0x4, 0xd0, 0x6, 0x8, 0x1000}, {0x5, 0x7, 0x47, 0x0, 0x7, 0x482}, {0x9, 0x1, 0x6, 0x9, 0x9, 0x7}, {0x401, 0x4, 0x10000, 0x675b, 0x6, 0x1}, {0x101, 0x1, 0x800, 0x100, 0x200, 0xffffffc0}, {0x100, 0x101, 0x20, 0xb72e, 0x26, 0x442c}, {0xcb, 0x4, 0xfffffff8, 0x6, 0x9, 0x2}, {0x7fffffff, 0x2, 0x0, 0x4, 0x6, 0x3ff}, {0x2, 0x1000, 0x6, 0x5, 0x8, 0x3}, {0x1, 0x80620000, 0x9, 0x80000001, 0x9, 0x200}, {0x0, 0x9, 0xfff, 0x80000000, 0x10000, 0x5}, {0x100, 0x251, 0x3ff, 0x8000, 0x81, 0x1}, {0x80, 0x9, 0x5, 0x4, 0x8001, 0x7fff}, {0xc4, 0xfffffffd, 0x7, 0x9, 0xc2c5, 0x1}, {0x5, 0x6fc, 0x8, 0x20, 0xe0f, 0x3}, {0x40, 0x6b, 0x9, 0x5d4, 0x7, 0x8000}, {0x1f, 0x1000, 0xb9, 0x1, 0x1, 0x9}, {0x7fffffff, 0x4, 0x9, 0x7, 0x6, 0x4}, {0xfffffffc, 0x7, 0x0, 0x3ff, 0x5, 0x81}, {0x6, 0x8, 0x7496, 0x10000, 0xffffffc0, 0x7fff}, {0x81, 0xd2a0, 0x800, 0x3f, 0x40, 0x2}, {0x40, 0x80000000, 0xea64, 0x76, 0x9, 0x3}, {0x10000, 0x15bb, 0x9, 0xfffffffc, 0x6, 0x5}, {0x1, 0xffffffc0, 0x28, 0x2, 0x2, 0x6}, {0x1000, 0x7fff, 0x0, 0x3, 0x3, 0x9}, {0x10000, 0x20, 0x8, 0xd6, 0x7fffffff, 0x412}, {0x7, 0x0, 0xfff, 0x3, 0x9, 0xee}, {0x10001, 0x3f, 0x0, 0x2, 0x5a, 0x401}, {0x101, 0x1, 0x4634, 0x8000, 0x401, 0x6}, {0x800, 0x1, 0x6, 0x80000001, 0x2, 0x501}, {0x4, 0x5, 0x3ff, 0x1, 0x3b96cc68}, {0x3, 0x1, 0x7d, 0xa3, 0x7, 0x8}, {0x0, 0x10001, 0x7, 0x6, 0x7ff, 0xffffff37}, {0x815, 0x0, 0x313b5531, 0x200, 0x1000, 0xffffffff}, {0x3ff, 0xa9b, 0x7, 0x80000000, 0xe0, 0x27}, {0x101, 0x800, 0x800, 0x1000, 0x79cc, 0x30}, {0x20, 0x0, 0x7, 0xfffffffa, 0x6, 0xcfef}, {0x1f, 0x5, 0x3, 0x1, 0xca62, 0x9}, {0x3, 0x1, 0x400, 0x9, 0xb2, 0x100}, {0x80000000, 0x3, 0x7, 0x2, 0x8, 0x2}, {0x3, 0xfffffffe, 0x5, 0xffffffff, 0x1, 0x9}, {0x4, 0x8, 0x4, 0x1, 0x3, 0xf9ee2af}, {0x8000, 0x9, 0x5, 0x5, 0x4, 0x2}, {0x5, 0x9, 0x9, 0x1, 0xffffff27, 0x40000000}, {0x4, 0x7, 0xb4000000, 0xeec, 0x7, 0x7}, {0x3, 0x3, 0x87, 0x401, 0x1, 0x80}, {0x5, 0x7, 0x10, 0x8, 0x3ff, 0x50}, {0xffff, 0x81, 0x20, 0x1, 0x80000000, 0x401}, {0x1, 0x400, 0xe4de, 0x7ff, 0x30000, 0x9}, {0x7fffffff, 0x400, 0x1, 0x6ee, 0x10000, 0x8}, {0x2, 0x4, 0x27bc, 0x0, 0x0, 0x5}, {0x5, 0x3f, 0x24d7, 0x2, 0x1000, 0xf46}, {0x1, 0xe5, 0x80000001, 0x2, 0xffffff0a, 0x5}, {0x1ff, 0x2, 0x1f, 0x7, 0x1, 0xf0f5}, {0x0, 0x1ff, 0xce, 0x20, 0x8, 0xc000000}, {0x81, 0x0, 0x4, 0xda0, 0x7, 0x20000}, {0x2, 0xb42, 0x2, 0x3f, 0xffffffff, 0x40}, {0x1ff, 0x1, 0x401, 0xa895, 0x20, 0x60f}, {0x2, 0xdf, 0x3, 0x6, 0x1, 0x8}, {0x8, 0xff, 0x3, 0x1, 0x7ff, 0x40}, {0xd, 0x1, 0x20, 0x401, 0x4, 0x9}, {0x1f, 0x0, 0x7, 0x9, 0x5f2, 0x191}, {0x6, 0x5, 0x8, 0x4, 0x8, 0xffff3b41}, {0x6, 0x2, 0x101, 0x7, 0x1, 0x7}, {0x49, 0x9, 0x0, 0x5f1c, 0x80000001, 0x1}, {0xeae51292, 0xd3, 0x71e, 0x0, 0x55ba4723, 0x80000000}, {0x6, 0x64, 0x9, 0x19, 0x3, 0x3}, {0x6, 0x7ff, 0x2, 0x5, 0x450d}, {0x7fff, 0x7f, 0x400, 0x51f8, 0x20, 0x98}, {0x81, 0x81, 0x7, 0x7, 0x5, 0xf3d}, {0x1f, 0x1, 0x3, 0x8, 0xdbd, 0x1}, {0x5, 0x7fffffff, 0x4f35, 0x5, 0x5}, {0x3f, 0x7ce, 0x8, 0xcaa, 0x80000001, 0x1000}, {0x400, 0x5, 0x6, 0x7c0, 0x3ff, 0x2}, {0x80000000, 0x3, 0x6a8, 0x0, 0x1f, 0x10000}, {0x4, 0x20, 0x6, 0x1f, 0x7, 0x2}, {0x4, 0x3, 0xffffffb1, 0x5, 0x100, 0x3}, {0x6, 0x2, 0x9, 0x6, 0x1, 0x635}, {0xfffffff8, 0x9, 0x3, 0xd56, 0xa8, 0x8000}, {0x80000001, 0x34323ecc, 0x1, 0x4, 0x15, 0x7}, {0x1000, 0xfffffffb, 0x0, 0x6, 0x100, 0x1}, {0x80000001, 0x80, 0x60d, 0x80, 0xa6, 0x3}, {0x2, 0x3ff, 0x606, 0xfffffeff, 0x1, 0x4}, {0x101, 0x81, 0x7, 0x200, 0x481b}, {0x1, 0xfffffffc, 0x800, 0x0, 0x10df, 0x5}, {0x8, 0x6, 0x6, 0x80000001, 0x401, 0x1d}, {0x7fffffff, 0x1000, 0x0, 0x8b0f, 0x6, 0x800}, {0x3, 0xfffff000, 0x2, 0x5, 0x10000, 0xf3}, {0xcb82, 0xc315, 0x6, 0x6, 0x5, 0x7fffffff}, {0x354f, 0x4, 0x7, 0x663d, 0xd31}], [{0x4}, {0x3}, {0x4}, {}, {0x2, 0x1}, {0x5, 0x1}, {}, {0x2}, {0x3}, {0x3}, {0xd}, {0x1}, {0x0, 0x1}, {0x2}, {0x3, 0x1}, {0x4, 0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x4}, {0x1}, {0x4, 0x1}, {0x5}, {0x0, 0x1}, {0x0, 0x1}, {0x1}, {}, {0x3, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {}, {0x3, 0x1}, {0x0, 0x1}, {0x4}, {0x5}, {0x2, 0x1}, {0x5}, {0x6}, {0x4, 0x1}, {0x1, 0x1}, {0x4}, {0x0, 0x1}, {0x1}, {0x5, 0x1}, {0x4}, {0x4, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x4}, {0x1, 0x1}, {}, {0x0, 0x1}, {0x5}, {0x2}, {0x5}, {0x2, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x4}, {0x4}, {0x3, 0x2bc8966203855f88}, {0x5}, {0x3, 0x1}, {}, {0x1}, {0x0, 0x1}, {0x4}, {0x1}, {0x1}, {0x5}, {0x3}, {0x0, 0x1}, {0x4}, {0x5}, {0x4}, {}, {0x4}, {0x0, 0x1}, {}, {0x3, 0x1}, {0x5, 0x1}, {0x1, 0x1}, {0x4}, {0x3}, {0x0, 0x1}, {0x2, 0x1}, {0x1, 0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x5}, {0x5, 0x1}, {0x2}, {0x4}, {0x1, 0x1}, {0x3, 0x1}, {}, {}, {0x5}, {0x5}, {0x2}, {0x7}, {0x0, 0x1}, {0x3, 0x1}, {0x5}, {0x2}, {0x5}, {0x1}, {0x3, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {0x2}, {}, {0x3}, {0x3, 0x1}, {0x1, 0x1}, {0x3, 0x1}, {0x1}, {0x5}, {0x1}, {0x1, 0x1}, {}, {0x0, 0x1}, {0x3}]}}, @TCA_PEDIT_KEYS_EX={0x4c, 0x5, 0x0, 0x1, [{0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}]}, {0x34, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x4}]}]}]}, {0x33, 0x6, "57d21079a8d2935764ec000d69b69144d534c379114c3e7769d6b958becc99c4b5fe8082378f841318b9c4f78134db"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x3}}}}, @m_gact={0xb8, 0x1b, 0x0, 0x0, {{0x9}, {0x40, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x54, 0x1000, 0x2, 0x7fff}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x1e6c, 0xffffffffcffffffd}}, @TCA_GACT_PARMS={0x18, 0x2, {0xffff0001, 0x4, 0x6, 0x8, 0x2}}]}, {0x50, 0x6, "664895a43cd59acf164a22e3061b8599476e1b7d6f84b72f601d25a760e56d86c85330c394183510935175fa7618da158f45d0ce576bbf5f4d643c8fe204ac635f0c6c2c02b7b1b0785d7051"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_ife={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x2, 0x9a10, 0x10000000, 0x3f4e, 0x7}, 0x1}}, @TCA_IFE_DMAC={0xa, 0x3, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x16}}]}, {0x4}, {0xc, 0x7, {0x1, 0x4936e90f20761ee1}}, {0xc}}}, @m_skbedit={0x17c, 0x1b, 0x0, 0x0, {{0xc}, {0x5c, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x5}, @TCA_SKBEDIT_PTYPE={0x6, 0x7, 0x7}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x401, 0x6, 0x1, 0x0, 0x200}}, @TCA_SKBEDIT_MARK={0x8}, @TCA_SKBEDIT_MARK={0x8, 0x5, 0x400}, @TCA_SKBEDIT_QUEUE_MAPPING={0x6}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x2, 0xffff, 0x5, 0x6, 0x5}}]}, {0xf8, 0x6, "6693c4e34853efd571c166717b25fe4ec0ce765c9dbe54cc87b51b75dff67c8013845b8b2ed61d4abd8ee15e30568094e0b8f6a8274f2f25e6117d0e91f1e5401be4ffb50cb5f1825a200ed90eb7f67bc9a98de18e4c5ce2da84a9fda2ef11378cfb6500fc32ce9065d4bc7a064c606853ec3348c8dfc2a73fd54eb9a3e3ca553eb11e099f44972d9e4c91c49d7064ec81efafef501cfe489f0e005eb3a1a90d4e58efb5a8ef92ea86eec8821a8bc6fd5bae501220ed4d61cd5a7baec0d935c0646489bec7e580c2c266599beee2d66f7e319dd3a73fd26cb24866a47372ef8edbc72d890e7788efd34d0f10e3c64c2d06dd9ab5"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}, @TCA_CGROUP_POLICE={0xc, 0x2, [@TCA_POLICE_RESULT={0x8, 0x5, 0xea69}]}, @TCA_CGROUP_EMATCHES={0x110, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x4}, @TCA_EMATCH_TREE_LIST={0x54, 0x2, 0x0, 0x1, [@TCF_EM_U32={0x1c, 0x3, 0x0, 0x0, {{0x2a1, 0x3, 0xa8}, {0x1, 0x8000, 0x1, 0x5}}}, @TCF_EM_CMP={0x18, 0x2, 0x0, 0x0, {{0x7, 0x1, 0x7fff}, {0x0, 0x4b, 0x7fff, 0x4, 0x7, 0x2, 0x1}}}, @TCF_EM_NBYTE={0x1c, 0x3, 0x0, 0x0, {{0x8, 0x2, 0x200}, {0x3f, 0xa, 0x2, "5489419a5688d74fd1d2"}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0xac, 0x2, 0x0, 0x1, [@TCF_EM_META={0x18, 0x3, 0x0, 0x0, {{0x6, 0x4, 0x1}, [@TCA_EM_META_LVALUE={0x9, 0x2, [@TCF_META_TYPE_VAR="8feba9620c"]}]}}, @TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{}, {{0x0, 0x1, 0x1, 0x1}, {0x3, 0x1, 0x1}}}}, @TCF_EM_IPSET={0x10, 0x1, 0x0, 0x0, {{0x7, 0x8, 0x4}, {0x3, 0x1, 0x2}}}, @TCF_EM_META={0x44, 0x1, 0x0, 0x0, {{0x9, 0x4, 0x4}, [@TCA_EM_META_RVALUE={0x23, 0x3, [@TCF_META_TYPE_INT=0x4, @TCF_META_TYPE_VAR="63e9c81e948ab1a3fe26", @TCF_META_TYPE_INT=0xa, @TCF_META_TYPE_VAR="ce", @TCF_META_TYPE_VAR="61d25b", @TCF_META_TYPE_INT=0x9, @TCF_META_TYPE_VAR="ea", @TCF_META_TYPE_INT=0x4, @TCF_META_TYPE_VAR]}, @TCA_EM_META_LVALUE={0xc, 0x2, [@TCF_META_TYPE_INT=0x4, @TCF_META_TYPE_INT=0x5]}, @TCA_EM_META_RVALUE={0x8, 0x3, [@TCF_META_TYPE_INT=0x9]}]}}, @TCF_EM_CMP={0x18, 0x2, 0x0, 0x0, {{0x9, 0x1, 0x1}, {0x4, 0x2, 0x1ff, 0x0, 0x5, 0x3}}}, @TCF_EM_IPSET={0x10, 0x3, 0x0, 0x0, {{0x3, 0x8, 0xfe8}, {0x2, 0x6, 0x3}}}]}]}, @TCA_CGROUP_EMATCHES={0xc, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x2}}]}, @TCA_CGROUP_EMATCHES={0x260, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x1c, 0x2, 0x0, 0x1, [@TCF_EM_CMP={0x18, 0x1, 0x0, 0x0, {{0x6, 0x1, 0x2}, {0x10001, 0x200, 0x3f, 0x7, 0x3, 0x2, 0x2}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x8}}, @TCA_EMATCH_TREE_LIST={0x238, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x38, 0x2, 0x0, 0x0, {{0x8001, 0x9, 0x7}, [@TCA_EM_IPT_MATCH_NAME={0xb}, @TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0x3f}, @TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0x3f}, @TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0x3}, @TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x2}]}}, @TCF_EM_IPT={0x4c, 0x1, 0x0, 0x0, {{0x0, 0x9, 0xfff}, [@TCA_EM_IPT_HOOK={0x8, 0x1, 0x4}, @TCA_EM_IPT_HOOK={0x8, 0x1, 0x2}, @TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0x5c}, @TCA_EM_IPT_HOOK={0x8, 0x1, 0x4}, @TCA_EM_IPT_NFPROTO={0x5, 0x4, 0xa}, @TCA_EM_IPT_MATCH_NAME={0xb}, @TCA_EM_IPT_MATCH_NAME={0xb}]}}, @TCF_EM_CMP={0x18, 0x2, 0x0, 0x0, {{0x92, 0x1, 0x6}, {0x20000, 0x10000, 0x100, 0x3, 0x1, 0x0, 0x2}}}, @TCF_EM_IPT={0x40, 0x2, 0x0, 0x0, {{0x1, 0x9, 0x1}, [@TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x3}, @TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x2}, @TCA_EM_IPT_NFPROTO={0x5}, @TCA_EM_IPT_MATCH_NAME={0xb}, @TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0x8}, @TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x3}]}}, @TCF_EM_META={0xa8, 0x1, 0x0, 0x0, {{0x5c, 0x4, 0x527}, [@TCA_EM_META_HDR={0xc, 0x1, {{0x6, 0x9, 0x1}, {0x4, 0x0, 0x2}}}, @TCA_EM_META_RVALUE={0x2c, 0x3, [@TCF_META_TYPE_INT=0x5, @TCF_META_TYPE_INT=0x4, @TCF_META_TYPE_INT=0x3, @TCF_META_TYPE_VAR="82e1d68a3d97", @TCF_META_TYPE_INT=0x4, @TCF_META_TYPE_INT=0x6, @TCF_META_TYPE_VAR="6bbeaa2e", @TCF_META_TYPE_VAR="797559ad295a9339f0eb"]}, @TCA_EM_META_LVALUE={0x3a, 0x2, [@TCF_META_TYPE_VAR="8a58f523", @TCF_META_TYPE_INT=0x2, @TCF_META_TYPE_VAR="6ac8b75bf2a9ca4c0b42", @TCF_META_TYPE_VAR="df7d9134cd5ebf", @TCF_META_TYPE_VAR="e043f0e9df342345d5", @TCF_META_TYPE_VAR="511edd", @TCF_META_TYPE_VAR="c48114f5", @TCF_META_TYPE_VAR="7842faa7c873ff8769", @TCF_META_TYPE_INT=0xa]}, @TCA_EM_META_HDR={0xc, 0x1, {{0x3f, 0x3f, 0x1}, {0x2, 0x3}}}, @TCA_EM_META_RVALUE={0x1c, 0x3, [@TCF_META_TYPE_INT=0x9, @TCF_META_TYPE_VAR="8d9a9d", @TCF_META_TYPE_INT=0x5, @TCF_META_TYPE_INT=0x4, @TCF_META_TYPE_VAR="1300cb63", @TCF_META_TYPE_VAR='\n', @TCF_META_TYPE_INT=0x8]}]}}, @TCF_EM_META={0xb0, 0x3, 0x0, 0x0, {{0x4, 0x4, 0x4}, [@TCA_EM_META_LVALUE={0x1b, 0x2, [@TCF_META_TYPE_INT=0x3, @TCF_META_TYPE_INT=0x3, @TCF_META_TYPE_VAR="918918f4ec60eb887c", @TCF_META_TYPE_VAR="bbc6", @TCF_META_TYPE_INT=0xa]}, @TCA_EM_META_HDR={0xc, 0x1, {{0x1, 0x7, 0x7}, {0x2, 0x81, 0x2}}}, @TCA_EM_META_HDR={0xc, 0x1, {{0x1, 0x3, 0x1}, {0xfffa}}}, @TCA_EM_META_LVALUE={0x2d, 0x2, [@TCF_META_TYPE_INT=0x5, @TCF_META_TYPE_INT=0xa, @TCF_META_TYPE_INT=0x3, @TCF_META_TYPE_INT=0x8, @TCF_META_TYPE_VAR="168394e24931565f9861", @TCF_META_TYPE_INT=0x1, @TCF_META_TYPE_VAR="1b", @TCF_META_TYPE_VAR="84", @TCF_META_TYPE_VAR="dab6361965", @TCF_META_TYPE_INT=0x6]}, @TCA_EM_META_RVALUE={0x31, 0x3, [@TCF_META_TYPE_VAR="ecb3ba15dacd14a3", @TCF_META_TYPE_VAR="84913a9dd9", @TCF_META_TYPE_VAR, @TCF_META_TYPE_INT=0x5, @TCF_META_TYPE_INT=0x9, @TCF_META_TYPE_INT=0x1, @TCF_META_TYPE_VAR="115581255316b8547b", @TCF_META_TYPE_VAR="3f01649b420608", @TCF_META_TYPE_VAR="33d94a", @TCF_META_TYPE_VAR='?']}, @TCA_EM_META_HDR={0xc, 0x1, {{0x1, 0xff}, {0x1, 0x0, 0x1}}}]}}]}]}]}}]}, 0x1b04}, 0x1, 0x0, 0x0, 0x80}, 0x4000000) [ 456.225491][ T6665] 140548063096832-140548063100927: ffff888022f0e540 [ 456.244008][ T8035] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. 01:47:31 executing program 0: r0 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc) add_key$keyring(&(0x7f0000000000), 0x0, 0x0, 0x0, r0) [ 456.295684][ T6665] 140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d 01:47:31 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) r0 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r0, 0x7, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x8}) r1 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000140)=ANY=[], 0x1c) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) [ 456.579052][ T8036] loop3: detected capacity change from 0 to 8192 [ 456.586472][ T6665] 140548063100928-140548071489535: ffff888022f0e620 [ 456.638784][ T8036] syz-executor.3: attempt to access beyond end of device [ 456.638784][ T8036] loop3: rw=0, sector=64405, nr_sectors = 1 limit=8192 01:47:31 executing program 2: r0 = socket$netlink(0x10, 0x3, 0xf) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c00000018ff01"], 0x1c}}, 0x0) [ 456.700932][ T6665] 140548071489536-140548073586687: ffff888022f0e700 [ 456.767971][ T8036] Buffer I/O error on dev loop3, logical block 64405, async page read [ 456.805206][ T6665] 140548073586688-140548075683839: ffff888022f0e7e0 01:47:31 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) r0 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r0, 0x7, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x8}) r1 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000140)=ANY=[], 0x1c) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) 01:47:31 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) r0 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r0, 0x7, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x8}) r1 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000140)=ANY=[], 0x1c) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) [ 456.851014][ T8036] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f) [ 456.861064][ T6665] 140548075683840-140548077780991: ffff888022f0e8c0 [ 456.893875][ T6665] 140548077780992-140548079878143: ffff888022f0e9a0 [ 456.916985][ T8036] FAT-fs (loop3): Filesystem has been set read-only [ 456.923781][ T8036] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f) [ 457.027274][ T6665] 140548079878144-140548084072447: ffff888022f0ea80 [ 457.034284][ T6665] 140548084072448-140548084219903: ffff888022f0eb60 [ 457.067988][ T8036] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f) [ 457.086455][ T8036] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f) [ 457.094314][ T8036] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f) [ 457.219328][ T8036] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f) [ 457.253722][ T6665] 140548084219904-140548084948991: ffff888022f0ec40 [ 457.261322][ T8036] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f) [ 457.298478][ T8036] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f) [ 457.346904][ T6665] 140548084948992-140548085284863: ffff888022f0ed20 [ 457.353900][ T6665] 140548085284864-140548085288959: 0000000000000000 [ 457.376646][ T8036] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f) [ 457.387303][ T8036] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f) [ 457.406428][ T8036] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f) [ 457.429936][ T6665] 140548085288960-140548085653503: ffff888022f0ee00 [ 457.433443][ T8036] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f) [ 457.463837][ T6665] 140548085653504-140548085690367: ffff888022f0eee0 [ 457.471238][ T27] audit: type=1800 audit(1673401652.268:68): pid=8036 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.3" name="file2" dev="loop3" ino=1048605 res=0 errno=0 [ 457.524855][ T6665] 140548085690368-140548085710847: 0000000000000000 [ 457.534611][ T6665] 140548085710848-140548097556479: ffff88806b3de000 [ 457.565450][ T6665] 140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 457.673130][ T6665] 140548097556480-140548097601535: 0000000000000000 [ 457.683329][ T6665] 140548097601536-140548097605631: ffff88806b3de460 [ 457.709240][ T6665] 140548097605632-140548097736703: ffff88806b3de380 [ 457.728963][ T6665] 140548097736704-140735437164543: 0000000000000000 [ 457.735960][ T6665] 140735437164544-140735437299711: ffff88806b3de0e0 [ 457.755755][ T6665] 140735437299712-140735437316095: 0000000000000000 [ 457.765571][ T6665] 140735437316096-140735437332479: ffff88806b3de1c0 [ 457.816170][ T6665] 140735437332480-140735437340671: ffff88806b3de2a0 [ 457.826126][ T6665] 140735437340672-18446744073709551615: 0000000000000000 [ 457.849069][ T6665] Pass: 9929013 Run:9929146 [ 457.867723][ T6665] CPU: 0 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 [ 457.877574][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 457.887660][ T6665] Call Trace: [ 457.890968][ T6665] [ 457.893929][ T6665] dump_stack_lvl+0xd1/0x138 [ 457.898572][ T6665] mt_find.cold+0x8b/0x90 [ 457.902953][ T6665] ? mas_find+0x1d0/0x1d0 [ 457.907354][ T6665] find_vma+0x10c/0x1b0 [ 457.911552][ T6665] ? can_vma_merge_before+0x390/0x390 [ 457.916968][ T6665] ? walk_page_test+0x78/0x180 [ 457.921783][ T6665] walk_page_range+0x2b1/0x4a0 [ 457.926606][ T6665] ? __walk_page_range+0x780/0x780 [ 457.931794][ T6665] mlock_fixup+0x650/0x810 [ 457.936279][ T6665] apply_vma_lock_flags+0x23d/0x350 [ 457.941534][ T6665] ? mlock_fixup+0x810/0x810 [ 457.946194][ T6665] ? __ia32_sys_get_robust_list+0x400/0x400 [ 457.952145][ T6665] do_mlock+0x25a/0x6d0 [ 457.956362][ T6665] ? folio_evictable+0x270/0x270 [ 457.961370][ T6665] ? syscall_enter_from_user_mode+0x26/0xb0 [ 457.967316][ T6665] __x64_sys_mlock+0x59/0x80 [ 457.971946][ T6665] do_syscall_64+0x39/0xb0 [ 457.976418][ T6665] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 457.982355][ T6665] RIP: 0033:0x7fd3e6a8c0c9 [ 457.986805][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 458.006457][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 458.014921][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9 [ 458.022928][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000 [ 458.030930][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000 [ 458.038932][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 458.046935][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000 [ 458.054970][ T6665] [ 458.085704][ T6665] index not increased! 20ffb000 <= 20ffb000 [ 458.105608][ T6665] BUG at mt_find:6473 (1) [ 458.114478][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e [ 458.135850][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 458.189301][ T6665] 0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d [ 458.240496][ T6665] 0-536866815: 0000000000000000 [ 458.260763][ T6665] 536866816-536870911: ffff888022f0e0e0 [ 458.296471][ T6665] 536870912-553627647: ffff888022f0e1c0 [ 458.302519][ T6665] 553627648-553635839: 0000000000000000 [ 458.331176][ T6665] 553635840-553627647: ffff8880272dc9a0 [ 458.356384][ T6665] 553627648-553644031: ffff8880272dc8c0 [ 458.386494][ T6665] 553644032-553648127: ffff88807e16c7e0 [ 458.392575][ T6665] 553648128-553652223: ffff888022f0e2a0 [ 458.406486][ T6665] 553652224-116813594623: 0000000000000000 [ 458.412786][ T6665] 116813594624-116817788927: ffff888022f0e380 [ 458.436788][ T6665] 116817788928-93825002663935: 0000000000000000 [ 458.456476][ T6665] 93825002663936-93825002803199: ffff888022f0e460 [ 458.463340][ T6665] 93825002803200-140548063096831: 0000000000000000 [ 458.477916][ T6665] 140548063096832-140548063100927: ffff888022f0e540 [ 458.484907][ T6665] 140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d [ 458.676422][ T6665] 140548063100928-140548071489535: ffff888022f0e620 [ 458.683429][ T6665] 140548071489536-140548073586687: ffff888022f0e700 [ 458.756354][ T6665] 140548073586688-140548075683839: ffff888022f0e7e0 [ 458.763357][ T6665] 140548075683840-140548077780991: ffff888022f0e8c0 [ 458.816438][ T6665] 140548077780992-140548079878143: ffff888022f0e9a0 [ 458.823439][ T6665] 140548079878144-140548084072447: ffff888022f0ea80 [ 458.876974][ T6665] 140548084072448-140548084219903: ffff888022f0eb60 [ 458.906761][ T6665] 140548084219904-140548084948991: ffff888022f0ec40 [ 458.946439][ T6665] 140548084948992-140548085284863: ffff888022f0ed20 [ 458.953649][ T6665] 140548085284864-140548085288959: 0000000000000000 [ 459.046926][ T6665] 140548085288960-140548085653503: ffff888022f0ee00 [ 459.063517][ T6665] 140548085653504-140548085690367: ffff888022f0eee0 [ 459.106516][ T6665] 140548085690368-140548085710847: 0000000000000000 [ 459.113677][ T6665] 140548085710848-140548097556479: ffff88806b3de000 [ 459.138163][ T6665] 140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 459.286481][ T6665] 140548097556480-140548097601535: 0000000000000000 [ 459.293491][ T6665] 140548097601536-140548097605631: ffff88806b3de460 [ 459.326403][ T6665] 140548097605632-140548097736703: ffff88806b3de380 [ 459.333498][ T6665] 140548097736704-140735437164543: 0000000000000000 [ 459.376813][ T6665] 140735437164544-140735437299711: ffff88806b3de0e0 [ 459.383919][ T6665] 140735437299712-140735437316095: 0000000000000000 [ 459.407532][ T6665] 140735437316096-140735437332479: ffff88806b3de1c0 [ 459.426478][ T6665] 140735437332480-140735437340671: ffff88806b3de2a0 [ 459.446486][ T6665] 140735437340672-18446744073709551615: 0000000000000000 [ 459.461732][ T6665] Pass: 9943571 Run:9943705 [ 459.478026][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 [ 459.487877][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 459.497957][ T6665] Call Trace: [ 459.501257][ T6665] [ 459.504210][ T6665] dump_stack_lvl+0xd1/0x138 [ 459.508850][ T6665] mt_find.cold+0x8b/0x90 [ 459.513227][ T6665] ? mas_find+0x1d0/0x1d0 [ 459.517612][ T6665] find_vma+0x10c/0x1b0 [ 459.521805][ T6665] ? can_vma_merge_before+0x390/0x390 [ 459.527223][ T6665] ? walk_page_test+0x78/0x180 [ 459.532036][ T6665] walk_page_range+0x2b1/0x4a0 [ 459.536844][ T6665] ? __walk_page_range+0x780/0x780 [ 459.542017][ T6665] mlock_fixup+0x650/0x810 [ 459.546493][ T6665] apply_vma_lock_flags+0x23d/0x350 [ 459.551740][ T6665] ? mlock_fixup+0x810/0x810 [ 459.556393][ T6665] ? __ia32_sys_get_robust_list+0x400/0x400 [ 459.562327][ T6665] do_mlock+0x25a/0x6d0 [ 459.566526][ T6665] ? folio_evictable+0x270/0x270 [ 459.571506][ T6665] ? syscall_enter_from_user_mode+0x26/0xb0 [ 459.577427][ T6665] __x64_sys_mlock+0x59/0x80 [ 459.582035][ T6665] do_syscall_64+0x39/0xb0 [ 459.586485][ T6665] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 459.592402][ T6665] RIP: 0033:0x7fd3e6a8c0c9 [ 459.596831][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 459.616453][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 459.624882][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9 [ 459.632865][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000 [ 459.640846][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000 [ 459.648827][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 459.656809][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000 [ 459.664813][ T6665] [ 459.685691][ T6665] index not increased! 20ffb000 <= 20ffb000 [ 459.734093][ T6665] BUG at mt_find:6473 (1) [ 459.738851][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e [ 459.748070][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 459.796131][ T6665] 0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d [ 459.876354][ T6665] 0-536866815: 0000000000000000 [ 459.881968][ T6665] 536866816-536870911: ffff888022f0e0e0 [ 459.888010][ T6665] 536870912-553627647: ffff888022f0e1c0 [ 459.893971][ T6665] 553627648-553635839: 0000000000000000 [ 459.902879][ T6665] 553635840-553627647: ffff8880272dc9a0 [ 459.909056][ T6665] 553627648-553644031: ffff8880272dc8c0 [ 459.915151][ T6665] 553644032-553648127: ffff88807e16c7e0 [ 459.921288][ T6665] 553648128-553652223: ffff888022f0e2a0 [ 459.927347][ T6665] 553652224-116813594623: 0000000000000000 [ 459.933572][ T6665] 116813594624-116817788927: ffff888022f0e380 [ 459.940124][ T6665] 116817788928-93825002663935: 0000000000000000 [ 459.946813][ T6665] 93825002663936-93825002803199: ffff888022f0e460 [ 459.953619][ T6665] 93825002803200-140548063096831: 0000000000000000 [ 459.960732][ T6665] 140548063096832-140548063100927: ffff888022f0e540 [ 459.989200][ T6665] 140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d [ 460.058936][ T6665] 140548063100928-140548071489535: ffff888022f0e620 [ 460.065923][ T6665] 140548071489536-140548073586687: ffff888022f0e700 [ 460.085592][ T6665] 140548073586688-140548075683839: ffff888022f0e7e0 [ 460.094081][ T6665] 140548075683840-140548077780991: ffff888022f0e8c0 [ 460.111555][ T6665] 140548077780992-140548079878143: ffff888022f0e9a0 [ 460.123042][ T6665] 140548079878144-140548084072447: ffff888022f0ea80 [ 460.135656][ T6665] 140548084072448-140548084219903: ffff888022f0eb60 [ 460.152570][ T6665] 140548084219904-140548084948991: ffff888022f0ec40 [ 460.165277][ T6665] 140548084948992-140548085284863: ffff888022f0ed20 [ 460.188157][ T6665] 140548085284864-140548085288959: 0000000000000000 [ 460.195142][ T6665] 140548085288960-140548085653503: ffff888022f0ee00 [ 460.212038][ T6665] 140548085653504-140548085690367: ffff888022f0eee0 [ 460.221964][ T6665] 140548085690368-140548085710847: 0000000000000000 [ 460.236012][ T6665] 140548085710848-140548097556479: ffff88806b3de000 [ 460.245882][ T6665] 140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 460.311991][ T6665] 140548097556480-140548097601535: 0000000000000000 [ 460.323511][ T6665] 140548097601536-140548097605631: ffff88806b3de460 [ 460.344815][ T6665] 140548097605632-140548097736703: ffff88806b3de380 [ 460.353304][ T6665] 140548097736704-140735437164543: 0000000000000000 [ 460.370173][ T6665] 140735437164544-140735437299711: ffff88806b3de0e0 [ 460.385782][ T6665] 140735437299712-140735437316095: 0000000000000000 [ 460.409260][ T6665] 140735437316096-140735437332479: ffff88806b3de1c0 [ 460.416250][ T6665] 140735437332480-140735437340671: ffff88806b3de2a0 [ 460.433363][ T6665] 140735437340672-18446744073709551615: 0000000000000000 [ 460.442440][ T6665] Pass: 9943573 Run:9943708 [ 460.455402][ T6665] CPU: 0 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 [ 460.465249][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 460.475327][ T6665] Call Trace: [ 460.478624][ T6665] [ 460.481576][ T6665] dump_stack_lvl+0xd1/0x138 [ 460.486218][ T6665] mt_find.cold+0x8b/0x90 [ 460.490591][ T6665] ? mas_find+0x1d0/0x1d0 [ 460.494977][ T6665] find_vma+0x10c/0x1b0 [ 460.499163][ T6665] ? can_vma_merge_before+0x390/0x390 [ 460.504574][ T6665] ? walk_page_test+0x78/0x180 [ 460.509384][ T6665] walk_page_range+0x2b1/0x4a0 [ 460.514198][ T6665] ? __walk_page_range+0x780/0x780 [ 460.519374][ T6665] mlock_fixup+0x650/0x810 [ 460.523849][ T6665] apply_vma_lock_flags+0x23d/0x350 [ 460.529100][ T6665] ? mlock_fixup+0x810/0x810 [ 460.533750][ T6665] ? __ia32_sys_get_robust_list+0x400/0x400 [ 460.539694][ T6665] do_mlock+0x25a/0x6d0 [ 460.543905][ T6665] ? folio_evictable+0x270/0x270 [ 460.548904][ T6665] ? syscall_enter_from_user_mode+0x26/0xb0 [ 460.554850][ T6665] __x64_sys_mlock+0x59/0x80 [ 460.559477][ T6665] do_syscall_64+0x39/0xb0 [ 460.563944][ T6665] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 460.569875][ T6665] RIP: 0033:0x7fd3e6a8c0c9 [ 460.574327][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 460.593973][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 460.602426][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9 [ 460.610421][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000 [ 460.618415][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000 [ 460.626412][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 460.634405][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000 [ 460.642426][ T6665] [ 460.655103][ T6665] index not increased! 20ffb000 <= 20ffb000 [ 460.661111][ T6665] BUG at mt_find:6473 (1) [ 460.665463][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e [ 460.673960][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 460.713132][ T6665] 0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d [ 460.770649][ T6665] 0-536866815: 0000000000000000 [ 460.775907][ T6665] 536866816-536870911: ffff888022f0e0e0 [ 460.788500][ T6665] 536870912-553627647: ffff888022f0e1c0 [ 460.794555][ T6665] 553627648-553635839: 0000000000000000 [ 460.822212][ T6665] 553635840-553627647: ffff8880272dc9a0 [ 460.833644][ T6665] 553627648-553644031: ffff8880272dc8c0 [ 460.845292][ T6665] 553644032-553648127: ffff88807e16c7e0 [ 460.855504][ T6665] 553648128-553652223: ffff888022f0e2a0 [ 460.872064][ T6665] 553652224-116813594623: 0000000000000000 [ 460.894635][ T6665] 116813594624-116817788927: ffff888022f0e380 [ 460.903909][ T6665] 116817788928-93825002663935: 0000000000000000 [ 460.920383][ T6665] 93825002663936-93825002803199: ffff888022f0e460 [ 460.932948][ T6665] 93825002803200-140548063096831: 0000000000000000 [ 460.951949][ T6665] 140548063096832-140548063100927: ffff888022f0e540 [ 461.001605][ T6665] 140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d [ 461.067362][ T6665] 140548063100928-140548071489535: ffff888022f0e620 [ 461.074358][ T6665] 140548071489536-140548073586687: ffff888022f0e700 [ 461.091233][ T6665] 140548073586688-140548075683839: ffff888022f0e7e0 [ 461.114058][ T6665] 140548075683840-140548077780991: ffff888022f0e8c0 [ 461.125901][ T6665] 140548077780992-140548079878143: ffff888022f0e9a0 [ 461.143107][ T6665] 140548079878144-140548084072447: ffff888022f0ea80 [ 461.153173][ T6665] 140548084072448-140548084219903: ffff888022f0eb60 [ 461.170467][ T6665] 140548084219904-140548084948991: ffff888022f0ec40 [ 461.183346][ T6665] 140548084948992-140548085284863: ffff888022f0ed20 [ 461.194803][ T6665] 140548085284864-140548085288959: 0000000000000000 [ 461.219637][ T6665] 140548085288960-140548085653503: ffff888022f0ee00 [ 461.235891][ T6665] 140548085653504-140548085690367: ffff888022f0eee0 [ 461.244666][ T6665] 140548085690368-140548085710847: 0000000000000000 [ 461.261752][ T6665] 140548085710848-140548097556479: ffff88806b3de000 [ 461.273221][ T6665] 140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 461.341373][ T6665] 140548097556480-140548097601535: 0000000000000000 [ 461.355670][ T6665] 140548097601536-140548097605631: ffff88806b3de460 [ 461.376414][ T6665] 140548097605632-140548097736703: ffff88806b3de380 [ 461.383402][ T6665] 140548097736704-140735437164543: 0000000000000000 [ 461.399794][ T6665] 140735437164544-140735437299711: ffff88806b3de0e0 [ 461.415425][ T6665] 140735437299712-140735437316095: 0000000000000000 [ 461.433184][ T6665] 140735437316096-140735437332479: ffff88806b3de1c0 [ 461.462463][ T6665] 140735437332480-140735437340671: ffff88806b3de2a0 [ 461.473268][ T6665] 140735437340672-18446744073709551615: 0000000000000000 [ 461.490913][ T6665] Pass: 9945284 Run:9945420 [ 461.495447][ T6665] CPU: 0 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 [ 461.505281][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 461.515358][ T6665] Call Trace: [ 461.518657][ T6665] [ 461.521612][ T6665] dump_stack_lvl+0xd1/0x138 [ 461.526260][ T6665] mt_find.cold+0x8b/0x90 [ 461.530638][ T6665] ? mas_find+0x1d0/0x1d0 [ 461.535029][ T6665] find_vma+0x10c/0x1b0 [ 461.539217][ T6665] ? can_vma_merge_before+0x390/0x390 [ 461.544626][ T6665] ? walk_page_test+0x78/0x180 [ 461.549442][ T6665] walk_page_range+0x2b1/0x4a0 [ 461.554251][ T6665] ? __walk_page_range+0x780/0x780 [ 461.559424][ T6665] mlock_fixup+0x650/0x810 [ 461.563901][ T6665] apply_vma_lock_flags+0x23d/0x350 [ 461.569150][ T6665] ? mlock_fixup+0x810/0x810 [ 461.573803][ T6665] ? __ia32_sys_get_robust_list+0x400/0x400 [ 461.579750][ T6665] do_mlock+0x25a/0x6d0 [ 461.583961][ T6665] ? folio_evictable+0x270/0x270 [ 461.588968][ T6665] ? syscall_enter_from_user_mode+0x26/0xb0 [ 461.594906][ T6665] __x64_sys_mlock+0x59/0x80 [ 461.599526][ T6665] do_syscall_64+0x39/0xb0 [ 461.603998][ T6665] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 461.609931][ T6665] RIP: 0033:0x7fd3e6a8c0c9 [ 461.614374][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 461.634014][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 461.642462][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9 [ 461.650460][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000 [ 461.658456][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000 [ 461.666449][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 461.674442][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000 [ 461.682462][ T6665] [ 461.715652][ T6665] index not increased! 20ffb000 <= 20ffb000 [ 461.731909][ T6665] BUG at mt_find:6473 (1) [ 461.736270][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e [ 461.754629][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 461.801064][ T6665] 0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d [ 461.856644][ T6665] 0-536866815: 0000000000000000 [ 461.861897][ T6665] 536866816-536870911: ffff888022f0e0e0 [ 461.870430][ T6665] 536870912-553627647: ffff888022f0e1c0 [ 461.876715][ T6665] 553627648-553635839: 0000000000000000 [ 461.882745][ T6665] 553635840-553627647: ffff8880272dc9a0 [ 461.895598][ T6665] 553627648-553644031: ffff8880272dc8c0 [ 461.901838][ T6665] 553644032-553648127: ffff88807e16c7e0 [ 461.908563][ T6665] 553648128-553652223: ffff888022f0e2a0 01:47:36 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={&(0x7f0000000000), 0xc, &(0x7f0000000140)={&(0x7f0000000100)=@ipv6_newroute={0x2c, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_PREF={0x25}, @RTA_ENCAP_TYPE={0x6}]}, 0x2c}}, 0x0) 01:47:36 executing program 1: openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000540)='./cgroup/syz1\x00', 0x200002, 0x0) 01:47:36 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2c000000180201"], 0x2c}}, 0x0) 01:47:36 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) r0 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r0, 0x7, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x8}) r1 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000140)=ANY=[], 0x1c) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) 01:47:36 executing program 3: syz_mount_image$vfat(&(0x7f0000001200), &(0x7f0000000000)='./bus\x00', 0x10, &(0x7f0000000080)={[{@shortname_win95}, {@uni_xlate}, {@fat=@quiet}, {@shortname_lower}]}, 0xfd, 0x1206, &(0x7f0000001240)="$eJzs3M+LG2UYB/An7Wp3t+4PtVZbEF/0opexuwdPXhZpQVxQareggjB1JzYkm4RMWEgRqyevnv0LRDx6E8R/YC9ePAteZC8eC4ojmynWLKu4FR1dPp/LPOR5v+SdhAQmzJP9Fz/e6bbLrJ2P41SrFXPDiHQnRYpTcTpqH8Rz17/97snX33jzlY3NzctXU7qycW3thZTS8lNfvfXe509/PT57/YvlL8/E3urb+z+uf793fu/C/i/XbnbK1ClTfzBOeboxGIzzG70ibXfKbpbSa70iL4vU6ZfFaKbf7g2Gw0nK+9tLi8NRUZYp709St5ik8SCNR5OUv5t3+inLsrS0GPwdW5/dqaoqoqoeiAejqqpqIRbjbDwUS7EcKz8dNB+JR+NcPBbn4/F4Ii4sNL1nAAAAAAAAAAAAAAAAAAAAOHn+dP4/VuPhw/P/01VN7xoAAAAAAAAAAAAAAAAAAABOFvP/AAAAAAAAAAAAAAAAAAAA0Dzz/wAAAAAAAAAAAAAAAAAAAPAfMF8frqY0H7Hz0e7W7lZ9rB/faEcnelHEpViJn2M6/V+r6ysvb16+lKZW4/md23fzt3e3Ts/m16Z/J3Bkfq3Op9n8mVj8fX49VuLc0fn1I/Pz8ewzB/kP63wWK/HNOzGIXmzHQfZe/v21lF56dfNQ/uJ0HQAAAJwEWfrN7PV7q1X3sz/oH//3gUPX13Nxca7ZcyeinNzq5r1eMVIo7q9o3f0Y/7PP9clxFv/wafMvy/+9aPqbiX/DvTe96Z0AAAAAAAAAAABwHOXk1kL8pfsBb9737YRNnyMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC/sgPHAgAAAADC/K3T6NgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4KgAA//9gJexE") r0 = openat(0xffffffffffffff9c, &(0x7f0000000540)='./file2\x00', 0x6a142, 0x0) sendfile(r0, r0, 0x0, 0x4) 01:47:36 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) r0 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r0, 0x7, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x8}) r1 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000140)=ANY=[], 0x1c) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) [ 461.915723][ T6665] 553652224-116813594623: 0000000000000000 [ 461.922706][ T6665] 116813594624-116817788927: ffff888022f0e380 [ 461.929564][ T6665] 116817788928-93825002663935: 0000000000000000 [ 461.936191][ T6665] 93825002663936-93825002803199: ffff888022f0e460 [ 461.943357][ T6665] 93825002803200-140548063096831: 0000000000000000 01:47:36 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@ipv6_newroute={0x38, 0x18, 0xffffffffffffffff, 0x0, 0x0, {}, [@RTA_GATEWAY={0x14, 0x5, @dev}, @RTA_EXPIRES={0x8}]}, 0x38}}, 0x0) 01:47:36 executing program 2: bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000001c0)={0xffffffffffffffff, 0x0, 0x0}, 0x10) [ 462.051960][ T6665] 140548063096832-140548063100927: ffff888022f0e540 01:47:36 executing program 2: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/net\x00') r2 = fcntl$dupfd(r0, 0x0, r1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x11}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000240)={'syztnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x0, 0x10, 0x3, 0x8e, 0xd, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x7, 0x40}}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001f80)={&(0x7f00000003c0), 0xc, &(0x7f0000001f40)={&(0x7f0000000400)=@newchain={0x2c, 0x64, 0x200, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xd, 0x3}, {0xf, 0x3}}, [@TCA_RATE={0x6, 0x5, {0x40, 0xc7}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0x4000000) [ 462.111048][ T6665] 140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d 01:47:37 executing program 1: r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) read$FUSE(r0, &(0x7f0000006540)={0x2020}, 0xfffffe55) syz_open_dev$mouse(&(0x7f0000002100), 0x0, 0x101000) 01:47:37 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) r0 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r0, 0x7, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x8}) r1 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000140)=ANY=[], 0x1c) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) [ 462.313337][ T8086] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'. [ 462.334074][ T8076] loop3: detected capacity change from 0 to 8192 [ 462.366209][ T6665] 140548063100928-140548071489535: ffff888022f0e620 01:47:37 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={&(0x7f0000000000), 0xc, &(0x7f0000000140)={&(0x7f0000000100)=@ipv6_newroute={0x2c, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_PREF={0x25}, @RTA_ENCAP_TYPE={0x6}]}, 0x2c}}, 0x0) [ 462.411479][ T8076] syz-executor.3: attempt to access beyond end of device [ 462.411479][ T8076] loop3: rw=0, sector=64405, nr_sectors = 1 limit=8192 01:47:37 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) r0 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r0, 0x7, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x8}) r1 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000140)=ANY=[], 0x1c) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) [ 462.460432][ T6665] 140548071489536-140548073586687: ffff888022f0e700 [ 462.482558][ T8076] Buffer I/O error on dev loop3, logical block 64405, async page read [ 462.536688][ T8076] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f) [ 462.552056][ T6665] 140548073586688-140548075683839: ffff888022f0e7e0 [ 462.589069][ T6665] 140548075683840-140548077780991: ffff888022f0e8c0 [ 462.591339][ T8097] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'. [ 462.605919][ T8076] FAT-fs (loop3): Filesystem has been set read-only [ 462.623897][ T8076] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f) [ 462.651643][ T6665] 140548077780992-140548079878143: ffff888022f0e9a0 [ 462.655238][ T8076] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f) [ 462.684795][ T6665] 140548079878144-140548084072447: ffff888022f0ea80 01:47:37 executing program 2: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x64}, {}]}) [ 462.694728][ T8076] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f) [ 462.716847][ T6665] 140548084072448-140548084219903: ffff888022f0eb60 [ 462.727423][ T8076] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f) [ 462.781767][ T8076] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f) [ 462.796750][ T6665] 140548084219904-140548084948991: ffff888022f0ec40 [ 462.811685][ T6665] 140548084948992-140548085284863: ffff888022f0ed20 [ 462.823270][ T8076] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f) 01:47:37 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000080)={'syztnl2\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @ipv4={'\x00', '\xff\xff', @empty}}}) 01:47:37 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x89f2, 0x0) [ 462.856650][ T8076] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f) [ 462.873490][ T6665] 140548085284864-140548085288959: 0000000000000000 [ 462.953471][ T6665] 140548085288960-140548085653503: ffff888022f0ee00 [ 462.967284][ T8076] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f) [ 463.008350][ T8076] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f) [ 463.022094][ T6665] 140548085653504-140548085690367: ffff888022f0eee0 [ 463.033780][ T8076] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f) [ 463.073770][ T6665] 140548085690368-140548085710847: 0000000000000000 [ 463.103350][ T8076] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f) [ 463.113679][ T6665] 140548085710848-140548097556479: ffff88806b3de000 [ 463.144711][ T27] audit: type=1800 audit(1673401657.938:69): pid=8076 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.3" name="file2" dev="loop3" ino=1048606 res=0 errno=0 01:47:38 executing program 3: syz_mount_image$vfat(&(0x7f0000001200), &(0x7f0000000000)='./bus\x00', 0x10, &(0x7f0000000080)={[{@shortname_win95}, {@uni_xlate}, {@fat=@quiet}, {@shortname_lower}]}, 0xfd, 0x1206, &(0x7f0000001240)="$eJzs3M+LG2UYB/An7Wp3t+4PtVZbEF/0opexuwdPXhZpQVxQareggjB1JzYkm4RMWEgRqyevnv0LRDx6E8R/YC9ePAteZC8eC4ojmynWLKu4FR1dPp/LPOR5v+SdhAQmzJP9Fz/e6bbLrJ2P41SrFXPDiHQnRYpTcTpqH8Rz17/97snX33jzlY3NzctXU7qycW3thZTS8lNfvfXe509/PT57/YvlL8/E3urb+z+uf793fu/C/i/XbnbK1ClTfzBOeboxGIzzG70ibXfKbpbSa70iL4vU6ZfFaKbf7g2Gw0nK+9tLi8NRUZYp709St5ik8SCNR5OUv5t3+inLsrS0GPwdW5/dqaoqoqoeiAejqqpqIRbjbDwUS7EcKz8dNB+JR+NcPBbn4/F4Ii4sNL1nAAAAAAAAAAAAAAAAAAAAOHn+dP4/VuPhw/P/01VN7xoAAAAAAAAAAAAAAAAAAABOFvP/AAAAAAAAAAAAAAAAAAAA0Dzz/wAAAAAAAAAAAAAAAAAAAPAfMF8frqY0H7Hz0e7W7lZ9rB/faEcnelHEpViJn2M6/V+r6ysvb16+lKZW4/md23fzt3e3Ts/m16Z/J3Bkfq3Op9n8mVj8fX49VuLc0fn1I/Pz8ewzB/kP63wWK/HNOzGIXmzHQfZe/v21lF56dfNQ/uJ0HQAAAJwEWfrN7PV7q1X3sz/oH//3gUPX13Nxca7ZcyeinNzq5r1eMVIo7q9o3f0Y/7PP9clxFv/wafMvy/+9aPqbiX/DvTe96Z0AAAAAAAAAAABwHOXk1kL8pfsBb9737YRNnyMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC/sgPHAgAAAADC/K3T6NgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4KgAA//9gJexE") r0 = openat(0xffffffffffffff9c, &(0x7f0000000540)='./file2\x00', 0x6a142, 0x0) sendfile(r0, r0, 0x0, 0x4) 01:47:38 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={&(0x7f0000000000), 0xc, &(0x7f0000000140)={&(0x7f0000000100)=@ipv6_newroute={0x2c, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_PREF={0x25}, @RTA_ENCAP_TYPE={0x6}]}, 0x2c}}, 0x0) 01:47:38 executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000003940), 0x0, 0x0) ioctl$TUNSETIFINDEX(r0, 0x400454da, &(0x7f00000039c0)) 01:47:38 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, 0x0, 0x4) [ 463.193680][ T6665] 140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 01:47:38 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, 0x0, 0x0) 01:47:38 executing program 1: r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) read$FUSE(r0, &(0x7f0000006540)={0x2020}, 0xfffffe55) syz_open_dev$mouse(&(0x7f0000002100), 0x0, 0x101000) 01:47:38 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip6_flowlabel\x00') preadv(r0, &(0x7f0000000440)=[{&(0x7f0000000180)=""/174, 0xae}], 0x1, 0x401, 0x0) 01:47:38 executing program 4: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000001c0)=@filter={'filter\x00', 0xe, 0x4, 0x410, 0xffffffff, 0x100, 0x340, 0x100, 0xffffffff, 0xffffffff, 0x340, 0x340, 0x340, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@frag={{0x30}}]}, @REJECT={0x28}}, {{@ipv6={@local, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], [], 'dvmrp0\x00', 'wlan1\x00'}, 0x0, 0xf0, 0x118, 0x0, {}, [@common=@hbh={{0x48}}]}, @REJECT={0x28}}, {{@uncond, 0x0, 0x100, 0x128, 0x0, {}, [@common=@frag={{0x30}}, @common=@eui64={{0x28}}]}, @common=@inet=@SYNPROXY={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x470) 01:47:38 executing program 0: pipe(&(0x7f0000003b00)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000003c40)=[{0x0}, {&(0x7f0000003b80)='K', 0x1}], 0x2, 0x0) 01:47:38 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@ipv6_newroute={0x1c, 0x18, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}}, 0x1c}}, 0x0) 01:47:38 executing program 4: ioctl$TUNSETSTEERINGEBPF(0xffffffffffffffff, 0x800454e0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) [ 463.447498][ T8121] x_tables: duplicate underflow at hook 2 01:47:38 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{}, {0x74}]}) [ 463.515220][ T8109] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'. [ 463.566449][ T6665] 140548097556480-140548097601535: 0000000000000000 [ 463.601684][ T6665] 140548097601536-140548097605631: ffff88806b3de460 [ 463.638585][ T6665] 140548097605632-140548097736703: ffff88806b3de380 [ 463.638641][ T8129] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 463.653178][ T8129] IPv6: NLM_F_CREATE should be set when creating new route [ 463.695040][ T6665] 140548097736704-140735437164543: 0000000000000000 [ 463.737425][ T6665] 140735437164544-140735437299711: ffff88806b3de0e0 [ 463.784369][ T6665] 140735437299712-140735437316095: 0000000000000000 [ 463.811044][ T6665] 140735437316096-140735437332479: ffff88806b3de1c0 [ 463.822995][ T6665] 140735437332480-140735437340671: ffff88806b3de2a0 [ 463.842532][ T6665] 140735437340672-18446744073709551615: 0000000000000000 [ 463.860373][ T6665] Pass: 10004474 Run:10004611 [ 463.870764][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 [ 463.880606][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 463.890693][ T6665] Call Trace: [ 463.893991][ T6665] [ 463.896958][ T6665] dump_stack_lvl+0xd1/0x138 [ 463.901603][ T6665] mt_find.cold+0x8b/0x90 [ 463.905982][ T6665] ? mas_find+0x1d0/0x1d0 [ 463.910370][ T6665] find_vma+0x10c/0x1b0 [ 463.914568][ T6665] ? can_vma_merge_before+0x390/0x390 [ 463.919988][ T6665] ? walk_page_test+0x78/0x180 [ 463.924805][ T6665] walk_page_range+0x2b1/0x4a0 [ 463.929616][ T6665] ? __walk_page_range+0x780/0x780 [ 463.934798][ T6665] mlock_fixup+0x650/0x810 [ 463.935842][ T8124] loop3: detected capacity change from 0 to 8192 [ 463.939255][ T6665] apply_vma_lock_flags+0x23d/0x350 [ 463.939306][ T6665] ? mlock_fixup+0x810/0x810 [ 463.939365][ T6665] ? __ia32_sys_get_robust_list+0x400/0x400 [ 463.939412][ T6665] do_mlock+0x25a/0x6d0 [ 463.965579][ T6665] ? folio_evictable+0x270/0x270 [ 463.970590][ T6665] ? syscall_enter_from_user_mode+0x26/0xb0 [ 463.976533][ T6665] __x64_sys_mlock+0x59/0x80 [ 463.981142][ T6665] do_syscall_64+0x39/0xb0 [ 463.985590][ T6665] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 463.991509][ T6665] RIP: 0033:0x7fd3e6a8c0c9 [ 463.995938][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 464.015565][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 464.023998][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9 [ 464.031983][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000 [ 464.039965][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000 [ 464.047948][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 464.055933][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000 [ 464.063941][ T6665] [ 464.090361][ T8124] syz-executor.3: attempt to access beyond end of device [ 464.090361][ T8124] loop3: rw=0, sector=64405, nr_sectors = 1 limit=8192 [ 464.119422][ T8124] Buffer I/O error on dev loop3, logical block 64405, async page read [ 464.134533][ T8124] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f) [ 464.145616][ T8124] FAT-fs (loop3): Filesystem has been set read-only [ 464.162672][ T8124] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f) [ 464.183150][ T8124] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f) [ 464.203751][ T8124] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f) [ 464.214449][ T8124] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f) [ 464.244900][ T8124] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f) [ 464.252836][ T8124] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f) [ 464.284011][ T8124] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f) [ 464.294020][ T8124] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f) [ 464.322807][ T8124] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f) [ 464.351006][ T8124] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f) [ 464.392934][ T8124] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f) [ 464.414509][ T27] audit: type=1800 audit(1673401659.218:70): pid=8124 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.3" name="file2" dev="loop3" ino=1048607 res=0 errno=0 01:47:39 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=@base={0x17, 0x0, 0x200, 0x614, 0x0, 0x1}, 0x48) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00', r0}, 0x10) 01:47:39 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=@ipv6_newroute={0x24, 0x10, 0x1, 0x0, 0x0, {}, [@RTA_PREF={0x5}]}, 0x24}}, 0x0) 01:47:39 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={&(0x7f0000000000), 0xc, &(0x7f0000000140)={&(0x7f0000000100)=@ipv6_newroute={0x2c, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_PREF={0x25}, @RTA_ENCAP_TYPE={0x6}]}, 0x2c}}, 0x0) 01:47:39 executing program 2: syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x6, 0x7, 0xa2, 0x10, 0x13b1, 0x18, 0x9a17, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x3, 0x1c, 0x37, 0xd9, 0x0, [], [{{0x9, 0x5, 0x0, 0x3, 0x40}}, {{0x9, 0x5, 0x0, 0x1, 0x10}}, {{0x9, 0x5, 0x0, 0x2, 0x10}}]}}]}}]}}, 0x0) 01:47:39 executing program 3: syz_mount_image$vfat(&(0x7f0000001200), &(0x7f0000000000)='./bus\x00', 0x10, &(0x7f0000000080)={[{@shortname_win95}, {@uni_xlate}, {@fat=@quiet}, {@shortname_lower}]}, 0xfd, 0x1206, &(0x7f0000001240)="$eJzs3M+LG2UYB/An7Wp3t+4PtVZbEF/0opexuwdPXhZpQVxQareggjB1JzYkm4RMWEgRqyevnv0LRDx6E8R/YC9ePAteZC8eC4ojmynWLKu4FR1dPp/LPOR5v+SdhAQmzJP9Fz/e6bbLrJ2P41SrFXPDiHQnRYpTcTpqH8Rz17/97snX33jzlY3NzctXU7qycW3thZTS8lNfvfXe509/PT57/YvlL8/E3urb+z+uf793fu/C/i/XbnbK1ClTfzBOeboxGIzzG70ibXfKbpbSa70iL4vU6ZfFaKbf7g2Gw0nK+9tLi8NRUZYp709St5ik8SCNR5OUv5t3+inLsrS0GPwdW5/dqaoqoqoeiAejqqpqIRbjbDwUS7EcKz8dNB+JR+NcPBbn4/F4Ii4sNL1nAAAAAAAAAAAAAAAAAAAAOHn+dP4/VuPhw/P/01VN7xoAAAAAAAAAAAAAAAAAAABOFvP/AAAAAAAAAAAAAAAAAAAA0Dzz/wAAAAAAAAAAAAAAAAAAAPAfMF8frqY0H7Hz0e7W7lZ9rB/faEcnelHEpViJn2M6/V+r6ysvb16+lKZW4/md23fzt3e3Ts/m16Z/J3Bkfq3Op9n8mVj8fX49VuLc0fn1I/Pz8ewzB/kP63wWK/HNOzGIXmzHQfZe/v21lF56dfNQ/uJ0HQAAAJwEWfrN7PV7q1X3sz/oH//3gUPX13Nxca7ZcyeinNzq5r1eMVIo7q9o3f0Y/7PP9clxFv/wafMvy/+9aPqbiX/DvTe96Z0AAAAAAAAAAABwHOXk1kL8pfsBb9737YRNnyMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC/sgPHAgAAAADC/K3T6NgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4KgAA//9gJexE") r0 = openat(0xffffffffffffff9c, &(0x7f0000000540)='./file2\x00', 0x6a142, 0x0) sendfile(r0, r0, 0x0, 0x4) 01:47:39 executing program 1: r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) read$FUSE(r0, &(0x7f0000006540)={0x2020}, 0xfffffe55) syz_open_dev$mouse(&(0x7f0000002100), 0x0, 0x101000) [ 464.451132][ T6665] index not increased! 20ffb000 <= 20ffb000 [ 464.482872][ T8137] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 01:47:39 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@ipv6_newroute={0x44, 0x18, 0xffffffffffffffff, 0x0, 0x0, {}, [@RTA_GATEWAY={0x14, 0x5, @dev}, @RTA_METRICS={0x4}, @RTA_PRIORITY={0x8, 0x6, 0xdd}, @RTA_EXPIRES={0x8}]}, 0x44}}, 0x0) [ 464.532381][ T6665] BUG at mt_find:6473 (1) [ 464.545563][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e 01:47:39 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_MESH(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={0x0}}, 0x40008001) [ 464.617171][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 01:47:39 executing program 5: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/net\x00') r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000000)={'ip6gre0\x00', &(0x7f0000000100)={'syztnl0\x00', 0x0, 0x2f, 0x20, 0x81, 0x80, 0x12, @empty, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80}}) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000002100)={'syztnl2\x00', &(0x7f0000002000)={'sit0\x00', 0x0, 0x10, 0x7800, 0x80000000, 0x9, {{0x1f, 0x4, 0x0, 0x1, 0x7c, 0x67, 0x0, 0x7, 0x2f, 0x0, @dev, @multicast1, {[@timestamp_addr={0x44, 0x4, 0x5d}, @ssrr={0x89, 0x1b, 0x13, [@local, @multicast2, @empty, @remote, @multicast1, @rand_addr=0x64010100]}, @rr={0x7, 0xb, 0x86, [@dev={0xac, 0x14, 0x14, 0x42}, @empty]}, @generic={0xc, 0xd, "9c49f7bd2331c6a109e599"}, @generic={0x7, 0x5, "27ec02"}, @rr={0x7, 0xf, 0x81, [@dev={0xac, 0x14, 0x14, 0x35}, @rand_addr=0x64010102, @broadcast]}, @ssrr={0x89, 0x1b, 0x23, [@rand_addr=0x64010101, @empty, @multicast2, @multicast1, @remote, @private=0xa010102]}]}}}}}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000240)={'syztnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', r3, 0x29, 0x10, 0x3, 0x8e, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x7, 0x40}}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001f80)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000001f40)={&(0x7f0000000400)=@newchain={0x13b8, 0x64, 0x200, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x0, 0x9}, {0xd, 0x3}, {0x0, 0x3}}, [@TCA_RATE={0x6, 0x5, {0x40, 0xc7}}, @filter_kind_options=@f_cgroup={{0xb}, {0x1380, 0x2, [@TCA_CGROUP_EMATCHES={0x38, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x3, 0x0, 0x0, {{0x0, 0x8, 0xfff}, {0x0, 0x3, 0x2}}}]}, @TCA_EMATCH_TREE_LIST={0x20, 0x2, 0x0, 0x1, [@TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{}, {0xe2, 0x1, 0x6, 0x8}}}]}]}, @TCA_CGROUP_ACT={0x1f4, 0x1, [@m_sample={0x40, 0xc, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x6}, @TCA_SAMPLE_RATE={0x8}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}, @m_csum={0x54, 0x9, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x7fff, 0x0, 0x0, 0x0, 0x6}, 0x79}}]}, {0xc, 0x6, "2d57f86517781551"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_nat={0xdc, 0xb, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0xffffffff, 0x693, 0x1, 0x2, 0x1}, @broadcast, @local, 0xffffff00, 0x1}}]}, {0x8a, 0x6, "4d157d7fcbde6a803a5259ebe7db131f1d53f8f03e5cc5f8331035364c284665e005268019b5eeee849285e196a43d66c9aaa7d472ee85018bec1b3584ea2cec59574e5969634f89ba4d7e761c706103f31aeeda50d45fc56ad58556203a1d125e63d1b846b67522f53dfc96bf3b535095259fccc9bffc55d2f36848f96c553516a6b02a2652"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1}}}}, @m_sample={0x80, 0x18, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_SAMPLE_RATE={0x8, 0x3, 0x3}, @TCA_SAMPLE_PSAMPLE_GROUP={0x8}]}, {0x41, 0x6, "1a79e57062a4e985f826bc2821235976ef354badbb759bb3533c1faaa702f9f20abfd6688adc445b3f44c992d215e1ccb80f97c1f604644782f3be3010"}, {0xc}, {0xc}}}]}, @TCA_CGROUP_ACT={0x1140, 0x1, [@m_ipt={0x14c, 0x0, 0x0, 0x0, {{0x8}, {0x110, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0x10b, 0x6, {0x800, 'filter\x00', 0xff, 0x2, "360df404a0a64bf029589d4e900a26065aa91775560cb49b6f5f54f3a9d10ab341b6ee335d0a62cf5e3746a13403832180d678d868390a62f5293912ca01e5c56968e456f4230058af3629306748d72ab7c375d7f0b82633d7e9d2526f2959a61328167d8554774f062cfab1f0d722ed548d79a254d95dc1faf7a2249e5b9fa9e4d5b81741c05270051674466b76be5b6a77a20d1972075cc8dc3ebe7aa0ca8622941263eebbd530cc8fded11e399d786e823a7769fefba71c2ba514ad3cd63a03eeca67f52fefe6202bac2219d299eda955962291c749b30f83c1fb8cf8b7aac9"}}]}, {0x18, 0x6, "afedfd9af8a4b80d42a5c72874a1dd766219480a"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_pedit={0xec8, 0x15, 0x0, 0x0, {{0xa}, {0xe84, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe50, 0x2, {{{0x3ff, 0x5, 0x20000000, 0x1, 0xfffffffb}, 0xf0, 0x24, [{0x0, 0x80000001, 0x5, 0x0, 0x5, 0x10001}, {0x0, 0x0, 0x96, 0x0, 0xfffff4d3}]}, [{0x0, 0x2, 0x8, 0x0, 0x0, 0x101}, {0x2, 0x1000, 0x28ac, 0x80, 0x7fffffff, 0x40}, {0x0, 0x0, 0x0, 0xffff, 0x2, 0x10001}, {0x1, 0x10000, 0x4, 0xff, 0x1, 0x7ff}, {0x1, 0x0, 0x2, 0x20, 0x2, 0x80000001}, {0x6, 0x8, 0x101, 0x4, 0xaeb, 0x6}, {0xc5, 0x7f, 0x400, 0x6, 0x1}, {0x2, 0x800, 0x1000000, 0x7, 0x3ff, 0x2}, {0x2, 0xfb2, 0x400, 0x4, 0x7, 0x6}, {0x0, 0x1, 0x5472, 0x40, 0x2, 0x2}, {0x0, 0x10001, 0xc96, 0x0, 0x7fff, 0x80000}, {0x0, 0xcd7f, 0x7, 0xe1, 0x0, 0x5e717d0d}, {0x0, 0x8, 0xde8, 0x0, 0xff28}, {0x7, 0xd4, 0x0, 0x5, 0x1, 0x661}, {0x0, 0x101, 0x0, 0x0, 0x7, 0x8}, {0x1e, 0x200, 0x1, 0x9, 0x101, 0xcfc8}, {0x0, 0xff, 0x0, 0x1, 0x2, 0x8001}, {0x40, 0xddc25b10, 0x8000, 0x9c85, 0x7fffffff, 0x5}, {0x9, 0x0, 0x4, 0xffff, 0x3, 0x9}, {0x7ff, 0x0, 0x1f, 0x4, 0x0, 0x8}, {0x3, 0x9, 0xdb08592, 0x8, 0xd1, 0x101}, {0x14d6, 0x0, 0xfff, 0x5, 0x212, 0x7}, {0xfffffffe, 0x9, 0xe, 0xff, 0x0, 0x4}, {0xff, 0x9, 0xffffffff, 0x800, 0x2, 0x8}, {0x1000, 0xe834, 0x72e2, 0x9}, {0x1, 0xc6a6, 0x7fffffff, 0x0, 0x3f}, {0x80000000, 0x3, 0x2, 0x1, 0xe, 0x1f}, {0x0, 0x0, 0x2, 0x7, 0x7, 0x81}, {0x0, 0xbbf, 0x0, 0x1, 0x53d}, {0x6, 0x1, 0x0, 0x0, 0x1, 0x680}, {0x7, 0x0, 0x0, 0xcc6, 0x5f, 0xfffffff7}, {0x0, 0x2, 0xd03, 0x8, 0x2, 0x4}, {0xf1, 0x615, 0xff, 0x0, 0x8}, {0x0, 0x20, 0xffff}, {0xffff, 0x1, 0xb0c, 0x3, 0x7fff, 0xfffffffc}, {0xfffffc01, 0x80, 0x4, 0x0, 0x0, 0x6}, {0x2, 0x10000, 0x82, 0x0, 0x7, 0x5}, {0x0, 0x7ff, 0x0, 0x400, 0x0, 0x1}, {0x4, 0x0, 0xd0, 0x0, 0x8, 0x1000}, {0x5, 0x7, 0x0, 0x0, 0x0, 0x482}, {0x0, 0x1, 0x6, 0x9, 0x9, 0x7}, {0x401, 0x4, 0x0, 0x675b, 0x6}, {0x0, 0x1, 0x0, 0x100, 0x0, 0xffffffc0}, {0x0, 0x101, 0x20, 0xb72e, 0x26, 0x442c}, {0xcb, 0x4, 0xfffffff8, 0x6, 0x9, 0x2}, {0x7fffffff, 0x2, 0x0, 0x4, 0x0, 0x3ff}, {0x2, 0x1000, 0x0, 0x5, 0x8, 0x3}, {0x1, 0x0, 0x0, 0x80000001, 0x9, 0x200}, {0x0, 0x9, 0xfff, 0x80000000, 0x10000, 0x5}, {0x0, 0x0, 0x3ff, 0x8000, 0x81, 0x1}, {0x80, 0x9, 0x0, 0x4}, {0xc4, 0xfffffffd, 0x7, 0x9, 0xc2c5, 0x1}, {0x5, 0x6fc, 0x8, 0x0, 0xe0f, 0x3}, {0x40, 0x6b, 0x9, 0x5d4, 0x7, 0x8000}, {0x1f, 0x1000, 0x0, 0x1, 0x1, 0x9}, {0x7fffffff, 0x4, 0x9, 0x7, 0x6}, {0xfffffffc, 0x7, 0x0, 0x3ff, 0x5, 0x81}, {0x6, 0x8, 0x0, 0x10000, 0xffffffc0}, {0x81, 0xd2a0, 0x800, 0x0, 0x40, 0x2}, {0x40, 0x80000000, 0xea64, 0x76, 0x9}, {0x10000, 0x15bb, 0x9, 0x0, 0x6, 0x5}, {0x0, 0x0, 0x28, 0x2, 0x2, 0x6}, {0x1000, 0x7fff, 0x0, 0x3, 0x3, 0x9}, {0x10000, 0x20, 0x8, 0xd6, 0x7fffffff, 0x412}, {0x7, 0x0, 0xfff, 0x3, 0x9, 0xee}, {0x10001, 0x3f, 0x0, 0x0, 0x5a, 0x401}, {0x101, 0x1, 0x4634, 0x8000, 0x401}, {0x800, 0x1, 0x6, 0x80000001, 0x0, 0x501}, {0x4, 0x5, 0x3ff, 0x1, 0x3b96cc68}, {0x3, 0x1, 0x7d, 0xa3, 0x7, 0x8}, {0x0, 0x10001, 0x7, 0x6, 0x7ff, 0xffffff37}, {0x815, 0x0, 0x313b5531, 0x200, 0x1000, 0xffffffff}, {0x3ff, 0xa9b, 0x7, 0x80000000, 0xe0, 0x27}, {0x101, 0x800, 0x0, 0x1000, 0x79cc, 0x30}, {0x20, 0x0, 0x7, 0xfffffffa, 0x6, 0xcfef}, {0x1f, 0x5, 0x3, 0x1, 0xca62, 0x9}, {0x3, 0x1, 0x400, 0x9, 0xb2, 0x100}, {0x0, 0x3, 0x7, 0x2, 0x8, 0x2}, {0x3, 0xfffffffe, 0x5, 0xffffffff, 0x1, 0x9}, {0x4, 0x8, 0x4, 0x1, 0x3, 0xf9ee2af}, {0x8000, 0x9, 0x5, 0x5, 0x4, 0x2}, {0x5, 0x9, 0x9, 0x1, 0xffffff27, 0x40000000}, {0x4, 0x7, 0xb4000000, 0xeec, 0x7, 0x7}, {0x3, 0x3, 0x87, 0x401, 0x1, 0x80}, {0x5, 0x7, 0x10, 0x8, 0x3ff, 0x50}, {0xffff, 0x81, 0x20, 0x1, 0x80000000, 0x401}, {0x1, 0x400, 0xe4de, 0x7ff, 0x30000, 0x9}, {0x7fffffff, 0x400, 0x1, 0x6ee, 0x10000, 0x8}, {0x2, 0x4, 0x27bc, 0x0, 0x0, 0x5}, {0x5, 0x3f, 0x24d7, 0x2, 0x1000, 0xf46}, {0x1, 0x0, 0x80000001, 0x2, 0xffffff0a}, {0x1ff, 0x2, 0x1f, 0x7, 0x1, 0xf0f5}, {0x0, 0x1ff, 0xce, 0x20, 0x8}, {0x81, 0x433, 0x4, 0xda0, 0x7, 0x20000}, {0x2, 0xb42, 0x2, 0x0, 0xffffffff, 0x40}, {0x1ff, 0x1, 0x401, 0xa895, 0x20, 0x60f}, {0x0, 0xdf, 0x3, 0x6, 0x1, 0x8}, {0x8, 0x0, 0x3, 0x1, 0x7ff, 0x40}, {0xd, 0x1, 0x20, 0x0, 0x4, 0x9}, {0x1f, 0x0, 0x7, 0x9, 0x5f2, 0x191}, {0x6, 0x5, 0x8, 0x4, 0x8, 0xffff3b41}, {0x6, 0x2, 0x101, 0x0, 0x1, 0x7}, {0x49, 0x9, 0xc27, 0x5f1c, 0x80000001, 0x1}, {0xeae51292, 0xd3, 0x71e, 0x0, 0x55ba4723, 0x80000000}, {0x6, 0x64, 0x9, 0x19, 0x3, 0x3}, {0x6, 0x7ff, 0x2, 0x5, 0x450d}, {0x7fff, 0x7f, 0x400, 0x51f8, 0x20}, {0x81, 0x81, 0x7, 0x0, 0x5, 0xf3d}, {0x1f, 0x1, 0x3, 0x8, 0xdbd}, {0x5, 0x7fffffff, 0x4f35, 0x5, 0x5}, {0x3f, 0x7ce, 0x8, 0xcaa, 0x80000001, 0x1000}, {0x400, 0x5, 0x6, 0x7c0, 0x0, 0x2}, {0x80000000, 0x3, 0x6a8, 0x0, 0x1f, 0x10000}, {0x0, 0x20, 0x6, 0x1f, 0x7, 0x2}, {0x4, 0x3, 0xffffffb1, 0x5, 0x100, 0x3}, {0x6, 0x2, 0x9, 0x6, 0x1, 0x635}, {0xfffffff8, 0x9, 0x3, 0xd56, 0xa8, 0x8000}, {0x80000001, 0x34323ecc, 0x0, 0x4, 0x15, 0x7}, {0x1000, 0xfffffffb, 0x3f, 0x6, 0x100, 0x1}, {0x0, 0x80, 0x60d, 0x80, 0xa6, 0x3}, {0x2, 0x3ff, 0x606, 0xfffffeff, 0x1, 0x4}, {0x101, 0x0, 0x7, 0x200, 0x481b}, {0x1, 0xfffffffc, 0x800, 0x0, 0x0, 0x5}, {0x8, 0x6, 0x0, 0x80000001, 0x401, 0x1d}, {0x7fffffff, 0x1000, 0x1000, 0x8b0f, 0x6, 0x800}, {0x0, 0xfffff000, 0x2, 0x5, 0x10000, 0xf3}, {0xcb82, 0xc315, 0x6, 0x6, 0x5, 0x7fffffff}, {0x354f, 0x4, 0x7, 0x663d, 0xd31}], [{0x4}, {0x3}, {0x4}, {}, {0x2, 0x1}, {0x5, 0x1}, {}, {0x2}, {}, {0x3}, {0xd}, {}, {0x0, 0x1}, {}, {0x3}, {0x4, 0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x4}, {0x1}, {0x4, 0x1}, {0x5}, {0x0, 0x1}, {0x0, 0x1}, {0x1}, {}, {0x3, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {}, {0x0, 0x1}, {0x0, 0x1}, {}, {0x5}, {0x2}, {}, {0x6}, {}, {0x1, 0x1}, {0x4}, {0x0, 0x1}, {0x1}, {0x5, 0x1}, {0x4}, {0x4, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x4}, {0x0, 0x1}, {}, {0x0, 0x1}, {0x5}, {0x2}, {0x5}, {0x2, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x4}, {}, {0x3}, {0x5}, {0x3, 0x1}, {}, {}, {0x0, 0x1}, {0x4}, {0x1}, {0x1}, {0x5}, {0x3}, {0x0, 0x1}, {0x4}, {0x5}, {}, {}, {0x4}, {0x0, 0x1}, {}, {0x3}, {0x5, 0x1}, {0x1, 0x1}, {0x4}, {}, {0x0, 0x1}, {0x2, 0x1}, {0x1, 0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x5}, {}, {0x2}, {0x4}, {0x1, 0x1}, {0x3, 0x1}, {}, {}, {}, {0x5}, {0x2}, {0x7}, {0x0, 0x1}, {0x3, 0x1}, {0x5}, {0x2}, {0x5}, {}, {0x3, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {}, {}, {0x3}, {0x3, 0x1}, {0x1, 0x1}, {0x3, 0x1}, {0x1}, {0x5}, {0x1}, {0x1, 0x1}, {}, {0x0, 0x1}]}}, @TCA_PEDIT_KEYS_EX={0x30, 0x5, 0x0, 0x1, [{0x2c, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}]}]}]}, {0x1b, 0x6, "57d21079a8d2935764ec000d69b69144d534c379114c3e"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x3}}}}, @m_gact={0x6c, 0x1b, 0x0, 0x0, {{0x9}, {0x40, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x54, 0x0, 0x0, 0x7fff}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x1e6c, 0xffffffffcffffffd}}, @TCA_GACT_PARMS={0x18, 0x2, {0xffff0001, 0x4, 0x6, 0x8, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_ife={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x2, 0x9a10, 0x10000000, 0x3f4e, 0x7}, 0x1}}, @TCA_IFE_DMAC={0xa, 0x3, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x16}}]}, {0x4}, {0xc, 0x7, {0x1, 0x4936e90f20761ee1}}, {0xc}}}, @m_skbedit={0x68, 0x0, 0x0, 0x0, {{0xc}, {0x3c, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x5}, @TCA_SKBEDIT_PTYPE={0x6}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x401, 0x6, 0x1, 0x0, 0x200}}, @TCA_SKBEDIT_MARK={0x8}, @TCA_SKBEDIT_MARK={0x8, 0x5, 0x400}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}, @TCA_CGROUP_POLICE={0x4}, @TCA_CGROUP_EMATCHES={0xc, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8}]}]}}]}, 0x13b8}}, 0x4000000) 01:47:39 executing program 0: syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x6, 0x7, 0xa2, 0x10, 0x13b1, 0x18, 0x9a17, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x1c, 0x37, 0xd9, 0x0, [], [{{0x9, 0x5, 0x0, 0x3, 0x40}}, {{0x9, 0x5, 0x0, 0x2, 0x10}}]}}]}}]}}, 0x0) 01:47:39 executing program 4: clock_settime(0xab405b01d94ea4ab, &(0x7f0000000040)) [ 464.766646][ T6508] usb 3-1: new high-speed USB device number 5 using dummy_hcd 01:47:39 executing program 4: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000e00)={'syztnl1\x00', 0x0}) [ 464.882363][ T6665] 0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d 01:47:39 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={&(0x7f0000000000), 0xc, &(0x7f0000000140)={&(0x7f0000000100)=@ipv6_newroute={0x2c, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_PREF={0x5}, @RTA_ENCAP_TYPE={0x4}]}, 0x2c}}, 0x0) [ 465.016366][ T6508] usb 3-1: Using ep0 maxpacket: 16 [ 465.090242][ T8164] netlink: 'syz-executor.4': attribute type 21 has an invalid length. [ 465.106535][ T5169] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 465.123026][ T8150] loop3: detected capacity change from 0 to 8192 [ 465.125247][ T6665] 0-536866815: 01:47:39 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=@ipv6_newroute={0x24, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_METRICS={0x5, 0x8, 0x0, 0x1, 'x'}]}, 0x24}}, 0x0) [ 465.136789][ T6508] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 465.160605][ T6665] 0000000000000000 [ 465.166911][ T6508] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 465.193381][ T6665] 536866816-536870911: ffff888022f0e0e0 [ 465.209256][ T8150] syz-executor.3: attempt to access beyond end of device [ 465.209256][ T8150] loop3: rw=0, sector=64405, nr_sectors = 1 limit=8192 [ 465.231123][ T6508] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 465.243111][ T6665] 536870912-553627647: ffff888022f0e1c0 01:47:40 executing program 4: bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000013c0)={&(0x7f00000010c0)='netfs_failure\x00'}, 0x10) [ 465.285221][ T8150] Buffer I/O error on dev loop3, logical block 64405, async page read [ 465.298136][ T6665] 553627648-553635839: 0000000000000000 [ 465.338429][ T8150] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f) [ 465.352009][ T6665] 553635840-553627647: ffff8880272dc9a0 [ 465.366762][ T5169] usb 1-1: Using ep0 maxpacket: 16 [ 465.387416][ T6665] 553627648-553644031: ffff8880272dc8c0 [ 465.388287][ T8150] FAT-fs (loop3): Filesystem has been set read-only [ 465.426919][ T6508] usb 3-1: New USB device found, idVendor=13b1, idProduct=0018, bcdDevice=9a.17 [ 465.436105][ T6665] 553644032-553648127: ffff88807e16c7e0 [ 465.444689][ T6665] 553648128-553652223: ffff888022f0e2a0 [ 465.451344][ T8150] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f) [ 465.464139][ T6508] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 465.480766][ T6665] 553652224-116813594623: 0000000000000000 [ 465.487556][ T5169] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 465.501081][ T6508] usb 3-1: Product: syz [ 465.511440][ T5169] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 465.523783][ T6508] usb 3-1: Manufacturer: syz [ 465.531051][ T6665] 116813594624-116817788927: ffff888022f0e380 [ 465.544759][ T6508] usb 3-1: SerialNumber: syz [ 465.551100][ T8150] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f) [ 465.570771][ T6508] usb 3-1: config 0 descriptor?? [ 465.571576][ T6665] 116817788928-93825002663935: 0000000000000000 [ 465.606383][ T8150] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f) [ 465.614240][ T8150] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f) [ 465.615005][ T8139] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 465.622840][ T6665] 93825002663936-93825002803199: ffff888022f0e460 [ 465.636862][ T6665] 93825002803200-140548063096831: 0000000000000000 [ 465.643760][ T6665] 140548063096832-140548063100927: ffff888022f0e540 [ 465.651290][ T6665] 140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d [ 465.710011][ T8150] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f) [ 465.718193][ T8150] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f) [ 465.726159][ T8150] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f) [ 465.726631][ T5169] usb 1-1: New USB device found, idVendor=13b1, idProduct=0018, bcdDevice=9a.17 [ 465.734153][ T8150] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f) [ 465.751343][ T6665] 140548063100928-140548071489535: ffff888022f0e620 [ 465.758606][ T8150] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f) [ 465.766080][ T5169] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 465.766597][ T6665] 140548071489536-140548073586687: [ 465.775016][ T8150] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f) [ 465.780828][ T5169] usb 1-1: Product: syz [ 465.788756][ T6665] ffff888022f0e700 [ 465.806808][ T5169] usb 1-1: Manufacturer: syz [ 465.807631][ T6665] 140548073586688-140548075683839: [ 465.811419][ T5169] usb 1-1: SerialNumber: syz [ 465.823832][ T5169] usb 1-1: config 0 descriptor?? [ 465.827589][ T8150] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000fb0f) [ 465.845335][ T6665] ffff888022f0e7e0 01:47:40 executing program 1: r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) read$FUSE(r0, &(0x7f0000006540)={0x2020}, 0xfffffe55) syz_open_dev$mouse(&(0x7f0000002100), 0x0, 0x101000) [ 465.849327][ T27] audit: type=1800 audit(1673401660.658:71): pid=8150 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.3" name="file2" dev="loop3" ino=1048608 res=0 errno=0 [ 465.853896][ T6665] 140548075683840-140548077780991: [ 465.870258][ T8156] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 465.926708][ T6508] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 465.951002][ T6508] asix: probe of 3-1:0.0 failed with error -71 [ 465.976516][ T6665] ffff888022f0e8c0 [ 465.989396][ T6665] 140548077780992-140548079878143: ffff888022f0e9a0 [ 465.993299][ T6508] usb 3-1: USB disconnect, device number 5 [ 466.024799][ T6665] 140548079878144-140548084072447: ffff888022f0ea80 [ 466.048100][ T6665] 140548084072448-140548084219903: ffff888022f0eb60 [ 466.072034][ T6665] 140548084219904-140548084948991: ffff888022f0ec40 [ 466.095432][ T6665] 140548084948992-140548085284863: ffff888022f0ed20 [ 466.119500][ T6665] 140548085284864-140548085288959: 0000000000000000 [ 466.134663][ T6665] 140548085288960-140548085653503: ffff888022f0ee00 [ 466.140009][ T5169] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 466.148608][ T6665] 140548085653504-140548085690367: ffff888022f0eee0 [ 466.176929][ T5169] asix: probe of 1-1:0.0 failed with error -71 [ 466.181002][ T6665] 140548085690368-140548085710847: 0000000000000000 [ 466.199376][ T6665] 140548085710848-140548097556479: ffff88806b3de000 [ 466.225253][ T6665] 140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 466.228325][ T5169] usb 1-1: USB disconnect, device number 4 01:47:41 executing program 2: ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(0xffffffffffffffff, 0x40082102, 0x0) syz_clone(0x40108000, 0x0, 0x0, 0x0, &(0x7f0000000440), 0x0) 01:47:41 executing program 4: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{}, {0x28}]}) 01:47:41 executing program 5: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/net\x00') r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000000)={'ip6gre0\x00', &(0x7f0000000100)={'syztnl0\x00', 0x0, 0x2f, 0x20, 0x81, 0x80, 0x12, @empty, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80}}) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000002100)={'syztnl2\x00', &(0x7f0000002000)={'sit0\x00', 0x0, 0x10, 0x7800, 0x80000000, 0x9, {{0x1f, 0x4, 0x0, 0x1, 0x7c, 0x67, 0x0, 0x7, 0x2f, 0x0, @dev, @multicast1, {[@timestamp_addr={0x44, 0x4, 0x5d}, @ssrr={0x89, 0x1b, 0x13, [@local, @multicast2, @empty, @remote, @multicast1, @rand_addr=0x64010100]}, @rr={0x7, 0xb, 0x86, [@dev={0xac, 0x14, 0x14, 0x42}, @empty]}, @generic={0xc, 0xd, "9c49f7bd2331c6a109e599"}, @generic={0x7, 0x5, "27ec02"}, @rr={0x7, 0xf, 0x81, [@dev={0xac, 0x14, 0x14, 0x35}, @rand_addr=0x64010102, @broadcast]}, @ssrr={0x89, 0x1b, 0x23, [@rand_addr=0x64010101, @empty, @multicast2, @multicast1, @remote, @private=0xa010102]}]}}}}}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000240)={'syztnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', r3, 0x29, 0x10, 0x3, 0x8e, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x7, 0x40}}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001f80)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000001f40)={&(0x7f0000000400)=@newchain={0x13b8, 0x64, 0x200, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x0, 0x9}, {0xd, 0x3}, {0x0, 0x3}}, [@TCA_RATE={0x6, 0x5, {0x40, 0xc7}}, @filter_kind_options=@f_cgroup={{0xb}, {0x1380, 0x2, [@TCA_CGROUP_EMATCHES={0x38, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x3, 0x0, 0x0, {{0x0, 0x8, 0xfff}, {0x0, 0x3, 0x2}}}]}, @TCA_EMATCH_TREE_LIST={0x20, 0x2, 0x0, 0x1, [@TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{}, {0xe2, 0x1, 0x6, 0x8}}}]}]}, @TCA_CGROUP_ACT={0x1f4, 0x1, [@m_sample={0x40, 0xc, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x6}, @TCA_SAMPLE_RATE={0x8}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}, @m_csum={0x54, 0x9, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x7fff, 0x0, 0x0, 0x0, 0x6}, 0x79}}]}, {0xc, 0x6, "2d57f86517781551"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_nat={0xdc, 0xb, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0xffffffff, 0x693, 0x1, 0x2, 0x1}, @broadcast, @local, 0xffffff00, 0x1}}]}, {0x8a, 0x6, "4d157d7fcbde6a803a5259ebe7db131f1d53f8f03e5cc5f8331035364c284665e005268019b5eeee849285e196a43d66c9aaa7d472ee85018bec1b3584ea2cec59574e5969634f89ba4d7e761c706103f31aeeda50d45fc56ad58556203a1d125e63d1b846b67522f53dfc96bf3b535095259fccc9bffc55d2f36848f96c553516a6b02a2652"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1}}}}, @m_sample={0x80, 0x18, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_SAMPLE_RATE={0x8, 0x3, 0x3}, @TCA_SAMPLE_PSAMPLE_GROUP={0x8}]}, {0x41, 0x6, "1a79e57062a4e985f826bc2821235976ef354badbb759bb3533c1faaa702f9f20abfd6688adc445b3f44c992d215e1ccb80f97c1f604644782f3be3010"}, {0xc}, {0xc}}}]}, @TCA_CGROUP_ACT={0x1140, 0x1, [@m_ipt={0x14c, 0x0, 0x0, 0x0, {{0x8}, {0x110, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0x10b, 0x6, {0x800, 'filter\x00', 0xff, 0x2, "360df404a0a64bf029589d4e900a26065aa91775560cb49b6f5f54f3a9d10ab341b6ee335d0a62cf5e3746a13403832180d678d868390a62f5293912ca01e5c56968e456f4230058af3629306748d72ab7c375d7f0b82633d7e9d2526f2959a61328167d8554774f062cfab1f0d722ed548d79a254d95dc1faf7a2249e5b9fa9e4d5b81741c05270051674466b76be5b6a77a20d1972075cc8dc3ebe7aa0ca8622941263eebbd530cc8fded11e399d786e823a7769fefba71c2ba514ad3cd63a03eeca67f52fefe6202bac2219d299eda955962291c749b30f83c1fb8cf8b7aac9"}}]}, {0x18, 0x6, "afedfd9af8a4b80d42a5c72874a1dd766219480a"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_pedit={0xec8, 0x15, 0x0, 0x0, {{0xa}, {0xe84, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe50, 0x2, {{{0x3ff, 0x5, 0x20000000, 0x1, 0xfffffffb}, 0xf0, 0x24, [{0x0, 0x80000001, 0x5, 0x0, 0x5, 0x10001}, {0x0, 0x0, 0x96, 0x0, 0xfffff4d3}]}, [{0x0, 0x2, 0x8, 0x0, 0x0, 0x101}, {0x2, 0x1000, 0x28ac, 0x80, 0x7fffffff, 0x40}, {0x0, 0x0, 0x0, 0xffff, 0x2, 0x10001}, {0x1, 0x10000, 0x4, 0xff, 0x1, 0x7ff}, {0x1, 0x0, 0x2, 0x20, 0x2, 0x80000001}, {0x6, 0x8, 0x101, 0x4, 0xaeb, 0x6}, {0xc5, 0x7f, 0x400, 0x6, 0x1}, {0x2, 0x800, 0x1000000, 0x7, 0x3ff, 0x2}, {0x2, 0xfb2, 0x400, 0x4, 0x7, 0x6}, {0x0, 0x1, 0x5472, 0x40, 0x2, 0x2}, {0x0, 0x10001, 0xc96, 0x0, 0x7fff, 0x80000}, {0x0, 0xcd7f, 0x7, 0xe1, 0x0, 0x5e717d0d}, {0x0, 0x8, 0xde8, 0x0, 0xff28}, {0x7, 0xd4, 0x0, 0x5, 0x1, 0x661}, {0x0, 0x101, 0x0, 0x0, 0x7, 0x8}, {0x1e, 0x200, 0x1, 0x9, 0x101, 0xcfc8}, {0x0, 0xff, 0x0, 0x1, 0x2, 0x8001}, {0x40, 0xddc25b10, 0x8000, 0x9c85, 0x7fffffff, 0x5}, {0x9, 0x0, 0x4, 0xffff, 0x3, 0x9}, {0x7ff, 0x0, 0x1f, 0x4, 0x0, 0x8}, {0x3, 0x9, 0xdb08592, 0x8, 0xd1, 0x101}, {0x14d6, 0x0, 0xfff, 0x5, 0x212, 0x7}, {0xfffffffe, 0x9, 0xe, 0xff, 0x0, 0x4}, {0xff, 0x9, 0xffffffff, 0x800, 0x2, 0x8}, {0x1000, 0xe834, 0x72e2, 0x9}, {0x1, 0xc6a6, 0x7fffffff, 0x0, 0x3f}, {0x80000000, 0x3, 0x2, 0x1, 0xe, 0x1f}, {0x0, 0x0, 0x2, 0x7, 0x7, 0x81}, {0x0, 0xbbf, 0x0, 0x1, 0x53d}, {0x6, 0x1, 0x0, 0x0, 0x1, 0x680}, {0x7, 0x0, 0x0, 0xcc6, 0x5f, 0xfffffff7}, {0x0, 0x2, 0xd03, 0x8, 0x2, 0x4}, {0xf1, 0x615, 0xff, 0x0, 0x8}, {0x0, 0x20, 0xffff}, {0xffff, 0x1, 0xb0c, 0x3, 0x7fff, 0xfffffffc}, {0xfffffc01, 0x80, 0x4, 0x0, 0x0, 0x6}, {0x2, 0x10000, 0x82, 0x0, 0x7, 0x5}, {0x0, 0x7ff, 0x0, 0x400, 0x0, 0x1}, {0x4, 0x0, 0xd0, 0x0, 0x8, 0x1000}, {0x5, 0x7, 0x0, 0x0, 0x0, 0x482}, {0x0, 0x1, 0x6, 0x9, 0x9, 0x7}, {0x401, 0x4, 0x0, 0x675b, 0x6}, {0x0, 0x1, 0x0, 0x100, 0x0, 0xffffffc0}, {0x0, 0x101, 0x20, 0xb72e, 0x26, 0x442c}, {0xcb, 0x4, 0xfffffff8, 0x6, 0x9, 0x2}, {0x7fffffff, 0x2, 0x0, 0x4, 0x0, 0x3ff}, {0x2, 0x1000, 0x0, 0x5, 0x8, 0x3}, {0x1, 0x0, 0x0, 0x80000001, 0x9, 0x200}, {0x0, 0x9, 0xfff, 0x80000000, 0x10000, 0x5}, {0x0, 0x0, 0x3ff, 0x8000, 0x81, 0x1}, {0x80, 0x9, 0x0, 0x4}, {0xc4, 0xfffffffd, 0x7, 0x9, 0xc2c5, 0x1}, {0x5, 0x6fc, 0x8, 0x0, 0xe0f, 0x3}, {0x40, 0x6b, 0x9, 0x5d4, 0x7, 0x8000}, {0x1f, 0x1000, 0x0, 0x1, 0x1, 0x9}, {0x7fffffff, 0x4, 0x9, 0x7, 0x6}, {0xfffffffc, 0x7, 0x0, 0x3ff, 0x5, 0x81}, {0x6, 0x8, 0x0, 0x10000, 0xffffffc0}, {0x81, 0xd2a0, 0x800, 0x0, 0x40, 0x2}, {0x40, 0x80000000, 0xea64, 0x76, 0x9}, {0x10000, 0x15bb, 0x9, 0x0, 0x6, 0x5}, {0x0, 0x0, 0x28, 0x2, 0x2, 0x6}, {0x1000, 0x7fff, 0x0, 0x3, 0x3, 0x9}, {0x10000, 0x20, 0x8, 0xd6, 0x7fffffff, 0x412}, {0x7, 0x0, 0xfff, 0x3, 0x9, 0xee}, {0x10001, 0x3f, 0x0, 0x0, 0x5a, 0x401}, {0x101, 0x1, 0x4634, 0x8000, 0x401}, {0x800, 0x1, 0x6, 0x80000001, 0x0, 0x501}, {0x4, 0x5, 0x3ff, 0x1, 0x3b96cc68}, {0x3, 0x1, 0x7d, 0xa3, 0x7, 0x8}, {0x0, 0x10001, 0x7, 0x6, 0x7ff, 0xffffff37}, {0x815, 0x0, 0x313b5531, 0x200, 0x1000, 0xffffffff}, {0x3ff, 0xa9b, 0x7, 0x80000000, 0xe0, 0x27}, {0x101, 0x800, 0x0, 0x1000, 0x79cc, 0x30}, {0x20, 0x0, 0x7, 0xfffffffa, 0x6, 0xcfef}, {0x1f, 0x5, 0x3, 0x1, 0xca62, 0x9}, {0x3, 0x1, 0x400, 0x9, 0xb2, 0x100}, {0x0, 0x3, 0x7, 0x2, 0x8, 0x2}, {0x3, 0xfffffffe, 0x5, 0xffffffff, 0x1, 0x9}, {0x4, 0x8, 0x4, 0x1, 0x3, 0xf9ee2af}, {0x8000, 0x9, 0x5, 0x5, 0x4, 0x2}, {0x5, 0x9, 0x9, 0x1, 0xffffff27, 0x40000000}, {0x4, 0x7, 0xb4000000, 0xeec, 0x7, 0x7}, {0x3, 0x3, 0x87, 0x401, 0x1, 0x80}, {0x5, 0x7, 0x10, 0x8, 0x3ff, 0x50}, {0xffff, 0x81, 0x20, 0x1, 0x80000000, 0x401}, {0x1, 0x400, 0xe4de, 0x7ff, 0x30000, 0x9}, {0x7fffffff, 0x400, 0x1, 0x6ee, 0x10000, 0x8}, {0x2, 0x4, 0x27bc, 0x0, 0x0, 0x5}, {0x5, 0x3f, 0x24d7, 0x2, 0x1000, 0xf46}, {0x1, 0x0, 0x80000001, 0x2, 0xffffff0a}, {0x1ff, 0x2, 0x1f, 0x7, 0x1, 0xf0f5}, {0x0, 0x1ff, 0xce, 0x20, 0x8}, {0x81, 0x433, 0x4, 0xda0, 0x7, 0x20000}, {0x2, 0xb42, 0x2, 0x0, 0xffffffff, 0x40}, {0x1ff, 0x1, 0x401, 0xa895, 0x20, 0x60f}, {0x0, 0xdf, 0x3, 0x6, 0x1, 0x8}, {0x8, 0x0, 0x3, 0x1, 0x7ff, 0x40}, {0xd, 0x1, 0x20, 0x0, 0x4, 0x9}, {0x1f, 0x0, 0x7, 0x9, 0x5f2, 0x191}, {0x6, 0x5, 0x8, 0x4, 0x8, 0xffff3b41}, {0x6, 0x2, 0x101, 0x0, 0x1, 0x7}, {0x49, 0x9, 0xc27, 0x5f1c, 0x80000001, 0x1}, {0xeae51292, 0xd3, 0x71e, 0x0, 0x55ba4723, 0x80000000}, {0x6, 0x64, 0x9, 0x19, 0x3, 0x3}, {0x6, 0x7ff, 0x2, 0x5, 0x450d}, {0x7fff, 0x7f, 0x400, 0x51f8, 0x20}, {0x81, 0x81, 0x7, 0x0, 0x5, 0xf3d}, {0x1f, 0x1, 0x3, 0x8, 0xdbd}, {0x5, 0x7fffffff, 0x4f35, 0x5, 0x5}, {0x3f, 0x7ce, 0x8, 0xcaa, 0x80000001, 0x1000}, {0x400, 0x5, 0x6, 0x7c0, 0x0, 0x2}, {0x80000000, 0x3, 0x6a8, 0x0, 0x1f, 0x10000}, {0x0, 0x20, 0x6, 0x1f, 0x7, 0x2}, {0x4, 0x3, 0xffffffb1, 0x5, 0x100, 0x3}, {0x6, 0x2, 0x9, 0x6, 0x1, 0x635}, {0xfffffff8, 0x9, 0x3, 0xd56, 0xa8, 0x8000}, {0x80000001, 0x34323ecc, 0x0, 0x4, 0x15, 0x7}, {0x1000, 0xfffffffb, 0x3f, 0x6, 0x100, 0x1}, {0x0, 0x80, 0x60d, 0x80, 0xa6, 0x3}, {0x2, 0x3ff, 0x606, 0xfffffeff, 0x1, 0x4}, {0x101, 0x0, 0x7, 0x200, 0x481b}, {0x1, 0xfffffffc, 0x800, 0x0, 0x0, 0x5}, {0x8, 0x6, 0x0, 0x80000001, 0x401, 0x1d}, {0x7fffffff, 0x1000, 0x1000, 0x8b0f, 0x6, 0x800}, {0x0, 0xfffff000, 0x2, 0x5, 0x10000, 0xf3}, {0xcb82, 0xc315, 0x6, 0x6, 0x5, 0x7fffffff}, {0x354f, 0x4, 0x7, 0x663d, 0xd31}], [{0x4}, {0x3}, {0x4}, {}, {0x2, 0x1}, {0x5, 0x1}, {}, {0x2}, {}, {0x3}, {0xd}, {}, {0x0, 0x1}, {}, {0x3}, {0x4, 0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x4}, {0x1}, {0x4, 0x1}, {0x5}, {0x0, 0x1}, {0x0, 0x1}, {0x1}, {}, {0x3, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {}, {0x0, 0x1}, {0x0, 0x1}, {}, {0x5}, {0x2}, {}, {0x6}, {}, {0x1, 0x1}, {0x4}, {0x0, 0x1}, {0x1}, {0x5, 0x1}, {0x4}, {0x4, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x4}, {0x0, 0x1}, {}, {0x0, 0x1}, {0x5}, {0x2}, {0x5}, {0x2, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x4}, {}, {0x3}, {0x5}, {0x3, 0x1}, {}, {}, {0x0, 0x1}, {0x4}, {0x1}, {0x1}, {0x5}, {0x3}, {0x0, 0x1}, {0x4}, {0x5}, {}, {}, {0x4}, {0x0, 0x1}, {}, {0x3}, {0x5, 0x1}, {0x1, 0x1}, {0x4}, {}, {0x0, 0x1}, {0x2, 0x1}, {0x1, 0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x5}, {}, {0x2}, {0x4}, {0x1, 0x1}, {0x3, 0x1}, {}, {}, {}, {0x5}, {0x2}, {0x7}, {0x0, 0x1}, {0x3, 0x1}, {0x5}, {0x2}, {0x5}, {}, {0x3, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {}, {}, {0x3}, {0x3, 0x1}, {0x1, 0x1}, {0x3, 0x1}, {0x1}, {0x5}, {0x1}, {0x1, 0x1}, {}, {0x0, 0x1}]}}, @TCA_PEDIT_KEYS_EX={0x30, 0x5, 0x0, 0x1, [{0x2c, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}]}]}]}, {0x1b, 0x6, "57d21079a8d2935764ec000d69b69144d534c379114c3e"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x3}}}}, @m_gact={0x6c, 0x1b, 0x0, 0x0, {{0x9}, {0x40, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x54, 0x0, 0x0, 0x7fff}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x1e6c, 0xffffffffcffffffd}}, @TCA_GACT_PARMS={0x18, 0x2, {0xffff0001, 0x4, 0x6, 0x8, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_ife={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x2, 0x9a10, 0x10000000, 0x3f4e, 0x7}, 0x1}}, @TCA_IFE_DMAC={0xa, 0x3, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x16}}]}, {0x4}, {0xc, 0x7, {0x1, 0x4936e90f20761ee1}}, {0xc}}}, @m_skbedit={0x68, 0x0, 0x0, 0x0, {{0xc}, {0x3c, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x5}, @TCA_SKBEDIT_PTYPE={0x6}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x401, 0x6, 0x1, 0x0, 0x200}}, @TCA_SKBEDIT_MARK={0x8}, @TCA_SKBEDIT_MARK={0x8, 0x5, 0x400}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}, @TCA_CGROUP_POLICE={0x4}, @TCA_CGROUP_EMATCHES={0xc, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8}]}]}}]}, 0x13b8}}, 0x4000000) 01:47:41 executing program 3: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/net\x00') r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000000)={'ip6gre0\x00', &(0x7f0000000100)={'syztnl0\x00', 0x0, 0x2f, 0x20, 0x81, 0x80, 0x12, @empty, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80}}) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000002100)={'syztnl2\x00', &(0x7f0000002000)={'sit0\x00', 0x0, 0x10, 0x7800, 0x80000000, 0x9, {{0x1f, 0x4, 0x0, 0x1, 0x7c, 0x67, 0x0, 0x7, 0x2f, 0x0, @dev, @multicast1, {[@timestamp_addr={0x44, 0x4, 0x5d}, @ssrr={0x89, 0x1b, 0x13, [@local, @multicast2, @empty, @remote, @multicast1, @rand_addr=0x64010100]}, @rr={0x7, 0xb, 0x86, [@dev={0xac, 0x14, 0x14, 0x42}, @empty]}, @generic={0xc, 0xd, "9c49f7bd2331c6a109e599"}, @generic={0x7, 0x5, "27ec02"}, @rr={0x7, 0xf, 0x81, [@dev={0xac, 0x14, 0x14, 0x35}, @rand_addr=0x64010102, @broadcast]}, @ssrr={0x89, 0x1b, 0x23, [@rand_addr=0x64010101, @empty, @multicast2, @multicast1, @remote, @private=0xa010102]}]}}}}}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000240)={'syztnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', r3, 0x29, 0x10, 0x3, 0x8e, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x7, 0x40}}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001f80)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000001f40)={&(0x7f0000000400)=@newchain={0x13b8, 0x64, 0x200, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x0, 0x9}, {0xd, 0x3}, {0x0, 0x3}}, [@TCA_RATE={0x6, 0x5, {0x40, 0xc7}}, @filter_kind_options=@f_cgroup={{0xb}, {0x1380, 0x2, [@TCA_CGROUP_EMATCHES={0x38, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x3, 0x0, 0x0, {{0x0, 0x8, 0xfff}, {0x0, 0x3, 0x2}}}]}, @TCA_EMATCH_TREE_LIST={0x20, 0x2, 0x0, 0x1, [@TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{}, {0xe2, 0x1, 0x6, 0x8}}}]}]}, @TCA_CGROUP_ACT={0x1f4, 0x1, [@m_sample={0x40, 0xc, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x6}, @TCA_SAMPLE_RATE={0x8}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}, @m_csum={0x54, 0x9, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x7fff, 0x0, 0x0, 0x0, 0x6}, 0x79}}]}, {0xc, 0x6, "2d57f86517781551"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_nat={0xdc, 0xb, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0xffffffff, 0x693, 0x1, 0x2, 0x1}, @broadcast, @local, 0xffffff00, 0x1}}]}, {0x8a, 0x6, "4d157d7fcbde6a803a5259ebe7db131f1d53f8f03e5cc5f8331035364c284665e005268019b5eeee849285e196a43d66c9aaa7d472ee85018bec1b3584ea2cec59574e5969634f89ba4d7e761c706103f31aeeda50d45fc56ad58556203a1d125e63d1b846b67522f53dfc96bf3b535095259fccc9bffc55d2f36848f96c553516a6b02a2652"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1}}}}, @m_sample={0x80, 0x18, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_SAMPLE_RATE={0x8, 0x3, 0x3}, @TCA_SAMPLE_PSAMPLE_GROUP={0x8}]}, {0x41, 0x6, "1a79e57062a4e985f826bc2821235976ef354badbb759bb3533c1faaa702f9f20abfd6688adc445b3f44c992d215e1ccb80f97c1f604644782f3be3010"}, {0xc}, {0xc}}}]}, @TCA_CGROUP_ACT={0x1140, 0x1, [@m_ipt={0x14c, 0x0, 0x0, 0x0, {{0x8}, {0x110, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0x10b, 0x6, {0x800, 'filter\x00', 0xff, 0x2, "360df404a0a64bf029589d4e900a26065aa91775560cb49b6f5f54f3a9d10ab341b6ee335d0a62cf5e3746a13403832180d678d868390a62f5293912ca01e5c56968e456f4230058af3629306748d72ab7c375d7f0b82633d7e9d2526f2959a61328167d8554774f062cfab1f0d722ed548d79a254d95dc1faf7a2249e5b9fa9e4d5b81741c05270051674466b76be5b6a77a20d1972075cc8dc3ebe7aa0ca8622941263eebbd530cc8fded11e399d786e823a7769fefba71c2ba514ad3cd63a03eeca67f52fefe6202bac2219d299eda955962291c749b30f83c1fb8cf8b7aac9"}}]}, {0x18, 0x6, "afedfd9af8a4b80d42a5c72874a1dd766219480a"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_pedit={0xec8, 0x15, 0x0, 0x0, {{0xa}, {0xe84, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe50, 0x2, {{{0x3ff, 0x5, 0x20000000, 0x1, 0xfffffffb}, 0xf0, 0x24, [{0x0, 0x80000001, 0x5, 0x0, 0x5, 0x10001}, {0x0, 0x0, 0x96, 0x0, 0xfffff4d3}]}, [{0x0, 0x2, 0x8, 0x0, 0x0, 0x101}, {0x2, 0x1000, 0x28ac, 0x80, 0x7fffffff, 0x40}, {0x0, 0x0, 0x0, 0xffff, 0x2, 0x10001}, {0x1, 0x10000, 0x4, 0xff, 0x1, 0x7ff}, {0x1, 0x0, 0x2, 0x20, 0x2, 0x80000001}, {0x6, 0x8, 0x101, 0x4, 0xaeb, 0x6}, {0xc5, 0x7f, 0x400, 0x6, 0x1}, {0x2, 0x800, 0x1000000, 0x7, 0x3ff, 0x2}, {0x2, 0xfb2, 0x400, 0x4, 0x7, 0x6}, {0x0, 0x1, 0x5472, 0x40, 0x2, 0x2}, {0x0, 0x10001, 0xc96, 0x0, 0x7fff, 0x80000}, {0x0, 0xcd7f, 0x7, 0xe1, 0x0, 0x5e717d0d}, {0x0, 0x8, 0xde8, 0x0, 0xff28}, {0x7, 0xd4, 0x0, 0x5, 0x1, 0x661}, {0x0, 0x101, 0x0, 0x0, 0x7, 0x8}, {0x1e, 0x200, 0x1, 0x9, 0x101, 0xcfc8}, {0x0, 0xff, 0x0, 0x1, 0x2, 0x8001}, {0x40, 0xddc25b10, 0x8000, 0x9c85, 0x7fffffff, 0x5}, {0x9, 0x0, 0x4, 0xffff, 0x3, 0x9}, {0x7ff, 0x0, 0x1f, 0x4, 0x0, 0x8}, {0x3, 0x9, 0xdb08592, 0x8, 0xd1, 0x101}, {0x14d6, 0x0, 0xfff, 0x5, 0x212, 0x7}, {0xfffffffe, 0x9, 0xe, 0xff, 0x0, 0x4}, {0xff, 0x9, 0xffffffff, 0x800, 0x2, 0x8}, {0x1000, 0xe834, 0x72e2, 0x9}, {0x1, 0xc6a6, 0x7fffffff, 0x0, 0x3f}, {0x80000000, 0x3, 0x2, 0x1, 0xe, 0x1f}, {0x0, 0x0, 0x2, 0x7, 0x7, 0x81}, {0x0, 0xbbf, 0x0, 0x1, 0x53d}, {0x6, 0x1, 0x0, 0x0, 0x1, 0x680}, {0x7, 0x0, 0x0, 0xcc6, 0x5f, 0xfffffff7}, {0x0, 0x2, 0xd03, 0x8, 0x2, 0x4}, {0xf1, 0x615, 0xff, 0x0, 0x8}, {0x0, 0x20, 0xffff}, {0xffff, 0x1, 0xb0c, 0x3, 0x7fff, 0xfffffffc}, {0xfffffc01, 0x80, 0x4, 0x0, 0x0, 0x6}, {0x2, 0x10000, 0x82, 0x0, 0x7, 0x5}, {0x0, 0x7ff, 0x0, 0x400, 0x0, 0x1}, {0x4, 0x0, 0xd0, 0x0, 0x8, 0x1000}, {0x5, 0x7, 0x0, 0x0, 0x0, 0x482}, {0x0, 0x1, 0x6, 0x9, 0x9, 0x7}, {0x401, 0x4, 0x0, 0x675b, 0x6}, {0x0, 0x1, 0x0, 0x100, 0x0, 0xffffffc0}, {0x0, 0x101, 0x20, 0xb72e, 0x26, 0x442c}, {0xcb, 0x4, 0xfffffff8, 0x6, 0x9, 0x2}, {0x7fffffff, 0x2, 0x0, 0x4, 0x0, 0x3ff}, {0x2, 0x1000, 0x0, 0x5, 0x8, 0x3}, {0x1, 0x0, 0x0, 0x80000001, 0x9, 0x200}, {0x0, 0x9, 0xfff, 0x80000000, 0x10000, 0x5}, {0x0, 0x0, 0x3ff, 0x8000, 0x81, 0x1}, {0x80, 0x9, 0x0, 0x4}, {0xc4, 0xfffffffd, 0x7, 0x9, 0xc2c5, 0x1}, {0x5, 0x6fc, 0x8, 0x0, 0xe0f, 0x3}, {0x40, 0x6b, 0x9, 0x5d4, 0x7, 0x8000}, {0x1f, 0x1000, 0x0, 0x1, 0x1, 0x9}, {0x7fffffff, 0x4, 0x9, 0x7, 0x6}, {0xfffffffc, 0x7, 0x0, 0x3ff, 0x5, 0x81}, {0x6, 0x8, 0x0, 0x10000, 0xffffffc0}, {0x81, 0xd2a0, 0x800, 0x0, 0x40, 0x2}, {0x40, 0x80000000, 0xea64, 0x76, 0x9}, {0x10000, 0x15bb, 0x9, 0x0, 0x6, 0x5}, {0x0, 0x0, 0x28, 0x2, 0x2, 0x6}, {0x1000, 0x7fff, 0x0, 0x3, 0x3, 0x9}, {0x10000, 0x20, 0x8, 0xd6, 0x7fffffff, 0x412}, {0x7, 0x0, 0xfff, 0x3, 0x9, 0xee}, {0x10001, 0x3f, 0x0, 0x0, 0x5a, 0x401}, {0x101, 0x1, 0x4634, 0x8000, 0x401}, {0x800, 0x1, 0x6, 0x80000001, 0x0, 0x501}, {0x4, 0x5, 0x3ff, 0x1, 0x3b96cc68}, {0x3, 0x1, 0x7d, 0xa3, 0x7, 0x8}, {0x0, 0x10001, 0x7, 0x6, 0x7ff, 0xffffff37}, {0x815, 0x0, 0x313b5531, 0x200, 0x1000, 0xffffffff}, {0x3ff, 0xa9b, 0x7, 0x80000000, 0xe0, 0x27}, {0x101, 0x800, 0x0, 0x1000, 0x79cc, 0x30}, {0x20, 0x0, 0x7, 0xfffffffa, 0x6, 0xcfef}, {0x1f, 0x5, 0x3, 0x1, 0xca62, 0x9}, {0x3, 0x1, 0x400, 0x9, 0xb2, 0x100}, {0x0, 0x3, 0x7, 0x2, 0x8, 0x2}, {0x3, 0xfffffffe, 0x5, 0xffffffff, 0x1, 0x9}, {0x4, 0x8, 0x4, 0x1, 0x3, 0xf9ee2af}, {0x8000, 0x9, 0x5, 0x5, 0x4, 0x2}, {0x5, 0x9, 0x9, 0x1, 0xffffff27, 0x40000000}, {0x4, 0x7, 0xb4000000, 0xeec, 0x7, 0x7}, {0x3, 0x3, 0x87, 0x401, 0x1, 0x80}, {0x5, 0x7, 0x10, 0x8, 0x3ff, 0x50}, {0xffff, 0x81, 0x20, 0x1, 0x80000000, 0x401}, {0x1, 0x400, 0xe4de, 0x7ff, 0x30000, 0x9}, {0x7fffffff, 0x400, 0x1, 0x6ee, 0x10000, 0x8}, {0x2, 0x4, 0x27bc, 0x0, 0x0, 0x5}, {0x5, 0x3f, 0x24d7, 0x2, 0x1000, 0xf46}, {0x1, 0x0, 0x80000001, 0x2, 0xffffff0a}, {0x1ff, 0x2, 0x1f, 0x7, 0x1, 0xf0f5}, {0x0, 0x1ff, 0xce, 0x20, 0x8}, {0x81, 0x433, 0x4, 0xda0, 0x7, 0x20000}, {0x2, 0xb42, 0x2, 0x0, 0xffffffff, 0x40}, {0x1ff, 0x1, 0x401, 0xa895, 0x20, 0x60f}, {0x0, 0xdf, 0x3, 0x6, 0x1, 0x8}, {0x8, 0x0, 0x3, 0x1, 0x7ff, 0x40}, {0xd, 0x1, 0x20, 0x0, 0x4, 0x9}, {0x1f, 0x0, 0x7, 0x9, 0x5f2, 0x191}, {0x6, 0x5, 0x8, 0x4, 0x8, 0xffff3b41}, {0x6, 0x2, 0x101, 0x0, 0x1, 0x7}, {0x49, 0x9, 0xc27, 0x5f1c, 0x80000001, 0x1}, {0xeae51292, 0xd3, 0x71e, 0x0, 0x55ba4723, 0x80000000}, {0x6, 0x64, 0x9, 0x19, 0x3, 0x3}, {0x6, 0x7ff, 0x2, 0x5, 0x450d}, {0x7fff, 0x7f, 0x400, 0x51f8, 0x20}, {0x81, 0x81, 0x7, 0x0, 0x5, 0xf3d}, {0x1f, 0x1, 0x3, 0x8, 0xdbd}, {0x5, 0x7fffffff, 0x4f35, 0x5, 0x5}, {0x3f, 0x7ce, 0x8, 0xcaa, 0x80000001, 0x1000}, {0x400, 0x5, 0x6, 0x7c0, 0x0, 0x2}, {0x80000000, 0x3, 0x6a8, 0x0, 0x1f, 0x10000}, {0x0, 0x20, 0x6, 0x1f, 0x7, 0x2}, {0x4, 0x3, 0xffffffb1, 0x5, 0x100, 0x3}, {0x6, 0x2, 0x9, 0x6, 0x1, 0x635}, {0xfffffff8, 0x9, 0x3, 0xd56, 0xa8, 0x8000}, {0x80000001, 0x34323ecc, 0x0, 0x4, 0x15, 0x7}, {0x1000, 0xfffffffb, 0x3f, 0x6, 0x100, 0x1}, {0x0, 0x80, 0x60d, 0x80, 0xa6, 0x3}, {0x2, 0x3ff, 0x606, 0xfffffeff, 0x1, 0x4}, {0x101, 0x0, 0x7, 0x200, 0x481b}, {0x1, 0xfffffffc, 0x800, 0x0, 0x0, 0x5}, {0x8, 0x6, 0x0, 0x80000001, 0x401, 0x1d}, {0x7fffffff, 0x1000, 0x1000, 0x8b0f, 0x6, 0x800}, {0x0, 0xfffff000, 0x2, 0x5, 0x10000, 0xf3}, {0xcb82, 0xc315, 0x6, 0x6, 0x5, 0x7fffffff}, {0x354f, 0x4, 0x7, 0x663d, 0xd31}], [{0x4}, {0x3}, {0x4}, {}, {0x2, 0x1}, {0x5, 0x1}, {}, {0x2}, {}, {0x3}, {0xd}, {}, {0x0, 0x1}, {}, {0x3}, {0x4, 0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x4}, {0x1}, {0x4, 0x1}, {0x5}, {0x0, 0x1}, {0x0, 0x1}, {0x1}, {}, {0x3, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {}, {0x0, 0x1}, {0x0, 0x1}, {}, {0x5}, {0x2}, {}, {0x6}, {}, {0x1, 0x1}, {0x4}, {0x0, 0x1}, {0x1}, {0x5, 0x1}, {0x4}, {0x4, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x4}, {0x0, 0x1}, {}, {0x0, 0x1}, {0x5}, {0x2}, {0x5}, {0x2, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x4}, {}, {0x3}, {0x5}, {0x3, 0x1}, {}, {}, {0x0, 0x1}, {0x4}, {0x1}, {0x1}, {0x5}, {0x3}, {0x0, 0x1}, {0x4}, {0x5}, {}, {}, {0x4}, {0x0, 0x1}, {}, {0x3}, {0x5, 0x1}, {0x1, 0x1}, {0x4}, {}, {0x0, 0x1}, {0x2, 0x1}, {0x1, 0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x5}, {}, {0x2}, {0x4}, {0x1, 0x1}, {0x3, 0x1}, {}, {}, {}, {0x5}, {0x2}, {0x7}, {0x0, 0x1}, {0x3, 0x1}, {0x5}, {0x2}, {0x5}, {}, {0x3, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {}, {}, {0x3}, {0x3, 0x1}, {0x1, 0x1}, {0x3, 0x1}, {0x1}, {0x5}, {0x1}, {0x1, 0x1}, {}, {0x0, 0x1}]}}, @TCA_PEDIT_KEYS_EX={0x30, 0x5, 0x0, 0x1, [{0x2c, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}]}]}]}, {0x1b, 0x6, "57d21079a8d2935764ec000d69b69144d534c379114c3e"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x3}}}}, @m_gact={0x6c, 0x1b, 0x0, 0x0, {{0x9}, {0x40, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x54, 0x0, 0x0, 0x7fff}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x1e6c, 0xffffffffcffffffd}}, @TCA_GACT_PARMS={0x18, 0x2, {0xffff0001, 0x4, 0x6, 0x8, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_ife={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x2, 0x9a10, 0x10000000, 0x3f4e, 0x7}, 0x1}}, @TCA_IFE_DMAC={0xa, 0x3, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x16}}]}, {0x4}, {0xc, 0x7, {0x1, 0x4936e90f20761ee1}}, {0xc}}}, @m_skbedit={0x68, 0x0, 0x0, 0x0, {{0xc}, {0x3c, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x5}, @TCA_SKBEDIT_PTYPE={0x6}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x401, 0x6, 0x1, 0x0, 0x200}}, @TCA_SKBEDIT_MARK={0x8}, @TCA_SKBEDIT_MARK={0x8, 0x5, 0x400}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}, @TCA_CGROUP_POLICE={0x4}, @TCA_CGROUP_EMATCHES={0xc, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8}]}]}}]}, 0x13b8}}, 0x4000000) [ 466.397181][ T6665] 140548097556480-140548097601535: 0000000000000000 [ 466.404184][ T6665] 140548097601536-140548097605631: ffff88806b3de460 01:47:41 executing program 4: syz_clone(0x40108000, &(0x7f0000000380), 0x0, 0x0, 0x0, 0x0) [ 466.477436][ T6665] 140548097605632-140548097736703: ffff88806b3de380 [ 466.538797][ T6665] 140548097736704-140735437164543: 0000000000000000 [ 466.577762][ T6665] 140735437164544-140735437299711: ffff88806b3de0e0 01:47:41 executing program 0: syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x6, 0x7, 0xa2, 0x10, 0x13b1, 0x18, 0x9a17, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x1c, 0x37, 0xd9, 0x0, [], [{{0x9, 0x5, 0x0, 0x3, 0x40}}, {{0x9, 0x5, 0x0, 0x2, 0x10}}]}}]}}]}}, 0x0) [ 466.645641][ T6665] 140735437299712-140735437316095: 0000000000000000 [ 466.706690][ T6665] 140735437316096-140735437332479: ffff88806b3de1c0 [ 466.769524][ T6665] 140735437332480-140735437340671: ffff88806b3de2a0 [ 466.832523][ T6665] 140735437340672-18446744073709551615: 0000000000000000 [ 466.872982][ T6665] Pass: 10063470 Run:10063608 [ 466.894378][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 [ 466.904236][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 466.914319][ T6665] Call Trace: [ 466.917625][ T6665] [ 466.920586][ T6665] dump_stack_lvl+0xd1/0x138 [ 466.925234][ T6665] mt_find.cold+0x8b/0x90 [ 466.929617][ T6665] ? mas_find+0x1d0/0x1d0 [ 466.934018][ T6665] find_vma+0x10c/0x1b0 [ 466.938214][ T6665] ? can_vma_merge_before+0x390/0x390 [ 466.943640][ T6665] ? walk_page_test+0x78/0x180 [ 466.948476][ T6665] walk_page_range+0x2b1/0x4a0 [ 466.953294][ T6665] ? __walk_page_range+0x780/0x780 [ 466.958461][ T6665] mlock_fixup+0x650/0x810 [ 466.962921][ T6665] apply_vma_lock_flags+0x23d/0x350 [ 466.968154][ T6665] ? mlock_fixup+0x810/0x810 [ 466.972790][ T6665] ? __ia32_sys_get_robust_list+0x400/0x400 [ 466.978726][ T6665] do_mlock+0x25a/0x6d0 [ 466.982918][ T6665] ? folio_evictable+0x270/0x270 [ 466.987899][ T6665] ? syscall_enter_from_user_mode+0x26/0xb0 [ 466.993821][ T6665] __x64_sys_mlock+0x59/0x80 [ 466.998429][ T6665] do_syscall_64+0x39/0xb0 [ 467.002874][ T6665] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 467.008789][ T6665] RIP: 0033:0x7fd3e6a8c0c9 [ 467.013223][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 467.032848][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 467.041285][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9 [ 467.049272][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000 [ 467.057255][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000 [ 467.065240][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 467.073231][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000 [ 467.081240][ T6665] 01:47:41 executing program 1: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/net\x00') r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000000)={'ip6gre0\x00', &(0x7f0000000100)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x12, @empty, @private2, 0x0, 0x0, 0xb079}}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000240)={'syztnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', r3, 0x29, 0x10, 0x3, 0x8e, 0xd, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x7, 0x40}}) [ 467.096565][ T6665] index not increased! 20ffb000 <= 20ffb000 [ 467.110969][ T6665] BUG at mt_find:6473 (1) [ 467.131677][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e [ 467.156573][ T5169] usb 1-1: new high-speed USB device number 5 using dummy_hcd 01:47:42 executing program 2: ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(0xffffffffffffffff, 0x40082102, &(0x7f0000000000)) openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000001140)='/sys/block/ram5', 0x202200, 0x0) ioctl$KVM_TRANSLATE(r0, 0xc018ae85, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r0, 0x40082102, &(0x7f0000000580)) syz_clone(0x40108000, &(0x7f0000000380)="ecb2f27e8b0a0d8123830e8eb5f979e92eea23e3844ae1b84a864d4d741bfe0a51413ff75c7e8d2e41effbbab3f1b442a7df9e786082b6b1b736dfe739df1c7233c99e0def698a4f57d40a2c18f807d0ea31c149cfacb8fc3b7502053a2c49153d681630dc537ce785137ed27a54763e40566b0830135b31bcaaf8a61988baff1da197468b3e842368d71ece0f", 0x8d, &(0x7f0000000040), &(0x7f0000000440), &(0x7f0000000480)="9fcd333d4c4f7e30b61706081cb99773edf084fe80c68ecbe3ea374e233e580ae92061f67951624c91d3dfb29fe16501b26a54ab2a25a1a9f7b758d99a6aa743dbc43ffe7b31b1b140beac51436a2af523e08419852ac4281add174a62d40763f65f58fa12b1be9e22308e1aa7284212f71b7998b65950e79fac5f4a1419809b1f2faaa6ee3d760602b4e03f5955026c470888741151d8784e5fc9e59b3a19ce8507f284b0a69e6ee490a8964ea23f5a4d0a9e9f6e4c0a40061ffb5f151be812c515ad281377d6") [ 467.210324][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 01:47:42 executing program 3: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/net\x00') r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000000)={'ip6gre0\x00', &(0x7f0000000100)={'syztnl0\x00', 0x0, 0x2f, 0x20, 0x81, 0x80, 0x12, @empty, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80}}) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000002100)={'syztnl2\x00', &(0x7f0000002000)={'sit0\x00', 0x0, 0x10, 0x7800, 0x80000000, 0x9, {{0x1f, 0x4, 0x0, 0x1, 0x7c, 0x67, 0x0, 0x7, 0x2f, 0x0, @dev, @multicast1, {[@timestamp_addr={0x44, 0x4, 0x5d}, @ssrr={0x89, 0x1b, 0x13, [@local, @multicast2, @empty, @remote, @multicast1, @rand_addr=0x64010100]}, @rr={0x7, 0xb, 0x86, [@dev={0xac, 0x14, 0x14, 0x42}, @empty]}, @generic={0xc, 0xd, "9c49f7bd2331c6a109e599"}, @generic={0x7, 0x5, "27ec02"}, @rr={0x7, 0xf, 0x81, [@dev={0xac, 0x14, 0x14, 0x35}, @rand_addr=0x64010102, @broadcast]}, @ssrr={0x89, 0x1b, 0x23, [@rand_addr=0x64010101, @empty, @multicast2, @multicast1, @remote, @private=0xa010102]}]}}}}}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000240)={'syztnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', r3, 0x29, 0x10, 0x3, 0x8e, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x7, 0x40}}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001f80)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000001f40)={&(0x7f0000000400)=@newchain={0x13b8, 0x64, 0x200, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x0, 0x9}, {0xd, 0x3}, {0x0, 0x3}}, [@TCA_RATE={0x6, 0x5, {0x40, 0xc7}}, @filter_kind_options=@f_cgroup={{0xb}, {0x1380, 0x2, [@TCA_CGROUP_EMATCHES={0x38, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x3, 0x0, 0x0, {{0x0, 0x8, 0xfff}, {0x0, 0x3, 0x2}}}]}, @TCA_EMATCH_TREE_LIST={0x20, 0x2, 0x0, 0x1, [@TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{}, {0xe2, 0x1, 0x6, 0x8}}}]}]}, @TCA_CGROUP_ACT={0x1f4, 0x1, [@m_sample={0x40, 0xc, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x6}, @TCA_SAMPLE_RATE={0x8}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}, @m_csum={0x54, 0x9, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x7fff, 0x0, 0x0, 0x0, 0x6}, 0x79}}]}, {0xc, 0x6, "2d57f86517781551"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_nat={0xdc, 0xb, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0xffffffff, 0x693, 0x1, 0x2, 0x1}, @broadcast, @local, 0xffffff00, 0x1}}]}, {0x8a, 0x6, "4d157d7fcbde6a803a5259ebe7db131f1d53f8f03e5cc5f8331035364c284665e005268019b5eeee849285e196a43d66c9aaa7d472ee85018bec1b3584ea2cec59574e5969634f89ba4d7e761c706103f31aeeda50d45fc56ad58556203a1d125e63d1b846b67522f53dfc96bf3b535095259fccc9bffc55d2f36848f96c553516a6b02a2652"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1}}}}, @m_sample={0x80, 0x18, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_SAMPLE_RATE={0x8, 0x3, 0x3}, @TCA_SAMPLE_PSAMPLE_GROUP={0x8}]}, {0x41, 0x6, "1a79e57062a4e985f826bc2821235976ef354badbb759bb3533c1faaa702f9f20abfd6688adc445b3f44c992d215e1ccb80f97c1f604644782f3be3010"}, {0xc}, {0xc}}}]}, @TCA_CGROUP_ACT={0x1140, 0x1, [@m_ipt={0x14c, 0x0, 0x0, 0x0, {{0x8}, {0x110, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0x10b, 0x6, {0x800, 'filter\x00', 0xff, 0x2, "360df404a0a64bf029589d4e900a26065aa91775560cb49b6f5f54f3a9d10ab341b6ee335d0a62cf5e3746a13403832180d678d868390a62f5293912ca01e5c56968e456f4230058af3629306748d72ab7c375d7f0b82633d7e9d2526f2959a61328167d8554774f062cfab1f0d722ed548d79a254d95dc1faf7a2249e5b9fa9e4d5b81741c05270051674466b76be5b6a77a20d1972075cc8dc3ebe7aa0ca8622941263eebbd530cc8fded11e399d786e823a7769fefba71c2ba514ad3cd63a03eeca67f52fefe6202bac2219d299eda955962291c749b30f83c1fb8cf8b7aac9"}}]}, {0x18, 0x6, "afedfd9af8a4b80d42a5c72874a1dd766219480a"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_pedit={0xec8, 0x15, 0x0, 0x0, {{0xa}, {0xe84, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe50, 0x2, {{{0x3ff, 0x5, 0x20000000, 0x1, 0xfffffffb}, 0xf0, 0x24, [{0x0, 0x80000001, 0x5, 0x0, 0x5, 0x10001}, {0x0, 0x0, 0x96, 0x0, 0xfffff4d3}]}, [{0x0, 0x2, 0x8, 0x0, 0x0, 0x101}, {0x2, 0x1000, 0x28ac, 0x80, 0x7fffffff, 0x40}, {0x0, 0x0, 0x0, 0xffff, 0x2, 0x10001}, {0x1, 0x10000, 0x4, 0xff, 0x1, 0x7ff}, {0x1, 0x0, 0x2, 0x20, 0x2, 0x80000001}, {0x6, 0x8, 0x101, 0x4, 0xaeb, 0x6}, {0xc5, 0x7f, 0x400, 0x6, 0x1}, {0x2, 0x800, 0x1000000, 0x7, 0x3ff, 0x2}, {0x2, 0xfb2, 0x400, 0x4, 0x7, 0x6}, {0x0, 0x1, 0x5472, 0x40, 0x2, 0x2}, {0x0, 0x10001, 0xc96, 0x0, 0x7fff, 0x80000}, {0x0, 0xcd7f, 0x7, 0xe1, 0x0, 0x5e717d0d}, {0x0, 0x8, 0xde8, 0x0, 0xff28}, {0x7, 0xd4, 0x0, 0x5, 0x1, 0x661}, {0x0, 0x101, 0x0, 0x0, 0x7, 0x8}, {0x1e, 0x200, 0x1, 0x9, 0x101, 0xcfc8}, {0x0, 0xff, 0x0, 0x1, 0x2, 0x8001}, {0x40, 0xddc25b10, 0x8000, 0x9c85, 0x7fffffff, 0x5}, {0x9, 0x0, 0x4, 0xffff, 0x3, 0x9}, {0x7ff, 0x0, 0x1f, 0x4, 0x0, 0x8}, {0x3, 0x9, 0xdb08592, 0x8, 0xd1, 0x101}, {0x14d6, 0x0, 0xfff, 0x5, 0x212, 0x7}, {0xfffffffe, 0x9, 0xe, 0xff, 0x0, 0x4}, {0xff, 0x9, 0xffffffff, 0x800, 0x2, 0x8}, {0x1000, 0xe834, 0x72e2, 0x9}, {0x1, 0xc6a6, 0x7fffffff, 0x0, 0x3f}, {0x80000000, 0x3, 0x2, 0x1, 0xe, 0x1f}, {0x0, 0x0, 0x2, 0x7, 0x7, 0x81}, {0x0, 0xbbf, 0x0, 0x1, 0x53d}, {0x6, 0x1, 0x0, 0x0, 0x1, 0x680}, {0x7, 0x0, 0x0, 0xcc6, 0x5f, 0xfffffff7}, {0x0, 0x2, 0xd03, 0x8, 0x2, 0x4}, {0xf1, 0x615, 0xff, 0x0, 0x8}, {0x0, 0x20, 0xffff}, {0xffff, 0x1, 0xb0c, 0x3, 0x7fff, 0xfffffffc}, {0xfffffc01, 0x80, 0x4, 0x0, 0x0, 0x6}, {0x2, 0x10000, 0x82, 0x0, 0x7, 0x5}, {0x0, 0x7ff, 0x0, 0x400, 0x0, 0x1}, {0x4, 0x0, 0xd0, 0x0, 0x8, 0x1000}, {0x5, 0x7, 0x0, 0x0, 0x0, 0x482}, {0x0, 0x1, 0x6, 0x9, 0x9, 0x7}, {0x401, 0x4, 0x0, 0x675b, 0x6}, {0x0, 0x1, 0x0, 0x100, 0x0, 0xffffffc0}, {0x0, 0x101, 0x20, 0xb72e, 0x26, 0x442c}, {0xcb, 0x4, 0xfffffff8, 0x6, 0x9, 0x2}, {0x7fffffff, 0x2, 0x0, 0x4, 0x0, 0x3ff}, {0x2, 0x1000, 0x0, 0x5, 0x8, 0x3}, {0x1, 0x0, 0x0, 0x80000001, 0x9, 0x200}, {0x0, 0x9, 0xfff, 0x80000000, 0x10000, 0x5}, {0x0, 0x0, 0x3ff, 0x8000, 0x81, 0x1}, {0x80, 0x9, 0x0, 0x4}, {0xc4, 0xfffffffd, 0x7, 0x9, 0xc2c5, 0x1}, {0x5, 0x6fc, 0x8, 0x0, 0xe0f, 0x3}, {0x40, 0x6b, 0x9, 0x5d4, 0x7, 0x8000}, {0x1f, 0x1000, 0x0, 0x1, 0x1, 0x9}, {0x7fffffff, 0x4, 0x9, 0x7, 0x6}, {0xfffffffc, 0x7, 0x0, 0x3ff, 0x5, 0x81}, {0x6, 0x8, 0x0, 0x10000, 0xffffffc0}, {0x81, 0xd2a0, 0x800, 0x0, 0x40, 0x2}, {0x40, 0x80000000, 0xea64, 0x76, 0x9}, {0x10000, 0x15bb, 0x9, 0x0, 0x6, 0x5}, {0x0, 0x0, 0x28, 0x2, 0x2, 0x6}, {0x1000, 0x7fff, 0x0, 0x3, 0x3, 0x9}, {0x10000, 0x20, 0x8, 0xd6, 0x7fffffff, 0x412}, {0x7, 0x0, 0xfff, 0x3, 0x9, 0xee}, {0x10001, 0x3f, 0x0, 0x0, 0x5a, 0x401}, {0x101, 0x1, 0x4634, 0x8000, 0x401}, {0x800, 0x1, 0x6, 0x80000001, 0x0, 0x501}, {0x4, 0x5, 0x3ff, 0x1, 0x3b96cc68}, {0x3, 0x1, 0x7d, 0xa3, 0x7, 0x8}, {0x0, 0x10001, 0x7, 0x6, 0x7ff, 0xffffff37}, {0x815, 0x0, 0x313b5531, 0x200, 0x1000, 0xffffffff}, {0x3ff, 0xa9b, 0x7, 0x80000000, 0xe0, 0x27}, {0x101, 0x800, 0x0, 0x1000, 0x79cc, 0x30}, {0x20, 0x0, 0x7, 0xfffffffa, 0x6, 0xcfef}, {0x1f, 0x5, 0x3, 0x1, 0xca62, 0x9}, {0x3, 0x1, 0x400, 0x9, 0xb2, 0x100}, {0x0, 0x3, 0x7, 0x2, 0x8, 0x2}, {0x3, 0xfffffffe, 0x5, 0xffffffff, 0x1, 0x9}, {0x4, 0x8, 0x4, 0x1, 0x3, 0xf9ee2af}, {0x8000, 0x9, 0x5, 0x5, 0x4, 0x2}, {0x5, 0x9, 0x9, 0x1, 0xffffff27, 0x40000000}, {0x4, 0x7, 0xb4000000, 0xeec, 0x7, 0x7}, {0x3, 0x3, 0x87, 0x401, 0x1, 0x80}, {0x5, 0x7, 0x10, 0x8, 0x3ff, 0x50}, {0xffff, 0x81, 0x20, 0x1, 0x80000000, 0x401}, {0x1, 0x400, 0xe4de, 0x7ff, 0x30000, 0x9}, {0x7fffffff, 0x400, 0x1, 0x6ee, 0x10000, 0x8}, {0x2, 0x4, 0x27bc, 0x0, 0x0, 0x5}, {0x5, 0x3f, 0x24d7, 0x2, 0x1000, 0xf46}, {0x1, 0x0, 0x80000001, 0x2, 0xffffff0a}, {0x1ff, 0x2, 0x1f, 0x7, 0x1, 0xf0f5}, {0x0, 0x1ff, 0xce, 0x20, 0x8}, {0x81, 0x433, 0x4, 0xda0, 0x7, 0x20000}, {0x2, 0xb42, 0x2, 0x0, 0xffffffff, 0x40}, {0x1ff, 0x1, 0x401, 0xa895, 0x20, 0x60f}, {0x0, 0xdf, 0x3, 0x6, 0x1, 0x8}, {0x8, 0x0, 0x3, 0x1, 0x7ff, 0x40}, {0xd, 0x1, 0x20, 0x0, 0x4, 0x9}, {0x1f, 0x0, 0x7, 0x9, 0x5f2, 0x191}, {0x6, 0x5, 0x8, 0x4, 0x8, 0xffff3b41}, {0x6, 0x2, 0x101, 0x0, 0x1, 0x7}, {0x49, 0x9, 0xc27, 0x5f1c, 0x80000001, 0x1}, {0xeae51292, 0xd3, 0x71e, 0x0, 0x55ba4723, 0x80000000}, {0x6, 0x64, 0x9, 0x19, 0x3, 0x3}, {0x6, 0x7ff, 0x2, 0x5, 0x450d}, {0x7fff, 0x7f, 0x400, 0x51f8, 0x20}, {0x81, 0x81, 0x7, 0x0, 0x5, 0xf3d}, {0x1f, 0x1, 0x3, 0x8, 0xdbd}, {0x5, 0x7fffffff, 0x4f35, 0x5, 0x5}, {0x3f, 0x7ce, 0x8, 0xcaa, 0x80000001, 0x1000}, {0x400, 0x5, 0x6, 0x7c0, 0x0, 0x2}, {0x80000000, 0x3, 0x6a8, 0x0, 0x1f, 0x10000}, {0x0, 0x20, 0x6, 0x1f, 0x7, 0x2}, {0x4, 0x3, 0xffffffb1, 0x5, 0x100, 0x3}, {0x6, 0x2, 0x9, 0x6, 0x1, 0x635}, {0xfffffff8, 0x9, 0x3, 0xd56, 0xa8, 0x8000}, {0x80000001, 0x34323ecc, 0x0, 0x4, 0x15, 0x7}, {0x1000, 0xfffffffb, 0x3f, 0x6, 0x100, 0x1}, {0x0, 0x80, 0x60d, 0x80, 0xa6, 0x3}, {0x2, 0x3ff, 0x606, 0xfffffeff, 0x1, 0x4}, {0x101, 0x0, 0x7, 0x200, 0x481b}, {0x1, 0xfffffffc, 0x800, 0x0, 0x0, 0x5}, {0x8, 0x6, 0x0, 0x80000001, 0x401, 0x1d}, {0x7fffffff, 0x1000, 0x1000, 0x8b0f, 0x6, 0x800}, {0x0, 0xfffff000, 0x2, 0x5, 0x10000, 0xf3}, {0xcb82, 0xc315, 0x6, 0x6, 0x5, 0x7fffffff}, {0x354f, 0x4, 0x7, 0x663d, 0xd31}], [{0x4}, {0x3}, {0x4}, {}, {0x2, 0x1}, {0x5, 0x1}, {}, {0x2}, {}, {0x3}, {0xd}, {}, {0x0, 0x1}, {}, {0x3}, {0x4, 0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x4}, {0x1}, {0x4, 0x1}, {0x5}, {0x0, 0x1}, {0x0, 0x1}, {0x1}, {}, {0x3, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {}, {0x0, 0x1}, {0x0, 0x1}, {}, {0x5}, {0x2}, {}, {0x6}, {}, {0x1, 0x1}, {0x4}, {0x0, 0x1}, {0x1}, {0x5, 0x1}, {0x4}, {0x4, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x4}, {0x0, 0x1}, {}, {0x0, 0x1}, {0x5}, {0x2}, {0x5}, {0x2, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x4}, {}, {0x3}, {0x5}, {0x3, 0x1}, {}, {}, {0x0, 0x1}, {0x4}, {0x1}, {0x1}, {0x5}, {0x3}, {0x0, 0x1}, {0x4}, {0x5}, {}, {}, {0x4}, {0x0, 0x1}, {}, {0x3}, {0x5, 0x1}, {0x1, 0x1}, {0x4}, {}, {0x0, 0x1}, {0x2, 0x1}, {0x1, 0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x5}, {}, {0x2}, {0x4}, {0x1, 0x1}, {0x3, 0x1}, {}, {}, {}, {0x5}, {0x2}, {0x7}, {0x0, 0x1}, {0x3, 0x1}, {0x5}, {0x2}, {0x5}, {}, {0x3, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {}, {}, {0x3}, {0x3, 0x1}, {0x1, 0x1}, {0x3, 0x1}, {0x1}, {0x5}, {0x1}, {0x1, 0x1}, {}, {0x0, 0x1}]}}, @TCA_PEDIT_KEYS_EX={0x30, 0x5, 0x0, 0x1, [{0x2c, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}]}]}]}, {0x1b, 0x6, "57d21079a8d2935764ec000d69b69144d534c379114c3e"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x3}}}}, @m_gact={0x6c, 0x1b, 0x0, 0x0, {{0x9}, {0x40, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x54, 0x0, 0x0, 0x7fff}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x1e6c, 0xffffffffcffffffd}}, @TCA_GACT_PARMS={0x18, 0x2, {0xffff0001, 0x4, 0x6, 0x8, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_ife={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x2, 0x9a10, 0x10000000, 0x3f4e, 0x7}, 0x1}}, @TCA_IFE_DMAC={0xa, 0x3, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x16}}]}, {0x4}, {0xc, 0x7, {0x1, 0x4936e90f20761ee1}}, {0xc}}}, @m_skbedit={0x68, 0x0, 0x0, 0x0, {{0xc}, {0x3c, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x5}, @TCA_SKBEDIT_PTYPE={0x6}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x401, 0x6, 0x1, 0x0, 0x200}}, @TCA_SKBEDIT_MARK={0x8}, @TCA_SKBEDIT_MARK={0x8, 0x5, 0x400}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}, @TCA_CGROUP_POLICE={0x4}, @TCA_CGROUP_EMATCHES={0xc, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8}]}]}}]}, 0x13b8}}, 0x4000000) [ 467.310097][ T6665] 0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d 01:47:42 executing program 4: bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@bloom_filter={0x1e, 0x0, 0x0, 0x0, 0x8c}, 0x48) [ 467.394817][ T6665] 0-536866815: 0000000000000000 [ 467.407447][ T6665] 536866816-536870911: ffff888022f0e0e0 [ 467.422977][ T6665] 536870912-553627647: ffff888022f0e1c0 [ 467.443621][ T6665] 553627648-553635839: 0000000000000000 01:47:42 executing program 5: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/net\x00') r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000000)={'ip6gre0\x00', &(0x7f0000000100)={'syztnl0\x00', 0x0, 0x2f, 0x20, 0x81, 0x80, 0x12, @empty, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80}}) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000002100)={'syztnl2\x00', &(0x7f0000002000)={'sit0\x00', 0x0, 0x10, 0x7800, 0x80000000, 0x9, {{0x1f, 0x4, 0x0, 0x1, 0x7c, 0x67, 0x0, 0x7, 0x2f, 0x0, @dev, @multicast1, {[@timestamp_addr={0x44, 0x4, 0x5d}, @ssrr={0x89, 0x1b, 0x13, [@local, @multicast2, @empty, @remote, @multicast1, @rand_addr=0x64010100]}, @rr={0x7, 0xb, 0x86, [@dev={0xac, 0x14, 0x14, 0x42}, @empty]}, @generic={0xc, 0xd, "9c49f7bd2331c6a109e599"}, @generic={0x7, 0x5, "27ec02"}, @rr={0x7, 0xf, 0x81, [@dev={0xac, 0x14, 0x14, 0x35}, @rand_addr=0x64010102, @broadcast]}, @ssrr={0x89, 0x1b, 0x23, [@rand_addr=0x64010101, @empty, @multicast2, @multicast1, @remote, @private=0xa010102]}]}}}}}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000240)={'syztnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', r3, 0x29, 0x10, 0x3, 0x8e, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x7, 0x40}}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001f80)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000001f40)={&(0x7f0000000400)=@newchain={0x13b8, 0x64, 0x200, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x0, 0x9}, {0xd, 0x3}, {0x0, 0x3}}, [@TCA_RATE={0x6, 0x5, {0x40, 0xc7}}, @filter_kind_options=@f_cgroup={{0xb}, {0x1380, 0x2, [@TCA_CGROUP_EMATCHES={0x38, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x3, 0x0, 0x0, {{0x0, 0x8, 0xfff}, {0x0, 0x3, 0x2}}}]}, @TCA_EMATCH_TREE_LIST={0x20, 0x2, 0x0, 0x1, [@TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{}, {0xe2, 0x1, 0x6, 0x8}}}]}]}, @TCA_CGROUP_ACT={0x1f4, 0x1, [@m_sample={0x40, 0xc, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x6}, @TCA_SAMPLE_RATE={0x8}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}, @m_csum={0x54, 0x9, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x7fff, 0x0, 0x0, 0x0, 0x6}, 0x79}}]}, {0xc, 0x6, "2d57f86517781551"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_nat={0xdc, 0xb, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0xffffffff, 0x693, 0x1, 0x2, 0x1}, @broadcast, @local, 0xffffff00, 0x1}}]}, {0x8a, 0x6, "4d157d7fcbde6a803a5259ebe7db131f1d53f8f03e5cc5f8331035364c284665e005268019b5eeee849285e196a43d66c9aaa7d472ee85018bec1b3584ea2cec59574e5969634f89ba4d7e761c706103f31aeeda50d45fc56ad58556203a1d125e63d1b846b67522f53dfc96bf3b535095259fccc9bffc55d2f36848f96c553516a6b02a2652"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1}}}}, @m_sample={0x80, 0x18, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_SAMPLE_RATE={0x8, 0x3, 0x3}, @TCA_SAMPLE_PSAMPLE_GROUP={0x8}]}, {0x41, 0x6, "1a79e57062a4e985f826bc2821235976ef354badbb759bb3533c1faaa702f9f20abfd6688adc445b3f44c992d215e1ccb80f97c1f604644782f3be3010"}, {0xc}, {0xc}}}]}, @TCA_CGROUP_ACT={0x1140, 0x1, [@m_ipt={0x14c, 0x0, 0x0, 0x0, {{0x8}, {0x110, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0x10b, 0x6, {0x800, 'filter\x00', 0xff, 0x2, "360df404a0a64bf029589d4e900a26065aa91775560cb49b6f5f54f3a9d10ab341b6ee335d0a62cf5e3746a13403832180d678d868390a62f5293912ca01e5c56968e456f4230058af3629306748d72ab7c375d7f0b82633d7e9d2526f2959a61328167d8554774f062cfab1f0d722ed548d79a254d95dc1faf7a2249e5b9fa9e4d5b81741c05270051674466b76be5b6a77a20d1972075cc8dc3ebe7aa0ca8622941263eebbd530cc8fded11e399d786e823a7769fefba71c2ba514ad3cd63a03eeca67f52fefe6202bac2219d299eda955962291c749b30f83c1fb8cf8b7aac9"}}]}, {0x18, 0x6, "afedfd9af8a4b80d42a5c72874a1dd766219480a"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_pedit={0xec8, 0x15, 0x0, 0x0, {{0xa}, {0xe84, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe50, 0x2, {{{0x3ff, 0x5, 0x20000000, 0x1, 0xfffffffb}, 0xf0, 0x24, [{0x0, 0x80000001, 0x5, 0x0, 0x5, 0x10001}, {0x0, 0x0, 0x96, 0x0, 0xfffff4d3}]}, [{0x0, 0x2, 0x8, 0x0, 0x0, 0x101}, {0x2, 0x1000, 0x28ac, 0x80, 0x7fffffff, 0x40}, {0x0, 0x0, 0x0, 0xffff, 0x2, 0x10001}, {0x1, 0x10000, 0x4, 0xff, 0x1, 0x7ff}, {0x1, 0x0, 0x2, 0x20, 0x2, 0x80000001}, {0x6, 0x8, 0x101, 0x4, 0xaeb, 0x6}, {0xc5, 0x7f, 0x400, 0x6, 0x1}, {0x2, 0x800, 0x1000000, 0x7, 0x3ff, 0x2}, {0x2, 0xfb2, 0x400, 0x4, 0x7, 0x6}, {0x0, 0x1, 0x5472, 0x40, 0x2, 0x2}, {0x0, 0x10001, 0xc96, 0x0, 0x7fff, 0x80000}, {0x0, 0xcd7f, 0x7, 0xe1, 0x0, 0x5e717d0d}, {0x0, 0x8, 0xde8, 0x0, 0xff28}, {0x7, 0xd4, 0x0, 0x5, 0x1, 0x661}, {0x0, 0x101, 0x0, 0x0, 0x7, 0x8}, {0x1e, 0x200, 0x1, 0x9, 0x101, 0xcfc8}, {0x0, 0xff, 0x0, 0x1, 0x2, 0x8001}, {0x40, 0xddc25b10, 0x8000, 0x9c85, 0x7fffffff, 0x5}, {0x9, 0x0, 0x4, 0xffff, 0x3, 0x9}, {0x7ff, 0x0, 0x1f, 0x4, 0x0, 0x8}, {0x3, 0x9, 0xdb08592, 0x8, 0xd1, 0x101}, {0x14d6, 0x0, 0xfff, 0x5, 0x212, 0x7}, {0xfffffffe, 0x9, 0xe, 0xff, 0x0, 0x4}, {0xff, 0x9, 0xffffffff, 0x800, 0x2, 0x8}, {0x1000, 0xe834, 0x72e2, 0x9}, {0x1, 0xc6a6, 0x7fffffff, 0x0, 0x3f}, {0x80000000, 0x3, 0x2, 0x1, 0xe, 0x1f}, {0x0, 0x0, 0x2, 0x7, 0x7, 0x81}, {0x0, 0xbbf, 0x0, 0x1, 0x53d}, {0x6, 0x1, 0x0, 0x0, 0x1, 0x680}, {0x7, 0x0, 0x0, 0xcc6, 0x5f, 0xfffffff7}, {0x0, 0x2, 0xd03, 0x8, 0x2, 0x4}, {0xf1, 0x615, 0xff, 0x0, 0x8}, {0x0, 0x20, 0xffff}, {0xffff, 0x1, 0xb0c, 0x3, 0x7fff, 0xfffffffc}, {0xfffffc01, 0x80, 0x4, 0x0, 0x0, 0x6}, {0x2, 0x10000, 0x82, 0x0, 0x7, 0x5}, {0x0, 0x7ff, 0x0, 0x400, 0x0, 0x1}, {0x4, 0x0, 0xd0, 0x0, 0x8, 0x1000}, {0x5, 0x7, 0x0, 0x0, 0x0, 0x482}, {0x0, 0x1, 0x6, 0x9, 0x9, 0x7}, {0x401, 0x4, 0x0, 0x675b, 0x6}, {0x0, 0x1, 0x0, 0x100, 0x0, 0xffffffc0}, {0x0, 0x101, 0x20, 0xb72e, 0x26, 0x442c}, {0xcb, 0x4, 0xfffffff8, 0x6, 0x9, 0x2}, {0x7fffffff, 0x2, 0x0, 0x4, 0x0, 0x3ff}, {0x2, 0x1000, 0x0, 0x5, 0x8, 0x3}, {0x1, 0x0, 0x0, 0x80000001, 0x9, 0x200}, {0x0, 0x9, 0xfff, 0x80000000, 0x10000, 0x5}, {0x0, 0x0, 0x3ff, 0x8000, 0x81, 0x1}, {0x80, 0x9, 0x0, 0x4}, {0xc4, 0xfffffffd, 0x7, 0x9, 0xc2c5, 0x1}, {0x5, 0x6fc, 0x8, 0x0, 0xe0f, 0x3}, {0x40, 0x6b, 0x9, 0x5d4, 0x7, 0x8000}, {0x1f, 0x1000, 0x0, 0x1, 0x1, 0x9}, {0x7fffffff, 0x4, 0x9, 0x7, 0x6}, {0xfffffffc, 0x7, 0x0, 0x3ff, 0x5, 0x81}, {0x6, 0x8, 0x0, 0x10000, 0xffffffc0}, {0x81, 0xd2a0, 0x800, 0x0, 0x40, 0x2}, {0x40, 0x80000000, 0xea64, 0x76, 0x9}, {0x10000, 0x15bb, 0x9, 0x0, 0x6, 0x5}, {0x0, 0x0, 0x28, 0x2, 0x2, 0x6}, {0x1000, 0x7fff, 0x0, 0x3, 0x3, 0x9}, {0x10000, 0x20, 0x8, 0xd6, 0x7fffffff, 0x412}, {0x7, 0x0, 0xfff, 0x3, 0x9, 0xee}, {0x10001, 0x3f, 0x0, 0x0, 0x5a, 0x401}, {0x101, 0x1, 0x4634, 0x8000, 0x401}, {0x800, 0x1, 0x6, 0x80000001, 0x0, 0x501}, {0x4, 0x5, 0x3ff, 0x1, 0x3b96cc68}, {0x3, 0x1, 0x7d, 0xa3, 0x7, 0x8}, {0x0, 0x10001, 0x7, 0x6, 0x7ff, 0xffffff37}, {0x815, 0x0, 0x313b5531, 0x200, 0x1000, 0xffffffff}, {0x3ff, 0xa9b, 0x7, 0x80000000, 0xe0, 0x27}, {0x101, 0x800, 0x0, 0x1000, 0x79cc, 0x30}, {0x20, 0x0, 0x7, 0xfffffffa, 0x6, 0xcfef}, {0x1f, 0x5, 0x3, 0x1, 0xca62, 0x9}, {0x3, 0x1, 0x400, 0x9, 0xb2, 0x100}, {0x0, 0x3, 0x7, 0x2, 0x8, 0x2}, {0x3, 0xfffffffe, 0x5, 0xffffffff, 0x1, 0x9}, {0x4, 0x8, 0x4, 0x1, 0x3, 0xf9ee2af}, {0x8000, 0x9, 0x5, 0x5, 0x4, 0x2}, {0x5, 0x9, 0x9, 0x1, 0xffffff27, 0x40000000}, {0x4, 0x7, 0xb4000000, 0xeec, 0x7, 0x7}, {0x3, 0x3, 0x87, 0x401, 0x1, 0x80}, {0x5, 0x7, 0x10, 0x8, 0x3ff, 0x50}, {0xffff, 0x81, 0x20, 0x1, 0x80000000, 0x401}, {0x1, 0x400, 0xe4de, 0x7ff, 0x30000, 0x9}, {0x7fffffff, 0x400, 0x1, 0x6ee, 0x10000, 0x8}, {0x2, 0x4, 0x27bc, 0x0, 0x0, 0x5}, {0x5, 0x3f, 0x24d7, 0x2, 0x1000, 0xf46}, {0x1, 0x0, 0x80000001, 0x2, 0xffffff0a}, {0x1ff, 0x2, 0x1f, 0x7, 0x1, 0xf0f5}, {0x0, 0x1ff, 0xce, 0x20, 0x8}, {0x81, 0x433, 0x4, 0xda0, 0x7, 0x20000}, {0x2, 0xb42, 0x2, 0x0, 0xffffffff, 0x40}, {0x1ff, 0x1, 0x401, 0xa895, 0x20, 0x60f}, {0x0, 0xdf, 0x3, 0x6, 0x1, 0x8}, {0x8, 0x0, 0x3, 0x1, 0x7ff, 0x40}, {0xd, 0x1, 0x20, 0x0, 0x4, 0x9}, {0x1f, 0x0, 0x7, 0x9, 0x5f2, 0x191}, {0x6, 0x5, 0x8, 0x4, 0x8, 0xffff3b41}, {0x6, 0x2, 0x101, 0x0, 0x1, 0x7}, {0x49, 0x9, 0xc27, 0x5f1c, 0x80000001, 0x1}, {0xeae51292, 0xd3, 0x71e, 0x0, 0x55ba4723, 0x80000000}, {0x6, 0x64, 0x9, 0x19, 0x3, 0x3}, {0x6, 0x7ff, 0x2, 0x5, 0x450d}, {0x7fff, 0x7f, 0x400, 0x51f8, 0x20}, {0x81, 0x81, 0x7, 0x0, 0x5, 0xf3d}, {0x1f, 0x1, 0x3, 0x8, 0xdbd}, {0x5, 0x7fffffff, 0x4f35, 0x5, 0x5}, {0x3f, 0x7ce, 0x8, 0xcaa, 0x80000001, 0x1000}, {0x400, 0x5, 0x6, 0x7c0, 0x0, 0x2}, {0x80000000, 0x3, 0x6a8, 0x0, 0x1f, 0x10000}, {0x0, 0x20, 0x6, 0x1f, 0x7, 0x2}, {0x4, 0x3, 0xffffffb1, 0x5, 0x100, 0x3}, {0x6, 0x2, 0x9, 0x6, 0x1, 0x635}, {0xfffffff8, 0x9, 0x3, 0xd56, 0xa8, 0x8000}, {0x80000001, 0x34323ecc, 0x0, 0x4, 0x15, 0x7}, {0x1000, 0xfffffffb, 0x3f, 0x6, 0x100, 0x1}, {0x0, 0x80, 0x60d, 0x80, 0xa6, 0x3}, {0x2, 0x3ff, 0x606, 0xfffffeff, 0x1, 0x4}, {0x101, 0x0, 0x7, 0x200, 0x481b}, {0x1, 0xfffffffc, 0x800, 0x0, 0x0, 0x5}, {0x8, 0x6, 0x0, 0x80000001, 0x401, 0x1d}, {0x7fffffff, 0x1000, 0x1000, 0x8b0f, 0x6, 0x800}, {0x0, 0xfffff000, 0x2, 0x5, 0x10000, 0xf3}, {0xcb82, 0xc315, 0x6, 0x6, 0x5, 0x7fffffff}, {0x354f, 0x4, 0x7, 0x663d, 0xd31}], [{0x4}, {0x3}, {0x4}, {}, {0x2, 0x1}, {0x5, 0x1}, {}, {0x2}, {}, {0x3}, {0xd}, {}, {0x0, 0x1}, {}, {0x3}, {0x4, 0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x4}, {0x1}, {0x4, 0x1}, {0x5}, {0x0, 0x1}, {0x0, 0x1}, {0x1}, {}, {0x3, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {}, {0x0, 0x1}, {0x0, 0x1}, {}, {0x5}, {0x2}, {}, {0x6}, {}, {0x1, 0x1}, {0x4}, {0x0, 0x1}, {0x1}, {0x5, 0x1}, {0x4}, {0x4, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x4}, {0x0, 0x1}, {}, {0x0, 0x1}, {0x5}, {0x2}, {0x5}, {0x2, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x4}, {}, {0x3}, {0x5}, {0x3, 0x1}, {}, {}, {0x0, 0x1}, {0x4}, {0x1}, {0x1}, {0x5}, {0x3}, {0x0, 0x1}, {0x4}, {0x5}, {}, {}, {0x4}, {0x0, 0x1}, {}, {0x3}, {0x5, 0x1}, {0x1, 0x1}, {0x4}, {}, {0x0, 0x1}, {0x2, 0x1}, {0x1, 0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x5}, {}, {0x2}, {0x4}, {0x1, 0x1}, {0x3, 0x1}, {}, {}, {}, {0x5}, {0x2}, {0x7}, {0x0, 0x1}, {0x3, 0x1}, {0x5}, {0x2}, {0x5}, {}, {0x3, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {}, {}, {0x3}, {0x3, 0x1}, {0x1, 0x1}, {0x3, 0x1}, {0x1}, {0x5}, {0x1}, {0x1, 0x1}, {}, {0x0, 0x1}]}}, @TCA_PEDIT_KEYS_EX={0x30, 0x5, 0x0, 0x1, [{0x2c, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}]}]}]}, {0x1b, 0x6, "57d21079a8d2935764ec000d69b69144d534c379114c3e"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x3}}}}, @m_gact={0x6c, 0x1b, 0x0, 0x0, {{0x9}, {0x40, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x54, 0x0, 0x0, 0x7fff}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x1e6c, 0xffffffffcffffffd}}, @TCA_GACT_PARMS={0x18, 0x2, {0xffff0001, 0x4, 0x6, 0x8, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_ife={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x2, 0x9a10, 0x10000000, 0x3f4e, 0x7}, 0x1}}, @TCA_IFE_DMAC={0xa, 0x3, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x16}}]}, {0x4}, {0xc, 0x7, {0x1, 0x4936e90f20761ee1}}, {0xc}}}, @m_skbedit={0x68, 0x0, 0x0, 0x0, {{0xc}, {0x3c, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x5}, @TCA_SKBEDIT_PTYPE={0x6}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x401, 0x6, 0x1, 0x0, 0x200}}, @TCA_SKBEDIT_MARK={0x8}, @TCA_SKBEDIT_MARK={0x8, 0x5, 0x400}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}, @TCA_CGROUP_POLICE={0x4}, @TCA_CGROUP_EMATCHES={0xc, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8}]}]}}]}, 0x13b8}}, 0x4000000) [ 467.476544][ T5169] usb 1-1: Using ep0 maxpacket: 16 [ 467.489393][ T6665] 553635840-553627647: ffff8880272dc9a0 01:47:42 executing program 1: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/net\x00') r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000000)={'ip6gre0\x00', &(0x7f0000000100)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x12, @empty, @private2, 0x0, 0x0, 0xb079}}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000240)={'syztnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', r3, 0x29, 0x10, 0x3, 0x8e, 0xd, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x7, 0x40}}) 01:47:42 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x6) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=@ipv6_newroute={0x1c, 0x18, 0x1}, 0x1c}}, 0x0) [ 467.564107][ T6665] 553627648-553644031: ffff8880272dc8c0 [ 467.596727][ T5169] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 467.627341][ T5169] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 467.629653][ T6665] 553644032-553648127: ffff88807e16c7e0 [ 467.730938][ T6665] 553648128-553652223: ffff888022f0e2a0 [ 467.762466][ T6665] 553652224-116813594623: 0000000000000000 01:47:42 executing program 4: unshare(0x0) timer_create(0x0, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) close(0xffffffffffffffff) socket$inet6(0xa, 0x2, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip6_flowlabel\x00') preadv(r0, &(0x7f0000000440)=[{&(0x7f0000000180)=""/174, 0xae}, {&(0x7f0000000280)=""/136, 0x88}, {&(0x7f0000000340)=""/225, 0xe1}, {&(0x7f0000000580)=""/246, 0xf6}, {&(0x7f0000000680)=""/215, 0xd7}, {&(0x7f0000000780)=""/166, 0xa6}, {&(0x7f0000000840)=""/200, 0xc8}], 0x7, 0x401, 0x68) [ 467.806932][ T6665] 116813594624-116817788927: ffff888022f0e380 [ 467.816461][ T6665] 116817788928-93825002663935: 0000000000000000 01:47:42 executing program 2: ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(0xffffffffffffffff, 0x40082102, &(0x7f0000000000)) openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000001140)='/sys/block/ram5', 0x202200, 0x0) ioctl$KVM_TRANSLATE(r0, 0xc018ae85, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r0, 0x40082102, &(0x7f0000000580)) syz_clone(0x40108000, &(0x7f0000000380)="ecb2f27e8b0a0d8123830e8eb5f979e92eea23e3844ae1b84a864d4d741bfe0a51413ff75c7e8d2e41effbbab3f1b442a7df9e786082b6b1b736dfe739df1c7233c99e0def698a4f57d40a2c18f807d0ea31c149cfacb8fc3b7502053a2c49153d681630dc537ce785137ed27a54763e40566b0830135b31bcaaf8a61988baff1da197468b3e842368d71ece0f", 0x8d, &(0x7f0000000040), &(0x7f0000000440), &(0x7f0000000480)="9fcd333d4c4f7e30b61706081cb99773edf084fe80c68ecbe3ea374e233e580ae92061f67951624c91d3dfb29fe16501b26a54ab2a25a1a9f7b758d99a6aa743dbc43ffe7b31b1b140beac51436a2af523e08419852ac4281add174a62d40763f65f58fa12b1be9e22308e1aa7284212f71b7998b65950e79fac5f4a1419809b1f2faaa6ee3d760602b4e03f5955026c470888741151d8784e5fc9e59b3a19ce8507f284b0a69e6ee490a8964ea23f5a4d0a9e9f6e4c0a40061ffb5f151be812c515ad281377d6") [ 467.847955][ T5169] usb 1-1: New USB device found, idVendor=13b1, idProduct=0018, bcdDevice=9a.17 [ 467.866498][ T6665] 93825002663936-93825002803199: ffff888022f0e460 [ 467.886470][ T5169] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 01:47:42 executing program 3: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/net\x00') r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000000)={'ip6gre0\x00', &(0x7f0000000100)={'syztnl0\x00', 0x0, 0x2f, 0x20, 0x81, 0x80, 0x12, @empty, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80}}) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000002100)={'syztnl2\x00', &(0x7f0000002000)={'sit0\x00', 0x0, 0x10, 0x7800, 0x80000000, 0x9, {{0x1f, 0x4, 0x0, 0x1, 0x7c, 0x67, 0x0, 0x7, 0x2f, 0x0, @dev, @multicast1, {[@timestamp_addr={0x44, 0x4, 0x5d}, @ssrr={0x89, 0x1b, 0x13, [@local, @multicast2, @empty, @remote, @multicast1, @rand_addr=0x64010100]}, @rr={0x7, 0xb, 0x86, [@dev={0xac, 0x14, 0x14, 0x42}, @empty]}, @generic={0xc, 0xd, "9c49f7bd2331c6a109e599"}, @generic={0x7, 0x5, "27ec02"}, @rr={0x7, 0xf, 0x81, [@dev={0xac, 0x14, 0x14, 0x35}, @rand_addr=0x64010102, @broadcast]}, @ssrr={0x89, 0x1b, 0x23, [@rand_addr=0x64010101, @empty, @multicast2, @multicast1, @remote, @private=0xa010102]}]}}}}}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000240)={'syztnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', r3, 0x29, 0x10, 0x3, 0x8e, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x7, 0x40}}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001f80)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000001f40)={&(0x7f0000000400)=@newchain={0x13b8, 0x64, 0x200, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x0, 0x9}, {0xd, 0x3}, {0x0, 0x3}}, [@TCA_RATE={0x6, 0x5, {0x40, 0xc7}}, @filter_kind_options=@f_cgroup={{0xb}, {0x1380, 0x2, [@TCA_CGROUP_EMATCHES={0x38, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x3, 0x0, 0x0, {{0x0, 0x8, 0xfff}, {0x0, 0x3, 0x2}}}]}, @TCA_EMATCH_TREE_LIST={0x20, 0x2, 0x0, 0x1, [@TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{}, {0xe2, 0x1, 0x6, 0x8}}}]}]}, @TCA_CGROUP_ACT={0x1f4, 0x1, [@m_sample={0x40, 0xc, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x6}, @TCA_SAMPLE_RATE={0x8}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}, @m_csum={0x54, 0x9, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x7fff, 0x0, 0x0, 0x0, 0x6}, 0x79}}]}, {0xc, 0x6, "2d57f86517781551"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_nat={0xdc, 0xb, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0xffffffff, 0x693, 0x1, 0x2, 0x1}, @broadcast, @local, 0xffffff00, 0x1}}]}, {0x8a, 0x6, "4d157d7fcbde6a803a5259ebe7db131f1d53f8f03e5cc5f8331035364c284665e005268019b5eeee849285e196a43d66c9aaa7d472ee85018bec1b3584ea2cec59574e5969634f89ba4d7e761c706103f31aeeda50d45fc56ad58556203a1d125e63d1b846b67522f53dfc96bf3b535095259fccc9bffc55d2f36848f96c553516a6b02a2652"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1}}}}, @m_sample={0x80, 0x18, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_SAMPLE_RATE={0x8, 0x3, 0x3}, @TCA_SAMPLE_PSAMPLE_GROUP={0x8}]}, {0x41, 0x6, "1a79e57062a4e985f826bc2821235976ef354badbb759bb3533c1faaa702f9f20abfd6688adc445b3f44c992d215e1ccb80f97c1f604644782f3be3010"}, {0xc}, {0xc}}}]}, @TCA_CGROUP_ACT={0x1140, 0x1, [@m_ipt={0x14c, 0x0, 0x0, 0x0, {{0x8}, {0x110, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0x10b, 0x6, {0x800, 'filter\x00', 0xff, 0x2, "360df404a0a64bf029589d4e900a26065aa91775560cb49b6f5f54f3a9d10ab341b6ee335d0a62cf5e3746a13403832180d678d868390a62f5293912ca01e5c56968e456f4230058af3629306748d72ab7c375d7f0b82633d7e9d2526f2959a61328167d8554774f062cfab1f0d722ed548d79a254d95dc1faf7a2249e5b9fa9e4d5b81741c05270051674466b76be5b6a77a20d1972075cc8dc3ebe7aa0ca8622941263eebbd530cc8fded11e399d786e823a7769fefba71c2ba514ad3cd63a03eeca67f52fefe6202bac2219d299eda955962291c749b30f83c1fb8cf8b7aac9"}}]}, {0x18, 0x6, "afedfd9af8a4b80d42a5c72874a1dd766219480a"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_pedit={0xec8, 0x15, 0x0, 0x0, {{0xa}, {0xe84, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe50, 0x2, {{{0x3ff, 0x5, 0x20000000, 0x1, 0xfffffffb}, 0xf0, 0x24, [{0x0, 0x80000001, 0x5, 0x0, 0x5, 0x10001}, {0x0, 0x0, 0x96, 0x0, 0xfffff4d3}]}, [{0x0, 0x2, 0x8, 0x0, 0x0, 0x101}, {0x2, 0x1000, 0x28ac, 0x80, 0x7fffffff, 0x40}, {0x0, 0x0, 0x0, 0xffff, 0x2, 0x10001}, {0x1, 0x10000, 0x4, 0xff, 0x1, 0x7ff}, {0x1, 0x0, 0x2, 0x20, 0x2, 0x80000001}, {0x6, 0x8, 0x101, 0x4, 0xaeb, 0x6}, {0xc5, 0x7f, 0x400, 0x6, 0x1}, {0x2, 0x800, 0x1000000, 0x7, 0x3ff, 0x2}, {0x2, 0xfb2, 0x400, 0x4, 0x7, 0x6}, {0x0, 0x1, 0x5472, 0x40, 0x2, 0x2}, {0x0, 0x10001, 0xc96, 0x0, 0x7fff, 0x80000}, {0x0, 0xcd7f, 0x7, 0xe1, 0x0, 0x5e717d0d}, {0x0, 0x8, 0xde8, 0x0, 0xff28}, {0x7, 0xd4, 0x0, 0x5, 0x1, 0x661}, {0x0, 0x101, 0x0, 0x0, 0x7, 0x8}, {0x1e, 0x200, 0x1, 0x9, 0x101, 0xcfc8}, {0x0, 0xff, 0x0, 0x1, 0x2, 0x8001}, {0x40, 0xddc25b10, 0x8000, 0x9c85, 0x7fffffff, 0x5}, {0x9, 0x0, 0x4, 0xffff, 0x3, 0x9}, {0x7ff, 0x0, 0x1f, 0x4, 0x0, 0x8}, {0x3, 0x9, 0xdb08592, 0x8, 0xd1, 0x101}, {0x14d6, 0x0, 0xfff, 0x5, 0x212, 0x7}, {0xfffffffe, 0x9, 0xe, 0xff, 0x0, 0x4}, {0xff, 0x9, 0xffffffff, 0x800, 0x2, 0x8}, {0x1000, 0xe834, 0x72e2, 0x9}, {0x1, 0xc6a6, 0x7fffffff, 0x0, 0x3f}, {0x80000000, 0x3, 0x2, 0x1, 0xe, 0x1f}, {0x0, 0x0, 0x2, 0x7, 0x7, 0x81}, {0x0, 0xbbf, 0x0, 0x1, 0x53d}, {0x6, 0x1, 0x0, 0x0, 0x1, 0x680}, {0x7, 0x0, 0x0, 0xcc6, 0x5f, 0xfffffff7}, {0x0, 0x2, 0xd03, 0x8, 0x2, 0x4}, {0xf1, 0x615, 0xff, 0x0, 0x8}, {0x0, 0x20, 0xffff}, {0xffff, 0x1, 0xb0c, 0x3, 0x7fff, 0xfffffffc}, {0xfffffc01, 0x80, 0x4, 0x0, 0x0, 0x6}, {0x2, 0x10000, 0x82, 0x0, 0x7, 0x5}, {0x0, 0x7ff, 0x0, 0x400, 0x0, 0x1}, {0x4, 0x0, 0xd0, 0x0, 0x8, 0x1000}, {0x5, 0x7, 0x0, 0x0, 0x0, 0x482}, {0x0, 0x1, 0x6, 0x9, 0x9, 0x7}, {0x401, 0x4, 0x0, 0x675b, 0x6}, {0x0, 0x1, 0x0, 0x100, 0x0, 0xffffffc0}, {0x0, 0x101, 0x20, 0xb72e, 0x26, 0x442c}, {0xcb, 0x4, 0xfffffff8, 0x6, 0x9, 0x2}, {0x7fffffff, 0x2, 0x0, 0x4, 0x0, 0x3ff}, {0x2, 0x1000, 0x0, 0x5, 0x8, 0x3}, {0x1, 0x0, 0x0, 0x80000001, 0x9, 0x200}, {0x0, 0x9, 0xfff, 0x80000000, 0x10000, 0x5}, {0x0, 0x0, 0x3ff, 0x8000, 0x81, 0x1}, {0x80, 0x9, 0x0, 0x4}, {0xc4, 0xfffffffd, 0x7, 0x9, 0xc2c5, 0x1}, {0x5, 0x6fc, 0x8, 0x0, 0xe0f, 0x3}, {0x40, 0x6b, 0x9, 0x5d4, 0x7, 0x8000}, {0x1f, 0x1000, 0x0, 0x1, 0x1, 0x9}, {0x7fffffff, 0x4, 0x9, 0x7, 0x6}, {0xfffffffc, 0x7, 0x0, 0x3ff, 0x5, 0x81}, {0x6, 0x8, 0x0, 0x10000, 0xffffffc0}, {0x81, 0xd2a0, 0x800, 0x0, 0x40, 0x2}, {0x40, 0x80000000, 0xea64, 0x76, 0x9}, {0x10000, 0x15bb, 0x9, 0x0, 0x6, 0x5}, {0x0, 0x0, 0x28, 0x2, 0x2, 0x6}, {0x1000, 0x7fff, 0x0, 0x3, 0x3, 0x9}, {0x10000, 0x20, 0x8, 0xd6, 0x7fffffff, 0x412}, {0x7, 0x0, 0xfff, 0x3, 0x9, 0xee}, {0x10001, 0x3f, 0x0, 0x0, 0x5a, 0x401}, {0x101, 0x1, 0x4634, 0x8000, 0x401}, {0x800, 0x1, 0x6, 0x80000001, 0x0, 0x501}, {0x4, 0x5, 0x3ff, 0x1, 0x3b96cc68}, {0x3, 0x1, 0x7d, 0xa3, 0x7, 0x8}, {0x0, 0x10001, 0x7, 0x6, 0x7ff, 0xffffff37}, {0x815, 0x0, 0x313b5531, 0x200, 0x1000, 0xffffffff}, {0x3ff, 0xa9b, 0x7, 0x80000000, 0xe0, 0x27}, {0x101, 0x800, 0x0, 0x1000, 0x79cc, 0x30}, {0x20, 0x0, 0x7, 0xfffffffa, 0x6, 0xcfef}, {0x1f, 0x5, 0x3, 0x1, 0xca62, 0x9}, {0x3, 0x1, 0x400, 0x9, 0xb2, 0x100}, {0x0, 0x3, 0x7, 0x2, 0x8, 0x2}, {0x3, 0xfffffffe, 0x5, 0xffffffff, 0x1, 0x9}, {0x4, 0x8, 0x4, 0x1, 0x3, 0xf9ee2af}, {0x8000, 0x9, 0x5, 0x5, 0x4, 0x2}, {0x5, 0x9, 0x9, 0x1, 0xffffff27, 0x40000000}, {0x4, 0x7, 0xb4000000, 0xeec, 0x7, 0x7}, {0x3, 0x3, 0x87, 0x401, 0x1, 0x80}, {0x5, 0x7, 0x10, 0x8, 0x3ff, 0x50}, {0xffff, 0x81, 0x20, 0x1, 0x80000000, 0x401}, {0x1, 0x400, 0xe4de, 0x7ff, 0x30000, 0x9}, {0x7fffffff, 0x400, 0x1, 0x6ee, 0x10000, 0x8}, {0x2, 0x4, 0x27bc, 0x0, 0x0, 0x5}, {0x5, 0x3f, 0x24d7, 0x2, 0x1000, 0xf46}, {0x1, 0x0, 0x80000001, 0x2, 0xffffff0a}, {0x1ff, 0x2, 0x1f, 0x7, 0x1, 0xf0f5}, {0x0, 0x1ff, 0xce, 0x20, 0x8}, {0x81, 0x433, 0x4, 0xda0, 0x7, 0x20000}, {0x2, 0xb42, 0x2, 0x0, 0xffffffff, 0x40}, {0x1ff, 0x1, 0x401, 0xa895, 0x20, 0x60f}, {0x0, 0xdf, 0x3, 0x6, 0x1, 0x8}, {0x8, 0x0, 0x3, 0x1, 0x7ff, 0x40}, {0xd, 0x1, 0x20, 0x0, 0x4, 0x9}, {0x1f, 0x0, 0x7, 0x9, 0x5f2, 0x191}, {0x6, 0x5, 0x8, 0x4, 0x8, 0xffff3b41}, {0x6, 0x2, 0x101, 0x0, 0x1, 0x7}, {0x49, 0x9, 0xc27, 0x5f1c, 0x80000001, 0x1}, {0xeae51292, 0xd3, 0x71e, 0x0, 0x55ba4723, 0x80000000}, {0x6, 0x64, 0x9, 0x19, 0x3, 0x3}, {0x6, 0x7ff, 0x2, 0x5, 0x450d}, {0x7fff, 0x7f, 0x400, 0x51f8, 0x20}, {0x81, 0x81, 0x7, 0x0, 0x5, 0xf3d}, {0x1f, 0x1, 0x3, 0x8, 0xdbd}, {0x5, 0x7fffffff, 0x4f35, 0x5, 0x5}, {0x3f, 0x7ce, 0x8, 0xcaa, 0x80000001, 0x1000}, {0x400, 0x5, 0x6, 0x7c0, 0x0, 0x2}, {0x80000000, 0x3, 0x6a8, 0x0, 0x1f, 0x10000}, {0x0, 0x20, 0x6, 0x1f, 0x7, 0x2}, {0x4, 0x3, 0xffffffb1, 0x5, 0x100, 0x3}, {0x6, 0x2, 0x9, 0x6, 0x1, 0x635}, {0xfffffff8, 0x9, 0x3, 0xd56, 0xa8, 0x8000}, {0x80000001, 0x34323ecc, 0x0, 0x4, 0x15, 0x7}, {0x1000, 0xfffffffb, 0x3f, 0x6, 0x100, 0x1}, {0x0, 0x80, 0x60d, 0x80, 0xa6, 0x3}, {0x2, 0x3ff, 0x606, 0xfffffeff, 0x1, 0x4}, {0x101, 0x0, 0x7, 0x200, 0x481b}, {0x1, 0xfffffffc, 0x800, 0x0, 0x0, 0x5}, {0x8, 0x6, 0x0, 0x80000001, 0x401, 0x1d}, {0x7fffffff, 0x1000, 0x1000, 0x8b0f, 0x6, 0x800}, {0x0, 0xfffff000, 0x2, 0x5, 0x10000, 0xf3}, {0xcb82, 0xc315, 0x6, 0x6, 0x5, 0x7fffffff}, {0x354f, 0x4, 0x7, 0x663d, 0xd31}], [{0x4}, {0x3}, {0x4}, {}, {0x2, 0x1}, {0x5, 0x1}, {}, {0x2}, {}, {0x3}, {0xd}, {}, {0x0, 0x1}, {}, {0x3}, {0x4, 0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x4}, {0x1}, {0x4, 0x1}, {0x5}, {0x0, 0x1}, {0x0, 0x1}, {0x1}, {}, {0x3, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {}, {0x0, 0x1}, {0x0, 0x1}, {}, {0x5}, {0x2}, {}, {0x6}, {}, {0x1, 0x1}, {0x4}, {0x0, 0x1}, {0x1}, {0x5, 0x1}, {0x4}, {0x4, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x4}, {0x0, 0x1}, {}, {0x0, 0x1}, {0x5}, {0x2}, {0x5}, {0x2, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x4}, {}, {0x3}, {0x5}, {0x3, 0x1}, {}, {}, {0x0, 0x1}, {0x4}, {0x1}, {0x1}, {0x5}, {0x3}, {0x0, 0x1}, {0x4}, {0x5}, {}, {}, {0x4}, {0x0, 0x1}, {}, {0x3}, {0x5, 0x1}, {0x1, 0x1}, {0x4}, {}, {0x0, 0x1}, {0x2, 0x1}, {0x1, 0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x5}, {}, {0x2}, {0x4}, {0x1, 0x1}, {0x3, 0x1}, {}, {}, {}, {0x5}, {0x2}, {0x7}, {0x0, 0x1}, {0x3, 0x1}, {0x5}, {0x2}, {0x5}, {}, {0x3, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {}, {}, {0x3}, {0x3, 0x1}, {0x1, 0x1}, {0x3, 0x1}, {0x1}, {0x5}, {0x1}, {0x1, 0x1}, {}, {0x0, 0x1}]}}, @TCA_PEDIT_KEYS_EX={0x30, 0x5, 0x0, 0x1, [{0x2c, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}]}]}]}, {0x1b, 0x6, "57d21079a8d2935764ec000d69b69144d534c379114c3e"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x3}}}}, @m_gact={0x6c, 0x1b, 0x0, 0x0, {{0x9}, {0x40, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x54, 0x0, 0x0, 0x7fff}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x1e6c, 0xffffffffcffffffd}}, @TCA_GACT_PARMS={0x18, 0x2, {0xffff0001, 0x4, 0x6, 0x8, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_ife={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x2, 0x9a10, 0x10000000, 0x3f4e, 0x7}, 0x1}}, @TCA_IFE_DMAC={0xa, 0x3, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x16}}]}, {0x4}, {0xc, 0x7, {0x1, 0x4936e90f20761ee1}}, {0xc}}}, @m_skbedit={0x68, 0x0, 0x0, 0x0, {{0xc}, {0x3c, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x5}, @TCA_SKBEDIT_PTYPE={0x6}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x401, 0x6, 0x1, 0x0, 0x200}}, @TCA_SKBEDIT_MARK={0x8}, @TCA_SKBEDIT_MARK={0x8, 0x5, 0x400}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}, @TCA_CGROUP_POLICE={0x4}, @TCA_CGROUP_EMATCHES={0xc, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8}]}]}}]}, 0x13b8}}, 0x4000000) [ 467.914801][ T6665] 93825002803200-140548063096831: 0000000000000000 [ 467.924908][ T5169] usb 1-1: Product: syz [ 467.945114][ T5169] usb 1-1: Manufacturer: syz [ 467.973106][ T6665] 140548063096832-140548063100927: ffff888022f0e540 [ 467.980516][ T5169] usb 1-1: SerialNumber: syz [ 468.016685][ T5169] usb 1-1: config 0 descriptor?? 01:47:42 executing program 1: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/net\x00') r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000000)={'ip6gre0\x00', &(0x7f0000000100)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x12, @empty, @private2, 0x0, 0x0, 0xb079}}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000240)={'syztnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', r3, 0x29, 0x10, 0x3, 0x8e, 0xd, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x7, 0x40}}) [ 468.031166][ T6665] 140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d [ 468.106931][ T8192] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 468.259350][ T6665] 140548063100928-140548071489535: ffff888022f0e620 [ 468.306626][ T6665] 140548071489536-140548073586687: ffff888022f0e700 [ 468.352583][ T6665] 140548073586688-140548075683839: ffff888022f0e7e0 [ 468.386535][ T5169] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 468.406792][ T6665] 140548075683840-140548077780991: ffff888022f0e8c0 [ 468.410555][ T5169] asix: probe of 1-1:0.0 failed with error -71 [ 468.429274][ T6665] 140548077780992-140548079878143: ffff888022f0e9a0 [ 468.460205][ T5169] usb 1-1: USB disconnect, device number 5 [ 468.485982][ T6665] 140548079878144-140548084072447: ffff888022f0ea80 [ 468.522798][ T6665] 140548084072448-140548084219903: ffff888022f0eb60 [ 468.601209][ T6665] 140548084219904-140548084948991: ffff888022f0ec40 [ 468.617517][ T6665] 140548084948992-140548085284863: ffff888022f0ed20 [ 468.652218][ T6665] 140548085284864-140548085288959: 0000000000000000 [ 468.702381][ T6665] 140548085288960-140548085653503: ffff888022f0ee00 [ 468.733908][ T6665] 140548085653504-140548085690367: ffff888022f0eee0 [ 468.745317][ T6665] 140548085690368-140548085710847: 0000000000000000 [ 468.758227][ T6665] 140548085710848-140548097556479: ffff88806b3de000 [ 468.765298][ T6665] 140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 468.844181][ T6665] 140548097556480-140548097601535: 0000000000000000 [ 468.853068][ T6665] 140548097601536-140548097605631: ffff88806b3de460 01:47:43 executing program 1: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/net\x00') r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000000)={'ip6gre0\x00', &(0x7f0000000100)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x12, @empty, @private2, 0x0, 0x0, 0xb079}}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000240)={'syztnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', r3, 0x29, 0x10, 0x3, 0x8e, 0xd, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x7, 0x40}}) 01:47:43 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=@ipv6_newroute={0x24, 0x12, 0x1, 0x0, 0x0, {}, [@RTA_PREF={0x5}]}, 0x24}}, 0x0) 01:47:43 executing program 5: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/net\x00') r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000000)={'ip6gre0\x00', &(0x7f0000000100)={'syztnl0\x00', 0x0, 0x2f, 0x20, 0x81, 0x80, 0x12, @empty, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80}}) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000002100)={'syztnl2\x00', &(0x7f0000002000)={'sit0\x00', 0x0, 0x10, 0x7800, 0x80000000, 0x9, {{0x1f, 0x4, 0x0, 0x1, 0x7c, 0x67, 0x0, 0x7, 0x2f, 0x0, @dev, @multicast1, {[@timestamp_addr={0x44, 0x4, 0x5d}, @ssrr={0x89, 0x1b, 0x13, [@local, @multicast2, @empty, @remote, @multicast1, @rand_addr=0x64010100]}, @rr={0x7, 0xb, 0x86, [@dev={0xac, 0x14, 0x14, 0x42}, @empty]}, @generic={0xc, 0xd, "9c49f7bd2331c6a109e599"}, @generic={0x7, 0x5, "27ec02"}, @rr={0x7, 0xf, 0x81, [@dev={0xac, 0x14, 0x14, 0x35}, @rand_addr=0x64010102, @broadcast]}, @ssrr={0x89, 0x1b, 0x23, [@rand_addr=0x64010101, @empty, @multicast2, @multicast1, @remote, @private=0xa010102]}]}}}}}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000240)={'syztnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', r3, 0x29, 0x10, 0x3, 0x8e, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x7, 0x40}}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001f80)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000001f40)={&(0x7f0000000400)=@newchain={0x13b8, 0x64, 0x200, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x0, 0x9}, {0xd, 0x3}, {0x0, 0x3}}, [@TCA_RATE={0x6, 0x5, {0x40, 0xc7}}, @filter_kind_options=@f_cgroup={{0xb}, {0x1380, 0x2, [@TCA_CGROUP_EMATCHES={0x38, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x3, 0x0, 0x0, {{0x0, 0x8, 0xfff}, {0x0, 0x3, 0x2}}}]}, @TCA_EMATCH_TREE_LIST={0x20, 0x2, 0x0, 0x1, [@TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{}, {0xe2, 0x1, 0x6, 0x8}}}]}]}, @TCA_CGROUP_ACT={0x1f4, 0x1, [@m_sample={0x40, 0xc, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x6}, @TCA_SAMPLE_RATE={0x8}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}, @m_csum={0x54, 0x9, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x7fff, 0x0, 0x0, 0x0, 0x6}, 0x79}}]}, {0xc, 0x6, "2d57f86517781551"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_nat={0xdc, 0xb, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0xffffffff, 0x693, 0x1, 0x2, 0x1}, @broadcast, @local, 0xffffff00, 0x1}}]}, {0x8a, 0x6, "4d157d7fcbde6a803a5259ebe7db131f1d53f8f03e5cc5f8331035364c284665e005268019b5eeee849285e196a43d66c9aaa7d472ee85018bec1b3584ea2cec59574e5969634f89ba4d7e761c706103f31aeeda50d45fc56ad58556203a1d125e63d1b846b67522f53dfc96bf3b535095259fccc9bffc55d2f36848f96c553516a6b02a2652"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1}}}}, @m_sample={0x80, 0x18, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_SAMPLE_RATE={0x8, 0x3, 0x3}, @TCA_SAMPLE_PSAMPLE_GROUP={0x8}]}, {0x41, 0x6, "1a79e57062a4e985f826bc2821235976ef354badbb759bb3533c1faaa702f9f20abfd6688adc445b3f44c992d215e1ccb80f97c1f604644782f3be3010"}, {0xc}, {0xc}}}]}, @TCA_CGROUP_ACT={0x1140, 0x1, [@m_ipt={0x14c, 0x0, 0x0, 0x0, {{0x8}, {0x110, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0x10b, 0x6, {0x800, 'filter\x00', 0xff, 0x2, "360df404a0a64bf029589d4e900a26065aa91775560cb49b6f5f54f3a9d10ab341b6ee335d0a62cf5e3746a13403832180d678d868390a62f5293912ca01e5c56968e456f4230058af3629306748d72ab7c375d7f0b82633d7e9d2526f2959a61328167d8554774f062cfab1f0d722ed548d79a254d95dc1faf7a2249e5b9fa9e4d5b81741c05270051674466b76be5b6a77a20d1972075cc8dc3ebe7aa0ca8622941263eebbd530cc8fded11e399d786e823a7769fefba71c2ba514ad3cd63a03eeca67f52fefe6202bac2219d299eda955962291c749b30f83c1fb8cf8b7aac9"}}]}, {0x18, 0x6, "afedfd9af8a4b80d42a5c72874a1dd766219480a"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_pedit={0xec8, 0x15, 0x0, 0x0, {{0xa}, {0xe84, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe50, 0x2, {{{0x3ff, 0x5, 0x20000000, 0x1, 0xfffffffb}, 0xf0, 0x24, [{0x0, 0x80000001, 0x5, 0x0, 0x5, 0x10001}, {0x0, 0x0, 0x96, 0x0, 0xfffff4d3}]}, [{0x0, 0x2, 0x8, 0x0, 0x0, 0x101}, {0x2, 0x1000, 0x28ac, 0x80, 0x7fffffff, 0x40}, {0x0, 0x0, 0x0, 0xffff, 0x2, 0x10001}, {0x1, 0x10000, 0x4, 0xff, 0x1, 0x7ff}, {0x1, 0x0, 0x2, 0x20, 0x2, 0x80000001}, {0x6, 0x8, 0x101, 0x4, 0xaeb, 0x6}, {0xc5, 0x7f, 0x400, 0x6, 0x1}, {0x2, 0x800, 0x1000000, 0x7, 0x3ff, 0x2}, {0x2, 0xfb2, 0x400, 0x4, 0x7, 0x6}, {0x0, 0x1, 0x5472, 0x40, 0x2, 0x2}, {0x0, 0x10001, 0xc96, 0x0, 0x7fff, 0x80000}, {0x0, 0xcd7f, 0x7, 0xe1, 0x0, 0x5e717d0d}, {0x0, 0x8, 0xde8, 0x0, 0xff28}, {0x7, 0xd4, 0x0, 0x5, 0x1, 0x661}, {0x0, 0x101, 0x0, 0x0, 0x7, 0x8}, {0x1e, 0x200, 0x1, 0x9, 0x101, 0xcfc8}, {0x0, 0xff, 0x0, 0x1, 0x2, 0x8001}, {0x40, 0xddc25b10, 0x8000, 0x9c85, 0x7fffffff, 0x5}, {0x9, 0x0, 0x4, 0xffff, 0x3, 0x9}, {0x7ff, 0x0, 0x1f, 0x4, 0x0, 0x8}, {0x3, 0x9, 0xdb08592, 0x8, 0xd1, 0x101}, {0x14d6, 0x0, 0xfff, 0x5, 0x212, 0x7}, {0xfffffffe, 0x9, 0xe, 0xff, 0x0, 0x4}, {0xff, 0x9, 0xffffffff, 0x800, 0x2, 0x8}, {0x1000, 0xe834, 0x72e2, 0x9}, {0x1, 0xc6a6, 0x7fffffff, 0x0, 0x3f}, {0x80000000, 0x3, 0x2, 0x1, 0xe, 0x1f}, {0x0, 0x0, 0x2, 0x7, 0x7, 0x81}, {0x0, 0xbbf, 0x0, 0x1, 0x53d}, {0x6, 0x1, 0x0, 0x0, 0x1, 0x680}, {0x7, 0x0, 0x0, 0xcc6, 0x5f, 0xfffffff7}, {0x0, 0x2, 0xd03, 0x8, 0x2, 0x4}, {0xf1, 0x615, 0xff, 0x0, 0x8}, {0x0, 0x20, 0xffff}, {0xffff, 0x1, 0xb0c, 0x3, 0x7fff, 0xfffffffc}, {0xfffffc01, 0x80, 0x4, 0x0, 0x0, 0x6}, {0x2, 0x10000, 0x82, 0x0, 0x7, 0x5}, {0x0, 0x7ff, 0x0, 0x400, 0x0, 0x1}, {0x4, 0x0, 0xd0, 0x0, 0x8, 0x1000}, {0x5, 0x7, 0x0, 0x0, 0x0, 0x482}, {0x0, 0x1, 0x6, 0x9, 0x9, 0x7}, {0x401, 0x4, 0x0, 0x675b, 0x6}, {0x0, 0x1, 0x0, 0x100, 0x0, 0xffffffc0}, {0x0, 0x101, 0x20, 0xb72e, 0x26, 0x442c}, {0xcb, 0x4, 0xfffffff8, 0x6, 0x9, 0x2}, {0x7fffffff, 0x2, 0x0, 0x4, 0x0, 0x3ff}, {0x2, 0x1000, 0x0, 0x5, 0x8, 0x3}, {0x1, 0x0, 0x0, 0x80000001, 0x9, 0x200}, {0x0, 0x9, 0xfff, 0x80000000, 0x10000, 0x5}, {0x0, 0x0, 0x3ff, 0x8000, 0x81, 0x1}, {0x80, 0x9, 0x0, 0x4}, {0xc4, 0xfffffffd, 0x7, 0x9, 0xc2c5, 0x1}, {0x5, 0x6fc, 0x8, 0x0, 0xe0f, 0x3}, {0x40, 0x6b, 0x9, 0x5d4, 0x7, 0x8000}, {0x1f, 0x1000, 0x0, 0x1, 0x1, 0x9}, {0x7fffffff, 0x4, 0x9, 0x7, 0x6}, {0xfffffffc, 0x7, 0x0, 0x3ff, 0x5, 0x81}, {0x6, 0x8, 0x0, 0x10000, 0xffffffc0}, {0x81, 0xd2a0, 0x800, 0x0, 0x40, 0x2}, {0x40, 0x80000000, 0xea64, 0x76, 0x9}, {0x10000, 0x15bb, 0x9, 0x0, 0x6, 0x5}, {0x0, 0x0, 0x28, 0x2, 0x2, 0x6}, {0x1000, 0x7fff, 0x0, 0x3, 0x3, 0x9}, {0x10000, 0x20, 0x8, 0xd6, 0x7fffffff, 0x412}, {0x7, 0x0, 0xfff, 0x3, 0x9, 0xee}, {0x10001, 0x3f, 0x0, 0x0, 0x5a, 0x401}, {0x101, 0x1, 0x4634, 0x8000, 0x401}, {0x800, 0x1, 0x6, 0x80000001, 0x0, 0x501}, {0x4, 0x5, 0x3ff, 0x1, 0x3b96cc68}, {0x3, 0x1, 0x7d, 0xa3, 0x7, 0x8}, {0x0, 0x10001, 0x7, 0x6, 0x7ff, 0xffffff37}, {0x815, 0x0, 0x313b5531, 0x200, 0x1000, 0xffffffff}, {0x3ff, 0xa9b, 0x7, 0x80000000, 0xe0, 0x27}, {0x101, 0x800, 0x0, 0x1000, 0x79cc, 0x30}, {0x20, 0x0, 0x7, 0xfffffffa, 0x6, 0xcfef}, {0x1f, 0x5, 0x3, 0x1, 0xca62, 0x9}, {0x3, 0x1, 0x400, 0x9, 0xb2, 0x100}, {0x0, 0x3, 0x7, 0x2, 0x8, 0x2}, {0x3, 0xfffffffe, 0x5, 0xffffffff, 0x1, 0x9}, {0x4, 0x8, 0x4, 0x1, 0x3, 0xf9ee2af}, {0x8000, 0x9, 0x5, 0x5, 0x4, 0x2}, {0x5, 0x9, 0x9, 0x1, 0xffffff27, 0x40000000}, {0x4, 0x7, 0xb4000000, 0xeec, 0x7, 0x7}, {0x3, 0x3, 0x87, 0x401, 0x1, 0x80}, {0x5, 0x7, 0x10, 0x8, 0x3ff, 0x50}, {0xffff, 0x81, 0x20, 0x1, 0x80000000, 0x401}, {0x1, 0x400, 0xe4de, 0x7ff, 0x30000, 0x9}, {0x7fffffff, 0x400, 0x1, 0x6ee, 0x10000, 0x8}, {0x2, 0x4, 0x27bc, 0x0, 0x0, 0x5}, {0x5, 0x3f, 0x24d7, 0x2, 0x1000, 0xf46}, {0x1, 0x0, 0x80000001, 0x2, 0xffffff0a}, {0x1ff, 0x2, 0x1f, 0x7, 0x1, 0xf0f5}, {0x0, 0x1ff, 0xce, 0x20, 0x8}, {0x81, 0x433, 0x4, 0xda0, 0x7, 0x20000}, {0x2, 0xb42, 0x2, 0x0, 0xffffffff, 0x40}, {0x1ff, 0x1, 0x401, 0xa895, 0x20, 0x60f}, {0x0, 0xdf, 0x3, 0x6, 0x1, 0x8}, {0x8, 0x0, 0x3, 0x1, 0x7ff, 0x40}, {0xd, 0x1, 0x20, 0x0, 0x4, 0x9}, {0x1f, 0x0, 0x7, 0x9, 0x5f2, 0x191}, {0x6, 0x5, 0x8, 0x4, 0x8, 0xffff3b41}, {0x6, 0x2, 0x101, 0x0, 0x1, 0x7}, {0x49, 0x9, 0xc27, 0x5f1c, 0x80000001, 0x1}, {0xeae51292, 0xd3, 0x71e, 0x0, 0x55ba4723, 0x80000000}, {0x6, 0x64, 0x9, 0x19, 0x3, 0x3}, {0x6, 0x7ff, 0x2, 0x5, 0x450d}, {0x7fff, 0x7f, 0x400, 0x51f8, 0x20}, {0x81, 0x81, 0x7, 0x0, 0x5, 0xf3d}, {0x1f, 0x1, 0x3, 0x8, 0xdbd}, {0x5, 0x7fffffff, 0x4f35, 0x5, 0x5}, {0x3f, 0x7ce, 0x8, 0xcaa, 0x80000001, 0x1000}, {0x400, 0x5, 0x6, 0x7c0, 0x0, 0x2}, {0x80000000, 0x3, 0x6a8, 0x0, 0x1f, 0x10000}, {0x0, 0x20, 0x6, 0x1f, 0x7, 0x2}, {0x4, 0x3, 0xffffffb1, 0x5, 0x100, 0x3}, {0x6, 0x2, 0x9, 0x6, 0x1, 0x635}, {0xfffffff8, 0x9, 0x3, 0xd56, 0xa8, 0x8000}, {0x80000001, 0x34323ecc, 0x0, 0x4, 0x15, 0x7}, {0x1000, 0xfffffffb, 0x3f, 0x6, 0x100, 0x1}, {0x0, 0x80, 0x60d, 0x80, 0xa6, 0x3}, {0x2, 0x3ff, 0x606, 0xfffffeff, 0x1, 0x4}, {0x101, 0x0, 0x7, 0x200, 0x481b}, {0x1, 0xfffffffc, 0x800, 0x0, 0x0, 0x5}, {0x8, 0x6, 0x0, 0x80000001, 0x401, 0x1d}, {0x7fffffff, 0x1000, 0x1000, 0x8b0f, 0x6, 0x800}, {0x0, 0xfffff000, 0x2, 0x5, 0x10000, 0xf3}, {0xcb82, 0xc315, 0x6, 0x6, 0x5, 0x7fffffff}, {0x354f, 0x4, 0x7, 0x663d, 0xd31}], [{0x4}, {0x3}, {0x4}, {}, {0x2, 0x1}, {0x5, 0x1}, {}, {0x2}, {}, {0x3}, {0xd}, {}, {0x0, 0x1}, {}, {0x3}, {0x4, 0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x4}, {0x1}, {0x4, 0x1}, {0x5}, {0x0, 0x1}, {0x0, 0x1}, {0x1}, {}, {0x3, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {}, {0x0, 0x1}, {0x0, 0x1}, {}, {0x5}, {0x2}, {}, {0x6}, {}, {0x1, 0x1}, {0x4}, {0x0, 0x1}, {0x1}, {0x5, 0x1}, {0x4}, {0x4, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x4}, {0x0, 0x1}, {}, {0x0, 0x1}, {0x5}, {0x2}, {0x5}, {0x2, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x4}, {}, {0x3}, {0x5}, {0x3, 0x1}, {}, {}, {0x0, 0x1}, {0x4}, {0x1}, {0x1}, {0x5}, {0x3}, {0x0, 0x1}, {0x4}, {0x5}, {}, {}, {0x4}, {0x0, 0x1}, {}, {0x3}, {0x5, 0x1}, {0x1, 0x1}, {0x4}, {}, {0x0, 0x1}, {0x2, 0x1}, {0x1, 0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x5}, {}, {0x2}, {0x4}, {0x1, 0x1}, {0x3, 0x1}, {}, {}, {}, {0x5}, {0x2}, {0x7}, {0x0, 0x1}, {0x3, 0x1}, {0x5}, {0x2}, {0x5}, {}, {0x3, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {}, {}, {0x3}, {0x3, 0x1}, {0x1, 0x1}, {0x3, 0x1}, {0x1}, {0x5}, {0x1}, {0x1, 0x1}, {}, {0x0, 0x1}]}}, @TCA_PEDIT_KEYS_EX={0x30, 0x5, 0x0, 0x1, [{0x2c, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}]}]}]}, {0x1b, 0x6, "57d21079a8d2935764ec000d69b69144d534c379114c3e"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x3}}}}, @m_gact={0x6c, 0x1b, 0x0, 0x0, {{0x9}, {0x40, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x54, 0x0, 0x0, 0x7fff}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x1e6c, 0xffffffffcffffffd}}, @TCA_GACT_PARMS={0x18, 0x2, {0xffff0001, 0x4, 0x6, 0x8, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_ife={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x2, 0x9a10, 0x10000000, 0x3f4e, 0x7}, 0x1}}, @TCA_IFE_DMAC={0xa, 0x3, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x16}}]}, {0x4}, {0xc, 0x7, {0x1, 0x4936e90f20761ee1}}, {0xc}}}, @m_skbedit={0x68, 0x0, 0x0, 0x0, {{0xc}, {0x3c, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x5}, @TCA_SKBEDIT_PTYPE={0x6}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x401, 0x6, 0x1, 0x0, 0x200}}, @TCA_SKBEDIT_MARK={0x8}, @TCA_SKBEDIT_MARK={0x8, 0x5, 0x400}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}, @TCA_CGROUP_POLICE={0x4}, @TCA_CGROUP_EMATCHES={0xc, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8}]}]}}]}, 0x13b8}}, 0x4000000) 01:47:43 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=@ipv6_newroute={0x1c, 0x18, 0x1, 0x0, 0x0, {0xa, 0xfc}}, 0x1c}}, 0x0) 01:47:43 executing program 2: ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(0xffffffffffffffff, 0x40082102, &(0x7f0000000000)) openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000001140)='/sys/block/ram5', 0x202200, 0x0) ioctl$KVM_TRANSLATE(r0, 0xc018ae85, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r0, 0x40082102, &(0x7f0000000580)) syz_clone(0x40108000, &(0x7f0000000380)="ecb2f27e8b0a0d8123830e8eb5f979e92eea23e3844ae1b84a864d4d741bfe0a51413ff75c7e8d2e41effbbab3f1b442a7df9e786082b6b1b736dfe739df1c7233c99e0def698a4f57d40a2c18f807d0ea31c149cfacb8fc3b7502053a2c49153d681630dc537ce785137ed27a54763e40566b0830135b31bcaaf8a61988baff1da197468b3e842368d71ece0f", 0x8d, &(0x7f0000000040), &(0x7f0000000440), &(0x7f0000000480)="9fcd333d4c4f7e30b61706081cb99773edf084fe80c68ecbe3ea374e233e580ae92061f67951624c91d3dfb29fe16501b26a54ab2a25a1a9f7b758d99a6aa743dbc43ffe7b31b1b140beac51436a2af523e08419852ac4281add174a62d40763f65f58fa12b1be9e22308e1aa7284212f71b7998b65950e79fac5f4a1419809b1f2faaa6ee3d760602b4e03f5955026c470888741151d8784e5fc9e59b3a19ce8507f284b0a69e6ee490a8964ea23f5a4d0a9e9f6e4c0a40061ffb5f151be812c515ad281377d6") 01:47:43 executing program 0: syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x6, 0x7, 0xa2, 0x10, 0x13b1, 0x18, 0x9a17, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x1c, 0x37, 0xd9, 0x0, [], [{{0x9, 0x5, 0x0, 0x3, 0x40}}, {{0x9, 0x5, 0x0, 0x2, 0x10}}]}}]}}]}}, 0x0) 01:47:43 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=@ipv6_newroute={0x1c, 0x18, 0x1, 0x0, 0x0, {0xa, 0xfc}}, 0x1c}}, 0x0) [ 469.055751][ T8249] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 01:47:43 executing program 4: ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(0xffffffffffffffff, 0x40082102, &(0x7f0000000000)) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000001140)='/sys/block/ram5', 0x202200, 0x0) ioctl$KVM_TRANSLATE(r1, 0xc018ae85, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r1, 0x40082102, &(0x7f0000000580)) syz_clone(0x40108000, &(0x7f0000000380)="ecb2f27e8b0a0d8123830e8eb5f979e92eea23e3844ae1b84a864d4d741bfe0a51413ff75c7e8d2e41effbbab3f1b442a7df9e786082b6b1b736dfe739df1c7233c99e0def698a4f57d40a2c18f807d0ea31c149cfacb8fc3b7502053a2c49153d681630dc537ce78513", 0x6a, &(0x7f0000000040), &(0x7f0000000440), &(0x7f0000000480)="9fcd333d4c4f7e30b61706081cb99773edf084fe80c68ecbe3ea374e233e580ae92061f67951624c91d3dfb29fe16501b26a54ab2a25a1a9f7b758d99a6aa743dbc43ffe7b31b1b140beac51436a2af523e08419852ac4281add174a62d40763f65f58fa12b1be9e22308e1aa7284212f71b7998b65950e79fac5f4a1419809b1f2faaa6ee3d760602b4e03f5955026c470888741151d8784e5fc9e59b3a19ce8507f284b0a69e6ee490a8964ea23f5a4d0a9e9f6e4c0a40061ffb5f151be812c515ad281377d6") write$tun(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="04fc3ae1d434a96de4330e5ccdfac037ca4ba576eada2e9a10086d6ff81b75ebb83d61cb5098db8dc75a9b8e0a5dc84df10afd2b017b6fae4f739f294173c53a8804d76daa9b515dbae278cb30af324577219a43eed12e5401"], 0x59) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) 01:47:44 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=@ipv6_newroute={0x1c, 0x18, 0x1, 0x0, 0x0, {0xa, 0xfc}}, 0x1c}}, 0x0) [ 469.112815][ T6665] 140548097605632-140548097736703: ffff88806b3de380 [ 469.137766][ T6665] 140548097736704-140735437164543: 0000000000000000 [ 469.236280][ T6665] 140735437164544-140735437299711: ffff88806b3de0e0 [ 469.271314][ T6665] 140735437299712-140735437316095: 0000000000000000 01:47:44 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=@ipv6_newroute={0x1c, 0x18, 0x1, 0x0, 0x0, {0xa, 0xfc}}, 0x1c}}, 0x0) [ 469.296485][ T6515] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 469.304230][ T6665] 140735437316096-140735437332479: ffff88806b3de1c0 [ 469.321976][ T6665] 140735437332480-140735437340671: ffff88806b3de2a0 [ 469.372406][ T6665] 140735437340672-18446744073709551615: 0000000000000000 [ 469.414508][ T6665] Pass: 10201331 Run:10201470 [ 469.440757][ T6665] CPU: 0 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 [ 469.450608][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 469.460692][ T6665] Call Trace: [ 469.464003][ T6665] [ 469.466963][ T6665] dump_stack_lvl+0xd1/0x138 [ 469.471608][ T6665] mt_find.cold+0x8b/0x90 [ 469.475992][ T6665] ? mas_find+0x1d0/0x1d0 [ 469.480384][ T6665] find_vma+0x10c/0x1b0 [ 469.484580][ T6665] ? can_vma_merge_before+0x390/0x390 01:47:44 executing program 1: syz_usb_connect$hid(0x0, 0x36, 0xfffffffffffffffe, 0x0) 01:47:44 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@ipv6_getnexthop={0x18, 0x6a, 0x285}, 0x18}}, 0x0) [ 469.489997][ T6665] ? walk_page_test+0x78/0x180 [ 469.494811][ T6665] walk_page_range+0x2b1/0x4a0 [ 469.499634][ T6665] ? __walk_page_range+0x780/0x780 [ 469.504814][ T6665] mlock_fixup+0x650/0x810 [ 469.509288][ T6665] apply_vma_lock_flags+0x23d/0x350 [ 469.514535][ T6665] ? mlock_fixup+0x810/0x810 [ 469.519193][ T6665] ? __ia32_sys_get_robust_list+0x400/0x400 [ 469.525143][ T6665] do_mlock+0x25a/0x6d0 [ 469.529360][ T6665] ? folio_evictable+0x270/0x270 [ 469.534367][ T6665] ? syscall_enter_from_user_mode+0x26/0xb0 [ 469.540312][ T6665] __x64_sys_mlock+0x59/0x80 [ 469.544926][ T6665] do_syscall_64+0x39/0xb0 [ 469.549377][ T6665] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 469.555294][ T6665] RIP: 0033:0x7fd3e6a8c0c9 [ 469.559719][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 469.579344][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 469.587776][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9 [ 469.595760][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000 [ 469.603741][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000 [ 469.611727][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 469.619710][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000 [ 469.627711][ T6665] [ 469.686571][ T6515] usb 1-1: Using ep0 maxpacket: 16 01:47:44 executing program 3: userfaultfd(0x0) socket$igmp6(0xa, 0x3, 0x2) r0 = openat$cuse(0xffffff9c, &(0x7f0000004780), 0x2, 0x0) write$FUSE_WRITE(r0, &(0x7f00000047c0)={0x18}, 0x18) 01:47:44 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_VLAN(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB='.\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001200000085"], 0x3c}}, 0x0) [ 469.806682][ T6515] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 469.824014][ T6515] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 469.964487][ T8274] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.3'. [ 469.999863][ T6665] index not increased! 20ffb000 <= 20ffb000 [ 470.006670][ T6515] usb 1-1: New USB device found, idVendor=13b1, idProduct=0018, bcdDevice=9a.17 [ 470.015802][ T6515] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 470.048714][ T6515] usb 1-1: Product: syz [ 470.056631][ T6515] usb 1-1: Manufacturer: syz 01:47:44 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x7, &(0x7f0000000080)=[{0x5}, {}, {}, {}, {}, {}, {}]}) [ 470.064258][ T6515] usb 1-1: SerialNumber: syz [ 470.075421][ T6515] usb 1-1: config 0 descriptor?? [ 470.098078][ T6665] BUG at mt_find:6473 (1) [ 470.102449][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e [ 470.112039][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 470.117822][ T8248] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 01:47:45 executing program 1: ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x2) r0 = openat$loop_ctrl(0xffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) [ 470.153270][ T6665] 0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d 01:47:45 executing program 2: ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(0xffffffffffffffff, 0x40082102, &(0x7f0000000000)) openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000001140)='/sys/block/ram5', 0x202200, 0x0) ioctl$KVM_TRANSLATE(r0, 0xc018ae85, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r0, 0x40082102, &(0x7f0000000580)) syz_clone(0x40108000, &(0x7f0000000380)="ecb2f27e8b0a0d8123830e8eb5f979e92eea23e3844ae1b84a864d4d741bfe0a51413ff75c7e8d2e41effbbab3f1b442a7df9e786082b6b1b736dfe739df1c7233c99e0def698a4f57d40a2c18f807d0ea31c149cfacb8fc3b7502053a2c49153d681630dc537ce785137ed27a54763e40566b0830135b31bcaaf8a61988baff1da197468b3e842368d71ece0f", 0x8d, &(0x7f0000000040), &(0x7f0000000440), &(0x7f0000000480)="9fcd333d4c4f7e30b61706081cb99773edf084fe80c68ecbe3ea374e233e580ae92061f67951624c91d3dfb29fe16501b26a54ab2a25a1a9f7b758d99a6aa743dbc43ffe7b31b1b140beac51436a2af523e08419852ac4281add174a62d40763f65f58fa12b1be9e22308e1aa7284212f71b7998b65950e79fac5f4a1419809b1f2faaa6ee3d760602b4e03f5955026c470888741151d8784e5fc9e59b3a19ce8507f284b0a69e6ee490a8964ea23f5a4d0a9e9f6e4c0a40061ffb5f151be812c515ad281377d6") [ 470.286664][ T6665] 0-536866815: 0000000000000000 [ 470.331844][ T6665] 536866816-536870911: ffff888022f0e0e0 [ 470.380432][ T6665] 536870912-553627647: ffff888022f0e1c0 [ 470.406697][ T6665] 553627648-553635839: 0000000000000000 [ 470.435362][ T6665] 553635840-553627647: ffff8880272dc9a0 [ 470.451049][ T6665] 553627648-553644031: ffff8880272dc8c0 [ 470.473298][ T6665] 553644032-553648127: ffff88807e16c7e0 [ 470.489597][ T6665] 553648128-553652223: ffff888022f0e2a0 [ 470.505681][ T6665] 553652224-116813594623: 0000000000000000 [ 470.524293][ T6665] 116813594624-116817788927: ffff888022f0e380 [ 470.558043][ T6665] 116817788928-93825002663935: 0000000000000000 [ 470.586482][ T6515] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 470.586772][ T6665] 93825002663936-93825002803199: [ 470.599132][ T6515] asix: probe of 1-1:0.0 failed with error -71 [ 470.626405][ T6665] ffff888022f0e460 [ 470.630165][ T6665] 93825002803200-140548063096831: 0000000000000000 [ 470.644958][ T6515] usb 1-1: USB disconnect, device number 6 [ 470.671390][ T6665] 140548063096832-140548063100927: ffff888022f0e540 [ 470.695744][ T6665] 140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d [ 470.876159][ T6665] 140548063100928-140548071489535: ffff888022f0e620 [ 470.896366][ T6665] 140548071489536-140548073586687: ffff888022f0e700 [ 470.903364][ T6665] 140548073586688-140548075683839: ffff888022f0e7e0 [ 470.910657][ T6665] 140548075683840-140548077780991: ffff888022f0e8c0 [ 470.917726][ T6665] 140548077780992-140548079878143: ffff888022f0e9a0 [ 470.932090][ T6665] 140548079878144-140548084072447: ffff888022f0ea80 [ 470.943720][ T6665] 140548084072448-140548084219903: ffff888022f0eb60 [ 470.956550][ T6665] 140548084219904-140548084948991: ffff888022f0ec40 [ 470.970357][ T6665] 140548084948992-140548085284863: ffff888022f0ed20 [ 470.985329][ T6665] 140548085284864-140548085288959: 0000000000000000 [ 471.002920][ T6665] 140548085288960-140548085653503: ffff888022f0ee00 [ 471.019044][ T6665] 140548085653504-140548085690367: ffff888022f0eee0 [ 471.035305][ T6665] 140548085690368-140548085710847: 0000000000000000 [ 471.054719][ T6665] 140548085710848-140548097556479: ffff88806b3de000 01:47:45 executing program 0: syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x6, 0x7, 0xa2, 0x10, 0x13b1, 0x18, 0x9a17, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x1c, 0x37, 0xd9, 0x0, [], [{{0x9, 0x5, 0x0, 0x3, 0x40}}, {{0x9, 0x5, 0x0, 0x2, 0x10}}]}}]}}]}}, 0x0) 01:47:45 executing program 4: ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(0xffffffffffffffff, 0x40082102, &(0x7f0000000000)) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000001140)='/sys/block/ram5', 0x202200, 0x0) ioctl$KVM_TRANSLATE(r1, 0xc018ae85, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r1, 0x40082102, &(0x7f0000000580)) syz_clone(0x40108000, &(0x7f0000000380)="ecb2f27e8b0a0d8123830e8eb5f979e92eea23e3844ae1b84a864d4d741bfe0a51413ff75c7e8d2e41effbbab3f1b442a7df9e786082b6b1b736dfe739df1c7233c99e0def698a4f57d40a2c18f807d0ea31c149cfacb8fc3b7502053a2c49153d681630dc537ce78513", 0x6a, &(0x7f0000000040), &(0x7f0000000440), &(0x7f0000000480)="9fcd333d4c4f7e30b61706081cb99773edf084fe80c68ecbe3ea374e233e580ae92061f67951624c91d3dfb29fe16501b26a54ab2a25a1a9f7b758d99a6aa743dbc43ffe7b31b1b140beac51436a2af523e08419852ac4281add174a62d40763f65f58fa12b1be9e22308e1aa7284212f71b7998b65950e79fac5f4a1419809b1f2faaa6ee3d760602b4e03f5955026c470888741151d8784e5fc9e59b3a19ce8507f284b0a69e6ee490a8964ea23f5a4d0a9e9f6e4c0a40061ffb5f151be812c515ad281377d6") write$tun(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="04fc3ae1d434a96de4330e5ccdfac037ca4ba576eada2e9a10086d6ff81b75ebb83d61cb5098db8dc75a9b8e0a5dc84df10afd2b017b6fae4f739f294173c53a8804d76daa9b515dbae278cb30af324577219a43eed12e5401"], 0x59) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) 01:47:45 executing program 3: r0 = syz_open_dev$vcsn(&(0x7f0000000000), 0x1, 0x82) write$cgroup_pid(r0, &(0x7f0000000040), 0x12) 01:47:45 executing program 5: ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(0xffffffffffffffff, 0x40082102, &(0x7f0000000000)) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000001140)='/sys/block/ram5', 0x202200, 0x0) ioctl$KVM_TRANSLATE(r0, 0xc018ae85, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r0, 0x40082102, &(0x7f0000000580)) syz_clone(0x40108000, &(0x7f0000000380)="ecb2f27e8b0a0d8123830e8eb5f979e92eea23e3844ae1b84a864d4d741bfe0a51413ff75c7e8d2e41effbbab3f1b442a7df9e786082b6b1b736dfe739df1c7233c99e0def698a4f57d40a2c18f807d0ea31c149cfacb8fc3b7502053a2c49153d681630dc537ce785137ed27a54763e40566b0830135b31bcaaf8a61988baff1da197468b3e842368d71ece0f", 0x8d, &(0x7f0000000040), &(0x7f0000000440), &(0x7f0000000480)="9fcd333d4c4f7e30b61706081cb99773edf084fe80c68ecbe3ea374e233e580ae92061f67951624c91d3dfb29fe16501b26a54ab2a25a1a9f7b758d99a6aa743dbc43ffe7b31b1b140beac51436a2af523e08419852ac4281add174a62d40763f65f58fa12b1be9e22308e1aa7284212f71b7998b65950e79fac5f4a1419809b1f2faaa6ee3d760602b4e03f5955026c470888741151d8784e5fc9e59b3a19ce8507f284b0a69e6ee490a8964ea23f5a4d0a9e9f6e4c0a40061ffb5f151be812c515ad281377d6") write$tun(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[@ANYBLOB="04fc3ae1d434a96de4330e5ccdfac037ca4ba576eada2e9a10086d6ff81b75ebb83d61cb5098db8dc75a9b8e0a5dc84df10afd2b017b6fae4f739f294173c53a8804d76daa9b515dbae278cb30af324577219a43eed12e5401"], 0x59) ioctl$TUNGETFEATURES(0xffffffffffffffff, 0x800454cf, 0x0) 01:47:45 executing program 1: syz_open_dev$evdev(0x0, 0x0, 0x0) syz_open_dev$evdev(&(0x7f00000003c0), 0x3735, 0x0) [ 471.070796][ T6665] 140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 01:47:46 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000003c0)={0x14, r1, 0x1}, 0x14}}, 0x0) 01:47:46 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f0000000640)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000600)={0x0}}, 0x0) [ 471.261518][ T6665] 140548097556480-140548097601535: 0000000000000000 01:47:46 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000001c0)={'tunl0\x00', &(0x7f0000000040)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @empty}}}}) [ 471.301811][ T6665] 140548097601536-140548097605631: ffff88806b3de460 [ 471.339306][ T6665] 140548097605632-140548097736703: ffff88806b3de380 01:47:46 executing program 3: clock_settime(0x700, 0x0) [ 471.403041][ T6665] 140548097736704-140735437164543: 0000000000000000 01:47:46 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000001c0)={'tunl0\x00', &(0x7f0000000040)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @empty}}}}) [ 471.452971][ T6665] 140735437164544-140735437299711: ffff88806b3de0e0 01:47:46 executing program 3: bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x6, 0x2, &(0x7f0000000080)=@raw=[@initr0], &(0x7f00000000c0)='GPL\x00', 0x3, 0xd1, &(0x7f0000000100)=""/209, 0x0, 0x12, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) [ 471.509249][ T6665] 140735437299712-140735437316095: 0000000000000000 [ 471.546491][ T6954] usb 1-1: new high-speed USB device number 7 using dummy_hcd 01:47:46 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_VLAN(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB='.\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001200000005002a000000000008"], 0x3c}}, 0x0) [ 471.586536][ T6665] 140735437316096-140735437332479: ffff88806b3de1c0 [ 471.669195][ T6665] 140735437332480-140735437340671: ffff88806b3de2a0 [ 471.703073][ T6665] 140735437340672-18446744073709551615: 0000000000000000 [ 471.736413][ T6665] Pass: 10252504 Run:10252644 [ 471.746688][ T6665] CPU: 0 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 [ 471.756541][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 471.766627][ T6665] Call Trace: [ 471.769923][ T6665] [ 471.772871][ T6665] dump_stack_lvl+0xd1/0x138 [ 471.777507][ T6665] mt_find.cold+0x8b/0x90 [ 471.781893][ T6665] ? mas_find+0x1d0/0x1d0 [ 471.786292][ T6665] find_vma+0x10c/0x1b0 [ 471.790486][ T6665] ? can_vma_merge_before+0x390/0x390 [ 471.795900][ T6665] ? walk_page_test+0x78/0x180 [ 471.800712][ T6665] walk_page_range+0x2b1/0x4a0 [ 471.805523][ T6665] ? __walk_page_range+0x780/0x780 [ 471.810702][ T6665] mlock_fixup+0x650/0x810 [ 471.815188][ T6665] apply_vma_lock_flags+0x23d/0x350 [ 471.820456][ T6665] ? mlock_fixup+0x810/0x810 [ 471.825144][ T6665] ? __ia32_sys_get_robust_list+0x400/0x400 [ 471.831097][ T6665] do_mlock+0x25a/0x6d0 [ 471.835314][ T6665] ? folio_evictable+0x270/0x270 [ 471.840323][ T6665] ? syscall_enter_from_user_mode+0x26/0xb0 [ 471.846276][ T6665] __x64_sys_mlock+0x59/0x80 [ 471.850899][ T6665] do_syscall_64+0x39/0xb0 [ 471.855371][ T6665] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 471.861305][ T6665] RIP: 0033:0x7fd3e6a8c0c9 [ 471.865755][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 471.885408][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 471.893864][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9 [ 471.901869][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000 [ 471.906526][ T6954] usb 1-1: Using ep0 maxpacket: 16 [ 471.909851][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000 [ 471.909875][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 471.909894][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000 [ 471.909934][ T6665] [ 471.986011][ T6665] index not increased! 20ffb000 <= 20ffb000 [ 472.031171][ T6665] BUG at mt_find:6473 (1) [ 472.057021][ T6954] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 472.067858][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e [ 472.095240][ T6954] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 472.173906][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 472.222320][ T8316] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.2'. [ 472.324745][ T6665] 0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d [ 472.406431][ T6954] usb 1-1: New USB device found, idVendor=13b1, idProduct=0018, bcdDevice=9a.17 [ 472.415518][ T6954] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 472.454417][ T6954] usb 1-1: Product: syz [ 472.466428][ T6954] usb 1-1: Manufacturer: syz [ 472.471068][ T6954] usb 1-1: SerialNumber: syz [ 472.506768][ T6954] usb 1-1: config 0 descriptor?? [ 472.526777][ T8294] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 472.656364][ T6665] 0-536866815: 0000000000000000 [ 472.661636][ T6665] 536866816-536870911: ffff888022f0e0e0 [ 472.736434][ T6665] 536870912-553627647: ffff888022f0e1c0 [ 472.742404][ T6665] 553627648-553635839: 0000000000000000 [ 472.757694][ T6954] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 472.796508][ T6954] asix: probe of 1-1:0.0 failed with error -71 [ 472.817451][ T6954] usb 1-1: USB disconnect, device number 7 [ 472.824243][ T6665] 553635840-553627647: ffff8880272dc9a0 [ 472.886863][ T6665] 553627648-553644031: ffff8880272dc8c0 [ 472.892818][ T6665] 553644032-553648127: ffff88807e16c7e0 [ 472.946376][ T6665] 553648128-553652223: ffff888022f0e2a0 [ 472.952330][ T6665] 553652224-116813594623: 0000000000000000 [ 472.996343][ T6665] 116813594624-116817788927: ffff888022f0e380 [ 473.002862][ T6665] 116817788928-93825002663935: 0000000000000000 [ 473.056362][ T6665] 93825002663936-93825002803199: ffff888022f0e460 [ 473.063185][ T6665] 93825002803200-140548063096831: 0000000000000000 [ 473.136345][ T6665] 140548063096832-140548063100927: ffff888022f0e540 [ 473.143366][ T6665] 140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d [ 473.281880][ T6665] 140548063100928-140548071489535: ffff888022f0e620 [ 473.289116][ T6665] 140548071489536-140548073586687: ffff888022f0e700 [ 473.296180][ T6665] 140548073586688-140548075683839: ffff888022f0e7e0 [ 473.303356][ T6665] 140548075683840-140548077780991: ffff888022f0e8c0 [ 473.310767][ T6665] 140548077780992-140548079878143: ffff888022f0e9a0 [ 473.317912][ T6665] 140548079878144-140548084072447: ffff888022f0ea80 01:47:48 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000001c0)={'tunl0\x00', &(0x7f0000000040)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @empty}}}}) 01:47:48 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r0, &(0x7f0000000440)={&(0x7f0000000380), 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0xd00}, 0x14}}, 0x0) 01:47:48 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r0, &(0x7f0000000800)={0x0, 0x0, 0x0}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f00000008c0), 0xffffffffffffffff) 01:47:48 executing program 4: ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(0xffffffffffffffff, 0x40082102, &(0x7f0000000000)) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000001140)='/sys/block/ram5', 0x202200, 0x0) ioctl$KVM_TRANSLATE(r1, 0xc018ae85, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r1, 0x40082102, &(0x7f0000000580)) syz_clone(0x40108000, &(0x7f0000000380)="ecb2f27e8b0a0d8123830e8eb5f979e92eea23e3844ae1b84a864d4d741bfe0a51413ff75c7e8d2e41effbbab3f1b442a7df9e786082b6b1b736dfe739df1c7233c99e0def698a4f57d40a2c18f807d0ea31c149cfacb8fc3b7502053a2c49153d681630dc537ce78513", 0x6a, &(0x7f0000000040), &(0x7f0000000440), &(0x7f0000000480)="9fcd333d4c4f7e30b61706081cb99773edf084fe80c68ecbe3ea374e233e580ae92061f67951624c91d3dfb29fe16501b26a54ab2a25a1a9f7b758d99a6aa743dbc43ffe7b31b1b140beac51436a2af523e08419852ac4281add174a62d40763f65f58fa12b1be9e22308e1aa7284212f71b7998b65950e79fac5f4a1419809b1f2faaa6ee3d760602b4e03f5955026c470888741151d8784e5fc9e59b3a19ce8507f284b0a69e6ee490a8964ea23f5a4d0a9e9f6e4c0a40061ffb5f151be812c515ad281377d6") write$tun(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="04fc3ae1d434a96de4330e5ccdfac037ca4ba576eada2e9a10086d6ff81b75ebb83d61cb5098db8dc75a9b8e0a5dc84df10afd2b017b6fae4f739f294173c53a8804d76daa9b515dbae278cb30af324577219a43eed12e5401"], 0x59) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) 01:47:48 executing program 2: r0 = openat$cuse(0xffffff9c, &(0x7f0000004780), 0x2, 0x0) read$FUSE(r0, &(0x7f0000000000)={0x2020}, 0x2020) 01:47:48 executing program 3: openat$vhost_vsock(0xffffff9c, &(0x7f0000000200), 0x2, 0x0) pselect6(0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x989680}, 0x0) 01:47:48 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000001c0)={'tunl0\x00', &(0x7f0000000040)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @empty}}}}) 01:47:48 executing program 0: syz_open_dev$evdev(&(0x7f00000001c0), 0x0, 0x81c2) [ 473.439306][ T6665] 140548084072448-140548084219903: ffff888022f0eb60 01:47:48 executing program 3: timer_create(0x0, &(0x7f0000001340)={0x0, 0x0, 0x4, @tid=0xffffffffffffffff}, 0x0) 01:47:48 executing program 1: r0 = syz_open_dev$loop(&(0x7f00000003c0), 0x4, 0x0) ioctl$LOOP_CLR_FD(r0, 0x4c01) 01:47:48 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r0, 0x8912, &(0x7f0000000180)={'sit0\x00', 0x0}) 01:47:48 executing program 3: socketpair(0x26, 0x0, 0x0, &(0x7f0000000680)) [ 473.532567][ T6665] 140548084219904-140548084948991: ffff888022f0ec40 01:47:48 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r0, 0x89f8, &(0x7f0000000140)={'gre0\x00', &(0x7f00000000c0)={'syztnl0\x00', 0x0, 0x0, 0x7800, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @private}}}}) 01:47:48 executing program 0: r0 = openat$cuse(0xffffff9c, &(0x7f00000046c0), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000004700)=ANY=[], 0x2e) [ 473.646431][ T6665] 140548084948992-140548085284863: ffff888022f0ed20 01:47:48 executing program 5: memfd_create(&(0x7f00000003c0)='!#{:^\x00', 0x4) [ 473.785223][ T6665] 140548085284864-140548085288959: 0000000000000000 [ 473.869411][ T6665] 140548085288960-140548085653503: ffff888022f0ee00 [ 473.939538][ T6665] 140548085653504-140548085690367: ffff888022f0eee0 [ 474.035423][ T6665] 140548085690368-140548085710847: 0000000000000000 [ 474.060905][ T6665] 140548085710848-140548097556479: ffff88806b3de000 [ 474.113175][ T6665] 140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 474.256563][ T6665] 140548097556480-140548097601535: 0000000000000000 [ 474.263576][ T6665] 140548097601536-140548097605631: ffff88806b3de460 [ 474.358587][ T6665] 140548097605632-140548097736703: ffff88806b3de380 [ 474.365596][ T6665] 140548097736704-140735437164543: 0000000000000000 01:47:49 executing program 4: ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(0xffffffffffffffff, 0x40082102, &(0x7f0000000000)) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000001140)='/sys/block/ram5', 0x202200, 0x0) ioctl$KVM_TRANSLATE(r1, 0xc018ae85, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r1, 0x40082102, &(0x7f0000000580)) syz_clone(0x40108000, &(0x7f0000000380)="ecb2f27e8b0a0d8123830e8eb5f979e92eea23e3844ae1b84a864d4d741bfe0a51413ff75c7e8d2e41effbbab3f1b442a7df9e786082b6b1b736dfe739df1c7233c99e0def698a4f57d40a2c18f807d0ea31c149cfacb8fc3b7502053a2c49153d681630dc537ce78513", 0x6a, &(0x7f0000000040), &(0x7f0000000440), &(0x7f0000000480)="9fcd333d4c4f7e30b61706081cb99773edf084fe80c68ecbe3ea374e233e580ae92061f67951624c91d3dfb29fe16501b26a54ab2a25a1a9f7b758d99a6aa743dbc43ffe7b31b1b140beac51436a2af523e08419852ac4281add174a62d40763f65f58fa12b1be9e22308e1aa7284212f71b7998b65950e79fac5f4a1419809b1f2faaa6ee3d760602b4e03f5955026c470888741151d8784e5fc9e59b3a19ce8507f284b0a69e6ee490a8964ea23f5a4d0a9e9f6e4c0a40061ffb5f151be812c515ad281377d6") write$tun(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="04fc3ae1d434a96de4330e5ccdfac037ca4ba576eada2e9a10086d6ff81b75ebb83d61cb5098db8dc75a9b8e0a5dc84df10afd2b017b6fae4f739f294173c53a8804d76daa9b515dbae278cb30af324577219a43eed12e5401"], 0x59) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) [ 474.466395][ T6665] 140735437164544-140735437299711: ffff88806b3de0e0 [ 474.473441][ T6665] 140735437299712-140735437316095: 0000000000000000 [ 474.497217][ T6665] 140735437316096-140735437332479: ffff88806b3de1c0 [ 474.504259][ T6665] 140735437332480-140735437340671: ffff88806b3de2a0 01:47:49 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000080)={'sit0\x00', &(0x7f0000000000)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x2f, 0x0, @local}}}}) 01:47:49 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r0, 0xc0045878, 0x0) 01:47:49 executing program 3: r0 = openat$cuse(0xffffff9c, &(0x7f0000004780), 0x2, 0x0) read$FUSE(r0, &(0x7f00000024c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_CREATE_OPEN(r0, &(0x7f0000000200)={0xa0, 0xfffffffffffffffe, r1}, 0xa0) 01:47:49 executing program 2: r0 = openat$cuse(0xffffff9c, &(0x7f0000004780), 0x2, 0x0) read$FUSE(r0, &(0x7f0000000000)={0x2020}, 0x2020) 01:47:49 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r0, 0x8933, &(0x7f0000000180)={'sit0\x00', 0x0}) 01:47:49 executing program 1: clock_settime(0x0, &(0x7f00000003c0)={0x77359400}) 01:47:49 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), 0x0, 0x0, &(0x7f00000000c0)={{}, 0x2c, {}, 0x2c, {'user_id', 0x3d, 0xffffffffffffffff}, 0x2c, {'group_id', 0x3d, 0xee01}}, 0x0, 0x0, 0x0) 01:47:49 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000040)) 03:33:20 executing program 5: r0 = openat$loop_ctrl(0xffffff9c, &(0x7f0000000000), 0x300, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 03:33:20 executing program 1: r0 = openat$zero(0xffffff9c, &(0x7f0000000440), 0x20142, 0x0) write$tcp_congestion(r0, 0x0, 0x0) [ 474.642072][ T6665] 140735437340672-18446744073709551615: 0000000000000000 03:33:20 executing program 0: r0 = openat$cuse(0xffffff9c, &(0x7f00000061c0), 0x2, 0x0) read$FUSE(r0, &(0x7f0000006240)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_ENTRY(r0, &(0x7f0000008280)={0x90, 0x8c508da88351c97a, r1}, 0x90) [ 474.789077][ T6665] Pass: 10302971 Run:10303112 [ 474.822300][ T6665] CPU: 0 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 [ 474.832157][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 474.842238][ T6665] Call Trace: [ 474.845537][ T6665] [ 474.848498][ T6665] dump_stack_lvl+0xd1/0x138 [ 474.853139][ T6665] mt_find.cold+0x8b/0x90 [ 474.857520][ T6665] ? mas_find+0x1d0/0x1d0 [ 474.861904][ T6665] find_vma+0x10c/0x1b0 [ 474.866100][ T6665] ? can_vma_merge_before+0x390/0x390 [ 474.871513][ T6665] ? walk_page_test+0x78/0x180 [ 474.876319][ T6665] walk_page_range+0x2b1/0x4a0 [ 474.881130][ T6665] ? __walk_page_range+0x780/0x780 [ 474.886292][ T6665] mlock_fixup+0x650/0x810 [ 474.890752][ T6665] apply_vma_lock_flags+0x23d/0x350 [ 474.895987][ T6665] ? mlock_fixup+0x810/0x810 [ 474.900622][ T6665] ? __ia32_sys_get_robust_list+0x400/0x400 [ 474.906550][ T6665] do_mlock+0x25a/0x6d0 [ 474.910740][ T6665] ? folio_evictable+0x270/0x270 [ 474.915722][ T6665] ? syscall_enter_from_user_mode+0x26/0xb0 [ 474.921643][ T6665] __x64_sys_mlock+0x59/0x80 [ 474.926253][ T6665] do_syscall_64+0x39/0xb0 [ 474.930707][ T6665] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 474.936624][ T6665] RIP: 0033:0x7fd3e6a8c0c9 [ 474.941057][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 474.960683][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 474.969114][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9 [ 474.977105][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000 [ 474.985091][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000 [ 474.993073][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 475.001056][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000 [ 475.009057][ T6665] [ 475.315025][ T6665] index not increased! 20ffb000 <= 20ffb000 [ 475.400433][ T6665] BUG at mt_find:6473 (1) [ 475.405012][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e [ 475.423306][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 475.485095][ T6665] 0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d [ 475.549645][ T6665] 0-536866815: 0000000000000000 [ 475.555038][ T6665] 536866816-536870911: ffff888022f0e0e0 [ 475.568556][ T6665] 536870912-553627647: ffff888022f0e1c0 [ 475.574641][ T6665] 553627648-553635839: 0000000000000000 [ 475.587671][ T6665] 553635840-553627647: ffff8880272dc9a0 [ 475.594162][ T6665] 553627648-553644031: ffff8880272dc8c0 [ 475.634383][ T6665] 553644032-553648127: ffff88807e16c7e0 [ 475.643517][ T6665] 553648128-553652223: ffff888022f0e2a0 [ 475.674618][ T6665] 553652224-116813594623: 0000000000000000 [ 475.684295][ T6665] 116813594624-116817788927: ffff888022f0e380 [ 475.700868][ T6665] 116817788928-93825002663935: 0000000000000000 [ 475.711874][ T6665] 93825002663936-93825002803199: ffff888022f0e460 [ 475.744245][ T6665] 93825002803200-140548063096831: 0000000000000000 [ 475.772743][ T6665] 140548063096832-140548063100927: ffff888022f0e540 [ 475.785997][ T6665] 140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d [ 475.916365][ T6665] 140548063100928-140548071489535: ffff888022f0e620 [ 475.923374][ T6665] 140548071489536-140548073586687: ffff888022f0e700 [ 475.997096][ T6665] 140548073586688-140548075683839: ffff888022f0e7e0 [ 476.004100][ T6665] 140548075683840-140548077780991: ffff888022f0e8c0 [ 476.067715][ T6665] 140548077780992-140548079878143: ffff888022f0e9a0 [ 476.074716][ T6665] 140548079878144-140548084072447: ffff888022f0ea80 [ 476.122937][ T6665] 140548084072448-140548084219903: ffff888022f0eb60 [ 476.156651][ T6665] 140548084219904-140548084948991: ffff888022f0ec40 [ 476.190876][ T6665] 140548084948992-140548085284863: ffff888022f0ed20 [ 476.208652][ T6665] 140548085284864-140548085288959: 0000000000000000 [ 476.215641][ T6665] 140548085288960-140548085653503: ffff888022f0ee00 [ 476.268628][ T6665] 140548085653504-140548085690367: ffff888022f0eee0 [ 476.275634][ T6665] 140548085690368-140548085710847: 0000000000000000 [ 476.321999][ T6665] 140548085710848-140548097556479: ffff88806b3de000 [ 476.352867][ T6665] 140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 476.547149][ T6665] 140548097556480-140548097601535: 0000000000000000 [ 476.596387][ T6665] 140548097601536-140548097605631: ffff88806b3de460 [ 476.603389][ T6665] 140548097605632-140548097736703: ffff88806b3de380 [ 476.646365][ T6665] 140548097736704-140735437164543: 0000000000000000 [ 476.696387][ T6665] 140735437164544-140735437299711: ffff88806b3de0e0 [ 476.703384][ T6665] 140735437299712-140735437316095: 0000000000000000 [ 476.797124][ T6665] 140735437316096-140735437332479: ffff88806b3de1c0 [ 476.856361][ T6665] 140735437332480-140735437340671: ffff88806b3de2a0 [ 476.863362][ T6665] 140735437340672-18446744073709551615: 0000000000000000 [ 476.919533][ T6665] Pass: 10322220 Run:10322362 [ 476.924252][ T6665] CPU: 0 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 [ 476.934084][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 476.944148][ T6665] Call Trace: [ 476.947434][ T6665] [ 476.950372][ T6665] dump_stack_lvl+0xd1/0x138 [ 476.955011][ T6665] mt_find.cold+0x8b/0x90 [ 476.959378][ T6665] ? mas_find+0x1d0/0x1d0 [ 476.963746][ T6665] find_vma+0x10c/0x1b0 [ 476.967927][ T6665] ? can_vma_merge_before+0x390/0x390 [ 476.973377][ T6665] ? walk_page_test+0x78/0x180 [ 476.978178][ T6665] walk_page_range+0x2b1/0x4a0 [ 476.982974][ T6665] ? __walk_page_range+0x780/0x780 [ 476.988127][ T6665] mlock_fixup+0x650/0x810 [ 476.992584][ T6665] apply_vma_lock_flags+0x23d/0x350 [ 476.997816][ T6665] ? mlock_fixup+0x810/0x810 [ 477.002448][ T6665] ? __ia32_sys_get_robust_list+0x400/0x400 [ 477.008375][ T6665] do_mlock+0x25a/0x6d0 [ 477.012562][ T6665] ? folio_evictable+0x270/0x270 [ 477.017539][ T6665] ? syscall_enter_from_user_mode+0x26/0xb0 [ 477.023460][ T6665] __x64_sys_mlock+0x59/0x80 [ 477.028064][ T6665] do_syscall_64+0x39/0xb0 [ 477.032511][ T6665] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 477.038427][ T6665] RIP: 0033:0x7fd3e6a8c0c9 [ 477.042856][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 477.062482][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 477.070910][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9 [ 477.078895][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000 [ 477.086879][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000 [ 477.094862][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 477.102844][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000 [ 477.110845][ T6665] [ 477.526404][ T6665] index not increased! 20ffb000 <= 20ffb000 [ 477.532352][ T6665] BUG at mt_find:6473 (1) [ 477.559191][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e [ 477.596493][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 477.786397][ T6665] 0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d [ 478.026397][ T6665] 0-536866815: 0000000000000000 [ 478.031669][ T6665] 536866816-536870911: ffff888022f0e0e0 [ 478.056389][ T6665] 536870912-553627647: ffff888022f0e1c0 [ 478.062341][ T6665] 553627648-553635839: 0000000000000000 [ 478.077684][ T6665] 553635840-553627647: ffff8880272dc9a0 [ 478.083638][ T6665] 553627648-553644031: ffff8880272dc8c0 [ 478.131705][ T6665] 553644032-553648127: ffff88807e16c7e0 [ 478.146351][ T6665] 553648128-553652223: ffff888022f0e2a0 [ 478.152292][ T6665] 553652224-116813594623: 0000000000000000 [ 478.170213][ T6665] 116813594624-116817788927: ffff888022f0e380 [ 478.179708][ T6665] 116817788928-93825002663935: 0000000000000000 [ 478.187894][ T6665] 93825002663936-93825002803199: ffff888022f0e460 [ 478.197236][ T6665] 93825002803200-140548063096831: 0000000000000000 [ 478.204134][ T6665] 140548063096832-140548063100927: ffff888022f0e540 [ 478.226771][ T6665] 140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d [ 478.336782][ T6665] 140548063100928-140548071489535: ffff888022f0e620 [ 478.343778][ T6665] 140548071489536-140548073586687: ffff888022f0e700 [ 478.350923][ T6665] 140548073586688-140548075683839: ffff888022f0e7e0 [ 478.366378][ T6665] 140548075683840-140548077780991: ffff888022f0e8c0 [ 478.373364][ T6665] 140548077780992-140548079878143: ffff888022f0e9a0 [ 478.380447][ T6665] 140548079878144-140548084072447: ffff888022f0ea80 [ 478.415331][ T6665] 140548084072448-140548084219903: ffff888022f0eb60 [ 478.455686][ T6665] 140548084219904-140548084948991: ffff888022f0ec40 [ 478.476701][ T6665] 140548084948992-140548085284863: ffff888022f0ed20 [ 478.483739][ T6665] 140548085284864-140548085288959: 0000000000000000 [ 478.536360][ T6665] 140548085288960-140548085653503: ffff888022f0ee00 [ 478.543793][ T6665] 140548085653504-140548085690367: ffff888022f0eee0 [ 478.564238][ T6665] 140548085690368-140548085710847: 0000000000000000 [ 478.596408][ T6665] 140548085710848-140548097556479: ffff88806b3de000 [ 478.614055][ T6665] 140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 478.697749][ T6665] 140548097556480-140548097601535: 0000000000000000 [ 478.704972][ T6665] 140548097601536-140548097605631: ffff88806b3de460 [ 478.745717][ T6665] 140548097605632-140548097736703: ffff88806b3de380 [ 478.776276][ T6665] 140548097736704-140735437164543: 0000000000000000 [ 478.783512][ T6665] 140735437164544-140735437299711: ffff88806b3de0e0 [ 478.803427][ T6665] 140735437299712-140735437316095: 0000000000000000 [ 478.831968][ T6665] 140735437316096-140735437332479: ffff88806b3de1c0 [ 478.843594][ T6665] 140735437332480-140735437340671: ffff88806b3de2a0 [ 478.856451][ T6665] 140735437340672-18446744073709551615: 0000000000000000 [ 478.863866][ T6665] Pass: 10340926 Run:10341069 [ 478.920985][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 [ 478.930839][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 478.940920][ T6665] Call Trace: [ 478.944223][ T6665] [ 478.947179][ T6665] dump_stack_lvl+0xd1/0x138 [ 478.951818][ T6665] mt_find.cold+0x8b/0x90 [ 478.956192][ T6665] ? mas_find+0x1d0/0x1d0 [ 478.960572][ T6665] find_vma+0x10c/0x1b0 [ 478.964772][ T6665] ? can_vma_merge_before+0x390/0x390 [ 478.970183][ T6665] ? walk_page_test+0x78/0x180 [ 478.974988][ T6665] walk_page_range+0x2b1/0x4a0 [ 478.979806][ T6665] ? __walk_page_range+0x780/0x780 [ 478.984997][ T6665] mlock_fixup+0x650/0x810 [ 478.989479][ T6665] apply_vma_lock_flags+0x23d/0x350 [ 478.994732][ T6665] ? mlock_fixup+0x810/0x810 [ 478.999391][ T6665] ? __ia32_sys_get_robust_list+0x400/0x400 [ 479.005336][ T6665] do_mlock+0x25a/0x6d0 [ 479.009545][ T6665] ? folio_evictable+0x270/0x270 [ 479.014556][ T6665] ? syscall_enter_from_user_mode+0x26/0xb0 [ 479.020502][ T6665] __x64_sys_mlock+0x59/0x80 [ 479.025133][ T6665] do_syscall_64+0x39/0xb0 [ 479.029602][ T6665] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 479.035535][ T6665] RIP: 0033:0x7fd3e6a8c0c9 [ 479.039980][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 479.059634][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 479.068089][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9 [ 479.076180][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000 [ 479.084181][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000 [ 479.092183][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 479.100180][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000 [ 479.108200][ T6665] [ 479.416059][ T6665] index not increased! 20ffb000 <= 20ffb000 [ 479.422040][ T6665] BUG at mt_find:6473 (1) [ 479.456337][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e [ 479.464795][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 479.546455][ T6665] 0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d [ 479.646389][ T6665] 0-536866815: 0000000000000000 [ 479.651650][ T6665] 536866816-536870911: ffff888022f0e0e0 [ 479.676460][ T6665] 536870912-553627647: ffff888022f0e1c0 [ 479.682409][ T6665] 553627648-553635839: 0000000000000000 [ 479.707945][ T6665] 553635840-553627647: ffff8880272dc9a0 [ 479.713892][ T6665] 553627648-553644031: ffff8880272dc8c0 [ 479.745111][ T6665] 553644032-553648127: ffff88807e16c7e0 [ 479.766401][ T6665] 553648128-553652223: ffff888022f0e2a0 [ 479.772380][ T6665] 553652224-116813594623: 0000000000000000 [ 479.796408][ T6665] 116813594624-116817788927: ffff888022f0e380 [ 479.802869][ T6665] 116817788928-93825002663935: 0000000000000000 [ 479.826351][ T6665] 93825002663936-93825002803199: ffff888022f0e460 [ 479.833922][ T6665] 93825002803200-140548063096831: 0000000000000000 [ 479.876339][ T6665] 140548063096832-140548063100927: ffff888022f0e540 [ 479.883332][ T6665] 140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d [ 480.036350][ T6665] 140548063100928-140548071489535: ffff888022f0e620 [ 480.044160][ T6665] 140548071489536-140548073586687: ffff888022f0e700 [ 480.076483][ T6665] 140548073586688-140548075683839: ffff888022f0e7e0 [ 480.106356][ T6665] 140548075683840-140548077780991: ffff888022f0e8c0 [ 480.113355][ T6665] 140548077780992-140548079878143: ffff888022f0e9a0 [ 480.136385][ T6665] 140548079878144-140548084072447: ffff888022f0ea80 [ 480.144571][ T6665] 140548084072448-140548084219903: ffff888022f0eb60 [ 480.176351][ T6665] 140548084219904-140548084948991: ffff888022f0ec40 [ 480.183337][ T6665] 140548084948992-140548085284863: ffff888022f0ed20 [ 480.206458][ T6665] 140548085284864-140548085288959: 0000000000000000 [ 480.213451][ T6665] 140548085288960-140548085653503: ffff888022f0ee00 [ 480.246489][ T6665] 140548085653504-140548085690367: ffff888022f0eee0 [ 480.253692][ T6665] 140548085690368-140548085710847: 0000000000000000 [ 480.286556][ T6665] 140548085710848-140548097556479: ffff88806b3de000 [ 480.293550][ T6665] 140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 480.426405][ T6665] 140548097556480-140548097601535: 0000000000000000 [ 480.433412][ T6665] 140548097601536-140548097605631: ffff88806b3de460 [ 480.451558][ T6665] 140548097605632-140548097736703: ffff88806b3de380 [ 480.476784][ T6665] 140548097736704-140735437164543: 0000000000000000 [ 480.483767][ T6665] 140735437164544-140735437299711: ffff88806b3de0e0 [ 480.526479][ T6665] 140735437299712-140735437316095: 0000000000000000 [ 480.533467][ T6665] 140735437316096-140735437332479: ffff88806b3de1c0 [ 480.566343][ T6665] 140735437332480-140735437340671: ffff88806b3de2a0 [ 480.573327][ T6665] 140735437340672-18446744073709551615: 0000000000000000 [ 480.606384][ T6665] Pass: 10349671 Run:10349815 [ 480.611090][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 [ 480.620923][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 480.631002][ T6665] Call Trace: [ 480.634299][ T6665] [ 480.637250][ T6665] dump_stack_lvl+0xd1/0x138 [ 480.641890][ T6665] mt_find.cold+0x8b/0x90 [ 480.646269][ T6665] ? mas_find+0x1d0/0x1d0 [ 480.650647][ T6665] find_vma+0x10c/0x1b0 [ 480.654836][ T6665] ? can_vma_merge_before+0x390/0x390 [ 480.660250][ T6665] ? walk_page_test+0x78/0x180 [ 480.665054][ T6665] walk_page_range+0x2b1/0x4a0 [ 480.669861][ T6665] ? __walk_page_range+0x780/0x780 [ 480.675039][ T6665] mlock_fixup+0x650/0x810 [ 480.679519][ T6665] apply_vma_lock_flags+0x23d/0x350 [ 480.684774][ T6665] ? mlock_fixup+0x810/0x810 [ 480.689425][ T6665] ? __ia32_sys_get_robust_list+0x400/0x400 [ 480.695366][ T6665] do_mlock+0x25a/0x6d0 [ 480.699578][ T6665] ? folio_evictable+0x270/0x270 [ 480.704577][ T6665] ? syscall_enter_from_user_mode+0x26/0xb0 [ 480.710517][ T6665] __x64_sys_mlock+0x59/0x80 [ 480.715137][ T6665] do_syscall_64+0x39/0xb0 [ 480.719603][ T6665] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 480.725530][ T6665] RIP: 0033:0x7fd3e6a8c0c9 [ 480.729968][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 480.749614][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 480.758063][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9 [ 480.766065][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000 [ 480.774061][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000 [ 480.782142][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 480.790137][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000 [ 480.798159][ T6665] [ 480.849079][ T6665] index not increased! 20ffb000 <= 20ffb000 [ 480.855010][ T6665] BUG at mt_find:6473 (1) [ 480.866617][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e [ 480.875119][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 480.937972][ T6665] 0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d [ 481.015652][ T6665] 0-536866815: 0000000000000000 [ 481.023337][ T6665] 536866816-536870911: ffff888022f0e0e0 [ 481.029707][ T6665] 536870912-553627647: ffff888022f0e1c0 [ 481.035653][ T6665] 553627648-553635839: 0000000000000000 [ 481.042204][ T6665] 553635840-553627647: ffff8880272dc9a0 [ 481.048490][ T6665] 553627648-553644031: ffff8880272dc8c0 [ 481.054440][ T6665] 553644032-553648127: ffff88807e16c7e0 [ 481.060743][ T6665] 553648128-553652223: ffff888022f0e2a0 [ 481.071116][ T6665] 553652224-116813594623: 0000000000000000 [ 481.077655][ T6665] 116813594624-116817788927: ffff888022f0e380 [ 481.084116][ T6665] 116817788928-93825002663935: 0000000000000000 [ 481.091335][ T6665] 93825002663936-93825002803199: ffff888022f0e460 [ 481.098428][ T6665] 93825002803200-140548063096831: 0000000000000000 [ 481.105497][ T6665] 140548063096832-140548063100927: ffff888022f0e540 [ 481.112900][ T6665] 140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d [ 481.196444][ T6665] 140548063100928-140548071489535: ffff888022f0e620 [ 481.203443][ T6665] 140548071489536-140548073586687: ffff888022f0e700 [ 481.216370][ T6665] 140548073586688-140548075683839: ffff888022f0e7e0 [ 481.223625][ T6665] 140548075683840-140548077780991: ffff888022f0e8c0 [ 481.236355][ T6665] 140548077780992-140548079878143: ffff888022f0e9a0 [ 481.243340][ T6665] 140548079878144-140548084072447: ffff888022f0ea80 [ 481.268585][ T6665] 140548084072448-140548084219903: ffff888022f0eb60 [ 481.275578][ T6665] 140548084219904-140548084948991: ffff888022f0ec40 [ 481.284269][ T6665] 140548084948992-140548085284863: ffff888022f0ed20 [ 481.297127][ T6665] 140548085284864-140548085288959: 0000000000000000 [ 481.304113][ T6665] 140548085288960-140548085653503: ffff888022f0ee00 [ 481.326390][ T6665] 140548085653504-140548085690367: ffff888022f0eee0 [ 481.333380][ T6665] 140548085690368-140548085710847: 0000000000000000 [ 481.365588][ T6665] 140548085710848-140548097556479: ffff88806b3de000 [ 481.391765][ T6665] 140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 481.459039][ T6665] 140548097556480-140548097601535: 0000000000000000 [ 481.466026][ T6665] 140548097601536-140548097605631: ffff88806b3de460 [ 481.484496][ T6665] 140548097605632-140548097736703: ffff88806b3de380 [ 481.506835][ T6665] 140548097736704-140735437164543: 0000000000000000 [ 481.513821][ T6665] 140735437164544-140735437299711: ffff88806b3de0e0 [ 481.536338][ T6665] 140735437299712-140735437316095: 0000000000000000 [ 481.543325][ T6665] 140735437316096-140735437332479: ffff88806b3de1c0 [ 481.571280][ T6665] 140735437332480-140735437340671: ffff88806b3de2a0 [ 481.586443][ T6665] 140735437340672-18446744073709551615: 0000000000000000 [ 481.598545][ T6665] Pass: 10353685 Run:10353830 [ 481.606408][ T6665] CPU: 0 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 [ 481.616258][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 481.626338][ T6665] Call Trace: [ 481.629640][ T6665] [ 481.632592][ T6665] dump_stack_lvl+0xd1/0x138 [ 481.637234][ T6665] mt_find.cold+0x8b/0x90 [ 481.641607][ T6665] ? mas_find+0x1d0/0x1d0 [ 481.645992][ T6665] find_vma+0x10c/0x1b0 [ 481.650179][ T6665] ? can_vma_merge_before+0x390/0x390 [ 481.655588][ T6665] ? walk_page_test+0x78/0x180 [ 481.660396][ T6665] walk_page_range+0x2b1/0x4a0 [ 481.665210][ T6665] ? __walk_page_range+0x780/0x780 [ 481.670382][ T6665] mlock_fixup+0x650/0x810 [ 481.674864][ T6665] apply_vma_lock_flags+0x23d/0x350 [ 481.680115][ T6665] ? mlock_fixup+0x810/0x810 [ 481.684772][ T6665] ? __ia32_sys_get_robust_list+0x400/0x400 [ 481.690715][ T6665] do_mlock+0x25a/0x6d0 [ 481.694921][ T6665] ? folio_evictable+0x270/0x270 [ 481.699916][ T6665] ? syscall_enter_from_user_mode+0x26/0xb0 [ 481.705854][ T6665] __x64_sys_mlock+0x59/0x80 [ 481.710474][ T6665] do_syscall_64+0x39/0xb0 [ 481.714940][ T6665] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 481.720872][ T6665] RIP: 0033:0x7fd3e6a8c0c9 [ 481.725328][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 481.744969][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 481.753416][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9 [ 481.761416][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000 [ 481.769416][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000 [ 481.777415][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 481.785415][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000 [ 481.793443][ T6665] [ 481.809053][ T6665] index not increased! 20ffb000 <= 20ffb000 [ 481.814982][ T6665] BUG at mt_find:6473 (1) [ 481.819424][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e [ 481.829369][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 481.866876][ T6665] 0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d [ 481.920385][ T6665] 0-536866815: 0000000000000000 [ 481.925649][ T6665] 536866816-536870911: ffff888022f0e0e0 [ 481.932020][ T6665] 536870912-553627647: ffff888022f0e1c0 [ 481.938228][ T6665] 553627648-553635839: 0000000000000000 [ 481.944201][ T6665] 553635840-553627647: ffff8880272dc9a0 [ 481.950480][ T6665] 553627648-553644031: ffff8880272dc8c0 [ 481.956542][ T6665] 553644032-553648127: ffff88807e16c7e0 [ 481.962591][ T6665] 553648128-553652223: ffff888022f0e2a0 [ 481.972052][ T6665] 553652224-116813594623: 0000000000000000 [ 481.984908][ T6665] 116813594624-116817788927: ffff888022f0e380 [ 481.991874][ T6665] 116817788928-93825002663935: 0000000000000000 [ 481.998960][ T6665] 93825002663936-93825002803199: ffff888022f0e460 [ 482.005768][ T6665] 93825002803200-140548063096831: 0000000000000000 [ 482.013755][ T6665] 140548063096832-140548063100927: ffff888022f0e540 [ 482.021067][ T6665] 140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d [ 482.081061][ T6665] 140548063100928-140548071489535: ffff888022f0e620 [ 482.090304][ T6665] 140548071489536-140548073586687: ffff888022f0e700 [ 482.097598][ T6665] 140548073586688-140548075683839: ffff888022f0e7e0 [ 482.104694][ T6665] 140548075683840-140548077780991: ffff888022f0e8c0 [ 482.116231][ T6665] 140548077780992-140548079878143: ffff888022f0e9a0 [ 482.123430][ T6665] 140548079878144-140548084072447: ffff888022f0ea80 [ 482.142633][ T6665] 140548084072448-140548084219903: ffff888022f0eb60 [ 482.149741][ T6665] 140548084219904-140548084948991: ffff888022f0ec40 [ 482.156877][ T6665] 140548084948992-140548085284863: ffff888022f0ed20 [ 482.163886][ T6665] 140548085284864-140548085288959: 0000000000000000 [ 482.171025][ T6665] 140548085288960-140548085653503: ffff888022f0ee00 [ 482.178149][ T6665] 140548085653504-140548085690367: ffff888022f0eee0 [ 482.185159][ T6665] 140548085690368-140548085710847: 0000000000000000 [ 482.204507][ T6665] 140548085710848-140548097556479: ffff88806b3de000 [ 482.214296][ T6665] 140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 482.276188][ T6665] 140548097556480-140548097601535: 0000000000000000 [ 482.283327][ T6665] 140548097601536-140548097605631: ffff88806b3de460 [ 482.293090][ T6665] 140548097605632-140548097736703: ffff88806b3de380 [ 482.300232][ T6665] 140548097736704-140735437164543: 0000000000000000 [ 482.308786][ T6665] 140735437164544-140735437299711: ffff88806b3de0e0 [ 482.315884][ T6665] 140735437299712-140735437316095: 0000000000000000 [ 482.333533][ T6665] 140735437316096-140735437332479: ffff88806b3de1c0 [ 482.344842][ T6665] 140735437332480-140735437340671: ffff88806b3de2a0 [ 482.357547][ T6665] 140735437340672-18446744073709551615: 0000000000000000 [ 482.364969][ T6665] Pass: 10355328 Run:10355474 [ 482.376357][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 [ 482.386197][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 482.396277][ T6665] Call Trace: [ 482.399574][ T6665] [ 482.402524][ T6665] dump_stack_lvl+0xd1/0x138 [ 482.407156][ T6665] mt_find.cold+0x8b/0x90 [ 482.411521][ T6665] ? mas_find+0x1d0/0x1d0 [ 482.415903][ T6665] find_vma+0x10c/0x1b0 [ 482.420093][ T6665] ? can_vma_merge_before+0x390/0x390 [ 482.425502][ T6665] ? walk_page_test+0x78/0x180 [ 482.430308][ T6665] walk_page_range+0x2b1/0x4a0 [ 482.435121][ T6665] ? __walk_page_range+0x780/0x780 [ 482.440289][ T6665] mlock_fixup+0x650/0x810 [ 482.444763][ T6665] apply_vma_lock_flags+0x23d/0x350 [ 482.450009][ T6665] ? mlock_fixup+0x810/0x810 [ 482.454647][ T6665] ? __ia32_sys_get_robust_list+0x400/0x400 [ 482.460572][ T6665] do_mlock+0x25a/0x6d0 [ 482.464765][ T6665] ? folio_evictable+0x270/0x270 [ 482.469747][ T6665] ? syscall_enter_from_user_mode+0x26/0xb0 [ 482.475675][ T6665] __x64_sys_mlock+0x59/0x80 [ 482.480292][ T6665] do_syscall_64+0x39/0xb0 [ 482.484749][ T6665] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 482.490676][ T6665] RIP: 0033:0x7fd3e6a8c0c9 [ 482.495110][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 482.514737][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 482.523169][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9 [ 482.531158][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000 [ 482.539144][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000 [ 482.547130][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 482.555118][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000 [ 482.563126][ T6665] [ 482.631951][ T6665] index not increased! 20ffb000 <= 20ffb000 [ 482.642616][ T6665] BUG at mt_find:6473 (1) [ 482.656428][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e [ 482.664887][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 482.726470][ T6665] 0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d [ 482.781632][ T6665] 0-536866815: 0000000000000000 [ 482.787233][ T6665] 536866816-536870911: ffff888022f0e0e0 [ 482.793181][ T6665] 536870912-553627647: ffff888022f0e1c0 [ 482.799509][ T6665] 553627648-553635839: 0000000000000000 [ 482.807108][ T6665] 553635840-553627647: ffff8880272dc9a0 [ 482.813061][ T6665] 553627648-553644031: ffff8880272dc8c0 [ 482.819559][ T6665] 553644032-553648127: ffff88807e16c7e0 [ 482.826671][ T6665] 553648128-553652223: ffff888022f0e2a0 03:33:28 executing program 0: openat$cgroup_root(0xffffff9c, &(0x7f0000000280)='./cgroup/syz0\x00', 0x200002, 0x0) 03:33:28 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_icmp_ICMP_FILTER(r0, 0x1, 0x1, &(0x7f0000000000)={0x8}, 0x4) 03:33:28 executing program 2: r0 = openat$cuse(0xffffff9c, &(0x7f0000004780), 0x2, 0x0) read$FUSE(r0, &(0x7f0000000000)={0x2020}, 0x2020) 03:33:28 executing program 1: r0 = openat$ptp0(0xffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$PTP_PIN_GETFUNC2(r0, 0xc0603d0f, 0x0) 03:33:28 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000280)=@gcm_128={{}, "f32a61d0875b4401", "4842c7a088e2103470ed2a8ea4b2493e", "f5a73d13", "dcf432b971804ba1"}, 0x28) 03:33:28 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000700)={'batadv0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000000)="99e3977cf877cc52d34687880800", 0x36, 0x0, &(0x7f00000000c0)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @remote}, 0x14) [ 482.832620][ T6665] 553652224-116813594623: 0000000000000000 [ 482.839366][ T6665] 116813594624-116817788927: ffff888022f0e380 [ 482.845830][ T6665] 116817788928-93825002663935: 0000000000000000 [ 482.853576][ T6665] 93825002663936-93825002803199: ffff888022f0e460 [ 482.869256][ T6665] 93825002803200-140548063096831: 0000000000000000 03:33:28 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r0, &(0x7f0000000440)={&(0x7f0000000380), 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x14}, 0x200003d4}}, 0x0) [ 482.895322][ T6665] 140548063096832-140548063100927: ffff888022f0e540 03:33:28 executing program 2: r0 = openat$cuse(0xffffff9c, &(0x7f0000004780), 0x2, 0x0) read$FUSE(r0, &(0x7f0000000000)={0x2020}, 0x2020) 03:33:28 executing program 0: r0 = openat$ptp0(0xffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$PTP_PIN_SETFUNC(r0, 0x40603d07, &(0x7f00000000c0)) [ 482.946403][ T6665] 140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d 03:33:28 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f0000002b00)={0x0, 0x0, &(0x7f0000002ac0)={&(0x7f0000000100)={0xef8, 0x0, 0x0, 0x0, 0x0, {}, [@ETHTOOL_A_FEATURES_WANTED={0xee4, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x160, 0x3, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}]}, {0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x800}, @ETHTOOL_A_BITSET_BIT_NAME={0xb, 0x2, '{#-\\#^\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_NAME={0x16, 0x2, './cgroup.cpu/syz0\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8000}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x400}]}, {0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x16, 0x2, './cgroup.cpu/syz0\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}, @ETHTOOL_A_BITSET_BIT_NAME={0x16, 0x2, './cgroup.cpu/syz0\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, '%+\\\x00'}]}, {0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x24}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x13, 0x2, '[%\'*-],\x96^#)\x90^/\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7fff}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xe1f9}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}]}, {0x10, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}, @ETHTOOL_A_BITSET_BIT_NAME={0x16, 0x2, './cgroup.cpu/syz0\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x9}]}, {0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '-\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}]}, @ETHTOOL_A_BITSET_VALUE={0x5, 0x4, "d1"}, @ETHTOOL_A_BITSET_VALUE={0xd78, 0x4, "b99c34fc2f28e2a4305bfbad32682e2b97016f6bff5b805062abf0b7821b080fe1b1922e5e7f017a3aae419aa84bbd0aa3556638cafcc8a929c33a3f60a563b9fe0780764da2e9d44a80099fb38c1f171bc98ccaa79acabade35e2c2dd16cfa53939f327a3b998b2e915ed43f847ce75ccdf42d8776f785956457d5e272c1e644f8ede252d5b99af470d2d1880ae2d1854d9c8217e3b5c9abe98f7336cee510b656ed60b83b18e1bab9d24b617831297b16056690e20374406cfbcc2be99f9c5936f935810ee3a3c1c9d66420f8ee2f5b4fdb5ff1382b1d30ac14430dd65a499172ded84b1ebce621e2915f4bbc484d02a4b2eb39f23dc3811d411bbba61226875d86ac33a7a0d0cf9a2a98bed397cdd4cee3a8f8b6da11382226f5cdd3ce6f0cb1f8584df1b6b4c9c712576ded85c9459c9fbd30a1b8ad1c2fa5ae9c0fed45a72440f4bbbec4505a32d75656d738fb584ed2d0405ffb2564b7875d5e83d1b12953eef92cb9ddb956441d9846511227b655588f5b08569b21ae09d17dee18def6b0b01da06fca80e35b2a347205384314249616e14a99186eb3694f7bb8a747015bd54f3878c12f4d9660f54b7a5a2d3e5b0aa6b528dd12d379642c41bc3382db05678570cb765e5430079f8abe87f2b79c254534fb19c5e4ba131bb4656c012b12ed3bbd3bbfa5f88bd5835dff67e5175874be92a1aa7914fd4f16e305a53742b5149ea2903881dd382c028548f28ce5716db2000cbcf0a7bf49479399460709af8087eb4f8d332b871881b419d7e11e4b7578a96a65e85e7b96410957249161d9b93944fcaddd916d9933239c7530bca4e6c815d6fc346d73852158df76f4952b8ea5c2de8a4e2b14625a83e1669b21305aaeeed4cee3e4155f85ba06d21032cf784e775b1ffa3605b7a45629beb3045d244ccd7cea5d2d26ff103ed840d8338c3bfae11fd7ddc06f5d54884dba18f39a187fc8e5147f02abc29ed6a874bdb0cd8d74d24ea3fba4224da3b0bea39050cf32fefc78410bb2ac15ea024c94dceb957e882aee861e46b78bab16a736f15eb7a5052f62f55b8f880f1c4243101e3c04b93cf9bb836532f738a08f243f105d581bb580a60478fed90457ec24e54bc3dea6eeb0f3b07eca7e236a3071b89156e4ff81c0065cbddf4fca26680e637953ed23b087565087daefdad1fd51a4274624c4e33b72b03eead28954e945c2fc9e33412a7fc6b7bbce980c33f4f09d5bc378d4776cacefc260521a303e4240735d19989890a58998baf66ccd733fc027bcd27cb8f02ff82c29eba453a4337f55e75551d00b81cd349ff47d45e777c3a917165c7c4adc353c9547ccbbe869fed37cd2833539969e7ab3203418eff8c02b03195ce88d38d9c5a9adf3bb91c99daa5110ece35eb6f93456ece097ff4a9fb90181bc6fc2c406f4d1b0070753bdee384d3406ed7df09242f1f08d4a86ac604e6936ab7e65c6de66dea7237a6cc2a70a25c4ed9c70f70468b8f6688f0674279ce7e923dbd9cac9a538ed89d7dfac82e3a43420acbd7fac5539a4c32815cff37ac1d8abc66231df657519f6bdd79298e6dc5ab3677364049d6716e50eaddbc2a87dfbf551372cb76f7b17dfafdd4b07a70b4400bfc6e9d00b4978d3ce5a06236ecec2923202f68de8144147761497d13201660bb1b59e0d8999c32ec7e029742c0ade2d77b707b62ab81515d6256e6c68c4a5cc2f4ad51a60410792409d4ef51013c7817209f88a828012b5fe2fc21902ea8b57c433ad331fdb615249e5408c9207755daa503914265b45fd2f603012c3353d7c9d7f9a91c7642f048f450dd6d1d255a3cfc2926fa4eec49f53e30b5a210bf6bb8dbd19c282892c4ad4390052f7c968b3ea04b1f2c714dee07acbab51132256615eca6fe9106cc488907f069de1ab5949401fb2db3bed38b1157b25de2f8f8b159571f597026cbdca85d216b2f64ef800341d87ed03767b6ed1338327868714eaa654e79b81dd9e82101195dc5e8c0ad5d0b62397af5b139f3bdcbd8f875be2831988538e58c7ef1344d7c8cf1756d659473465ccf85c1318080da326126f5bf89d3e7eb384c2c4491ac6b2ca3fd1992d28cc2a977ac26b47d082edc25239ac60121793914588fcd0293defe9c5d5674457e42bd95d0b7fb4f68d54a663f75945692c1d7da41ad89bd4a733e939e991b9c779b4c7370f20eaece943e143a4658add66610d12d522dd8f4cb3266d3a58df38b696ef6c208ce7dcadc6aab408a64c02910df659a3f566efb56b545294dec62412d154bac063cbdc4e5d4edb15a236b730b1f5dd3c6a7347c1eb6437662af97b6c505c65b9803827588920e8bb2c84813b21e0a5f9eefa65455b100f7fbaf0c4711e8cd46f576651cca4798092aca783506278d1542e3bb4fbc038415ff7a8f54b67c90372ce9cfae760bf9b721a3ddcab3903340f4121b5e3d05b941e54bd2fc9f5de3e9ca2641655ce69c583e258e4029c35d0f3962991e6b64c8114cbee6318a58ba586c072f4b10f21fb2be118f9f5e1b563102a47a5100180b13214c0fc60e24825b930aeb143139cadefa5b104ac9425183ea161883bee64050b25e794d5e0e39d358b10fd5165b610f8922d02d5e9b6bacd82d6cd2d2a68a2296650ac4bb534419f9124d72fd82e9990117c45ceb498b8e9c4f310ea153f2130c961f9499066d491cbbe66432c0c702e11a8b6852ed2e581f4547127bb70fa417f0699432de8f574ea59c610a67e4265d119cb245a2ee998e7f7e5686a9614d9dbfcc7362b9e660a1533b6ead9ffb7cc758d2aeae26a25b13d547f11aa56fe83825e5b54884c89af6e1265491b66e2b8f90b02176587abcd2ec285ac321cf5c059b31f07aa4b90f492d2065f664da863a7e566c6a6fe4384aa055abd702678c175285d6fc2da1186383255583623f01d3ab20f6b24770aea024b65740d437e470cde8d2f341ee7838671f465fe30adb16b480f3877266c9a05a44eed3b2b9b783cea013ebf46b23a82796421d39e600b6edf7cc9b9694f1a3b75cc1b0912182b49d8f5fa95fba7e9d4b1dc54db68d386bba6c86a56b33bf77f5b0b19798946d90d5a6f5d649b036269d10237d26f89a09d81a7a739779cfadbca1f21750903212c053c9c8914ff5d54c44642a745abb710832d892bf8cac08d6d05925f1165e2c5e0f97b374823b5f954acf83283122b1803897d452e3668a9c357c0591ad69da9cd7c20a439e70323708f3a15b2bfa277dd0371807b9fbf2057ddd687b7ad901c9d30de9faa61122194fccb6d1b98930f51c39672f6d952b7fe1625a3da3254ca6a8c05495303ad5e28a123ddd2c7509fe0d1196515028dbd1858bab27f55799fde60a4b41cbd3d1cfa655e0f36477c8136dff2f41256ec72279965b294c084dc6b406f01df228fc8ecc8dfb7a6f1cdec4e758a2fbe3a494b5cfdcab8e064097e408cb94df3e8b7186cac70cf8a71d8f6003049041f688639370e2ca08498fff139cd6cdb8b172e1fb2e9e7500e9914ad61c3f13541fec44065be6b71d876751919dccde0009a968ef3a0219ecf4f879b7c76285e1cda181a6a7c68792cd48131b146b7564a9320c27fe3fe3eab80b7b774f1d65f9dc2defb18e8f9c03a9c8b9f4f133f0fe685b4f2d732a7d64f74132d47781348b56bae6690b697126baf1ae15aa65bd2fca637651d37318c96833b5fdc71e18ce510326fd3c4d340d3a31113bef87b650609a55fb367cef86ae2fd5f06a507a2f7a1574267a7e58487f7cca4eea692dd05a89f1ec77fdf99a2a20b36ebd664d61cc924db2e50c61325fe0e9c697db9990731b0cb3fc2fbfb5691df517d78f3dfba8dfe6b6759e79c6af2bec3074eef8fc649eb0f9d68e1bb008007cf6df376c62a9552a3ebcdf3097839e2fd936c59ecdd2bc3762cca89c4456f221be17423811c0809f19a0d29bae5a84cd1fac9dab3518f43f91ca25ed7f2cd7212e968703ef3457efad19158f731ccacbce4117aeb5efb2793315b903f7be1ad1eccc83f37dab71311f86981c93c324a0416c2bf6b6c7b64f31398e91a3486c72e6ac7fb7a1965500accdd904c53243cf8cc0d261b73e843b2ff1dea95f0862afe172078f6f4b539fd3d99ff7695fb0f9a9fd534b21409d2fc3f2315012d2af72e78752999a658508d34ed23a9cbf76c65c2e11fc7e9ca274d7c523ea8ea869dff6d72e2deab84eec923ea857b40c031adc2222d008ce7aaf8d0c5691de3e783f5a30a3301e6a2cc0299031b768b855c630fcd0555e8aa5e3f6ccb7599fb361631732d8c181726772073f7836a385edd72989ab22779d320769e0adca43cceae5d1233ddfa2bd7b88b074952d360e2beabd04643fb46216521d4c8f16790566a1e80d556ccda133b9d419ccd68a5e10ab6eb9ab84fc2713606b22a085108c3cdb67a3f10dc457485cf7f7c0205fec5c87865222e461d3a27cffecb0c3bcd0adbb1ea926cb3ee42d36c9be8de25228c256a0146306f7ca9a8112fe5604efaa9284702b31dfa2db27073a2c64570a0480c41c4c448164fedcd6dc46679ba3d075748e7a46e04e81c3a0b125f93124bfb9a4ce7e8d7e8d840e4a230e2d2e05e4e2f4852d9c524b1e43a02a0c649e105a08c629c45d738aa75c19372789cbe1896cc484974a3222f1d758c9032deab9809c27fbf3cb69349d7f1a6e36fe2ea0c07b04afb8c7a7ca5684e87c0859737a6eb81a59bf1c3944406e755e3e904535368b22caf571c6e9098c540ffd7c2699183540d8aeab223f8ad996857db5112c7d7fcec2b1f2bc457dc62d013ebd4edf94595c88054f2625b997d9261ce53f4d360d8a1e0e551118b9c24f96157c24df879c7cfc3658"}]}]}, 0xef8}, 0x1, 0x0, 0x0, 0x4004}, 0x20048854) 03:33:28 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_SET_VLAN(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB='.\x00\x00\x00', @ANYRES16, @ANYBLOB="01"], 0x3c}}, 0x0) 03:33:28 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r0, 0x89f8, &(0x7f0000000100)={'gre0\x00', &(0x7f0000000000)={'ip_vti0\x00', 0x0, 0x0, 0x7800, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @multicast1}}}}) 03:33:28 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000700)={'batadv0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000000)="99e3977cf877cc52d34687880800", 0x36, 0x0, &(0x7f00000000c0)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @remote}, 0x14) 03:33:28 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, r1, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x1c}}, 0x0) 03:33:28 executing program 4: ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x2) r0 = openat$loop_ctrl(0xffffff9c, &(0x7f0000000000), 0x300, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000040)={0x2020}, 0x2020) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 03:33:28 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={0x0}}, 0x0) 03:33:28 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000700)={'batadv0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000000)="99e3977cf877cc52d34687880800", 0x36, 0x0, &(0x7f00000000c0)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @remote}, 0x14) 03:33:28 executing program 3: r0 = openat$ptp0(0xffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$PTP_PEROUT_REQUEST2(r0, 0x40383d0c, &(0x7f0000000080)) 03:33:28 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$sock_timeval(r0, 0x1, 0x15, 0x0, &(0x7f0000000140)) [ 483.202562][ T6665] 140548063100928-140548071489535: ffff888022f0e620 03:33:28 executing program 4: openat$ptp0(0xffffff9c, &(0x7f0000000040), 0x0, 0x0) socketpair(0x0, 0x0, 0x0, &(0x7f00000002c0)) 03:33:28 executing program 2: syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)="28614548aaa5cba3e85aa008dca8454ec44f7b598c3a6e317069f70ec5d81d6ba643cd9e0bf95bd8b294618c6c3b709568386dd61a685d1634544c34bfcf774aec822f038ce2fec77234d502893fc58266d482b0cc36de784a29d9de74825f32a6e47a2d85951e4ed26d011676a84976f7413ca48980e9086061b6864a0df9e508333cbd26de5b171ba7fae1f05c7d273a2d") [ 483.261294][ T6665] 140548071489536-140548073586687: ffff888022f0e700 03:33:28 executing program 3: r0 = socket$vsock_stream(0x28, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) 03:33:28 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000700)={'batadv0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000000)="99e3977cf877cc52d34687880800", 0x36, 0x0, &(0x7f00000000c0)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @remote}, 0x14) 03:33:28 executing program 5: r0 = ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x2) r1 = openat$loop_ctrl(0xffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r0) fanotify_init(0x2, 0x0) [ 483.323840][ T6665] 140548073586688-140548075683839: ffff888022f0e7e0 03:33:28 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) write$FUSE_CREATE_OPEN(r0, &(0x7f0000000e40)={0xa0, 0x0, 0x0, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}}}}, 0xa0) 03:33:28 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) getsockopt$inet_int(r0, 0x0, 0x0, 0x0, &(0x7f0000000040)) [ 483.387081][ T6665] 140548075683840-140548077780991: ffff888022f0e8c0 03:33:28 executing program 3: r0 = openat$cuse(0xffffff9c, &(0x7f00000046c0), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000004700)=ANY=[@ANYBLOB="2e00000004"], 0x2e) 03:33:28 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r0, &(0x7f0000000440)={&(0x7f0000000380), 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x14, r1, 0x1}, 0x14}}, 0x0) [ 483.476063][ T6665] 140548077780992-140548079878143: ffff888022f0e9a0 03:33:28 executing program 0: process_vm_writev(0x0, &(0x7f0000000740)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9, 0x0, 0x0, 0x0) 03:33:28 executing program 2: keyctl$search(0xa, 0x0, &(0x7f0000000200)='trusted\x00', &(0x7f0000000240)={'syz', 0x0}, 0x0) 03:33:28 executing program 1: pipe(&(0x7f0000000900)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_pressure(r1, &(0x7f00000000c0)={'full'}, 0x2f) ioctl$sock_inet_udp_SIOCINQ(r0, 0x541b, &(0x7f0000000080)) [ 483.516320][ T6665] 140548079878144-140548084072447: ffff888022f0ea80 03:33:28 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000080)={'sit0\x00', &(0x7f0000000000)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x6, 0x4, 0x0, 0x0, 0x18, 0x0, 0x0, 0x0, 0x0, 0x0, @local, @rand_addr, {[@noop]}}}}}) 03:33:28 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) getsockopt$inet_int(r0, 0x0, 0xf, 0x0, &(0x7f0000000040)) 03:33:28 executing program 5: r0 = ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x2) r1 = openat$loop_ctrl(0xffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r0) fanotify_init(0x2, 0x0) [ 483.612334][ T6665] 140548084072448-140548084219903: ffff888022f0eb60 03:33:29 executing program 0: setsockopt$MRT6_FLUSH(0xffffffffffffffff, 0x29, 0xd4, 0x0, 0x0) 03:33:29 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$BLKGETSIZE64(r0, 0x80041272, 0x0) 03:33:29 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) 03:33:29 executing program 2: r0 = socket(0xa, 0x2, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x24000004, &(0x7f0000000000)={0xa, 0x4e32, 0x0, @ipv4}, 0x1c) 03:33:29 executing program 4: r0 = socket(0xa, 0x3, 0x7) getsockopt$inet6_int(r0, 0x29, 0x7, 0x0, &(0x7f00000000c0)) 03:33:29 executing program 2: r0 = socket(0xa, 0x2, 0x0) connect$bt_rfcomm(r0, &(0x7f0000000000)={0x1f, @fixed}, 0xa) 03:33:29 executing program 3: r0 = socket(0xa, 0x3, 0xb) setsockopt$inet6_opts(r0, 0x29, 0x36, &(0x7f0000000040)=@routing, 0x8) setsockopt$inet6_opts(r0, 0x29, 0x3b, 0x0, 0x0) [ 483.731471][ T6665] 140548084219904-140548084948991: ffff888022f0ec40 [ 483.765689][ T6665] 140548084948992-140548085284863: ffff888022f0ed20 03:33:29 executing program 4: r0 = socket(0xa, 0x3, 0x7) setsockopt$inet6_opts(r0, 0x29, 0x39, &(0x7f0000000340)=@dstopts, 0x8) 03:33:29 executing program 1: r0 = socket(0xa, 0x3, 0xb) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x12, 0x0, 0x0) 03:33:29 executing program 0: prctl$PR_GET_PDEATHSIG(0x39, &(0x7f00000000c0)) [ 483.809627][ T8393] udevd[8393]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory [ 483.836498][ T28] INFO: task syz-executor.5:6662 blocked for more than 143 seconds. 03:33:29 executing program 5: r0 = ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x2) r1 = openat$loop_ctrl(0xffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r0) fanotify_init(0x2, 0x0) [ 483.856396][ T28] Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 [ 483.863452][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. 03:33:29 executing program 3: r0 = socket(0xa, 0x3, 0x7) getsockopt$EBT_SO_GET_INFO(r0, 0x3a, 0x80, 0x0, 0x0) 03:33:29 executing program 1: r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0) ioctl$EVIOCGEFFECTS(r0, 0x40044590, 0x0) 03:33:29 executing program 0: r0 = socket(0xa, 0x3, 0xb) getsockopt$inet6_int(r0, 0x29, 0x4c, 0x0, &(0x7f00000000c0)) 03:33:29 executing program 4: r0 = socket(0xa, 0x3, 0xb) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@dev}, 0x20) [ 483.866648][ T6665] 140548085284864-140548085288959: 0000000000000000 [ 483.942380][ T28] task:syz-executor.5 state:D 03:33:29 executing program 2: r0 = socket(0xa, 0x2, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @mcast2={0xff, 0x5}, 0x1}, 0x1c) [ 483.949360][ T6665] 140548085288960-140548085653503: [ 483.984509][ T28] stack:28256 pid:6662 ppid:5113 flags:0x00000004 [ 484.013201][ T6665] ffff888022f0ee00 03:33:29 executing program 4: socketpair(0x10, 0x2, 0x2, &(0x7f0000000140)) 03:33:29 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_HYPERV_EVENTFD(r1, 0x4018aebd, &(0x7f0000000040)={0x4, 0xffffffffffffffff, 0x1}) 03:33:29 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$IPT_SO_GET_REVISION_TARGET(r0, 0x0, 0x6, 0x0, &(0x7f0000000040)) [ 484.052719][ T28] Call Trace: [ 484.068265][ T28] [ 484.074191][ T6665] 140548085653504-140548085690367: ffff888022f0eee0 [ 484.089869][ T28] __schedule+0x25d0/0x5a70 03:33:29 executing program 2: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a1, 0x0) [ 484.111644][ T28] ? io_schedule_timeout+0x150/0x150 [ 484.144902][ T28] ? __bpf_trace_lock+0xe0/0xe0 03:33:29 executing program 4: syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='schedstat\x00') 03:33:29 executing program 0: syz_mount_image$btrfs(&(0x7f00000051c0), &(0x7f0000005200)='./file0\x00', 0x1000008, &(0x7f0000000280)={[{@datacow}, {@clear_cache}, {@nodatasum}, {@rescan_uuid_tree}, {}, {@space_cache_v1}]}, 0xfe, 0x51ab, &(0x7f0000005280)="$eJzs3V9oVFceB/Az+aPxDyY+xV32wX1YWcUFWRF2UdggGF2Whdn1YVnYrFlZxT+7JUgDwb5YS2lBxGCgthSKD33pS0mlUFqqBAsthYogVloUW0teWiiESsGXlpK590xmzvVmxlQbq5+PJHfO/d1z7pnhPsx3zLkTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIRwcM3Kv+xaPb2urD7dP3bq6LLt507vP3ljaGjLlRAqtf2VvL5n+66/79+95689scPw37JtX1/ZkFnXz7PGkqads/2af/4TQuhOBujMtzs6G/pW0hOEI8UB53XgZv/o5u7BaxN3zmy8eP3QhuJTZ1bPYk9gseTX1fTctTRQ+92RHFFvN1x6laZLNOufXnA/yZMAAO7JpmptU387mr/FrbePpfWkPZC0x5N2fIcw3thYiGzcJWXzXJvWF2meA1lUWFo6z6Sev/71djXtn7STqHEP82w+NI80PWXzHEnqizVPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIfJqx9euvTcy+u3ldWn+8dOHV22/dzp/SdvDA1tuRJCX21/JStXlv+q8w+fLtt57fiRN36zr+ftk515v7jtajg4fBIf/LE3hL0Nlek47JerQqg2F2rN8FKxcLD24M+xAAAAwKPkF7XfHfV2Fge7m9qVWpqs1P5FWVg8cLN/dHP34LWJO2c2Xrx+aMPCx6uWjDdw1/Hq7b65n0pDMI7xNx1vrh4PPVIYZ37piGme/2zmyVsXJn7777L+hfzfN3/+j6+c/A8AAMCPIf+n48yvVf6/+s7zT3UN7n2vrH8h/69tOmUh/8cZx/zfERaW/wEAAOBh9qDz/0BhnPm1yv/fnZ86f/nb46+U9S/k/03t5f+uxmnHnR/FCR/uDWFTq6kDAAAAJeL/u899tBDzevbJQZrXO2ZGe6d6blwtG6+Q/wfay//d9/2ZAQAAAAv1v7F/Hb8wNn6zrF7I/9X28v/SBz5zAAAAoF37Tvz/3PoNIyvL6oX8P9xe/l+eb/OVD1mn9+NfIUz0htAz+2AkK3wQxv9ULwAAAAD3SczpX41u/f7jwel3y44r5P+R+e//H+90ENf/N93/r7D+v6GQ3fVvqxsDAAAA8DgqruePt8fPvrmg7Pv3213/f+uXO3b9d+c/vig7fyH/H2sv/3c2bu/n9/8BAADAAvzcvv/vn4Vx5tfq/v/fDN36et3hZwfL+hfy/3h7+T9uVzQ+van4+jzTG8Ka2Qf53QRfi6c7nBQmuxsK2Quf9Ngde+SFyaUNhZqRpMfve0P49eyDY0lhdSyMJ4WZVXnhbFK4HAv59VAvvJ4UpuKV9sKqfLpp4a1YyBdYTMYVFCvqSyKSHrfLeswW7trjev3kAAAAj5UYnvMs293cDGmUnay0OmB5qwM6Wh3Q2eqAruSA9MCy/WG4uRD3v7jtd7evPPHm06FEIf+fbS//x5diSbYpW/8f4vr//HsN6+v/h2OhLylMxkI1vWNANZ4jC7sn4jn6qnmPmTX1AgAAADzS4ucCnYs8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5g7/6D7KrqA4Cf/f0jm91FHAFJNYqA6ZDNJjFKK1MC1UFxpi4OdZw60UR2g9ssJCZhICnthEA7U5hUVKa1o0NDHUdpkUY6jlK1pEyBcaRTm7ZMxWhl/EFtaxnGSodSm87be8/d+87dm/dCdiFLP58/9p33vufnfT/2nXvvOxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD/h38ZWPMb+1f89Py6+PfPuOHDewcuve+jWw8c3bRpw5EQJmYf78jCHYMrui785sBlj+3f+flzp/rvP9Cbl8vjYVnjT2d+55ai1uUhfLEjhO40sHooC/Tk94difSuGQjgtzAWKElODWYm04fDQQAgHw1ygqOr+gRCGSoErjzz4wIFG4o6BEM4NIfSlbXy7L2tjIA2c15sFBtPA9u4s8F/HMkXgS51ZAE5afDMUL/pDE80ZRucvV/P661mwjr240uF1xcRofb4fX7LInSrpTR+YOKmnrVIdi6Ly9jjs3bYE3m2V7Xy7p638RSr/hnJsLtQXOientm65bmZ3fKQzjI111dW0SM/z40/feNWJpJfM6zB2YHRBXofP3vme68+afMuNt24/54m177vg6Ml2s27zLra+kL/mlszzGG30ebIE3n6Vb0krfekKIfzcB7tv6vrtI5+qi1fm/6PHn//Hl3O87WzKHWt9bjibm8dHhmLiqeFsbg4AAABLxlLYa/qjs1/xe6s61zxeV19l/r+yveP/8ZB/PpnPRns4hI2ziZtHQjhz9vEscHds7gMjIbxmNjXRHLgkCRwO4azZxKqiqqREfyyxMgk8OZwHNiaBh2NgIgl8OgZuTwK3xMChJHBVDBxOApfGQJhuHsfPD+fjaDswEAObs414KJ6F8JPh2Fqyrb5VVAUAALBA8tlhT/Pd0rkOJ5shTi8PDbTKEM/Ars3Ql9SQzmCLaVVtDd2tauhsVUMx7n3HH36l5o5WNVdOw+hoznDpK/7w/BVfu+ELoUZl/j9+/Pl/3zwd6agc/w/hitm/MXdnHpkp4psnmjIAAAAAJ2HtG2a+9idnv+nNdfHK/H9je+f/x30iXaXM4dG4G2LbSAjjzYGs2jdXA9lR72V5AAAAAJaC4nh8cSx8Or/NTtFO59PV/BMnmD8e+N84b/5fCpOnb/vBUxvq+luZ/0+0d/7/YPNt1omHYy8+NhJCfynwSOxlIzBrZQx89+LmQD7+h+MGuC1WlZ+YUFR1WyyxOQbGk8DBuhLfKEqc2RzIn6yi8ZuLcUznJUoBAAAAeMHF3QHxuHw8///Ctd/70KaP7/1cXbnK/H/ziZ3/PzsPrpzeP7MshDXdIXSlPwx4dDBbGDAGhjryxFcHs7q60qpuGgzhosbA0qqeyNf/707XGDwykFUVA2e+9rNPn9dIfGoghDXlwGPvvWt2x8juJFA0/qsDIby6Mdq08S/0Z433pI3/QX8IryoFiqo+0B9Co7HetKoH+/LrGKRV/VlfCKeXAkVVb+wLYU8AYImK/0onyw/u2rN325aZmamdi5iI+/AHwtbpmamxq7bPTPbV9Gky6XPTMkY3VcfU2ebYj+ZLFN1z+dhIO+nid4Lj5b7k+/ErJw7m9+N3oZ7Zca7rabq7Ph3y68+pNpEO6cUY8mC5krknsVJ/zN8bloX+63ZN7Ry7Ycvu3TvXZn/bzb4u+xsPM2Xbam26rQbn61sbL492F0N/vtuq6TJXa3Zfs2PNrj17V09fs+Xqqaunrn3D+LrxdevHN7zpwjWNUY1nf1sM9fz5qk6Geuyu6hDavQbU8x3qK7tLlbwQnxoSEhJLLbHl4q/+5b1nfWJZ3cdPZf6/4/jz//ipEz/58/UZ6o7/j8bD/Nnjc4f5N8fAwXaP/4/WHc0vTgxYmQT2xcA+h/kBAAB4aYi7G+PezLhXuuem1WN//MlHnqwrV5n/72vv9/8LtP5/sXT95XXL/K+KJcbr1v9Pl/kv1v/fV7f+f7rMf7H+/8EXYf3/64pAskl+Yv1/AADgpeCFW/+/5fL+6QUCKhlaLu+fXiCgkqHlMv7tXiDghNf/f/tzr+u55iOvviXUqMz/b29v/m/hfgAAADh13HVkQ8eD//o/D9XFK/P/g+3N/1/49f9C3fn/K+sCE3ULA1r/DwAAgCWqbv2/9a/78ebP/WzFD+vKVeb/h9qb/8fTLjqbcsdanxvO1rQL6Zp2Tw0XPxkAAACApaEzjI21u6Jp08qolzz/Nh/PlwI9Xrrsr758zT8+8tb39tfVV5n/H25v/t/0u4xn73zP9WdNvuXG527dfs4Ta993wdG54/8AAADA4ml3vwQAAAAAAAAAAAAAAPDie3rv5Lv++ew7P1MXr/z+P1wx+3jd7//jdf/i7wte3pQ71tp6/b/8/pXvuHfP7JKFjw6HcE45sG3/ttNCfm3+88uBBzatOqOR2J+W+Mp3Lv1BI/H+NPC21S97ppG4KAlsjosknpUG4lUVn1meBOLyin+fBuL2OJQGevPA7y7PxtGRbqsfDWXbqiPdVo8PhTBSChTb6otDWRsd6QDvSALFAD+UBuIAfyUPdKa9undZ1qsYGIpF/2hZ1isAAE5Z8VtgT9g6PTM1Hr/Cx9tXdjffRk1Llt1UrbajzeaP5kuT3XP52Eg76a70u+jctcZ7Ql9jCGsrX1fLWTpmR7kwtbTYdC+vGXKr1d7a/XX2iW663voRDWQjGrtq+8xkT8uBr2+dZV13yyxrK5OdcpbO2U3aRi1t9KWNEbW5bdrocrzfGcbGupJcvxiDo6HJQr0iyuv81b0Kynn2Tb7xb75x7Nihuvoq8//R9ub/feVxPZNfDGBfvLLezSMhnNnmiAAAAIB2fevL/7Ru+yd+55709ort1956weCPLq4rV5n/r2xv/h93jOWHgrO9HYfj9f+L+f9oFrg7NveBkRBeM5uaiCWyC+pfHkuMZ4G74w6TVbHE5onmqvpj4FASeHI4DxxOAg/HQL6X4rMh35XzkeEQNsymrmgusSOWGE0C74yBlUlgLAbGk8DyGNiYBP59eR6YSAJfj4Ew3byt/ny5vSsAAMDzkM+zeprvhnSed6i7VYaOVhkGW2XobJWhr1WGulHE+/fFDD3JySsdpUw9aa0DSS2VDPFi+Cfcr0qG8I3mnGnBStPx/IPifIOO5gz/dtnrv33erlXtX/9/vL35/2Dzbdb6w3H+P3f9vyzwSOzex+Kp4ytj4LsXNwfyHQMPx8nubUVVE3mJfNJ+WyyxMQZWJoEdMbAxCWy+Ig8cPKM5kM+0i8ZvLhqfzkuUAgAAAPCCizsI4m6aOP//0/+++3MH/uHav64rV5n/b2xv/h/bW1Zu7Jai1uUhfLFjrjdFYPVQFoj7MYbiz+NXDIVwWmkHR1FiajAr0Zs0HB4ayH6h3ptWdf9AtsZAvH/lkQcfONBI3DEQwrmlvS9FG9/uy9oYSAPn9WaBwTSwvTsLxD0/ReBLnVkATlqxVzC+oPJTXQqj85eref29VK4Jmg6vsg90nnzz/eZqsfSlD+T7VAsn9rRVqmNRVN4eh73bluK7bdS7rfxFKv+Gcmwu1Bc6J6e2brluZnd8pPxL1opFep7Lv1JtJ70Ar8N9z7+3rfWlHRhPPj7G5y83/+uwI1b37J3vuf6sybfceOv2c55Y+74LjrbdjRrxh8Lv/uTLRsubd7H1hfw1t+Q+TyZ8nizFfwMrPW2NGexTv//V//jp4z+ri1fm/xPtzf+7k9tZz8aNuWskhNeXNu6jcfP/8kj2OVgKZJ+Sp1cD2SH37w3XfnICAADAQit2dxT7C6bz2+yE8HSeXM0/cYL54/6KjfPmb7ffW29+aP8P/+6Or9TFK/P/zcef//cn3XT83/F/Fonj//M61XdF96cP7DupXdGV6lgUjv/P61R/tzn+Py/H/x3/n4/j/y04/j+vU/1pq3xL2uFLVwjh6++/8+33bP+18+rilfn/jvbm/9b/m3/RvmL9v8116//tqFv/b5/1/wAAgEVVs9BcOs+rrN5XyZCu3lfJ0HKBwJZLDFr/74TX/3vrO//3+mOvuGRnqFGZ/+9rb/4fXw7Lyq0vlfX/Vl5RU9XtMbDDwoAAAACciup2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDievcvPLl8029eOF0X//4ZN3x478Cl931064GjmzZtOBJClrUjC3cMrui68JsDlz22f+fnz53qv/9AX16uJ789uyl3rPW54RAOlh4Ziomnhht35gJXvuPePd2NxKPDIZxTDmzbv+20RuLTwyGcXw48sGnVGY3E/rTEV75z6Q8aifengbetftkzjcRFeaAj7e4nl2fd7Ui7e2B5CCOlQNHdX1/eXFXRxmV5oDNt4zNDWRsxMBSLfnwoayMGZmKJ6f4Q1nSH0JVW9bW+rKqutKq/6Muq6kqr+q2+EC4KIXSnVX2nN6uqOx353/ZmVcXAma/97NPnNRIHe0NYUw489t67NjQSH0oCRePv6g3h1Y2XTNr4fT1Z4z1p43f0hPCqEEJvWuI/u7MSvWmJJ7pDOL0UKBr/YHcIewIvCfHDZ7L84K49e7dtmZmZ2rmIid68rYGwdXpmauyq7TOTfUmf6nSU0sduOn78eI4+feNVjdt7Lh8baSfdnZfrme3yup6mu+sXqvftOtHex34NliuZez4q9cf8vWFZ6L9u19TOsRu27N69c232t93s67K/XXk021ZrF2pbdbYoHz3fbXV+uZI1u6/ZsWbXnr2rp6/ZcvXU1VPXvmF83fi69eMb3nThmsaoxrO/CzHUu44fX4yhvrK7VMkL8QEgISGx1BKdTZ9u46f6P73KF/25jvaEvtkP6Mq0opylY3aUCzHoS6rxrkUadGVKUhnR2srEoZJlXess6yuTibksA1mW2e91lclhuabO2U0a73eGsbHazTLafLe8eX88z+Zt1+P5pms3DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/B87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3DqNnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBSAAAA//+3Rsqd") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.current\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b) open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) ioctl$BTRFS_IOC_SNAP_CREATE(0xffffffffffffffff, 0x9408, 0x0) [ 484.181603][ T28] schedule+0xde/0x1b0 [ 484.186379][ T6665] 140548085690368-140548085710847: 0000000000000000 [ 484.199425][ T28] rwsem_down_read_slowpath+0x5a7/0xb20 03:33:29 executing program 5: r0 = ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x2) r1 = openat$loop_ctrl(0xffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r0) fanotify_init(0x2, 0x0) [ 484.230382][ T28] ? down_write+0x220/0x220 03:33:29 executing program 2: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r3 = dup(r0) mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 484.255893][ T6665] 140548085710848-140548097556479: ffff88806b3de000 [ 484.259532][ T28] ? lock_release+0x810/0x810 [ 484.296422][ T6665] 140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 [ 484.297541][ T28] ? do_user_addr_fault+0xa51/0x1210 [ 484.298897][ T6665] ffff88806b3de1c0 140735437332479 [ 484.452553][ T28] ? rcu_read_lock_sched_held+0x3e/0x70 [ 484.469367][ T6665] ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 484.493963][ T28] ? do_user_addr_fault+0xa51/0x1210 [ 484.509799][ T28] ? lock_acquire+0x32/0xc0 [ 484.521975][ T28] ? do_user_addr_fault+0xa51/0x1210 [ 484.542331][ T28] down_read+0xe6/0x450 [ 484.557331][ T28] ? rwsem_down_read_slowpath+0xb20/0xb20 [ 484.574669][ T28] do_user_addr_fault+0xa51/0x1210 [ 484.591391][ T28] ? rcu_read_lock_sched_held+0x3e/0x70 [ 484.607670][ T28] exc_page_fault+0x98/0x170 [ 484.616384][ T6665] 140548097556480-140548097601535: 0000000000000000 [ 484.622633][ T28] asm_exc_page_fault+0x26/0x30 [ 484.623348][ T6665] 140548097601536-140548097605631: [ 484.644348][ T28] RIP: 0033:0x7fd3e6a276c6 [ 484.666376][ T6665] ffff88806b3de460 [ 484.670131][ T6665] 140548097605632-140548097736703: ffff88806b3de380 [ 484.671856][ T28] RSP: 002b:00007fff85bf47b8 EFLAGS: 00010287 [ 484.713136][ T28] RAX: 0000001b32a23000 RBX: 00007fd3e6bac018 RCX: 0000001b32a20000 [ 484.723088][ T6665] 140548097736704-140735437164543: 0000000000000000 [ 484.740723][ T28] RDX: 0000001b32a23004 RSI: 0000001b32a22280 RDI: 000000000d07a06e [ 484.760541][ T28] RBP: 000000000d07a06e R08: 0000001b32e20000 R09: 000000000d07a072 [ 484.768083][ T6665] 140735437164544-140735437299711: ffff88806b3de0e0 [ 484.775107][ T28] R10: 00007fff85bfa090 R11: 000000000000fb9c R12: 00007fd3e6ba0000 [ 484.787320][ T28] R13: 0000000000000001 R14: 0000000000010b0a R15: ffffffff89b86815 [ 484.795455][ T28] ? number+0x645/0xad0 [ 484.806732][ T6665] 140735437299712-140735437316095: 0000000000000000 03:33:30 executing program 1: r0 = socket(0xa, 0x2, 0x0) sendto$inet6(r0, &(0x7f0000000040)="84", 0x1, 0x4044040, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty, 0x6}, 0x1c) 03:33:30 executing program 4: syz_mount_image$btrfs(&(0x7f00000051c0), &(0x7f0000005200)='./file0\x00', 0x1000008, &(0x7f0000000280)={[{@datacow}, {@clear_cache}, {@nodatasum}, {@rescan_uuid_tree}, {}, {@space_cache_v1}]}, 0xfe, 0x51ab, &(0x7f0000005280)="$eJzs3V9oVFceB/Az+aPxDyY+xV32wX1YWcUFWRF2UdggGF2Whdn1YVnYrFlZxT+7JUgDwb5YS2lBxGCgthSKD33pS0mlUFqqBAsthYogVloUW0teWiiESsGXlpK590xmzvVmxlQbq5+PJHfO/d1z7pnhPsx3zLkTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIRwcM3Kv+xaPb2urD7dP3bq6LLt507vP3ljaGjLlRAqtf2VvL5n+66/79+95689scPw37JtX1/ZkFnXz7PGkqads/2af/4TQuhOBujMtzs6G/pW0hOEI8UB53XgZv/o5u7BaxN3zmy8eP3QhuJTZ1bPYk9gseTX1fTctTRQ+92RHFFvN1x6laZLNOufXnA/yZMAAO7JpmptU387mr/FrbePpfWkPZC0x5N2fIcw3thYiGzcJWXzXJvWF2meA1lUWFo6z6Sev/71djXtn7STqHEP82w+NI80PWXzHEnqizVPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIfJqx9euvTcy+u3ldWn+8dOHV22/dzp/SdvDA1tuRJCX21/JStXlv+q8w+fLtt57fiRN36zr+ftk515v7jtajg4fBIf/LE3hL0Nlek47JerQqg2F2rN8FKxcLD24M+xAAAAwKPkF7XfHfV2Fge7m9qVWpqs1P5FWVg8cLN/dHP34LWJO2c2Xrx+aMPCx6uWjDdw1/Hq7b65n0pDMI7xNx1vrh4PPVIYZ37piGme/2zmyVsXJn7777L+hfzfN3/+j6+c/A8AAMCPIf+n48yvVf6/+s7zT3UN7n2vrH8h/69tOmUh/8cZx/zfERaW/wEAAOBh9qDz/0BhnPm1yv/fnZ86f/nb46+U9S/k/03t5f+uxmnHnR/FCR/uDWFTq6kDAAAAJeL/u899tBDzevbJQZrXO2ZGe6d6blwtG6+Q/wfay//d9/2ZAQAAAAv1v7F/Hb8wNn6zrF7I/9X28v/SBz5zAAAAoF37Tvz/3PoNIyvL6oX8P9xe/l+eb/OVD1mn9+NfIUz0htAz+2AkK3wQxv9ULwAAAAD3SczpX41u/f7jwel3y44r5P+R+e//H+90ENf/N93/r7D+v6GQ3fVvqxsDAAAA8DgqruePt8fPvrmg7Pv3213/f+uXO3b9d+c/vig7fyH/H2sv/3c2bu/n9/8BAADAAvzcvv/vn4Vx5tfq/v/fDN36et3hZwfL+hfy/3h7+T9uVzQ+van4+jzTG8Ka2Qf53QRfi6c7nBQmuxsK2Quf9Ngde+SFyaUNhZqRpMfve0P49eyDY0lhdSyMJ4WZVXnhbFK4HAv59VAvvJ4UpuKV9sKqfLpp4a1YyBdYTMYVFCvqSyKSHrfLeswW7trjev3kAAAAj5UYnvMs293cDGmUnay0OmB5qwM6Wh3Q2eqAruSA9MCy/WG4uRD3v7jtd7evPPHm06FEIf+fbS//x5diSbYpW/8f4vr//HsN6+v/h2OhLylMxkI1vWNANZ4jC7sn4jn6qnmPmTX1AgAAADzS4ucCnYs8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5g7/6D7KrqA4Cf/f0jm91FHAFJNYqA6ZDNJjFKK1MC1UFxpi4OdZw60UR2g9ssJCZhICnthEA7U5hUVKa1o0NDHUdpkUY6jlK1pEyBcaRTm7ZMxWhl/EFtaxnGSodSm87be8/d+87dm/dCdiFLP58/9p33vufnfT/2nXvvOxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD/h38ZWPMb+1f89Py6+PfPuOHDewcuve+jWw8c3bRpw5EQJmYf78jCHYMrui785sBlj+3f+flzp/rvP9Cbl8vjYVnjT2d+55ai1uUhfLEjhO40sHooC/Tk94difSuGQjgtzAWKElODWYm04fDQQAgHw1ygqOr+gRCGSoErjzz4wIFG4o6BEM4NIfSlbXy7L2tjIA2c15sFBtPA9u4s8F/HMkXgS51ZAE5afDMUL/pDE80ZRucvV/P661mwjr240uF1xcRofb4fX7LInSrpTR+YOKmnrVIdi6Ly9jjs3bYE3m2V7Xy7p638RSr/hnJsLtQXOientm65bmZ3fKQzjI111dW0SM/z40/feNWJpJfM6zB2YHRBXofP3vme68+afMuNt24/54m177vg6Ml2s27zLra+kL/mlszzGG30ebIE3n6Vb0krfekKIfzcB7tv6vrtI5+qi1fm/6PHn//Hl3O87WzKHWt9bjibm8dHhmLiqeFsbg4AAABLxlLYa/qjs1/xe6s61zxeV19l/r+yveP/8ZB/PpnPRns4hI2ziZtHQjhz9vEscHds7gMjIbxmNjXRHLgkCRwO4azZxKqiqqREfyyxMgk8OZwHNiaBh2NgIgl8OgZuTwK3xMChJHBVDBxOApfGQJhuHsfPD+fjaDswEAObs414KJ6F8JPh2Fqyrb5VVAUAALBA8tlhT/Pd0rkOJ5shTi8PDbTKEM/Ars3Ql9SQzmCLaVVtDd2tauhsVUMx7n3HH36l5o5WNVdOw+hoznDpK/7w/BVfu+ELoUZl/j9+/Pl/3zwd6agc/w/hitm/MXdnHpkp4psnmjIAAAAAJ2HtG2a+9idnv+nNdfHK/H9je+f/x30iXaXM4dG4G2LbSAjjzYGs2jdXA9lR72V5AAAAAJaC4nh8cSx8Or/NTtFO59PV/BMnmD8e+N84b/5fCpOnb/vBUxvq+luZ/0+0d/7/YPNt1omHYy8+NhJCfynwSOxlIzBrZQx89+LmQD7+h+MGuC1WlZ+YUFR1WyyxOQbGk8DBuhLfKEqc2RzIn6yi8ZuLcUznJUoBAAAAeMHF3QHxuHw8///Ctd/70KaP7/1cXbnK/H/ziZ3/PzsPrpzeP7MshDXdIXSlPwx4dDBbGDAGhjryxFcHs7q60qpuGgzhosbA0qqeyNf/707XGDwykFUVA2e+9rNPn9dIfGoghDXlwGPvvWt2x8juJFA0/qsDIby6Mdq08S/0Z433pI3/QX8IryoFiqo+0B9Co7HetKoH+/LrGKRV/VlfCKeXAkVVb+wLYU8AYImK/0onyw/u2rN325aZmamdi5iI+/AHwtbpmamxq7bPTPbV9Gky6XPTMkY3VcfU2ebYj+ZLFN1z+dhIO+nid4Lj5b7k+/ErJw7m9+N3oZ7Zca7rabq7Ph3y68+pNpEO6cUY8mC5krknsVJ/zN8bloX+63ZN7Ry7Ycvu3TvXZn/bzb4u+xsPM2Xbam26rQbn61sbL492F0N/vtuq6TJXa3Zfs2PNrj17V09fs+Xqqaunrn3D+LrxdevHN7zpwjWNUY1nf1sM9fz5qk6Geuyu6hDavQbU8x3qK7tLlbwQnxoSEhJLLbHl4q/+5b1nfWJZ3cdPZf6/4/jz//ipEz/58/UZ6o7/j8bD/Nnjc4f5N8fAwXaP/4/WHc0vTgxYmQT2xcA+h/kBAAB4aYi7G+PezLhXuuem1WN//MlHnqwrV5n/72vv9/8LtP5/sXT95XXL/K+KJcbr1v9Pl/kv1v/fV7f+f7rMf7H+/8EXYf3/64pAskl+Yv1/AADgpeCFW/+/5fL+6QUCKhlaLu+fXiCgkqHlMv7tXiDghNf/f/tzr+u55iOvviXUqMz/b29v/m/hfgAAADh13HVkQ8eD//o/D9XFK/P/g+3N/1/49f9C3fn/K+sCE3ULA1r/DwAAgCWqbv2/9a/78ebP/WzFD+vKVeb/h9qb/8fTLjqbcsdanxvO1rQL6Zp2Tw0XPxkAAACApaEzjI21u6Jp08qolzz/Nh/PlwI9Xrrsr758zT8+8tb39tfVV5n/H25v/t/0u4xn73zP9WdNvuXG527dfs4Ta993wdG54/8AAADA4ml3vwQAAAAAAAAAAAAAAPDie3rv5Lv++ew7P1MXr/z+P1wx+3jd7//jdf/i7wte3pQ71tp6/b/8/pXvuHfP7JKFjw6HcE45sG3/ttNCfm3+88uBBzatOqOR2J+W+Mp3Lv1BI/H+NPC21S97ppG4KAlsjosknpUG4lUVn1meBOLyin+fBuL2OJQGevPA7y7PxtGRbqsfDWXbqiPdVo8PhTBSChTb6otDWRsd6QDvSALFAD+UBuIAfyUPdKa9undZ1qsYGIpF/2hZ1isAAE5Z8VtgT9g6PTM1Hr/Cx9tXdjffRk1Llt1UrbajzeaP5kuT3XP52Eg76a70u+jctcZ7Ql9jCGsrX1fLWTpmR7kwtbTYdC+vGXKr1d7a/XX2iW663voRDWQjGrtq+8xkT8uBr2+dZV13yyxrK5OdcpbO2U3aRi1t9KWNEbW5bdrocrzfGcbGupJcvxiDo6HJQr0iyuv81b0Kynn2Tb7xb75x7Nihuvoq8//R9ub/feVxPZNfDGBfvLLezSMhnNnmiAAAAIB2fevL/7Ru+yd+55709ort1956weCPLq4rV5n/r2xv/h93jOWHgrO9HYfj9f+L+f9oFrg7NveBkRBeM5uaiCWyC+pfHkuMZ4G74w6TVbHE5onmqvpj4FASeHI4DxxOAg/HQL6X4rMh35XzkeEQNsymrmgusSOWGE0C74yBlUlgLAbGk8DyGNiYBP59eR6YSAJfj4Ew3byt/ny5vSsAAMDzkM+zeprvhnSed6i7VYaOVhkGW2XobJWhr1WGulHE+/fFDD3JySsdpUw9aa0DSS2VDPFi+Cfcr0qG8I3mnGnBStPx/IPifIOO5gz/dtnrv33erlXtX/9/vL35/2Dzbdb6w3H+P3f9vyzwSOzex+Kp4ytj4LsXNwfyHQMPx8nubUVVE3mJfNJ+WyyxMQZWJoEdMbAxCWy+Ig8cPKM5kM+0i8ZvLhqfzkuUAgAAAPCCizsI4m6aOP//0/+++3MH/uHav64rV5n/b2xv/h/bW1Zu7Jai1uUhfLFjrjdFYPVQFoj7MYbiz+NXDIVwWmkHR1FiajAr0Zs0HB4ayH6h3ptWdf9AtsZAvH/lkQcfONBI3DEQwrmlvS9FG9/uy9oYSAPn9WaBwTSwvTsLxD0/ReBLnVkATlqxVzC+oPJTXQqj85eref29VK4Jmg6vsg90nnzz/eZqsfSlD+T7VAsn9rRVqmNRVN4eh73bluK7bdS7rfxFKv+Gcmwu1Bc6J6e2brluZnd8pPxL1opFep7Lv1JtJ70Ar8N9z7+3rfWlHRhPPj7G5y83/+uwI1b37J3vuf6sybfceOv2c55Y+74LjrbdjRrxh8Lv/uTLRsubd7H1hfw1t+Q+TyZ8nizFfwMrPW2NGexTv//V//jp4z+ri1fm/xPtzf+7k9tZz8aNuWskhNeXNu6jcfP/8kj2OVgKZJ+Sp1cD2SH37w3XfnICAADAQit2dxT7C6bz2+yE8HSeXM0/cYL54/6KjfPmb7ffW29+aP8P/+6Or9TFK/P/zcef//cn3XT83/F/Fonj//M61XdF96cP7DupXdGV6lgUjv/P61R/tzn+Py/H/x3/n4/j/y04/j+vU/1pq3xL2uFLVwjh6++/8+33bP+18+rilfn/jvbm/9b/m3/RvmL9v8116//tqFv/b5/1/wAAgEVVs9BcOs+rrN5XyZCu3lfJ0HKBwJZLDFr/74TX/3vrO//3+mOvuGRnqFGZ/+9rb/4fXw7Lyq0vlfX/Vl5RU9XtMbDDwoAAAACciup2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDievcvPLl8029eOF0X//4ZN3x478Cl931064GjmzZtOBJClrUjC3cMrui68JsDlz22f+fnz53qv/9AX16uJ789uyl3rPW54RAOlh4Ziomnhht35gJXvuPePd2NxKPDIZxTDmzbv+20RuLTwyGcXw48sGnVGY3E/rTEV75z6Q8aifengbetftkzjcRFeaAj7e4nl2fd7Ui7e2B5CCOlQNHdX1/eXFXRxmV5oDNt4zNDWRsxMBSLfnwoayMGZmKJ6f4Q1nSH0JVW9bW+rKqutKq/6Muq6kqr+q2+EC4KIXSnVX2nN6uqOx353/ZmVcXAma/97NPnNRIHe0NYUw489t67NjQSH0oCRePv6g3h1Y2XTNr4fT1Z4z1p43f0hPCqEEJvWuI/u7MSvWmJJ7pDOL0UKBr/YHcIewIvCfHDZ7L84K49e7dtmZmZ2rmIid68rYGwdXpmauyq7TOTfUmf6nSU0sduOn78eI4+feNVjdt7Lh8baSfdnZfrme3yup6mu+sXqvftOtHex34NliuZez4q9cf8vWFZ6L9u19TOsRu27N69c232t93s67K/XXk021ZrF2pbdbYoHz3fbXV+uZI1u6/ZsWbXnr2rp6/ZcvXU1VPXvmF83fi69eMb3nThmsaoxrO/CzHUu44fX4yhvrK7VMkL8QEgISGx1BKdTZ9u46f6P73KF/25jvaEvtkP6Mq0opylY3aUCzHoS6rxrkUadGVKUhnR2srEoZJlXess6yuTibksA1mW2e91lclhuabO2U0a73eGsbHazTLafLe8eX88z+Zt1+P5pms3DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/B87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3DqNnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBSAAAA//+3Rsqd") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.current\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b) open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) ioctl$BTRFS_IOC_SNAP_CREATE(0xffffffffffffffff, 0x9408, 0x0) 03:33:30 executing program 2: syz_mount_image$btrfs(&(0x7f00000051c0), &(0x7f0000005200)='./file0\x00', 0x1000008, &(0x7f0000000280)={[{@datacow}, {@clear_cache}, {@nodatasum}, {@rescan_uuid_tree}, {}, {@space_cache_v1}]}, 0xfe, 0x51ab, &(0x7f0000005280)="$eJzs3V9oVFceB/Az+aPxDyY+xV32wX1YWcUFWRF2UdggGF2Whdn1YVnYrFlZxT+7JUgDwb5YS2lBxGCgthSKD33pS0mlUFqqBAsthYogVloUW0teWiiESsGXlpK590xmzvVmxlQbq5+PJHfO/d1z7pnhPsx3zLkTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIRwcM3Kv+xaPb2urD7dP3bq6LLt507vP3ljaGjLlRAqtf2VvL5n+66/79+95689scPw37JtX1/ZkFnXz7PGkqads/2af/4TQuhOBujMtzs6G/pW0hOEI8UB53XgZv/o5u7BaxN3zmy8eP3QhuJTZ1bPYk9gseTX1fTctTRQ+92RHFFvN1x6laZLNOufXnA/yZMAAO7JpmptU387mr/FrbePpfWkPZC0x5N2fIcw3thYiGzcJWXzXJvWF2meA1lUWFo6z6Sev/71djXtn7STqHEP82w+NI80PWXzHEnqizVPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIfJqx9euvTcy+u3ldWn+8dOHV22/dzp/SdvDA1tuRJCX21/JStXlv+q8w+fLtt57fiRN36zr+ftk515v7jtajg4fBIf/LE3hL0Nlek47JerQqg2F2rN8FKxcLD24M+xAAAAwKPkF7XfHfV2Fge7m9qVWpqs1P5FWVg8cLN/dHP34LWJO2c2Xrx+aMPCx6uWjDdw1/Hq7b65n0pDMI7xNx1vrh4PPVIYZ37piGme/2zmyVsXJn7777L+hfzfN3/+j6+c/A8AAMCPIf+n48yvVf6/+s7zT3UN7n2vrH8h/69tOmUh/8cZx/zfERaW/wEAAOBh9qDz/0BhnPm1yv/fnZ86f/nb46+U9S/k/03t5f+uxmnHnR/FCR/uDWFTq6kDAAAAJeL/u899tBDzevbJQZrXO2ZGe6d6blwtG6+Q/wfay//d9/2ZAQAAAAv1v7F/Hb8wNn6zrF7I/9X28v/SBz5zAAAAoF37Tvz/3PoNIyvL6oX8P9xe/l+eb/OVD1mn9+NfIUz0htAz+2AkK3wQxv9ULwAAAAD3SczpX41u/f7jwel3y44r5P+R+e//H+90ENf/N93/r7D+v6GQ3fVvqxsDAAAA8DgqruePt8fPvrmg7Pv3213/f+uXO3b9d+c/vig7fyH/H2sv/3c2bu/n9/8BAADAAvzcvv/vn4Vx5tfq/v/fDN36et3hZwfL+hfy/3h7+T9uVzQ+van4+jzTG8Ka2Qf53QRfi6c7nBQmuxsK2Quf9Ngde+SFyaUNhZqRpMfve0P49eyDY0lhdSyMJ4WZVXnhbFK4HAv59VAvvJ4UpuKV9sKqfLpp4a1YyBdYTMYVFCvqSyKSHrfLeswW7trjev3kAAAAj5UYnvMs293cDGmUnay0OmB5qwM6Wh3Q2eqAruSA9MCy/WG4uRD3v7jtd7evPPHm06FEIf+fbS//x5diSbYpW/8f4vr//HsN6+v/h2OhLylMxkI1vWNANZ4jC7sn4jn6qnmPmTX1AgAAADzS4ucCnYs8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5g7/6D7KrqA4Cf/f0jm91FHAFJNYqA6ZDNJjFKK1MC1UFxpi4OdZw60UR2g9ssJCZhICnthEA7U5hUVKa1o0NDHUdpkUY6jlK1pEyBcaRTm7ZMxWhl/EFtaxnGSodSm87be8/d+87dm/dCdiFLP58/9p33vufnfT/2nXvvOxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD/h38ZWPMb+1f89Py6+PfPuOHDewcuve+jWw8c3bRpw5EQJmYf78jCHYMrui785sBlj+3f+flzp/rvP9Cbl8vjYVnjT2d+55ai1uUhfLEjhO40sHooC/Tk94difSuGQjgtzAWKElODWYm04fDQQAgHw1ygqOr+gRCGSoErjzz4wIFG4o6BEM4NIfSlbXy7L2tjIA2c15sFBtPA9u4s8F/HMkXgS51ZAE5afDMUL/pDE80ZRucvV/P661mwjr240uF1xcRofb4fX7LInSrpTR+YOKmnrVIdi6Ly9jjs3bYE3m2V7Xy7p638RSr/hnJsLtQXOientm65bmZ3fKQzjI111dW0SM/z40/feNWJpJfM6zB2YHRBXofP3vme68+afMuNt24/54m177vg6Ml2s27zLra+kL/mlszzGG30ebIE3n6Vb0krfekKIfzcB7tv6vrtI5+qi1fm/6PHn//Hl3O87WzKHWt9bjibm8dHhmLiqeFsbg4AAABLxlLYa/qjs1/xe6s61zxeV19l/r+yveP/8ZB/PpnPRns4hI2ziZtHQjhz9vEscHds7gMjIbxmNjXRHLgkCRwO4azZxKqiqqREfyyxMgk8OZwHNiaBh2NgIgl8OgZuTwK3xMChJHBVDBxOApfGQJhuHsfPD+fjaDswEAObs414KJ6F8JPh2Fqyrb5VVAUAALBA8tlhT/Pd0rkOJ5shTi8PDbTKEM/Ars3Ql9SQzmCLaVVtDd2tauhsVUMx7n3HH36l5o5WNVdOw+hoznDpK/7w/BVfu+ELoUZl/j9+/Pl/3zwd6agc/w/hitm/MXdnHpkp4psnmjIAAAAAJ2HtG2a+9idnv+nNdfHK/H9je+f/x30iXaXM4dG4G2LbSAjjzYGs2jdXA9lR72V5AAAAAJaC4nh8cSx8Or/NTtFO59PV/BMnmD8e+N84b/5fCpOnb/vBUxvq+luZ/0+0d/7/YPNt1omHYy8+NhJCfynwSOxlIzBrZQx89+LmQD7+h+MGuC1WlZ+YUFR1WyyxOQbGk8DBuhLfKEqc2RzIn6yi8ZuLcUznJUoBAAAAeMHF3QHxuHw8///Ctd/70KaP7/1cXbnK/H/ziZ3/PzsPrpzeP7MshDXdIXSlPwx4dDBbGDAGhjryxFcHs7q60qpuGgzhosbA0qqeyNf/707XGDwykFUVA2e+9rNPn9dIfGoghDXlwGPvvWt2x8juJFA0/qsDIby6Mdq08S/0Z433pI3/QX8IryoFiqo+0B9Co7HetKoH+/LrGKRV/VlfCKeXAkVVb+wLYU8AYImK/0onyw/u2rN325aZmamdi5iI+/AHwtbpmamxq7bPTPbV9Gky6XPTMkY3VcfU2ebYj+ZLFN1z+dhIO+nid4Lj5b7k+/ErJw7m9+N3oZ7Zca7rabq7Ph3y68+pNpEO6cUY8mC5krknsVJ/zN8bloX+63ZN7Ry7Ycvu3TvXZn/bzb4u+xsPM2Xbam26rQbn61sbL492F0N/vtuq6TJXa3Zfs2PNrj17V09fs+Xqqaunrn3D+LrxdevHN7zpwjWNUY1nf1sM9fz5qk6Geuyu6hDavQbU8x3qK7tLlbwQnxoSEhJLLbHl4q/+5b1nfWJZ3cdPZf6/4/jz//ipEz/58/UZ6o7/j8bD/Nnjc4f5N8fAwXaP/4/WHc0vTgxYmQT2xcA+h/kBAAB4aYi7G+PezLhXuuem1WN//MlHnqwrV5n/72vv9/8LtP5/sXT95XXL/K+KJcbr1v9Pl/kv1v/fV7f+f7rMf7H+/8EXYf3/64pAskl+Yv1/AADgpeCFW/+/5fL+6QUCKhlaLu+fXiCgkqHlMv7tXiDghNf/f/tzr+u55iOvviXUqMz/b29v/m/hfgAAADh13HVkQ8eD//o/D9XFK/P/g+3N/1/49f9C3fn/K+sCE3ULA1r/DwAAgCWqbv2/9a/78ebP/WzFD+vKVeb/h9qb/8fTLjqbcsdanxvO1rQL6Zp2Tw0XPxkAAACApaEzjI21u6Jp08qolzz/Nh/PlwI9Xrrsr758zT8+8tb39tfVV5n/H25v/t/0u4xn73zP9WdNvuXG527dfs4Ta993wdG54/8AAADA4ml3vwQAAAAAAAAAAAAAAPDie3rv5Lv++ew7P1MXr/z+P1wx+3jd7//jdf/i7wte3pQ71tp6/b/8/pXvuHfP7JKFjw6HcE45sG3/ttNCfm3+88uBBzatOqOR2J+W+Mp3Lv1BI/H+NPC21S97ppG4KAlsjosknpUG4lUVn1meBOLyin+fBuL2OJQGevPA7y7PxtGRbqsfDWXbqiPdVo8PhTBSChTb6otDWRsd6QDvSALFAD+UBuIAfyUPdKa9undZ1qsYGIpF/2hZ1isAAE5Z8VtgT9g6PTM1Hr/Cx9tXdjffRk1Llt1UrbajzeaP5kuT3XP52Eg76a70u+jctcZ7Ql9jCGsrX1fLWTpmR7kwtbTYdC+vGXKr1d7a/XX2iW663voRDWQjGrtq+8xkT8uBr2+dZV13yyxrK5OdcpbO2U3aRi1t9KWNEbW5bdrocrzfGcbGupJcvxiDo6HJQr0iyuv81b0Kynn2Tb7xb75x7Nihuvoq8//R9ub/feVxPZNfDGBfvLLezSMhnNnmiAAAAIB2fevL/7Ru+yd+55709ort1956weCPLq4rV5n/r2xv/h93jOWHgrO9HYfj9f+L+f9oFrg7NveBkRBeM5uaiCWyC+pfHkuMZ4G74w6TVbHE5onmqvpj4FASeHI4DxxOAg/HQL6X4rMh35XzkeEQNsymrmgusSOWGE0C74yBlUlgLAbGk8DyGNiYBP59eR6YSAJfj4Ew3byt/ny5vSsAAMDzkM+zeprvhnSed6i7VYaOVhkGW2XobJWhr1WGulHE+/fFDD3JySsdpUw9aa0DSS2VDPFi+Cfcr0qG8I3mnGnBStPx/IPifIOO5gz/dtnrv33erlXtX/9/vL35/2Dzbdb6w3H+P3f9vyzwSOzex+Kp4ytj4LsXNwfyHQMPx8nubUVVE3mJfNJ+WyyxMQZWJoEdMbAxCWy+Ig8cPKM5kM+0i8ZvLhqfzkuUAgAAAPCCizsI4m6aOP//0/+++3MH/uHav64rV5n/b2xv/h/bW1Zu7Jai1uUhfLFjrjdFYPVQFoj7MYbiz+NXDIVwWmkHR1FiajAr0Zs0HB4ayH6h3ptWdf9AtsZAvH/lkQcfONBI3DEQwrmlvS9FG9/uy9oYSAPn9WaBwTSwvTsLxD0/ReBLnVkATlqxVzC+oPJTXQqj85eref29VK4Jmg6vsg90nnzz/eZqsfSlD+T7VAsn9rRVqmNRVN4eh73bluK7bdS7rfxFKv+Gcmwu1Bc6J6e2brluZnd8pPxL1opFep7Lv1JtJ70Ar8N9z7+3rfWlHRhPPj7G5y83/+uwI1b37J3vuf6sybfceOv2c55Y+74LjrbdjRrxh8Lv/uTLRsubd7H1hfw1t+Q+TyZ8nizFfwMrPW2NGexTv//V//jp4z+ri1fm/xPtzf+7k9tZz8aNuWskhNeXNu6jcfP/8kj2OVgKZJ+Sp1cD2SH37w3XfnICAADAQit2dxT7C6bz2+yE8HSeXM0/cYL54/6KjfPmb7ffW29+aP8P/+6Or9TFK/P/zcef//cn3XT83/F/Fonj//M61XdF96cP7DupXdGV6lgUjv/P61R/tzn+Py/H/x3/n4/j/y04/j+vU/1pq3xL2uFLVwjh6++/8+33bP+18+rilfn/jvbm/9b/m3/RvmL9v8116//tqFv/b5/1/wAAgEVVs9BcOs+rrN5XyZCu3lfJ0HKBwJZLDFr/74TX/3vrO//3+mOvuGRnqFGZ/+9rb/4fXw7Lyq0vlfX/Vl5RU9XtMbDDwoAAAACciup2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDievcvPLl8029eOF0X//4ZN3x478Cl931064GjmzZtOBJClrUjC3cMrui68JsDlz22f+fnz53qv/9AX16uJ789uyl3rPW54RAOlh4Ziomnhht35gJXvuPePd2NxKPDIZxTDmzbv+20RuLTwyGcXw48sGnVGY3E/rTEV75z6Q8aifengbetftkzjcRFeaAj7e4nl2fd7Ui7e2B5CCOlQNHdX1/eXFXRxmV5oDNt4zNDWRsxMBSLfnwoayMGZmKJ6f4Q1nSH0JVW9bW+rKqutKq/6Muq6kqr+q2+EC4KIXSnVX2nN6uqOx353/ZmVcXAma/97NPnNRIHe0NYUw489t67NjQSH0oCRePv6g3h1Y2XTNr4fT1Z4z1p43f0hPCqEEJvWuI/u7MSvWmJJ7pDOL0UKBr/YHcIewIvCfHDZ7L84K49e7dtmZmZ2rmIid68rYGwdXpmauyq7TOTfUmf6nSU0sduOn78eI4+feNVjdt7Lh8baSfdnZfrme3yup6mu+sXqvftOtHex34NliuZez4q9cf8vWFZ6L9u19TOsRu27N69c232t93s67K/XXk021ZrF2pbdbYoHz3fbXV+uZI1u6/ZsWbXnr2rp6/ZcvXU1VPXvmF83fi69eMb3nThmsaoxrO/CzHUu44fX4yhvrK7VMkL8QEgISGx1BKdTZ9u46f6P73KF/25jvaEvtkP6Mq0opylY3aUCzHoS6rxrkUadGVKUhnR2srEoZJlXess6yuTibksA1mW2e91lclhuabO2U0a73eGsbHazTLafLe8eX88z+Zt1+P5pms3DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/B87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3DqNnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBSAAAA//+3Rsqd") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.current\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b) r1 = open(0x0, 0x0, 0x0) ioctl$BTRFS_IOC_SNAP_CREATE(r1, 0x9408, 0x0) 03:33:30 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=[@acquire], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r3 = dup(r0) mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) [ 484.816051][ T6665] 140735437316096-140735437332479: ffff88806b3de1c0 [ 484.825722][ T28] [ 484.833761][ T28] [ 484.833761][ T28] Showing all threads with locks held in the system: [ 484.893757][ T6665] 140735437332480-140735437340671: ffff88806b3de2a0 [ 484.915553][ T28] task:rcu_tasks_kthre state:I stack:29040 pid:12 ppid:2 flags:0x00004000 03:33:30 executing program 1: r0 = socket(0xa, 0x3, 0xb) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x48, &(0x7f0000000000)={@dev}, 0x20) [ 484.960489][ T8511] udevd[8511]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory [ 484.960808][ T6665] 140735437340672-18446744073709551615: [ 484.975426][ T28] Call Trace: [ 485.012246][ T28] [ 485.023366][ T28] __schedule+0x25d0/0x5a70 [ 485.047865][ T28] ? lock_chain_count+0x20/0x20 [ 485.058694][ T8393] udevd[8393]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory [ 485.084515][ T8514] binder: 8509:8514 ioctl c0306201 0 returned -14 [ 485.096417][ T6665] 0000000000000000 [ 485.101281][ T28] ? find_held_lock+0x2d/0x110 [ 485.126537][ T28] ? io_schedule_timeout+0x150/0x150 [ 485.140262][ T28] ? mark_held_locks+0x9f/0xe0 [ 485.151071][ T6665] Pass: 10403314 Run:10403461 [ 485.186463][ T28] schedule+0xde/0x1b0 [ 485.229873][ T28] rcu_tasks_one_gp+0x484/0xcd0 [ 485.256444][ T28] rcu_tasks_kthread+0x77/0xa0 [ 485.271472][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 [ 485.281329][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 485.291411][ T6665] Call Trace: [ 485.294714][ T6665] [ 485.297671][ T6665] dump_stack_lvl+0xd1/0x138 [ 485.302316][ T6665] mt_find.cold+0x8b/0x90 [ 485.306703][ T6665] ? mas_find+0x1d0/0x1d0 [ 485.311099][ T6665] find_vma+0x10c/0x1b0 [ 485.315299][ T6665] ? can_vma_merge_before+0x390/0x390 [ 485.320724][ T6665] ? walk_page_test+0x78/0x180 [ 485.325542][ T6665] walk_page_range+0x2b1/0x4a0 [ 485.330358][ T6665] ? __walk_page_range+0x780/0x780 [ 485.335533][ T6665] mlock_fixup+0x650/0x810 [ 485.340020][ T6665] apply_vma_lock_flags+0x23d/0x350 [ 485.345282][ T6665] ? mlock_fixup+0x810/0x810 [ 485.349943][ T6665] ? __ia32_sys_get_robust_list+0x400/0x400 [ 485.355894][ T6665] do_mlock+0x25a/0x6d0 [ 485.360118][ T6665] ? folio_evictable+0x270/0x270 [ 485.365128][ T6665] ? syscall_enter_from_user_mode+0x26/0xb0 [ 485.371078][ T6665] __x64_sys_mlock+0x59/0x80 [ 485.375720][ T6665] do_syscall_64+0x39/0xb0 [ 485.380197][ T6665] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 485.386135][ T6665] RIP: 0033:0x7fd3e6a8c0c9 [ 485.390587][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 485.410662][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 485.419117][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9 [ 485.427121][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000 [ 485.435120][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000 [ 485.443118][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 485.451117][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000 [ 485.459140][ T6665] [ 485.470490][ T28] ? synchronize_rcu_tasks_trace+0x70/0x70 [ 485.489086][ T28] kthread+0x2e8/0x3a0 [ 485.504284][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 485.516660][ T6665] index not increased! 20ffb000 <= 20ffb000 [ 485.522724][ T6665] BUG at mt_find:6473 (1) [ 485.534126][ T28] ret_from_fork+0x1f/0x30 [ 485.542197][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e [ 485.557726][ T28] [ 485.571622][ T28] 1 lock held by rcu_tasks_kthre/12: [ 485.582817][ T6665] 0-18446744073709551615: node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 contents: 93708184875008 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 485.626822][ T28] #0: ffffffff8c793470 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x31/0xcd0 [ 485.660037][ T28] task:rcu_tasks_trace state:I stack:29208 pid:13 ppid:2 flags:0x00004000 [ 485.705782][ T28] Call Trace: [ 485.718250][ T28] [ 485.730362][ T28] __schedule+0x25d0/0x5a70 [ 485.748516][ T28] ? lock_chain_count+0x20/0x20 [ 485.768190][ T28] ? find_held_lock+0x2d/0x110 [ 485.794672][ T28] ? io_schedule_timeout+0x150/0x150 [ 485.818692][ T28] ? mark_held_locks+0x9f/0xe0 [ 485.838483][ T28] schedule+0xde/0x1b0 [ 485.851724][ T28] rcu_tasks_one_gp+0x484/0xcd0 [ 485.866979][ T28] rcu_tasks_kthread+0x77/0xa0 [ 485.883452][ T28] ? synchronize_rcu_tasks_trace+0x70/0x70 [ 485.903077][ T28] kthread+0x2e8/0x3a0 [ 485.916447][ T6665] 0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 ffff888022f0e540 140548063100927 0000000000000000 0 000000000000000d [ 485.918012][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 486.096514][ T6665] 0-536866815: 0000000000000000 [ 486.101798][ T6665] 536866816-536870911: ffff888022f0e0e0 [ 486.113285][ T28] ret_from_fork+0x1f/0x30 [ 486.127746][ T6665] 536870912-553627647: ffff888022f0e1c0 [ 486.128369][ T28] [ 486.133670][ T6665] 553627648-553635839: 0000000000000000 [ 486.133701][ T6665] 553635840-553627647: ffff8880272dc9a0 [ 486.169413][ T28] 1 lock held by rcu_tasks_trace/13: [ 486.184901][ T8508] loop2: detected capacity change from 0 to 32768 [ 486.193852][ T28] #0: ffffffff8c793170 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x31/0xcd0 [ 486.207087][ T6665] 553627648-553644031: ffff8880272dc8c0 [ 486.213035][ T6665] 553644032-553648127: ffff88807e16c7e0 [ 486.231918][ T8508] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 486.251989][ T28] task:getty state:S stack:23336 pid:4752 ppid:1 flags:0x00000000 [ 486.271495][ T8508] BTRFS info (device loop2): force clearing of disk cache [ 486.276526][ T6665] 553648128-553652223: ffff888022f0e2a0 [ 486.288794][ T8510] loop4: detected capacity change from 0 to 32768 [ 486.295340][ T28] Call Trace: [ 486.299034][ T28] [ 486.302109][ T8508] BTRFS info (device loop2): setting nodatasum [ 486.305680][ T6665] 553652224-116813594623: 0000000000000000 [ 486.309320][ T28] __schedule+0x25d0/0x5a70 [ 486.314884][ T6665] 116813594624-116817788927: ffff888022f0e380 [ 486.314916][ T6665] 116817788928-93825002663935: [ 486.321355][ T8508] BTRFS info (device loop2): allowing degraded mounts [ 486.338691][ T28] ? __flush_work+0x8b8/0xb60 [ 486.343555][ T28] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 486.349806][ T8510] BTRFS warning: duplicate device /dev/loop4 devid 1 generation 8 scanned by syz-executor.4 (8510) [ 486.361317][ T28] ? trace_lock_acquire+0x1f1/0x290 [ 486.366971][ T8508] BTRFS info (device loop2): enabling disk space caching [ 486.374181][ T28] ? io_schedule_timeout+0x150/0x150 [ 486.380081][ T8508] BTRFS info (device loop2): disk space caching is enabled [ 486.389015][ T6665] 0000000000000000 [ 486.389476][ T28] schedule+0xde/0x1b0 [ 486.392748][ T6665] 93825002663936-93825002803199: ffff888022f0e460 [ 486.392781][ T6665] 93825002803200-140548063096831: 0000000000000000 [ 486.397705][ T28] schedule_timeout+0x1e1/0x2a0 [ 486.436547][ T6665] 140548063096832-140548063100927: ffff888022f0e540 [ 486.438719][ T28] ? usleep_range_state+0x1b0/0x1b0 [ 486.444166][ T6665] 140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d [ 486.476425][ T28] ? __up_read+0x192/0x720 [ 486.568389][ T28] ? down_read+0x19c/0x450 [ 486.587150][ T28] ? up_write+0x520/0x520 [ 486.605882][ T28] wait_woken+0x197/0x200 [ 486.629507][ T28] n_tty_read+0x1055/0x13e0 [ 486.636719][ T8508] BTRFS info (device loop2): enabling ssd optimizations [ 486.648188][ T8508] BTRFS info (device loop2): auto enabling async discard [ 486.662283][ T28] ? n_tty_receive_buf_closing+0x5b0/0x5b0 [ 486.681427][ T8508] BTRFS info (device loop2): clearing free space tree [ 486.690779][ T28] ? __init_waitqueue_head+0x150/0x150 [ 486.712383][ T28] tty_read+0x30e/0x5a0 [ 486.717245][ T8508] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 486.732788][ T28] ? do_SAK+0x70/0x70 [ 486.740335][ T6665] 140548063100928-140548071489535: ffff888022f0e620 [ 486.748881][ T28] ? fsnotify_perm.part.0+0x221/0x610 [ 486.756555][ T8508] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 486.773216][ T28] ? apparmor_file_permission+0x272/0x4e0 [ 486.780356][ T6665] 140548071489536-140548073586687: ffff888022f0e700 [ 486.793406][ T28] ? security_file_permission+0xaf/0xd0 [ 486.808017][ T6665] 140548073586688-140548075683839: ffff888022f0e7e0 [ 486.820725][ T8508] BTRFS info (device loop2): checking UUID tree [ 486.829644][ T28] vfs_read+0x681/0x930 [ 486.837359][ T6665] 140548075683840-140548077780991: ffff888022f0e8c0 [ 486.846763][ T28] ? kernel_read+0x1c0/0x1c0 [ 486.856469][ T6665] 140548077780992-140548079878143: ffff888022f0e9a0 [ 486.857190][ T28] ? __fget_light+0x20a/0x270 [ 486.863437][ T6665] 140548079878144-140548084072447: ffff888022f0ea80 [ 486.863469][ T6665] 140548084072448-140548084219903: ffff888022f0eb60 [ 486.863497][ T6665] 140548084219904-140548084948991: [ 486.878557][ T28] ksys_read+0x12b/0x250 [ 486.916356][ T6665] ffff888022f0ec40 [ 486.917622][ T28] ? vfs_write+0xe10/0xe10 [ 486.920096][ T6665] 140548084948992-140548085284863: ffff888022f0ed20 [ 486.920129][ T6665] 140548085284864-140548085288959: 0000000000000000 [ 486.920159][ T6665] 140548085288960-140548085653503: [ 486.925822][ T28] ? syscall_enter_from_user_mode+0x26/0xb0 [ 486.947053][ T6665] ffff888022f0ee00 [ 486.950332][ T28] do_syscall_64+0x39/0xb0 [ 486.953840][ T6665] 140548085653504-140548085690367: ffff888022f0eee0 [ 486.953874][ T6665] 140548085690368-140548085710847: 0000000000000000 [ 486.953902][ T6665] 140548085710848-140548097556479: [ 486.958470][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 486.958509][ T28] RIP: 0033:0x7faaf2c8c8fe [ 486.979971][ T6665] ffff88806b3de000 [ 486.984081][ T28] RSP: 002b:00007ffed8708098 EFLAGS: 00000246 [ 486.997808][ T6665] 140548097556480-18446744073709551615: [ 487.001805][ T28] ORIG_RAX: 0000000000000000 [ 487.016368][ T6665] node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 487.020788][ T28] RAX: ffffffffffffffda RBX: 0000560aa40af910 RCX: 00007faaf2c8c8fe [ 487.089929][ T28] RDX: 0000000000000001 RSI: 00007ffed87080b0 RDI: 0000000000000000 [ 487.108108][ T28] RBP: 0000560aa40af970 R08: 0000000000000007 R09: 0000560aa40b0cd0 [ 487.118192][ T6665] 140548097556480-140548097601535: 0000000000000000 [ 487.124461][ T28] R10: 0000000000000063 R11: 0000000000000246 R12: 0000560aa40af9ac [ 487.125166][ T6665] 140548097601536-140548097605631: [ 487.136257][ T28] R13: 00007ffed87080b0 R14: 0000000000000000 R15: 0000560aa40af9ac [ 487.146436][ T6665] ffff88806b3de460 [ 487.159399][ T6665] 140548097605632-140548097736703: ffff88806b3de380 [ 487.160476][ T28] [ 487.176078][ T6665] 140548097736704-140735437164543: 0000000000000000 [ 487.176197][ T28] 2 locks held by getty/4752: [ 487.192162][ T6665] 140735437164544-140735437299711: ffff88806b3de0e0 [ 487.197338][ T28] #0: ffff88814b6a8098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x26/0x80 [ 487.208454][ T6665] 140735437299712-140735437316095: 0000000000000000 [ 487.223938][ T28] #1: ffffc900015802f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xef4/0x13e0 [ 487.232106][ T6665] 140735437316096-140735437332479: ffff88806b3de1c0 [ 487.241036][ T28] task:kworker/0:6 state:D stack:24328 pid:5169 ppid:2 flags:0x00004000 [ 487.251700][ T6665] 140735437332480-140735437340671: ffff88806b3de2a0 [ 487.258263][ T28] Workqueue: events fqdir_free_fn [ 487.265463][ T6665] 140735437340672-18446744073709551615: 0000000000000000 [ 487.266187][ T28] Call Trace: [ 487.273906][ T6665] Pass: 10411009 Run:10411157 [ 487.282217][ T6665] CPU: 0 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 [ 487.292068][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 487.295798][ T28] [ 487.302130][ T6665] Call Trace: [ 487.302140][ T6665] [ 487.302151][ T6665] dump_stack_lvl+0xd1/0x138 [ 487.302197][ T6665] mt_find.cold+0x8b/0x90 [ 487.305777][ T28] __schedule+0x25d0/0x5a70 [ 487.308420][ T6665] ? mas_find+0x1d0/0x1d0 [ 487.308473][ T6665] find_vma+0x10c/0x1b0 [ 487.308503][ T6665] ? can_vma_merge_before+0x390/0x390 [ 487.308538][ T6665] ? walk_page_test+0x78/0x180 [ 487.308578][ T6665] walk_page_range+0x2b1/0x4a0 [ 487.308620][ T6665] ? __walk_page_range+0x780/0x780 [ 487.308678][ T6665] mlock_fixup+0x650/0x810 [ 487.308734][ T6665] apply_vma_lock_flags+0x23d/0x350 [ 487.308783][ T6665] ? mlock_fixup+0x810/0x810 [ 487.308841][ T6665] ? __ia32_sys_get_robust_list+0x400/0x400 [ 487.308898][ T6665] do_mlock+0x25a/0x6d0 [ 487.308947][ T6665] ? folio_evictable+0x270/0x270 [ 487.309003][ T6665] ? syscall_enter_from_user_mode+0x26/0xb0 [ 487.309052][ T6665] __x64_sys_mlock+0x59/0x80 [ 487.313237][ T28] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 487.316565][ T6665] do_syscall_64+0x39/0xb0 [ 487.316612][ T6665] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 487.321015][ T28] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 487.325427][ T6665] RIP: 0033:0x7fd3e6a8c0c9 [ 487.325453][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 487.329892][ T28] ? find_held_lock+0x2d/0x110 [ 487.333922][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 487.333954][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9 [ 487.461300][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000 [ 487.469299][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000 [ 487.477286][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 487.485275][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000 [ 487.493284][ T6665] [ 487.502556][ T6665] index not increased! 20ffb000 <= 20ffb000 [ 487.508700][ T6665] BUG at mt_find:6473 (1) [ 487.513916][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e [ 487.520776][ T28] ? wq_worker_sleeping+0x1e9/0x250 [ 487.524490][ T6665] 0-18446744073709551615: [ 487.528134][ T28] ? io_schedule_timeout+0x150/0x150 [ 487.531598][ T6665] node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 [ 487.532651][ T28] ? mark_held_locks+0x9f/0xe0 [ 487.543024][ T6665] contents: [ 487.545995][ T28] ? rwlock_bug.part.0+0x90/0x90 [ 487.554530][ T6665] 93708184875008 [ 487.559010][ T28] ? _raw_spin_unlock_irq+0x23/0x50 [ 487.564025][ T6665] 20480 [ 487.568265][ T28] ? lockdep_hardirqs_on+0x7d/0x100 [ 487.572185][ T6665] 18446603338272210944 [ 487.576752][ T28] schedule+0xde/0x1b0 [ 487.581650][ T6665] 0 [ 487.585076][ T28] schedule_preempt_disabled+0x13/0x20 [ 487.585158][ T6665] 0 [ 487.588213][ T28] __mutex_lock+0xa48/0x1360 [ 487.597132][ T6665] 0 [ 487.600803][ T28] ? rcu_barrier+0x48/0x6d0 [ 487.602548][ T6665] 0 [ 487.603472][ T28] ? mutex_lock_io_nested+0x11a0/0x11a0 [ 487.603513][ T28] ? debug_object_deactivate+0x105/0x300 [ 487.603608][ T28] rcu_barrier+0x48/0x6d0 [ 487.603643][ T28] ? rcu_read_lock_sched_held+0x3e/0x70 [ 487.603673][ T28] ? trace_lock_acquire+0x1f1/0x290 [ 487.603712][ T28] fqdir_free_fn+0x32/0x160 [ 487.603754][ T28] process_one_work+0x9bf/0x1750 [ 487.621404][ T6665] 0 [ 487.627727][ T28] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 487.640779][ T6665] 0 [ 487.643055][ T28] ? rcu_read_lock_sched_held+0x3e/0x70 [ 487.653357][ T6665] 0 [ 487.656004][ T28] ? rwlock_bug.part.0+0x90/0x90 [ 487.661876][ T6665] | 02 02| [ 487.664190][ T28] ? lock_acquire+0x32/0xc0 [ 487.666390][ T6665] ffff88805e98c80c 140548063100927 [ 487.671993][ T28] ? worker_thread+0x16d/0x1090 [ 487.674614][ T6665] ffff88805e98c60c 140548097556479 [ 487.679489][ T28] worker_thread+0x669/0x1090 [ 487.693081][ T6665] ffff888084f7ec0c 18446744073709551615 [ 487.694882][ T28] ? __kthread_parkme+0x163/0x220 [ 487.703286][ T6665] 0000000000000000 0 [ 487.705294][ T28] ? process_one_work+0x1750/0x1750 [ 487.710060][ T6665] 0000000000000000 0 [ 487.714359][ T28] kthread+0x2e8/0x3a0 [ 487.732547][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 487.733215][ T6665] 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 487.744499][ T28] ret_from_fork+0x1f/0x30 [ 487.753587][ T6665] 0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 [ 487.753796][ T28] [ 487.753801][ T6665] 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 [ 487.783395][ T28] 3 locks held by kworker/0:6/5169: [ 487.794939][ T6665] ffff888022f0e460 93825002803199 [ 487.796855][ T28] #0: [ 487.801984][ T6665] 0000000000000000 140548063096831 [ 487.807371][ T28] ffff888012470d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x86d/0x1750 [ 487.815568][ T6665] ffff888022f0e540 140548063100927 [ 487.827603][ T28] #1: [ 487.831249][ T6665] 0000000000000000 0 [ 487.832886][ T28] ffffc900046afda8 [ 487.835690][ T6665] 000000000000000d [ 487.842979][ T28] (fqdir_free_work){+.+.}-{0:0}, at: process_one_work+0x8a1/0x1750 [ 487.850112][ T6665] 0-536866815: 0000000000000000 [ 487.856181][ T28] #2: ffffffff8c79f000 (rcu_state.barrier_mutex){+.+.}-{3:3}, at: rcu_barrier+0x48/0x6d0 [ 487.867467][ T6665] 536866816-536870911: ffff888022f0e0e0 [ 487.878712][ T6665] 536870912-553627647: ffff888022f0e1c0 [ 487.879249][ T28] task:kworker/u4:9 state:R [ 487.884648][ T6665] 553627648-553635839: 0000000000000000 [ 487.884678][ T6665] 553635840-553627647: ffff8880272dc9a0 [ 487.898634][ T28] stack:22424 pid:5414 ppid:2 flags:0x00004000 [ 487.901393][ T6665] 553627648-553644031: [ 487.909537][ T28] Workqueue: 0x0 (bat_events) [ 487.914315][ T6665] ffff8880272dc8c0 [ 487.919583][ T28] Call Trace: [ 487.927964][ T28] [ 487.931075][ T28] __schedule+0x25d0/0x5a70 [ 487.935774][ T28] ? io_schedule_timeout+0x150/0x150 [ 487.936330][ T6665] 553644032-553648127: ffff88807e16c7e0 [ 487.941750][ T28] ? worker_thread+0x15b/0x1090 [ 487.955174][ T28] ? rwlock_bug.part.0+0x90/0x90 [ 487.956347][ T6665] 553648128-553652223: ffff888022f0e2a0 [ 487.960586][ T28] schedule+0xde/0x1b0 [ 487.966053][ T6665] 553652224-116813594623: 0000000000000000 [ 487.966085][ T6665] 116813594624-116817788927: ffff888022f0e380 [ 487.970652][ T28] worker_thread+0x160/0x1090 [ 487.985835][ T6665] 116817788928-93825002663935: 0000000000000000 [ 487.988313][ T28] ? __kthread_parkme+0x163/0x220 [ 487.994718][ T6665] 93825002663936-93825002803199: ffff888022f0e460 [ 487.994749][ T6665] 93825002803200-140548063096831: 0000000000000000 [ 488.000553][ T28] ? process_one_work+0x1750/0x1750 [ 488.019384][ T28] kthread+0x2e8/0x3a0 [ 488.023565][ T6665] 140548063096832-140548063100927: ffff888022f0e540 [ 488.023614][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 488.032078][ T6665] 140548063100928-140548097556479: [ 488.037709][ T28] ret_from_fork+0x1f/0x30 [ 488.046360][ T6665] node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d [ 488.048049][ T28] [ 488.102946][ T6665] 140548063100928-140548071489535: ffff888022f0e620 [ 488.110185][ T6665] 140548071489536-140548073586687: ffff888022f0e700 [ 488.115249][ T28] no locks held by kworker/u4:9/5414. [ 488.117191][ T6665] 140548073586688-140548075683839: ffff888022f0e7e0 [ 488.117222][ T6665] 140548075683840-140548077780991: ffff888022f0e8c0 [ 488.123616][ T28] task:kworker/0:16 state:D [ 488.130439][ T6665] 140548077780992-140548079878143: ffff888022f0e9a0 [ 488.148426][ T28] stack:25496 pid:6515 ppid:2 flags:0x00004000 [ 488.150015][ T6665] 140548079878144-140548084072447: ffff888022f0ea80 [ 488.163444][ T6665] 140548084072448-140548084219903: ffff888022f0eb60 [ 488.163530][ T28] Workqueue: events pwq_unbound_release_workfn [ 488.171034][ T6665] 140548084219904-140548084948991: [ 488.174985][ T28] [ 488.177654][ T6665] ffff888022f0ec40 [ 488.189362][ T6665] 140548084948992-140548085284863: ffff888022f0ed20 [ 488.194556][ T28] Call Trace: [ 488.196771][ T6665] 140548085284864-140548085288959: [ 488.199674][ T28] [ 488.199693][ T28] __schedule+0x25d0/0x5a70 [ 488.199729][ T28] ? io_schedule_timeout+0x150/0x150 [ 488.205322][ T6665] 0000000000000000 [ 488.217060][ T28] ? io_schedule_timeout+0x150/0x150 [ 488.227637][ T6665] 140548085288960-140548085653503: ffff888022f0ee00 [ 488.236350][ T28] ? preempt_schedule_common+0x59/0xc0 [ 488.236754][ T6665] 140548085653504-140548085690367: [ 488.241858][ T28] schedule+0xde/0x1b0 [ 488.241892][ T28] synchronize_rcu_expedited+0x5e2/0x770 [ 488.248601][ T6665] ffff888022f0eee0 [ 488.261321][ T28] ? wait_rcu_exp_gp+0x40/0x40 [ 488.261434][ T6665] 140548085690368-140548085710847: [ 488.266122][ T28] ? prepare_to_wait_exclusive+0x2c0/0x2c0 [ 488.266158][ T28] ? finish_task_switch.isra.0+0x2b5/0xc80 [ 488.271861][ T6665] 0000000000000000 [ 488.286668][ T28] ? mark_lock.part.0+0xee/0x1910 [ 488.287604][ T6665] 140548085710848-140548097556479: [ 488.292229][ T28] ? rcu_exp_wait_wake+0x1220/0x1220 [ 488.292309][ T28] synchronize_rcu+0x302/0x3b0 [ 488.297951][ T6665] ffff88806b3de000 [ 488.312226][ T6665] 140548097556480-18446744073709551615: node ffff888084f7ec00 depth 1 type 1 parent ffff88805e98c416 contents: 0000000000000000 140548097601535 ffff88806b3de460 140548097605631 ffff88806b3de380 140548097736703 0000000000000000 140735437164543 ffff88806b3de0e0 140735437299711 0000000000000000 140735437316095 ffff88806b3de1c0 140735437332479 ffff88806b3de2a0 140735437340671 0000000000000000 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 488.312851][ T28] ? synchronize_rcu_expedited+0x770/0x770 [ 488.373410][ T6665] 140548097556480-140548097601535: 0000000000000000 [ 488.382518][ T28] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 488.387515][ T6665] 140548097601536-140548097605631: ffff88806b3de460 [ 488.388552][ T28] ? lockdep_hardirqs_on+0x7d/0x100 [ 488.400373][ T6665] 140548097605632-140548097736703: ffff88806b3de380 [ 488.400405][ T6665] 140548097736704-140735437164543: 0000000000000000 [ 488.400431][ T6665] 140735437164544-140735437299711: ffff88806b3de0e0 [ 488.400459][ T6665] 140735437299712-140735437316095: 0000000000000000 [ 488.400485][ T6665] 140735437316096-140735437332479: ffff88806b3de1c0 [ 488.400512][ T6665] 140735437332480-140735437340671: ffff88806b3de2a0 [ 488.400540][ T6665] 140735437340672-18446744073709551615: 0000000000000000 [ 488.400566][ T6665] Pass: 10411011 Run:10411160 [ 488.400582][ T6665] CPU: 1 PID: 6665 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 [ 488.400612][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 488.400629][ T6665] Call Trace: [ 488.400637][ T6665] [ 488.400648][ T6665] dump_stack_lvl+0xd1/0x138 [ 488.409807][ T28] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 488.414510][ T6665] mt_find.cold+0x8b/0x90 [ 488.421804][ T28] lockdep_unregister_key+0x282/0x460 [ 488.428349][ T6665] ? mas_find+0x1d0/0x1d0 [ 488.428401][ T6665] find_vma+0x10c/0x1b0 [ 488.436724][ T28] ? lockdep_register_key+0x410/0x410 [ 488.442259][ T6665] ? can_vma_merge_before+0x390/0x390 [ 488.449928][ T28] ? lockdep_hardirqs_on+0x7d/0x100 [ 488.454282][ T6665] ? walk_page_test+0x78/0x180 [ 488.464403][ T28] pwq_unbound_release_workfn+0x258/0x340 [ 488.474104][ T6665] walk_page_range+0x2b1/0x4a0 [ 488.474148][ T6665] ? __walk_page_range+0x780/0x780 [ 488.474207][ T6665] mlock_fixup+0x650/0x810 [ 488.481459][ T28] process_one_work+0x9bf/0x1750 [ 488.484998][ T6665] apply_vma_lock_flags+0x23d/0x350 [ 488.559715][ T6665] ? mlock_fixup+0x810/0x810 [ 488.564367][ T6665] ? __ia32_sys_get_robust_list+0x400/0x400 [ 488.570311][ T6665] do_mlock+0x25a/0x6d0 [ 488.574506][ T6665] ? folio_evictable+0x270/0x270 [ 488.579492][ T6665] ? syscall_enter_from_user_mode+0x26/0xb0 [ 488.585415][ T6665] __x64_sys_mlock+0x59/0x80 [ 488.590025][ T6665] do_syscall_64+0x39/0xb0 [ 488.594477][ T6665] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 488.600398][ T6665] RIP: 0033:0x7fd3e6a8c0c9 [ 488.604829][ T6665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 488.624455][ T6665] RSP: 002b:00007fd3e7707168 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 488.632982][ T6665] RAX: ffffffffffffffda RBX: 00007fd3e6babf80 RCX: 00007fd3e6a8c0c9 [ 488.640970][ T6665] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffb000 [ 488.648958][ T6665] RBP: 00007fd3e6ae7ae9 R08: 0000000000000000 R09: 0000000000000000 [ 488.656947][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 488.664936][ T6665] R13: 00007fff85bf47ef R14: 00007fd3e7707300 R15: 0000000000022000 [ 488.672942][ T6665] [ 488.682011][ T28] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 488.687506][ T28] ? rcu_read_lock_sched_held+0x3e/0x70 [ 488.693377][ T28] ? rwlock_bug.part.0+0x90/0x90 [ 488.698576][ T28] ? lock_acquire+0x32/0xc0 [ 488.703165][ T6665] index not increased! 20ffb000 <= 20ffb000 [ 488.703186][ T6665] BUG at mt_find:6473 (1) [ 488.709166][ T28] ? worker_thread+0x16d/0x1090 [ 488.709274][ T28] worker_thread+0x669/0x1090 [ 488.715091][ T6665] maple_tree(ffff888029000000) flags 309, height 2 root ffff88805e98c41e [ 488.718584][ T28] ? __kthread_parkme+0x163/0x220 [ 488.718619][ T28] ? process_one_work+0x1750/0x1750 [ 488.718658][ T28] kthread+0x2e8/0x3a0 [ 488.728319][ T6665] 0-18446744073709551615: [ 488.731776][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 488.748933][ T6665] node ffff88805e98c400 depth 0 type 3 parent ffff888029000001 [ 488.751256][ T28] ret_from_fork+0x1f/0x30 [ 488.765005][ T6665] contents: [ 488.768955][ T28] [ 488.768970][ T28] 3 locks held by kworker/0:16/6515: [ 488.774140][ T6665] 93708184875008 [ 488.775277][ T28] #0: ffff888012470d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x86d/0x1750 [ 488.791512][ T6665] 20480 18446603338272210944 0 0 0 0 0 0 0 | 02 02| ffff88805e98c80c 140548063100927 ffff88805e98c60c 140548097556479 ffff888084f7ec0c 18446744073709551615 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 488.797876][ T28] #1: ffffc90005d4fda8 ((work_completion)(&pwq->unbound_release_work)){+.+.}-{0:0}, at: process_one_work+0x8a1/0x1750 [ 488.832192][ T6665] 0-140548063100927: node ffff88805e98c800 depth 1 type 1 parent ffff88805e98c406 contents: 0000000000000000 536866815 ffff888022f0e0e0 536870911 ffff888022f0e1c0 553627647 0000000000000000 553635839 ffff8880272dc9a0 553627647 ffff8880272dc8c0 553644031 ffff88807e16c7e0 553648127 ffff888022f0e2a0 553652223 0000000000000000 116813594623 ffff888022f0e380 116817788927 0000000000000000 93825002663935 ffff888022f0e460 93825002803199 0000000000000000 140548063096831 [ 488.835344][ T28] #2: ffffffff8c79f138 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x658/0x770 [ 488.890174][ T28] task:syz-executor.5 state:D stack:28256 pid:6662 ppid:5113 flags:0x00000004 [ 488.890395][ T6665] ffff888022f0e540 140548063100927 [ 488.899465][ T28] Call Trace: [ 488.899477][ T28] [ 488.899493][ T28] __schedule+0x25d0/0x5a70 [ 488.899551][ T28] ? io_schedule_timeout+0x150/0x150 [ 488.899580][ T28] ? __bpf_trace_lock+0xe0/0xe0 [ 488.899638][ T28] schedule+0xde/0x1b0 [ 488.917346][ T6665] 0000000000000000 0 000000000000000d [ 488.935940][ T6665] 0-536866815: 0000000000000000 [ 488.936360][ T28] rwsem_down_read_slowpath+0x5a7/0xb20 [ 488.942407][ T6665] 536866816-536870911: [ 488.949070][ T28] ? down_write+0x220/0x220 [ 488.950930][ T6665] ffff888022f0e0e0 [ 488.953614][ T28] ? lock_release+0x810/0x810 [ 488.966672][ T6665] 536870912-553627647: ffff888022f0e1c0 [ 488.966831][ T28] ? do_user_addr_fault+0xa51/0x1210 [ 488.972707][ T6665] 553627648-553635839: [ 488.978057][ T28] ? rcu_read_lock_sched_held+0x3e/0x70 [ 488.978125][ T28] ? do_user_addr_fault+0xa51/0x1210 [ 488.978180][ T28] ? lock_acquire+0x32/0xc0 [ 488.978208][ T28] ? do_user_addr_fault+0xa51/0x1210 [ 488.994930][ T6665] 0000000000000000 [ 488.998091][ T28] down_read+0xe6/0x450 [ 488.998129][ T28] ? rwsem_down_read_slowpath+0xb20/0xb20 [ 488.998177][ T28] do_user_addr_fault+0xa51/0x1210 [ 489.004065][ T6665] 553635840-553627647: [ 489.007249][ T28] ? rcu_read_lock_sched_held+0x3e/0x70 [ 489.007290][ T28] exc_page_fault+0x98/0x170 [ 489.007329][ T28] asm_exc_page_fault+0x26/0x30 [ 489.007364][ T28] RIP: 0033:0x7fd3e6a276c6 [ 489.018391][ T6665] ffff8880272dc9a0 [ 489.022423][ T28] RSP: 002b:00007fff85bf47b8 EFLAGS: 00010287 [ 489.035264][ T6665] 553627648-553644031: [ 489.056332][ T28] [ 489.059781][ T6665] ffff8880272dc8c0 [ 489.067978][ T28] RAX: 0000001b32a23000 RBX: 00007fd3e6bac018 RCX: 0000001b32a20000 [ 489.068370][ T6665] 553644032-553648127: [ 489.076179][ T28] RDX: 0000001b32a23004 RSI: 0000001b32a22280 RDI: 000000000d07a06e [ 489.076203][ T28] RBP: 000000000d07a06e R08: 0000001b32e20000 R09: 000000000d07a072 [ 489.080878][ T6665] ffff88807e16c7e0 [ 489.097774][ T28] R10: 00007fff85bfa090 R11: 000000000000fb9c R12: 00007fd3e6ba0000 [ 489.100878][ T6665] 553648128-553652223: [ 489.108938][ T28] R13: 0000000000000001 R14: 0000000000010b0a R15: ffffffff89b86815 [ 489.116666][ T6665] ffff888022f0e2a0 [ 489.121989][ T28] ? number+0x645/0xad0 [ 489.125140][ T6665] 553652224-116813594623: [ 489.129542][ T28] [ 489.138955][ T28] 1 lock held by syz-executor.5/6662: [ 489.141656][ T6665] 0000000000000000 [ 489.144338][ T28] #0: ffff888029000198 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault+0xa51/0x1210 [ 489.153728][ T6665] 116813594624-116817788927: [ 489.161392][ T28] task:syz-executor.5 state:R [ 489.164428][ T6665] ffff888022f0e380 [ 489.166904][ T28] running task stack:26944 pid:6665 ppid:5113 flags:0x00004006 [ 489.175730][ T6665] 116817788928-93825002663935: [ 489.183785][ T28] Call Trace: [ 489.192426][ T6665] 0000000000000000 [ 489.192847][ T28] [ 489.196155][ T6665] 93825002663936-93825002803199: [ 489.199308][ T28] ? mark_lock.part.0+0xee/0x1910 [ 489.199350][ T28] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 489.199384][ T28] ? lock_chain_count+0x20/0x20 [ 489.199429][ T28] ? rcu_read_lock_sched_held+0x3e/0x70 [ 489.216399][ T6665] ffff888022f0e460 [ 489.221396][ T28] ? console_flush_all+0x547/0x6e0 [ 489.226270][ T6665] 93825002803200-140548063096831: 0000000000000000 [ 489.242158][ T28] ? console_unlock+0xb8/0x1f0 [ 489.242194][ T28] ? console_flush_all+0x6e0/0x6e0 [ 489.242225][ T28] ? vprintk+0x84/0xa0 [ 489.242253][ T28] ? lock_acquire+0x32/0xc0 [ 489.242282][ T28] ? kmsg_dump+0x240/0x290 [ 489.249182][ T6665] 140548063096832-140548063100927: ffff888022f0e540 [ 489.273472][ T6665] 140548063100928-140548097556479: node ffff88805e98c600 depth 1 type 1 parent ffff88805e98c40e contents: ffff888022f0e620 140548071489535 ffff888022f0e700 140548073586687 ffff888022f0e7e0 140548075683839 ffff888022f0e8c0 140548077780991 ffff888022f0e9a0 140548079878143 ffff888022f0ea80 140548084072447 ffff888022f0eb60 140548084219903 ffff888022f0ec40 140548084948991 ffff888022f0ed20 140548085284863 0000000000000000 140548085288959 ffff888022f0ee00 140548085653503 ffff888022f0eee0 140548085690367 0000000000000000 140548085710847 ffff88806b3de000 140548097556479 0000000000000000 0 000000000000000d [ 489.284733][ T28] ? console_flush_all+0x6e0/0x6e0 [ 489.335241][ T6665] 140548063100928-140548071489535: ffff888022f0e620 [ 489.335745][ T28] ? vprintk+0x84/0xa0 [ 489.346723][ T28] ? vprintk_emit+0x1e9/0x600 [ 489.351447][ T28] ? vprintk_emit+0x1ee/0x600 [ 489.352049][ T6665] 140548071489536-140548073586687: [ 489.356145][ T28] ? vprintk+0x84/0xa0 [ 489.367691][ T28] ? _printk+0xbe/0xf1 [ 489.371839][ T28] ? record_print_text.cold+0x16/0x16 [ 489.375070][ T6665] ffff888022f0e700 [ 489.378392][ T28] ? _printk+0xbe/0xf1 [ 489.381034][ T6665] 140548073586688-140548075683839: [ 489.385094][ T28] ? record_print_text.cold+0x16/0x16 [ 489.398199][ T28] ? mt_dump_range+0x62/0x6b [ 489.399570][ T6665] ffff888022f0e7e0 [ 489.402825][ T28] ? mt_dump_entry+0xb3/0xf4 [ 489.411574][ T6665] 140548075683840-140548077780991: ffff888022f0e8c0 [ 489.412172][ T28] ? mt_dump_node+0x3ec/0x927 [ 489.422334][ T6665] 140548077780992-140548079878143: ffff888022f0e9a0 [ 489.423618][ T28] ? mt_dump_node+0x851/0x927 [ 489.435265][ T6665] 140548079878144-140548084072447: ffff888022f0ea80 [ 489.435306][ T28] ? mt_dump.cold+0xf2/0x115 [ 489.456546][ T6665] 140548084072448-140548084219903: ffff888022f0eb60 [ 489.456663][ T28] ? mt_find.cold+0x48/0x90 [ 489.469210][ T28] ? mas_find+0x1d0/0x1d0 [ 489.473604][ T28] ? find_vma+0x10c/0x1b0 [ 489.476099][ T6665] 140548084219904-140548084948991: [ 489.478290][ T28] ? can_vma_merge_before+0x390/0x390 [ 489.480066][ T6665] ffff888022f0ec40 [ 489.483863][ T28] ? walk_page_test+0x78/0x180 [ 489.496332][ T6665] 140548084948992-140548085284863: ffff888022f0ed20 [ 489.499186][ T28] ? walk_page_range+0x2b1/0x4a0 [ 489.504763][ T6665] 140548085284864-140548085288959: [ 489.509937][ T28] ? __walk_page_range+0x780/0x780 [ 489.518350][ T6665] 0000000000000000 [ 489.522458][ T28] ? mlock_fixup+0x650/0x810 [ 489.524330][ T6665] 140548085288960-140548085653503: [ 489.529149][ T28] ? apply_vma_lock_flags+0x23d/0x350 [ 489.535270][ T6665] ffff888022f0ee00 [ 489.540519][ T28] ? mlock_fixup+0x810/0x810 [ 489.546477][ T6665] 140548085653504-140548085690367: ffff888022f0eee0 [ 489.548976][ T28] ? __ia32_sys_get_robust_list+0x400/0x400 [ 489.555526][ T6665] 140548085690368-140548085710847: [ 489.562374][ T28] ? do_mlock+0x25a/0x6d0 [ 489.573020][ T28] ? folio_evictable+0x270/0x270 [ 489.574836][ T6665] 0000000000000000 [ 489.578367][ T28] ? syscall_enter_from_user_mode+0x26/0xb0 [ 489.583043][ T6665] 140548085710848-140548097556479: [ 489.587918][ T28] ? __x64_sys_mlock+0x59/0x80 [ 489.587951][ T28] ? do_syscall_64+0x39/0xb0 [ 489.59865