program: syz_mount_image$bcachefs(&(0x7f00000000c0), &(0x7f0000000080)='./file1\x00', 0x818001, &(0x7f0000000100)=ANY=[@ANYBLOB="696e6f6465735f33326269742c73686172645f696e6f64655f6e756d626572732c6572726f72733d636f6e74696e75652c696e6c696e655f646174612c6469726563745f696f2c6e6f6368616e6765732c70726a71756f7461c76e65636f766572795f706173735f6c6173743d64656c6574655f646561645f696e6f6465732c76657273696f6e5f757067726164653d696e636f6d70617469626c652c00e76562cde906dbfd8948341e28ecebe8d7218d2a8200a3849098bc1c874780b0ae060c78e70c1ffc819fe8daaad0833f14447f34dcb8106f5ba3442bb572dde3376cc0598de11c59145efa3b1c650535a5b691de16831276b2bd090e5abab2652095b857cb8b93d598e5fba5e938cc8a5a49e5b9af0a17b108dd56a6f40005940b374a06db350118e7bcc319142b8ca492bb90f5e373fbcf22d643062cc96c2f9061d514f739fe647ed8a5fe0bcfbd77bd695fb5ec100b82858399309af8ec7d73"], 0x1, 0x5968, &(0x7f000000b5c0)="$eJzs3X+QXFW9IPBzu3synZn8mAR4RJDJEMh7PHiaCT9SKK+eeW/f01fAo2LxykfYKAxkwosmIZUEIQEluOBCARZaWor6B1pILRotqmCVSIn82IRVlGJ1qS2kVnfRrXILWVICWcpyna2ZvqfTc6fv3J7unpDA51PJ3L6nb3/P9557+vY9p3umAwAAAG8L+2/ZfvCiE/7hx58aff3Gf/z+5ptCf3mivBo3GEiX171ZGXI49VaWTCyz/eIvrv/mb4au/LsfPdD3jTf2rT95wy/+/pgrH/no+Xvv/srjr81/6E8vFsWN/en0Q+vJy0kI1R8c+MKn9z19/HhZEkIoJwO7Q1iULH58UZIJMfyHEML6dKVcmXzng6+ftWF8edPtvZPKF2aC6O9vb9W0n+06eO0Z4Zd/u/bmny79zrd79ry0+9AmSbWhP4Ww4PLGx/ek/+em67G3LYkPTpdrQgh9DY87tyCvU1rMf0XO+onpck667C+IE+9fllkvZbbLrkc9mWVfQX2dysuj3e2KzMusZ09GncrLM5YvSpffS5enzzB+Of5PQikJlXr6m5JDfSQ0HLckJBPHslpfL9WPbUj3P7OeZNZLmfVyT2a/JupNO1o5SSaXx+0y5fF0XEnLT248VzdxcU75O9JlNX2ivhHXQ/ZGTf+UG/X9mhDzOjBNLodDqeEc1Ky83s/Sg9GflvUni6c8ZqyJeN++tXcsL697Yv9ATh7JA0kaP5loo5nG3/WTRfM+8q3brlmSF//yUhq/1Fb8X13wzCuX3vb1L+fGvyvGL7cV/8xH+16+4MlbluW1T+xe/aHSVvyRF5+6c+mxV+zJzf+e2P7Vto7v6r3P9M4/+Ohjucd3OLbP3Lbyf+G89//6/ucefik3fojx+9qKv27v1s/0Dh48LTf+Y7F9+tvrP6/uWfX84OBvh/LiPxvjz28r/n27737vvQtvPz/3+K6J7TPQVvwLT33k5nkHHz4p79yZ3NOtV06At6dj0musW9P16caZvdOMMzvVMF740lCldt06L/0/v5sVZS4+x+tZ0M34AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBCOO6M//yB//mhgZcr6XpveuOFUm0Zy+eEkMwNIWzfMbJtx8YtVw199Oprtm0Z2TQ0smNodMuObTuHzv6roW2jWzeN7By/d/hdZ9UetzgktWVy0pS6e8fGxkoDk8tiff/m1D2/XH7u//5dCMPH/Xywkpv/irs333tsk58Zyeqx922+5qKfn/O1dL8G0rwGmuQ1NjY2FnLy+j+X/PHezx34zWkhDP/ZdHk99cLf/HBSQhMFh+KkSr2hllBv0tc0j3rWaT6xvSobNm4aHZ6+fccfX87Zj397/Ut/2HDdZ/9Ya99q7n602L5zV49tKn1x7YX/74s31AqK8qrvRyav2T7uRe0d9yLmF9uvmrb3gnS/FuTsVyWnvW/56WPP/eCE217bHYYrry6dWnfRfvWkHaAneUdL9cYa+pJFk8qr6fbxiMfHrdixeeuK7Tt3vWvj5pGrRq8a3fKelWevXDV8zqpzVkzs+You73+s/89b3P9W+1O23pn1p4Uf3/29+LO1/lSUV1F7jOdV3B6NGWXymj/xc+7qsb6LP/3599z95EW14qJ+HreuPw/TZd/4cV4ZGvrb1LZqtl9F7RBCGGrWDq+8dn44/r9tvLnoPNR4ZBp/ZiSrx55e9vuvnfvVJX9dKzgs5/nGhNo8z9ezPpTPRHtV0+MxdoS2b28op/vV3zSvlU8/2XPH/t99op7fnDnhupEdO7atrP2cl2Y6LzmxaV7Z0rhfSyd+lkPaLKHeTZv013E9oZZf9vwZN8+2an96X3+yuOl+ZcX79q29Y3l53RP781o6eaBW49z4xE3embPlpswDy/WEm9V/pD7/ivrH4Ae++tCHHvru2VP6x5m1n0X7leTs13eeu+/z3/jsv/9u9/brA3/zzMDv//u/Lq8VHC3nlXrWaT5J43nlzBCKnn9LQ/P9yH3+lZrvT9HzL1vPoe2bxxvKrPeHcvHztRqmPF/PfLTv5QuevGVZ7vP1QKvP1xsmrZULnq9HSv/JPr+SyuQ8Zu/5NamjJKvHfnTrMbsfv3HNCbWCon5d37pZvz6rhfFHzn798NLnB68e+nf/tXvnjW/+1YOX/WJk9SdrBe0f95hLd457NW3fak771rOO487G9n33lVdvWl8rf9Ovf2uaXP+my4LxTzyVbN+562MjmzaNbtve2n61+noa68m2cruvp/Hstrhgv0pT9mv2brTSXq0+32L+69tur8nPt/6QtHUdt+sni+Z95Fu3XTMw5VFpRZeX0viltuL/6oJnXrn0tq9/OTf+XTF+pa34Iy8+defSY6/Ykxv/niSNX20r/uq9z/TOP/joY7nxh2P+c9uK/8J57//1/c89/FJu/BDj97fX/q/uWfX84OBvc+M/m6T1jF8jhfDg62dtqK0noSd9vsU8eiblFbLrSWa9lFkvN66XanOt9QrKSTK5PG6Xlp/ckEsz/5JTHq/CqktqyzfiesjemL78SFNqOPc3Ky+6TgUAeKuL7//Ha9D4/v9oeqGUP9MAh3Q6DluSEzeOww7N58yZdP+SNH58fJwHHHx3GB5f3jRUu9Cf6fsI8fmQneeM9Zx2yuQYM5nnLIVD85xF8+/LMusxr9p8eaVhHJqaOq6phBbm36fWM/38e2b3i+fHh26dktZQw7xV9vj1pDNmzT7vkMm3Mh4hr39k58Xi5zkGF4Q1E/W12D+yn6OJxyH7OZpYzwmZE2e7n6PptH/EtKfpHxMpF7+/MfX4hWna99Dxax4te/xmcLyr49vP9vuzXZg3bHpKO3zzhi28H9Ykfqvvh9XnJVdP3Wa6+G+Xeckjfd4wlsf9qLQ4n/ihnPJW5hMb5+Xy5hPj6SLmdWCaXA4H84nAW1Uc/8fXiPHx//gF+P/NbFd0HZq9aozxcj8nVG6eT9G4Y+rn9Praeh1ft3frZ3oHD56We53zWKuf+9k6aa2v4HM/Re24PLNe2I45EzRF471sPUXtnv1cRn+Y31a737f77vfeu/D283PbfU3thbS43T8/aW1+QbsfBeOF5vHfauMFn2OYHL9Ln2Momj9708Yj6QefZms88s855TP9fEPflBv1/Zpw1I1Heg5vXgDA0SOO/+vvn6Xj//8RN0ivI4rGradn1mO83HFrzvVJ3rj1n9LldZnt+9PfqJjpdfOFpz5y87yDD5+UO265p9Vx6H+YtDZQOA7tbNycO45Y053Pi+eOI+rjrM7Gibn518eJnY3Tc+PXx+mdjaNz26c+ju5sHiA3fn0e4Ggf5xbM12Uqi6utzte9ZcfR6a/PztY4+uKc8pmOo/un3Kjv1wTjaACAN1cc/8fLuDj+fzKzXafvs+eOC7p03Z79eyD1+M8ernHlbI/7ZnvcOtvj+tmelzjax8WzPS80u/Nkb/txcVrp229cPPew5QYAQOfi+D9exeWP/zsbnzQbv/VMGp8YnzeNb3x+hIzPj/b5L+N/74sX8744AMBbWxz/x197jH//7z+l69m/W2+cnhPfON04fbr+8+qeVfcPtDJO7/48W/A5gDd3HqDhLXLzAAAAvBl6JkZKU3/P/sPpMvt79nm/l39pzvatqqSXx1fs2DY6etk1W9eP7Bi9bMvV60e3X3btto07doxuqW3X6bgxd9ySjht7QiVtj+bbZcdtC9O/h7Aw5+8hZLePYU+cuDH17yFkq51b8HcEDh2/1vLNO36labZv1j/yjnde/H/J2T6qH/8r//XMyzZsv2zjlo07No5s2rhrdPJ246PWvhl8b2Zslhl9X2rmxxSlmX9/Z3fyKE3Joydtj7zvZ08yeSxKM1mU9/0HOXn/+L987uOnjv3x/hCGjyu/s6P2S1aP/cdLRv9px/6fbx3Pf+60+de3TPMq+r7S7PZxfyqbrt6+44wNV1+zJfuNku2J8xml+voszWekT/9yi/MT63LKZ/o5hfKUG0emlucnAACYJL7/H69n4/uHn00voGJ56+P0zt4/zh2nD08ep+f91mn2e8mKxunZ7eP+tjpOr3Y4Ts/WXzROb7Z9s3F63rg7L/4/52w/U633k84+55HbTy5vbT4n+30GRf0ku/1M+0nSYT/J1l/UT5pt36yf5B33vPgfzNk+T+v9obPP5eT2h7ta6w9/mVkv6g/Z7WfaH0od9ods/UX9odn2zfpD3vHNi39Rzvatmtw/xjvGRL8Yvezaq7d9rGG72f7+i87zm93v/2hX6/nP7ue+Zj//2f1c2ezn39nvf+Xm/2xnM2Gt5z+73+/SrsM2X5t+2Kzo82dF87hrc8pnOo87Z8qNI5N5XHjzxPF/fLsnjv9vT5fdfhvo6P+eNN9j1jR+l77HrOg6xuv5NJUdAbyeAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALSmt7JkYrn/lu0HLzrhH378qdHXb/zH72++6S+u/+Zvhq78ux890PeNN/atP3nDL/7+mCsf+ej5e+/+yuOvzX/oTy8WBh6Y+Fk5PV2thpC8nIRQ/cGBL3x639PHj5clIYRyMrA7hEXJ4scXJZkIw38IIayv5zn5zgdfP2vD+PKm23snlS/MBMnuV+gvx3wa8wzhusI94ihUTfvZroPXnhF++bdrb/7p0u98u2fPS7sPbZJUG/pTCAsub3x8Twhhbvp/XOxtS+KD0+WaEEJfw+POLcjrlBbzX5GzfmK6nJMu+wvixPuXZdZLme2y61FPZtlXUF+n8vJod7si8zLr2ZNRp/LyjOWL0uX30uXpM4xfjv+TUEpCpZ7+puRQHwkNxy0JycSxrNbXS/VjG9L9z6wnmfVSZr3ck9mviXrTjlZOksnlcbtMeTwdV9LykxvP1U1cnFP+jnRZTZ+ob8T1kL1R0z/lRn2/JsS8DkyTy+FQajgHNSuvH/j0YPSnZf3J4imPGWsi3rdv7R3Ly+ue2D+Qk0fyQJLGT9qKv+sni+Z95Fu3XbMkL/7lpTR+qa34v7rgmVcuve3rX86Nf1eMX24r/pmP9r18wZO3LMttnwOxfSptxR958ak7lx57xZ7c/O+J8attxV+995ne+QcffSw3/+HYPnPbiv/Cee//9f3PPfxSbvwQ4/e1FX/d3q2f6R08eFpu/Mdi+/S3139e3bPq+cHB3w7lxX82xp/fVvz7dt/93nsX3n5+7vFdE9tnoK34F576yM3zDj58Ut65M7mnW6+cAG9Px6TXWLem6+2OMzvVMF740lClds03L/0/v5sVZYzXs2AW4wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8Nb0sxvO/vAl7/vg2koSQpKzzVgT8b7ynNWrh9qod+TFp+5ceuwVexrLlrQRBwAAACgWx+Glekk1LAnXJnPDiU23j3MEJ8a1ZHJ5dg4hxsnOEbQbp9SlOOUuxal0KU5Pl+LM6VKc3i7FqRbEqYbW4sydJk5lvFe0mE/ftPm0Hqe/S3HmdSnO/C7FWdClOAu7FGdg2jit98NFXYqzuEtxjulSnGO7FOe4LsX5sy7FOb5LcbJzyjPth/PTLU/IizNxo1wYp5KU63c0m08/Pq3npA7r6S+oZ37R63GL9cxtsZ5TMo8rzbCeaov1/HmH9SQt1vOXHdZTKqgn9tvrsvnFeuJai/1/Z5fi7Ooszv+K11vXdymfG7oU5xNdivPJLsW5scM42XWAPHH8f2i8NxB6K38d+tIzTnYWII53l078nPp6l3cCivHemSmfUxQvO1DPxFs60/yyEwiZeMsy5T2T4lXq45Fp4lUb4y3P3Fm4v9kJhUx+p2fKe4viZScWAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAW/eyGsz98yfs+uDYkYfxfU2NNxPvKc1avHmqj3n1r71heXvfE/say3kobgQAAAIBCcRzeUy+pht7KytCbzJm0XTWdB6im6+WB2nJwQVgzvkyGShPrfcmiaR9XSR+3YsfmrSu279z1ro2bR64avWp0y3tWnr1y1fA5q85ZsWHjptHh2s8QegvihRAmph+279z1sZFNm0a3ba8VZvNfkj5uSbqepI8bfHcYHl/elOa/uKC+0pT6dj5/Xu2uQyVdulFw6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/8+u3YXIedV/AD/PzOzMdNv8u3/6Ng3NdshLiVo0iVtJtXQfECy0SchSkJnqWoJNsLhpQpuUWMc2YFsTFKElECK5MBKLrcWbvtgi9oVApEYDbgzSFu2FXiitVtKSC0kZye6c2ZnJTGYdS9PGz+fieWbO+Z3zmzMXC99nBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjATdfGJivjE9XhJISkR029iziXzadpeYC+X35+6/cLoyeXt44VcgNsBAAAAPQVc/hQc6QYCrlsyIYrZ94tPn3JNybCXO4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+90zXxiYr4xPVC5MQkh419S7iXDafpuUB+r7xzpOfeXV09K+tY6UB9gEAAAD6izk80xwphlJYEoaSK9vq4rOBhR3rO+viPovmWdf57KBX3ZJ51l0zz7qP9alb17jvCAAAAPDRF/N/rjkyEgq5BT3zf79cH+uu7qjLNu6D/FYAAAAA+O/E/F9ojpRCIVdq5vX55v3FHXVxfb//28f1y3qs7/f//LWNu//TAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBHx3RtbLIyPlHNJiEkPWrqXcS5bD5NywP0XfXC8N9vOfTQ4taxQm6AjQAAAIC+Yg6fi97FUMgNh6Fw4UzuH71p/9NffPrZsRDCbMzP58OODdu23b1q9hrrVh45NPS9w299q7lNrFs5ez0nhwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN5X07Wxycr4RPWCJISkR029iziXzadpeYC+r3/uC39+/Phzb7aOlQbYBwAAAOgv5vC57F8MpZAP+XD5zLvWrH9apmN9r2cGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwPnjnm/c9/UNU1Mb7/bCCy+8aL4413+ZAACA99vVIQn1/9AV68/1pwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4Mpmtjk5XxiWoxCSHpUVPvIs5l82laHqBv+vzRwoKTL7zUOlYaYB8AAACgv5jD57J/MZTCUBgKl8286/ZMYCb/j3yAHxIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4UJmujU1WxieqC5IQkh419S7iXDafpuUB+j62c99nD1783Ztbxwq5ATYCAAAA+oo5PN8cKYZC7uOhEK5qvJ9qX5BkG/fuzwXm1m1tWzY873W1tnXZea/b1XGyXOM0s+uKcb+R2XtzXfnMdeWWdaXQbF9uWxf2tK1a0OdzBgAAADiHYv4vNEdGQiFXaMm5P2mrH5FzAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAepmtjk5XxiWqShJD0qKl3Eeey+TQtD9D3vt/8/0Vf+enu7a1jpQH2AQAAAPqLOXwu+xdDKSwK/xcWzeT+MNJeH+v+UTl18NF//mV5CCsuPzaa69z2h/HFr16/8cXOSwiZ9upMCBc3+iU9+v36d4/eu7R+6vEQVlyWveqMfuHs/ebU6+UkrT9T2bh22+FjW/t/PwAAAHA+iPl/qDkyEgq5u3rm/5i8++T/ppkAfvG9O39+aePaSOQdKzKFxu8MMj36fX7pk39atvpvb53O/2fr96l9mw9e2tZwdqRDktbHN29fd+y6A5l46tnzZjv6x+/lS99881+bdjxyarZ/MRQb4wtz3fqfee1wQVqfyuytrnlvb629f67H+R/67UvHf7lw97un+79z9XCz/zVnOf/Z+w/f+vCe6/cdWtfeP4RQ7tb/7XdvDlf84c4HO88/3LFx6zffeu2QpPUji08cWL2/dEN7/6Sjf/z+f3b8sT0/fuQ7z8b+8bciy5fMt3+mo/8ruy7Z+fID6xe298/0OP+Lt706uqX87d93nv+Otl1zPT/Fmed/4tqnbn9tQ3p/5xQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD5Zbo2NlkZn6hmkhCSHjX1LuJcNp+m5QH6vnHL0bdv2/2jH7SOlQbYBwAAAOgv5vC57F8MpZAP+TA8k/ufqWxcu+3wsa1hZHY2adxzU1vu2faJTVu233XHOfrkAAAAwHzF/J9rjoyEQm5pGGrk//HN29cdu+5AJub/TMz/m+6c2rgiNOte2XXJzpcfWL+w+ZwghJmfBRRP1316ru6mG4+OnPjj15Z1rVs1V3dk8YkDq/eXboh1obVuZWg+n3ji2qduf21Den/z87XWffKrW6YajyfivsO3Przn+n2H1jXP0bgPN/aNdVOZvdU17+2txbps415snBsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAONN0bWyyMj5RDdkQkh419S7iXDafpuUB+q5Z+osHLzr53KLWsUJugI0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODf7MCBAAAAAACQ/2sjVFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWG/fkLjKPs4gD/PbvJmm03apH3BqJimVVHqwaIgohcVFWlFCp4qRaqtPYiCIKLUg6m0YqmKF8HqpYgKapSCgo3F0iqp+K948aCCQvUglGJAuxQPKtl9ZruZ7rg6qYL6+cDw5Hlm5ju/mefZ2SwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPCPMtA31mwP77i/ccs5N3z06F0nHrnpnXu3XfTwq99NbLruw72DL52c2bxiy5fXL9u0/+4107ufP/TT8Fu/HO0Z/FCrWZW6tRDi8RhC7d3ZZx6b+fisubEYQqjGkckQRuPSQ6Mxl7D65xDC5nad83e+eeLyLXPttl0D88aX5ELy9xXq1ayelpH59fLvUkvrbGvjwUvC19eu3/7p8jde7586NnnqkFjrWE8hLN7YeX5/CGFR2uZkq20sOzm160IIgx3nXdmjrvP/YP2XFvTPTe3/UlvvkZPtX5nrV3LH5fuZ/lw72ON6C1VUR9njehnK9fMvo4UqqjMbH03t26ld9Sfzq9kWQyWGvnb598RTayR0zFsMsTmXtXa/0p7bkO4/14+5fiXXr/bn7qt53bTQqjHOH8+Oy41nr+O+NL6i813dxa0F42entpY+qCezfsj/0VI/7Y/2fTVldc3+Ti1/h0rHO6jbeHvi02TU01g9Lj3tnF+7yPbNrH/iwuqG9w6PFNQR98aUH0vlb/1kdOj213Y+MFaUv7GS8iul8r9Ze+SH23a+8Fxh/tNZfrVU/mUHBo+vfX/HysLnM5s9n75S+Xcc/eDJ5f+/c6rbXDfz92T5tVL510wfGRhuHDhYWP/q7PksKpX/1dU3fvvK5/uOFeaHLH+wVP6G6fueGhhvXFyYf7D1Uag3V2iJ9fPj1BVfjI9/P1GU/1n2/Ie75Mee+S9P7r7qxSW71hSuz3XZ8xkpVf/NF+zfPtTYd17RuzPuOVPfnAD/TcvS/1iPp37Z35kL1fF74dmJvtY30FDahs/khXLmrrP4L8wHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA39iBAxIAAAAAQf9ftyNQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgqQAAAP//5S0lKg==") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$FS_IOC_GETFSMAP(r0, 0x40285881, &(0x7f0000000600)={0x5, 0x0, 0x0, 0x0, '\x00', [{}, {0x0, 0x0, 0x0, 0x0, 0x9}]}) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000380)={'ip_vti0\x00', &(0x7f0000000280)={'sit0\x00', 0x0, 0x40, 0x7800, 0x8, 0x8001, {{0x2e, 0x4, 0x0, 0x0, 0xb8, 0x68, 0x0, 0x7, 0x2f, 0x0, @multicast2, @local, {[@ra={0x94, 0x4}, @timestamp={0x44, 0x8, 0x95, 0x0, 0x3, [0x9]}, @generic={0x82, 0x6, "d2c6f3e6"}, @timestamp={0x44, 0x8, 0xbc, 0x0, 0x7, [0x3]}, @cipso={0x86, 0x36, 0x1, [{0x6, 0x9, "0107fc034885e6"}, {0x6, 0x5, "d5dab8"}, {0x0, 0x11, "9a7725f1a76f4b08b3525dbec57482"}, {0x6, 0x11, "57123ef57127b227e8ad4ea721209e"}]}, @lsrr={0x83, 0x23, 0xfb, [@broadcast, @local, @dev={0xac, 0x14, 0x14, 0x2c}, @rand_addr=0x64010100, @loopback, @dev={0xac, 0x14, 0x14, 0xb}, @multicast1, @multicast2]}, @cipso={0x86, 0x2e, 0x1, [{0x7, 0x2}, {0x1, 0xd, "76ca96189bc0ce99ce1b9e"}, {0x0, 0x8, "a88a6ca86a9e"}, {0x6, 0xf, "47b64e3d91f1e3d2cb87f0dde3"}, {0x0, 0x2}]}]}}}}}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0) getsockname$packet(r5, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route_sched(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000340)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0x6}, {0xfff1, 0xffff}, {0x1b6dd91e85e94ce1}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000900)=@delchain={0x34, 0x2e, 0x801, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r6, {0x0, 0xd}, {0xfff3, 0xffff}, {0x9, 0x4}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000440)={'syztnl0\x00', &(0x7f00000003c0)={'ip6gre0\x00', 0x0, 0x4, 0x9, 0x0, 0x0, 0x6, @private1, @mcast1, 0x80, 0x8, 0x7fffffff, 0x8c74}}) r8 = socket$netlink(0x10, 0x3, 0x0) setsockopt$inet_int(r0, 0x0, 0x3, &(0x7f00000006c0), 0x4) r9 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r9, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=@ipv6_newroute={0x3c, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_MULTIPATH={0xc, 0x9, {0x8, 0x0, 0x0, r10}}, @RTA_GATEWAY={0x14, 0x5, @dev}]}, 0x3c}}, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r0, &(0x7f0000000600)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000480)={0x104, r1, 0x400, 0x70bd2d, 0x25dfdbff, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x5c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'tunl0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x7c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_macvtap\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv0\x00'}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}]}, 0x104}, 0x1, 0x0, 0x0, 0x4040}, 0x80) [ 85.857227][ T5355] loop0: detected capacity change from 0 to 32768 [ 85.879532][ T4701] Bluetooth: hci0: command tx timeout [ 86.406818][ T5355] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nochanges,nojournal_transaction_names,read_only,version_upgrade=incompatible [ 86.406840][ T5355] allowing incompatible features above 0.0: (unknown version) [ 86.406848][ T5355] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 86.526252][ T5355] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0 [ 86.589244][ T5355] bcachefs (loop0): invalid journal entry, version=1.7: mi_btree_bitmap type=clock in superblock: bad rw, fixing [ 86.651349][ T5355] bcachefs (loop0): invalid bkey in superblock btree=xattrs level=1: u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key POS_MIN durability: 0 crc: c_size 1 size 1 offset 0 nonce 0 csum none 12010b:10004000b compress none [ 86.651376][ T5355] has non ptr field, deleting [ 86.724263][ T5355] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 86.758752][ T5355] bcachefs (loop0): Version upgrade from 1.3: rebalance_work to 1.7: mi_btree_bitmap incomplete [ 86.758752][ T5355] Doing compatible version upgrade from 1.3: rebalance_work to 1.28: inode_has_case_insensitive [ 86.758752][ T5355] running recovery passes: check_allocations,check_extents_to_backpointers,check_subvols,check_inodes,check_dirents [ 86.814432][ T5355] bcachefs (loop0): Now allowing incompatible features up to 1.28: inode_has_case_insensitive, previously allowed up to 0.0: (unknown version) [ 86.814432][ T5355] [ 86.864931][ T5355] bcachefs (loop0): error reading btree root btree=inodes level=0: btree_node_read_error, fixing [ 86.908760][ T5355] bcachefs (loop0): check_topology... [ 86.908882][ T5355] bcachefs (loop0): btree root inodes unreadable, must recover from scan [ 86.927316][ T5355] bcachefs (loop0): running recovery pass scan_for_btree_nodes (1), currently at check_topology (2) - rewinding [ 86.935810][ T5355] bcachefs (loop0): bch2_check_root(): error restart_recovery [ 87.002472][ T5355] bcachefs (loop0): scan_for_btree_nodes... [ 87.055722][ T5355] bcachefs (loop0): btree node scan found 1 nodes after overwrites [ 87.086707][ T5355] done [ 87.088450][ T5355] bcachefs (loop0): check_topology... [ 87.088547][ T5355] bcachefs (loop0): btree root inodes unreadable, must recover from scan [ 87.104717][ T5355] bcachefs (loop0): no nodes found for btree inodes, continuing [ 87.116634][ T5355] done [ 87.118312][ T5355] bcachefs (loop0): accounting_read... done [ 87.130296][ T5355] bcachefs (loop0): alloc_read... done [ 87.138333][ T5355] bcachefs (loop0): snapshots_read... done [ 87.141483][ T5355] bcachefs (loop0): check_allocations... [ 87.150730][ T5355] bcachefs (loop0): bucket 0:26 data type btree ptr gen 0 missing in alloc btree [ 87.150763][ T5355] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, fixing [ 87.213344][ T5355] bcachefs (loop0): bucket 0:41 data type btree ptr gen 0 missing in alloc btree [ 87.213363][ T5355] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing [ 87.246493][ T5355] bcachefs (loop0): bucket 0:29 data type btree ptr gen 0 missing in alloc btree [ 87.246511][ T5355] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing [ 87.267063][ T5355] bcachefs (loop0): bucket 0:1 gen 0 has wrong data_type: got free, should be sb, fixing [ 87.299244][ T5355] bcachefs (loop0): bucket 0:1 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 87.319357][ T5355] bcachefs (loop0): bucket 0:2 gen 0 has wrong data_type: got free, should be sb, fixing [ 87.335529][ T5355] bcachefs (loop0): bucket 0:2 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 87.363388][ T5355] bcachefs (loop0): bucket 0:3 gen 0 has wrong data_type: got free, should be sb, fixing [ 87.386231][ T5355] bcachefs (loop0): bucket 0:3 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 87.411690][ T5355] bcachefs (loop0): bucket 0:4 gen 0 has wrong data_type: got free, should be sb, fixing [ 87.433039][ T5355] bcachefs (loop0): bucket 0:4 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 87.519867][ T5355] bcachefs (loop0): bucket 0:5 gen 0 has wrong data_type: got free, should be sb, fixing [ 87.539030][ T5355] bcachefs (loop0): bucket 0:5 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 87.551799][ T5355] bcachefs (loop0): bucket 0:6 gen 0 has wrong data_type: got free, should be sb, fixing [ 87.573394][ T5355] bcachefs (loop0): bucket 0:6 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 87.590729][ T5355] bcachefs (loop0): bucket 0:7 gen 0 has wrong data_type: got free, should be sb, fixing [ 87.599842][ T5355] bcachefs (loop0): bucket 0:7 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 87.614655][ T5355] bcachefs (loop0): bucket 0:8 gen 0 has wrong data_type: got free, should be sb, fixing [ 87.634887][ T5355] bcachefs (loop0): bucket 0:8 gen 0 data type sb has wrong dirty_sectors: got 0, should be 8, fixing [ 87.649525][ T5355] bcachefs (loop0): bucket 0:16 gen 0 has wrong data_type: got free, should be sb, fixing [ 87.661316][ T5355] bcachefs (loop0): bucket 0:16 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 87.692161][ T5355] bcachefs (loop0): bucket 0:17 gen 0 has wrong data_type: got free, should be sb, fixing [ 87.700161][ T5355] bcachefs (loop0): bucket 0:17 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 87.712502][ T5355] bcachefs (loop0): bucket 0:18 gen 0 has wrong data_type: got free, should be sb, fixing [ 87.712521][ T5355] Ratelimiting new instances of previous error [ 87.727490][ T5355] bcachefs (loop0): bucket 0:18 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 87.727506][ T5355] Ratelimiting new instances of previous error [ 87.779033][ T5355] done [ 87.788596][ T5355] bcachefs (loop0): going read-write [ 87.832849][ T5355] bcachefs (loop0): journal_replay... done [ 87.856591][ T5355] bcachefs (loop0): check_lrus... [ 87.858000][ T5355] bcachefs (loop0): incorrect lru entry: lru fragmentation time 134217728 [ 87.858031][ T5355] u64s 5 type set 18446462598867058688:6597069766690:0 len 0 ver 0 [ 87.858041][ T5355] for u64s 5 type deleted 0:6597069766690:0 len 0 ver 0, fixing [ 87.885731][ T5355] done [ 87.887350][ T5355] bcachefs (loop0): check_backpointers_to_extents... done [ 87.897610][ T5355] bcachefs (loop0): check_extents_to_backpointers... [ 87.898724][ T5355] bcachefs (loop0): scanning for missing backpointers in 3/128 buckets [ 87.908827][ T5355] done [ 87.918452][ T5355] bcachefs (loop0): check_subvols... done [ 87.923219][ T5335] Bluetooth: hci0: command tx timeout [ 87.930457][ T5355] bcachefs (loop0): check_inodes... done [ 87.936932][ T5355] bcachefs (loop0): check_dirents... [ 87.962285][ T5355] bcachefs (loop0): hash table key at wrong offset: should be at 2572469487333457595 [ 87.962315][ T5355] u64s 7 type dirent 4096:189491840996961599:U32_MAX len 0 ver 0: file0 -> 4098 type dir, fixing [ 88.027998][ T5355] bcachefs (loop0): hash table key at wrong offset: should be at 3374425006310232538 [ 88.028019][ T5355] u64s 7 type dirent 4096:1896155912177158345:U32_MAX len 0 ver 0: file3 -> 536870913 type reg, fixing [ 88.053468][ T5355] bcachefs (loop0): dirent points to missing inode: [ 88.053483][ T5355] u64s 7 type dirent 4096:2572469487333457595:U32_MAX len 0 ver 0: file0 -> 4098 type dir, fixing [ 88.077132][ T5355] bcachefs (loop0): hash table key at wrong offset: should be at 5820829237001059612 [ 88.077148][ T5355] u64s 7 type dirent 4096:2695648408715017799:U32_MAX len 0 ver 0: file2 -> 536870913 type reg, fixing [ 88.111554][ T5355] bcachefs (loop0): dirent points to missing inode: [ 88.111571][ T5355] u64s 7 type dirent 4096:3374425006310232538:U32_MAX len 0 ver 0: file3 -> 536870913 type reg, fixing [ 88.150197][ T5355] bcachefs (loop0): hash table key at wrong offset: should be at 1271574105959764764 [ 88.150215][ T5355] u64s 7 type dirent 4096:4330382808765833931:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing [ 88.172533][ T5355] bcachefs (loop0): dirent points to missing inode: [ 88.172550][ T5355] u64s 7 type dirent 4096:5820829237001059612:U32_MAX len 0 ver 0: file2 -> 536870913 type reg, fixing [ 88.189005][ T5355] bcachefs (loop0): hash table key at wrong offset: should be at 7951479516983889020 [ 88.189019][ T5355] u64s 8 type dirent 4096:8130059955150870709:U32_MAX len 0 ver 0: lost+found -> 4097 type dir, fixing [ 88.221557][ T5355] bcachefs (loop0): hash table key at wrong offset: should be at 5547158520511747442 [ 88.221571][ T5355] u64s 8 type dirent 4096:9097378837824744618:U32_MAX len 0 ver 0: file.cold -> 536870914 type reg, fixing [ 88.243714][ T5355] bcachefs (loop0): hash table key at wrong offset: should be at 3447332360859070366 [ 88.243730][ T5355] u64s 7 type dirent 4098:5675548428000973578:U32_MAX len 0 ver 0: file1 -> 4100 type lnk, fixing [ 88.263145][ T5355] bcachefs (loop0): hash table key at wrong offset: should be at 8567566206514581653 [ 88.263160][ T5355] u64s 7 type dirent 4098:8977922886548783724:U32_MAX len 0 ver 0: file0 -> 4099 type reg, fixing [ 88.312558][ T5355] bcachefs (loop0): check_dirents requires second pass [ 88.317956][ T5355] bcachefs (loop0): dirent points to missing inode: [ 88.317970][ T5355] u64s 7 type dirent 4096:1271574105959764764:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing [ 88.344152][ T5355] bcachefs (loop0): dirent points to missing inode: [ 88.344166][ T5355] u64s 8 type dirent 4096:5547158520511747442:U32_MAX len 0 ver 0: file.cold -> 536870914 type reg, fixing [ 88.366023][ T5355] bcachefs (loop0): dirent points to missing inode: [ 88.366038][ T5355] u64s 8 type dirent 4096:7951479516983889020:U32_MAX len 0 ver 0: lost+found -> 4097 type dir, fixing [ 88.385458][ T5355] bcachefs (loop0): fsck counted subdirectories wrong for inum 4096:4294967295: got 1 should be 0 [ 88.404633][ T5355] bcachefs (loop0): dirent points to missing inode: [ 88.404650][ T5355] u64s 7 type dirent 4098:3447332360859070366:U32_MAX len 0 ver 0: file1 -> 4100 type lnk, fixing [ 88.436792][ T5355] bcachefs (loop0): dirent points to missing inode: [ 88.436810][ T5355] u64s 7 type dirent 4098:8567566206514581653:U32_MAX len 0 ver 0: file0 -> 4099 type reg, fixing [ 88.480017][ T5355] ================================================================== [ 88.484904][ T5355] BUG: KASAN: use-after-free in bch2_check_dirents+0x1fac/0x33f0 [ 88.500641][ T5355] Read of size 1 at addr ffff888054b23048 by task syz.0.0/5355 [ 88.506149][ T5355] [ 88.507971][ T5355] CPU: 0 UID: 0 PID: 5355 Comm: syz.0.0 Not tainted 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) [ 88.507992][ T5355] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 88.507999][ T5355] Call Trace: [ 88.508008][ T5355] [ 88.508014][ T5355] dump_stack_lvl+0x189/0x250 [ 88.508033][ T5355] ? __kasan_check_byte+0x12/0x40 [ 88.508049][ T5355] ? __pfx_dump_stack_lvl+0x10/0x10 [ 88.508062][ T5355] ? lock_release+0x4b/0x3e0 [ 88.508105][ T5355] ? __virt_addr_valid+0x4a5/0x5c0 [ 88.508123][ T5355] print_report+0xca/0x240 [ 88.508136][ T5355] ? bch2_check_dirents+0x1fac/0x33f0 [ 88.508152][ T5355] kasan_report+0x118/0x150 [ 88.508166][ T5355] ? bch2_check_dirents+0x1fac/0x33f0 [ 88.508183][ T5355] bch2_check_dirents+0x1fac/0x33f0 [ 88.508200][ T5355] ? bch2_check_dirents+0x2f1/0x33f0 [ 88.508216][ T5355] ? desc_read+0x1b8/0x3f0 [ 88.508228][ T5355] ? prb_first_seq+0xfd/0x1a0 [ 88.508238][ T5355] ? __pfx_bch2_check_dirents+0x10/0x10 [ 88.508252][ T5355] ? __pfx_prb_first_seq+0x10/0x10 [ 88.508263][ T5355] ? desc_read+0x1b8/0x3f0 [ 88.508274][ T5355] ? this_cpu_in_panic+0x4f/0x80 [ 88.508284][ T5355] ? _prb_read_valid+0xa07/0xa90 [ 88.508294][ T5355] ? console_flush_all+0x13a/0xc40 [ 88.508308][ T5355] ? up+0xde/0x150 [ 88.508382][ T5355] ? __console_unlock+0x14c/0x1a0 [ 88.508394][ T5355] ? __pfx___console_unlock+0x10/0x10 [ 88.508409][ T5355] ? prb_read_valid+0x3c/0x60 [ 88.508420][ T5355] ? console_unlock+0x21b/0x270 [ 88.508434][ T5355] ? __pfx_console_unlock+0x10/0x10 [ 88.508448][ T5355] ? vprintk_emit+0x63e/0x7a0 [ 88.508466][ T5355] ? __bch2_print+0x176/0x220 [ 88.508484][ T5355] ? bch2_check_dirents+0x2f1/0x33f0 [ 88.508501][ T5355] ? lockdep_hardirqs_on+0x9c/0x150 [ 88.508519][ T5355] __bch2_run_recovery_passes+0x3ba/0x1060 [ 88.508542][ T5355] bch2_run_recovery_passes+0x184/0x210 [ 88.508560][ T5355] bch2_fs_recovery+0x2690/0x3a50 [ 88.508579][ T5355] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 88.508594][ T5355] ? irqentry_exit+0x74/0x90 [ 88.508603][ T5355] ? lockdep_hardirqs_on+0x9c/0x150 [ 88.508622][ T5355] ? preempt_schedule+0xae/0xc0 [ 88.508639][ T5355] ? preempt_schedule_common+0x83/0xd0 [ 88.508656][ T5355] ? preempt_schedule+0xae/0xc0 [ 88.508671][ T5355] ? __pfx_preempt_schedule+0x10/0x10 [ 88.508686][ T5355] ? __mutex_trylock_common+0x153/0x260 [ 88.508701][ T5355] ? __lock_acquire+0xab9/0xd20 [ 88.508719][ T5355] ? __lock_acquire+0xab9/0xd20 [ 88.508740][ T5355] ? bch2_fs_start+0xa0f/0xda0 [ 88.508758][ T5355] ? up_write+0x1c4/0x420 [ 88.508769][ T5355] ? bch2_fs_start+0x5e7/0xda0 [ 88.508787][ T5355] bch2_fs_start+0xaaf/0xda0 [ 88.508804][ T5355] ? bch2_fs_start+0x5e7/0xda0 [ 88.508820][ T5355] ? __pfx_bch2_fs_start+0x10/0x10 [ 88.508841][ T5355] ? sget+0x267/0x620 [ 88.508853][ T5355] bch2_fs_get_tree+0xb39/0x1520 [ 88.508876][ T5355] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 88.508894][ T5355] ? aa_get_newest_label+0xf7/0x5d0 [ 88.508908][ T5355] ? __pfx_vfs_parse_comma_sep+0x10/0x10 [ 88.508924][ T5355] ? rcu_is_watching+0x15/0xb0 [ 88.508940][ T5355] vfs_get_tree+0x92/0x2b0 [ 88.508954][ T5355] do_new_mount+0x2a2/0x9e0 [ 88.508970][ T5355] ? ns_capable+0x8a/0xf0 [ 88.508983][ T5355] ? __pfx_do_new_mount+0x10/0x10 [ 88.508996][ T5355] ? path_mount+0x61c/0xfe0 [ 88.509010][ T5355] ? user_path_at+0x44/0x60 [ 88.509022][ T5355] __se_sys_mount+0x317/0x410 [ 88.509039][ T5355] ? __pfx___se_sys_mount+0x10/0x10 [ 88.509054][ T5355] ? do_syscall_64+0xbe/0x3b0 [ 88.509066][ T5355] ? __x64_sys_mount+0x20/0xc0 [ 88.509080][ T5355] do_syscall_64+0xfa/0x3b0 [ 88.509102][ T5355] ? lockdep_hardirqs_on+0x9c/0x150 [ 88.509119][ T5355] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.509130][ T5355] ? clear_bhb_loop+0x60/0xb0 [ 88.509143][ T5355] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.509155][ T5355] RIP: 0033:0x7f9d67b9030a [ 88.509169][ T5355] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 88.509179][ T5355] RSP: 002b:00007f9d68a26e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 88.509194][ T5355] RAX: ffffffffffffffda RBX: 00007f9d68a26ef0 RCX: 00007f9d67b9030a [ 88.509202][ T5355] RDX: 00002000000000c0 RSI: 0000200000000080 RDI: 00007f9d68a26eb0 [ 88.509209][ T5355] RBP: 00002000000000c0 R08: 00007f9d68a26ef0 R09: 0000000000818001 [ 88.509216][ T5355] R10: 0000000000818001 R11: 0000000000000246 R12: 0000200000000080 [ 88.509223][ T5355] R13: 00007f9d68a26eb0 R14: 0000000000005968 R15: 0000200000000100 [ 88.509235][ T5355] [ 88.509240][ T5355] [ 88.974276][ T5355] The buggy address belongs to the physical page: [ 88.988055][ T5355] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x54b23 [ 88.993133][ T5355] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 89.006096][ T5355] raw: 04fff00000000000 0000000000000000 ffffea000152c8c8 0000000000000000 [ 89.011006][ T5355] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 89.018021][ T5355] page dumped because: kasan: bad access detected [ 89.024312][ T5355] page_owner tracks the page as freed [ 89.033747][ T5355] page last allocated via order 5, migratetype Unmovable, gfp_mask 0x42800(GFP_NOWAIT|__GFP_COMP), pid 5355, tgid 5354 (syz.0.0), ts 86895283371, free_ts 88479415185 [ 89.062100][ T5355] post_alloc_hook+0x240/0x2a0 [ 89.064954][ T5355] get_page_from_freelist+0x21e4/0x22c0 [ 89.079644][ T5355] __alloc_frozen_pages_noprof+0x181/0x370 [ 89.082372][ T5355] alloc_pages_mpol+0x232/0x4a0 [ 89.085565][ T5355] ___kmalloc_large_node+0x5f/0x1b0 [ 89.098508][ T5355] __kmalloc_large_node_noprof+0x18/0x90 [ 89.101167][ T5355] __kvmalloc_node_noprof+0x6d/0x5f0 [ 89.103732][ T5355] bch2_btree_node_read_done+0x32f6/0x5550 [ 89.113329][ T5355] btree_node_read_work+0x40e/0xe60 [ 89.116277][ T5355] bch2_btree_node_read+0x887/0x2a00 [ 89.123459][ T5355] bch2_btree_root_read+0x5f0/0x760 [ 89.128463][ T5355] read_btree_roots+0x2c6/0x840 [ 89.131346][ T5355] bch2_fs_recovery+0x261f/0x3a50 [ 89.134645][ T5355] bch2_fs_start+0xaaf/0xda0 [ 89.157514][ T5355] bch2_fs_get_tree+0xb39/0x1520 [ 89.160041][ T5355] vfs_get_tree+0x92/0x2b0 [ 89.162407][ T5355] page last free pid 5355 tgid 5354 stack trace: [ 89.165785][ T5355] __free_pages_ok+0xa83/0xbe0 [ 89.183672][ T5355] free_large_kmalloc+0x13a/0x1f0 [ 89.186473][ T5355] btree_node_sort+0x117f/0x1760 [ 89.191880][ T5355] bch2_btree_post_write_cleanup+0x11f/0xad0 [ 89.214754][ T5355] bch2_btree_node_prep_for_write+0x337/0x650 [ 89.228656][ T5355] bch2_trans_lock_write+0x669/0xba0 [ 89.231465][ T5355] __bch2_trans_commit+0x2773/0x8870 [ 89.250686][ T5355] bch2_check_dirents+0x1c5c/0x33f0 [ 89.253497][ T5355] __bch2_run_recovery_passes+0x3ba/0x1060 [ 89.256495][ T5355] bch2_run_recovery_passes+0x184/0x210 [ 89.272029][ T5355] bch2_fs_recovery+0x2690/0x3a50 [ 89.274327][ T5355] bch2_fs_start+0xaaf/0xda0 [ 89.276441][ T5355] bch2_fs_get_tree+0xb39/0x1520 [ 89.291678][ T5355] vfs_get_tree+0x92/0x2b0 [ 89.293707][ T5355] do_new_mount+0x2a2/0x9e0 [ 89.296593][ T5355] __se_sys_mount+0x317/0x410 [ 89.311701][ T5355] [ 89.312796][ T5355] Memory state around the buggy address: [ 89.315221][ T5355] ffff888054b22f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 89.319153][ T5355] ffff888054b22f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 89.327389][ T5355] >ffff888054b23000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 89.330916][ T5355] ^ [ 89.347831][ T5355] ffff888054b23080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 89.353330][ T5355] ffff888054b23100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 89.358860][ T5355] ================================================================== [ 89.417774][ T5355] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 89.421632][ T5355] CPU: 0 UID: 0 PID: 5355 Comm: syz.0.0 Not tainted 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) [ 89.438048][ T5355] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 89.442389][ T5355] Call Trace: [ 89.443947][ T5355] [ 89.445455][ T5355] dump_stack_lvl+0x99/0x250 [ 89.458023][ T5355] ? __asan_memcpy+0x40/0x70 [ 89.460319][ T5355] ? __pfx_dump_stack_lvl+0x10/0x10 [ 89.464053][ T5355] ? __pfx__printk+0x10/0x10 [ 89.468359][ T5355] vpanic+0x281/0x750 [ 89.475419][ T5355] ? preempt_schedule+0xae/0xc0 [ 89.477551][ T5355] ? __pfx_vpanic+0x10/0x10 [ 89.479499][ T5355] ? preempt_schedule_common+0x83/0xd0 [ 89.481751][ T5355] ? preempt_schedule+0xae/0xc0 [ 89.489498][ T5355] ? __pfx_preempt_schedule+0x10/0x10 [ 89.492311][ T5355] panic+0xb9/0xc0 [ 89.517517][ T5355] ? __pfx_panic+0x10/0x10 [ 89.519578][ T5355] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 89.522129][ T5355] ? bch2_check_dirents+0x1fac/0x33f0 [ 89.524344][ T5355] check_panic_on_warn+0x89/0xb0 [ 89.543448][ T5355] ? bch2_check_dirents+0x1fac/0x33f0 [ 89.548057][ T5355] end_report+0x78/0x160 [ 89.550687][ T5355] kasan_report+0x129/0x150 [ 89.553105][ T5355] ? bch2_check_dirents+0x1fac/0x33f0 [ 89.559031][ T5355] bch2_check_dirents+0x1fac/0x33f0 [ 89.570105][ T5355] ? bch2_check_dirents+0x2f1/0x33f0 [ 89.576242][ T5355] ? desc_read+0x1b8/0x3f0 [ 89.588697][ T5355] ? prb_first_seq+0xfd/0x1a0 [ 89.591388][ T5355] ? __pfx_bch2_check_dirents+0x10/0x10 [ 89.594060][ T5355] ? __pfx_prb_first_seq+0x10/0x10 [ 89.596722][ T5355] ? desc_read+0x1b8/0x3f0 [ 89.609113][ T5355] ? this_cpu_in_panic+0x4f/0x80 [ 89.612228][ T5355] ? _prb_read_valid+0xa07/0xa90 [ 89.615733][ T5355] ? console_flush_all+0x13a/0xc40 [ 89.618746][ T5355] ? up+0xde/0x150 [ 89.626966][ T5355] ? __console_unlock+0x14c/0x1a0 [ 89.629635][ T5355] ? __pfx___console_unlock+0x10/0x10 [ 89.638856][ T5355] ? prb_read_valid+0x3c/0x60 [ 89.641138][ T5355] ? console_unlock+0x21b/0x270 [ 89.646238][ T5355] ? __pfx_console_unlock+0x10/0x10 [ 89.650754][ T5355] ? vprintk_emit+0x63e/0x7a0 [ 89.657477][ T5355] ? __bch2_print+0x176/0x220 [ 89.660395][ T5355] ? bch2_check_dirents+0x2f1/0x33f0 [ 89.663618][ T5355] ? lockdep_hardirqs_on+0x9c/0x150 [ 89.665903][ T5355] __bch2_run_recovery_passes+0x3ba/0x1060 [ 89.678575][ T5355] bch2_run_recovery_passes+0x184/0x210 [ 89.689377][ T5355] bch2_fs_recovery+0x2690/0x3a50 [ 89.691879][ T5355] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 89.695669][ T5355] ? irqentry_exit+0x74/0x90 [ 89.708232][ T5355] ? lockdep_hardirqs_on+0x9c/0x150 [ 89.710854][ T5355] ? preempt_schedule+0xae/0xc0 [ 89.713065][ T5355] ? preempt_schedule_common+0x83/0xd0 [ 89.715538][ T5355] ? preempt_schedule+0xae/0xc0 [ 89.727783][ T5355] ? __pfx_preempt_schedule+0x10/0x10 [ 89.730348][ T5355] ? __mutex_trylock_common+0x153/0x260 [ 89.732780][ T5355] ? __lock_acquire+0xab9/0xd20 [ 89.735017][ T5355] ? __lock_acquire+0xab9/0xd20 [ 89.754457][ T5355] ? bch2_fs_start+0xa0f/0xda0 [ 89.756910][ T5355] ? up_write+0x1c4/0x420 [ 89.759323][ T5355] ? bch2_fs_start+0x5e7/0xda0 [ 89.763027][ T5355] bch2_fs_start+0xaaf/0xda0 [ 89.765906][ T5355] ? bch2_fs_start+0x5e7/0xda0 [ 89.779360][ T5355] ? __pfx_bch2_fs_start+0x10/0x10 [ 89.781638][ T5355] ? sget+0x267/0x620 [ 89.783372][ T5355] bch2_fs_get_tree+0xb39/0x1520 [ 89.785617][ T5355] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 89.799241][ T5355] ? aa_get_newest_label+0xf7/0x5d0 [ 89.801872][ T5355] ? __pfx_vfs_parse_comma_sep+0x10/0x10 [ 89.805110][ T5355] ? rcu_is_watching+0x15/0xb0 [ 89.823195][ T5355] vfs_get_tree+0x92/0x2b0 [ 89.825544][ T5355] do_new_mount+0x2a2/0x9e0 [ 89.827359][ T5355] ? ns_capable+0x8a/0xf0 [ 89.829035][ T5355] ? __pfx_do_new_mount+0x10/0x10 [ 89.831013][ T5355] ? path_mount+0x61c/0xfe0 [ 89.832890][ T5355] ? user_path_at+0x44/0x60 [ 89.839704][ T5355] __se_sys_mount+0x317/0x410 [ 89.847502][ T5355] ? __pfx___se_sys_mount+0x10/0x10 [ 89.867362][ T5355] ? do_syscall_64+0xbe/0x3b0 [ 89.902401][ T5355] ? __x64_sys_mount+0x20/0xc0 [ 89.915198][ T5355] do_syscall_64+0xfa/0x3b0 [ 89.922806][ T5355] ? lockdep_hardirqs_on+0x9c/0x150 [ 89.925234][ T5355] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.939174][ T5355] ? clear_bhb_loop+0x60/0xb0 [ 89.943252][ T5355] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.945990][ T5355] RIP: 0033:0x7f9d67b9030a [ 89.954632][ T5355] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 89.975067][ T5355] RSP: 002b:00007f9d68a26e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 89.981569][ T5355] RAX: ffffffffffffffda RBX: 00007f9d68a26ef0 RCX: 00007f9d67b9030a [ 89.989393][ T5355] RDX: 00002000000000c0 RSI: 0000200000000080 RDI: 00007f9d68a26eb0 [ 89.993731][ T5355] RBP: 00002000000000c0 R08: 00007f9d68a26ef0 R09: 0000000000818001 [ 90.004300][ T5355] R10: 0000000000818001 R11: 0000000000000246 R12: 0000200000000080 [ 90.012378][ T5355] R13: 00007f9d68a26eb0 R14: 0000000000005968 R15: 0000200000000100 [ 90.020562][ T5355] [ 90.025370][ T5355] Kernel Offset: disabled [ 90.032193][ T5355] Rebooting in 86400 seconds..