Extracting prog: 19m6.274515798s Minimizing prog: 1h26m24.784313926s Simplifying prog options: 0s Extracting C: 2m16.266392741s Simplifying C: 54m13.591650593s extracting reproducer from 18 programs testing a last program of every proc single: executing 5 programs separately with timeout 6m0s testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-openat$tun-ioctl$TUNSETIFF-socket$nl_route-socket$unix-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route_sched-sendmsg$nl_route_sched-socket$kcm-openat$tun-close-socket$inet6_udplite-socket-socket$unix-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route_sched-ioctl$sock_SIOCGIFINDEX-sendmsg$kcm detailed listing: executing program 0: r0 = socket$unix(0x1, 0x1, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x4d, 0xfffffffb, 0x7fffffff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084) sendmsg$nl_route_sched(r2, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001f80)=@newqdisc={0x434, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdf8, {0x0, 0x0, 0x0, r4, {0x10}, {}, {0xa, 0x3}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x1, 0x1, 0x9, 0x8000, 0x3, 0x5, 0x5, 0xb762, 0x6, 0x7, 0x8, 0xf, 0x2, 0x80000001, 0x400, 0x7fc, 0xffff8000, 0x6, 0x401, 0x9, 0xb89, 0xffffe4f5, 0xd6, 0x2, 0xffff, 0x7, 0x0, 0x2, 0x101, 0x1, 0xfffffffc, 0x5, 0x9, 0x1, 0x9, 0xc, 0x20001000, 0x4, 0x2, 0x7, 0x4, 0x99, 0x9, 0x5, 0x6, 0x7, 0xfffffff7, 0x1, 0x2, 0x9, 0x9, 0x44, 0x8, 0x8, 0x1, 0x4, 0x7ff, 0x100008, 0x7, 0x7fffffff, 0x400, 0x71c5, 0xfffffa72, 0xcd, 0xffffff80, 0x80000000, 0xc, 0x4, 0x65, 0x91, 0x659, 0x9, 0xb, 0x9, 0xc28, 0x9, 0x7, 0x3, 0x401, 0x3, 0x2, 0xfffffffa, 0x1, 0x10001, 0x8000, 0x1, 0x4, 0x7, 0x8, 0x7, 0x1, 0x1, 0x1, 0x7, 0x457, 0x7, 0x12, 0x8000, 0x1, 0x4dc, 0x80, 0x3, 0x7fffffff, 0xff, 0xb, 0xa7, 0xf, 0x2, 0x0, 0x3, 0x1000, 0x40004, 0x401, 0x7, 0x80000000, 0xffff, 0x6, 0x5, 0x4, 0xffffffff, 0x80000000, 0x1966f9ab, 0x200, 0x20200, 0xed5, 0xfffffc00, 0x6, 0x4, 0x8, 0x485e, 0xa85, 0x80000040, 0x2, 0x7, 0x7, 0x102, 0x2d5421e8, 0x7, 0x10000, 0xffffffff, 0x6, 0x3ff, 0x3, 0x0, 0x2, 0x5, 0xfffffc00, 0x5, 0x8d, 0x4, 0x401, 0x4, 0x9, 0x3, 0xfffffffb, 0x1, 0x0, 0x0, 0x2, 0x5, 0x8, 0x3, 0x0, 0x800, 0x2, 0x8, 0x7ff, 0x1, 0x9, 0x6, 0x5, 0x5, 0x4d15, 0x1ff, 0xfffff060, 0x3, 0x469, 0x8001, 0x0, 0x200, 0x10000007, 0x7, 0x1, 0x8, 0x42ba, 0x4, 0x9, 0x1003, 0x8, 0x8, 0x53, 0x6, 0x4, 0x400, 0x8000, 0x0, 0x2c310b18, 0xfff, 0x0, 0x3, 0xcd34, 0x9, 0x81, 0xdf3, 0x2, 0x7, 0x8, 0xfff, 0x1ff, 0x8000, 0x3, 0x8, 0x3, 0x9, 0x9a6, 0xe4cb, 0x402, 0x1, 0x1ff, 0x3e, 0x9b4, 0x1, 0x8, 0x0, 0x8, 0x0, 0x9, 0x0, 0x4, 0x10, 0x2, 0xa, 0x2, 0x7b, 0xfffffeff, 0x6, 0x7, 0xc, 0x1000, 0x9, 0x9, 0xe6, 0xab, 0x400, 0x7fffffff, 0xed, 0x7ff, 0xd83, 0x68, 0x80000001, 0x4, 0x1, 0x6, 0x200, 0x2]}]}}]}, 0x434}, 0x1, 0x0, 0x0, 0x40098}, 0x0) r5 = socket$kcm(0x11, 0x3, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r6) socket$inet6_udplite(0xa, 0x2, 0x88) r7 = socket(0x400000000010, 0x3, 0x0) r8 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd25, 0x25dfdc00, {0x0, 0x0, 0x0, r9, {0x0, 0x4}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x20000000) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r5, &(0x7f0000000280)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r10}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000180)="270302", 0x3}], 0x1}, 0x5) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-dup-setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD-setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO-dup-setsockopt$SO_BINDTODEVICE-setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS-setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS-pipe2$9p-write$P9_RSETATTR-splice-mmap-setsockopt$SO_BINDTODEVICE-setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS detailed listing: executing program 0: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000180)={0x0, 0x5, 0x10}, 0xc) r2 = dup(r0) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000000)='ip6gretap0\x00', 0x10) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e22, @empty}}, 0x8003, 0xbffc, 0xe654, 0x2, 0x4, 0x48, 0xff}, 0x9c) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0xce20, 0x6, @empty, 0x2d}}, 0x7, 0x1, 0xf06, 0x3, 0xb4, 0x7f, 0x9}, 0x9c) pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RSETATTR(r4, &(0x7f0000000000)={0x7, 0x1b, 0x2}, 0xffffff9a) splice(r3, 0x0, r0, 0x0, 0xffff, 0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e60, 0xeffffff2, @empty, 0x5}}, 0x10001fc, 0x6, 0xffff1896, 0x3, 0x26, 0xffffffb9, 0x1a}, 0x9c) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): memfd_create-prlimit64-sched_setscheduler-syz_mount_image$btrfs-openat-prlimit64-sched_setscheduler-syz_mount_image$exfat-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-timer_create-timer_settime-madvise-madvise-madvise detailed listing: executing program 0: memfd_create(&(0x7f0000000000)='\x01\x00\x00\x00\x00\x00\x00\x00\xd64\xf9 \x00\xa4\xb5\x00\x00\x00\x00\x12\x1a\'<\xf5\xbeV\x12\xaal\xfa\xf0o\xd8\xb1,\xbd>M\xe3\x98?Y\x96\xab\xc7\x06F\x8e\xab\xc8\x1e\x89]\x13bZ\x8d \x19\x00k\x95\x9eLV(\x8a\x0e\x93\x93Vc]mP\xbativ\xce\xa4K\xfb\xf2\xe0\xbf\x9d\x82\xa2\xcd\xb39\xb4\x17a9\x1c\x82\x1aLT\xd0\xb9\x1a\xafB\x95\xb4\xcf\x91X\x8c\x87\xc2\xa1\x1b\xfe\xe7\xbc\xf7\xeb\xc0L\x1d\x98Zq\xce\xd3\xefB\xd4\xee\xb5\xee\xe0\xaa\xdd\x00\xb1j$S\xfc\xb1[N\x8d\xcfI\xc8\x91\x87\x1fuYG7}%)\xb9\x00\x00\x00\x00\x00\x00\x00\x80W\xe0I\x0e\xa4\x1e}\x06\vK\xed\x11\x880\x0e\x9c\xaeVU\x88\xb0\x84:kgA]Z\x88\xecIf\xee\xba\x8b\xc6\"\xcej\x84\x06\x8a\x99\x80\xd7\xcf\x96\xed\x89\x1e6\x93+\xec#\x1f2\xee\xce\x17\x89vr\xc5j\xec\x1b\xaa\x996\x14e\xcf\x8axQ\x9e\x035\x8a@\xd4\x1c\xe0\xa2\xc8\xb3c\t\xe8\x1a\x89\xecL\xcf\xd8\xb5\xfb\xbc\tX\x88\xbe\xfc@[\xb2\xd5\x8c\xb9\x0e\x17\x8b\xce\xd09\xd2\xfb\x9e\xef\xabR\x88\x17\x9et\xf7\x9c\x01\x91\x00\x00\xdb\xf9\xcb\x7fh\x83>\x8e\xe1=\xedR\xc9\xe68h\x19\xafLD\x94\x93\xebT\x15\x817\x9d\xf5s\x03\x1a=\xcc\xd1\xa7\'\xa0\xaf\xf7\xec\xaf]\x0e\a\x00\x91T\x1b\xee\x10\x92\x80m\xc7\x90\x9fU\xf9\x8e_f\x8e\x00\xc3r*\xc7\xaf\xe2\'\xe0f9\xde\n,\x8c8C26\xa6u<\xa7@H\xdc\xf1\xb0\xb8\x9f\xc2o\x0f\x02I\xb6\xc3xH\xc3\x88\x7f\xd9\x90\xb7=\x1e@\xda9(\xb6\x97~\xea)\'\xa3:\x8d\xebc>z\xae*\xc2\x14\xe9\x89#\xe2)\x9a\xb0hR\xffa\xf8\xde\xf7q4\xcfV\xbb\xc3t\xfa\xa9\x05>\xaea\x12\xce\x1cY\a\xb1&\xb9\x12v\x1dN\xe1,_3\xa9\xa36\xaa.Cj\xd4\a\x84\xb2j\x86\xe1\x1f\xec1\xb9!lI\xc7\xbf\x85\xdd\x03\xbd\xeb\xec\xf9\xf3\xaf\xe02AzX\x9aO\x93y;\xa7,\xbb\x11\xe6\x8fn\xa0m\xf8\xcf\x92\x19\xba,\x0e\x04\xbe\xbb\xdd\x00\xb1\xb6Enr\x17\xa4\xc5)\xcc}*yN\xdc\xc3\xe0\xf2\x10\xe0M\xe3\x98?Y\x96\xab\xc7\x06F\x8e\xab\xc8\x1e\x89]\x13bZ\x8d \x19\x00k\x95\x9eLV(\x8a\x0e\x93\x93Vc]mP\xbativ\xce\xa4K\xfb\xf2\xe0\xbf\x9d\x82\xa2\xcd\xb39\xb4\x17a9\x1c\x82\x1aLT\xd0\xb9\x1a\xafB\x95\xb4\xcf\x91X\x8c\x87\xc2\xa1\x1b\xfe\xe7\xbc\xf7\xeb\xc0L\x1d\x98Zq\xce\xd3\xefB\xd4\xee\xb5\xee\xe0\xaa\xdd\x00\xb1j$S\xfc\xb1[N\x8d\xcfI\xc8\x91\x87\x1fuYG7}%)\xb9\x00\x00\x00\x00\x00\x00\x00\x80W\xe0I\x0e\xa4\x1e}\x06\vK\xed\x11\x880\x0e\x9c\xaeVU\x88\xb0\x84:kgA]Z\x88\xecIf\xee\xba\x8b\xc6\"\xcej\x84\x06\x8a\x99\x80\xd7\xcf\x96\xed\x89\x1e6\x93+\xec#\x1f2\xee\xce\x17\x89vr\xc5j\xec\x1b\xaa\x996\x14e\xcf\x8axQ\x9e\x035\x8a@\xd4\x1c\xe0\xa2\xc8\xb3c\t\xe8\x1a\x89\xecL\xcf\xd8\xb5\xfb\xbc\tX\x88\xbe\xfc@[\xb2\xd5\x8c\xb9\x0e\x17\x8b\xce\xd09\xd2\xfb\x9e\xef\xabR\x88\x17\x9et\xf7\x9c\x01\x91\x00\x00\xdb\xf9\xcb\x7fh\x83>\x8e\xe1=\xedR\xc9\xe68h\x19\xafLD\x94\x93\xebT\x15\x817\x9d\xf5s\x03\x1a=\xcc\xd1\xa7\'\xa0\xaf\xf7\xec\xaf]\x0e\a\x00\x91T\x1b\xee\x10\x92\x80m\xc7\x90\x9fU\xf9\x8e_f\x8e\x00\xc3r*\xc7\xaf\xe2\'\xe0f9\xde\n,\x8c8C26\xa6u<\xa7@H\xdc\xf1\xb0\xb8\x9f\xc2o\x0f\x02I\xb6\xc3xH\xc3\x88\x7f\xd9\x90\xb7=\x1e@\xda9(\xb6\x97~\xea)\'\xa3:\x8d\xebc>z\xae*\xc2\x14\xe9\x89#\xe2)\x9a\xb0hR\xffa\xf8\xde\xf7q4\xcfV\xbb\xc3t\xfa\xa9\x05>\xaea\x12\xce\x1cY\a\xb1&\xb9\x12v\x1dN\xe1,_3\xa9\xa36\xaa.Cj\xd4\a\x84\xb2j\x86\xe1\x1f\xec1\xb9!lI\xc7\xbf\x85\xdd\x03\xbd\xeb\xec\xf9\xf3\xaf\xe02AzX\x9aO\x93y;\xa7,\xbb\x11\xe6\x8fn\xa0m\xf8\xcf\x92\x19\xba,\x0e\x04\xbe\xbb\xdd\x00\xb1\xb6Enr\x17\xa4\xc5)\xcc}*yN\xdc\xc3\xe0\xf2\x10\xe0M\xe3\x98?Y\x96\xab\xc7\x06F\x8e\xab\xc8\x1e\x89]\x13bZ\x8d \x19\x00k\x95\x9eLV(\x8a\x0e\x93\x93Vc]mP\xbativ\xce\xa4K\xfb\xf2\xe0\xbf\x9d\x82\xa2\xcd\xb39\xb4\x17a9\x1c\x82\x1aLT\xd0\xb9\x1a\xafB\x95\xb4\xcf\x91X\x8c\x87\xc2\xa1\x1b\xfe\xe7\xbc\xf7\xeb\xc0L\x1d\x98Zq\xce\xd3\xefB\xd4\xee\xb5\xee\xe0\xaa\xdd\x00\xb1j$S\xfc\xb1[N\x8d\xcfI\xc8\x91\x87\x1fuYG7}%)\xb9\x00\x00\x00\x00\x00\x00\x00\x80W\xe0I\x0e\xa4\x1e}\x06\vK\xed\x11\x880\x0e\x9c\xaeVU\x88\xb0\x84:kgA]Z\x88\xecIf\xee\xba\x8b\xc6\"\xcej\x84\x06\x8a\x99\x80\xd7\xcf\x96\xed\x89\x1e6\x93+\xec#\x1f2\xee\xce\x17\x89vr\xc5j\xec\x1b\xaa\x996\x14e\xcf\x8axQ\x9e\x035\x8a@\xd4\x1c\xe0\xa2\xc8\xb3c\t\xe8\x1a\x89\xecL\xcf\xd8\xb5\xfb\xbc\tX\x88\xbe\xfc@[\xb2\xd5\x8c\xb9\x0e\x17\x8b\xce\xd09\xd2\xfb\x9e\xef\xabR\x88\x17\x9et\xf7\x9c\x01\x91\x00\x00\xdb\xf9\xcb\x7fh\x83>\x8e\xe1=\xedR\xc9\xe68h\x19\xafLD\x94\x93\xebT\x15\x817\x9d\xf5s\x03\x1a=\xcc\xd1\xa7\'\xa0\xaf\xf7\xec\xaf]\x0e\a\x00\x91T\x1b\xee\x10\x92\x80m\xc7\x90\x9fU\xf9\x8e_f\x8e\x00\xc3r*\xc7\xaf\xe2\'\xe0f9\xde\n,\x8c8C26\xa6u<\xa7@H\xdc\xf1\xb0\xb8\x9f\xc2o\x0f\x02I\xb6\xc3xH\xc3\x88\x7f\xd9\x90\xb7=\x1e@\xda9(\xb6\x97~\xea)\'\xa3:\x8d\xebc>z\xae*\xc2\x14\xe9\x89#\xe2)\x9a\xb0hR\xffa\xf8\xde\xf7q4\xcfV\xbb\xc3t\xfa\xa9\x05>\xaea\x12\xce\x1cY\a\xb1&\xb9\x12v\x1dN\xe1,_3\xa9\xa36\xaa.Cj\xd4\a\x84\xb2j\x86\xe1\x1f\xec1\xb9!lI\xc7\xbf\x85\xdd\x03\xbd\xeb\xec\xf9\xf3\xaf\xe02AzX\x9aO\x93y;\xa7,\xbb\x11\xe6\x8fn\xa0m\xf8\xcf\x92\x19\xba,\x0e\x04\xbe\xbb\xdd\x00\xb1\xb6Enr\x17\xa4\xc5)\xcc}*yN\xdc\xc3\xe0\xf2\x10\xe0M\xe3\x98?Y\x96\xab\xc7\x06F\x8e\xab\xc8\x1e\x89]\x13bZ\x8d \x19\x00k\x95\x9eLV(\x8a\x0e\x93\x93Vc]mP\xbativ\xce\xa4K\xfb\xf2\xe0\xbf\x9d\x82\xa2\xcd\xb39\xb4\x17a9\x1c\x82\x1aLT\xd0\xb9\x1a\xafB\x95\xb4\xcf\x91X\x8c\x87\xc2\xa1\x1b\xfe\xe7\xbc\xf7\xeb\xc0L\x1d\x98Zq\xce\xd3\xefB\xd4\xee\xb5\xee\xe0\xaa\xdd\x00\xb1j$S\xfc\xb1[N\x8d\xcfI\xc8\x91\x87\x1fuYG7}%)\xb9\x00\x00\x00\x00\x00\x00\x00\x80W\xe0I\x0e\xa4\x1e}\x06\vK\xed\x11\x880\x0e\x9c\xaeVU\x88\xb0\x84:kgA]Z\x88\xecIf\xee\xba\x8b\xc6\"\xcej\x84\x06\x8a\x99\x80\xd7\xcf\x96\xed\x89\x1e6\x93+\xec#\x1f2\xee\xce\x17\x89vr\xc5j\xec\x1b\xaa\x996\x14e\xcf\x8axQ\x9e\x035\x8a@\xd4\x1c\xe0\xa2\xc8\xb3c\t\xe8\x1a\x89\xecL\xcf\xd8\xb5\xfb\xbc\tX\x88\xbe\xfc@[\xb2\xd5\x8c\xb9\x0e\x17\x8b\xce\xd09\xd2\xfb\x9e\xef\xabR\x88\x17\x9et\xf7\x9c\x01\x91\x00\x00\xdb\xf9\xcb\x7fh\x83>\x8e\xe1=\xedR\xc9\xe68h\x19\xafLD\x94\x93\xebT\x15\x817\x9d\xf5s\x03\x1a=\xcc\xd1\xa7\'\xa0\xaf\xf7\xec\xaf]\x0e\a\x00\x91T\x1b\xee\x10\x92\x80m\xc7\x90\x9fU\xf9\x8e_f\x8e\x00\xc3r*\xc7\xaf\xe2\'\xe0f9\xde\n,\x8c8C26\xa6u<\xa7@H\xdc\xf1\xb0\xb8\x9f\xc2o\x0f\x02I\xb6\xc3xH\xc3\x88\x7f\xd9\x90\xb7=\x1e@\xda9(\xb6\x97~\xea)\'\xa3:\x8d\xebc>z\xae*\xc2\x14\xe9\x89#\xe2)\x9a\xb0hR\xffa\xf8\xde\xf7q4\xcfV\xbb\xc3t\xfa\xa9\x05>\xaea\x12\xce\x1cY\a\xb1&\xb9\x12v\x1dN\xe1,_3\xa9\xa36\xaa.Cj\xd4\a\x84\xb2j\x86\xe1\x1f\xec1\xb9!lI\xc7\xbf\x85\xdd\x03\xbd\xeb\xec\xf9\xf3\xaf\xe02AzX\x9aO\x93y;\xa7,\xbb\x11\xe6\x8fn\xa0m\xf8\xcf\x92\x19\xba,\x0e\x04\xbe\xbb\xdd\x00\xb1\xb6Enr\x17\xa4\xc5)\xcc}*yN\xdc\xc3\xe0\xf2\x10\xe0M\xe3\x98?Y\x96\xab\xc7\x06F\x8e\xab\xc8\x1e\x89]\x13bZ\x8d \x19\x00k\x95\x9eLV(\x8a\x0e\x93\x93Vc]mP\xbativ\xce\xa4K\xfb\xf2\xe0\xbf\x9d\x82\xa2\xcd\xb39\xb4\x17a9\x1c\x82\x1aLT\xd0\xb9\x1a\xafB\x95\xb4\xcf\x91X\x8c\x87\xc2\xa1\x1b\xfe\xe7\xbc\xf7\xeb\xc0L\x1d\x98Zq\xce\xd3\xefB\xd4\xee\xb5\xee\xe0\xaa\xdd\x00\xb1j$S\xfc\xb1[N\x8d\xcfI\xc8\x91\x87\x1fuYG7}%)\xb9\x00\x00\x00\x00\x00\x00\x00\x80W\xe0I\x0e\xa4\x1e}\x06\vK\xed\x11\x880\x0e\x9c\xaeVU\x88\xb0\x84:kgA]Z\x88\xecIf\xee\xba\x8b\xc6\"\xcej\x84\x06\x8a\x99\x80\xd7\xcf\x96\xed\x89\x1e6\x93+\xec#\x1f2\xee\xce\x17\x89vr\xc5j\xec\x1b\xaa\x996\x14e\xcf\x8axQ\x9e\x035\x8a@\xd4\x1c\xe0\xa2\xc8\xb3c\t\xe8\x1a\x89\xecL\xcf\xd8\xb5\xfb\xbc\tX\x88\xbe\xfc@[\xb2\xd5\x8c\xb9\x0e\x17\x8b\xce\xd09\xd2\xfb\x9e\xef\xabR\x88\x17\x9et\xf7\x9c\x01\x91\x00\x00\xdb\xf9\xcb\x7fh\x83>\x8e\xe1=\xedR\xc9\xe68h\x19\xafLD\x94\x93\xebT\x15\x817\x9d\xf5s\x03\x1a=\xcc\xd1\xa7\'\xa0\xaf\xf7\xec\xaf]\x0e\a\x00\x91T\x1b\xee\x10\x92\x80m\xc7\x90\x9fU\xf9\x8e_f\x8e\x00\xc3r*\xc7\xaf\xe2\'\xe0f9\xde\n,\x8c8C26\xa6u<\xa7@H\xdc\xf1\xb0\xb8\x9f\xc2o\x0f\x02I\xb6\xc3xH\xc3\x88\x7f\xd9\x90\xb7=\x1e@\xda9(\xb6\x97~\xea)\'\xa3:\x8d\xebc>z\xae*\xc2\x14\xe9\x89#\xe2)\x9a\xb0hR\xffa\xf8\xde\xf7q4\xcfV\xbb\xc3t\xfa\xa9\x05>\xaea\x12\xce\x1cY\a\xb1&\xb9\x12v\x1dN\xe1,_3\xa9\xa36\xaa.Cj\xd4\a\x84\xb2j\x86\xe1\x1f\xec1\xb9!lI\xc7\xbf\x85\xdd\x03\xbd\xeb\xec\xf9\xf3\xaf\xe02AzX\x9aO\x93y;\xa7,\xbb\x11\xe6\x8fn\xa0m\xf8\xcf\x92\x19\xba,\x0e\x04\xbe\xbb\xdd\x00\xb1\xb6Enr\x17\xa4\xc5)\xcc}*yN\xdc\xc3\xe0\xf2\x10\xe0M\xe3\x98?Y\x96\xab\xc7\x06F\x8e\xab\xc8\x1e\x89]\x13bZ\x8d \x19\x00k\x95\x9eLV(\x8a\x0e\x93\x93Vc]mP\xbativ\xce\xa4K\xfb\xf2\xe0\xbf\x9d\x82\xa2\xcd\xb39\xb4\x17a9\x1c\x82\x1aLT\xd0\xb9\x1a\xafB\x95\xb4\xcf\x91X\x8c\x87\xc2\xa1\x1b\xfe\xe7\xbc\xf7\xeb\xc0L\x1d\x98Zq\xce\xd3\xefB\xd4\xee\xb5\xee\xe0\xaa\xdd\x00\xb1j$S\xfc\xb1[N\x8d\xcfI\xc8\x91\x87\x1fuYG7}%)\xb9\x00\x00\x00\x00\x00\x00\x00\x80W\xe0I\x0e\xa4\x1e}\x06\vK\xed\x11\x880\x0e\x9c\xaeVU\x88\xb0\x84:kgA]Z\x88\xecIf\xee\xba\x8b\xc6\"\xcej\x84\x06\x8a\x99\x80\xd7\xcf\x96\xed\x89\x1e6\x93+\xec#\x1f2\xee\xce\x17\x89vr\xc5j\xec\x1b\xaa\x996\x14e\xcf\x8axQ\x9e\x035\x8a@\xd4\x1c\xe0\xa2\xc8\xb3c\t\xe8\x1a\x89\xecL\xcf\xd8\xb5\xfb\xbc\tX\x88\xbe\xfc@[\xb2\xd5\x8c\xb9\x0e\x17\x8b\xce\xd09\xd2\xfb\x9e\xef\xabR\x88\x17\x9et\xf7\x9c\x01\x91\x00\x00\xdb\xf9\xcb\x7fh\x83>\x8e\xe1=\xedR\xc9\xe68h\x19\xafLD\x94\x93\xebT\x15\x817\x9d\xf5s\x03\x1a=\xcc\xd1\xa7\'\xa0\xaf\xf7\xec\xaf]\x0e\a\x00\x91T\x1b\xee\x10\x92\x80m\xc7\x90\x9fU\xf9\x8e_f\x8e\x00\xc3r*\xc7\xaf\xe2\'\xe0f9\xde\n,\x8c8C26\xa6u<\xa7@H\xdc\xf1\xb0\xb8\x9f\xc2o\x0f\x02I\xb6\xc3xH\xc3\x88\x7f\xd9\x90\xb7=\x1e@\xda9(\xb6\x97~\xea)\'\xa3:\x8d\xebc>z\xae*\xc2\x14\xe9\x89#\xe2)\x9a\xb0hR\xffa\xf8\xde\xf7q4\xcfV\xbb\xc3t\xfa\xa9\x05>\xaea\x12\xce\x1cY\a\xb1&\xb9\x12v\x1dN\xe1,_3\xa9\xa36\xaa.Cj\xd4\a\x84\xb2j\x86\xe1\x1f\xec1\xb9!lI\xc7\xbf\x85\xdd\x03\xbd\xeb\xec\xf9\xf3\xaf\xe02AzX\x9aO\x93y;\xa7,\xbb\x11\xe6\x8fn\xa0m\xf8\xcf\x92\x19\xba,\x0e\x04\xbe\xbb\xdd\x00\xb1\xb6Enr\x17\xa4\xc5)\xcc}*yN\xdc\xc3\xe0\xf2\x10\xe0M\xe3\x98?Y\x96\xab\xc7\x06F\x8e\xab\xc8\x1e\x89]\x13bZ\x8d \x19\x00k\x95\x9eLV(\x8a\x0e\x93\x93Vc]mP\xbativ\xce\xa4K\xfb\xf2\xe0\xbf\x9d\x82\xa2\xcd\xb39\xb4\x17a9\x1c\x82\x1aLT\xd0\xb9\x1a\xafB\x95\xb4\xcf\x91X\x8c\x87\xc2\xa1\x1b\xfe\xe7\xbc\xf7\xeb\xc0L\x1d\x98Zq\xce\xd3\xefB\xd4\xee\xb5\xee\xe0\xaa\xdd\x00\xb1j$S\xfc\xb1[N\x8d\xcfI\xc8\x91\x87\x1fuYG7}%)\xb9\x00\x00\x00\x00\x00\x00\x00\x80W\xe0I\x0e\xa4\x1e}\x06\vK\xed\x11\x880\x0e\x9c\xaeVU\x88\xb0\x84:kgA]Z\x88\xecIf\xee\xba\x8b\xc6\"\xcej\x84\x06\x8a\x99\x80\xd7\xcf\x96\xed\x89\x1e6\x93+\xec#\x1f2\xee\xce\x17\x89vr\xc5j\xec\x1b\xaa\x996\x14e\xcf\x8axQ\x9e\x035\x8a@\xd4\x1c\xe0\xa2\xc8\xb3c\t\xe8\x1a\x89\xecL\xcf\xd8\xb5\xfb\xbc\tX\x88\xbe\xfc@[\xb2\xd5\x8c\xb9\x0e\x17\x8b\xce\xd09\xd2\xfb\x9e\xef\xabR\x88\x17\x9et\xf7\x9c\x01\x91\x00\x00\xdb\xf9\xcb\x7fh\x83>\x8e\xe1=\xedR\xc9\xe68h\x19\xafLD\x94\x93\xebT\x15\x817\x9d\xf5s\x03\x1a=\xcc\xd1\xa7\'\xa0\xaf\xf7\xec\xaf]\x0e\a\x00\x91T\x1b\xee\x10\x92\x80m\xc7\x90\x9fU\xf9\x8e_f\x8e\x00\xc3r*\xc7\xaf\xe2\'\xe0f9\xde\n,\x8c8C26\xa6u<\xa7@H\xdc\xf1\xb0\xb8\x9f\xc2o\x0f\x02I\xb6\xc3xH\xc3\x88\x7f\xd9\x90\xb7=\x1e@\xda9(\xb6\x97~\xea)\'\xa3:\x8d\xebc>z\xae*\xc2\x14\xe9\x89#\xe2)\x9a\xb0hR\xffa\xf8\xde\xf7q4\xcfV\xbb\xc3t\xfa\xa9\x05>\xaea\x12\xce\x1cY\a\xb1&\xb9\x12v\x1dN\xe1,_3\xa9\xa36\xaa.Cj\xd4\a\x84\xb2j\x86\xe1\x1f\xec1\xb9!lI\xc7\xbf\x85\xdd\x03\xbd\xeb\xec\xf9\xf3\xaf\xe02AzX\x9aO\x93y;\xa7,\xbb\x11\xe6\x8fn\xa0m\xf8\xcf\x92\x19\xba,\x0e\x04\xbe\xbb\xdd\x00\xb1\xb6Enr\x17\xa4\xc5)\xcc}*yN\xdc\xc3\xe0\xf2\x10\xe0M\xe3\x98?Y\x96\xab\xc7\x06F\x8e\xab\xc8\x1e\x89]\x13bZ\x8d \x19\x00k\x95\x9eLV(\x8a\x0e\x93\x93Vc]mP\xbativ\xce\xa4K\xfb\xf2\xe0\xbf\x9d\x82\xa2\xcd\xb39\xb4\x17a9\x1c\x82\x1aLT\xd0\xb9\x1a\xafB\x95\xb4\xcf\x91X\x8c\x87\xc2\xa1\x1b\xfe\xe7\xbc\xf7\xeb\xc0L\x1d\x98Zq\xce\xd3\xefB\xd4\xee\xb5\xee\xe0\xaa\xdd\x00\xb1j$S\xfc\xb1[N\x8d\xcfI\xc8\x91\x87\x1fuYG7}%)\xb9\x00\x00\x00\x00\x00\x00\x00\x80W\xe0I\x0e\xa4\x1e}\x06\vK\xed\x11\x880\x0e\x9c\xaeVU\x88\xb0\x84:kgA]Z\x88\xecIf\xee\xba\x8b\xc6\"\xcej\x84\x06\x8a\x99\x80\xd7\xcf\x96\xed\x89\x1e6\x93+\xec#\x1f2\xee\xce\x17\x89vr\xc5j\xec\x1b\xaa\x996\x14e\xcf\x8axQ\x9e\x035\x8a@\xd4\x1c\xe0\xa2\xc8\xb3c\t\xe8\x1a\x89\xecL\xcf\xd8\xb5\xfb\xbc\tX\x88\xbe\xfc@[\xb2\xd5\x8c\xb9\x0e\x17\x8b\xce\xd09\xd2\xfb\x9e\xef\xabR\x88\x17\x9et\xf7\x9c\x01\x91\x00\x00\xdb\xf9\xcb\x7fh\x83>\x8e\xe1=\xedR\xc9\xe68h\x19\xafLD\x94\x93\xebT\x15\x817\x9d\xf5s\x03\x1a=\xcc\xd1\xa7\'\xa0\xaf\xf7\xec\xaf]\x0e\a\x00\x91T\x1b\xee\x10\x92\x80m\xc7\x90\x9fU\xf9\x8e_f\x8e\x00\xc3r*\xc7\xaf\xe2\'\xe0f9\xde\n,\x8c8C26\xa6u<\xa7@H\xdc\xf1\xb0\xb8\x9f\xc2o\x0f\x02I\xb6\xc3xH\xc3\x88\x7f\xd9\x90\xb7=\x1e@\xda9(\xb6\x97~\xea)\'\xa3:\x8d\xebc>z\xae*\xc2\x14\xe9\x89#\xe2)\x9a\xb0hR\xffa\xf8\xde\xf7q4\xcfV\xbb\xc3t\xfa\xa9\x05>\xaea\x12\xce\x1cY\a\xb1&\xb9\x12v\x1dN\xe1,_3\xa9\xa36\xaa.Cj\xd4\a\x84\xb2j\x86\xe1\x1f\xec1\xb9!lI\xc7\xbf\x85\xdd\x03\xbd\xeb\xec\xf9\xf3\xaf\xe02AzX\x9aO\x93y;\xa7,\xbb\x11\xe6\x8fn\xa0m\xf8\xcf\x92\x19\xba,\x0e\x04\xbe\xbb\xdd\x00\xb1\xb6Enr\x17\xa4\xc5)\xcc}*yN\xdc\xc3\xe0\xf2\x10\xe0M\xe3\x98?Y\x96\xab\xc7\x06F\x8e\xab\xc8\x1e\x89]\x13bZ\x8d \x19\x00k\x95\x9eLV(\x8a\x0e\x93\x93Vc]mP\xbativ\xce\xa4K\xfb\xf2\xe0\xbf\x9d\x82\xa2\xcd\xb39\xb4\x17a9\x1c\x82\x1aLT\xd0\xb9\x1a\xafB\x95\xb4\xcf\x91X\x8c\x87\xc2\xa1\x1b\xfe\xe7\xbc\xf7\xeb\xc0L\x1d\x98Zq\xce\xd3\xefB\xd4\xee\xb5\xee\xe0\xaa\xdd\x00\xb1j$S\xfc\xb1[N\x8d\xcfI\xc8\x91\x87\x1fuYG7}%)\xb9\x00\x00\x00\x00\x00\x00\x00\x80W\xe0I\x0e\xa4\x1e}\x06\vK\xed\x11\x880\x0e\x9c\xaeVU\x88\xb0\x84:kgA]Z\x88\xecIf\xee\xba\x8b\xc6\"\xcej\x84\x06\x8a\x99\x80\xd7\xcf\x96\xed\x89\x1e6\x93+\xec#\x1f2\xee\xce\x17\x89vr\xc5j\xec\x1b\xaa\x996\x14e\xcf\x8axQ\x9e\x035\x8a@\xd4\x1c\xe0\xa2\xc8\xb3c\t\xe8\x1a\x89\xecL\xcf\xd8\xb5\xfb\xbc\tX\x88\xbe\xfc@[\xb2\xd5\x8c\xb9\x0e\x17\x8b\xce\xd09\xd2\xfb\x9e\xef\xabR\x88\x17\x9et\xf7\x9c\x01\x91\x00\x00\xdb\xf9\xcb\x7fh\x83>\x8e\xe1=\xedR\xc9\xe68h\x19\xafLD\x94\x93\xebT\x15\x817\x9d\xf5s\x03\x1a=\xcc\xd1\xa7\'\xa0\xaf\xf7\xec\xaf]\x0e\a\x00\x91T\x1b\xee\x10\x92\x80m\xc7\x90\x9fU\xf9\x8e_f\x8e\x00\xc3r*\xc7\xaf\xe2\'\xe0f9\xde\n,\x8c8C26\xa6u<\xa7@H\xdc\xf1\xb0\xb8\x9f\xc2o\x0f\x02I\xb6\xc3xH\xc3\x88\x7f\xd9\x90\xb7=\x1e@\xda9(\xb6\x97~\xea)\'\xa3:\x8d\xebc>z\xae*\xc2\x14\xe9\x89#\xe2)\x9a\xb0hR\xffa\xf8\xde\xf7q4\xcfV\xbb\xc3t\xfa\xa9\x05>\xaea\x12\xce\x1cY\a\xb1&\xb9\x12v\x1dN\xe1,_3\xa9\xa36\xaa.Cj\xd4\a\x84\xb2j\x86\xe1\x1f\xec1\xb9!lI\xc7\xbf\x85\xdd\x03\xbd\xeb\xec\xf9\xf3\xaf\xe02AzX\x9aO\x93y;\xa7,\xbb\x11\xe6\x8fn\xa0m\xf8\xcf\x92\x19\xba,\x0e\x04\xbe\xbb\xdd\x00\xb1\xb6Enr\x17\xa4\xc5)\xcc}*yN\xdc\xc3\xe0\xf2\x10\xe0M\xe3\x98?Y\x96\xab\xc7\x06F\x8e\xab\xc8\x1e\x89]\x13bZ\x8d \x19\x00k\x95\x9eLV(\x8a\x0e\x93\x93Vc]mP\xbativ\xce\xa4K\xfb\xf2\xe0\xbf\x9d\x82\xa2\xcd\xb39\xb4\x17a9\x1c\x82\x1aLT\xd0\xb9\x1a\xafB\x95\xb4\xcf\x91X\x8c\x87\xc2\xa1\x1b\xfe\xe7\xbc\xf7\xeb\xc0L\x1d\x98Zq\xce\xd3\xefB\xd4\xee\xb5\xee\xe0\xaa\xdd\x00\xb1j$S\xfc\xb1[N\x8d\xcfI\xc8\x91\x87\x1fuYG7}%)\xb9\x00\x00\x00\x00\x00\x00\x00\x80W\xe0I\x0e\xa4\x1e}\x06\vK\xed\x11\x880\x0e\x9c\xaeVU\x88\xb0\x84:kgA]Z\x88\xecIf\xee\xba\x8b\xc6\"\xcej\x84\x06\x8a\x99\x80\xd7\xcf\x96\xed\x89\x1e6\x93+\xec#\x1f2\xee\xce\x17\x89vr\xc5j\xec\x1b\xaa\x996\x14e\xcf\x8axQ\x9e\x035\x8a@\xd4\x1c\xe0\xa2\xc8\xb3c\t\xe8\x1a\x89\xecL\xcf\xd8\xb5\xfb\xbc\tX\x88\xbe\xfc@[\xb2\xd5\x8c\xb9\x0e\x17\x8b\xce\xd09\xd2\xfb\x9e\xef\xabR\x88\x17\x9et\xf7\x9c\x01\x91\x00\x00\xdb\xf9\xcb\x7fh\x83>\x8e\xe1=\xedR\xc9\xe68h\x19\xafLD\x94\x93\xebT\x15\x817\x9d\xf5s\x03\x1a=\xcc\xd1\xa7\'\xa0\xaf\xf7\xec\xaf]\x0e\a\x00\x91T\x1b\xee\x10\x92\x80m\xc7\x90\x9fU\xf9\x8e_f\x8e\x00\xc3r*\xc7\xaf\xe2\'\xe0f9\xde\n,\x8c8C26\xa6u<\xa7@H\xdc\xf1\xb0\xb8\x9f\xc2o\x0f\x02I\xb6\xc3xH\xc3\x88\x7f\xd9\x90\xb7=\x1e@\xda9(\xb6\x97~\xea)\'\xa3:\x8d\xebc>z\xae*\xc2\x14\xe9\x89#\xe2)\x9a\xb0hR\xffa\xf8\xde\xf7q4\xcfV\xbb\xc3t\xfa\xa9\x05>\xaea\x12\xce\x1cY\a\xb1&\xb9\x12v\x1dN\xe1,_3\xa9\xa36\xaa.Cj\xd4\a\x84\xb2j\x86\xe1\x1f\xec1\xb9!lI\xc7\xbf\x85\xdd\x03\xbd\xeb\xec\xf9\xf3\xaf\xe02AzX\x9aO\x93y;\xa7,\xbb\x11\xe6\x8fn\xa0m\xf8\xcf\x92\x19\xba,\x0e\x04\xbe\xbb\xdd\x00\xb1\xb6Enr\x17\xa4\xc5)\xcc}*yN\xdc\xc3\xe0\xf2\x10\xe0M\xe3\x98?Y\x96\xab\xc7\x06F\x8e\xab\xc8\x1e\x89]\x13bZ\x8d \x19\x00k\x95\x9eLV(\x8a\x0e\x93\x93Vc]mP\xbativ\xce\xa4K\xfb\xf2\xe0\xbf\x9d\x82\xa2\xcd\xb39\xb4\x17a9\x1c\x82\x1aLT\xd0\xb9\x1a\xafB\x95\xb4\xcf\x91X\x8c\x87\xc2\xa1\x1b\xfe\xe7\xbc\xf7\xeb\xc0L\x1d\x98Zq\xce\xd3\xefB\xd4\xee\xb5\xee\xe0\xaa\xdd\x00\xb1j$S\xfc\xb1[N\x8d\xcfI\xc8\x91\x87\x1fuYG7}%)\xb9\x00\x00\x00\x00\x00\x00\x00\x80W\xe0I\x0e\xa4\x1e}\x06\vK\xed\x11\x880\x0e\x9c\xaeVU\x88\xb0\x84:kgA]Z\x88\xecIf\xee\xba\x8b\xc6\"\xcej\x84\x06\x8a\x99\x80\xd7\xcf\x96\xed\x89\x1e6\x93+\xec#\x1f2\xee\xce\x17\x89vr\xc5j\xec\x1b\xaa\x996\x14e\xcf\x8axQ\x9e\x035\x8a@\xd4\x1c\xe0\xa2\xc8\xb3c\t\xe8\x1a\x89\xecL\xcf\xd8\xb5\xfb\xbc\tX\x88\xbe\xfc@[\xb2\xd5\x8c\xb9\x0e\x17\x8b\xce\xd09\xd2\xfb\x9e\xef\xabR\x88\x17\x9et\xf7\x9c\x01\x91\x00\x00\xdb\xf9\xcb\x7fh\x83>\x8e\xe1=\xedR\xc9\xe68h\x19\xafLD\x94\x93\xebT\x15\x817\x9d\xf5s\x03\x1a=\xcc\xd1\xa7\'\xa0\xaf\xf7\xec\xaf]\x0e\a\x00\x91T\x1b\xee\x10\x92\x80m\xc7\x90\x9fU\xf9\x8e_f\x8e\x00\xc3r*\xc7\xaf\xe2\'\xe0f9\xde\n,\x8c8C26\xa6u<\xa7@H\xdc\xf1\xb0\xb8\x9f\xc2o\x0f\x02I\xb6\xc3xH\xc3\x88\x7f\xd9\x90\xb7=\x1e@\xda9(\xb6\x97~\xea)\'\xa3:\x8d\xebc>z\xae*\xc2\x14\xe9\x89#\xe2)\x9a\xb0hR\xffa\xf8\xde\xf7q4\xcfV\xbb\xc3t\xfa\xa9\x05>\xaea\x12\xce\x1cY\a\xb1&\xb9\x12v\x1dN\xe1,_3\xa9\xa36\xaa.Cj\xd4\a\x84\xb2j\x86\xe1\x1f\xec1\xb9!lI\xc7\xbf\x85\xdd\x03\xbd\xeb\xec\xf9\xf3\xaf\xe02AzX\x9aO\x93y;\xa7,\xbb\x11\xe6\x8fn\xa0m\xf8\xcf\x92\x19\xba,\x0e\x04\xbe\xbb\xdd\x00\xb1\xb6Enr\x17\xa4\xc5)\xcc}*yN\xdc\xc3\xe0\xf2\x10\xe0M\xe3\x98?Y\x96\xab\xc7\x06F\x8e\xab\xc8\x1e\x89]\x13bZ\x8d \x19\x00k\x95\x9eLV(\x8a\x0e\x93\x93Vc]mP\xbativ\xce\xa4K\xfb\xf2\xe0\xbf\x9d\x82\xa2\xcd\xb39\xb4\x17a9\x1c\x82\x1aLT\xd0\xb9\x1a\xafB\x95\xb4\xcf\x91X\x8c\x87\xc2\xa1\x1b\xfe\xe7\xbc\xf7\xeb\xc0L\x1d\x98Zq\xce\xd3\xefB\xd4\xee\xb5\xee\xe0\xaa\xdd\x00\xb1j$S\xfc\xb1[N\x8d\xcfI\xc8\x91\x87\x1fuYG7}%)\xb9\x00\x00\x00\x00\x00\x00\x00\x80W\xe0I\x0e\xa4\x1e}\x06\vK\xed\x11\x880\x0e\x9c\xaeVU\x88\xb0\x84:kgA]Z\x88\xecIf\xee\xba\x8b\xc6\"\xcej\x84\x06\x8a\x99\x80\xd7\xcf\x96\xed\x89\x1e6\x93+\xec#\x1f2\xee\xce\x17\x89vr\xc5j\xec\x1b\xaa\x996\x14e\xcf\x8axQ\x9e\x035\x8a@\xd4\x1c\xe0\xa2\xc8\xb3c\t\xe8\x1a\x89\xecL\xcf\xd8\xb5\xfb\xbc\tX\x88\xbe\xfc@[\xb2\xd5\x8c\xb9\x0e\x17\x8b\xce\xd09\xd2\xfb\x9e\xef\xabR\x88\x17\x9et\xf7\x9c\x01\x91\x00\x00\xdb\xf9\xcb\x7fh\x83>\x8e\xe1=\xedR\xc9\xe68h\x19\xafLD\x94\x93\xebT\x15\x817\x9d\xf5s\x03\x1a=\xcc\xd1\xa7\'\xa0\xaf\xf7\xec\xaf]\x0e\a\x00\x91T\x1b\xee\x10\x92\x80m\xc7\x90\x9fU\xf9\x8e_f\x8e\x00\xc3r*\xc7\xaf\xe2\'\xe0f9\xde\n,\x8c8C26\xa6u<\xa7@H\xdc\xf1\xb0\xb8\x9f\xc2o\x0f\x02I\xb6\xc3xH\xc3\x88\x7f\xd9\x90\xb7=\x1e@\xda9(\xb6\x97~\xea)\'\xa3:\x8d\xebc>z\xae*\xc2\x14\xe9\x89#\xe2)\x9a\xb0hR\xffa\xf8\xde\xf7q4\xcfV\xbb\xc3t\xfa\xa9\x05>\xaea\x12\xce\x1cY\a\xb1&\xb9\x12v\x1dN\xe1,_3\xa9\xa36\xaa.Cj\xd4\a\x84\xb2j\x86\xe1\x1f\xec1\xb9!lI\xc7\xbf\x85\xdd\x03\xbd\xeb\xec\xf9\xf3\xaf\xe02AzX\x9aO\x93y;\xa7,\xbb\x11\xe6\x8fn\xa0m\xf8\xcf\x92\x19\xba,\x0e\x04\xbe\xbb\xdd\x00\xb1\xb6Enr\x17\xa4\xc5)\xcc}*yN\xdc\xc3\xe0\xf2\x10\xe0M\xe3\x98?Y\x96\xab\xc7\x06F\x8e\xab\xc8\x1e\x89]\x13bZ\x8d \x19\x00k\x95\x9eLV(\x8a\x0e\x93\x93Vc]mP\xbativ\xce\xa4K\xfb\xf2\xe0\xbf\x9d\x82\xa2\xcd\xb39\xb4\x17a9\x1c\x82\x1aLT\xd0\xb9\x1a\xafB\x95\xb4\xcf\x91X\x8c\x87\xc2\xa1\x1b\xfe\xe7\xbc\xf7\xeb\xc0L\x1d\x98Zq\xce\xd3\xefB\xd4\xee\xb5\xee\xe0\xaa\xdd\x00\xb1j$S\xfc\xb1[N\x8d\xcfI\xc8\x91\x87\x1fuYG7}%)\xb9\x00\x00\x00\x00\x00\x00\x00\x80W\xe0I\x0e\xa4\x1e}\x06\vK\xed\x11\x880\x0e\x9c\xaeVU\x88\xb0\x84:kgA]Z\x88\xecIf\xee\xba\x8b\xc6\"\xcej\x84\x06\x8a\x99\x80\xd7\xcf\x96\xed\x89\x1e6\x93+\xec#\x1f2\xee\xce\x17\x89vr\xc5j\xec\x1b\xaa\x996\x14e\xcf\x8axQ\x9e\x035\x8a@\xd4\x1c\xe0\xa2\xc8\xb3c\t\xe8\x1a\x89\xecL\xcf\xd8\xb5\xfb\xbc\tX\x88\xbe\xfc@[\xb2\xd5\x8c\xb9\x0e\x17\x8b\xce\xd09\xd2\xfb\x9e\xef\xabR\x88\x17\x9et\xf7\x9c\x01\x91\x00\x00\xdb\xf9\xcb\x7fh\x83>\x8e\xe1=\xedR\xc9\xe68h\x19\xafLD\x94\x93\xebT\x15\x817\x9d\xf5s\x03\x1a=\xcc\xd1\xa7\'\xa0\xaf\xf7\xec\xaf]\x0e\a\x00\x91T\x1b\xee\x10\x92\x80m\xc7\x90\x9fU\xf9\x8e_f\x8e\x00\xc3r*\xc7\xaf\xe2\'\xe0f9\xde\n,\x8c8C26\xa6u<\xa7@H\xdc\xf1\xb0\xb8\x9f\xc2o\x0f\x02I\xb6\xc3xH\xc3\x88\x7f\xd9\x90\xb7=\x1e@\xda9(\xb6\x97~\xea)\'\xa3:\x8d\xebc>z\xae*\xc2\x14\xe9\x89#\xe2)\x9a\xb0hR\xffa\xf8\xde\xf7q4\xcfV\xbb\xc3t\xfa\xa9\x05>\xaea\x12\xce\x1cY\a\xb1&\xb9\x12v\x1dN\xe1,_3\xa9\xa36\xaa.Cj\xd4\a\x84\xb2j\x86\xe1\x1f\xec1\xb9!lI\xc7\xbf\x85\xdd\x03\xbd\xeb\xec\xf9\xf3\xaf\xe02AzX\x9aO\x93y;\xa7,\xbb\x11\xe6\x8fn\xa0m\xf8\xcf\x92\x19\xba,\x0e\x04\xbe\xbb\xdd\x00\xb1\xb6Enr\x17\xa4\xc5)\xcc}*yN\xdc\xc3\xe0\xf2\x10\xe0M\xe3\x98?Y\x96\xab\xc7\x06F\x8e\xab\xc8\x1e\x89]\x13bZ\x8d \x19\x00k\x95\x9eLV(\x8a\x0e\x93\x93Vc]mP\xbativ\xce\xa4K\xfb\xf2\xe0\xbf\x9d\x82\xa2\xcd\xb39\xb4\x17a9\x1c\x82\x1aLT\xd0\xb9\x1a\xafB\x95\xb4\xcf\x91X\x8c\x87\xc2\xa1\x1b\xfe\xe7\xbc\xf7\xeb\xc0L\x1d\x98Zq\xce\xd3\xefB\xd4\xee\xb5\xee\xe0\xaa\xdd\x00\xb1j$S\xfc\xb1[N\x8d\xcfI\xc8\x91\x87\x1fuYG7}%)\xb9\x00\x00\x00\x00\x00\x00\x00\x80W\xe0I\x0e\xa4\x1e}\x06\vK\xed\x11\x880\x0e\x9c\xaeVU\x88\xb0\x84:kgA]Z\x88\xecIf\xee\xba\x8b\xc6\"\xcej\x84\x06\x8a\x99\x80\xd7\xcf\x96\xed\x89\x1e6\x93+\xec#\x1f2\xee\xce\x17\x89vr\xc5j\xec\x1b\xaa\x996\x14e\xcf\x8axQ\x9e\x035\x8a@\xd4\x1c\xe0\xa2\xc8\xb3c\t\xe8\x1a\x89\xecL\xcf\xd8\xb5\xfb\xbc\tX\x88\xbe\xfc@[\xb2\xd5\x8c\xb9\x0e\x17\x8b\xce\xd09\xd2\xfb\x9e\xef\xabR\x88\x17\x9et\xf7\x9c\x01\x91\x00\x00\xdb\xf9\xcb\x7fh\x83>\x8e\xe1=\xedR\xc9\xe68h\x19\xafLD\x94\x93\xebT\x15\x817\x9d\xf5s\x03\x1a=\xcc\xd1\xa7\'\xa0\xaf\xf7\xec\xaf]\x0e\a\x00\x91T\x1b\xee\x10\x92\x80m\xc7\x90\x9fU\xf9\x8e_f\x8e\x00\xc3r*\xc7\xaf\xe2\'\xe0f9\xde\n,\x8c8C26\xa6u<\xa7@H\xdc\xf1\xb0\xb8\x9f\xc2o\x0f\x02I\xb6\xc3xH\xc3\x88\x7f\xd9\x90\xb7=\x1e@\xda9(\xb6\x97~\xea)\'\xa3:\x8d\xebc>z\xae*\xc2\x14\xe9\x89#\xe2)\x9a\xb0hR\xffa\xf8\xde\xf7q4\xcfV\xbb\xc3t\xfa\xa9\x05>\xaea\x12\xce\x1cY\a\xb1&\xb9\x12v\x1dN\xe1,_3\xa9\xa36\xaa.Cj\xd4\a\x84\xb2j\x86\xe1\x1f\xec1\xb9!lI\xc7\xbf\x85\xdd\x03\xbd\xeb\xec\xf9\xf3\xaf\xe02AzX\x9aO\x93y;\xa7,\xbb\x11\xe6\x8fn\xa0m\xf8\xcf\x92\x19\xba,\x0e\x04\xbe\xbb\xdd\x00\xb1\xb6Enr\x17\xa4\xc5)\xcc}*yN\xdc\xc3\xe0\xf2\x10\xe0state=0x0 ->cpu=0 rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. rcu: RCU grace-period kthread stack dump: task:rcu_preempt state:R running task stack:27416 pid: 15 ppid: 2 flags:0x00004000 Call Trace: context_switch kernel/sched/core.c:5049 [inline] __schedule+0x11ef/0x43c0 kernel/sched/core.c:6395 schedule+0x11b/0x1e0 kernel/sched/core.c:6478 schedule_timeout+0x184/0x2d0 kernel/time/timer.c:1914 rcu_gp_fqs_loop+0x2be/0x11d0 kernel/rcu/tree.c:1972 rcu_gp_kthread+0x9b/0x370 kernel/rcu/tree.c:2145 kthread+0x436/0x520 kernel/kthread.c:334 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287 rcu: Stack dump where RCU GP kthread last ran: Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 4368 Comm: syz.0.17 Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 RIP: 0010:get_current arch/x86/include/asm/current.h:15 [inline] RIP: 0010:write_comp_data kernel/kcov.c:226 [inline] RIP: 0010:__sanitizer_cov_trace_cmp8+0x4/0x80 kernel/kcov.c:273 Code: 77 22 89 ff 89 f6 4a c7 44 02 08 04 00 00 00 4a 89 7c 02 10 4a 89 74 02 18 4a 89 44 02 20 48 ff c1 48 89 0a c3 90 48 8b 04 24 <65> 48 8b 0d 34 4e 89 7e 65 8b 15 35 4e 89 7e 81 e2 00 01 ff 00 74 RSP: 0018:ffffc90000007e30 EFLAGS: 00000807 RAX: ffffffff8169844c RBX: 000001fb63109b96 RCX: ffff88807b6cbb80 RDX: 0000000000010000 RSI: 1fffffffffffffff RDI: fffffffffeab7631 RBP: 00000000015489ce R08: ffffffff8d89d8af R09: 1ffffffff1b13b15 R10: dffffc0000000000 R11: fffffbfff1b13b16 R12: 0000005d3e7a8b44 R13: 1fffffffffffffff R14: fffffffffeab7631 R15: dffffc0000000000 FS: 0000555589f0e500(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000020000006b000 CR3: 00000000758bf000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: timekeeping_get_delta kernel/time/timekeeping.c:267 [inline] timekeeping_get_ns kernel/time/timekeeping.c:388 [inline] ktime_get_update_offsets_now+0x17c/0x3e0 kernel/time/timekeeping.c:2303 hrtimer_update_base kernel/time/hrtimer.c:621 [inline] hrtimer_interrupt+0x130/0x8d0 kernel/time/hrtimer.c:1793 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1097 [inline] __sysvec_apic_timer_interrupt+0x137/0x4a0 arch/x86/kernel/apic/apic.c:1114 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1108 [inline] sysvec_apic_timer_interrupt+0x9b/0xc0 arch/x86/kernel/apic/apic.c:1108 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:676 RIP: 0010:__raw_spin_unlock_irq include/linux/spinlock_api_smp.h:169 [inline] RIP: 0010:_raw_spin_unlock_irq+0x25/0x40 kernel/locking/spinlock.c:202 Code: 00 00 00 66 90 53 48 89 fb 48 83 c7 18 48 8b 74 24 08 e8 4e 2c 98 f7 48 89 df e8 86 04 99 f7 e8 11 f3 b9 f7 fb bf 01 00 00 00 06 0b 8d f7 65 8b 05 87 17 3d 76 85 c0 74 02 5b c3 e8 d4 24 3b RSP: 0018:ffffc900034efbc0 EFLAGS: 00000282 RAX: 485f010d4336f400 RBX: ffff88802c502e40 RCX: 485f010d4336f400 RDX: dffffc0000000000 RSI: ffffffff8a2b2780 RDI: 0000000000000001 RBP: 0000000000000000 R08: ffff88802c502e43 R09: 1ffff110058a05c8 R10: dffffc0000000000 R11: ffffed10058a05c9 R12: ffff88802c502e40 R13: 0000000000000021 R14: dffffc0000000000 R15: 000000001c000004 spin_unlock_irq include/linux/spinlock.h:414 [inline] get_signal+0x11d6/0x12c0 kernel/signal.c:2903 arch_do_signal_or_restart+0xe7/0x12c0 arch/x86/kernel/signal.c:867 handle_signal_work kernel/entry/common.c:154 [inline] exit_to_user_mode_loop+0x9e/0x130 kernel/entry/common.c:178 exit_to_user_mode_prepare+0xee/0x180 kernel/entry/common.c:214 __syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline] syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:307 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x66/0xd0 RIP: 0033:0x7f5d83f7af52 Code: eb 9d 66 0f 1f 44 00 00 48 89 df 31 f6 31 c0 e8 84 9e 14 00 48 81 c4 90 00 00 00 48 98 5b c3 66 0f 1f 84 00 00 00 00 00 41 54 <55> 53 48 89 fb 48 81 ec d0 00 00 00 48 89 74 24 28 48 89 54 24 30 RSP: 002b:00007ffc6f800e70 EFLAGS: 00000206 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f5d8416e534 RDX: 0000000000010717 RSI: 0000000000000000 RDI: 00007f5d84133cfa RBP: 00007f5d8416e534 R08: 0000000000000000 R09: 001b3438fbfbd468 R10: 000000473bd16caf R11: 00000000000064ec R12: 0000000000000000 R13: 00007f5d84340fac R14: 00007f5d84340fa0 R15: 00007f5d84340fa0 NMI backtrace for cpu 1 CPU: 1 PID: 4367 Comm: syz.1.18 Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 Call Trace: dump_stack_lvl+0x188/0x250 lib/dump_stack.c:106 nmi_cpu_backtrace+0x3a2/0x3d0 lib/nmi_backtrace.c:111 nmi_trigger_cpumask_backtrace+0x163/0x280 lib/nmi_backtrace.c:62 trigger_single_cpu_backtrace include/linux/nmi.h:166 [inline] rcu_dump_cpu_stacks+0x22f/0x380 kernel/rcu/tree_stall.h:349 print_cpu_stall+0x31d/0x5f0 kernel/rcu/tree_stall.h:633 check_cpu_stall kernel/rcu/tree_stall.h:727 [inline] rcu_pending kernel/rcu/tree.c:3936 [inline] rcu_sched_clock_irq+0x6ea/0x1120 kernel/rcu/tree.c:2619 update_process_times+0x193/0x200 kernel/time/timer.c:1818 tick_sched_handle kernel/time/tick-sched.c:254 [inline] tick_sched_timer+0x37d/0x560 kernel/time/tick-sched.c:1473 __run_hrtimer kernel/time/hrtimer.c:1685 [inline] __hrtimer_run_queues+0x4ad/0xb70 kernel/time/hrtimer.c:1749 hrtimer_interrupt+0x3bb/0x8d0 kernel/time/hrtimer.c:1811 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1097 [inline] __sysvec_apic_timer_interrupt+0x137/0x4a0 arch/x86/kernel/apic/apic.c:1114 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1108 [inline] sysvec_apic_timer_interrupt+0x9b/0xc0 arch/x86/kernel/apic/apic.c:1108 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:676 RIP: 0010:__raw_spin_unlock_irq include/linux/spinlock_api_smp.h:169 [inline] RIP: 0010:_raw_spin_unlock_irq+0x25/0x40 kernel/locking/spinlock.c:202 Code: 00 00 00 66 90 53 48 89 fb 48 83 c7 18 48 8b 74 24 08 e8 4e 2c 98 f7 48 89 df e8 86 04 99 f7 e8 11 f3 b9 f7 fb bf 01 00 00 00 06 0b 8d f7 65 8b 05 87 17 3d 76 85 c0 74 02 5b c3 e8 d4 24 3b RSP: 0018:ffffc900034dfbc0 EFLAGS: 00000282 RAX: 75acd4977f317100 RBX: ffff88802b56a500 RCX: 75acd4977f317100 RDX: dffffc0000000000 RSI: ffffffff8a2b2780 RDI: 0000000000000001 RBP: 0000000000000000 R08: ffff88802b56a503 R09: 1ffff110056ad4a0 R10: dffffc0000000000 R11: ffffed10056ad4a1 R12: ffff88802b56a500 R13: 0000000000000021 R14: dffffc0000000000 R15: 000000001c000004 spin_unlock_irq include/linux/spinlock.h:414 [inline] get_signal+0x11d6/0x12c0 kernel/signal.c:2903 arch_do_signal_or_restart+0xe7/0x12c0 arch/x86/kernel/signal.c:867 handle_signal_work kernel/entry/common.c:154 [inline] exit_to_user_mode_loop+0x9e/0x130 kernel/entry/common.c:178 exit_to_user_mode_prepare+0xee/0x180 kernel/entry/common.c:214 __syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline] syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:307 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x66/0xd0 RIP: 0033:0x7f54c6a77eb9 Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffd49d55c28 EFLAGS: 00000246 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f54c6a77eb9 RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f54c6cf2fac RBP: 0000000000001db9 R08: 001b3438fbfbd468 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f54c6cf2fac R14: 00007f54c6cf2fa8 R15: 00007f54c6cf2fa0 sched: RT throttling activated final repro crashed as (corrupted=false): rcu: INFO: rcu_preempt self-detected stall on CPU rcu: 1-...!: (10500 ticks this GP) idle=22d/1/0x4000000000000000 softirq=6563/6565 fqs=8 (t=10502 jiffies g=7173 q=190) rcu: rcu_preempt kthread starved for 10487 jiffies! g7173 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. rcu: RCU grace-period kthread stack dump: task:rcu_preempt state:R running task stack:27416 pid: 15 ppid: 2 flags:0x00004000 Call Trace: context_switch kernel/sched/core.c:5049 [inline] __schedule+0x11ef/0x43c0 kernel/sched/core.c:6395 schedule+0x11b/0x1e0 kernel/sched/core.c:6478 schedule_timeout+0x184/0x2d0 kernel/time/timer.c:1914 rcu_gp_fqs_loop+0x2be/0x11d0 kernel/rcu/tree.c:1972 rcu_gp_kthread+0x9b/0x370 kernel/rcu/tree.c:2145 kthread+0x436/0x520 kernel/kthread.c:334 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287 rcu: Stack dump where RCU GP kthread last ran: Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 4368 Comm: syz.0.17 Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 RIP: 0010:get_current arch/x86/include/asm/current.h:15 [inline] RIP: 0010:write_comp_data kernel/kcov.c:226 [inline] RIP: 0010:__sanitizer_cov_trace_cmp8+0x4/0x80 kernel/kcov.c:273 Code: 77 22 89 ff 89 f6 4a c7 44 02 08 04 00 00 00 4a 89 7c 02 10 4a 89 74 02 18 4a 89 44 02 20 48 ff c1 48 89 0a c3 90 48 8b 04 24 <65> 48 8b 0d 34 4e 89 7e 65 8b 15 35 4e 89 7e 81 e2 00 01 ff 00 74 RSP: 0018:ffffc90000007e30 EFLAGS: 00000807 RAX: ffffffff8169844c RBX: 000001fb63109b96 RCX: ffff88807b6cbb80 RDX: 0000000000010000 RSI: 1fffffffffffffff RDI: fffffffffeab7631 RBP: 00000000015489ce R08: ffffffff8d89d8af R09: 1ffffffff1b13b15 R10: dffffc0000000000 R11: fffffbfff1b13b16 R12: 0000005d3e7a8b44 R13: 1fffffffffffffff R14: fffffffffeab7631 R15: dffffc0000000000 FS: 0000555589f0e500(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000020000006b000 CR3: 00000000758bf000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: timekeeping_get_delta kernel/time/timekeeping.c:267 [inline] timekeeping_get_ns kernel/time/timekeeping.c:388 [inline] ktime_get_update_offsets_now+0x17c/0x3e0 kernel/time/timekeeping.c:2303 hrtimer_update_base kernel/time/hrtimer.c:621 [inline] hrtimer_interrupt+0x130/0x8d0 kernel/time/hrtimer.c:1793 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1097 [inline] __sysvec_apic_timer_interrupt+0x137/0x4a0 arch/x86/kernel/apic/apic.c:1114 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1108 [inline] sysvec_apic_timer_interrupt+0x9b/0xc0 arch/x86/kernel/apic/apic.c:1108 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:676 RIP: 0010:__raw_spin_unlock_irq include/linux/spinlock_api_smp.h:169 [inline] RIP: 0010:_raw_spin_unlock_irq+0x25/0x40 kernel/locking/spinlock.c:202 Code: 00 00 00 66 90 53 48 89 fb 48 83 c7 18 48 8b 74 24 08 e8 4e 2c 98 f7 48 89 df e8 86 04 99 f7 e8 11 f3 b9 f7 fb bf 01 00 00 00 06 0b 8d f7 65 8b 05 87 17 3d 76 85 c0 74 02 5b c3 e8 d4 24 3b RSP: 0018:ffffc900034efbc0 EFLAGS: 00000282 RAX: 485f010d4336f400 RBX: ffff88802c502e40 RCX: 485f010d4336f400 RDX: dffffc0000000000 RSI: ffffffff8a2b2780 RDI: 0000000000000001 RBP: 0000000000000000 R08: ffff88802c502e43 R09: 1ffff110058a05c8 R10: dffffc0000000000 R11: ffffed10058a05c9 R12: ffff88802c502e40 R13: 0000000000000021 R14: dffffc0000000000 R15: 000000001c000004 spin_unlock_irq include/linux/spinlock.h:414 [inline] get_signal+0x11d6/0x12c0 kernel/signal.c:2903 arch_do_signal_or_restart+0xe7/0x12c0 arch/x86/kernel/signal.c:867 handle_signal_work kernel/entry/common.c:154 [inline] exit_to_user_mode_loop+0x9e/0x130 kernel/entry/common.c:178 exit_to_user_mode_prepare+0xee/0x180 kernel/entry/common.c:214 __syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline] syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:307 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x66/0xd0 RIP: 0033:0x7f5d83f7af52 Code: eb 9d 66 0f 1f 44 00 00 48 89 df 31 f6 31 c0 e8 84 9e 14 00 48 81 c4 90 00 00 00 48 98 5b c3 66 0f 1f 84 00 00 00 00 00 41 54 <55> 53 48 89 fb 48 81 ec d0 00 00 00 48 89 74 24 28 48 89 54 24 30 RSP: 002b:00007ffc6f800e70 EFLAGS: 00000206 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f5d8416e534 RDX: 0000000000010717 RSI: 0000000000000000 RDI: 00007f5d84133cfa RBP: 00007f5d8416e534 R08: 0000000000000000 R09: 001b3438fbfbd468 R10: 000000473bd16caf R11: 00000000000064ec R12: 0000000000000000 R13: 00007f5d84340fac R14: 00007f5d84340fa0 R15: 00007f5d84340fa0 NMI backtrace for cpu 1 CPU: 1 PID: 4367 Comm: syz.1.18 Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 Call Trace: dump_stack_lvl+0x188/0x250 lib/dump_stack.c:106 nmi_cpu_backtrace+0x3a2/0x3d0 lib/nmi_backtrace.c:111 nmi_trigger_cpumask_backtrace+0x163/0x280 lib/nmi_backtrace.c:62 trigger_single_cpu_backtrace include/linux/nmi.h:166 [inline] rcu_dump_cpu_stacks+0x22f/0x380 kernel/rcu/tree_stall.h:349 print_cpu_stall+0x31d/0x5f0 kernel/rcu/tree_stall.h:633 check_cpu_stall kernel/rcu/tree_stall.h:727 [inline] rcu_pending kernel/rcu/tree.c:3936 [inline] rcu_sched_clock_irq+0x6ea/0x1120 kernel/rcu/tree.c:2619 update_process_times+0x193/0x200 kernel/time/timer.c:1818 tick_sched_handle kernel/time/tick-sched.c:254 [inline] tick_sched_timer+0x37d/0x560 kernel/time/tick-sched.c:1473 __run_hrtimer kernel/time/hrtimer.c:1685 [inline] __hrtimer_run_queues+0x4ad/0xb70 kernel/time/hrtimer.c:1749 hrtimer_interrupt+0x3bb/0x8d0 kernel/time/hrtimer.c:1811 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1097 [inline] __sysvec_apic_timer_interrupt+0x137/0x4a0 arch/x86/kernel/apic/apic.c:1114 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1108 [inline] sysvec_apic_timer_interrupt+0x9b/0xc0 arch/x86/kernel/apic/apic.c:1108 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:676 RIP: 0010:__raw_spin_unlock_irq include/linux/spinlock_api_smp.h:169 [inline] RIP: 0010:_raw_spin_unlock_irq+0x25/0x40 kernel/locking/spinlock.c:202 Code: 00 00 00 66 90 53 48 89 fb 48 83 c7 18 48 8b 74 24 08 e8 4e 2c 98 f7 48 89 df e8 86 04 99 f7 e8 11 f3 b9 f7 fb bf 01 00 00 00 06 0b 8d f7 65 8b 05 87 17 3d 76 85 c0 74 02 5b c3 e8 d4 24 3b RSP: 0018:ffffc900034dfbc0 EFLAGS: 00000282 RAX: 75acd4977f317100 RBX: ffff88802b56a500 RCX: 75acd4977f317100 RDX: dffffc0000000000 RSI: ffffffff8a2b2780 RDI: 0000000000000001 RBP: 0000000000000000 R08: ffff88802b56a503 R09: 1ffff110056ad4a0 R10: dffffc0000000000 R11: ffffed10056ad4a1 R12: ffff88802b56a500 R13: 0000000000000021 R14: dffffc0000000000 R15: 000000001c000004 spin_unlock_irq include/linux/spinlock.h:414 [inline] get_signal+0x11d6/0x12c0 kernel/signal.c:2903 arch_do_signal_or_restart+0xe7/0x12c0 arch/x86/kernel/signal.c:867 handle_signal_work kernel/entry/common.c:154 [inline] exit_to_user_mode_loop+0x9e/0x130 kernel/entry/common.c:178 exit_to_user_mode_prepare+0xee/0x180 kernel/entry/common.c:214 __syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline] syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:307 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x66/0xd0 RIP: 0033:0x7f54c6a77eb9 Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffd49d55c28 EFLAGS: 00000246 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f54c6a77eb9 RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f54c6cf2fac RBP: 0000000000001db9 R08: 001b3438fbfbd468 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f54c6cf2fac R14: 00007f54c6cf2fa8 R15: 00007f54c6cf2fa0 sched: RT throttling activated