last executing test programs: 1m10.777771791s ago: executing program 2 (id=1852): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000040), 0x4) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x4e21, 0xf, @ipv4={'\x00', '\xff\xff', @private=0xa010101}, 0x4}]}, &(0x7f0000000140)=0x10) listen(r0, 0xfff) accept$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @initdev}, &(0x7f00000001c0)=0x1c) 1m9.798313249s ago: executing program 2 (id=1862): syz_mount_image$ocfs2(&(0x7f0000000000), &(0x7f0000000040)='./file1\x00', 0x10008d0, &(0x7f0000000140)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6572726f72733d72656d6f756e742d726f2c636f686572656e63793d66756c6c2c7072656665727265645f736c6f743d30303030303030303030303030303030303030312c6c6f63616c666c6f636b732c696e74722c6e6f61636c2c00b83578110c8182871d1a888ab910bda6ed5eb8d85850b69e5f00a4b2822944f8a40011442cbdd903ae8f5dbd229f91fe1093b9e1d8042b3023b0ec8f09897497044a104701d3013512e0487b6bd6650f232292d8b0155a94728bba1a8248fed123795bcc184683b33d0d5f4455ea61c1cb567c01edd33f14c229437ce876bf88798ec1e2f28b87b591031c3d50710d9cc51b760aff0105a5c3772f54bdf7395bb2bb7b4a0323ca"], 0x1, 0x4454, &(0x7f000000cd00)="$eJzs3b9vHFkdAPA3Y4fYIQE7pAgSEisRCQTIslMFHAnHceLYiQkKJEI0m7W9SQxrb2SvEUUK00WiQqJAFBFIdK4iF7ThT6ChDHUkKGjudFJ0Pu3OrL0z3pX3rF37nPt8iszO+zVv9zvz5k2k8YtTtWcrG4WVjUJprVBderJxtfDbamVztRziY9L2+GeO7/h0px/nyUmfe19m92/e/vmjqyH8c/nf73Z3d3dD3WBoa6Ll80f/f7HUum2Kc3Xq7WZT7rRv/Mh+FUK4VP9wPt+fgRDCL/8RQhRCuJGmTafb4RDChZDkPXrxh8eFHvXm9dvy9eL7hZc7k1fmt1/tvOtYMArhL5Vv/vDp6n+/MzD5n+/36PAAAAAAAAAAAAAAAAAAAJxysw/uP/zZ+ER4E4XB7ejg+7qz6bbT+7G7PfPt/n9ZAAAAAAAAAAAAAAAAAAAA+ILaf/+/EF1s8/7/TLqd6lB/9yf97yP9M/fT+zO3xifS9d+jA/nX0qT/3RgIo23Wfc+v/34jV//g+u8hXXW9N65FUWa1+pEQxWMt/RgJcTw2FsLf0oXfL0fn4kp1o/aDJ9XNteWedePUysY/Wb0/E510Qf9u4z+da799/HvpGwfOpvr+43anWLTV366cQtn4D3Qs9/ffR13F/2au3nHEn6PLxj8ZSodbC0wlA0A9/n8cPDz+M7n2+xP/M3ufhkMhMwLU5zCFqPN8haxs/JPfNTN0pj9kp+v/k1z8b+Xaz8R/sB/foP34v5W/EdFWNv5faaQNZUrsX/+j8eHX/+1c+ydx/6/3f6t3U8wPWjb+Z5PE7HXa+CW7Hf9nc+23xP/jXvb7Yf20rE9XvhZlzoDtKOl/p79XR1Y2/kMH8vef/+Ku5n93cvX7//yXPW7z+a85/H8vSp7/aC8b/+GO5Tpe/7lHhrlcvX6P/1ON+R9HlY3/uUZac+6c3PlHGv92O/7P59rvV/wbfRtqxn9/PPn0bJL+V/O/rmTj/9UkMW4tkfyfSWP+Fx0+/7+ba/8k5n/1/m/F/T3qhyIb//Mdy9Xj/68u7v/3cvX6H/8Qxs31jywb/wsdyzWu/6HD47+Qq9fv+H+3n40DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnALT6XYkRPFYZj+Ox8ZCuJnuXw7nosXScnGxUl36zUYIM2l6IVyMnlaqi6VKcWWtulwuliqV6lIIt9L8S2Eo2qhUa8XV0vPbe20NR8/KpfXaYrlUCyHMpunfCheabS2u1FZLz0MId/byvh5X158/K60Vl1fWfzw+Pj4e5vb6MBqVf1crr9WSoye5Iczv1R2JWjrXyL6715fz0a+rm+trpUoj/V5LnUp1qVRpqbOQ5v0pjEa19c21pVKtXKxUnzaPd5Km0u3M3INfPLg3cSD/cZRsp4+3WwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8Tm8mf/TnEMJgsheHEKaaH6J25V+/LV8vvl94uTN5ZX771c67M8fbXQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD5jBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCrv0j9JAEMUB+M1Y+KfyGFbLbme7oogWrgieQI/hYfQoXsI7WFjYWkggmSFhk4U0SRG+r3ns/ph5D+YBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB+f2aXh+bLuIFCf/xxGfr1/fq/l9qe9Xm88f7WFGdufuYbi+abvy7mktvyy/fvo8T/9+315iWc/qd/Ux2pPxPi3UPqeTc03t29R8te95pNxERF/yi5Rz02x3FwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMzYgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCwAAAAAI87eOom8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH4FAAD//wV7Hrw=") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) preadv(r0, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) 1m9.052677818s ago: executing program 2 (id=1869): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xf, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0) r2 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000001c0)={r0, r1, 0x6, 0x0, @val=@iter={0x0}}, 0x20) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000180)={r0, r1, 0x6, 0x0, @val=@tracing}, 0x40) bpf$LINK_DETACH(0x22, &(0x7f0000000100)=r2, 0x4) 1m8.640194188s ago: executing program 2 (id=1874): syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x8, &(0x7f0000000240)={[{@nodiscard}, {@nocheckpoint_merge}, {@alloc_mode_def}, {@six_active_logs}, {@flush_merge}, {@fault_injection={'fault_injection', 0x3d, 0x17}}, {@discard}, {@noacl}, {@fsync_mode_posix}, {@alloc_mode_def}, {@noextent_cache}, {@two_active_logs}, {@fault_type={'fault_type', 0x3d, 0xfffffe}}]}, 0x1, 0x5505, &(0x7f0000000340)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S") mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]}) 1m6.775505535s ago: executing program 2 (id=1882): fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000040)='c:::\x00\xfdM\xab\x89\xff\xda\xc7dw2\xa1\xb2\xabuQQ\x14\x97\xc9\xfae\xc7\xa1U\xe2\xbe\"\xb9t\xa0\x0e\xfa\xdb\xf1\xa5.\xd87\xc3p\xa5l\xf8vC\xe2\xe8 \xd5-<#\x186\xe1\xbd\xc0\xc3\xb5N(vj\xa7+<:\xc4\xe00\x01\xdd \x82\x83\xed\x0e\xc4\x1d\xac\xef7\b\xd3Z5\\A\'\x18\xa2\xc3\xab\xc7`\xc3\v\xf3L\x9d[Q\x9e\x11@=\xa1\x9b\xdc\xb1\xef\xc3k<\x97L\xa0\xab\xa6\x1ce\xcd\x99\xb3m\xef\x87\xc5i^N\xbd@\x01\xc0\xb2\x88\xc3\xe2\x96T\xa3\xa5\xeb\x0f\xf2f\xb9$\xd2\x140x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)={0x34, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_PREV_BSSID={0xa}]}, 0x34}}, 0x0) 1.127994868s ago: executing program 3 (id=2464): syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000300)='./file2\x00', 0xc802, &(0x7f0000000040)=ANY=[], 0x1, 0x679, &(0x7f0000000f40)="$eJzs3c1vHGcdB/DvbDZONi2pmyZtQJVqNRIgIhI7lgvmQkAI+VChqhw4W4nTWNmkxXYrt0LU4fXaQ/+AcvAFcULiHqlw4AK33pC5VULi0gvmtGjGs+v1+iXrtvE65fOJZp9n5pnnmd/zm53ZFyvaAP+35i6n+SBF5i6/vFqub6xPtzfWp+9260lOJVlLmkkaSYr/dDqdD5PrSdEbphgod3l/cfbVjz7Z+HhrrVkv1f6Ng/oNqPdbG9i81t02keREXX4GO8a78ZnHK3qRX09yqS5h5E4m6ezw078+2Wvp09qr9+kjiRF4tIqt183Ur8c948mZ+kIv3wd0X3kbRx/hcE4Nud/gOwgAAAB43AzzGfipzWxmtTh7BOEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAF8La9u//F/XS6NYnUnR//3+s3pa6fry8cLjdHzyqOAAAAAAAAADgSPyzenxhM5tZzdnu1k5R/c3/xWrlfPX4RN7MchaylCtZzXxWspKlTCUZ7xtubHV+ZWVpaoie1/bsee0h4Z6qy9bnMXcAAAAAAAAA+ML5Rea2//4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADHQZGc2CpS3O/bPJ5GM8npJGPlhrXk79364+zBqAMAAACAI/DUZjazmrPd9U6R80merb4DOJ03cy8rWcxK2lnIzep7ga1P/Y2N9en2xvr03XLZPe73/n2oMKoRs/Xdw95Hvljt0cqtt7p9buT1tHMzjapn6WIdT3ePgbjulzEV360NGdnNuixn/l5d7vLuoSa7n0N+mTJeZeRkbmWxytFkHVuZjae7Z2bvM3TIszN4pKk0esGeHzjSwCQ+Vc7P1GU5n9/sl/ORGMzEtb5n37MH5zz52p/+8JPJun58pjScE3XZqR5buzMx3ZeJ54bJxO32vTu3by1fftwysctklYkLvfW5/DA/zuVM5JUsZTFvZT4rWchEflDV5uuTX/Rd8vtk6vqOtVceFslY/QzdOlmHi+nFqu/ZLOZHeT03s5CXqn/XMpVvZSYzme07wxcOPsPVVd/Y56rvfGnP4C99va60kvy2Lve0b8OjUub16b689t9zx6u2/i3bWTo3RJYOeW9sfqWulMf4ZV0eD4OZmOrLxDMHZ+J31W1luX3vztLt+TeGO9y59+pKeR39+ljdUsvny7nyZFVrO58dZdszvT135qtsO9/r19jVdqHXVl2pRXPfK3Wsfg+3e6RrVdtze7ZNV20X+9pavbYrvfdbABx7Z75xZqz1r9bfWh+0ftW63Xr59PdPffvU82M5+eeT32lOnvhq4/nij/kgP9/+/A8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHx6y2+/c2e+3V5YGqh0Op1392k66krzIaHuqmTiH0+UHbpbOuk1dX/O7Ahn8eUnk5HncOSV/3Y6nXpLsc8+v//LsUlUp3YsUjeiyujuScDRuLpy942ry2+/883Fu/OvLby2cG92ZmZ2cnbmpemrtxbbC5Nbj6OOEngUtl/0Rx0JAAAAAAAAAAAAMKyj+O8Eo54jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8Hibu5zmgxSZmrwyWa5vrE+3y6Vb396zmaSRpPhZUnyYXM/WkvG+4Yr9jvP+4uyrH32y8fH2WM3u/o2D+g1nrV4ykeTEVnn/8xrvRl0eqDhoCkVvhmXCLnUTB6P2vwAAAP//pfYHBg==") munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x194) getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8) getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8) 1.101850152s ago: executing program 6 (id=2465): ppoll(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f00000001c0)='./file1\x00', 0x0, &(0x7f0000000040)=ANY=[], 0x1, 0x6c1, &(0x7f00000003c0)="$eJzs3U9sHFcdB/DvbJx1NqDEbdM0IKRajVRBIxI7q5IgITUghHKIUFQuvVqJ01hx0spxkVshsgEKEidOqAcORcgcekIIIZUTopyRkLhw8j0SNw45AItmdna9tjeO3cRZt/18pPF7s2/ee7/5Zf7srh1NgM+si6/lYCdFLp66tFKur622F9dW2zf79SSTSRrJRK9I0UqKj5IL6S35QvliPVzxoHlevvdhMfHeB+3e2kS9VNs3tuu3xcgtO8mhwcqBJNO96n92POyW8aqlGufK+ng7MDnitWIQd5mwk/3Ewbh1t+isNzYe2n3n5y2wb93p3Te3mEoOp3d3re5s9dXh4VeG8Tg6VN/22tTZ+1gAAABgr438LD/s6P3cz0qOPJlwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4NOh6D0zsFU/N7/RK1/NdIr+8/+bQ8/Ub4453Ef07rWqePXouAMBAAAAAAAAgEfy/P3cz0qO9Ne7RfU7/xeqlWPVz8/lrdzOfJZyOiuZy3KWs5TZJFNDAzVX5paXl2a39vxlyp7dbvdO3fPsoGf/rwfKnmc3xtXZHOiovzTYshEAAAAAAAAAfGb9KBfXf/8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD7QZEc6BXVcqxfn0pjIsmhJM1ierB5c6zBPgZ/HncAAAAAsPdadXmk+F+v0i2qz/zHq8/9h/JWbmU5C1nOYuZztfouoPepv/H3TntxbbV9s1y2DvzNf+0qjmrE9L57GD3zTLXFs4MeF/OdfC+nMp3LWcpCvp+5LGc+0/l2VZtLkan624uptdVW+rFujffChrXLm2N7fqhexneiiqSVa1moYjudK81+6I16uxNDs/2xmWya8W6ZneKV2g5zdLUuyz36RV3uD1PVnh8cZGSmzn2ZjaeG874197s8TjbPNJvG4DuoY2ur7SLp1KubZ/pYOT9cl2Wuf7q3Od/lV2kbM9H5ebnWP/qOb5/z5Cv/+Mvl641bN65fu31q/xxGH9PmY6I9lInndpSJxTITnUfIxKFHif/xadbZ6F1Fd3e1fKHqeyQL+W7eyNXM51xmMpvzmcnXczbtnB3K67Pb57U61xq7O9dOfrmulPeknw3dm56YyQc1lHl9aiivw1e6qapt+JX1LD29gywVzYzO0j9HhjLxxbpSzvHjoTvO+G3IxGSqa3M/ume2z8Sv/9tNcnvx1o2l63Nv7nC+F+uyPG3f3Xht/s1j2aHdq3e3PF6eLv+x0rttDB8dZdsz/bYNR85s1XZs0LbxPtdspjqfe20PO1PLkY7fHTVSr+25kbO0q7YTQ20b3uXkjSwO3oUAsI8dfulws3Wv9bfW+62ftK63Lh361uT5yS81c/CvE3868LvGbxvfKF7K+/lhjow7UgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+DS4/fY7N+YWF+eX9mEljcc84N2RTf1U9F5p7o99/6RWJrc7on6fZJvuzXHE3EqyL1KXiScw12RGNF0avNJKGoN4ktzYJw+4A/bCmeWbb565/fY7X124Off6/Ovzt86eP/fKufbXZu+cubawOD/T+znuKIG9sP42YNyRAAAAAAAAAAAAADv1JP57w4hpi84Y9hUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4ZLr4Wg52UmR25vRMub622l4sl359fcuJJI0kxQ+S4qPkQnpLpoaGK4bHLrrr9ZfvffirF9/7oL0+1kR/+8amfn/4d7e7y73o1Eumkxyoy6RZN7ce0G1yR+NdKcvPrzfsXjHYwzJhJ/uJg3H7fwAAAP//VngE7g==") creat(&(0x7f0000000040)='./bus\x00', 0x0) link(&(0x7f0000000ac0)='./file1\x00', &(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') setxattr$incfs_size(&(0x7f0000000080)='./bus\x00', &(0x7f0000000100), &(0x7f0000000140)=0x2, 0x8, 0x0) 1.083628542s ago: executing program 4 (id=2466): mknod(&(0x7f0000000140)='./bus\x00', 0x1000, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x60102, 0xc) fcntl$setstatus(r0, 0x4, 0x6800) write$binfmt_format(r0, &(0x7f0000000040)='0\x00', 0x2) read$FUSE(r0, &(0x7f0000000300)={0x2020}, 0x2020) 1.067393271s ago: executing program 1 (id=2467): r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x5, 0x6576, 0x9}) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r0, 0x100000000) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$UHID_INPUT(r1, &(0x7f0000002080)={0xfc, {"a2e3ad09ed0d09f91b5e071887f70e09d038e7ff7fc6e5539b0d500a8b089b3f363563030890e0879b0af8c6e70a9b334a959b669a242f0a0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d0773090acd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36dc3babceebe6b383a3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026b1e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee53259289746e60ad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d18e0d4676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f75a019a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02acf3939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a46c6780d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f834285693512510000000007148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b2807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac347f00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb096ffffdaf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf26d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) 602.203895ms ago: executing program 3 (id=2468): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd2(0x2, 0x801) ioctl$KVM_HYPERV_EVENTFD(r1, 0x4018aebd, &(0x7f0000000240)={0x0, r2}) ioctl$KVM_HYPERV_EVENTFD(r1, 0x4018aebd, &(0x7f0000000040)={0x0, r2, 0x1}) 354.160779ms ago: executing program 3 (id=2469): add_key$user(0x0, 0x0, &(0x7f00000007c0)="3e12d23d346cfdeb1708e9b982bf3187ef6b10dac616f738274bc1c03bee4423fa20837e6e86b86592e9be8351aa0000000037d5095f839fa4a3507df4f7526f2440e7988da94ccd868dd8bb844bf127ee741d1e43eba0b67b516be14a8b51a75bfd611b2d7ae6a21d056c2c5116a416a76b0204dc55ea62d43c809e0ed6e56163fdab317afd5c34d614367e4425bb9a97e38b8beb84ef6d549eed5aaa86dbe646fc77a9b3df93199c796fa597f452bed6b6fbcc812df9be8e35d8d15086609c033a5d2a42d5dcb0d103098fa302c5b1d48f913f8b22a30a47d9ae02000000e2b855845f39806305f56d918cc5b4023fdbe9cae4147c84583ec9dd375031ba5ae65e31f00e641832d29ed658b91f33595b033222944765cb6a50d859f754ed83eefd480be0e3100965f081190bbb39a5965ceaa74775b88885041ff4e66e618d6c37c787f014eadb6c9f659ae43f57608e09d62083", 0x155, 0xfffffffffffffffe) socket$vsock_stream(0x28, 0x1, 0x0) r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$SOCK_DIAG_BY_FAMILY(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000900)=ANY=[@ANYBLOB="2800000014001901000000000000000228"], 0x28}}, 0x0) read$watch_queue(r0, &(0x7f0000000200)=""/234, 0xea) 335.26428ms ago: executing program 1 (id=2470): syz_usb_connect$hid(0x2, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000090003206d0414c34000ffff000109022400010400a000090400000103010100093700086ce82201000905815f"], 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r0}, 0xc) bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) 236.143497ms ago: executing program 3 (id=2471): r0 = socket$inet_sctp(0x2, 0x1, 0x84) r1 = syz_io_uring_setup(0x49f, &(0x7f0000001000)={0x0, 0x54eb, 0x0, 0x4, 0x40024e}, &(0x7f0000000340)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="7c00000015"], 0x318}, 0x0, 0x4040000}) io_uring_enter(r1, 0x3d0e, 0x4c1, 0x43, 0x0, 0x0) 162.027006ms ago: executing program 4 (id=2472): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0900000004000000ff0f000003"], 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, @flow_dissector=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc92b18236457ee3c8", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 20.413971ms ago: executing program 3 (id=2473): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x1, 0x803, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0x41100, 0x22, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="440000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="adffa88800000000140012800b0001006d616373656300000400028008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r2], 0x44}}, 0x8000) 15.754709ms ago: executing program 4 (id=2474): syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./file1\x00', 0x101880a, &(0x7f0000000400)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c61636c2c6673796e635f6d6f64653d7374726963742c696e6c696e655f78617474722c6673796e635f6d6f64653d706f7369782c646973636172645f756e69743d7365676d656e742c6261636b67726f756e645f67633d6f6e2c6e6f696e6c696e655f78617474722c646973636172645f756e69743d626c6f636b2c6673796e635f6d6f64653d7374726963742c617467632c657874656e745f63616368652c6661756c745f696e6a656374696f6e3d30303030303030303030303030303031343033302c00271d57a599b8b169a579679e220c689eaaec4fa6229021e75c68a687d319b615573b0b0ceefba8e2e2419434463974ef8174b66469344931de0ccad650792761"], 0x1, 0x5514, &(0x7f0000011600)="$eJzs3M9rI+UbAPAn7XZ/f/dbxIO3HViEFjZx0x+L3qru4g/sUlY9eNI0SUN2k0xp0rT25MGjePA/EQVPHv0bPHj2Jh4Ub4KSmalu1QWhaWLbzwcmz7xv3jzzvGFZeGZKAji35pNffirFjbgSEbMRcT0iOy8VR2YtD89FxM2ImHniKBXzf0xcjIirEXFjlDzPWSre+uz28Nbqj2/+/PW3ly5c+/yr76a3a2Dano+I7nZ+vtfNY9rK46NivjZsZ7G7Mixi/kb3cTFO87jX3Mwy7NUO19WyuNzK16fbu/1R3OrU6qPYam9l89u9/IL9YeswT/aBR7WdbNxobmax3U+z2DrI69o/yP9vO+gP8jyNIt+HWfoYDA5jPt/cb+b72X6cxXpvUMznedNGc38Uh0UsLhf1tNPI6tg8zjf93/ZWu7e7nwybO/122ktWK9UXK9W75epO2mgOmivlWrdxdyVZaHVGy8qDZq271krTVqdZqafdxWShVa+Xq9Vk4V5zs13rJdVqZblyp7y6WJzdTl578G7SaSQLo/hKu7c7aHf6yVa6k+SfWEyWKssvLSa3qsnb6xvJxsP799c33nn/3nsPXl5/49Vi0d/KShaW7iwtlat3ykvVxXO0/4+Lose4fziW0rQLADh99P/ANJxc/7/zMOLk+//Q/4/Fqep/z17/v/dCxFT3D8ei/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOLe+n/vi9exkPh9fK+b/V0w9U4xLETETEb/9g9m4eCTnbJFn7inr5/5SwzelyDKMrnGpOK5GxFpx/Pr/k/4WAAAA4Oz68qObn+bdev4y/9SVVyZYFROS37SZuf7BmPKVImJu/ocxZZsZvTw7pmTZv+8LsT+mbNkNrMtjSpbfcrswrmz/yuyRcPmJUMrDzETLAQAAJuJoJzDZLgQAAIBJ+mTaBTAdpTh8lHn4LDj7y/s/HwheOTICAAAATqHStAsAAAAATlzW//v9PwAAADjb8t//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4nZ37uU0ciOIA/Gzwwv7TotXet5W9QRlbwh73GFFAmqCAHEgLaYAayC0lRBDhcQhEHCJ5bCvR90nOZCzz4w2Cw8xIAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAECX7qv14vbq93XbnN2+nTyjAQAAAC7ZVutF/c8s9b829783t342/SIiyoi4NHcfxaezzFGTU708f3P6fPWqhruIOuHwHpPm+hIRf5rr8UfXnwIAAAB8XJvlap5m6+nPbOiC6FNatCm//c2UV0RENXvIlFYe8n5lCqu/3+P4nymtXsCaZgpLS27jXGlvUv/cj6t205OmSE158WXHIrONHQAA6NHorOl3FgIAAECf/g1dAMMo4nkr87gVOElNs733+awHAAAAvEPF0AUAAAAAnavn/z2d/7d3/h8AAAAMI53/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQJe21XqxWa7mbXN2+3byjAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4In9eUeBEAiDMNi7vjOZ+x9WGjQ1NakC4eNvDAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgze/+8n9iapxJ5l4bS88jydqpsXVq7J0bR38YX78GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALvbnJQVCIAiiYM7430nf/7CSoGcQIQIaHlXUogEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPii3/3yf2JqnEnmThtLxyPJ2lVj66qx96Bx9GC8/RsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALnbu5zWOKg4A+HdmdramVYxRcoiIgge92HRbW3sTD0rw4J8ghHRbY7f+aIPYUsRcvEnOvYgeRQQl3vo/9NxCL/XWQw4VPCszO7M7tQHXH53ZNp8PvHnfHYZ53zcLId95LwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAantvTeOsOCyO47Q6d/Pe1Y2iv/WXvnB95/ZK0Yo4aTPpR8MLzQ/JckQc6S4ZAAAADoasru8j4k6+u1b06WJZ/+f1NUXN/+1T47iq5z+rS9ZJ/b8QZV/X/kX75ee7z00GWhyPU9z07OZoeOzBVHoPa47z7um/vaJXPvny3UtWfiHpu9vP7uXl80y+vnHj7X4ZHmojWwDg3zha91VQ/z5U9IMuEwPgwOg1Cu+6/s8Wu80JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoA1723GkjpOIWOlN48Kte1c39uuv79xeqdupa9d24svpPYtb5BFxdnM0PNbqbObbpctXzq+PRsOL7QcvRkRXo79ZTf/8+zNcHNHJ8xH8T0Fafdnzks+jEXT4QwkAgMdSXrWirr+T764V55KliD++u7/+f6URx4z1/90PTt1sjtWs/wetzXD+rW5d+GT10uUrr21eWD83PDf86PXjgzcGJ06fPHl6tXxXsuqNCQAAAP9Nv2rN+j9denD9/3Ajjhnr/0+/GXzRHCtT/+9ruujXdSYAAAAH2zMv/f5bss/5pN+Pz9e3ti4OxsfJ5+PjYwep/mOHqtas/7OlrrMCAAAA2rC3ndy3/n+mEceM6/9Pfv/8j817ZhGxUK3/H934eHSmvenMtTb+nLjrOQIAANCthao11//zcv9/OtnykEbEqy+P4+rfAM5U/2fvfPVDc6zm/v8T7U1xLqXL4+dR9ssRveWuMwIAAOBx9kTVimL/13x37cOfDr/Xt/8fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoG1/BgAA//8Z4TsX") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x183341, 0x0) ioctl$F2FS_IOC_START_ATOMIC_WRITE(r0, 0xf501, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0xd0) pwritev2(r1, &(0x7f0000000100)=[{0x0}, {&(0x7f0000000540)="61e78ead31be3cdfc80bb06324d78a0ca94b18fd5b659538332a50656e08c30480d0d05551fbea1af2343e6aa7", 0x2d}], 0x2, 0xe7b, 0x0, 0x0) 0s ago: executing program 7 (id=2475): r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x862b01) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') fcntl$setstatus(r1, 0x4, 0x2400) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000240)={0x57, 0xffff, 0x0, {0x7, 0x1}, {0x50, 0x2}, @period={0x59, 0x7, 0xc1f, 0x6773, 0x8000, {0x9, 0x9, 0x1, 0x1}, 0x0, 0x0}}) write$char_usb(r0, &(0x7f0000000040)="e2", 0x2250) kernel console output (not intermixed with test programs): lesystem being mounted at /413/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 315.444869][ T10] usb 2-1: USB disconnect, device number 15 [ 315.693065][T14764] EXT4-fs error (device loop4): ext4_map_blocks:816: inode #15: block 3: comm syz.4.1932: lblock 3 mapped to illegal pblock 3 (length 5) [ 315.799126][T14771] loop3: detected capacity change from 0 to 40427 [ 315.818338][T14764] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 5 with error 117 [ 315.832638][T14771] F2FS-fs (loop3): Invalid SB checksum offset: 0 [ 315.839079][T14771] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock [ 315.850150][T14771] F2FS-fs (loop3): invalid crc value [ 315.911261][T14764] EXT4-fs (loop4): This should not happen!! Data will be lost [ 315.911261][T14764] [ 315.944561][T14771] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0 [ 315.951799][T14771] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 316.035073][ T5836] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 316.097148][T14660] veth0_vlan: entered promiscuous mode [ 316.098243][ T5842] syz-executor: attempt to access beyond end of device [ 316.098243][ T5842] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 316.155075][ T5842] CPU: 0 UID: 0 PID: 5842 Comm: syz-executor Not tainted 6.16.0-rc2-next-20250618-syzkaller #0 PREEMPT(full) [ 316.155103][ T5842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 316.155115][ T5842] Call Trace: [ 316.155123][ T5842] [ 316.155130][ T5842] dump_stack_lvl+0x189/0x250 [ 316.155167][ T5842] ? __pfx_dump_stack_lvl+0x10/0x10 [ 316.155192][ T5842] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 316.155216][ T5842] ? __pfx_queue_work_on+0x10/0x10 [ 316.155236][ T5842] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 316.155258][ T5842] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 316.155282][ T5842] ? f2fs_hw_is_readonly+0x39b/0x470 [ 316.155308][ T5842] f2fs_handle_critical_error+0x37c/0x540 [ 316.155337][ T5842] f2fs_write_end_io+0x495/0x810 [ 316.155361][ T5842] ? blkg_put+0x22/0x240 [ 316.155399][ T5842] __submit_merged_bio+0x27a/0x6a0 [ 316.155429][ T5842] __submit_merged_write_cond+0x255/0x530 [ 316.155460][ T5842] f2fs_write_data_pages+0x261d/0x3000 [ 316.155484][ T5842] ? __lock_acquire+0xab9/0xd20 [ 316.155547][ T5842] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 316.155626][ T5842] ? __mod_zone_page_state+0xd7/0x140 [ 316.155668][ T5842] ? folios_put_refs+0x560/0x640 [ 316.155705][ T5842] ? __lock_acquire+0xab9/0xd20 [ 316.155742][ T5842] ? do_raw_spin_lock+0x121/0x290 [ 316.155776][ T5842] ? do_raw_spin_unlock+0x122/0x240 [ 316.155799][ T5842] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 316.155826][ T5842] do_writepages+0x32e/0x550 [ 316.155865][ T5842] ? do_raw_spin_unlock+0x122/0x240 [ 316.155893][ T5842] filemap_fdatawrite+0x199/0x240 [ 316.155922][ T5842] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 316.156003][ T5842] ? do_raw_spin_unlock+0x122/0x240 [ 316.156030][ T5842] f2fs_sync_dirty_inodes+0x31f/0x830 [ 316.156072][ T5842] f2fs_write_checkpoint+0x95a/0x1df0 [ 316.156124][ T5842] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 316.156190][ T5842] ? try_to_wake_up+0x7e5/0x1290 [ 316.156219][ T5842] ? kill_f2fs_super+0x298/0x6c0 [ 316.156252][ T5842] kill_f2fs_super+0x2c3/0x6c0 [ 316.156284][ T5842] ? __pfx_kill_f2fs_super+0x10/0x10 [ 316.156308][ T5842] ? radix_tree_delete_item+0x2b6/0x400 [ 316.156340][ T5842] ? shrinker_free+0x2ce/0x3e0 [ 316.156365][ T5842] deactivate_locked_super+0xb9/0x130 [ 316.156393][ T5842] cleanup_mnt+0x425/0x4c0 [ 316.156418][ T5842] ? lockdep_hardirqs_on+0x9c/0x150 [ 316.156446][ T5842] task_work_run+0x1d1/0x260 [ 316.156472][ T5842] ? __pfx_task_work_run+0x10/0x10 [ 316.156493][ T5842] ? __x64_sys_umount+0x122/0x160 [ 316.156527][ T5842] ? exit_to_user_mode_loop+0x40/0x110 [ 316.156566][ T5842] exit_to_user_mode_loop+0xec/0x110 [ 316.156592][ T5842] do_syscall_64+0x2bd/0x3b0 [ 316.156617][ T5842] ? lockdep_hardirqs_on+0x9c/0x150 [ 316.156641][ T5842] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 316.156660][ T5842] ? clear_bhb_loop+0x60/0xb0 [ 316.156683][ T5842] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 316.156702][ T5842] RIP: 0033:0x7faaa018fc57 [ 316.156721][ T5842] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 316.156738][ T5842] RSP: 002b:00007fffa4afa028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 316.156761][ T5842] RAX: 0000000000000000 RBX: 00007faaa0210925 RCX: 00007faaa018fc57 [ 316.156773][ T5842] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffa4afa0e0 [ 316.156784][ T5842] RBP: 00007fffa4afa0e0 R08: 0000000000000000 R09: 0000000000000000 [ 316.156795][ T5842] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fffa4afb170 [ 316.156807][ T5842] R13: 00007faaa0210925 R14: 000000000004d278 R15: 00007fffa4afb1b0 [ 316.156838][ T5842] [ 316.159112][T14660] veth1_vlan: entered promiscuous mode [ 316.216858][ T5842] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 316.363249][ T51] Bluetooth: hci1: command tx timeout [ 316.485440][T14660] veth0_macvtap: entered promiscuous mode [ 316.580173][T14660] veth1_macvtap: entered promiscuous mode [ 316.603184][T14660] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 316.615126][T14660] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 316.649706][T14660] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 316.658604][T14660] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 316.668312][T14660] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 316.678395][T14660] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 316.686416][T14784] loop1: detected capacity change from 0 to 512 [ 316.805041][T14784] EXT4-fs error (device loop1): ext4_orphan_get:1393: inode #15: comm syz.1.1937: casefold flag without casefold feature [ 316.950704][T14784] EXT4-fs error (device loop1): ext4_orphan_get:1398: comm syz.1.1937: couldn't read orphan inode 15 (err -117) [ 316.980552][T14784] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 317.024409][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 317.047705][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 317.148540][T13017] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 317.172373][ T6495] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 317.205976][ T6495] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 317.236252][T14789] loop4: detected capacity change from 0 to 2048 [ 317.284555][T14789] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 317.311407][T14782] loop0: detected capacity change from 0 to 40427 [ 317.341329][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.351793][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.362999][T14782] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 317.374064][T14782] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 317.383044][T14782] F2FS-fs (loop0): build fault injection rate: 17008 [ 317.390728][T14782] F2FS-fs (loop0): build fault injection type: 0x1f8 [ 317.399829][T14782] F2FS-fs (loop0): build fault injection type: 0x6 [ 317.418865][T14782] F2FS-fs (loop0): invalid crc value [ 317.569873][T14801] loop5: detected capacity change from 0 to 1024 [ 317.592844][ T5836] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 317.611025][T14782] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 317.634917][T14782] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 317.660673][T14801] hfsplus: xattr searching failed [ 317.676185][T14782] syz.0.1934: attempt to access beyond end of device [ 317.676185][T14782] loop0: rw=2049, sector=53248, nr_sectors = 136 limit=40427 [ 317.793358][ T6505] hfsplus: b-tree write err: -5, ino 4 [ 317.800690][ T5831] syz-executor: attempt to access beyond end of device [ 317.800690][ T5831] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 317.835091][ T5831] CPU: 1 UID: 0 PID: 5831 Comm: syz-executor Not tainted 6.16.0-rc2-next-20250618-syzkaller #0 PREEMPT(full) [ 317.835120][ T5831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 317.835132][ T5831] Call Trace: [ 317.835140][ T5831] [ 317.835149][ T5831] dump_stack_lvl+0x189/0x250 [ 317.835194][ T5831] ? __pfx_dump_stack_lvl+0x10/0x10 [ 317.835222][ T5831] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 317.835248][ T5831] ? __pfx_queue_work_on+0x10/0x10 [ 317.835270][ T5831] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 317.835293][ T5831] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 317.835320][ T5831] ? f2fs_hw_is_readonly+0x39b/0x470 [ 317.835351][ T5831] f2fs_handle_critical_error+0x37c/0x540 [ 317.835384][ T5831] f2fs_write_end_io+0x495/0x810 [ 317.835409][ T5831] ? blkg_put+0x22/0x240 [ 317.835450][ T5831] __submit_merged_bio+0x27a/0x6a0 [ 317.835482][ T5831] __submit_merged_write_cond+0x255/0x530 [ 317.835516][ T5831] f2fs_write_data_pages+0x261d/0x3000 [ 317.835541][ T5831] ? __lock_acquire+0xab9/0xd20 [ 317.835610][ T5831] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 317.835700][ T5831] ? stack_depot_save_flags+0x40/0x900 [ 317.835750][ T5831] ? kthread_stop+0x194/0x5f0 [ 317.835768][ T5831] ? kill_f2fs_super+0x137/0x6c0 [ 317.835793][ T5831] ? deactivate_locked_super+0xb9/0x130 [ 317.835831][ T5831] ? __lock_acquire+0xab9/0xd20 [ 317.835880][ T5831] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 317.835908][ T5831] do_writepages+0x32e/0x550 [ 317.835952][ T5831] ? do_raw_spin_unlock+0x122/0x240 [ 317.835989][ T5831] filemap_fdatawrite+0x199/0x240 [ 317.836019][ T5831] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 317.836115][ T5831] ? do_raw_spin_unlock+0x122/0x240 [ 317.836144][ T5831] f2fs_sync_dirty_inodes+0x31f/0x830 [ 317.836197][ T5831] f2fs_write_checkpoint+0x95a/0x1df0 [ 317.836256][ T5831] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 317.836334][ T5831] ? try_to_wake_up+0x7e5/0x1290 [ 317.836366][ T5831] ? kill_f2fs_super+0x298/0x6c0 [ 317.836401][ T5831] kill_f2fs_super+0x2c3/0x6c0 [ 317.836435][ T5831] ? __pfx_kill_f2fs_super+0x10/0x10 [ 317.836460][ T5831] ? radix_tree_delete_item+0x2b6/0x400 [ 317.836496][ T5831] ? shrinker_free+0x2ce/0x3e0 [ 317.836524][ T5831] deactivate_locked_super+0xb9/0x130 [ 317.836553][ T5831] cleanup_mnt+0x425/0x4c0 [ 317.836579][ T5831] ? lockdep_hardirqs_on+0x9c/0x150 [ 317.836609][ T5831] task_work_run+0x1d1/0x260 [ 317.836638][ T5831] ? __pfx_task_work_run+0x10/0x10 [ 317.836658][ T5831] ? __x64_sys_umount+0x122/0x160 [ 317.836694][ T5831] ? exit_to_user_mode_loop+0x40/0x110 [ 317.836727][ T5831] exit_to_user_mode_loop+0xec/0x110 [ 317.836757][ T5831] do_syscall_64+0x2bd/0x3b0 [ 317.836781][ T5831] ? lockdep_hardirqs_on+0x9c/0x150 [ 317.836805][ T5831] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 317.836824][ T5831] ? clear_bhb_loop+0x60/0xb0 [ 317.836849][ T5831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 317.836867][ T5831] RIP: 0033:0x7f78a498fc57 [ 317.836885][ T5831] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 317.836902][ T5831] RSP: 002b:00007ffec2b76c18 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 317.836923][ T5831] RAX: 0000000000000000 RBX: 00007f78a4a10925 RCX: 00007f78a498fc57 [ 317.836937][ T5831] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffec2b76cd0 [ 317.836949][ T5831] RBP: 00007ffec2b76cd0 R08: 0000000000000000 R09: 0000000000000000 [ 317.836961][ T5831] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffec2b77d60 [ 317.836975][ T5831] R13: 00007f78a4a10925 R14: 000000000004d912 R15: 00007ffec2b77da0 [ 317.837012][ T5831] [ 318.196954][ C1] vkms_vblank_simulate: vblank timer overrun [ 318.346683][ T5831] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 318.424732][T14803] loop3: detected capacity change from 0 to 32768 [ 318.526323][T14803] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 318.539938][ T51] Bluetooth: hci1: command tx timeout [ 318.577428][ T5956] usb 5-1: new full-speed USB device number 21 using dummy_hcd [ 318.740359][ T5956] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 318.775923][ T5842] ocfs2: Unmounting device (7,3) on (node local) [ 318.795515][ T5956] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 318.853922][ T5956] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 318.865237][ T5956] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 318.890974][ T5956] usb 5-1: Product: syz [ 318.895182][ T5956] usb 5-1: Manufacturer: syz [ 318.901281][ T5956] usb 5-1: SerialNumber: syz [ 318.912061][T14814] loop5: detected capacity change from 0 to 4096 [ 318.972923][T14814] ntfs3(loop5): Failed to initialize $Extend/$ObjId. [ 319.163821][ T5956] usb 5-1: 0:2 : does not exist [ 319.179102][T14806] loop1: detected capacity change from 0 to 32768 [ 319.197520][ T5956] usb 5-1: 5:0: failed to get current value for ch 0 (-22) [ 319.298115][T14806] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 319.336404][ T5956] usb 5-1: USB disconnect, device number 21 [ 319.533482][T14806] XFS (loop1): Ending clean mount [ 319.558966][ T30] audit: type=1800 audit(1750253806.349:320): pid=14806 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1941" name="file2" dev="loop1" ino=9287 res=0 errno=0 [ 319.610083][ T6480] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 319.650120][T13017] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 319.926338][ T6480] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 320.205151][T14820] loop3: detected capacity change from 0 to 32768 [ 320.206122][ T6480] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 320.224955][T14835] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1952'. [ 320.286324][T14842] loop4: detected capacity change from 0 to 256 [ 320.288319][T14820] XFS (loop3): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 320.328962][T14842] exfat: Deprecated parameter 'namecase' [ 320.330964][T14835] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 320.344893][T14835] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 320.354346][T14835] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 320.363252][T14835] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 320.392439][T14842] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 320.426289][T14820] XFS (loop3): Ending clean mount [ 320.475380][ T5844] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 320.483549][T14835] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 320.492622][T14835] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 320.501647][T14835] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 320.511648][T14835] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 320.547201][ T5844] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 320.559223][ T5844] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 320.566848][ T928] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 320.604510][ T5844] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 320.612671][ T5844] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 320.649423][ T5842] XFS (loop3): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 320.694144][ T6480] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 320.780871][ T928] usb 2-1: Using ep0 maxpacket: 16 [ 320.798978][ T928] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 320.830036][ T928] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 320.874808][ T928] usb 2-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00 [ 320.904037][ T928] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 320.945359][ T928] usb 2-1: config 0 descriptor?? [ 321.024977][T14856] loop0: detected capacity change from 0 to 256 [ 321.070723][T14856] exFAT-fs (loop0): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x009ea0b8, utbl_chksum : 0x7319d30d) [ 321.148826][T14860] loop3: detected capacity change from 0 to 2048 [ 321.176254][T14856] exFAT-fs (loop0): error, invalid access to FAT free cluster (entry 0x00000007) [ 321.188654][T14856] exFAT-fs (loop0): Filesystem has been set read-only [ 321.218700][T14860] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 321.247214][ T6480] bridge_slave_1: left allmulticast mode [ 321.260605][T14858] loop4: detected capacity change from 0 to 4096 [ 321.265002][T14860] EXT4-fs (loop3): shut down requested (2) [ 321.272324][ T6480] bridge_slave_1: left promiscuous mode [ 321.292260][ T6480] bridge0: port 2(bridge_slave_1) entered disabled state [ 321.322145][ T5842] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 321.340093][ T6480] bridge_slave_0: left allmulticast mode [ 321.355076][ T6480] bridge_slave_0: left promiscuous mode [ 321.368123][ T6480] bridge0: port 1(bridge_slave_0) entered disabled state [ 321.616534][ T928] usb 2-1: string descriptor 0 read error: -71 [ 321.697289][ T928] usb 2-1: Max retries (5) exceeded reading string descriptor 200 [ 321.713159][ T928] letsketch 0003:6161:4D15.0011: probe with driver letsketch failed with error -32 [ 321.748430][ T928] usb 2-1: USB disconnect, device number 16 [ 321.773131][T14874] loop4: detected capacity change from 0 to 64 [ 322.038967][T14867] loop3: detected capacity change from 0 to 32768 [ 322.061231][T14867] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1961 (14867) [ 322.156489][T14867] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 322.179519][T14867] BTRFS info (device loop3): using sha256 (sha256-x86_64) checksum algorithm [ 322.191383][T14867] BTRFS info (device loop3): using free-space-tree [ 322.367190][ T5842] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 322.709146][ T5844] Bluetooth: hci1: command tx timeout [ 322.872492][ T6480] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 322.908867][ T6480] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 322.944934][ T6480] bond0 (unregistering): Released all slaves [ 323.135108][T14915] loop3: detected capacity change from 0 to 1024 [ 323.211137][T14915] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 323.223486][T14915] ext4 filesystem being mounted at /395/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 323.298827][T14915] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 323.324993][T14915] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 52 with error 28 [ 323.341098][T14923] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1979'. [ 323.383015][T14915] EXT4-fs (loop3): This should not happen!! Data will be lost [ 323.383015][T14915] [ 323.409619][T14915] EXT4-fs (loop3): Total free blocks count 0 [ 323.415743][T14915] EXT4-fs (loop3): Free/Dirty block details [ 323.423019][T14915] EXT4-fs (loop3): free_blocks=4293918720 [ 323.428962][T14915] EXT4-fs (loop3): dirty_blocks=64 [ 323.434153][T14915] EXT4-fs (loop3): Block reservation details [ 323.441714][ T5942] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 323.449559][T14915] EXT4-fs (loop3): i_reserved_data_blocks=4 [ 323.474675][T14923] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1979'. [ 323.616521][ T5842] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 323.619090][ T5942] usb 1-1: Using ep0 maxpacket: 8 [ 323.644387][ T5942] usb 1-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2 [ 323.658982][ T5942] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 323.702349][T14848] chnl_net:caif_netlink_parms(): no params data found [ 323.708521][T14930] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 323.710742][ T5942] usb 1-1: Product: syz [ 323.727044][ T5942] usb 1-1: Manufacturer: syz [ 323.731715][ T5942] usb 1-1: SerialNumber: syz [ 323.767828][ T5942] usb 1-1: config 0 descriptor?? [ 323.909031][T14939] loop1: detected capacity change from 0 to 512 [ 323.926152][T14939] EXT4-fs: Ignoring removed nobh option [ 323.952724][T14939] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2 [ 323.977927][T14939] EXT4-fs (loop1): 1 truncate cleaned up [ 323.983493][ T5942] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 323.986055][T14939] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 324.005705][T14848] bridge0: port 1(bridge_slave_0) entered blocking state [ 324.013365][T14848] bridge0: port 1(bridge_slave_0) entered disabled state [ 324.020801][T14848] bridge_slave_0: entered allmulticast mode [ 324.032578][T14848] bridge_slave_0: entered promiscuous mode [ 324.051716][ T6480] hsr_slave_0: left promiscuous mode [ 324.061465][T14939] EXT4-fs error (device loop1): ext4_append:79: inode #2: comm syz.1.1984: Logical block already allocated [ 324.066977][ T6480] hsr_slave_1: left promiscuous mode [ 324.080364][ T6480] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 324.088149][ T6480] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 324.150955][ T6480] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 324.177901][T13017] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 324.187550][ T6480] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 324.316011][ T6480] veth1_macvtap: left promiscuous mode [ 324.343062][ T6480] veth0_macvtap: left promiscuous mode [ 324.349146][ T6480] veth1_vlan: left promiscuous mode [ 324.356100][ T6480] veth0_vlan: left promiscuous mode [ 324.787008][ T5844] Bluetooth: hci1: command tx timeout [ 324.800719][ T5942] gspca_sunplus: reg_w_riv err -71 [ 324.806022][ T5942] sunplus 1-1:0.0: probe with driver sunplus failed with error -71 [ 324.835108][ T5942] usb 1-1: USB disconnect, device number 18 [ 324.868169][T14949] loop3: detected capacity change from 0 to 32768 [ 324.882383][T14956] loop1: detected capacity change from 0 to 8192 [ 324.916635][T14949] ocfs2: Mounting device (7,3) on (node local, slot 0) with writeback data mode. [ 324.941868][ T30] audit: type=1800 audit(1750253811.729:321): pid=14949 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1988" name="file1" dev="loop3" ino=17058 res=0 errno=0 [ 325.142718][ T5842] ocfs2: Unmounting device (7,3) on (node local) [ 325.508053][ T6480] team0 (unregistering): Port device team_slave_1 removed [ 325.612705][ T6480] team0 (unregistering): Port device team_slave_0 removed [ 325.664091][T14967] loop3: detected capacity change from 0 to 1024 [ 326.730093][T14980] loop1: detected capacity change from 0 to 32768 [ 326.738271][T14980] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1997 (14980) [ 326.760703][T14980] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 326.771639][T14980] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm [ 326.790326][T14980] BTRFS info (device loop1): using free-space-tree [ 326.814922][T14848] bridge0: port 2(bridge_slave_1) entered blocking state [ 326.824621][T14848] bridge0: port 2(bridge_slave_1) entered disabled state [ 326.832449][T14848] bridge_slave_1: entered allmulticast mode [ 326.840812][T14848] bridge_slave_1: entered promiscuous mode [ 326.857520][ T5844] Bluetooth: hci1: command tx timeout [ 326.905160][T14980] BTRFS info (device loop1): rebuilding free space tree [ 326.914271][ T5907] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 326.964130][T14848] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 326.997196][T14999] netlink: 92 bytes leftover after parsing attributes in process `syz.4.1999'. [ 326.999092][T14848] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 327.060913][T14980] BTRFS info (device loop1 state M): enabling auto defrag [ 327.068977][T14980] BTRFS info (device loop1 state M): max_inline set to 4096 [ 327.087292][ T5907] usb 1-1: Using ep0 maxpacket: 8 [ 327.098504][ T5907] usb 1-1: config 0 has no interfaces? [ 327.116917][ T5907] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ee [ 327.121990][T15002] sctp: [Deprecated]: syz.3.2000 (pid 15002) Use of int in max_burst socket option deprecated. [ 327.121990][T15002] Use struct sctp_assoc_value instead [ 327.141989][ T5907] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 327.142013][ T5907] usb 1-1: Product: syz [ 327.142029][ T5907] usb 1-1: Manufacturer: syz [ 327.142044][ T5907] usb 1-1: SerialNumber: syz [ 327.168876][T13017] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 327.182742][ T5907] usb 1-1: config 0 descriptor?? [ 327.260978][T14848] team0: Port device team_slave_0 added [ 327.330749][T14848] team0: Port device team_slave_1 added [ 327.414986][ T5907] usb 1-1: USB disconnect, device number 19 [ 327.453851][T14848] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 327.461257][T14848] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 327.501832][T14848] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 327.515827][T14848] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 327.545519][T14848] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 327.591475][T14848] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 327.668919][ T5900] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 327.844707][T14848] hsr_slave_0: entered promiscuous mode [ 327.855768][ T5900] usb 4-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 327.864977][ T5900] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 327.869911][T14848] hsr_slave_1: entered promiscuous mode [ 327.879359][ T5900] usb 4-1: config 0 descriptor?? [ 327.882378][ T5900] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 327.895367][T14848] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 327.903589][T14848] Cannot create hsr debugfs directory [ 328.290290][ T5900] cpia1 4-1:0.0: unexpected state after lo power cmd: 00 [ 328.557786][T14848] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 328.582846][T14848] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 328.608664][T14848] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 328.630206][T14848] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 328.694224][ T5900] gspca_cpia1: usb_control_msg 02, error -71 [ 328.709151][ T5900] gspca_cpia1: usb_control_msg 05, error -71 [ 328.729742][ T5900] cpia1 4-1:0.0: unexpected systemstate: 00 [ 328.757193][ T5900] usb 4-1: USB disconnect, device number 14 [ 328.842382][T14848] 8021q: adding VLAN 0 to HW filter on device bond0 [ 328.880616][T14848] 8021q: adding VLAN 0 to HW filter on device team0 [ 328.888401][T15025] loop4: detected capacity change from 0 to 40427 [ 328.898003][T15025] F2FS-fs (loop4): build fault injection rate: 771 [ 328.915707][ T6480] bridge0: port 1(bridge_slave_0) entered blocking state [ 328.923031][ T6480] bridge0: port 1(bridge_slave_0) entered forwarding state [ 328.935647][T15025] F2FS-fs (loop4): invalid crc value [ 328.941317][ T5844] Bluetooth: hci1: command tx timeout [ 328.972749][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 328.979950][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 329.156478][T15025] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 329.351209][ T5836] syz-executor: attempt to access beyond end of device [ 329.351209][ T5836] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 329.398776][ T5836] CPU: 0 UID: 0 PID: 5836 Comm: syz-executor Not tainted 6.16.0-rc2-next-20250618-syzkaller #0 PREEMPT(full) [ 329.398805][ T5836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 329.398816][ T5836] Call Trace: [ 329.398824][ T5836] [ 329.398833][ T5836] dump_stack_lvl+0x189/0x250 [ 329.398872][ T5836] ? __pfx_dump_stack_lvl+0x10/0x10 [ 329.398899][ T5836] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 329.398926][ T5836] ? __pfx_queue_work_on+0x10/0x10 [ 329.398947][ T5836] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 329.398971][ T5836] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 329.398998][ T5836] ? f2fs_hw_is_readonly+0x39b/0x470 [ 329.399029][ T5836] f2fs_handle_critical_error+0x37c/0x540 [ 329.399061][ T5836] f2fs_write_end_io+0x495/0x810 [ 329.399086][ T5836] ? blkg_put+0x22/0x240 [ 329.399129][ T5836] __submit_merged_bio+0x27a/0x6a0 [ 329.399159][ T5836] __submit_merged_write_cond+0x255/0x530 [ 329.399192][ T5836] f2fs_write_data_pages+0x261d/0x3000 [ 329.399264][ T5836] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 329.399306][ T5836] ? arch_stack_walk+0xfc/0x150 [ 329.399361][ T5836] ? __mod_zone_page_state+0xd7/0x140 [ 329.399403][ T5836] ? folios_put_refs+0x560/0x640 [ 329.399445][ T5836] ? __lock_acquire+0xab9/0xd20 [ 329.399485][ T5836] ? do_raw_spin_lock+0x121/0x290 [ 329.399523][ T5836] ? do_raw_spin_unlock+0x122/0x240 [ 329.399546][ T5836] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 329.399575][ T5836] do_writepages+0x32e/0x550 [ 329.399624][ T5836] ? do_raw_spin_unlock+0x122/0x240 [ 329.399653][ T5836] filemap_fdatawrite+0x199/0x240 [ 329.399683][ T5836] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 329.399776][ T5836] ? do_raw_spin_unlock+0x122/0x240 [ 329.399805][ T5836] f2fs_sync_dirty_inodes+0x31f/0x830 [ 329.399853][ T5836] f2fs_write_checkpoint+0x95a/0x1df0 [ 329.399913][ T5836] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 329.399995][ T5836] ? f2fs_stop_gc_thread+0x7f/0xb0 [ 329.400023][ T5836] ? kfree+0x18e/0x440 [ 329.400053][ T5836] ? kill_f2fs_super+0x298/0x6c0 [ 329.400087][ T5836] kill_f2fs_super+0x2c3/0x6c0 [ 329.400123][ T5836] ? __pfx_kill_f2fs_super+0x10/0x10 [ 329.400148][ T5836] ? radix_tree_delete_item+0x2b6/0x400 [ 329.400184][ T5836] ? shrinker_free+0x2ce/0x3e0 [ 329.400211][ T5836] deactivate_locked_super+0xb9/0x130 [ 329.400241][ T5836] cleanup_mnt+0x425/0x4c0 [ 329.400267][ T5836] ? lockdep_hardirqs_on+0x9c/0x150 [ 329.400297][ T5836] task_work_run+0x1d1/0x260 [ 329.400325][ T5836] ? __pfx_task_work_run+0x10/0x10 [ 329.400347][ T5836] ? __x64_sys_umount+0x122/0x160 [ 329.400383][ T5836] ? exit_to_user_mode_loop+0x40/0x110 [ 329.400417][ T5836] exit_to_user_mode_loop+0xec/0x110 [ 329.400445][ T5836] do_syscall_64+0x2bd/0x3b0 [ 329.400471][ T5836] ? lockdep_hardirqs_on+0x9c/0x150 [ 329.400495][ T5836] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 329.400515][ T5836] ? clear_bhb_loop+0x60/0xb0 [ 329.400541][ T5836] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 329.400560][ T5836] RIP: 0033:0x7f9a7f98fc57 [ 329.400579][ T5836] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 329.400596][ T5836] RSP: 002b:00007ffe5ed5b6e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 329.400621][ T5836] RAX: 0000000000000000 RBX: 00007f9a7fa10925 RCX: 00007f9a7f98fc57 [ 329.400635][ T5836] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe5ed5b7a0 [ 329.400648][ T5836] RBP: 00007ffe5ed5b7a0 R08: 0000000000000000 R09: 0000000000000000 [ 329.400661][ T5836] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe5ed5c830 [ 329.400674][ T5836] R13: 00007f9a7fa10925 R14: 000000000005061d R15: 00007ffe5ed5c870 [ 329.400712][ T5836] [ 329.400720][ T5836] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 329.753349][T14848] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 329.807657][ T120] usb 2-1: new full-speed USB device number 17 using dummy_hcd [ 329.971861][ T120] usb 2-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 329.985808][ T120] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 330.003064][ T120] usb 2-1: Product: syz [ 330.012030][ T120] usb 2-1: Manufacturer: syz [ 330.022241][ T120] usb 2-1: SerialNumber: syz [ 330.038233][ T120] usb 2-1: config 0 descriptor?? [ 330.215173][T15079] loop4: detected capacity change from 0 to 1024 [ 330.221370][T14848] veth0_vlan: entered promiscuous mode [ 330.242171][T14848] veth1_vlan: entered promiscuous mode [ 330.281528][T14848] veth0_macvtap: entered promiscuous mode [ 330.291345][T15079] hfsplus: cannot replace xattr [ 330.293819][T14848] veth1_macvtap: entered promiscuous mode [ 330.327844][T14848] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 330.340583][ T6505] hfsplus: b-tree write err: -5, ino 4 [ 330.353327][T14848] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 330.367195][T14848] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 330.376161][T14848] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 330.385456][T14848] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 330.394449][T14848] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 330.463432][ T120] airspy 2-1:0.0: Board ID: 00 [ 330.482934][ T120] airspy 2-1:0.0: Firmware version: [ 330.563314][ T6495] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 330.577641][ T6495] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 330.662704][ T6505] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 330.705079][ T6505] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 330.796180][T15087] loop0: detected capacity change from 0 to 4096 [ 331.065078][T15099] sg_read: process 1776 (syz.0.2033) changed security contexts after opening file descriptor, this is not allowed. [ 331.077435][ T120] airspy 2-1:0.0: usb_control_msg() failed -71 request 12 [ 331.092409][ T120] airspy 2-1:0.0: Registered as swradio24 [ 331.117629][ T120] airspy 2-1:0.0: SDR API is still slightly experimental and functionality changes may follow [ 331.138927][ T120] usb 2-1: USB disconnect, device number 17 [ 331.224218][ T5907] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 331.390847][ T5907] usb 7-1: Using ep0 maxpacket: 32 [ 331.427271][ T5907] usb 7-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7 [ 331.446926][ T5907] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 331.463003][ T5907] usb 7-1: config 0 descriptor?? [ 331.478129][ T5907] gspca_main: sq930x-2.14.0 probing 041e:403c [ 331.696501][T15126] loop0: detected capacity change from 0 to 2048 [ 331.745775][T15126] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 331.761109][ T928] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 331.839250][ T5831] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 331.918486][ T5900] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 331.946972][ T928] usb 5-1: Using ep0 maxpacket: 8 [ 331.956109][ T928] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 331.965654][ T928] usb 5-1: config 179 has no interface number 0 [ 331.975192][ T928] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 332.009326][ T928] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 332.020981][ T928] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 56, changing to 9 [ 332.034817][ T928] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 8448, setting to 1024 [ 332.046332][ T928] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 332.063362][ T928] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 332.106969][ T5900] usb 2-1: Using ep0 maxpacket: 16 [ 332.112271][ T928] usb 5-1: config 179 has no interface number 0 [ 332.121831][ T928] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 332.133994][ T928] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 332.146094][ T928] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 56, changing to 9 [ 332.158588][ T5900] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 332.167829][ T5900] usb 2-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0 [ 332.187244][ T5900] usb 2-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0 [ 332.197190][ T5900] usb 2-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0 [ 332.206998][ T928] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 8448, setting to 1024 [ 332.219053][ T5900] usb 2-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0 [ 332.229341][ T928] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 332.243258][ T5900] usb 2-1: config 1 interface 0 has no altsetting 0 [ 332.253387][ T5900] usb 2-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 332.272039][ T928] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 332.304303][ T5900] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 332.312457][ T928] usb 5-1: config 179 has no interface number 0 [ 332.323164][ T928] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 332.335365][ T5907] gspca_sq930x: reg_w 0105 bf00 failed -71 [ 332.345221][ T928] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 332.358870][ T5900] ums-sddr09 2-1:1.0: USB Mass Storage device detected [ 332.366080][ T928] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 56, changing to 9 [ 332.379649][ T928] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 8448, setting to 1024 [ 332.395140][ T928] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 332.409064][ T5907] sq930x 7-1:0.0: probe with driver sq930x failed with error -71 [ 332.419964][ T5907] usb 7-1: USB disconnect, device number 2 [ 332.426376][ T928] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 332.436891][ T928] usb 5-1: config 179 has no interface number 0 [ 332.443325][ T928] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 332.458999][ T928] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 332.471597][ T928] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 56, changing to 9 [ 332.483547][ T928] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 8448, setting to 1024 [ 332.498585][ T928] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 332.514533][ T928] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 332.529492][ T928] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 332.545095][T15121] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 332.567243][ T5900] scsi host1: usb-storage 2-1:1.0 [ 332.766847][ T120] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 332.777081][ T5907] usb 2-1: USB disconnect, device number 18 [ 332.872908][T15140] loop0: detected capacity change from 0 to 40427 [ 332.909138][T15140] F2FS-fs (loop0): build fault injection rate: 690 [ 332.926336][ T120] usb 4-1: Using ep0 maxpacket: 8 [ 332.947247][T15140] F2FS-fs (loop0): build fault injection type: 0x2 [ 332.954723][T15140] F2FS-fs (loop0): Image doesn't support compression [ 332.973508][ T928] input: Generic X-Box pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:179.65/input/input23 [ 332.985017][ T120] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 332.995431][ T120] usb 4-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 333.006570][T15140] F2FS-fs (loop0): Image doesn't support compression [ 333.023629][ T120] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 333.041880][T15140] F2FS-fs (loop0): invalid crc value [ 333.050317][ T120] usb 4-1: config 0 descriptor?? [ 333.069928][ T120] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 333.146295][T15121] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 333.180865][T15121] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 333.291321][T15140] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 333.427770][ T5838] usb 5-1: USB disconnect, device number 22 [ 333.427888][ C1] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 333.443016][ C1] dummy_hcd dummy_hcd.4: timer fired with no URBs pending? [ 333.494030][ T5831] syz-executor: attempt to access beyond end of device [ 333.494030][ T5831] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 333.543239][ T5831] CPU: 0 UID: 0 PID: 5831 Comm: syz-executor Not tainted 6.16.0-rc2-next-20250618-syzkaller #0 PREEMPT(full) [ 333.543272][ T5831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 333.543285][ T5831] Call Trace: [ 333.543293][ T5831] [ 333.543302][ T5831] dump_stack_lvl+0x189/0x250 [ 333.543344][ T5831] ? __pfx_dump_stack_lvl+0x10/0x10 [ 333.543371][ T5831] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 333.543397][ T5831] ? __pfx_queue_work_on+0x10/0x10 [ 333.543419][ T5831] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 333.543443][ T5831] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 333.543470][ T5831] ? f2fs_hw_is_readonly+0x39b/0x470 [ 333.543501][ T5831] f2fs_handle_critical_error+0x37c/0x540 [ 333.543533][ T5831] f2fs_write_end_io+0x495/0x810 [ 333.543565][ T5831] ? blkg_put+0x22/0x240 [ 333.543608][ T5831] __submit_merged_bio+0x27a/0x6a0 [ 333.543640][ T5831] __submit_merged_write_cond+0x255/0x530 [ 333.543674][ T5831] f2fs_write_data_pages+0x261d/0x3000 [ 333.543699][ T5831] ? __lock_acquire+0xab9/0xd20 [ 333.543769][ T5831] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 333.543850][ T5831] ? lockdep_hardirqs_on+0x9c/0x150 [ 333.543891][ T5831] ? folios_put_refs+0x560/0x640 [ 333.543944][ T5831] ? __lock_acquire+0xab9/0xd20 [ 333.543982][ T5831] ? do_raw_spin_lock+0x121/0x290 [ 333.544020][ T5831] ? do_raw_spin_unlock+0x122/0x240 [ 333.544044][ T5831] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 333.544071][ T5831] do_writepages+0x32e/0x550 [ 333.544116][ T5831] ? do_raw_spin_unlock+0x122/0x240 [ 333.544144][ T5831] filemap_fdatawrite+0x199/0x240 [ 333.544175][ T5831] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 333.544274][ T5831] ? do_raw_spin_unlock+0x122/0x240 [ 333.544304][ T5831] f2fs_sync_dirty_inodes+0x31f/0x830 [ 333.544352][ T5831] f2fs_write_checkpoint+0x95a/0x1df0 [ 333.544410][ T5831] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 333.544488][ T5831] ? try_to_wake_up+0x7e5/0x1290 [ 333.544519][ T5831] ? kill_f2fs_super+0x298/0x6c0 [ 333.544554][ T5831] kill_f2fs_super+0x2c3/0x6c0 [ 333.544589][ T5831] ? __pfx_kill_f2fs_super+0x10/0x10 [ 333.544613][ T5831] ? radix_tree_delete_item+0x2b6/0x400 [ 333.544649][ T5831] ? shrinker_free+0x2ce/0x3e0 [ 333.544677][ T5831] deactivate_locked_super+0xb9/0x130 [ 333.544707][ T5831] cleanup_mnt+0x425/0x4c0 [ 333.544734][ T5831] ? lockdep_hardirqs_on+0x9c/0x150 [ 333.544764][ T5831] task_work_run+0x1d1/0x260 [ 333.544793][ T5831] ? __pfx_task_work_run+0x10/0x10 [ 333.544814][ T5831] ? __x64_sys_umount+0x122/0x160 [ 333.544850][ T5831] ? exit_to_user_mode_loop+0x40/0x110 [ 333.544883][ T5831] exit_to_user_mode_loop+0xec/0x110 [ 333.544911][ T5831] do_syscall_64+0x2bd/0x3b0 [ 333.544947][ T5831] ? lockdep_hardirqs_on+0x9c/0x150 [ 333.544972][ T5831] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 333.544991][ T5831] ? clear_bhb_loop+0x60/0xb0 [ 333.545016][ T5831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 333.545035][ T5831] RIP: 0033:0x7f78a498fc57 [ 333.545054][ T5831] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 333.545072][ T5831] RSP: 002b:00007ffec2b76c18 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 333.545094][ T5831] RAX: 0000000000000000 RBX: 00007f78a4a10925 RCX: 00007f78a498fc57 [ 333.545107][ T5831] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffec2b76cd0 [ 333.545119][ T5831] RBP: 00007ffec2b76cd0 R08: 0000000000000000 R09: 0000000000000000 [ 333.545132][ T5831] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffec2b77d60 [ 333.545145][ T5831] R13: 00007f78a4a10925 R14: 000000000005162d R15: 00007ffec2b77da0 [ 333.545182][ T5831] [ 333.545479][ T5831] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 334.145679][ T120] gspca_vc032x: reg_r err -71 [ 334.150743][ T120] vc032x 4-1:0.0: probe with driver vc032x failed with error -71 [ 334.161162][ T120] usb 4-1: USB disconnect, device number 15 [ 334.577079][T15177] loop4: detected capacity change from 0 to 4096 [ 334.604770][T15177] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 334.743702][T15177] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #15: comm syz.4.2066: corrupted inode contents [ 334.762412][T15177] EXT4-fs error (device loop4): ext4_dirty_inode:6459: inode #15: comm syz.4.2066: mark_inode_dirty error [ 334.775931][T15177] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #15: comm syz.4.2066: corrupted inode contents [ 334.853096][T15177] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #15: comm syz.4.2066: mark_inode_dirty error [ 334.956742][T15177] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #15: comm syz.4.2066: corrupted inode contents [ 335.078614][T15177] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #15: comm syz.4.2066: mark_inode_dirty error [ 335.112769][T15192] loop0: detected capacity change from 0 to 4096 [ 335.133447][T15192] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [ 335.160453][T15177] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #15: comm syz.4.2066: corrupted inode contents [ 335.354534][T15177] EXT4-fs error (device loop4): ext4_truncate:4597: inode #15: comm syz.4.2066: mark_inode_dirty error [ 335.441302][T15177] EXT4-fs error (device loop4) in ext4_setattr:5986: Corrupt filesystem [ 335.488390][T15200] IPVS: sync thread started: state = MASTER, mcast_ifn = wg1, syncid = 262145, id = 0 [ 335.513189][T15199] IPVS: stopping master sync thread 15200 ... [ 335.572354][T15204] loop1: detected capacity change from 0 to 8 [ 335.774546][T15209] loop6: detected capacity change from 0 to 1024 [ 335.782169][T15212] loop1: detected capacity change from 0 to 512 [ 335.814919][T15212] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 335.828805][T15212] ext4 filesystem being mounted at /53/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 335.859949][T15212] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000d40000 ro. [ 335.910450][T15209] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 335.957289][T13017] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 336.057256][T15209] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 49 with max blocks 4 with error 28 [ 336.084305][T15209] EXT4-fs (loop6): This should not happen!! Data will be lost [ 336.084305][T15209] [ 336.104399][T15209] EXT4-fs (loop6): Total free blocks count 0 [ 336.114682][T15209] EXT4-fs (loop6): Free/Dirty block details [ 336.146916][T15209] EXT4-fs (loop6): free_blocks=0 [ 336.156841][T15209] EXT4-fs (loop6): dirty_blocks=0 [ 336.196822][T15209] EXT4-fs (loop6): Block reservation details [ 336.213422][T15209] EXT4-fs (loop6): i_reserved_data_blocks=0 [ 336.333731][T14848] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 336.451724][T15228] loop1: detected capacity change from 0 to 128 [ 336.489719][T15228] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 336.509218][T15228] ext4 filesystem being mounted at /56/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 336.582470][T15210] loop3: detected capacity change from 0 to 32768 [ 336.594036][T15177] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #15: comm syz.4.2066: corrupted inode contents [ 336.638266][T15210] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 336.663785][T15177] EXT4-fs warning (device loop4): swap_inode_boot_loader:477: couldn't mark inode #15 dirty (err -117) [ 336.701678][ T928] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 336.721774][T15226] loop0: detected capacity change from 0 to 32768 [ 336.736962][T15226] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.2084 (15226) [ 336.750225][T15210] XFS (loop3): Ending clean mount [ 336.753086][T15210] XFS (loop3): Quotacheck needed: Please wait. [ 336.774348][T15226] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 336.788015][T15226] BTRFS info (device loop0): using sha256 (sha256-x86_64) checksum algorithm [ 336.789526][ T5836] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 336.810256][T15226] BTRFS info (device loop0): using free-space-tree [ 336.828968][T13017] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 336.898094][T15210] XFS (loop3): Quotacheck: Done. [ 336.898662][ T928] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 336.944697][ T928] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 336.955730][ T928] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 336.970079][ T928] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 336.981503][ T928] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 336.984843][T15226] BTRFS info (device loop0): rebuilding free space tree [ 336.992847][ T928] usb 7-1: config 0 descriptor?? [ 337.085875][ T5842] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 337.323250][T15266] loop4: detected capacity change from 0 to 1024 [ 337.366133][T15266] hfsplus: failed to load root directory [ 337.397467][ T5831] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 337.456448][ T928] plantronics 0003:047F:FFFF.0012: unknown main item tag 0x3 [ 337.519422][ T928] plantronics 0003:047F:FFFF.0012: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0 [ 337.577971][T15268] loop3: detected capacity change from 0 to 128 [ 337.653215][ T928] usb 7-1: USB disconnect, device number 3 [ 338.036840][ T5885] usb 2-1: new full-speed USB device number 19 using dummy_hcd [ 338.200298][ T5885] usb 2-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 338.232574][ T5885] usb 2-1: config 4 has 0 interfaces, different from the descriptor's value: 1 [ 338.256052][ T5885] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 338.277953][ T5885] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 338.327564][T15278] loop3: detected capacity change from 0 to 40427 [ 338.359762][T15290] loop0: detected capacity change from 0 to 256 [ 338.366562][T15278] F2FS-fs (loop3): invalid crc value [ 338.506973][T15278] F2FS-fs (loop3): Start checkpoint disabled! [ 338.517266][T15278] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 338.560659][ T30] audit: type=1800 audit(1750253825.339:322): pid=15278 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2096" name="file1" dev="loop3" ino=10 res=0 errno=0 [ 338.569337][T15278] syz.3.2096: attempt to access beyond end of device [ 338.569337][T15278] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 338.619133][ T928] usb 2-1: USB disconnect, device number 19 [ 338.648174][T15278] syz.3.2096: attempt to access beyond end of device [ 338.648174][T15278] loop3: rw=2049, sector=45120, nr_sectors = 8 limit=40427 [ 338.677133][T15278] syz.3.2096: attempt to access beyond end of device [ 338.677133][T15278] loop3: rw=2049, sector=45144, nr_sectors = 24 limit=40427 [ 338.712481][T15278] syz.3.2096: attempt to access beyond end of device [ 338.712481][T15278] loop3: rw=2049, sector=45192, nr_sectors = 32 limit=40427 [ 338.733425][T15278] syz.3.2096: attempt to access beyond end of device [ 338.733425][T15278] loop3: rw=2049, sector=45256, nr_sectors = 16 limit=40427 [ 338.777965][T15278] syz.3.2096: attempt to access beyond end of device [ 338.777965][T15278] loop3: rw=2049, sector=45280, nr_sectors = 16 limit=40427 [ 338.817666][T15278] syz.3.2096: attempt to access beyond end of device [ 338.817666][T15278] loop3: rw=2049, sector=45328, nr_sectors = 24 limit=40427 [ 338.913721][ T6480] kworker/u8:9: attempt to access beyond end of device [ 338.913721][ T6480] loop3: rw=2049, sector=45352, nr_sectors = 8 limit=40427 [ 338.975451][ T6480] CPU: 1 UID: 0 PID: 6480 Comm: kworker/u8:9 Not tainted 6.16.0-rc2-next-20250618-syzkaller #0 PREEMPT(full) [ 338.975483][ T6480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 338.975497][ T6480] Workqueue: writeback wb_workfn (flush-7:3) [ 338.975532][ T6480] Call Trace: [ 338.975540][ T6480] [ 338.975549][ T6480] dump_stack_lvl+0x189/0x250 [ 338.975587][ T6480] ? __pfx_dump_stack_lvl+0x10/0x10 [ 338.975615][ T6480] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 338.975640][ T6480] ? __pfx_queue_work_on+0x10/0x10 [ 338.975662][ T6480] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 338.975685][ T6480] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 338.975720][ T6480] ? f2fs_hw_is_readonly+0x39b/0x470 [ 338.975748][ T6480] f2fs_handle_critical_error+0x37c/0x540 [ 338.975776][ T6480] f2fs_write_end_io+0x495/0x810 [ 338.975801][ T6480] ? blkg_put+0x22/0x240 [ 338.975843][ T6480] __submit_merged_bio+0x27a/0x6a0 [ 338.975873][ T6480] __submit_merged_write_cond+0x255/0x530 [ 338.975906][ T6480] f2fs_write_data_pages+0x261d/0x3000 [ 338.975975][ T6480] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 338.976019][ T6480] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 338.976103][ T6480] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 338.976144][ T6480] ? trace_f2fs_writepages+0x7f/0x200 [ 338.976170][ T6480] ? f2fs_write_node_pages+0x478/0x6e0 [ 338.976199][ T6480] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 338.976239][ T6480] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 338.976267][ T6480] do_writepages+0x32e/0x550 [ 338.976304][ T6480] ? reacquire_held_locks+0x127/0x1d0 [ 338.976323][ T6480] ? writeback_sb_inodes+0x384/0x1010 [ 338.976363][ T6480] __writeback_single_inode+0x145/0xff0 [ 338.976392][ T6480] ? do_raw_spin_unlock+0x122/0x240 [ 338.976422][ T6480] writeback_sb_inodes+0x6c7/0x1010 [ 338.976495][ T6480] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 338.976570][ T6480] ? rcu_is_watching+0x15/0xb0 [ 338.976610][ T6480] wb_writeback+0x43b/0xaf0 [ 338.976647][ T6480] ? queue_io+0x351/0x590 [ 338.976678][ T6480] ? __pfx_wb_writeback+0x10/0x10 [ 338.976722][ T6480] ? _raw_spin_unlock_irq+0x23/0x50 [ 338.976755][ T6480] wb_workfn+0x409/0xef0 [ 338.976792][ T6480] ? __pfx_wb_workfn+0x10/0x10 [ 338.976821][ T6480] ? __lock_acquire+0xab9/0xd20 [ 338.976863][ T6480] ? process_scheduled_works+0x9ef/0x17b0 [ 338.976899][ T6480] ? _raw_spin_unlock_irq+0x23/0x50 [ 338.976919][ T6480] ? process_scheduled_works+0x9ef/0x17b0 [ 338.976943][ T6480] ? process_scheduled_works+0x9ef/0x17b0 [ 338.976971][ T6480] process_scheduled_works+0xae1/0x17b0 [ 338.977031][ T6480] ? __pfx_process_scheduled_works+0x10/0x10 [ 338.977085][ T6480] worker_thread+0x8a0/0xda0 [ 338.977141][ T6480] kthread+0x70e/0x8a0 [ 338.977170][ T6480] ? __pfx_worker_thread+0x10/0x10 [ 338.977198][ T6480] ? __pfx_kthread+0x10/0x10 [ 338.977224][ T6480] ? _raw_spin_unlock_irq+0x23/0x50 [ 338.977248][ T6480] ? lockdep_hardirqs_on+0x9c/0x150 [ 338.977272][ T6480] ? __pfx_kthread+0x10/0x10 [ 338.977297][ T6480] ret_from_fork+0x3f9/0x770 [ 338.977329][ T6480] ? __pfx_ret_from_fork+0x10/0x10 [ 338.977366][ T6480] ? __switch_to_asm+0x39/0x70 [ 338.977385][ T6480] ? __switch_to_asm+0x33/0x70 [ 338.977399][ T6480] ? __pfx_kthread+0x10/0x10 [ 338.977416][ T6480] ret_from_fork_asm+0x1a/0x30 [ 338.977467][ T6480] [ 339.127136][T15316] kernel read not supported for file /eth0 (pid: 15316 comm: syz.0.2114) [ 339.138074][ T6480] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 339.198212][ T30] audit: type=1800 audit(1750253825.989:323): pid=15316 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2114" name="eth0" dev="mqueue" ino=36922 res=0 errno=0 [ 339.652095][T15330] loop0: detected capacity change from 0 to 4096 [ 339.763030][T15335] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 339.878748][T15340] raw_sendmsg: syz.6.2124 forgot to set AF_INET. Fix it! [ 339.924256][T15339] loop4: detected capacity change from 0 to 4096 [ 339.979564][T15339] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 340.003018][T15339] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 4096) [ 340.081281][T15350] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 340.542795][ T5900] hid-generic 0005:16BF:5505.0013: unknown main item tag 0x0 [ 340.555171][T15367] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 340.560641][ T5900] hid-generic 0005:16BF:5505.0013: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa [ 340.597052][T15367] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 340.606568][T15367] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 340.615754][T15367] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 340.624752][T15367] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 340.630981][T15367] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 340.643600][T15367] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 340.754320][T15379] loop6: detected capacity change from 0 to 512 [ 340.771678][T15379] EXT4-fs (loop6): filesystem is read-only [ 340.794698][T15379] EXT4-fs (loop6): filesystem is read-only [ 340.806932][T15379] EXT4-fs (loop6): orphan cleanup on readonly fs [ 340.824004][T15379] EXT4-fs error (device loop6): ext4_orphan_get:1419: comm syz.6.2140: bad orphan inode 16 [ 340.845173][T15379] ext4_test_bit(bit=15, block=3) = 0 [ 340.859172][T15379] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 340.919583][T15383] loop0: detected capacity change from 0 to 1024 [ 341.026505][T15379] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 46 vs 41 free clusters [ 341.219954][T14848] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 342.006912][ T5900] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 342.030906][T15428] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2160'. [ 342.076925][ T928] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 342.176827][ T5900] usb 7-1: Using ep0 maxpacket: 32 [ 342.188626][ T5900] usb 7-1: config 0 has an invalid interface number: 85 but max is 0 [ 342.216806][ T5900] usb 7-1: config 0 has no interface number 0 [ 342.227008][ T928] usb 5-1: Using ep0 maxpacket: 8 [ 342.232654][ T5900] usb 7-1: config 0 interface 85 has no altsetting 0 [ 342.260086][ T928] usb 5-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 342.270188][ T5900] usb 7-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 342.279487][ T5900] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 342.298494][ T928] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 342.306653][ T928] usb 5-1: Product: syz [ 342.311013][ T5900] usb 7-1: Product: syz [ 342.315363][ T5900] usb 7-1: Manufacturer: syz [ 342.326844][ T928] usb 5-1: Manufacturer: syz [ 342.337118][ T928] usb 5-1: SerialNumber: syz [ 342.342073][ T5900] usb 7-1: SerialNumber: syz [ 342.349421][T15430] loop3: detected capacity change from 0 to 4096 [ 342.353093][ T928] usb 5-1: config 0 descriptor?? [ 342.362821][ T5900] usb 7-1: config 0 descriptor?? [ 342.371438][ T5900] appletouch 7-1:0.85: Could not find int-in endpoint [ 342.380559][ T5900] appletouch 7-1:0.85: probe with driver appletouch failed with error -5 [ 342.383021][ T928] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 342.401781][ T5900] usbhid 7-1:0.85: couldn't find an input interrupt endpoint [ 342.411539][ T928] usb 5-1: setting power ON [ 342.416514][ T928] dvb-usb: bulk message failed: -22 (2/0) [ 342.428272][ T928] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 342.452684][T15430] ntfs3(loop3): ino=1a, mi_enum_attr [ 342.457482][ T928] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 342.466587][ T928] usb 5-1: media controller created [ 342.467681][T15430] ntfs3(loop3): Mark volume as dirty due to NTFS errors [ 342.502177][ T928] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 342.547903][ T928] usb 5-1: selecting invalid altsetting 6 [ 342.565663][T15426] loop0: detected capacity change from 0 to 32768 [ 342.572535][ T928] usb 5-1: digital interface selection failed (-22) [ 342.578947][T15414] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 342.580017][ T928] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 342.607031][T15414] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 342.610179][ T928] usb 5-1: setting power OFF [ 342.621774][ T5844] Bluetooth: hci4: command 0x0c1a tx timeout [ 342.621801][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 342.628336][ T5844] Bluetooth: hci2: command 0x0c1a tx timeout [ 342.641760][ T928] dvb-usb: bulk message failed: -22 (2/0) [ 342.647950][ T928] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 342.662975][ T928] (NULL device *): no alternate interface [ 342.684365][ T30] audit: type=1326 audit(1750253829.469:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15413 comm="syz.6.2154" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f677d38e929 code=0x0 [ 342.719881][ T5844] Bluetooth: hci1: command 0x0c1a tx timeout [ 342.729682][T15424] loop1: detected capacity change from 0 to 32768 [ 342.744879][ T928] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 342.760282][ T928] usb 5-1: USB disconnect, device number 23 [ 342.763646][T15424] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.2159 (15424) [ 342.790875][ T61] ntfs3(loop3): ino=5, mi_enum_attr [ 342.828491][T15424] BTRFS info (device loop1): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 342.863494][T15424] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 342.892854][T15424] BTRFS info (device loop1): disk space caching is enabled [ 342.916868][T15424] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 343.028690][T15424] BTRFS info (device loop1): rebuilding free space tree [ 343.065148][T15424] BTRFS info (device loop1): disabling free space tree [ 343.073812][T15424] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 343.095742][T15424] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 343.224627][T13017] BTRFS info (device loop1): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 343.455487][T15434] loop3: detected capacity change from 0 to 40427 [ 343.516416][T15434] F2FS-fs (loop3): build fault injection type: 0x7 [ 343.554392][T15434] F2FS-fs (loop3): invalid crc value [ 343.769160][T15434] F2FS-fs (loop3): Start checkpoint disabled! [ 343.801732][T15434] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 343.934376][T15456] loop4: detected capacity change from 0 to 32768 [ 343.941879][T15456] XFS: attr2 mount option is deprecated. [ 343.994455][T15456] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 344.049254][T15456] XFS (loop4): Ending clean mount [ 344.062286][T15456] XFS (loop4): Quotacheck needed: Please wait. [ 344.144033][T15456] XFS (loop4): Quotacheck: Done. [ 344.198782][ T13] kworker/u8:1: attempt to access beyond end of device [ 344.198782][ T13] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 344.213771][ T13] CPU: 1 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted 6.16.0-rc2-next-20250618-syzkaller #0 PREEMPT(full) [ 344.213797][ T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 344.213811][ T13] Workqueue: writeback wb_workfn (flush-7:3) [ 344.213844][ T13] Call Trace: [ 344.213852][ T13] [ 344.213861][ T13] dump_stack_lvl+0x189/0x250 [ 344.213898][ T13] ? __pfx_dump_stack_lvl+0x10/0x10 [ 344.213925][ T13] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 344.213951][ T13] ? __pfx_queue_work_on+0x10/0x10 [ 344.213973][ T13] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 344.213997][ T13] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 344.214023][ T13] ? f2fs_hw_is_readonly+0x39b/0x470 [ 344.214053][ T13] f2fs_handle_critical_error+0x37c/0x540 [ 344.214085][ T13] f2fs_write_end_io+0x495/0x810 [ 344.214110][ T13] ? blkg_put+0x22/0x240 [ 344.214151][ T13] __submit_merged_bio+0x27a/0x6a0 [ 344.214182][ T13] __submit_merged_write_cond+0x255/0x530 [ 344.214215][ T13] f2fs_write_data_pages+0x261d/0x3000 [ 344.214285][ T13] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 344.214306][ T13] ? __switch_to+0xd74/0x1600 [ 344.214387][ T13] ? trace_sched_exit_tp+0x38/0x120 [ 344.214413][ T13] ? __schedule+0x1713/0x4d00 [ 344.214460][ T13] ? preempt_schedule_common+0x83/0xd0 [ 344.214483][ T13] ? f2fs_write_node_pages+0x478/0x6e0 [ 344.214508][ T13] ? __pfx___schedule+0x10/0x10 [ 344.214563][ T13] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 344.214590][ T13] do_writepages+0x32e/0x550 [ 344.214622][ T13] ? preempt_schedule+0xae/0xc0 [ 344.214645][ T13] ? __pfx_preempt_schedule+0x10/0x10 [ 344.214666][ T13] ? reacquire_held_locks+0x127/0x1d0 [ 344.214685][ T13] ? writeback_sb_inodes+0x384/0x1010 [ 344.214725][ T13] __writeback_single_inode+0x145/0xff0 [ 344.214768][ T13] writeback_sb_inodes+0x6c7/0x1010 [ 344.214830][ T13] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 344.214913][ T13] ? rcu_is_watching+0x15/0xb0 [ 344.214955][ T13] wb_writeback+0x43b/0xaf0 [ 344.214994][ T13] ? queue_io+0x351/0x590 [ 344.215026][ T13] ? __pfx_wb_writeback+0x10/0x10 [ 344.215065][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 344.215096][ T13] wb_workfn+0x409/0xef0 [ 344.215140][ T13] ? __pfx_wb_workfn+0x10/0x10 [ 344.215170][ T13] ? __lock_acquire+0xab9/0xd20 [ 344.215213][ T13] ? process_scheduled_works+0x9ef/0x17b0 [ 344.215250][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 344.215272][ T13] ? process_scheduled_works+0x9ef/0x17b0 [ 344.215297][ T13] ? process_scheduled_works+0x9ef/0x17b0 [ 344.215328][ T13] process_scheduled_works+0xae1/0x17b0 [ 344.215395][ T13] ? __pfx_process_scheduled_works+0x10/0x10 [ 344.215446][ T13] worker_thread+0x8a0/0xda0 [ 344.215500][ T13] kthread+0x70e/0x8a0 [ 344.215527][ T13] ? __pfx_worker_thread+0x10/0x10 [ 344.215561][ T13] ? __pfx_kthread+0x10/0x10 [ 344.215586][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 344.215609][ T13] ? lockdep_hardirqs_on+0x9c/0x150 [ 344.215633][ T13] ? __pfx_kthread+0x10/0x10 [ 344.215657][ T13] ret_from_fork+0x3f9/0x770 [ 344.215690][ T13] ? __pfx_ret_from_fork+0x10/0x10 [ 344.215726][ T13] ? __switch_to_asm+0x39/0x70 [ 344.215744][ T13] ? __switch_to_asm+0x33/0x70 [ 344.215763][ T13] ? __pfx_kthread+0x10/0x10 [ 344.215787][ T13] ret_from_fork_asm+0x1a/0x30 [ 344.215829][ T13] [ 344.216079][ T13] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 344.236628][T15459] loop1: detected capacity change from 0 to 32768 [ 344.307070][ T928] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 344.325423][ T5836] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 344.396552][T15459] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 344.674472][T15459] XFS (loop1): Ending clean mount [ 344.694448][ T928] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 344.706795][ T928] usb 1-1: config 0 has no interface number 0 [ 344.728723][ T928] usb 1-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 344.769396][ T928] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 344.777629][ T5844] Bluetooth: hci1: command 0x0c1a tx timeout [ 344.819224][ T120] usb 7-1: USB disconnect, device number 4 [ 344.820965][ T928] usb 1-1: Product: syz [ 344.829372][ T928] usb 1-1: Manufacturer: syz [ 344.833973][ T928] usb 1-1: SerialNumber: syz [ 344.842179][ T928] usb 1-1: config 0 descriptor?? [ 344.884054][T13017] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 345.058671][ T928] usb 1-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 345.097705][ T928] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 345.134242][ T928] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 345.154277][ T928] usb 1-1: media controller created [ 345.177051][ T5900] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 345.249948][ T928] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 345.300663][ T928] i2c i2c-3: ec100: i2c rd failed=-32 reg=33 [ 345.355551][ T928] usb 1-1: USB disconnect, device number 20 [ 345.370921][ T5900] usb 5-1: New USB device found, idVendor=2770, idProduct=9052, bcdDevice=15.f5 [ 345.381586][ T30] audit: type=1800 audit(1750253832.159:325): pid=15492 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2170" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 345.422384][ T5900] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 345.443201][ T5900] usb 5-1: Product: syz [ 345.464284][ T5900] usb 5-1: Manufacturer: syz [ 345.469931][ T5900] usb 5-1: SerialNumber: syz [ 345.477727][ T5900] usb 5-1: config 0 descriptor?? [ 345.499017][ T5900] gspca_main: sq905c-2.14.0 probing 2770:9052 [ 345.776981][ T120] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 345.937131][ T120] usb 2-1: Using ep0 maxpacket: 16 [ 345.975980][ T120] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 345.996048][ T120] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 346.043906][ T120] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 346.071905][ T120] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 346.104541][ T120] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 346.125426][ T120] usb 2-1: Product: syz [ 346.136576][ T120] usb 2-1: Manufacturer: syz [ 346.170547][ T120] usb 2-1: SerialNumber: syz [ 346.306260][ T5885] usb 5-1: USB disconnect, device number 24 [ 346.430670][T15515] netlink: 'syz.0.2184': attribute type 13 has an invalid length. [ 346.455420][T15505] loop3: detected capacity change from 0 to 32768 [ 346.476841][T15505] btrfs: Deprecated parameter 'usebackuproot' [ 346.485365][T15505] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 346.508058][T15505] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.2180 (15505) [ 346.540045][T15505] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 346.557615][T15515] bridge0: port 2(bridge_slave_1) entered disabled state [ 346.567093][T15515] bridge0: port 1(bridge_slave_0) entered disabled state [ 346.575418][T15505] BTRFS info (device loop3): using sha256 (sha256-x86_64) checksum algorithm [ 346.584420][T15505] BTRFS info (device loop3): using free-space-tree [ 346.595963][ T120] usb 2-1: 0:2 : does not exist [ 346.647970][T15505] BTRFS info (device loop3): rebuilding free space tree [ 346.748881][T15515] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 346.770803][T15515] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 346.783440][ T6505] BTRFS info (device loop3 state M): qgroup scan completed (inconsistency flag cleared) [ 346.857910][ T5844] Bluetooth: hci1: command 0x0c1a tx timeout [ 346.876311][ T5842] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 346.975129][T15515] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 346.985081][T15515] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 346.994665][T15515] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 347.008703][T15515] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 347.236645][ T120] usb 2-1: 1:0: failed to get current value for ch 0 (-22) [ 347.287252][ T120] usb 2-1: USB disconnect, device number 20 [ 347.477049][ T928] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 347.580312][T15544] loop0: detected capacity change from 0 to 2048 [ 347.608894][T15544] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 347.660725][ T928] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 347.680852][ T5831] UDF-fs: error (device loop0): udf_read_inode: (ino 1317) failed !bh [ 347.683022][ T928] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 347.692183][ T5831] UDF-fs: error (device loop0): udf_read_inode: (ino 1317) failed !bh [ 347.707258][ T928] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 347.729281][ T928] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 347.742600][ T928] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 347.760129][ T928] usb 5-1: config 0 descriptor?? [ 347.820538][T15552] loop3: detected capacity change from 0 to 8 [ 348.197368][ T928] plantronics 0003:047F:FFFF.0014: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 348.501501][ T928] usb 5-1: USB disconnect, device number 25 [ 348.613889][ T61] bridge_slave_1: left allmulticast mode [ 348.625210][ T61] bridge_slave_1: left promiscuous mode [ 348.640503][ T61] bridge0: port 2(bridge_slave_1) entered disabled state [ 348.661197][ T61] bridge_slave_0: left allmulticast mode [ 348.670752][ T61] bridge_slave_0: left promiscuous mode [ 348.684609][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 348.703272][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 348.713437][T15569] loop6: detected capacity change from 0 to 256 [ 348.720549][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 348.732418][ T61] bridge0: port 1(bridge_slave_0) entered disabled state [ 348.743211][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 348.746962][T15569] FAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 348.766168][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 348.821879][ T30] audit: type=1800 audit(1750253835.609:326): pid=15569 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.2203" name="file1" dev="loop6" ino=1048660 res=0 errno=0 [ 348.844178][T15569] FAT-fs (loop6): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 348.853301][T15569] FAT-fs (loop6): Filesystem has been set read-only [ 348.891781][T15572] netlink: 'syz.1.2204': attribute type 2 has an invalid length. [ 349.221141][T15581] loop6: detected capacity change from 0 to 1024 [ 349.245362][T15581] EXT4-fs: Ignoring removed orlov option [ 349.273114][T15581] EXT4-fs (loop6): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 349.274597][T15583] loop4: detected capacity change from 0 to 256 [ 349.331634][T15581] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 349.466005][ T61] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 349.522067][ T61] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 349.535492][T14848] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 349.552777][ T61] bond0 (unregistering): Released all slaves [ 349.581981][T15591] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.2211'. [ 349.673472][ T61] tipc: Disabling bearer [ 349.685465][ T61] tipc: Left network mode [ 350.066624][T15613] netlink: 80 bytes leftover after parsing attributes in process `syz.4.2219'. [ 350.255402][ T61] hsr_slave_0: left promiscuous mode [ 350.278534][ T61] hsr_slave_1: left promiscuous mode [ 350.284680][ T61] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 350.295857][ T61] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 350.857130][ T51] Bluetooth: hci0: command tx timeout [ 350.913806][T15626] loop1: detected capacity change from 0 to 32768 [ 350.980571][ T30] audit: type=1800 audit(1750253837.769:327): pid=15626 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2224" name="file1" dev="loop1" ino=4 res=0 errno=0 [ 351.044816][T15631] find_entry called with index = 0 [ 351.055175][T15631] read_mapping_page failed! [ 351.061536][T15631] ERROR: (device loop1): txCommit: [ 351.061536][T15631] [ 351.078415][ T61] team0 (unregistering): Port device team_slave_1 removed [ 351.166009][ C1] sd 0:0:1:0: [sda] tag#5501 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 351.179300][ C1] sd 0:0:1:0: [sda] tag#5501 CDB: Write(6) 0a 00 4e 23 00 00 00 00 00 00 00 00 [ 351.283166][ T61] team0 (unregistering): Port device team_slave_0 removed [ 351.718385][ T43] usb 2-1: new full-speed USB device number 21 using dummy_hcd [ 351.800043][T15641] loop4: detected capacity change from 0 to 32768 [ 351.815868][T15641] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 351.863336][T15641] XFS (loop4): Ending clean mount [ 351.900008][ T43] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 351.916242][ T43] usb 2-1: config 0 interface 0 has no altsetting 0 [ 351.936578][ T43] usb 2-1: New USB device found, idVendor=28bd, idProduct=0078, bcdDevice= 0.00 [ 351.946059][ T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 351.974120][ T43] usb 2-1: config 0 descriptor?? [ 351.982651][ T5836] XFS (loop4): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 352.000092][T15642] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 352.519278][ T43] uclogic 0003:28BD:0078.0015: interface is invalid, ignoring [ 352.564627][T15566] chnl_net:caif_netlink_parms(): no params data found [ 352.623757][ T43] usb 2-1: USB disconnect, device number 21 [ 352.937697][ T51] Bluetooth: hci0: command tx timeout [ 352.978639][T15566] bridge0: port 1(bridge_slave_0) entered blocking state [ 353.000781][T15566] bridge0: port 1(bridge_slave_0) entered disabled state [ 353.012994][T15566] bridge_slave_0: entered allmulticast mode [ 353.026419][T15566] bridge_slave_0: entered promiscuous mode [ 353.044178][T15566] bridge0: port 2(bridge_slave_1) entered blocking state [ 353.053855][T15566] bridge0: port 2(bridge_slave_1) entered disabled state [ 353.099700][T15566] bridge_slave_1: entered allmulticast mode [ 353.119438][T15566] bridge_slave_1: entered promiscuous mode [ 353.324065][T15566] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 353.380212][T15566] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 353.565090][T15566] team0: Port device team_slave_0 added [ 353.584253][T15566] team0: Port device team_slave_1 added [ 353.681843][T15693] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2246'. [ 353.699381][T15566] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 353.706579][T15566] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 353.736368][T15566] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 353.750939][T15566] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 353.758251][T15566] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 353.786034][T15566] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 353.986105][T15566] hsr_slave_0: entered promiscuous mode [ 354.001706][T15566] hsr_slave_1: entered promiscuous mode [ 354.011656][T15566] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 354.023462][T15566] Cannot create hsr debugfs directory [ 354.074241][T15707] loop1: detected capacity change from 0 to 256 [ 354.197192][ T5885] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 354.273552][T15566] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 354.291638][T15566] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 354.326074][T15566] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 354.336970][ T5838] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 354.353946][T15566] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 354.368625][ T5885] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 354.407071][ T5885] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 354.437086][ T5885] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 354.460882][ T5885] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 354.480390][ T5885] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 354.501544][ T5838] usb 2-1: Using ep0 maxpacket: 16 [ 354.521016][ T5885] usb 5-1: config 0 descriptor?? [ 354.530554][ T5838] usb 2-1: config 0 has an invalid interface number: 164 but max is 0 [ 354.546383][ T5838] usb 2-1: config 0 has no interface number 0 [ 354.566824][ T5838] usb 2-1: too many endpoints for config 0 interface 164 altsetting 34: 89, using maximum allowed: 30 [ 354.578186][ T5838] usb 2-1: config 0 interface 164 altsetting 34 has 0 endpoint descriptors, different from the interface descriptor's value: 89 [ 354.605965][T15724] loop3: detected capacity change from 0 to 164 [ 354.614623][ T5838] usb 2-1: config 0 interface 164 has no altsetting 0 [ 354.628406][ T5838] usb 2-1: New USB device found, idVendor=0a5c, idProduct=2033, bcdDevice=79.b0 [ 354.656510][ T5838] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 354.665655][ T5838] usb 2-1: Product: syz [ 354.670265][ T5838] usb 2-1: Manufacturer: syz [ 354.675164][T15724] rock: directory entry would overflow storage [ 354.682339][T15724] rock: sig=0x4f50, size=4, remaining=3 [ 354.689145][ T5838] usb 2-1: SerialNumber: syz [ 354.696191][T15724] iso9660: Corrupted directory entry in block 4 of inode 1792 [ 354.704167][T15566] 8021q: adding VLAN 0 to HW filter on device bond0 [ 354.712111][ T5838] usb 2-1: config 0 descriptor?? [ 354.751637][T15566] 8021q: adding VLAN 0 to HW filter on device team0 [ 354.766318][ T3425] bridge0: port 1(bridge_slave_0) entered blocking state [ 354.773732][ T3425] bridge0: port 1(bridge_slave_0) entered forwarding state [ 354.812630][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 354.819834][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 354.903287][T15728] loop3: detected capacity change from 0 to 256 [ 354.911628][T15728] exfat: Deprecated parameter 'namecase' [ 354.929945][ T5838] usb 2-1: USB disconnect, device number 22 [ 354.944275][T15728] exfat: Deprecated parameter 'namecase' [ 354.964237][T15566] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 354.981711][T15728] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xfcc0b04e, utbl_chksum : 0xe619d30d) [ 354.997928][ T5885] plantronics 0003:047F:FFFF.0016: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 355.017189][ T51] Bluetooth: hci0: command tx timeout [ 355.036268][T15728] exFAT-fs (loop3): error, data size is invalid(16777215) [ 355.047212][T15728] exFAT-fs (loop3): error, data size is invalid(16777215) [ 355.055054][T15728] exFAT-fs (loop3): error, data size is invalid(16777215) [ 355.163234][ T5900] usb 5-1: USB disconnect, device number 26 [ 355.405487][T15566] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 355.735162][T15759] loop3: detected capacity change from 0 to 8 [ 355.905505][T15566] veth0_vlan: entered promiscuous mode [ 355.931098][T15566] veth1_vlan: entered promiscuous mode [ 355.999789][T15566] veth0_macvtap: entered promiscuous mode [ 356.025387][T15566] veth1_macvtap: entered promiscuous mode [ 356.059940][T15566] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 356.086496][T15566] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 356.138953][T15566] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 356.155791][T15566] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 356.181197][T15566] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 356.203901][T15566] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 356.284620][T15770] loop3: detected capacity change from 0 to 128 [ 356.330571][ T5900] IPVS: starting estimator thread 0... [ 356.336405][T15770] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 356.379768][T15762] loop4: detected capacity change from 0 to 32768 [ 356.412021][T15770] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 356.467158][T15773] IPVS: using max 27 ests per chain, 64800 per kthread [ 356.506872][ T6505] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 356.514742][ T6505] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 356.619951][T15762] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow [ 356.619965][T15762] allowing incompatible features above 0.0: (unknown version) [ 356.619972][T15762] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 356.721812][ T6505] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 356.721833][ T6505] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 356.815313][T15762] bcachefs (loop4): Using encoding defined by superblock: utf8-12.1.0 [ 356.825720][T15762] bcachefs (loop4): initializing new filesystem [ 356.871665][T15762] bcachefs (loop4): going read-write [ 356.926411][T15762] bcachefs (loop4): marking superblocks [ 356.985325][T15762] bcachefs (loop4): initializing freespace [ 357.012276][T15798] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2281'. [ 357.061987][T15762] bcachefs (loop4): done initializing freespace [ 357.084056][T15762] bcachefs (loop4): reading snapshots table [ 357.097074][ T51] Bluetooth: hci0: command tx timeout [ 357.103997][T15762] bcachefs (loop4): reading snapshots done [ 357.210337][T15762] bcachefs (loop4): loop4: Superblock write was silently dropped! (seq 0 expected 42) [ 357.261623][T15762] bcachefs (loop4): done starting filesystem [ 357.540186][ T5836] bcachefs (loop4): shutting down [ 357.555640][ T5836] bcachefs (loop4): going read-only [ 357.572640][ T5836] bcachefs (loop4): finished waiting for writes to stop [ 357.596296][ T5836] bcachefs (loop4): flushing journal and stopping allocators, journal seq 4 [ 357.667397][ T5836] bcachefs (loop4): flushing journal and stopping allocators complete, journal seq 4 [ 357.677035][ T5885] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 357.702859][ T5836] bcachefs (loop4): clean shutdown complete, journal seq 5 [ 357.715843][ T5836] bcachefs (loop4): marking filesystem clean [ 357.798562][ T5836] bcachefs (loop4): shutdown complete [ 357.837534][ T5885] usb 4-1: Using ep0 maxpacket: 16 [ 357.845608][ T5885] usb 4-1: config index 0 descriptor too short (expected 16456, got 72) [ 357.849374][T15809] loop7: detected capacity change from 0 to 32768 [ 357.854233][ T5885] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 357.881222][ T5885] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 357.892258][ T5885] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 357.899606][T15809] XFS (loop7): DAX unsupported by block device. Turning off DAX. [ 357.901657][ T5885] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 357.918003][ T5885] usb 4-1: config 0 has no interface number 0 [ 357.926137][T15809] XFS (loop7): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 357.966889][ T5885] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 357.995692][ T5885] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 358.016216][T15809] XFS (loop7): Ending clean mount [ 358.018830][ T5885] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 358.045802][ T5885] usb 4-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 358.065197][ T5885] usb 4-1: config 0 interface 125 has no altsetting 0 [ 358.075203][ T5885] usb 4-1: config 0 interface 125 has no altsetting 2 [ 358.133034][T15566] XFS (loop7): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 358.156377][ T5885] usb 4-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 358.165996][ T5885] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 358.174345][ T5885] usb 4-1: Product: syz [ 358.209982][ T5885] usb 4-1: Manufacturer: syz [ 358.214605][ T5885] usb 4-1: SerialNumber: syz [ 358.247876][ T5885] usb 4-1: config 0 descriptor?? [ 358.279620][ T5885] usb 4-1: selecting invalid altsetting 2 [ 359.062485][T15837] loop7: detected capacity change from 0 to 32768 [ 359.076165][T15837] XFS (loop7): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 359.222247][T15837] XFS (loop7): Ending clean mount [ 359.318985][ T5885] usb 4-1: USB disconnect, device number 16 [ 359.359084][T15566] XFS (loop7): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 360.285416][T15869] loop1: detected capacity change from 0 to 32768 [ 360.320384][T15869] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 360.329161][T15883] bridge0: port 3(gretap0) entered blocking state [ 360.347057][T15883] bridge0: port 3(gretap0) entered disabled state [ 360.367027][T15883] gretap0: entered allmulticast mode [ 360.377411][T15883] gretap0: entered promiscuous mode [ 360.388687][T15883] bridge0: port 3(gretap0) entered blocking state [ 360.395663][T15883] bridge0: port 3(gretap0) entered forwarding state [ 360.407975][T15892] gretap0: left allmulticast mode [ 360.428067][T15892] gretap0: left promiscuous mode [ 360.428086][T15869] XFS (loop1): Ending clean mount [ 360.455288][T15892] bridge0: port 3(gretap0) entered disabled state [ 360.464393][T15869] XFS (loop1): Quotacheck needed: Please wait. [ 360.578492][T15869] XFS (loop1): Quotacheck: Done. [ 360.664713][T15896] loop7: detected capacity change from 0 to 128 [ 360.695242][ T30] audit: type=1800 audit(1750253847.479:328): pid=15896 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.2311" name="file1" dev="loop7" ino=1048666 res=0 errno=0 [ 360.737330][T15896] FAT-fs (loop7): error, invalid FAT chain (i_pos 548, last_block 8) [ 360.756850][T15896] FAT-fs (loop7): Filesystem has been set read-only [ 360.763709][T15896] FAT-fs (loop7): error, corrupted file size (i_pos 548, 522) [ 360.793611][T13017] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 361.148462][ T5844] Bluetooth: hci1: ACL packet for unknown connection handle 201 [ 361.324079][T15913] loop7: detected capacity change from 0 to 2048 [ 361.336734][ T30] audit: type=1326 audit(1750253848.119:329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15916 comm="syz.4.2322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a7f98e929 code=0x7ffc0000 [ 361.398264][ T30] audit: type=1326 audit(1750253848.119:330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15916 comm="syz.4.2322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a7f98e929 code=0x7ffc0000 [ 361.445070][T15913] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 361.460384][ T30] audit: type=1326 audit(1750253848.149:331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15916 comm="syz.4.2322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9a7f98e929 code=0x7ffc0000 [ 361.516376][ T30] audit: type=1326 audit(1750253848.149:332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15916 comm="syz.4.2322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a7f98e929 code=0x7ffc0000 [ 361.541023][ T30] audit: type=1326 audit(1750253848.149:333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15916 comm="syz.4.2322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a7f98e929 code=0x7ffc0000 [ 361.564080][ T30] audit: type=1326 audit(1750253848.149:334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15916 comm="syz.4.2322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9a7f98e929 code=0x7ffc0000 [ 362.550283][ T30] audit: type=1326 audit(1750253848.149:335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15916 comm="syz.4.2322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a7f98e929 code=0x7ffc0000 [ 362.572795][ T30] audit: type=1326 audit(1750253848.149:336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15916 comm="syz.4.2322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a7f98e929 code=0x7ffc0000 [ 362.600481][ T30] audit: type=1326 audit(1750253848.159:337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15916 comm="syz.4.2322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9a7f98e929 code=0x7ffc0000 [ 362.607621][T15940] (unnamed net_device) (uninitialized): ARP target 1.0.0.0 is already present [ 362.644894][T15940] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (1) [ 362.690053][T15926] loop1: detected capacity change from 0 to 131072 [ 362.697182][ T5885] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 362.791689][T15926] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 362.812081][T15926] F2FS-fs (loop1): lookup inode (7) has corrupted xattr [ 362.851353][T15926] F2FS-fs (loop1): lookup inode (7) has corrupted xattr [ 362.872550][ T5885] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 362.893550][ T5885] usb 7-1: config 0 interface 0 has no altsetting 0 [ 362.925104][ T5885] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 362.956626][ T5885] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 362.982072][ T5885] usb 7-1: Product: syz [ 362.986263][ T5885] usb 7-1: Manufacturer: syz [ 363.005512][ T5885] usb 7-1: SerialNumber: syz [ 363.021657][ T5885] usb 7-1: config 0 descriptor?? [ 363.035689][ T5885] usb 7-1: selecting invalid altsetting 0 [ 363.118983][T15957] loop4: detected capacity change from 0 to 2048 [ 363.143739][T15957] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 363.161008][T15957] ext4 filesystem being mounted at /488/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 363.308373][ T5836] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 363.326524][ T10] usb 7-1: USB disconnect, device number 5 [ 363.488298][T15970] Bluetooth: MGMT ver 1.23 [ 364.180098][T15985] loop6: detected capacity change from 0 to 1024 [ 364.264392][T15968] loop7: detected capacity change from 0 to 32768 [ 364.286442][T15968] XFS (loop7): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 364.327886][ T6485] hfsplus: b-tree write err: -5, ino 4 [ 364.420971][T15968] XFS (loop7): Ending clean mount [ 364.503545][T15566] XFS (loop7): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 364.777275][ T5900] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 364.941285][T15987] loop1: detected capacity change from 0 to 32768 [ 364.949999][ T5900] usb 7-1: config index 0 descriptor too short (expected 45, got 36) [ 364.963877][ T5900] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 364.996014][ T5900] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 365.025720][ T5900] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 365.041200][T15987] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 365.043860][T16022] loop4: detected capacity change from 0 to 128 [ 365.058351][ T5900] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 365.087899][ T5900] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 365.112238][T16022] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 365.136913][ T5900] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 365.137892][T16022] ext4 filesystem being mounted at /497/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 365.184247][ T5900] usb 7-1: config 0 descriptor?? [ 365.263797][T15987] XFS (loop1): Ending clean mount [ 365.320316][T15987] XFS (loop1): Quotacheck needed: Please wait. [ 365.374187][T15987] XFS (loop1): Quotacheck: Done. [ 365.510407][T13017] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 365.595790][T16033] loop7: detected capacity change from 0 to 512 [ 365.611923][ T5836] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 365.645072][ T5900] plantronics 0003:047F:FFFF.0017: reserved main item tag 0xd [ 365.680245][T16033] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 365.746551][T16033] ext4 filesystem being mounted at /19/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 365.759248][ T5900] plantronics 0003:047F:FFFF.0017: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0 [ 365.834025][T16033] EXT4-fs (loop7): shut down requested (1) [ 365.888700][ T10] usb 7-1: USB disconnect, device number 6 [ 365.924904][T16024] loop3: detected capacity change from 0 to 32768 [ 365.948565][T16024] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.2362 (16024) [ 365.985517][T15566] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 366.029079][T16024] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 366.057535][T16024] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm [ 366.067472][T16024] BTRFS info (device loop3): using free-space-tree [ 366.153054][T16046] loop7: detected capacity change from 0 to 2048 [ 366.178598][T16024] BTRFS info (device loop3): rebuilding free space tree [ 366.194043][T16046] NILFS (loop7): invalid segment: Magic number mismatch [ 366.214005][T16046] NILFS (loop7): trying rollback from an earlier position [ 366.263852][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 366.285853][T16046] NILFS (loop7): recovery complete [ 366.344351][T16065] NILFS (loop7): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 366.386986][ T0] NOHZ tick-stop error: local softirq work is pending, handler #242!!! [ 366.469080][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 366.569431][ T30] kauditd_printk_skb: 34 callbacks suppressed [ 366.569448][ T30] audit: type=1326 audit(1750253853.359:372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16042 comm="syz.4.2367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a7f98e929 code=0x7ffc0000 [ 366.610170][ T30] audit: type=1326 audit(1750253853.399:373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16042 comm="syz.4.2367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9a7f92ab19 code=0x7ffc0000 [ 366.611642][ T5842] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 366.761603][ T30] audit: type=1326 audit(1750253853.399:374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16042 comm="syz.4.2367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9a7f92ab19 code=0x7ffc0000 [ 366.807110][ T30] audit: type=1326 audit(1750253853.399:375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16042 comm="syz.4.2367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a7f98e929 code=0x7ffc0000 [ 366.856987][ T30] audit: type=1326 audit(1750253853.399:376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16042 comm="syz.4.2367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9a7f92ab19 code=0x7ffc0000 [ 366.994455][ T30] audit: type=1326 audit(1750253853.399:377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16042 comm="syz.4.2367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9a7f92ab19 code=0x7ffc0000 [ 367.013060][T16077] loop7: detected capacity change from 0 to 1024 [ 367.083590][ T30] audit: type=1326 audit(1750253853.399:378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16042 comm="syz.4.2367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a7f98e929 code=0x7ffc0000 [ 367.140526][T16077] EXT4-fs (loop7): stripe (8) is not aligned with cluster size (16), stripe is disabled [ 367.201910][ T30] audit: type=1326 audit(1750253853.399:379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16042 comm="syz.4.2367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a7f98e929 code=0x7ffc0000 [ 367.333954][T16077] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 367.402147][ T30] audit: type=1326 audit(1750253853.399:380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16042 comm="syz.4.2367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9a7f92ab19 code=0x7ffc0000 [ 367.543419][ T30] audit: type=1326 audit(1750253853.399:381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16042 comm="syz.4.2367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a7f98e929 code=0x7ffc0000 [ 367.732434][T15566] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 368.088318][T16110] loop6: detected capacity change from 0 to 1024 [ 368.117503][T16110] EXT4-fs (loop6): Test dummy encryption mode enabled [ 368.161593][T16110] EXT4-fs (loop6): stripe (7) is not aligned with cluster size (16), stripe is disabled [ 368.197826][T16110] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 368.470151][T16117] loop4: detected capacity change from 0 to 32768 [ 368.487129][T16117] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.2393 (16117) [ 368.509444][T16117] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 368.519788][T16117] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm [ 368.529952][T16117] BTRFS info (device loop4): disk space caching is enabled [ 368.541569][T16117] BTRFS warning (device loop4): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 368.569039][T14848] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 368.663356][T16104] loop7: detected capacity change from 0 to 32768 [ 368.693207][T16117] BTRFS info (device loop4): rebuilding free space tree [ 368.694912][T16104] XFS (loop7): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 368.727986][T16117] BTRFS info (device loop4): disabling free space tree [ 368.735109][T16117] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 368.746679][T16117] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 368.816915][T16104] XFS (loop7): Ending clean mount [ 368.865637][T16104] XFS (loop7): Quotacheck needed: Please wait. [ 369.006280][T16104] XFS (loop7): Quotacheck: Done. [ 369.262511][T16117] BTRFS warning (device loop4 state M): remount supports changing free space tree only from RO to RW [ 369.262980][T16149] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 369.273463][T16117] BTRFS info (device loop4 state M): allowing degraded mounts [ 369.273490][T16117] BTRFS info (device loop4 state M): turning on flush-on-commit [ 369.298488][T16117] BTRFS info (device loop4 state M): force clearing of disk cache [ 369.306323][T16117] BTRFS info (device loop4 state M): not using ssd optimizations [ 369.314109][T16117] BTRFS info (device loop4 state M): not using spread ssd allocation scheme [ 369.344236][T15566] XFS (loop7): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 369.538988][ T5836] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 369.653495][T16120] loop1: detected capacity change from 0 to 32768 [ 369.695471][T16120] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.2394 (16120) [ 369.735329][T16154] loop3: detected capacity change from 0 to 16 [ 369.754601][T16120] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 369.789458][T16154] erofs (device loop3): mounted with root inode @ nid 36. [ 369.803562][T16120] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm [ 369.825221][T16120] BTRFS info (device loop1): using free-space-tree [ 370.111967][T16120] BTRFS info (device loop1): rebuilding free space tree [ 370.534022][T13017] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 370.534700][T16157] loop7: detected capacity change from 0 to 32768 [ 370.599564][T16157] [ 370.599564][T16157] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 370.599564][T16157] [ 370.725404][T16157] read_mapping_page failed! [ 370.746870][T16157] ERROR: (device loop7): txCommit: [ 370.746870][T16157] [ 370.792190][T16185] read_mapping_page failed! [ 370.824957][T16185] ERROR: (device loop7): txCommit: [ 370.824957][T16185] [ 370.988218][T15566] [ 370.988218][T15566] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 370.988218][T15566] [ 371.043093][T15566] [ 371.043093][T15566] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 371.043093][T15566] [ 371.094654][T16191] loop1: detected capacity change from 0 to 256 [ 371.201787][T16177] loop4: detected capacity change from 0 to 40427 [ 371.257467][T16177] F2FS-fs (loop4): build fault injection rate: 771 [ 371.278593][T16182] loop3: detected capacity change from 0 to 32768 [ 371.285564][T16177] F2FS-fs (loop4): invalid crc value [ 371.296501][T16182] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.2405 (16182) [ 371.386039][T16182] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 371.416495][T16182] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm [ 371.432489][T16182] BTRFS info (device loop3): disk space caching is enabled [ 371.446969][T16182] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 371.487803][T16177] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 371.593984][ T5836] syz-executor: attempt to access beyond end of device [ 371.593984][ T5836] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 371.617058][ T5836] CPU: 1 UID: 0 PID: 5836 Comm: syz-executor Not tainted 6.16.0-rc2-next-20250618-syzkaller #0 PREEMPT(full) [ 371.617088][ T5836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 371.617105][ T5836] Call Trace: [ 371.617114][ T5836] [ 371.617123][ T5836] dump_stack_lvl+0x189/0x250 [ 371.617161][ T5836] ? __pfx_dump_stack_lvl+0x10/0x10 [ 371.617190][ T5836] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 371.617214][ T5836] ? __pfx_queue_work_on+0x10/0x10 [ 371.617234][ T5836] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 371.617259][ T5836] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 371.617285][ T5836] ? f2fs_hw_is_readonly+0x39b/0x470 [ 371.617314][ T5836] f2fs_handle_critical_error+0x37c/0x540 [ 371.617345][ T5836] f2fs_write_end_io+0x495/0x810 [ 371.617368][ T5836] ? blkg_put+0x22/0x240 [ 371.617407][ T5836] __submit_merged_bio+0x27a/0x6a0 [ 371.617441][ T5836] __submit_merged_write_cond+0x255/0x530 [ 371.617478][ T5836] f2fs_write_data_pages+0x261d/0x3000 [ 371.617540][ T5836] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 371.617612][ T5836] ? __mod_zone_page_state+0xd7/0x140 [ 371.617653][ T5836] ? folios_put_refs+0x560/0x640 [ 371.617691][ T5836] ? __lock_acquire+0xab9/0xd20 [ 371.617727][ T5836] ? do_raw_spin_lock+0x121/0x290 [ 371.617762][ T5836] ? do_raw_spin_unlock+0x122/0x240 [ 371.617785][ T5836] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 371.617813][ T5836] do_writepages+0x32e/0x550 [ 371.617853][ T5836] ? do_raw_spin_unlock+0x122/0x240 [ 371.617881][ T5836] filemap_fdatawrite+0x199/0x240 [ 371.617911][ T5836] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 371.617992][ T5836] ? do_raw_spin_unlock+0x122/0x240 [ 371.618019][ T5836] f2fs_sync_dirty_inodes+0x31f/0x830 [ 371.618062][ T5836] f2fs_write_checkpoint+0x95a/0x1df0 [ 371.618115][ T5836] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 371.618187][ T5836] ? f2fs_stop_gc_thread+0x7f/0xb0 [ 371.618213][ T5836] ? kfree+0x18e/0x440 [ 371.618240][ T5836] ? kill_f2fs_super+0x298/0x6c0 [ 371.618269][ T5836] kill_f2fs_super+0x2c3/0x6c0 [ 371.618297][ T5836] ? __pfx_kill_f2fs_super+0x10/0x10 [ 371.618321][ T5836] ? radix_tree_delete_item+0x2b6/0x400 [ 371.618354][ T5836] ? shrinker_free+0x2ce/0x3e0 [ 371.618381][ T5836] deactivate_locked_super+0xb9/0x130 [ 371.618412][ T5836] cleanup_mnt+0x425/0x4c0 [ 371.618439][ T5836] ? lockdep_hardirqs_on+0x9c/0x150 [ 371.618474][ T5836] task_work_run+0x1d1/0x260 [ 371.618503][ T5836] ? __pfx_task_work_run+0x10/0x10 [ 371.618525][ T5836] ? __x64_sys_umount+0x122/0x160 [ 371.618561][ T5836] ? exit_to_user_mode_loop+0x40/0x110 [ 371.618595][ T5836] exit_to_user_mode_loop+0xec/0x110 [ 371.618622][ T5836] do_syscall_64+0x2bd/0x3b0 [ 371.618649][ T5836] ? lockdep_hardirqs_on+0x9c/0x150 [ 371.618674][ T5836] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 371.618695][ T5836] ? clear_bhb_loop+0x60/0xb0 [ 371.618720][ T5836] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 371.618745][ T5836] RIP: 0033:0x7f9a7f98fc57 [ 371.618763][ T5836] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 371.618781][ T5836] RSP: 002b:00007ffe5ed5b6e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 371.618802][ T5836] RAX: 0000000000000000 RBX: 00007f9a7fa10925 RCX: 00007f9a7f98fc57 [ 371.618817][ T5836] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe5ed5b7a0 [ 371.618829][ T5836] RBP: 00007ffe5ed5b7a0 R08: 0000000000000000 R09: 0000000000000000 [ 371.618842][ T5836] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe5ed5c830 [ 371.618856][ T5836] R13: 00007f9a7fa10925 R14: 000000000005ab23 R15: 00007ffe5ed5c870 [ 371.618888][ T5836] [ 371.618925][ T5836] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 371.656692][T16182] BTRFS info (device loop3): rebuilding free space tree [ 371.817159][ T5900] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 372.048199][T16182] BTRFS info (device loop3): disabling free space tree [ 372.055425][T16182] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 372.066253][T16182] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 372.085764][T16230] netlink: 56 bytes leftover after parsing attributes in process `syz.7.2417'. [ 372.196881][ T5900] usb 7-1: Using ep0 maxpacket: 32 [ 372.245668][ T5900] usb 7-1: config 0 has an invalid interface number: 85 but max is 0 [ 372.267270][ T5900] usb 7-1: config 0 has no interface number 0 [ 372.274547][ T5842] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 372.284824][ T5900] usb 7-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 372.308318][ T5900] usb 7-1: config 0 interface 85 has no altsetting 0 [ 372.349963][ T5900] usb 7-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 372.370582][ T5900] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 372.387727][ T5900] usb 7-1: Product: syz [ 372.436843][ T5900] usb 7-1: Manufacturer: syz [ 372.447214][ T5900] usb 7-1: SerialNumber: syz [ 372.464538][ T5900] usb 7-1: config 0 descriptor?? [ 372.720859][T16243] netlink: 20 bytes leftover after parsing attributes in process `syz.7.2423'. [ 372.874023][T16250] loop7: detected capacity change from 0 to 128 [ 373.112066][ T5900] appletouch 7-1:0.85: Geyser mode initialized. [ 373.123659][ T5900] input: appletouch as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.85/input/input26 [ 373.325910][ T5900] usb 7-1: USB disconnect, device number 7 [ 373.364310][ T5900] appletouch 7-1:0.85: input: appletouch disconnected [ 373.406491][T16272] loop4: detected capacity change from 0 to 512 [ 373.451074][T16272] __quota_error: 82 callbacks suppressed [ 373.451093][T16272] Quota error (device loop4): do_check_range: Getting dqdh_entries 1536 out of range 0-14 [ 373.481021][T16272] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 373.509391][T16272] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.2436: Failed to acquire dquot type 1 [ 373.531552][T16280] netlink: 104 bytes leftover after parsing attributes in process `syz.1.2438'. [ 373.545535][T16272] EXT4-fs (loop4): 1 truncate cleaned up [ 373.562402][T16272] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 373.593352][T16272] ext4 filesystem being mounted at /510/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 373.683902][T16272] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 373.722083][T16272] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended [ 373.776551][T16272] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.2436: bg 0: block 248: padding at end of block bitmap is not set [ 373.811416][T16272] Quota error (device loop4): write_blk: dquota write failed [ 373.829995][T16272] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 373.844909][T16272] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.2436: Failed to acquire dquot type 1 [ 373.899820][T16272] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 374.001319][ T5836] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 374.041161][T16295] loop3: detected capacity change from 0 to 4096 [ 374.098108][T16302] loop1: detected capacity change from 0 to 256 [ 374.330233][T16310] loop7: detected capacity change from 0 to 512 [ 374.355320][T16310] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 374.439559][T16310] EXT4-fs error (device loop7): ext4_orphan_get:1419: comm syz.7.2450: bad orphan inode 131083 [ 374.500112][T16310] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 374.718624][T15566] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 374.980317][T16333] loop3: detected capacity change from 0 to 1024 [ 375.115963][T16322] loop4: detected capacity change from 0 to 40427 [ 375.123025][ T5900] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 375.141281][T16322] F2FS-fs (loop4): invalid crc value [ 375.218484][ T6485] hfsplus: b-tree write err: -5, ino 4 [ 375.280824][ T5900] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 375.304135][T16322] F2FS-fs (loop4): Start checkpoint disabled! [ 375.310936][ T5900] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 375.329588][T16322] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 375.337960][ T5900] usb 8-1: New USB device found, idVendor=172f, idProduct=0500, bcdDevice= 0.00 [ 375.358792][ T5900] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 375.375501][ T5900] usb 8-1: config 0 descriptor?? [ 375.423703][ T30] audit: type=1800 audit(1750253862.209:464): pid=16322 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2455" name="file1" dev="loop4" ino=10 res=0 errno=0 [ 375.448552][T16322] syz.4.2455: attempt to access beyond end of device [ 375.448552][T16322] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 375.465898][ T30] audit: type=1800 audit(1750253862.259:465): pid=16322 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2455" name="file1" dev="loop4" ino=10 res=0 errno=0 [ 375.491308][T16322] syz.4.2455: attempt to access beyond end of device [ 375.491308][T16322] loop4: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 375.639278][ T6480] kworker/u8:9: attempt to access beyond end of device [ 375.639278][ T6480] loop4: rw=2049, sector=45112, nr_sectors = 8 limit=40427 [ 375.676043][T16346] loop3: detected capacity change from 0 to 1024 [ 375.683199][ T6480] CPU: 0 UID: 0 PID: 6480 Comm: kworker/u8:9 Not tainted 6.16.0-rc2-next-20250618-syzkaller #0 PREEMPT(full) [ 375.683229][ T6480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 375.683243][ T6480] Workqueue: writeback wb_workfn (flush-7:4) [ 375.683277][ T6480] Call Trace: [ 375.683286][ T6480] [ 375.683295][ T6480] dump_stack_lvl+0x189/0x250 [ 375.683333][ T6480] ? __pfx_dump_stack_lvl+0x10/0x10 [ 375.683361][ T6480] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 375.683384][ T6480] ? __pfx_queue_work_on+0x10/0x10 [ 375.683404][ T6480] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 375.683428][ T6480] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 375.683454][ T6480] ? f2fs_hw_is_readonly+0x39b/0x470 [ 375.683484][ T6480] f2fs_handle_critical_error+0x37c/0x540 [ 375.683517][ T6480] f2fs_write_end_io+0x495/0x810 [ 375.683542][ T6480] ? blkg_put+0x22/0x240 [ 375.683579][ T6480] __submit_merged_bio+0x27a/0x6a0 [ 375.683611][ T6480] __submit_merged_write_cond+0x255/0x530 [ 375.683645][ T6480] f2fs_write_data_pages+0x261d/0x3000 [ 375.683711][ T6480] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 375.683755][ T6480] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 375.683828][ T6480] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 375.683870][ T6480] ? trace_f2fs_writepages+0x7f/0x200 [ 375.683897][ T6480] ? f2fs_write_node_pages+0x478/0x6e0 [ 375.683927][ T6480] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 375.683967][ T6480] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 375.683994][ T6480] do_writepages+0x32e/0x550 [ 375.684031][ T6480] ? reacquire_held_locks+0x127/0x1d0 [ 375.684058][ T6480] ? writeback_sb_inodes+0x384/0x1010 [ 375.684163][ T6480] __writeback_single_inode+0x145/0xff0 [ 375.684193][ T6480] ? do_raw_spin_unlock+0x122/0x240 [ 375.684224][ T6480] writeback_sb_inodes+0x6c7/0x1010 [ 375.684286][ T6480] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 375.684368][ T6480] ? rcu_is_watching+0x15/0xb0 [ 375.684413][ T6480] wb_writeback+0x43b/0xaf0 [ 375.684452][ T6480] ? queue_io+0x351/0x590 [ 375.684485][ T6480] ? __pfx_wb_writeback+0x10/0x10 [ 375.684525][ T6480] ? _raw_spin_unlock_irq+0x23/0x50 [ 375.684557][ T6480] wb_workfn+0x409/0xef0 [ 375.684602][ T6480] ? __pfx_wb_workfn+0x10/0x10 [ 375.684633][ T6480] ? __lock_acquire+0xab9/0xd20 [ 375.684671][ T6480] ? process_scheduled_works+0x9ef/0x17b0 [ 375.684709][ T6480] ? _raw_spin_unlock_irq+0x23/0x50 [ 375.684732][ T6480] ? process_scheduled_works+0x9ef/0x17b0 [ 375.684760][ T6480] ? process_scheduled_works+0x9ef/0x17b0 [ 375.684792][ T6480] process_scheduled_works+0xae1/0x17b0 [ 375.684877][ T6480] ? __pfx_process_scheduled_works+0x10/0x10 [ 375.684931][ T6480] worker_thread+0x8a0/0xda0 [ 375.684980][ T6480] kthread+0x70e/0x8a0 [ 375.685008][ T6480] ? __pfx_worker_thread+0x10/0x10 [ 375.685038][ T6480] ? __pfx_kthread+0x10/0x10 [ 375.685074][ T6480] ? _raw_spin_unlock_irq+0x23/0x50 [ 375.685098][ T6480] ? lockdep_hardirqs_on+0x9c/0x150 [ 375.685122][ T6480] ? __pfx_kthread+0x10/0x10 [ 375.685147][ T6480] ret_from_fork+0x3f9/0x770 [ 375.685180][ T6480] ? __pfx_ret_from_fork+0x10/0x10 [ 375.685216][ T6480] ? __switch_to_asm+0x39/0x70 [ 375.685236][ T6480] ? __switch_to_asm+0x33/0x70 [ 375.685254][ T6480] ? __pfx_kthread+0x10/0x10 [ 375.685279][ T6480] ret_from_fork_asm+0x1a/0x30 [ 375.685321][ T6480] [ 375.685332][ T6480] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 375.809502][ T5900] waltop 0003:172F:0500.0018: item fetching failed at offset 5/7 [ 376.099473][T16351] loop6: detected capacity change from 0 to 1024 [ 376.156454][ T5900] waltop 0003:172F:0500.0018: probe with driver waltop failed with error -22 [ 376.161039][T16351] hfsplus: catalog searching failed [ 376.180078][ T5900] usb 8-1: USB disconnect, device number 2 [ 376.646930][ T5900] usb 2-1: new full-speed USB device number 23 using dummy_hcd [ 376.779384][T16366] hsr0: entered promiscuous mode [ 376.797148][T16366] macsec1: entered promiscuous mode [ 376.816717][T16366] macsec1: entered allmulticast mode [ 376.842417][ T5900] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 376.846319][T16366] hsr0: entered allmulticast mode [ 376.874158][ T5900] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 376.889302][T16370] [ 376.891639][T16370] ===================================================== [ 376.898563][T16370] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 376.906879][T16370] 6.16.0-rc2-next-20250618-syzkaller #0 Not tainted [ 376.913450][T16370] ----------------------------------------------------- [ 376.920378][T16370] syz.7.2475/16370 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 376.928087][T16370] ffff888075d894b0 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x199/0x4d0 [ 376.936809][T16370] [ 376.936809][T16370] and this task is already holding: [ 376.944162][T16370] ffff888030bd3028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0xb9/0xbd0 [ 376.954376][T16370] which would create a new lock dependency: [ 376.960683][T16370] (&client->buffer_lock){....}-{3:3} -> (&new->fa_lock){....}-{3:3} [ 376.968775][T16370] [ 376.968775][T16370] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 376.978199][T16370] (&dev->event_lock#2){..-.}-{3:3} [ 376.978230][T16370] [ 376.978230][T16370] ... which became SOFTIRQ-irq-safe at: [ 376.992214][T16370] lock_acquire+0x120/0x360 [ 376.999239][T16370] _raw_spin_lock_irqsave+0xa7/0xf0 [ 377.005648][T16370] input_event+0x7a/0xc0 [ 377.009969][T16370] xpad360_process_packet+0x1fe/0xb30 [ 377.015432][T16370] xpad_irq_in+0x1638/0x26e0 [ 377.020116][T16370] __usb_hcd_giveback_urb+0x417/0x690 [ 377.025571][T16370] dummy_timer+0x862/0x4550 [ 377.030160][T16370] __hrtimer_run_queues+0x529/0xc60 [ 377.035454][T16370] hrtimer_run_softirq+0x187/0x2b0 [ 377.040641][T16370] handle_softirqs+0x286/0x870 [ 377.045556][T16370] __irq_exit_rcu+0xca/0x1f0 [ 377.050672][T16370] irq_exit_rcu+0x9/0x30 [ 377.055604][T16370] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 377.061312][T16370] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 377.067361][T16370] pv_native_safe_halt+0x13/0x20 [ 377.072815][T16370] default_idle+0x13/0x20 [ 377.077327][T16370] default_idle_call+0x74/0xb0 [ 377.082178][T16370] do_idle+0x1e8/0x510 [ 377.086340][T16370] cpu_startup_entry+0x44/0x60 [ 377.091608][T16370] start_secondary+0x101/0x110 [ 377.096454][T16370] common_startup_64+0x13e/0x147 [ 377.101463][T16370] [ 377.101463][T16370] to a SOFTIRQ-irq-unsafe lock: [ 377.108466][T16370] (tasklist_lock){.+.+}-{3:3} [ 377.108494][T16370] [ 377.108494][T16370] ... which became SOFTIRQ-irq-unsafe at: [ 377.121522][T16370] ... [ 377.121529][T16370] lock_acquire+0x120/0x360 [ 377.128673][T16370] _raw_read_lock+0x36/0x50 [ 377.133594][T16370] __do_wait+0xde/0x740 [ 377.137825][T16370] do_wait+0x1f8/0x520 [ 377.141970][T16370] kernel_wait+0xab/0x170 [ 377.146371][T16370] call_usermodehelper_exec_work+0xbe/0x230 [ 377.152343][T16370] process_scheduled_works+0xae1/0x17b0 [ 377.157973][T16370] worker_thread+0x8a0/0xda0 [ 377.162632][T16370] kthread+0x70e/0x8a0 [ 377.166772][T16370] ret_from_fork+0x3f9/0x770 [ 377.171834][T16370] ret_from_fork_asm+0x1a/0x30 [ 377.176747][T16370] [ 377.176747][T16370] other info that might help us debug this: [ 377.176747][T16370] [ 377.187064][T16370] Chain exists of: [ 377.187064][T16370] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 377.187064][T16370] [ 377.200629][T16370] Possible interrupt unsafe locking scenario: [ 377.200629][T16370] [ 377.209284][T16370] CPU0 CPU1 [ 377.214645][T16370] ---- ---- [ 377.220002][T16370] lock(tasklist_lock); [ 377.224234][T16370] local_irq_disable(); [ 377.230967][T16370] lock(&dev->event_lock#2); [ 377.238174][T16370] lock(&client->buffer_lock); [ 377.246313][T16370] [ 377.249751][T16370] lock(&dev->event_lock#2); [ 377.254769][T16370] [ 377.254769][T16370] *** DEADLOCK *** [ 377.254769][T16370] [ 377.263758][T16370] 7 locks held by syz.7.2475/16370: [ 377.268935][T16370] #0: ffff888146fe6118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x1a1/0x480 [ 377.278418][T16370] #1: ffff888146f8e230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0xab/0x320 [ 377.288524][T16370] #2: ffffffff8e13ee60 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xbc/0x320 [ 377.298353][T16370] #3: ffffffff8e13ee60 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x8d/0x890 [ 377.307929][T16370] #4: ffffffff8e13ee60 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x79/0x340 [ 377.317060][T16370] #5: ffff888030bd3028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0xb9/0xbd0 [ 377.327397][T16370] #6: ffffffff8e13ee60 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x53/0x4d0 [ 377.337057][T16370] [ 377.337057][T16370] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 377.347889][T16370] -> (&dev->event_lock#2){..-.}-{3:3} { [ 377.354596][T16370] IN-SOFTIRQ-W at: [ 377.358926][T16370] lock_acquire+0x120/0x360 [ 377.365254][T16370] _raw_spin_lock_irqsave+0xa7/0xf0 [ 377.372444][T16370] input_event+0x7a/0xc0 [ 377.378513][T16370] xpad360_process_packet+0x1fe/0xb30 [ 377.385715][T16370] xpad_irq_in+0x1638/0x26e0 [ 377.392129][T16370] __usb_hcd_giveback_urb+0x417/0x690 [ 377.399327][T16370] dummy_timer+0x862/0x4550 [ 377.405916][T16370] __hrtimer_run_queues+0x529/0xc60 [ 377.412939][T16370] hrtimer_run_softirq+0x187/0x2b0 [ 377.419862][T16370] handle_softirqs+0x286/0x870 [ 377.426442][T16370] __irq_exit_rcu+0xca/0x1f0 [ 377.432848][T16370] irq_exit_rcu+0x9/0x30 [ 377.438907][T16370] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 377.446358][T16370] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 377.454150][T16370] pv_native_safe_halt+0x13/0x20 [ 377.460909][T16370] default_idle+0x13/0x20 [ 377.467075][T16370] default_idle_call+0x74/0xb0 [ 377.473936][T16370] do_idle+0x1e8/0x510 [ 377.479971][T16370] cpu_startup_entry+0x44/0x60 [ 377.487098][T16370] start_secondary+0x101/0x110 [ 377.493696][T16370] common_startup_64+0x13e/0x147 [ 377.500541][T16370] INITIAL USE at: [ 377.504510][T16370] lock_acquire+0x120/0x360 [ 377.512307][T16370] _raw_spin_lock_irqsave+0xa7/0xf0 [ 377.519239][T16370] input_inject_event+0xab/0x320 [ 377.525923][T16370] kbd_led_trigger_activate+0xbc/0x100 [ 377.533124][T16370] led_trigger_set+0x52a/0x950 [ 377.539626][T16370] led_trigger_set_default+0x260/0x2a0 [ 377.546830][T16370] led_classdev_register_ext+0x73d/0x930 [ 377.554970][T16370] input_leds_connect+0x517/0x790 [ 377.562005][T16370] input_register_device+0xcee/0x10b0 [ 377.569732][T16370] atkbd_connect+0x70e/0x9c0 [ 377.576224][T16370] serio_driver_probe+0x7f/0xa0 [ 377.582801][T16370] really_probe+0x26d/0x9a0 [ 377.589299][T16370] __driver_probe_device+0x18c/0x2f0 [ 377.596312][T16370] driver_probe_device+0x4f/0x430 [ 377.603066][T16370] __driver_attach+0x452/0x700 [ 377.609557][T16370] bus_for_each_dev+0x233/0x2b0 [ 377.617181][T16370] serio_handle_event+0x1a2/0x860 [ 377.623930][T16370] process_scheduled_works+0xae1/0x17b0 [ 377.631828][T16370] worker_thread+0x8a0/0xda0 [ 377.638423][T16370] kthread+0x70e/0x8a0 [ 377.644397][T16370] ret_from_fork+0x3f9/0x770 [ 377.650811][T16370] ret_from_fork_asm+0x1a/0x30 [ 377.657302][T16370] } [ 377.659872][T16370] ... key at: [] input_allocate_device.__key.5+0x0/0x20 [ 377.669320][T16370] -> (&client->buffer_lock){....}-{3:3} { [ 377.675043][T16370] INITIAL USE at: [ 377.678920][T16370] lock_acquire+0x120/0x360 [ 377.684986][T16370] _raw_spin_lock+0x2e/0x40 [ 377.691577][T16370] evdev_pass_values+0xb9/0xbd0 [ 377.699384][T16370] evdev_events+0x1e6/0x340 [ 377.705441][T16370] input_pass_values+0x288/0x890 [ 377.711944][T16370] input_event_dispose+0x330/0x6b0 [ 377.718614][T16370] input_inject_event+0x1fe/0x320 [ 377.725199][T16370] evdev_write+0x2fc/0x480 [ 377.731160][T16370] vfs_write+0x27e/0xa90 [ 377.736957][T16370] ksys_write+0x145/0x250 [ 377.742836][T16370] do_syscall_64+0xfa/0x3b0 [ 377.748898][T16370] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 377.756355][T16370] } [ 377.758838][T16370] ... key at: [] evdev_open.__key.25+0x0/0x20 [ 377.766986][T16370] ... acquired at: [ 377.770842][T16370] lock_acquire+0x120/0x360 [ 377.776377][T16370] _raw_spin_lock+0x2e/0x40 [ 377.781050][T16370] evdev_pass_values+0xb9/0xbd0 [ 377.786064][T16370] evdev_events+0x1e6/0x340 [ 377.790755][T16370] input_pass_values+0x288/0x890 [ 377.795884][T16370] input_event_dispose+0x330/0x6b0 [ 377.801170][T16370] input_inject_event+0x1fe/0x320 [ 377.806366][T16370] evdev_write+0x2fc/0x480 [ 377.810940][T16370] vfs_write+0x27e/0xa90 [ 377.815617][T16370] ksys_write+0x145/0x250 [ 377.820189][T16370] do_syscall_64+0xfa/0x3b0 [ 377.824860][T16370] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 377.832407][T16370] [ 377.834817][T16370] [ 377.834817][T16370] the dependencies between the lock to be acquired [ 377.834828][T16370] and SOFTIRQ-irq-unsafe lock: [ 377.848409][T16370] -> (tasklist_lock){.+.+}-{3:3} { [ 377.853712][T16370] HARDIRQ-ON-R at: [ 377.857859][T16370] lock_acquire+0x120/0x360 [ 377.864377][T16370] _raw_read_lock+0x36/0x50 [ 377.870876][T16370] __do_wait+0xde/0x740 [ 377.877549][T16370] do_wait+0x1f8/0x520 [ 377.886623][T16370] kernel_wait+0xab/0x170 [ 377.894182][T16370] call_usermodehelper_exec_work+0xbe/0x230 [ 377.902094][T16370] process_scheduled_works+0xae1/0x17b0 [ 377.911217][T16370] worker_thread+0x8a0/0xda0 [ 377.918246][T16370] kthread+0x70e/0x8a0 [ 377.926306][T16370] ret_from_fork+0x3f9/0x770 [ 377.935443][T16370] ret_from_fork_asm+0x1a/0x30 [ 377.942203][T16370] SOFTIRQ-ON-R at: [ 377.946350][T16370] lock_acquire+0x120/0x360 [ 377.955739][T16370] _raw_read_lock+0x36/0x50 [ 377.962767][T16370] __do_wait+0xde/0x740 [ 377.970228][T16370] do_wait+0x1f8/0x520 [ 377.977353][T16370] kernel_wait+0xab/0x170 [ 377.984233][T16370] call_usermodehelper_exec_work+0xbe/0x230 [ 377.995909][T16370] process_scheduled_works+0xae1/0x17b0 [ 378.005118][T16370] worker_thread+0x8a0/0xda0 [ 378.016482][T16370] kthread+0x70e/0x8a0 [ 378.023080][T16370] ret_from_fork+0x3f9/0x770 [ 378.031284][T16370] ret_from_fork_asm+0x1a/0x30 [ 378.041317][T16370] INITIAL USE at: [ 378.046947][T16370] lock_acquire+0x120/0x360 [ 378.054579][T16370] _raw_write_lock_irq+0xa2/0xf0 [ 378.062703][T16370] copy_process+0x224f/0x3c00 [ 378.070248][T16370] kernel_clone+0x21e/0x870 [ 378.076666][T16370] user_mode_thread+0xdd/0x140 [ 378.083425][T16370] rest_init+0x23/0x300 [ 378.092048][T16370] start_kernel+0x47d/0x500 [ 378.098735][T16370] x86_64_start_reservations+0x24/0x30 [ 378.107139][T16370] x86_64_start_kernel+0x143/0x1c0 [ 378.116069][T16370] common_startup_64+0x13e/0x147 [ 378.123356][T16370] INITIAL READ USE at: [ 378.127850][T16370] lock_acquire+0x120/0x360 [ 378.137315][T16370] _raw_read_lock+0x36/0x50 [ 378.145295][T16370] __do_wait+0xde/0x740 [ 378.151797][T16370] do_wait+0x1f8/0x520 [ 378.158468][T16370] kernel_wait+0xab/0x170 [ 378.165222][T16370] call_usermodehelper_exec_work+0xbe/0x230 [ 378.173829][T16370] process_scheduled_works+0xae1/0x17b0 [ 378.182078][T16370] worker_thread+0x8a0/0xda0 [ 378.189626][T16370] kthread+0x70e/0x8a0 [ 378.197073][T16370] ret_from_fork+0x3f9/0x770 [ 378.204009][T16370] ret_from_fork_asm+0x1a/0x30 [ 378.211112][T16370] } [ 378.213774][T16370] ... key at: [] tasklist_lock+0x18/0x40 [ 378.222913][T16370] ... acquired at: [ 378.227263][T16370] lock_acquire+0x120/0x360 [ 378.231942][T16370] _raw_read_lock+0x36/0x50 [ 378.237142][T16370] send_sigurg+0x12b/0x420 [ 378.242336][T16370] sk_send_sigurg+0x6c/0x2e0 [ 378.247091][T16370] queue_oob+0x490/0x5a0 [ 378.251504][T16370] unix_stream_sendmsg+0xaf9/0xc90 [ 378.257659][T16370] __sock_sendmsg+0x21c/0x270 [ 378.262682][T16370] ____sys_sendmsg+0x52d/0x830 [ 378.267612][T16370] ___sys_sendmsg+0x21f/0x2a0 [ 378.272471][T16370] __sys_sendmmsg+0x227/0x430 [ 378.277314][T16370] __x64_sys_sendmmsg+0xa0/0xc0 [ 378.282331][T16370] do_syscall_64+0xfa/0x3b0 [ 378.287612][T16370] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 378.293672][T16370] [ 378.295981][T16370] -> (&f_owner->lock){....}-{3:3} { [ 378.301272][T16370] INITIAL USE at: [ 378.305238][T16370] lock_acquire+0x120/0x360 [ 378.311476][T16370] _raw_write_lock_irq+0xa2/0xf0 [ 378.318161][T16370] __f_setown+0x67/0x370 [ 378.324138][T16370] generic_setlease+0xd5d/0x1240 [ 378.330800][T16370] fcntl_setlease+0x3a2/0x4c0 [ 378.337205][T16370] do_fcntl+0x6a9/0x1910 [ 378.343173][T16370] __se_sys_fcntl+0xc8/0x150 [ 378.349491][T16370] do_syscall_64+0xfa/0x3b0 [ 378.355826][T16370] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 378.363447][T16370] INITIAL READ USE at: [ 378.367946][T16370] lock_acquire+0x120/0x360 [ 378.375068][T16370] _raw_read_lock_irqsave+0xaf/0x100 [ 378.382528][T16370] send_sigio+0x38/0x370 [ 378.389197][T16370] kill_fasync+0x24d/0x4d0 [ 378.395775][T16370] lease_break_callback+0x26/0x30 [ 378.402960][T16370] __break_lease+0x6a5/0x1620 [ 378.409887][T16370] do_dentry_open+0xd62/0x1970 [ 378.417337][T16370] vfs_open+0x3b/0x340 [ 378.424705][T16370] path_openat+0x2ee5/0x3830 [ 378.431470][T16370] do_filp_open+0x1fa/0x410 [ 378.438421][T16370] do_sys_openat2+0x121/0x1c0 [ 378.445435][T16370] __x64_sys_openat+0x138/0x170 [ 378.452491][T16370] do_syscall_64+0xfa/0x3b0 [ 378.460040][T16370] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 378.468270][T16370] } [ 378.470844][T16370] ... key at: [] file_f_owner_allocate.__key+0x0/0x20 [ 378.480133][T16370] ... acquired at: [ 378.484008][T16370] lock_acquire+0x120/0x360 [ 378.488679][T16370] _raw_read_lock_irqsave+0xaf/0x100 [ 378.494132][T16370] send_sigio+0x38/0x370 [ 378.498556][T16370] kill_fasync+0x24d/0x4d0 [ 378.503143][T16370] lease_break_callback+0x26/0x30 [ 378.508332][T16370] __break_lease+0x6a5/0x1620 [ 378.513171][T16370] do_dentry_open+0xd62/0x1970 [ 378.518272][T16370] vfs_open+0x3b/0x340 [ 378.522507][T16370] path_openat+0x2ee5/0x3830 [ 378.527260][T16370] do_filp_open+0x1fa/0x410 [ 378.531935][T16370] do_sys_openat2+0x121/0x1c0 [ 378.536861][T16370] __x64_sys_openat+0x138/0x170 [ 378.541995][T16370] do_syscall_64+0xfa/0x3b0 [ 378.547633][T16370] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 378.554164][T16370] [ 378.556913][T16370] -> (&new->fa_lock){....}-{3:3} { [ 378.562220][T16370] INITIAL USE at: [ 378.566356][T16370] lock_acquire+0x120/0x360 [ 378.572416][T16370] _raw_write_lock_irq+0xa2/0xf0 [ 378.579261][T16370] fasync_remove_entry+0xf1/0x1c0 [ 378.585846][T16370] lease_modify+0x1ca/0x3c0 [ 378.591899][T16370] locks_remove_file+0x4bf/0xea0 [ 378.598752][T16370] __fput+0x3ab/0xa70 [ 378.604541][T16370] task_work_run+0x1d1/0x260 [ 378.610685][T16370] do_exit+0x6b5/0x2300 [ 378.617024][T16370] do_group_exit+0x21c/0x2d0 [ 378.623171][T16370] get_signal+0x1286/0x1340 [ 378.629233][T16370] arch_do_signal_or_restart+0x9a/0x750 [ 378.638334][T16370] exit_to_user_mode_loop+0x75/0x110 [ 378.645183][T16370] do_syscall_64+0x2bd/0x3b0 [ 378.651338][T16370] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 378.658790][T16370] INITIAL READ USE at: [ 378.663889][T16370] lock_acquire+0x120/0x360 [ 378.670992][T16370] _raw_read_lock_irqsave+0xaf/0x100 [ 378.678276][T16370] kill_fasync+0x199/0x4d0 [ 378.684776][T16370] lease_break_callback+0x26/0x30 [ 378.691801][T16370] __break_lease+0x6a5/0x1620 [ 378.699010][T16370] do_dentry_open+0xd62/0x1970 [ 378.706720][T16370] vfs_open+0x3b/0x340 [ 378.712773][T16370] path_openat+0x2ee5/0x3830 [ 378.719350][T16370] do_filp_open+0x1fa/0x410 [ 378.725841][T16370] do_sys_openat2+0x121/0x1c0 [ 378.732762][T16370] __x64_sys_openat+0x138/0x170 [ 378.739604][T16370] do_syscall_64+0xfa/0x3b0 [ 378.746113][T16370] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 378.754000][T16370] } [ 378.756488][T16370] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 378.765423][T16370] ... acquired at: [ 378.769210][T16370] lock_acquire+0x120/0x360 [ 378.773884][T16370] _raw_read_lock_irqsave+0xaf/0x100 [ 378.779345][T16370] kill_fasync+0x199/0x4d0 [ 378.783930][T16370] evdev_pass_values+0x627/0xbd0 [ 378.789759][T16370] evdev_events+0x1e6/0x340 [ 378.794424][T16370] input_pass_values+0x288/0x890 [ 378.799536][T16370] input_event_dispose+0x330/0x6b0 [ 378.804833][T16370] input_inject_event+0x1fe/0x320 [ 378.810030][T16370] evdev_write+0x2fc/0x480 [ 378.814611][T16370] vfs_write+0x27e/0xa90 [ 378.819018][T16370] ksys_write+0x145/0x250 [ 378.823511][T16370] do_syscall_64+0xfa/0x3b0 [ 378.828264][T16370] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 378.834315][T16370] [ 378.836622][T16370] [ 378.836622][T16370] stack backtrace: [ 378.842489][T16370] CPU: 1 UID: 0 PID: 16370 Comm: syz.7.2475 Not tainted 6.16.0-rc2-next-20250618-syzkaller #0 PREEMPT(full) [ 378.842513][T16370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 378.842525][T16370] Call Trace: [ 378.842533][T16370] [ 378.842542][T16370] dump_stack_lvl+0x189/0x250 [ 378.842571][T16370] ? __pfx_dump_stack_lvl+0x10/0x10 [ 378.842605][T16370] ? __pfx__printk+0x10/0x10 [ 378.842627][T16370] validate_chain+0x1f05/0x2140 [ 378.842653][T16370] __lock_acquire+0xab9/0xd20 [ 378.842678][T16370] ? kill_fasync+0x199/0x4d0 [ 378.842699][T16370] lock_acquire+0x120/0x360 [ 378.842720][T16370] ? kill_fasync+0x199/0x4d0 [ 378.842745][T16370] _raw_read_lock_irqsave+0xaf/0x100 [ 378.842768][T16370] ? kill_fasync+0x199/0x4d0 [ 378.842788][T16370] ? __pfx__raw_read_lock_irqsave+0x10/0x10 [ 378.842807][T16370] ? do_raw_spin_lock+0x121/0x290 [ 378.842840][T16370] kill_fasync+0x199/0x4d0 [ 378.842861][T16370] ? kill_fasync+0x53/0x4d0 [ 378.842882][T16370] evdev_pass_values+0x627/0xbd0 [ 378.842901][T16370] ? evdev_pass_values+0x641/0xbd0 [ 378.842918][T16370] evdev_events+0x1e6/0x340 [ 378.842932][T16370] ? evdev_events+0x79/0x340 [ 378.842946][T16370] ? input_pass_values+0x8d/0x890 [ 378.842970][T16370] input_pass_values+0x288/0x890 [ 378.842997][T16370] ? input_handle_event+0x70c/0xf30 [ 378.843019][T16370] input_event_dispose+0x330/0x6b0 [ 378.843041][T16370] input_inject_event+0x1fe/0x320 [ 378.843062][T16370] ? input_inject_event+0xbc/0x320 [ 378.843084][T16370] evdev_write+0x2fc/0x480 [ 378.843101][T16370] ? __pfx_evdev_write+0x10/0x10 [ 378.843117][T16370] ? bpf_lsm_file_permission+0x9/0x20 [ 378.843141][T16370] ? security_file_permission+0x75/0x290 [ 378.843160][T16370] ? rw_verify_area+0x258/0x650 [ 378.843182][T16370] ? __pfx_evdev_write+0x10/0x10 [ 378.843197][T16370] vfs_write+0x27e/0xa90 [ 378.843224][T16370] ? __pfx_vfs_write+0x10/0x10 [ 378.843248][T16370] ? __fget_files+0x2a/0x420 [ 378.843266][T16370] ? __fget_files+0x2a/0x420 [ 378.843283][T16370] ? __fget_files+0x3a0/0x420 [ 378.843299][T16370] ? __fget_files+0x2a/0x420 [ 378.843318][T16370] ksys_write+0x145/0x250 [ 378.843342][T16370] ? __pfx_ksys_write+0x10/0x10 [ 378.843368][T16370] ? do_syscall_64+0xbe/0x3b0 [ 378.843392][T16370] do_syscall_64+0xfa/0x3b0 [ 378.843414][T16370] ? lockdep_hardirqs_on+0x9c/0x150 [ 378.843435][T16370] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 378.843451][T16370] ? clear_bhb_loop+0x60/0xb0 [ 378.843470][T16370] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 378.843486][T16370] RIP: 0033:0x7f8166b8e929 [ 378.843503][T16370] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 378.843518][T16370] RSP: 002b:00007f8167a2e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 378.843537][T16370] RAX: ffffffffffffffda RBX: 00007f8166db5fa0 RCX: 00007f8166b8e929 [ 378.843550][T16370] RDX: 0000000000002250 RSI: 0000200000000040 RDI: 0000000000000003 [ 378.843562][T16370] RBP: 00007f8166c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 378.843573][T16370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 378.843591][T16370] R13: 0000000000000000 R14: 00007f8166db5fa0 R15: 00007ffc3b130458 [ 378.843609][T16370] [ 378.996921][T16366] hsr_slave_0: entered allmulticast mode [ 379.000271][ C1] vkms_vblank_simulate: vblank timer overrun [ 379.005657][T16366] hsr_slave_1: entered allmulticast mode [ 379.065622][T16368] loop4: detected capacity change from 0 to 40427 [ 379.128868][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.134758][ T5900] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 379.150717][ T3425] hfsplus: b-tree write err: -5, ino 4 [ 379.156406][ T5900] usb 2-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 379.165124][T16366] hsr0: left allmulticast mode [ 379.172869][ T5900] usb 2-1: Product: syz [ 379.172892][ T5900] usb 2-1: Manufacturer: syz [ 379.177033][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.182442][T16366] hsr_slave_0: left allmulticast mode [ 379.259537][T16368] F2FS-fs (loop4): build fault injection rate: 771 [ 379.260338][ T5900] hub 2-1:4.0: USB hub found [ 379.278164][T16368] F2FS-fs (loop4): invalid crc value [ 379.289263][T16366] hsr_slave_1: left allmulticast mode [ 379.325682][T16368] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 379.362053][T16368] syz.4.2474: attempt to access beyond end of device [ 379.362053][T16368] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 379.389893][ T5836] syz-executor: attempt to access beyond end of device [ 379.389893][ T5836] loop4: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 379.414502][ T5836] CPU: 1 UID: 0 PID: 5836 Comm: syz-executor Not tainted 6.16.0-rc2-next-20250618-syzkaller #0 PREEMPT(full) [ 379.414532][ T5836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 379.414543][ T5836] Call Trace: [ 379.414552][ T5836] [ 379.414561][ T5836] dump_stack_lvl+0x189/0x250 [ 379.414597][ T5836] ? __pfx_dump_stack_lvl+0x10/0x10 [ 379.414624][ T5836] ? rcu_is_watching+0x15/0xb0 [ 379.414653][ T5836] ? __pfx_queue_work_on+0x10/0x10 [ 379.414670][ T5836] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 379.414693][ T5836] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 379.414715][ T5836] ? f2fs_hw_is_readonly+0x39b/0x470 [ 379.414739][ T5836] f2fs_handle_critical_error+0x37c/0x540 [ 379.414764][ T5836] f2fs_write_end_io+0x495/0x810 [ 379.414788][ T5836] ? blkg_put+0x22/0x240 [ 379.414817][ T5836] __submit_merged_bio+0x27a/0x6a0 [ 379.414841][ T5836] __submit_merged_write_cond+0x255/0x530 [ 379.414867][ T5836] f2fs_write_data_pages+0x261d/0x3000 [ 379.414907][ T5836] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 379.414928][ T5836] ? is_bpf_text_address+0x26/0x2b0 [ 379.414961][ T5836] ? arch_stack_walk+0xfc/0x150 [ 379.415001][ T5836] ? rcu_is_watching+0x15/0xb0 [ 379.415044][ T5836] ? update_load_avg+0x572/0x1880 [ 379.415077][ T5836] ? update_entity_lag+0x287/0x2d0 [ 379.415108][ T5836] ? filemap_get_folios_tag+0xed/0x630 [ 379.415130][ T5836] ? rcu_is_watching+0x15/0xb0 [ 379.415159][ T5836] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 379.415186][ T5836] do_writepages+0x32e/0x550 [ 379.415213][ T5836] ? rcu_is_watching+0x15/0xb0 [ 379.415243][ T5836] ? do_raw_spin_unlock+0x122/0x240 [ 379.415268][ T5836] filemap_fdatawrite+0x199/0x240 [ 379.415297][ T5836] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 379.415342][ T5836] ? rcu_is_watching+0x15/0xb0 [ 379.415370][ T5836] ? do_raw_spin_unlock+0x122/0x240 [ 379.415393][ T5836] f2fs_sync_dirty_inodes+0x31f/0x830 [ 379.415427][ T5836] f2fs_write_checkpoint+0x95a/0x1df0 [ 379.415466][ T5836] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 379.415515][ T5836] ? f2fs_stop_gc_thread+0x7f/0xb0 [ 379.415540][ T5836] ? kfree+0x18e/0x440 [ 379.415566][ T5836] ? kill_f2fs_super+0x298/0x6c0 [ 379.415594][ T5836] kill_f2fs_super+0x2c3/0x6c0 [ 379.415622][ T5836] ? __pfx_kill_f2fs_super+0x10/0x10 [ 379.415646][ T5836] ? radix_tree_delete_item+0x2b6/0x400 [ 379.415674][ T5836] ? shrinker_free+0x2ce/0x3e0 [ 379.415698][ T5836] deactivate_locked_super+0xb9/0x130 [ 379.415724][ T5836] cleanup_mnt+0x425/0x4c0 [ 379.415750][ T5836] task_work_run+0x1d1/0x260 [ 379.415773][ T5836] ? __pfx_task_work_run+0x10/0x10 [ 379.415795][ T5836] ? __x64_sys_umount+0x122/0x160 [ 379.415823][ T5836] ? __pfx___x64_sys_umount+0x10/0x10 [ 379.415851][ T5836] ? rcu_is_watching+0x15/0xb0 [ 379.415879][ T5836] exit_to_user_mode_loop+0xec/0x110 [ 379.415907][ T5836] do_syscall_64+0x2bd/0x3b0 [ 379.415935][ T5836] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 379.415955][ T5836] ? clear_bhb_loop+0x60/0xb0 [ 379.415977][ T5836] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 379.415995][ T5836] RIP: 0033:0x7f9a7f98fc57 [ 379.416011][ T5836] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 379.416039][ T5836] RSP: 002b:00007ffe5ed5b6e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 379.416061][ T5836] RAX: 0000000000000000 RBX: 00007f9a7fa10925 RCX: 00007f9a7f98fc57 [ 379.416075][ T5836] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe5ed5b7a0 [ 379.416087][ T5836] RBP: 00007ffe5ed5b7a0 R08: 0000000000000000 R09: 0000000000000000 [ 379.416099][ T5836] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe5ed5c830 [ 379.416112][ T5836] R13: 00007f9a7fa10925 R14: 000000000005c9d4 R15: 00007ffe5ed5c870 [ 379.416136][ T5836] [ 379.416610][ T5900] hub 2-1:4.0: config failed, can't read hub descriptor (err -22) [ 379.466872][ T5836] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 379.488760][ T5900] usb 2-1: USB disconnect, device number 23