last executing test programs:

1m32.666843812s ago: executing program 0 (id=190):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x64b7, &(0x7f0000002600)={0x0, 0xffffff7c, 0x13580, 0x3, 0x35c}, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000580)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_WRITE_FIXED={0x5, 0x0, 0x6000, @fd=r0, 0xffffffffffffffff, 0x8, 0x7, 0x9})
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f0000000800)=[{&(0x7f00000005c0)=""/92, 0x5c}], 0x1)
io_uring_enter(r1, 0x54, 0x0, 0x0, 0x0, 0x0)

1m32.346669591s ago: executing program 0 (id=191):
syz_mount_image$xfs(&(0x7f0000009600), &(0x7f0000009640)='./file2\x00', 0x200800, &(0x7f0000000380)={[{@lazytime}, {@gquota}, {@filestreams}, {@uqnoenforce}, {@prjquota}]}, 0x4, 0x9647, &(0x7f0000012cc0)="$eJzs3Qm4pnPh+P/nDGNfxlBJqalGtMiaJaqZwQyFZIl2ZElZChXatEhpo0R79i1bWULZWkn2FkoIlSyRFtsw/+uYM4zxJn37/v6+9X6/r+uc53nu577v83k+r3s5R3NdbTZ5o0mDwVyD6Y0bzNrZV02ZOuaK9W89fMuFjlrupDv3e/iK4yeMPE4ceZw0GAxGjbw9NH3Z2MHJp4wazP7A8oead+55huYfDJYfeTmyn8HK0x/mv3TGetNmadaBDj30bZ/pXw+04PCPGH5yyH57HToYDMbMtP3QYDC05yM+qLTNJk6Z/JDVg27DVqNHns/8Ncf0r/kvGAzmP23Ax8fM6w49AR9p+Gfu+fyzRq//BPzs/7g2mzhlnVn8h8/F2UaWrTx8js96Dhqb9Ti/eYnNVx2ZwgeOt8Fg+BL3sHPlP6LNJk5ed/Do1/nB4audt8+06dfNOQfTbxRzDwaDeUaur/M90S717zVx0goP3LNnvB5hn3Es70nHxbFvOuH+4Zv0YDBYeDAYu/aMe0FVVVX9ZzRx0gprwP1/rse6/5944mKndf+vqqr6z22diZNWGL7Xz3L/n++x7v87L3b+h6f/t/8JK0/f6v4n9kNUVVXVv9TkdfD+P+ax7v8rr3Hxut3/q6qq/nPbcL0H7v/zzXL/X+Sx7v+vP2G1xUfWm/F7w30z7XJopv894d6Zls820/J7Zlo+eqb9zLz+HDMtv2um5XMOvwfrjxsMxs7494JTH1o8dtzweyPL755p+YSH/p3O+DVnWj5xpuWTZ1o+aWSsw8unzLR8ykzrr/0YU11VVfV/pg1XmLzGYKZ/Zz+yeNEZ79P9/9zTr176iRpvVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV/Wd2/61nnDUYDIYGg8GowWDqYOT5zI+DadOmTRt+feI5l1zyhA30/0ZDZ181ZeqYK9a/9fAtFzpquZPu3O+hWfqP7T//E9S/07D/XMeMGwx23OSJHko9AXX+u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7j7bz3jrJFjYNRgMHUw8nzPGY+n7/u6N4ysuuqmJ91+wENbjp+w3cizs6+aMnW7J2DsT0BDw591zBXr33r4lgsdtdxJd+73X3D2/Od/gvp3esB/u6HBYOT8HjN8Lq8/ccONlxoMBgfcftKmKw0efG+V4fdWGzvbYLYHNl3qge9rjecd77n29McJw98WeXAfJz6w/3WmHTzb0CyDmKmXnn3d4W/d7M4VZ31c8tE/x6gZTw695tQ7pk2bNu1hC0ea61E2nrH/GZ9l1vN8ZOxLDY99mV13eMcyu+y+x9Lb7bDFtltvu/WOy62wyoorLb/cSqu+eJltttt+62Wnf3+UORv3wPc1Hs+czTfrnN06ceY5m/WzPdqcjXvsOXtgj1P3GNp4xpzN/i/O2RqPPWfjthv5QeMnjB5s/sDUDA0G49ccPdht+MVycw4G49caWXfR4XVXHztqMNj3oQ86/GzOB4/BoT2H19ls8kaTHhrZIz/hI67TD1tx/ISRx4kjj5OmD3Hc4KFDcezg5FNGDc/Fw6Z53rnnGZp/MFh+5OXIfgarjrx70Iz1ps3SrAMdeujbPtO/HmjB4Z0MP3nbsmdcOXwuzrL9/4v+R9f/R3itMvTgRA2NfI2sM91r4pR1HvpZD0zD8NzNNrJs5WGTWefsf7NHjHfc7IMxjzHeyetMWmF48SzzP2MTPL5uW+K8904/tiasPH2r+//HKDTe+R5jvOtMxPHO91jjPeZ9F50yfVf/a+Od5Vq37gPfJzyea93gsa91s9EOtr5w8Vmvda989CE+7DyeMUdzzrLSo13rdjtw+T2H9z/hsa916w6PffTDrnWjBoPxa8y41g1f+CaPHuw7/GL54RdTRg+OGn6xwgMv5h6cM/ziRW/ZafuthhesPWNOlh3e74SxQw+4n7fyTUtO+/y0aWuOjGXC2IePdeT4GDfz/Xzi2OmTOWPbGfsdXnXGfm98yvT3Jo/sd+K/sN8Z29J4b19w+ntTRvY7aZb9jn6M/c7Y9hHnw1JDD164HuV6M3mW683I3zgzftzDvuaY/jX/BYPB/KeR7yzr/tNrJp2/cz3GeCdOWmGN4fHNcv4+eDjS+XvRlCuG7xXzDwaDhQeDsWvPGPu/2NCjjXf2xx7vJBjv7I813suO3mG9/4XxDmYa78OOs802nH6srD1ynE35F47fGdvOeh0b/cC70y/7az+e69i4R1zHPjTbqFkme6Ye7Xe2rWD96c8Xfej33KuOP3LG3I+eZb//7He2mT7LEFzHxszy9/yota8dDNGc73nM6hcP7f/Ycz568PC/LWbM+YxtH2vOpzyeOX/6Y8/54/09eannTH9/9Czjn3nON/jU0z45Y87nmGW//2zOpzz2veORcz5hMJrmfNl7ps/bY11PH23OZ2w7Y86HP+JqY2cfrDV8zxqZ88mPZ84X/d85zueB9ac/3/rBRWceftJrZsz5rHP8z+Z88r865+MePM7HP/Des0cN5phjsNsWu+6683LTv894ufz073wtuuuq6fP8WPfSRzOase1jnRdrPh6jMY/LaOifGS02+6MZPXRqHbbTzk/+n16L1vxXjQZ8LbriyOnz9li/Fz3anM/Ylu6Di8y0/ax/h2643gO/d883y31wxiZ4Hzzz9HX3nrHLkc3um2WYM+6r9860fLaZlt8z0/LRM+1n5vXnmGn5XTMtH/4Ic8y0/gzWccN/844sn/rQ6mOHf3kaN7L87pmWT3ho2/FrzrR84kzLJ8+0fNJDh8b4KTMtnzLT+msP/sVm/Dfp7Wa9yNfjrf/+6y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvLX9z9t55x1sgxMGowmDqY/nxo5HGw59AGt7x8+HEwGIxe+bhpGzzR432CGzr7qilTx1yx/q2Hb7nQUcuddOd+/wVnz3/+J6h/pwf8txsaDEbO7zHbDQaD9SduuPFSg8Fgg2nHrTxq8OB7iw6/t/rYUYPBvkMP28GcD64ztOfwOptN3mjSYDDXyBrjHvFDH3EePWzF8RNGHieOPE6afn0aN3joeB07OPmUUYPZH1j+UPPOPc/Q/IPB8iMvR/YzWHn6w/yXzlhv2izNOtChh77tM/3rgRYc/hHDT3bbdsozhudqlu3/zzTjWr3dqH+6aue/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL392/5t/R8t9Wou7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+6oam/7+7lrXOf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vf3f/cf5fZ/1cHUk9Inf/u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y1/c/beecdbIMTBqMJg6mP58aM+Rx8HQCSc/b+QQGb375Ucc/ESP9wlu6Oyrpkwdc8X6tx6+5UJHLXfSnfv9F5w9//mfoP6dHvDfbmgwGDm/x2w3GAzWn7jhxksNBoODj7h891GDB99bdPi91ceOGgz2HXrYDuZ8cJ2hPYfX2WzyRpMGg7lG1hj3iB/6iPPoYSuOnzDyOHHkcdL069O4wUPH69jByaeMGsz+wPKHmnfueYbmHwyWH3k5sp/BytMf5r90xnrTZmnWgQ499G2f6V8PtODwjxh+std8V50wPFezbP9/phnX6u1G/dNVO//d5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8tf3P23nnHWyDEwajCYOpj+fNTI49CeN1z/gY2HH4dfL7T23lc90eN9ghs6+6opU8dcsf6th2+50FHLnXTnfv8FZ89//ieof6dh/7mOGTcY7LjJEz2UegLq/HeXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn9x9996xlkjT0c9tHTUnh0X2NDZV02ZOuaK9W89fMuFjlrupDv3e6IH9O/2KP4fyh+z+H84f8zi/5H8MYv/R/PHLP575Y9Z/D+WP2bx3zt/zOL/8fwxi/8n8scs/vvkj1n8P5k/ZvH/VP6Yxf/T+WMW/8/kj1n8P5s/ZvHfN3/M4r9f/pjF/3P5Yxb/z+ePWfz3zx+z+H8hf8zif0D+mMX/wPwxi/8X88cs/l/KH7P4fzl/zOL/lfwxi/9X88cs/l/LH7P4fz1/zOL/jfwxi/9B+WMW/4Pzxyz+h+SPWfwPzR+z+B+WP2bxPzx/zOJ/RP6Yxf/I/DGL/1H5Yxb/o/PHLP7H5I9Z/L+ZP2bxPzZ/zOJ/XP6Yxf/4/DGL/wn5Yxb/E/PHLP7fyh+z+H87f8zif1L+mMX/5Pwxi/8p+WMW/1Pzxyz+38kfs/iflj9m8T89f8zif0b+mMX/u/ljFv/v5Y9Z/M/MH7P4n5U/ZvE/O3/M4n9O/pjF/9z8MYv/9/PHLP4/yB+z+P8wf8zi/6P8MYv/j/PHLP4/yR+z+J+XP2bxPz9/zOL/0/wxi/8F+WMW/5/lj1n8L8wfs/hflD9m8b84f8zif0n+mMX/0vwxi/9l+WMW/8vzxyz+P88fs/j/In/M4v/L/DGL/6/yxyz+V+SPWfyvzB+z+P86f8zi/5v8MYv/VfljFv/f5o9Z/K/OH7P4X5M/ZvG/Nn/M4v+7/DGL/3X5Yxb/6/PHLP435I9Z/H+fP2bx/0P+mMX/j/ljFv8b88cs/n/KH7P435Q/ZvG/OX/M4n9L/pjF/9b8MYv/n/PHLP635Y9Z/G/PH7P4/yV/zOJ/R/6Yxf+v+WMW/7/lj1n8/54/ZvH/R/6Yxf/O/DGL/135Yxb/u/PHLP735I9Z/O/NH7P4T80fs/jflz9m8b8/f8ziPy1/TOI/2yB/zOI/lD9m8R+VP2bxny1/zOI/e/6YxX90/pjFf478MYv/nPljFv+58scs/nPnj1n858kfs/jPmz9m8Z8vf8ziP3/+mMV/gfwxi/+C+WMW/zH5Yxb/hfLHLP5j88cs/gvnj1n8F8kfs/g/KX/M4v/k/DGL/1Pyxyz+i+aPWfyfmj9m8V8sf8zi/7T8MYv/0/PHLP6L549Z/J+RP2bxf2b+mMV/XP6Yxf9Z+WMW/2fn/4hmH3k0+D8nf8xy/o/PH7P4L5E/ZvF/bv6YxX/J/DGL/1L5Yxb/5+WPWfyfnz9m8X9B/pjF/4X5Yxb/pfPHLP4vyh+z+C+TP2bxXzZ/zOK/XP6YxX/5/DGL/wr5Yxb/FfPHLP4vzh+z+K+UP2bxXzl/zOK/Sv6YxX/V/DGL/0vyxyz+q+WPWfxXzx+z+L80f8zi/7L8MYv/y/PHLP4T8scs/hPzxyz+k/LHLP5r5I9Z/NfMH7P4r5U/ZvGfnD9m8Z+i8p/tca9p8V9b5f/4s/ivkz9m8X9F/pjF/5X5Yxb/dfPHLP7r5Y9Z/NfPH7P4vyp/zOK/Qf6Yxf/V+WMW/w3zxyz+G+WPWfw3zh+z+G+SP2bxf03+mMV/0/wxi/9m+WMW/9fmj1n8X5c/ZvF/ff6Yxf8N+WMW/zfmj1n835Q/ZvF/c/6YxX/z/DGL/xb5Yxb/LfPHLP5vyR+z+G+VP2bx3zp/zOK/Tf6YxX/b/DGL/1vzxyz+2+WPWfzflj9m8X97/pjFf/v8MYv/DvljFv8d88cs/jvlj1n835E/ZvF/Z/6YxX/n/DGL/y75Yxb/XfPHLP7vyh+z+L87f8zi/578MYv/bvljFv/d88cs/nvkj1n835s/ZvF/X/6Yxf/9+WMW/w/kj1n8P5g/ZvHfM3/M4v+h/DGL/4fzxyz+H8kfs/h/NH/M4r9X/pjF/2P5Yxb/vfPHLP4fzx+z+H8if8ziv0/+mMX/k/ljFv9P5Y9Z/D+dP2bx/0z+mMX/s/ljFv9988cs/vvlj1n8P5c/ZvH/fP6YxX///DGL/xfyxyz+B+SPWfwPzB+z+H8xf8zi/6X8MYv/l/PHLP5fyR+z+H81f8zi/7X8MYv/1/PHLP7fyB+z+B+UP2bxPzh/zOJ/SP6Yxf/Q/DGL/2H5Yxb/w/PHLP5H5I9Z/I/MH7P4H5U/ZvE/On/M4n9M/pjF/5v5Yxb/Y/PHLP7H5Y9Z/I/PH7P4n5A/ZvE/MX/M4v+t/DGL/7fzxyz+J+WPWfxPzh+z+J+SP2bxPzV/zOL/nfwxi/9p+WMW/9Pzxyz+Z+SPWfy/mz9m8f9e/pjF/8z8MYv/WfljFv+z88cs/ufkj1n8z80fs/h/P3/M4v+D/DGL/w/zxyz+P8ofs/j/OH/M4v+T/DGL/3n5Yxb/8/PHLP4/zR+z+F+QP2bx/1n+mMX/wvwxi/9F+WMW/4vzxyz+l+SPWfwvzR+z+F+WP2bxvzx/zOL/8/wxi/8v8scs/r/MH7P4/yp/zOJ/Rf6Yxf/K/DGL/6/zxyz+v8kfs/hflT9m8f9t/pjF/+r8MYv/NfljFv9r88cs/r/LH7P4X5c/ZvG/Pn/M4n9D/pjF//f5Yxb/P+SPWfz/mD9m8b8xf8zi/6f8MYv/TfljFv+b88cs/rfkj1n8b80fs/j/OX/M4n9b/pjF//b8MYv/X/LHLP535I9Z/P+aP2bx/1v+mMX/7/ljFv9/5I9Z/O/MH7P435U/ZvG/O3/M4n9P/pjF/978MYv/1Pwxi/99+WMW//vzxyz+0/LHJP6zD/LHLP5D+WMW/1H5Yxb/2fLHLP6z549Z/Efnj1n858gfs/jPmT9m8Z8rf8ziP3f+mMV/nvwxi/+8+WMW//nyxyz+8+ePWfwXyB+z+C+YP2bxH5M/ZvFfKH/M4j82f8ziv3D+mMV/kfwxi/+T8scs/k/OH7P4PyV/zOK/aP6Yxf+p+WMW/8Xyxyz+T8sfs/g/PX/M4r94/pjF/xn5Yxb/Z+aPWfzH5Y9Z/J+VP2bxf3b+mMX/OfljFv/x+WMW/yXyxyz+z80fs/gvmT9m8V8qf8zi/7z8MYv/8/PHLP4vyB+z+L8wf8ziv3T+mMX/RfljFv9l8scs/svmj1n8l8sfs/gvnz9m8V8hf8ziv2L+mMX/xfljFv+V8scs/ivnj1n8V8kfs/ivmj9m8X9J/pjFf7X8MYv/6vljFv+X5o9Z/F+WP2bxf3n+mMV/Qv6YxX9i/pjFf1L+mMV/jfwxi/+a+WMW/7Xyxyz+k/PHLP5T8scs/mvnj1n818kfs/i/In/M4v/K/DGL/7r5Yxb/9fLHLP7r549Z/F+VP2bx3yB/zOL/6sEl+UMW/w07/zGL/0b5Yxb/jfPHLP6b5I9Z/F+TP2bx3zR/zOK/Wf6Yxf+1+WMW/9flj1n8X58/ZvF/Q/6Yxf+N+WMW/zflj1n835w/ZvHfPH/M4r9F/pjFf8v8MYv/W/LHLP5b5Y9Z/LfOH7P4b5M/ZvHfNn/M4v/W/DGL/3b5Yxb/t+WPWfzfnj9m8d8+f8ziv0P+mMV/x/wxi/9O+WMW/3fkj1n835k/ZvHfOX/M4r9L/pjFf9f8MYv/u/LHLP7vzh+z+L8nf8ziv1v+mMV/9/wxi/8e+WMW//fmj1n835c/ZvF/f/6Yxf8D+WMW/w/mj1n898wfs/h/KH/M4v/h/DGL/0fyxyz+H80fs/jvlT9m8f9Y/pjFf+/8MYv/x/PHLP6fyB+z+O+TP2bx/2T+mMX/U/ljFv9P549Z/D+TP2bx/2z+mMV/3/wxi/9++WMW/8/lj1n8P58/ZvHfP3/M4v+F/DGL/wH5Yxb/A/PHLP5fzB+z+H8pf8zi/+X8MYv/V/LHLP5fzR+z+H8tf8zi//X8MYv/N/LHLP4H5Y9Z/A/OH7P4H5I/ZvE/NH/M4n9Y/pjF//D8MYv/EfljFv8j88cs/kflj1n8j84fs/gfkz9m8f9m/pjF/9j8MYv/cfljFv/j88cs/ifkj1n8T8wfs/h/K3/M4v/t/DGL/0n5Yxb/k/PHLP6n5I9Z/E/NH7P4fyd/zOJ/Wv6Yxf/0/DGL/xn5Yxb/7+aPWfy/lz9m8T8zf8zif1b+mMX/7Pwxi/85+WMW/3Pzxyz+388fs/j/IH/M4v/D/DGL/4/yxyz+P84fs/j/JH/M4n9e/pjF//z8MYv/T/PHLP4X5I9Z/H+WP2bxvzB/zOJ/Uf6Yxf/i/DGL/yX5Yxb/S/PHLP6X5Y9Z/C/PH7P4/zx/zOL/i/wxi/8v88cs/r/KH7P4X5E/ZvG/Mn/M4v/r/DGL/2/yxyz+V+U/3LTZZllg8f9t/pjF/+r8MYv/NfljFv9r88cs/r/LH7P4X5c/ZvG/Pn/M4n9D/pjF//f5Yxb/P+SPWfz/mD9m8b8xf8zi/6f8MYv/TfljFv+b88cs/rfkj1n8b80fs/j/OX/M4n9b/pjF//b8MYv/X/LHLP535I9Z/P+aP2bx/1v+mMX/7/ljFv9/5I9Z/O/MH7P435U/ZvG/O3/M4n9P/pjF/978MYv/1Pwxi/99+WMW//vzxyz+0/LHJP6jB/ljFv+h/DGL/6j8MYv/bPljFv/Z88cs/qPzxyz+c+SPWfznzB+z+M+VP2bxnzt/zOI/T/6YxX/e/DGL/3z5Yxb/+fPHLP4L5I9Z/BfMH7P4j8kfs/gvlD9m8R+bP2bxXzh/zOK/SP6Yxf9J+WMW/yfnj1n8n5I/ZvFfNH/M4v/U/DGL/2L5Yxb/p+WPWfyfnj9m8V88f8zi/4z8MYv/M/PHLP7j8scs/s/KH7P4Pzt/zOL/nPwxi//4/DGL/xL5Yxb/5+aPWfyXzB+z+C+VP2bxf17+mMX/+fljFv8X5I9Z/F+YP2bxXzp/zOL/ovwxi/8y+WMW/2Xzxyz+y+WPWfyXzx+z+K+QP2bxXzF/zOL/4vwxi/9K+WMW/5Xzxyz+q+SPWfxXzR+z+L8kf8ziv1r+mMV/9fwxi/9L88cs/i/LH7P4vzx/zOI/IX/M4j8xf8ziPyl/zOK/Rv6YxX/N/DGL/1r5Yxb/yfljFv8p+WMW/7Xzxyz+6+SPWfxfkT9m8X9l/pjFf938MYv/evljFv/188cs/q/KH7P4b5A/ZvF/df6YxX/D/DGL/0b5Yxb/jfPHLP6b5I9Z/F+TP2bx3zR/zOK/Wf6Yxf+1+WMW/9flj1n8X58/ZvF/Q/6Yxf+N+WMW/zflj1n835w/ZvHfPH/M4r9F/pjFf8v8MYv/W/LHLP5b5Y9Z/LfOH7P4b5M/ZvHfNn/M4v/W/DGL/3b5Yxb/t+WPWfzfnj9m8d8+f8ziv0P+mMV/x/wxi/9O+WMW/3fkj1n835k/ZvHfOX/M4r9L/pjFf9f8MYv/u/LHLP7vzh+z+L8nf8ziv1v+mMV/9/wxi/8e+WMW//fmj1n835c/ZvF/f/6Yxf8D+WMW/w/mj1n898wfs/h/KH/M4v/h/DGL/0fyxyz+H80fs/jvlT9m8f9Y/pjFf+/8MYv/x/PHLP6fyB+z+O+TP2bx/2T+mMX/U/ljFv9P549Z/D+TP2bx/2z+mMV/3/wxi/9++WMW/8/lj1n8P58/ZvHfP3/M4v+F/DGL/wH5Yxb/A/PHLP5fzB+z+H8pf8zi/+X8MYv/V/LHLP5fzR+z+H8tf8zi//X8MYv/N/LHLP4H5Y9Z/A/OH7P4H5I/ZvE/NH/M4n9Y/pjF//D8MYv/EfljFv8j88cs/kflj1n8j84fs/gfkz9m8f9m/pjF/9j8MYv/cfljFv/j88cs/ifkj1n8T8wfs/h/K3/M4v/t/DGL/0n5Yxb/k/PHLP6n5I9Z/E/NH7P4fyd/zOJ/Wv6Yxf/0/DGL/xn5Yxb/7+aPWfy/lz9m8T8zf8zif1b+mMX/7Pwxi/85+WMW/3Pzxyz+388fs/j/IH/M4v/D/DGL/4/yxyz+P84fs/j/JH/M4n9e/pjF//z8MYv/T/PHLP4X5I9Z/H+WP2bxvzB/zOJ/Uf6Yxf/i/DGL/yX5Yxb/S/PHLP6X5Y9Z/C/PH7P4/zx/zOL/i/wxi/8v88cs/r/KH7P4X5E/ZvG/Mn/M4v/r/DGL/2/yxyz+V+WPWfx/mz9m8b86f8zif03+mMX/2vwxi//v8scs/tflj1n8r88fs/jfkD9m8f99/pjF/w/5Yxb/P+aPWfxvzB+z+P8pf8zif1P+mMX/5vwxi/8t+WMW/1vzxyz+f84fs/jflj9m8b89f8zi/5f8MYv/HfljFv+/5o9Z/P+WP2bx/3v+mMX/H/ljFv8788cs/nflj1n8784fs/jfkz9m8b83f8ziPzV/zOJ/X/6Yxf/+/DGL/7T8MYn/HIP8MYv/UP6YxX9U/pjFf7b8MYv/7PljFv/R+WMW/znyxyz+c+aPWfznyh+z+M+dP2bxnyd/zOI/b/6YxX++/DGL//z5Yxb/BfLHLP4L5o9Z/Mfkj1n8F8ofs/iPzR+z+C+cP2bxXyR/zOL/pPwxi/+T88cs/k/JH7P4L5o/ZvF/av6YxX+x/DGL/9Pyxyz+T88fs/gvnj9m8X9G/pjF/5n5Yxb/cfljFv9n5Y9Z/J+dP2bxf07+mMV/fP6YxX+J/DGL/3Pzxyz+S+aPWfyXyh+z+D8vf8zi//z8MYv/C/LHLP4vzB+z+C+dP2bxf1H+mMV/mfwxi/+y+WMW/+Xyxyz+y+ePWfxXyB+z+K+YP2bxf3H+mMV/pfwxi//K+WMW/1Xyxyz+q+aPWfxfkj9m8V8tf8ziv3r+mMX/pfljFv+X5Y9Z/F+eP2bxn5A/ZvGfmD9m8Z+UP2bxXyN/zOK/Zv6YxX+t/DGL/+T8MYv/lPwxi//a+WMW/3Xyxyz+r8gfs/i/Mn/M4r9u/pjFf738MYv/+vljFv9X5Y9Z/DfIH7P4vzp/zOK/Yf6YxX+j/DGL/8b5Yxb/TfLHLP6vyR+z+G+aP2bx3yx/zOL/2vwxi//r8scs/q/PH7P4vyF/zOL/xvwxi/+b8scs/m/OH7P4b54/ZvHfIn/M4r9l/pjF/y35Yxb/rfLHLP5b549Z/LfJH7P4b5s/ZvF/a/6YxX+7/DGL/9vyxyz+b88fs/hvnz9m8d8hf8ziv2P+mMV/p/wxi/878scs/u/MH7P475w/ZvHfJX/M4r9r/pjF/135Yxb/d+ePWfzfkz9m8d8tf8ziv3v+mMV/j/wxi/9788cs/u/LH7P4vz9/zOL/gfwxi/8H88cs/nvmj1n8P5Q/ZvH/cP6Yxf8j+WMW/4/mj1n898ofs/h/LH/M4r93/pjF/+P5Yxb/T+SPWfz3yR+z+H8yf8zi/6n8MYv/p/PHLP6fyR+z+H82f8ziv2/+mMV/v/wxi//n8scs/p/PH7P4758/ZvH/Qv6Yxf+A/DGL/4H5Yxb/L+aPWfy/lD9m8f9y/pjF/yv5Yxb/r+aPWfy/lj9m8f96/pjF/xv5Yxb/g/LHLP4H549Z/A/JH7P4H5o/ZvE/LH/M4n94/pjF/4j8MYv/kfljFv+j8scs/kfnj1n8j8kfs/h/M3/M4n9s/pjF/7j8MYv/8fljFv8T8scs/ifmj1n8v5U/ZvH/dv6Yxf+k/DGL/8n5Yxb/U/LHLP6n5o9Z/L+TP2bxPy1/zOJ/ev6Yxf+M/DGL/3fzxyz+38sfs/ifmT9m8T8rf8zif3b+mMX/nPwxi/+5+WMW/+/nj1n8f5A/ZvH/Yf6Yxf9H+WMW/x/nj1n8f5I/ZvE/L3/M4n9+/pjF/6f5Yxb/C/LHLP4/yx+z+F+YP2bxvyh/zOJ/cf6Yxf+S/DGL/6X5Yxb/y/LHLP6X549Z/H+eP2bx/0X+mMX/l/ljFv9f5Y9Z/K/IH7P4X5k/ZvH/df6Yxf83+WMW/6vyxyz+v80fs/hfnT9m8b8mf8zif23+mMX/d/ljFv/r8scs/tfnj1n8b8gfs/j/XuU/+nGvafH/g8r/8Wfx/2P+mMX/xvwxi/+f8scs/jflj1n8b84fs/jfkj9m8b81f8zi/+f8MYv/bfljFv/b88cs/n/JH7P435E/ZvH/a/6Yxf9v+WMW/7/nj1n8/5E/ZvG/M3/M4n9X/pjF/+78MYv/PfljFv9788cs/lPzxyz+9+WPWfzvzx+z+E/LH5P4zznIH7P4D+WPWfxH5Y9Z/GfLH7P4z54/ZvEfnT9m8Z8jf8ziP2f+mMV/rvwxi//c+WMW/3nyxyz+8+aPWfznyx+z+M+fP2bxXyB/zOK/YP6YxX9M/pjFf6H8MYv/2Pwxi//C+WMW/0Xyxyz+T8ofs/g/OX/M4v+U/DGL/6L5Yxb/p+aPWfwXyx+z+D8tf8zi//T8MYv/4vljFv9n5I9Z/J+ZP2bxH5c/ZvF/Vv6Yxf/Z+WMW/+fkj1n8x+ePWfyXyB+z+D83f8ziv2T+mMV/qfwxi//z8scs/s/PH7P4vyB/zOL/wvwxhf/4wZxL548p/AeDOV+UP2bxXyZ/zOK/bP6YxX+5/DGL//L5Yxb/FfLHLP4r5o9Z/F+cP2bxXyl/zOK/cv6YxX+V/DGL/6r5Yxb/l+SPWfxXyx+z+K+eP2bxf2n+mMX/ZfljFv+X549Z/Cfkj1n8J+aPWfwn5Y9Z/NfIH7P4r5k/ZvFfK3/M4j85f8ziPyV/zOK/dv6YxX+d/DGL/yvyxyz+r8wfs/ivmz9m8V8vf8ziv37+mMX/VfljFv8N8scs/q/OH7P4b5g/ZvHfKH/M4r9x/pjFf5P8MYv/a/LHLP6b5o9Z/DfLH7P4vzZ/zOL/uvwxi//r88cs/m/IH7P4vzF/zOL/pvwxi/+b88cs/pvnj1n8t8gfs/hvmT9m8X9L/pjFf6v8MYv/1vljFv9t8scs/tvmj1n835o/ZvHfLn/M4v+2/DGL/9vzxyz+2+ePWfx3yB+z+O+YP2bx3yl/zOL/jvwxi/8788cs/jvnj1n8d8kfs/jvmj9m8X9X/pjF/935Yxb/9+SPWfx3yx+z+O+eP2bx3yN/zOL/3vwxi//78scs/u/PH7P4fyB/zOL/wfwxi/+e+WMW/w/lj1n8P5w/ZvH/SP6Yxf+j+WMW/73yxyz+H8sfs/jvnT9m8f94/pjF/xP5Yxb/ffLHLP6fzB+z+H8qf8zi/+n8MYv/Z/LHLP6fzR+z+O+bP2bx3y9/zOL/ufwxi//n88cs/vvnj1n8v5A/ZvE/IH/M4n9g/pjF/4v5Yxb/L+WPWfy/nD9m8f9K/pjF/6v5Yxb/r+WPWfy/nj9m8f9G/pjF/6D8MYv/wfljFv9D8scs/ofmj1n8D8sfs/gfnj9m8T8if8zif2T+mMX/qPwxi//R+WMW/2Pyxyz+38wfs/gfmz9m8T8uf8zif3z+mMX/hPwxi/+J+WMW/2/lj1n8v50/ZvE/KX/M4n9y/pjF/5T8MYv/qfljFv/v5I9Z/E/LH7P4n54/ZvE/I3/M4v/d/DGL//fyxyz+Z+aPWfzPyh+z+J+dP2bxPyd/zOJ/bv6Yxf/7+WMW/x/kj1n8f5g/ZvH/Uf6Yxf/H+WMW/5/kj1n8z8sfs/ifnz9m8f9p/pjF/4L8MYv/z/LHLP4X5o9Z/C/KH7P4X5w/ZvG/JH/M4n9p/pjF/7L8MYv/5fljFv+f549Z/H+RP2bx/2X+mMX/V/ljFv8r8scs/lfmj1n8f50/ZvH/Tf6Yxf+q/DGL/2/zxyz+V+ePWfyvyR+z+F+bP2bx/13+mMX/uvwxi//1+WMW/xvyxyz+v88fs/j/IX/M4v/H/DGL/435Yxb/P+WPWfxvyh+z+N+cP2bxvyV/zOJ/a/6Yxf/P+WMW/9vyxyz+t+ePWfz/kj9m8b8jf8zi/9f8MYv/3/LHLP5/zx+z+P8jf8zif2f+mMX/rvwxi//d+WMW/3vyxyz+9+aPWfyn5o9Z/O/LH7P4358/ZvGflj8m8Z9rkD9m8R/KH7P4j8ofs/jPlj9m8Z89f8ziPzp/zOI/R/6YxX/O/DGL/1z5Yxb/ufPHLP7z5I9Z/OfNH7P4z5c/ZvGfP3/M4r9A/pjFf8H8MYv/mPwxi/9C+WMW/7H5Yxb/hfPHLP6L5I9Z/J+UP2bxf3L+mMX/KfljFv9F88cs/k/NH7P4L5Y/ZvF/Wv6Yxf/p+WMW/8Xzxyz+z8gfs/g/M3/M4j8uf8zi/6z8MYv/s/PHLP7PyR+z+I/PH7P4L5E/ZvF/bv6YxX/J/DGL/1L5Yxb/5+WPWfyfnz9m8X9B/pjF/4X5Yxb/pfPHLP4vyh+z+C+TP2bxXzZ/zOK/XP6YxX/5/DGL/wr5Yxb/FfPHLP4vzh+z+K+UP2bxXzl/zOK/Sv6YxX/V/DGL/0vyxyz+q+WPWfxXzx+z+L80f8zi/7L8MYv/y/PHLP4T8scs/hPzxyz+k/LHLP5r5I9Z/NfMH7P4r5U/ZvGfnD9m8Z+SP2bxXzt/zOK/Tv6Yxf8V+WMW/1fmj1n8180fs/ivlz9m8V8/f8zi/6r8MYv/BvljFv9X549Z/DfMH7P4b5Q/ZvHfOH/M4r9J/pjF/zX5Yxb/TfPHLP6b5Y9Z/F+bP2bxf13+mMX/9fljFv835I9Z/N+YP2bxf1P+mMX/zfljFv/N88cs/lvkj1n8t8wfs/i/JX/M4r9V/pjFf+v8MYv/NvljFv9t88cs/m/NH7P4b5c/ZvF/W/6Yxf/t+WMW/+3zxyz+O+SPWfx3zB+z+O+UP2bxf0f+mMX/nfljFv+d88cs/rvkj1n8d80fs/i/K3/M4v/u/DGL/3vyxyz+u+WPWfx3zx+z+O+RP2bxf2/+mMX/ffljFv/3549Z/D+QP2bx/2D+mMV/z/wxi/+H8scs/h/OH7P4fyR/zOL/0fwxi/9e+WMW/4/lj1n8984fs/h/PH/M4v+J/DGL/z75Yxb/T+aPWfw/lT9m8f90/pjF/zP5Yxb/z+aPWfz3zR+z+O+XP2bx/1z+mMX/8/ljFv/988cs/l/IH7P4H5A/ZvE/MH/M4v/F/DGL/5fyxyz+X84fs/h/JX/M4v/V/DGL/9fyxyz+X88fs/h/I3/M4n9Q/pjF/+D8MYv/IfljFv9D88cs/oflj1n8D88fs/gfkT9m8T8yf8zif1T+mMX/6Pwxi/8x+WMW/2/mj1n8j80fs/gflz9m8T8+f8zif0L+mMX/xPwxi/+38scs/t/OH7P4n5Q/ZvE/OX/M4n9K/pjF/9T8MYv/d/LHLP6n5Y9Z/E/PH7P4n5E/ZvH/bv6Yxf97+WMW/zPzxyz+Z+WPWfzPzh+z+J+TP2bxPzd/zOL//fwxi/8P8scs/j/MH7P4/yh/zOL/4/wxi/9P8scs/uflj1n8z38c/lcs8P9yYP83s/j/tPMfs/hfkD9m8f9Z/pjF/8L8MYv/RfljFv+L88cs/pfkj1n8L80fs/hflj9m8b88f8zi//P8MYv/L/LHLP6/zB+z+P8qf8zif0X+mMX/yvwxi/+v88cs/r/JH7P4X5U/ZvH/bf6Yxf/q/DGL/zX5Yxb/a/PHLP6/yx+z+F+XP2bxvz5/zOJ/Q/6Yxf/3+WMW/z/kj1n8/5g/ZvG/MX/M4v+n/DGL/035Yxb/m/PHLP635I9Z/G/NH7P4/zl/zOJ/W/6Yxf/2/DGL/1/yxyz+d+SPWfz/mj9m8f9b/pjF/+/5Yxb/f+SPWfzvzB+z+N+VP2bxvzt/zOJ/T/6Yxf/e/DGL/9T8MYv/ffljFv/788cs/tPyxyT+cw/yxyz+Q/ljFv9R+WMW/9nyxyz+s+ePWfxH549Z/OfIH7P4z5k/ZvGfK3/M4j93/pjFf578MYv/vPljFv/58scs/vPnj1n8F8gfs/gvmD9m8R+TP2bxXyh/zOI/Nn/M4r9w/pjFf5H8MYv/k/LHLP5Pzh+z+D8lf8ziv2j+mMX/qfljFv/F8scs/k/LH7P4Pz1/zOK/eP6Yxf8Z+WMW/2fmj1n8x+WPWfyflT9m8X92/pjF/zn5Yxb/8fljFv8l8scs/s/NH7P4L5k/ZvFfKn/M4v+8/DGL//Pzxyz+L8gfs/i/MH/M4r90/pjF/0X5Yxb/ZfLHLP7L5o9Z/JfLH7P4L58/ZvFfIX/M4r9i/pjF/8X5Yxb/lfLHLP4r549Z/FfJH7P4r5o/ZvF/Sf6YxX+1/DGL/+r5Yxb/l+aPWfxflj9m8X95/pjFf0L+mMV/Yv6YxX9S/pjFf438MYv/mvljFv+18scs/pPzxyz+U/LHLP5r549Z/NfJH7P4vyJ/zOL/yvwxi/+6+WMW//Xyxyz+6+ePWfxflT9m8d8gf8zi/+r8MYv/hvljFv+N8scs/hvnj1n8N8kfs/i/Jn/M4r9p/pjFf7P8MYv/a/PHLP6vyx+z+L8+f8zi/4b8MYv/G/PHLP5vyh+z+L85f8ziv3n+mMV/i/wxi/+W+WMW/7fkj1n8t8ofs/hvnT9m8d8mf8ziv23+mMX/rfljFv/t8scs/m/LH7P4vz1/zOK/ff6YxX+H/DGL/475Yxb/nfLHLP7vyB+z+L8zf8ziv3P+mMV/l/wxi/+u+WMW/3flj1n8350/ZvF/T/6YxX+3/DGL/+75Yxb/PfLHLP7vzR+z+L8vf8zi//78MYv/B/LHLP4fzB+z+O+ZP2bx/1D+mMX/w/ljFv+P5I9Z/D+aP2bx3yt/zOL/sfwxi//e+WMW/4/nj1n8P5E/ZvHfJ3/M4v/J/DGL/6fyxyz+n84fs/h/Jn/M4v/Z/DGL/775Yxb//fLHLP6fyx+z+H8+f8ziv3/+mMX/C/ljFv8D8scs/gfmj1n8v5g/ZvH/Uv6Yxf/L+WMW/6/kj1n8v5o/ZvH/Wv6Yxf/r+WMW/2/kj1n8D8ofs/gfnD9m8T8kf8zif2j+mMX/sPwxi//h+WMW/yPyxyz+R+aPWfyPyh+z+B+dP2bxPyZ/zOL/zfwxi/+x+WMW/+Pyxyz+x+ePWfxPyB+z+J+YP2bx/1b+mMX/2/ljFv+T8scs/ifnj1n8T8kfs/ifmj9m8f9O/pjF/7T8MYv/6fljFv8z8scs/t/NH7P4fy9/zOJ/Zv6Yxf+s/DGL/9n5Yxb/c/LHLP7n5o9Z/L+fP2bx/0H+mMX/h/ljFv8f5Y9Z/H+cP2bx/0n+mMX/vPwxi//5+WMW/5/mj1n8L8gfs/j/LH/M4n9h/pjF/6L8MYv/xfljFv9L8scs/pfmj1n8L8sfs/hfnj9m8f95/pjF/xf5Yxb/X+aPWfx/lT9m8b8if8zif2X+mMX/1/ljFv/f5I9Z/K/KH7P4/zZ/7OH+o5/o4fz7PYr/1fljlvP/mvwxi/+1+WMW/9/lj1n8r8sfs/hfnz9m8b8hf8zi//v8MYv/H/LHLP5/zB+z+N+YP2bx/1P+mMX/pvwxi//N+WMW/1vyxyz+t+aPWfz/nD9m8b8tf8zif3v+mMX/L/ljFv878scs/n/NH7P4/y1/zOL/9/wxi/8/8scs/nfmj1n878ofs/jfnT9m8b8nf8zif2/+mMV/av6Yxf++/DGL//35Yxb/afljEv95BvljFv+h/DGL/6j8MYv/bPljFv/Z88cs/qPzxyz+c+SPWfznzB+z+M+VP2bxnzt/zOI/T/7Yf7//XA++lf8j++/3f6B55ssfs/jPnz9m8V8gf8ziv2D+mMV/TP6YxX+h/DGL/9j8MYv/wvljFv9F8scs/k/KH7P4Pzl/zOL/lPwxi/+i+WMW/6fmj1n8F8sfs/g/LX/M4v/0/DGL/+L5Yxb/Z+SPWfyfmT9m8R+XP2bxf1b+mMX/2fljFv/n5I9Z/Mfnj1n8l8gfs/g/N3/M4r9k/pjFf6n8MYv/8/LHLP7Pzx+z+L8gf8zi/8L8MYv/0vljFv8X5Y9Z/JfJH7P4L5s/ZvFfLn/M4r98/pjFf4X8MYv/ivljFv8X549Z/FfKH7P4r5w/ZvFfJX/M4r9q/pjF/yX5Yxb/1fLHLP6r549Z/F+aP2bxf1n+mMX/5fljFv8J+WMW/4n5Yxb/SfljFv818scs/mvmj1n818ofs/hPzh+z+E/JH7P4r50/ZvFfJ3/M4v+K/DGL/yvzxyz+6+aPWfzXyx+z+K+fP2bxf1X+mMV/g/wxi/+r88cs/hvmj1n8N8ofs/hvnD9m8d8kf8zi/5r8MYv/pvljFv/N8scs/q/NH7P4vy5/zOL/+vwxi/8b8scs/m/MH7P4vyl/zOL/5vwxi//m+WMW/y3yxyz+W+aPWfzfkj9m8d8qf8ziv3X+mMV/m/wxi/+2+WMW/7fmj1n8t8sfs/i/LX/M4v/2/DGL//b5Yxb/HfLHLP475o9Z/HfKH7P4vyN/zOL/zvwxi//O+WMW/13yxyz+u+aPWfzflT9m8X93/pjF/z35Yxb/3fLHLP67549Z/PfIH7P4vzd/zOL/vvwxi//788cs/h/IH7P4fzB/zOK/Z/6Yxf9D+WMW/w/nj1n8P5I/ZvH/aP6YxX+v/DGL/8fyxyz+e+ePWfw/nj9m8f9E/pjFf5/8MYv/J/PHLP6fyh+z+H86f8zi/5n8MYv/Z/PHLP775o9Z/PfLH7P4fy5/zOL/+fwxi//++WMW/y/kj1n8D8gfs/gfmD9m8f9i/pjF/0v5Yxb/L+ePWfy/kj9m8f9q/pjF/2v5Yxb/r+ePWfy/kT9m8T8of8zif3D+mMX/kPwxi/+h+WMW/8Pyxyz+h+ePWfyPyB+z+B+ZP2bxPyp/zOJ/dP6Yxf+Y/DGL/zfzxyz+x+aPWfyPyx+z+B+fP2bxPyF/zOJ/Yv6Yxf9b+WMW/2/nj1n8T8ofs/ifnD9m8T8lf8zif2r+mMX/O/ljFv/T8scs/qfnj1n8z8gfs/h/N3/M4v+9/DGL/5n5Yxb/s/LHLP5n549Z/M/JH7P4n5s/ZvH/fv6Yxf8H+WMW/x/mj1n8f5Q/ZvH/cf6Yxf8n+WMW//Pyxyz+5+ePWfx/mj9m8b8gf8zi/7P8MYv/hfljFv+L8scs/hfnj1n8L8kfs/hfmj9m8b8sf8zif3n+mMX/5/ljFv9f5I9Z/H+ZP2bx/1X+mMX/ivwxi/+V+WMW/1/nj1n8f5M/ZvG/Kn/M4v/b/DGL/9X5Yxb/a/LHLP7X5o9Z/H+XP2bxvy5/zOJ/ff6Yxf+G/DGL/+/zxyz+f8gfs/j/MX/M4n9j/pjF/0/5Yxb/m/LHLP43549Z/G/JH7P435o/ZvH/c/6Yxf+2/DGL/+35Yxb/v+SPWfzvyB+z+P81f8zi/7f8MYv/3/PHLP7/yB+z+N+ZP2bxvyt/zOJ/d/6Yxf+e/DGL/735Yxb/qfljFv/78scs/vfnj1n8p+WPSfznHeSPWfyH8scs/qPyxyz+s+WPWfxnzx+z+I/OH7P4z5E/ZvGfM3/M4j9X/pjFf+78MYv/PPljFv9588cs/vPlj1n8588fs/gvkD9m8V8wf8ziPyZ/zOK/UP6YxX9s/pjFf+H8MYv/IvljFv8n5Y9Z/J+cP2bxf0r+mMV/0fwxi/9T88cs/ovlj1n8n5Y/ZvF/ev6YxX/x/DGL/zPyxyz+z8wfs/iPyx+z+D8rf8zi/+z8MYv/c/LHLP7j88cs/kvkj1n8n5s/ZvFfMn/M4r9U/pjF/3n5Yxb/5+ePWfxfkD9m8X9h/pjFf+n8MYv/i/LHLP7L5I9Z/JfNH7P4L5c/ZvFfPn/M4r9C/pjFf8X8MYv/i/PHLP4r5Y9Z/FfOH7P4r5I/ZvFfNX/M4v+S/DGL/2r5Yxb/1fPHLP4vzR+z+L8sf8zi//L8MYv/hPwxi//E/DGL/6T8MYv/GvljFv8188cs/mvlj1n8J+ePWfyn5I9Z/NfOH7P4r5M/ZvF/Rf6Yxf+V+WMW/3Xzxyz+6+WPWfzXzx+z+L8qf8ziv0H+mMX/1fljFv8N88cs/hvlj1n8N84fs/hvkj9m8X9N/pjFf9P8MYv/ZvljFv/X5o9Z/F+XP2bxf33+mMX/DfljFv835o9Z/N+UP2bxf3P+mMV/8/wxi/8W+WMW/y3zxyz+b8kfs/hvlT9m8d86f8ziv03+mMV/2/wxi/9b88cs/tvlj1n835Y/ZvF/e/6YxX/7/DGL/w75Yxb/HfPHLP475Y9Z/N+RP2bxf2f+mMV/5/wxi/8u+WMW/13zxyz+78ofs/i/O3/M4v+e/DGL/275Yxb/3fPHLP575I9Z/N+bP2bxf1/+mMX//fljFv8P5I9Z/D+YP2bx3zN/zOL/ofwxi/+H88cs/h/JH7P4fzR/zOK/V/6Yxf9j+WMW/73zxyz+H88fs/h/In/M4r9P/pjF/5P5Yxb/T+WPWfw/nT9m8f9M/pjF/7P5Yxb/ffPHLP775Y9Z/D+XP2bx/3z+mMV///wxi/8X8scs/gfkj1n8D8wfs/h/MX/M4v+l/DGL/5fzxyz+X8kfs/h/NX/M4v+1/DGL/9fzxyz+38gfs/gflD9m8T84f8zif0j+mMX/0Pwxi/9h+WMW/8Pzxyz+R+SPWfyPzB+z+B+VP2bxPzp/zOJ/TP6Yxf+b+WMW/2Pzxyz+x+WPWfyPzx+z+J+QP2bxPzF/zOL/rfwxi/+388cs/iflj1n8T84fs/ifkj9m8T81f8zi/538MYv/afljFv/T88cs/mfkj1n8v5s/ZvH/Xv6Yxf/M/DGL/1n5Yxb/s/PHLP7n5I9Z/M/NH7P4fz9/zOL/g/wxi/8P88cs/j/KH7P4/zh/zOL/k/wxi/95+WMW//Pzxyz+P80fs/hfkD9m8f9Z/pjF/8L8MYv/RfljFv+L88cs/pfkj1n8L80fs/hflj9m8b88f8zi//P8MYv/L/LHLP6/zB+z+P8qf8zif0X+mMX/yvwxi/+v88cs/r/JH7P4X5U/ZvH/bf6Yxf/q/DGL/zX5Yxb/a/PHLP6/yx+z+F+XP2bxvz5/zOJ/Q/6Yxf/3+WMW/z/kj1n8/5g/ZvG/MX/M4v+n/DGL/035Yxb/m/PHLP635I9Z/G/NH7P4/zl/zOJ/W/6Yxf/2/DGL/1/yxyz+d+SPWfz/mj9m8f9b/pjF/+/5Yxb/f+SPWfzvzB+z+N+VP2bxvzt/zOJ/T/6Yxf/e/DGL/9T8MYv/ffljFv/788cs/tPyxyT+8w3yxyz+Q/ljFv9R+WMW/9nyxyz+s+ePWfxH549Z/OfIH7P4z5k/ZvGfK3/M4j93/pjFf578MYv/vPljFv/58scs/vPnj1n8F8gfs/gvmD9m8R+TP2bxXyh/zOI/Nn/M4r9w/pjFf5H8MYv/k/LHLP5Pzh+z+D8lf8ziv2j+mMX/qfljFv/F8scs/k/LH7P4Pz1/zOK/eP6Yxf8Z+WMW/2fmj1n8x+WPWfyflT9m8X92/pjF/zn5Yxb/8fljFv8l8scs/s/NH7P4L5k/ZvFfKn/M4v+8/DGL//Pzxyz+L8gfs/i/MH/M4r90/pjF/0X5Yxb/ZfLHLP7L5o9Z/JfLH7P4L58/ZvFfIX/M4r9i/pjF/8X5Yxb/lfLHLP4r549Z/FfJH7P4r5o/ZvF/Sf6YxX+1/DGL/+r5Yxb/l+aPWfxflj9m8X95/pjFf0L+mMV/Yv6YxX9S/pjFf438MYv/mvljFv+18scs/pPzxyz+U/LHLP5r549Z/NfJH7P4vyJ/zOL/yvwxi/+6+WMW//Xyxyz+6+ePWfxflT9m8d8gf8zi/+r8MYv/hvljFv+N8scs/hvnj1n8N8kfs/i/Jn/M4r9p/pjFf7P8MYv/a/PHLP6vyx+z+L8+f8zi/4b8MYv/G/PHLP5vyh+z+L85f8ziv3n+mMV/i/wxi/+W+WMW/7fkj1n8t8ofs/hvnT9m8d8mf8ziv23+mMX/rfljFv/t8scs/m/LH7P4vz1/zOK/ff6YxX+H/DGL/475Yxb/nfLHHvTf5oT/av935I9Zzv935o9Z/HfOH7P475I/ZvHfNX/M4v+u/DGL/7vzxyz+78kfs/jvlj9m8d89f8ziv0f+mMX/vfljFv/35Y9Z/N+fP2bx/0D+mMX/g/ljFv8988cs/h/KH7P4fzh/zOL/kfwxi/9H88cs/nvlj1n8P5Y/ZvHfO3/M4v/x/DGL/yfyxyz+++SPWfw/mT9m8f9U/pjF/9P5Yxb/z+SPWfw/mz9m8d83f8ziv1/+mMX/c/ljFv/P549Z/PfPH7P4fyF/zOJ/QP6Yxf/A/DGL/xfzxyz+X8ofs/h/OX/M4v+V/DGL/1fzxyz+X8sfs/h/PX/M4v+N/DGL/0H5Yxb/g/PHLP6H5I9Z/A/NH7P4H5Y/ZvE/PH/M4n+E0n+Of7qGxf9Ipf8/z+J/VP6Yxf/o/DGL/zH5Yxb/b+aPWfyPzR+z+B+XP2bxPz5/zOJ/Qv6Yxf/E/DGL/7fyxyz+384fs/iflD9m8T85f8zif0r+mMX/1Pwxi/938scs/qflj1n8T88fs/ifkT9m8f9u/pjF/3v5Yxb/M/PHLP5n5Y9Z/M/OH7P4n5M/ZvE/N3/M4v/9/DGL/w/yxyz+P8wfs/j/KH/M4v/j/DGL/0/yxyz+5+WPWfzPzx+z+P80f8zif0H+mMX/Z/ljFv8L88cs/hflj1n8L84fs/hfkj9m8b80f8zif1n+mMX/8vwxi//P88cs/r/IH7P4/zJ/zOL/q/wxi/8V+WMW/yvzxyz+v84fs/j/Jn/M4n9V/pjF/7f5Yxb/q/PHLP7X5I9Z/K/NH7P4/y5/zOJ/Xf6Yxf/6/DGL/w35Yxb/3+ePWfz/kD9m8f9j/pjF/8b8MYv/n/LHLP435Y9Z/G/OH7P435I/ZvG/NX/M4v/n/DGL/235Yxb/2/PHLP5/yR+z+N+RP2bx/2v+mMX/b/ljFv+/549Z/P+RP2bxvzN/zOJ/V/6Yxf/u/DGL/z35Yxb/e/PHLP5T88cs/vflj1n8788fs/hPyx+T+M8/eAz/D/7/MKz/q1n8hzr/MYv/qPwxi/9s+WMW/9nzxyz+o/PHLP5z5I9Z/OfMH7P4z5U/ZvGfO3/M4j9P/pjFf978MYv/fPljFv/588cs/gvkj1n8F8wfs/iPyR+z+C+UP2bxH5s/ZvFfOH/M4r9I/pjF/0n5Yxb/J+ePWfyfkj9m8V80f8zi/9T8MYv/YvljFv+n5Y9Z/J+eP2bxXzx/zOL/jPwxi/8z88cs/uPyxyz+z8ofs/g/O3/M4v+c/DGL//j8MYv/EvljFv/n5o9Z/JfMH7P4L5U/ZvF/Xv6Yxf/5+WMW/xfkj1n8X5g/ZvFfOn/M4v+i/DGL/zL5Yxb/ZfPHLP7L5Y9Z/JfPH7P4r5A/ZvFfMX/M4v/i/DGL/0r5Yxb/lfPHLP6r5I9Z/FfNH7P4vyR/zOK/Wv6YxX/1/DGL/0vzxyz+L8sfs/i/PH/M4j8hf8ziPzF/zOI/KX/M4r9G/pjFf838MYv/WvljFv/J+WMW/yn5Yxb/tfPHLP7r5I9Z/F+RP2bxf2X+mMV/3fwxi/96+WMW//Xzxyz+r8ofs/hvkD9m8X91/pjFf8P8MYv/RvljFv+N88cs/pvkj1n8X5M/ZvHfNH/M4r9Z/pjF/7X5Yxb/1+WPWfxfnz9m8X9D/pjF/435Yxb/N+WPWfzfnD9m8d88f8ziv0X+mMV/y/wxi/9b8scs/lvlj1n8t84fs/hvkz9m8d82f8zi/9b8MYv/dvljFv+35Y9Z/N+eP2bx3z5/zOK/Q/6YxX/H/DGL/075Yxb/d+SPWfzfmT9m8d85f8ziv0v+mMV/1/wxi/+78scs/u/OH7P4vyd/zOK/W/6YxX/3/DGL/x75Yxb/9+aPWfzflz9m8X9//pjF/wP5Yxb/D+aPWfz3zB+z+H8of8zi/+H8MYv/R/LHLP4fzR+z+O+VP2bx/1j+mMV/7/wxi//H88cs/p/IH7P475M/ZvH/ZP6Yxf9T+WMW/0/nj1n8P5M/ZvH/bP6YxX/f/DGL/375Yxb/z+WPWfw/nz9m8d8/f8zi/4X8MYv/AfljFv8D88cs/l/MH7P4fyl/zOL/5fwxi/9X8scs/l/NH7P4fy1/zOL/9fwxi/838scs/gflj1n8D84fs/gfkj9m8T80f8zif1j+mMX/8Pwxi/8R+WMW/yPzxyz+R+WPWfyPzh+z+B+TP2bx/2b+mMX/2Pwxi/9x+WMW/+Pzxyz+J+SPWfxPzB+z+H8rf8zi/+38MYv/SfljFv+T88cs/qfkj1n8T80fs/h/J3/M4n9a/pjF//T8MYv/GfljFv/v5o9Z/L+XP2bxPzN/zOJ/Vv6Yxf/s/DGL/zn5Yxb/c/PHLP7fzx+z+P8gf8zi/8P8MYv/j/LHLP4/zh+z+P8kf8zif17+mMX//Pwxi/9P88cs/hfkj1n8f5Y/ZvG/MH/M4n9R/pjF/+L8MYv/JfljFv9L88cs/pflj1n8L88fs/j/PH/M4v+L/DGL/y/zxyz+v8ofs/hfkT9m8b8yf8zi/+v8MYv/b/LHLP5X5Y9Z/H+bP2bxvzp/zOJ/Tf6Yxf/a/DGL/+/yxyz+1+WPWfyvzx+z+N+QP2bx/33+mMX/D/ljFv8/5o9Z/G/MH7P4/yl/zOJ/U/6Yxf/m/DGL/y35Yxb/W/PHLP5/zh+z+N+WP2bxvz1/zOL/l/wxi/8d+WMW/7/mj1n8/5Y/ZvH/e/6Yxf8f+WMW/zvzxyz+d+WPWfzvzh+z+N+TP2bxvzd/zOI/NX/M4n9f/pjF//78MYv/tPwxif8Cg/wxi/9Q/pjFf1T+mMV/tvwxi//s+WMW/9H5Yxb/OfLHLP5z5o9Z/OfKH7P4z50/ZvGfJ3/M4j9v/pjFf778MYv//PljFv8F8scs/gvmj1n8x+SPWfwXyh+z+I/NH7P4L5w/ZvFfJH/M4v+k/DGL/5Pzxyz+T8kfs/gvmj9m8X9q/pjFf7H8MYv/0/LHLP5Pzx+z+C+eP2bxf0b+mMX/mfljFv9x+WMW/2flj1n8n50/ZvF/Tv6YxX98/pjFf4n8MYv/c/PHLP5L5o9Z/JfKH7P4Py9/zOL//Pwxi/8L8scs/i/MH7P4L50/ZvF/Uf6YxX+Z/DGL/7L5Yxb/5fLHLP7L549Z/FfIH7P4r5g/ZvF/cf6YxX+l/DGL/8r5Yxb/VfLHLP6r5o9Z/F+SP2bxXy1/zOK/ev6Yxf+l+WMW/5flj1n8X54/ZvGfkD9m8Z+YP2bxn5Q/ZvFfI3/M4r+myH+uf2Fdi/9aIv9/JYv/5Pwxi/+U/DGL/9r5Yxb/dfLHLP6vyB+z+L8yf8ziv27+mMV/vfwxi//6+WMW/1flj1n8N8gfs/i/On/M4r9h/pjFf6P8MYv/xvljFv9N8scs/q/JH7P4b5o/ZvHfLH/M4v/a/DGL/+vyxyz+r88fs/i/IX/M4v/G/DGL/5vyxyz+b84fs/hvnj9m8d8if8ziv2X+mMX/LfljFv+t8scs/lvnj1n8t8kfs/hvmz9m8X9r/pjFf7v8MYv/2/LHLP5vzx+z+G+fP2bx3yF/zOK/Y/6YxX+n/DGL/zvyxyz+78wfs/jvnD9m8d8lf8ziv2v+mMX/XfljFv93549Z/N+TP2bx3y1/zOK/e/6YxX+P/DGL/3vzxyz+78sfs/i/P3/M4v+B/DGL/wfzxyz+e+aPWfw/lD9m8f9w/pjF/yP5Yxb/j+aPWfz3yh+z+H8sf8ziv3f+mMX/4/ljFv9P5I9Z/PfJH7P4fzJ/zOL/qfwxi/+n88cs/p/JH7P4fzZ/zOK/b/6YxX+//DGL/+fyxyz+n88fs/jvnz9m8f9C/pjF/4D8MYv/gfljFv8v5o9Z/L+UP2bx/3L+mMX/K/ljFv+v5o9Z/L+WP2bx/3r+mMX/G/ljFv+D8scs/gfnj1n8D8kfs/gfmj9m8T8sf8zif3j+mMX/iPwxi/+R+WMW/6Pyxyz+R+ePWfyPyR+z+H8zf8zif2z+mMX/uPwxi//x+WMW/xN0/o/v01r8T9T5P74s/t/KH7P4fzt/zOJ/Uv6Yxf/k/DGL/yn5Yxb/U/PHLP7fyR+z+J+WP2bxPz1/zOJ/Rv6Yxf+7+WMW/+/lj1n8z8wfs/iflT9m8T87f8zif07+mMX/3Pwxi//388cs/j/IH7P4/zB/zOL/o/wxi/+P88cs/j/JH7P4n5c/ZvE/P3/M4v/T/DGL/wX5Yxb/n+WPWfwvzB+z+F+UP2bxvzh/zOJ/Sf6Yxf/S/DGL/2X5Yxb/y/PHLP4/zx+z+P8if8zi/8v8MYv/r/LHLP5X5I9Z/K/MH7P4/zp/zOL/m/wxi/9V+WMW/9/mj1n8r84fs/hfkz9m8b82f8zi/7v8MYv/dfljFv/r88cs/jfkj1n8f58/ZvH/Q/6Yxf+P+WMW/xvzxyz+f8ofs/jflD9m8b85f8zif0v+mMX/1vwxi/+f88cs/rflj1n8b88fs/j/JX/M4n9H/pjF/6/5Yxb/v+WPWfz/nj9m8f9H/pjF/878MYv/XfljFv+788cs/vfkj1n8780fs/hPzR+z+N+XP2bxvz9/zOI/LX9M4r/gIH/M4j+UP2bxH5U/ZvGfLX/M4j97/g9rtpFHi//o/DGL/xz5Yxb/OfPHLP5z5Y9Z/OfOH7P4z5M/ZvGfN3/M4j9f/pjFf/78MYv/AvljFv8F88cs/mPyxyz+C+WPWfzH5o9Z/BfOH7P4L5I/ZvF/Uv6Yxf/J+WMW/6fkj1n8F80fs/g/NX/M4r9Y/pjF/2n5Yxb/p+ePWfwXzx+z+D8jf8zi/8z8MYv/uPwxi/+z8scs/s/OH7P4Pyd/zOI/Pn/M4r9E/pjF/7n5Yxb/JfPHLP5L5Y9Z/J+XP2bxf37+mMX/BfljFv8X5o9Z/JfOH7P4vyh/zOK/TP6YxX/Z/DGL/3L5Yxb/5fPHLP4r5I9Z/FfMH7P4vzh/zOK/Uv6YxX/l/DGL/yr5Yxb/VfPHLP4vyR+z+K+WP2bxXz1/zOL/0vwxi//L8scs/i/PH7P4T8gfs/hPzB+z+E/KH7P4r5E/ZvFfM3/M4r9W/pjFf3L+mMV/Sv6YxX/t/DGL/zr5Yxb/V+SPWfxfmT9m8V83f8ziv17+mMV//fwxi/+r8scs/hvkj1n8X50/ZvHfMH/M4r9R/pjFf+P8MYv/JvljFv/X5I9Z/DfNH7P4b5Y/ZvF/bf6Yxf91+WMW/9fnj1n835A/ZvF/Y/6Yxf9N+WMW/zfnj1n8N88fs/hvkT9m8d8yf8zi/5b8MYv/VvljFv+t88cs/tvkj1n8t80fs/i/NX/M4r9d/pjF/235Yxb/t+ePWfy3zx+z+O+QP2bx3zF/zOK/U/6Yxf8d+WMW/3fmj1n8d84fs/jvkj9m8d81f8zi/678MYv/u/PHLP7vyR+z+O+WP2bx3z1/zOK/R/6Yxf+9+WMW//flj1n835///8cePSAAQihQAPxG3Gzbtm3btu3dbNu2bdu2bdt1gXeC3swVJmr5H+g/avkf5D9q+d/Tf9Tyv5f/qOV/b/9Ry/8+/qOW/339Ry3/+/mPWv739x+1/B/gP2r5P9B/1PJ/kP+o5f9g/1HL/yH+o5b/Q/1HLf+H+Y9a/g/3H7X8H+E/avk/0n/U8n+U/6jl/2j/Ucv/Mf6jlv9j/Uct/8f5j1r+j/cftfyf4D9q+T/Rf9Tyf5L/qOX/ZP9Ry/8p/qOW/1P9Ry3/p/mPWv5P9x+1/J/hP2r5P9N/1PJ/lv+o5f9s/1HL/zn+o5b/c/1HLf/n+Y9a/s/3H7X8X+A/avm/0H/U8n+R/6jl/2L/Ucv/Jf6jlv9L/Uct/5f5j1r+L/cftfxf4T9q+b/Sf9Tyf5X/qOX/av9Ry/81/qOW/2v9Ry3/1/mPWv6v9x+1/N/gP2r5v9F/1PJ/k/+o5f9m/1HL/y3+o5b/W/1HLf+3+Y9a/m/3H7X83+E/avm/03/U8n+X/6jl/27/Ucv/Pf6jlv97/Uct//f5j1r+7/cftfw/4D9q+X/Qf9Ty/5D/qOX/Yf9Ry/8j/qOW/0f9Ry3/j/mPWv4f9x+1/D/hP2r5f9J/1PL/lP+o5f9p/1HL/zP+o5b/Z/1HLf/P+Y9a/p/3H7X8v+A/avl/0X/U8v+S/6jl/2X/Ucv/K/6jlv9X/Uct/6/5j1r+X/cftfy/4T9q+X/Tf9Ty/5b/qOX/bf9Ry/87/qOW/3f9Ry3/7/mPWv7f9x+1/H/gP2r5/9B/1PL/kf+o5f9j/1HL/yf+o5b/T/1HLf+f+Y9a/j/3H7X8f+E/avn/0n/U8v+V/6jl/2v/Ucv/N/6jlv9v/Uct/9/5j1r+v/cftfz/4D9q+f/Rf9Ty/5P/qOX/Z/9Ry/8v/qOW/1/9Ry3/v/mPWv5/9x+1/P/hPyr5H/A3/1HL/9/9Ry3///Aftfz/03/U8v8v/1HL/7/9Ry3///Eftfz/13/U8v8//1HL///9Ry3/g/mPWv4H9x+1/A/hP2r5H9J/1PI/lP+o5X9o/1HL/wD/Ucv/MP6jlv9h/Uct/8P5j1r+h/cftfyP4D9q+R/Rf9TyP5L/qOV/ZP9Ry/8o/qOW/1H9Ry3/o/mPWv5H9x+1/I/hP2r5H9N/1PI/lv+o5X9s/1HL/zj+o5b/cf1HLf/j+Y9a/sf3H7X8T+A/avmf0H/U8j+R/6jlf2L/Ucv/JP6jlv9J/Uct/5P5j1r+J/cftfxP4T9q+Z/Sf9TyP5X/qOV/av9Ry/80/qOW/2n9Ry3/0/mPWv6n9x+1/M/gP2r5n9F/1PI/k/+o5X9m/1HL/yz+o5b/Wf1HLf+z+Y9a/mf3H7X8z+E/avmf03/U8j+X/6jlf27/Ucv/PP6jlv95/Uct//P5j1r+5/cftfwv4D9q+V/Qf9Tyv5D/qOV/Yf9Ry/8i/qOW/0X9Ry3/i/mPWv4X9x+1/C/hP2r5X9J/1PK/lP+o5X9p/1HL/zL+o5b/Zf1HLf/L+Y9a/pf3H7X8r+A/avlf0X/U8r+S/6jlf2X/Ucv/Kv6jlv9V/Uct/6v5j1r+V/cftfyv4T9q+V/Tf9Tyv5b/qOV/bf9Ry/86/qOW/3X9Ry3/6/mPWv7X9x+1/G/gP2r539B/1PK/kf+o5X9j/1HL/yb+o5b/Tf1HLf+b+Y9a/jf3H7X8b+E/avnf0n/U8r+V/6jlf2v/Ucv/Nv6jlv9t/Uct/9v5j1r+t/cftfzv4D9q+d/Rf9Tyv5P/qOV/Z/9Ry/8u/qOW/139Ry3/u/mPWv539x+1/O/hP2r5H+g/avkf5D/6y/0DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwJ/t2G1tnWfhx/O62jrE//2TEBZehySYXCokw2z1kvCBsMrbVQTeexwBHt3Zjo91m12FXwD28mEQID5JMskSJsmUoYSY0EgPBCiIadFETDT4AohBF40QIuiUu1pz2tLTHrvFc9boW5fN50XPu++x3b2vy3X0vMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD479XQuPDI+Jphp8YPPfjg4Za+1zlHV9584Lc9Fw68lj9eNsIlxw096O3t7Z3z3Owd5cNTiqIo/Ww7y8eTKsel6++s/0Jn/1FY0PPSkuNTft545MCa0x+p6z56f23f2dripnUbWls+Nq4owsW1RWfpoK6mKMLi2uK+0kF96WBJbfFI6WB238GpxbdLB+ev3dzaXDqxNPp7Bv8rGhp3FuOHFVsM+9NgaP87679158DrKJccuNqEotz/FV3ff6viswEn6H/g+mFhZf9V/waBE6qu/xcWDLyOcsl/uf9PfmrVKyN9duL+B64fPq5/SGeE5/9hjVY+91c8/88Y4ZKD+6tquo6X+r/0tmdnlk9N+Hee/9+9fri4sv9xw57/S8/xiwae/08pinDJGL8d8J7S0LjryGj3/9H7nzC9YlMztP8z2jfvL/X/+JLvPVE+VVtl/4tGuf+PW1rxawWq09D45d6K+38V/RcfGeGSg/2//cSvHy71/9jvHzhzyGfV9H9JZf+zOtq2zNq6veu8DW1N61vWt2yqmz1/zrz6unkXzJ3V90jQ/3WM3xV4bxjb/b+YXLGpKYqWwf013QeeLvU/98EH55RPTaqy/8Wj3v9nuP/DiD40rpg4sehs6uhor+v/OnBY3/+1/4eN0H8Vf/8/65zyD6stv9YUxbTB/V1n3r2i1P87h57dXT41scr+l4za/4LBnxeIMMb7f3PFZlj/Bw+91Pf8v+zeg2eUT1X79/+lo/b/qvs/jEVDY8X/8PMfVup/V3FZZKehwX//g3Ry9P/YOzf0xK3DJ/QP6eTo/3efO3pu3Dos0z+kk6P/CRsfeD5uHS7VP6STo//lU+eviFuHy/QP6eTof+2r5/45bh0a9Q/p5Oj/nC/t7oxbh+X6h3Ry9P9Q+5xtceuwQv+QTo7+f3raQ6/FrcPl+od0cvR/7Ng9N8atwxX6h3Ry9N+95+wfxK3DlfqHdHL0f/m6hSFuHa7SP6STo//p0/74eNw6XK1/SCdH//P+9PfT4tbhGv1DOjn6v+PzK/bFrcO1+od0cvQ//vpXXoxbh5X6h3Ry9L/07G0L49bhOv1DOjn6b/5Jc2/cOqzSP6STo/9ZX//Rhrh1uF7/kE6O/g8vf3RP3DrcoH9IJ0f/e+qKKXHrcKP+IZ0c/X/tu6cfiluHT+of0snR/2+eenJ+3Dqs1j+kk6P/5z5w+zfi1uEm/UM6Ofq/d82LZ8WtQ5P+IZ0c/T+89/kvxq3DGv1DOjn6f+ONtv+LW4e1+od0cvQ/edKpr8etQ7P+IZ0c/S+89SvtcevQon9IJ0f/bbu7fxi3Duv0D+nk6P/Dx6etiluH9fqHdHL0v3Lu3vfHrcPN+od0cvT/vmUX7opbhw36h3Ry9H9Rz0cviluHjfqHdHL03/HMZ78atw636B/SydH/3pmvLY5bh1b9Qzo5+n959dIfx61Dm/4hnRz9v/XodZvi1mGT/iGdHP0/+bO3j8Wtw2b9Qzo5+v//Cxb9NW4dtugf0snR/+Ilb66NW4dP6R/SydH/xu5/vBy3Du36h3Ry9D/z8NXL4tZhq/4hnRz9f+e8uv1x69Chf0gnR/93XrmvPm4dtukf0snR//6Dd90dtw636h/SydH/m7+YMT1uHT6tf0gnR//3Tzl0bdw6dOof0snR/y831T4Ttw7b9Q/p5Oj/b/um7ohbhy79Qzo5+n/69Z4/xK3DbfqHdHL0v3rCrybGrcPt+od0cvQ/tWvLfXHrcIf+IZ0c/c+/p+n8uHX4jP4hnRz9b/3LC9+MW4cd+od0tm7vuqWptbWl3RtvvPFm8M3J/pMJSO3d6E/2rwQAAAAAAAAAAAAAADiRHP+c6GT/HgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB/sgMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYUdOBYAAAAAEOZvHUTvBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF8BAAD//+8S49Y=")
r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000f4)
r1 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file1\x00', 0x20842, 0x0)
fsync(r1)

1m30.405898298s ago: executing program 0 (id=198):
sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, 0x0, 0x80)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="0100000000000000890400"])

1m29.615981656s ago: executing program 0 (id=205):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80a, &(0x7f00000001c0)={[{@nombcache}, {@barrier_val={'barrier', 0x3d, 0x895}}, {@lazytime}, {@nombcache}, {@dax_never}, {@nouser_xattr}, {@journal_async_commit}]}, 0x1, 0x7ae, &(0x7f00000018c0)="$eJzs3c9rXNUeAPDvnSRNmva95sGD175Ns9JC6aStaasgGHEhgoWCrm3DZBpiJpmSmZQmZGERQRBBiwtBN679UXduRdf+DW5EpKVqWqy4kJE7P5JpJr87ybTN5wM3OefOuXPOd+7ce8/MOcwNYM8aTP9kIo5ExAdJxKH6+iQieqqp7oiRWrn7iwu5dEmiUnntt6Ra5t7iQi6atkkdqGcOR8R370Qcz7TWW5qbnxwtFPIzEWfqq64MlebmT0xMjY7nx/PTZ08ND58+d+bc2fbF+scP8wdvf/jy01+N/PX2/26+/30SI3Gw/lhzHO0yGIP116QnfQkf8FK7K+uwpNMNYFvSQ7OrdpTHkTgUXdUUAPAkS6//FQBgj0lc/wFgj2l8D3BvcSHXWDr7jcTuuvNiRPTV4m+Mb9Ye6a6P2fVVx0H77yXRXR8RjTaOdw1GxKffvPFFukTrOGRvm6oBaPHW9Yi4NDDYev5PWuYsbNXJTZQZXJHfa9cf6KRv0/7Ps6v1/zJL/Z9Y6v8s613l2N2OwYh9zfnW4z9za9UNX2hD5fX+3/O1uW1poE39v6VJawNd9dy/0szRiJgo5NNz278j4lj09F6eKORPrVPHsbt/313rseb+3+833vw8rT/9v1wic6t7RS9wbLQ8+jAxN7tzPeL/3ctz++63nP/7qn3dlfs/XXdhvSc+upx85bl3P1mrWBp/Gm9jaY1/Z1U+i3gqVo+/IU0NlafWmJ84lO7+k7W/q9fx9U8f969Vf/P+T5e0/sZngd2Q7v/+9eMfSJrna5baW//G8a/+/t+XvF5NN04e10bL5ZlTEfuSV1vXn17etpFvlE/jr0W6Mv7Muu//9JPgpU3G2H371y+3H/+SHZlimcY/tqX9v/XEzfuTXduPP93/w9XUsfqazZz/NtvAh3ntAAAAAAAAAAAAAAAAAAAAAAAAAGCzMhFxMJJMdimdyWSztXt4/zf6M4ViqXz8cnF2eiyq98oeiJ5M46cuD9XySeP3Twea8qdX5J+JiP9ExEe9+6v5bK5YGOt08AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQd2CN+/+nfuntdOsAgB3Tt2GJu/kHspVKpbKD7QEAdt7G138A4EmzzvV//262AwDYPdv//J9pazsAgN3j+38A2Htc/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANhhF86fT5fKn4sLuTQ/dnVudrJ49cRYvjSZnZrNZXPFmSvZ8WJxvJDP5opTGz1foVi8MhzTs9eGyvlSeag0N39xqjg7Xb44MTU6nr+Y79mVqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABga0pz85OjhUJ+5olIvBcRW9iqUqlUOt7mTSaSeCSa0ZHEzyd+PLxemRsbvI1HHokoHrNEp89MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI+HfwIAAP//DM4nEQ==")
mount$bind(&(0x7f0000000c40)='.\x00', &(0x7f0000000640)='./file0\x00', 0x0, 0x2901090, 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
mount(0x0, &(0x7f0000000d40)='./file0/../file0/../file0\x00', &(0x7f00000002c0)='sysfs\x00', 0x0, 0x0)
pivot_root(&(0x7f0000000340)='.\x00', &(0x7f0000000180)='./file0/../file0/../file0\x00')

1m29.130561212s ago: executing program 0 (id=210):
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000380)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
getgroups(0x2, &(0x7f0000001080)=[0xee01, <r1=>0xffffffffffffffff])
keyctl$chown(0x4, r0, 0xee01, r1)
keyctl$setperm(0x5, r0, 0x30343530)
keyctl$KEYCTL_WATCH_KEY(0x20, r0, 0xffffffffffffffff, 0x1c)

1m28.334765718s ago: executing program 0 (id=218):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x101200, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000002c0)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000300)={0x28, 0x5, r1, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f00000001c0)={0x48, 0x5, r1, 0x0, <r2=>0xffffffffffffffff})
ioctl$IOMMU_TEST_OP_ACCESS_RW(r0, 0x3ba0, &(0x7f0000000400)={0x48, 0x8, r2, 0x0, 0x2fff, 0x1, &(0x7f0000000040)="f6", 0x1})

1m27.902764498s ago: executing program 32 (id=218):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x101200, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000002c0)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000300)={0x28, 0x5, r1, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f00000001c0)={0x48, 0x5, r1, 0x0, <r2=>0xffffffffffffffff})
ioctl$IOMMU_TEST_OP_ACCESS_RW(r0, 0x3ba0, &(0x7f0000000400)={0x48, 0x8, r2, 0x0, 0x2fff, 0x1, &(0x7f0000000040)="f6", 0x1})

3.467041755s ago: executing program 1 (id=865):
r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0)
write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000002c0)={0x1, 0x5}, 0x2)
write$USERIO_CMD_REGISTER(r0, &(0x7f00000000c0), 0x2)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
read(r0, 0x0, 0x0)

3.24502694s ago: executing program 2 (id=867):
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x0, &(0x7f00000002c0), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./mnt\x00', 0x0, 0x21)
r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='mnt\x00', 0x0, 0x10b)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000580)={@id={0x2, 0x0, @a}, 0x40, 0x0, '\x00', @a})
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r0, 0xc0506617, &(0x7f0000000580)={@desc={0x1, 0x0, @auto="697bb55abf8e23d7"}, 0x21, 0x0, '\x00', @c})

2.975849672s ago: executing program 2 (id=870):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
r1 = socket(0x1, 0x803, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=@newlink={0x48, 0x10, 0x401, 0x0, 0x4, {0x0, 0x0, 0x0, r2, 0x0, 0x41400}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14, 0x1, {{0x0, 0x0, 0x0, r2, 0x0, 0x343}}}}}}]}, 0x48}}, 0x0)

2.771819119s ago: executing program 3 (id=874):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x32cc0000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mlock2(&(0x7f000000e000/0x1000)=nil, 0x1000, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

2.586937276s ago: executing program 2 (id=876):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @multicast})
write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000386dd0a00100014004000000060ec970200140400fb8000000000000000000000000000aaff020000000000000000000000000001"], 0xffe)

2.504329301s ago: executing program 1 (id=878):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)={0x6c, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x2b, 0xe, {{{}, {}, @broadcast, @broadcast, @random="13610680c4c9"}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @val={0x2a, 0x1, {0x1}}, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_HE_BSS_COLOR={0xc, 0x11b, 0x0, 0x1, [@NL80211_HE_BSS_COLOR_ATTR_COLOR={0x5, 0x1, 0x13}]}]}, 0x6c}}, 0x0)

2.278629427s ago: executing program 1 (id=880):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
ptrace(0x10, r0)
ptrace$peeksig(0x4212, r0, &(0x7f0000000140)={0x0, 0x0, 0x4e}, &(0x7f0000000fc0))

2.154035029s ago: executing program 2 (id=881):
syz_mount_image$vfat(&(0x7f0000000440), &(0x7f0000000280)='./file1\x00', 0x808010, &(0x7f0000000640)=ANY=[@ANYBLOB="6e6f6e756d7461696c2c6e66732c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d697865642c757466383d312c004845160000000000", @ANYRES32], 0x1, 0x2b2, &(0x7f0000001380)="$eJzs3NFLU28cx/Hvz6mbE91+EEFB9aVu6uag6w+oEQrRoDAn1UVwzLMaO21yzlgsIncT3fZ3SJfdBdU/4E100313EgTdeBGd8Jwd3XTa1M2t+X6BnO/xeT4+jzrlewSf9XtvnhZyrpEzyzIUUxkSqcmGSHKzqvuvfh3y61FpVJMr4z+/nrt7/8GtdCYzM6c6m56/mlLVyQsfnr14e/FTeXzh3eT7qKwlH67/SH1bO712Zv33/JO8q3lXi6WymrpYKpXNRdvSpbxbMFTv2JbpWpovupbTNJ6zS8vLVTWLSxPxZcdyXTWLVS1YVS2XtOxU1Xxs5otqGIZOxOVkG25jTnZ1bs5M7znsRTq6I3RetPl2rNUcx0nXWg9mV7u1LwAA0L/27/+DXn/v/j+zEFw73P+L0P93Sa3p7i/9PwaC46TNeP3ntxn9PwAAAAAAAAAAAAAAAAAAAAAA/4INz0t4npcIr+FbVERiIhLe93qf6I5Dfv+v9Wi76LCGf9yLidivK9lKNrgG4+mc5MUWS6YkIb/810NdUM/ezMxMqW+k/iE38yuVbMQ/m8DPh5Kt8uf/nw7yKh83c5V6fkTijeunJCGnWq+f2s6HxyGsVLKjcvlSQ96QhHx+JCWxZcl/XW/nX06r3rid2bH+mD8PAAAAAIBBYOiWZPPzb3D2o+FPiMnu8SB/gL8P7Hi+Hpaz7RxRCQAAAAAAjsytPi+Ytm05hyiiInKE+KAWEemLbeworotIH2zjuIqYiATv0cPEv2/F20p5bcwZFpGef1kOUPT6NxMAAACATttu+g8Q+vKqizsCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODkafc8sHD+rqFwYJ94w3KRY/8EAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgD7yJwAA//+j7Rqj")
r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
getdents64(r0, &(0x7f0000000000)=""/48, 0x30)
open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
ioctl$VFAT_IOCTL_READDIR_BOTH(r0, 0x82307201, &(0x7f0000000f80)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])

2.153430114s ago: executing program 3 (id=882):
mkdir(0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
quotactl$Q_QUOTAOFF(0x694002c50623b195, &(0x7f0000000400)=@sg0, 0x0, 0x0)

2.126478575s ago: executing program 4 (id=883):
r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000340)='/proc/sys/net/ipv4/tcp_mtu_probing\x00', 0x1, 0x0)
pwritev2(r0, &(0x7f00000001c0)=[{&(0x7f0000000040)='4', 0x1}], 0x1, 0x0, 0x0, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10)
connect$inet(r1, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10)

2.012021492s ago: executing program 4 (id=884):
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_cmd={0x2c, 0x6, 0x4, 0x0, 0x0, 0x0, 0x0, 0x9, 0xff, 0x0, 0x0, 0x0, 0x3}})
r0 = syz_mount_image$nilfs2(&(0x7f00000008c0), &(0x7f0000000e00)='./file0\x00', 0x10000, &(0x7f0000000940)=ANY=[], 0x0, 0xdab, &(0x7f0000000e80)="$eJzs3ctvXNX9APBzx544L36x8wuNm6ZJSkigj9iQumklNkaii1KE1CVLmgaa1gmP0AUoi5RFV0i1hPgDipDIpuqi6oJNFbGiG1Sp+wqx6iaVkLJAUcCV7XPG429mdGcc2+PxfD7SnTP3fs+955x53LlzXycBI6ux8jg3N12l9N5H7z7zr7O/+NvylJOtHKdWHsfz2HxKqdmaL6XJsLz5idX0qy+uX2xPv85plc6nKlWt6en52615D6SUbqRT6VaaTE+9cOfeh4vPPrc4debm0Xc+vbs1rV9TbXUBAACwA3z58w9e+8djP70+dfcvJ+bTRGt62T6fz+MH83b/fN5QLtvL5X9A1ZZWHban94R843lohHxjHfK1l9MM+ca7lL8nLLfZJd9ETfljbdM6tRuG2dr/+Koxs2680ZiZWf1PvuyzsT3VzNXLCy9dG1BFgU1352TexWcwGEZuWDo06DUQwKp43PA+Nzb3SF1raeO9lX/76Ubn+WETbPfnX/nDVf4Hv7fGYfPs1k9TaVf5Hh3M4/E4wniYr9/vf1lePB7R7LGe3Y4jDMvxhW71HNvmemxUt/rHz8Vu9e2cltfhRIi3f3/iezos7zHQ2Zf2/xsMIzssDXoFBOxY8by5pazE43l9MT5RE99bE99XE99fEz9QE4dR9tc3/pgWq7X/+fE/fb/7w8p+tody+n991ifuj+y3/Hjeb78etPx4PjHsZL8898mf7/zu1j/j+f9fh/P/T+ff0sm8gij7C+N+9da5/+HC4EaXfIdDfR7qkH/l+ZH1+aoja8tJbeuZ++oxvX6+Q93yHV+fbzLk25+3RfaG+sbtk/1hvrL9Udar5fUaD+1thnbsCfUo78xUTveG9kx1a1fYkb0n5Gvm4f9Du46Edj0c5vtGaFc1vb5dcf95qc/RMD0eJyn5wtt23+9SfC/idRmP5PTtnL6f049z+nmHckdR+Tx2O/+/fD6nU7N66fLCpSfyePmcfjLWnFie/uQ21xt4cL1e/zOd1l//c7A1vdloXy8cWpteta8XJsP0812m/zCPl9+zX4/tW5k+c/GVhV9tduNhxF17863fvriwcOl1TzzxxJPWk0GvmYCtNvvGlVdnr7351rnLV158+dLLl65e+MmPzj8x9+MLF2ZXNutn2zfugV1l7Ud/0DUBAAAAAAAAAAAAelbt6zw5p3X3ty3Xk5fr0+P18QyH8r6VT0O5j0G5/rPbfV3K9ZtT21BHNt92XE406DYCnf3X/X8NhpEdlpbcxR/YGQbd/1+572FJr/79Z3uXh5Lt9tPr15fx/oXwIHZ6/3PK3139/7X6v+p5/Rd6zJrcWLlX7j16s63YdKzX8mP7y31gj/RX/tVcfmnN2dRb+Ut/CuXHG5X26JVQ/v4ey7+v/cc3Vv6rufzysj1+utfyV2tcNdbXI+43LvcBjPuNi9dC+8u9/fpu/wY7ans9lw+jbFj6mezXsPT/2U1ZblkP5tVz6zhduf927O+g3/qX+36X34GHw/Krmt83/X8Ot7r+P8vnb1b/n7DrfOb4n8EwssPS0tJAuz4Z1X5XdopBv/6D3oYcdPmDfv3rxP4/4/+l2P9njMf+P2M89v8Z47F/rRiP/X/G1zP2/xnjR8NyY/+g0zXxb9bEj9XEv1UTP14Tj//fYvxUTfxETfxkTfxwTfyRmvjpmvijNfEzNfHHauKP18R3u+/kdFTbD6Ms9hvp+w+joxz/6fb9P1ITB4ZX7Nc5fr/P1sSB4VXO8/D9hhFUdb5jR9zfXvbjvp3T93P6cU4/37IKsh2+m9Pv5fT7Of1BTs/ldCansznVNeRw+8N/jp1YrNbO8zsU4r2eTxqvB4j3iXmyx/rE43P9ns96tMdytqr8DV4OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA0GiuPc3PTVUrvffTuM/8+95vDy1NOtnKcWnkcz2PzKaVmSqnK4+NheTcmVtOvvrh+sVNapfMrj2U8PX+7Ne+B5fnTqXQrTaanXrhz78PFZ59bnDpz8+g7n97dmtavqba6AAAAABig/wUAAP//vrPsgA==")
r1 = openat(r0, &(0x7f0000000240)='./file0\x00', 0x0, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r1, 0x80186e82, &(0x7f00000002c0)={@id={0x20000000, 0xefffffff, @auto="660000002800a73e1baeff79da3b89f5"}})

1.806926685s ago: executing program 2 (id=885):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x3, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x6, @ipv4={'\x00', '\xff\xff', @local}}}}, 0x108)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @mcast2}}}, 0x108)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xf9)

1.718828834s ago: executing program 3 (id=886):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e000000020013000200000000000000ff0800ed05000600200000000a00060000000000ff0000000000000000001ffeff0001000003f1dc7f7c6e7c0200010000000000004000020000000005000500000000000a"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400008a, 0x0)
sendmsg$key(r0, &(0x7f0000000140)={0x9, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="0209000002"], 0x10}}, 0x0)

1.707413988s ago: executing program 2 (id=887):
r0 = syz_usb_connect(0x0, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f333010203010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000040)={&(0x7f0000000180)=[{0xb4b9, 0x4200, 0x0, 0x0}], 0x1})

1.644805811s ago: executing program 3 (id=888):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=@ipv6_newrule={0x44, 0x20, 0x1, 0x0, 0x0, {0xa, 0x0, 0x20, 0x40, 0x0, 0x0, 0x0, 0x3}, [@FRA_SRC={0x14, 0x2, @remote}, @FRA_SRC={0x14, 0x2, @empty}]}, 0x44}, 0x1, 0x0, 0x0, 0x24040804}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x1, 0x0, &(0x7f0000000340)="e7", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00!'], 0x5c}}, 0x0)

1.590849165s ago: executing program 4 (id=889):
r0 = io_uring_setup(0x177f, &(0x7f0000000140))
r1 = socket$inet_sctp(0x2, 0x400000000001, 0x84)
listen(r1, 0xda8c)
accept4(r1, 0x0, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

1.567174423s ago: executing program 3 (id=890):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x40ead000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19)
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00')
syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)={{0x12, 0x1, 0x0, 0xfe, 0xec, 0x48, 0x8, 0x61d, 0xc120, 0xe367, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x42, 0x1f, 0xe3}}]}}]}}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x17, 0x2000, &(0x7f0000ffd000/0x2000)=nil})

1.470644611s ago: executing program 4 (id=891):
syz_clone(0x80842111, 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
io_setup(0x3ff, &(0x7f0000000500)=<r2=>0x0)
io_submit(r2, 0x2491, &(0x7f0000000300)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f00000001c0)='m', 0xfffffdfc}])
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x16c3b14a4ab08a4e, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.349679758s ago: executing program 1 (id=892):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = socket$kcm(0x10, 0x3, 0x10)
recvmsg$kcm(r1, &(0x7f0000002780)={0x0, 0x0, 0x0}, 0x40000080)
sendmsg$kcm(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="1400000036000b635ef1681c717a3c4a0ed89a5b", 0x14}], 0x1}, 0x0)

1.247782634s ago: executing program 5 (id=893):
r0 = semget$private(0x0, 0x6, 0x528)
semtimedop(r0, &(0x7f00000003c0)=[{0x2, 0x4, 0x1800}], 0x1, 0x0)
semop(r0, &(0x7f00000000c0)=[{0x4, 0x1}, {0x2}], 0x2)
semop(r0, &(0x7f0000000000)=[{0x2, 0x0, 0x2000}, {0x4, 0x1, 0x800}], 0x2)
semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000100))

1.247088491s ago: executing program 1 (id=894):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
syz_mount_image$msdos(&(0x7f00000001c0), &(0x7f0000000340)='./file0\x00', 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="646f74732c646f74732c646f74732c636865636b3d72656c617865642c616c6c6f775f7574696d653d30303030303030303030303030303030303030303030302c6e6f646f74732c646f74732c6e6f646f74732c6e6f646f74732c636865636b3d7374726963742c616c6c6f775f7574696d653d30303030303030303030303030303030303030303030312c646f74732c646f74732c616c6c6f775f7574696d653d30303030303030303030303030303030303030303030312c6e6f646f74732c646f74732c666d61736b3d30303030303030303030303030303030303030303030322c6e6f646f74732c646f74732c666c7573682c6e6f646f74732c636865636b3d6e6f726d616c2c0079c7cebee7a0df8765ffc536c4e752679b645307d1bf097e07b8e261bb27d1bb80ee490fc501e4f230ddf1483b11ac5c39a93cfc3ba360037c79a9be063a3bf5015e3d6a8cad0e98ccb29619c51c44ec612fc7ff44fa8cf7759eada764c43ba9d602a958bd209ace3df01c3dae04baa94aedc5515da8160ae0"], 0xfd, 0x1c8, &(0x7f0000002540)="$eJzs3b9u01AUB+DjEBqXqRsSAskSC1MFPEERKhLCEhIoA0wgFZYGIbWLYWkegwfkAVCnLMioOK2JYUgiYqfJ9y05zu/em3OH/Fly/e7up+Ojz6cfv9/+FmmaRO8gDmKSxF704tI4AIBNMinL+FFWuu4FAGjHHN//P1tuCQBYsddv3r54kueHr7IsjTgfF8NiWD1W+bPn+eHD7Le9etZ5UQxvXOWPsuZvh4v8Ztya5o+r+dlsvhMP7lf5Rfb0Zd7IB3G02q0DAAAAAAAAAAAAAAAAAAAAAEBn7kV26Z/n++zvN/PdaV5d/XE+UOP8nn7c6U8v6+OByrM2NgUAAAAAAAAAAAAAAAAAAADXzOmXr8fvR6MPJ3UxiIjZZxYpkpnll1+npaIX/3vlZLwO+9ruIluPNkZx0o+IhafvRMSqGpuUZTnX4PpNPGj/YwkAAAAAAAAAAAAAAAAAALZS/affv7O0i4YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAP1/f+XKM4iYo7BVy+22+lWAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2GC/AgAA///cDjES")
mount$nfs(&(0x7f0000000100)='.5.', 0x0, 0x0, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
syz_mount_image$exfat(0x0, &(0x7f0000000100)='./bus\x00', 0x2, 0x0, 0x3, 0x0, &(0x7f0000000080))

1.193339319s ago: executing program 1 (id=895):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc01020301090212000100000000090401"], 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000008c0)={0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0})
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
writev(r1, &(0x7f0000000180)=[{&(0x7f0000001300)="db", 0x1}, {&(0x7f0000000340)='\"', 0x1}], 0x2)
syz_usb_control_io(r0, 0x0, 0x0)

1.101473316s ago: executing program 5 (id=896):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000040000000a"], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x1000, r0}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)

1.100640944s ago: executing program 4 (id=897):
unshare(0x42000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x8031, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
getsockopt$IP6T_SO_GET_INFO(r0, 0x29, 0x40, &(0x7f0000000100)={'mangle\x00', 0x0, [0x5, 0xffffbff7, 0x20000004, 0x40, 0x7]}, &(0x7f0000000040)=0x54)

984.993319ms ago: executing program 5 (id=898):
r0 = socket$kcm(0x11, 0x200000000000002, 0x300)
r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x9, &(0x7f0000000240)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000002f000000b709000000000000850000000700000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000001300)=r2, 0x4)
syz_emit_ethernet(0x3e, &(0x7f0000001200)={@local, @broadcast, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "b81923", 0x8, 0x0, 0x0, @local, @local, {[@dstopts]}}}}}, 0x0)

864.569541ms ago: executing program 5 (id=899):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r0, &(0x7f00000001c0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x0, 0xfe, 0x2, 0x0, 0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0xe)
shutdown(r0, 0x1)
close(0x3)

686.317384ms ago: executing program 5 (id=900):
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x800, 0x0)
r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c82, r2)

466.672342ms ago: executing program 5 (id=901):
write(0xffffffffffffffff, 0x0, 0x0)
syz_usb_connect(0x0, 0x3f, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000954c43400d051b01a46f0000000109022d00010000000009041200000202ff00052414000005240000000d240f01000000000000000000042402"], 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x500, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
socket(0x840000000002, 0x3, 0xff)

338.954813ms ago: executing program 4 (id=902):
r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x4f3, 0x755, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x40, 0xb1, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x101, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0xc}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000340)={0x2c, &(0x7f0000000040)={0x20, 0xa, 0x7, {0x7, 0x35, "00f4000000"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
r1 = syz_open_dev$hidraw(&(0x7f0000000280), 0x82, 0x2)
ioctl$HIDIOCGRDESC(r1, 0x90044802, 0x0)

0s ago: executing program 3 (id=903):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e03003520"], 0x7)
r0 = socket$inet6(0xa, 0x6, 0x0)
accept4(r0, 0x0, 0x0, 0x800)

kernel console output (not intermixed with test programs):

New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  132.407331][ T5846] usb 3-1: Product: syz
[  132.411505][ T5846] usb 3-1: Manufacturer: syz
[  132.416338][ T5846] usb 3-1: SerialNumber: syz
[  132.576442][  T892] em28xx 2-1:0.132: unknown em28xx chip ID (0)
[  132.773198][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[  132.779641][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
[  132.798221][ T5976] usb 4-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  132.809614][ T5976] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  132.823917][ T5976] usb 4-1: config 0 descriptor??
[  132.958940][ T7366] loop4: detected capacity change from 0 to 1024
[  132.994534][ T7366] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  133.009771][  T892] em28xx 2-1:0.132: reading from i2c device at 0xa0 failed: couldn't get the received message from the bridge (error=-5)
[  133.048850][ T7366] EXT4-fs error (device loop4): __ext4_remount:6736: comm syz.4.395: Abort forced by user
[  133.052714][  T892] em28xx 2-1:0.132: board has no eeprom
[  133.067923][ T7366] EXT4-fs (loop4): Remounting filesystem read-only
[  133.074746][ T7366] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000.
[  133.090575][ T7366] evm: overlay not supported
[  133.143052][  T892] em28xx 2-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[  133.189431][  T892] em28xx 2-1:0.132: analog set to bulk mode.
[  133.203598][ T5938] em28xx 2-1:0.132: Registering V4L2 extension
[  133.220152][ T5859] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  133.244028][ T5846] cdc_ncm 3-1:1.1: bind() failure
[  133.257580][  T892] usb 2-1: USB disconnect, device number 7
[  133.267880][  T892] em28xx 2-1:0.132: Disconnecting em28xx
[  133.482493][ T5846] usb 3-1: USB disconnect, device number 3
[  133.805622][ T7377] loop4: detected capacity change from 0 to 32768
[  133.820245][ T5938] em28xx 2-1:0.132: Config register raw data: 0xffffffed
[  133.829874][ T5938] em28xx 2-1:0.132: AC97 chip type couldn't be determined
[  133.837315][ T5938] em28xx 2-1:0.132: No AC97 audio processor
[  133.849552][ T7377] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  133.883477][ T5938] usb 2-1: Decoder not found
[  133.888105][ T5938] em28xx 2-1:0.132: failed to create media graph
[  133.894012][ T5976] pegasus 4-1:0.0: probe with driver pegasus failed with error -71
[  133.910072][ T5976] usb 4-1: USB disconnect, device number 3
[  133.915603][ T5938] em28xx 2-1:0.132: V4L2 device video103 deregistered
[  133.929265][ T7377] XFS (loop4): Ending clean mount
[  133.951969][ T5938] em28xx 2-1:0.132: Remote control support is not available for this card.
[  133.961010][ T7377] XFS (loop4): syz.4.397 should use fallocate; XFS_IOC_{ALLOC,FREE}SP ioctl unsupported
[  134.004903][  T892] em28xx 2-1:0.132: Closing input extension
[  134.085028][  T892] em28xx 2-1:0.132: Freeing device
[  134.104795][ T5859] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  134.609430][ T7379] loop1: detected capacity change from 0 to 16
[  134.654523][ T7379] erofs (device loop1): mounted with root inode @ nid 36.
[  134.710731][ T7404] loop3: detected capacity change from 0 to 256
[  134.759611][ T7404] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xbbba8adb, utbl_chksum : 0xe619d30d)
[  135.261725][ T7416] loop2: detected capacity change from 0 to 128
[  135.319042][ T7416] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  135.407279][ T7416] ext4 filesystem being mounted at /87/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  135.536831][ T5852] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  135.639344][ T7402] loop4: detected capacity change from 0 to 40427
[  135.684280][ T7402] F2FS-fs (loop4): invalid crc value
[  135.745615][ T7418] loop3: detected capacity change from 0 to 32768
[  135.830423][ T7409] loop1: detected capacity change from 0 to 32768
[  135.843534][ T7418] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  135.868577][ T7402] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  135.910968][ T7409] JBD2: Ignoring recovery information on journal
[  135.926644][ T7402] F2FS-fs (loop4): Start checkpoint disabled!
[  135.994699][ T7409] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  136.051255][ T7418] XFS (loop3): Ending clean mount
[  136.058953][ T7402] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  136.093228][ T7402] syz.4.404: attempt to access beyond end of device
[  136.093228][ T7402] loop4: rw=2049, sector=45096, nr_sectors = 128 limit=40427
[  136.113355][ T7402] syz.4.404: attempt to access beyond end of device
[  136.113355][ T7402] loop4: rw=2049, sector=77824, nr_sectors = 136 limit=40427
[  136.132534][ T7437] loop2: detected capacity change from 0 to 2048
[  136.188790][ T5844] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  136.201383][ T7437] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  136.233750][ T1154] kworker/u8:7: attempt to access beyond end of device
[  136.233750][ T1154] loop4: rw=2049, sector=45224, nr_sectors = 8 limit=40427
[  136.286303][ T1154] CPU: 1 UID: 0 PID: 1154 Comm: kworker/u8:7 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) 
[  136.286333][ T1154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  136.286343][ T1154] Workqueue: writeback wb_workfn (flush-7:4)
[  136.286370][ T1154] Call Trace:
[  136.286377][ T1154]  <TASK>
[  136.286385][ T1154]  dump_stack_lvl+0x189/0x250
[  136.286412][ T1154]  ? __pfx_dump_stack_lvl+0x10/0x10
[  136.286430][ T1154]  ? __pfx_queue_work_on+0x10/0x10
[  136.286447][ T1154]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  136.286468][ T1154]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  136.286502][ T1154]  f2fs_handle_critical_error+0x37c/0x540
[  136.286531][ T1154]  f2fs_write_end_io+0x886/0xb60
[  136.286578][ T1154]  __submit_merged_bio+0x27a/0x6a0
[  136.286610][ T1154]  __submit_merged_write_cond+0x255/0x530
[  136.286638][ T1154]  f2fs_write_data_pages+0x261d/0x3000
[  136.286701][ T1154]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  136.286718][ T1154]  ? __local_bh_enable_ip+0x12d/0x1c0
[  136.286753][ T1154]  ? rcu_is_watching+0x15/0xb0
[  136.286812][ T1154]  ? rcu_read_lock_sched_held+0x89/0x100
[  136.286831][ T1154]  ? __pfx_rcu_read_lock_sched_held+0x10/0x10
[  136.286899][ T1154]  ? rcu_read_lock_sched_held+0x89/0x100
[  136.286917][ T1154]  ? __pfx_rcu_read_lock_sched_held+0x10/0x10
[  136.286939][ T1154]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  136.286961][ T1154]  do_writepages+0x32e/0x550
[  136.286989][ T1154]  ? reacquire_held_locks+0x127/0x1d0
[  136.287006][ T1154]  ? writeback_sb_inodes+0x384/0x1010
[  136.287039][ T1154]  __writeback_single_inode+0x145/0xff0
[  136.287059][ T1154]  ? do_raw_spin_unlock+0x122/0x240
[  136.287087][ T1154]  writeback_sb_inodes+0x6c7/0x1010
[  136.287141][ T1154]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  136.287214][ T1154]  ? rcu_is_watching+0x15/0xb0
[  136.287244][ T1154]  wb_writeback+0x43b/0xaf0
[  136.287275][ T1154]  ? queue_io+0x3a1/0x590
[  136.287299][ T1154]  ? __pfx_wb_writeback+0x10/0x10
[  136.287346][ T1154]  ? _raw_spin_unlock_irq+0x23/0x50
[  136.287368][ T1154]  wb_workfn+0x409/0xef0
[  136.287406][ T1154]  ? __pfx_wb_workfn+0x10/0x10
[  136.287430][ T1154]  ? __lock_acquire+0xab9/0xd20
[  136.287460][ T1154]  ? process_scheduled_works+0x9ef/0x17b0
[  136.287486][ T1154]  ? _raw_spin_unlock_irq+0x23/0x50
[  136.287503][ T1154]  ? process_scheduled_works+0x9ef/0x17b0
[  136.287519][ T1154]  ? process_scheduled_works+0x9ef/0x17b0
[  136.287539][ T1154]  process_scheduled_works+0xae1/0x17b0
[  136.287599][ T1154]  ? __pfx_process_scheduled_works+0x10/0x10
[  136.287639][ T1154]  worker_thread+0x8a0/0xda0
[  136.287662][ T1154]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  136.287692][ T1154]  ? __kthread_parkme+0x7b/0x200
[  136.287724][ T1154]  kthread+0x70e/0x8a0
[  136.287749][ T1154]  ? __pfx_worker_thread+0x10/0x10
[  136.287766][ T1154]  ? __pfx_kthread+0x10/0x10
[  136.287790][ T1154]  ? _raw_spin_unlock_irq+0x23/0x50
[  136.287808][ T1154]  ? lockdep_hardirqs_on+0x9c/0x150
[  136.287826][ T1154]  ? __pfx_kthread+0x10/0x10
[  136.287849][ T1154]  ret_from_fork+0x3f9/0x770
[  136.287870][ T1154]  ? __pfx_ret_from_fork+0x10/0x10
[  136.287896][ T1154]  ? __switch_to_asm+0x39/0x70
[  136.287914][ T1154]  ? __switch_to_asm+0x33/0x70
[  136.287932][ T1154]  ? __pfx_kthread+0x10/0x10
[  136.287955][ T1154]  ret_from_fork_asm+0x1a/0x30
[  136.287996][ T1154]  </TASK>
[  136.288003][ T1154] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  136.328688][ T3573] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  136.645834][ T5842] ocfs2: Unmounting device (7,1) on (node local)
[  136.667158][ T3573] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28
[  136.682832][ T3573] EXT4-fs (loop2): This should not happen!! Data will be lost
[  136.682832][ T3573] 
[  136.694294][ T3573] EXT4-fs (loop2): Total free blocks count 0
[  136.700297][ T3573] EXT4-fs (loop2): Free/Dirty block details
[  136.706256][ T3573] EXT4-fs (loop2): free_blocks=2415919104
[  136.749001][ T3573] EXT4-fs (loop2): dirty_blocks=16
[  136.760172][ T3573] EXT4-fs (loop2): Block reservation details
[  136.769822][ T3573] EXT4-fs (loop2): i_reserved_data_blocks=1
[  136.801275][ T5852] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  137.141844][ T7452] netlink: 4 bytes leftover after parsing attributes in process `syz.3.420'.
[  138.558730][ T7457] loop1: detected capacity change from 0 to 32768
[  138.597963][ T7457] XFS: attr2 mount option is deprecated.
[  138.648556][ T7457] XFS (loop1): DAX unsupported by block device. Turning off DAX.
[  138.656732][ T7466] loop3: detected capacity change from 0 to 32768
[  138.688027][ T7472] loop2: detected capacity change from 0 to 131072
[  138.703071][ T7472] F2FS-fs (loop2): Wrong CP boundary, start(512) end(1536) blocks(0)
[  138.711186][ T7472] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  138.731276][ T7472] F2FS-fs (loop2): invalid crc value
[  138.731535][ T7457] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  138.768792][ T7466] JBD2: Ignoring recovery information on journal
[  138.870413][ T7472] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  138.941795][ T7457] XFS (loop1): Ending clean mount
[  138.966767][ T7466] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  138.980699][ T7472] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  138.982146][ T7457] XFS (loop1): Quotacheck needed: Please wait.
[  138.987879][ T7472] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[  139.106243][ T7457] XFS (loop1): Quotacheck: Done.
[  139.110496][   T30] audit: type=1800 audit(1752495160.473:14): pid=7466 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.422" name="file1" dev="loop3" ino=17058 res=0 errno=0
[  139.262988][ T7495] loop4: detected capacity change from 0 to 4096
[  139.302712][ T5842] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  139.334010][ T7495] NILFS (loop4): invalid segment: Checksum error in segment payload
[  139.342192][ T7495] NILFS (loop4): trying rollback from an earlier position
[  139.397852][ T5844] ocfs2: Unmounting device (7,3) on (node local)
[  139.462287][ T7495] NILFS (loop4): recovery complete
[  139.523396][ T7501] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  140.485783][ T7523] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  140.536772][ T7522] loop1: detected capacity change from 0 to 8192
[  140.622683][ T7522]  loop1: p1 p2 p4
[  140.626896][ T7522] loop1: p1 size 108920841 extends beyond EOD, truncated
[  140.645500][ T7522] loop1: p2 start 861536256 is beyond EOD, truncated
[  140.652200][ T7522] loop1: p4 size 65536 extends beyond EOD, truncated
[  140.745089][ T7523] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  141.005667][ T7523] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  141.156152][ T7523] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  141.652377][ T1097] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  141.670876][ T1154] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  141.705685][ T1154] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  141.752568][   T49] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  142.161729][ T7326] Set syz1 is full, maxelem 65536 reached
[  142.279591][ T7538] loop1: detected capacity change from 0 to 32768
[  142.327055][ T7538] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.436 (7538)
[  142.375682][ T7538] BTRFS info (device loop1): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  142.416676][ T7538] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm
[  142.452499][ T7538] BTRFS info (device loop1): disk space caching is enabled
[  142.489323][ T7538] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  142.651422][ T7538] BTRFS info (device loop1): rebuilding free space tree
[  142.703222][ T7538] BTRFS info (device loop1): disabling free space tree
[  142.720121][ T7538] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  142.751498][ T7538] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  142.846589][ T7598] loop3: detected capacity change from 0 to 512
[  142.883972][ T7598] EXT4-fs (loop3): Test dummy encryption mode enabled
[  142.905225][ T7598] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  142.925349][ T7538] BTRFS info (device loop1): balance: start -d -m
[  142.958550][ T7538] BTRFS info (device loop1): relocating block group 6881280 flags data|metadata
[  142.987305][ T7598] EXT4-fs error (device loop3): ext4_orphan_get:1419: comm syz.3.447: bad orphan inode 131083
[  143.015895][ T7598] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  143.056654][ T7538] BTRFS info (device loop1): relocating block group 5242880 flags data|metadata
[  143.261842][ T7538] BTRFS info (device loop1): found 9 extents, stage: move data extents
[  143.343892][ T5844] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  143.472234][ T7610] loop5: detected capacity change from 0 to 2048
[  143.521271][ T7613] sch_tbf: burst 19920 is lower than device lo mtu (65550) !
[  143.543547][ T7614] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  143.622443][   T30] audit: type=1800 audit(1752495164.983:15): pid=7610 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.450" name="file1" dev="loop5" ino=15 res=0 errno=0
[  143.749892][ T7538] BTRFS info (device loop1): found 1 extents, stage: update data pointers
[  143.831231][ T7614] NILFS (loop5): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3)
[  143.873491][ T7614] NILFS error (device loop5): nilfs_bmap_propagate: broken bmap (inode number=4)
[  143.919676][ T7604] loop2: detected capacity change from 0 to 32768
[  143.921720][ T7614] Remounting filesystem read-only
[  143.956756][ T6752] NILFS (loop5): disposed unprocessed dirty file(s) when stopping log writer
[  143.970964][ T7595] loop4: detected capacity change from 0 to 40427
[  144.015978][ T7595] F2FS-fs (loop4): Wrong SSA boundary, start(3584) end(4096) blocks(0)
[  144.045169][ T7595] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  144.050103][ T7538] BTRFS info (device loop1): balance: ended with status: 0
[  144.060731][ T7604] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.448 (7604)
[  144.064020][ T7595] F2FS-fs (loop4): build fault injection type: 0x6
[  144.123205][ T7595] F2FS-fs (loop4): invalid crc value
[  144.167944][ T7604] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  144.193934][ T7604] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[  144.214202][ T7604] BTRFS info (device loop2): disk space caching is enabled
[  144.221419][ T7604] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  144.288038][ T5842] BTRFS info (device loop1): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  144.308357][ T7595] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  144.329333][ T7595] F2FS-fs (loop4): Start checkpoint disabled!
[  144.351106][ T7595] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  144.384563][ T7595] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  144.568929][ T7604] BTRFS info (device loop2): rebuilding free space tree
[  144.624460][ T7595] F2FS-fs (loop4): disabling checkpoint not compatible with read-only
[  144.648084][ T7652] loop5: detected capacity change from 0 to 512
[  144.685141][ T7655] syz.4.446: attempt to access beyond end of device
[  144.685141][ T7655] loop4: rw=524288, sector=45064, nr_sectors = 8 limit=40427
[  144.722901][ T7655] syz.4.446: attempt to access beyond end of device
[  144.722901][ T7655] loop4: rw=0, sector=45064, nr_sectors = 8 limit=40427
[  144.765215][ T7604] BTRFS info (device loop2): disabling free space tree
[  144.792601][ T7604] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  144.819975][ T7604] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  144.851850][ T7652] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  144.883563][ T7652] ext4 filesystem being mounted at /23/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  144.938450][ T7652] EXT4-fs error (device loop5): ext4_readdir:264: inode #2: block 3: comm syz.5.457: path (unknown): bad entry in directory: directory entry overrun - offset=0, inode=2, rec_len=2060, size=2048 fake=1
[  144.964260][ T7652] EXT4-fs (loop5): Remounting filesystem read-only
[  145.053442][ T3573] kworker/u8:10: attempt to access beyond end of device
[  145.053442][ T3573] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  145.107267][ T3573] CPU: 0 UID: 0 PID: 3573 Comm: kworker/u8:10 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) 
[  145.107293][ T3573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  145.107304][ T3573] Workqueue: writeback wb_workfn (flush-7:4)
[  145.107329][ T3573] Call Trace:
[  145.107336][ T3573]  <TASK>
[  145.107344][ T3573]  dump_stack_lvl+0x189/0x250
[  145.107370][ T3573]  ? __pfx_dump_stack_lvl+0x10/0x10
[  145.107390][ T3573]  ? __pfx_queue_work_on+0x10/0x10
[  145.107406][ T3573]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  145.107426][ T3573]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  145.107453][ T3573]  f2fs_handle_critical_error+0x37c/0x540
[  145.107478][ T3573]  f2fs_write_end_io+0x886/0xb60
[  145.107515][ T3573]  __submit_merged_bio+0x27a/0x6a0
[  145.107540][ T3573]  __submit_merged_write_cond+0x255/0x530
[  145.107566][ T3573]  f2fs_write_data_pages+0x261d/0x3000
[  145.107620][ T3573]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  145.107655][ T3573]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  145.107713][ T3573]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  145.107731][ T3573]  ? look_up_lock_class+0x74/0x170
[  145.107761][ T3573]  ? trace_f2fs_writepages+0x7f/0x200
[  145.107781][ T3573]  ? f2fs_write_node_pages+0x478/0x6e0
[  145.107804][ T3573]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  145.107836][ T3573]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  145.107857][ T3573]  do_writepages+0x32e/0x550
[  145.107884][ T3573]  ? reacquire_held_locks+0x127/0x1d0
[  145.107902][ T3573]  ? writeback_sb_inodes+0x384/0x1010
[  145.107931][ T3573]  __writeback_single_inode+0x145/0xff0
[  145.107952][ T3573]  ? do_raw_spin_unlock+0x122/0x240
[  145.107978][ T3573]  writeback_sb_inodes+0x6c7/0x1010
[  145.108031][ T3573]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  145.108096][ T3573]  ? rcu_is_watching+0x15/0xb0
[  145.108124][ T3573]  wb_writeback+0x43b/0xaf0
[  145.108152][ T3573]  ? queue_io+0x3a1/0x590
[  145.108175][ T3573]  ? __pfx_wb_writeback+0x10/0x10
[  145.108205][ T3573]  ? _raw_spin_unlock_irq+0x23/0x50
[  145.108229][ T3573]  wb_workfn+0x409/0xef0
[  145.108263][ T3573]  ? __pfx_wb_workfn+0x10/0x10
[  145.108285][ T3573]  ? __lock_acquire+0xab9/0xd20
[  145.108312][ T3573]  ? process_scheduled_works+0x9ef/0x17b0
[  145.108336][ T3573]  ? _raw_spin_unlock_irq+0x23/0x50
[  145.108353][ T3573]  ? process_scheduled_works+0x9ef/0x17b0
[  145.108369][ T3573]  ? process_scheduled_works+0x9ef/0x17b0
[  145.108388][ T3573]  process_scheduled_works+0xae1/0x17b0
[  145.108437][ T3573]  ? __pfx_process_scheduled_works+0x10/0x10
[  145.108473][ T3573]  worker_thread+0x8a0/0xda0
[  145.108494][ T3573]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  145.108522][ T3573]  ? __kthread_parkme+0x7b/0x200
[  145.108552][ T3573]  kthread+0x70e/0x8a0
[  145.108576][ T3573]  ? __pfx_worker_thread+0x10/0x10
[  145.108593][ T3573]  ? __pfx_kthread+0x10/0x10
[  145.108615][ T3573]  ? _raw_spin_unlock_irq+0x23/0x50
[  145.108634][ T3573]  ? lockdep_hardirqs_on+0x9c/0x150
[  145.108652][ T3573]  ? __pfx_kthread+0x10/0x10
[  145.108671][ T3573]  ret_from_fork+0x3f9/0x770
[  145.108692][ T3573]  ? __pfx_ret_from_fork+0x10/0x10
[  145.108715][ T3573]  ? __switch_to_asm+0x39/0x70
[  145.108733][ T3573]  ? __switch_to_asm+0x33/0x70
[  145.108752][ T3573]  ? __pfx_kthread+0x10/0x10
[  145.108773][ T3573]  ret_from_fork_asm+0x1a/0x30
[  145.108811][ T3573]  </TASK>
[  145.108818][ T3573] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  145.314561][ T6752] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  145.539668][ T1154] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared)
[  145.588928][ T5852] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  146.702645][ T5938] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  146.833675][ T5906] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  146.867471][ T5938] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  146.878959][ T7717] loop1: detected capacity change from 0 to 4096
[  146.884230][ T5938] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  146.904133][ T5938] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  146.915265][ T5938] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  146.931533][ T7703] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  146.942247][ T7720] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  146.945272][ T5938] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  146.996654][ T5906] usb 6-1: config 0 has no interfaces?
[  147.017943][ T5906] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  147.044973][ T5906] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  147.074267][ T5842] NILFS error (device loop1): nilfs_check_folio: bad entry in directory #2: rec_len is smaller than minimal - offset=4096, inode=0, rec_len=0, name_len=0
[  147.101187][ T5906] usb 6-1: config 0 descriptor??
[  147.132672][ T5842] Remounting filesystem read-only
[  147.159294][ T5842] NILFS error (device loop1): nilfs_readdir: bad page in #2
[  147.212385][ T5906] usb 3-1: USB disconnect, device number 4
[  147.235924][ T5842] NILFS error (device loop1): nilfs_check_folio: bad entry in directory #2: rec_len is smaller than minimal - offset=8192, inode=0, rec_len=0, name_len=0
[  147.289718][ T5842] NILFS error (device loop1): nilfs_readdir: bad page in #2
[  147.633495][ T7709] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  147.701347][ T7709] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  147.760118][   T24] usb 6-1: USB disconnect, device number 2
[  147.901441][ T7750] Bluetooth: MGMT ver 1.23
[  147.952632][    T9] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  148.081068][ T7754] loop4: detected capacity change from 0 to 1024
[  148.132534][    T9] usb 2-1: Using ep0 maxpacket: 16
[  148.165131][    T9] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  148.209278][    T9] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  148.273025][    T9] usb 2-1: config 0 interface 0 has no altsetting 0
[  148.279760][    T9] usb 2-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00
[  148.315181][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  148.328054][ T7754] hfsplus: xattr searching failed
[  148.376518][    T9] usb 2-1: config 0 descriptor??
[  148.525732][ T1154] hfsplus: b-tree write err: -5, ino 4
[  148.789150][    T9] hid (null): global environment stack underflow
[  148.871446][    T9] cougar 0003:060B:500A.0005: usage count exceeds max: fixing up report descriptor
[  148.901739][    T9] cougar 0003:060B:500A.0005: unexpected long global item
[  148.933025][    T9] cougar 0003:060B:500A.0005: parse failed
[  148.938952][    T9] cougar 0003:060B:500A.0005: probe with driver cougar failed with error -22
[  148.999639][    T9] usb 2-1: USB disconnect, device number 8
[  149.499244][ T7804] loop3: detected capacity change from 0 to 4096
[  149.607514][ T7813] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  149.851012][ T7815] loop1: detected capacity change from 0 to 4096
[  149.865625][ T7819] loop3: detected capacity change from 0 to 1024
[  149.922415][ T7815] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512).
[  149.941365][ T7819] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  150.410180][ T7775] loop5: detected capacity change from 0 to 32768
[  150.567285][ T7806] loop2: detected capacity change from 0 to 32768
[  150.600327][ T7806] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  150.632993][ T7775] 
[  150.632993][ T7775]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  150.632993][ T7775] 
[  150.637590][ T7835] loop4: detected capacity change from 0 to 2048
[  150.652048][ T7806] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  150.666138][ T7835] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  150.748041][ T7806] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  150.788547][ T5938] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  150.804463][ T7775] read_mapping_page failed!
[  150.812755][ T5938] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  150.832877][ T7775] ERROR: (device loop5): txCommit: 
[  150.832877][ T7775] 
[  150.892627][ T5906] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  150.935728][ T5938] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 122ms
[  150.962870][ T5938] gfs2: fsid=syz:syz.0: jid=0: Done
[  150.972660][ T7806] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  151.005925][ T6752] 
[  151.005925][ T6752]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  151.005925][ T6752] 
[  151.052511][ T6752] 
[  151.052511][ T6752]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  151.052511][ T6752] 
[  151.066067][ T5906] usb 4-1: Using ep0 maxpacket: 32
[  151.083637][ T5906] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=67.fe
[  151.102459][ T5906] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  151.110736][ T5906] usb 4-1: Product: syz
[  151.117894][ T5906] usb 4-1: Manufacturer: syz
[  151.125787][ T7828] loop1: detected capacity change from 0 to 32768
[  151.132393][ T5906] usb 4-1: SerialNumber: syz
[  151.139494][ T5906] usb 4-1: config 0 descriptor??
[  151.201810][ T7828] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  151.276857][ T7806] gfs2: fsid=syz:syz.0: found 1 quota changes
[  151.384936][ T7828] XFS (loop1): Ending clean mount
[  151.395471][ T5906] snd-usb-6fire 4-1:0.0: unknown device firmware state received from device:
[  151.408187][ T7828] XFS (loop1): Quotacheck needed: Please wait.
[  151.414480][ T5906] eb 9a 47 80 9b f8 7a f0 
[  151.419021][ T5906] snd-usb-6fire 4-1:0.0: probe with driver snd-usb-6fire failed with error -5
[  151.439059][   T30] audit: type=1800 audit(1752495172.803:16): pid=7806 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.498" name="bus" dev="loop2" ino=2341 res=0 errno=0
[  151.526748][ T7828] XFS (loop1): Quotacheck: Done.
[  151.637015][  T892] usb 4-1: USB disconnect, device number 4
[  151.661145][ T7806] syz.2.498: attempt to access beyond end of device
[  151.661145][ T7806] loop2: rw=12288, sector=6755399441055880, nr_sectors = 8 limit=32768
[  151.713943][ T5842] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  152.067115][ T7863] loop4: detected capacity change from 0 to 256
[  152.101566][   T30] audit: type=1800 audit(1752495173.463:17): pid=7863 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.519" name="file1" dev="loop4" ino=1048619 res=0 errno=0
[  152.160489][ T7863] FAT-fs (loop4): error, fat_bmap_cluster: request beyond EOF (i_pos 196)
[  152.203971][ T5852] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error - inode = 11 2339, function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 403
[  152.218767][ T5852] gfs2: fsid=syz:syz.0: G:  s:EX n:2/923 f:aqobnN t:EX d:EX/0 a:0 v:0 r:2 m:20 p:1
[  152.228165][ T5852] gfs2: fsid=syz:syz.0:  H: s:EX f:H e:0 p:5852 [syz-executor] gfs2_quota_sync+0x359/0x460
[  152.238492][ T5852] gfs2: fsid=syz:syz.0:  I: n:11/2339 t:0 f:0x00 d:0x00000000 s:0 p:0
[  152.293162][ T5852] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  152.467256][ T7870] loop1: detected capacity change from 0 to 4096
[  152.662375][   T24] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  152.672604][  T892] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  152.814014][   T24] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  152.835167][  T892] usb 6-1: Using ep0 maxpacket: 32
[  152.837742][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  152.852191][  T892] usb 6-1: config 0 interface 0 has no altsetting 0
[  152.863091][  T892] usb 6-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  152.871190][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  152.882362][  T892] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  152.895967][   T24] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  152.900559][  T892] usb 6-1: Product: syz
[  152.922468][  T892] usb 6-1: Manufacturer: syz
[  152.931136][   T24] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  152.932340][  T892] usb 6-1: SerialNumber: syz
[  152.942501][   T24] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  152.963347][  T892] usb 6-1: config 0 descriptor??
[  152.974361][   T24] usb 4-1: Manufacturer: syz
[  152.990027][   T24] usb 4-1: config 0 descriptor??
[  153.080414][ T7883] loop4: detected capacity change from 0 to 40427
[  153.091656][ T7883] F2FS-fs: heap/no_heap options were deprecated
[  153.100122][ T7883] F2FS-fs (loop4): build fault injection rate: 19
[  153.109968][ T7883] F2FS-fs (loop4): build fault injection type: 0x3bfe8c
[  153.125904][ T7883] F2FS-fs (loop4): invalid crc value
[  153.146982][ T7883] F2FS-fs (loop4): inject page alloc in f2fs_grab_cache_folio of f2fs_ra_meta_pages+0x615/0x970
[  153.256462][ T7883] F2FS-fs (loop4): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x20a/0x3f0
[  153.276529][ T7883] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  153.301532][ T7883] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  153.326397][ T7883] F2FS-fs (loop4): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  153.341969][ T7883] F2FS-fs (loop4): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  153.359551][ T7885] loop1: detected capacity change from 0 to 65536
[  153.376539][ T7885] XFS (loop1): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  153.387590][  T892] gs_usb 6-1:0.0: Configuring for 1 interfaces
[  153.398491][ T5859] F2FS-fs (loop4): inject inconsistent footer in sanity_check_node_footer of f2fs_get_dnode_of_data+0x23a/0x1b50
[  153.409898][ T7885] XFS (loop1): Ending clean mount
[  153.418692][ T5859] F2FS-fs (loop4): inconsistent node block, node_type:1, nid:3, node_footer[nid:3,ino:3,ofs:0,cpver:1219692001,blkaddr:4098]
[  153.435796][   T24] appleir 0003:05AC:8243.0006: unknown main item tag 0x0
[  153.449847][   T24] appleir 0003:05AC:8243.0006: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0
[  153.525664][ T5842] XFS (loop1): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  153.759183][    T9] usb 4-1: USB disconnect, device number 5
[  153.926917][ T7901] loop4: detected capacity change from 0 to 4096
[  153.939407][ T7901] EXT4-fs (loop4): Test dummy encryption mode enabled
[  153.948570][ T7901] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  153.959187][ T7901] System zones: 0-5
[  153.975513][ T7901] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  154.036247][ T5976] usb 6-1: USB disconnect, device number 3
[  154.088509][ T5859] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  154.351492][ T7911] netlink: 12 bytes leftover after parsing attributes in process `syz.3.534'.
[  154.940262][ T7909] loop4: detected capacity change from 0 to 40427
[  154.950731][ T7909] F2FS-fs (loop4): invalid crc value
[  155.109650][ T7909] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  155.133622][ T7909] F2FS-fs (loop4): Start checkpoint disabled!
[  155.159891][ T7909] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  155.214527][   T30] audit: type=1804 audit(1752495176.573:18): pid=7909 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.533" name="/newroot/127/file0/file0" dev="loop4" ino=10 res=1 errno=0
[  155.236741][ T7909] F2FS-fs (loop4): Stopped filesystem due to reason: 0
[  155.267605][   T24] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  155.309267][   T24] hid-generic 0000:0000:0000.0007: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  155.352585][ T5976] usb 4-1: new full-speed USB device number 6 using dummy_hcd
[  155.528801][ T5976] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  155.554325][ T5976] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  155.586512][ T5976] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  155.606067][ T5976] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  155.846080][ T5976] usb 4-1: GET_CAPABILITIES returned 0
[  155.851607][ T5976] usbtmc 4-1:16.0: can't read capabilities
[  156.072870][    T9] usb 4-1: USB disconnect, device number 6
[  156.227381][ T7940] loop4: detected capacity change from 0 to 32768
[  156.308403][ T7940] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  156.368682][ T7940] XFS (loop4): Ending clean mount
[  156.394486][   T30] audit: type=1804 audit(1752495177.763:19): pid=7940 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.546" name="/newroot/128/file0/file1" dev="loop4" ino=4422 res=1 errno=0
[  156.481550][ T5859] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  156.691411][ T7965] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  156.839836][ T1097] Bluetooth: hci5: received HCILL_GO_TO_SLEEP_ACK in state 1
[  156.869515][ T1097] Bluetooth: hci5: Frame reassembly failed (-84)
[  156.878974][ T1097] Bluetooth: hci5: Frame reassembly failed (-84)
[  157.059907][ T7972] loop3: detected capacity change from 0 to 40427
[  157.077286][ T7972] F2FS-fs (loop3): invalid crc value
[  157.092623][  T892] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  157.100234][    T9] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  157.131170][ T7972] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  157.141095][ T7972] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  157.188747][ T5844] syz-executor: attempt to access beyond end of device
[  157.188747][ T5844] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  157.203402][ T5844] CPU: 1 UID: 0 PID: 5844 Comm: syz-executor Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) 
[  157.203426][ T5844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  157.203437][ T5844] Call Trace:
[  157.203445][ T5844]  <TASK>
[  157.203452][ T5844]  dump_stack_lvl+0x189/0x250
[  157.203481][ T5844]  ? __pfx_dump_stack_lvl+0x10/0x10
[  157.203502][ T5844]  ? __pfx_queue_work_on+0x10/0x10
[  157.203517][ T5844]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  157.203539][ T5844]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  157.203574][ T5844]  f2fs_handle_critical_error+0x37c/0x540
[  157.203602][ T5844]  f2fs_write_end_io+0x886/0xb60
[  157.203645][ T5844]  __submit_merged_bio+0x27a/0x6a0
[  157.203673][ T5844]  __submit_merged_write_cond+0x255/0x530
[  157.203701][ T5844]  f2fs_write_data_pages+0x261d/0x3000
[  157.203761][ T5844]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  157.203827][ T5844]  ? __mod_zone_page_state+0xd7/0x140
[  157.203857][ T5844]  ? folios_put_refs+0x560/0x640
[  157.203888][ T5844]  ? __lock_acquire+0xab9/0xd20
[  157.203914][ T5844]  ? do_raw_spin_lock+0x121/0x290
[  157.203947][ T5844]  ? do_raw_spin_unlock+0x122/0x240
[  157.203969][ T5844]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  157.203990][ T5844]  do_writepages+0x32e/0x550
[  157.204027][ T5844]  ? do_raw_spin_unlock+0x122/0x240
[  157.204054][ T5844]  filemap_fdatawrite+0x199/0x240
[  157.204083][ T5844]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  157.204164][ T5844]  ? do_raw_spin_unlock+0x122/0x240
[  157.204192][ T5844]  f2fs_sync_dirty_inodes+0x31f/0x830
[  157.204233][ T5844]  f2fs_write_checkpoint+0x95a/0x1df0
[  157.204285][ T5844]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  157.204366][ T5844]  ? kill_f2fs_super+0x298/0x6c0
[  157.204394][ T5844]  kill_f2fs_super+0x2c3/0x6c0
[  157.204423][ T5844]  ? __pfx_kill_f2fs_super+0x10/0x10
[  157.204441][ T5844]  ? radix_tree_delete_item+0x2b6/0x400
[  157.204472][ T5844]  ? shrinker_free+0x2ce/0x3e0
[  157.204493][ T5844]  deactivate_locked_super+0xb9/0x130
[  157.204515][ T5844]  cleanup_mnt+0x425/0x4c0
[  157.204534][ T5844]  ? lockdep_hardirqs_on+0x9c/0x150
[  157.204560][ T5844]  task_work_run+0x1d1/0x260
[  157.204586][ T5844]  ? __pfx_task_work_run+0x10/0x10
[  157.204606][ T5844]  ? __x64_sys_umount+0x122/0x160
[  157.204634][ T5844]  ? exit_to_user_mode_loop+0x40/0x110
[  157.204664][ T5844]  exit_to_user_mode_loop+0xec/0x110
[  157.204689][ T5844]  do_syscall_64+0x2bd/0x3b0
[  157.204710][ T5844]  ? lockdep_hardirqs_on+0x9c/0x150
[  157.204730][ T5844]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  157.204748][ T5844]  ? clear_bhb_loop+0x60/0xb0
[  157.204770][ T5844]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  157.204787][ T5844] RIP: 0033:0x7f075d38fc57
[  157.204812][ T5844] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  157.204826][ T5844] RSP: 002b:00007fff89e557a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  157.204844][ T5844] RAX: 0000000000000000 RBX: 00007f075d410925 RCX: 00007f075d38fc57
[  157.204856][ T5844] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff89e55860
[  157.204867][ T5844] RBP: 00007fff89e55860 R08: 0000000000000000 R09: 0000000000000000
[  157.204877][ T5844] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff89e568f0
[  157.204888][ T5844] R13: 00007f075d410925 R14: 00000000000265d9 R15: 00007fff89e56930
[  157.204923][ T5844]  </TASK>
[  157.204930][ T5844] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  157.277679][    T9] usb 6-1: Using ep0 maxpacket: 32
[  157.402094][ T5852] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  157.416445][    T9] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  157.449706][ T5852] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  157.458030][    T9] usb 6-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80
[  157.464680][ T5852] gfs2: fsid=syz:syz.0: File system withdrawn
[  157.468412][  T892] usb 5-1: config 0 has no interfaces?
[  157.496912][ T5852] CPU: 1 UID: 0 PID: 5852 Comm: syz-executor Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) 
[  157.496936][ T5852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  157.496946][ T5852] Call Trace:
[  157.496953][ T5852]  <TASK>
[  157.496960][ T5852]  dump_stack_lvl+0x189/0x250
[  157.496987][ T5852]  ? __pfx_dump_stack_lvl+0x10/0x10
[  157.497011][ T5852]  ? __pfx__printk+0x10/0x10
[  157.497032][ T5852]  ? kobject_uevent_env+0x36b/0x8c0
[  157.497062][ T5852]  gfs2_withdraw+0x111e/0x14f0
[  157.497094][ T5852]  ? __pfx_gfs2_withdraw+0x10/0x10
[  157.497109][ T5852]  ? __pfx_autoremove_wake_function+0x10/0x10
[  157.497142][ T5852]  ? gfs2_consist_inode_i+0xf5/0x110
[  157.497162][ T5852]  inode_go_instantiate+0xd42/0x1150
[  157.497197][ T5852]  ? __pfx_inode_go_instantiate+0x10/0x10
[  157.497225][ T5852]  ? gfs2_glock_nq+0x10bb/0x1900
[  157.497246][ T5852]  gfs2_instantiate+0x165/0x220
[  157.497264][ T5852]  gfs2_glock_wait+0x1d4/0x2a0
[  157.497285][ T5852]  do_sync+0x46f/0xc60
[  157.497306][ T5852]  ? gfs2_quota_sync+0x359/0x460
[  157.497338][ T5852]  ? __pfx_do_sync+0x10/0x10
[  157.497356][ T5852]  ? preempt_schedule+0xae/0xc0
[  157.497386][ T5852]  ? gfs2_quota_sync+0x359/0x460
[  157.497406][ T5852]  ? preempt_schedule_thunk+0x16/0x30
[  157.497437][ T5852]  gfs2_quota_sync+0x359/0x460
[  157.497470][ T5852]  gfs2_sync_fs+0x4c/0xb0
[  157.497492][ T5852]  sync_filesystem+0xee/0x230
[  157.497519][ T5852]  generic_shutdown_super+0x6f/0x2c0
[  157.497541][ T5852]  kill_block_super+0x44/0x90
[  157.497563][ T5852]  deactivate_locked_super+0xb9/0x130
[  157.497583][ T5852]  cleanup_mnt+0x425/0x4c0
[  157.497601][ T5852]  ? lockdep_hardirqs_on+0x9c/0x150
[  157.497625][ T5852]  task_work_run+0x1d1/0x260
[  157.497649][ T5852]  ? __pfx_task_work_run+0x10/0x10
[  157.497667][ T5852]  ? __x64_sys_umount+0x122/0x160
[  157.497691][ T5852]  ? exit_to_user_mode_loop+0x40/0x110
[  157.497719][ T5852]  exit_to_user_mode_loop+0xec/0x110
[  157.497743][ T5852]  do_syscall_64+0x2bd/0x3b0
[  157.497763][ T5852]  ? lockdep_hardirqs_on+0x9c/0x150
[  157.497781][ T5852]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  157.497798][ T5852]  ? clear_bhb_loop+0x60/0xb0
[  157.497817][ T5852]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  157.497832][ T5852] RIP: 0033:0x7efd3e98fc57
[  157.497848][ T5852] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  157.497863][ T5852] RSP: 002b:00007ffdbb397cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  157.497880][ T5852] RAX: 0000000000000000 RBX: 00007efd3ea10925 RCX: 00007efd3e98fc57
[  157.497892][ T5852] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdbb397db0
[  157.497901][ T5852] RBP: 00007ffdbb397db0 R08: 0000000000000000 R09: 0000000000000000
[  157.497911][ T5852] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffdbb398e40
[  157.497922][ T5852] R13: 00007efd3ea10925 R14: 0000000000025146 R15: 00007ffdbb398e80
[  157.497951][ T5852]  </TASK>
[  157.893450][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  157.901440][    T9] usb 6-1: Product: syz
[  157.905644][    T9] usb 6-1: Manufacturer: syz
[  157.910236][    T9] usb 6-1: SerialNumber: syz
[  157.917979][    T9] usb 6-1: config 0 descriptor??
[  157.929661][  T892] usb 5-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d
[  157.938731][  T892] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  158.012605][  T892] usb 5-1: Product: syz
[  158.016801][  T892] usb 5-1: Manufacturer: syz
[  158.021393][  T892] usb 5-1: SerialNumber: syz
[  158.053680][  T892] r8152-cfgselector 5-1: Unknown version 0x0000
[  158.059955][  T892] r8152-cfgselector 5-1: config 0 descriptor??
[  158.138171][ T5927] usb 6-1: USB disconnect, device number 4
[  158.164127][ T7992] netlink: 'syz.1.565': attribute type 12 has an invalid length.
[  158.306574][ T5976] r8152-cfgselector 5-1: USB disconnect, device number 5
[  158.354817][ T8000] loop3: detected capacity change from 0 to 512
[  158.367254][ T8000] EXT4-fs (loop3): Test dummy encryption mode enabled
[  158.376121][ T8000] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  158.392112][ T8000] EXT4-fs error (device loop3): ext4_orphan_get:1419: comm syz.3.567: bad orphan inode 131083
[  158.406897][ T8000] EXT4-fs (loop3): Remounting filesystem read-only
[  158.418061][ T8000] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  158.471684][ T5844] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  158.521138][ T8007] Driver unsupported XDP return value 0 on prog  (id 67) dev N/A, expect packet loss!
[  158.572885][   T24] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  158.678107][ T8013] loop3: detected capacity change from 0 to 512
[  158.685463][ T8013] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  158.699379][ T8013] EXT4-fs (loop3): 1 truncate cleaned up
[  158.705090][  T892] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  158.708769][ T8013] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  158.727107][   T24] usb 3-1: unable to get BOS descriptor or descriptor too short
[  158.736032][   T24] usb 3-1: config 6 has an invalid interface number: 200 but max is 0
[  158.744433][   T24] usb 3-1: config 6 has no interface number 0
[  158.745464][ T8013] EXT4-fs error (device loop3): ext4_append:79: inode #2: comm syz.3.573: Logical block already allocated
[  158.750636][   T24] usb 3-1: config 6 interface 200 has no altsetting 0
[  158.771953][   T24] usb 3-1: New USB device found, idVendor=05d8, idProduct=810c, bcdDevice=18.5f
[  158.781210][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  158.789256][   T24] usb 3-1: Product: syz
[  158.793465][   T24] usb 3-1: Manufacturer: syz
[  158.798057][   T24] usb 3-1: SerialNumber: syz
[  158.814187][ T5844] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  158.845750][ T5850] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  158.882379][  T892] usb 2-1: Using ep0 maxpacket: 32
[  158.890221][  T892] usb 2-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  158.902380][  T892] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  158.921756][  T892] usb 2-1: config 0 descriptor??
[  158.923260][ T8016] netlink: 4 bytes leftover after parsing attributes in process `syz.4.575'.
[  158.932024][  T892] gspca_main: sunplus-2.14.0 probing 041e:400b
[  159.375999][   T24] dvb-usb: found a 'Artec T14 - USB2.0 DVB-T' in warm state.
[  159.396303][   T24] dvb-usb: bulk message failed: -71 (3/0)
[  159.414416][   T24] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  159.446371][   T24] dvbdev: DVB: registering new adapter (Artec T14 - USB2.0 DVB-T)
[  159.463215][   T24] usb 3-1: media controller created
[  159.500719][   T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  159.551841][   T24] dvb-usb: bulk message failed: -71 (6/0)
[  159.563749][   T24] dvb-usb: bulk message failed: -71 (6/0)
[  159.572366][ T5906] usb 5-1: new full-speed USB device number 6 using dummy_hcd
[  159.581301][ T8026] loop3: detected capacity change from 0 to 40427
[  159.589640][   T24] dvb-usb: no frontend was attached by 'Artec T14 - USB2.0 DVB-T'
[  159.590028][ T8026] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504)
[  159.601274][   T24] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input11
[  159.604742][ T8026] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  159.625845][ T8026] F2FS-fs (loop3): build fault injection type: 0x0
[  159.638921][   T24] dvb-usb: schedule remote query interval to 150 msecs.
[  159.639624][ T8026] F2FS-fs (loop3): invalid crc value
[  159.646306][   T24] dvb-usb: Artec T14 - USB2.0 DVB-T successfully initialized and connected.
[  159.650176][   T24] usb 3-1: USB disconnect, device number 5
[  159.710892][   T24] dvb-usb: Artec T14 - USB2.0 DVB-T successfully deinitialized and disconnected.
[  159.749588][ T5906] usb 5-1: config 150 has an invalid interface number: 204 but max is 1
[  159.759512][ T5906] usb 5-1: config 150 has no interface number 0
[  159.769102][ T5906] usb 5-1: config 150 interface 204 has no altsetting 0
[  159.783730][ T5906] usb 5-1: config 150 interface 1 has no altsetting 0
[  159.808006][ T5906] usb 5-1: New USB device found, idVendor=04e2, idProduct=1424, bcdDevice=c7.eb
[  159.817558][ T5906] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  159.837612][ T5906] usb 5-1: Product: syz
[  159.841806][ T5906] usb 5-1: Manufacturer: syz
[  159.860914][ T5906] usb 5-1: SerialNumber: syz
[  159.880807][ T8026] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  159.900685][ T8026] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  159.907965][ T8026] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  159.946781][ T8026] F2FS-fs (loop3): build fault injection type: 0x0
[  159.961175][  T892] gspca_sunplus: reg_w_riv err -71
[  159.972441][  T892] sunplus 2-1:0.0: probe with driver sunplus failed with error -71
[  160.034132][  T892] usb 2-1: USB disconnect, device number 9
[  160.061393][ T8035] loop5: detected capacity change from 0 to 32768
[  160.107221][ T5906] xr_serial 5-1:150.204: xr_serial converter detected
[  160.107910][ T8041] Bluetooth: hci0: expected 2 bytes, got 7 bytes
[  160.141273][ T8035] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  160.227205][ T8035] XFS (loop5): Ending clean mount
[  160.248330][ T8035] XFS (loop5): Quotacheck needed: Please wait.
[  160.307752][ T8035] XFS (loop5): Quotacheck: Done.
[  160.499930][ T6752] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  160.921855][ T5906] xr_serial ttyUSB0: Failed to set reg 0x0e: -71
[  160.940067][ T5906] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71
[  160.993087][ T5906] usb 5-1: USB disconnect, device number 6
[  161.031466][ T5906] xr_serial 5-1:150.204: device disconnected
[  161.049977][ T8055] loop2: detected capacity change from 0 to 65536
[  161.109321][ T8055] XFS (loop2): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  161.143566][ T8055] XFS (loop2): Ending clean mount
[  161.179648][ T8077] netlink: 'syz.5.593': attribute type 2 has an invalid length.
[  161.195350][ T8055] XFS (loop2): Metadata CRC error detected at xfs_agf_read_verify+0x12f/0x1f0, xfs_agf block 0x1 
[  161.206425][ T8055] XFS (loop2): Unmount and run xfs_repair
[  161.212151][ T8055] XFS (loop2): First 128 bytes of corrupted metadata buffer:
[  161.219586][ T8055] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00  XAGF..........@.
[  161.228460][ T8055] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01  ................
[  161.237598][ T8055] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04  ................
[  161.246525][ T8055] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00  ......?...?.....
[  161.255403][ T8055] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  161.264339][ T8055] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00  ................
[  161.274897][ T8055] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  161.283777][ T8055] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  161.292872][ T8055] XFS (loop2): metadata I/O error in "xfs_read_agf+0x281/0x5c0" at daddr 0x1 len 1 error 74
[  161.324896][ T8055] XFS (loop2): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x517/0x8e0 (fs/xfs/xfs_trans_buf.c:311).  Shutting down filesystem.
[  161.339578][ T8055] XFS (loop2): Please unmount the filesystem and rectify the problem(s)
[  161.390661][ T5852] XFS (loop2): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  161.739267][ T8087] loop3: detected capacity change from 0 to 32768
[  161.834770][ T8087] bcachefs (loop3): starting version 1.1023: (unknown version) opts=errors=continue,metadata_checksum=none,data_checksum=none,checksum_err_retry_nr=0,compression=lz4:2,nopromote_whole_extents,nojournal_transaction_names,allocator_stuck_timeout=0
[  161.834796][ T8087]   allowing incompatible features above 0.0: (unknown version)
[  161.834807][ T8087]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  161.858293][    C1] vkms_vblank_simulate: vblank timer overrun
[  161.862732][ T5906] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  161.932438][ T8087] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0
[  161.940692][ T8087] bcachefs (loop3): initializing new filesystem
[  161.959665][ T8102] loop2: detected capacity change from 0 to 1024
[  161.970214][ T8087] bcachefs (loop3): going read-write
[  162.034980][ T5906] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  162.048770][ T5906] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  162.060068][ T5906] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  162.072212][ T5906] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  162.086979][ T5906] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  162.098565][ T5906] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  162.114796][ T5906] usb 2-1: config 0 descriptor??
[  162.137747][ T8087] bcachefs (loop3): initializing freespace
[  162.157158][   T49] hfsplus: b-tree write err: -5, ino 4
[  162.287936][ T8111] loop4: detected capacity change from 0 to 2048
[  162.303599][ T8111] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  162.344040][ T8087] syz.3.598 (8087) used greatest stack depth: 14312 bytes left
[  162.390397][ T5844] bcachefs (loop3): clean shutdown complete, journal seq 8
[  162.493662][    T9] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  162.549686][ T8119] loop2: detected capacity change from 0 to 4096
[  162.564142][ T5906] plantronics 0003:047F:FFFF.0008: ignoring exceeding usage max
[  162.618705][ T5906] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  162.663328][    T9] usb 6-1: Using ep0 maxpacket: 32
[  162.676353][    T9] usb 6-1: config 0 has no interfaces?
[  162.716034][    T9] usb 6-1: New USB device found, idVendor=054c, idProduct=06c3, bcdDevice=eb.7a
[  162.725172][    T9] usb 6-1: New USB device strings: Mfr=1, Product=66, SerialNumber=3
[  162.733322][    T9] usb 6-1: Product: syz
[  162.737477][    T9] usb 6-1: Manufacturer: syz
[  162.742100][    T9] usb 6-1: SerialNumber: syz
[  162.753250][    T9] usb 6-1: config 0 descriptor??
[  162.977711][ T8135] ip_vti0: Master is either lo or non-ether device
[  163.035905][ T5846] usb 6-1: USB disconnect, device number 5
[  163.504662][ T8137] loop2: detected capacity change from 0 to 32768
[  163.525915][ T8137] 
[  163.525915][ T8137]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  163.525915][ T8137] 
[  163.550601][ T8137] 
[  163.550601][ T8137]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  163.550601][ T8137] 
[  163.564230][ T8137] 
[  163.564230][ T8137]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  163.564230][ T8137] 
[  163.585659][ T8137] 
[  163.585659][ T8137]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  163.585659][ T8137] 
[  163.632743][ T8137] 
[  163.632743][ T8137]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  163.632743][ T8137] 
[  163.659281][ T8137] 
[  163.659281][ T8137]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  163.659281][ T8137] 
[  163.741890][ T8137] 
[  163.741890][ T8137]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  163.741890][ T8137] 
[  163.791525][  T113] 
[  163.791525][  T113]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  163.791525][  T113] 
[  163.853106][ T8137] 
[  163.853106][ T8137]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  163.853106][ T8137] 
[  163.868672][ T8137] 
[  163.868672][ T8137]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  163.868672][ T8137] 
[  163.903903][ T8137] 
[  163.903903][ T8137]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  163.903903][ T8137] 
[  163.935890][ T8154] 
[  163.935890][ T8154]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  163.935890][ T8154] 
[  163.996707][ T8137] 
[  163.996707][ T8137]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  163.996707][ T8137] 
[  164.076137][ T8154] 
[  164.076137][ T8154]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  164.076137][ T8154] 
[  164.096868][ T8137] 
[  164.096868][ T8137]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  164.096868][ T8137] 
[  164.144038][  T112] 
[  164.144038][  T112]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  164.144038][  T112] 
[  164.245719][ T8166] loop3: detected capacity change from 0 to 16
[  164.257313][ T8166] erofs (device loop3): mounted with root inode @ nid 36.
[  164.258400][ T3573] 
[  164.258400][ T3573]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  164.258400][ T3573] 
[  164.274790][ T8166] syz.3.630: attempt to access beyond end of device
[  164.274790][ T8166] loop3: rw=524288, sector=8, nr_sectors = 32 limit=16
[  164.359773][ T3573] 
[  164.359773][ T3573]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  164.359773][ T3573] 
[  164.370922][ T8166] syz.3.630: attempt to access beyond end of device
[  164.370922][ T8166] loop3: rw=524288, sector=40, nr_sectors = 64 limit=16
[  164.376030][ T5852] 
[  164.376030][ T5852]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  164.376030][ T5852] 
[  164.392839][ T8166] syz.3.630: attempt to access beyond end of device
[  164.392839][ T8166] loop3: rw=0, sector=16, nr_sectors = 8 limit=16
[  164.400850][ T5852] 
[  164.400850][ T5852]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  164.400850][ T5852] 
[  164.436057][   T30] audit: type=1800 audit(1752495185.783:20): pid=8166 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.630" name="file2" dev="loop3" ino=89 res=0 errno=0
[  164.447996][ T8147] loop5: detected capacity change from 0 to 40427
[  164.484110][  T113] 
[  164.484110][  T113]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  164.484110][  T113] 
[  164.504778][ T8147] F2FS-fs (loop5): Insane cp_payload (553648128 >= 504)
[  164.524455][ T8147] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  164.544042][ T8168] loop3: detected capacity change from 0 to 2048
[  164.571902][ T8147] F2FS-fs (loop5): build fault injection rate: 17008
[  164.580033][ T8147] F2FS-fs (loop5): build fault injection type: 0x6
[  164.592750][ T8147] F2FS-fs (loop5): invalid crc value
[  164.611099][   T30] audit: type=1800 audit(1752495185.973:21): pid=8168 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.632" name="file1" dev="loop3" ino=838 res=0 errno=0
[  164.667163][ T8173] loop1: detected capacity change from 0 to 1024
[  164.689032][ T5976] usb 2-1: USB disconnect, device number 10
[  164.784737][ T8173] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  164.895249][ T8147] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  164.911369][ T8147] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  164.971513][ T8183] loop4: detected capacity change from 0 to 512
[  164.982193][ T8147] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  164.992620][ T8180] EXT4-fs error (device loop1): __ext4_remount:6736: comm syz.1.633: Abort forced by user
[  165.021643][ T8180] EXT4-fs (loop1): Remounting filesystem read-only
[  165.051968][ T8183] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a842c11d, mo2=0002]
[  165.062093][ T8180] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000.
[  165.079373][ T8183] System zones: 1-12
[  165.083924][ T8183] EXT4-fs error (device loop4): ext4_iget_extra_inode:5032: inode #15: comm syz.4.634: corrupted in-inode xattr: e_value size too large
[  165.098784][ T8183] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.634: couldn't read orphan inode 15 (err -117)
[  165.120374][ T8183] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  165.151573][ T8147] syz.5.622: attempt to access beyond end of device
[  165.151573][ T8147] loop5: rw=2049, sector=53248, nr_sectors = 8 limit=40427
[  165.214290][ T5842] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  165.250183][ T5859] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  165.265565][ T6752] syz-executor: attempt to access beyond end of device
[  165.265565][ T6752] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  165.297054][ T6752] CPU: 1 UID: 0 PID: 6752 Comm: syz-executor Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) 
[  165.297079][ T6752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  165.297089][ T6752] Call Trace:
[  165.297095][ T6752]  <TASK>
[  165.297103][ T6752]  dump_stack_lvl+0x189/0x250
[  165.297130][ T6752]  ? __pfx_dump_stack_lvl+0x10/0x10
[  165.297149][ T6752]  ? __pfx_queue_work_on+0x10/0x10
[  165.297167][ T6752]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  165.297184][ T6752]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  165.297216][ T6752]  f2fs_handle_critical_error+0x37c/0x540
[  165.297242][ T6752]  f2fs_write_end_io+0x886/0xb60
[  165.297281][ T6752]  __submit_merged_bio+0x27a/0x6a0
[  165.297307][ T6752]  __submit_merged_write_cond+0x255/0x530
[  165.297332][ T6752]  f2fs_write_data_pages+0x261d/0x3000
[  165.297385][ T6752]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  165.297416][ T6752]  ? arch_stack_walk+0xfc/0x150
[  165.297475][ T6752]  ? __mod_zone_page_state+0xd7/0x140
[  165.297504][ T6752]  ? folios_put_refs+0x560/0x640
[  165.297530][ T6752]  ? __pfx_folios_put_refs+0x10/0x10
[  165.297544][ T6752]  ? rcu_is_watching+0x15/0xb0
[  165.297570][ T6752]  ? __lock_acquire+0xab9/0xd20
[  165.297601][ T6752]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  165.297622][ T6752]  do_writepages+0x32e/0x550
[  165.297653][ T6752]  ? do_raw_spin_unlock+0x122/0x240
[  165.297679][ T6752]  filemap_fdatawrite+0x199/0x240
[  165.297700][ T6752]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  165.297766][ T6752]  ? do_raw_spin_unlock+0x122/0x240
[  165.297793][ T6752]  f2fs_sync_dirty_inodes+0x31f/0x830
[  165.297830][ T6752]  f2fs_write_checkpoint+0x95a/0x1df0
[  165.297876][ T6752]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  165.297934][ T6752]  ? try_to_wake_up+0x7e5/0x1290
[  165.297961][ T6752]  ? kill_f2fs_super+0x298/0x6c0
[  165.297988][ T6752]  kill_f2fs_super+0x2c3/0x6c0
[  165.298015][ T6752]  ? __pfx_kill_f2fs_super+0x10/0x10
[  165.298033][ T6752]  ? radix_tree_delete_item+0x2b6/0x400
[  165.298061][ T6752]  ? shrinker_free+0x2ce/0x3e0
[  165.298080][ T6752]  deactivate_locked_super+0xb9/0x130
[  165.298103][ T6752]  cleanup_mnt+0x425/0x4c0
[  165.298121][ T6752]  ? lockdep_hardirqs_on+0x9c/0x150
[  165.298145][ T6752]  task_work_run+0x1d1/0x260
[  165.298171][ T6752]  ? __pfx_task_work_run+0x10/0x10
[  165.298188][ T6752]  ? __x64_sys_umount+0x122/0x160
[  165.298213][ T6752]  ? exit_to_user_mode_loop+0x40/0x110
[  165.298243][ T6752]  exit_to_user_mode_loop+0xec/0x110
[  165.298267][ T6752]  do_syscall_64+0x2bd/0x3b0
[  165.298287][ T6752]  ? lockdep_hardirqs_on+0x9c/0x150
[  165.298306][ T6752]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  165.298323][ T6752]  ? clear_bhb_loop+0x60/0xb0
[  165.298344][ T6752]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  165.298360][ T6752] RIP: 0033:0x7fcbca38fc57
[  165.298376][ T6752] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  165.298390][ T6752] RSP: 002b:00007ffd30475f08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  165.298409][ T6752] RAX: 0000000000000000 RBX: 00007fcbca410925 RCX: 00007fcbca38fc57
[  165.298420][ T6752] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd30475fc0
[  165.298437][ T6752] RBP: 00007ffd30475fc0 R08: 0000000000000000 R09: 0000000000000000
[  165.298447][ T6752] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd30477050
[  165.298458][ T6752] R13: 00007fcbca410925 R14: 0000000000028538 R15: 00007ffd30477090
[  165.298486][ T6752]  </TASK>
[  165.298494][ T6752] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  166.187063][ T8235] capability: warning: `syz.4.641' uses deprecated v2 capabilities in a way that may be insecure
[  166.454890][ T8198] loop1: detected capacity change from 0 to 40427
[  166.462248][ T8198] F2FS-fs: heap/no_heap options were deprecated
[  166.517266][ T8198] F2FS-fs (loop1): invalid crc value
[  166.628464][ T8242] loop3: detected capacity change from 0 to 32768
[  166.735973][ T8198] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  166.736742][ T8242] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,checksum_err_retry_nr=24,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,degraded=very,nojournal_transaction_names,rebalance_on_ac_only
[  166.778813][ T8242]   allowing incompatible features above 0.0: (unknown version)
[  166.787417][ T8242]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  166.789844][ T8198] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  166.803351][ T8242] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0
[  166.818446][ T8242] bcachefs (loop3): initializing new filesystem
[  166.848307][ T8242] bcachefs (loop3): going read-write
[  166.917381][ T8196] F2FS-fs (loop1): access invalid blkaddr:4043309056
[  166.939315][ T8196] CPU: 0 UID: 0 PID: 8196 Comm: syz.1.637 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) 
[  166.939342][ T8196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  166.939353][ T8196] Call Trace:
[  166.939361][ T8196]  <TASK>
[  166.939369][ T8196]  dump_stack_lvl+0x189/0x250
[  166.939397][ T8196]  ? __pfx_dump_stack_lvl+0x10/0x10
[  166.939418][ T8196]  ? __pfx_f2fs_get_dnode_of_data+0x10/0x10
[  166.939449][ T8196]  ? stack_depot_save_flags+0x429/0x900
[  166.939481][ T8196]  __f2fs_is_valid_blkaddr+0xe52/0x14f0
[  166.939513][ T8196]  f2fs_map_blocks+0xd93/0x4510
[  166.939586][ T8196]  ? __pfx_f2fs_map_blocks+0x10/0x10
[  166.939607][ T8196]  ? xa_load+0x60/0x210
[  166.939647][ T8196]  ? xa_load+0x1ea/0x210
[  166.939680][ T8196]  f2fs_mpage_readpages+0xc96/0x1a90
[  166.939729][ T8196]  ? __pfx_f2fs_mpage_readpages+0x10/0x10
[  166.939778][ T8196]  ? f2fs_readahead+0x177/0x330
[  166.939802][ T8196]  read_pages+0x177/0x580
[  166.939833][ T8196]  ? __pfx_read_pages+0x10/0x10
[  166.939866][ T8196]  ? filemap_add_folio+0x1af/0x270
[  166.939895][ T8196]  page_cache_ra_unbounded+0x6b0/0x7b0
[  166.939942][ T8196]  f2fs_readdir+0x49b/0xa60
[  166.939989][ T8196]  ? __pfx_f2fs_readdir+0x10/0x10
[  166.940027][ T8196]  ? down_read_killable+0x1d1/0x350
[  166.940055][ T8196]  iterate_dir+0x396/0x570
[  166.940080][ T8196]  __se_sys_getdents64+0xe4/0x260
[  166.940105][ T8196]  ? __pfx___se_sys_getdents64+0x10/0x10
[  166.940125][ T8196]  ? __pfx_filldir64+0x10/0x10
[  166.940148][ T8196]  ? rcu_is_watching+0x15/0xb0
[  166.940174][ T8196]  ? do_syscall_64+0xbe/0x3b0
[  166.940201][ T8196]  do_syscall_64+0xfa/0x3b0
[  166.940223][ T8196]  ? lockdep_hardirqs_on+0x9c/0x150
[  166.940243][ T8196]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  166.940260][ T8196]  ? clear_bhb_loop+0x60/0xb0
[  166.940283][ T8196]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  166.940299][ T8196] RIP: 0033:0x7f8469d8e929
[  166.940321][ T8196] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  166.940336][ T8196] RSP: 002b:00007f846ac15038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[  166.940356][ T8196] RAX: ffffffffffffffda RBX: 00007f8469fb5fa0 RCX: 00007f8469d8e929
[  166.940369][ T8196] RDX: 0000000000000044 RSI: 0000000000000000 RDI: 0000000000000004
[  166.940380][ T8196] RBP: 00007f8469e10b39 R08: 0000000000000000 R09: 0000000000000000
[  166.940392][ T8196] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  166.940402][ T8196] R13: 0000000000000000 R14: 00007f8469fb5fa0 R15: 00007ffec3e46cd8
[  166.940434][ T8196]  </TASK>
[  167.196645][ T5927] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  167.235077][ T8196] syz.1.637: attempt to access beyond end of device
[  167.235077][ T8196] loop1: rw=524288, sector=45064, nr_sectors = 8 limit=40427
[  167.254557][ T8242] bcachefs (loop3): initializing freespace
[  167.290055][ T8196] syz.1.637: attempt to access beyond end of device
[  167.290055][ T8196] loop1: rw=0, sector=45064, nr_sectors = 8 limit=40427
[  167.360566][ T5842] syz-executor: attempt to access beyond end of device
[  167.360566][ T5842] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  167.378299][ T5842] CPU: 0 UID: 0 PID: 5842 Comm: syz-executor Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) 
[  167.378324][ T5842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  167.378335][ T5842] Call Trace:
[  167.378342][ T5842]  <TASK>
[  167.378350][ T5842]  dump_stack_lvl+0x189/0x250
[  167.378379][ T5842]  ? __pfx_dump_stack_lvl+0x10/0x10
[  167.378399][ T5842]  ? __pfx_queue_work_on+0x10/0x10
[  167.378415][ T5842]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  167.378437][ T5842]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  167.378471][ T5842]  f2fs_handle_critical_error+0x37c/0x540
[  167.378498][ T5842]  f2fs_write_end_io+0x886/0xb60
[  167.378542][ T5842]  __submit_merged_bio+0x27a/0x6a0
[  167.378569][ T5842]  __submit_merged_write_cond+0x255/0x530
[  167.378594][ T5842]  f2fs_write_data_pages+0x261d/0x3000
[  167.378653][ T5842]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  167.378744][ T5842]  ? folios_put_refs+0x559/0x640
[  167.378775][ T5842]  ? __pfx_folios_put_refs+0x10/0x10
[  167.378790][ T5842]  ? rcu_is_watching+0x15/0xb0
[  167.378820][ T5842]  ? __lock_acquire+0xab9/0xd20
[  167.378858][ T5842]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  167.378880][ T5842]  do_writepages+0x32e/0x550
[  167.378913][ T5842]  ? do_raw_spin_unlock+0x122/0x240
[  167.378940][ T5842]  filemap_fdatawrite+0x199/0x240
[  167.378963][ T5842]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  167.379051][ T5842]  ? do_raw_spin_unlock+0x122/0x240
[  167.379079][ T5842]  f2fs_sync_dirty_inodes+0x31f/0x830
[  167.379121][ T5842]  f2fs_write_checkpoint+0x95a/0x1df0
[  167.379173][ T5842]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  167.379243][ T5842]  ? try_to_wake_up+0x81b/0x1290
[  167.379273][ T5842]  ? kill_f2fs_super+0x298/0x6c0
[  167.379300][ T5842]  kill_f2fs_super+0x2c3/0x6c0
[  167.379330][ T5842]  ? __pfx_kill_f2fs_super+0x10/0x10
[  167.379348][ T5842]  ? radix_tree_delete_item+0x2b6/0x400
[  167.379378][ T5842]  ? shrinker_free+0x2ce/0x3e0
[  167.379398][ T5842]  deactivate_locked_super+0xb9/0x130
[  167.379421][ T5842]  cleanup_mnt+0x425/0x4c0
[  167.379440][ T5842]  ? lockdep_hardirqs_on+0x9c/0x150
[  167.379466][ T5842]  task_work_run+0x1d1/0x260
[  167.379493][ T5842]  ? __pfx_task_work_run+0x10/0x10
[  167.379513][ T5842]  ? __x64_sys_umount+0x122/0x160
[  167.379542][ T5842]  ? exit_to_user_mode_loop+0x40/0x110
[  167.379572][ T5842]  exit_to_user_mode_loop+0xec/0x110
[  167.379597][ T5842]  do_syscall_64+0x2bd/0x3b0
[  167.379618][ T5842]  ? lockdep_hardirqs_on+0x9c/0x150
[  167.379638][ T5842]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  167.379655][ T5842]  ? clear_bhb_loop+0x60/0xb0
[  167.379678][ T5842]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  167.379694][ T5842] RIP: 0033:0x7f8469d8fc57
[  167.379710][ T5842] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  167.379724][ T5842] RSP: 002b:00007ffec3e45f68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  167.379743][ T5842] RAX: 0000000000000000 RBX: 00007f8469e10925 RCX: 00007f8469d8fc57
[  167.379755][ T5842] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffec3e46020
[  167.379766][ T5842] RBP: 00007ffec3e46020 R08: 0000000000000000 R09: 0000000000000000
[  167.379776][ T5842] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffec3e470b0
[  167.379787][ T5842] R13: 00007f8469e10925 R14: 0000000000028d66 R15: 00007ffec3e470f0
[  167.379821][ T5842]  </TASK>
[  167.379828][ T5842] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  167.382438][ T5927] usb 5-1: Using ep0 maxpacket: 16
[  167.522423][ T5846] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  167.593152][   T30] audit: type=1800 audit(1752495188.903:22): pid=8242 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.644" name="file1" dev="loop3" ino=4098 res=0 errno=0
[  167.756255][    C1] vkms_vblank_simulate: vblank timer overrun
[  167.757840][ T8270] loop5: detected capacity change from 0 to 32768
[  167.766778][ T5927] usb 5-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  167.780516][ T5927] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  167.788687][ T8270] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.650 (8270)
[  167.805595][ T5927] usb 5-1: Product: syz
[  167.809787][ T5927] usb 5-1: Manufacturer: syz
[  167.824687][ T5927] usb 5-1: SerialNumber: syz
[  167.827484][ T5846] usb 3-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  167.829398][ T8270] BTRFS info (device loop5): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  167.852660][ T5927] usb 5-1: config 0 descriptor??
[  167.857893][ T8270] BTRFS info (device loop5): using crc32c (crc32c-lib) checksum algorithm
[  167.860587][ T5844] bcachefs (loop3): clean shutdown complete, journal seq 8
[  167.871030][ T8270] BTRFS info (device loop5): using free-space-tree
[  167.884647][ T5846] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  167.918899][ T5846] usb 3-1: config 0 descriptor??
[  168.181546][ T6752] BTRFS info (device loop5): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  168.279101][ T5927] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[  168.290248][ T5927] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  168.310210][ T5927] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[  168.322535][ T5927] usb 5-1: media controller created
[  168.373858][ T5927] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  168.376728][ T8288] netlink: 8 bytes leftover after parsing attributes in process `syz.1.651'.
[  168.393316][ T5846] elan 0003:04F3:0755.0009: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.2-1/input0
[  168.494935][ T5927] zl10353_read_register: readreg error (reg=127, ret==0)
[  168.502061][ T5927] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[  168.527116][ T5927] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[  168.550321][ T5927] usb 5-1: USB disconnect, device number 7
[  168.664259][ T5927] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected.
[  168.928668][ T8292] loop5: detected capacity change from 0 to 40427
[  168.938362][ T8292] F2FS-fs (loop5): build fault injection rate: 771
[  168.951544][ T8292] F2FS-fs (loop5): invalid crc value
[  169.052014][ T8292] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  169.063643][ T8292] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  169.073250][    T9] usb 3-1: USB disconnect, device number 6
[  169.115124][ T6752] syz-executor: attempt to access beyond end of device
[  169.115124][ T6752] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  169.129217][ T6752] CPU: 1 UID: 0 PID: 6752 Comm: syz-executor Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) 
[  169.129242][ T6752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  169.129252][ T6752] Call Trace:
[  169.129260][ T6752]  <TASK>
[  169.129267][ T6752]  dump_stack_lvl+0x189/0x250
[  169.129295][ T6752]  ? __pfx_dump_stack_lvl+0x10/0x10
[  169.129315][ T6752]  ? __pfx_queue_work_on+0x10/0x10
[  169.129337][ T6752]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  169.129358][ T6752]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  169.129393][ T6752]  f2fs_handle_critical_error+0x37c/0x540
[  169.129422][ T6752]  f2fs_write_end_io+0x886/0xb60
[  169.129465][ T6752]  __submit_merged_bio+0x27a/0x6a0
[  169.129492][ T6752]  __submit_merged_write_cond+0x255/0x530
[  169.129520][ T6752]  f2fs_write_data_pages+0x261d/0x3000
[  169.129583][ T6752]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  169.129673][ T6752]  ? folios_put_refs+0x559/0x640
[  169.129707][ T6752]  ? __lock_acquire+0xab9/0xd20
[  169.129735][ T6752]  ? do_raw_spin_lock+0x121/0x290
[  169.129770][ T6752]  ? do_raw_spin_unlock+0x122/0x240
[  169.129792][ T6752]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  169.129815][ T6752]  do_writepages+0x32e/0x550
[  169.129849][ T6752]  ? do_raw_spin_unlock+0x122/0x240
[  169.129876][ T6752]  filemap_fdatawrite+0x199/0x240
[  169.129905][ T6752]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  169.129985][ T6752]  ? do_raw_spin_unlock+0x122/0x240
[  169.130012][ T6752]  f2fs_sync_dirty_inodes+0x31f/0x830
[  169.130053][ T6752]  f2fs_write_checkpoint+0x95a/0x1df0
[  169.130106][ T6752]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  169.130178][ T6752]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  169.130200][ T6752]  ? kfree+0x18e/0x440
[  169.130219][ T6752]  ? kill_f2fs_super+0x298/0x6c0
[  169.130248][ T6752]  kill_f2fs_super+0x2c3/0x6c0
[  169.130277][ T6752]  ? __pfx_kill_f2fs_super+0x10/0x10
[  169.130296][ T6752]  ? radix_tree_delete_item+0x2b6/0x400
[  169.130327][ T6752]  ? shrinker_free+0x2ce/0x3e0
[  169.130347][ T6752]  deactivate_locked_super+0xb9/0x130
[  169.130369][ T6752]  cleanup_mnt+0x425/0x4c0
[  169.130388][ T6752]  ? lockdep_hardirqs_on+0x9c/0x150
[  169.130413][ T6752]  task_work_run+0x1d1/0x260
[  169.130439][ T6752]  ? __pfx_task_work_run+0x10/0x10
[  169.130459][ T6752]  ? __x64_sys_umount+0x122/0x160
[  169.130485][ T6752]  ? exit_to_user_mode_loop+0x40/0x110
[  169.130514][ T6752]  exit_to_user_mode_loop+0xec/0x110
[  169.130538][ T6752]  do_syscall_64+0x2bd/0x3b0
[  169.130559][ T6752]  ? lockdep_hardirqs_on+0x9c/0x150
[  169.130579][ T6752]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  169.130596][ T6752]  ? clear_bhb_loop+0x60/0xb0
[  169.130619][ T6752]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  169.130635][ T6752] RIP: 0033:0x7fcbca38fc57
[  169.130651][ T6752] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  169.130666][ T6752] RSP: 002b:00007ffd30475f08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  169.130685][ T6752] RAX: 0000000000000000 RBX: 00007fcbca410925 RCX: 00007fcbca38fc57
[  169.130696][ T6752] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd30475fc0
[  169.130707][ T6752] RBP: 00007ffd30475fc0 R08: 0000000000000000 R09: 0000000000000000
[  169.130745][ T6752] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd30477050
[  169.130757][ T6752] R13: 00007fcbca410925 R14: 000000000002946d R15: 00007ffd30477090
[  169.130793][ T6752]  </TASK>
[  169.130800][ T6752] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  169.316968][ T8301] loop4: detected capacity change from 0 to 512
[  169.490968][ T8301] EXT4-fs: Ignoring removed nobh option
[  169.504998][ T8301] fscrypt (loop4, inode 2): Error -61 getting encryption context
[  169.514993][ T8301] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -61
[  169.526754][ T8301] EXT4-fs error (device loop4): ext4_orphan_get:1393: inode #13: comm syz.4.658: casefold flag without casefold feature
[  169.553974][ T8301] EXT4-fs (loop4): Remounting filesystem read-only
[  169.576479][ T8301] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  169.617338][ T8301] fscrypt (loop4, inode 2): Error -61 getting encryption context
[  169.657699][ T5859] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  170.816446][ T8332] loop3: detected capacity change from 0 to 32768
[  170.847561][ T8332] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  170.882566][   T30] audit: type=1800 audit(1752495192.243:23): pid=8332 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.669" name="file1" dev="loop3" ino=17058 res=0 errno=0
[  171.030016][ T5844] ocfs2: Unmounting device (7,3) on (node local)
[  171.432100][ T8334] loop4: detected capacity change from 0 to 32768
[  171.493459][ T8334] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  171.593586][ T8334] XFS (loop4): Ending clean mount
[  171.854346][ T8382] loop3: detected capacity change from 0 to 1024
[  171.871985][ T8379] loop2: detected capacity change from 0 to 1024
[  171.884948][ T5859] XFS (loop4): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  171.901039][ T8382] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  171.975400][ T8382] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4113: comm syz.3.684: Allocating blocks 385-513 which overlap fs metadata
[  172.017019][ T8372] loop5: detected capacity change from 0 to 32768
[  172.036389][ T8382] EXT4-fs (loop3): pa ffff888031cd72b8: logic 16, phys. 129, len 24
[  172.045087][ T8382] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 8
[  172.066733][ T8372] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.679 (8372)
[  172.128322][ T3542] hfsplus: b-tree write err: -5, ino 4
[  172.160569][ T8372] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  172.198991][ T8372] BTRFS info (device loop5): using crc32c (crc32c-lib) checksum algorithm
[  172.224493][ T8372] BTRFS info (device loop5): disk space caching is enabled
[  172.240563][ T8372] BTRFS warning (device loop5): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  172.372451][ T8372] BTRFS info (device loop5): rebuilding free space tree
[  172.426263][ T8372] BTRFS info (device loop5): disabling free space tree
[  172.429138][ T5844] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  172.452999][ T8372] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  172.483605][ T8372] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  172.488244][   T30] audit: type=1326 audit(1752495193.843:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8406 comm="syz.2.688" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7efd3e9858e7 code=0x7ffc0000
[  172.535153][   T30] audit: type=1326 audit(1752495193.853:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8406 comm="syz.2.688" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7efd3e92ab19 code=0x7ffc0000
[  172.557141][    C1] vkms_vblank_simulate: vblank timer overrun
[  172.764268][   T30] audit: type=1326 audit(1752495193.853:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8406 comm="syz.2.688" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd3e98e929 code=0x7ffc0000
[  172.868688][   T30] audit: type=1326 audit(1752495193.853:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8406 comm="syz.2.688" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7efd3e9858e7 code=0x7ffc0000
[  172.891796][ T8410] loop3: detected capacity change from 0 to 40427
[  172.907004][ T8410] F2FS-fs (loop3): build fault injection rate: 771
[  172.915706][ T8410] F2FS-fs (loop3): invalid crc value
[  172.921162][   T30] audit: type=1326 audit(1752495193.853:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8406 comm="syz.2.688" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7efd3e92ab19 code=0x7ffc0000
[  172.943148][    C1] vkms_vblank_simulate: vblank timer overrun
[  172.951204][   T30] audit: type=1326 audit(1752495193.853:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8406 comm="syz.2.688" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7efd3e98e929 code=0x7ffc0000
[  172.973278][    C1] vkms_vblank_simulate: vblank timer overrun
[  172.980020][   T30] audit: type=1326 audit(1752495193.853:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8406 comm="syz.2.688" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7efd3e9858e7 code=0x7ffc0000
[  173.003370][   T30] audit: type=1326 audit(1752495193.853:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8406 comm="syz.2.688" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7efd3e92ab19 code=0x7ffc0000
[  173.025344][    C1] vkms_vblank_simulate: vblank timer overrun
[  173.031859][   T30] audit: type=1326 audit(1752495193.853:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8406 comm="syz.2.688" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd3e98e929 code=0x7ffc0000
[  173.150226][ T8410] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  173.167885][ T8410] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  173.168272][ T6752] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  173.222484][ T8417] f2fs_ckpt-7:3: attempt to access beyond end of device
[  173.222484][ T8417] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  173.254377][ T8417] CPU: 1 UID: 0 PID: 8417 Comm: f2fs_ckpt-7:3 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) 
[  173.254402][ T8417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  173.254412][ T8417] Call Trace:
[  173.254420][ T8417]  <TASK>
[  173.254428][ T8417]  dump_stack_lvl+0x189/0x250
[  173.254457][ T8417]  ? __pfx_dump_stack_lvl+0x10/0x10
[  173.254477][ T8417]  ? __pfx_queue_work_on+0x10/0x10
[  173.254494][ T8417]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  173.254514][ T8417]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  173.254549][ T8417]  f2fs_handle_critical_error+0x37c/0x540
[  173.254577][ T8417]  f2fs_write_end_io+0x886/0xb60
[  173.254619][ T8417]  __submit_merged_bio+0x27a/0x6a0
[  173.254646][ T8417]  __submit_merged_write_cond+0x255/0x530
[  173.254674][ T8417]  f2fs_write_data_pages+0x261d/0x3000
[  173.254734][ T8417]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  173.254813][ T8417]  ? check_path+0x21/0x40
[  173.254831][ T8417]  ? check_noncircular+0xe0/0x160
[  173.254918][ T8417]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  173.254944][ T8417]  do_writepages+0x32e/0x550
[  173.254980][ T8417]  ? do_raw_spin_unlock+0x122/0x240
[  173.255006][ T8417]  filemap_fdatawrite+0x199/0x240
[  173.255028][ T8417]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  173.255107][ T8417]  ? do_raw_spin_unlock+0x122/0x240
[  173.255134][ T8417]  f2fs_sync_dirty_inodes+0x31f/0x830
[  173.255175][ T8417]  f2fs_write_checkpoint+0x95a/0x1df0
[  173.255226][ T8417]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  173.255297][ T8417]  ? down_write+0x162/0x1f0
[  173.255319][ T8417]  ? __pfx_down_write+0x10/0x10
[  173.255342][ T8417]  ? __pfx___schedule+0x10/0x10
[  173.255372][ T8417]  __checkpoint_and_complete_reqs+0xd9/0x3b0
[  173.255399][ T8417]  ? __pfx___checkpoint_and_complete_reqs+0x10/0x10
[  173.255442][ T8417]  issue_checkpoint_thread+0xd9/0x260
[  173.255468][ T8417]  ? __pfx_issue_checkpoint_thread+0x10/0x10
[  173.255491][ T8417]  ? __pfx_autoremove_wake_function+0x10/0x10
[  173.255515][ T8417]  ? __kthread_parkme+0x7b/0x200
[  173.255541][ T8417]  ? __kthread_parkme+0x1a1/0x200
[  173.255568][ T8417]  kthread+0x70e/0x8a0
[  173.255593][ T8417]  ? __pfx_issue_checkpoint_thread+0x10/0x10
[  173.255614][ T8417]  ? __pfx_kthread+0x10/0x10
[  173.255642][ T8417]  ? _raw_spin_unlock_irq+0x23/0x50
[  173.255661][ T8417]  ? lockdep_hardirqs_on+0x9c/0x150
[  173.255680][ T8417]  ? __pfx_kthread+0x10/0x10
[  173.255702][ T8417]  ret_from_fork+0x3f9/0x770
[  173.255723][ T8417]  ? __pfx_ret_from_fork+0x10/0x10
[  173.255750][ T8417]  ? __switch_to_asm+0x39/0x70
[  173.255768][ T8417]  ? __switch_to_asm+0x33/0x70
[  173.255786][ T8417]  ? __pfx_kthread+0x10/0x10
[  173.255809][ T8417]  ret_from_fork_asm+0x1a/0x30
[  173.255856][ T8417]  </TASK>
[  173.256965][ T8417] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  174.054853][   T24] IPVS: starting estimator thread 0...
[  174.054909][ T8438] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  174.162380][ T8443] IPVS: using max 31 ests per chain, 74400 per kthread
[  174.242363][ T5927] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  174.346171][ T8449] loop5: detected capacity change from 0 to 4096
[  174.366405][ T8423] loop2: detected capacity change from 0 to 40427
[  174.385473][ T8423] F2FS-fs (loop2): Invalid log blocks per segment (4278190089)
[  174.394819][ T8451] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  174.396116][ T8423] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  174.414223][ T5927] usb 2-1: Using ep0 maxpacket: 16
[  174.442817][ T5927] usb 2-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0
[  174.461259][ T5927] usb 2-1: config 0 interface 0 altsetting 1 endpoint 0x89 has an invalid bInterval 0, changing to 7
[  174.472926][ T5927] usb 2-1: config 0 interface 0 altsetting 1 endpoint 0x89 has invalid wMaxPacketSize 0
[  174.486721][ T5927] usb 2-1: config 0 interface 0 has no altsetting 0
[  174.493770][ T8423] F2FS-fs (loop2): invalid crc value
[  174.512726][ T5927] usb 2-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb
[  174.522088][ T5927] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  174.546998][ T5927] usb 2-1: Product: syz
[  174.574471][ T5927] usb 2-1: Manufacturer: syz
[  174.586646][ T5927] usb 2-1: SerialNumber: syz
[  174.608253][ T5927] usb 2-1: config 0 descriptor??
[  174.696339][ T8423] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  174.711950][ T8423] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  174.719570][ T8423] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  174.847213][ T5927] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input12
[  174.865578][ T5204] synaptics_usb 2-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  174.896812][ T5204] synaptics_usb 2-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  174.924415][ T5204] synaptics_usb 2-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  174.942461][ T5204] synaptics_usb 2-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  175.060867][ T8434] synaptics_usb 2-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  175.084216][    T9] usb 2-1: USB disconnect, device number 11
[  175.142795][   T24] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  175.158607][ T5852] syz-executor: attempt to access beyond end of device
[  175.158607][ T5852] loop2: rw=2051, sector=77824, nr_sectors = 8 limit=40427
[  175.188628][ T5852] F2FS-fs (loop2): Issue discard(9728, 9728, 1) failed, ret: -5
[  175.215909][ T5906] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  175.304859][   T24] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  175.322408][   T24] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  175.332261][   T24] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  175.373892][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  175.393953][ T5906] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  175.412276][ T8463] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  175.428619][   T24] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  175.435747][ T5906] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  175.449444][ T5906] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  175.478638][ T5906] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  175.493288][ T5906] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  175.506102][ T5906] usb 4-1: config 0 descriptor??
[  175.688261][   T24] usb 6-1: USB disconnect, device number 6
[  175.922394][    T9] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  175.926176][ T5906] plantronics 0003:047F:FFFF.000A: reserved main item tag 0xd
[  175.950211][ T5906] plantronics 0003:047F:FFFF.000A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  175.989634][ T8491] netlink: 'syz.4.720': attribute type 3 has an invalid length.
[  176.092364][    T9] usb 2-1: Using ep0 maxpacket: 32
[  176.103951][    T9] usb 2-1: config 0 interface 0 has no altsetting 0
[  176.112232][ T8487] loop2: detected capacity change from 0 to 32768
[  176.132248][    T9] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  176.145855][ T8487] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.718 (8487)
[  176.159863][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  176.171408][    T9] usb 2-1: Product: syz
[  176.178363][    T9] usb 2-1: Manufacturer: syz
[  176.186438][ T8487] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  176.208656][    T9] usb 2-1: SerialNumber: syz
[  176.215170][ T5906] usb 4-1: USB disconnect, device number 7
[  176.219555][ T8487] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[  176.232056][    T9] usb 2-1: config 0 descriptor??
[  176.237709][ T8487] BTRFS info (device loop2): using free-space-tree
[  176.434824][ T5852] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  176.680675][    T9] gs_usb 2-1:0.0: Configuring for 1 interfaces
[  177.094963][ T8534] unknown channel width for channel at 909000KHz?
[  177.106454][ T8534] unknown channel width for channel at 909000KHz?
[  177.118594][ T8534] unknown channel width for channel at 909000KHz?
[  177.156762][ T8529] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  177.258799][ T8529] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  177.305651][   T24] usb 2-1: USB disconnect, device number 12
[  177.344941][ T8529] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  177.405596][ T8529] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  177.544676][ T1154] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  177.571003][ T1154] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  177.611408][ T1154] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  177.625335][ T1154] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  177.883314][  T892] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  177.896895][ T8551] loop4: detected capacity change from 0 to 8
[  177.923536][ T8553] loop1: detected capacity change from 0 to 512
[  177.940316][ T8550] loop5: detected capacity change from 0 to 4096
[  177.980605][ T8553] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  178.001847][ T8553] ext4 filesystem being mounted at /109/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  178.073065][  T892] usb 3-1: Using ep0 maxpacket: 8
[  178.099053][ T8553] EXT4-fs error (device loop1): ext4_do_update_inode:5565: inode #2: comm syz.1.741: corrupted inode contents
[  178.125766][  T892] usb 3-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[  178.149246][ T8553] EXT4-fs error (device loop1): ext4_dirty_inode:6456: inode #2: comm syz.1.741: mark_inode_dirty error
[  178.163515][  T892] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  178.168829][ T8553] EXT4-fs error (device loop1): ext4_do_update_inode:5565: inode #2: comm syz.1.741: corrupted inode contents
[  178.187756][ T8553] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #2: comm syz.1.741: mark_inode_dirty error
[  178.212496][  T892] usb 3-1: Product: syz
[  178.216743][  T892] usb 3-1: Manufacturer: syz
[  178.221385][  T892] usb 3-1: SerialNumber: syz
[  178.244165][  T892] usb 3-1: config 0 descriptor??
[  178.257726][  T892] gspca_main: sq930x-2.14.0 probing 2770:930c
[  178.268719][ T8553] EXT4-fs warning (device loop1): ext4_empty_dir:3086: inode #18: comm syz.1.741: directory missing '.'
[  178.471075][ T5842] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  178.738535][ T8576] netlink: 'syz.1.747': attribute type 39 has an invalid length.
[  178.942830][ T8581] netlink: 8 bytes leftover after parsing attributes in process `syz.4.751'.
[  179.008187][ T8581] bridge0: port 2(bridge_slave_1) entered disabled state
[  179.016655][ T8581] bridge0: port 1(bridge_slave_0) entered disabled state
[  179.135328][  T892] gspca_sq930x: ucbus_write failed -71
[  179.148664][ T8585] loop5: detected capacity change from 0 to 2048
[  179.195407][ T8585] UDF-fs: error (device loop5): udf_process_sequence: Primary Volume Descriptor not found!
[  179.236062][ T8585] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  179.249003][ T8583] loop1: detected capacity change from 0 to 4096
[  179.306527][ T8587] sctp: [Deprecated]: syz.4.754 (pid 8587) Use of int in max_burst socket option deprecated.
[  179.306527][ T8587] Use struct sctp_assoc_value instead
[  179.352759][  T892] gspca_sq930x: Sensor ov9630 not yet treated
[  179.360065][  T892] sq930x 3-1:0.0: probe with driver sq930x failed with error -22
[  179.398745][  T892] usb 3-1: USB disconnect, device number 7
[  179.530708][ T8574] loop3: detected capacity change from 0 to 131072
[  179.540416][ T8574] F2FS-fs (loop3): Test dummy encryption mode enabled
[  179.545569][ T8583] ntfs3(loop1): Failed to initialize $Extend/$ObjId.
[  179.549626][ T8574] F2FS-fs (loop3): invalid crc value
[  179.567780][ T8591] loop4: detected capacity change from 0 to 4096
[  179.642034][ T8574] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  179.672666][ T8574] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  179.702561][ T5938] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  179.873088][ T5938] usb 6-1: Using ep0 maxpacket: 32
[  179.880045][ T5938] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  179.897755][ T5938] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  179.911786][ T5938] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  179.950824][ T5938] usb 6-1: Product: syz
[  179.981163][ T5938] usb 6-1: Manufacturer: syz
[  180.003552][ T5938] usb 6-1: SerialNumber: syz
[  180.014026][ T8605] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.762'.
[  180.045075][ T5938] usb 6-1: config 0 descriptor??
[  180.050688][ T8589] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  180.092059][ T5938] hub 6-1:0.0: bad descriptor, ignoring hub
[  180.141539][ T5938] hub 6-1:0.0: probe with driver hub failed with error -5
[  180.432888][ T5906] usb 6-1: USB disconnect, device number 7
[  180.442221][ T8617] netlink: 'syz.2.765': attribute type 10 has an invalid length.
[  180.477998][ T8617] syz_tun: entered promiscuous mode
[  180.515856][ T8617] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  180.772488][   T24] usb 6-1: new full-speed USB device number 8 using dummy_hcd
[  180.955719][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 1024, setting to 64
[  180.980175][   T24] usb 6-1: string descriptor 0 read error: -22
[  180.992519][   T24] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  181.028872][   T24] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  181.113264][   T24] usb 6-1: config 0 descriptor??
[  181.122838][ T8589] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  181.193660][   T24] hub 6-1:0.0: bad descriptor, ignoring hub
[  181.219894][   T24] hub 6-1:0.0: probe with driver hub failed with error -5
[  181.307078][ T8612] loop4: detected capacity change from 0 to 32768
[  181.412516][ T5906] usb 4-1: new full-speed USB device number 8 using dummy_hcd
[  181.434662][ T8612] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  181.453129][ T8612] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  181.492792][   T24] usb 6-1: USB disconnect, device number 8
[  181.548504][ T8612] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms
[  181.574858][   T24] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  181.591923][   T24] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  181.614048][ T5906] usb 4-1: unable to get BOS descriptor or descriptor too short
[  181.646076][ T5906] usb 4-1: unable to read config index 0 descriptor/start: -71
[  181.672400][ T5906] usb 4-1: can't read configurations, error -71
[  181.841292][   T24] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 249ms
[  181.869964][   T24] gfs2: fsid=syz:syz.0: jid=0: Done
[  181.880044][ T8612] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  181.907023][ T8633] loop2: detected capacity change from 0 to 32768
[  181.981347][ T8633] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  182.285764][ T5976] IPVS: starting estimator thread 0...
[  182.291785][ T8651] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[  182.369541][ T8633] XFS (loop2): Ending clean mount
[  182.432508][ T8653] IPVS: using max 29 ests per chain, 69600 per kthread
[  182.493482][ T8633] XFS (loop2): Quotacheck needed: Please wait.
[  182.626718][ T8633] XFS (loop2): Quotacheck: Done.
[  182.870320][ T8632] loop1: detected capacity change from 0 to 262144
[  182.879949][ T8632] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.769 (8632)
[  182.899560][ T8632] BTRFS info (device loop1): first mount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  182.906527][ T5852] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  182.909748][ T8632] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm
[  182.930296][ T8632] BTRFS info (device loop1): using free-space-tree
[  183.012086][ T8670] netlink: 28 bytes leftover after parsing attributes in process `syz.5.779'.
[  183.284554][ T5842] BTRFS info (device loop1): last unmount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  183.365810][ T8685] loop3: detected capacity change from 0 to 512
[  183.373032][ T8685] EXT4-fs: Ignoring removed bh option
[  183.392397][ T8685] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  183.432615][ T8685] EXT4-fs (loop3): 1 truncate cleaned up
[  183.439968][ T8685] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  183.565755][ T5844] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  183.689013][ T8695] loop3: detected capacity change from 0 to 4096
[  183.706935][ T8695] ntfs3(loop3): Different NTFS sector size (2048) and media sector size (512).
[  183.782870][    T9] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  183.802713][ T5906] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  183.950190][ T8697] loop3: detected capacity change from 0 to 1024
[  183.965231][ T8697] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869)
[  183.977600][ T5906] usb 5-1: Using ep0 maxpacket: 8
[  183.982922][ T8697] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  183.993336][    T9] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  183.995653][ T5906] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  184.012352][    T9] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  184.015829][ T8697] EXT4-fs error (device loop3): ext4_get_journal_inode:5796: inode #32: comm syz.3.787: iget: special inode unallocated
[  184.038201][ T8697] EXT4-fs (loop3): Remounting filesystem read-only
[  184.045004][ T8697] EXT4-fs (loop3): no journal found
[  184.050358][ T8697] EXT4-fs (loop3): can't get journal size
[  184.057515][ T5906] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  184.067442][ T5906] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  184.072640][    T9] usb 3-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  184.077343][ T5906] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  184.096108][ T5906] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  184.107118][ T8697] EXT4-fs (loop3): filesystem is read-only
[  184.115056][ T8697] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  184.124009][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  184.127952][ T5906] usb 5-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  184.144193][ T5906] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  184.155067][ T5906] usb 5-1: config 0 descriptor??
[  184.189447][   T51] Bluetooth: hci5: urb ffff888053e9d600 submission failed (90)
[  184.210733][ T5844] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  184.230340][    T9] usb 3-1: Product: syz
[  184.240074][    T9] usb 3-1: Manufacturer: syz
[  184.253349][    T9] usb 3-1: SerialNumber: syz
[  184.265061][    T9] usb 3-1: config 0 descriptor??
[  184.280904][ T8691] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  184.288456][ T8691] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  184.524195][ T8691] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  184.531470][ T8691] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  184.570612][ T5846] usb 5-1: USB disconnect, device number 8
[  184.570639][ T8700] loop3: detected capacity change from 0 to 32768
[  184.633220][ T8700] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  184.734596][ T8700] XFS (loop3): Ending clean mount
[  184.745807][ T8700] XFS (loop3): Quotacheck needed: Please wait.
[  184.815234][ T8700] XFS (loop3): Quotacheck: Done.
[  184.899852][ T5844] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  185.020823][ T8687] loop5: detected capacity change from 0 to 65536
[  185.078184][ T8687] XFS (loop5): Mounting V5 Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[  185.218299][ T8687] XFS (loop5): Ending clean mount
[  185.256621][ T8687] XFS (loop5): Quotacheck needed: Please wait.
[  185.402920][ T8687] XFS (loop5): Quotacheck: Done.
[  185.444126][    T9] dm9601 3-1:0.0 (unnamed net_device) (uninitialized): MDIO read error: -71
[  185.491043][ T6752] XFS (loop5): Unmounting Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[  185.584014][    T9] dm9601 3-1:0.0 eth5: register 'dm9601' at usb-dummy_hcd.2-1, Davicom DM96xx USB 10/100 Ethernet, f0:86:73:e3:13:cb
[  185.615998][ T5906] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  185.638147][    T9] usb 3-1: USB disconnect, device number 8
[  185.646471][    T9] dm9601 3-1:0.0 eth5: unregister 'dm9601' usb-dummy_hcd.2-1, Davicom DM96xx USB 10/100 Ethernet
[  185.822502][ T5906] usb 2-1: Using ep0 maxpacket: 8
[  185.862430][ T5906] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  185.871515][ T5906] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  185.909758][ T5906] pvrusb2: Hardware description: Terratec Grabster AV400
[  185.927249][ T5906] pvrusb2: **********
[  185.937348][ T5906] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  185.958543][ T5906] pvrusb2: Important functionality might not be entirely working.
[  185.993857][ T5906] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  186.054086][ T5906] pvrusb2: **********
[  186.127628][ T2346] pvrusb2: Invalid write control endpoint
[  186.343965][ T8724] pvrusb2: Killing an I2C write to 0 that is too large (desired=62 limit=61)
[  186.381555][    T9] usb 2-1: USB disconnect, device number 13
[  186.413572][ T2346] pvrusb2: Invalid write control endpoint
[  186.419506][ T2346] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  186.465590][ T2346] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  186.489517][ T2346] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  186.511426][ T2346] pvrusb2: Device being rendered inoperable
[  186.540635][ T2346] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  186.562395][ T2346] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  186.573515][ T8759] loop3: detected capacity change from 0 to 1024
[  186.600000][ T2346] pvrusb2: Attached sub-driver cx25840
[  186.607870][ T8759] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  186.621662][ T8759] ext4 filesystem being mounted at /212/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  186.633181][ T2346] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  186.647014][   T30] kauditd_printk_skb: 6 callbacks suppressed
[  186.647028][   T30] audit: type=1800 audit(1752495208.013:39): pid=8759 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.807" name="file1" dev="loop3" ino=15 res=0 errno=0
[  186.670674][ T2346] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  186.715482][ T5844] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  186.734960][ T5906] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  186.905357][ T5906] usb 5-1: Using ep0 maxpacket: 32
[  186.936962][ T5906] usb 5-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  186.949031][ T8778] loop3: detected capacity change from 0 to 1764
[  186.984141][ T5906] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  186.995073][ T5906] usb 5-1: config 0 descriptor??
[  187.003619][ T5906] gspca_main: sunplus-2.14.0 probing 041e:400b
[  187.130451][ T8783] loop1: detected capacity change from 0 to 1024
[  187.182372][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[  187.252426][ T5976] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  187.316643][    T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!!
[  187.330073][ T8783] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  187.342381][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  187.452605][ T5976] usb 3-1: Using ep0 maxpacket: 16
[  187.554825][ T5842] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  187.642522][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[  187.650822][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[  187.704940][ T5976] usb 3-1: config 0 has no interfaces?
[  187.742773][ T5976] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  187.752507][ T5976] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  187.842405][ T5976] usb 3-1: Product: syz
[  187.894108][ T5976] usb 3-1: Manufacturer: syz
[  187.898772][ T5976] usb 3-1: SerialNumber: syz
[  187.912404][ T5906] gspca_sunplus: reg_w_riv err -71
[  187.932117][ T5906] sunplus 5-1:0.0: probe with driver sunplus failed with error -71
[  187.951802][ T5976] usb 3-1: config 0 descriptor??
[  187.969849][ T5906] usb 5-1: USB disconnect, device number 9
[  188.048405][ T8776] loop5: detected capacity change from 0 to 32768
[  188.090924][ T8776] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  188.191098][ T5976] usb 3-1: USB disconnect, device number 9
[  188.221693][ T8776] XFS (loop5): Ending clean mount
[  188.245353][ T8776] XFS (loop5): Quotacheck needed: Please wait.
[  188.290146][ T8776] XFS (loop5): Quotacheck: Done.
[  188.323498][ T6752] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  188.858477][ T8811] loop1: detected capacity change from 0 to 32768
[  188.916650][ T8811] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  188.961502][ T8823] loop5: detected capacity change from 0 to 2048
[  188.998777][   T30] audit: type=1804 audit(1752495210.363:40): pid=8811 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.827" name="/newroot/119/file1/bus" dev="loop1" ino=17058 res=1 errno=0
[  189.089448][   T30] audit: type=1800 audit(1752495210.453:41): pid=8823 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.825" name="file1" dev="loop5" ino=838 res=0 errno=0
[  189.322021][ T5842] ocfs2: Unmounting device (7,1) on (node local)
[  189.562703][ T8838] loop2: detected capacity change from 0 to 512
[  189.626217][ T8838] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  189.787822][ T8838] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  189.840209][ T8838] ext4 filesystem being mounted at /164/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  189.893625][ T8853] loop1: detected capacity change from 0 to 128
[  189.962075][ T8853] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  190.008694][ T8853] ext4 filesystem being mounted at /120/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  190.071117][ T8853] EXT4-fs error (device loop1): htree_dirblock_to_tree:1080: inode #2: block 4: comm syz.1.835: bad entry in directory: rec_len is smaller than minimal - offset=1012, inode=128, rec_len=9, size=1024 fake=0
[  190.106839][ T5852] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  190.146788][ T8853] EXT4-fs (loop1): Remounting filesystem read-only
[  190.267851][ T5842] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  190.386643][ T8863] loop5: detected capacity change from 0 to 4096
[  190.422686][ T8873] netlink: 8 bytes leftover after parsing attributes in process `syz.2.851'.
[  190.631717][ T8883] loop2: detected capacity change from 0 to 2048
[  190.639872][ T8883] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024)
[  190.652541][    T9] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  190.670894][ T8883] NILFS error (device loop2): nilfs_bmap_lookup_at_level: broken bmap (inode number=6)
[  190.681239][ T8885] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  190.691458][ T8883] Remounting filesystem read-only
[  190.815066][    T9] usb 5-1: Using ep0 maxpacket: 16
[  190.839031][    T9] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice=10.00
[  190.848451][ T5846] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  190.867008][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  190.879804][    T9] usb 5-1: Product: syz
[  190.884141][    T9] usb 5-1: Manufacturer: syz
[  190.888793][    T9] usb 5-1: SerialNumber: syz
[  190.901172][    T9] usb 5-1: config 0 descriptor??
[  190.931482][    T9] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected
[  190.950019][    T9] usb 5-1: Detected FT-X
[  191.027865][ T5846] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  191.052498][ T5846] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  191.077422][ T5938] kernel write not supported for file /snd/seq (pid: 5938 comm: kworker/0:6)
[  191.113162][ T5846] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  191.138132][    T9] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[  191.156066][ T5856] Bluetooth: hci1: command 0x0406 tx timeout
[  191.156894][ T5854] Bluetooth: hci3: command 0x0406 tx timeout
[  191.162107][ T5846] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  191.237175][ T5846] usb 4-1: SerialNumber: syz
[  191.341247][ T8888] loop5: detected capacity change from 0 to 32768
[  191.356217][ T8888] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.856 (8888)
[  191.390556][ T8888] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  191.412768][ T8888] BTRFS info (device loop5): using crc32c (crc32c-lib) checksum algorithm
[  191.429176][ T8888] BTRFS info (device loop5): using free-space-tree
[  191.480545][ T5846] usb 4-1: 0:2 : does not exist
[  191.514965][ T5846] usb 4-1: USB disconnect, device number 10
[  191.596407][    T9] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  191.668692][ T6752] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  191.804672][ T5906] usb 5-1: USB disconnect, device number 10
[  191.844740][ T5906] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  191.866635][ T5906] ftdi_sio 5-1:0.0: device disconnected
[  191.970426][ T8925] loop2: detected capacity change from 0 to 128
[  191.988808][ T8925] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  192.005555][ T8925] ext4 filesystem being mounted at /171/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  192.149872][ T5852] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  192.487477][ T8947] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  192.512582][ T8947] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  192.566119][ T8951] loop5: detected capacity change from 0 to 256
[  192.590508][ T8947] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  192.609778][ T8947] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  192.673677][ T8947] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  192.693500][ T8947] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  192.741919][ T8947] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  192.764199][ T8947] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  192.780514][ T8947] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  192.789071][ T8947] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  192.978320][   T30] audit: type=1326 audit(1752495214.343:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8962 comm="syz.1.880" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8469d8e929 code=0x0
[  192.999806][    C0] vkms_vblank_simulate: vblank timer overrun
[  193.051379][ T8974] loop2: detected capacity change from 0 to 128
[  193.107115][ T8974] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  193.145786][ T8974] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  193.191505][ T8976] loop4: detected capacity change from 0 to 4096
[  193.309212][ T8980] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  193.470153][ T8987] netlink: 24 bytes leftover after parsing attributes in process `syz.3.888'.
[  193.682437][ T5976] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  193.863325][ T9004] loop1: detected capacity change from 0 to 256
[  193.904594][ T5976] usb 3-1: Using ep0 maxpacket: 16
[  193.920241][ T5976] usb 3-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  193.929390][ T5976] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  193.938578][ T5976] usb 3-1: Product: syz
[  193.942851][ T5976] usb 3-1: Manufacturer: syz
[  193.947445][ T5976] usb 3-1: SerialNumber: syz
[  193.954877][ T5976] usb 3-1: config 0 descriptor??
[  194.022624][ T5846] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  194.162372][ T5938] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  194.200528][ T5846] usb 4-1: Using ep0 maxpacket: 8
[  194.209706][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[  194.217774][ T5846] usb 4-1: New USB device found, idVendor=061d, idProduct=c120, bcdDevice=e3.67
[  194.227351][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
[  194.237960][ T5846] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  194.260508][ T5846] usb 4-1: config 0 descriptor??
[  194.268058][ T5846] quatech2 4-1:0.0: Quatech 2nd gen USB to Serial Driver converter detected
[  194.324484][ T5938] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  194.332716][ T5938] usb 2-1: config 0 has no interface number 0
[  194.344565][ T5938] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  194.353910][ T5938] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  194.361912][ T5938] usb 2-1: Product: syz
[  194.377408][ T5976] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[  194.400116][ T5976] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  194.410697][ T5938] usb 2-1: Manufacturer: syz
[  194.420742][ T5938] usb 2-1: SerialNumber: syz
[  194.421316][ T5976] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[  194.440572][ T5976] usb 3-1: media controller created
[  194.443371][ T5938] usb 2-1: config 0 descriptor??
[  194.476313][ T5846] usb 4-1: qt2_attach - failed to power on unit: -71
[  194.486208][ T5846] quatech2 4-1:0.0: probe with driver quatech2 failed with error -71
[  194.499133][ T5846] usb 4-1: USB disconnect, device number 11
[  194.505984][ T5976] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  194.515308][ T5850] Bluetooth: hci1: command 0x0406 tx timeout
[  194.592745][ T5850] Bluetooth: hci3: command 0x0406 tx timeout
[  194.667783][ T5938] usb 2-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  194.714811][ T5938] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  194.729252][ T5938] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  194.746428][ T5938] usb 2-1: media controller created
[  194.753376][ T5850] Bluetooth: hci4: command 0x0405 tx timeout
[  194.816119][ T5938] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  194.832586][ T5850] Bluetooth: hci2: command 0x0c1a tx timeout
[  194.936239][ T5938] i2c i2c-2: ec100: i2c rd failed=-32 reg=33
[  194.962399][ T5906] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  195.067848][ T5850] Bluetooth: hci1: unexpected event for opcode 0x2035
[  195.077035][ T8985] dtv5100: wlen = 0, aborting.
[  195.084825][ T5976] zl10353_read_register: readreg error (reg=127, ret==0)
[  195.091912][ T5976] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[  195.102859][   T24] usb 5-1: new full-speed USB device number 11 using dummy_hcd
[  195.110514][ T5976] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[  195.123624][ T9007] ------------[ cut here ]------------
[  195.124069][ T5976] usb 3-1: USB disconnect, device number 10
[  195.129168][ T9007] usb 3-1: BOGUS control dir, pipe 80000a80 doesn't match bRequestType c0
[  195.146759][ T5906] usb 6-1: config 0 has an invalid interface number: 18 but max is 0
[  195.162637][ T5906] usb 6-1: config 0 has no interface number 0
[  195.164014][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  195.173049][ T5906] usb 6-1: New USB device found, idVendor=050d, idProduct=011b, bcdDevice=6f.a4
[  195.177427][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  195.209844][ T5906] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  195.222939][ T9007] WARNING: drivers/usb/core/urb.c:413 at usb_submit_urb+0x112b/0x1830, CPU#1: syz.1.895/9007
[  195.233220][ T9007] Modules linked in:
[  195.237404][ T9007] CPU: 1 UID: 0 PID: 9007 Comm: syz.1.895 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) 
[  195.248814][ T9007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  195.258963][ T9007] RIP: 0010:usb_submit_urb+0x112b/0x1830
[  195.265141][ T9007] Code: 0f b6 44 05 00 84 c0 0f 85 e8 05 00 00 45 0f b6 45 00 48 c7 c7 40 10 35 8c 48 8b 74 24 10 4c 89 fa 44 89 f1 e8 f6 5b 59 fa 90 <0f> 0b 90 90 49 bc 00 00 00 00 00 fc ff df e9 17 f4 ff ff 89 e9 80
[  195.285195][ T9007] RSP: 0018:ffffc900035c75f0 EFLAGS: 00010246
[  195.291252][ T9007] RAX: cc03523d5e4d0200 RBX: ffff88807567e600 RCX: 0000000000080000
[  195.299375][ T9007] RDX: ffffc90005043000 RSI: 0000000000002356 RDI: 0000000000002357
[  195.307433][ T9007] RBP: 1ffff1100f57f5c0 R08: ffffffff8fa29637 R09: 1ffffffff1f452c6
[  195.315639][ T9007] R10: dffffc0000000000 R11: fffffbfff1f452c7 R12: dffffc0000000000
[  195.323642][ T9007] R13: ffff88807abfae00 R14: 0000000080000a80 R15: ffff8880282e58e0
[  195.331598][ T9007] FS:  00007f846ac156c0(0000) GS:ffff888125ced000(0000) knlGS:0000000000000000
[  195.341031][ T9007] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  195.348228][ T9007] CR2: 00007f85cc0906ad CR3: 0000000078a6e000 CR4: 00000000003526f0
[  195.356479][ T9007] Call Trace:
[  195.359746][ T9007]  <TASK>
[  195.363111][ T9007]  usb_start_wait_urb+0x114/0x4c0
[  195.368757][ T9007]  ? __pfx_usb_start_wait_urb+0x10/0x10
[  195.374668][ T9007]  usb_control_msg+0x232/0x3e0
[  195.379421][ T9007]  dtv5100_i2c_msg+0x250/0x330
[  195.384225][ T9007]  dtv5100_i2c_xfer+0x1a4/0x3c0
[  195.389070][ T9007]  __i2c_transfer+0x874/0x2170
[  195.393884][ T9007]  ? i2c_transfer+0x11d/0x3a0
[  195.398560][ T9007]  ? __pfx___i2c_transfer+0x10/0x10
[  195.403811][ T9007]  ? rt_mutex_lock_nested+0x172/0x1e0
[  195.409184][ T9007]  ? i2c_transfer+0x11d/0x3a0
[  195.413875][ T9007]  i2c_transfer+0x25b/0x3a0
[  195.418367][ T9007]  ? __pfx_i2c_transfer+0x10/0x10
[  195.423424][ T9007]  ? __might_fault+0xb0/0x130
[  195.428095][ T9007]  i2c_transfer_buffer_flags+0x105/0x190
[  195.433747][ T9007]  ? __pfx_i2c_transfer_buffer_flags+0x10/0x10
[  195.439894][ T9007]  ? _copy_from_user+0x94/0xb0
[  195.444690][ T9007]  i2cdev_write+0x112/0x1b0
[  195.449188][ T9007]  vfs_writev+0x4b3/0x960
[  195.453578][ T9007]  ? __pfx_i2cdev_write+0x10/0x10
[  195.458601][ T9007]  ? __pfx_vfs_writev+0x10/0x10
[  195.463485][ T9007]  ? __fget_files+0x2a/0x420
[  195.468589][ T9007]  ? __fget_files+0x3a0/0x420
[  195.473765][ T9007]  ? __fget_files+0x2a/0x420
[  195.478356][ T9007]  do_writev+0x14d/0x2d0
[  195.482631][ T9007]  ? __pfx_do_writev+0x10/0x10
[  195.487376][ T9007]  ? rcu_is_watching+0x15/0xb0
[  195.492139][ T9007]  ? do_syscall_64+0xbe/0x3b0
[  195.496848][ T9007]  do_syscall_64+0xfa/0x3b0
[  195.501337][ T9007]  ? lockdep_hardirqs_on+0x9c/0x150
[  195.506568][ T9007]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  195.512638][ T9007]  ? clear_bhb_loop+0x60/0xb0
[  195.517296][ T9007]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  195.523195][ T9007] RIP: 0033:0x7f8469d8e929
[  195.527592][ T9007] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  195.547240][ T9007] RSP: 002b:00007f846ac15038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  195.555702][ T9007] RAX: ffffffffffffffda RBX: 00007f8469fb5fa0 RCX: 00007f8469d8e929
[  195.563686][ T9007] RDX: 0000000000000002 RSI: 0000200000000180 RDI: 0000000000000004
[  195.572104][ T9007] RBP: 00007f8469e10b39 R08: 0000000000000000 R09: 0000000000000000
[  195.580419][ T9007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  195.588412][ T9007] R13: 0000000000000000 R14: 00007f8469fb5fa0 R15: 00007ffec3e46cd8
[  195.596407][ T9007]  </TASK>
[  195.599416][ T9007] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  195.606672][ T9007] CPU: 1 UID: 0 PID: 9007 Comm: syz.1.895 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) 
[  195.618011][ T9007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  195.628043][ T9007] Call Trace:
[  195.631299][ T9007]  <TASK>
[  195.634209][ T9007]  dump_stack_lvl+0x99/0x250
[  195.638776][ T9007]  ? __asan_memcpy+0x40/0x70
[  195.643340][ T9007]  ? __pfx_dump_stack_lvl+0x10/0x10
[  195.648512][ T9007]  ? __pfx__printk+0x10/0x10
[  195.653087][ T9007]  vpanic+0x281/0x750
[  195.657045][ T9007]  ? __pfx__printk+0x10/0x10
[  195.661609][ T9007]  ? __pfx_vpanic+0x10/0x10
[  195.666085][ T9007]  ? is_bpf_text_address+0x292/0x2b0
[  195.671342][ T9007]  ? is_bpf_text_address+0x26/0x2b0
[  195.676520][ T9007]  panic+0xb9/0xc0
[  195.680217][ T9007]  ? __pfx_panic+0x10/0x10
[  195.684615][ T9007]  __warn+0x334/0x4c0
[  195.688570][ T9007]  ? usb_submit_urb+0x112b/0x1830
[  195.693587][ T9007]  ? usb_submit_urb+0x112b/0x1830
[  195.698587][ T9007]  report_bug+0x2be/0x4f0
[  195.702895][ T9007]  ? usb_submit_urb+0x112b/0x1830
[  195.707916][ T9007]  ? usb_submit_urb+0x112b/0x1830
[  195.712923][ T9007]  ? usb_submit_urb+0x112d/0x1830
[  195.717934][ T9007]  handle_bug+0x84/0x160
[  195.722163][ T9007]  exc_invalid_op+0x1a/0x50
[  195.726645][ T9007]  asm_exc_invalid_op+0x1a/0x20
[  195.731469][ T9007] RIP: 0010:usb_submit_urb+0x112b/0x1830
[  195.737080][ T9007] Code: 0f b6 44 05 00 84 c0 0f 85 e8 05 00 00 45 0f b6 45 00 48 c7 c7 40 10 35 8c 48 8b 74 24 10 4c 89 fa 44 89 f1 e8 f6 5b 59 fa 90 <0f> 0b 90 90 49 bc 00 00 00 00 00 fc ff df e9 17 f4 ff ff 89 e9 80
[  195.756661][ T9007] RSP: 0018:ffffc900035c75f0 EFLAGS: 00010246
[  195.762708][ T9007] RAX: cc03523d5e4d0200 RBX: ffff88807567e600 RCX: 0000000000080000
[  195.770653][ T9007] RDX: ffffc90005043000 RSI: 0000000000002356 RDI: 0000000000002357
[  195.778601][ T9007] RBP: 1ffff1100f57f5c0 R08: ffffffff8fa29637 R09: 1ffffffff1f452c6
[  195.786550][ T9007] R10: dffffc0000000000 R11: fffffbfff1f452c7 R12: dffffc0000000000
[  195.794497][ T9007] R13: ffff88807abfae00 R14: 0000000080000a80 R15: ffff8880282e58e0
[  195.802476][ T9007]  usb_start_wait_urb+0x114/0x4c0
[  195.807497][ T9007]  ? __pfx_usb_start_wait_urb+0x10/0x10
[  195.813026][ T9007]  usb_control_msg+0x232/0x3e0
[  195.817766][ T9007]  dtv5100_i2c_msg+0x250/0x330
[  195.822514][ T9007]  dtv5100_i2c_xfer+0x1a4/0x3c0
[  195.827349][ T9007]  __i2c_transfer+0x874/0x2170
[  195.832092][ T9007]  ? i2c_transfer+0x11d/0x3a0
[  195.836746][ T9007]  ? __pfx___i2c_transfer+0x10/0x10
[  195.841920][ T9007]  ? rt_mutex_lock_nested+0x172/0x1e0
[  195.847272][ T9007]  ? i2c_transfer+0x11d/0x3a0
[  195.851930][ T9007]  i2c_transfer+0x25b/0x3a0
[  195.856411][ T9007]  ? __pfx_i2c_transfer+0x10/0x10
[  195.861415][ T9007]  ? __might_fault+0xb0/0x130
[  195.866070][ T9007]  i2c_transfer_buffer_flags+0x105/0x190
[  195.871683][ T9007]  ? __pfx_i2c_transfer_buffer_flags+0x10/0x10
[  195.877817][ T9007]  ? _copy_from_user+0x94/0xb0
[  195.882562][ T9007]  i2cdev_write+0x112/0x1b0
[  195.887045][ T9007]  vfs_writev+0x4b3/0x960
[  195.891351][ T9007]  ? __pfx_i2cdev_write+0x10/0x10
[  195.896351][ T9007]  ? __pfx_vfs_writev+0x10/0x10
[  195.901181][ T9007]  ? __fget_files+0x2a/0x420
[  195.905752][ T9007]  ? __fget_files+0x3a0/0x420
[  195.910408][ T9007]  ? __fget_files+0x2a/0x420
[  195.914978][ T9007]  do_writev+0x14d/0x2d0
[  195.919194][ T9007]  ? __pfx_do_writev+0x10/0x10
[  195.923929][ T9007]  ? rcu_is_watching+0x15/0xb0
[  195.928668][ T9007]  ? do_syscall_64+0xbe/0x3b0
[  195.933323][ T9007]  do_syscall_64+0xfa/0x3b0
[  195.937802][ T9007]  ? lockdep_hardirqs_on+0x9c/0x150
[  195.942976][ T9007]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  195.949016][ T9007]  ? clear_bhb_loop+0x60/0xb0
[  195.953669][ T9007]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  195.959538][ T9007] RIP: 0033:0x7f8469d8e929
[  195.963933][ T9007] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  195.983515][ T9007] RSP: 002b:00007f846ac15038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  195.991912][ T9007] RAX: ffffffffffffffda RBX: 00007f8469fb5fa0 RCX: 00007f8469d8e929
[  195.999869][ T9007] RDX: 0000000000000002 RSI: 0000200000000180 RDI: 0000000000000004
[  196.007825][ T9007] RBP: 00007f8469e10b39 R08: 0000000000000000 R09: 0000000000000000
[  196.015775][ T9007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  196.023722][ T9007] R13: 0000000000000000 R14: 00007f8469fb5fa0 R15: 00007ffec3e46cd8
[  196.031677][ T9007]  </TASK>
[  196.034911][ T9007] Kernel Offset: disabled
[  196.039221][ T9007] Rebooting in 86400 seconds..