last executing test programs:

1.895660778s ago: executing program 2 (id=3689):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x4)
sendmsg$NFT_BATCH(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000160a0500000000000000000002000000300003802c00038004000100776732000000000000000000000000001400010076657468315f746f5f627269646765000900020073797a30000000000900010073"], 0x84}, 0x1, 0x0, 0x0, 0x40000}, 0x20008000)

1.805380325s ago: executing program 2 (id=3685):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={<r1=>0xffffffffffffffff})
r2 = dup2(r1, r0)
r3 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000140)={0xa000001d})
r4 = fcntl$dupfd(r2, 0x406, r3)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r4, &(0x7f0000001480)={0x4000200c})
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f0000000000)={0x2011})

1.707160899s ago: executing program 2 (id=3688):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
ioctl$SNDCTL_TMR_CONTINUE(0xffffffffffffffff, 0x5404)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f000001aa40)=""/102400, 0x19000)
r1 = io_uring_setup(0x177f, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0xfffffffd})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r2)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r3, 0x0)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
close_range(r1, 0xffffffffffffffff, 0x0)

545.60223ms ago: executing program 2 (id=3696):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)={0x4c, r1, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@ETHTOOL_A_FEATURES_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_hsr\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @ETHTOOL_A_FEATURES_WANTED={0x18, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}]}]}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x818}, 0x20000004)

531.571019ms ago: executing program 0 (id=3702):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_netdev_private(r0, 0x8946, &(0x7f0000000140)="a6cc04e2d8f1c38afbf14b29b86e3a")

453.980904ms ago: executing program 2 (id=3697):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x1, 0x0, 0x6}, 0x10)
sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000100)={0x14, 0x52, 0x101, 0x100000, 0x0, {0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x48000}, 0x40)
syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r0)

298.923272ms ago: executing program 0 (id=3699):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_VFIO_SET_IOMMU(r0, 0x3b66, 0x1)

298.365215ms ago: executing program 2 (id=3701):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000380)={[{@acl}, {@heartbeat_none}, {@err_ro}, {@coherency_full}, {@coherency_full}, {@localflocks}, {@intr}, {@noacl}]}, 0x1, 0x442a, &(0x7f0000008940)="$eJzs3c9PHGUfAPBnBvoW+rZ9oW8PfZM3cRObaNQQ6EmliZTSUmixptrGeNkusG3RhW1gMR56wFsTTyYejIdGE2+cGg5e65/gxWM9N9GDFxOTRszuzgIz7IaVsGDr53NgmOc3+5159pnD8MSJyp25pdzcUq6wkCvP3Fo6k/u4XFqeL4Z4nzTt/9D+9U97OnGdHPS190929fzFd2+cCeH72R+frK+vr4eq7tDU0Jbff/v13szWY0OcqVNtt3lre+WDEMLJbeOq6gohvP9dCFEI4VySNpoce0MIx0I978a9z27m9mg0Dx8Xz+afTt1fGz49ufpgrfXfHoXwVel/r92e//nFruGfXtmj7gEAAAAAAAAAAAAAAAAAeMaNX7t6/Z3BofAoCt2r0fb3dceTY6v3Y9f3zAud/2MBAAAAAAAAAAAAAAAAAADgb2rz/f9cdKLJ+/9jyXGkRf31tzo/Rjpn4u2rYxcGh5L936Nt+a8nSb+c6wr9TfZ9z+7/fi5Tv/n+79v72a3G+Br99oUoHkidx/HAQAjfJBu/n4qOxKXyUuXVW+Xlhdk9G8YzKx3/+u79qegkG/q3G//RTPud3///v9uupur5zb27xJ5r6fh3tSz37adRW/E/n6m3H/Fn99Lx766l9W4tMFKfAKrx/7x75/iPZdrvVPyPhxByUXWsudQMUF3DVNNbrVdIS8f/UC0tNXUmH2Sr+//3TPwvZNo/qPl/JftFRFPp+P+rltaTKrF5//fHO9//FzPtH0T8q+Nf8f3flnT8D9cTu1NFap9ku/P/eKb9TsX/epyM83iUugJWo3p6q/9XR1o6/j3b8jef/+K21n+XMvX36/mv0W/j+a8x/b8c1Z//aC4d/96W5dq9/ycy9To9/4/U1n/sVjr+R2pp6bVzX+1nu/GfzLTfqfjXViU9jfhvzid/HK6nf23915Z0/P9dT4y3llip/ayt/6Kd1/+XM+0fxPqvOv6VuLO9Pi/S8T/aslw1/j+08f1/JVOv8/EPYdBaf9fS8T/Wslzt/u/ZOf5TmXqdjv9LnWwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Bkwmhz7QhQPpM7jeGAghPPJ+alwJJouzOanS+WZj5ZCGEvSc+FEdLtUni6U8nML5dlivlAqlWdCuJDknww90VKpXMnPF+5e3GirN7pTLCxWpouFSghhPEn/fzjWaGt6rjJfuBtCuLSR95+4vHj3TmEhPzu3+Obg4OBgmNgYQ39U/KRSXKjUe6/nhjC5Ubcv2jK4WvbljbEcjT4sLy8uFEq19Ctb6pTKM4XSljpTSd4XoT+qLC4vzBQqxXypfLvR30EaSY5jE9feu3ZlaFv+zah+HN3fYQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwFz0afuPLEEJ3/SwOIYw0fomalX/4uHg2/3Tq/trw6cnVB2tPWpUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+JMdOBAAAAAAAPJ/bYSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoq7NIxSgNBFAbgN2Ohdh7DatntbFcU0cIVwRPoMTyMHsVLeIcUKdKmCIFkFsJmF7ZJqu9rHszPzHswDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHme3ruPt7qJSHG1uYz4+/pfHOYvpf7cj9+/OMOMnM7za/fwWDfl39NRfleOlm3epevV92eM1N7vYE+G+7TX97menGtq36bm6/veRMpVRLQlv005V9W8twAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyw4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRR9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPArAAD///4CHxA=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x141842, 0x1c2)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000200), 0xfea7)
copy_file_range(r1, 0x0, r0, 0x0, 0xffffffffa003e45c, 0x700000000000000)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x2)
pwrite64(r3, 0x0, 0x0, 0x8000c61)
lseek(r3, 0x8000, 0x3)

227.25781ms ago: executing program 1 (id=3703):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="6c00000002060104db406e3e0004000200000000100003006269746d61703a706f72740005000400000000000900020073797a32000000000500050000006c00050001000600000024000780080008400000137906000440fffff0000600054000000000080006"], 0x6c}}, 0x0)

227.097696ms ago: executing program 0 (id=3704):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.net/devices.allow\x00', 0x2, 0x48)
write$cgroup_devices(r0, &(0x7f0000000bc0)=ANY=[@ANYBLOB='b *:* \n|'], 0x8)

160.599379ms ago: executing program 1 (id=3705):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newtaction={0x78, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x64, 0x1, [@m_tunnel_key={0x60, 0x1, 0x0, 0x0, {{0xf}, {0x30, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0xd, @empty=0x1000000}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @loopback}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x78}}, 0x0)

160.194852ms ago: executing program 1 (id=3706):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x1c, 0x2, 0x3, 0x101, 0x0, 0x0, {0x7, 0x0, 0x8}, [@NFQA_CFG_FLAGS={0x8, 0x5, 0x1, 0x0, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000814}, 0x4000010)

157.309433ms ago: executing program 0 (id=3711):
syz_mount_image$vfat(&(0x7f0000000180), &(0x7f0000000040)='./bus\x00', 0x1a00040, &(0x7f00000000c0)={[{@rodir}, {@rodir}, {@rodir}, {@shortname_winnt}, {@shortname_win95}, {@shortname_winnt}, {@fat=@uid={'uid', 0x3d, 0xee00}}, {@utf8no}, {@utf8no}, {@iocharset={'iocharset', 0x3d, 'macinuit'}}, {@uni_xlate}, {@utf8no}]}, 0x3, 0x350, &(0x7f0000000280)="$eJzs3U9oW3UcAPBv9tKkHcz2IAwF4elN0LJWPOipZXQwzEUl+OcgBtepNHXQYLA7NKsX8Sh41JM3D3rwsLMIinjz4NUJMhUPutvA4ZMkL81Lk3adkM3i53MI331/329+v7c8mtfX5tdXV2LjwkxcvHHjeszOlqK8cnYlbpZiIZIYuBLjKhNyAMDxcDPL4s+s74gtpSkvCQCYst77/+unCpl3vz6sPvPuDwDHXv79/9xhNbMHDVyaypIAgCkbu///yMhwZfRH/eXCbwUAAMfV8y+9/MxqLeK5NJ2N2HyvXW/X4+nh+OrFeDOasR5nYj5uRfQvFLoPpd7jufO1tTNpmnbil4Wodzva9YjNTrvev1JYTXr91ViK+VjI+/OrjSzLknNf1NaW0p6IuNLpzR+bpXZ9Jk7m8/94MtZjOdK4f6w/4nxtbTnNn6C+OejvROwO71t0178Y8/H9a3EpmnEhur2Dy5ra2s5Smp7NaiP97Xq1V9d34B0QAAAAAAAAAAAAAAAAAAAAAAD4VxbTPQt7+99kw/17FhcnjPf2x+n35/sD7fb3B8qqWWTZH+88Xn8/iZH9gfbvz9Oul+PEvT10AAAAAAAAAAAAAAAAAAAA+M9obVei0Wyub7W2L28Ug85Wa/tERHQzb3372VdzMV5zm6Ccz1EYSvPU5Y1GlgyKs2SkJg+S7uSDzKdX91ZcrKnuHcXEZVQPHmo2Tz3880fDzEPJ4Jn/HtYkMfkAk33LKAab9/WXdCf/UXvB8m1qrmVZdlD7zivjXVGKKN/5C3d4kHWDb66/8cATrdNP9jJfZn2PPjb/wrUPP/lto9Hszhy9V7Cy1bqVbTTyf08+2Q4OksL5U4p+UCqeCeXD2ndHM43kh99ffPCD7442e1bMvD2hJukfzuf7hyr9oLvMfUNzk+aamXDyTyE4/fFK4+rOT78etavwRcJGHQAAAAAAAAAAAAAAAAAAcFcUPiueyz/sO3NY11PPTn9lAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHD3DP/+fyHYHcscJfirE+ND1fWtVkTlXh8mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/c/8EAAD//9HQbnk=")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000)

90.037422ms ago: executing program 1 (id=3707):
ioperm(0x2, 0x76b, 0x80)
prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0)

89.786574ms ago: executing program 0 (id=3708):
syz_open_dev$vim2m(&(0x7f0000000100), 0x80000000, 0x2)
r0 = syz_io_uring_setup(0x10d, &(0x7f00000000c0)={0x0, 0x138b, 0x100, 0x2, 0x3}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0})
io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0)

89.73755ms ago: executing program 1 (id=3709):
setresuid(0xee00, 0xee00, 0x0)
setfsgid(0xee01)

294.602µs ago: executing program 0 (id=3710):
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c6261636b67726f756e645f67633d6f6e2c6e6f757365725f78617474722c6e6f71756f74612c64697361626c655f726f6c6c5f666f72776172642c67635f6d657267652c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c6673796e635f6d6f64653d7374726963742c646973636172645f756e69743d73656374696f6e2c636865636b706f696e743d64697361626c652c6e6f696e6c696e655f64656e7472792c00ec6da92d1c80a6c720380e3c2c55bf27596d2776ce408c4bb19b149757508e1c7e919c6c2047023baa412d14fa75c8cac6e5f103e13ea52708af0a7c5da8af4ecb6612"], 0x2, 0x5505, &(0x7f0000002480)="$eJzs3M1rI2UYAPAn/djtfrgW8eBtBxahhU1o+rHoreoufmCXsurBk6ZJGrKbZEqTprUnDx7Fg/+JKHjy6N/gwbM38aB4E5TMTHXrBwhNm+3294PJM++bN888b1gWnpmSAC6s+eTXn0txI65ExHREXI/IzkvFkVnPwwsRcTMiph47SsX8nxOXIuJqRNwYJc9zloq3Pr89vLX201u/fPPd5ZlrX3z9/eR2DUzaixHR3cnP97t5TFt5fFjM14btLHZXh0XM3+g+KsZpHvebW1mG/drRuloWV1r5+nRnrz+K251afRRb7e1sfqeXX7A/bB3lyT7wsLabjRvNrSy2+2kWW4d5XQeH+f9th/1BnqdR5PsoSx+DwVHM55sHzXw/O4+yWO8Nivk8b9poHozisIjF5aKedhpZHVsn+aafbG+3e3sHybC522+nvWStUn2pUr1Tru6mjeaguVqudRt3VpOFVme0rDxo1rrrrTRtdZqVetpdTBZa9Xq5Wk0W7ja32rVeUq1WVipL5bXF4ux28vr995JOI1kYxVfbvb1Bu9NPttPdJP/EYrJcWXl5MblVTd7Z2Ew2H9y7t7H57gd337//ysabrxWL/lFWsrC8tLxcri6Vl6uLF2j/nxRFj3H/cCKlSRcAcP7o/4FJOL3+f/dBxOn3/6H/H4tz1f9e9P7/FPYPJ6L/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4sH6Y/fKN7GQ+H18r5p8ppp4rxqWImIqI3//FdFw6lnO6yDP7H+tn/1bDt6XIMoyucbk4rkbEenH89uxpfwsAAADw9Prq45uf5d16/jI/6YI4S/lNm6nrH44p31xEzM7/OKZsU6OX58eULPv3PRMHY8qW3cCaG1Oy/JbbzLiy/S/Tx8LcY6GUh6kzLQcAADgTxzuBs+1CAAAAOEufTroAJqMUR48yj54FZ395/9cDwSvHRgAAAMA5VJp0AQAAAMCpy/p/v/8HAAAAT7f89/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgD3bu5zZxIIoD8LPBC/tPi1Z731b2BmVsCXvcY0QBaYICciAtpAFqILeUEEGExyEQcYjksa1E3yc5k7HMjzcIDjMjDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KX7ar24vfp93TZnt28nz2gAAACAS7bVelH/M0v9r839782tn02/iIgyIi7N3Ufx6Sxz1ORUL8/fnD5fvarhLqJOOLzHpLm+RMSf5nr80fWnAAAAAB/XZrmap9l6+jMbuiD6lBZtym9/M+UVEVHNHjKllYe8X5nC6u/3OP5nSqsXsKaZwtKS2zhX2pvUP/fjqt30pClSU1582bHIbGMHAAB6NDpr+p2FAAAA0Kd/QxfAMIp43so8bgVOUtNs730+6wEAAADvUDF0AQAAAEDn6vl/T+f/7Z3/BwAAAMNI5/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQpW21XmyWq3nbnN2+nTyjAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCf25x0FQiAMwmDv+s5k7n9YadDU1KQKhI+/MRgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHjzu7/8n5gaZ5K518bS80iydmpsnRp758bRH8bXrwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuNiflxQIgSCIgjnjfyd9/8NKgp5BhAhoeFRRiwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvuh3v/yfmBpnkrnTxtLxSLJ21di6auw9aBw9GG//BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuNi5n9c4qjgA4G9mdra2Kq5R9hARBQ96sdttbe1NPCjBg3+CENJtjd36o83BliLm4k1y7kX0KCIo8db/IecEcom3HPYQwbMyszPZyQ9w/TWzST4fePO+Owzzvm8WQr7zXgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBp9PYkTrJDZxzHxbnNvYdLWb91qM88Xtuez1oWR3UmfTK8WP0QdZtLBAAAgLMjKev7EMJOur6Q9XEnr//T8pqs5v/26XFc1vOH6/6yL2v/rP3y8+7z+wN1xuNkN725PBxcOppK6/+b5Wx75i+vaOVPPn/3kuRfSPze6nOjNH+e0dcbG++08/BcHdkCAP/ExbIvgvL3oazvN5kYAGdGq1J4l/V/0mk2JwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA6jFbDk2UchRDmW5M4s7X3cOm4/vHa9nzZrj16tBa+nNwzu0UaQri5PBxcqnU2s+3e/Qe3F4fDwd36g5dCCE2N/lYx/dsfTHFxCI08H8F/FMTFlz0r+ZyMoMEfSgAAnEpp0bK6fiddX8jORXMh/PHdwfr/1Uocpqz/dz+8tlkdq1r/92ub4ezrrdz5tHfv/oPXl+8s3hrcGnz8xuX+m/0r169evd7L35X0vDEBAADg32kXrVr/x3NH1/8vVOIwZf3/2Tf9L6pjJer/Y00W/ZrOBAAA4Gx79uXff4uOOR+12+HzxZWVu/3xcf/z5fGxgVT/tnNFq9b/yVzTWQEAAAB1GK1GB9b/b1TiMOX6/1Pfv/Bj9Z5JCOF8sf5/cemT4Y36pjPT6vhz4qbnCAAAQLPOF626/p/m+//j/S0PcQjhtVfGcfFvAKeq/5N3v/qhOlZ1//+V+qY4k+Lu+HnkfTeEVrfpjAAAADjNnihaVuz/mq4vfPTThffb9v8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1O3PAAAA//9WwT6Z")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(r0, 0x4018f50b, &(0x7f0000000000)={0xfffffffc, 0x2110, 0x2})

0s ago: executing program 1 (id=3712):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f00000003c0), r0)
sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r0, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000000a40)={0x33, r1, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x100}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20}, 0x8080)

kernel console output (not intermixed with test programs):

-297e-477c-816d-cd80a5b93e5d
[  162.136791][ T8553] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[  162.141558][ T8553] BTRFS info (device loop2): using free-space-tree
[  162.511648][   T12] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared)
[  162.528817][ T8592] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1031'.
[  162.566498][ T5852] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  162.727747][ T8600] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1036'.
[  162.746281][ T8600] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1036'.
[  162.883068][ T8608] mmap: syz.0.1039 (8608) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  162.916561][ T8613] loop2: detected capacity change from 0 to 128
[  162.924828][ T8613] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (39871!=39978)
[  162.946495][ T8613] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 ro without journal. Quota mode: none.
[  162.956710][ T8613] EXT4-fs warning (device loop2): ext4_dirblock_csum_verify:375: inode #2: comm syz.2.1041: No space for directory leaf checksum. Please run e2fsck -D.
[  162.962108][ T8613] EXT4-fs error (device loop2): htree_dirblock_to_tree:1051: inode #2: comm syz.2.1041: Directory block failed checksum
[  163.055288][ T5852] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  163.391216][ T8640] loop2: detected capacity change from 0 to 512
[  163.421090][ T8640] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  164.634779][ T8702] netlink: 'syz.1.1078': attribute type 83 has an invalid length.
[  164.760123][   T51] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  164.849697][   T33] audit: type=1800 audit(1755608538.479:80): pid=8706 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz.1.1080" name="/newroot/453/file0" dev="tmpfs" ino=2360 res=0 errno=0
[  164.938672][   T51] usb 3-1: Using ep0 maxpacket: 32
[  164.943630][   T51] usb 3-1: config 9 has an invalid interface number: 152 but max is 0
[  164.946343][   T51] usb 3-1: config 9 has no interface number 0
[  164.958430][   T51] usb 3-1: config 9 interface 152 altsetting 10 bulk endpoint 0x4 has invalid maxpacket 1024
[  164.962054][   T51] usb 3-1: config 9 interface 152 altsetting 10 endpoint 0x8E has an invalid bInterval 204, changing to 11
[  164.973509][   T51] usb 3-1: config 9 interface 152 altsetting 10 endpoint 0x8E has invalid wMaxPacketSize 0
[  164.979942][   T51] usb 3-1: config 9 interface 152 altsetting 10 has an invalid descriptor for endpoint zero, skipping
[  164.986097][   T51] usb 3-1: config 9 interface 152 altsetting 10 has an invalid descriptor for endpoint zero, skipping
[  164.994803][   T51] usb 3-1: config 9 interface 152 altsetting 10 bulk endpoint 0xE has invalid maxpacket 64
[  164.998416][   T51] usb 3-1: config 9 interface 152 has no altsetting 0
[  165.005334][   T51] usb 3-1: New USB device found, idVendor=05ac, idProduct=021b, bcdDevice=93.21
[  165.015277][   T51] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  165.019335][   T51] usb 3-1: Product: syz
[  165.021060][   T51] usb 3-1: Manufacturer: syz
[  165.022900][   T51] usb 3-1: SerialNumber: syz
[  165.033249][ T8686] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  165.035948][ T8686] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  165.144865][ T8726] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1089'.
[  165.275842][   T51] appletouch 3-1:9.152: Failed to read mode from device.
[  165.280259][   T51] appletouch 3-1:9.152: probe with driver appletouch failed with error -5
[  165.291514][   T51] usb 3-1: USB disconnect, device number 17
[  166.071006][ T8756] loop2: detected capacity change from 0 to 32768
[  166.123286][ T8756] ocfs2: Mounting device (7,2) on (node local, slot 0) with writeback data mode.
[  166.209105][ T8756] (syz.2.1104,8756,1):ocfs2_check_set_options:1244 ERROR: Invalid heartbeat mount options
[  166.305660][   T33] audit: type=1326 audit(1755608539.929:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8773 comm="syz.1.1112" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bf2f8ebe9 code=0x7ffc0000
[  166.319726][   T33] audit: type=1326 audit(1755608539.929:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8773 comm="syz.1.1112" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bf2f8ebe9 code=0x7ffc0000
[  166.350240][   T33] audit: type=1326 audit(1755608539.929:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8773 comm="syz.1.1112" exe="/syz-executor" sig=0 arch=c000003e syscall=108 compat=0 ip=0x7f3bf2f8ebe9 code=0x7ffc0000
[  166.359887][   T33] audit: type=1326 audit(1755608539.929:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8773 comm="syz.1.1112" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bf2f8ebe9 code=0x7ffc0000
[  166.378642][   T33] audit: type=1326 audit(1755608539.929:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8773 comm="syz.1.1112" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bf2f8ebe9 code=0x7ffc0000
[  166.725461][ T8791] netlink: 'syz.1.1120': attribute type 1 has an invalid length.
[  167.135313][ T5852] ocfs2: Unmounting device (7,2) on (node local)
[  167.300708][ T8803] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  168.459495][ T8828] loop2: detected capacity change from 0 to 32768
[  168.476089][ T8828] bcachefs (/dev/loop2): error validating superblock: Invalid superblock section journal: journal bucket 1 before first bucket 32767
[  168.476089][ T8828] journal (size 40):
[  168.476089][ T8828] Buckets:  9 7 24 1
[  168.476089][ T8828] 
[  168.485463][ T8828] bcachefs: bch2_fs_get_tree() error: invalid_sb_journal
[  168.947262][ T8850] loop2: detected capacity change from 0 to 1024
[  169.561852][ T1090] hfsplus: b-tree write err: -5, ino 4
[  170.241090][ T8911] loop2: detected capacity change from 0 to 1024
[  170.796144][ T8933] overlayfs: failed to clone upperpath
[  171.458609][   T51] IPVS: starting estimator thread 0...
[  171.559489][ T8946] IPVS: using max 37 ests per chain, 88800 per kthread
[  171.569370][ T8949] overlayfs: failed to clone upperpath
[  171.833940][ T8961] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.1195'.
[  172.305731][ T8977] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1202'.
[  174.339414][ T9040] loop2: detected capacity change from 0 to 4096
[  174.392107][ T9040] ntfs3(loop2): ino=19, mi_enum_attr
[  174.394063][ T9040] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[  174.409317][ T9040] ntfs3(loop2): try to read out of volume at offset 0x3fffffc7000
[  174.412045][ T9040] ntfs3(loop2): ino=21, The size of extended attributes must not exceed 64KiB
[  179.551878][ T9164] pim6reg1: entered promiscuous mode
[  179.554113][ T9164] pim6reg1: entered allmulticast mode
[  179.938379][ T5920] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  180.088403][ T5920] usb 3-1: Using ep0 maxpacket: 16
[  180.094505][ T5920] usb 3-1: config 5 has an invalid interface number: 206 but max is 0
[  180.097741][ T5920] usb 3-1: config 5 has no interface number 0
[  180.101371][ T5920] usb 3-1: config 5 interface 206 has no altsetting 0
[  180.109258][ T5920] usb 3-1: New USB device found, idVendor=1a0a, idProduct=0103, bcdDevice=60.44
[  180.112679][ T5920] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  180.115725][ T5920] usb 3-1: Product: syz
[  180.117283][ T5920] usb 3-1: Manufacturer: syz
[  180.123554][ T5920] usb 3-1: SerialNumber: syz
[  180.356307][ T5920] usb_ehset_test 3-1:5.206: probe with driver usb_ehset_test failed with error -32
[  180.365996][ T5920] usb 3-1: USB disconnect, device number 18
[  180.965470][ T9226] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1309'.
[  180.980610][ T9226] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1309'.
[  181.055851][ T9228] netlink: 'syz.1.1310': attribute type 9 has an invalid length.
[  181.525837][   T33] audit: type=1800 audit(1755608555.139:86): pid=9237 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1312" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  182.358134][ T9251] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[  182.360000][ T9252] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1320'.
[  182.415639][ T9252] team_slave_0: entered promiscuous mode
[  182.418273][ T9252] team_slave_1: entered promiscuous mode
[  182.425770][ T9252] macsec1: entered promiscuous mode
[  182.435026][ T9252] team0: entered promiscuous mode
[  182.443299][ T9252] macsec1: entered allmulticast mode
[  182.447615][ T9252] team0: entered allmulticast mode
[  182.451540][ T9252] team_slave_0: entered allmulticast mode
[  182.457511][ T9252] team_slave_1: entered allmulticast mode
[  182.473842][ T9252] team0: Device macsec1 is already an upper device of the team interface
[  182.497296][ T9252] team0: left allmulticast mode
[  182.499947][ T9252] team_slave_0: left allmulticast mode
[  182.502426][ T9252] team_slave_1: left allmulticast mode
[  182.507702][ T9252] team0: left promiscuous mode
[  182.511713][ T9252] team_slave_0: left promiscuous mode
[  182.513618][ T9252] team_slave_1: left promiscuous mode
[  182.829355][   T24] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  183.011516][   T24] usb 3-1: Using ep0 maxpacket: 16
[  183.015656][   T24] usb 3-1: config 8 has an invalid interface number: 39 but max is 0
[  183.023211][   T24] usb 3-1: config 8 has no interface number 0
[  183.027962][   T24] usb 3-1: config 8 interface 39 altsetting 1 has an endpoint descriptor with address 0xDF, changing to 0x8F
[  183.035182][   T24] usb 3-1: config 8 interface 39 altsetting 1 endpoint 0x8F has invalid wMaxPacketSize 0
[  183.048433][   T24] usb 3-1: config 8 interface 39 altsetting 1 bulk endpoint 0x8F has invalid maxpacket 0
[  183.052315][   T24] usb 3-1: config 8 interface 39 has no altsetting 0
[  183.057375][   T24] usb 3-1: New USB device found, idVendor=05ac, idProduct=c704, bcdDevice=62.77
[  183.063125][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  183.066445][   T24] usb 3-1: Product: syz
[  183.068158][   T24] usb 3-1: Manufacturer: syz
[  183.070499][   T24] usb 3-1: SerialNumber: syz
[  183.274054][ T9297] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1342'.
[  183.294910][   T24] ipheth 3-1:8.39: ipheth_get_macaddr: usb_control_msg: -71
[  183.297846][ T9297] macvtap1: entered allmulticast mode
[  183.298137][   T24] ipheth 3-1:8.39: probe with driver ipheth failed with error -71
[  183.302053][ T9297] netdevsim netdevsim0 netdevsim0: entered allmulticast mode
[  183.313495][ T9297] netdevsim netdevsim0 netdevsim0: left allmulticast mode
[  183.321473][   T24] usb 3-1: USB disconnect, device number 19
[  184.173914][ T9331] netlink: 384 bytes leftover after parsing attributes in process `syz.2.1359'.
[  184.231324][ T9333] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1358'.
[  184.331610][ T9339] loop2: detected capacity change from 0 to 512
[  184.341283][ T9339] EXT4-fs warning (device loop2): ext4_multi_mount_protect:329: MMP interval 2680 higher than expected, please wait.
[  184.341283][ T9339] 
[  184.346260][ T9339] EXT4-fs warning (device loop2): ext4_multi_mount_protect:332: MMP startup interrupted, failing mount
[  184.346260][ T9339] 
[  184.448004][ T9345] netlink: 'syz.2.1365': attribute type 1 has an invalid length.
[  184.453100][ T9345] netlink: 236 bytes leftover after parsing attributes in process `syz.2.1365'.
[  184.489966][ T9347] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1366'.
[  184.560104][ T9329] Process accounting resumed
[  185.347409][ T9377] (unnamed net_device) (uninitialized): option arp_validate: mode dependency failed, not supported in mode balance-alb(6)
[  186.471667][ T9393] loop2: detected capacity change from 0 to 128
[  187.276945][ T9407] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1392'.
[  187.831236][ T9428] loop2: detected capacity change from 0 to 512
[  187.853049][ T9428] EXT4-fs: Ignoring removed i_version option
[  187.862491][ T9428] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  187.884267][ T9428] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  187.906180][ T9428] EXT4-fs (loop2): 1 truncate cleaned up
[  187.910846][ T9428] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  188.029499][ T9432] C: renamed from team_slave_0
[  188.035969][ T9432] netlink: 'syz.0.1403': attribute type 1 has an invalid length.
[  188.038917][ T9432] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1403'.
[  188.042055][ T9432] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  188.303481][   T33] audit: type=1804 audit(1755608561.929:87): pid=9434 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1402" name="/newroot/321/bus/bus" dev="loop2" ino=18 res=1 errno=0
[  188.473328][   T33] audit: type=1326 audit(1755608562.079:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9445 comm="syz.0.1409" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ffb32b8ebe9 code=0x0
[  189.164199][   T33] audit: type=1326 audit(1755608562.789:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9448 comm="syz.1.1410" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bf2f8ebe9 code=0x7ffc0000
[  189.172299][   T33] audit: type=1326 audit(1755608562.789:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9448 comm="syz.1.1410" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bf2f8ebe9 code=0x7ffc0000
[  189.222843][ T9451] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1411'.
[  189.332176][ T9455] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1413'.
[  189.450289][ T9465] cgroup: Need name or subsystem set
[  190.885868][ T5235] Bluetooth: hci1: command 0x0406 tx timeout
[  190.888786][ T5235] Bluetooth: hci0: command 0x0406 tx timeout
[  190.945923][ T5852] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  191.651919][ T9513] loop2: detected capacity change from 0 to 32768
[  191.798089][ T9530] loop2: detected capacity change from 0 to 1024
[  191.878044][ T9530] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  191.889117][ T9530] ext4 filesystem being mounted at /326/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  191.911267][ T9530] EXT4-fs error (device loop2): ext4_map_blocks:814: inode #15: block 3: comm syz.2.1447: lblock 3 mapped to illegal pblock 3 (length 13)
[  191.921348][ T9530] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117
[  191.926328][ T9530] EXT4-fs (loop2): This should not happen!! Data will be lost
[  191.926328][ T9530] 
[  191.962107][ T5852] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  192.026264][ T9537] netlink: 100 bytes leftover after parsing attributes in process `syz.2.1449'.
[  192.249444][ T5859] Bluetooth: hci1: unexpected event for opcode 0x2011
[  192.390764][ T9558] loop2: detected capacity change from 0 to 8
[  192.394319][ T9558] MTD: Attempt to mount non-MTD device "/dev/loop2"
[  192.406595][ T9558] cramfs: Error -3 while decompressing!
[  192.411170][ T9558] cramfs: ffffffff99beb642(26)->ffff88803741d000(4096)
[  192.414442][ T9558] cramfs: Error -3 while decompressing!
[  192.416641][ T9558] cramfs: ffffffff99beb65c(16)->ffff88803741b000(4096)
[  192.420003][ T9558] cramfs: Error -3 while decompressing!
[  192.422363][ T9558] cramfs: ffffffff99beb642(26)->ffff88803741d000(4096)
[  192.430681][   T33] audit: type=1800 audit(1755608566.059:91): pid=9558 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1457" name="file2" dev="loop2" ino=348 res=0 errno=0
[  192.647026][ T9568] 9pnet: p9_errstr2errno: server reported unknown error @΂00000000000000000005
[  192.894386][ T9573] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1464'.
[  193.906585][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[  193.908931][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[  193.985014][ T5906] IPVS: starting estimator thread 0...
[  194.105942][ T9587] IPVS: using max 61 ests per chain, 146400 per kthread
[  194.177420][ T9593] IPv6: sit1: Disabled Multicast RS
[  194.197650][ T9595] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1471'.
[  194.334115][ T9605] netlink: 'syz.2.1476': attribute type 3 has an invalid length.
[  194.798429][   T24] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  195.261403][   T24] usb 3-1: Using ep0 maxpacket: 32
[  195.265305][   T24] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  195.268510][   T24] usb 3-1: config 0 has no interface number 0
[  195.270839][   T24] usb 3-1: config 0 interface 1 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[  195.274833][   T24] usb 3-1: config 0 interface 1 has no altsetting 0
[  195.283613][   T24] usb 3-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a
[  195.287130][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  195.290199][   T24] usb 3-1: Product: syz
[  195.291826][   T24] usb 3-1: Manufacturer: syz
[  195.293684][   T24] usb 3-1: SerialNumber: syz
[  195.301077][   T24] usb 3-1: config 0 descriptor??
[  195.510714][   T24] cx231xx 3-1:0.1: New device syz syz @ 480 Mbps (0572:58a5) with 1 interfaces
[  195.514936][   T24] cx231xx 3-1:0.1: Not found matching IAD interface
[  195.518531][   T24] usb 3-1: USB disconnect, device number 20
[  195.683398][ T9660] netlink: 'syz.1.1499': attribute type 21 has an invalid length.
[  195.686016][ T9660] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1499'.
[  196.300902][ T5859] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  196.304778][ T5859] Bluetooth: hci1: Injecting HCI hardware error event
[  196.313487][ T5854] Bluetooth: hci1: hardware error 0x00
[  197.860246][ T9714] overlayfs: maximum fs stacking depth exceeded
[  198.031577][ T9734] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  198.378743][ T5854] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  199.376415][ T9777] loop2: detected capacity change from 0 to 32768
[  199.445878][ T9777] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  199.473283][ T9777] XFS (loop2): Ending clean mount
[  199.484770][ T9777] XFS (loop2): Quotacheck needed: Please wait.
[  199.521538][ T9777] XFS (loop2): Quotacheck: Done.
[  199.546153][   T33] audit: type=1800 audit(1755608573.169:92): pid=9777 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1554" name="file1" dev="loop2" ino=6150 res=0 errno=0
[  199.563805][   T33] audit: type=1800 audit(1755608573.179:93): pid=9777 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1554" name="file1" dev="loop2" ino=6150 res=0 errno=0
[  199.815458][ T5852] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  200.938886][ T9796] netlink: 'syz.0.1558': attribute type 12 has an invalid length.
[  200.943140][ T9796] netlink: 9472 bytes leftover after parsing attributes in process `syz.0.1558'.
[  201.417584][ T9814] loop2: detected capacity change from 0 to 128
[  201.440937][ T9814] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 ro without journal. Quota mode: writeback.
[  201.486390][ T5852] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  201.621929][ T9821] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  201.788346][ T5905] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  201.827043][ T9831] ip6erspan0: entered promiscuous mode
[  201.940129][ T5905] usb 3-1: config 220 has an invalid interface number: 76 but max is 2
[  201.944574][ T5905] usb 3-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  201.948110][ T5905] usb 3-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  202.102717][ T5905] usb 3-1: config 220 has no interface number 2
[  202.276195][ T5905] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  202.284254][ T5905] usb 3-1: config 220 interface 0 has no altsetting 0
[  202.287086][ T5905] usb 3-1: config 220 interface 76 has no altsetting 0
[  202.290057][ T5905] usb 3-1: config 220 interface 1 has no altsetting 0
[  202.296498][ T5905] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  202.300443][ T5905] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  202.304247][ T5905] usb 3-1: Product: syz
[  202.306088][ T5905] usb 3-1: Manufacturer: syz
[  202.308338][ T5905] usb 3-1: SerialNumber: syz
[  203.010869][ T5905] usb 3-1: selecting invalid altsetting 0
[  203.014289][ T5905] usb 3-1: Found UVC 7.01 device syz (8086:0b07)
[  203.016868][ T5905] usb 3-1: No valid video chain found.
[  203.045791][ T5905] usb 3-1: selecting invalid altsetting 0
[  203.048895][ T5905] usbtest 3-1:220.1: probe with driver usbtest failed with error -22
[  203.059392][ T5905] usb 3-1: USB disconnect, device number 21
[  203.626845][ T9860] loop2: detected capacity change from 0 to 32768
[  203.652731][ T9860] ERROR: (device loop2): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 4
[  203.652731][ T9860] 
[  203.661875][ T9860] ERROR: (device loop2): remounting filesystem as read-only
[  203.665170][ T9860] ERROR: (device loop2): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 4
[  203.665170][ T9860] 
[  204.228942][ T5905] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  204.438483][ T5905] usb 3-1: Using ep0 maxpacket: 8
[  204.443053][ T5905] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  204.446826][ T5905] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  204.453571][ T5905] usb 3-1: config 0 descriptor??
[  204.907703][ T9886] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1594'.
[  205.124768][ T9903] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1603'.
[  205.134352][ T9903] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1603'.
[  205.140754][ T5905] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[  205.149443][ T5905] asix 3-1:0.0: probe with driver asix failed with error -32
[  205.239841][ T9909] netlink: 'syz.0.1604': attribute type 1 has an invalid length.
[  205.263369][   T24] usb 3-1: USB disconnect, device number 22
[  205.265194][ T9909] 8021q: adding VLAN 0 to HW filter on device bond1
[  205.669761][ T9921] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1609'.
[  206.283620][ T9928] syzkaller0: entered promiscuous mode
[  206.289449][ T9928] syzkaller0: entered allmulticast mode
[  210.527447][T10016] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1649'.
[  210.530554][T10016] unsupported nlmsg_type 40
[  210.563697][T10018] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1650'.
[  210.744977][T10024] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.1652'.
[  210.863725][T10032] loop2: detected capacity change from 0 to 1764
[  211.101560][T10051] netlink: 'syz.2.1666': attribute type 29 has an invalid length.
[  211.106526][T10051] netlink: 'syz.2.1666': attribute type 29 has an invalid length.
[  212.180804][T10089] loop2: detected capacity change from 0 to 512
[  212.188571][T10089] EXT4-fs (loop2): first meta block group too large: 524287 (group descriptor block count 1)
[  213.644527][T10111] veth3: entered allmulticast mode
[  213.651498][T10113] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1692'.
[  213.874117][T10127] loop2: detected capacity change from 0 to 512
[  213.911087][T10127] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #15: comm syz.2.1697: iget: bad i_size value: 38620345925642
[  213.925972][T10127] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.1697: couldn't read orphan inode 15 (err -117)
[  213.932338][T10127] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  214.004457][   T33] audit: type=1326 audit(1755608587.629:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10131 comm="syz.0.1700" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb32b8ebe9 code=0x7ffc0000
[  214.029297][   T33] audit: type=1326 audit(1755608587.629:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10131 comm="syz.0.1700" exe="/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7ffb32b8ebe9 code=0x7ffc0000
[  214.037549][   T33] audit: type=1326 audit(1755608587.629:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10131 comm="syz.0.1700" exe="/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7ffb32b8ec23 code=0x7ffc0000
[  214.060201][T10137] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm syz.2.1697: bg 0: block 5: invalid block bitmap
[  214.082926][T10137] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 660 with error 28
[  214.098317][   T33] audit: type=1326 audit(1755608587.629:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10131 comm="syz.0.1700" exe="/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7ffb32b8ec23 code=0x7ffc0000
[  214.106389][   T33] audit: type=1326 audit(1755608587.629:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10131 comm="syz.0.1700" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb32b8ebe9 code=0x7ffc0000
[  214.130342][T10137] EXT4-fs (loop2): This should not happen!! Data will be lost
[  214.130342][T10137] 
[  214.133389][T10137] EXT4-fs (loop2): Total free blocks count 0
[  214.133567][   T33] audit: type=1326 audit(1755608587.629:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10131 comm="syz.0.1700" exe="/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7ffb32b8ebe9 code=0x7ffc0000
[  214.135352][T10137] EXT4-fs (loop2): Free/Dirty block details
[  214.147517][   T33] audit: type=1326 audit(1755608587.629:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10131 comm="syz.0.1700" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb32b8ebe9 code=0x7ffc0000
[  214.171163][T10137] EXT4-fs (loop2): free_blocks=0
[  214.173107][T10137] EXT4-fs (loop2): dirty_blocks=664
[  214.175086][T10137] EXT4-fs (loop2): Block reservation details
[  214.177326][T10137] EXT4-fs (loop2): i_reserved_data_blocks=664
[  214.274496][ T3019] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 660 with max blocks 4 with error 28
[  215.329130][T10172] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  215.575269][T10170] ubi31: attaching mtd0
[  215.581432][T10170] ubi31: scanning is finished
[  215.583165][T10170] ubi31: empty MTD device detected
[  215.647180][T10177] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1714'.
[  215.667090][T10170] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  215.670338][T10170] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  215.673280][T10170] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  215.676257][T10170] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  215.679583][T10170] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  215.682310][T10170] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  215.685511][T10170] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 744783192
[  215.689781][T10170] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  215.698566][T10178] ubi31: background thread "ubi_bgt31d" started, PID 10178
[  215.897562][T10188] loop2: detected capacity change from 0 to 8
[  215.986773][T10194] loop2: detected capacity change from 0 to 128
[  216.029335][T10194] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  216.035258][T10194] ext4 filesystem being mounted at /396/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  216.082700][T10194] EXT4-fs error (device loop2): dx_make_map:1296: inode #2: block 20: comm syz.2.1722: bad entry in directory: inode out of bounds - offset=988, inode=128, rec_len=36, size=1024 fake=1
[  216.099698][T10194] EXT4-fs (loop2): Remounting filesystem read-only
[  216.126710][ T5852] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  217.061178][T10206] loop2: detected capacity change from 0 to 40427
[  217.077151][T10206] F2FS-fs (loop2): build fault injection rate: 690
[  217.109218][T10206] F2FS-fs (loop2): invalid crc value
[  217.154744][T10206] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  217.161488][T10206] F2FS-fs (loop2): Start checkpoint disabled!
[  217.167302][T10206] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  217.187150][   T32] kworker/u9:1: attempt to access beyond end of device
[  217.187150][   T32] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  217.192770][   T32] CPU: 0 UID: 0 PID: 32 Comm: kworker/u9:1 Not tainted syzkaller #0 PREEMPT(full) 
[  217.192790][   T32] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  217.192798][   T32] Workqueue: writeback wb_workfn (flush-7:2)
[  217.192822][   T32] Call Trace:
[  217.192828][   T32]  <TASK>
[  217.192833][   T32]  dump_stack_lvl+0x189/0x250
[  217.192856][   T32]  ? __pfx_dump_stack_lvl+0x10/0x10
[  217.192871][   T32]  ? __pfx_queue_work_on+0x10/0x10
[  217.192884][   T32]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  217.192902][   T32]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  217.192927][   T32]  f2fs_handle_critical_error+0x37c/0x540
[  217.192954][   T32]  f2fs_write_end_io+0x886/0xb60
[  217.192982][   T32]  __submit_merged_bio+0x27a/0x6a0
[  217.193006][   T32]  __submit_merged_write_cond+0x255/0x530
[  217.193029][   T32]  f2fs_write_data_pages+0x261d/0x3000
[  217.193077][   T32]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  217.193105][   T32]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  217.193156][   T32]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  217.193174][   T32]  ? look_up_lock_class+0x74/0x170
[  217.193201][   T32]  ? trace_f2fs_writepages+0x7f/0x200
[  217.193218][   T32]  ? f2fs_write_node_pages+0x478/0x6e0
[  217.193239][   T32]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  217.193266][   T32]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  217.193287][   T32]  do_writepages+0x32e/0x550
[  217.193311][   T32]  ? reacquire_held_locks+0x127/0x1d0
[  217.193325][   T32]  ? writeback_sb_inodes+0x384/0x1010
[  217.193352][   T32]  __writeback_single_inode+0x145/0xff0
[  217.193369][   T32]  ? do_raw_spin_unlock+0x4d/0x240
[  217.193424][   T32]  writeback_sb_inodes+0x6c7/0x1010
[  217.193462][   T32]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  217.193514][   T32]  ? rcu_is_watching+0x15/0xb0
[  217.193538][   T32]  wb_writeback+0x43b/0xaf0
[  217.193560][   T32]  ? queue_io+0x321/0x590
[  217.193580][   T32]  ? __pfx_wb_writeback+0x10/0x10
[  217.193601][   T32]  ? _raw_spin_unlock_irq+0x23/0x50
[  217.193621][   T32]  wb_workfn+0x409/0xef0
[  217.193648][   T32]  ? __pfx_wb_workfn+0x10/0x10
[  217.193667][   T32]  ? __lock_acquire+0xab9/0xd20
[  217.193724][   T32]  ? process_scheduled_works+0x9ef/0x17b0
[  217.193743][   T32]  ? _raw_spin_unlock_irq+0x23/0x50
[  217.193758][   T32]  ? process_scheduled_works+0x9ef/0x17b0
[  217.193769][   T32]  ? process_scheduled_works+0x9ef/0x17b0
[  217.193784][   T32]  process_scheduled_works+0xae1/0x17b0
[  217.193818][   T32]  ? __pfx_process_scheduled_works+0x10/0x10
[  217.193844][   T32]  worker_thread+0x8a0/0xda0
[  217.193878][   T32]  kthread+0x711/0x8a0
[  217.193897][   T32]  ? __pfx_worker_thread+0x10/0x10
[  217.193908][   T32]  ? __pfx_kthread+0x10/0x10
[  217.193923][   T32]  ? _raw_spin_unlock_irq+0x23/0x50
[  217.193937][   T32]  ? lockdep_hardirqs_on+0x9c/0x150
[  217.193950][   T32]  ? __pfx_kthread+0x10/0x10
[  217.193965][   T32]  ret_from_fork+0x3fc/0x770
[  217.193981][   T32]  ? __pfx_ret_from_fork+0x10/0x10
[  217.193999][   T32]  ? __switch_to_asm+0x39/0x70
[  217.194015][   T32]  ? __switch_to_asm+0x33/0x70
[  217.194028][   T32]  ? __pfx_kthread+0x10/0x10
[  217.194044][   T32]  ret_from_fork_asm+0x1a/0x30
[  217.194072][   T32]  </TASK>
[  217.197550][   T32] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  217.746737][T10242] bridge0: port 2(bridge_slave_1) entered disabled state
[  218.326578][T10255] syz_tun: entered allmulticast mode
[  218.332263][T10254] syz_tun: left allmulticast mode
[  218.785649][T10266] loop2: detected capacity change from 0 to 32768
[  218.841940][T10266] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  218.894215][T10266] XFS (loop2): Ending clean mount
[  218.907735][T10266] XFS (loop2): Quotacheck needed: Please wait.
[  218.948130][T10266] XFS (loop2): Quotacheck: Done.
[  219.545944][   T33] audit: type=1800 audit(1755608593.049:101): pid=10289 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1751" name="file1" dev="overlay" ino=9286 res=0 errno=0
[  219.818457][ T5920] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  219.948628][ T5920] usb 3-1: device descriptor read/64, error -71
[  220.192766][ T5920] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  220.318468][ T5920] usb 3-1: device descriptor read/64, error -71
[  220.428800][ T5920] usb usb3-port1: attempt power cycle
[  220.782476][ T5920] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  220.812114][ T5920] usb 3-1: device descriptor read/8, error -71
[  220.938838][T10318] tipc: Started in network mode
[  220.941073][T10318] tipc: Node identity 2, cluster identity 4711
[  220.943479][T10318] tipc: Node number set to 2
[  220.946583][T10318] tipc: Cannot configure node identity twice
[  221.048384][ T5920] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  221.069181][ T5920] usb 3-1: device descriptor read/8, error -71
[  221.187842][ T5920] usb usb3-port1: unable to enumerate USB device
[  221.224560][T10328] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1776'.
[  221.641402][ T5852] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  222.576865][T10359] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1791'.
[  222.827189][T10348] syz.2.1786 (10348): drop_caches: 2
[  222.949585][T10371] netlink: 84 bytes leftover after parsing attributes in process `syz.0.1797'.
[  222.953080][T10372] sch_fq: defrate 4294967295 ignored.
[  223.001694][T10376] loop2: detected capacity change from 0 to 256
[  223.072781][T10380] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1802'.
[  223.076201][T10380] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1802'.
[  223.502070][T10395] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  223.505068][T10395] IPv6: NLM_F_CREATE should be set when creating new route
[  223.628799][T10398] sctp: [Deprecated]: syz.1.1809 (pid 10398) Use of int in max_burst socket option deprecated.
[  223.628799][T10398] Use struct sctp_assoc_value instead
[  223.761720][T10406] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1813'.
[  223.767735][T10406] sock: sock_set_timeout: `syz.0.1813' (pid 10406) tries to set negative timeout
[  223.960867][T10416] dvmrp0: entered allmulticast mode
[  224.663535][T10432] vlan2: entered promiscuous mode
[  224.670368][T10432] bridge0: entered promiscuous mode
[  225.008537][   T97] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  225.163539][   T97] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  225.166867][   T97] usb 3-1: config 0 has no interface number 0
[  225.172954][   T97] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  225.176575][   T97] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  225.180556][   T97] usb 3-1: Product: syz
[  225.182316][   T97] usb 3-1: Manufacturer: syz
[  225.184237][   T97] usb 3-1: SerialNumber: syz
[  225.189449][   T97] usb 3-1: config 0 descriptor??
[  225.404195][   T97] usb 3-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  225.420599][   T97] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  225.425004][   T97] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  225.431247][   T97] usb 3-1: media controller created
[  225.452289][   T97] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  226.512285][ T5854] Bluetooth: hci2: command tx timeout
[  226.563222][   T97] i2c i2c-2: ec100: i2c rd failed=-110 reg=33
[  227.119092][   T97] usb 3-1: USB disconnect, device number 27
[  228.219419][T10509] netlink: 3 bytes leftover after parsing attributes in process `syz.1.1859'.
[  228.227373][T10509] 0X: renamed from caif0
[  228.243118][T10509] 0X: entered allmulticast mode
[  228.250029][T10509] A link change request failed with some changes committed already. Interface 60X may have been left with an inconsistent configuration, please check.
[  228.400250][T10515] loop2: detected capacity change from 0 to 512
[  228.423310][T10515] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  228.731044][ T5852] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  228.934543][T10536] netlink: 'syz.2.1871': attribute type 2 has an invalid length.
[  228.947633][T10536] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  229.446669][T10563] overlayfs: failed to clone upperpath
[  229.524012][T10548] loop2: detected capacity change from 0 to 32768
[  229.602171][T10548] ERROR: (device loop2): dbAllocNext: Corrupt dmap page
[  229.602171][T10548] 
[  230.655760][T10577] loop2: detected capacity change from 0 to 32768
[  230.660236][T10577] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1882 (10577)
[  230.681565][T10577] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  230.686013][T10577] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm
[  230.698467][T10577] BTRFS info (device loop2): using free-space-tree
[  230.861958][ T5852] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  233.869614][ T5906] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  234.018448][ T5906] usb 3-1: Using ep0 maxpacket: 32
[  234.021722][ T5906] usb 3-1: config 0 has an invalid interface number: 184 but max is 0
[  234.024263][ T5906] usb 3-1: config 0 has no interface number 0
[  234.026856][ T5906] usb 3-1: config 0 interface 184 has no altsetting 0
[  234.031514][ T5906] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  234.034304][ T5906] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  234.036792][ T5906] usb 3-1: Product: syz
[  234.044900][ T5906] usb 3-1: Manufacturer: syz
[  234.046816][ T5906] usb 3-1: SerialNumber: syz
[  234.060546][ T5906] usb 3-1: config 0 descriptor??
[  234.065932][ T5906] smsc75xx v1.0.0
[  234.675314][ T5906] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  234.679829][ T5906] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  235.490317][ T5906] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -71
[  235.495331][ T5906] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -71
[  235.499758][ T5906] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  235.505461][ T5906] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -71
[  235.513164][ T5906] usb 3-1: USB disconnect, device number 28
[  236.480504][T10768] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1955'.
[  236.575876][T10774] loop2: detected capacity change from 0 to 256
[  236.578421][T10772] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1956'.
[  236.578482][T10772] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1956'.
[  236.606774][T10774] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  236.627167][T10774] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1957'.
[  236.721098][T10781] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1959'.
[  236.735928][T10781] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1959'.
[  236.741773][T10781] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1959'.
[  237.126045][T10808] loop2: detected capacity change from 0 to 8192
[  237.172318][T10808] Dev loop2: unable to read partition block 838860800
[  237.174935][T10808]  loop2: RDSK (419430400) unable to read partition table
[  237.177482][T10808] loop2: partition table beyond EOD, truncated
[  237.181887][T10808] loop_reread_partitions: partition scan of loop2 () failed (rc=-5)
[  237.189015][ T5295] Dev loop2: unable to read partition block 838860800
[  237.191466][ T5295]  loop2: RDSK (419430400) unable to read partition table
[  237.193750][ T5295] loop2: partition table beyond EOD, truncated
[  237.319062][T10823] overlayfs: failed to clone upperpath
[  237.542369][T10829] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1982'.
[  238.989326][   T33] audit: type=1326 audit(1755608612.619:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10861 comm="syz.1.1998" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bf2f8ebe9 code=0x7ffc0000
[  239.006904][   T33] audit: type=1326 audit(1755608612.619:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10861 comm="syz.1.1998" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bf2f8ebe9 code=0x7ffc0000
[  239.027172][   T33] audit: type=1326 audit(1755608612.629:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10861 comm="syz.1.1998" exe="/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7f3bf2f8ebe9 code=0x7ffc0000
[  239.053478][   T33] audit: type=1326 audit(1755608612.629:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10861 comm="syz.1.1998" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bf2f8ebe9 code=0x7ffc0000
[  239.063148][   T33] audit: type=1326 audit(1755608612.629:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10861 comm="syz.1.1998" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bf2f8ebe9 code=0x7ffc0000
[  241.771563][T10931] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  241.792487][T10933] netlink: 'syz.2.2029': attribute type 2 has an invalid length.
[  241.971108][T10945] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.2035'.
[  242.276497][T10951] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2038'.
[  242.280363][T10951] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2038'.
[  242.353804][T10956] loop2: detected capacity change from 0 to 16
[  242.387779][T10956] erofs (device loop2): mounted with root inode @ nid 36.
[  242.402930][T10956] erofs (device loop2): readahead error at folio 2 @ nid 89
[  242.421385][ T6128] erofs (device loop2): failed to decompress -33 in[4096, 0] out[8192]
[  242.425030][T10956] erofs (device loop2): failed to decompress -33 in[4096, 0] out[4096]
[  242.432692][T10956] erofs (device loop2): read error -117 @ 0 of nid 89
[  242.434941][   T33] audit: type=1800 audit(1755608616.059:107): pid=10956 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2040" name="file3" dev="loop2" ino=89 res=0 errno=0
[  242.669470][T10964] loop2: detected capacity change from 0 to 40427
[  242.675908][T10964] F2FS-fs (loop2): Invalid Fs Meta Ino: node(0) meta(2) root(0)
[  242.685922][T10964] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  242.693087][T10964] F2FS-fs (loop2): invalid crc value
[  242.757090][T10964] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  242.772242][T10964] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  242.774709][T10964] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[  242.880161][ T5852] syz-executor: attempt to access beyond end of device
[  242.880161][ T5852] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  242.894724][ T5852] CPU: 1 UID: 0 PID: 5852 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  242.894744][ T5852] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  242.894752][ T5852] Call Trace:
[  242.894757][ T5852]  <TASK>
[  242.894765][ T5852]  dump_stack_lvl+0x189/0x250
[  242.894791][ T5852]  ? __pfx_dump_stack_lvl+0x10/0x10
[  242.894808][ T5852]  ? __pfx_queue_work_on+0x10/0x10
[  242.894823][ T5852]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  242.894843][ T5852]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  242.894869][ T5852]  f2fs_handle_critical_error+0x37c/0x540
[  242.894898][ T5852]  f2fs_write_end_io+0x886/0xb60
[  242.894929][ T5852]  __submit_merged_bio+0x27a/0x6a0
[  242.894955][ T5852]  __submit_merged_write_cond+0x255/0x530
[  242.894982][ T5852]  f2fs_write_data_pages+0x261d/0x3000
[  242.895059][ T5852]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  242.895131][ T5852]  ? folios_put_refs+0x559/0x640
[  242.895161][ T5852]  ? __lock_acquire+0xab9/0xd20
[  242.895200][ T5852]  ? do_raw_spin_lock+0x121/0x290
[  242.895229][ T5852]  ? do_raw_spin_unlock+0x4d/0x240
[  242.895246][ T5852]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  242.895268][ T5852]  do_writepages+0x32e/0x550
[  242.895298][ T5852]  ? do_raw_spin_unlock+0x4d/0x240
[  242.895320][ T5852]  filemap_fdatawrite+0x199/0x240
[  242.895340][ T5852]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  242.895400][ T5852]  ? do_raw_spin_unlock+0x4d/0x240
[  242.895421][ T5852]  f2fs_sync_dirty_inodes+0x31f/0x830
[  242.895449][ T5852]  f2fs_write_checkpoint+0x95a/0x1df0
[  242.895488][ T5852]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  242.895541][ T5852]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  242.895555][ T5852]  ? kfree+0x18e/0x440
[  242.895574][ T5852]  ? kill_f2fs_super+0x298/0x6c0
[  242.895621][ T5852]  kill_f2fs_super+0x2c3/0x6c0
[  242.895643][ T5852]  ? __pfx_kill_f2fs_super+0x10/0x10
[  242.895654][ T5852]  ? radix_tree_delete_item+0x2b6/0x400
[  242.895679][ T5852]  ? shrinker_free+0x2ce/0x3e0
[  242.895699][ T5852]  deactivate_locked_super+0xbc/0x130
[  242.895719][ T5852]  cleanup_mnt+0x425/0x4c0
[  242.895736][ T5852]  ? lockdep_hardirqs_on+0x9c/0x150
[  242.895759][ T5852]  task_work_run+0x1d4/0x260
[  242.895783][ T5852]  ? __pfx_task_work_run+0x10/0x10
[  242.895799][ T5852]  ? __x64_sys_umount+0x122/0x160
[  242.895824][ T5852]  ? exit_to_user_mode_loop+0x40/0x110
[  242.895848][ T5852]  exit_to_user_mode_loop+0xec/0x110
[  242.895869][ T5852]  do_syscall_64+0x2bd/0x3b0
[  242.895888][ T5852]  ? lockdep_hardirqs_on+0x9c/0x150
[  242.895906][ T5852]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  242.895921][ T5852]  ? exc_page_fault+0x9f/0xf0
[  242.895942][ T5852]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  242.895955][ T5852] RIP: 0033:0x7f59f598ff17
[  242.895971][ T5852] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  242.895986][ T5852] RSP: 002b:00007fff9adc10f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  242.896003][ T5852] RAX: 0000000000000000 RBX: 00007f59f5a11c05 RCX: 00007f59f598ff17
[  242.896012][ T5852] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff9adc11b0
[  242.896019][ T5852] RBP: 00007fff9adc11b0 R08: 0000000000000000 R09: 0000000000000000
[  242.896026][ T5852] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff9adc2240
[  242.896034][ T5852] R13: 00007f59f5a11c05 R14: 000000000003b436 R15: 00007fff9adc2280
[  242.896058][ T5852]  </TASK>
[  242.896064][ T5852] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  242.991998][T10978] sock: sock_set_timeout: `syz.1.2051' (pid 10978) tries to set negative timeout
[  243.439803][T11010] IPv6: Can't replace route, no match found
[  243.808409][   T24] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  243.968361][   T24] usb 3-1: Using ep0 maxpacket: 8
[  243.972168][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  243.976328][   T24] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  243.988296][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  244.000745][   T24] usb 3-1: config 0 descriptor??
[  244.238898][   T24] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  244.460911][   T97] usb 3-1: USB disconnect, device number 29
[  244.463466][    C0] iowarrior 3-1:0.0: iowarrior_callback - usb_submit_urb failed with result -19
[  245.640022][T11069] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2090'.
[  245.643271][T11067] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  246.087324][T11075] netlink: 'syz.1.2093': attribute type 1 has an invalid length.
[  246.096414][T11075] netlink: 'syz.1.2093': attribute type 1 has an invalid length.
[  248.167796][T11118] loop2: detected capacity change from 0 to 256
[  248.211547][T11118] FAT-fs (loop2): Directory bread(block 64) failed
[  248.216885][T11118] FAT-fs (loop2): Directory bread(block 65) failed
[  248.283074][T11118] FAT-fs (loop2): Directory bread(block 66) failed
[  248.285528][T11118] FAT-fs (loop2): Directory bread(block 67) failed
[  248.298497][T11118] FAT-fs (loop2): Directory bread(block 68) failed
[  248.300639][T11118] FAT-fs (loop2): Directory bread(block 69) failed
[  248.307501][T11118] FAT-fs (loop2): Directory bread(block 70) failed
[  248.312409][T11118] FAT-fs (loop2): Directory bread(block 71) failed
[  248.320627][T11118] FAT-fs (loop2): Directory bread(block 72) failed
[  248.324180][T11118] FAT-fs (loop2): Directory bread(block 73) failed
[  249.272009][T11155] netlink: 'syz.0.2128': attribute type 2 has an invalid length.
[  249.291836][ T5906] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  249.454215][ T5906] usb 3-1: New USB device found, idVendor=2c42, idProduct=1602, bcdDevice=da.64
[  249.458111][ T5906] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  249.462266][ T5906] usb 3-1: Product: syz
[  249.464129][ T5906] usb 3-1: Manufacturer: syz
[  249.466307][ T5906] usb 3-1: SerialNumber: syz
[  249.473176][ T5906] usb 3-1: config 0 descriptor??
[  249.483309][ T5906] hub 3-1:0.0: bad descriptor, ignoring hub
[  249.489113][ T5906] hub 3-1:0.0: probe with driver hub failed with error -5
[  249.492639][ T5906] f81232 3-1:0.0: f81534a converter detected
[  249.672861][T11169] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2135'.
[  249.685610][ T5906] f81534a ttyUSB0: f81232_set_register failed status: -71
[  249.688863][ T5906] f81534a ttyUSB0: probe with driver f81534a failed with error -5
[  249.712450][ T5906] usb 3-1: USB disconnect, device number 30
[  249.716054][ T5906] f81232 3-1:0.0: device disconnected
[  250.418568][   T33] audit: type=1326 audit(1755608624.039:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11191 comm="syz.2.2146" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59f598ebe9 code=0x7fc00000
[  250.467246][   T33] audit: type=1326 audit(1755608624.039:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11191 comm="syz.2.2146" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f59f598ebe9 code=0x7fc00000
[  250.480486][   T33] audit: type=1326 audit(1755608624.039:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11191 comm="syz.2.2146" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59f598ebe9 code=0x7fc00000
[  250.490426][   T33] audit: type=1326 audit(1755608624.039:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11191 comm="syz.2.2146" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59f598ebe9 code=0x7fc00000
[  250.508409][   T33] audit: type=1326 audit(1755608624.039:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11191 comm="syz.2.2146" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59f598ebe9 code=0x7fc00000
[  250.528511][   T33] audit: type=1326 audit(1755608624.039:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11191 comm="syz.2.2146" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59f598ebe9 code=0x7fc00000
[  250.590963][   T33] audit: type=1326 audit(1755608624.039:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11191 comm="syz.2.2146" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59f598ebe9 code=0x7fc00000
[  250.694312][   T33] audit: type=1326 audit(1755608624.039:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11191 comm="syz.2.2146" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59f598ebe9 code=0x7fc00000
[  250.813203][   T33] audit: type=1326 audit(1755608624.039:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11191 comm="syz.2.2146" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59f598ebe9 code=0x7fc00000
[  250.815685][T11201] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2148'.
[  250.829812][   T33] audit: type=1326 audit(1755608624.039:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11191 comm="syz.2.2146" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59f598ebe9 code=0x7fc00000
[  250.894137][T11207] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2150'.
[  251.544517][T11237] tmpfs: Group quota block hardlimit too large.
[  251.715803][T11243] loop2: detected capacity change from 0 to 8192
[  251.744384][T11243] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 0)
[  251.747763][T11243] FAT-fs (loop2): Filesystem has been set read-only
[  251.883723][T11257] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  251.887402][T11257] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  252.375395][T11280] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  252.752628][T11295] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  252.755951][T11295] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  252.866374][T11299] openvswitch: netlink: Unexpected mask (mask=240, allowed=10048)
[  254.366418][T11346] netlink: 'syz.2.2209': attribute type 3 has an invalid length.
[  254.372022][T11346] netlink: 766 bytes leftover after parsing attributes in process `syz.2.2209'.
[  254.548576][T11353] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2213'.
[  254.555732][T11354] loop2: detected capacity change from 0 to 512
[  254.565606][T11354] EXT4-fs: Ignoring removed nomblk_io_submit option
[  254.583499][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-label/syzkaller.tmp-b7:2' failed: Read-only file system
[  254.588005][T11354] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  254.592606][T11354] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  254.601140][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-label/syzkaller.tmp-b7:2' failed: Read-only file system
[  254.633873][T11354] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.2212: Failed to acquire dquot type 1
[  254.638883][T11354] EXT4-fs (loop2): Remounting filesystem read-only
[  254.641667][T11354] EXT4-fs (loop2): 1 truncate cleaned up
[  254.645215][T11354] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  254.696053][ T5852] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  255.785184][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[  255.787768][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[  256.389876][T11366] loop2: detected capacity change from 0 to 262144
[  256.752971][T11366] F2FS-fs (loop2): invalid crc value
[  256.894505][T11366] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  256.899328][T11366] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  256.913842][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-uuid/736ff085-2528-4e7f-b61f-8c944ae13605.tmp-b7:2' failed: Read-only file system
[  256.980569][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-uuid/736ff085-2528-4e7f-b61f-8c944ae13605.tmp-b7:2' failed: Read-only file system
[  258.087089][T11421] bond0: option fail_over_mac: unable to set because the bond device has slaves
[  258.165703][T11425] loop2: detected capacity change from 0 to 256
[  258.202334][T11425] FAT-fs (loop2): Directory bread(block 64) failed
[  258.211498][T11425] FAT-fs (loop2): Directory bread(block 65) failed
[  258.214280][T11425] FAT-fs (loop2): Directory bread(block 66) failed
[  258.227461][T11425] FAT-fs (loop2): Directory bread(block 67) failed
[  258.237738][T11425] FAT-fs (loop2): Directory bread(block 68) failed
[  258.240598][T11425] FAT-fs (loop2): Directory bread(block 69) failed
[  258.247912][T11425] FAT-fs (loop2): Directory bread(block 70) failed
[  258.258027][T11425] FAT-fs (loop2): Directory bread(block 71) failed
[  258.261425][T11425] FAT-fs (loop2): Directory bread(block 72) failed
[  258.270651][T11425] FAT-fs (loop2): Directory bread(block 73) failed
[  258.319275][T11425] syz.2.2242: attempt to access beyond end of device
[  258.319275][T11425] loop2: rw=0, sector=1160, nr_sectors = 4 limit=256
[  258.580411][T11434] loop2: detected capacity change from 0 to 8
[  258.605951][T11434] SQUASHFS error: zlib decompression failed, data probably corrupt
[  258.617370][T11434] SQUASHFS error: Failed to read block 0x9b: -5
[  258.620580][T11434] SQUASHFS error: Unable to read metadata cache entry [99]
[  258.623301][T11434] SQUASHFS error: Unable to read inode 0x127
[  258.887121][T11443] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2250'.
[  259.608459][   T97] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  259.758312][   T97] usb 3-1: Using ep0 maxpacket: 8
[  259.765252][   T97] usb 3-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  259.772319][   T97] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  259.775488][   T97] usb 3-1: Product: syz
[  259.777302][   T97] usb 3-1: Manufacturer: syz
[  259.780321][   T97] usb 3-1: SerialNumber: syz
[  259.784164][   T97] usb 3-1: config 0 descriptor??
[  259.793644][   T97] gspca_main: se401-2.14.0 probing 047d:5003
[  260.163277][T11474] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.2263'.
[  260.194427][   T97] gspca_se401: Too many frame sizes
[  260.401193][   T97] usb 3-1: USB disconnect, device number 31
[  260.402448][T11482] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2267'.
[  261.326839][T11506] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2278'.
[  261.333060][T11506] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2278'.
[  262.347617][T11535] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2291'.
[  262.353430][T11535] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2291'.
[  262.361262][T11535] netlink: 332 bytes leftover after parsing attributes in process `syz.0.2291'.
[  262.605480][   T33] kauditd_printk_skb: 29 callbacks suppressed
[  262.605494][   T33] audit: type=1326 audit(1755608636.229:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11549 comm="syz.1.2298" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bf2f8ebe9 code=0x7ffc0000
[  262.617604][   T33] audit: type=1326 audit(1755608636.229:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11549 comm="syz.1.2298" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bf2f8ebe9 code=0x7ffc0000
[  262.643832][   T33] audit: type=1326 audit(1755608636.239:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11549 comm="syz.1.2298" exe="/syz-executor" sig=0 arch=c000003e syscall=115 compat=0 ip=0x7f3bf2f8ebe9 code=0x7ffc0000
[  262.665184][   T33] audit: type=1326 audit(1755608636.239:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11549 comm="syz.1.2298" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bf2f8ebe9 code=0x7ffc0000
[  262.697018][   T33] audit: type=1326 audit(1755608636.239:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11549 comm="syz.1.2298" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bf2f8ebe9 code=0x7ffc0000
[  262.953491][   T33] audit: type=1326 audit(1755608636.579:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11572 comm="syz.1.2309" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bf2f8ebe9 code=0x7ffc0000
[  262.973689][   T33] audit: type=1326 audit(1755608636.579:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11572 comm="syz.1.2309" exe="/syz-executor" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7f3bf2f8ebe9 code=0x7ffc0000
[  263.008335][   T33] audit: type=1326 audit(1755608636.579:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11572 comm="syz.1.2309" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bf2f8ebe9 code=0x7ffc0000
[  263.015644][   T33] audit: type=1326 audit(1755608636.579:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11572 comm="syz.1.2309" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bf2f8ebe9 code=0x7ffc0000
[  263.763671][T11596] loop2: detected capacity change from 0 to 64
[  263.826883][T11596] Trying to free block not in datazone
[  264.135422][T11614] (unnamed net_device) (uninitialized): option ad_actor_sys_prio: mode dependency failed, not supported in mode active-backup(1)
[  264.338417][ T5906] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  264.492745][ T5906] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  264.496670][ T5906] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  264.508680][ T5906] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  264.526203][ T5906] usb 3-1: config 0 descriptor??
[  264.671563][T11631] IPVS: set_ctl: invalid protocol: 1 224.0.0.1:20000
[  264.734537][ T5906] usbhid 3-1:0.0: can't add hid device: -71
[  264.736770][ T5906] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  264.750996][ T5906] usb 3-1: USB disconnect, device number 32
[  265.178546][   T97] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  265.338418][   T97] usb 3-1: Using ep0 maxpacket: 32
[  265.347491][   T97] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  265.352395][   T97] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  265.356255][   T97] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  265.368130][   T97] usb 3-1: config 0 descriptor??
[  265.374956][   T97] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  265.391346][   T97] ldusb 3-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  266.155266][T11662] netlink: 'syz.1.2351': attribute type 15 has an invalid length.
[  266.965364][T11682] netlink: 'syz.0.2360': attribute type 10 has an invalid length.
[  266.970612][T11682] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  267.128020][   T24] usb 3-1: USB disconnect, device number 33
[  267.143357][   T24] ldusb 3-1:0.0: LD USB Device #0 now disconnected
[  267.145318][T11690] netlink: 'syz.0.2364': attribute type 1 has an invalid length.
[  267.307873][T11696] loop2: detected capacity change from 0 to 8192
[  267.351607][T11015]  loop2: AHDI p2 p3 p4
[  267.353869][T11015] loop2: p2 size 8426755 extends beyond EOD, truncated
[  267.364573][T11015] loop2: p4 size 100663296 extends beyond EOD, truncated
[  267.377199][T11696]  loop2: AHDI p2 p3 p4
[  267.380387][T11696] loop2: p2 size 8426755 extends beyond EOD, truncated
[  267.395908][T11696] loop2: p4 size 100663296 extends beyond EOD, truncated
[  267.421930][ T5295]  loop2: AHDI p2 p3 p4
[  267.423863][ T5295] loop2: p2 size 8426755 extends beyond EOD, truncated
[  267.439725][ T5295] loop2: p4 size 100663296 extends beyond EOD, truncated
[  267.479600][T11015] udevd[11015]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory
[  267.485157][T10893] udevd[10893]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory
[  267.534265][T10893] udevd[10893]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory
[  267.545953][T11015] udevd[11015]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory
[  267.580445][T10893] udevd[10893]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory
[  267.587896][T11015] udevd[11015]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory
[  267.613008][T11718] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2377'.
[  267.619749][T11718] bridge0: port 1(bridge_slave_0) entered disabled state
[  267.857604][T11737] loop2: detected capacity change from 0 to 64
[  268.240769][   T33] audit: type=1326 audit(1755608641.869:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11746 comm="syz.2.2392" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59f598ebe9 code=0x7ffc0000
[  268.272683][   T33] audit: type=1326 audit(1755608641.869:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11746 comm="syz.2.2392" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59f598ebe9 code=0x7ffc0000
[  268.311116][   T33] audit: type=1326 audit(1755608641.869:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11746 comm="syz.2.2392" exe="/syz-executor" sig=0 arch=c000003e syscall=193 compat=0 ip=0x7f59f598ebe9 code=0x7ffc0000
[  268.338378][   T33] audit: type=1326 audit(1755608641.869:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11746 comm="syz.2.2392" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59f598ebe9 code=0x7ffc0000
[  268.347116][   T33] audit: type=1326 audit(1755608641.869:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11746 comm="syz.2.2392" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59f598ebe9 code=0x7ffc0000
[  270.259719][T11811] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2414'.
[  270.266061][T11811] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2414'.
[  270.271015][T11811] netlink: 'syz.2.2414': attribute type 6 has an invalid length.
[  270.607137][T11828] netlink: 'syz.1.2420': attribute type 1 has an invalid length.
[  270.762899][T11838] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2425'.
[  270.841331][T11838] macvtap1: entered promiscuous mode
[  270.843513][T11838] vlan0: entered promiscuous mode
[  270.858825][T11838] macvtap1: entered allmulticast mode
[  270.864754][T11838] vlan0: entered allmulticast mode
[  270.866951][T11838] veth0_vlan: entered allmulticast mode
[  271.325426][T11881] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2446'.
[  271.565356][T11885] loop2: detected capacity change from 0 to 32768
[  271.581972][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-uuid/35307472-fd4b-42de-878f-83186a645fa6.tmp-b7:2' failed: Read-only file system
[  271.614783][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-uuid/35307472-fd4b-42de-878f-83186a645fa6.tmp-b7:2' failed: Read-only file system
[  272.265886][ T5859] Bluetooth: hci2: unexpected cc 0x2039 length: 9 > 1
[  273.031686][T11918] overlayfs: failed to resolve './file1': -2
[  273.492060][   T33] audit: type=1326 audit(1755608647.119:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11926 comm="syz.0.2466" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb32b8ebe9 code=0x7ffc0000
[  273.513896][   T33] audit: type=1326 audit(1755608647.119:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11926 comm="syz.0.2466" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb32b8ebe9 code=0x7ffc0000
[  273.527138][   T33] audit: type=1326 audit(1755608647.159:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11926 comm="syz.0.2466" exe="/syz-executor" sig=0 arch=c000003e syscall=229 compat=0 ip=0x7ffb32b8ebe9 code=0x7ffc0000
[  273.538735][   T33] audit: type=1326 audit(1755608647.159:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11926 comm="syz.0.2466" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb32b8ebe9 code=0x7ffc0000
[  273.547792][   T33] audit: type=1326 audit(1755608647.159:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11926 comm="syz.0.2466" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb32b8ebe9 code=0x7ffc0000
[  274.324467][T11973] netlink: 'syz.2.2489': attribute type 2 has an invalid length.
[  274.365195][T11973] : entered promiscuous mode
[  274.565022][T11988] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2496'.
[  274.569020][T11988] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2496'.
[  274.739331][T12000] loop2: detected capacity change from 0 to 128
[  274.750793][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-uuid/76b65be2-f6da-4727-8c75-0525a5b65a09.tmp-b7:2' failed: Read-only file system
[  274.767654][T12000] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a84ec018, mo2=0002]
[  274.776934][T12000] System zones: 1-3, 19-19, 35-36
[  274.784927][T12000] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  274.796593][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-uuid/76b65be2-f6da-4727-8c75-0525a5b65a09.tmp-b7:2' failed: Read-only file system
[  274.801188][T12000] ext4 filesystem being mounted at /574/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  274.872062][ T5852] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  275.388559][ T5905] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  275.808346][ T5905] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  275.814474][ T5905] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  275.817511][ T5905] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  275.826909][ T5905] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  275.834212][ T5905] usb 3-1: config 0 descriptor??
[  276.298114][ T5905] keytouch 0003:0926:3333.0006: fixing up Keytouch IEC report descriptor
[  276.310913][ T5859] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  276.314175][ T5859] Bluetooth: hci2: Injecting HCI hardware error event
[  276.319670][ T5854] Bluetooth: hci2: hardware error 0x00
[  276.320794][ T5905] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.0006/input/input9
[  276.502041][ T5905] keytouch 0003:0926:3333.0006: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0
[  276.713226][ T5905] usb 3-1: USB disconnect, device number 34
[  277.311861][T12070] loop2: detected capacity change from 0 to 4096
[  277.321172][T12070] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512).
[  277.328812][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-uuid/68CE0ED73BAA5F78.tmp-b7:2' failed: Read-only file system
[  277.343422][T12070] ntfs3(loop2): ino=4, mi_enum_attr
[  277.345565][T12070] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[  277.347978][T12070] ntfs3(loop2): Failed to load $AttrDef (-22)
[  277.362055][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-uuid/68CE0ED73BAA5F78.tmp-b7:2' failed: Read-only file system
[  277.577693][T12087] rtc_cmos 00:04: Alarms can be up to one day in the future
[  277.628593][T12092] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2542'.
[  277.655943][T12092] 8021q: adding VLAN 0 to HW filter on device bond1
[  277.674692][T12092] bond1: (slave batadv2): Opening slave failed
[  278.175657][T12108] loop2: detected capacity change from 0 to 40427
[  278.186810][T12108] F2FS-fs (loop2): Wrong SSA boundary, start(3584) end(4096) blocks(0)
[  278.194428][T12108] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  278.197285][T12108] F2FS-fs (loop2): build fault injection type: 0x6
[  278.211671][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-uuid/922c7623-35ee-4af3-bdd7-07040bb1b7db.tmp-b7:2' failed: Read-only file system
[  278.219610][T12108] F2FS-fs (loop2): invalid crc value
[  278.284696][T12108] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  278.288517][T12108] F2FS-fs (loop2): Start checkpoint disabled!
[  278.301283][T12108] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  278.303543][T12108] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  278.358506][ T5905] rtc_cmos 00:04: Alarms can be up to one day in the future
[  278.362296][ T5905] rtc_cmos 00:04: Alarms can be up to one day in the future
[  278.373206][ T1098] kworker/u10:9: attempt to access beyond end of device
[  278.373206][ T1098] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  278.377410][ T5905] rtc_cmos 00:04: Alarms can be up to one day in the future
[  278.381678][ T5905] rtc_cmos 00:04: Alarms can be up to one day in the future
[  278.384311][ T5905] rtc rtc0: __rtc_set_alarm: err=-22
[  278.385523][ T1098] CPU: 1 UID: 0 PID: 1098 Comm: kworker/u10:9 Not tainted syzkaller #0 PREEMPT(full) 
[  278.385543][ T1098] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  278.385553][ T1098] Workqueue: writeback wb_workfn (flush-7:2)
[  278.385577][ T1098] Call Trace:
[  278.385583][ T1098]  <TASK>
[  278.385589][ T1098]  dump_stack_lvl+0x189/0x250
[  278.385611][ T1098]  ? __pfx_dump_stack_lvl+0x10/0x10
[  278.385628][ T1098]  ? __pfx_queue_work_on+0x10/0x10
[  278.385642][ T1098]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  278.385661][ T1098]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  278.385696][ T1098]  f2fs_handle_critical_error+0x37c/0x540
[  278.385724][ T1098]  f2fs_write_end_io+0x886/0xb60
[  278.385752][ T1098]  __submit_merged_bio+0x27a/0x6a0
[  278.385778][ T1098]  __submit_merged_write_cond+0x255/0x530
[  278.385803][ T1098]  f2fs_write_data_pages+0x261d/0x3000
[  278.385851][ T1098]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  278.385884][ T1098]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  278.385924][ T1098]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  278.385945][ T1098]  ? look_up_lock_class+0x74/0x170
[  278.385973][ T1098]  ? trace_f2fs_writepages+0x7f/0x200
[  278.385993][ T1098]  ? f2fs_write_node_pages+0x478/0x6e0
[  278.386012][ T1098]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  278.386029][ T1098]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  278.386044][ T1098]  do_writepages+0x32e/0x550
[  278.386068][ T1098]  ? reacquire_held_locks+0x127/0x1d0
[  278.386082][ T1098]  ? writeback_sb_inodes+0x384/0x1010
[  278.386109][ T1098]  __writeback_single_inode+0x145/0xff0
[  278.386160][ T1098]  ? do_raw_spin_unlock+0x4d/0x240
[  278.386181][ T1098]  writeback_sb_inodes+0x6c7/0x1010
[  278.386222][ T1098]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  278.386273][ T1098]  ? rcu_is_watching+0x15/0xb0
[  278.386297][ T1098]  wb_writeback+0x43b/0xaf0
[  278.386321][ T1098]  ? queue_io+0x321/0x590
[  278.386341][ T1098]  ? __pfx_wb_writeback+0x10/0x10
[  278.386365][ T1098]  ? _raw_spin_unlock_irq+0x23/0x50
[  278.386387][ T1098]  wb_workfn+0x409/0xef0
[  278.386414][ T1098]  ? __pfx_wb_workfn+0x10/0x10
[  278.386435][ T1098]  ? __lock_acquire+0xab9/0xd20
[  278.386463][ T1098]  ? process_scheduled_works+0x9ef/0x17b0
[  278.386484][ T1098]  ? _raw_spin_unlock_irq+0x23/0x50
[  278.386500][ T1098]  ? process_scheduled_works+0x9ef/0x17b0
[  278.386513][ T1098]  ? process_scheduled_works+0x9ef/0x17b0
[  278.386528][ T1098]  process_scheduled_works+0xae1/0x17b0
[  278.386566][ T1098]  ? __pfx_process_scheduled_works+0x10/0x10
[  278.386595][ T1098]  worker_thread+0x8a0/0xda0
[  278.386613][ T1098]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  278.386637][ T1098]  ? __kthread_parkme+0x7b/0x200
[  278.386661][ T1098]  kthread+0x711/0x8a0
[  278.386681][ T1098]  ? __pfx_worker_thread+0x10/0x10
[  278.386701][ T1098]  ? __pfx_kthread+0x10/0x10
[  278.386719][ T1098]  ? _raw_spin_unlock_irq+0x23/0x50
[  278.386736][ T1098]  ? lockdep_hardirqs_on+0x9c/0x150
[  278.386752][ T1098]  ? __pfx_kthread+0x10/0x10
[  278.386770][ T1098]  ret_from_fork+0x3fc/0x770
[  278.386791][ T1098]  ? __pfx_ret_from_fork+0x10/0x10
[  278.386811][ T1098]  ? __switch_to_asm+0x39/0x70
[  278.386827][ T1098]  ? __switch_to_asm+0x33/0x70
[  278.386844][ T1098]  ? __pfx_kthread+0x10/0x10
[  278.386861][ T1098]  ret_from_fork_asm+0x1a/0x30
[  278.386892][ T1098]  </TASK>
[  278.386899][ T1098] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  278.422360][ T5854] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  278.835285][T12155] loop2: detected capacity change from 0 to 512
[  278.844646][T12155] EXT4-fs: Ignoring removed oldalloc option
[  278.847356][T12155] EXT4-fs: quotafile must be on filesystem root
[  278.862431][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-label/syzkaller.tmp-b7:2' failed: Read-only file system
[  279.118450][ T5905] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  279.270639][ T5905] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  279.275037][ T5905] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  279.280911][ T5905] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  279.284689][ T5905] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  279.288119][ T5905] usb 3-1: SerialNumber: syz
[  279.505796][ T5905] usb 3-1: 0:2 : does not exist
[  279.522785][ T5905] usb 3-1: 5:0: cannot get min/max values for control 2 (id 5)
[  279.531487][ T5905] usb 3-1: 5:0: cannot get min/max values for control 3 (id 5)
[  279.534582][ T5905] usb 3-1: unit 6 not found!
[  279.543695][ T5905] usb 3-1: USB disconnect, device number 35
[  279.570211][T11015] udevd[11015]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  280.135836][T12178] could not open pipe file descriptor
[  280.429031][   T24] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  280.578296][   T24] usb 3-1: Using ep0 maxpacket: 16
[  280.584111][   T24] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  280.592117][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  280.610082][   T24] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  280.613723][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  280.616838][   T24] usb 3-1: Product: syz
[  280.628266][   T24] usb 3-1: Manufacturer: syz
[  280.630426][   T24] usb 3-1: SerialNumber: syz
[  280.639530][   T24] usb 3-1: config 0 descriptor??
[  280.654122][   T24] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  280.660223][   T24] em28xx 3-1:0.0: Audio interface 0 found (Vendor Class)
[  281.311271][   T24] em28xx 3-1:0.0: unknown em28xx chip ID (0)
[  281.324281][   T24] em28xx 3-1:0.0: Config register raw data: 0xfffffffb
[  282.121315][   T24] em28xx 3-1:0.0: Unknown AC97 audio processor detected!
[  282.124647][   T24] em28xx 3-1:0.0: couldn't setup AC97 register 2
[  282.379419][T12239] overlayfs: failed to clone upperpath
[  282.534502][   T24] em28xx 3-1:0.0: couldn't setup AC97 register 4
[  282.541772][   T24] em28xx 3-1:0.0: couldn't setup AC97 register 6
[  282.545105][   T24] em28xx 3-1:0.0: couldn't setup AC97 register 54
[  282.548013][   T24] em28xx 3-1:0.0: couldn't setup AC97 register 56
[  282.561279][   T24] usb 3-1: USB disconnect, device number 36
[  283.747642][T12272] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2622'.
[  283.755092][T12272] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2622'.
[  284.067395][T12286] loop2: detected capacity change from 0 to 2048
[  284.074140][T12286] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024)
[  284.078177][T12286] NILFS (loop2): too large filesystem blocksize: 2 ^ 347668480 KiB
[  284.263553][T12296] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  284.273382][T12294] netlink: 'syz.2.2633': attribute type 1 has an invalid length.
[  284.561938][T12312] batadv0: entered promiscuous mode
[  284.567192][T12312] batadv0: left promiscuous mode
[  285.241999][T12321] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2645'.
[  285.314435][T12327] 9pnet_fd: Insufficient options for proto=fd
[  285.345991][T12329] netlink: 'syz.0.2649': attribute type 1 has an invalid length.
[  285.446296][T12329] bond2: (slave geneve3): making interface the new active one
[  285.451263][T12329] bond2: (slave geneve3): Enslaving as an active interface with an up link
[  285.465544][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 20000 - 0
[  285.478427][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 20000 - 0
[  285.481681][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 20000 - 0
[  285.495241][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 20000 - 0
[  285.689820][T12332] loop2: detected capacity change from 0 to 32768
[  285.703933][T12332] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.2650 (12332)
[  285.714635][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-uuid/395ef67a-297e-477c-816d-cd80a5b93e5d.tmp-b7:2' failed: Read-only file system
[  285.717479][T12332] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  285.724275][T12332] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[  285.727649][T12332] BTRFS info (device loop2): using free-space-tree
[  285.765648][T12332] BTRFS info (device loop2): rebuilding free space tree
[  285.847898][ T5852] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  286.067793][T12363] loop2: detected capacity change from 0 to 1764
[  286.235328][T12375] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2663'.
[  286.387011][T12385] sch_tbf: burst 0 is lower than device lo mtu (81) !
[  286.392152][T12384] netlink: 140 bytes leftover after parsing attributes in process `syz.1.2667'.
[  286.505860][T12393] loop2: detected capacity change from 0 to 128
[  286.541234][T12393] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  286.542963][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-uuid/76b65be2-f6da-4727-8c75-0525a5b65a09.tmp-b7:2' failed: Read-only file system
[  286.547385][T12393] ext4 filesystem being mounted at /611/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  286.600214][ T5852] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  286.647803][T12401] netlink: 'syz.0.2677': attribute type 34 has an invalid length.
[  287.407513][T12422] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2685'.
[  287.996592][T12446] loop2: detected capacity change from 0 to 512
[  288.019691][T12446] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  288.029823][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-label/syzkaller.tmp-b7:2' failed: Read-only file system
[  288.050233][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-label/syzkaller.tmp-b7:2' failed: Read-only file system
[  288.090165][T12446] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a843c018, mo2=0002]
[  288.093194][T12446] System zones: 0-2, 18-18, 34-34
[  288.120657][T12446] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  288.127505][T12446] ext4 filesystem being mounted at /618/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  288.375137][T12452] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[  288.515382][ T5852] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  290.337571][T12495] loop2: detected capacity change from 0 to 40427
[  290.342450][T12495] F2FS-fs (loop2): invalid crc value
[  290.371938][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-uuid/922c7623-35ee-4af3-bdd7-07040bb1b7db.tmp-b7:2' failed: Read-only file system
[  290.408472][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-uuid/922c7623-35ee-4af3-bdd7-07040bb1b7db.tmp-b7:2' failed: Read-only file system
[  290.695938][T12495] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  290.706036][T12495] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  290.776909][ T5852] syz-executor: attempt to access beyond end of device
[  290.776909][ T5852] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  290.803394][ T5852] CPU: 1 UID: 0 PID: 5852 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  290.803417][ T5852] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  290.803426][ T5852] Call Trace:
[  290.803432][ T5852]  <TASK>
[  290.803437][ T5852]  dump_stack_lvl+0x189/0x250
[  290.803462][ T5852]  ? __pfx_dump_stack_lvl+0x10/0x10
[  290.803479][ T5852]  ? __pfx_queue_work_on+0x10/0x10
[  290.803493][ T5852]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  290.803511][ T5852]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  290.803538][ T5852]  f2fs_handle_critical_error+0x37c/0x540
[  290.803564][ T5852]  f2fs_write_end_io+0x886/0xb60
[  290.803592][ T5852]  __submit_merged_bio+0x27a/0x6a0
[  290.803616][ T5852]  __submit_merged_write_cond+0x255/0x530
[  290.803641][ T5852]  f2fs_write_data_pages+0x261d/0x3000
[  290.803685][ T5852]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  290.803748][ T5852]  ? folios_put_refs+0x559/0x640
[  290.803775][ T5852]  ? __lock_acquire+0xab9/0xd20
[  290.803803][ T5852]  ? do_raw_spin_lock+0x121/0x290
[  290.803830][ T5852]  ? do_raw_spin_unlock+0x4d/0x240
[  290.803847][ T5852]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  290.803876][ T5852]  do_writepages+0x32e/0x550
[  290.803904][ T5852]  ? do_raw_spin_unlock+0x4d/0x240
[  290.803925][ T5852]  filemap_fdatawrite+0x199/0x240
[  290.803944][ T5852]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  290.804001][ T5852]  ? do_raw_spin_unlock+0x4d/0x240
[  290.804023][ T5852]  f2fs_sync_dirty_inodes+0x31f/0x830
[  290.804047][ T5852]  f2fs_write_checkpoint+0x95a/0x1df0
[  290.804081][ T5852]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  290.804131][ T5852]  ? kill_f2fs_super+0x298/0x6c0
[  290.804150][ T5852]  kill_f2fs_super+0x2c3/0x6c0
[  290.804169][ T5852]  ? __pfx_kill_f2fs_super+0x10/0x10
[  290.804181][ T5852]  ? radix_tree_delete_item+0x2b6/0x400
[  290.804207][ T5852]  ? shrinker_free+0x2ce/0x3e0
[  290.804226][ T5852]  deactivate_locked_super+0xbc/0x130
[  290.804246][ T5852]  cleanup_mnt+0x425/0x4c0
[  290.804290][ T5852]  ? lockdep_hardirqs_on+0x9c/0x150
[  290.804312][ T5852]  task_work_run+0x1d4/0x260
[  290.804333][ T5852]  ? __pfx_task_work_run+0x10/0x10
[  290.804350][ T5852]  ? __x64_sys_umount+0x122/0x160
[  290.804372][ T5852]  ? exit_to_user_mode_loop+0x40/0x110
[  290.804394][ T5852]  exit_to_user_mode_loop+0xec/0x110
[  290.804414][ T5852]  do_syscall_64+0x2bd/0x3b0
[  290.804432][ T5852]  ? lockdep_hardirqs_on+0x9c/0x150
[  290.804450][ T5852]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  290.804464][ T5852]  ? exc_page_fault+0x9f/0xf0
[  290.804483][ T5852]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  290.804497][ T5852] RIP: 0033:0x7f59f598ff17
[  290.804511][ T5852] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  290.804524][ T5852] RSP: 002b:00007fff9adc10f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  290.804540][ T5852] RAX: 0000000000000000 RBX: 00007f59f5a11c05 RCX: 00007f59f598ff17
[  290.804550][ T5852] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff9adc11b0
[  290.804559][ T5852] RBP: 00007fff9adc11b0 R08: 0000000000000000 R09: 0000000000000000
[  290.804567][ T5852] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff9adc2240
[  290.804576][ T5852] R13: 00007f59f5a11c05 R14: 0000000000046f3c R15: 00007fff9adc2280
[  290.804598][ T5852]  </TASK>
[  290.804604][ T5852] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  292.408400][   T24] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  292.559319][   T24] usb 3-1: Using ep0 maxpacket: 16
[  292.565070][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  292.573841][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  292.577881][   T24] usb 3-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  292.582161][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  292.589305][   T24] usb 3-1: config 0 descriptor??
[  293.426891][   T24] input: HID 05ac:8241 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:05AC:8241.0007/input/input10
[  293.525039][T12563] netlink: 'syz.1.2744': attribute type 4 has an invalid length.
[  293.562807][   T24] appleir 0003:05AC:8241.0007: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.2-1/input0
[  293.651947][   T24] usb 3-1: USB disconnect, device number 37
[  294.478406][   T24] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  294.728516][   T24] usb 3-1: Using ep0 maxpacket: 16
[  294.733396][   T24] usb 3-1: config 0 has an invalid interface number: 105 but max is 0
[  294.736658][   T24] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  294.741190][   T24] usb 3-1: config 0 has no interface number 0
[  294.747071][   T24] usb 3-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28
[  294.753073][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  294.756281][   T24] usb 3-1: Product: syz
[  294.758015][   T24] usb 3-1: Manufacturer: syz
[  294.761016][   T24] usb 3-1: SerialNumber: syz
[  294.765336][   T24] usb 3-1: config 0 descriptor??
[  294.775733][T12611] netlink: 'syz.0.2766': attribute type 12 has an invalid length.
[  294.777555][   T24] usb 3-1: Found UVC 0.00 device syz (046d:08d3)
[  294.798353][   T24] usb 3-1: No valid video chain found.
[  295.286881][T12632] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2776'.
[  295.558739][T12649] netlink: 'syz.0.2784': attribute type 21 has an invalid length.
[  295.563798][T12649] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2784'.
[  295.808823][T12672] 9pnet_virtio: no channels available for device syz
[  297.446790][ T5905] usb 3-1: USB disconnect, device number 38
[  297.587232][T12707] dns_resolver: Unsupported server list version (0)
[  298.895096][T12754] tmpfs: Bad value for 'usrquota_block_hardlimit'
[  299.008717][   T97] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  299.178440][   T97] usb 3-1: Using ep0 maxpacket: 32
[  299.183110][   T97] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  299.187532][   T97] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  299.192622][   T97] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  299.196587][   T97] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  299.204451][   T97] usb 3-1: config 0 descriptor??
[  299.212189][   T97] hub 3-1:0.0: USB hub found
[  299.417050][   T97] hub 3-1:0.0: 1 port detected
[  299.818839][   T33] audit: type=1326 audit(1755608673.439:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12773 comm="syz.1.2839" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bf2f8ebe9 code=0x7ffc0000
[  299.841989][   T33] audit: type=1326 audit(1755608673.439:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12773 comm="syz.1.2839" exe="/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f3bf2f8ebe9 code=0x7ffc0000
[  299.857419][   T33] audit: type=1326 audit(1755608673.439:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12773 comm="syz.1.2839" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bf2f8ebe9 code=0x7ffc0000
[  299.867102][   T33] audit: type=1326 audit(1755608673.439:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12773 comm="syz.1.2839" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bf2f8ebe9 code=0x7ffc0000
[  299.887594][T12776] libceph: resolve 'c' (ret=-3): failed
[  300.022947][   T97] hub 3-1:0.0: activate --> -90
[  300.436614][ T5905] usb 3-1: USB disconnect, device number 39
[  300.697469][T12821] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2860'.
[  300.713332][T12821] netlink: 43 bytes leftover after parsing attributes in process `syz.1.2860'.
[  300.716556][T12821] netlink: 'syz.1.2860': attribute type 5 has an invalid length.
[  300.738350][T12821] netlink: 43 bytes leftover after parsing attributes in process `syz.1.2860'.
[  301.273630][T12835] cgroup: noprefix used incorrectly
[  301.408472][   T24] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  301.560666][   T24] usb 3-1: config 0 has an invalid interface number: 194 but max is 0
[  301.563696][   T24] usb 3-1: config 0 has no interface number 0
[  301.575365][   T24] usb 3-1: New USB device found, idVendor=2c42, idProduct=16f8, bcdDevice=7d.d2
[  301.588568][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  301.591659][   T24] usb 3-1: Product: syz
[  301.593208][   T24] usb 3-1: Manufacturer: syz
[  301.594887][   T24] usb 3-1: SerialNumber: syz
[  301.605363][   T24] usb 3-1: config 0 descriptor??
[  301.825140][   T24] f81534a_ctrl 3-1:0.194: failed to set register 0x116: -5
[  301.827800][   T24] f81534a_ctrl 3-1:0.194: failed to enable ports: -5
[  301.838305][   T24] f81534a_ctrl 3-1:0.194: probe with driver f81534a_ctrl failed with error -5
[  301.850803][   T24] usb 3-1: USB disconnect, device number 40
[  301.884567][T12867] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  302.847080][T12878] loop2: detected capacity change from 0 to 4096
[  302.896068][T12880] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  302.907202][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-uuid/ab2f6cf2-a99d-4328-b186-08168e7a6b7e.tmp-b7:2' failed: Read-only file system
[  302.929648][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-uuid/ab2f6cf2-a99d-4328-b186-08168e7a6b7e.tmp-b7:2' failed: Read-only file system
[  302.929952][   T33] audit: type=1800 audit(1755608676.549:168): pid=12878 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2887" name="file1" dev="loop2" ino=15 res=0 errno=0
[  303.096676][T12893] loop2: detected capacity change from 0 to 512
[  303.106080][T12893] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  303.117130][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-label/syzkaller.tmp-b7:2' failed: Read-only file system
[  303.143444][T12893] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  303.157526][T12893] ext4 filesystem being mounted at /643/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  303.179642][   T33] audit: type=1800 audit(1755608676.799:169): pid=12893 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2893" name="bus" dev="loop2" ino=16 res=0 errno=0
[  303.729047][ T5852] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  304.014611][T12927] netlink: 3176 bytes leftover after parsing attributes in process `syz.1.2908'.
[  305.715647][T12975] netlink: 256 bytes leftover after parsing attributes in process `syz.1.2929'.
[  307.408337][ T5905] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[  307.568490][ T5905] usb 3-1: Using ep0 maxpacket: 16
[  307.571916][ T5905] usb 3-1: config 0 has an invalid interface number: 64 but max is 0
[  307.574422][ T5905] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  307.580543][ T5905] usb 3-1: config 0 has no interface number 0
[  307.582376][ T5905] usb 3-1: New USB device found, idVendor=0bd3, idProduct=05f4, bcdDevice= 0.5b
[  307.586228][ T5905] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  307.591560][ T5905] usb 3-1: config 0 descriptor??
[  307.607423][ T5905] usb 3-1: Found UVC 0.00 device <unnamed> (0bd3:05f4)
[  307.615156][ T5905] usb 3-1: No valid video chain found.
[  307.802185][ T5905] usb 3-1: USB disconnect, device number 41
[  307.823407][T13028] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  307.826957][T13028] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  308.214828][   T33] audit: type=1326 audit(1755608681.839:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13043 comm="syz.1.2960" exe="/syz-executor" sig=31 arch=c000003e syscall=39 compat=0 ip=0x7f3bf2f85ba7 code=0x0
[  309.127596][T13077] sch_tbf: burst 8256 is lower than device lo mtu (65550) !
[  310.044430][T13103] IPv6: Can't replace route, no match found
[  310.952909][T13116] loop2: detected capacity change from 0 to 32768
[  311.025467][T13116] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,erasure_code,wide_macs,recovery_pass_last=alloc_read,nojournal_transaction_names,read_only
[  311.025495][T13116]   allowing incompatible features above 0.0: (unknown version)
[  311.025503][T13116]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  311.043806][T13116] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0
[  311.047465][T13116] bcachefs (loop2): recovering from clean shutdown, journal seq 10
[  311.051035][T13116] bcachefs (loop2): Version upgrade required:
[  311.051035][T13116] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[  311.051035][T13116] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive
[  311.051035][T13116]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance
[  311.095269][T13116] bcachefs (loop2): accounting_read... done
[  311.105758][T13116] bcachefs (loop2): alloc_read... done
[  311.110424][T13116] bcachefs (loop2): done starting filesystem
[  311.161823][ T5852] bcachefs (loop2): shutting down
[  311.220517][ T5852] bcachefs (loop2): shutdown complete
[  311.994082][T13139] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3004'.
[  313.306838][T13174] loop2: detected capacity change from 0 to 1024
[  313.320232][T13174] EXT4-fs: Ignoring removed orlov option
[  313.323627][T13174] EXT4-fs (loop2): Test dummy encryption mode enabled
[  313.323948][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-label/syzkaller.tmp-b7:2' failed: Read-only file system
[  313.326589][T13174] EXT4-fs (loop2): stripe (7) is not aligned with cluster size (16), stripe is disabled
[  313.340853][T13174] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  313.404098][ T5852] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  313.910539][T13212] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3038'.
[  314.121305][T13232] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3047'.
[  314.216930][T13241] loop2: detected capacity change from 0 to 512
[  314.220765][T13242] kAFS: unable to lookup cell '\/'
[  314.235755][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-label/syzkaller.tmp-b7:2' failed: Read-only file system
[  314.253339][T13241] EXT4-fs (loop2): required journal recovery suppressed and not mounted read-only
[  314.256882][T13244] IPVS: Error joining to the multicast group
[  314.302196][T13249] loop2: detected capacity change from 0 to 256
[  314.305230][T13249] exfat: Deprecated parameter 'namecase'
[  314.307360][T13249] exfat: Deprecated parameter 'utf8'
[  314.322615][T13249] exFAT-fs (loop2): failed to load upcase table (idx : 0x0001043e, chksum : 0xdd084882, utbl_chksum : 0xe619d30d)
[  314.673771][T13269] loop2: detected capacity change from 0 to 4096
[  314.687952][T13269] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512).
[  314.696840][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-label/syzkaller.tmp-b7:2' failed: Read-only file system
[  314.710518][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-uuid/7089678B273CDB5C.tmp-b7:2' failed: Read-only file system
[  314.752805][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-label/syzkaller.tmp-b7:2' failed: Read-only file system
[  314.761451][   T33] audit: type=1800 audit(1755608688.389:171): pid=13269 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.3065" name="file1" dev="loop2" ino=30 res=0 errno=0
[  314.772368][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-uuid/7089678B273CDB5C.tmp-b7:2' failed: Read-only file system
[  314.777931][   T33] audit: type=1800 audit(1755608688.399:172): pid=13273 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.3067" name="file1" dev="tmpfs" ino=6281 res=0 errno=0
[  314.952109][   T33] audit: type=1800 audit(1755608688.569:173): pid=13271 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.3066" name="bus" dev="tmpfs" ino=6083 res=0 errno=0
[  315.444980][T13311] netlink: 'syz.1.3082': attribute type 13 has an invalid length.
[  315.462093][T13311] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  315.803714][T13329] autofs4:pid:13329:validate_dev_ioctl: invalid path supplied for cmd(0xc018937a)
[  316.010740][T13343] loop2: detected capacity change from 0 to 1024
[  316.026572][T13343] EXT4-fs (loop2): first meta block group too large: 33024 (group descriptor block count 1)
[  316.038013][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-label/syzkaller.tmp-b7:2' failed: Read-only file system
[  316.799199][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[  316.801226][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[  317.381051][T13388] overlayfs: failed to clone upperpath
[  317.487980][T13395] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3113'.
[  317.625142][T13384] loop2: detected capacity change from 0 to 32768
[  317.637587][T13384] (syz.2.3108,13384,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  317.643660][T13384] (syz.2.3108,13384,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  317.667530][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-uuid/9357e9d7-5182-4c22-8242-b9b0d0fb6750.tmp-b7:2' failed: Read-only file system
[  317.685543][T13384] JBD2: Ignoring recovery information on journal
[  317.731847][T13384] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  317.768083][   T33] audit: type=1800 audit(1755608691.389:174): pid=13384 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.3108" name="file1" dev="loop2" ino=16978 res=0 errno=0
[  318.203208][T13425] ./file0: Can't open blockdev
[  318.353059][T13431] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3129'.
[  318.363708][ T5852] ocfs2: Unmounting device (7,2) on (node local)
[  318.384449][T13431] ipvlan0: entered promiscuous mode
[  318.387850][T13431] 8021q: adding VLAN 0 to HW filter on device ipvlan0
[  318.978442][ T5920] usb 3-1: new full-speed USB device number 42 using dummy_hcd
[  319.150689][ T5920] usb 3-1: New USB device found, idVendor=04f2, idProduct=1236, bcdDevice= 0.00
[  319.154317][ T5920] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  319.168117][ T5920] usb 3-1: config 0 descriptor??
[  319.596802][ T5920] hid_parser_main: 74 callbacks suppressed
[  319.596823][ T5920] chicony 0003:04F2:1236.0008: unknown main item tag 0x0
[  319.603415][ T5920] chicony 0003:04F2:1236.0008: unknown main item tag 0x0
[  319.606221][ T5920] chicony 0003:04F2:1236.0008: unknown main item tag 0x0
[  319.615627][ T5920] chicony 0003:04F2:1236.0008: unknown main item tag 0x0
[  319.619815][ T5920] chicony 0003:04F2:1236.0008: unknown main item tag 0x0
[  319.641986][ T5920] chicony 0003:04F2:1236.0008: hidraw0: USB HID v1.01 Device [HID 04f2:1236] on usb-dummy_hcd.2-1/input0
[  319.753599][T13478] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3151'.
[  319.757583][T13478] netlink: 43 bytes leftover after parsing attributes in process `syz.1.3151'.
[  319.764818][T13478] netlink: 'syz.1.3151': attribute type 6 has an invalid length.
[  319.768140][T13478] netlink: 'syz.1.3151': attribute type 5 has an invalid length.
[  319.771354][T13478] netlink: 43 bytes leftover after parsing attributes in process `syz.1.3151'.
[  319.801689][ T5920] usb 3-1: USB disconnect, device number 42
[  320.839381][T13550] overlayfs: failed to resolve './file0': -2
[  321.217252][T13552] loop2: detected capacity change from 0 to 32768
[  321.237040][T13552] bcachefs (/dev/loop2): error validating superblock: Invalid superblock section clean: entry type btree_keys overruns end of section
[  321.237040][T13552] clean (size 2912):
[  321.237040][T13552] flags:          0
[  321.237040][T13552] journal_seq:    10
[  321.237040][T13552] usage: type=inodes v=8
[  321.237040][T13552] write_buffer_keys: btree=dirents level=0 u64s 5 type deleted 0:21491613697:0 len 0 ver 4294967296
[  321.237040][T13552] usage: type=reserved v=0
[  321.237040][T13552] usage: type=reserved v=0
[  321.237040][T13552] usage: type=reserved v=0
[  321.237040][T13552] usage: type=reserved v=0
[  321.237040][T13552] data_usage: free: 0/0 []=83888896
[  321.237040][T13552] data_usage: journal: 1/1 [0]=0
[  321.237040][T13552] data_usage: user: 1/1 [0]=32
[  321.237040][T13552] dev_usage: dev=0  
[  321.237040][T13552]   free: buckets=83 sectors=0 fragmented=0
[  321.237040][T13552]   sb: buckets=25 sectors=6152 fragmented=248
[  321.237040][T13552]   journal: buckets=8 sectors=2048 fragmented=0
[  321.237040][T13552]   btree: buckets=11 sectors=2816 fragmented=0
[  321.237040][T13552]   user: buckets=1 sectors=32 fragmented=224
[  321.237040][T13552]   cached: buckets=0 sectors=0 fragmented=0
[  321.237040][T13552]   parity: buckets=0 sectors=0 fragmented=0
[  321.237040][T13552]   stripe: buckets=0 sectors=0 fragmented=0
[  321.237040][T13552]   need_gc_gens: buckets=0 sectors=0 fragmented=0
[  321.237040][T13552]   need_discard: buckets=0 sectors=0 fragmented=0
[  321.237040][T13552] clock: read=0
[  321.237040][T13552] clock: write=1336
[  321.237040][T13552] btree_root: btre
[  321.237194][T13552] bcachefs: bch2_fs_get_tree() error: invalid_sb_clean
[  323.189887][    C1] vcan0: j1939_tp_rxtimer: 0xffff88811299c800: rx timeout, send abort
[  323.196191][    C1] vcan0: j1939_tp_rxtimer: 0xffff888112a98000: rx timeout, send abort
[  323.199604][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88811299c800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  323.205503][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888112a98000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  323.654011][T13619] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  324.081018][T13652] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3233'.
[  324.987931][T13695] loop2: detected capacity change from 0 to 128
[  324.994161][T13695] EXT4-fs (loop2): Test dummy encryption mode enabled
[  325.012277][T13695] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  325.017414][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-uuid/76b65be2-f6da-4727-8c75-0525a5b65a09.tmp-b7:2' failed: Read-only file system
[  325.032325][T13695] ext4 filesystem being mounted at /726/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  325.065836][T13695] fscrypt: AES-256-XTS using implementation "xts(ecb(aes-fixed-time))"
[  325.077260][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-uuid/76b65be2-f6da-4727-8c75-0525a5b65a09.tmp-b7:2' failed: Read-only file system
[  325.107722][ T5852] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  325.437010][T13705] loop2: detected capacity change from 0 to 32768
[  325.452684][T13705] XFS (loop2): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  325.455791][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-uuid/986211a9-7d00-4ebf-a576-e3de63fa2cbd.tmp-b7:2' failed: Read-only file system
[  325.472639][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-uuid/986211a9-7d00-4ebf-a576-e3de63fa2cbd.tmp-b7:2' failed: Read-only file system
[  325.474151][T13705] XFS (loop2): Ending clean mount
[  325.551597][ T5852] XFS (loop2): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  325.724347][T13719] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3258'.
[  325.727954][T13719] netlink: 'syz.2.3258': attribute type 30 has an invalid length.
[  325.738020][T13719] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3258'.
[  325.740355][   T13] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  325.743632][T13719] netlink: 'syz.2.3258': attribute type 30 has an invalid length.
[  325.746767][   T13] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  325.759950][   T13] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  325.763755][   T13] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  327.654449][T13788] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  327.764010][T13776] loop2: detected capacity change from 0 to 32768
[  327.785336][T13776] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  327.796567][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-uuid/d7dc424e-7990-42cb-9f91-9cb7200a101d.tmp-b7:2' failed: Read-only file system
[  327.822775][T13776] XFS (loop2): Ending clean mount
[  327.834259][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-uuid/d7dc424e-7990-42cb-9f91-9cb7200a101d.tmp-b7:2' failed: Read-only file system
[  327.920735][   T33] audit: type=1800 audit(1755608701.549:175): pid=13776 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.3288" name="file1" dev="loop2" ino=6150 res=0 errno=0
[  327.962708][ T5852] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  329.797099][T13861] loop2: detected capacity change from 0 to 2048
[  329.808886][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-label/LinuxUDF.tmp-b7:2' failed: Read-only file system
[  329.814470][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-uuid/1234567812345678.tmp-b7:2' failed: Read-only file system
[  329.824716][T13861] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  329.863362][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-label/LinuxUDF.tmp-b7:2' failed: Read-only file system
[  329.880692][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-uuid/1234567812345678.tmp-b7:2' failed: Read-only file system
[  330.186926][T13865] loop2: detected capacity change from 0 to 32768
[  330.203968][T13865] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.3323 (13865)
[  330.233459][T13865] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  330.237396][T13865] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[  330.243063][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-uuid/395ef67a-297e-477c-816d-cd80a5b93e5d.tmp-b7:2' failed: Read-only file system
[  330.252955][T13865] BTRFS info (device loop2): using free-space-tree
[  330.513879][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-uuid/395ef67a-297e-477c-816d-cd80a5b93e5d.tmp-b7:2' failed: Read-only file system
[  330.514558][ T5852] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  330.936273][T13910] netlink: 'syz.0.3337': attribute type 13 has an invalid length.
[  331.795659][T13926] comedi comedi3: comedi_test: 20263 microvolt, 5 microsecond waveform attached
[  332.012317][T13928] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  332.430744][T13951] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3353'.
[  332.752998][T13956] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  332.977725][T13967] loop2: detected capacity change from 0 to 32768
[  333.043014][T13967] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,metadata_target=invalid label 246,noinodes_use_key_cache,journal_flush_delay=3,journal_reclaim_delay=1000,nocow
[  333.043039][T13967]   allowing incompatible features above 0.0: (unknown version)
[  333.043048][T13967]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  333.057939][T13967] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0
[  333.061457][T13967] bcachefs (loop2): initializing new filesystem
[  333.070748][T13967] bcachefs (loop2): going read-write
[  333.075075][T13967] bcachefs (loop2): marking superblocks
[  333.125128][T13967] bcachefs (loop2): initializing freespace
[  333.130307][T13967] bcachefs (loop2): done initializing freespace
[  333.135253][T13967] bcachefs (loop2): reading snapshots table
[  333.137526][T13967] bcachefs (loop2): reading snapshots done
[  333.153574][T13967] bcachefs (loop2): done starting filesystem
[  333.229739][ T5852] bcachefs (loop2): shutting down
[  333.231438][ T5852] bcachefs (loop2): going read-only
[  333.233076][ T5852] bcachefs (loop2): finished waiting for writes to stop
[  333.235605][ T5852] bcachefs (loop2): flushing journal and stopping allocators, journal seq 6
[  333.265486][ T5852] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 8
[  333.270133][ T5852] bcachefs (loop2): clean shutdown complete, journal seq 9
[  333.273481][ T5852] bcachefs (loop2): marking filesystem clean
[  333.310419][ T5852] bcachefs (loop2): shutdown complete
[  333.387521][T13984] gfs2: gfs2 mount does not exist
[  335.288358][   T24] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[  335.458289][   T24] usb 3-1: Using ep0 maxpacket: 32
[  335.461476][   T24] usb 3-1: config 0 has no interfaces?
[  335.463295][   T24] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00
[  335.466195][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  335.471903][   T24] usb 3-1: config 0 descriptor??
[  335.681804][   T24] usb 3-1: USB disconnect, device number 43
[  336.805020][T14095] batadv_slave_0: entered promiscuous mode
[  336.808130][T14095] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3415'.
[  336.847228][T14095] batadv_slave_0 (unregistering): left promiscuous mode
[  336.850707][T14095] batman_adv: batadv0: Removing interface: batadv_slave_0
[  336.872961][T14099] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3417'.
[  337.161615][T14115] netlink: 104 bytes leftover after parsing attributes in process `syz.0.3427'.
[  337.626568][T14141] syz.0.3437: attempt to access beyond end of device
[  337.626568][T14141] loop1: rw=4096, sector=2, nr_sectors = 2 limit=0
[  337.635359][T14141] EXT4-fs (loop1): unable to read superblock
[  337.718082][T14146] IPVS: sh: TCP 172.20.20.170:0 - no destination available
[  338.664784][T14176] netem: change failed
[  338.716921][T14178] loop2: detected capacity change from 0 to 1024
[  338.757009][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-label/untitled.tmp-b7:2' failed: Read-only file system
[  338.761812][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-uuid/06db47fa-2d76-30cf-a5fe-21149ac7af4a.tmp-b7:2' failed: Read-only file system
[  338.772891][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-label/untitled.tmp-b7:2' failed: Read-only file system
[  338.777290][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-uuid/06db47fa-2d76-30cf-a5fe-21149ac7af4a.tmp-b7:2' failed: Read-only file system
[  338.802207][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-label/untitled.tmp-b7:2' failed: Read-only file system
[  338.818640][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-uuid/06db47fa-2d76-30cf-a5fe-21149ac7af4a.tmp-b7:2' failed: Read-only file system
[  338.837651][   T32] hfsplus: b-tree write err: -5, ino 4
[  338.932494][T14185] trusted_key: syz.0.3456 sent an empty control message without MSG_MORE.
[  340.124285][T14215] hfsplus: unable to find HFS+ superblock
[  340.476987][T14233] loop2: detected capacity change from 0 to 8
[  340.482794][T14233] unable to read inode lookup table
[  340.542412][T14237] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3478'.
[  340.552426][T14237] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3478'.
[  340.554296][T14239] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3479'.
[  340.960844][T14249] loop2: detected capacity change from 0 to 32768
[  340.997375][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-uuid/b1de653c-5ffc-4d88-b33b-244aab9eb3e9.tmp-b7:2' failed: Read-only file system
[  341.013258][T14249] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  341.151946][T14259] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3488'.
[  341.168123][ T5852] ocfs2: Unmounting device (7,2) on (node local)
[  341.208052][T14259] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3488'.
[  342.074897][T14270] loop2: detected capacity change from 0 to 2048
[  342.117018][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-label/LinuxUDF.tmp-b7:2' failed: Read-only file system
[  342.125098][T14270] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  342.134738][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-uuid/1234567812345678.tmp-b7:2' failed: Read-only file system
[  342.162135][   T33] audit: type=1800 audit(1755608715.789:176): pid=14270 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.3491" name="file1" dev="loop2" ino=1415 res=0 errno=0
[  342.171568][T11015] udevd[11015]: symlink '../../loop2' '/dev/disk/by-label/LinuxUDF.tmp-b7:2' failed: Read-only file system
[  342.188779][   T33] audit: type=1800 audit(1755608715.819:177): pid=14270 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.3491" name="file1" dev="loop2" ino=1415 res=0 errno=0
[  342.447132][T14286] netlink: 'syz.2.3498': attribute type 1 has an invalid length.
[  342.451064][T14286] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3498'.
[  342.453996][T14286] nbd: illegal input index 1048576
[  342.747801][T14307] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3510'.
[  342.752783][T14308] loop2: detected capacity change from 0 to 1024
[  342.756302][T14308] EXT4-fs: Ignoring removed nomblk_io_submit option
[  342.800868][T14308] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  342.837142][ T5852] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  342.886839][T14318] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3512'.
[  342.937682][T14320] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  343.379270][T14335] syz.2.3521: attempt to access beyond end of device
[  343.379270][T14335] loop2: rw=0, sector=64, nr_sectors = 8 limit=0
[  343.395454][T14335] syz.2.3521: attempt to access beyond end of device
[  343.395454][T14335] loop2: rw=0, sector=120, nr_sectors = 8 limit=0
[  343.403534][T14335] Mount JFS Failure: -5
[  343.405668][T14335] jfs_mount failed w/return code = -5
[  343.722880][T14356] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3530'.
[  343.740559][T14356] ipvlan2: entered promiscuous mode
[  343.744079][T14356] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  344.358818][   T33] audit: type=1326 audit(1755608717.989:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14342 comm="syz.2.3525" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59f598ebe9 code=0x7fc00000
[  345.501980][T14395] (unnamed net_device) (uninitialized): option ad_actor_sys_prio: mode dependency failed, not supported in mode balance-rr(0)
[  345.723685][T14407] netlink: 'syz.1.3554': attribute type 1 has an invalid length.
[  345.762961][T14407] 8021q: adding VLAN 0 to HW filter on device bond3
[  345.783402][T14407] bond3: (slave bridge4): making interface the new active one
[  345.786968][T14407] bond3: (slave bridge4): Enslaving as an active interface with an up link
[  345.802317][T14407] bond3: (slave vlan0): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened)
[  350.401656][T14525] netlink: 'syz.2.3607': attribute type 2 has an invalid length.
[  350.404697][T14525] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.3607'.
[  350.408050][T14525] nbd: must specify at least one socket
[  350.862450][T14549] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3618'.
[  353.398702][ T5905] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[  353.548710][ T5905] usb 3-1: Using ep0 maxpacket: 16
[  353.566262][ T5905] usb 3-1: New USB device found, idVendor=09c0, idProduct=0201, bcdDevice= a.a4
[  353.575996][ T5905] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  353.587544][ T5905] usb 3-1: Product: syz
[  353.589873][ T5905] usb 3-1: Manufacturer: syz
[  353.596856][ T5905] usb 3-1: SerialNumber: syz
[  353.602619][ T5905] usb 3-1: config 0 descriptor??
[  353.625433][ T5905] dvb-usb: found a 'Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver' in warm state.
[  353.813085][ T5905] gp8psk: usb in 128 operation failed.
[  354.028146][ T5905] gp8psk: usb in 137 operation failed.
[  354.030810][ T5905] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  354.049456][ T5905] dvbdev: DVB: registering new adapter (Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver)
[  354.057550][ T5905] usb 3-1: media controller created
[  354.087173][ T5905] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  354.114233][ T5905] gp8psk_fe: Frontend revision 1 attached
[  354.117078][ T5905] usb 3-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)...
[  354.125329][ T5905] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered.
[  354.196232][ T5905] gp8psk: usb in 138 operation failed.
[  354.201275][ T5905] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver successfully initialized and connected.
[  354.205610][ T5905] gp8psk: found Genpix USB device pID = 201 (hex)
[  354.215019][ T5905] usb 3-1: USB disconnect, device number 44
[  354.360303][ T5905] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receive successfully deinitialized and disconnected.
[  355.071859][T14671] binder: 14664:14671 ioctl 4018620d 0 returned -22
[  355.079076][T14671] binder: 14664:14671 ioctl c0306201 0 returned -14
[  358.101795][T14755] netlink: 'syz.1.3705': attribute type 13 has an invalid length.
[  358.273340][T14749] loop2: detected capacity change from 0 to 32768
[  358.304132][T14749] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  358.334546][T14644] udevd[14644]: symlink '../../loop2' '/dev/disk/by-uuid/b1de653c-5ffc-4d88-b33b-244aab9eb3e9.tmp-b7:2' failed: Read-only file system
[  358.344626][T14749] 
[  358.345659][T14749] ======================================================
[  358.348514][T14749] WARNING: possible circular locking dependency detected
[  358.351319][T14749] syzkaller #0 Not tainted
[  358.353388][T14749] ------------------------------------------------------
[  358.357243][T14749] syz.2.3701/14749 is trying to acquire lock:
[  358.359710][T14749] ffff888130044060 (&ocfs2_file_ip_alloc_sem_key){++++}-{4:4}, at: ocfs2_try_remove_refcount_tree+0xb6/0x320
[  358.364381][T14749] 
[  358.364381][T14749] but task is already holding lock:
[  358.367384][T14749] ffff8881300440f8 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_try_remove_refcount_tree+0xa4/0x320
[  358.371699][T14749] 
[  358.371699][T14749] which lock already depends on the new lock.
[  358.371699][T14749] 
[  358.375847][T14749] 
[  358.375847][T14749] the existing dependency chain (in reverse order) is:
[  358.379431][T14749] 
[  358.379431][T14749] -> #4 (&oi->ip_xattr_sem){++++}-{4:4}:
[  358.382589][T14749]        lock_acquire+0x120/0x360
[  358.384662][T14749]        down_read+0x46/0x2e0
[  358.386608][T14749]        ocfs2_init_acl+0x2f9/0x720
[  358.388730][T14749]        ocfs2_mknod+0x1321/0x2050
[  358.390800][T14749]        ocfs2_create+0x1a5/0x440
[  358.392858][T14749]        path_openat+0x14f4/0x3830
[  358.394947][T14749]        do_filp_open+0x1fa/0x410
[  358.396996][T14749]        do_sys_openat2+0x121/0x1c0
[  358.399212][T14749]        __x64_sys_openat+0x138/0x170
[  358.401403][T14749]        do_syscall_64+0xfa/0x3b0
[  358.403467][T14749]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  358.406080][T14749] 
[  358.406080][T14749] -> #3 (jbd2_handle){++++}-{0:0}:
[  358.409055][T14749]        lock_acquire+0x120/0x360
[  358.411123][T14749]        start_this_handle+0x1fa7/0x21c0
[  358.413416][T14749]        jbd2__journal_start+0x2c1/0x5b0
[  358.415719][T14749]        jbd2_journal_start+0x2a/0x40
[  358.417886][T14749]        ocfs2_start_trans+0x376/0x6d0
[  358.420060][T14749]        ocfs2_mknod+0xe93/0x2050
[  358.422027][T14749]        ocfs2_create+0x1a5/0x440
[  358.424025][T14749]        path_openat+0x14f4/0x3830
[  358.426084][T14749]        do_filp_open+0x1fa/0x410
[  358.428062][T14749]        do_sys_openat2+0x121/0x1c0
[  358.430501][T14749]        __x64_sys_open+0x11e/0x150
[  358.432579][T14749]        do_syscall_64+0xfa/0x3b0
[  358.434538][T14749]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  358.437091][T14749] 
[  358.437091][T14749] -> #2 (&journal->j_trans_barrier){.+.+}-{4:4}:
[  358.440521][T14749]        lock_acquire+0x120/0x360
[  358.442583][T14749]        down_read+0x46/0x2e0
[  358.444467][T14749]        ocfs2_start_trans+0x36a/0x6d0
[  358.446718][T14749]        ocfs2_mknod+0xe93/0x2050
[  358.448700][T14749]        ocfs2_create+0x1a5/0x440
[  358.450665][T14749]        path_openat+0x14f4/0x3830
[  358.452626][T14749]        do_filp_open+0x1fa/0x410
[  358.454610][T14749]        do_sys_openat2+0x121/0x1c0
[  358.456628][T14749]        __x64_sys_open+0x11e/0x150
[  358.458780][T14749]        do_syscall_64+0xfa/0x3b0
[  358.460827][T14749]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  358.463444][T14749] 
[  358.463444][T14749] -> #1 (sb_internal#4){.+.+}-{0:0}:
[  358.466487][T14749]        lock_acquire+0x120/0x360
[  358.468523][T14749]        ocfs2_start_trans+0x26b/0x6d0
[  358.470777][T14749]        ocfs2_write_begin_nolock+0x1ca6/0x4340
[  358.473313][T14749]        ocfs2_write_begin+0x1bb/0x310
[  358.475537][T14749]        generic_perform_write+0x2c5/0x900
[  358.477926][T14749]        ocfs2_file_write_iter+0x157a/0x1d10
[  358.480376][T14749]        vfs_write+0x5c9/0xb30
[  358.482344][T14749]        ksys_write+0x145/0x250
[  358.484340][T14749]        do_syscall_64+0xfa/0x3b0
[  358.486407][T14749]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  358.489002][T14749] 
[  358.489002][T14749] -> #0 (&ocfs2_file_ip_alloc_sem_key){++++}-{4:4}:
[  358.492547][T14749]        validate_chain+0xb9b/0x2140
[  358.494731][T14749]        __lock_acquire+0xab9/0xd20
[  358.496874][T14749]        lock_acquire+0x120/0x360
[  358.498928][T14749]        down_write+0x96/0x1f0
[  358.500893][T14749]        ocfs2_try_remove_refcount_tree+0xb6/0x320
[  358.503539][T14749]        ocfs2_truncate_file+0xda0/0x1420
[  358.505877][T14749]        ocfs2_setattr+0x1520/0x1b40
[  358.508020][T14749]        notify_change+0xb36/0xe40
[  358.510117][T14749]        do_truncate+0x1a4/0x220
[  358.512140][T14749]        path_openat+0x306c/0x3830
[  358.514252][T14749]        do_filp_open+0x1fa/0x410
[  358.516321][T14749]        do_sys_openat2+0x121/0x1c0
[  358.518454][T14749]        __x64_sys_openat+0x138/0x170
[  358.520677][T14749]        do_syscall_64+0xfa/0x3b0
[  358.522737][T14749]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  358.525341][T14749] 
[  358.525341][T14749] other info that might help us debug this:
[  358.525341][T14749] 
[  358.529458][T14749] Chain exists of:
[  358.529458][T14749]   &ocfs2_file_ip_alloc_sem_key --> jbd2_handle --> &oi->ip_xattr_sem
[  358.529458][T14749] 
[  358.534996][T14749]  Possible unsafe locking scenario:
[  358.534996][T14749] 
[  358.537995][T14749]        CPU0                    CPU1
[  358.540160][T14749]        ----                    ----
[  358.542349][T14749]   lock(&oi->ip_xattr_sem);
[  358.544254][T14749]                                lock(jbd2_handle);
[  358.546917][T14749]                                lock(&oi->ip_xattr_sem);
[  358.549774][T14749]   lock(&ocfs2_file_ip_alloc_sem_key);
[  358.552027][T14749] 
[  358.552027][T14749]  *** DEADLOCK ***
[  358.552027][T14749] 
[  358.555244][T14749] 3 locks held by syz.2.3701/14749:
[  358.557367][T14749]  #0: ffff888030d2e428 (sb_writers#14){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[  358.561097][T14749]  #1: ffff8881300443c0 (&sb->s_type->i_mutex_key#21){+.+.}-{4:4}, at: do_truncate+0x171/0x220
[  358.565297][T14749]  #2: ffff8881300440f8 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_try_remove_refcount_tree+0xa4/0x320
[  358.569740][T14749] 
[  358.569740][T14749] stack backtrace:
[  358.572137][T14749] CPU: 0 UID: 0 PID: 14749 Comm: syz.2.3701 Not tainted syzkaller #0 PREEMPT(full) 
[  358.572156][T14749] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  358.572167][T14749] Call Trace:
[  358.572175][T14749]  <TASK>
[  358.572186][T14749]  dump_stack_lvl+0x189/0x250
[  358.572210][T14749]  ? __pfx_dump_stack_lvl+0x10/0x10
[  358.572227][T14749]  ? __pfx__printk+0x10/0x10
[  358.572249][T14749]  ? print_lock_name+0xde/0x100
[  358.572271][T14749]  print_circular_bug+0x2ee/0x310
[  358.572296][T14749]  check_noncircular+0x134/0x160
[  358.572317][T14749]  validate_chain+0xb9b/0x2140
[  358.572340][T14749]  __lock_acquire+0xab9/0xd20
[  358.572362][T14749]  ? ocfs2_try_remove_refcount_tree+0xb6/0x320
[  358.572381][T14749]  lock_acquire+0x120/0x360
[  358.572401][T14749]  ? ocfs2_try_remove_refcount_tree+0xb6/0x320
[  358.572424][T14749]  down_write+0x96/0x1f0
[  358.572447][T14749]  ? ocfs2_try_remove_refcount_tree+0xb6/0x320
[  358.572464][T14749]  ? __pfx_down_write+0x10/0x10
[  358.572486][T14749]  ocfs2_try_remove_refcount_tree+0xb6/0x320
[  358.572503][T14749]  ? __pfx_ocfs2_try_remove_refcount_tree+0x10/0x10
[  358.572519][T14749]  ? up_write+0x1c4/0x420
[  358.572535][T14749]  ocfs2_truncate_file+0xda0/0x1420
[  358.572585][T14749]  ? __pfx_ocfs2_truncate_file+0x10/0x10
[  358.572607][T14749]  ? do_raw_spin_unlock+0x4d/0x240
[  358.572626][T14749]  ? _raw_spin_unlock+0x28/0x50
[  358.572642][T14749]  ? ocfs2_inode_lock_tracker+0x3ec/0x660
[  358.572658][T14749]  ? __pfx_ocfs2_inode_lock_tracker+0x10/0x10
[  358.572672][T14749]  ? ocfs2_rw_lock+0x13a/0x240
[  358.572684][T14749]  ? __pfx___dquot_initialize+0x10/0x10
[  358.572699][T14749]  ? __pfx_ocfs2_rw_lock+0x10/0x10
[  358.572710][T14749]  ? setattr_prepare+0x1e7/0xac0
[  358.572729][T14749]  ? jbd2_journal_begin_ordered_truncate+0xbb/0x150
[  358.572750][T14749]  ocfs2_setattr+0x1520/0x1b40
[  358.572775][T14749]  ? __pfx_ocfs2_setattr+0x10/0x10
[  358.572792][T14749]  ? ktime_get_coarse_real_ts64_mg+0x52/0x1e0
[  358.572806][T14749]  ? seqcount_lockdep_reader_access+0x175/0x1c0
[  358.572822][T14749]  ? ktime_get_coarse_real_ts64_mg+0x1be/0x1e0
[  358.572835][T14749]  ? current_time+0x222/0x370
[  358.572847][T14749]  ? evm_inode_setattr+0x1b6/0x7d0
[  358.572861][T14749]  ? __pfx_current_time+0x10/0x10
[  358.572874][T14749]  ? try_break_deleg+0x79/0x130
[  358.572889][T14749]  ? __pfx_ocfs2_setattr+0x10/0x10
[  358.572906][T14749]  notify_change+0xb36/0xe40
[  358.572923][T14749]  do_truncate+0x1a4/0x220
[  358.572940][T14749]  ? __pfx_do_truncate+0x10/0x10
[  358.572954][T14749]  ? apparmor_file_truncate+0x23e/0x2d0
[  358.572975][T14749]  path_openat+0x306c/0x3830
[  358.572989][T14749]  ? arch_stack_walk+0xfc/0x150
[  358.573009][T14749]  ? stack_depot_save_flags+0x40/0x860
[  358.573029][T14749]  ? __pfx_path_openat+0x10/0x10
[  358.573042][T14749]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  358.573065][T14749]  do_filp_open+0x1fa/0x410
[  358.573079][T14749]  ? __lock_acquire+0xab9/0xd20
[  358.573098][T14749]  ? __pfx_do_filp_open+0x10/0x10
[  358.573120][T14749]  ? _raw_spin_unlock+0x28/0x50
[  358.573135][T14749]  ? alloc_fd+0x64c/0x6c0
[  358.573158][T14749]  do_sys_openat2+0x121/0x1c0
[  358.573173][T14749]  ? __se_sys_futex+0x36f/0x400
[  358.573190][T14749]  ? __pfx_do_sys_openat2+0x10/0x10
[  358.573205][T14749]  ? rcu_is_watching+0x15/0xb0
[  358.573218][T14749]  __x64_sys_openat+0x138/0x170
[  358.573233][T14749]  do_syscall_64+0xfa/0x3b0
[  358.573252][T14749]  ? lockdep_hardirqs_on+0x9c/0x150
[  358.573267][T14749]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  358.573281][T14749]  ? exc_page_fault+0x9f/0xf0
[  358.573308][T14749]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  358.573327][T14749] RIP: 0033:0x7f59f598ebe9
[  358.573347][T14749] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  358.573362][T14749] RSP: 002b:00007f59f677b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  358.573377][T14749] RAX: ffffffffffffffda RBX: 00007f59f5bb5fa0 RCX: 00007f59f598ebe9
[  358.573391][T14749] RDX: 000000000000275a RSI: 0000200000000140 RDI: ffffffffffffff9c
[  358.573400][T14749] RBP: 00007f59f5a11e19 R08: 0000000000000000 R09: 0000000000000000
[  358.573411][T14749] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  358.573419][T14749] R13: 00007f59f5bb6038 R14: 00007f59f5bb5fa0 R15: 00007fff9adc1e68
[  358.573435][T14749]  </TASK>
[  358.816726][ T5852] ocfs2: Unmounting device (7,2) on (node local)

VM DIAGNOSIS:
13:05:32  Registers:
info registers vcpu 0

CPU#0
RAX=000000000000002d RBX=000000000000002d RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000001f1a RDI=0000000000001f1b RBP=00000000000003f8 RSP=ffffc90009e16850
R8 =ffff888107298237 R9 =1ffff11020e53046 R10=dffffc0000000000 R11=ffffffff854eff70
R12=dffffc0000000000 R13=ffffffff99af98e6 R14=ffffffff99dee3a0 R15=0000000000000000
RIP=ffffffff854effec RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f59f677b6c0 ffffffff 00c00000
GS =0000 ffff8880b861c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b32c16ff8 CR3=000000010760e000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ffffffffffffffff ffffff0000000000 XMM01=0101010101010101 0101010000000000
XMM02=695f746e756f6d5f 7a79730032736667 XMM03=75663d79636e6572 65686f632c6c6c75
XMM04=692c736b636f6c66 6c61636f6c2c6c6c XMM05=0000000000000000 00007f59f677a6e0
XMM06=00007f59f677a6e0 00007f59f677a560 XMM07=00007f59f677a5a0 00007f59f677a580
XMM08=0000000000000000 00001b7d1475bf98 XMM09=0000000000000000 00007f59f5a12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=ffffffff81b44deb RBX=1ffff11009608341 RCX=ffff8881057e5640 RDX=0000000000000000
RSI=0000000000000001 RDI=0000000000000000 RBP=ffffc9000177f7e0 RSP=ffffc9000177f660
R8 =ffffffff8fa37e37 R9 =1ffffffff1f46fc6 R10=dffffc0000000000 R11=fffffbfff1f46fc7
R12=ffff88804b041a08 R13=dffffc0000000000 R14=ffff88813663b1c0 R15=0000000000000000
RIP=ffffffff81b44dd3 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c1c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007ffb28c53000 CR3=000000000df36000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=00007ffb33ad75a0 00007ffb33ad7580
XMM02=00007ffb33ad76e0 00007ffb33ad7560 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00007ffb33ad75a0 XMM05=0000000000000000 00007ffb33ad76e0
XMM06=00007ffb33ad76e0 00007ffb33ad7560 XMM07=00007ffb33ad75a0 00007ffb33ad7580
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 00007ffb32c12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
