last executing test programs:

2m19.903626564s ago: executing program 4 (id=117):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x3, 0x3, &(0x7f0000000300)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x80000001}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r0, 0x0, 0xe, 0x0, &(0x7f00000002c0)="e02742e86c0d85ff9782762f0800", 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

2m18.995208636s ago: executing program 4 (id=124):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=@newlink={0x20, 0x10, 0x503, 0xfffffffe, 0x0, {0x0, 0x0, 0x0, 0x0, 0x1}}, 0x20}}, 0x4040000)
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_udp_int(r0, 0x11, 0x1, &(0x7f0000000080)=0x16, 0x4)
sendmmsg$inet6(r0, &(0x7f0000000740)=[{{&(0x7f0000000100)={0x2, 0x4e21, 0x0, @empty}, 0x1c, 0x0}}], 0x300, 0x0)

2m18.931725888s ago: executing program 4 (id=126):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
sendmmsg$inet(r0, &(0x7f00000009c0)=[{{&(0x7f0000000040)={0x2, 0x4e21, @loopback}, 0x10, 0x0}}], 0x1, 0x2404c044)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r1, 0xffffffffffffffff, 0x0)

2m18.789895183s ago: executing program 4 (id=127):
syz_mount_image$jfs(&(0x7f0000000000), &(0x7f0000005d40)='./file0\x00', 0x14040, &(0x7f0000001e40)=ANY=[], 0xff, 0x5e92, &(0x7f0000018400)="$eJzs3U1vHVf9B/DfffD1Q/9No+qvKkQs3BRKS2nzHChPTVl0AQuQUNckct0qkAJKAqJVRFxlgdgALwE23bDoW+AF9DUgXgCRbFZdUAaNfU4yHl/nOiS+c6/P5yM5M785d3zP5Ovx3OuZuScAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgPj+Wz8+24uIK79OC45H/F8MIvoRy3W9GvXM5fz4YUSciO3meC4iBosR9frb/zwTcSEiPj0Wsbl1e61efO6A/bh45taNz3/wvb//7o93T/z0nZ983G7/0f+f/+T3dyKO//D1Tz6/82S2HQAAAEpRVVXVS2/zT6b39/2uOwUATEU+/ldJXq5Wq9XqJ1r/oT9b/VEXWjdV491pFhGx0Vynfs3gdDwAzJmN+KzrLtAh+RdtGBFPdd0JYKb1uu4Ah2Jz6/ZaL+Xbax4PVnfa898pd+W/0bt/f8d+00na15hM6+frbgzi2X36szylPsySnH+/nf+VnfZRetxh5z8t++U/2rn1qTg5/0E7/5Zd+f8pIuY2//7Y/EuV8x8+Sv4bgzne/+UPAAAAAMDRl//+f7zj87+Lj78pB/Kw87+rU+oDAAAAAAAAADxpjzv+333G/wMAAICZVb9Xr/352INl+30WW7387V7E063HA4VZbXw4IAAAAAAAAAAAAAAwHcOIlXRd/0JEPL2yUlVV/dXUrh/V464/70rffihZ17/kAQBgx6fHWvfy9yKWIuLt9Fl/CysrK1W1tLxSrVTLi/n17GhxqVpuvK/N03rZ4ugAL4iHo6r+ZkuN9ZomvV+e1N7+fvVzjarBATo2HR0GDgARsXM02nREOmKq6pno+lUO88H+f/TY/zmIrn9OAQAAgMNXVVXVSx/nfTKd8+933SkAYCry8b99XkCtVqvVavXRq5uq8e40i4jYaK5Tv2YwHD8AzJmN+KzrLtAh+RdtGBEnuu4EMNN6XXeAQ7G5dXutl/LtNY8Hqzvt+VqQXflv9LbXy+uPm07SvsZkWj9fd2MQz+7Tn+em1IdZkvPvt/O/stOeh/g/7PynZb/86+083kF/upbzH7Tzbzk6+ffH5l+qnP/wkfIfyB8AAAAAAGZY/vv/ced/8yYDAAAAAAAAwNzZ3Lq9lu97zef/vzjmcb3mnPs/j4ycf+/A+bv/9yjJ+ffb+bcuyBk05u+9+SD/f23dXvv41j+/kKczn//CYFQ/90KvPxima36qhXfjWlyP9Tiz5/HDXe1n97Qv7Go/N6H9/J72Ud2+vN3+Vl2vxS/ierxzv31xwoVRSxPaqwntOf+B/b9IOf9h46vOfyW191rT2r2P+nv2++Z03PNc/uu/X9y7d03f3Rjc37amevtOddCf7f+Tp0bxq5vrN177zdVbt26cjTTZtfRcpMkTlvNfSF85/5de2GnPv/eb++u9j0aPnP+suBvDffN/oTFfb+/LU+5bF3L+o/SV889HoPH7/zznv//+/0oH/QEAAAAAAAAAAAAAAICHqapq+xbRyxFxKd3/09W9mQDAdOXjf5Xk5erp1Usz1h+1Wq1WH926qRrvjWYREX9rrlO/ZvjtuG8GAMyy/0TEP7ruBJ2Rf8Hy5/3V0y913Rlgqm5+8OHPrl6/vn7jZtc9AQAAAAAAAAD+V3n8z9XG+M/b1wG1xo3eNf7rm7E6t+N/9keD7bHO0wY9Hw8f//tUPHz87+GE51uY0D6a0L44oX1pQvvYGz0acv7Pp4xz/ifThpU0/utLHfSnazn/U2ms55z/V1qPa+Zf/WWe8+/vyv/0rfd/efrmBx++eu39q++tv7f+87NnLl04f/HC+YsXT7977fr6mZ1/O+zx4cr557GvXQdalpx/zlz+Zcn5fznV8i9Lzv/FVMu/LDn//HpP/mXJ+ef3PvIvS87/5VTLvyw5/6+mWv5lyfm/kmr5lyXn/7VUy78sOf9XUy3/suT8X0u1/MuS8z+davmXJeefz3DJvyw5/3xlg/zLkvM/l2r5lyXnfz7V8i9Lzv9CquVflpz/xVTLvyw5/0upln9Zcv5fT7X8y5Lz/0aq5V+WnP/rqZZ/WXL+30y1/MuS8/9WquVflpz/t1Mt/7Lk/L+TavmXJef/3VTLvyw5/zdSLf+yPPj8fzNmzJjJM13/ZgIAAAAAAAAAAAAA2qZxOXHX2wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/JcdOBAAAAAAAPJ/bYSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoq7MCBAAAAAACQ/2sjVFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWHvXmPkKu/7gZ+92WtDgv+BcIsDtrkZWNhd38AhBpOE/CnphZKQNi2pcbxrs4lv9e5yEyqbQluiIBWpVUVfNE2iNIrUVqAqaqlEIqRGat81rxrxJmqlvPALqByUVEoV2OrMPM+zM7Ozc9aXsWfO+XyQ/fPunJl55syZ2fku+s4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0Gjzx6f/ZCDLsvxP7a8NWXZx/u912d78y4VdF3qFAAAAwNl6t/b3312SvrF3FWdq2OZfr/n37y4uLi5mX3jn5Ht/triYTtiUZUNrs6x2WvRvv/j5YuM2wXPZ6MBgw9eDBVc/VHD6cMHpIwWnryk4fW3B6aMFpy/bAcusq/8+pnZh19f+uaG+S7PLspHaade3OddzA2sHB+PvcmoGaudZHDmYzWSHs+lsYtl5Bmr/Zdnrm/Pruj+L1zXYcF0bsyw79dNnDsQ1DIR9fH3WdGU1jffd2/dmm9756TMHvj331lXtZuFuWLbSLNu6JV/n81m29OuqbCBbm/ZJXOdgwzo3tlnnUNM6B2rny//dus5Tq1xnvN2jYZ0/7LDOjeF7T16XZdlCtuI2rZ7LBrP1Ldea9vdo/YjILyO/Kz+QDZ/WcbJ5FcdJfp6fXNd8nLQek3H/bw77ZHiFNTTeHW9/ec2y/X6mx0l+q3vhWM0v+8H8SkdHG3+12nSs5ts8c8PKx0Db+67NMZCO5YZjYEvRMTC4Zqh2DAwurXlL0zEwuew8g9lA7bpO3tD5GBifO3J8fPapp2+bObL/0PSh6aOTE7t2bN+5Y/vOneMHZw5PT9T/Pr1d2kfWZ4PpGNwSnmviMXhTy7aNh+TiN87d42C0Rx4H+W3/zI35gi4ezFY4xvNtnt969o+D9HO/4XEw3PA4aPuc2uZxMLyKx0G+zamtq/uZOdzwp90auvVcuKHhGLiQPw/z63zk5pWfCzeGdb1wy+n+PBxadgzEmzUQHnv5d9LrvdE7w35ZflxcnZ9w0Zpsfnb6xO1P7p+bOzGZhXFeXNpwX7UeL+sbblO27HgZPO3jZe/f/vLGq9t8f0PYV6O3dr6v8m12jHW+r2rP7u33Z9N3t2VhnGPne3+2+2mW78+UJTrsz3yb5287+9eCKZc0PP+NFD3/DY0M15//htLeGGl6/lt+1wzVVpZlp25b3fPfSPhzvp//LuuR5798Xz1ye+djIN/mhfHTPQaGOz7/XRfmQFjPzSExjDbk/vdqpy/UD9OG+7LwuBkeHgnHzXC8xubjZvuy8+SXll/31okzO262Xtd8XzW9binhcZPvqz+f6Hzc5Nu8MXn2zx3r4j8bnjvWFB0DI0Nr8vWOpIOg/ny3uC4eA7dnB7Jj2eFsKp0nv5fz6xrbtrpjYE34c76fO67skWMg31cvb+t8DOTb/GD7uX3ttDV8J23T8Nqp9fcLK2X+q4eXLq91t53rzJ+v8xM7Ov9uKN/mrR2nmzM676dbw3cuarOfWh8/Kx3TU9n52U9XhnUe3tn5d1P5NpftWuXxtDfLsjcn36z9viv8fvcf5v/ju02/9233O+U3J998YPyhH53O+gEAOHPv1f5eWFN/rdnwf6xX8///AQAAgL4Qc/9gmIn8DwAAAKURc/9QmIn8DwAAAKURc/9wmElF8v9jd+5+5d1ns/RugItBPD3uhgfvrm8XO94L4etNi0vy73/sWyOvfOXZ1V33YJZlv3zgQ223f+zuuK6643GdH2n+/jJXXruq63/04aXtGt8/4dTu+uXH27PawyB2lV8f31a73E1PTdbmGw9ktfnQwgvP1S+//nXc/uT2+vZ/Fd60ZO/Bgabzbw3ruT7MTeE9ZR7cu7Qf8hnP98rGa/7l0s8uXV8838CW99du5st/UL/c+B5RL11a3z7e7pXW/72vfueVfPsnb2i//mcH26//ZLjcn4T5iz317Rv3+Vca1v9HYf3x+uL5bv/m99uu/9Ur6tu/Go6Lr4fZuv57//TD77a7v+L17L2rfr54/RP/s6N2vnh58fJb1z/67GTT/mi9/DfeqV/Onsd/NtS4ffx+vJ7o0buaj++BcP829cizLPvOH2dN+zn7aP18/9yy/nh5x+9qv/5bW9Z5fODa2vmXbs+Gptv1tb/Z1vb2xvXs/fsNTbfnpfvC/ntn/Af55Z58KByP4fT//WH98lrfy/TV+5qfb+L2X99Qf9zGyxtvWf9LLetfuDbfd8Xrv/+d+vpfvWdt0/r3fjIcT/fXZ9H6D/31JU3n/8a36/fHiSfGjh6bnZ+ZatirjY/jtaPr1l908fvef0l4Lm39et+xucemT2ya2DSRZZv68C0Du73+b4b53/WxcO6voe5HP6sfdy9+qv5z66af179+KXz/0XB/xp+PX/vLkabjtfV+X7inPs92/beEdazWFV/9r2tXteHJz78+/09/+Fbr64J4e45/cLR2+17efHnttIE36qe3Pl8V+c8PNj+ufzw8UZuvhf26GN6Zecvl9etrvfz43iQvfrr++I2v5OL5s5b3E9kw1Hw7znb9Pw6vY75/ZfPzXzw+Xnu25d2cN2QD+RIWwvNDtlA/PW4V9/eLpy5ve33xfXiyhatOZ5krmn1qdvzwzNH5J8fnpmfnxmefenrfkWPzR+f21d67dN8Xi86/9PheX3t8T03v2pHVHu3H6qPLLvT6jz98YOqOiRunpg/unz849/Dx6ROHDszOHpiemr1x/8GD008UnX9mas/ktt3b79g2dmhmas+du3dv3z02c/RYvoz6ogrsmvjS2NET+2pnmd2zY/fkzp07JsaOHJua3nPHxMTYfNH5az+bxvJzPz52Yvrw/rmZI9NjszNPT++Z3L1r17bCd388cvzg7KbxE/NHx+dnp0+M12/Lprnat/OffUXnpxpmj4XnuxYD4dX5527dld4fN/etL694UfVNml+eZm+H94KKP9+Kvo65fyTMpCL5HwAAAKog5v7wxv9LJ8j/AAAAUBox968NM5H/AQAAoDRi7h8NM6lI/tf/1//X/1+h//+P39P/1//X/z8H9P/1/zvR/9f/7+f16//r/1Os1/r/Mfevy7JK5n8AAACogpj714eZyP8AAABQGjH3XxRmIv8DAABAacTcf3GYSTXy/0jrP/X/9f/1/xs//z9uq/+f6f/r/58h/X/9/070/0vc/39v8Jys8YKtvz/7/+v0/+k1vdb/j7n/fWEm1cj/AAAAUAkx978/zET+BwAAgNKIuf+SMBP5HwAAAEoj5v4NYSYVyf8+/1//X/+/U//f5/830v/X/z8T+v/6/53o/5e4/+/z/33+P/Rg/z/m/v8XZlKR/A8AAABVEHP/B8JM5H8AAAAojZj7Lw0zkf8BAACgNGLuvyzMpCL5X/9f/1//X/9f/1//v5v0//X/O9H/1//v5/Xr/+v/U6zX+v8x938wzKQi+R8AAACqIOb+y8NM5H8AAAAojZj7rwgzkf8BAACgNGLuvzLMpCL5X/9f/1//X/9f/1//v5v0//X/O9H/1//v5/Xr/+v/U6zX+v8x918VZlKR/A8AAABVEHP/1WEm8j8AAACURsz9Hwozkf8BAACgNGLu3xhmUpH8r/+v/6//r/+v/6//30391f8fXPEU/f86/f9m+v/6/+es/5+/FNf/p4R6rf8fc/+Hw0wqkv8BAACgCmLuvybMRP4HAACA0oi5/9owE/kfAAAASiPm/k1hJhXJ//r/+v/6/73c/6/f0mr2/1/7i9b9qf+v/9+Oz//X/8/0/8/Yhe7P9/v6ff6//j/Feq3/H3P/5jCTiuR/AAAAqIKY+7eEmcj/AAAAUBox918XZiL/AwAAQGnE3H99mElF8r/+v/6//n8v9/99/n+m/6//X0D/X/8/0/8/Yxe6P9/v69f/X13/f03RBVFq57H/P5ytov8fc/8NYSYVyf8AAABQBTH33xhmIv8DAABAacTcf1OYifwPAAAApRFz/9Ywk4rkf/1//X/9f/1//X/9/27S/9f/70T/X/+/n9ev/+/z/ynWa5//H3P/zWEmFcn/AAAAUAUx998SZiL/AwAAQGnE3H9rmIn8DwAAAKURc/9YmElF8r/+v/6//r/+v/6//n83lbX/n55H9f/1//X/9f/1//X/WVGv9f9j7r8tzKQi+R8AAACqIOb+28NM5H8AAAAojZj7x8NM5H8AAAAojZj7J8JMKpL/9f/1//X/9f/1//X/u6ms/X+f/6//n+n/6//r/+v/U6jX+v8x90+GmVQk/wMAAEAVxNy/LcxE/gcAAIDSiLl/e5iJ/A8AAAClEXP/jjCTiuR//X/9f/1//X/9f/3/btL/1//vRP9f/7+f16//r/9Ps8E23+u1/n/M/TvDTCqS/wEAAKAKYu7fFWYi/wMAAEBpxNx/R5iJ/A8AAAClEXP/nWEmFcn/+v/6//r/+v/6//r/3aT/r//fif6//n8/r1//X/+fYr3W/4+5f3eYSUXyPwAAAFRBzP0fCTOR/wEAAKA0Yu6/K8xE/gcAAIC+0u5zCKOY+z8aZlKR/K//X/b+/+Ja/X/9f/3/zuvX/+8u/X/9/070//X/+3n9+v/6/xTrtf5/zP17wkwqkv8BAACgCmLuvzvMRP4HAACA0oi5/54wE/kfAAAASiPm/r1hJhXJ//r/Ze//+/x//X/9/6L16/93l/6//n8n+v/92f8PL1v0/3uo/58fQ/r/9KJe6//H3H9vmElF8j8AAABUQcz9Hwszkf8BAACgNGLu/3iYifwPAAAApRFz/yfCTCqS//X/9f/1//X/9f/1/7tJ/1//vxP9//7s/0f6/73T//f5//SqXuv/x9x/X5hJRfI/AAAAVEHM/Z8MM5H/AQAAoDRi7v//YSbyPwAAAJRGzP33h5lUJP/r/+v/6//r/+v/6/93k/6//n8n+v/6//28fv1//X+K9Vr/P+b+XwkzqUj+BwAAgCqIuf+BMBP5HwAAAEoj5v5PhZnI/wAAAFAaMff/aphJRfK//v/56f8PpsvX/9f/1//X/9f/P5f0//X/M/3/M3ah+/P9vn79f/1/ivVa/z/m/l8LM6lI/gcAAIAqiLn/18NM5H8AAAAojZj7fyPMRP4HAACA0oi5/8Ewk4rkf/1/n/+v/6//r/+v/99N+v/6/53o/+v/9/P69f/1/ynWa/3/mPt/M8ykIvkfAAAAqiDm/ofCTOR/AAAAKI2Y+z8dZiL/AwAAQGnE3P+ZMJOK5H/9f/1//X/9f/1//f9u0v/X/+9E/1//v5/Xr/+v/0+xXuv/x9z/cJhJRfI/AAAAVEHM/Z8NM5H/AQAAoDRi7v+tMBP5HwAAAEoj5v7fDjOpSP7X/9f/1//X/9f/1//vJv3/5f3//DnsQvb/16xmQ/3/VdH/1//X/9f/p7Ne6//H3P+5MJOK5H8AAACogpj7fyfMRP4HAACA0oi5/3fDTOR/AAAAKI2Y+x8JM6lI/tf/1//X/9f/1//vdv//Df1//X+f/78C/X/9/35ev/6//j/Feq3/H3P/58NMKpL/AQAAoApi7v+9MBP5HwAAAEoj5v59YSbyPwAAAJRGzP2PhplUJP/r/+v/X7D+fziP/v/S+fT/w/1auv6/z//X/9f/X4n+v/5/P69f/1//n2K91v+PuX9/mElF8j8AAABUQcz9Xwgzkf8BAACgNGLuPxBmIv8DAABAacTcPxVmUpH8r/+v/+/z//X/9f/1/7tJ/1//vxP9f/3/fl6//r/+P8V6rf8fc/90mElF8j8AAABUQcz9B8NM5H8AAAAojZj7D4WZyP8AAABQGjH3PxZmUpH8r/+v/6//r/+v/6//3036//r/nej/6//38/r1//X/KdZr/f+Y+2fCTCqS/wEAAKAKYu7/YpiJ/A8AAAClEXP/l8JM5H8AAAAojZj7D4eZVCT/6//r/+v/6/+36//XD0n9f/3/s6f/r//fif6//n8/r1//X/+fYr3W/4+5/0iYSUXyPwAAAFRBzP1Hw0zkfwAAACiNmPuPhZnI/wAAAFAaMfcfDzOpSP7X/9f/1//X//f5//r/3aT/r//fif6//n8/r1//X/+fYr3W/4+5//fDTCqS/wEAAKAKYu4/EWYi/wMAAEBpxNw/G2Yi/wMAAEBpxNw/F2ZSmP/XdXFV54/+v/6//r/+v/6//n836f/r/3ei/6//38/r1//X/6dYr/X/Y+6fDzPx//8BAACgNGLufzzMRP4HAACA0oi5/4kwE/kfAID/Y++udwW7qjiO35a0JSGEZ+EJeASegbfA3Yq7u7u7u7u7OxSKa1ICd601ZTrdZ+xw99nr8/lnBTrt7Mz965fJNweAZeTuv2fc0mT/6//1//r/afr/085P/6//1/9fEv2//v9E/3/ZzrqfP/r79f/6f7bN1v/n7r9X3NJk/wMAAEAHufvvHbfY/wAAALCM3P33iVvsfwAAAFhG7v77xi1N9r/+X/+v/5+m//f9//y56v/1/5dA/6//P9H/X7az7ueP/n79v/6fbbP1/7n77xe3NNn/AAAA0EHu/vvHLfY/AAAALCN3/wPiFvsfAAAAlpG7/4FxS5P9r//X/+v/9f/6f/3/nvT/+v8R/b/+/8jv1//r/9k2W/+fu/9BcUuT/Q8AAAAd5O5/cNxi/wMAAMAycvc/JG6x/wEAAGAZufsfGrc02f/6f/2//l//r//X/+9J/6//H9H/6/+P/H79v/6fbbP1/7n7Hxa3NNn/AAAA0EHu/ofHLfY/AAAALCN3/yPiFvsfAAAAlpG7/5FxS5P9r//X/+v/9f/6f/3/nvT/+v8R/b/+/8jv1//r/9m2e/9/9xv/ey+2/8/df2Pc0mT/AwAAQAe5+x8Vt9j/AAAAsIzc/Y+OW+x/AAAAWEbu/sfELU32v/5f/3+u/7/lGv2//l//f+7/1/9fHfp//f+I/n/W/v/i/iT0//p//T9bdu//N3r/8/937v7Hxi1N9j8AAAB0kLv/cXGL/Q8AAADLyN3/+LjF/gcAAIBl5O5/QtzSZP/r//X/vv+v/9f/6//3pP/X/4/o/2ft/33//0r7/7tdxPv1/3QwW/+fu/+JcUuT/Q8AAAAd5O5/Utxi/wMAAMAycvc/OW6x/wEAAGAZufufErc02f/6f/2//l//r//X/+9J/6//H9H/6/+P/H7f/9f/s222/j93/1Pjlib7HwAAADrI3f+0uMX+BwAAgGXk7n963GL/AwAAwDJy9z8jbmmy//X/+n/9v/7/ivr/O+j/9f9j+n/9/4j+X/9/5PdfYv9/w/n/vv6fDmbr/3P3PzNuabL/AQAAoIPc/c+KW+x/AAAAWEbu/mfHLfY/AAAALCN3/3Pilib7X/+v/9f/6/99/1//vyf9/3L9/zX6/3P0//p/3//X/zM2W/+fu/+5cUuT/Q8AAAAd5O5/Xtxi/wMAAMAycvc/P26x/wEAAGAZuftfELc02f/6f/2//l//r//X/+9J/79c/+/7/7ei/9f/6//1/4zN1v/n7n9h3NJk/wMAAEAHuftfFLfY/wAAALCM3P0vjlvsfwAAAFhG7v6XxC1N9v+U/f91+v9j9P/Xn5yc6P/1//p//f+Y/l//P6L/v3D/f8fb+f30/3O9X/+v/2fbbP1/7v6Xxi1N9j8AAAB0kLv/ZXGL/Q8AAADLyN3/8rjF/gcAAIBl5O5/RdzSZP/fXv9/851O/7nv/1+cnv2/7//r///3Pfp//f+F6P/1/yP6f9//P/L79f/6f7bN1v/n7n9l3NJk/wMAAEAHuftfFbfY/wAAALCM3P2vjlvsfwAAAFhG7v7XxC1N9v+U3//X/+v/9f/139H/6//1/2P6f/3/if7/sp11P3/09+v/9f9sm63/z93/2rilyf4HAACADnL3vy5usf8BAABgGbn7Xx+32P8AAACwjNz9b4hbmux//b/+/8z7/2v1/0n/Hz9X/b/+/xLo//X/J/r/y3bW/fzR36//1/+zbbb+P3f/G+OWJvsfAAAAOsjd/6a4xf4HAACAZeTuf3PcYv8DAADAMnL3vyVuabL/9f/6/zPv/33/v+j/4+e6Q///nz9D/f/Z0P/r/0f0//r/I79f/6//Z9ts/X/u/rfGLU32PwAAAHSQu/9tcYv9DwAAAMvI3f/2uMX+BwAAgGXk7n9H3NJk/+v/9f/6f/1/h/5/9H79/770//r/Ef2//v/I79f/6//ZNlv/n7v/nXFLk/0PAAAAHeTuf1fcYv8DAADAMnL3vztusf8BAABgGbn73xO3NNn/+v+j9//3uCleoP/X/+v/9f9T0v/r/0f0//r/I79f/6//Z9ts/X/u/vfGLU32PwAAAHSQu/99cYv9DwAAAMvI3f/+uMX+BwAAgGXk7v9A3NJk//fo/6+7zS9bp//3/X/9v/5f/z83/b/+f0T/r/8/8vv1//p/ts3W/+fu/2Dc0mT/AwAAQAe5+z8Ut9j/AAAAsIzc/R+OW+x/AAAAWEbu/o/ELU32f4/+/7b0/6euev9/y130//r/ov/X/5/o//X/G/T/+v8jv1//r/9n22z9f+7+j8YtTfY/AAAAdJC7/2Nxi/0PAAAAy8jd//G4xf4HAACAZeTu/0TccNc7n92T/q/0//p/3//X/+v/9f970v/r/0f0//r/I79f/6//Z9ts/X/u/k/GLf7+HwAAAJaRu/9TcYv9DwAAAMvI3f/puMX+BwAAgGXk7v9M3NJk/+v/9f/6/2P3/9fq//X/k9P/6/9H9P/6/yO/X/+v/2fbbP1/7v7Pxi1N9j8AAAB0kLv/c3GL/Q8AAADLyN3/+bjF/gcAAIBl5O7/QtzSZP/r//X/+v9j9/++/6//n53+X/8/ov/X/x/5/fp//T/bZuv/c/d/MW5psv8BAACgg9z9X4pb7H8AAABYRu7+L8ct9j8AAAAsI3f/V+KWJvtf/6//1//r//X/+v896f/1/yP6f/3/kd+v/9f/s222/j93/1fjlib7HwAAADrI3f+1uMX+BwAAgGXk7v963GL/AwAAwDJy938jbmmy/1fu/0e/TP9/Sv+v/z/R/+v/d6b/1/+P6P/1/0d+v/5f/8+22fr/3P3fjFua7H8AAADoIHf/t+IW+x8AAACWkbv/23GL/Q8AAADLyN3/nbilyf5fuf8f0f+f0v/r/0/0//r/nen/9f8j+n/9/5Hfr//X/7Nttv4/d/9345Ym+x8AAAA6yN3/vbjF/gcAAIBl5O7/ftxi/wMAAMAycvf/IG5psv/1//p//b/+X/+v/9+T/l//P6L/1/8f+f36f/0/22br/3P3/zBuabL/AQAAoIPc/T+KW+x/AAAAWEbu/h/HLfY/AAAALCN3/0/ilib7X/+v/9f/6//1//r/Pen/9f8j+n/9/5Hfr//X/7Nttv4/d/9P45Ym+x8AAAA6yN3/s7jF/gcAAIBl5O7/edxi/wMAAMAycvf/Im5psv/1//p//b/+X/+v/9+T/l//P6L/1/8f+f36f/0/22br/3P3/zJuabL/AQAAoIPc/b+KW+x/AAAAWEbu/l/HLfY/AAAALCN3/2/ilib7X/+v/9f/6/8b9v/X3/r30//vS/+v/x/R/+v/j/x+/b/+n21Xrf/PX3CF/X/u/pvilib7HwAAADrI3f/buMX+BwAAgGXk7v9d3GL/AwAAwDJy998ctzTZ//p//f+S/f8N+n/9v+//z0L/r/8f0f/r/4/8fv2//p9ts33/P3f/7+OWJvsfAAAAOsjd/4e4xf4HAACAZeTu/2PcYv8DAADAMnL3/yluabL/9f/6/yX7f9//1//r/6eh/9f/j+j/9f9Hfr/+X//Pttn6/9z9f45bmux/AAAA6CB3/1/iFvsfAAAAlpG7/69xi/0PAAAAy8jd/7e45cL7//xs9PD0//p//b/+X/+v/9+T/l//P6L/1/8f+f36f/0/22br/3P3/z1u8ff/AAAAsIzc/f+IW+x/AAAAWEbu/n/GLfY/AAAALCN3/7/ilib7X/+v/9f/6//1//r/Pen/9f8j+n/9/5Hfr//X/7Nttv4/d/+/AwAA//+foDTn")
r0 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a82)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuset.effective_cpus\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000005c0)={r1, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}})

2m17.011562944s ago: executing program 4 (id=136):
r0 = socket(0x10, 0x803, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000006000000005dcc0300", @ANYRES32=r1, @ANYBLOB="71e79fd800000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0)

2m16.23252693s ago: executing program 4 (id=139):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xd}}, 0x10)
sendmmsg$inet(r0, &(0x7f0000003cc0)=[{{&(0x7f0000000140)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB="14000000000000000000000007"], 0x18}}], 0x1, 0x44008004)
write$binfmt_misc(r0, &(0x7f0000000300), 0xfdef)

2m16.100544225s ago: executing program 32 (id=139):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xd}}, 0x10)
sendmmsg$inet(r0, &(0x7f0000003cc0)=[{{&(0x7f0000000140)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB="14000000000000000000000007"], 0x18}}], 0x1, 0x44008004)
write$binfmt_misc(r0, &(0x7f0000000300), 0xfdef)

1m32.915778778s ago: executing program 2 (id=488):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x801, 0x0)
ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000001c0)={{0x0, 0x0, 0xfffd, 0x8001}, 'syz1\x00'})
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3)
ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000900)={'syz1\x00', {0x8725, 0x0, 0x6}, 0x37b4, [0xfeff, 0x4, 0x0, 0x0, 0x0, 0x20000, 0x0, 0xfff, 0x0, 0x0, 0x0, 0xfffffffd, 0x4, 0xb7, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe5, 0x0, 0x10000000, 0x0, 0xfffffffe, 0x0, 0x4, 0x2, 0x28ad, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0xfffffffc, 0x0, 0x3, 0x0, 0x20, 0x3, 0x5, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x20004, 0x0, 0x0, 0x101, 0x2, 0xfffffffe], [0x10, 0x0, 0x7, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x1, 0xfffffffc, 0xfffffffd, 0x800, 0x0, 0xfffffffc, 0x2, 0x1, 0x0, 0x3, 0x0, 0x5, 0x40000000, 0xffffffff, 0xfffffffc, 0x7fffffff, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0xfffffffc, 0x0, 0x8c, 0x0, 0x0, 0x8004, 0x8, 0x40, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x80, 0x0, 0x4, 0x0, 0x7, 0x0, 0xfffffffc], [0x0, 0x4, 0x0, 0x0, 0xffffffff, 0x1, 0x0, 0x0, 0x0, 0xb78, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x4f, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x520, 0x2, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x4, 0xfffffffe, 0x2af, 0x0, 0x9, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x2ff, 0x4000005, 0x0, 0x4, 0x2, 0x0, 0x40000000, 0x0, 0xfffffffe], [0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x20e, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x2, 0x1, 0x7fff, 0x0, 0xd, 0x0, 0x0, 0x7, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfffffffd, 0x0, 0x1, 0x0, 0x40000003, 0x2, 0xfffffffe, 0x4, 0x3, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x3, 0x3, 0xfffffffd, 0x53591b27, 0x5, 0x0, 0x0, 0x0, 0x8, 0x7, 0x8000, 0x0, 0x7fff, 0x80000002, 0x1000000, 0x0, 0x3]}, 0x45c)

1m32.486986873s ago: executing program 2 (id=490):
openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x4a9c1, 0x6)
r0 = socket(0x11, 0x3, 0x8000)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000100)={0x0, 0x0, <r1=>0x0}, &(0x7f0000000140)=0xc)
mount$bpf(0x0, 0x0, 0x0, 0x5015062, &(0x7f0000000100)={[{@gid={'gid', 0x3d, r1}}]})
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='proc\x00', 0x0, &(0x7f0000000100))

1m32.325084369s ago: executing program 2 (id=494):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x103a42, 0x32)
r1 = inotify_init1(0x0)
inotify_add_watch(r1, &(0x7f0000000180)='./file1\x00', 0x44000106)
unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0)
pwrite64(r0, &(0x7f0000000100)="64ec29", 0x3, 0x7)

1m32.115735376s ago: executing program 2 (id=497):
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x21008, 0x0, 0x0, 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x400, 0x0)
chroot(&(0x7f0000000100)='./file0\x00')
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x2a05004, 0x0)
pivot_root(&(0x7f0000000140)='./file0/../file0\x00', &(0x7f0000000180)='./file0\x00')

1m32.074055477s ago: executing program 2 (id=499):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000d5e9bd40eb030200c0ba050000010902115c01000000000904000001b504b100090581"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0)
ioctl$EVIOCSKEYCODE(r1, 0x40084504, &(0x7f0000000040)=[0x200, 0x7])
ioctl$EVIOCSKEYCODE(r1, 0x40084504, &(0x7f00000000c0)=[0x2a, 0xf0])

1m31.681204981s ago: executing program 2 (id=503):
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='R', 0x1, 0x7ffffffe)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r0, &(0x7f0000000000), 0xd)

1m31.440550399s ago: executing program 33 (id=503):
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='R', 0x1, 0x7ffffffe)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r0, &(0x7f0000000000), 0xd)

1m27.572031332s ago: executing program 1 (id=533):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000040)=[<r1=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000001c0)={r1, <r2=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000240)=[0x0], 0x0, 0x1, r2, 0xcccccccc})

1m27.489891405s ago: executing program 1 (id=534):
syz_mount_image$hfs(&(0x7f0000000040), &(0x7f00000001c0)='./bus\x00', 0x1200c86, &(0x7f0000000100)=ANY=[@ANYBLOB='codepage=euc-jp,umask=00000000000000000000000,iocharset=cp932,gid=', @ANYRESHEX=0x0, @ANYRESDEC=0x0], 0x1, 0x297, &(0x7f00000007c0)="$eJzs3U9rE0EYx/HfbLZtakvd/pGCx2rBk9h6ES9KyYvwIKI2EYqhglZQT+pZxJvgvTfP4hvw4kl8A/XkyRfQ28rM7jbbuv9aTaeN3w80bLMzs8+TzGbnCSQRgP/WWmdn++pP+2ekllqSrkuBpLYUSjqnxfbTza2NrX6vWzVQy/Wwf0ZJT/NHm/XNXlFX28/1SEX2v1DT+fswHHEcxz98BwHv3NlfIJAm0rPT7W8fe2TD8dJ3AJ6ZXe3qmWZ8xwEA8MtIr5LLvbvOT6fr9yCQltPL/khd/3d9B+BZ7vrvqqzY2Of3rNs1qPdcCWf3B1mVWDFi6Z5xJTNr3wLT1FWVLpZg8sFGv3d5/VG/G+i1bqRyzRbcbTeZupmaaJcqgi1Qn3uZKZfDmM1htST++aMc8f1gc/ywMZmv5pu5YyJ9UHdv/RfGxo7kBovcMxXtdUjiv1I+ossySlqVZDnrDnI+C/fzxwZZtosrEmVJz2r/GwRRFue7ksfE3T13oFeS3Up5dq7XfGGv1ZpeCwd7DWZzec+jazYVzFtzyyzplz6pk1v/B/bRXlaTM9O2cS3TmVGZT+haRg0CCxqFj6bGKve+0X1d08yT5y8e3uv3e489b9h6vL5x6ySE6mEjVO4ee5oP5VjZhDkRKY/2hv56nJYmNNRQq148Jv/l6xQ8GjzpWrztOxj4YNddJqn/cvXKTbfP1kmRW6ePqWidHtcNnhtxpaQ2mHO3Zw5VwU2VV3BNa64Ll6SLFUf8sn/YKI1zRJiOvusu7/8DAAAAAAAAAAAAAAAAAACcNs0+DzCRtj7axwk8pwgAAAAAAAAAAAAAAAAAAAAAwKm31tnZDof6+7+5b/Wu//1f9y3d/P4vcDx+BwAA//+MhHi0")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_INPUT(r0, &(0x7f0000010140)={0x8, {"7f9654d636ab18b7938a2804505c72e9994ca22404fc203334cc21ed3d6a776fd12d13f9602b2980f983c31a5d1e431db778099ce3af3fb20e1ee1f4fdb77cbb36154982a93c19825d6fd273ab1eb5bcd47adad50de8a6791486e482e29ecc94284921f33b941cfc1000c9781d9a828c5ec7a2c77b4e624a5aa0e9e39782bad733eda81ba47e1c6116e4170e6587dd6210a57abe91f1f80c4e31139d8b73fe35ac1f99ea82dd6aa9c9aa67de88ae3e141020e1a876bbc449d2d843aa7e6d90b948b7e28770e6ac71010c63f17e90fd20806a9f8d9f418ee3af74aac64b04a27c4f5e3626ca2da546c79d24acadd11e8d272a22fc54078fd5e64475993668980a9f95aff964dee674356af492b8377a759d8ccf1accb9a18ef7ad16f438dde69cd020d71552b0810688c882a26a22b23f4b35471b08b379193db1cd7934a4049ff1b00d9795cda6e73951641d5e2365c24facd5afd09ed1d096d758b4fef66fe1aa22395d67b7e1db623d4a60a7dc93893d6c4a91df79535a855868c5dc0033d5c428cd25b85c5deb6e81068553bc84cead4d1eba8aa57e2b354a6899e44acbd3834491219b3e231cd55d82f161774a689efe197cc193ac0124c67738a0a1d5f16a6768c2c2ba7386c8c95ca08c55117f344f5a2bca0d09e79ea3fc49491f2c7adc513c2779c1bf62b1a8643d23e9e8b2ae41d4a59f1b82b82e092b36eb851b8456da871b4057aec325a9d4cccafde61f2abc85e3cabeabb856f6ffbfe23d69219ec8fae6beb54abe7870dbae823d49806a967a1c7f252999804f106745f20490bb3347b59321dc69765567abcbd89de04d89622170005df5871ed0fb72345a11da074060d7d4ee2e437f71a45723fb6b02de56067e54f54c52d10f7874a13cbfb3bd65ce54f9d6719ea210e0cf79e4e2157736ec07ac5915682ab81bced665c1e72fab8d8cfe509de0f21fe374b957b379fd5918061e21c2e96985cc1354b2de859b0f1a463ab04683b1253eda671c2353b5c208aca652f5419ffc4949a7fa909b95653f42d97390c400b4a1c308b11e73e9a06d3b164d3361e75584d70e6bc61d570a7e0c7da330f643194c1893fcd6489fac605eead61b53dff18caf526ecccc9bbd9146bc3c3bb67677695e6fddaab081786e9084014e60f5c03ae5a9087726b05e17402cd2fbb80d773b8a41470b1f901a8c2b2d57450181f4fc5bc53c7cb3dc032b84567492607cb08832eca9f79da9210d197863e5db5a74a9823dc0cc8bd9f3a9b6ff5a7d15d4747a9b26e088f4fad96d81cd1214226b1c4585d418d593220fcbb9ad949266cc48163e3498b46ebcdf7b2b5ecfe67539a61ed9e39b02d5b35ac0d0e7fa830034ca2da8a7ddf04bcf2cee939994369feb77023e0e3de04b21db7a640a92c17748245005cd75a7deba4ff0e4c104a9db2d9a98ec8edb3562050a3bac5f322290e3d8b6fb21770ac436d4cb12b97fc8f76d7bb9eeed85663eb0626f1ad1719ee4b07f7de2c1d1a31c27c6879f4fa3dbdfb2bfc0898beabafbeca9f13050e6b2f6c432e423cd5cb6b8fa56fe32c3e50104e44462c0a5c69de6a7ac5ae3d9f07ceed64dbffa42e4663838bfcde92f0fcb895f3b93c59b0e48c09890dfc36436db56b708f6e7cbbd2a6305f573cee099dbcd263cb96d9fb69cbc3cb06d8f5e3789698a17e71d22b4665ff5447fcc17a31bb136c8bb4b984573bcaf1cb650198c1266e6ddfd42d44f9de02cb9d915c5334c550fac3fcee56790aeb09d81e7690a32d8b0cc477b23f15257820de227be1ffaec2f63f3266b8f5dd78947dcee355fe59bfb100e5244425532bb1d115acd211b8c16b0ec0aae00fca5d4511a05c3ff027a1cac56210a10d81c01b90e156cc7b33de0fac825dc516d398166096013e068db935483c93ba95da39b5ae4087d84479a4c4809f28f93790dc279637bd6f3dc441d315cf6bd7b0e3d92070a45baf4445ce063fd12690eb002f5ca068a256bc54100c99a02a346beca39072163c4b297d117f1ed9fef42e3dbc11d36a0a0db52e84461c6fbb4aad62cd6c8dc9ae6a3390a5e8773ac599e67436220c8d541a9039762bffaa7f490e31dddbc362fb4ff686cda905f3b02a1db76d4d570d970434921ca8a4765af6d5c8b881e1f4ffa7e2d9ef5f5511b94f88474674ec790bb5186c73446a227bf1ffd19b605733abd1bd41e421aeaf2ed4617088c7ceef85451225056435993e89e4bccd2c2e4b39af99feef11fea645eeb5cf9f77b1e19a72d3efb613100969b84302789714bca65bcbc96762b4012a5700c62aed706433b9f142b7302442b6a9958b0e28e8b1cfa9eeb4ac0d71f497b23babf9f0221dcb658d9f4db5d45bee30d2ad7c97d6a562e014a7701c15325ec5d42ab732b37714a77a95c03fb15bbfba6fade32bf50f985a1df362ca7216cc152907dd931acb58a63920f581e82b590c0d6a0033009f8e50c3263d3f58596b63d507cadbc809a6690561f74d0772bf92d04e06c47a350724b106f5e83f7e71c4b2a983bf5ad7d8684e7b8b5dc1273d0fa5879b8e61bde33d602bc8ff0913b6d32dcac366d568dc7cf82bbfc405cbe418a2644c26592b32ca1a632fc95123efb784cfb6953a94ebeccd24fba389a0e56b043df07d9a2dd38a1196e5e55576b25f85cb96f6560802a4a58b7a6857e8454faa2c880bf32d464562b2bdc5f0df22b663f2c01fc944f1cfd1908f617f8295a5440bb79ae178ea46a95baeea48322105146ac3ed2de7d3796ddddcc848a8ecf4a00dd055733b4f59211f5a40deea44e74b3bc57953b26ed61e6fd67889edfe8d0902385e37666aacec072735630ecc441c3cc6b09bb2f63aa4e332c6df728dc74078a83ce20454dfd616d116270666ddc09c5fea2e8442bc43455d0257fac92f3780061178f9420bf8e463f29896c12383dbb9a81bc5c87376e647c8a7986cb514fb9696d9c0a8d303c5c4b5b7c5f601c01fa19323e02f675c371bc44fbc1ac5704d41a89a2a4ccec6ac8440c532f07da25aa2dce6a5d2ebe694eb4017d178b221213bfe2a01d9cfe689bd190776bca6c032f446eb8862587a7826e35f3f691763212eee6af2e49bbeb0a27e07c5714b74e373798c7bebce265f7ebef3a1ea64078cf1e8a9d433af32c53090c972ffedbadafb50b9a6e540abd84f8e938583ea725954be3b236c5d8aca7d486d21902a2902f25a7c02dbe83c39bd0b81513f9ef198c49d560e930ae224ff47f92e4851e1f7ab5bb406abcf6596569261e6b0c67bb3b854e9c6de60bfb60fcf29241ff237151310ecd19f8b2cfe764c1df1a2de9d840eca47aa169ba9a415901204ec31ccdfd76e908029ae34fb12dc286758c64fd6d42bc82b14e07e421f4b42b180cd6ef40cac8062928b4a420a4577f24295f54de9048ac9d34307bf93e463cea4967cf4880166f68ed1eb965db2e4fb9f5f0b1c695d621e427ccb9a3188073ee6fde729c6698346efa1c0ba643c1efd20858965511da750060d551c44c435a5f1603fae7357e0bc78e92aad3d88790ec2aa1a42d6fe7e0ffc57f3599e406db63be7dd32692df32ce33dee0a2becdb02d6e435e09de3d356497543db23f53da25643f9c585e275297800d8beed47f0e622f86fc25d2e87036fdceebfe7257cb6de0c02412d1c0758acfcd0862e99ad17a118f46f635a87477e8b825423d94ada35bf0b5444aa7d3de4bb7eec7ae5129fcc2cba651cc972f5500fc5161149d29f452962afb102a01ae76825cb4477460be0b85d75058595c27e9b7fae3492ec3925c671bee5f4ca534d5a294f783d6cc073c992139b61d21fd98297b04c0578dafd5f7ebcaf8d4d9185aea3d76e813421f4573b38c25093c015a65e44fb297f0f6ac2d02c4237b37a3bfca2406c5c95ae5812816bacad59ba7c6f72d7c644ff25b592ed1e89b276e05866c01a4ced7fc6dd9f190c20d420d7c8a1fe908833a24c5e5bd7a95a2a6fbf147fc4b29a179718166dd0fbae2fc6b8c8aac6194fa6baf0d3edc36b2316c56c441ba53e3e7aaaf0a1405566ff584f73a637b74dde9bcb4d41da2be6c9df5d533fbac54f5fb52a8a793757cfe19aa90048c6d07e3474136ae1be2455b0d0d02eb4b5961ba883209355c0dd2af4aad98e7b971e358a7d9b55fe17cd6095f257355d9b99e5ea52848f17b35a80792d9ed0fef6fe3eef9a324902409969823be20bbe0e8dba9c747cd1a14d3642d877b86271f3f0c322a142c4ff635b37d542c3265b5fe8589a732bb1a55010b930dd0196cd43ac3634c01b4a44c517197d03a3d89c67f5c09aab409e84c0af466bfbd0c96d240101a2542c66b4b4b8ef65b41b0079995c52cc9720d2c1d7c128c6f17a65cc798c1986cfbd8888460c54438edc4f91f3580391c8b57d9aee209a59a116c1c44775437e9c30e6d87e82ce84e28532b19441e32ab9aea22177bac9daad25a6c88395e9348d6780de630cddb266c411011175bdb6255a36535180818447d43ffba3758d311539fe9f6811fa470bf3767b4c2d4cdf37854c7ee28730bb1d39d5c0dfffcdbf353cca3e13079f3ae66b839c7dd36914022a0e75bca5b622f521420b73249ef47f03c1fb03ecf7557882afcaa7cf454a68ad237d4ce860bd6b1531c1cafe2cfb76bc4188271ef6bdfb304ee0e6932463a1909f03d6e8a27b5f137d6b342841d613863dfdf37d5ec3a98d667810fb6f82d67620bdefed8b3ff98420a6c7ee577c3ba68b95a20403608a7ba6526ec9e8662c6e15ab09b1a9019d4958af04cb2e4890ee6b1077fcaa5cc0817f388461b230fe631e75f18ab392a5ca5de4a024ca16dd05fcfdf92114e43a5c4a169d462ff0dba57deeaf5eaafd892f8ccbd72ac56471162e1416bca39859b4184ba0d1b3f7ec05db4ef4cf0142867fa9be328a0be8aa74c716aad9411008607980861f4f72e9bfa60195e2f939d3f6a44a6cec07dd376d1bccaa126686f313d5f7918ecd1215026982c82ed1922ef70e36e8ed59b2d5ceab3b4aad7e53049062dd5ba0e87f7005c3f4d2b788245cdc2f35ef2572bea5ea92dfad406ade6d5ad18be8eeb4c652e5277b244645c68c0c0f5a68d42e00d59b75941917b2cdf31fdf809f2078ca97fd5beba65b34e0621138ea0e94feb87166b2dac2232ebca575e5c0a4d565d9992f733bbfbe68a63d99ee93398604065d5517c33ed0e067bdb643e73102f16137afd7d4bf21e8065ea028c392a6dcefbe642dc3fb03a239d9c8b17023eacc8e19fea11c34a10644af1b786fc0f4504038c2ee59c1b353f3d7b9313df025b4b5874ca63ec164a3fe35bf390d266f53dcda6a8e190e63a56ffdf4f7c5c02aa22d376db06d4d2b96be5b331f897d1ecfd25c13a1c194c265dd95a5724a6435bc8138224d9db28b689b9cea5132cd19601dbc4a43e70c71e27e8fd0689d09484974e8a4605f8553735fffaf5654a087e323ca14e02b681b9bbe592bd6b719ae2e86bdf918b27c79d52dd334d1aa7ebc1bff76e97572faad092010a1022f7d33089049107a89c364ae7dd022d119e8f6ab795fd71d76a90e8202339401ff9e9918ea8c8e12f7b0ba10d9ebde5d1bc5988f2d07b34579d8c282628204f2978d8b0cf95dc41f3775a4053f833267c64b42336d7c850f2918ef0dd6d62e43fcc173254eb34748efd4754609ce25afd648ee5a8fc5c64346603f8258592d67b9613e8f7ac0def0958f13436581d729e0b3e062738eb06b2116abe837529690a614fc5d3f53b4d4602e5706000", 0x1000}}, 0x1006)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r0, 0x0)
mkdir(&(0x7f0000000380)='./file1\x00', 0xa)

1m27.292711231s ago: executing program 1 (id=535):
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_group_source_req(r0, 0x0, 0x2c, 0x0, 0x0)
setsockopt$inet_group_source_req(r0, 0x0, 0x2b, &(0x7f0000000000)={0x2, {{0x2, 0x4e23, @multicast2}}, {{0x2, 0x8002, @multicast2}}}, 0x108)

1m26.508502999s ago: executing program 1 (id=538):
syz_mount_image$ext4(&(0x7f0000000900)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x1000040, &(0x7f00000000c0)={[{@nouid32}, {@nodioread_nolock}, {@noquota}, {@delalloc}, {@journal_dev={'journal_dev', 0x3d, 0x9}}, {@commit}]}, 0x1, 0x5a4, &(0x7f0000000940)="$eJzs3T1sG3UbAPDnznHTj7xv+kovEqAOFSAVqaqT9AMKU7siKlXqgMQCkeNGVZy4ih1ookike4XogAB1KRsMjCAGhoqFkZWFjxmpohFITQcwcnxO09QpToljiH8/6ZL//+7s5/n7/Jx9pzs5gL51uPEnjXgqIs4nEcPrlg1EtvBwc72V5cXiveXFYhL1+oVfkkgi4u7yYrG1fpL9PxARSxHxZER8nY84mq495Z5Wozq/MDVeLpdms/5IbfrySHV+4dil6fHJ0mRp5sSLL506ffLU2PGx9eneq6/v5bc21ms/XH/32rev3Lz+6WeHlorvjydxJoayZevHsZ2ar0k+zmyYf7IbwXooud+81cs82JpcVueNUnoihiOXVX079fU7h8EdSQ/oovpgRH3NuibQBxJFD32q9T2gcfzbmnby+8fts80DkEbcleXF4jvRij/QPDcRe1ePTfb/mjxwZNI43jy4k4myKy1djYjRgYGH3/9J9v57fKPbkSBddetsc0M9vP3Ttf1PtNn/DLXOnf5Nrf3fSrb/W+kwfmP/d77DGL+//tNHm8a/OhhPt42frMVP2sRPI+LNDuPfeO3L05stq38ccSTax29JHn1+eOTipXJptPm3bYyvjhx6efPxR+zfJH7znO3e1UTWj39PllPa4fi/+ObzZ5YeEf/5Zx+9/du9/vsi4r0O4//v7ievbrbs9tXkTuNbwFa3fxL5uNlh/BfOHP4+azprCAAAAAAAAAAA2yhdvZYtSQtr7TQtFJr38P4/9qflSrV29GJlbmaiec3bwcinrSuthpv9pNEfy67HbfWPb+ifyGUBc/tW+4VipTzR47EDAAAAAAAAAAAAAAAAAADAP8WBDff//5Zbvf9/489VA7vV5j/5Dex26h/614P1n/QsD2Dn+fyHvlVX/9C/1D/0L/UP/Uv9Q/9qW//7dj4PYOf5/If+pf4BAAAAAAAAAAAAAAAAAAAAAAAAAKArzp8715jq95YXi43+xMD83FTlrWMTpepUYXquWChWZi8XJiuVyXKpUKxM/9XzJZXK5dGYmbsyUitVayPV+YU3pitzM63fFC3luz4iAAAAAAAAAAAAAAAAAAAA+PcZWp2StBCRb/bTtFCI+E9EHEwiuXipXBqNiP9GxHe5/GCjP9brpAEAAAAAAAAAAAAAAAAAAGCXqc4vTI2Xy6XZ7jUGslCdPerHWlfzGdjKyhGxtL1pNJ5xy4/KZy9gdzdTnzRyHb4P+77Rw50SAAAAAAAAAAAAAAAAAAD0qfs3/Xb6iD+6mxAAAAAAAAAAAAAAAAAAAAD0pfTnJCIa05Hh54Y2Lt2TrORW/0fE2zcufHBlvFabHWvMv7M2v/ZhNv94L/IHOtWq0zQiGnUMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3FedX5gaL5dLs4/ZGOxgnV6PEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBx/BkAAP//QkjPdw==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
chdir(&(0x7f0000000100)='./file0\x00')
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108)
getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000)

1m25.790456153s ago: executing program 1 (id=543):
signalfd4(0xffffffffffffffff, &(0x7f0000000080)={[0xfffffffffffffffa]}, 0x8, 0x80800)
socket(0x10, 0x3, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="280000001c00010429bd7000ffdbdf2507000000", @ANYRES32=r0, @ANYBLOB="e0ff8b0a0a0002"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x24040040)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="300000001d"], 0x30}, 0x1, 0x0, 0x0, 0x1}, 0xc31fe084736598c)

1m24.108790881s ago: executing program 1 (id=551):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000cd2000/0x1000)=nil, 0x1000, 0x8003, &(0x7f0000000240)=0x2, 0x3, 0x0)
mremap(&(0x7f00003c9000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f00001de000/0x2000)=nil)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x1, 0x0, 0xa, 0x2)
socket(0x2, 0x80805, 0x0)

1m23.670288026s ago: executing program 34 (id=551):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000cd2000/0x1000)=nil, 0x1000, 0x8003, &(0x7f0000000240)=0x2, 0x3, 0x0)
mremap(&(0x7f00003c9000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f00001de000/0x2000)=nil)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x1, 0x0, 0xa, 0x2)
socket(0x2, 0x80805, 0x0)

5.314326428s ago: executing program 6 (id=1089):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x5, 0x5, 0x2, 0x7, 0x0, 0x1, 0x10000}, 0x50)
close(r0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x3, 0x1}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4000}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x50}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @call={0x85, 0x0, 0x0, 0x5}]}, &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000003c0)={r1, r0}, 0xc)

5.251105299s ago: executing program 6 (id=1090):
r0 = open(&(0x7f0000000140)='./file0\x00', 0x149040, 0x0)
fcntl$setlease(r0, 0x400, 0x0)
exit(0x6)
r1 = getpid()
fcntl$setown(r0, 0x8, r1)

4.319450322s ago: executing program 6 (id=1102):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000240)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000180), &(0x7f0000000300)='%pI4   \x00'}, 0x52)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000280)={r1}, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x11, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000000000000000000400008500000061000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000480)={r2, 0x18000000000002a0, 0xe, 0x0, &(0x7f00000005c0)="b9ff03076003008cb89e08f086dd", 0x0, 0xfe2, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)

3.852424618s ago: executing program 6 (id=1109):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="070103000200000000002e00000008000300", @ANYRES32=r3, @ANYBLOB="05003400e20000ef070049000c"], 0x2c}}, 0x48080)

3.742180541s ago: executing program 6 (id=1111):
request_key(0x0, 0x0, 0x0, 0xffffffffffffffff)
syz_usb_connect$rtl8150(0x6, 0x3f, &(0x7f0000000040)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xbda, 0x8150, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0)
r0 = syz_usb_connect(0x2, 0x3f, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d000100000000090400000303"], 0x0)
syz_usb_control_io$sierra_net(r0, 0x0, &(0x7f0000000400)={0x1c, &(0x7f0000000380)={0x40, 0x11}, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000ac0)={0x34, &(0x7f0000000900)={0x40, 0xb}, 0x0, 0x0, 0x0, &(0x7f0000000a40)={0x40, 0xa0, 0x4, 0xf}, 0x0})

3.713269712s ago: executing program 7 (id=1112):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0x2, 0x0, 0xffffffffffffffff, 0x1}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r1}, 0xc)

3.456411281s ago: executing program 7 (id=1114):
socketpair$unix(0x1, 0x4, 0x0, 0x0)
r0 = syz_usb_connect(0x2, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000c2bd0b20f8061b3039bb0102030109021b0001000000000904"], 0x0)
open(0x0, 0x0, 0x244)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)

2.822837673s ago: executing program 5 (id=1127):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x2041, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x6, 0xfe, "0062ba7d82000000160000000000f738096304"})
r1 = syz_open_pts(r0, 0x80)
r2 = dup3(r1, r0, 0x80000)
ioctl$sock_SIOCINQ(r2, 0x541b, &(0x7f0000000000))

2.720069767s ago: executing program 5 (id=1129):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES8], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190890"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0)
ioctl$HIDIOCGUSAGE(r1, 0xd01c4813, &(0x7f0000000100)={0x2, 0x200, 0x0, 0x2, 0x9, 0x42})

1.562940806s ago: executing program 3 (id=1134):
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000002c0)={0xaa, 0x549})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000000000/0x400000)=nil, 0x400000}, 0x1})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)
close(r0)

1.296272786s ago: executing program 3 (id=1135):
writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000100)="06010000246837", 0x7}], 0x1)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'erspan0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="480000001000050400"/20, @ANYRES32=r2, @ANYBLOB="ebffffffffffffff280012800b00010065727370616e000018000280040012000500160001000000080015"], 0x48}}, 0x0)

1.294872686s ago: executing program 6 (id=1136):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000000000104c05d50300000000000109022400010000000009040000020300000009210000000122050009058103"], 0x0)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
sendmsg$can_bcm(r1, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000000)={0x0, 0x0, 0x5, {0x5, 0x0, "a6ea31"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

1.17200952s ago: executing program 3 (id=1137):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000020000000900010073797a300000000040000000030a09020000000000000000020000000900010073797a30000000000900030073797a3200000000140004800800014000000000080002400000000014000000110001"], 0x88}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0x24, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0xc}, @NFTA_META_SREG={0x8, 0x3, 0x1, 0x0, 0x15}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x94}}, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000200)={@local, @random="d8be17d19221", @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x23, 0x28, 0x64, 0x0, 0x7, 0x6, 0x0, @remote, @remote}, {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0x2, 0x0, 0xe7}}}}}}, 0x0)

1.1632556s ago: executing program 7 (id=1138):
r0 = msgget$private(0x0, 0x1c0)
msgctl$IPC_SET(r0, 0x1, &(0x7f0000000240)={{0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x96, 0xfffd}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x5})
msgsnd(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB="020000"], 0x86, 0x0)
msgsnd(r0, &(0x7f0000000080)=ANY=[@ANYRES8], 0x0, 0x0)
msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)={{0x1, 0x0, 0x0, 0x0, 0xee01, 0x10}, 0x0, 0x0, 0x1, 0x0, 0x9, 0x1000ff, 0x2, 0x0, 0x0, 0x4})

1.089171462s ago: executing program 3 (id=1139):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$ETHTOOL_MSG_PAUSE_GET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x14, 0x0, 0xfe0cef4d0db3b49, 0x70bd27, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4004}, 0x10)
ioctl$HIDIOCGUSAGES(0xffffffffffffffff, 0xd01c4813, &(0x7f0000000240)={{0x3, 0xe8b5c71a5eb6f040, 0x5, 0xb7a4, 0x1, 0xffff}, 0x341, [0xc, 0x40, 0xcd7, 0x4, 0x6, 0x0, 0x80000000, 0x7, 0x9, 0x7a18fde9, 0x9, 0xf12, 0x4, 0x3, 0x378, 0x9, 0x4, 0x0, 0x1, 0xffff06bd, 0x0, 0xf, 0x1a, 0xf2, 0x10, 0x9, 0x8, 0x10001, 0x401, 0x80000000, 0x401, 0x3ca5, 0x1, 0x0, 0xff, 0x40000004, 0x4, 0x3, 0x0, 0xaa80, 0x40000000, 0x80000000, 0x7fff, 0x7, 0x5, 0xa, 0x0, 0x10000, 0x405, 0x8, 0xffff, 0x91ba, 0x7, 0x9, 0x9, 0xb6, 0x24, 0xcb, 0x5, 0x7f, 0x5, 0x311, 0x66d1, 0xfffffffc, 0x9, 0xb6eb, 0xc74, 0x77, 0x1, 0xc0000000, 0x5cb5, 0xfffffffd, 0x401, 0xedf4, 0x4, 0x1000, 0x6, 0xfffffffe, 0x8001, 0xc1, 0x1, 0x8, 0x1, 0x32, 0x98, 0x7f, 0xffff, 0x401, 0x2, 0x2, 0x4680, 0x9a7f, 0xe665, 0x3c6e, 0x3, 0x7, 0x80, 0x4b, 0x9, 0x2, 0xb, 0x6, 0x4fa4, 0x80000000, 0x1, 0xb, 0x0, 0xfffffffa, 0x3, 0x8001, 0xfd, 0x101, 0x4, 0x0, 0xa, 0x1b, 0x202, 0x7ff, 0x9, 0x80000000, 0xffff, 0x9, 0x3, 0x6, 0x2, 0xffffff87, 0xe, 0xd, 0xf, 0x8, 0x9, 0x7, 0x6, 0x400, 0x8, 0xff2, 0x6, 0x0, 0x6, 0x0, 0x8, 0x1, 0x3, 0x664, 0x4, 0x9, 0x9, 0x2, 0x8, 0xfffffffd, 0xeb6, 0x0, 0x9, 0x10000, 0x1, 0x9, 0x9, 0xc6, 0x1, 0x4, 0x7ff, 0xe6, 0x6, 0x10001, 0x9, 0x68, 0x7, 0x201, 0x5, 0x3, 0x9a3f, 0x400000, 0x0, 0x80000067, 0xffffff7e, 0x7, 0x10000000, 0x10001, 0x7, 0x3, 0x10, 0x10a, 0xa, 0x40, 0x18, 0x80, 0xb5f8, 0x8bc, 0x3, 0x8000103, 0x5, 0xfffffffc, 0x4, 0x18000, 0x10, 0x1000, 0x288c, 0x1ffe, 0x73ee, 0x1, 0x5, 0x9, 0x7fffffff, 0x73, 0x6, 0x8, 0x6, 0x400, 0x40, 0x0, 0x0, 0x0, 0x546c, 0x981, 0x5aa, 0x7fff, 0x7, 0x4, 0x7, 0xc4c, 0x45e3, 0x5, 0x7, 0x3, 0x5, 0x3, 0x0, 0x1, 0x2, 0xffffffff, 0x4, 0x200000ce, 0xf, 0x0, 0x1, 0xa, 0x3, 0x0, 0x9, 0x9, 0x37c, 0x10001, 0x8, 0x1, 0x5, 0x2, 0x6, 0x4, 0x6, 0x1, 0x8, 0x6, 0xfffffffa, 0x5, 0x0, 0x9, 0x5, 0x2, 0x7, 0x3, 0xffffff1b, 0x9, 0x2, 0xd, 0x34ea, 0x10000, 0x0, 0x80002001, 0x8, 0x8000, 0x10004, 0x10, 0x8, 0x9, 0x5, 0x1, 0x6, 0x10001, 0x0, 0x5, 0x10000, 0x4, 0xffff, 0x2, 0x89, 0x2, 0x3, 0x1, 0x73, 0x3, 0x9, 0x4, 0x1, 0x9, 0x1, 0x8, 0x0, 0x81, 0x80000004, 0x9, 0x9, 0x0, 0x4, 0x10000004, 0x0, 0x1, 0xce5fb90f, 0x5, 0x4, 0x10001, 0xf, 0x9, 0x100, 0x44, 0x59b, 0x7, 0x8, 0x9, 0x3, 0x2, 0x4, 0x6, 0x0, 0x8, 0x40, 0xd3, 0x7, 0xffffffff, 0x89aa, 0x8, 0x0, 0xf0ce, 0x2, 0x1, 0x0, 0x2, 0xc6, 0x1000, 0x800001, 0x937, 0xa, 0x6, 0x3, 0xffffffff, 0x5, 0x9, 0x5, 0xffffffff, 0xbe, 0x1, 0x7, 0x0, 0xffffffff, 0x0, 0x3d6, 0x0, 0xae, 0x6, 0x1, 0xfffffeff, 0x4, 0x5, 0x7fff, 0x103, 0x7, 0x6, 0x709, 0x2, 0x49, 0x10, 0xfffffff7, 0xfffff772, 0x8, 0x80000000, 0x3, 0x7, 0xa9c, 0x9, 0x8, 0x1, 0x2, 0x5, 0x1000, 0x69f, 0x1ff, 0x9, 0x10, 0x3, 0x10000, 0xffff0000, 0xf, 0x1, 0x3, 0xffffa9b4, 0x1, 0x4, 0x5, 0xd58, 0x4b5f, 0x6, 0x7fffffff, 0xffffffff, 0x1, 0x80000000, 0xb, 0x0, 0x88d, 0x1, 0x7, 0x8, 0x1, 0x89, 0x6, 0x818a, 0x10, 0x8, 0x10, 0xfffffffc, 0xfffff001, 0xa, 0xfffffff7, 0x8000005, 0x4, 0xffd, 0x9, 0x10, 0xfffffffd, 0x4, 0xc2, 0x400, 0x4, 0x0, 0x80000000, 0xd, 0x2, 0x1, 0x0, 0x20000005, 0xb6, 0x101, 0x401, 0x2, 0x7, 0xc, 0x6623258, 0xf2, 0x741, 0xfffffffc, 0x9, 0xffffa0a6, 0xc, 0x11, 0x2, 0x8, 0x9, 0x1, 0x7f, 0x98, 0x9, 0xb, 0x800, 0x4, 0x9, 0x5, 0x7, 0x7, 0x8, 0xfe, 0x7f, 0x9, 0x4, 0x6, 0x20080000, 0x2, 0x8000, 0x0, 0x0, 0x1000, 0xb, 0x0, 0x7, 0x8000000, 0x0, 0xfff, 0x8101, 0x4, 0x0, 0x9, 0xc, 0x5, 0xffe, 0x100, 0xffff, 0x1, 0x401, 0xf0, 0x0, 0xfffff53d, 0x9, 0x2, 0x6, 0x0, 0x4, 0x4b15, 0x10000, 0x1, 0x6, 0x1, 0xd, 0x8, 0x4, 0xfffffe01, 0x1, 0x6, 0x0, 0x2, 0x10001, 0x1, 0x7, 0xe4ce, 0x5, 0x9, 0xffffc487, 0x204, 0x10002, 0x1000, 0x7, 0x6, 0x6, 0x8, 0xfffffe00, 0x1, 0x1, 0x0, 0xe, 0x2, 0x2, 0x4, 0x0, 0xb66d, 0x3, 0x1000, 0x1eb4bce6, 0x10, 0x8, 0x1, 0x5, 0x1, 0x5, 0x9, 0x1000, 0x7, 0x62f2f805, 0x5, 0x3, 0xffffffff, 0x2, 0x7f, 0x6, 0xd, 0x40, 0x5, 0x2, 0xa, 0x5, 0x6, 0x80000000, 0x25, 0x8, 0x7, 0x7, 0x1, 0x5, 0x9, 0x6709, 0x10001, 0x0, 0x80, 0x8, 0x6, 0x0, 0xa95a, 0x0, 0x5, 0x2, 0x2, 0x4, 0xfff9, 0x80000001, 0x5, 0x1, 0x9, 0x0, 0xb7, 0x3, 0xff, 0x9, 0x0, 0x80, 0xfea5, 0x7fff, 0x7, 0x7, 0x7, 0x7485, 0x197, 0x8, 0x0, 0x5, 0xf, 0x3, 0xe, 0x8, 0x1000, 0x3, 0x7, 0x382d, 0x459, 0xcad, 0x9, 0x0, 0x2, 0x119, 0x6, 0x20000a4, 0xe0, 0xfffffffb, 0x5, 0xffffffff, 0x2, 0x4007, 0xa05a, 0x0, 0x0, 0x0, 0x35, 0x8, 0x1, 0x2, 0x30, 0xb, 0x101, 0x2, 0x9, 0x3, 0x7, 0x8, 0x8, 0x1, 0x2, 0x4, 0x15294b70, 0x3, 0x3, 0x2, 0x1, 0xf, 0x9, 0x1, 0x80000000, 0x9, 0x8001, 0x5, 0x800081, 0x1, 0x2, 0x3fd, 0x1df, 0x6, 0x6, 0xfffffffa, 0x81, 0x9, 0x2, 0x9, 0x1, 0x9, 0x7, 0x2c1, 0x9e95, 0x0, 0xfffffedd, 0x30c8, 0x2, 0x38a0, 0x7b, 0x0, 0x8, 0x4, 0x6, 0x9, 0x0, 0x8, 0x5, 0x8, 0x1ff, 0x7fff, 0x3, 0x9, 0x8, 0x2b, 0x200006, 0x4, 0x7, 0x2, 0x4, 0xbfb, 0x7, 0x405, 0x6, 0x4, 0x91, 0x9, 0x8, 0x3, 0x6ae574d2, 0x6, 0xfffffe00, 0x1000, 0x5, 0x92, 0xffffffff, 0x7fffffff, 0xd7, 0x8001, 0x905, 0x3, 0x6, 0xfffffb31, 0xb, 0x4, 0x7, 0x8, 0x1, 0x6, 0x1, 0xff, 0x103, 0x10000004, 0x3, 0x6, 0x80000001, 0x0, 0x100a, 0x7fffffff, 0x7fff, 0x2, 0xfffffff8, 0x2, 0x9af, 0x10001, 0x8, 0x4, 0x8, 0x6, 0x7742348d, 0x5, 0x5, 0x1f, 0x40, 0x0, 0x6, 0xffffffff, 0x7, 0x7, 0x8, 0x17f, 0x6, 0x2, 0x1, 0x6, 0x14827783, 0xb, 0xe, 0x5, 0x1, 0xfe7, 0xfffffffc, 0x8, 0x7ff, 0x3e9, 0x0, 0x3, 0x2000, 0xa, 0x3, 0x9, 0x80000001, 0x81, 0x8, 0x14, 0x8, 0x9, 0x80, 0xd, 0xf28c, 0x7, 0x6, 0x4, 0x7fffffff, 0xffff, 0x7fffffff, 0xc9, 0x2, 0xfffffffe, 0x924, 0x499, 0x100, 0x1, 0x5, 0xffff351b, 0x7, 0xfffffffb, 0x3, 0x9, 0x2, 0x7, 0x4, 0x4, 0x4, 0xff, 0xee, 0x2, 0x4, 0x8, 0x9f, 0x7, 0x3, 0x9, 0xc9, 0x1, 0x1, 0x1, 0xfffffff7, 0x0, 0x6, 0x5, 0x6, 0x400, 0x51, 0x7, 0xefb, 0x200000b8, 0x1, 0x5, 0xfffffff7, 0x7, 0x7, 0x4, 0x6330, 0xff, 0x6, 0xea, 0xbb2d, 0xfff, 0x7, 0x6, 0x0, 0x6, 0xffff, 0xfffffffa, 0x3, 0x0, 0x1, 0x6, 0xfffffc00, 0x5, 0x7, 0x64c822e3, 0x9, 0x6, 0x80, 0x6, 0xfff, 0x0, 0xa7b, 0x62cc, 0xfffffff7, 0x7, 0x40, 0xa, 0x9b, 0x3, 0xe, 0xf01, 0x1, 0x3, 0x40, 0x3, 0x4, 0x5, 0x5, 0x7ff, 0x5, 0x8, 0x5, 0x3, 0x8, 0x2, 0x80000001, 0x54, 0x400, 0x1, 0x8, 0xa, 0x9, 0x10000c0, 0x3, 0x72, 0x80, 0x1000, 0x7, 0x800, 0x6, 0xd19, 0x3, 0x93c, 0x6, 0x20000000, 0x0, 0xe, 0x5, 0x3, 0xfffffffa, 0xa01, 0xf3, 0xffffff00, 0x8, 0xe, 0x3, 0x3ff, 0x5, 0x2, 0x6, 0xa3, 0xffff, 0xfffffff9, 0x9, 0x5, 0x62, 0x2, 0x1, 0xfffffffa, 0x2, 0x2, 0x9, 0x7, 0x0, 0x7, 0x8, 0x10000, 0x42, 0xaa1, 0x7, 0x2b, 0x6, 0x10, 0x5, 0x200, 0x9, 0x6, 0x3, 0x8, 0x10, 0x4, 0x6, 0x633, 0xf05, 0x0, 0x101, 0x200, 0x8, 0x7ff, 0x0, 0x40, 0x1, 0x10000, 0x9, 0x40, 0x9, 0x0, 0x7f, 0x8, 0x6, 0xe, 0x3, 0x80000001, 0x0, 0x8, 0x8, 0x7, 0xde, 0x6, 0x89, 0x0, 0x100, 0x1, 0x9, 0x6, 0x400, 0x1, 0x0, 0x200, 0xe9ab, 0x3, 0x8000, 0x13, 0x2, 0x2, 0x43, 0x3ff, 0x0, 0x7, 0xc, 0x401, 0x6, 0x7, 0xa, 0xf, 0xf39d, 0x71, 0xfff, 0x7, 0x8]})
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x8c2b01)
write$char_usb(r0, &(0x7f0000000040)="e2", 0x12d8)

991.020386ms ago: executing program 3 (id=1140):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc000000190001002dbd70000000000064010100000000000000000000000000fc01000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000800000000000003000000000000000000000000000000fdfffffffbffffff0000000000000000ffffffffffffffff053b000000000000000000000000000002000000000000005600000000000000feffffffff7f400002000000000000080000000000000000010005000000000044000500ac141426000000000000000000000000000004d53c"], 0xfc}}, 0x0)
r1 = socket(0x2b, 0x1, 0x1)
setsockopt$inet6_IPV6_RTHDR(r1, 0x29, 0x39, &(0x7f0000000080)={0x0, 0x2, 0x2, 0x1, 0x0, [@mcast2]}, 0x18)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4000, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c)

829.843012ms ago: executing program 0 (id=1141):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
mkdirat$cgroup(r0, &(0x7f0000000040)='syz1\x00', 0x1ff)
r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.mems\x00', 0x2, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000140)=ANY=[], 0x6a)

629.970078ms ago: executing program 5 (id=1142):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x22080, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_GET_MSRS_cpu(r2, 0xc008ae88, &(0x7f0000000140)={0x1, 0x0, [{0x400000f1, 0x0, 0x1}]})

487.876743ms ago: executing program 5 (id=1143):
r0 = syz_open_dev$dvb_demux(&(0x7f0000001e00), 0x0, 0x2000)
r1 = syz_open_dev$dvb_demux(&(0x7f0000000080), 0x0, 0x22041)
ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r1, 0x40146f2c, &(0x7f0000000100)={0x2, 0x1, 0x3, 0x14, 0x4})
ioctl$DVB_DEMUX_DMX_SET_FILTER(r0, 0x403c6f2b, &(0x7f0000001e40)={0x6, {"2a71f0d3fe13be00", "3d0e00000000003efe567b0a5b857206", "47eb0b4a89ffff000000000000c94742"}, 0x4, 0x4})
ioctl$DVB_DEMUX_DMX_SET_FILTER(r0, 0x403c6f2b, &(0x7f0000000240)={0xfff9, {"1dc9ab1c8e10c27c629306d05c3f3f88", "7acaa9a730085ea7dccf505f15440f40", "4dfdb3c2dcbe017e927596ef084a3261"}, 0x0, 0x1})

422.032686ms ago: executing program 5 (id=1144):
r0 = syz_open_dev$radio(&(0x7f0000000000), 0x2, 0x2)
r1 = syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2)
r2 = epoll_create(0x7fffffff)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000280)={0x40000004})
ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000000c0)={0xf0f041})

352.669068ms ago: executing program 0 (id=1145):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000040c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000850}, 0x40)

319.081549ms ago: executing program 5 (id=1146):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000680)=ANY=[@ANYBLOB="12010000cf8bed20d90f21004029000000010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000580)={0x44, &(0x7f0000000380)=ANY=[@ANYBLOB="201101"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000200)={&(0x7f00000000c0)=[{0xa, 0x1000, 0x0, 0x0}, {0x4, 0x6e09, 0x24, &(0x7f0000000240)="043cb60a56e27a4c68b366d3e58181c2c34b74bee631798684f5a56d6532ffca5d36143f"}], 0x2})
syz_usb_control_io(r0, 0x0, &(0x7f0000000880)={0x84, &(0x7f00000003c0)={0x40, 0x17, 0x3, "048b42"}, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x40, 0x7, 0x2, 0x2}, &(0x7f0000000540)={0x40, 0x9, 0x1, 0xf9}, &(0x7f0000000600)={0x40, 0xb, 0x2, "f116"}, &(0x7f0000000640)={0x40, 0xf, 0x2, 0x2}, &(0x7f00000006c0)={0x40, 0x13, 0x6, @broadcast}, &(0x7f0000000700)={0x40, 0x17, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x7bb999f75685ce51}}, &(0x7f0000000740)={0x40, 0x19, 0x2, "c698"}, &(0x7f0000000780)={0x40, 0x1a, 0x2, 0x5}, 0x0, &(0x7f0000000800)={0x40, 0x1e, 0x1, 0x8d}, &(0x7f0000000840)={0x40, 0x21, 0x1, 0x8}})

256.637411ms ago: executing program 0 (id=1147):
r0 = socket(0xa, 0x3, 0x87)
sendto(r0, &(0x7f00000003c0)="e1118ce4769b", 0xfdef, 0x800, &(0x7f0000000600)=@l2tp6={0xa, 0x0, 0x7, @local, 0x5}, 0x80)
socket$alg(0x26, 0x5, 0x0)
unshare(0x24020400)
pselect6(0x40, &(0x7f0000000100), 0x0, &(0x7f0000000240)={0x1f, 0xfffffffffffffffe, 0xe, 0x0, 0x7, 0x4, 0x0, 0xfffffffffffffffc}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0)

243.989751ms ago: executing program 7 (id=1148):
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x40101)
r1 = dup(r0)
r2 = memfd_secret(0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x13, r2, 0x0)
ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r1, 0x810c5701, 0x0)

162.121144ms ago: executing program 0 (id=1149):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
r1 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xc, &(0x7f0000000040)=@assoc_value={<r2=>0x0}, &(0x7f0000000000)=0x8)
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f00000001c0)={r2, 0x10}, &(0x7f00000000c0)=0x8)

118.671906ms ago: executing program 7 (id=1150):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040)="4dc07f947163300c", 0x8)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$inet(r1, &(0x7f0000008140)=[{{0x0, 0x0, &(0x7f0000000cc0)=[{&(0x7f0000004a00)='P\'', 0x2}], 0x1}}], 0x1, 0x10)

100.160847ms ago: executing program 0 (id=1151):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001f80)=ANY=[@ANYBLOB="0a000000010000000400000004"], 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000006007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000208500000001000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000005000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x5, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000a80)={r1}, 0xc)

43.289769ms ago: executing program 0 (id=1152):
openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x4a9c1, 0x6)
r0 = socket(0x11, 0x3, 0x8000)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000100)={0x0, <r1=>0x0}, &(0x7f0000000140)=0xc)
mount$bpf(0x0, 0x0, 0x0, 0x5015062, &(0x7f0000000100)={[{@uid={'uid', 0x3d, r1}}]})
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='devpts\x00', 0x0, &(0x7f0000000100))

2.39257ms ago: executing program 3 (id=1153):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x6, 0x6}, 0x4)
setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000300)={0x3, &(0x7f0000000500)=[{0x28, 0x5, 0x0, 0xfffff034}, {0x50, 0x8, 0x0, 0x100}, {0x6, 0x9, 0x0, 0x10001}]}, 0x10)
r1 = socket$inet6(0xa, 0x5, 0x0)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x380000, @loopback}, 0x1c)

0s ago: executing program 7 (id=1154):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas', 0x5)
copy_file_range(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f0000000240)=0x5, 0x40, 0x0)
write$binfmt_script(r0, &(0x7f0000000200), 0xfffffd9d)

kernel console output (not intermixed with test programs):

T1216] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  127.322960][ T4829] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  127.333595][ T1216] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  127.387348][ T5963] device veth0_vlan entered promiscuous mode
[  127.412848][ T4827] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive
[  127.421026][ T4827] ath9k_htc: Failed to initialize the device
[  127.428803][ T1216] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  127.448538][ T1216] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  127.499747][ T5963] device veth1_vlan entered promiscuous mode
[  127.638392][ T1216] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  127.642173][ T6171] fscrypt (loop3): Error allocating 'cts(cbc(aes))' transform: -4
[  127.668027][ T1216] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  127.744833][ T5963] device veth0_macvtap entered promiscuous mode
[  127.830600][ T5963] device veth1_macvtap entered promiscuous mode
[  127.883128][ T4835] Bluetooth: hci3: command 0x0419 tx timeout
[  127.913239][ T5963] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  128.018985][ T6092] usb 6-1: USB disconnect, device number 2
[  128.036318][ T5963] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.047751][ T6092] usb 6-1: ath9k_htc: USB layer deinitialized
[  128.102610][ T5963] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  128.120629][ T5963] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.150578][ T5963] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  128.177104][ T5963] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.215340][ T5963] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  128.240708][ T5963] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.273970][ T5963] batman_adv: batadv0: Interface activated: batadv_slave_0
[  128.322713][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  128.331068][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  128.357708][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  128.366980][ T4828] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  128.398591][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  128.446472][ T5963] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  128.478359][ T5963] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.513332][ T5963] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  128.549757][ T5963] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.601614][ T5963] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  128.636349][ T5963] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.657658][ T5963] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  128.683342][ T5963] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.706273][ T5963] batman_adv: batadv0: Interface activated: batadv_slave_1
[  128.734493][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  128.754168][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  128.820280][ T5963] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  128.853151][ T5963] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  128.895486][ T5963] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  128.912648][ T5963] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  129.064790][ T6200] loop5: detected capacity change from 0 to 32768
[  129.086212][ T6232] loop0: detected capacity change from 0 to 128
[  129.279712][ T6200] XFS (loop5): Mounting V5 Filesystem
[  129.326347][ T1108] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  129.390276][ T4605] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  129.403453][   T21] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  129.467105][ T4605] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  129.500134][ T6200] XFS (loop5): Ending clean mount
[  129.518467][ T6200] XFS (loop5): Quotacheck needed: Please wait.
[  129.546295][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  129.564409][ T6196] chnl_net:caif_netlink_parms(): no params data found
[  129.679119][ T6247] netlink: 8 bytes leftover after parsing attributes in process `syz.0.564'.
[  129.688486][ T4233] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  129.702007][ T6200] XFS (loop5): Quotacheck: Done.
[  129.719590][ T4605] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  129.749527][ T4605] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  129.894614][ T4605] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  129.962793][ T4827] Bluetooth: hci1: command 0x0409 tx timeout
[  129.977234][ T6196] bridge0: port 1(bridge_slave_0) entered blocking state
[  130.046518][ T6196] bridge0: port 1(bridge_slave_0) entered disabled state
[  130.097745][ T6196] device bridge_slave_0 entered promiscuous mode
[  130.174802][ T6196] bridge0: port 2(bridge_slave_1) entered blocking state
[  130.202968][ T4657] XFS (loop5): Unmounting Filesystem
[  130.211292][ T6196] bridge0: port 2(bridge_slave_1) entered disabled state
[  130.240734][ T6196] device bridge_slave_1 entered promiscuous mode
[  130.251732][ T6266] loop3: detected capacity change from 0 to 4096
[  130.418450][ T6266] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  130.442510][ T6196] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  130.452855][   T21] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  130.519844][ T6273] loop6: detected capacity change from 0 to 64
[  130.617378][ T6196] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  130.803387][ T6196] team0: Port device team_slave_0 added
[  130.819065][  T845] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  130.884539][ T6196] team0: Port device team_slave_1 added
[  130.941412][  T845] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  130.956815][ T6196] batman_adv: batadv0: Adding interface: batadv_slave_0
[  130.973101][ T6196] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  131.031313][ T6196] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  131.086639][  T845] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  131.097681][ T6284] loop5: detected capacity change from 0 to 512
[  131.109537][ T6196] batman_adv: batadv0: Adding interface: batadv_slave_1
[  131.117317][ T6092] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  131.152050][ T6196] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  131.209797][ T6284] EXT4-fs error (device loop5): ext4_orphan_get:1400: inode #15: comm syz.5.570: iget: bad i_size value: 38620345925642
[  131.231155][ T6196] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  131.242099][ T6284] EXT4-fs error (device loop5): ext4_orphan_get:1405: comm syz.5.570: couldn't read orphan inode 15 (err -117)
[  131.262196][ T6284] EXT4-fs (loop5): mounted filesystem without journal. Opts: errors=continue,delalloc,data_err=ignore,journal_ioprio=0x0000000000000002,data_err=ignore,nojournal_checksum,,errors=continue. Quota mode: writeback.
[  131.285724][  T845] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  131.346464][ T6196] device hsr_slave_0 entered promiscuous mode
[  131.354185][ T6196] device hsr_slave_1 entered promiscuous mode
[  131.361080][ T6196] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  131.369363][ T4827] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  131.379852][ T6196] Cannot create hsr debugfs directory
[  131.403230][ T6092] usb 1-1: Using ep0 maxpacket: 16
[  131.454154][ T6288] loop3: detected capacity change from 0 to 256
[  131.533186][ T6092] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  131.552710][ T6092] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  131.580237][ T6092] usb 1-1: New USB device found, idVendor=0c12, idProduct=0030, bcdDevice= 0.00
[  131.597389][ T6092] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  131.625690][ T6092] usb 1-1: config 0 descriptor??
[  131.793196][ T4827] usb 7-1: config 16 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 110
[  131.826318][ T4827] usb 7-1: config 16 has an invalid descriptor of length 109, skipping remainder of the config
[  131.881569][ T4827] usb 7-1: config 16 has no interfaces?
[  131.881607][ T4827] usb 7-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00
[  131.881634][ T4827] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  132.030794][ T6196] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  132.037335][ T6196] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  132.042896][ T4232] Bluetooth: hci1: command 0x041b tx timeout
[  132.052133][ T6196] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  132.090070][ T6196] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  132.115098][ T6092] zeroplus 0003:0C12:0030.0004: unknown main item tag 0x0
[  132.115133][ T6092] zeroplus 0003:0C12:0030.0004: unknown main item tag 0x0
[  132.115157][ T6092] zeroplus 0003:0C12:0030.0004: unknown main item tag 0x0
[  132.115181][ T6092] zeroplus 0003:0C12:0030.0004: unknown main item tag 0x0
[  132.115205][ T6092] zeroplus 0003:0C12:0030.0004: unknown main item tag 0x0
[  132.115227][ T6092] zeroplus 0003:0C12:0030.0004: unknown main item tag 0x0
[  132.115252][ T6092] zeroplus 0003:0C12:0030.0004: unknown main item tag 0x3
[  132.115303][ T6092] zeroplus 0003:0C12:0030.0004: unknown main item tag 0x2
[  132.115326][ T6092] zeroplus 0003:0C12:0030.0004: unbalanced collection at end of report description
[  132.115814][ T6092] zeroplus 0003:0C12:0030.0004: parse failed
[  132.115845][ T6092] zeroplus: probe of 0003:0C12:0030.0004 failed with error -22
[  132.171926][ T4829] usb 7-1: USB disconnect, device number 2
[  132.317112][ T4232] usb 1-1: USB disconnect, device number 7
[  132.370235][ T6291] loop5: detected capacity change from 0 to 32768
[  132.404465][ T6196] 8021q: adding VLAN 0 to HW filter on device bond0
[  132.422526][ T4734] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  132.474436][ T6291] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 scanned by syz.5.573 (6291)
[  132.528153][ T6291] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm
[  132.553122][ T6291] BTRFS info (device loop5): force clearing of disk cache
[  132.560419][ T6291] BTRFS info (device loop5): metadata ratio 0
[  132.567595][ T4734] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  132.603123][ T6196] 8021q: adding VLAN 0 to HW filter on device team0
[  132.613514][ T6291] BTRFS info (device loop5): enabling ssd optimizations
[  132.620508][ T6291] BTRFS info (device loop5): using spread ssd allocation scheme
[  132.644051][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  132.662951][ T6291] BTRFS info (device loop5): using free space tree
[  132.669690][ T6291] BTRFS info (device loop5): has skinny extents
[  132.683870][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  132.699059][  T144] bridge0: port 1(bridge_slave_0) entered blocking state
[  132.706387][  T144] bridge0: port 1(bridge_slave_0) entered forwarding state
[  132.788845][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  132.806764][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  132.844965][ T1423] ieee802154 phy0 wpan0: encryption failed: -22
[  132.851665][ T1423] ieee802154 phy1 wpan1: encryption failed: -22
[  132.864426][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  132.903067][  T144] bridge0: port 2(bridge_slave_1) entered blocking state
[  132.910195][  T144] bridge0: port 2(bridge_slave_1) entered forwarding state
[  132.981958][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  133.106524][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  133.162278][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  133.226609][ T6291] BTRFS info (device loop5): clearing free space tree
[  133.236674][ T6291] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  133.254987][ T6314] loop3: detected capacity change from 0 to 32768
[  133.279066][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  133.317615][ T6291] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  133.433300][ T6314] XFS (loop3): Mounting V5 Filesystem
[  133.469615][ T6291] BTRFS info (device loop5): creating free space tree
[  133.484298][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  133.516222][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  133.561934][ T6291] BTRFS info (device loop5): setting compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  133.587133][ T6314] XFS (loop3): Ending clean mount
[  133.615149][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  133.650426][ T6314] XFS (loop3): Quotacheck needed: Please wait.
[  133.685915][ T6291] BTRFS info (device loop5): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  133.710030][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  133.815527][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  133.849340][ T6314] XFS (loop3): Quotacheck: Done.
[  133.922433][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  133.971969][ T6338] loop6: detected capacity change from 0 to 131072
[  134.013461][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  134.064304][ T6338] F2FS-fs (loop6): invalid crc value
[  134.094643][ T6357] XFS (loop3): User initiated shutdown received.
[  134.115537][ T6196] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  134.121380][ T6338] F2FS-fs (loop6): Found nat_bits in checkpoint
[  134.124922][ T1326] Bluetooth: hci1: command 0x040f tx timeout
[  134.160854][   T26] audit: type=1800 audit(1774710559.507:6): pid=6314 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.575" name="file1" dev="loop3" ino=4422 res=0 errno=0
[  134.178921][ T6357] XFS (loop3): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x6d/0x150 (fs/xfs/xfs_fsops.c:491).  Shutting down filesystem.
[  134.195123][ T6338] F2FS-fs (loop6): Cannot turn on quotas: -2 on 2
[  134.236167][ T6338] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e4
[  134.400549][ T6357] XFS (loop3): Please unmount the filesystem and rectify the problem(s)
[  134.658513][ T4191] XFS (loop3): Unmounting Filesystem
[  134.862408][  T845] device batadv0 left promiscuous mode
[  134.928088][  T845] device team0 left promiscuous mode
[  134.942625][  T845] device team_slave_0 left promiscuous mode
[  134.949240][  T845] device team_slave_1 left promiscuous mode
[  135.072749][  T845] device hsr_slave_0 left promiscuous mode
[  135.083693][  T845] device hsr_slave_1 left promiscuous mode
[  135.102986][  T845] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  135.140416][  T845] batman_adv: batadv0: Removing interface: batadv_slave_0
[  135.161092][  T845] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  135.180128][  T845] batman_adv: batadv0: Removing interface: batadv_slave_1
[  135.224084][  T845] device bridge_slave_1 left promiscuous mode
[  135.231883][  T845] bridge0: port 2(bridge_slave_1) entered disabled state
[  135.364699][  T845] device bridge_slave_0 left promiscuous mode
[  135.393308][  T845] bridge0: port 1(bridge_slave_0) entered disabled state
[  135.457798][  T845] device veth1_macvtap left promiscuous mode
[  135.478518][  T845] device veth0_macvtap left promiscuous mode
[  135.488014][ T6392] loop3: detected capacity change from 0 to 512
[  135.507227][  T845] device veth1_vlan left promiscuous mode
[  135.525550][  T845] device veth0_vlan left promiscuous mode
[  135.563503][ T6392] EXT4-fs (loop3): Ignoring removed orlov option
[  135.570479][ T6392] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  135.676777][ T6392] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8002c119, mo2=0002]
[  135.727941][ T6392] EXT4-fs error (device loop3): ext4_iget_extra_inode:4566: inode #15: comm syz.3.584: corrupted in-inode xattr
[  135.759345][ T6392] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.584: couldn't read orphan inode 15 (err -117)
[  135.820435][ T6392] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsold,debug,noblock_validity,noload,nombcache,orlov,min_batch_time=0x0000000000000002,inode_readahead_blks=0x0000000000008000,,errors=continue. Quota mode: none.
[  136.110156][ T6392] EXT4-fs error (device loop3): ext4_check_dx_root:2266: inode #2: comm syz.3.584: Corrupt dir, invalid name_len for '..', running e2fsck is recommended
[  136.202789][ T6101] Bluetooth: hci1: command 0x0419 tx timeout
[  136.384478][ T6401] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
[  136.543636][ T6382] loop0: detected capacity change from 0 to 65536
[  136.556489][  T845] team0 (unregistering): Port device team_slave_1 removed
[  136.603501][ T6409] loop6: detected capacity change from 0 to 2048
[  136.619744][  T845] team0 (unregistering): Port device team_slave_0 removed
[  136.649005][  T845] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  136.671572][  T845] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  136.703009][ T6409] UDF-fs: error (device loop6): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  136.761959][ T6382] XFS (loop0): Mounting V5 Filesystem
[  136.776758][ T6409] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  136.892607][ T6382] XFS (loop0): Ending clean mount
[  136.929333][  T845] bond0 (unregistering): Released all slaves
[  137.025868][ T4188] XFS (loop0): Unmounting Filesystem
[  137.075645][ T4605] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  137.085714][ T4605] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  137.128389][ T6196] 8021q: adding VLAN 0 to HW filter on device batadv0
[  137.488293][ T6436] loop5: detected capacity change from 0 to 512
[  137.599960][ T6436] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  137.788490][ T6439] APIC base relocation is unsupported by KVM
[  137.974959][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  138.025956][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  138.130866][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  138.147799][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  138.188153][ T6196] device veth0_vlan entered promiscuous mode
[  138.207244][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  138.247590][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  138.289401][ T6196] device veth1_vlan entered promiscuous mode
[  138.450730][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  138.504201][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  138.531786][ T6196] device veth0_macvtap entered promiscuous mode
[  138.564549][ T6196] device veth1_macvtap entered promiscuous mode
[  138.692900][ T6196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  138.718699][ T6196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  138.794029][ T6196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  138.850083][ T6196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  138.891789][ T6196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  138.958806][ T6196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  139.019146][ T6196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  139.021829][ T6481] netlink: 'syz.6.609': attribute type 7 has an invalid length.
[  139.038319][ T6196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  139.062668][ T6481] netlink: 'syz.6.609': attribute type 1 has an invalid length.
[  139.070119][ T6196] batman_adv: batadv0: Interface activated: batadv_slave_0
[  139.127448][ T6196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  139.172246][ T6481] netlink: 209836 bytes leftover after parsing attributes in process `syz.6.609'.
[  139.176057][ T6196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  139.262637][ T6196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  139.306808][ T6196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  139.333668][ T6196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  139.356623][ T6196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  139.378190][ T6196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  139.401600][ T6196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  139.452719][ T6196] batman_adv: batadv0: Interface activated: batadv_slave_1
[  139.511348][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  139.530040][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  139.563465][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  139.582374][ T6494] loop5: detected capacity change from 0 to 4096
[  139.603689][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  139.630130][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  139.652464][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  139.673029][ T6489] netlink: 24 bytes leftover after parsing attributes in process `syz.0.612'.
[  139.754043][ T6492] netlink: 24 bytes leftover after parsing attributes in process `syz.0.612'.
[  139.774132][ T6499] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  139.794832][ T6196] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  139.838165][ T6196] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  139.865546][ T6196] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  139.942948][ T6196] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  139.956198][ T6502] NILFS (loop5): nilfs_palloc_freev (ino=3): entry number 32 already freed
[  140.010288][ T6502] NILFS (loop5): error -2 preparing GC: cannot delete virtual blocks from DAT file
[  140.226527][  T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  140.229632][ T6509] loop3: detected capacity change from 0 to 256
[  140.245625][  T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  140.285375][ T4734] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  140.391218][ T6509] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d)
[  140.416731][ T6375] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  140.439184][ T6375] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  140.484026][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  140.898393][ T6526] loop3: detected capacity change from 0 to 2048
[  141.032152][ T6526] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  141.152194][ T6526] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  141.421938][ T6550] fuse: Invalid group_id
[  141.866116][ T6565] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
[  141.882991][ T4233] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  142.309064][ T6582] loop6: detected capacity change from 0 to 1024
[  142.403025][ T4233] usb 6-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69
[  142.423940][ T4233] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  142.432160][ T4233] usb 6-1: Product: syz
[  142.482769][ T4233] usb 6-1: Manufacturer: syz
[  142.492730][ T4233] usb 6-1: SerialNumber: syz
[  142.509925][ T4233] usb 6-1: config 0 descriptor??
[  142.563598][ T4233] hub 6-1:0.0: bad descriptor, ignoring hub
[  142.574837][ T4233] hub: probe of 6-1:0.0 failed with error -5
[  142.782833][ T4233] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in warm state.
[  142.832293][ T6551] loop7: detected capacity change from 0 to 40427
[  142.856747][ T4233] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  142.892874][ T6551] F2FS-fs (loop7): build fault injection attr: rate: 771, type: 0x1ffff
[  142.924664][ T4233] dvbdev: DVB: registering new adapter (Pinnacle PCTV Hybrid Stick Solo)
[  142.950581][ T6551] F2FS-fs (loop7): invalid crc value
[  142.972738][ T4233] usb 6-1: media controller created
[  142.999295][ T6602] loop0: detected capacity change from 0 to 128
[  143.015952][ T4233] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  143.029077][ T6551] F2FS-fs (loop7): Found nat_bits in checkpoint
[  143.041942][ T6597] loop6: detected capacity change from 0 to 4096
[  143.108834][ T6602] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  143.126443][ T6602] ext4 filesystem being mounted at /148/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  143.238345][ T6551] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  143.251399][ T6597] EXT4-fs (loop6): Test dummy encryption mode enabled
[  143.276392][ T6597] EXT4-fs (loop6): mounted filesystem without journal. Opts: test_dummy_encryption,grpquota,,errors=continue. Quota mode: writeback.
[  143.316940][ T4233] DVB: Unable to find symbol dib7000p_attach()
[  143.337559][ T6612] dib0700: tx buffer length is larger than 4. Not supported.
[  143.347224][ T4233] dvb-usb: no frontend was attached by 'Pinnacle PCTV Hybrid Stick Solo'
[  143.582826][ T4233] rc_core: IR keymap rc-dib0700-rc5 not found
[  143.589190][ T4233] Registered IR keymap rc-empty
[  143.609623][ T6551] attempt to access beyond end of device
[  143.609623][ T6551] loop7: rw=2049, want=45104, limit=40427
[  143.626417][ T4233] dvb-usb: could not initialize remote control.
[  143.634302][ T4233] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully initialized and connected.
[  143.708615][ T6551] attempt to access beyond end of device
[  143.708615][ T6551] loop7: rw=2049, want=77952, limit=40427
[  143.725950][ T4233] usb 6-1: USB disconnect, device number 3
[  143.812433][ T6551] attempt to access beyond end of device
[  143.812433][ T6551] loop7: rw=2049, want=45104, limit=40427
[  143.865214][ T4233] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully deinitialized and disconnected.
[  143.901042][ T6618] device syzkaller1 entered promiscuous mode
[  143.948197][ T6196] attempt to access beyond end of device
[  143.948197][ T6196] loop7: rw=2049, want=45112, limit=40427
[  144.555359][ T6644] netlink: 'syz.7.651': attribute type 11 has an invalid length.
[  144.942376][ T6652] netlink: 8 bytes leftover after parsing attributes in process `syz.5.657'.
[  144.964545][ T6652] netlink: 'syz.5.657': attribute type 18 has an invalid length.
[  144.973556][ T6652] netlink: 4 bytes leftover after parsing attributes in process `syz.5.657'.
[  145.417470][ T6665] loop7: detected capacity change from 0 to 2048
[  145.481270][ T6636] loop0: detected capacity change from 0 to 32768
[  145.529306][ T6101] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  145.565920][ T6679] NILFS (loop7): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  145.571886][ T6630] loop6: detected capacity change from 0 to 40427
[  145.641150][ T6101] hid-generic 0000:0000:0000.0005: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  145.691714][ T6677] loop3: detected capacity change from 0 to 4096
[  145.747287][ T6636] XFS (loop0): Mounting V5 Filesystem
[  145.778794][ T6630] F2FS-fs (loop6): Found nat_bits in checkpoint
[  145.798112][ T6677] EXT4-fs (loop3): Ignoring removed mblk_io_submit option
[  145.853257][ T6677] EXT4-fs (loop3): Test dummy encryption mode enabled
[  145.860197][ T6677] EXT4-fs (loop3): Ignoring removed orlov option
[  145.913502][ T6636] XFS (loop0): Ending clean mount
[  145.977546][ T6630] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  146.035752][ T6677] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpid,mblk_io_submit,minixdf,test_dummy_encryption,lazytime,nodelalloc,nodioread_nolock,orlov,,errors=continue. Quota mode: writeback.
[  146.055987][   T26] audit: type=1800 audit(1774710571.397:7): pid=6630 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.653" name="bus" dev="loop6" ino=14 res=0 errno=0
[  146.089618][ T6630] attempt to access beyond end of device
[  146.089618][ T6630] loop6: rw=16812033, want=78672, limit=40427
[  146.407196][ T5963] attempt to access beyond end of device
[  146.407196][ T5963] loop6: rw=2049, want=45112, limit=40427
[  146.651042][ T6717] loop5: detected capacity change from 0 to 2048
[  146.675374][ T4188] XFS (loop0): Unmounting Filesystem
[  146.875001][ T6721] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  147.741577][ T6743] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  147.990991][ T6753] loop5: detected capacity change from 0 to 512
[  148.053928][ T6753] EXT4-fs (loop5): Ignoring removed oldalloc option
[  148.063234][ T4827] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  148.092912][ T6753] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  148.118944][ T6753] EXT4-fs (loop5): 1 truncate cleaned up
[  148.182289][ T6753] EXT4-fs (loop5): mounted filesystem without journal. Opts: bsddf,oldalloc,resuid=0x0000000000000000,debug_want_extra_isize=0x0000000000000080,block_validity,jqfmt=vfsv1,,errors=continue. Quota mode: none.
[  148.242638][ T1111] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  148.413122][   T26] audit: type=1800 audit(1774710573.777:8): pid=6753 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.678" name="file1" dev="loop5" ino=15 res=0 errno=0
[  148.435756][ T6740] loop6: detected capacity change from 0 to 40427
[  148.483093][ T4827] usb 1-1: config index 0 descriptor too short (expected 23569, got 27)
[  148.501793][ T4827] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  148.522703][ T1111] usb 8-1: Using ep0 maxpacket: 16
[  148.542893][ T6740] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12
[  148.573677][ T6740] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  148.605886][ T6740] F2FS-fs (loop6): invalid crc value
[  148.647520][ T6740] F2FS-fs (loop6): Found nat_bits in checkpoint
[  148.655137][ T4827] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  148.667250][ T4827] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  148.688282][ T4827] usb 1-1: Manufacturer: syz
[  148.693698][ T1111] usb 8-1: unable to get BOS descriptor or descriptor too short
[  148.733639][ T4827] usb 1-1: config 0 descriptor??
[  148.890255][ T6777] loop5: detected capacity change from 0 to 1024
[  148.949998][ T6777] EXT4-fs (loop5): inline encryption not supported
[  148.951935][ T6740] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[  148.965188][ T6777] EXT4-fs (loop5): Ignoring removed bh option
[  148.981447][ T6777] EXT4-fs (loop5): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  148.994191][ T6740] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  149.002205][ T1111] usb 8-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.40
[  149.017936][ T6747] udc-core: couldn't find an available UDC or it's busy
[  149.040979][ T1111] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  149.050372][ T4827] rc_core: IR keymap rc-hauppauge not found
[  149.057700][ T4827] Registered IR keymap rc-empty
[  149.082901][ T6747] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  149.095254][ T4827] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  149.111026][   T26] audit: type=1800 audit(1774710574.467:9): pid=6740 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.668" name="file1" dev="loop6" ino=10 res=0 errno=0
[  149.111471][ T1111] usb 8-1: Product: syz
[  149.166334][ T4827] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input13
[  149.170077][ T6777] EXT4-fs (loop5): mounted filesystem without journal. Opts: dioread_nolock,data_err=abort,inlinecrypt,noauto_da_alloc,data_err=ignore,discard,data_err=ignore,grpquota,noblock_validity,lazytime,bh,errors=remount-ro,. Quota mode: writeback.
[  149.193874][ T1111] usb 8-1: Manufacturer: syz
[  149.207775][ T1111] usb 8-1: SerialNumber: syz
[  149.238290][ T4827] usb 1-1: USB disconnect, device number 8
[  149.760279][ T1111] usbhid 8-1:1.0: can't add hid device: -71
[  149.772662][ T1111] usbhid: probe of 8-1:1.0 failed with error -71
[  149.833776][ T1111] usb 8-1: USB disconnect, device number 2
[  150.298901][ T6813] loop6: detected capacity change from 0 to 1024
[  150.462011][ T6822] loop3: detected capacity change from 0 to 128
[  150.507406][ T6824] loop5: detected capacity change from 0 to 256
[  150.607592][ T6824] FAT-fs (loop5): Directory bread(block 64) failed
[  150.609759][ T4605] hfsplus: b-tree write err: -5, ino 25
[  150.670235][ T6824] FAT-fs (loop5): Directory bread(block 65) failed
[  150.677793][ T6822] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  150.686285][ T4605] hfsplus: b-tree write err: -5, ino 4
[  150.694694][ T6824] FAT-fs (loop5): Directory bread(block 66) failed
[  150.702079][ T6822] ext4 filesystem being mounted at /160/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  150.731922][ T6824] FAT-fs (loop5): Directory bread(block 67) failed
[  150.822738][ T6824] FAT-fs (loop5): Directory bread(block 68) failed
[  150.829643][ T6824] FAT-fs (loop5): Directory bread(block 69) failed
[  150.840876][ T4605] hfsplus: b-tree write err: -5, ino 2
[  150.849378][ T4605] hfsplus: b-tree write err: -5, ino 20
[  150.882810][ T6824] FAT-fs (loop5): Directory bread(block 70) failed
[  150.907387][ T6824] FAT-fs (loop5): Directory bread(block 71) failed
[  150.990984][ T6824] FAT-fs (loop5): Directory bread(block 72) failed
[  151.014579][ T6824] FAT-fs (loop5): Directory bread(block 73) failed
[  151.322734][ T6093] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  151.584102][ T6093] usb 7-1: Using ep0 maxpacket: 16
[  151.702879][ T6093] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  151.733912][ T6093] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  151.766526][ T6093] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  151.800251][ T6093] usb 7-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  151.830822][ T6093] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  151.906526][ T6093] usb 7-1: config 0 descriptor??
[  152.222118][ T6869] loop5: detected capacity change from 0 to 4096
[  152.315406][ T6869] EXT4-fs (loop5): Test dummy encryption mode enabled
[  152.384706][ T6093] microsoft 0003:045E:07DA.0006: ignoring exceeding usage max
[  152.404480][ T6869] EXT4-fs (loop5): mounted filesystem without journal. Opts: test_dummy_encryption,grpquota,,errors=continue. Quota mode: writeback.
[  152.429249][ T6093] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0
[  152.516642][ T6093] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0
[  152.546767][ T6093] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0
[  152.573225][ T6850] loop3: detected capacity change from 0 to 40427
[  152.577031][ T6093] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0
[  152.611911][ T6850] F2FS-fs (loop3): invalid crc value
[  152.618317][ T6093] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0
[  152.652703][ T6093] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0
[  152.660597][ T6850] F2FS-fs (loop3): Found nat_bits in checkpoint
[  152.679956][ T6093] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0
[  152.705879][ T6826] loop7: detected capacity change from 0 to 65536
[  152.714146][ T6093] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0
[  152.721510][ T6093] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0
[  152.761612][ T6093] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0
[  152.781764][ T6093] input: HID 045e:07da as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:045E:07DA.0006/input/input14
[  152.815317][ T6826] XFS (loop7): Mounting V5 Filesystem
[  152.923605][ T6850] F2FS-fs (loop3): Start checkpoint disabled!
[  152.978937][ T6093] microsoft 0003:045E:07DA.0006: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.6-1/input0
[  152.987276][ T6850] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  153.000405][ T6093] usb 7-1: USB disconnect, device number 3
[  153.098481][ T6826] XFS (loop7): Ending clean mount
[  153.117739][ T6826] XFS (loop7): Quotacheck needed: Please wait.
[  153.139331][ T6891] tap0: tun_chr_ioctl cmd 1074025675
[  153.224546][ T6891] tap0: persist enabled
[  153.252908][ T6896] tap0: tun_chr_ioctl cmd 1074812117
[  153.263974][ T6826] XFS (loop7): Quotacheck: Done.
[  153.431722][ T6895] fido_id[6895]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory
[  153.519664][ T6905] F2FS-fs (loop3): Start checkpoint disabled!
[  153.571388][ T6912] netlink: 'syz.6.714': attribute type 2 has an invalid length.
[  153.772213][ T6093] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  153.813286][ T6093] hid-generic 0000:0000:0000.0007: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  153.848244][ T6920] loop6: detected capacity change from 0 to 256
[  153.893511][ T6196] XFS (loop7): Unmounting Filesystem
[  153.990721][ T6918] loop5: detected capacity change from 0 to 4096
[  154.027024][ T6920] FAT-fs (loop6): Directory bread(block 64) failed
[  154.046514][ T6920] FAT-fs (loop6): Directory bread(block 65) failed
[  154.089275][ T6920] FAT-fs (loop6): Directory bread(block 66) failed
[  154.151267][ T6920] FAT-fs (loop6): Directory bread(block 67) failed
[  154.153037][ T6918] EXT4-fs (loop5): Ignoring removed mblk_io_submit option
[  154.187073][ T6920] FAT-fs (loop6): Directory bread(block 68) failed
[  154.201105][ T6918] EXT4-fs (loop5): Test dummy encryption mode enabled
[  154.225957][ T6920] FAT-fs (loop6): Directory bread(block 69) failed
[  154.245290][ T6918] EXT4-fs (loop5): Ignoring removed orlov option
[  154.259344][ T6920] FAT-fs (loop6): Directory bread(block 70) failed
[  154.270145][ T6918] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpid,mblk_io_submit,minixdf,test_dummy_encryption,lazytime,nodelalloc,nodioread_nolock,orlov,,errors=continue. Quota mode: writeback.
[  154.291221][ T6920] FAT-fs (loop6): Directory bread(block 71) failed
[  154.368965][ T6920] FAT-fs (loop6): Directory bread(block 72) failed
[  154.393003][ T6920] FAT-fs (loop6): Directory bread(block 73) failed
[  154.872283][ T6936] loop5: detected capacity change from 0 to 1024
[  154.983856][ T6936] EXT4-fs (loop5): inline encryption not supported
[  155.020288][ T6907] loop0: detected capacity change from 0 to 40427
[  155.070720][ T6936] EXT4-fs error (device loop5): ext4_map_blocks:629: inode #3: block 2: comm syz.5.720: lblock 2 mapped to illegal pblock 2 (length 1)
[  155.129277][ T6907] F2FS-fs (loop0): Invalid segment/section count (24 != 3 * 1)
[  155.211143][ T6907] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  155.256983][ T6936] EXT4-fs (loop5): Remounting filesystem read-only
[  155.268171][ T6936] Quota error (device loop5): qtree_write_dquot: dquota write failed
[  155.286765][ T6948] loop6: detected capacity change from 0 to 256
[  155.294763][ T6907] F2FS-fs (loop0): invalid crc value
[  155.308138][ T6928] loop3: detected capacity change from 0 to 32768
[  155.315195][ T6936] EXT4-fs error (device loop5): ext4_map_blocks:629: inode #3: block 48: comm syz.5.720: lblock 0 mapped to illegal pblock 48 (length 1)
[  155.355098][ T6951] loop7: detected capacity change from 0 to 512
[  155.372627][ T6936] EXT4-fs (loop5): Remounting filesystem read-only
[  155.386060][ T6936] Quota error (device loop5): v2_write_file_info: Can't write info structure
[  155.391939][ T6948] exFAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  155.414912][ T6907] F2FS-fs (loop0): Found nat_bits in checkpoint
[  155.462178][ T6936] EXT4-fs error (device loop5): ext4_acquire_dquot:6234: comm syz.5.720: Failed to acquire dquot type 0
[  155.475872][ T6948] exFAT-fs (loop6): Medium has reported failures. Some data may be lost.
[  155.479659][ T6928] read_mapping_page failed!
[  155.516715][ T6951] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  155.532132][ T6948] exFAT-fs (loop6): failed to load upcase table (idx : 0x0000ff98, chksum : 0xc64c91aa, utbl_chksum : 0xe619d30d)
[  155.569028][ T6928] ialloc: diAlloc returned -5!
[  155.585212][ T6951] ext4 filesystem being mounted at /18/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  155.622198][ T6907] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  155.646480][ T6936] EXT4-fs (loop5): Remounting filesystem read-only
[  155.673543][ T6907] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  155.700401][ T6951] EXT4-fs (loop7): shut down requested (2)
[  155.706872][ T6936] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5854: Corrupt filesystem
[  155.804782][ T6936] EXT4-fs (loop5): Remounting filesystem read-only
[  155.811794][ T6936] EXT4-fs error (device loop5): ext4_evict_inode:282: inode #11: comm syz.5.720: mark_inode_dirty error
[  155.843565][ T6907] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  155.887438][ T6907] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  156.009627][ T6936] EXT4-fs (loop5): Remounting filesystem read-only
[  156.026010][ T6965] loop3: detected capacity change from 0 to 2048
[  156.045130][ T6936] EXT4-fs warning (device loop5): ext4_evict_inode:285: couldn't mark inode dirty (err -117)
[  156.112721][ T6936] EXT4-fs (loop5): 1 orphan inode deleted
[  156.118630][ T6936] EXT4-fs (loop5): mounted filesystem without journal. Opts: abort,noblock_validity,grpquota,errors=remount-ro,nolazytime,inlinecrypt,. Quota mode: writeback.
[  156.156493][ T6965] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  156.197258][    T9] EXT4-fs error (device loop5): ext4_map_blocks:629: inode #3: block 1: comm kworker/u4:0: lblock 1 mapped to illegal pblock 1 (length 1)
[  156.233388][ T6965] ext4 filesystem being mounted at /166/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  156.303281][    T9] EXT4-fs (loop5): Remounting filesystem read-only
[  156.310224][    T9] Quota error (device loop5): remove_tree: Can't read quota data block 1
[  156.350606][ T6936] EXT4-fs error (device loop5): ext4_map_blocks:629: inode #2: block 16: comm syz.5.720: lblock 0 mapped to illegal pblock 16 (length 1)
[  156.362816][    T9] EXT4-fs error (device loop5): ext4_release_dquot:6270: comm kworker/u4:0: Failed to release dquot type 0
[  156.388265][ T6936] EXT4-fs (loop5): Remounting filesystem read-only
[  156.470064][ T6971] F2FS-fs (loop0): Inconsistent i_blocks, ino:8, iblocks:0, sectors:8
[  156.530622][    T9] EXT4-fs (loop5): Remounting filesystem read-only
[  156.554970][ T4657] EXT4-fs error (device loop5): __ext4_get_inode_loc:4327: comm syz-executor: Invalid inode table block 1 in block_group 0
[  156.622629][ T4657] EXT4-fs (loop5): Remounting filesystem read-only
[  156.629183][ T4657] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5854: Corrupt filesystem
[  156.702191][ T4657] EXT4-fs (loop5): Remounting filesystem read-only
[  156.738586][ T4657] EXT4-fs error (device loop5): ext4_quota_off:6540: inode #3: comm syz-executor: mark_inode_dirty error
[  156.802646][ T4657] EXT4-fs (loop5): Remounting filesystem read-only
[  157.075943][ T6962] loop6: detected capacity change from 0 to 40427
[  157.169993][ T6962] F2FS-fs (loop6): invalid crc value
[  157.249340][ T6101] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  157.261068][ T6962] F2FS-fs (loop6): Found nat_bits in checkpoint
[  157.502697][ T6101] usb 6-1: Using ep0 maxpacket: 16
[  157.532947][ T6962] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  157.623054][ T6101] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  157.644966][ T6101] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  157.689917][ T6101] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  157.740394][ T5963] attempt to access beyond end of device
[  157.740394][ T5963] loop6: rw=2049, want=45104, limit=40427
[  157.766210][ T6101] usb 6-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  157.803319][ T6101] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  157.818752][ T7015] loop3: detected capacity change from 0 to 512
[  157.849882][ T6101] usb 6-1: config 0 descriptor??
[  157.947529][ T7015] EXT4-fs error (device loop3): __ext4_iget:4912: inode #11: block 1: comm syz.3.735: invalid block
[  158.050092][ T7015] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.735: couldn't read orphan inode 11 (err -117)
[  158.123624][ T6985] F2FS-fs (loop7): Invalid log_blocksize (268), supports only 12
[  158.137103][ T7015] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  158.152914][ T6985] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[  158.180732][ T6985] F2FS-fs (loop7): invalid crc value
[  158.220013][ T7015] EXT4-fs error (device loop3): ext4_add_entry:2486: inode #2: comm syz.3.735: Directory hole found for htree leaf block 0
[  158.269320][ T6985] F2FS-fs (loop7): Found nat_bits in checkpoint
[  158.382516][ T6101] input: HID 05ac:8241 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:05AC:8241.0008/input/input15
[  158.469287][ T6985] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0
[  158.492764][ T6985] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  158.606897][ T6101] appleir 0003:05AC:8241.0008: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.5-1/input0
[  158.681916][ T6101] usb 6-1: USB disconnect, device number 4
[  158.797882][ T7034] fido_id[7034]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/6-1/report_descriptor': No such file or directory
[  158.875436][ T7031] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal
[  158.919588][ T7031] REISERFS (device loop3): using ordered data mode
[  158.927132][ T7031] reiserfs: using flush barriers
[  158.939790][ T7031] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  158.966085][ T7031] REISERFS (device loop3): checking transaction log (loop3)
[  158.977430][ T7021] XFS (loop0): Mounting V5 Filesystem
[  159.115421][ T7021] XFS (loop0): Ending clean mount
[  159.356286][ T7031] REISERFS (device loop3): Using tea hash to sort names
[  159.385739][ T4188] XFS (loop0): Unmounting Filesystem
[  159.421837][ T7031] REISERFS warning (device loop3): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 4) not found (pos 2)
[  159.440071][ T7059] netlink: 14 bytes leftover after parsing attributes in process `syz.6.746'.
[  159.480768][ T7031] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  159.500341][ T7058] Illegal XDP return value 4294967274, expect packet loss!
[  159.674733][ T7061] set_capacity_and_notify: 3 callbacks suppressed
[  159.674750][ T7061] loop5: detected capacity change from 0 to 16
[  159.796238][ T7061] erofs: (device loop5): mounted with root inode @ nid 36.
[  160.103126][ T1111] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  160.189671][ T7078] loop0: detected capacity change from 0 to 2048
[  160.304353][ T7085] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  160.472895][ T1111] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  160.507681][ T1111] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  160.542489][ T7090] loop0: detected capacity change from 0 to 1024
[  160.578615][ T7090] EXT4-fs (loop0): inline encryption not supported
[  160.626660][ T1111] usb 7-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  160.643380][ T7090] EXT4-fs error (device loop0): ext4_map_blocks:629: inode #3: block 2: comm syz.0.754: lblock 2 mapped to illegal pblock 2 (length 1)
[  160.662383][ T1111] usb 7-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[  160.676011][ T7090] EXT4-fs (loop0): Remounting filesystem read-only
[  160.685772][ T7090] Quota error (device loop0): qtree_write_dquot: dquota write failed
[  160.687455][ T1111] usb 7-1: Manufacturer: syz
[  160.694913][ T7090] EXT4-fs error (device loop0): ext4_map_blocks:629: inode #3: block 48: comm syz.0.754: lblock 0 mapped to illegal pblock 48 (length 1)
[  160.717725][ T1111] usb 7-1: config 0 descriptor??
[  160.722695][ T7090] EXT4-fs (loop0): Remounting filesystem read-only
[  160.722724][ T7090] Quota error (device loop0): v2_write_file_info: Can't write info structure
[  160.722884][ T7090] EXT4-fs error (device loop0): ext4_acquire_dquot:6234: comm syz.0.754: Failed to acquire dquot type 0
[  160.729274][ T7090] EXT4-fs (loop0): Remounting filesystem read-only
[  160.758528][ T7090] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5854: Corrupt filesystem
[  160.771069][ T7090] EXT4-fs (loop0): Remounting filesystem read-only
[  160.777973][ T7090] EXT4-fs error (device loop0): ext4_evict_inode:282: inode #11: comm syz.0.754: mark_inode_dirty error
[  160.802653][ T7090] EXT4-fs (loop0): Remounting filesystem read-only
[  160.809307][ T7090] EXT4-fs warning (device loop0): ext4_evict_inode:285: couldn't mark inode dirty (err -117)
[  160.827538][ T7090] EXT4-fs (loop0): 1 orphan inode deleted
[  160.833657][ T7090] EXT4-fs (loop0): mounted filesystem without journal. Opts: abort,noblock_validity,grpquota,errors=remount-ro,nolazytime,inlinecrypt,. Quota mode: writeback.
[  160.860102][  T144] EXT4-fs error (device loop0): ext4_map_blocks:629: inode #3: block 1: comm kworker/u4:1: lblock 1 mapped to illegal pblock 1 (length 1)
[  160.884863][ T7090] EXT4-fs error (device loop0): ext4_map_blocks:629: inode #2: block 16: comm syz.0.754: lblock 0 mapped to illegal pblock 16 (length 1)
[  160.949912][  T144] EXT4-fs (loop0): Remounting filesystem read-only
[  160.955102][ T7098] loop1: detected capacity change from 0 to 6
[  160.963301][ T7090] EXT4-fs (loop0): Remounting filesystem read-only
[  160.967144][  T144] Quota error (device loop0): remove_tree: Can't read quota data block 1
[  160.988911][ T7098] Dev loop1: unable to read RDB block 6
[  161.002749][ T7098]  loop1: unable to read partition table
[  161.016180][  T144] EXT4-fs error (device loop0): ext4_release_dquot:6270: comm kworker/u4:1: Failed to release dquot type 0
[  161.040676][ T7098] loop1: partition table beyond EOD, truncated
[  161.062688][ T7098] loop_reread_partitions: partition scan of loop1 (�被x������ ) failed (rc=-5)
[  161.083847][  T144] EXT4-fs (loop0): Remounting filesystem read-only
[  161.096178][ T4188] EXT4-fs error (device loop0): __ext4_get_inode_loc:4327: comm syz-executor: Invalid inode table block 1 in block_group 0
[  161.154642][ T4188] EXT4-fs (loop0): Remounting filesystem read-only
[  161.161383][ T4188] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5854: Corrupt filesystem
[  161.210583][ T4188] EXT4-fs (loop0): Remounting filesystem read-only
[  161.222783][ T4188] EXT4-fs error (device loop0): ext4_quota_off:6540: inode #3: comm syz-executor: mark_inode_dirty error
[  161.263064][ T4188] EXT4-fs (loop0): Remounting filesystem read-only
[  161.616078][ T7095] loop7: detected capacity change from 0 to 32768
[  161.877046][ T1111] uclogic 0003:256C:006D.0009: failed retrieving string descriptor #100: -71
[  161.895108][ T1111] uclogic 0003:256C:006D.0009: failed retrieving pen parameters: -71
[  161.918223][ T1111] uclogic 0003:256C:006D.0009: failed probing pen v1 parameters: -71
[  161.933926][ T1111] uclogic 0003:256C:006D.0009: failed probing parameters: -71
[  161.947506][ T7114] loop0: detected capacity change from 0 to 32768
[  161.950881][ T1111] uclogic: probe of 0003:256C:006D.0009 failed with error -71
[  161.983626][ T1111] usb 7-1: USB disconnect, device number 4
[  162.004011][ T7114] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.757 (7114)
[  162.179510][ T7114] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  162.221742][ T7114] BTRFS info (device loop0): setting nodatacow, compression disabled
[  162.250701][ T7114] BTRFS info (device loop0): enabling auto defrag
[  162.262826][ T7114] BTRFS info (device loop0): max_inline at 0
[  162.268876][ T7114] BTRFS info (device loop0): using free space tree
[  162.334295][ T7114] BTRFS info (device loop0): has skinny extents
[  162.456927][ T7151] loop7: detected capacity change from 0 to 512
[  162.531484][ T7151] EXT4-fs (loop7): Ignoring removed oldalloc option
[  162.554712][ T7151] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[  162.630089][ T7151] EXT4-fs (loop7): 1 truncate cleaned up
[  162.638367][ T7151] EXT4-fs (loop7): mounted filesystem without journal. Opts: bsddf,oldalloc,resuid=0x0000000000000000,debug_want_extra_isize=0x0000000000000080,block_validity,jqfmt=vfsv1,,errors=continue. Quota mode: none.
[  162.670690][   T26] audit: type=1800 audit(1774710588.027:10): pid=7151 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.766" name="file1" dev="loop7" ino=15 res=0 errno=0
[  163.080401][ T7184] loop6: detected capacity change from 0 to 512
[  163.169847][ T7184] EXT4-fs (loop6): Ignoring removed orlov option
[  163.185514][ T7184] EXT4-fs (loop6): Ignoring removed mblk_io_submit option
[  163.204575][ T7184] EXT4-fs error (device loop6): ext4_iget_extra_inode:4566: inode #15: comm syz.6.772: corrupted in-inode xattr
[  163.217563][ T7184] EXT4-fs error (device loop6): ext4_orphan_get:1405: comm syz.6.772: couldn't read orphan inode 15 (err -117)
[  163.239884][ T7184] EXT4-fs (loop6): mounted filesystem without journal. Opts: minixdf,noquota,orlov,noload,delalloc,mblk_io_submit,commit=0x0000000000000000,max_dir_size_kb=0x0000000000000003,noinit_itable,init_itable=0x0000000000000004,,errors=continue. Quota mode: none.
[  163.327587][ T7186] loop7: detected capacity change from 0 to 4096
[  163.498782][ T7186] ntfs3: loop7: Mark volume as dirty due to NTFS errors
[  163.685833][ T7186] ntfs3: loop7: Failed to load $Extend.
[  164.368889][ T7221] loop6: detected capacity change from 0 to 512
[  164.477152][ T7221] EXT4-fs (loop6): Ignoring removed oldalloc option
[  164.504363][ T7221] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  164.535175][ T7226] netlink: 27 bytes leftover after parsing attributes in process `syz.0.785'.
[  164.573861][ T7221] EXT4-fs (loop6): 1 truncate cleaned up
[  164.579765][ T7221] EXT4-fs (loop6): mounted filesystem without journal. Opts: bsddf,oldalloc,resuid=0x0000000000000000,debug_want_extra_isize=0x0000000000000080,block_validity,jqfmt=vfsv1,,errors=continue. Quota mode: none.
[  164.732996][   T26] audit: type=1800 audit(1774710590.097:11): pid=7221 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.783" name="file1" dev="loop6" ino=15 res=0 errno=0
[  165.122487][ T7215] loop7: detected capacity change from 0 to 40427
[  165.230692][ T7215] F2FS-fs (loop7): invalid crc value
[  165.265462][ T7215] F2FS-fs (loop7): Found nat_bits in checkpoint
[  165.374892][ T7215] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  165.427317][ T7250] loop5: detected capacity change from 0 to 64
[  165.532668][ T4828] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  165.594647][ T7229] loop3: detected capacity change from 0 to 32768
[  165.626708][ T7215] attempt to access beyond end of device
[  165.626708][ T7215] loop7: rw=2049, want=45104, limit=40427
[  165.695822][ T7229] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.786 (7229)
[  165.775883][ T7229] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  165.802778][ T4828] usb 7-1: Using ep0 maxpacket: 8
[  165.815369][ T7229] BTRFS info (device loop3): setting nodatacow, compression disabled
[  165.826135][ T7229] BTRFS info (device loop3): enabling auto defrag
[  165.835466][ T7229] BTRFS info (device loop3): max_inline at 0
[  165.871478][ T7229] BTRFS info (device loop3): using free space tree
[  165.905709][ T7229] BTRFS info (device loop3): has skinny extents
[  166.128734][ T4828] usb 7-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4
[  166.153658][ T4828] usb 7-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3
[  166.161740][ T4828] usb 7-1: Product: syz
[  166.166865][ T4828] usb 7-1: Manufacturer: syz
[  166.169827][ T7283] device syzkaller1 entered promiscuous mode
[  166.171570][ T4828] usb 7-1: SerialNumber: syz
[  166.185479][ T4828] usb 7-1: config 0 descriptor??
[  166.237890][ T4828] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd
[  166.885161][ T4828] input: gspca_zc3xx as /devices/platform/dummy_hcd.6/usb7/7-1/input/input16
[  167.228090][ T4828] usb 7-1: USB disconnect, device number 5
[  167.484811][ T7316] loop7: detected capacity change from 0 to 2048
[  167.560165][ T7316] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  167.579659][ T7316] ext4 filesystem being mounted at /36/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  167.716994][ T7301] loop0: detected capacity change from 0 to 32768
[  167.968473][ T7301] XFS (loop0): Mounting V5 Filesystem
[  168.168092][ T7343] loop6: detected capacity change from 0 to 512
[  168.269600][ T7301] XFS (loop0): Ending clean mount
[  168.302497][ T7301] XFS (loop0): Quotacheck needed: Please wait.
[  168.555127][ T7301] XFS (loop0): Quotacheck: Done.
[  168.597396][ T7353] loop6: detected capacity change from 0 to 512
[  168.692071][ T7305] loop5: detected capacity change from 0 to 40427
[  168.750687][ T7353] EXT4-fs (loop6): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback.
[  168.779105][ T4188] XFS (loop0): Unmounting Filesystem
[  168.802953][ T7353] ext4 filesystem being mounted at /48/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  168.824801][ T7314] loop3: detected capacity change from 0 to 32768
[  168.882599][ T7305] F2FS-fs (loop5): Invalid segment/section count (24 != 3 * 1)
[  168.890595][ T7305] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  168.898944][ T7356] loop7: detected capacity change from 0 to 4096
[  168.992067][ T7314] ocfs2: Slot 0 on device (7,3) was already allocated to this node!
[  169.026220][ T7305] F2FS-fs (loop5): invalid crc value
[  169.032611][ T7314] JBD2: Ignoring recovery information on journal
[  169.048215][ T7356] ntfs3: loop7: ntfs_set_state r=3 failed, -22.
[  169.161787][ T7305] F2FS-fs (loop5): Found nat_bits in checkpoint
[  169.291762][    T9] ntfs3: loop7: ntfs3_write_inode r=3 failed, -22.
[  169.315409][ T6196] ntfs3: loop7: ntfs_set_state r=3 failed, -22.
[  169.321827][ T6196] ntfs3: loop7: Mark volume as dirty due to NTFS errors
[  169.334889][ T7314] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  169.370923][ T6196] ntfs3: loop7: ntfs_set_state r=3 failed, -22.
[  169.443023][ T6375] ntfs3: loop7: ntfs3_write_inode r=3 failed, -22.
[  169.459125][ T6196] ntfs3: loop7: ntfs_evict_inode r=3 failed, -22.
[  169.532652][ T7305] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  169.540444][ T7376] exfat: Deprecated parameter 'utf8'
[  169.562918][ T7305] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  169.671067][ T7376] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xe3908169, utbl_chksum : 0xe619d30d)
[  169.742615][ T7305] F2FS-fs (loop5): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  169.774083][ T7305] F2FS-fs (loop5): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  169.940650][ T7386] device veth0 entered promiscuous mode
[  169.996949][ T7385] device veth0 left promiscuous mode
[  170.051472][ T4191] ocfs2: Unmounting device (7,3) on (node local)
[  170.279740][ T7388] F2FS-fs (loop5): Inconsistent i_blocks, ino:8, iblocks:0, sectors:8
[  170.705592][ T7417] set_capacity_and_notify: 1 callbacks suppressed
[  170.705609][ T7417] loop7: detected capacity change from 0 to 256
[  170.890921][ T7417] FAT-fs (loop7): Directory bread(block 64) failed
[  170.902850][ T7417] FAT-fs (loop7): Directory bread(block 65) failed
[  170.932813][ T7417] FAT-fs (loop7): Directory bread(block 66) failed
[  170.939679][ T7417] FAT-fs (loop7): Directory bread(block 67) failed
[  170.992710][ T7417] FAT-fs (loop7): Directory bread(block 68) failed
[  170.999414][ T7417] FAT-fs (loop7): Directory bread(block 69) failed
[  171.039622][ T7417] FAT-fs (loop7): Directory bread(block 70) failed
[  171.068929][ T7417] FAT-fs (loop7): Directory bread(block 71) failed
[  171.084118][ T7417] FAT-fs (loop7): Directory bread(block 72) failed
[  171.090910][ T7417] FAT-fs (loop7): Directory bread(block 73) failed
[  171.220033][ T7398] loop0: detected capacity change from 0 to 32768
[  171.400749][ T7431] loop5: detected capacity change from 0 to 512
[  171.580298][  T277] blkno = 8ed2c, nblocks = 1
[  171.585017][ T4231] usb 7-1: new full-speed USB device number 6 using dummy_hcd
[  171.624390][ T7431] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback.
[  171.668434][  T277] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map
[  171.668434][  T277] 
[  171.690301][ T7431] ext4 filesystem being mounted at /134/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  171.766221][  T277] ERROR: (device loop0): remounting filesystem as read-only
[  171.897479][ T4188] JFS: metapage_get_blocks failed
[  171.942998][ T4231] usb 7-1: config 0 has an invalid interface number: 172 but max is 0
[  171.951223][ T4231] usb 7-1: config 0 has no interface number 0
[  171.962069][ T7450] device syzkaller1 entered promiscuous mode
[  171.997674][ T4231] usb 7-1: config 0 interface 172 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  172.183140][ T4231] usb 7-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39
[  172.210411][ T4231] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  172.259766][ T4231] usb 7-1: Product: syz
[  172.268634][ T4231] usb 7-1: Manufacturer: syz
[  172.293683][ T4231] usb 7-1: SerialNumber: syz
[  172.310979][ T7467] loop7: detected capacity change from 0 to 512
[  172.317580][ T4231] usb 7-1: config 0 descriptor??
[  172.380390][ T4231] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b
[  172.387667][ T7467] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a803c198, mo2=0002]
[  172.404811][ T7467] System zones: 1-12
[  172.416763][ T7471] loop0: detected capacity change from 0 to 1024
[  172.423977][ T7467] EXT4-fs error (device loop7): ext4_iget_extra_inode:4566: inode #15: comm syz.7.844: corrupted in-inode xattr
[  172.528381][ T7471] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  172.549408][ T7467] EXT4-fs error (device loop7): ext4_orphan_get:1405: comm syz.7.844: couldn't read orphan inode 15 (err -117)
[  172.593325][ T7467] EXT4-fs (loop7): mounted filesystem without journal. Opts: block_validity,minixdf,noblock_validity,lazytime,noauto_da_alloc,block_validity,init_itable=0x0000000000000009,debug,usrjquota=,nolazytime,norecovery,,errors=continue. Quota mode: none.
[  172.652712][ T4229] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  172.821407][ T7486] netlink: 4 bytes leftover after parsing attributes in process `syz.3.848'.
[  172.999343][ T7493] loop0: detected capacity change from 0 to 512
[  173.051366][ T7493] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  173.062918][ T4229] usb 6-1: unable to get BOS descriptor or descriptor too short
[  173.070724][ T4229] usb 6-1: no configurations
[  173.088411][ T4229] usb 6-1: can't read configurations, error -22
[  173.122419][ T7493] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c802e02c, mo2=0002]
[  173.141334][ T7493] EXT4-fs (loop0): orphan cleanup on readonly fs
[  173.148314][ T7493] EXT4-fs error (device loop0): ext4_orphan_get:1426: comm syz.0.849: bad orphan inode 3
[  173.160519][ T7493] EXT4-fs (loop0): Remounting filesystem read-only
[  173.168224][ T7493] EXT4-fs (loop0): mounted filesystem without journal. Opts: nojournal_checksum,noblock_validity,discard,errors=remount-ro,data=writeback. Quota mode: none.
[  173.275013][ T4231] input: gspca_pac7302 as /devices/platform/dummy_hcd.6/usb7/7-1/input/input17
[  173.499656][ T4231] usb 7-1: USB disconnect, device number 6
[  174.120627][ T7546] loop6: detected capacity change from 0 to 2048
[  174.244967][ T7554] loop5: detected capacity change from 0 to 8
[  174.289632][ T7546] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  174.336862][ T7555] sctp: [Deprecated]: syz.0.863 (pid 7555) Use of struct sctp_assoc_value in delayed_ack socket option.
[  174.336862][ T7555] Use struct sctp_sack_info instead
[  174.356096][ T7554] SQUASHFS error: lzo decompression failed, data probably corrupt
[  174.392823][ T7546] ext4 filesystem being mounted at /54/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  174.432712][ T7554] SQUASHFS error: Failed to read block 0x91: -5
[  174.439267][ T7554] SQUASHFS error: Unable to read metadata cache entry [8f]
[  174.479940][ T7554] SQUASHFS error: Unable to read inode 0x11f
[  174.771801][ T7568] loop0: detected capacity change from 0 to 256
[  174.938619][ T7568] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xf4000b1f, utbl_chksum : 0xe619d30d)
[  175.108637][ T7551] loop3: detected capacity change from 0 to 40427
[  175.258462][ T7551] F2FS-fs (loop3): build fault injection attr: rate: 0, type: 0x35f7
[  175.295775][ T7575] netlink: 24 bytes leftover after parsing attributes in process `syz.0.868'.
[  175.299788][ T7551] F2FS-fs (loop3): build fault injection attr: rate: 690, type: 0x1ffff
[  175.332903][ T7575] bond0: ARP target 8.4.0.0 is already present
[  175.343790][ T7575] bond0: option arp_ip_target: invalid value (1032)
[  175.514921][ T7551] F2FS-fs (loop3): invalid crc value
[  175.548949][ T7551] F2FS-fs (loop3): Found nat_bits in checkpoint
[  175.711813][ T7545] XFS (loop7): Mounting V5 Filesystem
[  175.839197][ T7580] set_capacity_and_notify: 1 callbacks suppressed
[  175.839212][ T7580] loop5: detected capacity change from 0 to 65536
[  175.890065][ T7545] XFS (loop7): Ending clean mount
[  175.959781][ T4826] XFS (loop7): Metadata CRC error detected at xfs_inobt_read_verify+0x3a/0xd0, xfs_finobt block 0x10 
[  176.013806][ T4826] XFS (loop7): Unmount and run xfs_repair
[  176.024389][ T4826] XFS (loop7): First 128 bytes of corrupted metadata buffer:
[  176.032139][ T7551] F2FS-fs (loop3): Start checkpoint disabled!
[  176.044635][ T4826] 00000000: 46 49 42 33 00 00 00 01 ff ff ff ff ff ff ff ff  FIB3............
[  176.122709][ T7551] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  176.149505][ T4826] 00000010: 00 00 00 00 00 00 00 10 00 00 00 01 00 00 00 10  ................
[  176.200053][ T4826] 00000020: d7 dc 42 4e 79 90 42 cb 9f 91 9c b7 20 0a 10 1d  ..BNy.B..... ...
[  176.241107][ T4826] 00000030: 00 00 00 00 0f 8d d2 a2 00 00 18 00 00 00 40 37  ..............@7
[  176.270753][ T4826] 00000040: ff ff ff ff ff ff fe 00 00 00 00 00 00 00 00 00  ................
[  176.304341][ T4826] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  176.337620][ T4826] 00000060: 00 00 00 00 00 f0 00 00 00 00 00 00 00 00 00 00  ................
[  176.349766][ T7551] F2FS-fs (loop3) : inject alloc nid in f2fs_alloc_nid of f2fs_get_dnode_of_data+0x6a4/0x1dc0
[  176.361150][ T4826] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  176.375234][ T7545] XFS (loop7): metadata I/O error in "xfs_btree_read_buf_block+0x1db/0x2d0" at daddr 0x10 len 4 error 74
[  176.393330][ T7545] XFS (loop7): Failed to initialize disk quotas.
[  176.406399][ T7580] XFS (loop5): Mounting V5 Filesystem
[  176.528904][ T7580] XFS (loop5): Metadata corruption detected at xfs_dinode_verify+0x2c9/0xd60, inode 0x21 dinode
[  176.538299][    T9] attempt to access beyond end of device
[  176.538299][    T9] loop3: rw=2049, want=40984, limit=40427
[  176.539672][ T7580] XFS (loop5): Unmount and run xfs_repair
[  176.556751][ T7580] XFS (loop5): First 128 bytes of corrupted metadata buffer:
[  176.564280][ T7580] 00000000: 49 4e 80 00 03 02 00 00 00 00 00 00 00 00 00 00  IN..............
[  176.573406][ T7580] 00000010: 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  176.582410][ T7580] 00000020: 1d cd 65 00 00 00 00 00 34 f7 58 68 69 c5 80 b8  ..e.....4.Xhi...
[  176.591546][ T7580] 00000030: 34 f7 58 68 69 c5 80 b8 00 00 00 00 00 00 00 00  4.Xhi...........
[  176.600557][ T7580] 00000040: 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  ................
[  176.610150][ T7580] 00000050: 00 00 00 02 00 00 00 00 00 00 00 04 00 00 00 00  ................
[  176.615132][ T7545] syz.7.870 (7545) used greatest stack depth: 20728 bytes left
[  176.619754][ T7580] 00000060: ff ff ff ff f6 31 a3 b2 00 00 00 00 00 00 00 02  .....1..........
[  176.636017][ T7580] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08  ................
[  176.645313][ T7580] XFS (loop5): failed to read RT inodes
[  176.863203][ T7624] loop6: detected capacity change from 0 to 2048
[  176.882200][ T7628] loop0: detected capacity change from 0 to 64
[  176.905630][ T6196] XFS (loop7): Unmounting Filesystem
[  176.919838][ T7624] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  178.570746][ T7641] loop5: detected capacity change from 0 to 40427
[  178.644548][ T7641] F2FS-fs (loop5): Invalid SB checksum offset: 0
[  178.651318][ T7641] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock
[  178.730658][ T7641] F2FS-fs (loop5): invalid crc value
[  178.760044][ T7641] F2FS-fs (loop5): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[  178.771510][ T4826] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  178.791542][ T7647] loop3: detected capacity change from 0 to 32768
[  179.002321][ T7641] F2FS-fs (loop5): Try to recover 2th superblock, ret: 0
[  179.027922][ T7647] XFS (loop3): Mounting V5 Filesystem
[  179.072648][ T4826] usb 7-1: Using ep0 maxpacket: 16
[  179.088312][ T7641] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  179.192729][ T4826] usb 7-1: config 1 has an invalid interface number: 105 but max is 0
[  179.201243][ T4826] usb 7-1: config 1 has no interface number 0
[  179.208009][ T4826] usb 7-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  179.220544][ T4826] usb 7-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  179.230091][ T7659] loop0: detected capacity change from 0 to 32768
[  179.231346][ T4826] usb 7-1: config 1 interface 105 has no altsetting 0
[  179.247325][ T7647] XFS (loop3): Ending clean mount
[  179.291802][ T7647] XFS (loop3): Quotacheck needed: Please wait.
[  179.407625][ T7647] XFS (loop3): Quotacheck: Done.
[  179.423352][ T4826] usb 7-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  179.444992][ T4826] usb 7-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  179.458824][ T4826] usb 7-1: Product: syz
[  179.463892][ T4826] usb 7-1: Manufacturer: syz
[  179.468789][ T4826] usb 7-1: SerialNumber: syz
[  179.475608][ T7659] XFS (loop0): Mounting V5 Filesystem
[  179.484588][ T4657] attempt to access beyond end of device
[  179.484588][ T4657] loop5: rw=2049, want=45104, limit=40427
[  179.496793][ T7668] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  179.504888][ T7668] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  179.778833][ T7659] XFS (loop0): Ending clean mount
[  179.806342][ T4191] XFS (loop3): Unmounting Filesystem
[  179.810448][ T7659] XFS (loop0): Quotacheck needed: Please wait.
[  179.935843][ T7668] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  179.961884][ T7668] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  180.066882][ T7725] loop5: detected capacity change from 0 to 512
[  180.075948][ T7659] XFS (loop0): Quotacheck: Done.
[  180.119020][ T7725] EXT4-fs (loop5): Ignoring removed bh option
[  180.213099][ T7725] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem
[  180.298418][ T4188] XFS (loop0): Unmounting Filesystem
[  180.331041][ T7725] EXT4-fs (loop5): 1 truncate cleaned up
[  180.368057][ T7725] EXT4-fs (loop5): mounted filesystem without journal. Opts: noload,max_dir_size_kb=0x0000000000000001,bh,noload,data_err=ignore,usrjquota=,,errors=continue. Quota mode: none.
[  180.469817][ T7733] loop3: detected capacity change from 0 to 512
[  180.538504][ T7733] EXT4-fs (loop3): mounted filesystem without journal. Opts: errors=remount-ro,noblock_validity,minixdf,abort,. Quota mode: writeback.
[  180.574100][ T7733] ext4 filesystem being mounted at /195/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  180.682929][ T4826] aqc111 7-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71
[  180.712792][ T4826] aqc111 7-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71
[  180.786282][ T4826] aqc111 7-1:1.105 eth13: register 'aqc111' at usb-dummy_hcd.6-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, 82:4f:6c:4a:1c:fe
[  180.844823][ T4826] usb 7-1: USB disconnect, device number 7
[  180.874160][ T4826] aqc111 7-1:1.105 eth13: unregister 'aqc111' usb-dummy_hcd.6-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter
[  181.026764][ T4231] Bluetooth: hci4: command 0x0406 tx timeout
[  181.033148][ T4231] Bluetooth: hci2: command 0x0406 tx timeout
[  181.053688][ T4826] aqc111 7-1:1.105 eth13 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  181.082661][ T4826] aqc111 7-1:1.105 eth13 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  181.127900][ T4826] aqc111 7-1:1.105 eth13 (unregistered): Failed to write(0x61) reg index 0x0000: -19
[  181.167066][ T7758] block nbd0: shutting down sockets
[  181.226294][ T7762] loop7: detected capacity change from 0 to 1024
[  181.346342][ T7766] loop6: detected capacity change from 0 to 256
[  181.414098][ T7766] exfat: Deprecated parameter 'utf8'
[  181.420226][ T7766] exfat: Deprecated parameter 'utf8'
[  181.463130][ T7766] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d)
[  181.561419][ T7776] vxcan1: tx address claim with different name
[  181.588523][ T7777] hfsplus: catalog searching failed
[  181.716573][    T9] hfsplus: b-tree write err: -5, ino 3
[  181.997875][ T7786] loop6: detected capacity change from 0 to 4096
[  182.057736][ T7761] loop5: detected capacity change from 0 to 32768
[  182.108698][ T7786] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a84fc018, mo2=0003]
[  182.140568][ T7786] System zones: 0-5
[  182.188335][ T7786] EXT4-fs (loop6): mounted filesystem without journal. Opts: debug,lazytime,noauto_da_alloc,delalloc,errors=continue,quota,delalloc,barrier,,errors=continue. Quota mode: writeback.
[  182.265902][ T7761] JBD2: Ignoring recovery information on journal
[  182.313878][ T7801] netlink: 32 bytes leftover after parsing attributes in process `syz.7.919'.
[  182.349005][ T7803] netlink: 104 bytes leftover after parsing attributes in process `syz.0.920'.
[  182.436143][ T7761] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  182.614361][ T4657] ocfs2: Unmounting device (7,5) on (node local)
[  182.732519][ T4830] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  183.023734][ T7817] loop5: detected capacity change from 0 to 7
[  183.046935][ T7817] Dev loop5: unable to read RDB block 7
[  183.063177][ T7817]  loop5: unable to read partition table
[  183.069237][ T7817] loop5: partition table beyond EOD, truncated
[  183.078265][ T7817] loop_reread_partitions: partition scan of loop5 (�被x������ ) failed (rc=-5)
[  183.139749][ T4830] usb 1-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  183.159423][ T4830] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  183.204556][ T4830] usb 1-1: config 0 descriptor??
[  183.242063][ T7823] netlink: 12 bytes leftover after parsing attributes in process `syz.5.929'.
[  183.262060][ T7823] netlink: 8 bytes leftover after parsing attributes in process `syz.5.929'.
[  183.275282][ T4830] gspca_main: cpia1-2.14.0 probing 0813:0001
[  183.341655][ T7825] loop5: detected capacity change from 0 to 256
[  183.439274][ T7825] FAT-fs (loop5): Directory bread(block 64) failed
[  183.462824][ T7825] FAT-fs (loop5): Directory bread(block 65) failed
[  183.469481][ T7825] FAT-fs (loop5): Directory bread(block 66) failed
[  183.507020][ T7825] FAT-fs (loop5): Directory bread(block 67) failed
[  183.532190][ T7825] FAT-fs (loop5): Directory bread(block 68) failed
[  183.539319][ T7833] loop6: detected capacity change from 0 to 512
[  183.541536][ T7825] FAT-fs (loop5): Directory bread(block 69) failed
[  183.557617][ T7825] FAT-fs (loop5): Directory bread(block 70) failed
[  183.564414][ T7825] FAT-fs (loop5): Directory bread(block 71) failed
[  183.584623][ T7825] FAT-fs (loop5): Directory bread(block 72) failed
[  183.596067][ T7825] FAT-fs (loop5): Directory bread(block 73) failed
[  183.654320][ T7833] EXT4-fs (loop6): mounted filesystem without journal. Opts: errors=remount-ro,noblock_validity,minixdf,abort,. Quota mode: writeback.
[  183.677495][ T7833] ext4 filesystem being mounted at /70/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  183.713076][ T4830] cpia1 1-1:0.0: unexpected state after lo power cmd: 00
[  183.993081][ T7835] loop7: detected capacity change from 0 to 40427
[  184.085922][ T7835] F2FS-fs (loop7): Invalid log_blocksize (268), supports only 12
[  184.128930][ T7835] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[  184.139797][ T7842] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  184.163599][ T4830] gspca_cpia1: usb_control_msg 02, error -71
[  184.192776][ T4830] gspca_cpia1: usb_control_msg 05, error -71
[  184.199189][ T4830] cpia1 1-1:0.0: unexpected systemstate: 00
[  184.218070][ T4830] usb 1-1: USB disconnect, device number 9
[  184.247033][ T7835] F2FS-fs (loop7): Found nat_bits in checkpoint
[  184.391141][ T7835] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0
[  184.400682][ T7835] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  184.629406][ T7854] 9pnet: p9_errstr2errno: server reported unknown error 000000000000000000000040xffffffffffffffff
[  184.851820][ T7838] loop3: detected capacity change from 0 to 32768
[  185.005581][ T7870] loop7: detected capacity change from 0 to 1024
[  185.022253][ T7838] XFS (loop3): Mounting V5 Filesystem
[  185.126306][ T7870] EXT4-fs (loop7): mounted filesystem without journal. Opts: barrier,nodioread_nolock,noquota,bsdgroups,auto_da_alloc,auto_da_alloc=0x0000000000000005,,errors=continue. Quota mode: none.
[  185.131216][ T7838] XFS (loop3): Ending clean mount
[  185.145480][ T7870] ext4 filesystem being mounted at /78/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  185.203895][ T7870] EXT4-fs error (device loop7): ext4_free_blocks:6232: comm syz.7.948: Freeing blocks not in datazone - block = 0, count = 16
[  185.298235][  T154] EXT4-fs error (device loop7): ext4_validate_block_bitmap:438: comm kworker/u4:2: bg 0: block 112: padding at end of block bitmap is not set
[  185.354259][ T7838] XFS (loop3): Quotacheck needed: Please wait.
[  185.369896][  T154] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 61 with max blocks 1 with error 28
[  185.387071][  T154] EXT4-fs (loop7): This should not happen!! Data will be lost
[  185.387071][  T154] 
[  185.397405][  T154] EXT4-fs (loop7): Total free blocks count 0
[  185.426785][  T154] EXT4-fs (loop7): Free/Dirty block details
[  185.436514][  T154] EXT4-fs (loop7): free_blocks=0
[  185.439857][ T7838] XFS (loop3): Quotacheck: Done.
[  185.441998][  T154] EXT4-fs (loop7): dirty_blocks=16
[  185.453467][  T154] EXT4-fs (loop7): Block reservation details
[  185.459700][  T154] EXT4-fs (loop7): i_reserved_data_blocks=1
[  185.616264][ T4605] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  185.661373][ T4191] XFS (loop3): Unmounting Filesystem
[  185.772985][ T4605] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  185.934135][ T4605] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  185.972239][ T7885] REISERFS (device loop7): found reiserfs format "3.6" with non-standard journal
[  186.049045][ T7885] REISERFS (device loop7): using ordered data mode
[  186.077502][ T7885] reiserfs: using flush barriers
[  186.109118][ T7885] REISERFS (device loop7): journal params: device loop7, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  186.176001][ T7885] REISERFS (device loop7): checking transaction log (loop7)
[  186.177309][ T4605] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.485360][ T7885] REISERFS (device loop7): Using tea hash to sort names
[  186.511949][ T7885] REISERFS warning (device loop7): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 4) not found (pos 2)
[  186.533012][ T7885] REISERFS (device loop7): Created .reiserfs_priv - reserved for xattr storage.
[  186.763424][ T7890] chnl_net:caif_netlink_parms(): no params data found
[  186.921088][ T7915] set_capacity_and_notify: 1 callbacks suppressed
[  186.921107][ T7915] loop0: detected capacity change from 0 to 16
[  187.110013][ T7915] erofs: (device loop0): mounted with root inode @ nid 36.
[  187.150423][ T7890] bridge0: port 1(bridge_slave_0) entered blocking state
[  187.226153][ T7915] erofs: (device loop0): z_erofs_lz4_decompress: failed to decompress 1929 in[58, 4038] out[2639]
[  187.272735][ T7890] bridge0: port 1(bridge_slave_0) entered disabled state
[  187.281081][ T7890] device bridge_slave_0 entered promiscuous mode
[  187.302840][ T7915] erofs: (device loop0): z_erofs_readpage: failed to read, err [-117]
[  187.357916][ T7890] bridge0: port 2(bridge_slave_1) entered blocking state
[  187.366398][ T7890] bridge0: port 2(bridge_slave_1) entered disabled state
[  187.415680][ T7890] device bridge_slave_1 entered promiscuous mode
[  187.542004][ T7890] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  187.563921][ T7890] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  187.570037][ T7904] loop5: detected capacity change from 0 to 32768
[  187.647395][ T7890] team0: Port device team_slave_0 added
[  187.655483][ T7940] loop0: detected capacity change from 0 to 24
[  187.666298][ T7904] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 scanned by syz.5.958 (7904)
[  187.689128][ T7940] MTD: Attempt to mount non-MTD device "/dev/loop0"
[  187.699017][ T7890] team0: Port device team_slave_1 added
[  187.756052][ T7940] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  187.798692][ T7904] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm
[  187.815895][ T7890] batman_adv: batadv0: Adding interface: batadv_slave_0
[  187.838013][ T7890] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  187.864529][    C1] vkms_vblank_simulate: vblank timer overrun
[  187.867203][ T7904] BTRFS info (device loop5): enabling auto defrag
[  187.931463][ T7904] BTRFS info (device loop5): use no compression
[  187.954420][ T7890] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  187.957417][ T7904] BTRFS info (device loop5): max_inline at 4096
[  188.016072][ T7904] BTRFS info (device loop5): using free space tree
[  188.030395][ T7904] BTRFS info (device loop5): has skinny extents
[  188.058288][ T7944] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[  188.079887][ T7890] batman_adv: batadv0: Adding interface: batadv_slave_1
[  188.109024][ T7890] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  188.135792][ T7890] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  188.155784][ T7944] syz.7.967 (7944) used greatest stack depth: 20528 bytes left
[  188.170880][ T4235] Bluetooth: hci3: command 0x0409 tx timeout
[  188.261814][ T7890] device hsr_slave_0 entered promiscuous mode
[  188.310196][ T7965] loop0: detected capacity change from 0 to 512
[  188.320806][ T7890] device hsr_slave_1 entered promiscuous mode
[  188.367298][ T7890] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  188.367299][ T7965] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  188.386452][ T7890] Cannot create hsr debugfs directory
[  188.408200][ T7965] EXT4-fs (loop0): 1 truncate cleaned up
[  188.432685][ T7965] EXT4-fs (loop0): mounted filesystem without journal. Opts: init_itable=0x0000000000000000,jqfmt=vfsold,debug_want_extra_isize=0x000000000000006a,jqfmt=vfsold,minixdf,quota,,errors=continue. Quota mode: writeback.
[  188.433572][ T7904] BTRFS info (device loop5): enabling ssd optimizations
[  189.044343][ T7995] loop7: detected capacity change from 0 to 2048
[  189.157641][ T7995] NILFS (loop7): broken superblock, retrying with spare superblock (blocksize = 1024)
[  189.183385][ T4830] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  189.240750][ T8002] loop3: detected capacity change from 0 to 128
[  189.261237][ T4282] udevd[4282]: incorrect nilfs2 checksum on /dev/loop7
[  189.277697][ T4605] device hsr_slave_0 left promiscuous mode
[  189.280557][ T8003] NILFS (loop7): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  189.324215][ T8002] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  189.409161][ T8002] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  189.529308][ T4605] device hsr_slave_1 left promiscuous mode
[  189.613860][ T4830] usb 1-1: config 220 has an invalid interface number: 76 but max is 2
[  189.622257][ T4830] usb 1-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  189.666633][ T4830] usb 1-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  189.692903][ T4830] usb 1-1: config 220 has no interface number 2
[  189.705230][ T4830] usb 1-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  189.744742][ T4830] usb 1-1: config 220 interface 0 has no altsetting 0
[  189.766511][ T4830] usb 1-1: config 220 interface 76 has no altsetting 0
[  189.782980][ T4830] usb 1-1: config 220 interface 1 has no altsetting 0
[  190.002829][ T4605] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  190.005418][ T4830] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  190.018867][ T4605] batman_adv: batadv0: Removing interface: batadv_slave_0
[  190.021646][ T4830] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  190.035516][ T4830] usb 1-1: Product: syz
[  190.035681][ T1216] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  190.039713][ T4830] usb 1-1: Manufacturer: syz
[  190.039731][ T4830] usb 1-1: SerialNumber: syz
[  190.059379][ T4605] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  190.072885][ T4605] batman_adv: batadv0: Removing interface: batadv_slave_1
[  190.081337][ T4605] device bridge_slave_1 left promiscuous mode
[  190.107522][ T4605] bridge0: port 2(bridge_slave_1) entered disabled state
[  190.145655][ T4605] device bridge_slave_0 left promiscuous mode
[  190.168015][ T4605] bridge0: port 1(bridge_slave_0) entered disabled state
[  190.182089][ T4605] device veth1_macvtap left promiscuous mode
[  190.188773][ T4605] device veth0_macvtap left promiscuous mode
[  190.194988][ T4605] device veth1_vlan left promiscuous mode
[  190.200878][ T4605] device veth0_vlan left promiscuous mode
[  190.293045][ T4834] Bluetooth: hci3: command 0x041b tx timeout
[  190.411799][ T4605] team0 (unregistering): Port device team_slave_1 removed
[  190.431859][ T4605] team0 (unregistering): Port device team_slave_0 removed
[  190.440558][ T4830] usb 1-1: Found UVC 7.01 device syz (8086:0b07)
[  190.448202][ T4830] usb 1-1: No valid video chain found.
[  190.459621][ T4830] usb 1-1: selecting invalid altsetting 0
[  190.473070][ T4605] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  190.503708][ T4605] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  190.576762][ T4830] usb 1-1: selecting invalid altsetting 0
[  190.584853][ T4830] usbtest: probe of 1-1:220.1 failed with error -22
[  190.594084][ T4830] usb 1-1: USB disconnect, device number 10
[  190.618824][ T4605] bond0 (unregistering): Released all slaves
[  190.858675][ T8026] 9pnet: Insufficient options for proto=fd
[  190.948924][ T8032] tipc: Started in network mode
[  190.982691][ T8032] tipc: Node identity ac14142f, cluster identity 4711
[  190.990327][ T8032] tipc: Enabled bearer <udp:syz2>, priority 10
[  191.047225][ T8033] tipc: Can't add remote ip to TIPC UDP multicast bearer
[  191.242918][ T4255] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  191.512676][ T4255] usb 6-1: Using ep0 maxpacket: 16
[  191.632907][ T4255] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 32, changing to 9
[  191.658254][ T4255] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid maxpacket 1730, setting to 1024
[  191.772423][ T7890] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  191.795902][ T7890] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  191.826500][ T7890] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  191.845914][ T7890] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  191.858981][ T4255] usb 6-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f
[  191.876131][ T4255] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  191.909999][ T8039] loop0: detected capacity change from 0 to 32768
[  191.922625][ T4255] usb 6-1: Product: syz
[  191.926834][ T4255] usb 6-1: Manufacturer: syz
[  191.931598][ T4255] usb 6-1: SerialNumber: syz
[  191.974560][ T4255] usb 6-1: config 0 descriptor??
[  191.992968][ T8028] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  192.015468][ T4255] hub 6-1:0.0: bad descriptor, ignoring hub
[  192.021460][ T4255] hub: probe of 6-1:0.0 failed with error -5
[  192.088375][ T7890] 8021q: adding VLAN 0 to HW filter on device bond0
[  192.135696][ T4834] tipc: Node number set to 2886997039
[  192.221731][ T8039] XFS (loop0): Mounting V5 Filesystem
[  192.227247][ T7890] 8021q: adding VLAN 0 to HW filter on device team0
[  192.238133][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  192.253529][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  192.332895][ T6093] usb 6-1: USB disconnect, device number 7
[  192.352479][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  192.363402][ T4255] Bluetooth: hci3: command 0x040f tx timeout
[  192.422992][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  192.425533][   T26] audit: type=1326 audit(1774710617.787:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8066 comm="syz.7.992" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4514b7d819 code=0x0
[  192.431963][  T154] bridge0: port 1(bridge_slave_0) entered blocking state
[  192.460331][  T154] bridge0: port 1(bridge_slave_0) entered forwarding state
[  192.470130][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  192.498118][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  192.510263][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  192.540281][ T8039] XFS (loop0): Ending clean mount
[  192.545851][  T154] bridge0: port 2(bridge_slave_1) entered blocking state
[  192.545898][  T154] bridge0: port 2(bridge_slave_1) entered forwarding state
[  192.570730][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  192.610371][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  192.648847][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  192.702133][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  192.722107][ T4188] XFS (loop0): Unmounting Filesystem
[  192.744941][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  192.745372][ T6292] udevd[6292]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  192.772229][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  192.792212][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  192.829553][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  192.838696][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  192.871583][ T7890] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  192.893316][ T7890] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  192.901709][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  192.938534][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  193.026529][ T8082] netlink: 256 bytes leftover after parsing attributes in process `syz.5.994'.
[  193.054668][ T8082] netlink: 16 bytes leftover after parsing attributes in process `syz.5.994'.
[  193.498026][ T1216] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  193.544895][ T1216] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  193.588233][ T7890] 8021q: adding VLAN 0 to HW filter on device batadv0
[  193.641984][ T8093] loop7: detected capacity change from 0 to 4096
[  193.804921][ T8093] ntfs: volume version 3.1.
[  193.832402][ T8110] loop8: detected capacity change from 0 to 7
[  193.911393][ T8110] Dev loop8: unable to read RDB block 7
[  193.951920][ T8110]  loop8: unable to read partition table
[  193.962949][ T8110] loop8: partition table beyond EOD, truncated
[  194.033918][ T8110] loop_reread_partitions: partition scan of loop8 (�被x�^>��� ) failed (rc=-5)
[  194.286515][ T1423] ieee802154 phy0 wpan0: encryption failed: -22
[  194.295671][ T1423] ieee802154 phy1 wpan1: encryption failed: -22
[  194.447265][ T4830] Bluetooth: hci3: command 0x0419 tx timeout
[  194.576523][  T845] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  194.597855][  T845] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  194.702754][ T6095] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  194.745757][  T845] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  194.772847][ T8137] loop3: detected capacity change from 0 to 512
[  194.774136][  T845] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  194.825658][ T7890] device veth0_vlan entered promiscuous mode
[  194.833416][  T845] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  194.863606][  T845] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  194.882806][ T8137] EXT4-fs (loop3): Ignoring removed orlov option
[  194.902995][ T7890] device veth1_vlan entered promiscuous mode
[  194.909958][ T8137] EXT4-fs (loop3): Ignoring removed mblk_io_submit option
[  195.034134][ T8137] EXT4-fs error (device loop3): ext4_iget_extra_inode:4566: inode #15: comm syz.3.1006: corrupted in-inode xattr
[  195.080056][  T845] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  195.112824][ T6095] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  195.124641][ T8137] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.1006: couldn't read orphan inode 15 (err -117)
[  195.125896][  T845] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  195.150711][ T8137] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsold,inode_readahead_blks=0x0000000004000000,orlov,noload,delalloc,mblk_io_submit,commit=0x0000000000000000,noblock_validity,lazytime,init_itable=0x0000000000000fff,,errors=continue. Quota mode: none.
[  195.158885][ T6095] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  195.203680][  T845] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  195.218963][  T845] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  195.227382][ T6095] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  195.261909][ T7890] device veth0_macvtap entered promiscuous mode
[  195.293131][ T8144] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1008'.
[  195.303329][ T6095] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  195.336783][ T8144] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1008'.
[  195.356583][ T6095] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  195.391174][ T6095] usb 8-1: config 0 descriptor??
[  195.401996][ T7890] device veth1_macvtap entered promiscuous mode
[  195.442306][ T7890] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  195.478782][ T7890] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  195.509364][ T7890] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  195.520979][ T7890] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  195.535209][ T7890] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  195.547298][ T7890] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  195.557966][ T7890] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  195.572287][ T7890] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  195.592877][ T7890] batman_adv: batadv0: Interface activated: batadv_slave_0
[  195.607005][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  195.616170][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  195.663102][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  195.673407][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  195.703800][ T7890] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  195.736794][ T7890] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  195.802074][ T7890] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  195.824746][ T7890] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  195.842590][ T7890] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  195.872347][ T7890] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  195.875285][ T4830] hid-generic 0005:16C0:5505.000A: unknown main item tag 0x0
[  195.906146][ T7890] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  195.916818][ T4830] hid-generic 0005:16C0:5505.000A: hidraw0: BLUETOOTH HID v0.8b Device [syz0] on aa:aa:aa:aa:aa:aa
[  195.941410][ T7890] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  195.971849][ T6095] plantronics 0003:047F:FFFF.000B: unknown main item tag 0xd
[  196.005044][ T6095] plantronics 0003:047F:FFFF.000B: No inputs registered, leaving
[  196.031457][ T7890] batman_adv: batadv0: Interface activated: batadv_slave_1
[  196.058683][ T8173] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1014'.
[  196.063204][ T6095] plantronics 0003:047F:FFFF.000B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.7-1/input0
[  196.088008][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  196.110412][ T8176] fido_id[8176]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci3/hci3:200/report_descriptor': No such file or directory
[  196.131179][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  196.161229][ T7890] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  196.215940][ T7890] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  196.243100][ T7890] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  196.261535][ T7890] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  196.419101][    T7] usb 8-1: USB disconnect, device number 3
[  196.474552][ T8182] fido_id[8182]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.7/usb8/8-1/report_descriptor': No such file or directory
[  196.516040][ T8183] loop0: detected capacity change from 0 to 8192
[  196.560611][  T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  196.589868][  T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  196.621025][ T1216] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  196.655307][ T8183] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[  196.689827][ T8183] REISERFS (device loop0): using ordered data mode
[  196.699529][ T8183] reiserfs: using flush barriers
[  196.706650][ T8183] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  196.723773][ T8183] REISERFS (device loop0): checking transaction log (loop0)
[  196.750500][  T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  196.782874][  T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  196.831935][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  197.122780][ T8183] REISERFS (device loop0): Using tea hash to sort names
[  197.140427][ T8183] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 4) not found (pos 2)
[  197.171988][ T8183] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  197.191297][ T8213] loop5: detected capacity change from 0 to 64
[  197.342677][ T4830] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  197.358852][ T8213] overlayfs: upper fs needs to support d_type.
[  197.421505][ T8213] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  197.525740][ T8213] overlayfs: failed to set xattr on upper
[  197.542869][ T8213] overlayfs: ...falling back to index=off,metacopy=off.
[  197.704989][ T4830] usb 8-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  197.737413][ T4830] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  197.772674][ T4830] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  197.813196][ T4830] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  197.923009][ T4830] usb 8-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  197.933889][ T8233] loop6: detected capacity change from 0 to 16
[  197.946966][ T4830] usb 8-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  197.971412][ T4830] usb 8-1: Manufacturer: syz
[  197.986615][ T4830] usb 8-1: config 0 descriptor??
[  198.021049][ T8233] erofs: (device loop6): erofs_fc_fill_super: rootino(nid 36) is not a directory(i_mode 66300)
[  198.169755][ T8241] loop0: detected capacity change from 0 to 1024
[  198.242768][ T8241] EXT4-fs (loop0): Ignoring removed orlov option
[  198.334454][ T8241] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,resuid=0x0000000000000000,barrier=0x0000000000000cbe,orlov,nogrpid,noauto_da_alloc,jqfmt=vfsv1,,errors=continue. Quota mode: none.
[  198.502945][ T4830] appleir 0003:05AC:8243.000C: unknown main item tag 0x0
[  198.510801][ T4830] appleir 0003:05AC:8243.000C: No inputs registered, leaving
[  198.597296][ T4830] appleir 0003:05AC:8243.000C: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.7-1/input0
[  198.662807][ T8259] loop6: detected capacity change from 0 to 512
[  198.682740][ T8213] attempt to access beyond end of device
[  198.682740][ T8213] loop5: rw=0, want=268435470, limit=64
[  198.715457][ T8213] buffer_io_error: 23 callbacks suppressed
[  198.715474][ T8213] Buffer I/O error on dev loop5, logical block 134217734, async page read
[  198.779749][ T8259] EXT4-fs error (device loop6): ext4_orphan_get:1400: inode #15: comm syz.6.1035: iget: bad i_size value: 38620345925642
[  198.828080][ T4231] usb 8-1: USB disconnect, device number 4
[  198.899937][ T8259] EXT4-fs error (device loop6): ext4_orphan_get:1405: comm syz.6.1035: couldn't read orphan inode 15 (err -117)
[  198.907137][ T8265] fido_id[8265]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.7/usb8/report_descriptor': No such file or directory
[  198.979630][ T8259] EXT4-fs (loop6): mounted filesystem without journal. Opts: errors=continue,delalloc,data_err=ignore,journal_ioprio=0x0000000000000002,data_err=ignore,nojournal_checksum,,errors=continue. Quota mode: writeback.
[  199.037999][ T4657] attempt to access beyond end of device
[  199.037999][ T4657] loop5: rw=0, want=268435470, limit=64
[  199.086639][ T4657] Buffer I/O error on dev loop5, logical block 134217734, async page read
[  199.118462][ T4657] attempt to access beyond end of device
[  199.118462][ T4657] loop5: rw=0, want=268435470, limit=64
[  199.164690][ T4657] Buffer I/O error on dev loop5, logical block 134217734, async page read
[  199.197980][ T8270] vivid-000: disconnect
[  199.198580][ T4657] Trying to free block not in datazone
[  199.221962][ T8268] vivid-000: reconnect
[  199.325482][  T144] EXT4-fs error (device loop6): ext4_validate_block_bitmap:429: comm kworker/u4:1: bg 0: block 5: invalid block bitmap
[  199.378736][ T8272] loop3: detected capacity change from 0 to 128
[  199.411939][  T144] EXT4-fs (loop6): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 62 with error 28
[  199.439722][  T144] EXT4-fs (loop6): This should not happen!! Data will be lost
[  199.439722][  T144] 
[  199.457091][  T144] EXT4-fs (loop6): Total free blocks count 0
[  199.465952][  T144] EXT4-fs (loop6): Free/Dirty block details
[  199.471890][  T144] EXT4-fs (loop6): free_blocks=0
[  199.481022][  T144] EXT4-fs (loop6): dirty_blocks=62
[  199.515484][  T144] EXT4-fs (loop6): Block reservation details
[  199.566086][ T8272] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  199.571937][ T8276] loop5: detected capacity change from 0 to 4096
[  199.638893][  T144] EXT4-fs (loop6): i_reserved_data_blocks=62
[  199.689123][ T8272] ext4 filesystem being mounted at /217/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  199.714926][ T8262] loop0: detected capacity change from 0 to 32768
[  199.780071][ T8276] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a84fc018, mo2=0003]
[  199.798480][ T8276] System zones: 0-5
[  199.822041][ T8276] EXT4-fs (loop5): mounted filesystem without journal. Opts: debug,lazytime,noauto_da_alloc,delalloc,errors=continue,quota,delalloc,barrier,,errors=continue. Quota mode: writeback.
[  199.872836][ T8262] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz.0.1034 (8262)
[  199.927569][ T8285] loop6: detected capacity change from 0 to 128
[  199.952291][ T8262] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[  200.006407][ T8285] UDF-fs: error (device loop6): udf_read_tagged: read failed, block=256, location=256
[  200.008862][ T8262] BTRFS info (device loop0): enabling auto defrag
[  200.061017][ T8285] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  200.086180][ T8262] BTRFS info (device loop0): use no compression
[  200.132988][ T8262] BTRFS info (device loop0): max_inline at 4096
[  200.178216][ T8262] BTRFS info (device loop0): using free space tree
[  200.232851][ T8262] BTRFS info (device loop0): has skinny extents
[  200.335737][ T8289] loop3: detected capacity change from 0 to 1024
[  200.443692][ T8289] EXT4-fs (loop3): Ignoring removed orlov option
[  200.586477][ T8283] loop7: detected capacity change from 0 to 32768
[  200.590620][ T8289] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,resuid=0x0000000000000000,barrier=0x0000000000000cbe,orlov,nogrpid,noauto_da_alloc,jqfmt=vfsv1,,errors=continue. Quota mode: none.
[  200.681083][ T8262] BTRFS info (device loop0): enabling ssd optimizations
[  201.602724][ T4834] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  201.718165][ T8331] loop3: detected capacity change from 0 to 512
[  201.820614][ T8331] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem
[  201.845291][ T4834] usb 7-1: Using ep0 maxpacket: 8
[  201.851903][ T8331] EXT4-fs (loop3): bad block size 16384
[  201.876017][ T8331] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  201.877794][ T8333] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1057'.
[  201.918094][ T8336] loop0: detected capacity change from 0 to 1024
[  201.972964][ T4834] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  202.001865][ T4834] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  202.060284][ T4834] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  202.071389][ T4834] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  202.086988][ T8336] hfsplus: request for non-existent node 134217728 in B*Tree
[  202.095439][ T7291] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  202.112818][ T8336] hfsplus: request for non-existent node 134217728 in B*Tree
[  202.143943][ T8343] hfsplus: hfsplus: Invalid key length: 27767
[  202.147774][ T4834] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  202.156129][ T8341] loop3: detected capacity change from 0 to 2048
[  202.194591][ T4834] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  202.309373][ T8341] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  202.387461][ T7291] usb 8-1: Using ep0 maxpacket: 8
[  202.472887][ T4834] usb 7-1: GET_CAPABILITIES returned 0
[  202.478788][ T4834] usbtmc 7-1:16.0: can't read capabilities
[  202.548471][ T7291] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  202.562705][ T7291] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  202.631497][ T7291] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  202.643209][ T7291] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  202.657542][ T7291] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  202.668433][ T7291] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  202.763947][ T6100] usb 7-1: USB disconnect, device number 8
[  202.939267][    C0] print_req_error: 23 callbacks suppressed
[  202.939302][    C0] blk_update_request: I/O error, dev loop5, sector 3840 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  202.984918][    C0] blk_update_request: I/O error, dev loop5, sector 3840 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  202.996240][    C0] Buffer I/O error on dev loop5, logical block 480, async page read
[  203.004350][    C0] blk_update_request: I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  203.015283][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[  203.023418][ T7291] usb 8-1: GET_CAPABILITIES returned 0
[  203.028954][ T7291] usbtmc 8-1:16.0: can't read capabilities
[  203.030562][    C1] blk_update_request: I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  203.045816][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[  203.095995][    C1] blk_update_request: I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  203.107585][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[  203.117025][    C1] blk_update_request: I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  203.128159][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[  203.136668][    C0] blk_update_request: I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  203.147802][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[  203.172899][    C0] blk_update_request: I/O error, dev loop5, sector 3840 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  203.184459][    C0] Buffer I/O error on dev loop5, logical block 480, async page read
[  203.192733][    C0] blk_update_request: I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  203.235983][ T4235] usb 8-1: USB disconnect, device number 5
[  203.253173][    C0] blk_update_request: I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  203.272932][ T8360] ldm_validate_partition_table(): Disk read failed.
[  203.295704][ T8360] Dev loop9: unable to read RDB block 0
[  203.307182][ T8360]  loop9: unable to read partition table
[  203.322858][ T8360] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  203.322858][ T8360] 
) failed (rc=-5)
[  203.588643][ T8356] F2FS-fs (loop0): build fault injection attr: rate: 771, type: 0x1ffff
[  203.629917][ T8356] F2FS-fs (loop0): invalid crc value
[  203.737501][ T8356] F2FS-fs (loop0): Found nat_bits in checkpoint
[  204.170261][ T8373] set_capacity_and_notify: 3 callbacks suppressed
[  204.170280][ T8373] loop3: detected capacity change from 0 to 4096
[  204.193142][ T8356] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  204.304911][ T8379] device team_slave_0 entered promiscuous mode
[  204.312398][ T1216] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  204.336559][ T8366] loop5: detected capacity change from 0 to 131072
[  204.358370][ T8373] EXT4-fs (loop3): inline encryption not supported
[  204.388793][ T8373] EXT4-fs (loop3): Test dummy encryption mode enabled
[  204.420102][ T8366] F2FS-fs (loop5): invalid crc value
[  204.466286][ T4188] attempt to access beyond end of device
[  204.466286][ T4188] loop0: rw=2049, want=45104, limit=40427
[  204.506405][ T8366] F2FS-fs (loop5): Found nat_bits in checkpoint
[  204.533493][ T8373] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  204.550489][ T8366] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  204.555199][ T8373] System zones: 0-5
[  204.592735][ T8373] EXT4-fs (loop3): mounted filesystem without journal. Opts: debug,delalloc,inlinecrypt,test_dummy_encryption,errors=continue,errors=continue,delalloc,barrier,,errors=continue. Quota mode: writeback.
[  204.750133][ T8394] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1078'.
[  205.845472][ T8425] loop0: detected capacity change from 0 to 256
[  205.860201][ T8427] netlink: 11 bytes leftover after parsing attributes in process `syz.5.1080'.
[  205.876989][ T8429] loop7: detected capacity change from 0 to 512
[  205.884040][ T8427] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1080'.
[  205.893982][ T8427] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1080'.
[  205.900208][ T8425] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  205.933241][ T8425] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  206.047185][ T8429] EXT4-fs (loop7): mounted filesystem without journal. Opts: noauto_da_alloc,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback.
[  206.070621][ T8433] loop5: detected capacity change from 0 to 256
[  206.077668][ T8429] ext4 filesystem being mounted at /103/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  206.137280][ T8429] EXT4-fs (loop7): re-mounted. Opts: . Quota mode: writeback.
[  206.661559][ T8454] loop3: detected capacity change from 0 to 512
[  206.685846][ T8457] loop0: detected capacity change from 0 to 256
[  206.768945][ T8457] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d)
[  206.826351][ T8454] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,nogrpid,quota,,errors=continue. Quota mode: writeback.
[  206.892116][ T8454] ext4 filesystem being mounted at /233/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  207.080936][ T8470] loop7: detected capacity change from 0 to 7
[  207.146745][ T6196] Dev loop7: unable to read RDB block 7
[  207.187804][ T6196]  loop7: unable to read partition table
[  207.202952][ T6196] loop7: partition table beyond EOD, truncated
[  207.221010][ T8470] Dev loop7: unable to read RDB block 7
[  207.237673][ T8470]  loop7: unable to read partition table
[  207.240889][ T8475] device syzkaller1 entered promiscuous mode
[  207.247738][ T8470] loop7: partition table beyond EOD, truncated
[  207.286227][ T8470] loop_reread_partitions: partition scan of loop7 (�被x엟��� ) failed (rc=-5)
[  207.492910][ T6100] usb 7-1: new full-speed USB device number 9 using dummy_hcd
[  207.782728][    T7] usb 8-1: new full-speed USB device number 6 using dummy_hcd
[  207.918822][ T6100] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  207.946400][ T6100] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 512, setting to 64
[  208.162800][ T6100] usb 7-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  208.173060][ T6100] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  208.182177][ T6100] usb 7-1: Product: syz
[  208.186726][    T7] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  208.197175][ T6100] usb 7-1: Manufacturer: syz
[  208.201884][ T6100] usb 7-1: SerialNumber: syz
[  208.211037][ T6100] usb 7-1: config 0 descriptor??
[  208.232965][ T8473] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  208.240632][ T8473] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  208.352670][ T6093] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  208.364146][    T7] usb 8-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39
[  208.373819][    T7] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  208.381932][    T7] usb 8-1: Product: syz
[  208.386265][    T7] usb 8-1: Manufacturer: syz
[  208.390894][    T7] usb 8-1: SerialNumber: syz
[  208.398612][    T7] usb 8-1: config 0 descriptor??
[  208.444386][    T7] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b
[  208.472896][ T6100] radio-si470x 7-1:0.0: DeviceID=0x0000 ChipID=0x0000
[  208.479763][ T6100] radio-si470x 7-1:0.0: This driver is known to work with firmware version 12,
[  208.492613][ T6100] radio-si470x 7-1:0.0: but the device has firmware version 0.
[  208.692807][ T6100] radio-si470x 7-1:0.0: software version 0, hardware version 0
[  208.700381][ T6100] radio-si470x 7-1:0.0: This driver is known to work with hardware version 1,
[  208.713059][ T6100] radio-si470x 7-1:0.0: but the device has hardware version 0.
[  208.720617][ T6100] radio-si470x 7-1:0.0: If you have some trouble using this driver,
[  208.732125][ T6093] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  208.743419][ T6100] radio-si470x 7-1:0.0: please report to V4L ML at linux-media@vger.kernel.org
[  208.752672][ T6093] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  208.763141][ T6093] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  208.776190][ T6093] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  208.785351][ T6093] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  208.798228][ T6093] usb 6-1: config 0 descriptor??
[  208.922960][ T6100] radio-si470x 7-1:0.0: si470x_set_report: usb_control_msg returned -71
[  208.940083][ T8516] loop3: detected capacity change from 0 to 1024
[  208.952666][    C0] radio-si470x 7-1:0.0: non-zero urb status (-71)
[  208.963888][ T6100] radio-si470x 7-1:0.0: si470x_set_report: usb_control_msg returned -71
[  208.973069][ T6100] radio-si470x: probe of 7-1:0.0 failed with error -22
[  209.025920][ T6100] usb 7-1: USB disconnect, device number 9
[  209.053651][ T8521] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1132'.
[  209.072985][    T7] gspca_pac7302: reg_w() failed i: ff v: 01 error -71
[  209.080328][    T7] gspca_pac7302: probe of 8-1:0.0 failed with error -71
[  209.085751][ T8516] hfsplus: invalid length 65281 has been corrected to 255
[  209.109427][    T7] usb 8-1: USB disconnect, device number 6
[  209.111676][ T8516] hfsplus: invalid length 65281 has been corrected to 255
[  209.144004][ T8516] hfsplus: invalid length 65281 has been corrected to 255
[  209.173584][ T8516] hfsplus: invalid length 65281 has been corrected to 255
[  209.301175][ T6093] plantronics 0003:047F:FFFF.000D: unknown main item tag 0xd
[  209.350240][ T6093] plantronics 0003:047F:FFFF.000D: No inputs registered, leaving
[  209.380026][ T6093] plantronics 0003:047F:FFFF.000D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  209.621953][ T4834] usb 6-1: USB disconnect, device number 8
[  209.696786][ T8523] loop0: detected capacity change from 0 to 32768
[  209.838791][ T8523] XFS (loop0): Mounting V5 Filesystem
[  209.862956][ T6093] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  209.913600][ T8523] XFS (loop0): Ending clean mount
[  209.975932][ T4188] XFS (loop0): Unmounting Filesystem
[  210.132741][ T6093] usb 7-1: Using ep0 maxpacket: 16
[  210.253421][ T6093] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  210.271742][ T6093] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  210.294157][ T6093] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  210.332793][ T6093] usb 7-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.00
[  210.354173][ T6093] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  210.399864][ T6093] usb 7-1: config 0 descriptor??
[  210.432814][ T8558] vivid-001: disconnect
[  210.453743][ T8557] vivid-001: reconnect
[  210.802850][ T6100] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  210.856593][    C1] ==================================================================
[  210.865256][    C1] BUG: KASAN: use-after-free in __nft_trace_packet+0x135/0x150
[  210.872943][    C1] Read of size 2 at addr ffff88806064b6c0 by task syz.7.1154/8577
[  210.880763][    C1] 
[  210.883102][    C1] CPU: 1 PID: 8577 Comm: syz.7.1154 Not tainted syzkaller #0
[  210.890477][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  210.900621][    C1] Call Trace:
[  210.903939][    C1]  <IRQ>
[  210.906786][    C1]  dump_stack_lvl+0x188/0x250
[  210.911575][    C1]  ? show_regs_print_info+0x20/0x20
[  210.916900][    C1]  ? _printk+0xda/0x130
[  210.921050][    C1]  ? __nft_trace_packet+0x135/0x150
[  210.926521][    C1]  ? load_image+0x400/0x400
[  210.931023][    C1]  ? nft_synproxy_do_eval+0x3c9/0x570
[  210.936398][    C1]  print_address_description+0x60/0x2d0
[  210.941956][    C1]  ? __nft_trace_packet+0x135/0x150
[  210.947150][    C1]  kasan_report+0xdf/0x130
[  210.951841][    C1]  ? __nft_trace_packet+0x135/0x150
[  210.957041][    C1]  __nft_trace_packet+0x135/0x150
[  210.962069][    C1]  nft_do_chain+0x12a5/0x14f0
[  210.966758][    C1]  ? nft_fwd_dup_netdev_offload+0x120/0x120
[  210.972753][    C1]  ? __local_bh_enable_ip+0xd7/0x1c0
[  210.978145][    C1]  ? ipv6_find_tlv+0x270/0x270
[  210.982926][    C1]  nft_do_chain_inet+0x25c/0x340
[  210.987861][    C1]  ? nft_do_chain_arp+0xf0/0xf0
[  210.992802][    C1]  ? nf_nat_ipv6_fn+0x223/0x2e0
[  210.997842][    C1]  ? nf_nat_ipv6_local_fn+0x390/0x390
[  211.003313][    C1]  ? ip6table_mangle_hook+0x23c/0x7a0
[  211.008683][    C1]  ? lock_downgrade+0x770/0x830
[  211.013627][    C1]  ? nf_nat_ipv6_local_fn+0x390/0x390
[  211.019264][    C1]  ? nft_do_chain_arp+0xf0/0xf0
[  211.024269][    C1]  nf_hook_slow+0xb9/0x200
[  211.028695][    C1]  ? ip6_input+0xa0/0xa0
[  211.032934][    C1]  NF_HOOK+0x1f2/0x390
[  211.037004][    C1]  ? ip6_input+0xa0/0xa0
[  211.041245][    C1]  ? ip6_rcv_core+0x1620/0x1620
[  211.046095][    C1]  ? ip6_input+0xa0/0xa0
[  211.050335][    C1]  ? ip6_rcv_finish_core+0x20d/0x420
[  211.055617][    C1]  ? ip6_rcv_finish+0x16b/0x240
[  211.060650][    C1]  ? refcount_add+0x80/0x80
[  211.065327][    C1]  NF_HOOK+0x303/0x390
[  211.069390][    C1]  ? refcount_add+0x80/0x80
[  211.073895][    C1]  ? ip6_rcv_core+0x1620/0x1620
[  211.078837][    C1]  ? refcount_add+0x80/0x80
[  211.083340][    C1]  ? ip6_rcv_finish_core+0x420/0x420
[  211.088720][    C1]  __netif_receive_skb+0xcc/0x290
[  211.093787][    C1]  process_backlog+0x370/0x790
[  211.098578][    C1]  ? rps_trigger_softirq+0x210/0x210
[  211.103878][    C1]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  211.110024][    C1]  ? lock_chain_count+0x20/0x20
[  211.115010][    C1]  __napi_poll+0xc0/0x430
[  211.119346][    C1]  ? net_rx_action+0x307/0xa10
[  211.124387][    C1]  net_rx_action+0x4d4/0xa10
[  211.129010][    C1]  ? net_tx_action+0x880/0x880
[  211.133803][    C1]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  211.139803][    C1]  ? lock_chain_count+0x20/0x20
[  211.144677][    C1]  handle_softirqs+0x339/0x830
[  211.149455][    C1]  ? do_softirq+0x142/0x210
[  211.153965][    C1]  ? do_softirq+0x210/0x210
[  211.158559][    C1]  do_softirq+0x142/0x210
[  211.162889][    C1]  </IRQ>
[  211.165819][    C1]  <TASK>
[  211.168751][    C1]  ? __local_bh_enable_ip+0x1c0/0x1c0
[  211.174123][    C1]  ? lockdep_hardirqs_on_prepare+0x770/0x770
[  211.180107][    C1]  ? __local_bh_enable_ip+0xd7/0x1c0
[  211.185397][    C1]  ? lockdep_hardirqs_off+0x70/0x100
[  211.190681][    C1]  ? local_bh_enable+0x5/0x20
[  211.195357][    C1]  __local_bh_enable_ip+0x180/0x1c0
[  211.200552][    C1]  ? _local_bh_enable+0xa0/0xa0
[  211.205840][    C1]  ip6_finish_output2+0x1127/0x1510
[  211.211042][    C1]  ? nf_hook+0x360/0x360
[  211.215289][    C1]  ? ip6_finish_output+0x64c/0x7d0
[  211.220408][    C1]  ip6_xmit+0x109b/0x16d0
[  211.225277][    C1]  ? ip6_autoflowlabel+0xd0/0xd0
[  211.230216][    C1]  ? inet6_csk_route_socket+0x5f4/0xe60
[  211.235855][    C1]  ? read_lock_is_recursive+0x10/0x10
[  211.241257][    C1]  inet6_csk_xmit+0x405/0x680
[  211.245938][    C1]  ? inet6_csk_addr2sockaddr+0x1d0/0x1d0
[  211.251784][    C1]  ? tcp_v6_send_check+0x195/0x410
[  211.256910][    C1]  __tcp_transmit_skb+0x1d11/0x3200
[  211.262227][    C1]  ? __tcp_send_ack+0x5d0/0x5d0
[  211.267079][    C1]  ? seqcount_lockdep_reader_access+0x18d/0x1d0
[  211.273328][    C1]  ? memset+0x1e/0x40
[  211.277311][    C1]  ? tcp_rbtree_insert+0x114/0x170
[  211.282438][    C1]  ? tcp_connect+0x1fc1/0x4970
[  211.287302][    C1]  tcp_connect+0x21ac/0x4970
[  211.291929][    C1]  tcp_v6_connect+0x1224/0x1a30
[  211.296881][    C1]  ? tcp_v6_pre_connect+0xf0/0xf0
[  211.302121][    C1]  ? mark_lock+0x94/0x320
[  211.306457][    C1]  __inet_stream_connect+0x244/0xd70
[  211.311952][    C1]  ? lock_chain_count+0x20/0x20
[  211.316805][    C1]  ? lockdep_hardirqs_on_prepare+0x770/0x770
[  211.322802][    C1]  ? __local_bh_enable_ip+0x136/0x1c0
[  211.328196][    C1]  ? inet_dgram_connect+0x360/0x360
[  211.333398][    C1]  ? __local_bh_enable_ip+0x136/0x1c0
[  211.338768][    C1]  ? _local_bh_enable+0xa0/0xa0
[  211.343633][    C1]  inet_stream_connect+0x62/0xa0
[  211.348699][    C1]  ? __inet_stream_connect+0xd70/0xd70
[  211.354158][    C1]  __sys_connect+0x3cb/0x450
[  211.359104][    C1]  ? __sys_connect_file+0x170/0x170
[  211.364530][    C1]  ? vtime_user_exit+0x2c8/0x3e0
[  211.369763][    C1]  __x64_sys_connect+0x76/0x80
[  211.374625][    C1]  do_syscall_64+0x4c/0xa0
[  211.379244][    C1]  ? clear_bhb_loop+0x30/0x80
[  211.383926][    C1]  ? clear_bhb_loop+0x30/0x80
[  211.388694][    C1]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  211.394591][    C1] RIP: 0033:0x7f4514b7d819
[  211.399073][    C1] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  211.419469][    C1] RSP: 002b:00007f4512dd7028 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  211.427988][    C1] RAX: ffffffffffffffda RBX: 00007f4514df6fa0 RCX: 00007f4514b7d819
[  211.435962][    C1] RDX: 000000000000001c RSI: 0000200000000180 RDI: 0000000000000003
[  211.443935][    C1] RBP: 00007f4514c13c91 R08: 0000000000000000 R09: 0000000000000000
[  211.452087][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  211.460145][    C1] R13: 00007f4514df7038 R14: 00007f4514df6fa0 R15: 00007fffd6ee6468
[  211.468131][    C1]  </TASK>
[  211.471151][    C1] 
[  211.473477][    C1] Allocated by task 8577:
[  211.478061][    C1]  __kasan_slab_alloc+0x9c/0xd0
[  211.482997][    C1]  slab_post_alloc_hook+0x4c/0x380
[  211.488194][    C1]  kmem_cache_alloc_node+0x12d/0x2d0
[  211.493478][    C1]  __alloc_skb+0xf4/0x750
[  211.497809][    C1]  synproxy_send_client_synack_ipv6+0x161/0xc60
[  211.504046][    C1]  nft_synproxy_eval_v6+0x347/0x4e0
[  211.509242][    C1]  nft_synproxy_do_eval+0x3c9/0x570
[  211.514439][    C1]  nft_do_chain+0x48c/0x14f0
[  211.519023][    C1]  nft_do_chain_inet+0x25c/0x340
[  211.524050][    C1]  nf_hook_slow+0xb9/0x200
[  211.528468][    C1]  NF_HOOK+0x1f2/0x390
[  211.532537][    C1]  NF_HOOK+0x303/0x390
[  211.536612][    C1]  __netif_receive_skb+0xcc/0x290
[  211.541639][    C1]  process_backlog+0x370/0x790
[  211.546399][    C1]  __napi_poll+0xc0/0x430
[  211.550736][    C1]  net_rx_action+0x4d4/0xa10
[  211.555518][    C1]  handle_softirqs+0x339/0x830
[  211.560278][    C1]  do_softirq+0x142/0x210
[  211.564700][    C1]  __local_bh_enable_ip+0x180/0x1c0
[  211.569894][    C1]  ip6_finish_output2+0x1127/0x1510
[  211.575087][    C1]  ip6_xmit+0x109b/0x16d0
[  211.579506][    C1]  inet6_csk_xmit+0x405/0x680
[  211.584176][    C1]  __tcp_transmit_skb+0x1d11/0x3200
[  211.589563][    C1]  tcp_connect+0x21ac/0x4970
[  211.594502][    C1]  tcp_v6_connect+0x1224/0x1a30
[  211.599390][    C1]  __inet_stream_connect+0x244/0xd70
[  211.604678][    C1]  inet_stream_connect+0x62/0xa0
[  211.609623][    C1]  __sys_connect+0x3cb/0x450
[  211.614212][    C1]  __x64_sys_connect+0x76/0x80
[  211.619117][    C1]  do_syscall_64+0x4c/0xa0
[  211.623621][    C1]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  211.629512][    C1] 
[  211.631833][    C1] Freed by task 8577:
[  211.635834][    C1]  kasan_set_track+0x4b/0x70
[  211.640521][    C1]  kasan_set_free_info+0x1f/0x40
[  211.645628][    C1]  ____kasan_slab_free+0xd5/0x110
[  211.650822][    C1]  slab_free_freelist_hook+0xea/0x170
[  211.656224][    C1]  kmem_cache_free+0x8f/0x210
[  211.660899][    C1]  nft_synproxy_eval_v6+0x34f/0x4e0
[  211.666129][    C1]  nft_synproxy_do_eval+0x3c9/0x570
[  211.671414][    C1]  nft_do_chain+0x48c/0x14f0
[  211.676184][    C1]  nft_do_chain_inet+0x25c/0x340
[  211.681119][    C1]  nf_hook_slow+0xb9/0x200
[  211.685536][    C1]  NF_HOOK+0x1f2/0x390
[  211.689599][    C1]  NF_HOOK+0x303/0x390
[  211.693665][    C1]  __netif_receive_skb+0xcc/0x290
[  211.698778][    C1]  process_backlog+0x370/0x790
[  211.703541][    C1]  __napi_poll+0xc0/0x430
[  211.707871][    C1]  net_rx_action+0x4d4/0xa10
[  211.712747][    C1]  handle_softirqs+0x339/0x830
[  211.717510][    C1]  do_softirq+0x142/0x210
[  211.721917][    C1]  __local_bh_enable_ip+0x180/0x1c0
[  211.727129][    C1]  ip6_finish_output2+0x1127/0x1510
[  211.732331][    C1]  ip6_xmit+0x109b/0x16d0
[  211.736686][    C1]  inet6_csk_xmit+0x405/0x680
[  211.741560][    C1]  __tcp_transmit_skb+0x1d11/0x3200
[  211.746946][    C1]  tcp_connect+0x21ac/0x4970
[  211.751548][    C1]  tcp_v6_connect+0x1224/0x1a30
[  211.756495][    C1]  __inet_stream_connect+0x244/0xd70
[  211.761781][    C1]  inet_stream_connect+0x62/0xa0
[  211.766719][    C1]  __sys_connect+0x3cb/0x450
[  211.771314][    C1]  __x64_sys_connect+0x76/0x80
[  211.776090][    C1]  do_syscall_64+0x4c/0xa0
[  211.780504][    C1]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  211.786399][    C1] 
[  211.788723][    C1] The buggy address belongs to the object at ffff88806064b640
[  211.788723][    C1]  which belongs to the cache skbuff_head_cache of size 232
[  211.803911][    C1] The buggy address is located 128 bytes inside of
[  211.803911][    C1]  232-byte region [ffff88806064b640, ffff88806064b728)
[  211.817220][    C1] The buggy address belongs to the page:
[  211.822933][    C1] page:ffffea00018192c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6064b
[  211.833164][    C1] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[  211.840909][    C1] raw: 00fff00000000200 ffffea00017d3700 0000000b00000002 ffff888144bf2140
[  211.849497][    C1] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[  211.858070][    C1] page dumped because: kasan: bad access detected
[  211.864478][    C1] page_owner tracks the page as allocated
[  211.870212][    C1] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x132a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_MEMALLOC|__GFP_HARDWALL), pid 4282, ts 196228951120, free_ts 196003887039
[  211.889217][    C1]  get_page_from_freelist+0x1bbd/0x1ca0
[  211.894768][    C1]  __alloc_pages+0x1ee/0x480
[  211.899798][    C1]  new_slab+0xc0/0x4b0
[  211.903955][    C1]  ___slab_alloc+0x80a/0xdd0
[  211.908538][    C1]  kmem_cache_alloc_node+0x1c3/0x2d0
[  211.914225][    C1]  __alloc_skb+0xf4/0x750
[  211.918551][    C1]  __netdev_alloc_skb+0x110/0x4c0
[  211.923571][    C1]  __ieee80211_beacon_get+0xaa1/0x2000
[  211.929036][    C1]  ieee80211_beacon_get_tim+0x48/0x840
[  211.934584][    C1]  mac80211_hwsim_beacon_tx+0xf4/0x920
[  211.940126][    C1]  __iterate_interfaces+0x243/0x500
[  211.945417][    C1]  ieee80211_iterate_active_interfaces_atomic+0xb3/0x140
[  211.952443][    C1]  mac80211_hwsim_beacon+0x9b/0x180
[  211.957654][    C1]  __hrtimer_run_queues+0x4f2/0xb70
[  211.963031][    C1]  hrtimer_run_softirq+0x176/0x240
[  211.968368][    C1]  handle_softirqs+0x339/0x830
[  211.973159][    C1] page last free stack trace:
[  211.977857][    C1]  free_unref_page_prepare+0x637/0x6c0
[  211.983343][    C1]  free_unref_page+0x8f/0x2a0
[  211.988041][    C1]  __vunmap+0x8b9/0xa50
[  211.992196][    C1]  hid_open_report+0xa58/0xed0
[  211.996959][    C1]  plantronics_probe+0x40/0x380
[  212.001813][    C1]  hid_device_probe+0x271/0x360
[  212.006660][    C1]  really_probe+0x284/0xc80
[  212.011347][    C1]  __driver_probe_device+0x18c/0x330
[  212.016747][    C1]  driver_probe_device+0x4f/0x420
[  212.021773][    C1]  __device_attach_driver+0x2b0/0x500
[  212.027143][    C1]  bus_for_each_drv+0x184/0x210
[  212.031994][    C1]  __device_attach+0x2a8/0x480
[  212.036764][    C1]  bus_probe_device+0xbc/0x1e0
[  212.041625][    C1]  device_add+0xa00/0xfb0
[  212.045966][    C1]  hid_add_device+0x389/0x530
[  212.050769][    C1]  usbhid_probe+0xb92/0xf40
[  212.055306][    C1] 
[  212.057642][    C1] Memory state around the buggy address:
[  212.063292][    C1]  ffff88806064b580: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc
[  212.071690][    C1]  ffff88806064b600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  212.079766][    C1] >ffff88806064b680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  212.088107][    C1]                                            ^
[  212.094438][    C1]  ffff88806064b700: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc
[  212.102585][    C1]  ffff88806064b780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  212.110638][    C1] ==================================================================
[  212.118777][    C1] Disabling lock debugging due to kernel taint
[  212.125118][    C1] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  212.132415][    C1] CPU: 1 PID: 8577 Comm: syz.7.1154 Tainted: G    B             syzkaller #0
[  212.141179][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  212.151231][    C1] Call Trace:
[  212.154513][    C1]  <IRQ>
[  212.157356][    C1]  dump_stack_lvl+0x188/0x250
[  212.162037][    C1]  ? show_regs_print_info+0x20/0x20
[  212.167240][    C1]  ? load_image+0x400/0x400
[  212.171840][    C1]  panic+0x2e5/0x810
[  212.175743][    C1]  ? bpf_jit_dump+0xd0/0xd0
[  212.180329][    C1]  ? _raw_spin_unlock_irqrestore+0xbc/0x120
[  212.186216][    C1]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[  212.192107][    C1]  ? _raw_spin_unlock+0x40/0x40
[  212.196949][    C1]  ? print_memory_metadata+0x314/0x400
[  212.202416][    C1]  ? __nft_trace_packet+0x135/0x150
[  212.207708][    C1]  check_panic_on_warn+0x80/0xa0
[  212.212732][    C1]  ? __nft_trace_packet+0x135/0x150
[  212.218012][    C1]  end_report+0x6d/0xf0
[  212.222170][    C1]  kasan_report+0x102/0x130
[  212.226676][    C1]  ? __nft_trace_packet+0x135/0x150
[  212.231889][    C1]  __nft_trace_packet+0x135/0x150
[  212.237025][    C1]  nft_do_chain+0x12a5/0x14f0
[  212.241821][    C1]  ? nft_fwd_dup_netdev_offload+0x120/0x120
[  212.247741][    C1]  ? __local_bh_enable_ip+0xd7/0x1c0
[  212.253305][    C1]  ? ipv6_find_tlv+0x270/0x270
[  212.258098][    C1]  nft_do_chain_inet+0x25c/0x340
[  212.263219][    C1]  ? nft_do_chain_arp+0xf0/0xf0
[  212.268091][    C1]  ? nf_nat_ipv6_fn+0x223/0x2e0
[  212.272939][    C1]  ? nf_nat_ipv6_local_fn+0x390/0x390
[  212.278310][    C1]  ? ip6table_mangle_hook+0x23c/0x7a0
[  212.283676][    C1]  ? lock_downgrade+0x770/0x830
[  212.288525][    C1]  ? nf_nat_ipv6_local_fn+0x390/0x390
[  212.294253][    C1]  ? nft_do_chain_arp+0xf0/0xf0
[  212.299197][    C1]  nf_hook_slow+0xb9/0x200
[  212.303613][    C1]  ? ip6_input+0xa0/0xa0
[  212.307853][    C1]  NF_HOOK+0x1f2/0x390
[  212.312002][    C1]  ? ip6_input+0xa0/0xa0
[  212.316243][    C1]  ? ip6_rcv_core+0x1620/0x1620
[  212.321488][    C1]  ? ip6_input+0xa0/0xa0
[  212.325854][    C1]  ? ip6_rcv_finish_core+0x20d/0x420
[  212.331147][    C1]  ? ip6_rcv_finish+0x16b/0x240
[  212.336277][    C1]  ? refcount_add+0x80/0x80
[  212.341050][    C1]  NF_HOOK+0x303/0x390
[  212.345139][    C1]  ? refcount_add+0x80/0x80
[  212.349727][    C1]  ? ip6_rcv_core+0x1620/0x1620
[  212.354686][    C1]  ? refcount_add+0x80/0x80
[  212.359287][    C1]  ? ip6_rcv_finish_core+0x420/0x420
[  212.364568][    C1]  __netif_receive_skb+0xcc/0x290
[  212.369682][    C1]  process_backlog+0x370/0x790
[  212.374468][    C1]  ? rps_trigger_softirq+0x210/0x210
[  212.379760][    C1]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  212.385905][    C1]  ? lock_chain_count+0x20/0x20
[  212.390879][    C1]  __napi_poll+0xc0/0x430
[  212.395308][    C1]  ? net_rx_action+0x307/0xa10
[  212.400089][    C1]  net_rx_action+0x4d4/0xa10
[  212.404777][    C1]  ? net_tx_action+0x880/0x880
[  212.409878][    C1]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  212.415888][    C1]  ? lock_chain_count+0x20/0x20
[  212.420763][    C1]  handle_softirqs+0x339/0x830
[  212.425705][    C1]  ? do_softirq+0x142/0x210
[  212.430335][    C1]  ? do_softirq+0x210/0x210
[  212.434842][    C1]  do_softirq+0x142/0x210
[  212.439357][    C1]  </IRQ>
[  212.442418][    C1]  <TASK>
[  212.445538][    C1]  ? __local_bh_enable_ip+0x1c0/0x1c0
[  212.450931][    C1]  ? lockdep_hardirqs_on_prepare+0x770/0x770
[  212.456923][    C1]  ? __local_bh_enable_ip+0xd7/0x1c0
[  212.462304][    C1]  ? lockdep_hardirqs_off+0x70/0x100
[  212.467590][    C1]  ? local_bh_enable+0x5/0x20
[  212.472358][    C1]  __local_bh_enable_ip+0x180/0x1c0
[  212.477735][    C1]  ? _local_bh_enable+0xa0/0xa0
[  212.482668][    C1]  ip6_finish_output2+0x1127/0x1510
[  212.488041][    C1]  ? nf_hook+0x360/0x360
[  212.492279][    C1]  ? ip6_finish_output+0x64c/0x7d0
[  212.497386][    C1]  ip6_xmit+0x109b/0x16d0
[  212.501715][    C1]  ? ip6_autoflowlabel+0xd0/0xd0
[  212.506648][    C1]  ? inet6_csk_route_socket+0x5f4/0xe60
[  212.512189][    C1]  ? read_lock_is_recursive+0x10/0x10
[  212.517652][    C1]  inet6_csk_xmit+0x405/0x680
[  212.522417][    C1]  ? inet6_csk_addr2sockaddr+0x1d0/0x1d0
[  212.528056][    C1]  ? tcp_v6_send_check+0x195/0x410
[  212.533168][    C1]  __tcp_transmit_skb+0x1d11/0x3200
[  212.538372][    C1]  ? __tcp_send_ack+0x5d0/0x5d0
[  212.543234][    C1]  ? seqcount_lockdep_reader_access+0x18d/0x1d0
[  212.549588][    C1]  ? memset+0x1e/0x40
[  212.553665][    C1]  ? tcp_rbtree_insert+0x114/0x170
[  212.558771][    C1]  ? tcp_connect+0x1fc1/0x4970
[  212.563528][    C1]  tcp_connect+0x21ac/0x4970
[  212.568226][    C1]  tcp_v6_connect+0x1224/0x1a30
[  212.573168][    C1]  ? tcp_v6_pre_connect+0xf0/0xf0
[  212.578241][    C1]  ? mark_lock+0x94/0x320
[  212.582653][    C1]  __inet_stream_connect+0x244/0xd70
[  212.588110][    C1]  ? lock_chain_count+0x20/0x20
[  212.592960][    C1]  ? lockdep_hardirqs_on_prepare+0x770/0x770
[  212.598937][    C1]  ? __local_bh_enable_ip+0x136/0x1c0
[  212.604414][    C1]  ? inet_dgram_connect+0x360/0x360
[  212.609699][    C1]  ? __local_bh_enable_ip+0x136/0x1c0
[  212.615151][    C1]  ? _local_bh_enable+0xa0/0xa0
[  212.620102][    C1]  inet_stream_connect+0x62/0xa0
[  212.625241][    C1]  ? __inet_stream_connect+0xd70/0xd70
[  212.631920][    C1]  __sys_connect+0x3cb/0x450
[  212.636509][    C1]  ? __sys_connect_file+0x170/0x170
[  212.641880][    C1]  ? vtime_user_exit+0x2c8/0x3e0
[  212.646816][    C1]  __x64_sys_connect+0x76/0x80
[  212.651664][    C1]  do_syscall_64+0x4c/0xa0
[  212.656165][    C1]  ? clear_bhb_loop+0x30/0x80
[  212.660841][    C1]  ? clear_bhb_loop+0x30/0x80
[  212.665816][    C1]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  212.671810][    C1] RIP: 0033:0x7f4514b7d819
[  212.676423][    C1] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  212.696223][    C1] RSP: 002b:00007f4512dd7028 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  212.704649][    C1] RAX: ffffffffffffffda RBX: 00007f4514df6fa0 RCX: 00007f4514b7d819
[  212.712847][    C1] RDX: 000000000000001c RSI: 0000200000000180 RDI: 0000000000000003
[  212.720925][    C1] RBP: 00007f4514c13c91 R08: 0000000000000000 R09: 0000000000000000
[  212.728999][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  212.737319][    C1] R13: 00007f4514df7038 R14: 00007f4514df6fa0 R15: 00007fffd6ee6468
[  212.745473][    C1]  </TASK>
[  212.749224][    C1] Kernel Offset: disabled
[  212.753735][    C1] Rebooting in 86400 seconds..