last executing test programs:

26.890009779s ago: executing program 1 (id=505):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000300000095"], &(0x7f0000000100)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x100)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r1, 0xc0bc5351, &(0x7f0000000300)={0xf, 0x1, 'client1\x00', 0x80000004, "48474196d75985e1", "b3dd5b714cee2c979551b28f37a4819119dc09b431e422253d95f73c29e7ca5f", 0x5, 0x5})

26.822993175s ago: executing program 1 (id=506):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000000e00)=ANY=[@ANYBLOB="18000000030000000000000026d0000095002b000000000093adffa87d2255f674412d020000000000005ab527ee3697f1ec4436dd1164aa93cc5800075557165397000a63f6b9b3f427f6ba6b34f98125f30e697fffffffffffffffa30b273683626e0003254d570dca6b78ad833488cfe4109eaf009edd3e69613d3cd6aaa300006eee8501000000520a0000151d010000000100bf00000000cc587424363dc6ad7f3bbd424c6e6cafbe9309aba218a52001a3cd000041f0db74596fd72c002a60c1bc7dc8c38b7d2e13c50424b9dd1145d03ff45f70685c6bd9ff41c69b7de4758c1096a1dc52f29e470a000517ebc406e89dcbb7677e6528b0856e31ed9474ac24cf609068f645ce971fc0480737a55ebb0bd701f7ff21e88b3cfc22df01e4bac9d97328fa2a82b5e8741e02056d933bed759ff232cebc68b91af50479387467824262852c7939db5672d07cdbe8e14abf56497e5d56d06c759da324a39f7f51b870b2851c3f0a1aab71587a21c8f1b3369ebfcba105a6ccdd01b0f04edb256c604f068773f6ff000000000000006ffbfe5ca32142b0195531458b7d1e341c6f864f983d745f5865aad41d2915aae7602a2d6cd415e8351ebc4223f54d6bec664709ff03f1aa3dc7f1580ace9bf2afd28d7157e67fb98d121ad6eb372713255012e028cb2654d493a0b4b35faae176c89b745eda2967199cc936859a537e8e4871d4acf3e3dc10e13ef227f627a40000ad1fa253d33fa74f172d3407ae4e1e347c0cff28235a3cbb5d33b09bc30cf2880c586272c3f4d79bc36305745cb1cb385e6add14652003c7cdd3324f07d134d3ed07f1c10900000009dd872ec66ea6c718bbd1aa59114000f0be4c6f8df084c5e9734ae30aa9afdc719bf01ab03a9b1074407136b4506000f0916a39d3057d50183612b39e73aeeb6eaf14652dda68e98ef938e6515a94a71836469e2051d9b7eb85f3f2d5ae2c51944da8d7391d6d6b97419a3b7660df4c5124ca425d374b371867a79b31c6617fc3327191fbf514573f0e30d1d60be2168fe6c2f3dccd599a2cb77f124e22f87673675805494db821f39b50d938d5fd8c6b2a3a324c257b84000000b749ccd74089ed6b86f81ca3d247d8f71d290ed1b1a11f7a67125170c88c3b6a50696332226401b110da9c786eeca22debc99335583b54c13c3130978fa069af8223b38ced735c2d905f51ca85ffa4add5647489b3960127696cf2f16625c0c102000000000000009ef52134842e64171f3963841086e3797a4825d081f2d987f05c5341877386ec55d7dc958fd235d6071619a65d4b82d9c162f3556076b80550d961ca74f1ffdaccf0ea5f02e0fca8b27ff3983ab74fd3d560700a1fbb44e77e312b3b129e000302d613916c9bcf9f0000fac73adb6bfb27f88dba816020be760f7b45e001efada800000000000000fdaf4660402f7b3b79a433e08074ea2462974ab2cbd247eb1cfa2638f56daee57ed14bc74de0fd87a9ce638190f3570e0b4c80ef682df22237270955afb6008846557ee3bc09fda6dbb6542e597300eb82a184c96ffde5a30e5433d86666cb045bdd02c804c22ff2635c7bfbf5c0d586cda5e1e88a4d41dee7cc74f822278d124638fec58faeb48afe324369cc51204158bb440df2a694f4cdcaa4f65c22f000000000000000000000000000d503d79906958102000000000000000000001ffff0ef89b2a635edb2dd163e863315e84498dfb52b7f54da6398cbedaa42cc17c4563c859656a357770289a61faa95a82bf1cfb7f2fd7252e9322abe282c3344fc6738b4467893b9bf0d1c8130ae6b226900110635376413c29f7c6f7b7e29b9f4bddd5e328661f4046e01f7d7dc22174e5e627a6f608ad53a4168d4d8f7fbc71104512efe8e5d7d934aa289b4db2b870000000000000000000000000000000000000000009b777883a0f9cf4ad155110cd3ace2b322ac31bfa27847dc99c8a69a1ea5b98e525e6393ad7fd9795170e7b11e4fa990b9386910a6a1a66a70eaff01247603c2ff49d3979676bffb3049166ab84a0f061991bd57c2566c10c282352a5105b6164e3f2491e4793e590dcc71de10da96fdff40dd44a2c9882d3aa0f8a797b8fea6efcfb5046b7679f15559cdaa977504c40b2f777acb907ebf5fc14add71d0bca37405ded69b77ab4a3d7487fd50c5e22ade17556abb722d9c085b189b5fd1f30e8dc813f60400fde1f88d830b11002135e8e7262f299ed7923bfbe00ad88be179e56b41ff3792cee2fc37eee739c3e3af923e8738d93d583a9cf00b946960fc38cf85aae7cf708f9a9d166f2e352a06d99b8be476d1cc2a53a859ae4fdab2a987925d12422474ac044ffe9fe2bf9bf9bbdf36c4ca89c516647542ac45545337829fa7039d155ebda42d4c14f4ca7f8b5d5842658c62d0a03092b94fa1b19f190000000000000000000000000000009e75a32b9fafeffd890f2759b0fe3add33fa43a4c3995458f86a926ad56b23571c46728c039cd3b4bb7d69dfa27782b953a7b81cc161912b3e5716360686e126311a7e21bfa2efd0f57b90c203528c8f620d3c7b31c7abcffae382f53500f7cd5d00159e5f741d3e2d2cbd1a04b3f39b50a4683daa7d117b7f4a149c954d69d8ab001339e464c8eb5f0c63899010757c9a3b69f4920531b83f71d5a34ef9405819afee15b77c015ea755c95127ff2274bb9a8463ce4b8c08ad70596ad2b2b044e660ed144b9dce372450ea69d25da2b6deed67fac26e765aa7d5532ba1044f62db049486acde2294127cb767c23da7d8f9844d3be5b6aa83ee4ce1876af5130efe1b64ccb6bbd349bcc0e8deec8ab3bd1b35bbc8ab8a152771744baa576b9223d26b5603a7f091be1264cabaf661fe2dbe7990a61f710f923f2337818a3983d06c11a6bee7fccb78a53c56db5c18f920d2194374db665dcadf53b8d0014e682ec721d67a7ab6c817fe53c86f8900000000000000000000000000000060b7b827c56e973a2ab5bc5c558ada68c4ec3762f5957b20b919af5d53c87de056a397bdcb614c34761e2c815698e1f9f5521a385c2910850929040a4eba573e91ca21fc855358120ecd79a5d7007693ef3ff9d2b993d114443d53c53094e516f675b2a7074584714e7a2015e05e507811b4ca89c39281c9ada5f58ceb55893cca783ab09c9a19836a3a2c715b10436a5731549e364679ecd8461a68433ab52b1108831edb9654dc602183c1170d6881647f6dca15d57fb76357d815c5f1000000000000000000f49e327c0b6e511494466cec78650f0a6267"], &(0x7f00002bf000)='syzkaller\x00', 0x4, 0x436, &(0x7f0000000040)=""/183, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x7}, 0x48)
r1 = socket$kcm(0x29, 0x2, 0x0)
r2 = socket$inet6(0xa, 0x803, 0x6)
connect$inet6(r2, &(0x7f0000000200)={0xa, 0x4e21, 0x3, @empty, 0x6}, 0x1c)
ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000000180)={r2, r0})
r3 = syz_open_procfs(0x0, &(0x7f0000001300)='net/kcm\x00')
read$char_usb(r3, &(0x7f0000000040)=""/4109, 0x100d)

26.822702625s ago: executing program 1 (id=507):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x18, 0xb, &(0x7f00000007c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='contention_begin\x00', r0, 0x0, 0x6}, 0x18)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000240)={'batadv_slave_1\x00', <r2=>0x0})
setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f00000000c0)={r2, 0x1, 0x6, @remote}, 0x10)
setsockopt$packet_drop_memb(r1, 0x107, 0x2, &(0x7f0000000080)={r2, 0x1, 0x6, @multicast}, 0x10)

26.683627756s ago: executing program 1 (id=508):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cgroup.controllers\x00', 0x275a, 0x0)

26.68347146s ago: executing program 1 (id=509):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_IOVA_RANGES(r0, 0x3b84, &(0x7f0000000140)={0x20, 0x0, 0x0, 0x1000000, 0x0})

26.442466094s ago: executing program 1 (id=511):
r0 = open(&(0x7f0000000140)='.\x00', 0x8000, 0x112)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
getdents(r0, &(0x7f0000001fc0)=""/173, 0xad)

26.358905204s ago: executing program 32 (id=511):
r0 = open(&(0x7f0000000140)='.\x00', 0x8000, 0x112)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
getdents(r0, &(0x7f0000001fc0)=""/173, 0xad)

1.830944252s ago: executing program 0 (id=769):
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
setsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, 0x0, 0x0)

1.75953235s ago: executing program 3 (id=770):
syz_mount_image$msdos(&(0x7f0000000200), &(0x7f0000000000)='./file2\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='nodots,dmask=00000000000000000000003,usefree,nodots,flush,dots,dots,gid=', @ANYRESHEX=0x0, @ANYBLOB], 0x1, 0x214, &(0x7f0000000840)="$eJzs3D1rW1cYB/AjWa6tlhZPhXbpoV3a5bb10qVDS3GhVNCSRCEv0zWWEyFFAl8NksmgOVM+RwhkCWQL+QL+DFmymYDx5Ck3OJKs2NixE0dy4vx+ix6e/z1X5+jARVy9bP5+91ZjNUtW004ozRdC8Y/QDzuFsBCKYaQffnpwZfvOxavX/v2zUlm6MDvsx/jVd4+v377//ZPOF5cf7nYKIYStxWcbX298s/ni0s16FutZbLU7MY3L7XYnXW7W4ko9ayQx/t+spVkt1ltZbW1fvtpsj5861LIspq1ebNR6sdOOnbVeTG+k9VZMkiTOB06lem8nz8NWnuf5XD/kef62JyhMZl5Myyn3n4/c3kU97l5Nn/e71W518DjI//6nsvRLfGVhPGq7263O7OW/DvK4P58Nnw/zxUPzz8KPPwzy3eyv/yoH8nJYmfzyAQAAAADgXErinkPv7yfJUfmgeu3zgQP370vh29K4MzP5pQAAAABHyHrrjbS5Mrs2KJq1Myvmwv7Ob4+GUzxu+M9Pjz9mQsWXwyK843nKIYSjjymGM9+U6RSj75EPO6PfF5xseOl9TaP8gbwao2I+HBaVw3pjbjqbAgAAnC/jN/0nHlKc6IQAAAAAAAAAAAAAAAAAAADgEzSNPzM76zUCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALzJywAAAP//ixdW4w==")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.current\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f00000004c0), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x1, &(0x7f00000000c0)=0xd, 0x4)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
ftruncate(r0, 0xf4ff)

1.759267314s ago: executing program 0 (id=771):
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000040)='./file1\x00', 0x800810, &(0x7f00000003c0)={[{@nodiscard}, {@nodatasum}, {@metadata_ratio={'metadata_ratio', 0x3d, 0x308}}, {@nodatacow}, {@flushoncommit}, {@datacow}, {@clear_cache}, {@nodiscard}]}, 0xfb, 0x50f9, &(0x7f0000005140)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734d2FpAqhUbJJahw38Xptk4daqqwpVSPSNOuGBlURxcZek8ULdmxTYhQiYxPRCEFpg5R8KMIoimo+QK1ARFJAuEhxhMojoioKIFBoDVEQKSWJSBOkUM3ee2bvnLvz8GONl/5+knfOzP887zw859475wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwP8Ph75y1d82iz/82/Oefu7Cicv2rrvw5WvOO/3xECZnH+/Iwh3919868fM7z71r731rbrvnyPkf7M3L5fEwUP3Tmd+5LtZ6ZGkI93aE0J0GVg5mgZ78/mCs712DIZwW5gK1ElP9WYm04fD9vhD2h7lArarv9YUwWAhc8MRDD95YTdzSF8KyEEIlbePZStZGXxo4qzcL9KeBbd1Z4FdvZGqB73ZmAThu8c1Qe9EfnKzPMDJ/uQavv54T1rE3Vzq8rpgYaZzvZ+sWuFMFvekDk8f1tJWqY0GU3h6HvNsWwbuttJ1v9rQVv0jl31DemAtVQufmqS0br5zZFR/pDGNjXY1qWqDn+alXv7TpaNKL5nUYOzByQl6HNz227M6uFZ969J6Vy1488KF9Lx1vN39U2KTF9EKrhPw1t2iex2jC58kiePuVviWN+tIVQtjy+d/7dLN4af4/0nz+H1/O8bazLnes9fWhbG4eHxmMiVeGsrk5AAAALBqLYa/ptrEHPlYoPlxJ6ivN/0fbO/4fD/nnk/lstIdCmJhN7BsO4YzZx7PAHbG5S4ZDeO9sarI+sC4JHArhnbOJFbWqkhJLYonRJPCToTwwkQQOx8BkEvhWDNycBK6LgYNJYFMMHEoC58ZAmK4fx+8P5eNoO9AXAxuyjXgwnoXwi6HYWrKtnqlVBQAAcILks8Oe+ruFcx2ON0OcXh7sa5UhnoHdMEMlqSGdwdamVQ1r6G5VQ2erGmrj3tN8+KWaO1rVXDoNo6M+w62//JvPhCZK8//x5vP/yjwd6Sgd/w9h/ezfmLszj8zU4hsm6zIAAAAAx2Hgf5//ZrN4af4/0d75/3GfSFchc3gk7obYOhzCeH0gq/YPy4HsqPdAHgAAAIDFoHY8vnYsfDq/zU7RTufT5fyTR5k/HvifmDd/76H7NzTrb2n+P9ne+f/99bdZJw7HXnxtOIQlhcAPYi+rgVmjMfDjj9cH8vEfjhvghlhVfmJCraobYokNMTCeBPY3KvHDWokz6gP5k1VrfF9tHNN5iUIAAAAATrq4OyAel4/n/7/vN2uualauNP/fcHTn/8/Og0un988MhLCqO4Su9IcBj/RnCwPGwGBHnnigP6urK63q2v4QzqkOLK3q+Xz9/+50jcEn+rKqYuCM9x149axq4pt9IawqBp783O0friZ2JYFa43/ZF8J7qqNNG//OkqzxnrTxry8J4d2FQK2qS5aEUG2sN63qoUp+HYO0qn+uhPC2QqBW1UcqIewOACxS8b/SzcUHd+6+euvGmZmpHQuYiPvw+8KW6ZmpsU3bZjZXGvRpc9LnumWMri2Pqd0r3zyTL1H02bvXD7aTrv1OcLzYVr4fv3TiYH4/fhfqmR3nmp66u2vTIX/g/eUmQuGbVKMhdy7wkPuLlcw9iaX6Y/7eMBCWXLlzasfYFzfu2rVjdfa33exrsr/xMFO2rVan26p/vr618fJouFpW4li31fJiJat2Xb591c7dV6+cvnzjpVOXTl2x+iNrxs8eXzv+0bNXVUc1nv1tMdTl81WdDPWN29sc1wkc6pndhUpOxqeGhITEYktsG1je9P/k0vx/e/P5f/zUiZ/8+foMjY7/j8TD/Nnjc4f5N8TA/naP/480OppfOzFgNAnsiYE9DvMDAADw1hAn+XFvZtwr/dMV33mxWbnS/H9Pe7//P0Hr/9eWrj+/0TL/K2KJ8Ubr/6fL/NfW/9/TaP3/dJn/2vr/+9+E9f+vrAWSTfIL6/8DAABvBSdv/f+Wy/unFwgoZWi5vH96gYBShpbL+Ld7gYCjXv//2f/8q/8OTZTm/ze3N/+3cD8AAACcOr78Z1f9TrN4af6/v735/8lf/y80Ov9/tFFgstHCgNb/AwAAYJFqtP7fyPX9FzcrV5r/H2xv/h9Pu+isyx1rfX0oW9MupGvavTJU+8kAAAAALA6dYWysp828dSujrjv2Np/KlwJtli56/k+OHN35/4fam//X/S7jpseW3dm14lOPvn7PymUvHvjQvpfmjv8DAAAAC6fd/RIAAAAAAAAAAAAAAMCb7/n/2Lu2Wbz0+/+wfvbxRr//j9f9i78veHtd7lhr6/X/8vsXfPKu3bNLFj4yFML7i4Gte7eeFvJr8y8vBh68aMU7qom9aYn7nzv3hWri4jTwiZWnv1ZNnJMENsRFEt+ZBuJVFV9bmgTi8or/ngbi9jiYBnrzwFeXZuPoSLfVTwezbdWRbqunB0MYLgRq2+rewayNjnSAtySB2gC/kAbiAP88D3SmvbprIOtVDAzGorcNZL0CAOCUFb8F9oQt0zNT4/ErfLw9s7v+NqpbsuzacrUdbTb/TL402WfvXj/YTror/S46d63xnlCpDmF16etqMUvH7ChPTC0tNt3bGwy51WpvnQ3KpY520/U2HlFfNqKxTdtmNve0HPja1lnWdLfMsro02Slm6ZzdpG3U0kZf2hhRm9umjS7H+51hbKwryfUHMTgS6rR6RbT7e/3iOn+NXgXFPFcc2ferZvWV5v8j7c3/K8VxvZZfDGBPvLLe3w1b5h8AAAAW1lfX/fob8d9nrn/4yWZ5S/P/0fbm/3EPVn4oONvbcShe/3/fcAizl9YfyQJ3xOYuGQ7hvbOpyVgiu6D++bHEeBa4I+4wWRFLbJisr2pJDBxMAj8ZygOHksDhGMj3UhwI+a6cvx8K4cOzqfX1JbbHEiNJ4NMxMJoExmJgPAksjYGJJPDy0jwwmQT+LQbCdP22untpvq0AAACORj7P6qm/G9J53sHuVhk6WmXob5Whs1WGSqsMjUYR7387ZuhJTl7pKGTqSWvtS2opZYgXwz/qfpUyhB/W50wLlpqO5x/UzjfoqM9w38e6K6GJ0vx/vL35f3/9bdb64Tj/n7v+Xxb4Qeze1+Kp46Mx8OOP1wfyHQOH42T3hlpVk3mJfNJ+QywxEQOjSWB7DEwkgQ3r88D+d9QH8pl2rfF9tcan8xKFAAAAAJx0cQdB3E0T5/+37fzKQLNypfn/RHvz/9jeQLGx62KtR5aGcG/HXG9qgZWDWSDuxxiMP49/12AIpxV2cNRKTPVnJXqThsP3+7JfqPemVX2vL/vxQbx/wRMPPXhjNXFLXwjLCntfam08W8na6EsDZ/Vmgf40sK07C8Q9P7XAdzuzABy32l7B+ILKT3WpGZm/XIPX31vlmqDp8Er7QOfJN99vrhZKaYdrvk+15uietqb7bzlhSm+PQ95ti/HdNuLdVvwilX9DeWMuVAmdm6e2bLxyZld8pPhL1pIFep6Lv1JtJ30CXod7jr23rVXSDownHx/j85eb/3XYEau76bFld3at+NSj96xc9uKBD+17qe1uNBB/KPzQNf86+KPC5l1olZC/5hbd58mkz5NF8d9A8u4e9bSFENa//PUbmsVL8//J9ub/3cntrF/HjblzOIQPFDbuI3Hz//Fw9jlYCGSfkm8rB7JD7v811PCTEwAAAE602u6O2v6C6fw2OyE8nSeX808eZf64v2Ji3vzt9rv/ry9a1ixemv9vaD7/X5J00/F/x/9ZII7/z+tU3xW9JH1gz3Htii5Vx4Jw/H9ep/q7zfH/eTn+7/j/fBz/b8Hx/3md6k9b6VvSdl+6Qggv/tEDTzeLl+b/29ub/1v/b/5F+2rr/21otP7f9kbr/+2x/h8AALCgGiw0l87zSqv3lTKkq/eVMrRcILDlEoPW/zvq9f9eOPPZ34QmSvP/Pe3N/+PLYaDY+mJZ/290fYOqbo6B7RYGBAAA4FTUaAcBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAb677/uF/NjeLP/zb855+7sKJy/auu/Dla847/fEQpmcf78jCHf3X3zrx8zvPvWvvfWtuu+fI+R+s5OV68tvfrcsda319KIT9hUcGY+KVoeqducAFn7xrd3c18chQCO8vBrbu3XpaNfGtoRCWFwMPXrTiHdXE3rTE/c+d+0I1cXEa+MTK01+rJs7JAx1pd/9xadbdjrS7Ny4NYbgQqHX3sqX1VdXa+NM80Jm28U+DWRsxMBiLfmMwayMGZmKJ6SUhrOoOoSut6uFKVlVXWtW/VLKqutKqvlwJ4ZwQQnda1XO9WVXd6cgf782qioEz3nfg1bOqif29IawqBp783O0fria+kARqjf9Fbwjvqb5k0sa/3ZM13pM2fktPCO8OIfSmJX7ZnZXoTUs83x3C2wqBWuOf7w5hd+AtIX741H2i7dx99daNMzNTOxYw0Zu31Re2TM9MjW3aNrO5kvSpkY5C+o1rj33sz7z6pU3V28/evX6wnXR3Xq5ntstreururj3Vex/71V+sZO75KNUf8/eGgbDkyp1TO8a+uHHXrh2rs7/tZl+T/e3Ko9m2Wr1YttXyYiWrdl2+fdXO3VevnL5846VTl05dsfoja8bPHl87/tGzV1VHNZ79PRFDvf3kD/XM7kIlJ+MDQEJCYrElOus+3cZP9Q/y0hf9uY72hMrsB3RpWlHM0jE7yhMx6HXHOOJj+Z7SckSrSxOHUpY182S5tj7L2tJkYq6WvizL7Pe60uSw2Fjn7CaN9zvD2FhXo+0wUn+3uHl/dhyb96l807WbBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4P/YgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRg9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHApAAD//7IeJCA=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r0, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x2, 0x2)

1.498585558s ago: executing program 3 (id=772):
r0 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000740)=@newlink={0x4c, 0x10, 0x437, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x40c89}, [@IFLA_OPERSTATE={0x5, 0x10, 0x5}, @IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ipip={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LOCAL={0x8, 0x2, @multicast1}, @IFLA_IPTUN_LINK={0x8}]}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x44801}, 0x0)

1.411024055s ago: executing program 2 (id=773):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x28011, r1, 0x62f71000)

1.410766695s ago: executing program 3 (id=774):
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x80001, 0x0)
r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000100)={0x1, "5660359c3245d1c42317afad7d48ed51000000000000000100", <r2=>0xffffffffffffffff})
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000000)={0x5, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf501922de974a27", <r3=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r2, 0xc0303e03, &(0x7f0000000180)={"2486910284ed923431d4c5d5fbf514fd00", r3, <r4=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r4, 0xc0303e03, &(0x7f00000001c0)={"193757f50eb2f3e2af0fd12b3037cb09c5cc8316613705a9f615cf170cf1e213", r2})

1.340964497s ago: executing program 3 (id=775):
r0 = socket(0xa, 0x5, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000180)=[@in6={0xa, 0x4e24, 0x4, @loopback}, @in={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1f}}], 0x2c)

1.280461386s ago: executing program 3 (id=776):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="1400000013000104000000000000000005"], 0x14}], 0x1}, 0x0)

1.280209417s ago: executing program 2 (id=777):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="01000000050000000100000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0xfffffffffffffe8b, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = socket$packet(0x11, 0x2, 0x300)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94)
setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000180)=r2, 0x4)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x80)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="259a53f271a76d2673004c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

1.206780899s ago: executing program 3 (id=778):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000002900)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000010, &(0x7f00000022c0)=ANY=[], 0x1, 0x6d2, &(0x7f0000000e80)="$eJzs3c1vHGcdB/DvrNeuN1TBaRMaoSKsRCpIEYkTK4VwwSCEcqhQVQ49W4nTWN0kVeKitELgAoITEof+AQXJNw4IiXtQuHApt159rITEJeIQ9bJoZmfXu/b6LS9rGz6faDLPzDPPM7/5zTMzu2utNsD/ravn0nyQIlfPvXG/XF5fm2+vr82/UFe3k5TlRtLszlLcToqHyUJZXwxMGZhv8fHylbc+e7T+eXepWU/V9hM7tRthxLar9ZTZur/ZkS0n97qL1Tq8vJjkWj0fNrXXvoY2LJN2tp7Dgetssbqf5vu5boFDpvd0KrrPzS1mkmNJpuvXAanvDo3xRfh87OsuBwAAAEfAqI+9P71zAIEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAEVf//n9RT416ntkUvd//n+qtq8uH0MKet3zwXOMAAAAAAAAAgPH4+uM8zv0c7y13iupv/meqhZP5opN8Ke/nXpZyN+dzP4tZyUru5mKSmYGOpu4vrqzcvdhvWRrd8tLIlpfGdcQAAAAAAAAA8D/pl2lt/P0fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOgyKZ6M6q6WQ9z0wazWzUZTX5Z5Kpg453H4pRKx+MPw4AAAB4KtNP0ObLj/M493O8t9wpqvf8X6neL0/n/dzOSpazknaWcr1+D12+62+sr82319fmb5VTuTzc7/f/va8wpuoeJqqlUXs+XW3Ryo0sV2vO51oVzPU0uvs+m5zuxTMQ14CPypiK79X2GFmzTmu5s99v9ynCMzH8UURjhy1bG8El/YzM1bGVLU90M1BUH9QkmzOx69lpDi3NVL1O9vd0MY3+Jz8nnybnq6P3fqyel8fzm+ea8/3qZ6KRKhOXeqOvvGZ2zkTyjb/+6e2b7dvv3rxx79zhOaRdTGyzfvOYmB/IxCtHOhPNfW4/V2XiVH/5an6Un+RcZvNm7mY5P81iVrKUTl2/WI/n8v+ZnTO1MLT05m6RTNXnpXvO9hLTbH5YlRZzpmp7PMspcifXs5TXq3+XcjHfzuVczpWBM3xq27irY6uu+sbmq753pv82Mviz36wL5d3ttxt3uYWdjni70fmsdO/9ZV5PDOS1O+of9bc6MXAdzA1k6aVediZHdv4kz6PmV+tCuY9f7fKcGK+ZOhPlBdR7SvSie7mbiWb1LNo6zv/QKdulfbvTubn43jb9b35YvFbPy2G19rXdtu4ZfSqerXK8vJTp+k4yPDrKupf7d5mBus7GWO7WDT9xy3anqrqi6F2pP86dagBsvVKn6tdwW3u6VNW9MrJuvqo7PVA39Hord9LO9THkD4An8Y+3+8WZHJtq/av1aeuT1q9bN1tvTP/ghe+88OpUJv8++d3m3MRrjVeLv+ST/Hzj/T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDk7n3w4buL7fbS3dGFxvZVQ4VWNq/ZredNhaL+QZ/9tTq8hekkQ2uq3zkaexitzWFsKXR+kYw9P70fERy9ze/KQnPLiBpVWBha8+etHX60zwiLvV0Xz7HQyHh3OpHRA+AAb0rAWFxYufXehXsffPit5VuL7yy9s3R78vLlK3NXLr8+f+HGcntprvv/QUcJPA9DLwMAAAAAAAAAAACAI2HUFwPOvLjbl0b29B2P/pqDPkYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgaLt6Ls0HKXJx7vxcuby+Nt8up155Y8tmkkYjKX6WFA+ThXSnzAx0V+SPD9MZsZ+Pl6+89dmj9c83+mp2t08a9Xx7O9cmWa2nzCaZqOdPYai/a0/dX/Gf3jGUCfui0+ksPF188Gz8NwAA//9jrvUm")
symlink(&(0x7f0000000900)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000640)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000001dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
rename(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000200)='./file0\x00')
r1 = socket(0x2, 0x3, 0xff)
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, &(0x7f0000000080)=0x67da, 0x4)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000001e40)={'bond_slave_0\x00', <r3=>0x0})
sendmmsg$inet(r1, &(0x7f0000000ec0)=[{{&(0x7f0000000000)={0x2, 0x4e22, @multicast1}, 0x10, &(0x7f0000000300)=[{&(0x7f0000000040)="281effe935fdca249bd774480a584b135c556eabe1a3f2724200a50e8002a6e5", 0x20}], 0x1, &(0x7f0000000340)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r3, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}}}], 0x20}}], 0x1, 0x4800)
syz_mount_image$erofs(&(0x7f0000000040), &(0x7f0000000400)='./file2\x00', 0x18, &(0x7f0000000000)=ANY=[], 0x1, 0x1d9, &(0x7f0000000140)="$eJzsls+q00AUxr+ZxKQVn8CNCy94XZgmqYqbC3XjyoXgn+JCsNi0FFMrbRa2INIncO/OhY8h1K0PIVUQBdGNuh6ZzCQZS6q2trbg+cE9+SYz98yZM/ClIAjiv+Xd2+9z8e3oQwXACRzA1e8/WsUabqx/U/ny+NXVK82nd168dude9eds7sr72wBmly0keiyEEOb8gX7eAM/1TXCc1boJBk/ru+C4pXUEhttaT4VC6oFc73mdXhx59wZxWwpfhkCGUIb6Yn2fpwxtoz5mzI/Gk/utOI6GWxTlnZt9yuurAEdGfeZ9eVDV+kb/AnAEWtfBcF3rS3Cz3qiWGOc/aRf5rV+e38FfHvs9gOJNZ5uddeRWa/07wP7J3W9MMJRNWUhFdqP7UervRGY6f7IY9sZ2Fy5Ke7gH4mVDdSQv9Ykar5ansWTKWTGP7nzun+I5wxnDn5SVPEs/FrWk/7A2Gk/O9fqtbtSNHoRh/aJ/3vcvhLXUiFQst8A0fzX1p+NF/uqytQ5z8KiVJMNAxXwcqljmuDz1P47D0zgmx9JNnYW8XwFkmzL9x9OnVIfW0uIJgiB2yCkw6J/Hws6E/prkE0KE13ZcJ0EQBEEQBEEQBEEQ6/MjAAD//w5/YZM=")
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0)
lseek(r4, 0xfffffffffffffffc, 0x2)
getdents(r4, 0x0, 0x54)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x800, 0x0)
r5 = syz_usb_connect(0x2, 0x3f, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0)
syz_usb_control_io(r5, 0x0, &(0x7f0000000bc0)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r5, 0x0, &(0x7f0000000440)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000000)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB='\x00\x00', @ANYRES16=r6, @ANYBLOB="200000000000000000002100000008000300", @ANYRES32=r7, @ANYBLOB], 0x1c}}, 0x2)
r8 = fsopen(&(0x7f0000000480)='pstore\x00', 0x0)
fsmount(r8, 0x1, 0x8)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000c80)=@data_frame={@a_msdu=@type00={{0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1}, {0x2}, @broadcast, @device_b, @from_mac, {0x3, 0x8}, "", @void, @value=@ver_80211n={0x0, 0x9, 0x1, 0x3, 0x0, 0x2, 0x1}}, @a_msdu=[{@device_a, @broadcast, 0xe4, "ed5a68213186a96672ecfcb2f59fcccf3be9b9f66f09a9896d79cfd33b86487bd1491747948336097daccb8fe04136646c10b0f38bde6ba3aca66ce60b034681bdd3e434d26f4456e771eda697d49f5812a814e827617282b3fb2a7985638541608ddd9f8bd5e374e7261423d43ccb1efad53bb5fe80e4c87e080529a132e1f5ae89e797c2369593cd39f87f961a18523ed805a04eec867096f30b7dae82c01aa25b8123642906e78a19e93714faaa7bb77776bb7b706254c501480707cd4faf2b6d58805a77ba4e748f0b37b0402f9cff3f96365f5624a86d085d57504769061421fa3e"}, {@device_b, @device_a, 0x30, "869075bbcbb5e9adf8fce6afa887d477614a9078dbc3f28d7728cb78ad65db01211694be320a300bd670b3f36b1905a7"}, {@broadcast, @device_b, 0x72, "72ea60cc7ec6516a6481df41e26f4c8671f6db823e4656fc9aa0eb75fe09ea6bc9f22435d59f8cd12167561396a8e87bc34441151f0b859ab229c92dde1ab97c61838550b123ac5022fc11035dc5c8a33a1e994d0c08c14c267ff3ea308179fd14f1babd52394c181fc7f29174c6c89dc07a"}]}, 0x1d0)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000140)={&(0x7f0000000380)={0xd0, r6, 0x8, 0x70bd2d, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_PREV_BSSID={0xa, 0x4f, @random="3ae7ac6e25b0"}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x30}, @NL80211_ATTR_USE_MFP={0x8}, @NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_KEYS={0x8c, 0x51, 0x0, 0x1, [{0x4c, 0x0, 0x0, 0x1, [@NL80211_KEY_SEQ={0x10, 0x4, "6d7cb5ca2ef7c247afe6ffc9"}, @NL80211_KEY_DEFAULT={0x4}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac01}, @NL80211_KEY_DEFAULT_MGMT={0x4}, @NL80211_KEY_TYPE={0x8}, @NL80211_KEY_DATA_WEP40={0x9, 0x1, "eb3f90a149"}, @NL80211_KEY_DEFAULT_TYPES={0x4}, @NL80211_KEY_IDX={0x5, 0x2, 0x4}, @NL80211_KEY_TYPE={0x8, 0x7, 0x1}]}, {0x3c, 0x0, 0x0, 0x1, [@NL80211_KEY_SEQ={0xd, 0x4, "e20eb334c3517cf182"}, @NL80211_KEY_DATA_WEP104={0x11, 0x1, "05ace1c07d4b94fc42dd9874f5"}, @NL80211_KEY_TYPE={0x8, 0x7, 0x2}, @NL80211_KEY_TYPE={0x8, 0x7, 0x1}, @NL80211_KEY_DEFAULT={0x4}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @random="be681fb2a0a1"}]}, 0xd0}, 0x1, 0x0, 0x0, 0x40000d4}, 0x8085)

1.206186388s ago: executing program 0 (id=779):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000), 0x20000328)
setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0x2a, &(0x7f0000000480)={@in6={{0xa, 0x4e20, 0x81, @remote, 0x72ea}}, 0x0, 0x0, 0x4a, 0x0, "042f769c1583509786a1752ef58eefbbf87661ecaaf2bcc41cad50354af04429c8e421c366e225b6346991e3b85c4f4fea1cd596373d8cb077756e8516b1b8b4c7e698232f9b99fc3a902918d935a942"}, 0xd8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)

999.992376ms ago: executing program 2 (id=780):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=@base={0xa, 0xb, 0x42, 0x3e, 0x42}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000180)}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r1, <r2=>0xffffffffffffffff}, &(0x7f0000000140), &(0x7f0000000280)}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bf8100000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], &(0x7f0000000240)='GPL\x00', 0x4, 0x7, &(0x7f00000014c0)=""/4101, 0x0, 0xc}, 0x94)

999.766505ms ago: executing program 0 (id=781):
r0 = syz_init_net_socket$ax25(0x3, 0x5, 0x7)
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000040)=@bpq0, 0x10)

999.509941ms ago: executing program 2 (id=782):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000740)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
recvmsg(r0, &(0x7f0000000940)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x0)
ioctl$SIOCSIFHWADDR(r0, 0x5452, &(0x7f0000000a00)={'dvmrp0\x00', @random='c\b\x00'})
setsockopt$sock_attach_bpf(r0, 0x1, 0x7, &(0x7f0000000000), 0x4)

921.0093ms ago: executing program 0 (id=783):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000040)=0x46c, 0x4)
readv(r0, &(0x7f0000000880)=[{0x0}, {&(0x7f0000000240)=""/14, 0xe}], 0x2)

830.783718ms ago: executing program 0 (id=784):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3801000000010104"], 0x138}}, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000080)=0xb309)
syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f0000000080)=ANY=[])
syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f00000000c0)=ANY=[])

59.980643ms ago: executing program 2 (id=785):
capset(&(0x7f00000020c0)={0x19980330}, &(0x7f0000002100)={0x0, 0x3})
mlock(&(0x7f0000ffe000/0x1000)=nil, 0xffffffffdf001fff)

0s ago: executing program 2 (id=786):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x46d, 0xc531, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x400}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="0022120000007709"], 0x0}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:1898' (ED25519) to the list of known hosts.
syzkaller login: [   56.293630][ T5798] cgroup: Unknown subsys name 'net'
[   56.417116][ T5798] cgroup: Unknown subsys name 'cpuset'
[   56.422873][ T5798] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   58.973788][ T5798] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   63.339438][ T5815] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   63.341226][ T5819] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   63.346811][ T5819] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   63.350192][ T5815] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   63.353477][ T5815] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   63.355988][ T5815] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   63.359192][ T5815] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   63.361421][ T5815] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   63.364147][ T5815] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   63.366537][ T5815] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   63.367905][ T5822] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   63.369996][ T5815] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   63.373493][ T5822] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   63.378143][ T5202] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   63.387699][ T5202] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   63.691805][ T5812] chnl_net:caif_netlink_parms(): no params data found
[   63.745898][ T5817] chnl_net:caif_netlink_parms(): no params data found
[   63.770544][ T5816] chnl_net:caif_netlink_parms(): no params data found
[   63.859899][ T5812] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.862837][ T5812] bridge0: port 1(bridge_slave_0) entered disabled state
[   63.865055][ T5812] bridge_slave_0: entered allmulticast mode
[   63.868263][ T5812] bridge_slave_0: entered promiscuous mode
[   63.889218][ T5812] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.891335][ T5812] bridge0: port 2(bridge_slave_1) entered disabled state
[   63.893779][ T5812] bridge_slave_1: entered allmulticast mode
[   63.896565][ T5812] bridge_slave_1: entered promiscuous mode
[   63.938750][ T5817] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.940912][ T5817] bridge0: port 1(bridge_slave_0) entered disabled state
[   63.943122][ T5817] bridge_slave_0: entered allmulticast mode
[   63.945687][ T5817] bridge_slave_0: entered promiscuous mode
[   63.949445][ T5817] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.951540][ T5817] bridge0: port 2(bridge_slave_1) entered disabled state
[   63.954335][ T5817] bridge_slave_1: entered allmulticast mode
[   63.956953][ T5817] bridge_slave_1: entered promiscuous mode
[   63.978766][ T5812] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   64.018976][ T5812] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   64.025680][ T5817] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   64.029256][ T5816] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.031524][ T5816] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.034228][ T5816] bridge_slave_0: entered allmulticast mode
[   64.037134][ T5816] bridge_slave_0: entered promiscuous mode
[   64.057734][ T5817] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   64.074370][ T5816] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.076880][ T5816] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.079378][ T5816] bridge_slave_1: entered allmulticast mode
[   64.082335][ T5816] bridge_slave_1: entered promiscuous mode
[   64.100303][ T5812] team0: Port device team_slave_0 added
[   64.120499][ T5812] team0: Port device team_slave_1 added
[   64.124524][ T5817] team0: Port device team_slave_0 added
[   64.135210][ T5817] team0: Port device team_slave_1 added
[   64.147122][ T5816] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   64.167476][ T5816] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   64.179879][ T5812] batman_adv: batadv0: Adding interface: batadv_slave_0
[   64.182143][ T5812] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   64.191990][ T5812] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   64.206044][ T5817] batman_adv: batadv0: Adding interface: batadv_slave_0
[   64.208202][ T5817] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   64.216984][ T5817] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   64.220791][ T5812] batman_adv: batadv0: Adding interface: batadv_slave_1
[   64.223849][ T5812] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   64.231217][ T5812] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   64.244674][ T5817] batman_adv: batadv0: Adding interface: batadv_slave_1
[   64.247233][ T5817] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   64.256530][ T5817] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   64.269090][ T5816] team0: Port device team_slave_0 added
[   64.279933][ T5816] team0: Port device team_slave_1 added
[   64.341039][ T5812] hsr_slave_0: entered promiscuous mode
[   64.344636][ T5812] hsr_slave_1: entered promiscuous mode
[   64.377900][ T5817] hsr_slave_0: entered promiscuous mode
[   64.381030][ T5817] hsr_slave_1: entered promiscuous mode
[   64.384134][ T5817] debugfs: 'hsr0' already exists in 'hsr'
[   64.386332][ T5817] Cannot create hsr debugfs directory
[   64.389040][ T5816] batman_adv: batadv0: Adding interface: batadv_slave_0
[   64.391517][ T5816] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   64.400880][ T5816] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   64.407245][ T5816] batman_adv: batadv0: Adding interface: batadv_slave_1
[   64.409774][ T5816] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   64.418981][ T5816] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   64.549377][ T5816] hsr_slave_0: entered promiscuous mode
[   64.553188][ T5816] hsr_slave_1: entered promiscuous mode
[   64.555843][ T5816] debugfs: 'hsr0' already exists in 'hsr'
[   64.557948][ T5816] Cannot create hsr debugfs directory
[   64.789563][ T5812] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   64.800713][ T5812] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   64.807595][ T5812] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   64.824755][ T5812] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   64.889985][ T5817] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   64.898566][ T5817] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   64.916532][ T5817] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   64.932829][ T5817] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   64.964014][ T5816] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   64.974540][ T5812] 8021q: adding VLAN 0 to HW filter on device bond0
[   64.977171][ T5816] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   64.986626][ T5816] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   64.995114][ T5816] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   65.018263][ T5812] 8021q: adding VLAN 0 to HW filter on device team0
[   65.036198][   T54] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.039027][   T54] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.054660][   T54] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.057358][   T54] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.120395][ T5817] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.143480][ T5817] 8021q: adding VLAN 0 to HW filter on device team0
[   65.152468][ T1094] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.155265][ T1094] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.165736][ T5816] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.175823][ T1094] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.178436][ T1094] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.207848][ T5816] 8021q: adding VLAN 0 to HW filter on device team0
[   65.228587][ T1094] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.230727][ T1094] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.243865][ T1094] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.246008][ T1094] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.252448][ T5817] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   65.295666][ T5812] 8021q: adding VLAN 0 to HW filter on device batadv0
[   65.356517][ T5817] 8021q: adding VLAN 0 to HW filter on device batadv0
[   65.386460][ T5812] veth0_vlan: entered promiscuous mode
[   65.393334][ T5202] Bluetooth: hci1: command tx timeout
[   65.393587][ T5819] Bluetooth: hci0: command tx timeout
[   65.426704][ T5812] veth1_vlan: entered promiscuous mode
[   65.440075][ T5817] veth0_vlan: entered promiscuous mode
[   65.456054][ T5817] veth1_vlan: entered promiscuous mode
[   65.474731][ T5819] Bluetooth: hci2: command tx timeout
[   65.498829][ T5812] veth0_macvtap: entered promiscuous mode
[   65.515317][ T5812] veth1_macvtap: entered promiscuous mode
[   65.523912][ T5817] veth0_macvtap: entered promiscuous mode
[   65.531489][ T5816] 8021q: adding VLAN 0 to HW filter on device batadv0
[   65.539563][ T5817] veth1_macvtap: entered promiscuous mode
[   65.548545][ T5812] batman_adv: batadv0: Interface activated: batadv_slave_0
[   65.568365][ T5812] batman_adv: batadv0: Interface activated: batadv_slave_1
[   65.578211][ T5817] batman_adv: batadv0: Interface activated: batadv_slave_0
[   65.589695][   T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   65.595833][ T5817] batman_adv: batadv0: Interface activated: batadv_slave_1
[   65.601721][ T5857] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   65.604783][ T5857] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   65.619646][ T5857] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   65.629165][ T5816] veth0_vlan: entered promiscuous mode
[   65.643974][ T5857] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   65.661519][ T5857] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   65.665902][ T5857] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   65.677070][ T5816] veth1_vlan: entered promiscuous mode
[   65.687537][ T5857] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   65.741369][ T5816] veth0_macvtap: entered promiscuous mode
[   65.763505][ T1092] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.766474][ T1092] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.784050][ T5816] veth1_macvtap: entered promiscuous mode
[   65.790046][   T54] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.799518][   T54] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.811744][ T1228] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.815362][ T1228] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.865816][ T5816] batman_adv: batadv0: Interface activated: batadv_slave_0
[   65.873145][ T1092] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.879160][ T5812] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   65.886088][ T5816] batman_adv: batadv0: Interface activated: batadv_slave_1
[   65.887142][ T1092] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.898406][ T5857] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   65.901720][ T5857] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   65.914950][ T5857] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   65.918345][ T5857] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   66.035228][   T26] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.048530][   T26] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.074347][ T5882] syz.1.2 uses obsolete (PF_INET,SOCK_PACKET)
[   66.094881][ T1228] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.097894][ T1228] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.678201][ T5899] capability: warning: `syz.1.9' uses 32-bit capabilities (legacy support in use)
[   66.800985][ T5902] netlink: 'syz.1.10': attribute type 10 has an invalid length.
[   66.809555][ T5902] team0: Device ipvlan1 failed to register rx_handler
[   66.948348][ T5906] loop0: detected capacity change from 0 to 128
[   67.013156][ T5906] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   67.031042][ T5906] ext4 filesystem being mounted at /3/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   67.193069][ T5817] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   67.473708][ T5819] Bluetooth: hci1: command tx timeout
[   67.474049][ T5202] Bluetooth: hci0: command tx timeout
[   67.553083][ T5202] Bluetooth: hci2: command tx timeout
[   67.580131][ T5924] loop0: detected capacity change from 0 to 512
[   67.630247][ T5924] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   67.642767][ T5924] ext4 filesystem being mounted at /7/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   67.655697][ T5924] capability: warning: `syz.0.19' uses deprecated v2 capabilities in a way that may be insecure
[   67.694414][ T5817] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   67.704881][ T5879] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   67.802869][ T5921] loop1: detected capacity change from 0 to 32768
[   67.837135][ T5921] ERROR: (device loop1): dbAlloc: the hint is outside the map
[   67.837135][ T5921] 
[   67.861001][   T32] read_mapping_page failed!
[   67.863880][   T32] ERROR: (device loop1): txCommit: 
[   67.863880][   T32] 
[   67.868105][   T32] jfs_write_inode: jfs_commit_inode failed!
[   67.872293][ T5879] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[   67.883254][ T5879] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   67.900409][ T5879] usb 3-1: config 0 descriptor??
[   68.041764][ T5940] netlink: 8 bytes leftover after parsing attributes in process `syz.1.21'.
[   68.728941][ T5879] usb 3-1: Cannot set autoneg
[   68.736569][ T5879] MOSCHIP usb-ethernet driver 3-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[   68.750010][ T5879] usb 3-1: USB disconnect, device number 2
[   68.810118][ T5952] mac80211_hwsim hwsim5 wlan1: entered promiscuous mode
[   68.815268][ T5952] macsec1: entered promiscuous mode
[   68.819128][ T5952] mac80211_hwsim hwsim5 wlan1: left promiscuous mode
[   69.004182][ T5960] loop0: detected capacity change from 0 to 1024
[   69.032302][   T37] hfsplus: b-tree write err: -5, ino 4
[   69.123856][ T5964] loop0: detected capacity change from 0 to 1024
[   69.145313][ T5964] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   69.169623][ T5817] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   69.553752][ T5202] Bluetooth: hci0: command tx timeout
[   69.553773][ T5819] Bluetooth: hci1: command tx timeout
[   69.583058][   T10] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   69.601431][ T5990] loop2: detected capacity change from 0 to 4096
[   69.605108][ T5992] nvme_fabrics: missing parameter 'transport=%s'
[   69.607257][ T5992] nvme_fabrics: missing parameter 'nqn=%s'
[   69.608922][ T5990] ntfs3(loop2): Different NTFS sector size (2048) and media sector size (512).
[   69.632918][ T5819] Bluetooth: hci2: command tx timeout
[   69.642796][ T5990] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[   69.651451][ T5990] ntfs3(loop2): Failed to initialize $Secure::$SII (-22).
[   69.654330][ T5990] ntfs3(loop2): Failed to initialize $Secure (-22).
[   69.757113][   T10] usb 1-1: Using ep0 maxpacket: 32
[   69.783381][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   69.786879][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   69.789863][   T10] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00
[   69.792834][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   69.800693][   T10] usb 1-1: config 0 descriptor??
[   70.211565][   T10] kone 0003:1E7D:2CED.0001: unbalanced collection at end of report description
[   70.228574][   T10] kone 0003:1E7D:2CED.0001: parse failed
[   70.230369][   T10] kone 0003:1E7D:2CED.0001: probe with driver kone failed with error -22
[   70.327440][ T6012] =======================================================
[   70.327440][ T6012] WARNING: The mand mount option has been deprecated and
[   70.327440][ T6012]          and is ignored by this kernel. Remove the mand
[   70.327440][ T6012]          option from the mount to silence this warning.
[   70.327440][ T6012] =======================================================
[   70.409858][   T24] usb 1-1: USB disconnect, device number 2
[   70.473794][ T5867] usb 2-1: new full-speed USB device number 2 using dummy_hcd
[   70.624776][ T5867] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   70.628523][ T5867] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[   70.632902][ T5867] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[   70.638314][ T5867] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[   70.652689][ T5867] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   70.659665][ T5867] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[   70.662781][ T5867] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[   70.665376][ T5867] usb 2-1: SerialNumber: syz
[   70.676914][ T5867] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -22
[   70.681244][ T5867] usb-storage 2-1:1.0: USB Mass Storage device detected
[   70.694159][ T5867] usb-storage 2-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[   70.889445][ T5867] usb 2-1: USB disconnect, device number 2
[   71.633199][ T5819] Bluetooth: hci0: command tx timeout
[   71.634189][ T5202] Bluetooth: hci1: command tx timeout
[   71.716676][ T5202] Bluetooth: hci2: command tx timeout
[   71.719214][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[   71.722400][ T1361] ieee802154 phy1 wpan1: encryption failed: -22
[   71.881678][ T6057] pimreg: entered allmulticast mode
[   71.886400][ T6046] loop0: detected capacity change from 0 to 32768
[   71.934057][ T6046] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   71.973449][ T6046] XFS (loop0): Ending clean mount
[   71.979062][ T6046] XFS (loop0): Quotacheck needed: Please wait.
[   72.013809][ T6046] XFS (loop0): Quotacheck: Done.
[   72.065041][ T5817] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   72.352136][ T6082] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   72.378818][ T6079] loop1: detected capacity change from 0 to 16
[   72.399175][ T5526] usb 3-1: new full-speed USB device number 3 using dummy_hcd
[   72.401545][ T6079] erofs (device loop1): unsupported chunk format ffff of nid 36
[   72.558249][ T5526] usb 3-1: unable to get BOS descriptor or descriptor too short
[   72.594691][ T5526] usb 3-1: not running at top speed; connect to a high speed hub
[   72.604424][ T5526] usb 3-1: config 106 has an invalid interface number: 8 but max is 0
[   72.615124][ T5526] usb 3-1: config 106 has no interface number 0
[   72.620796][ T5526] usb 3-1: config 106 interface 8 has no altsetting 0
[   72.649890][ T5526] usb 3-1: New USB device found, idVendor=04e8, idProduct=6889, bcdDevice=93.dd
[   72.663573][ T5526] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   72.666049][ T5526] usb 3-1: Product: syz
[   72.667439][ T5526] usb 3-1: Manufacturer: syz
[   72.669014][ T5526] usb 3-1: SerialNumber: syz
[   72.942802][ T5867] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   72.974807][ T5526] kalmia 3-1:106.8 (unnamed net_device) (uninitialized): Error sending init packet. Status -22
[   72.989134][ T5526] kalmia 3-1:106.8: probe with driver kalmia failed with error -22
[   73.004206][ T5526] usb 3-1: USB disconnect, device number 3
[   73.101283][ T5867] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[   73.111194][ T5867] usb 1-1: New USB device found, idVendor=0079, idProduct=0006, bcdDevice= 0.00
[   73.118397][ T5867] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   73.140787][ T5867] usb 1-1: config 0 descriptor??
[   73.521812][ T6089] loop1: detected capacity change from 0 to 4096
[   73.525972][ T6089] EXT4-fs (loop1): Test dummy encryption mode enabled
[   73.529782][ T6089] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[   73.532257][ T6089] System zones: 0-5
[   73.548859][ T6089] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   73.560528][ T5867] dragonrise 0003:0079:0006.0002: unknown main item tag 0x0
[   73.575703][ T6089] EXT4-fs (loop1): shut down requested (2)
[   73.583491][ T5867] dragonrise 0003:0079:0006.0002: unknown main item tag 0x0
[   73.588971][ T5867] dragonrise 0003:0079:0006.0002: unknown main item tag 0x0
[   73.591171][ T5867] dragonrise 0003:0079:0006.0002: unknown main item tag 0x0
[   73.595242][ T5867] dragonrise 0003:0079:0006.0002: unknown main item tag 0x0
[   73.598846][ T5812] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   73.606374][ T5867] dragonrise 0003:0079:0006.0002: hidraw0: USB HID v1.02 Device [HID 0079:0006] on usb-dummy_hcd.0-1/input0
[   73.609666][ T5867] dragonrise 0003:0079:0006.0002: no inputs found
[   73.611674][ T5867] dragonrise 0003:0079:0006.0002: force feedback init failed
[   73.769858][   T10] usb 1-1: USB disconnect, device number 3
[   74.112642][ T5526] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[   74.262784][ T5526] usb 3-1: Using ep0 maxpacket: 32
[   74.271128][ T5526] usb 3-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c
[   74.276595][ T5526] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   74.280191][ T5526] usb 3-1: Product: syz
[   74.281779][ T5526] usb 3-1: Manufacturer: syz
[   74.286209][ T5526] usb 3-1: SerialNumber: syz
[   74.295897][ T5526] usb 3-1: config 0 descriptor??
[   74.305239][ T5526] gspca_main: gspca_topro-2.14.0 probing 06a2:0003
[   74.608100][ T6108] loop1: detected capacity change from 0 to 256
[   74.619710][ T6108] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xf5596061, utbl_chksum : 0xe619d30d)
[   75.065664][ T5526] gspca_topro: reg_w err -71
[   75.092634][ T5526] gspca_topro: Sensor soi763a
[   75.100721][ T5526] usb 3-1: USB disconnect, device number 4
[   75.515978][ T6118] loop0: detected capacity change from 0 to 65
[   75.524003][ T6118] BFS-fs: bfs_fill_super(): NOTE: filesystem loop0 was created with 512 inodes, the real maximum is 511, mounting anyway
[   75.976918][ T6134] loop0: detected capacity change from 0 to 128
[   75.987951][ T6124] loop2: detected capacity change from 0 to 40427
[   76.016927][ T6124] F2FS-fs (loop2): invalid crc value
[   76.108646][ T6124] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   76.136014][ T6124] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   76.278168][ T6152] loop0: detected capacity change from 0 to 4096
[   76.291049][ T6152] ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512).
[   76.484130][ T6160] binder: 6159:6160 ioctl c0306201 2000000003c0 returned -14
[   76.562699][ T5526] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   76.728605][ T5526] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[   76.729814][ T6178] loop2: detected capacity change from 0 to 256
[   76.734395][ T5526] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 0
[   76.739451][ T5526] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[   76.749628][ T5526] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[   76.759473][ T5526] usb 2-1: New USB device found, idVendor=0451, idProduct=3410, bcdDevice=ef.1e
[   76.769639][ T5526] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   76.775914][ T5526] usb 2-1: Product: syz
[   76.779443][ T5526] usb 2-1: Manufacturer: syz
[   76.780383][ T6180] loop2: detected capacity change from 0 to 256
[   76.782008][ T5526] usb 2-1: SerialNumber: syz
[   76.790195][ T5526] usb 2-1: config 0 descriptor??
[   76.797548][ T6180] FAT-fs (loop2): Directory bread(block 64) failed
[   76.799540][ T5526] ti_usb_3410_5052 2-1:0.0: TI USB 3410 1 port adapter converter detected
[   76.799886][ T6180] FAT-fs (loop2): Directory bread(block 65) failed
[   76.805059][ T6180] FAT-fs (loop2): Directory bread(block 66) failed
[   76.808857][ T6180] FAT-fs (loop2): Directory bread(block 67) failed
[   76.811108][ T6180] FAT-fs (loop2): Directory bread(block 68) failed
[   76.814071][ T6180] FAT-fs (loop2): Directory bread(block 69) failed
[   76.815633][ T5526] usb 2-1: TI USB 3410 1 port adapter converter now attached to ttyUSB0
[   76.816717][ T6180] FAT-fs (loop2): Directory bread(block 70) failed
[   76.821083][ T6180] FAT-fs (loop2): Directory bread(block 71) failed
[   76.824012][ T6180] FAT-fs (loop2): Directory bread(block 72) failed
[   76.826341][ T6180] FAT-fs (loop2): Directory bread(block 73) failed
[   77.030326][ T5867] usb 2-1: USB disconnect, device number 3
[   77.086301][ T5867] ti_usb_3410_5052_1 ttyUSB0: TI USB 3410 1 port adapter converter now disconnected from ttyUSB0
[   77.093619][ T5867] ti_usb_3410_5052 2-1:0.0: device disconnected
[   77.514124][ T6189] usb usb8: usbfs: process 6189 (syz.0.125) did not claim interface 0 before use
[   77.839399][    C0] vcan0: j1939_tp_rxtimer: 0xffff8881bc2fe000: rx timeout, send abort
[   78.005989][ T6198] netlink: 'syz.2.129': attribute type 1 has an invalid length.
[   78.042216][ T6198] 8021q: adding VLAN 0 to HW filter on device bond1
[   78.075366][ T6198] bond1: (slave geneve2): making interface the new active one
[   78.080044][ T6198] bond1: (slave geneve2): Enslaving as an active interface with an up link
[   78.340002][    C0] vcan0: j1939_tp_rxtimer: 0xffff8881bc2ff400: rx timeout, send abort
[   78.343609][    C0] vcan0: j1939_tp_rxtimer: 0xffff8881bc2fe000: abort rx timeout. Force session deactivation
[   78.607329][ T6207] loop2: detected capacity change from 0 to 2048
[   78.625561][ T6207] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[   78.840509][    C0] vcan0: j1939_tp_rxtimer: 0xffff8881bc2ffc00: rx timeout, send abort
[   78.843430][    C0] vcan0: j1939_tp_rxtimer: 0xffff8881bc2ff400: abort rx timeout. Force session deactivation
[   79.241110][ T6216] loop2: detected capacity change from 0 to 1024
[   79.248509][ T6216] EXT4-fs: Ignoring removed orlov option
[   79.266918][ T6216] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   79.319464][ T5816] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.343101][    C0] vcan0: j1939_tp_rxtimer: 0xffff8881bc2ffc00: abort rx timeout. Force session deactivation
[   79.646650][ T6235] dummy0: entered promiscuous mode
[   79.649708][ T6234] dummy0: left promiscuous mode
[   79.747935][ T6239] loop0: detected capacity change from 0 to 2048
[   79.788426][ T6239] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[   79.836404][ T6227] loop2: detected capacity change from 0 to 40427
[   79.846219][ T6227] f2fs: Bad value for 'fault_injection'
[   79.963620][ T6253] warning: `syz.2.151' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   80.238140][ T6257] loop2: detected capacity change from 0 to 32768
[   80.248634][ T6257] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.153 (6257)
[   80.270595][ T6263] loop1: detected capacity change from 0 to 4096
[   80.289902][ T6264] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   80.294895][ T6263] NILFS (loop1): corrupt root inode
[   80.320333][ T6257] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   80.338064][ T6257] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[   80.481204][ T6257] BTRFS info (device loop2): enabling ssd optimizations
[   80.494188][ T6257] BTRFS info (device loop2): turning on async discard
[   80.496731][ T6257] BTRFS info (device loop2): enabling free space tree
[   80.641720][ T5817] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000900.
[   80.647173][ T5816] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   80.686370][   T34] audit: type=1326 audit(1762824095.029:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6286 comm="syz.1.159" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59ac38efc9 code=0x7ffc0000
[   80.717147][   T34] audit: type=1326 audit(1762824095.029:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6286 comm="syz.1.159" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59ac38efc9 code=0x7ffc0000
[   80.734986][   T34] audit: type=1326 audit(1762824095.029:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6286 comm="syz.1.159" exe="/syz-executor" sig=0 arch=c000003e syscall=86 compat=0 ip=0x7f59ac38efc9 code=0x7ffc0000
[   80.744079][   T34] audit: type=1326 audit(1762824095.029:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6286 comm="syz.1.159" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59ac38efc9 code=0x7ffc0000
[   80.752014][   T34] audit: type=1326 audit(1762824095.029:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6286 comm="syz.1.159" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59ac38efc9 code=0x7ffc0000
[   80.998699][ T6301] loop2: detected capacity change from 0 to 1024
[   81.000955][ T6297] loop0: detected capacity change from 0 to 2048
[   81.006924][ T6300] loop1: detected capacity change from 0 to 2048
[   81.015963][ T6297] UDF-fs: warning (device loop0): udf_fill_super: No fileset found
[   81.029946][ T6300] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   81.120255][ T5812] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   81.203452][ T6306] loop0: detected capacity change from 0 to 1024
[   81.211201][ T6309] loop1: detected capacity change from 0 to 1024
[   81.249752][ T6306] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   81.252772][ T6309] EXT4-fs (loop1): stripe (3) is not aligned with cluster size (16), stripe is disabled
[   81.269984][ T6309] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   81.286878][ T6309] EXT4-fs error (device loop1): ext4_xattr_inode_iget:441: inode #11: comm syz.1.167: missing EA_INODE flag
[   81.304901][ T6309] EXT4-fs (loop1): Remounting filesystem read-only
[   81.307008][ T6306] EXT4-fs (loop0): revision level too high, forcing read-only mode
[   81.310321][ T6306] EXT4-fs (loop0): orphan cleanup on readonly fs
[   81.310955][ T6309] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2853: Unable to expand inode 15. Delete some EAs or run e2fsck.
[   81.316270][ T6306] EXT4-fs error (device loop0): ext4_free_blocks:6706: comm syz.0.168: Freeing blocks not in datazone - block = 0, count = 4096
[   81.325213][ T6306] EXT4-fs (loop0): 1 orphan inode deleted
[   81.328093][ T6306] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   81.334812][ T5812] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   81.341626][ T6306] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.168: bg 0: block 10: padding at end of block bitmap is not set
[   81.399102][ T6318] loop2: detected capacity change from 0 to 512
[   81.401977][ T6318] EXT4-fs: Ignoring removed nobh option
[   81.414857][ T5817] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   81.442237][ T6320] loop1: detected capacity change from 0 to 1024
[   81.445055][ T6318] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[   81.454196][ T6318] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #15: comm syz.2.173: iget: bad i_size value: 38620345925642
[   81.460493][ T6318] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.173: couldn't read orphan inode 15 (err -117)
[   81.473936][ T6318] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   81.480930][ T6320] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   81.488866][ T6323] nbd: must specify at least one socket
[   81.503973][ T6319] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   81.536543][ T5816] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   81.606676][ T6333] loop2: detected capacity change from 0 to 256
[   81.796323][ T6331] loop0: detected capacity change from 0 to 32768
[   81.814438][ T6331] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[   81.829740][ T6331] XFS (loop0): Ending clean mount
[   81.875285][ T5817] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[   82.036058][ T6341] loop2: detected capacity change from 0 to 32768
[   82.092338][ T6341] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[   82.094743][ T6355] loop0: detected capacity change from 0 to 128
[   82.115056][ T6355] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   82.121675][ T6355] ext4 filesystem being mounted at /67/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   82.150583][ T6341] (syz.2.182,6341,0):ocfs2_verify_group_and_input:442 ERROR: the last group isn't full. Use group extend first.
[   82.155356][ T6341] (syz.2.182,6341,0):ocfs2_group_add:511 ERROR: status = -22
[   82.174986][ T5817] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   82.247219][ T5816] ocfs2: Unmounting device (7,2) on (node local)
[   82.358180][ T6361] loop0: detected capacity change from 0 to 1024
[   82.361327][ T6361] hfsplus: invalid extent btree flag
[   82.364079][ T6361] hfsplus: failed to load extents file
[   83.215320][ T6382] loop2: detected capacity change from 0 to 2048
[   83.262184][ T6382] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   83.653590][  T976] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   83.813202][  T976] usb 1-1: Using ep0 maxpacket: 8
[   83.822832][  T976] usb 1-1: config 179 has an invalid interface number: 65 but max is 0
[   83.825828][  T976] usb 1-1: config 179 has no interface number 0
[   83.827646][  T976] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[   83.835525][  T976] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[   83.839731][  T976] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[   83.848720][  T976] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[   83.852272][  T976] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[   83.857223][  T976] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[   83.860598][  T976] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   83.884231][ T6386] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[   83.889089][  T976] xpad 1-1:179.65: probe with driver xpad failed with error -5
[   84.100509][   T10] usb 1-1: USB disconnect, device number 4
[   84.188652][ T6406] netlink: 20 bytes leftover after parsing attributes in process `syz.1.206'.
[   84.951535][ T6418] loop0: detected capacity change from 0 to 40427
[   84.960204][ T6418] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[   84.962439][ T6418] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[   84.968144][ T6418] F2FS-fs (loop0): invalid crc value
[   85.017953][ T6418] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   85.038362][ T6418] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[   85.040529][ T6418] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   85.336056][ T6425] loop2: detected capacity change from 0 to 256
[   86.031882][ T6445] input: syz1 as /devices/virtual/input/input4
[   86.151714][ T6452] loop0: detected capacity change from 0 to 512
[   86.155725][ T6452] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   86.160733][ T6452] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   86.177689][ T6452] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #16: comm syz.0.224: invalid indirect mapped block 4294967295 (level 0)
[   86.187786][ T6452] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #16: comm syz.0.224: invalid indirect mapped block 4294967295 (level 1)
[   86.196426][ T6452] EXT4-fs (loop0): 1 orphan inode deleted
[   86.200150][ T6452] EXT4-fs (loop0): 1 truncate cleaned up
[   86.204471][ T6452] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   86.214049][ T6452] EXT4-fs error (device loop0): htree_dirblock_to_tree:1080: inode #2: block 13: comm syz.0.224: bad entry in directory: rec_len is too small for name_len - offset=12, inode=2, rec_len=12, size=1024 fake=0
[   86.232702][ T6454] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[   86.262808][ T5817] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   86.318662][ T6456] input: syz1 as /devices/virtual/input/input5
[   87.108351][  T793] cfg80211: failed to load regulatory.db
[   88.014701][ T6483] vivid-004: =================  START STATUS  =================
[   88.017126][ T6483] vivid-004: Radio HW Seek Mode: Bounded
[   88.019612][ T6483] vivid-004: Radio Programmable HW Seek: false
[   88.021488][ T6483] vivid-004: RDS Rx I/O Mode: Block I/O
[   88.024363][ T6483] vivid-004: Generate RBDS Instead of RDS: false
[   88.026266][ T6483] vivid-004: RDS Reception: true
[   88.027749][ T6483] vivid-004: RDS Program Type: 0 inactive
[   88.029422][ T6483] vivid-004: RDS PS Name:  inactive
[   88.031068][ T6483] vivid-004: RDS Radio Text:  inactive
[   88.033954][ T6483] vivid-004: RDS Traffic Announcement: false inactive
[   88.036749][ T6483] vivid-004: RDS Traffic Program: false inactive
[   88.039115][ T6483] vivid-004: RDS Music: false inactive
[   88.040824][ T6483] vivid-004: ==================  END STATUS  ==================
[   88.052663][ T5526] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[   88.071547][ T6485] loop2: detected capacity change from 0 to 512
[   88.078743][ T6485] EXT4-fs warning (device loop2): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[   88.082201][ T6485] EXT4-fs warning (device loop2): dx_probe:849: Enable large directory feature to access it
[   88.086679][ T6485] EXT4-fs warning (device loop2): dx_probe:934: inode #2: comm syz.2.237: Corrupt directory, running e2fsck is recommended
[   88.090910][ T6485] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117
[   88.094048][ T6485] EXT4-fs error (device loop2): ext4_iget_extra_inode:5075: inode #15: comm syz.2.237: corrupted in-inode xattr: invalid ea_ino
[   88.099100][ T6485] EXT4-fs (loop2): Remounting filesystem read-only
[   88.102191][ T6485] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   88.120822][ T5816] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   88.225048][ T5526] usb 1-1: unable to get BOS descriptor or descriptor too short
[   88.229315][ T5526] usb 1-1: config 14 has an invalid interface number: 21 but max is 0
[   88.242709][ T5526] usb 1-1: config 14 has no interface number 0
[   88.244993][ T5526] usb 1-1: config 14 interface 21 has no altsetting 0
[   88.256584][ T5526] usb 1-1: New USB device found, idVendor=c880, idProduct=760e, bcdDevice=35.fc
[   88.260463][ T5526] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   88.269238][ T5526] usb 1-1: Product: syz
[   88.270860][ T5526] usb 1-1: Manufacturer: syz
[   88.273159][ T5526] usb 1-1: SerialNumber: syz
[   88.523765][ T6503] netlink: 8 bytes leftover after parsing attributes in process `syz.2.244'.
[   88.545425][ T5526] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[   88.548244][ T5526] usb 1-1: MIDIStreaming interface descriptor not found
[   88.608869][ T5526] usb 1-1: USB disconnect, device number 5
[   88.653129][ T6512] fuse: Bad value for 'fd'
[   88.655156][ T6512] Invalid source name
[   88.657369][ T6512] UBIFS error (pid: 6512): cannot open "./file0", error -22
[   88.688032][ T6513] udevd[6513]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:14.21/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   89.022657][  T976] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[   89.172630][  T976] usb 3-1: Using ep0 maxpacket: 32
[   89.177165][  T976] usb 3-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b
[   89.179955][  T976] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   89.182266][  T976] usb 3-1: Product: syz
[   89.183946][  T976] usb 3-1: Manufacturer: syz
[   89.185309][  T976] usb 3-1: SerialNumber: syz
[   89.188455][  T976] usb 3-1: config 0 descriptor??
[   89.302637][ T5526] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[   89.452596][ T5526] usb 1-1: Using ep0 maxpacket: 8
[   89.456096][ T5526] usb 1-1: unable to get BOS descriptor or descriptor too short
[   89.459423][ T5526] usb 1-1: config 17 has an invalid interface number: 8 but max is 1
[   89.461932][ T5526] usb 1-1: config 17 has 1 interface, different from the descriptor's value: 2
[   89.465201][ T5526] usb 1-1: config 17 has no interface number 0
[   89.467195][ T5526] usb 1-1: config 17 interface 8 altsetting 6 has an endpoint descriptor with address 0x91, changing to 0x81
[   89.470540][ T5526] usb 1-1: config 17 interface 8 altsetting 6 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   89.478385][ T5526] usb 1-1: config 17 interface 8 has no altsetting 0
[   89.483999][ T5526] usb 1-1: New USB device found, idVendor=0763, idProduct=2001, bcdDevice=2c.ff
[   89.486694][ T5526] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   89.489132][ T5526] usb 1-1: Product: syz
[   89.490383][ T5526] usb 1-1: Manufacturer: syz
[   89.491748][ T5526] usb 1-1: SerialNumber: syz
[   89.600904][  T976] peak_usb 3-1:0.0 can0: unable to request usb[type=0 value=0] err=-71
[   89.603503][  T976] peak_usb 3-1:0.0: unable to read PCAN-USB Pro bootloader info (err -71)
[   89.654548][  T976] peak_usb 3-1:0.0: probe with driver peak_usb failed with error -71
[   89.670606][  T976] usb 3-1: USB disconnect, device number 5
[   89.714944][ T5526] usb 1-1: selecting invalid altsetting 0
[   89.716753][ T5526] usb 1-1: 8:6 : no UAC_FORMAT_TYPE desc
[   89.718510][ T5526] usb 1-1: selecting invalid altsetting 0
[   89.730364][ T5526] usb 1-1: USB disconnect, device number 6
[   89.745836][ T5938] udevd[5938]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:17.8/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   90.256400][ T6546] netlink: 4 bytes leftover after parsing attributes in process `syz.0.261'.
[   90.287327][   T34] audit: type=1326 audit(1762824104.639:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6549 comm="syz.0.263" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f559e78efc9 code=0x7ffc0000
[   90.295213][   T34] audit: type=1326 audit(1762824104.639:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6549 comm="syz.0.263" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f559e78efc9 code=0x7ffc0000
[   90.302249][   T34] audit: type=1326 audit(1762824104.639:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6549 comm="syz.0.263" exe="/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7f559e78efc9 code=0x7ffc0000
[   90.312030][   T34] audit: type=1326 audit(1762824104.639:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6549 comm="syz.0.263" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f559e78efc9 code=0x7ffc0000
[   90.321723][   T34] audit: type=1326 audit(1762824104.639:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6549 comm="syz.0.263" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f559e78efc9 code=0x7ffc0000
[   90.330372][   T34] audit: type=1326 audit(1762824104.639:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6549 comm="syz.0.263" exe="/syz-executor" sig=0 arch=c000003e syscall=442 compat=0 ip=0x7f559e78efc9 code=0x7ffc0000
[   90.338964][   T34] audit: type=1326 audit(1762824104.639:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6549 comm="syz.0.263" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f559e78efc9 code=0x7ffc0000
[   90.347221][   T34] audit: type=1326 audit(1762824104.639:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6549 comm="syz.0.263" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f559e78efc9 code=0x7ffc0000
[   90.392651][ T5867] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[   90.393365][ T6552] loop0: detected capacity change from 0 to 4096
[   90.566900][ T5867] usb 3-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7
[   90.572649][ T5867] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   90.576144][ T5867] usb 3-1: Product: syz
[   90.577864][ T5867] usb 3-1: Manufacturer: syz
[   90.579531][ T5867] usb 3-1: SerialNumber: syz
[   90.595764][ T5867] usb 3-1: config 0 descriptor??
[   90.729363][ T6568] binder: 6567:6568 ioctl c0306201 200000000700 returned -14
[   91.002664][  T976] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[   91.153086][  T976] usb 1-1: Using ep0 maxpacket: 16
[   91.157288][  T976] usb 1-1: config 1 has an invalid interface number: 69 but max is 0
[   91.159818][  T976] usb 1-1: config 1 has no interface number 0
[   91.161683][  T976] usb 1-1: config 1 interface 69 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[   91.165200][  T976] usb 1-1: config 1 interface 69 altsetting 2 bulk endpoint 0x81 has invalid maxpacket 64
[   91.168382][  T976] usb 1-1: config 1 interface 69 has no altsetting 0
[   91.173363][  T976] usb 1-1: New USB device found, idVendor=0bb4, idProduct=0a7e, bcdDevice=60.c4
[   91.176580][  T976] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   91.179044][  T976] usb 1-1: Product: syz
[   91.180323][  T976] usb 1-1: Manufacturer: syz
[   91.181729][  T976] usb 1-1: SerialNumber: syz
[   91.187486][ T6570] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[   91.190151][ T6570] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[   91.194082][  T976] ipaq 1-1:1.69: PocketPC PDA converter detected
[   91.211018][ T5867] usb 3-1: f81604_read: reg: 105 failed: -EPROTO
[   91.213855][ T5867] f81604 3-1:0.0: Setting termination of CH#1 failed: -EPROTO
[   91.217585][ T5867] f81604 3-1:0.0: probe with driver f81604 failed with error -71
[   91.222808][ T5867] usb 3-1: USB disconnect, device number 6
[   91.400913][  T976] usb 1-1: PocketPC PDA converter now attached to ttyUSB0
[   91.600635][   T10] usb 1-1: USB disconnect, device number 7
[   91.610775][   T10] ipaq ttyUSB0: PocketPC PDA converter now disconnected from ttyUSB0
[   91.615016][   T10] ipaq 1-1:1.69: device disconnected
[   92.082762][   T10] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[   92.237052][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   92.242081][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   92.246257][   T10] usb 3-1: New USB device found, idVendor=0c70, idProduct=f00a, bcdDevice= 0.00
[   92.249679][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   92.255159][   T10] usb 3-1: config 0 descriptor??
[   92.432952][ T5880] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[   92.590932][ T5880] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e
[   92.594621][ T5880] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   92.607358][ T5880] usb 1-1: config 0 descriptor??
[   92.675009][   T10] aquacomputer_d5next 0003:0C70:F00A.0003: hidraw0: USB HID v1.01 Device [HID 0c70:f00a] on usb-dummy_hcd.2-1/input0
[   92.878309][  T976] usb 3-1: USB disconnect, device number 7
[   93.217894][ T5880] ath6kl: Failed to read usb control message: -71
[   93.220360][ T5880] ath6kl: Unable to read the bmi data from the device: -71
[   93.226410][ T5880] ath6kl: unable to read target info byte count: -71
[   93.230472][ T5880] ath6kl: Failed to init ath6kl core: -71
[   93.234233][ T5880] ath6kl_usb 1-1:0.0: probe with driver ath6kl_usb failed with error -71
[   93.243946][ T5880] usb 1-1: USB disconnect, device number 8
[   94.024085][ T6643] loop0: detected capacity change from 0 to 256
[   94.048517][ T6643] FAT-fs (loop0): unable to read block(335544320) for building NFS inode
[   94.616000][ T6649] loop0: detected capacity change from 0 to 32768
[   94.653243][ T6649] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[   94.676391][ T6649] XFS (loop0): Metadata corruption detected at xfs_dinode_verify+0x1a6/0x1570, inode 0x1802 dinode
[   94.679460][ T6649] XFS (loop0): Unmount and run xfs_repair
[   94.681433][ T6649] XFS (loop0): First 128 bytes of corrupted metadata buffer:
[   94.683827][ T6649] 00000000: 49 4e 80 00 03 02 00 00 00 00 00 00 00 00 00 00  IN..............
[   94.687088][ T6649] 00000010: 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00  ................
[   94.689667][ T6649] 00000020: 1d cd 65 00 00 00 00 00 34 f7 58 68 7f c1 86 28  ..e.....4.Xh...(
[   94.692271][ T6649] 00000030: 34 f7 58 68 7f c1 86 28 00 00 00 00 00 00 00 00  4.Xh...(........
[   94.694943][ T6649] 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[   94.698289][ T6649] 00000050: 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00  ................
[   94.701007][ T6649] 00000060: ff ff ff ff bc 69 0f 52 00 00 00 00 00 00 00 02  .....i.R........
[   94.704137][ T6649] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08  ................
[   94.706967][ T6649] XFS (loop0): metadata inode 0x1802 type 6 is corrupt
[   94.709777][ T6649] XFS (loop0): failed to read RT inodes
[   94.711875][ T6649] XFS (loop0): Uncorrected metadata errors detected; please run xfs_repair.
[   95.504014][ T6703] loop2: detected capacity change from 0 to 4096
[   95.561497][ T6693] loop0: detected capacity change from 0 to 40427
[   95.566479][ T6704] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   95.576595][ T6693] F2FS-fs (loop0): Wrong segment_count / block_count (31 > 0)
[   95.579401][ T6693] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   95.607724][ T6693] F2FS-fs (loop0): invalid crc value
[   95.768025][ T6693] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[   95.780393][ T6693] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0
[   95.787575][ T6693] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   96.091642][ T5817] syz-executor: attempt to access beyond end of device
[   96.091642][ T5817] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   96.117992][ T5817] CPU: 0 UID: 0 PID: 5817 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[   96.118006][ T5817] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   96.118014][ T5817] Call Trace:
[   96.118019][ T5817]  <TASK>
[   96.118025][ T5817]  dump_stack_lvl+0x189/0x250
[   96.118048][ T5817]  ? __pfx_dump_stack_lvl+0x10/0x10
[   96.118065][ T5817]  ? __pfx_queue_work_on+0x10/0x10
[   96.118074][ T5817]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   96.118082][ T5817]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   96.118095][ T5817]  f2fs_handle_critical_error+0x37c/0x540
[   96.118108][ T5817]  f2fs_write_end_io+0x886/0xb60
[   96.118126][ T5817]  __submit_merged_bio+0x27a/0x6a0
[   96.118138][ T5817]  __submit_merged_write_cond+0x255/0x530
[   96.118150][ T5817]  f2fs_write_data_pages+0x261d/0x3000
[   96.118159][ T5817]  ? check_noncircular+0xe0/0x160
[   96.118182][ T5817]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   96.118219][ T5817]  ? check_path+0x21/0x40
[   96.118226][ T5817]  ? check_noncircular+0xe0/0x160
[   96.118256][ T5817]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   96.118266][ T5817]  do_writepages+0x32e/0x550
[   96.118281][ T5817]  ? do_raw_spin_unlock+0x4d/0x240
[   96.118293][ T5817]  filemap_fdatawrite+0x199/0x240
[   96.118302][ T5817]  ? __pfx_filemap_fdatawrite+0x10/0x10
[   96.118362][ T5817]  ? do_raw_spin_unlock+0x4d/0x240
[   96.118376][ T5817]  f2fs_sync_dirty_inodes+0x31f/0x830
[   96.118394][ T5817]  f2fs_write_checkpoint+0x93e/0x2440
[   96.118405][ T5817]  ? __lock_acquire+0xab9/0xd20
[   96.118424][ T5817]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[   96.118460][ T5817]  kill_f2fs_super+0x2cc/0x6d0
[   96.118474][ T5817]  ? __pfx_kill_f2fs_super+0x10/0x10
[   96.118492][ T5817]  ? shrinker_free+0x2ce/0x3e0
[   96.118502][ T5817]  deactivate_locked_super+0xbc/0x130
[   96.118511][ T5817]  cleanup_mnt+0x425/0x4c0
[   96.118523][ T5817]  ? lockdep_hardirqs_on+0x9c/0x150
[   96.118532][ T5817]  task_work_run+0x1d4/0x260
[   96.118544][ T5817]  ? __pfx_task_work_run+0x10/0x10
[   96.118554][ T5817]  ? __x64_sys_umount+0x122/0x160
[   96.118564][ T5817]  ? exit_to_user_mode_loop+0x40/0x130
[   96.118573][ T5817]  exit_to_user_mode_loop+0xe9/0x130
[   96.118580][ T5817]  do_syscall_64+0x2bd/0xfa0
[   96.118588][ T5817]  ? lockdep_hardirqs_on+0x9c/0x150
[   96.118596][ T5817]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   96.118603][ T5817]  ? exc_page_fault+0xab/0x100
[   96.118612][ T5817]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   96.118619][ T5817] RIP: 0033:0x7f559e7902f7
[   96.118628][ T5817] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[   96.118634][ T5817] RSP: 002b:00007ffcd2fca758 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   96.118643][ T5817] RAX: 0000000000000000 RBX: 00007f559e811d7d RCX: 00007f559e7902f7
[   96.118648][ T5817] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffcd2fca810
[   96.118653][ T5817] RBP: 00007ffcd2fca810 R08: 0000000000000000 R09: 0000000000000000
[   96.118657][ T5817] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffcd2fcb8a0
[   96.118661][ T5817] R13: 00007f559e811d7d R14: 00000000000176da R15: 00007ffcd2fcb8e0
[   96.118675][ T5817]  </TASK>
[   96.118678][ T5817] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[   96.461923][ T6711] loop2: detected capacity change from 0 to 32768
[   96.495547][ T6711] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.331 (6711)
[   96.508574][ T6711] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[   96.511512][ T6711] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[   96.557068][ T6711] BTRFS info (device loop2): rebuilding free space tree
[   96.600366][ T6711] BTRFS info (device loop2): disabling free space tree
[   96.603226][ T6711] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[   96.607422][ T6711] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[   96.617420][ T6711] BTRFS info (device loop2): enabling ssd optimizations
[   96.620060][ T6711] BTRFS info (device loop2): turning on async discard
[   96.622701][ T6711] BTRFS info (device loop2): force clearing of disk cache
[   96.625355][ T6711] BTRFS info (device loop2): enabling auto defrag
[   96.627735][ T6711] BTRFS info (device loop2): max_inline set to 4096
[   96.713828][ T5816] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[   96.930264][ T6744] loop2: detected capacity change from 0 to 4096
[   97.094637][ T5526] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[   97.170448][ T5202] Bluetooth: hci0: connection err: -111
[   97.532677][ T5526] usb 1-1: Using ep0 maxpacket: 8
[   97.535756][ T5526] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   97.541502][ T5526] usb 1-1: New USB device found, idVendor=22b8, idProduct=6425, bcdDevice=d3.6c
[   97.545548][ T5526] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   97.548554][ T5526] usb 1-1: Product: syz
[   97.550213][ T5526] usb 1-1: Manufacturer: syz
[   97.552020][ T5526] usb 1-1: SerialNumber: syz
[   97.556150][ T5526] usb 1-1: config 0 descriptor??
[   97.566471][ T5526] cdc_ether 1-1:0.0: skipping garbage
[   97.568543][ T5526] usb 1-1: bad CDC descriptors
[   97.571215][ T5526] usb 1-1: unsupported MDLM descriptors
[   97.578164][ T5526] cdc_acm 1-1:0.0: skipping garbage
[   97.771886][ T5526] usb 1-1: USB disconnect, device number 9
[   98.591426][ T6794] netlink: 'syz.0.361': attribute type 10 has an invalid length.
[   98.606343][ T6794] 8021q: adding VLAN 0 to HW filter on device bond0
[   98.610024][ T6794] team0: Port device bond0 added
[   98.666494][ T6796] loop0: detected capacity change from 0 to 4096
[   98.723629][ T6796] ntfs3(loop0): ino=22, "bus" direct i/o + compressed not supported
[   99.144607][ T6826] netlink: 830 bytes leftover after parsing attributes in process `syz.1.375'.
[   99.154356][ T6826] bond_slave_0: entered promiscuous mode
[   99.156727][ T6826] bond_slave_1: entered promiscuous mode
[   99.189351][ T6813] loop2: detected capacity change from 0 to 32768
[   99.200248][ T6813] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.370 (6813)
[   99.221570][ T6813] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   99.229764][ T6813] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[   99.276736][  T793] kernel read not supported for file bpf-prog (pid: 793 comm: kworker/0:2)
[   99.336019][ T6813] BTRFS info (device loop2): enabling ssd optimizations
[   99.339769][ T6813] BTRFS info (device loop2): turning on async discard
[   99.341796][ T6813] BTRFS info (device loop2): enabling free space tree
[   99.364562][ T6813] BTRFS error (device loop2): balance: mixed groups data and metadata options must be the same
[   99.389055][ T5816] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   99.706547][ T6879] loop0: detected capacity change from 0 to 512
[   99.723479][ T6879] EXT4-fs: Ignoring removed orlov option
[   99.732508][ T6879] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   99.742857][ T6879] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[   99.753988][ T6879] EXT4-fs (loop0): orphan cleanup on readonly fs
[   99.759641][ T6879] EXT4-fs error (device loop0): ext4_read_inode_bitmap:139: comm syz.0.391: Invalid inode bitmap blk 0 in block_group 0
[   99.765548][ T6879] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  100.142249][ T5817] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  100.550670][ T6896] netlink: 'syz.0.396': attribute type 4 has an invalid length.
[  100.889766][ T6908] loop0: detected capacity change from 0 to 2048
[  100.905811][ T6908] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  100.981901][ T6915] loop2: detected capacity change from 0 to 64
[  101.180733][ T6932] ./file0: Can't open blockdev
[  101.401289][ T6940] loop2: detected capacity change from 0 to 4096
[  101.419794][ T6940] EXT4-fs (loop2): Test dummy encryption mode enabled
[  101.449044][ T6940] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  101.452311][ T6940] System zones: 0-5
[  101.460440][ T6940] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  101.539487][ T5816] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  101.667496][ T6948] loop2: detected capacity change from 0 to 512
[  101.688570][ T6948] EXT4-fs error (device loop2): ext4_init_orphan_info:581: comm syz.2.420: inode #0: comm syz.2.420: iget: illegal inode #
[  101.694100][ T6948] EXT4-fs (loop2): Remounting filesystem read-only
[  101.697713][ T6948] EXT4-fs (loop2): get orphan inode failed
[  101.699744][ T6948] EXT4-fs (loop2): mount failed
[  102.033142][ T6959] loop2: detected capacity change from 0 to 4096
[  102.037577][ T6959] ntfs3(loop2): Different NTFS sector size (2048) and media sector size (512).
[  102.246209][ T6967] loop2: detected capacity change from 0 to 32768
[  102.260246][ T6967] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  102.296380][ T5816] ocfs2: Unmounting device (7,2) on (node local)
[  102.326326][  T976] usb 1-1: new full-speed USB device number 10 using dummy_hcd
[  102.408151][ T6975] loop2: detected capacity change from 0 to 512
[  102.416759][ T6975] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  102.419922][ T6975] EXT4-fs (loop2): couldn't mount as ext3 due to feature incompatibilities
[  102.494979][  T976] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  102.502605][  T976] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  102.505689][  T976] usb 1-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00
[  102.508799][  T976] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  102.519131][  T976] usb 1-1: config 0 descriptor??
[  102.679899][ T6975] loop2: detected capacity change from 0 to 40427
[  102.685579][ T6975] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  102.688685][ T6975] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  102.692175][ T6975] F2FS-fs (loop2): Invalid log sectors per block(589827) log sectorsize(9)
[  102.696281][ T6975] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock
[  102.908087][ T6985] loop2: detected capacity change from 0 to 4096
[  102.936118][  T976] isku 0003:1E7D:319C.0004: hidraw0: USB HID v0.00 Device [HID 1e7d:319c] on usb-dummy_hcd.0-1/input0
[  103.029154][ T6987] Bluetooth: MGMT ver 1.23
[  103.070075][ T6989] loop2: detected capacity change from 0 to 1024
[  103.112810][   T37] hfsplus: b-tree write err: -5, ino 4
[  103.268864][   T13] nci: nci_rsp_packet: unknown rsp opcode 0x605
[  103.342085][ T5880] usb 1-1: USB disconnect, device number 10
[  103.408650][ T6999] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  103.425113][ T6999] syz_tun: entered promiscuous mode
[  103.430014][ T6999] syz_tun: left promiscuous mode
[  103.645808][ T7005] 9pnet_fd: Insufficient options for proto=fd
[  104.529597][ T7050] netlink: get zone limit has 4 unknown bytes
[  104.613503][ T7052] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  105.072487][ T7060] netlink: 16 bytes leftover after parsing attributes in process `syz.2.470'.
[  105.075712][ T7060] netlink: 16 bytes leftover after parsing attributes in process `syz.2.470'.
[  105.834224][ T7080] x_tables: ip6_tables: mh match: only valid for protocol 135
[  105.992931][ T5880] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  106.103946][ T7091] netlink: 'syz.1.485': attribute type 3 has an invalid length.
[  106.109874][ T7092] netlink: 4 bytes leftover after parsing attributes in process `syz.0.484'.
[  106.165747][ T5880] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  106.170002][ T5880] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  106.183548][ T5880] usb 3-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00
[  106.186823][ T5880] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  106.191368][ T5880] usb 3-1: config 0 descriptor??
[  106.246787][ T7101] usb usb8: usbfs: process 7101 (syz.0.489) did not claim interface 0 before use
[  107.020289][ T5880] hid-led 0003:27B8:01ED.0005: probe with driver hid-led failed with error -71
[  107.035520][ T5880] usb 3-1: USB disconnect, device number 8
[  107.449831][ T7118] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[  107.451931][ T7118] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  107.458652][ T7118] vhci_hcd vhci_hcd.0: Device attached
[  107.586864][ T7122] loop2: detected capacity change from 0 to 16
[  107.597685][ T7122] erofs (device loop2): mounted with root inode @ nid 36.
[  107.632970][ T5880] vhci_hcd: vhci_device speed not set
[  107.645014][ T7128] loop2: detected capacity change from 0 to 256
[  107.648585][ T7127] syz_tun: entered allmulticast mode
[  107.648892][ T7128] exfat: Deprecated parameter 'namecase'
[  107.657389][ T7126] syz_tun: left allmulticast mode
[  107.667890][ T7128] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d)
[  107.694670][ T5880] usb 33-1: new full-speed USB device number 2 using vhci_hcd
[  107.709431][ T5867] usb 1-1: new low-speed USB device number 11 using dummy_hcd
[  107.878003][ T5867] usb 1-1: config 0 has no interfaces?
[  107.879770][ T5867] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  107.894939][ T5867] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  107.900232][ T5867] usb 1-1: config 0 descriptor??
[  107.915327][ T7142] batadv_slave_1: entered promiscuous mode
[  107.920253][ T7141] batadv_slave_1: left promiscuous mode
[  108.110313][ T5526] usb 1-1: USB disconnect, device number 11
[  108.114656][ T7119] vhci_hcd: connection closed
[  108.126772][   T13] vhci_hcd: stop threads
[  108.131189][   T13] vhci_hcd: release socket
[  108.135755][   T13] vhci_hcd: disconnect device
[  108.172749][ T5880] vhci_hcd: vhci_device speed not set
[  108.222219][   T13] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  108.252658][ T5867] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  108.267323][   T13] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  108.333082][   T13] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  108.387654][   T13] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  108.402732][ T5867] usb 3-1: Using ep0 maxpacket: 8
[  108.406574][ T5867] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  108.410637][ T5867] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  108.415644][ T5867] usb 3-1: New USB device found, idVendor=5543, idProduct=0004, bcdDevice= 0.00
[  108.424855][ T5819] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  108.425869][ T5867] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  108.431051][ T5819] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  108.434804][ T5819] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  108.437682][ T5819] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  108.439038][ T5867] usb 3-1: config 0 descriptor??
[  108.443691][ T5819] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  108.566334][   T13] bridge_slave_1: left allmulticast mode
[  108.568342][   T13] bridge_slave_1: left promiscuous mode
[  108.571626][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.591189][   T13] bridge_slave_0: left allmulticast mode
[  108.594660][   T13] bridge_slave_0: left promiscuous mode
[  108.597794][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.616003][   T13] bond_slave_0: left promiscuous mode
[  108.618118][   T13] bond_slave_1: left promiscuous mode
[  108.861170][ T5867] uclogic 0003:5543:0004.0006: hidraw0: USB HID v0.00 Device [HID 5543:0004] on usb-dummy_hcd.2-1/input0
[  108.951618][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  108.954223][ T5526] usb 1-1: new full-speed USB device number 12 using dummy_hcd
[  108.959180][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  108.962818][   T13] bond0 (unregistering): Released all slaves
[  109.077161][  T793] usb 3-1: USB disconnect, device number 9
[  109.104497][ T5526] usb 1-1: config index 0 descriptor too short (expected 69, got 36)
[  109.107424][ T5526] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  109.121450][ T5526] usb 1-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=b7.89
[  109.132726][ T5526] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  109.135211][ T5526] usb 1-1: Product: syz
[  109.137713][ T5526] usb 1-1: Manufacturer: syz
[  109.143777][ T5526] usb 1-1: SerialNumber: syz
[  109.148541][ T7148] chnl_net:caif_netlink_parms(): no params data found
[  109.149600][ T5526] usb 1-1: config 0 descriptor??
[  109.164586][ T5526] gspca_main: gspca_pac7302-2.14.0 probing 093a:2622
[  109.352864][   T13] hsr_slave_0: left promiscuous mode
[  109.357008][   T13] hsr_slave_1: left promiscuous mode
[  109.362156][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  109.367618][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  109.371512][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  109.373887][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  109.392934][   T13] veth1_macvtap: left promiscuous mode
[  109.394788][   T13] veth0_macvtap: left promiscuous mode
[  109.396620][   T13] veth1_vlan: left promiscuous mode
[  109.398276][   T13] veth0_vlan: left promiscuous mode
[  109.568474][ T5526] gspca_pac7302: reg_w() failed i: 78 v: 00 error -71
[  109.574701][ T5526] gspca_pac7302 1-1:0.0: probe with driver gspca_pac7302 failed with error -71
[  109.581470][ T5526] usb 1-1: USB disconnect, device number 12
[  109.778944][   T13] team0 (unregistering): Port device team_slave_1 removed
[  109.800715][   T13] team0 (unregistering): Port device team_slave_0 removed
[  110.171668][ T7148] bridge0: port 1(bridge_slave_0) entered blocking state
[  110.177788][ T7148] bridge0: port 1(bridge_slave_0) entered disabled state
[  110.180519][ T7148] bridge_slave_0: entered allmulticast mode
[  110.189239][ T7148] bridge_slave_0: entered promiscuous mode
[  110.218227][ T7148] bridge0: port 2(bridge_slave_1) entered blocking state
[  110.223056][ T7148] bridge0: port 2(bridge_slave_1) entered disabled state
[  110.225368][ T7148] bridge_slave_1: entered allmulticast mode
[  110.240885][ T7148] bridge_slave_1: entered promiscuous mode
[  110.361814][ T7148] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  110.379699][ T7148] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  110.517492][ T5819] Bluetooth: hci0: command tx timeout
[  110.526736][ T7190] netlink: 8 bytes leftover after parsing attributes in process `syz.2.519'.
[  110.568693][ T7148] team0: Port device team_slave_0 added
[  110.577761][ T7148] team0: Port device team_slave_1 added
[  110.650913][ T7148] batman_adv: batadv0: Adding interface: batadv_slave_0
[  110.653940][ T7148] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  110.679838][ T7148] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  110.692058][ T7197] loop2: detected capacity change from 0 to 512
[  110.699060][ T7197] EXT4-fs (loop2): orphan cleanup on readonly fs
[  110.704522][ T7197] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #11: block 1728053262: comm syz.2.521: lblock 0 mapped to illegal pblock 1728053262 (length 1)
[  110.716298][ T7197] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2853: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  110.720384][ T7197] EXT4-fs error (device loop2): ext4_do_update_inode:5632: inode #15: comm syz.2.521: corrupted inode contents
[  110.727451][ T7197] EXT4-fs error (device loop2): ext4_dirty_inode:6517: inode #15: comm syz.2.521: mark_inode_dirty error
[  110.731361][ T7197] EXT4-fs error (device loop2): ext4_do_update_inode:5632: inode #15: comm syz.2.521: corrupted inode contents
[  110.735864][ T7148] batman_adv: batadv0: Adding interface: batadv_slave_1
[  110.738038][ T7148] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  110.746585][ T7197] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2996: inode #15: comm syz.2.521: mark_inode_dirty error
[  110.750784][ T7197] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2999: inode #15: comm syz.2.521: mark inode dirty (error -117)
[  110.754619][ T7148] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  110.758021][ T7197] EXT4-fs warning (device loop2): ext4_evict_inode:274: xattr delete (err -117)
[  110.760647][ T7197] EXT4-fs (loop2): 1 orphan inode deleted
[  110.767341][ T7197] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  110.814030][ T5816] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  110.839993][ T7148] hsr_slave_0: entered promiscuous mode
[  110.848448][ T7148] hsr_slave_1: entered promiscuous mode
[  110.950330][ T7205] loop2: detected capacity change from 0 to 1024
[  111.063389][ T1090] hfsplus: b-tree write err: -5, ino 4
[  111.202779][ T7148] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  111.698110][ T7148] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  111.711854][ T7148] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  111.741366][ T7148] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  111.814450][ T7148] 8021q: adding VLAN 0 to HW filter on device bond0
[  111.827725][ T7148] 8021q: adding VLAN 0 to HW filter on device team0
[  111.835475][ T1090] bridge0: port 1(bridge_slave_0) entered blocking state
[  111.837647][ T1090] bridge0: port 1(bridge_slave_0) entered forwarding state
[  111.845400][ T1090] bridge0: port 2(bridge_slave_1) entered blocking state
[  111.847545][ T1090] bridge0: port 2(bridge_slave_1) entered forwarding state
[  111.883118][   T33] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  112.030011][ T7148] 8021q: adding VLAN 0 to HW filter on device batadv0
[  112.047404][   T33] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  112.051838][   T33] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  112.057743][   T33] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  112.061076][   T33] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  112.066079][   T33] usb 1-1: SerialNumber: syz
[  112.068231][ T7148] veth0_vlan: entered promiscuous mode
[  112.076708][ T7148] veth1_vlan: entered promiscuous mode
[  112.110753][ T7148] veth0_macvtap: entered promiscuous mode
[  112.119008][ T7148] veth1_macvtap: entered promiscuous mode
[  112.135541][ T7148] batman_adv: batadv0: Interface activated: batadv_slave_0
[  112.143244][ T7148] batman_adv: batadv0: Interface activated: batadv_slave_1
[  112.151557][ T5857] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  112.154701][ T5857] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  112.157595][ T5857] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  112.160341][ T5857] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  112.241891][   T32] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  112.244730][   T32] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  112.271052][   T32] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  112.277795][   T33] usb 1-1: invalid UAC_HEADER (v1)
[  112.283461][   T32] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  112.303862][   T33] snd-usb-audio 1-1:1.0: probe with driver snd-usb-audio failed with error -22
[  112.309744][   T33] usb 1-1: USB disconnect, device number 13
[  112.334472][ T5938] udevd[5938]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  112.595157][ T5819] Bluetooth: hci0: command tx timeout
[  112.882658][ T5526] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  113.048312][ T5526] usb 4-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  113.051578][ T5526] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  113.054409][ T5526] usb 4-1: Product: syz
[  113.055932][ T5526] usb 4-1: Manufacturer: syz
[  113.057668][ T5526] usb 4-1: SerialNumber: syz
[  113.061888][ T5526] usb 4-1: config 0 descriptor??
[  113.192764][  T793] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  113.276570][   T33] usb 4-1: USB disconnect, device number 2
[  113.354338][  T793] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  113.357674][  T793] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  113.361243][  T793] usb 3-1: New USB device found, idVendor=04b4, idProduct=0001, bcdDevice= 0.00
[  113.364447][  T793] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  113.370787][  T793] usb 3-1: config 0 descriptor??
[  113.790507][  T793] cypress 0003:04B4:0001.0007: unknown main item tag 0x0
[  113.793202][  T793] cypress 0003:04B4:0001.0007: unknown main item tag 0x0
[  113.795475][  T793] cypress 0003:04B4:0001.0007: unknown main item tag 0x0
[  113.797972][  T793] cypress 0003:04B4:0001.0007: unknown main item tag 0x0
[  113.809991][  T793] cypress 0003:04B4:0001.0007: unknown main item tag 0x0
[  113.824092][  T793] cypress 0003:04B4:0001.0007: unknown main item tag 0x0
[  113.826235][  T793] cypress 0003:04B4:0001.0007: unknown main item tag 0x0
[  113.834517][  T793] cypress 0003:04B4:0001.0007: hidraw0: USB HID v0.00 Device [HID 04b4:0001] on usb-dummy_hcd.2-1/input0
[  114.029055][  T793] usb 3-1: USB disconnect, device number 10
[  114.032987][   T33] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  114.140473][ T7278] loop3: detected capacity change from 0 to 2048
[  114.160985][ T7279] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  114.216421][   T33] usb 1-1: Using ep0 maxpacket: 32
[  114.228482][   T33] usb 1-1: config 0 has an invalid interface number: 98 but max is 0
[  114.241987][ T7278] syz.3.547 (7278) used greatest stack depth: 18968 bytes left
[  114.248208][   T33] usb 1-1: config 0 has no interface number 0
[  114.277143][   T33] usb 1-1: New USB device found, idVendor=0545, idProduct=8080, bcdDevice= 3.01
[  114.298647][   T33] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  114.309565][   T33] usb 1-1: config 0 descriptor??
[  114.337090][ T7281] netlink: 264 bytes leftover after parsing attributes in process `syz.3.548'.
[  114.509499][ T7285] loop3: detected capacity change from 0 to 256
[  114.538227][ T7285] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x25fbf2c1, utbl_chksum : 0xe619d30d)
[  114.548792][   T33] usb 1-1: USB disconnect, device number 14
[  114.578221][   T34] audit: type=1800 audit(1762824128.929:15): pid=7285 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.550" name="file1" dev="loop3" ino=1048631 res=0 errno=0
[  114.672768][ T5819] Bluetooth: hci0: command tx timeout
[  114.720169][ T7291] loop3: detected capacity change from 0 to 128
[  114.754469][ T7291] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  114.765175][ T7291] ext4 filesystem being mounted at /11/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  114.810847][ T7291] EXT4-fs error (device loop3): dx_make_map:1296: inode #2: block 20: comm syz.3.552: bad entry in directory: inode out of bounds - offset=988, inode=128, rec_len=36, size=1024 fake=1
[  114.821454][ T7291] EXT4-fs error (device loop3) in do_split:2029: Corrupt filesystem
[  114.830567][ T7291] EXT4-fs error (device loop3): ext4_find_dest_de:2052: inode #2: block 20: comm syz.3.552: bad entry in directory: inode out of bounds - offset=988, inode=128, rec_len=36, size=1024 fake=1
[  114.880884][ T7148] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  115.273532][   T33] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  115.338471][ T7316] batadv1: entered promiscuous mode
[  115.422596][   T33] usb 4-1: Using ep0 maxpacket: 16
[  115.425549][   T33] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  115.428938][   T33] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  115.435732][   T33] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  115.439044][   T33] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  115.441508][   T33] usb 4-1: Product: syz
[  115.443046][   T33] usb 4-1: Manufacturer: syz
[  115.444533][   T33] usb 4-1: SerialNumber: syz
[  115.452126][   T33] usb 4-1: config 0 descriptor??
[  115.457561][   T33] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  115.460673][   T33] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class)
[  115.627360][ T7327] netlink: 8 bytes leftover after parsing attributes in process `syz.0.569'.
[  116.246000][   T33] em28xx 4-1:0.0: unknown em28xx chip ID (0)
[  116.249082][   T33] em28xx 4-1:0.0: Config register raw data: 0xfffffffb
[  116.488284][ T7337] PKCS7: Unknown OID: [4] 0.38.35.0.951690.11253
[  116.493457][ T7337] PKCS7: Only support pkcs7_signedData type
[  116.753148][ T5819] Bluetooth: hci0: command tx timeout
[  116.789285][   T34] audit: type=1326 audit(1762824131.139:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7351 comm="syz.2.580" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05c0b8efc9 code=0x7ffc0000
[  116.797371][   T34] audit: type=1326 audit(1762824131.139:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7351 comm="syz.2.580" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05c0b8efc9 code=0x7ffc0000
[  116.805916][   T34] audit: type=1326 audit(1762824131.139:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7351 comm="syz.2.580" exe="/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f05c0b8efc9 code=0x7ffc0000
[  116.813850][   T34] audit: type=1326 audit(1762824131.139:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7351 comm="syz.2.580" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05c0b8efc9 code=0x7ffc0000
[  116.824340][   T34] audit: type=1326 audit(1762824131.139:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7351 comm="syz.2.580" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05c0b8efc9 code=0x7ffc0000
[  116.832272][   T34] audit: type=1326 audit(1762824131.139:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7351 comm="syz.2.580" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f05c0b8efc9 code=0x7ffc0000
[  116.832829][ T5880] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  116.840561][   T34] audit: type=1326 audit(1762824131.139:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7351 comm="syz.2.580" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05c0b8efc9 code=0x7ffc0000
[  116.851374][   T34] audit: type=1326 audit(1762824131.139:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7351 comm="syz.2.580" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05c0b8efc9 code=0x7ffc0000
[  116.886082][   T34] audit: type=1326 audit(1762824131.139:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7351 comm="syz.2.580" exe="/syz-executor" sig=0 arch=c000003e syscall=270 compat=0 ip=0x7f05c0b8efc9 code=0x7ffc0000
[  116.993212][ T5880] usb 1-1: Using ep0 maxpacket: 16
[  116.999085][ T5880] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  117.002753][ T5880] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  117.006328][ T5880] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  117.010453][ T5880] usb 1-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00
[  117.013415][ T5880] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  117.019280][ T5880] usb 1-1: config 0 descriptor??
[  117.028455][ T5880] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input6
[  117.244081][ T5526] usb 1-1: USB disconnect, device number 15
[  117.266334][   T33] em28xx 4-1:0.0: AC97 vendor ID = 0x00fc00fe
[  117.467138][   T33] em28xx 4-1:0.0: Unknown AC97 audio processor detected!
[  117.470816][   T33] em28xx 4-1:0.0: couldn't setup AC97 register 2
[  117.473588][   T33] em28xx 4-1:0.0: couldn't setup AC97 register 4
[  117.475736][   T33] em28xx 4-1:0.0: couldn't setup AC97 register 6
[  117.477917][   T33] em28xx 4-1:0.0: couldn't setup AC97 register 54
[  117.480147][   T33] em28xx 4-1:0.0: couldn't setup AC97 register 56
[  117.484699][   T33] usb 4-1: USB disconnect, device number 3
[  117.992045][ T7370] loop2: detected capacity change from 0 to 4096
[  118.008217][ T7370] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512).
[  118.026087][ T7370] ntfs3(loop2): It is recommened to use chkdsk.
[  118.039194][ T7370] ntfs3(loop2): Failed to load $Extend (-22).
[  118.041255][ T7370] ntfs3(loop2): Failed to initialize $Extend.
[  118.109307][ T7377] loop3: detected capacity change from 0 to 1024
[  118.116225][ T7377] EXT4-fs (loop3): stripe (3) is not aligned with cluster size (16), stripe is disabled
[  118.131781][ T7377] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  118.147625][ T7377] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2853: Unable to expand inode 12. Delete some EAs or run e2fsck.
[  118.153019][ T7377] EXT4-fs error (device loop3): ext4_xattr_inode_iget:441: inode #11: comm syz.3.590: missing EA_INODE flag
[  118.163835][ T7377] EXT4-fs (loop3): Remounting filesystem read-only
[  118.188248][ T7148] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  118.388568][ T7382] loop2: detected capacity change from 0 to 32768
[  118.396001][ T7382] xfs: Deprecated parameter 'attr2'
[  118.401216][ T7382] XFS: attr2 mount option is deprecated.
[  118.416272][ T7382] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  118.441881][ T7384] loop3: detected capacity change from 0 to 32768
[  118.443218][ T7382] XFS (loop2): Ending clean mount
[  118.448826][ T7382] XFS (loop2): Quotacheck needed: Please wait.
[  118.450628][ T7384] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.592 (7384)
[  118.487079][ T7382] XFS (loop2): Quotacheck: Done.
[  118.488896][ T7384] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  118.500618][ T7384] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  118.533818][ T5816] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  118.565534][ T7384] BTRFS info (device loop3): rebuilding free space tree
[  118.641122][ T7384] BTRFS info (device loop3): disabling free space tree
[  118.647165][ T7384] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  118.653872][ T7384] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  118.679855][ T7384] BTRFS info (device loop3): enabling ssd optimizations
[  118.682308][ T7384] BTRFS info (device loop3): turning on async discard
[  118.684437][ T5819] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  118.684507][ T5819] Bluetooth: hci1: Injecting HCI hardware error event
[  118.685990][ T5202] Bluetooth: hci1: hardware error 0x00
[  118.702209][ T7384] BTRFS info (device loop3): force clearing of disk cache
[  118.714263][ T7384] BTRFS info (device loop3): enabling auto defrag
[  118.721036][ T7384] BTRFS info (device loop3): max_inline set to 4096
[  118.781411][ T7148] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  119.003707][ T7417] loop2: detected capacity change from 0 to 4096
[  119.082320][ T7417] ntfs3(loop2): ino=21, "hugetlb.1GB.usage_in_bytes" mmap(write) compressed not supported
[  119.501709][ T7426] loop3: detected capacity change from 0 to 32768
[  119.519946][ T7426] ocfs2: Slot 0 on device (7,3) was already allocated to this node!
[  119.553996][ T7426] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  119.617849][ T7148] ocfs2: Unmounting device (7,3) on (node local)
[  119.754913][   T34] kauditd_printk_skb: 1 callbacks suppressed
[  119.754924][   T34] audit: type=1326 audit(1762824134.109:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7455 comm="syz.2.612" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f05c0b8efc9 code=0x0
[  120.432772][   T33] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  120.599812][   T33] usb 1-1: config 1 has an invalid interface number: 7 but max is 0
[  120.605676][   T33] usb 1-1: config 1 has no interface number 0
[  120.607666][   T33] usb 1-1: config 1 interface 7 altsetting 0 bulk endpoint 0x9 has invalid maxpacket 1024
[  120.615495][   T33] usb 1-1: config 1 interface 7 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 8
[  120.624207][   T33] usb 1-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[  120.627638][   T33] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  120.634041][   T33] usb 1-1: Product: syz
[  120.636797][   T33] usb 1-1: Manufacturer: syz
[  120.638444][   T33] usb 1-1: SerialNumber: syz
[  120.642499][ T7474] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  120.652098][ T7474] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  120.660546][   T33] usb 1-1: Error in usbnet_get_endpoints (-22)
[  120.753323][ T5202] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  120.785006][ T7480] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  120.787313][ T7480] team0: Device ipvlan2 failed to register rx_handler
[  120.866134][ T5526] usb 1-1: USB disconnect, device number 16
[  121.178665][ T7499] netlink: 'syz.2.629': attribute type 8 has an invalid length.
[  121.477317][ T7511] bridge0: entered promiscuous mode
[  121.479758][ T7511] macsec1: entered promiscuous mode
[  121.487522][ T7511] bridge0: port 3(macsec1) entered blocking state
[  121.490031][ T7511] bridge0: port 3(macsec1) entered disabled state
[  121.494578][ T7511] macsec1: entered allmulticast mode
[  121.497065][ T7511] bridge0: entered allmulticast mode
[  121.501697][ T7511] macsec1: left allmulticast mode
[  121.504275][ T7511] bridge0: left allmulticast mode
[  121.508140][ T7511] bridge0: left promiscuous mode
[  121.522691][ T7491] loop3: detected capacity change from 0 to 131072
[  121.530700][ T7491] F2FS-fs (loop3): Test dummy encryption mode enabled
[  121.534492][ T7491] F2FS-fs (loop3): invalid crc value
[  121.553725][   T33] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  121.571653][ T7491] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  121.576707][ T7491] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  121.673280][ T7491] fscrypt: AES-256-CBC-CTS using implementation "cts(cbc(ecb(aes-fixed-time)))"
[  121.722791][   T33] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  121.730425][   T33] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  121.746118][   T33] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  121.749481][   T33] usb 3-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[  121.772888][   T33] usb 3-1: Manufacturer: syz
[  121.783918][   T33] usb 3-1: config 0 descriptor??
[  121.997375][ T7535] netlink: 32 bytes leftover after parsing attributes in process `syz.0.640'.
[  122.612683][  T976] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  122.762668][  T976] usb 4-1: Using ep0 maxpacket: 8
[  122.766465][  T976] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  122.769043][  T976] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  122.772224][  T976] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  122.775223][  T976] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  122.778824][  T976] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  122.782734][  T976] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  122.785513][  T976] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  122.812192][   T33] uclogic 0003:256C:006D.0008: v1 frame probing failed: -71
[  122.815651][   T33] uclogic 0003:256C:006D.0008: failed probing parameters: -71
[  122.818632][   T33] uclogic 0003:256C:006D.0008: probe with driver uclogic failed with error -71
[  122.824672][   T33] usb 3-1: USB disconnect, device number 11
[  123.006172][  T976] usb 4-1: GET_CAPABILITIES returned 0
[  123.007846][  T976] usbtmc 4-1:16.0: can't read capabilities
[  123.217944][  T976] usb 4-1: USB disconnect, device number 4
[  123.665372][ T5526] IPVS: starting estimator thread 0...
[  123.752772][ T7573] IPVS: using max 64 ests per chain, 153600 per kthread
[  123.828367][ T7577] loop3: detected capacity change from 0 to 512
[  123.923833][ T7577] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c119, mo2=0002]
[  123.928444][ T7577] System zones: 0-2, 18-18, 34-35
[  123.936429][ T7577] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  123.948418][ T7577] ext4 filesystem being mounted at /28/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  124.021823][ T7148] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  124.261941][ T7590] loop3: detected capacity change from 0 to 1024
[  124.265368][ T7590] EXT4-fs: Ignoring removed bh option
[  124.287139][ T7590] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  124.359473][ T7148] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  124.650841][ T7609] loop2: detected capacity change from 0 to 64
[  124.657624][ T7609] syz.2.665: attempt to access beyond end of device
[  124.657624][ T7609] loop2: rw=0, sector=65534, nr_sectors = 2 limit=64
[  124.661815][ T7609] Buffer I/O error on dev loop2, logical block 32767, async page read
[  124.772667][ T5526] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  124.880535][ T7612] Bluetooth: MGMT ver 1.23
[  124.940171][ T5526] usb 1-1: Using ep0 maxpacket: 16
[  124.948324][ T5526] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  124.950830][ T5526] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  124.956806][ T5526] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  124.962486][ T5526] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  124.965977][ T5526] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  124.968537][ T5526] usb 1-1: Product: syz
[  124.969829][ T5526] usb 1-1: Manufacturer: syz
[  124.980869][ T5526] usb 1-1: SerialNumber: syz
[  125.070340][ T7619] loop2: detected capacity change from 0 to 2048
[  125.111445][ T7619] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  125.121842][ T7619] cifs: Unknown parameter 'norecovery'
[  125.163400][ T5816] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  125.313935][ T7629] netlink: 264 bytes leftover after parsing attributes in process `syz.2.673'.
[  125.378601][ T7633] loop3: detected capacity change from 0 to 2048
[  125.399491][ T7633] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  125.409707][ T5526] usb 1-1: 0:2 : does not exist
[  125.465126][ T7637] loop3: detected capacity change from 0 to 256
[  125.512241][ T7637] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xf5596061, utbl_chksum : 0xe619d30d)
[  125.569834][ T7635] loop2: detected capacity change from 0 to 32768
[  125.623240][ T7635] JBD2: Ignoring recovery information on journal
[  125.652147][ T7635] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  125.686669][ T7635] syz.2.676 (7635) used greatest stack depth: 17928 bytes left
[  125.693676][ T5816] ocfs2: Unmounting device (7,2) on (node local)
[  125.857273][ T7649] loop2: detected capacity change from 0 to 2
[  125.866174][ T7649] jffs2: rp_size unrepresentable
[  125.918612][ T7645] loop3: detected capacity change from 0 to 32768
[  125.925516][ T7645] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.680 (7645)
[  125.943742][ T7645] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  125.946873][ T7645] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  125.973545][ T7652] loop2: detected capacity change from 0 to 128
[  126.028924][ T7645] BTRFS info (device loop3): enabling ssd optimizations
[  126.036532][ T5526] usb 1-1: USB disconnect, device number 17
[  126.037225][ T7645] BTRFS info (device loop3): turning on async discard
[  126.050262][ T7645] BTRFS info (device loop3): enabling free space tree
[  126.056774][ T5938] udevd[5938]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  126.133271][ T7669] geneve3: entered promiscuous mode
[  126.158546][ T7148] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  126.497992][ T7680] loop3: detected capacity change from 0 to 512
[  126.549435][ T7680] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  126.564376][ T7680] ext4 filesystem being mounted at /48/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  126.640684][ T7148] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  126.702807][ T7692] loop2: detected capacity change from 0 to 47
[  126.716551][ T7694] loop3: detected capacity change from 0 to 256
[  126.719622][ T7694] exfat: Deprecated parameter 'utf8'
[  126.729160][ T7694] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe3865569, utbl_chksum : 0xe619d30d)
[  126.730576][ T7692] syz.2.694: attempt to access beyond end of device
[  126.730576][ T7692] loop2: rw=1, sector=48, nr_sectors = 2 limit=47
[  126.741656][   T34] audit: type=1800 audit(1762824141.089:27): pid=7694 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.693" name="file1" dev="loop3" ino=1048633 res=0 errno=0
[  126.762376][ T7692] Buffer I/O error on dev loop2, logical block 24, lost async page write
[  126.771423][ T7692] syz.2.694: attempt to access beyond end of device
[  126.771423][ T7692] loop2: rw=1, sector=50, nr_sectors = 2 limit=47
[  126.794435][ T7692] Buffer I/O error on dev loop2, logical block 25, lost async page write
[  126.873844][    T9] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  126.912676][ T5819] Bluetooth: hci0: command 0x0405 tx timeout
[  127.032259][ T7698] loop3: detected capacity change from 0 to 32768
[  127.035592][    T9] usb 1-1: Using ep0 maxpacket: 16
[  127.046484][    T9] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  127.061594][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  127.080075][    T9] usb 1-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice=7a.5a
[  127.086708][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  127.093639][    T9] usb 1-1: Product: syz
[  127.095204][    T9] usb 1-1: Manufacturer: syz
[  127.100249][    T9] usb 1-1: SerialNumber: syz
[  127.113419][    T9] usb 1-1: config 0 descriptor??
[  127.244874][ T7698] ERROR: (device loop3): dbAdjCtl: the maximum free buddy is not the old root
[  127.244874][ T7698] 
[  127.251818][ T7698] ERROR: (device loop3): remounting filesystem as read-only
[  127.337321][    T9] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input7
[  127.346204][    C1] usb 1-1: pegasus_irq - nonzero urb status received: -71
[  127.349113][    C1] usb 1-1: pegasus_irq - nonzero urb status received: -71
[  127.352161][    C1] usb 1-1: pegasus_irq - nonzero urb status received: -71
[  127.354804][    C1] usb 1-1: pegasus_irq - nonzero urb status received: -71
[  127.357191][    C1] usb 1-1: pegasus_irq - nonzero urb status received: -71
[  127.359486][    C1] usb 1-1: pegasus_irq - nonzero urb status received: -71
[  127.361951][    C1] usb 1-1: pegasus_irq - nonzero urb status received: -71
[  127.364763][    C1] usb 1-1: pegasus_irq - nonzero urb status received: -71
[  127.367254][ T5246] usb 1-1: control msg error: -71
[  127.369094][    C1] usb 1-1: pegasus_irq - urb shutting down with status: -2
[  127.372620][    C1] usb 1-1: pegasus_irq - nonzero urb status received: -71
[  127.375235][    C1] usb 1-1: pegasus_irq - nonzero urb status received: -71
[  127.377338][ T5246] usb 1-1: control msg error: -71
[  127.378833][    C1] usb 1-1: pegasus_irq - nonzero urb status received: -71
[  127.381212][    C1] usb 1-1: pegasus_irq - nonzero urb status received: -71
[  127.383327][    C1] usb 1-1: pegasus_irq - nonzero urb status received: -71
[  127.385882][    C1] usb 1-1: pegasus_irq - nonzero urb status received: -71
[  127.387926][    C1] usb 1-1: pegasus_irq - nonzero urb status received: -71
[  127.390132][    C1] usb 1-1: pegasus_irq - nonzero urb status received: -71
[  127.393554][    C1] usb 1-1: pegasus_irq - nonzero urb status received: -71
[  127.396247][    C1] usb 1-1: pegasus_irq - nonzero urb status received: -71
[  127.397118][    T9] usb 1-1: USB disconnect, device number 18
[  127.398876][    C1] usb 1-1: pegasus_irq - nonzero urb status received: -71
[  127.403622][    C1] usb 1-1: pegasus_irq - usb_submit_urb failed with result -19
[  128.054305][    T9] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  128.173406][ T7727] virtio-fs: tag </dev/md0> not found
[  128.216095][    T9] usb 4-1: New USB device found, idVendor=1d50, idProduct=6089, bcdDevice=d0.1d
[  128.219017][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  128.233391][    T9] usb 4-1: config 0 descriptor??
[  128.347156][ T7725] loop2: detected capacity change from 0 to 32768
[  128.367332][ T7725] 
[  128.367332][ T7725]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  128.367332][ T7725] 
[  128.391926][ T7725] read_mapping_page failed!
[  128.395343][ T7725] ERROR: (device loop2): txCommit: 
[  128.395343][ T7725] 
[  128.400772][ T7725] ERROR: (device loop2): remounting filesystem as read-only
[  128.448136][    T9] hackrf 4-1:0.0: usb_control_msg() failed -71 request 0e
[  128.454095][    T9] hackrf 4-1:0.0: Could not detect board
[  128.461521][    T9] hackrf 4-1:0.0: probe with driver hackrf failed with error -71
[  128.464976][ T7737] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  128.483019][    T9] usb 4-1: USB disconnect, device number 5
[  130.000855][ T7756] loop2: detected capacity change from 0 to 40427
[  130.016042][ T7756] F2FS-fs (loop2): Magic Mismatch, valid(0xf2f52010) - read(0x1f52010)
[  130.022384][ T7756] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock
[  130.027746][ T7756] F2FS-fs (loop2): Image doesn't support compression
[  130.030281][ T7756] F2FS-fs (loop2): build fault injection type: 0x4
[  130.034873][ T7756] F2FS-fs (loop2): invalid crc value
[  130.104490][ T7756] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  130.107681][ T7756] F2FS-fs (loop2): Start checkpoint disabled!
[  130.115606][ T7756] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0
[  130.120136][ T7756] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0
[  130.122211][ T7756] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  130.251894][ T7777] loop3: detected capacity change from 0 to 128
[  130.260585][ T7775] xt_CT: You must specify a L4 protocol and not use inversions on it
[  130.269280][ T7777] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  130.339884][ T7779] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  130.512043][ T7787] netlink: 32 bytes leftover after parsing attributes in process `syz.3.735'.
[  130.665592][ T7797] loop2: detected capacity change from 0 to 128
[  130.689237][ T7797] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  130.706402][ T7797] ext4 filesystem being mounted at /237/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  130.748108][ T5816] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  130.903871][ T7813] loop2: detected capacity change from 0 to 4096
[  130.929244][ T7813] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[  130.932002][ T7813] ntfs3(loop2): ino=1a, mi_enum_attr
[  130.937388][ T7813] ntfs3(loop2): ino=1a, mi_enum_attr
[  130.939043][ T7813] ntfs3(loop2): Failed to initialize $Extend/$Reparse.
[  130.995494][ T7806] loop3: detected capacity change from 0 to 32768
[  131.001704][ T7806] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.744 (7806)
[  131.025844][ T7806] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  131.029331][ T7806] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  131.107819][ T7826] loop2: detected capacity change from 0 to 256
[  131.148928][ T7826] FAT-fs (loop2): Directory bread(block 64) failed
[  131.151591][ T7826] FAT-fs (loop2): Directory bread(block 65) failed
[  131.155521][ T7826] FAT-fs (loop2): Directory bread(block 66) failed
[  131.158108][ T7826] FAT-fs (loop2): Directory bread(block 67) failed
[  131.161115][ T7826] FAT-fs (loop2): Directory bread(block 68) failed
[  131.165502][ T7826] FAT-fs (loop2): Directory bread(block 69) failed
[  131.168098][ T7826] FAT-fs (loop2): Directory bread(block 70) failed
[  131.170574][ T7826] FAT-fs (loop2): Directory bread(block 71) failed
[  131.174877][ T7826] FAT-fs (loop2): Directory bread(block 72) failed
[  131.178380][ T7826] FAT-fs (loop2): Directory bread(block 73) failed
[  131.179509][ T7806] BTRFS info (device loop3): setting nodatasum
[  131.188091][ T7806] BTRFS info (device loop3): setting nodatacow
[  131.189894][ T7806] BTRFS info (device loop3): enabling ssd optimizations
[  131.191910][ T7806] BTRFS info (device loop3): turning on async discard
[  131.202671][ T7806] BTRFS info (device loop3): enabling free space tree
[  131.276493][ T7148] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  132.521095][ T7866] loop3: detected capacity change from 0 to 2048
[  132.529563][ T7866] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  132.730879][ T7872] loop3: detected capacity change from 0 to 32768
[  132.746532][ T7872] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.764 (7872)
[  132.775487][ T7872] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  132.778523][ T7872] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  132.834490][ T7872] BTRFS info (device loop3): enabling ssd optimizations
[  132.836999][ T7872] BTRFS info (device loop3): turning on async discard
[  132.839500][ T7872] BTRFS info (device loop3): enabling free space tree
[  132.873708][ T7148] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  133.156214][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[  133.158385][ T1361] ieee802154 phy1 wpan1: encryption failed: -22
[  133.501536][ T7919] loop3: detected capacity change from 0 to 1024
[  133.843161][ T5526] usb 4-1: new full-speed USB device number 6 using dummy_hcd
[  133.996123][ T5526] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  133.999426][ T5526] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[  134.003383][ T5526] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[  134.006706][ T5526] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  134.010147][ T5526] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  134.018275][ T5526] usb 4-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  134.023213][ T5526] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  134.026770][ T5526] usb 4-1: Product: syz
[  134.028607][ T5526] usb 4-1: Manufacturer: syz
[  134.030342][ T5526] usb 4-1: SerialNumber: syz
[  134.039327][ T5526] usb 4-1: config 0 descriptor??
[  134.052717][  T793] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  134.222693][  T793] usb 1-1: Using ep0 maxpacket: 8
[  134.228013][  T793] usb 1-1: config 179 has an invalid interface number: 65 but max is 0
[  134.230812][  T793] usb 1-1: config 179 has no interface number 0
[  134.233261][  T793] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  134.236763][  T793] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  134.240397][  T793] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  134.246436][  T793] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  134.253608][ T5526] radio-si470x 4-1:0.0: DeviceID=0x0000 ChipID=0x0000
[  134.255872][ T5526] radio-si470x 4-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0.
[  134.260791][  T793] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  134.265988][  T793] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  134.269384][  T793] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  134.282198][ T7934] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  134.452149][ T5526] radio-si470x 4-1:0.0: si470x_get_report: usb_control_msg returned -32
[  134.455612][ T5526] radio-si470x 4-1:0.0: si470x_get_scratch: si470x_get_report returned -32
[  134.457944][ T7919] overlay: filesystem on ./bus not supported
[  134.459421][ T5526] radio-si470x 4-1:0.0: probe with driver radio-si470x failed with error -5
[  134.492351][ T7919] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  134.515617][  T793] input: Generic X-Box pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:179.65/input/input8
[  134.540040][ T5526] usb 4-1: USB disconnect, device number 6
[  134.892726][ T5880] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  134.911226][  T976] usb 1-1: USB disconnect, device number 19
[  134.911260][    C0] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  134.916747][    C0] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  134.920520][    C0] ==================================================================
[  134.923456][    C0] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x23d/0x290
[  134.926275][    C0] Read of size 4 at addr ffff888113e0585c by task swapper/0/0
[  134.929148][    C0] 
[  134.930630][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 PREEMPT(full) 
[  134.930649][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  134.930658][    C0] Call Trace:
[  134.930666][    C0]  <IRQ>
[  134.930673][    C0]  dump_stack_lvl+0x189/0x250
[  134.930699][    C0]  ? __kasan_check_byte+0x12/0x40
[  134.930715][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  134.930733][    C0]  ? lock_release+0x4b/0x3e0
[  134.930749][    C0]  ? __virt_addr_valid+0x4a5/0x5c0
[  134.930769][    C0]  print_report+0xca/0x240
[  134.930788][    C0]  ? do_raw_spin_lock+0x23d/0x290
[  134.930805][    C0]  kasan_report+0x118/0x150
[  134.930821][    C0]  ? do_raw_spin_lock+0x23d/0x290
[  134.930841][    C0]  do_raw_spin_lock+0x23d/0x290
[  134.930858][    C0]  ? __wake_up_common_lock+0x2f/0x1f0
[  134.930878][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  134.930899][    C0]  _raw_spin_lock_irqsave+0xb3/0xf0
[  134.930915][    C0]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[  134.930927][    C0]  ? kcov_remote_stop+0x78/0x6d0
[  134.930943][    C0]  __wake_up_common_lock+0x2f/0x1f0
[  134.930964][    C0]  __usb_hcd_giveback_urb+0x3b0/0x540
[  134.930988][    C0]  dummy_timer+0x85f/0x44c0
[  134.931017][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  134.931044][    C0]  ? __pfx_dummy_timer+0x10/0x10
[  134.931064][    C0]  ? __pfx_dummy_timer+0x10/0x10
[  134.931083][    C0]  ? __pfx_dummy_timer+0x10/0x10
[  134.931101][    C0]  __hrtimer_run_queues+0x52c/0xc60
[  134.931117][    C0]  ? ktime_get_update_offsets_now+0x67/0x3d0
[  134.931143][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  134.931158][    C0]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  134.931177][    C0]  hrtimer_run_softirq+0x187/0x2b0
[  134.931194][    C0]  handle_softirqs+0x286/0x870
[  134.931210][    C0]  ? __irq_exit_rcu+0xca/0x1f0
[  134.931226][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  134.931241][    C0]  ? irqtime_account_irq+0xb6/0x1c0
[  134.931261][    C0]  __irq_exit_rcu+0xca/0x1f0
[  134.931275][    C0]  ? __pfx___irq_exit_rcu+0x10/0x10
[  134.931292][    C0]  irq_exit_rcu+0x9/0x30
[  134.931305][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  134.931321][    C0]  </IRQ>
[  134.931327][    C0]  <TASK>
[  134.931332][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  134.931349][    C0] RIP: 0010:pv_native_safe_halt+0x13/0x20
[  134.931365][    C0] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d f3 a1 20 00 f3 0f 1e fa fb f4 <e9> 48 e7 02 00 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[  134.931377][    C0] RSP: 0018:ffffffff8dc07d80 EFLAGS: 00000286
[  134.931392][    C0] RAX: 085ae2d221b8e500 RBX: ffffffff81968eb7 RCX: 085ae2d221b8e500
[  134.931402][    C0] RDX: 0000000000000001 RSI: ffffffff8d70fd03 RDI: ffffffff8bbf12e0
[  134.931412][    C0] RBP: ffffffff8dc07ea8 R08: ffff888121232fdb R09: 1ffff110242465fb
[  134.931422][    C0] R10: dffffc0000000000 R11: ffffed10242465fc R12: ffffffff8f7d1670
[  134.931432][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1b92a40
[  134.931442][    C0]  ? do_idle+0x1e7/0x510
[  134.931459][    C0]  default_idle+0x13/0x20
[  134.931512][    C0]  default_idle_call+0x73/0xb0
[  134.931530][    C0]  do_idle+0x1e7/0x510
[  134.931545][    C0]  ? __pfx_do_idle+0x10/0x10
[  134.931564][    C0]  cpu_startup_entry+0x44/0x60
[  134.931579][    C0]  rest_init+0x2de/0x300
[  134.931597][    C0]  start_kernel+0x3ae/0x410
[  134.931614][    C0]  x86_64_start_reservations+0x24/0x30
[  134.931633][    C0]  x86_64_start_kernel+0x143/0x1c0
[  134.931655][    C0]  common_startup_64+0x13e/0x147
[  134.931680][    C0]  </TASK>
[  134.931686][    C0] 
[  135.046805][    C0] Allocated by task 793:
[  135.048155][    C0]  kasan_save_track+0x3e/0x80
[  135.049646][    C0]  __kasan_kmalloc+0x93/0xb0
[  135.051097][    C0]  __kmalloc_cache_noprof+0x3e2/0x700
[  135.052813][    C0]  xpad_probe+0x428/0x1fc0
[  135.054188][    C0]  usb_probe_interface+0x668/0xc30
[  135.055796][    C0]  really_probe+0x26d/0x9e0
[  135.057210][    C0]  __driver_probe_device+0x18c/0x2f0
[  135.058897][    C0]  driver_probe_device+0x4f/0x430
[  135.060430][    C0]  __device_attach_driver+0x2ce/0x530
[  135.062094][    C0]  bus_for_each_drv+0x251/0x2e0
[  135.063665][    C0]  __device_attach+0x2b8/0x400
[  135.065181][    C0]  bus_probe_device+0x185/0x260
[  135.066693][    C0]  device_add+0x7b6/0xb50
[  135.068050][    C0]  usb_set_configuration+0x1a87/0x20e0
[  135.069758][    C0]  usb_generic_driver_probe+0x8d/0x150
[  135.071509][    C0]  usb_probe_device+0x1c4/0x390
[  135.073047][    C0]  really_probe+0x26d/0x9e0
[  135.074561][    C0]  __driver_probe_device+0x18c/0x2f0
[  135.076204][    C0]  driver_probe_device+0x4f/0x430
[  135.077806][    C0]  __device_attach_driver+0x2ce/0x530
[  135.079564][    C0]  bus_for_each_drv+0x251/0x2e0
[  135.081197][    C0]  __device_attach+0x2b8/0x400
[  135.082756][    C0]  bus_probe_device+0x185/0x260
[  135.084250][    C0]  device_add+0x7b6/0xb50
[  135.085612][    C0]  usb_new_device+0xa39/0x16f0
[  135.087081][    C0]  hub_event+0x2958/0x4a20
[  135.088535][    C0]  process_scheduled_works+0xae1/0x17b0
[  135.090319][    C0]  worker_thread+0x8a0/0xda0
[  135.091849][    C0]  kthread+0x711/0x8a0
[  135.093146][    C0]  ret_from_fork+0x4bc/0x870
[  135.094617][    C0]  ret_from_fork_asm+0x1a/0x30
[  135.096102][    C0] 
[  135.096867][    C0] Freed by task 976:
[  135.098084][    C0]  kasan_save_track+0x3e/0x80
[  135.099554][    C0]  kasan_save_free_info+0x46/0x50
[  135.101153][    C0]  __kasan_slab_free+0x5c/0x80
[  135.102704][    C0]  kfree+0x19a/0x6d0
[  135.103945][    C0]  xpad_disconnect+0x350/0x480
[  135.105483][    C0]  usb_unbind_interface+0x26e/0x910
[  135.107152][    C0]  device_release_driver_internal+0x4d9/0x800
[  135.109080][    C0]  bus_remove_device+0x34d/0x410
[  135.110655][    C0]  device_del+0x511/0x8e0
[  135.111999][    C0]  usb_disable_device+0x3e9/0x8a0
[  135.113580][    C0]  usb_disconnect+0x330/0x950
[  135.115038][    C0]  hub_event+0x1cf5/0x4a20
[  135.116446][    C0]  process_scheduled_works+0xae1/0x17b0
[  135.118207][    C0]  worker_thread+0x8a0/0xda0
[  135.119680][    C0]  kthread+0x711/0x8a0
[  135.120968][    C0]  ret_from_fork+0x4bc/0x870
[  135.122418][    C0]  ret_from_fork_asm+0x1a/0x30
[  135.123937][    C0] 
[  135.124693][    C0] Last potentially related work creation:
[  135.126521][    C0]  kasan_save_stack+0x3e/0x60
[  135.128012][    C0]  kasan_record_aux_stack+0xbd/0xd0
[  135.129705][    C0]  insert_work+0x3d/0x330
[  135.131042][    C0]  __queue_work+0xcd2/0xfb0
[  135.132483][    C0]  queue_work_on+0x181/0x270
[  135.133930][    C0]  xpad_irq_in+0xb57/0x2590
[  135.135370][    C0]  __usb_hcd_giveback_urb+0x376/0x540
[  135.137121][    C0]  dummy_timer+0x85f/0x44c0
[  135.138627][    C0]  __hrtimer_run_queues+0x52c/0xc60
[  135.140239][    C0]  hrtimer_run_softirq+0x187/0x2b0
[  135.141873][    C0]  handle_softirqs+0x286/0x870
[  135.143392][    C0]  __irq_exit_rcu+0xca/0x1f0
[  135.144872][    C0]  irq_exit_rcu+0x9/0x30
[  135.146263][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  135.148049][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  135.149918][    C0] 
[  135.150668][    C0] Second to last potentially related work creation:
[  135.152749][    C0]  kasan_save_stack+0x3e/0x60
[  135.154219][    C0]  kasan_record_aux_stack+0xbd/0xd0
[  135.155830][    C0]  insert_work+0x3d/0x330
[  135.157183][    C0]  __queue_work+0xcd2/0xfb0
[  135.158649][    C0]  queue_work_on+0x181/0x270
[  135.160142][    C0]  xpad_irq_in+0xb57/0x2590
[  135.161596][    C0]  __usb_hcd_giveback_urb+0x376/0x540
[  135.163306][    C0]  dummy_timer+0x85f/0x44c0
[  135.164779][    C0]  __hrtimer_run_queues+0x52c/0xc60
[  135.166429][    C0]  hrtimer_run_softirq+0x187/0x2b0
[  135.168043][    C0]  handle_softirqs+0x286/0x870
[  135.169568][    C0]  __irq_exit_rcu+0xca/0x1f0
[  135.171015][    C0]  irq_exit_rcu+0x9/0x30
[  135.172357][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  135.174138][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  135.176037][    C0] 
[  135.176806][    C0] The buggy address belongs to the object at ffff888113e05800
[  135.176806][    C0]  which belongs to the cache kmalloc-1k of size 1024
[  135.181208][    C0] The buggy address is located 92 bytes inside of
[  135.181208][    C0]  freed 1024-byte region [ffff888113e05800, ffff888113e05c00)
[  135.185538][    C0] 
[  135.186288][    C0] The buggy address belongs to the physical page:
[  135.188282][    C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x113e00
[  135.191100][    C0] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  135.193838][    C0] flags: 0x17ff00000000040(head|node=0|zone=2|lastcpupid=0x7ff)
[  135.196182][    C0] page_type: f5(slab)
[  135.197481][    C0] raw: 017ff00000000040 ffff888100041dc0 dead000000000100 dead000000000122
[  135.200153][    C0] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  135.202882][    C0] head: 017ff00000000040 ffff888100041dc0 dead000000000100 dead000000000122
[  135.205537][    C0] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  135.208235][    C0] head: 017ff00000000003 ffffea00044f8001 00000000ffffffff 00000000ffffffff
[  135.210855][    C0] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  135.213540][    C0] page dumped because: kasan: bad access detected
[  135.215577][    C0] page_owner tracks the page as allocated
[  135.217339][    C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5983, tgid 5981 (syz.1.40), ts 69462064421, free_ts 69442989219
[  135.223729][    C0]  post_alloc_hook+0x240/0x2a0
[  135.225242][    C0]  get_page_from_freelist+0x2365/0x2440
[  135.226991][    C0]  __alloc_frozen_pages_noprof+0x181/0x370
[  135.228809][    C0]  alloc_pages_mpol+0x232/0x4a0
[  135.230310][    C0]  allocate_slab+0x96/0x350
[  135.231738][    C0]  ___slab_alloc+0xe94/0x18a0
[  135.233213][    C0]  __slab_alloc+0x65/0x100
[  135.234576][    C0]  __kvmalloc_node_noprof+0x6ba/0x910
[  135.236415][    C0]  io_alloc_cache_init+0x42/0x140
[  135.238042][    C0]  io_ring_ctx_alloc+0x473/0xc10
[  135.239635][    C0]  io_uring_create+0x14a/0xba0
[  135.241130][    C0]  __se_sys_io_uring_setup+0x264/0x270
[  135.242857][    C0]  do_syscall_64+0xfa/0xfa0
[  135.244300][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  135.246210][    C0] page last free pid 5981 tgid 5981 stack trace:
[  135.248315][    C0]  __free_frozen_pages+0xbc8/0xd30
[  135.250006][    C0]  __slab_free+0x2e7/0x390
[  135.251474][    C0]  qlist_free_all+0x97/0x140
[  135.253017][    C0]  kasan_quarantine_reduce+0x148/0x160
[  135.254778][    C0]  __kasan_slab_alloc+0x22/0x80
[  135.256299][    C0]  __kmalloc_noprof+0x3cf/0x800
[  135.257866][    C0]  tomoyo_realpath_from_path+0xe3/0x5d0
[  135.259608][    C0]  tomoyo_path_perm+0x213/0x4b0
[  135.261175][    C0]  tomoyo_path_symlink+0xa3/0xe0
[  135.262854][    C0]  security_path_symlink+0x177/0x380
[  135.264564][    C0]  do_symlinkat+0x107/0x3f0
[  135.266008][    C0]  __x64_sys_symlinkat+0x95/0xb0
[  135.267593][    C0]  do_syscall_64+0xfa/0xfa0
[  135.269053][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  135.270961][    C0] 
[  135.271752][    C0] Memory state around the buggy address:
[  135.273549][    C0]  ffff888113e05700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  135.276094][    C0]  ffff888113e05780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  135.278549][    C0] >ffff888113e05800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  135.281011][    C0]                                                     ^
[  135.283150][    C0]  ffff888113e05880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  135.285607][    C0]  ffff888113e05900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  135.288120][    C0] ==================================================================
[  135.290639][    C0] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  135.292983][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 PREEMPT(full) 
[  135.295791][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  135.298913][    C0] Call Trace:
[  135.300001][    C0]  <IRQ>
[  135.300933][    C0]  dump_stack_lvl+0x99/0x250
[  135.302410][    C0]  ? __asan_memcpy+0x40/0x70
[  135.303967][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  135.305689][    C0]  ? __pfx__printk+0x10/0x10
[  135.307168][    C0]  vpanic+0x237/0x6d0
[  135.308494][    C0]  ? __pfx_vpanic+0x10/0x10
[  135.309965][    C0]  panic+0xb9/0xc0
[  135.311174][    C0]  ? __pfx_panic+0x10/0x10
[  135.312624][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  135.314507][    C0]  ? do_raw_spin_lock+0x23d/0x290
[  135.316077][    C0]  check_panic_on_warn+0x89/0xb0
[  135.317652][    C0]  ? do_raw_spin_lock+0x23d/0x290
[  135.319235][    C0]  end_report+0x78/0x160
[  135.320595][    C0]  kasan_report+0x129/0x150
[  135.322032][    C0]  ? do_raw_spin_lock+0x23d/0x290
[  135.323696][    C0]  do_raw_spin_lock+0x23d/0x290
[  135.325251][    C0]  ? __wake_up_common_lock+0x2f/0x1f0
[  135.327008][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  135.328744][    C0]  _raw_spin_lock_irqsave+0xb3/0xf0
[  135.330430][    C0]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[  135.332325][    C0]  ? kcov_remote_stop+0x78/0x6d0
[  135.333903][    C0]  __wake_up_common_lock+0x2f/0x1f0
[  135.335547][    C0]  __usb_hcd_giveback_urb+0x3b0/0x540
[  135.337226][    C0]  dummy_timer+0x85f/0x44c0
[  135.338690][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  135.340392][    C0]  ? __pfx_dummy_timer+0x10/0x10
[  135.341954][    C0]  ? __pfx_dummy_timer+0x10/0x10
[  135.343523][    C0]  ? __pfx_dummy_timer+0x10/0x10
[  135.345089][    C0]  __hrtimer_run_queues+0x52c/0xc60
[  135.346714][    C0]  ? ktime_get_update_offsets_now+0x67/0x3d0
[  135.348654][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  135.350572][    C0]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  135.352468][    C0]  hrtimer_run_softirq+0x187/0x2b0
[  135.354158][    C0]  handle_softirqs+0x286/0x870
[  135.355742][    C0]  ? __irq_exit_rcu+0xca/0x1f0
[  135.357240][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  135.358913][    C0]  ? irqtime_account_irq+0xb6/0x1c0
[  135.360581][    C0]  __irq_exit_rcu+0xca/0x1f0
[  135.362061][    C0]  ? __pfx___irq_exit_rcu+0x10/0x10
[  135.363727][    C0]  irq_exit_rcu+0x9/0x30
[  135.365044][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  135.366821][    C0]  </IRQ>
[  135.367766][    C0]  <TASK>
[  135.368688][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  135.370587][    C0] RIP: 0010:pv_native_safe_halt+0x13/0x20
[  135.372458][    C0] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d f3 a1 20 00 f3 0f 1e fa fb f4 <e9> 48 e7 02 00 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[  135.377930][    C0] RSP: 0018:ffffffff8dc07d80 EFLAGS: 00000286
[  135.379616][    C0] RAX: 085ae2d221b8e500 RBX: ffffffff81968eb7 RCX: 085ae2d221b8e500
[  135.382197][    C0] RDX: 0000000000000001 RSI: ffffffff8d70fd03 RDI: ffffffff8bbf12e0
[  135.384602][    C0] RBP: ffffffff8dc07ea8 R08: ffff888121232fdb R09: 1ffff110242465fb
[  135.387044][    C0] R10: dffffc0000000000 R11: ffffed10242465fc R12: ffffffff8f7d1670
[  135.389682][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1b92a40
[  135.392423][    C0]  ? do_idle+0x1e7/0x510
[  135.393887][    C0]  default_idle+0x13/0x20
[  135.395188][    C0]  default_idle_call+0x73/0xb0
[  135.396558][    C0]  do_idle+0x1e7/0x510
[  135.397737][    C0]  ? __pfx_do_idle+0x10/0x10
[  135.399099][    C0]  cpu_startup_entry+0x44/0x60
[  135.400668][    C0]  rest_init+0x2de/0x300
[  135.402054][    C0]  start_kernel+0x3ae/0x410
[  135.403355][    C0]  x86_64_start_reservations+0x24/0x30
[  135.404918][    C0]  x86_64_start_kernel+0x143/0x1c0
[  135.406357][    C0]  common_startup_64+0x13e/0x147
[  135.407767][    C0]  </TASK>
[  135.409295][    C0] Kernel Offset: disabled
[  135.410722][    C0] Rebooting in 86400 seconds..

VM DIAGNOSIS:
01:22:29  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000000 RBX=0000000000000000 RCX=0000000000000000 RDX=00000000000003f9
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f9 RSP=ffffc900000070d0
R8 =0000000000000003 R9 =0000000000000004 R10=dffffc0000000000 R11=ffffffff8515efb0
R12=dffffc0000000000 R13=dffffc0000000000 R14=ffffffff99af5f20 R15=0000000000000000
RIP=ffffffff8515f02c RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88818eb32000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f73fc28fbc3 CR3=0000000118b04000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffffffffffff ffffffffffffffff
XMM02=0000000000000000 0000000000000000 XMM03=ffffffffffffffff ffffffffffffffff
XMM04=0000000000000000 00000000000000ff XMM05=7712c53e93b9f1e8 728370bf3cb3486e
XMM06=63e772d7f3a22482 dabb339f3c035440 XMM07=bd0dad416e16bee6 46815929601aad29
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007f8f2b81315a
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=5d707b3fe32f7b00 RBX=ffffffff81968eb7 RCX=5d707b3fe32f7b00 RDX=0000000000000001
RSI=ffffffff8d70fd03 RDI=ffffffff8bbf12e0 RBP=ffffc90000197f10 RSP=ffffc90000197de0
R8 =ffff88823c632fdb R9 =1ffff110478c65fb R10=dffffc0000000000 R11=ffffed10478c65fc
R12=ffffffff8f7d1670 R13=0000000000000001 R14=0000000000000001 R15=1ffff1102c09e000
RIP=ffffffff8b478dd3 RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8882a9f32000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b30315ff8 CR3=0000000118b04000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffffffffffff ffffffffffffffff
XMM02=0000000000000000 0000000000000000 XMM03=ffffffffffffffff ffffffffffffffff
XMM04=0000000000000000 00000000000000ff XMM05=7712c53e93b9f1e8 728370bf3cb3486e
XMM06=63e772d7f3a22482 dabb339f3c035440 XMM07=bd0dad416e16bee6 46815929601aad29
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007f8f2b81315a
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
