last executing test programs:

2m30.517079944s ago: executing program 2 (id=875):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=@newlink={0x3c, 0x10, 0xffffffffffffffff, 0x70bd27, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x8002, 0x11323}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @gre={{0x8}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x20040040)

2m30.436968742s ago: executing program 2 (id=876):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8f}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil)
sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000880)={&(0x7f00000042c0)=@delchain={0x24, 0x65, 0x800, 0x70bd25, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x10, 0xffe0}, {0xa, 0xffe0}, {0xd, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x4c080)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)

2m30.385940752s ago: executing program 2 (id=877):
r0 = socket$packet(0x11, 0x2, 0x300)
getsockopt(r0, 0x1, 0x5, 0x0, &(0x7f00000000c0))

2m30.385636205s ago: executing program 2 (id=878):
inotify_init1(0x800)
syz_mount_image$fuse(0x0, 0x0, 0x1000009, 0x0, 0x1, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1008002, &(0x7f00000008c0), 0x3, 0x5eb, &(0x7f0000000c00)="$eJzs3ctvFEcaAPCvxw9sjNYDWu0ue1gsrVYg7WJjAysU5QDXCFnkoVxyiYMNIRiwsKPEJBJGIpdIUS5RFCmnHEL+iwSFK6fklEMuOUVIKIk4RspEPdNtPHaPX9jTiP79pGG6q6Zd1djfVHVNVU8AlTWS/lOLOBgRc0nEcLK0nNcbWeZI63WPfnv/fPpIotF4+Zckkiwtf32SPQ9lBw9ExHffJnGgZ22584s3Lk/Nzs5cz/bHFq7Mjc0v3jh66crUxZmLM1cn/j9x6uSJk6fGj23rvG4WpJ29/dY7wx9Ovvbl578n41/9OJnE6Xghe+HK89gpIzHS/D9J1mYNndrpwkrSk/2dNBqNRp6W9JZbJzYv//31RcTfYzh64vEvbzg+eLHUygG7qpG03ruBKkrEP1RU3g/Ir+1XXwfXSumVAN3w8ExrAGBt/Pe2xgZjoDk2sPdREiuHdZKI2N7IXLt9EXH/3uTtC/cmb8cujcMBxZZuRcQ/iuI/acZ/PQai3oz/Wlv8p/2Cc9lzmv7SNstfPVQs/qF7WvE/sG78R4f4fz19vtmK4Te2WX798eabg23xP7jdUwIAAAAAAIDKunsmIv5X9Pl/bXn+TxTM/xmKiNM7UP7Iqv21n//XHuxAMUCBh2cini+c/1vLZ//We1YsYa1HX3Lh0uzMsYj4S0Qcib496f74OmUc/ejAZ53yRrL5f/kjLf9+Nhcwq8eD3j3tx0xPLUw9wSkDmYe3Iv5ZOP83WW7/k4L2P31nmNtkGQf+c+dcp7yN4x/YLY0vIg4Xtv+P71qRrH9/jrFmf2As7xWs9a/3Pv66U/nbjX+3mIAnl7b/e9eP/3qy8n4981sv4/hib6NT3nb7//3JK827CvVnae9OLSxcH4/oT872pKlt6RNbrzM8i/J4yOMljf8j/15//K+o/z8YEUurfnbya/ua4tzf/hj6qVN99P+hPGn8T2+p/d/6xsSd+jedyt9c+3+i2dYfyVKM/0HLp3mY9renF4Rjb1FWt+sLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM+CWkTsi6Q2urxdq42ORgxFxF9jb2322vzCfy9ce/vqdJrX/P7/Wv5Nv8Ot/ST//v/6iv2JVfvHI2J/RHzSM9jcHz1/bXa67JMHAAAAAAAAAAAAAAAAAACAp8RQh/X/qZ97yq4dsOt6y64AUJqC+P++jHoA3af9h+oS/1Bd4h+qS/xDdYl/qC7xD9Ul/qG6xD8AAAAAADxT9h+6+0MSEUvPDTYfqf4sr6/UmgG7rVZ2BYDSuMUPVJepP1BdrvGBZIP8gY4HbXTkeubOP8HBAAAAAAAAAAAAAFA5hw9a/w9VZf0/VJf1/1Bd+fr/QyXXA+g+1/hAbLCSv3D9/4ZHAQAAAAAAAAAAAAA7aX7xxuWp2dmZ6zZefTqq0c2NRqNxM/0reFrqs/MbSTZDvSuF5lPhu3+m/Zs5wXyt3+Z+cnnvSQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQLs/AwAA//+JjCTl")
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x1000000, 0x0, 0x0, 0x0, 0x0)
lsetxattr(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)=@known='trusted.overlay.impure\x00', &(0x7f0000000200)='\xa2-\x00', 0x3, 0x1)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x4008, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@nfs_export_on}]})
llistxattr(0x0, 0x0, 0x0)

2m30.287753323s ago: executing program 2 (id=879):
r0 = memfd_create(&(0x7f0000000180)='\b\x9dF\xd8\b\xb3~u\xa5\"\xdc\xfdq\xf6c\r;\xfcO\x8c=\x81\xb1\x8aWpA\xd4\x98\x85K\x89>N\x8ar\x17O\x0fKR\xe2{mn\xcc\xbf2\xc0\xa7\x14\xd0\xd4\xfe/m\xdf\xb6]\xc2\xaa\x86\xec(\xf7\xcd\xa6\xd9n^.\x13*\xd4\xb8\xe8\xc4\xefb\x14Vx\xc6\xfe\x9e\xee\xe7\xd7E\xe9\t\x83\xdeNX\xec\xe66\x1b\x97$\xee\x84\x14n,B\xd5?\xe5E:+Pm\x1d\xb4\xb8\xeb\xe8Op2\x82\xc7\x0e\x97\x03\xef\x1a\xa5\x00.\x89\b!m\f\xd9\x8b$}\x9f\fX\x81\xa8\xf6\x94\xbc\xed\x80|l]\xe9\xca\xd3\xc9\xa3\x9e\x9cJI\xf1\xa2\xa0\xc4:\x00\x00\x00\x00\x00\x00\b\x00\x00', 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x4)
io_setup(0x7, &(0x7f0000007f00)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000000)=[&(0x7f0000007f80)={0x0, 0x0, 0x8, 0x0, 0x0, r0, 0x0}])

2m30.025079599s ago: executing program 2 (id=882):
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0xb6}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit={0x95, 0x0, 0x33}], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xb8000000}, 0x70)

2m29.89556442s ago: executing program 32 (id=882):
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0xb6}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit={0x95, 0x0, 0x33}], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xb8000000}, 0x70)

1.312795947s ago: executing program 1 (id=3279):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0f000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffd}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x81}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x31, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @sk_reuseport=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.312539589s ago: executing program 1 (id=3280):
r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
ioctl$IOCTL_STOP_ACCEL_DEV(r0, 0x40096101, &(0x7f0000000100)={{}, 0x7})

1.222415786s ago: executing program 1 (id=3282):
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x2c, 0x2c, 0x2, [@func_proto={0x0, 0x4, 0x0, 0xd, 0x2, [{0xf}, {0x9, 0x1}, {0x1, 0x2}, {0x1, 0x2}]}]}}, &(0x7f0000000f40)=""/4089, 0x46, 0xff9, 0xa}, 0x28)

1.127269071s ago: executing program 1 (id=3284):
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x109c, 0xf, 0xfe, 0xec}, {0x6, 0x8, 0x3, 0xca}]}, 0x10)
syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f0000000300)='./file0\x00', 0x2204080, &(0x7f0000000040)=ANY=[@ANYBLOB="6e6f646f74732c73686f77657865632c6e6f646f74732c6e66733d6e6f7374616c655f726f2c0030a66d3a1127e03fc4ec7721f7c77d616ce2d9a9b0ef6cf77d486df06aac6920f6f13474bc77836cb851c86e0cc5dc8611db21e0dafe4caa2c5b34"], 0x1, 0x295, &(0x7f0000000340)="$eJzs3U9LFGEcB/DHVTMMxVNQlx7q1GVQzx2UUJAWinKDCoIRx1p22pWdPexKBzt3CTr2DqJjtyB6A76Lbl7Ek6eMGv+kEASybuDnc9kv+50Hnh8zPHOc7TvvXjXWimQt7YTK3FCozIVQ2RsKU6ESDm2G2+/ffHj76MnTe/PV6sLDGBfnl2dmY4yTN74+e/3p5rfOlcefJ7+Mha2p59s7s9+3rm5d2/6x/LJexHoRm61OTONKq9VJV/IsrtaLRhLjgzxLiyzWm0XWPtGv5a319V5Mm6sT4+vtrChi2uzFRtaLnVbstHsxfZHWmzFJkjgxHjiL2se9/f2ws18a9G44f+7/xfbHoX45hN3Nbq1bK3/LfnGpujAdfxs9XrXb7daGj/qZso8n+9EwftDPnu4PXy23yv5Xd/d+9dT6sbDa59kBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4uJJ4ZOr4391utzZc9snf+jItLlUXpg8uONmPhOsj5zYGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJxJ0dtopHmetQWhT+HSwbP2v+xH+Jcw4IMJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABuD4o9+D3gkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACDVPQ2GmmeZ+0+hkHPCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABn9TMAAP//1DFpXA==")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x121)
open_by_handle_at(r0, &(0x7f0000000000)=ANY=[@ANYBLOB='D\x00\x00\x00q'], 0x2080)

1.119642794s ago: executing program 3 (id=3286):
syz_usb_connect(0x0, 0x34, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000892e79105e042107259c00fb030109022200010000000009040000000e010000082402010102"], 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000480), 0xffffffffffffffff)

1.022545702s ago: executing program 1 (id=3287):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
syz_mount_image$bcachefs(&(0x7f00000000c0), &(0x7f0000000180)='./file1\x00', 0x10, &(0x7f0000000480)=ANY=[], 0xff, 0x5a02, &(0x7f000000bc00)="$eJzs3X+QHNV9IPDXM7Pa1a5WWgkIMpjVIlBCILZW/CpsUrGSS+wUEEouUg7iZMOCVkS2JFT6EUCQIHLgQwW4cIpUgpM/iAtzh1FcVMHZyJQxP07ibGwVZx91hamz77D/8BXmUBnQUS6f92p3+s3O9E5vz87O6gd8PiVtT795832vu9/09PfN7E4AAADgfeHAndsPX37Kn3z3b0ffue1Pv7n59tBXnijviRUG0uVNR6uHHEndlaUTy+y4+J1bvvqzoev+6DuP9X7l3f3rT9/woz8+4bqnPnvJvgf+6dm3+5/4zWtFceN4OntyPXkjCaHnW4f+/vP7Xzx5vCxZOP6ztDuExcmSZxcnmRDDvwohrE9XlmbufPyd8zaML2+/u7uhfFGmnvH+/jZ+nMcH1q7DN54TfvyHa+/4/rKv/WvX3td3T1ZJeurGUwgLr6l/fFcIYX76f1wcbXE8xkG7JoTQW/e4iwr6dUaL/V+Zs35qupyXLvsK4sT7l2fWS5l62fWoK7PsLWhvtvL60W69Igsy69mT0Wzl9TOWL06X30iXZ88wfjndhnISSkmo1Lq/KZkcI6HuuCUhmTiWPbX1Uu3YhnT7M+tJZr2UWS93ZbZrot10oJWTpLE81suUx9NxJS0/vf5c3cQVOeUfSJc96RP13bgesjeq+qbcqG3XhNivQ9P05Ugo1Z2DmpXXDnx6MPrSsr5kyZTHjDUR79u/9p4V5XXPHRjI6UfyWJLGT9qKv+t7ixd85tE9O7Ov67X415TS+KW24v/k0oNvXrXny1/KjX9fjF9uK/65T/e+cenzdy7P3T+H4v6ptBV/5LUX7l124rV7c/v/YIzf01b81fsOdvcffvqZ3P4Px/0zv634r1788Z8+8vKTr+fGDzF+b1vx1+3b+oXuwcNn5cZ/Ju6fvvbGz1t7L3xlcPDnQ3nxX4rx+9uK//DuBz760KK7L8k9vmvi/hloK/5lZz51x4LDT56Wd+5MHuzUKyfA+9MJ6TXWXel6u3nmbNXlC/84VKle8y1I//d3sqHMxed4Ows7GR8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQggnnfNfPvG/PjXwRiVd705vvFqqLmP5vBCS+SGE7TtGtu3YuOX6oc/esHPblpFNQyM7hka37Nh289D5vze0bXTrppGbx+8d/tB51cctCUl1mZw2pe3usbGx0kBjWWzv35y598crLvrfvwhh+KQfDlZy+7/ygc0PndjkZ0ayeuxjm3de/sML/iXdroG0XwNN+jU2NjYWcvr1f6789UN/d+hnZ4Uw/FvT9euFV//g2w0dmiiYjJMqdYdqh7qT3qb9qPU67U/cX5UNGzeNDk+/f8cfX87Zjn97y+u/2nDTF39d3b89udvR4v6dv3psU+kf1l72//7h1mpBUb+O1nEv2t9xK2L/4v7rSff3wnS7FuZsVyVnu+78/jMvf+uUPW/vDsOVt5ZNbbtou7rSAdCVfKCldmMLvcnihvKetH484vFxK3ds3rpy+827PrRx88j1o9ePbvnIqvNXXTh8wYUXrJzY8pUd3v7Y/m+3uP1HZjwt+qvd34g/WxtPjf2aN+P9Md6v4v1R36O851/vFZ+//yMPPH95taBonMfatfNJuuwdP86rQt14m7qvmm1X0fEJIQw12w9vvn1JOPm/b7yj6DxUf2Tqf2Ykq8deXP7Lf7non5f+frXgiJzn6zvU5nm+1uvJ/kzsr570eIwdo/u3O5TT7epr2q9VLz7fdc+BX/x1rX/z5oWbRnbs2Laq+nNB2tMFyalN+5Utjdu1bOJnOaS7JdSGaZPxOq4rVPuXPX/G6tm92pfe15csabpdWfG+/WvvWVFe99yBvD2dPFZtcX7ory6TD+bU3JR5YLnW4WbtH6vPv6LxMfiJf37iU098/fwp4+Pc6s+i7UpytutrLz98/1e++O+/3rnt+sQfHBz45f/4yxXVgmP+vFKudqTW67Q/Sf155dwQip5/y0Lz7ch9/pWab0/R8y/bzmT95vGGMut9odzW8/Xcp3vfuPT5O5fnPl8PTfd8rd/YWxseVy54vh4r4yf7/Eoqjf2Yu+dXw0BJVo99564Tdj9725pTqgVFr5e12s3G9Xkt5B852/Xtq14ZvGHo3/23zp03vvp7j1/9o5HVf1MtaP+4x7505rj3pPu3J2f/1nod8876/fvh627YtL5aXrSfj971b7osyH/iqWT7zbs+N7Jp0+i27a1tV6uvp7Gd7F5u9/U0nt2WFGxXacp2zd2NVvZXq8+32P/1be+vxudbX0jael3Y9b3FCz7z6J6dA1MelTZ0TSmNX2or/k8uPfjmVXu+/KXc+PfF+JW24o+89sK9y068dm9u/AeTNH5PW/FX7zvY3X/46Wdy4w/H/s9vK/6rF3/8p4+8/OTrufFDjN/X3v5/a++FrwwO/jw3/ktJ2s74NVIIj79z3obqehK60udb7EdXQ79Cdj3JrJcy6+X69VKcRUgbKCdJY3msl5afXteXZv4ipzxehfUsrS7fjeshe2P68mNNqe7c36y86DoVAOC9Lr7/H69B4/v/o+mFUv5MA0yabR62NCduzMMm53Ma32NdmsaPj4/zgIMfDsPjy9uHqhf6M30fIT4fsvOcsZ2zzmiMUTjPOTbR/pR5zqL59+WZ9div6nx5pS4PTU3Nayqhhfn3qe1MP/+e2fzi97OG7prSraG6eavs8etKZ8yafd4h09/KeIS88ZGdF4uf5xhcGNZMtNfi+Mh+jiYeh+znaGI7p2ROnO1+jiZvfAxM3Q8N/YrjI9abZnxMdLn4/cipxy9Ms38nj1/zaNnjN4Pj3TNef67fn+3AvGHTU9qRmzec2/fDzEvmxE+fYMf6vGEsj9tRaXE+8VM55Z2aT4yni9ivQ9P05Ugwnwi8V8X8P75GjOf/4xfg/zdTryhPyV41xni5nxMqN+9PUd4x9XN6vTN9HZ8/ft+6fVu/0D14+Kzc65xnWv2c3taGtd6Cz/0U7ccVmfXC/ZgzQVOU72XbKdrv2c9l9IX+tq6fHt79wEcfWnT3Jbn7fU31hbR4v9/fsNZfsN+Pg3yheXz5wvsiX5jr+bMO5SMDdeut5SPpB5/mKh/585zymeYjvVNu1LZrwrGbj0y+kDbkI11Htl8AwPEj5v+198/S/P9/xgrpdURR3np2Zj3Gy81bc65P8vLWP0uXN2Xq96W/UTGT6+bxa9/LznzqjgWHnzwtN295sNU89D82rA0U5qGzy5tz84g1nfm8eG4eUcuzZpcn5va/lifOLk/PeZu2Lk+fXR6du39qeXTjPMD9B1uLH+cBcuPX5gE6mOf+ZrLSkctzC+brMo3F1Vbn645KHr2wcTvn5H299Ndn5yqPviKnfKZ5dN+UG7XtmnDs5tGN5fJoAOC9Kub/8TIu5v/PZ+q18T77hHjdnpsXdOi6Pfv3QGrxX5qTvHIyfofe/y3O++Y6b53rvH6u5yWO9/d/53peaGDiD3jONH6r82RH7fOux0penDYqLwYA4FgW8//56Xp+/t+f+xtOreQnU/K3ruol5GR+cvzl5/X15Oc58d8z+fnxPv8188/JBPl/u++Lvzsm/wcA4BgU8//4a4/x7//953Q9+3frj8c8PXgfXZ5+3OTps/scQO7xrf8cgHmAI/v5+PmT9c0DAABwNHRNZEpTf8/+0+ky+3v2eb+Xf1VO/VZV0svja3dsGx29eufW9SM7Rq/ecsP60e1X37ht444do1uq9WabN+bmLWne2BUq6f5oXi+bty1K/x7Copy/h5CtH8OeOnFj6t9DyDY7v+DvCEwev9b6m3f8StPUbzY+8o53Xvy/yKkf1Y7/dX957tUbtl+9ccvGHRtHNm3cNdpYbzxr7Z3B92Ym6f8ZfV9q5scUpZl/f2c8PLPrR2lKP7rS/ZH3/exJph+L054szvv+g5x+f/e//t1fnTn260dCGD6p/MFZ7b9k9dh/unL0z3Yc+OHW8f6Xpu1/rWbar6LvK83Wj9tT2XTD9h3nbLhh55bsN0q2J85nlGrrczSfkT79yy3OT6zLKZ/p7++Xp9w4NrU8PwEAQIP4/n+8no3vH34xvYCK5a3n6bN7/zg3Tx9uLU/Pfi9ZUZ6erR+3t9U8vWeWeXq2/aI8vVn9Znl6Xt6dF//Pc+rPVOvjpI3PecT089E9O3PHyTWtjZPs9xkUjZNs/ZmOk2SW4yTbftE4aVa/2TjJO+558T+ZUz9P0Xio1MbD7D6Xkzse7mttPPxuZr1oPGTrz3Q8lGY5HrLtF42HZvWbjYe845sX//Kc+q1qHB/jA2NiXIxefeMN2z5XV2+uv/8iTP1IRiv9mzf52Ln9/o92tb5/O/S5r2R3Y/+HO9X/EFZPlOT1f24/Vzb7/hft/xl8rmxhmPK5stz+vzS7mbDW+z+33++SkVd96uOP1HxteiYo+vxZ0Tzu2pzymc7jzpty49hkHheOnpj/x7d7Yv5/d7rs9NtAx//3pPkes6bxO/Q9ZkXXMUfj9bx0NF/Ps2+5ez0HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeE/oriydWB64c/vhy0/5k+/+7eg7t/3pNzff/ju3fPVnQ9f90Xce6/3Ku/vXn77hR398wnVPffaSfQ/807Nv9z/xm9cKAw9M/Kycna72hJC8kYTQ861Df//5/S+ePF6WhBDKycDuEBYnS55dnGQiDP8qhLC+1s/GOx9/57wN48vb7+5uKF+UCZLdrtBXjv2p72cINxVuEcehnnSc7Tp84znhx3+49o7vL/vav3btfX33ZJWkp248hbDwmvrHd4UQ5qf/x8XRtjQ+OF2uCSH01j3uooJ+ndFi/1fmrJ+aLuely76COPH+5Zn1UqZedj3qyix7C9qbrbx+tFuvyILMevZkNFt5/Yzli9PlN9Ll2TOMX47/k1BKQqXW/U3J5BgJdcctCcnEseyprZdqxzak259ZTzLrpcx6uSuzXRPtpgOtnCSN5bFepjyejitp+en15+omrsgp/0C67EmfqO/G9ZC9UdU35UZtuybEfh2api+p/1BcpX2lELq7m5dPnJtqBz49GH1pWV+yZMpjxpqI9+1fe8+K8rrnDgzk9CN5LEnjJ23F3/W9xQs+8+ienUvz4l9TSuOX2or/k0sPvnnVni9/KTf+fTF+ua345z7d+8alz9+5PHf/HIr7p9JW/JHXXrh32YnX7s3t/4Mxfk9b8VfvO9jdf/jpZ3L7Pxz3z/y24r968cd/+sjLT76eGz/E+L1txV+3b+sXugcPn5Ub/5m4f/raGz9v7b3wlcHBnw/lxX8pxu9vK/7Dux/46EOL7r4k9/iuiftnoK34l5351B0LDj95Wt65M3mwU6+cAO9PJ6TXWHel6+3mmbNVly/841Cles23IP3f38mGMsbbWTiH8QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeG/6wa3nf/rKj31ybSUJIcmpM9ZEvK88b/XqoTbaHXnthXuXnXjt3vqypW3EAQAAAIrFPLxUK+kJS8ONyfxwatP6cY7g1LiWNJZn5xBinOwcQbtxSk3ilNqIU+5QfyoditPVoTjzOhSnu0Nxegri9ITW4syfJk5lfAS02J/eafvTepy+DsVZ0KE4/R2Ks7BDcRZ1KM7AtHFaH4eLOxRnSYfinNChOCd2KM5JHYrzWx2Kc3KH4mTnlGc6DvvTmqfkxZm4US6MU0nKtTuazaefnLZz2izb6Stop7/o9bjFdua32M4ZmceVZthOT4vt/PYs20labOd3Z9lOqaCdOG5vyvYvthPXWhz/N3cozq4OxbmlQ3Fu7VCcv+5QnL/pUJzbZhkHoFUx/5/M9wZCd+X3Q296xsnOAsR8d9nEz6mvd3knpBjvg5nyeUXxsol6Jt6ymfYvO4GQibc8U97VEK9Sy0emiddTH29F5s7ptvfi1c37Vh/v7Ex59zTxGjYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI6AH9x6/qev/Ngn14YkjP9raqyJeF953urVQ220u3/tPSvK6547UF/WXWkjEAAAAFAo5uFdtZKe0F1ZFbqTeQ31etJ5gJ50vTxQXQ4uDGvGl8lQaWK9N1k87eMq6eNW7ti8deX2m3d9aOPmketHrx/d8pFV56+6cPiCCy9YuWHjptHh6s8QugvihRAmph+237zrcyObNo1u214tzPZ/afq4pel6kj5u8MNheHx5e9r/JQXtlaa0N3c3io8eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/2fXbkMlLcsHgF/PzJyZ8ej+d/74Ni7uOqyrWFmpHUNLPA8ECb4sHoSYY51kyZWko7vorphNupCaUgTKwrLhhzZM0qQvvqREvrBgmCV0NgmV8kN9KLQMFT+EMnHOzDNnZs5McxrEo+vv9+F5ue7rvq/nfj4cuJ4zAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw/lpoTM3Vp2dmJ5OIZEhOc4BsLF9M09oYdb/y+M4flDa9fVp3rFQYYyEAAABgpKwPn+hEylEq5CMfJyzdbY6ugVju+wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgI+ehcbUXH16ZvbIJCIZktMcIBvLF9O0NkbdV9588LMvbtr0t+5YdYx1AAAAgNGyPjzXiZSjGifHRHLCYuffiWbfBjb0zW/lLcvW2bjKvP5vB8PyTl5l3qmrzPvYiLyt7fONAQAAAB9+Wf9f6EQqUSqsW9EPZ/3/qL4+yzupLy/fPq/+twLFVWcCAAAA/13W/5c6kWqUCtVOv77afn9zX142f9T/7bP5pwyZP+r/+Ze0z/5PDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfHguNqbn69MxsPolIhuQ0B8jG8sU0rY1R96wnJv9x0cHbNnfHSoUxFgIAAABGyvrw5da7HKXCZEzEkUt9/6YL7nn4Sw8/OhURrTa/WIwbt+3add1ZrWOWd+ZzBye+/8xr316Rd2bruGYbBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3jMLjam5+vTM7BFJRDIkpzlANpYvpmltjLovf/6Lf7n/hcde7Y5Vx1gHAAAAGC3rw5d7/3JUoxjFOG7prrvXX5Trmz/smwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABw+Lj+mzd9Y9v8/PbrXKzNRTMf8QF4DBcuei/W+i8TAADwXjspkmj+j46/dK2fGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+CBYaEzN1adnZstJRDIkpzlANpYvpmltjLrp48+X1r39xFPdseoY6wAAAACjZX34cu9fjmpMxEQcu3Q36JvAUv9feR8fEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPhAWWhMzdWnZ2bXJRHJkJzmANlYvpimtTHq3rdn/+fuXf+9C7tjpcIYCwEAAAAjZX14sRMpR6nw8SjFie37+d4JSb59HvxdYHnezp5pk6ue1+iZl1/1vDv6dlZo76Y1r5ytV2mdO/Nqy/Ny7Xm1rnnV6JSvdeYtvay9PdXWjXjOdtpEAAAAwBrI+v9SJ1KJUqHU1f//tCe/sro+FwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4CFpoTM3Vp2dmkyQiGZLTHCAbyxfTtDZG3Zt++/9HffVnd+7ujlXHWAcAAAAYLevDl3v/clRjY/xfbFzq+6PSm5/l/bP+zr13/+uvp0WccdyhTYX+ZX+UXfz65fOf7D9E5HqzcxHr2/WSIfV+8/u7b9jSfOf+iDOOzZ+4ol701Wuuj+iq17tk2nykvv2SXc8c2jni5QAAAMBhIuv/JzqRSpQK1w7t/7POe0T/37HUgK+/Yc8vjmkf2x1534xcpV0vN6TeF7Y8+OdTzvn7a4v9/8p6n+xcfXr/Nfce01OwFemTpM3pa3ZvPXT2gVy261b9fF/97L18+Vuv/vuqG+96p1W/HOV2fEPfo7SqrTz2lY+0OZ/bN3vxu/savfULQ/Z/2++eeuFXG+58a7H+mydNduqfGoPqt3ZeGFo/jkibk5fdvvfc/Qe39taPiNqg+q+/dWEc/8erb+3f/2Tfwt1vvvvY/wLS5nOb3zhwzj3V83rrJ331s/f/8xfu2/uTu777aFY/+63IaSevtn6ur/6zdxy95+lbLt3QWz83ZP9PXv7iph217/yhf/9X9qxaGPoUK/f/wOkPXfHStvTm/iEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDDy0Jjaq4+PTObSyKSITnNAbKxfDFNa2PUfeWi51+//M4f/7A7Vh1jHQAAAGC0rA9f7v3LUY1iFGNyqe9/pL79kl3PHNoZldZo0j4X5ndcv+sTV+3Yfe2Va/TkAAAAwGq9clGy1P8XOpFKlApbYqLd/09fs3vrobMP5LL+P7d4TiLiqqvnt58Rnbxn7zh6z9O3XLqh850gYulnAeXFvM8s511w/vOVN/709VMG5p21nPfc5jcOnHNP9bwsL7rzzozO94kHTn/oipe2pTd3nq8771Nf2zHf/jyRrTt52e17z91/cGsu+47RPk+2183y5nP7Zi9+d18jV4nS4ni+nVdu7xsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWGmhMTVXn56ZjXxEMiSn2a0dyMbyxTStjVH34i2/vPWotx/b2B0rFcZYCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/sAMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYX9+guRquzjAP48M7vvzu7s6q6+0Fa0rlYUdqEURNRNRUVohNCVIWFpXkRBEFHYRWtoJFZ0E2TdSFRQbSEY5CaJFmv0T7rpooIC6yIQaaF2kS4qZuY54+xxTqOzFlSfDwzPPs8553t+5zzPnNkDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8I/S1zNab4/seGju9gtu/uSJe2cfv/W9B7Zd9tgbP4xvuvHjvQOvnpzevHzL1zct3XTgvjVTu186/MvQO78d6xj8aKNZmbqVEOKJGELl/Znnn5z+9LzaWAwhlOPwRAgjccnhkZhLWP1rCGFzs875G/fNXrWl1m7b1TdvfHEuJH9doVrO6mkYnl8v/y6VtM62zj1yRfj2hvXbP1/29lu9k8cnTu0Sa/uU03oKYdHG1uN7Qwj96VOTrbbR7ODUrgshDLQcd02Hui4+w/pXFfQvTO3/UlvtkJNtX5Hrl3L75fuZ3lw70OF8C1VUR7f7dTKY6+cfRgvVrHNV+/GR1L6b2pVnmV/OPjGUYuhpln9/PLVGQsu8xRDrc1lp9kvNuQ3p+nP9mOuXcv1yb+666udNC60c4/zxbL/cePY47knjy1uf1W3cUTB+fmor6Yt6MuuH/B8N1dP+aF5XXVbXzJ/U8ncotTyD2o03Jz5NRjWNVeOS0475vY1s2/T6py8tb/jgyHBBHXFvTPmxq/ytn40M3vXmzodHi/I3llJ+qav879Ye/enOnS+/WJj/XJZf7ir/yoMDJ9Z+uGNF4f2Zye5Pzxnlx9TPtt197KNnlv3/nsl2c13P35PlV7qq//qpo31DcwcPFda/Ors//V3lf3PdLd+//uX+44X5Icsf6Cp/w9SDz/aNzV1emH+o8VWo1ldoF+vn58mrvxob+3G8KP+L7P4PtcmPHfNfm9h97SuLd60pXJ/rsvsznPL7z6r+2y45sH1wbv9FRc/OuOdc/XIC/DctTf9jPZX6nd4z982W2r5nLlTL+8IL4z2NX6DB9Bk6lyfKqZ1n0V+YDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf7ADByQAAAAAgv6/bkegAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFMBAAD//+9DKDw=")
r0 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
ftruncate(r0, 0x2007ffc)
sendfile(r0, r0, 0x0, 0x800000009)
r1 = open(&(0x7f0000000000)='./file1\x00', 0x185102, 0x11c)
ftruncate(r1, 0x2007ffb)

801.430654ms ago: executing program 0 (id=3290):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
prlimit64(0x0, 0x7, &(0x7f00000003c0), 0x0)
accept$nfc_llcp(r0, 0x0, 0x0)

749.006515ms ago: executing program 0 (id=3291):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r0, 0x0, 0x30, 0x0, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}}, 0x40)

748.691854ms ago: executing program 0 (id=3292):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0x23c, 0x19, 0x1, 0x0, 0x10, {{@in=@multicast1, @in=@remote, 0x0, 0xb, 0xffff, 0x0, 0xa, 0x80, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, {0x1, 0x0, 0x80}}, [@tmpl={0x184, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x34ff, 0x0, 0x2}, {{@in=@local, 0x0, 0x3c}, 0x0, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x800, 0x800}, {{@in6=@loopback, 0x0, 0x32}, 0x0, @in=@multicast1, 0x3503, 0x3}, {{@in6=@mcast1, 0x0, 0x33}, 0x0, @in=@private=0xa010101, 0x3504, 0x0, 0x0, 0x1, 0x0, 0xabf}, {{@in6=@loopback, 0x4d4, 0x33}, 0x0, @in=@multicast1, 0x3, 0x0, 0x1, 0x8, 0x0, 0x0, 0x400}, {{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x32}, 0x0, @in6=@mcast2, 0x0, 0x1, 0x2, 0x0, 0x1}]}]}, 0x23c}}, 0x0)

673.209321ms ago: executing program 0 (id=3293):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_BEARER_SET(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000325bd7000fbdbdf25050000000c00098008000200010000000c0002800800010000000002"], 0x2c}}, 0x4004)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newtaction={0xa0, 0x30, 0x51b, 0x0, 0x0, {}, [{0x8c, 0x1, [@m_skbmod={0x5c, 0x1, 0x0, 0x0, {{0xb}, {0x30, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x6}]}, {0x4, 0x14}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x6}}}, @m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x2}}}}]}]}, 0xa0}}, 0x0)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000380)=ANY=[@ANYBLOB="180100002e00010000000000fcdbdf250801f2800c00180008ac0f0000000000140001"], 0x118}], 0x1, 0x0, 0x0, 0x1}, 0x0)

672.900421ms ago: executing program 0 (id=3294):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, &(0x7f0000000540)='syzkaller\x00', 0x9, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0xfffffffffffffeec}, 0x94)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl(r0, 0x8b2a, &(0x7f0000000040))

604.868296ms ago: executing program 0 (id=3295):
statfs(0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000815}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$nullb(0xffffffffffffff9c, 0x0, 0x282, 0x0)
r3 = socket$inet6(0xa, 0x3, 0x7)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f00000000c0)={@dev, 0x800, 0x0, 0x2000000000903, 0x1}, 0x20)
setsockopt$inet6_int(r3, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x7fff, 0x4)
connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x380000, @loopback}, 0x1c)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000140)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x3, 0x0, 0xff, 0x0, 0xffc0, 0x3}, &(0x7f0000000180)=0x20)
setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000010c0)={@in6={{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}}, 0x0, 0x0, 0x1b, 0x0, "61a1ed8439cd0606000000000000006b943e8bb0ac60081e33dff8150835f7519d5f73b4f5d80e000000e1f440994bb1d212fd0400b5063087117502d8c24f1fe97f61fd27a06d6a38a7004000"}, 0xd8)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7ffeffff}]})
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000340)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000000)={r4, &(0x7f0000000080)="c5cd3c7e3800"/20}, 0x20)
keyctl$join(0x1, 0x0)

538.119767ms ago: executing program 3 (id=3296):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x1, {{@in6=@local, @in=@rand_addr=0x64010101, 0x0, 0x2400, 0x1000, 0x0, 0x2, 0x0, 0x20, 0x84}, {0x0, 0x0, 0x0, 0xd07}, {0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0x20000, 0x0, 0x1, 0x0, 0x3}}, 0xb8}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="650100001b"], 0x188}}, 0x0)

537.718296ms ago: executing program 3 (id=3297):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x5}, 0x50)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x5, 0x1, 0x65bf, 0x9, 0x0, 0xffffffffffffffff, 0xcb00}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000004000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd850000007100000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r1}, 0x10)

462.747197ms ago: executing program 3 (id=3298):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mq={0x7}]}, 0x2c}}, 0x20040084)
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x24, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0x2, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x400dc}, 0x4000080)

108.623647ms ago: executing program 3 (id=3299):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000280)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWRULE={0x88, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x5}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x5c, 0x4, 0x0, 0x1, [{0x58, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x48, 0x2, 0x0, 0x1, [@NFTA_INNER_HDRSIZE={0x8, 0x4, 0x1, 0x0, 0x17}, @NFTA_INNER_EXPR={0x24, 0x5, 0x0, 0x1, @meta={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_META_DREG={0x8, 0x1, 0x1, 0x0, 0x8}, @NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0x1}]}}}, @NFTA_INNER_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_INNER_TYPE={0x8, 0x2, 0x1, 0x0, 0x84}, @NFTA_INNER_NUM={0x8}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xb0}, 0x1, 0x0, 0x0, 0x8890}, 0x24000000)

108.388864ms ago: executing program 1 (id=3300):
open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80)
mount(0x0, &(0x7f0000000500)='./bus\x00', &(0x7f0000000540)='virtiofs\x00', 0x80c000, &(0x7f0000000580)='dax=always')

0s ago: executing program 3 (id=3301):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x40, 0x16, 0xa, 0x1, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x6}]}]}, @NFT_MSG_DELFLOWTABLE={0x40, 0x18, 0xa, 0x101, 0xb00, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x6}]}]}], {0x14, 0x10}}, 0xc8}}, 0x0)

kernel console output (not intermixed with test programs):

ig 0 has an invalid interface number: 142 but max is 0
[  159.945180][   T47] usb 4-1: config 0 has no interface number 0
[  159.949690][   T47] usb 4-1: too many endpoints for config 0 interface 142 altsetting 187: 79, using maximum allowed: 30
[  159.954055][   T47] usb 4-1: config 0 interface 142 altsetting 187 has 0 endpoint descriptors, different from the interface descriptor's value: 79
[  159.960568][   T47] usb 4-1: config 0 interface 142 has no altsetting 0
[  159.963459][   T47] usb 4-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b
[  159.967045][   T47] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  159.980821][   T47] usb 4-1: config 0 descriptor??
[  159.993909][   T47] ums-realtek 4-1:0.142: USB Mass Storage device detected
[  160.082601][ T8482] capability: warning: `syz.0.952' uses deprecated v2 capabilities in a way that may be insecure
[  160.197052][ T5886] usb 4-1: USB disconnect, device number 2
[  160.307346][   T54] Bluetooth: hci0: command tx timeout
[  160.602936][ T8511] loop1: detected capacity change from 0 to 2048
[  160.655089][ T8511] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  160.663396][ T8511] ext4 filesystem being mounted at /313/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  160.676801][ T8511] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.965: bg 0: block 345: padding at end of block bitmap is not set
[  160.684174][ T8511] EXT4-fs (loop1): Remounting filesystem read-only
[  160.687270][ T8511] EXT4-fs warning (device loop1): ext4_xattr_inode_lookup_create:1597: inode #18: comm syz.1.965: cleanup dec ref error -117
[  160.716536][ T5852] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  162.010118][ T8548] loop1: detected capacity change from 0 to 4096
[  162.015377][ T8548] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512).
[  162.024360][ T8548] ntfs3(loop1): try to read out of volume at offset 0xffffffff0000
[  162.028139][ T8548] ntfs3(loop1): Failed to initialize $Bitmap (-5).
[  162.314830][ T8562] openvswitch: netlink: IP tunnel dst address not specified
[  162.349008][ T8564] netlink: 8 bytes leftover after parsing attributes in process `syz.0.985'.
[  162.582928][ T8578] netlink: 28 bytes leftover after parsing attributes in process `syz.0.992'.
[  162.597293][ T8578] netlink: 28 bytes leftover after parsing attributes in process `syz.0.992'.
[  162.600407][ T8578] netlink: 28 bytes leftover after parsing attributes in process `syz.0.992'.
[  162.603177][ T8578] netlink: 28 bytes leftover after parsing attributes in process `syz.0.992'.
[  162.840789][ T8590] loop3: detected capacity change from 0 to 4096
[  162.851272][ T8590] ntfs3(loop3): Different NTFS sector size (2048) and media sector size (512).
[  163.069625][ T8602] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  163.073125][ T8602] IPv6: NLM_F_CREATE should be set when creating new route
[  163.076211][ T8602] IPv6: NLM_F_CREATE should be set when creating new route
[  163.079241][ T8602] IPv6: NLM_F_CREATE should be set when creating new route
[  163.081621][ T8606] loop3: detected capacity change from 0 to 64
[  163.287604][   T24] usb 2-1: new full-speed USB device number 13 using dummy_hcd
[  163.332381][ T8614] unknown channel width for channel at 909000KHz?
[  163.454918][   T24] usb 2-1: config 253 has an invalid interface number: 57 but max is 0
[  163.465115][   T24] usb 2-1: config 253 has no interface number 0
[  163.472079][   T24] usb 2-1: config 253 interface 57 altsetting 0 endpoint 0x8 has invalid maxpacket 1023, setting to 64
[  163.483463][   T24] usb 2-1: New USB device found, idVendor=1546, idProduct=1313, bcdDevice=1c.86
[  163.489332][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  163.492514][   T24] usb 2-1: Product: syz
[  163.497832][   T24] usb 2-1: Manufacturer: syz
[  163.499690][   T24] usb 2-1: SerialNumber: syz
[  163.718710][   T24] cdc_ether 2-1:253.57: invalid descriptor buffer length
[  163.722754][   T24] usb 2-1: bad CDC descriptors
[  163.733314][   T24] usb 2-1: USB disconnect, device number 13
[  163.781402][   T54] Bluetooth: hci0: unexpected cc 0x204b length: 9 > 3
[  163.867989][ T8635] tmpfs: Bad value for 'mpol'
[  164.108820][ T8649] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  164.112105][ T8649] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  164.893854][ T8672] vlan2: entered promiscuous mode
[  164.895960][ T8672] bridge0: entered promiscuous mode
[  164.899060][ T8672] vlan2: entered allmulticast mode
[  164.907359][ T8672] bridge0: entered allmulticast mode
[  164.923473][ T8672] bridge_slave_0: left allmulticast mode
[  164.923589][ T8674] loop1: detected capacity change from 0 to 1024
[  164.927455][ T8672] bridge_slave_0: left promiscuous mode
[  164.929712][ T8674] EXT4-fs: Ignoring removed nobh option
[  164.942071][ T8672] bridge0: port 1(bridge_slave_0) entered disabled state
[  164.953610][ T8674] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  164.973689][ T8672] bridge_slave_1: left allmulticast mode
[  164.975641][ T8672] bridge_slave_1: left promiscuous mode
[  164.978682][ T8672] bridge0: port 2(bridge_slave_1) entered disabled state
[  164.986440][ T8672] bond0: (slave bond_slave_0): Releasing backup interface
[  164.995966][ T8672] bond0: (slave bond_slave_1): Releasing backup interface
[  165.011638][ T8672] team0: Port device team_slave_0 removed
[  165.020258][ T8672] team0: Port device team_slave_1 removed
[  165.022679][ T8672] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  165.025067][ T8672] batman_adv: batadv0: Removing interface: batadv_slave_0
[  165.029786][ T8672] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  165.032184][ T8672] batman_adv: batadv0: Removing interface: batadv_slave_1
[  165.042917][ T8672] bond0: (slave bond1): Releasing backup interface
[  165.197689][ T8683] Option '    ' to dns_resolver key: bad/missing value
[  165.235323][ T8685] syzkaller1: entered promiscuous mode
[  165.237457][ T8685] syzkaller1: entered allmulticast mode
[  165.614952][   T33] audit: type=1326 audit(1755121518.230:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8698 comm="syz.0.1044" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff93a18ebe9 code=0x7ffc0000
[  165.630031][   T33] audit: type=1326 audit(1755121518.230:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8698 comm="syz.0.1044" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff93a18ebe9 code=0x7ffc0000
[  165.636658][   T33] audit: type=1326 audit(1755121518.240:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8698 comm="syz.0.1044" exe="/syz-executor" sig=0 arch=c000003e syscall=36 compat=0 ip=0x7ff93a18ebe9 code=0x7ffc0000
[  165.643593][   T33] audit: type=1326 audit(1755121518.240:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8698 comm="syz.0.1044" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff93a18ebe9 code=0x7ffc0000
[  165.939556][ T5852] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  166.478035][   T24] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  166.505171][ T8733] netlink: 'syz.0.1059': attribute type 3 has an invalid length.
[  166.677877][   T24] usb 2-1: Using ep0 maxpacket: 16
[  166.756817][   T24] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  166.763191][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  166.804370][   T24] usb 2-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice=7a.5a
[  166.808784][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  166.812152][   T24] usb 2-1: Product: syz
[  166.813927][   T24] usb 2-1: Manufacturer: syz
[  166.815997][   T24] usb 2-1: SerialNumber: syz
[  166.822679][   T24] usb 2-1: config 0 descriptor??
[  167.033742][   T24] pegasus_notetaker 2-1:0.0: probe with driver pegasus_notetaker failed with error -22
[  167.041004][   T24] usb 2-1: USB disconnect, device number 14
[  167.699012][ T8775] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  167.852870][ T8787] loop3: detected capacity change from 0 to 4096
[  167.865146][ T8787] NILFS (loop3): invalid segment: Checksum error in segment payload
[  167.869937][ T8787] NILFS (loop3): trying rollback from an earlier position
[  167.887349][ T8787] NILFS (loop3): recovery complete
[  167.889894][ T8792] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  167.991662][ T8802] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1091'.
[  168.024636][ T8805] binder: 8803:8805 ioctl c0306201 200000000040 returned -14
[  168.388053][   T24] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  168.535568][ T8831] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1105'.
[  168.623700][   T24] usb 4-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[  168.632288][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  168.636009][   T24] usb 4-1: Product: syz
[  168.638553][   T24] usb 4-1: Manufacturer: syz
[  168.642431][   T24] usb 4-1: SerialNumber: syz
[  168.684821][   T24] usb 4-1: config 0 descriptor??
[  168.723085][   T24] gspca_main: sunplus-2.14.0 probing 04fc:504a
[  168.939374][   T24] gspca_sunplus: reg_r err -71
[  168.961125][   T24] usb 4-1: USB disconnect, device number 3
[  168.980735][ T5858] udevd[5858]: setting owner of /dev/bus/usb/004/003 to uid=0, gid=0 failed: No such file or directory
[  169.645748][ T8859] loop3: detected capacity change from 0 to 2048
[  169.720371][ T8859] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  169.764307][ T8859] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters
[  169.770714][ T8859] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 23 with error 28
[  169.775582][ T8859] EXT4-fs (loop3): This should not happen!! Data will be lost
[  169.775582][ T8859] 
[  169.781222][ T8859] EXT4-fs (loop3): Total free blocks count 0
[  169.783085][ T8859] EXT4-fs (loop3): Free/Dirty block details
[  169.784913][ T8859] EXT4-fs (loop3): free_blocks=66060288
[  169.786606][ T8859] EXT4-fs (loop3): dirty_blocks=48
[  169.788303][ T8859] EXT4-fs (loop3): Block reservation details
[  169.790168][ T8859] EXT4-fs (loop3): i_reserved_data_blocks=3
[  169.801921][ T8859] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 34 with error 28
[  169.804912][ T8871] loop1: detected capacity change from 0 to 256
[  169.821965][ T8871] exfat: Deprecated parameter 'namecase'
[  169.849593][ T8871] exFAT-fs (loop1): invalid fs_name
[  169.855860][ T8871] exFAT-fs (loop1): failed to read boot sector
[  169.869939][ T8871] exFAT-fs (loop1): failed to recognize exfat type
[  169.909849][ T8871] loop1: detected capacity change from 0 to 512
[  169.912254][ T8871] EXT4-fs: Ignoring removed i_version option
[  169.956144][ T8871] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  169.964795][ T8871] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2842e12c, mo2=0002]
[  169.969231][ T8878] loop3: detected capacity change from 0 to 2048
[  169.974211][ T8871] System zones: 1-12
[  169.975626][ T8871] EXT4-fs (loop1): orphan cleanup on readonly fs
[  169.980495][ T8871] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.1121: invalid indirect mapped block 12 (level 1)
[  169.994064][ T8871] EXT4-fs (loop1): Remounting filesystem read-only
[  169.997008][ T8871] EXT4-fs (loop1): 1 truncate cleaned up
[  170.001097][ T5999]  loop3: p1 p3 p4
[  170.006566][ T8871] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none.
[  170.012396][ T5999] loop3: p4 size 589824 extends beyond EOD, truncated
[  170.057437][ T5852] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[  170.063974][ T8878]  loop3: p1 p3 p4
[  170.121992][ T8878] loop3: p4 size 589824 extends beyond EOD, truncated
[  170.686031][ T6444] udevd[6444]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory
[  170.735654][ T5858] udevd[5858]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory
[  170.743578][ T5999] udevd[5999]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory
[  170.930650][ T8906] netlink: 'syz.1.1131': attribute type 5 has an invalid length.
[  170.955046][ T5999] udevd[5999]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory
[  170.955212][ T6444] udevd[6444]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory
[  170.960711][ T5858] udevd[5858]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory
[  171.111337][ T8919] loop1: detected capacity change from 0 to 256
[  171.249015][ T8929] loop3: detected capacity change from 0 to 1024
[  171.265341][ T8929] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  171.279555][ T8929] ext4 filesystem being mounted at /61/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  171.307524][ T8929] EXT4-fs (loop3): Online resizing not supported with bigalloc
[  171.340462][ T8245] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  171.556672][   T33] audit: type=1326 audit(1755121524.170:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8957 comm="syz.3.1144" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f934438ebe9 code=0x7ffc0000
[  171.584440][   T33] audit: type=1326 audit(1755121524.190:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8957 comm="syz.3.1144" exe="/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7f934438ebe9 code=0x7ffc0000
[  171.612297][   T33] audit: type=1326 audit(1755121524.190:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8957 comm="syz.3.1144" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f934438ebe9 code=0x7ffc0000
[  171.630322][   T33] audit: type=1326 audit(1755121524.190:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8957 comm="syz.3.1144" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f934438ebe9 code=0x7ffc0000
[  171.640760][   T33] audit: type=1326 audit(1755121524.190:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8957 comm="syz.3.1144" exe="/syz-executor" sig=0 arch=c000003e syscall=269 compat=0 ip=0x7f934438ebe9 code=0x7ffc0000
[  171.653401][   T33] audit: type=1326 audit(1755121524.190:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8957 comm="syz.3.1144" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f934438ebe9 code=0x7ffc0000
[  171.672917][   T33] audit: type=1326 audit(1755121524.190:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8957 comm="syz.3.1144" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f934438ebe9 code=0x7ffc0000
[  171.793075][   T10] hid-generic 0008:0006:0000.0007: unknown main item tag 0x0
[  171.800916][   T10] hid-generic 0008:0006:0000.0007: unknown main item tag 0x0
[  171.807998][   T10] hid-generic 0008:0006:0000.0007: unknown main item tag 0x0
[  171.810389][   T10] hid-generic 0008:0006:0000.0007: unknown main item tag 0x0
[  171.812706][   T10] hid-generic 0008:0006:0000.0007: unknown main item tag 0x0
[  171.819828][   T10] hid-generic 0008:0006:0000.0007: unknown main item tag 0x0
[  171.822357][   T10] hid-generic 0008:0006:0000.0007: unknown main item tag 0x0
[  171.824692][   T10] hid-generic 0008:0006:0000.0007: unknown main item tag 0x0
[  171.827063][   T10] hid-generic 0008:0006:0000.0007: unknown main item tag 0x0
[  171.830007][   T10] hid-generic 0008:0006:0000.0007: unknown main item tag 0x0
[  171.842861][   T10] hid-generic 0008:0006:0000.0007: hidraw0: <UNKNOWN> HID v0.0c Device [syz0] on syz1
[  172.197380][   T10] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  172.367895][   T10] usb 2-1: Using ep0 maxpacket: 16
[  172.376848][   T10] usb 2-1: unable to get BOS descriptor or descriptor too short
[  172.391006][   T10] usb 2-1: config 1 has an invalid interface number: 206 but max is 0
[  172.399554][   T10] usb 2-1: config 1 has no interface number 0
[  172.404232][   T10] usb 2-1: string descriptor 0 read error: -22
[  172.406225][   T10] usb 2-1: New USB device found, idVendor=152d, idProduct=0310, bcdDevice=3b.0a
[  172.422774][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  172.444557][   T10] uvcvideo 2-1:1.206: probe with driver uvcvideo failed with error -22
[  172.650196][  T793] usb 2-1: USB disconnect, device number 15
[  172.714425][ T9003] batman_adv: batadv0: Adding interface: dummy0
[  172.717016][ T9003] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  172.728608][ T9003] batman_adv: batadv0: Interface activated: dummy0
[  172.761000][ T9003] batadv0: mtu less than device minimum
[  172.764704][ T9003] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  172.770297][ T9003] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  172.775470][ T9003] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  172.780852][ T9003] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  172.785945][ T9003] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  172.791187][ T9003] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  172.796356][ T9003] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  172.802133][ T9003] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  172.807674][ T9003] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  173.183225][ T9023] loop3: detected capacity change from 0 to 1024
[  173.268306][  T752] hfsplus: b-tree write err: -5, ino 4
[  173.652103][ T9027] loop1: detected capacity change from 0 to 32768
[  173.656484][ T9027] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1170 (9027)
[  173.665031][ T9027] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  173.695652][ T9027] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm
[  173.725554][ T9027] BTRFS info (device loop1): using free-space-tree
[  173.844147][ T9060] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  173.847048][ T9060] IPv6: NLM_F_CREATE should be set when creating new route
[  174.157535][   T33] audit: type=1800 audit(1755121526.770:59): pid=9027 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1170" name="file1" dev="loop1" ino=260 res=0 errno=0
[  174.242890][ T5852] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  175.150607][ T5886] IPVS: starting estimator thread 0...
[  175.237967][ T9089] IPVS: using max 44 ests per chain, 105600 per kthread
[  175.336065][ T9098] netlink: 'syz.1.1191': attribute type 10 has an invalid length.
[  175.341933][ T9098] vlan0: entered allmulticast mode
[  175.343621][ T9098] veth0_vlan: entered allmulticast mode
[  175.354634][ T9098] team0: Port device vlan0 added
[  175.555791][ T9102] loop3: detected capacity change from 0 to 32768
[  175.561633][ T9102] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1188 (9102)
[  175.579797][ T9100] loop1: detected capacity change from 0 to 32768
[  175.582720][ T9102] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  175.592172][ T9102] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm
[  175.598417][ T9102] BTRFS info (device loop3): using free-space-tree
[  175.672064][ T9100] MetaData crosses page boundary!!
[  175.679122][ T9100] lblock = 621d00, size  = 28672
[  175.685815][ T9100] CPU: 0 UID: 0 PID: 9100 Comm: syz.1.1192 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  175.685830][ T9100] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  175.685838][ T9100] Call Trace:
[  175.685843][ T9100]  <TASK>
[  175.685861][ T9100]  dump_stack_lvl+0x189/0x250
[  175.685883][ T9100]  ? __pfx_dump_stack_lvl+0x10/0x10
[  175.685894][ T9100]  ? __pfx__printk+0x10/0x10
[  175.685913][ T9100]  __get_metapage+0x9ea/0xde0
[  175.685930][ T9100]  dtSearch+0x591/0x21b0
[  175.685956][ T9100]  jfs_lookup+0x155/0x380
[  175.685969][ T9100]  ? __pfx_jfs_lookup+0x10/0x10
[  175.685988][ T9100]  ? __pfx_apparmor_path_mknod+0x10/0x10
[  175.685998][ T9100]  ? make_vfsuid+0x49/0xa0
[  175.686008][ T9100]  ? generic_permission+0x2e5/0x690
[  175.686020][ T9100]  ? inode_permission+0x149/0x470
[  175.686027][ T9100]  ? bpf_lsm_path_mknod+0x9/0x20
[  175.686035][ T9100]  ? bpf_lsm_inode_create+0x9/0x20
[  175.686044][ T9100]  path_openat+0x1101/0x3830
[  175.686053][ T9100]  ? arch_stack_walk+0xfc/0x150
[  175.686079][ T9100]  ? __pfx_path_openat+0x10/0x10
[  175.686087][ T9100]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  175.686106][ T9100]  do_filp_open+0x1fa/0x410
[  175.686114][ T9100]  ? __lock_acquire+0xab9/0xd20
[  175.686127][ T9100]  ? __pfx_do_filp_open+0x10/0x10
[  175.686146][ T9100]  ? _raw_spin_unlock+0x28/0x50
[  175.686155][ T9100]  ? alloc_fd+0x64c/0x6c0
[  175.686172][ T9100]  do_sys_openat2+0x121/0x1c0
[  175.686182][ T9100]  ? __se_sys_futex+0x36f/0x400
[  175.686193][ T9100]  ? __pfx_do_sys_openat2+0x10/0x10
[  175.686206][ T9100]  ? rcu_is_watching+0x15/0xb0
[  175.686241][ T9100]  __x64_sys_openat+0x138/0x170
[  175.686253][ T9100]  do_syscall_64+0xfa/0x3b0
[  175.686265][ T9100]  ? lockdep_hardirqs_on+0x9c/0x150
[  175.686274][ T9100]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  175.686282][ T9100]  ? exc_page_fault+0x9f/0xf0
[  175.686292][ T9100]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  175.686301][ T9100] RIP: 0033:0x7f18f6d8ebe9
[  175.686311][ T9100] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  175.686318][ T9100] RSP: 002b:00007f18f7c31038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  175.686328][ T9100] RAX: ffffffffffffffda RBX: 00007f18f6fb5fa0 RCX: 00007f18f6d8ebe9
[  175.686333][ T9100] RDX: 000000000000275a RSI: 00002000000001c0 RDI: ffffffffffffff9c
[  175.686339][ T9100] RBP: 00007f18f6e11e19 R08: 0000000000000000 R09: 0000000000000000
[  175.686344][ T9100] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  175.686349][ T9100] R13: 00007f18f6fb6038 R14: 00007f18f6fb5fa0 R15: 00007ffe3a3491f8
[  175.686362][ T9100]  </TASK>
[  175.771924][ T9100] bread failed!
[  175.773093][ T9100] jfs_lookup: dtSearch returned -5
[  175.856739][ T8245] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  176.096686][ T9131] loop3: detected capacity change from 0 to 4096
[  176.121719][ T9131] ntfs3(loop3): Mark volume as dirty due to NTFS errors
[  176.143334][ T9131] ntfs3(loop3): ino=b, mi_enum_attr
[  176.145065][ T9131] ntfs3(loop3): Failed to load $Extend (-22).
[  176.151424][ T9131] ntfs3(loop3): Failed to initialize $Extend.
[  176.372513][ T9145] loop3: detected capacity change from 0 to 4096
[  176.412376][ T9145] ntfs3(loop3): ino=5, "/" mi_enum_attr
[  176.752959][ T9169] netlink: 'syz.3.1215': attribute type 1 has an invalid length.
[  176.755590][ T9169] netlink: 'syz.3.1215': attribute type 2 has an invalid length.
[  176.809486][ T5316] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  176.811097][ T9171] loop3: detected capacity change from 0 to 4096
[  176.815698][ T9171] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512).
[  176.830561][ T9171] ntfs3(loop3): ino=1a, mi_enum_attr
[  176.832223][ T9171] ntfs3(loop3): Mark volume as dirty due to NTFS errors
[  176.834725][ T9171] ntfs3(loop3): ino=1a, mi_enum_attr
[  176.836592][ T9171] ntfs3(loop3): Failed to initialize $Extend/$Reparse.
[  176.977414][ T5316] usb 2-1: Using ep0 maxpacket: 16
[  176.983991][ T5316] usb 2-1: config 0 has no interfaces?
[  176.989289][ T5316] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  176.997340][ T5316] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  177.006171][ T5316] usb 2-1: Product: syz
[  177.010900][ T5316] usb 2-1: SerialNumber: syz
[  177.014152][ T9177] loop3: detected capacity change from 0 to 1024
[  177.017787][ T5316] usb 2-1: config 0 descriptor??
[  177.036468][ T9177] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  177.057933][ T9177] ext4 filesystem being mounted at /96/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  177.075228][ T9177] EXT4-fs error (device loop3): ext4_clear_blocks:876: inode #14: comm syz.3.1219: attempt to clear invalid blocks 1886221359 len 1
[  177.105338][ T8245] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  177.234912][   T10] usb 2-1: USB disconnect, device number 16
[  177.431365][ T5316] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  177.580287][ T5316] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  177.584625][ T5316] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  177.588758][ T5316] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  177.594060][ T5316] usb 4-1: New USB device found, idVendor=0b05, idProduct=1854, bcdDevice= 0.00
[  177.597863][ T5316] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  177.604370][ T5316] usb 4-1: config 0 descriptor??
[  177.862709][ T9194] loop1: detected capacity change from 0 to 128
[  177.885374][ T9194] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  177.896164][ T9194] ext4 filesystem being mounted at /381/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  177.949722][ T5852] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  178.038852][ T5316] asus 0003:0B05:1854.0008: report_id 393985501 is invalid
[  178.045065][ T5316] asus 0003:0B05:1854.0008: item 0 4 1 8 parsing failed
[  178.048492][ T5316] asus 0003:0B05:1854.0008: Asus hid parse failed: -22
[  178.051366][ T5316] asus 0003:0B05:1854.0008: probe with driver asus failed with error -22
[  178.155054][ T9210] loop1: detected capacity change from 0 to 2048
[  178.189414][ T5858]  loop1: p1 < > p4
[  178.196808][ T5858] loop1: p4 size 8388608 extends beyond EOD, truncated
[  178.213354][ T9210]  loop1: p1 < > p4
[  178.223422][ T9210] loop1: p4 size 8388608 extends beyond EOD, truncated
[  178.231717][ T5316] usb 4-1: USB disconnect, device number 4
[  178.698546][ T9226] trusted_key: encrypted_key: insufficient parameters specified
[  178.818482][ T9232] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1243'.
[  179.066631][ T9242] netlink: 204 bytes leftover after parsing attributes in process `syz.1.1247'.
[  179.472309][ T9258] pimreg: entered allmulticast mode
[  179.475201][ T9258] pimreg: left allmulticast mode
[  179.578783][   T24] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  179.729772][   T24] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  179.733924][   T24] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  179.741361][   T24] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  179.752890][   T24] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[  179.758531][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  179.766744][   T24] usb 4-1: Product: syz
[  179.769439][   T24] usb 4-1: Manufacturer: syz
[  179.771339][   T24] usb 4-1: SerialNumber: syz
[  180.096215][   T24] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 5 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  180.252262][   T10] usb 4-1: USB disconnect, device number 5
[  180.255894][   T10] usblp0: removed
[  180.825707][ T9282] loop3: detected capacity change from 0 to 512
[  180.829672][ T9282] EXT4-fs: Ignoring removed nobh option
[  180.935205][ T9282] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #3: comm syz.3.1265: corrupted inode contents
[  180.963401][ T9282] EXT4-fs error (device loop3): ext4_dirty_inode:6538: inode #3: comm syz.3.1265: mark_inode_dirty error
[  180.984065][ T9282] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #3: comm syz.3.1265: corrupted inode contents
[  180.999204][ T9282] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #3: comm syz.3.1265: mark_inode_dirty error
[  181.027953][ T9282] Quota error (device loop3): write_blk: dquota write failed
[  181.034958][ T9282] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  181.048321][ T9282] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.1265: Failed to acquire dquot type 0
[  181.078072][ T9282] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #16: comm syz.3.1265: corrupted inode contents
[  181.101320][ T9282] EXT4-fs error (device loop3): ext4_dirty_inode:6538: inode #16: comm syz.3.1265: mark_inode_dirty error
[  181.116673][ T9282] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #16: comm syz.3.1265: corrupted inode contents
[  181.135620][ T9282] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #16: comm syz.3.1265: mark_inode_dirty error
[  181.142179][ T9282] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #16: comm syz.3.1265: corrupted inode contents
[  181.165017][ T9282] EXT4-fs error (device loop3) in ext4_orphan_del:305: Corrupt filesystem
[  181.185582][ T9282] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #16: comm syz.3.1265: corrupted inode contents
[  181.199917][ T9282] EXT4-fs error (device loop3): ext4_truncate:4666: inode #16: comm syz.3.1265: mark_inode_dirty error
[  181.227001][ T9282] EXT4-fs error (device loop3) in ext4_process_orphan:347: Corrupt filesystem
[  181.248391][ T9282] EXT4-fs (loop3): 1 truncate cleaned up
[  181.252104][ T9282] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  181.260098][ T9280] loop1: detected capacity change from 0 to 131072
[  181.263507][ T9280] F2FS-fs (loop1): Test dummy encryption mode enabled
[  181.267323][ T9280] F2FS-fs (loop1): invalid crc value
[  181.298744][ T9282] ext4 filesystem being mounted at /103/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  181.335214][ T9280] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  181.340871][ T9280] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  181.376354][ T9282] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  181.497488][ T9280] fscrypt: AES-256-CBC-CTS using implementation "cts(cbc(ecb(aes-fixed-time)))"
[  182.600637][ T9316] loop1: detected capacity change from 0 to 131072
[  182.605323][ T9316] F2FS-fs (loop1): Invalid log sectorsize (67108873)
[  182.607562][ T9316] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  182.611259][ T9316] F2FS-fs (loop1): invalid crc value
[  182.662956][ T9316] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  182.669177][ T9316] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  182.671710][ T9316] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  182.742351][ T9316] F2FS-fs (loop1): inconsistent node block, node_type:2, nid:8, node_footer[nid:8,ino:8,ofs:0,cpver:5013063228981249506,blkaddr:100678662]
[  183.577957][ T9341] ip6gre1: entered allmulticast mode
[  183.956659][   T33] audit: type=1326 audit(1755121536.570:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9336 comm="syz.3.1284" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f934438ebe9 code=0x7fc00000
[  184.859984][ T9393] loop1: detected capacity change from 0 to 8
[  184.873313][ T9393] SQUASHFS error: lzo decompression failed, data probably corrupt
[  184.875835][ T9393] SQUASHFS error: Failed to read block 0x62b: -5
[  184.881911][ T9393] SQUASHFS error: Unable to read metadata cache entry [629]
[  184.884295][ T9393] SQUASHFS error: Unable to read inode 0x11f
[  185.300959][ T9401] loop1: detected capacity change from 0 to 32768
[  185.337756][ T9401] bcachefs: bch2_fs_open() bch_fs_open err opening /dev/loop1: erofs_nochanges
[  185.350516][ T9401] bcachefs: bch2_fs_get_tree() error: erofs_nochanges
[  185.565440][ T9425] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1324'.
[  185.632103][ T9431] netlink: 'syz.1.1327': attribute type 13 has an invalid length.
[  185.635541][ T9431] netlink: 24859 bytes leftover after parsing attributes in process `syz.1.1327'.
[  185.747680][ T5857] Bluetooth: hci1: command 0x0406 tx timeout
[  186.116811][ T9457] delete_channel: no stack
[  186.121279][ T9456] delete_channel: no stack
[  186.237823][ T5886] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  186.284275][ T9475] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1349'.
[  186.288709][ T9475] net_ratelimit: 12 callbacks suppressed
[  186.288753][ T9475] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  186.387563][ T5886] usb 2-1: Using ep0 maxpacket: 16
[  186.390890][ T5886] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  186.394770][ T5886] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  186.404783][ T5886] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  186.408041][ T5886] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  186.419377][ T5886] usb 2-1: Product: syz
[  186.421433][ T5886] usb 2-1: Manufacturer: syz
[  186.423451][ T5886] usb 2-1: SerialNumber: syz
[  186.426972][ T5886] usb 2-1: config 0 descriptor??
[  186.443005][ T5886] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  186.449862][ T5886] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class)
[  187.070555][ T5886] em28xx 2-1:0.0: chip ID is em2710/2820
[  187.271141][ T5886] em28xx 2-1:0.0: Config register raw data: 0xfffffffb
[  187.275925][ T5886] em28xx 2-1:0.0: AC97 chip type couldn't be determined
[  187.283560][ T5886] em28xx 2-1:0.0: No AC97 audio processor
[  187.297581][ T5886] usb 2-1: USB disconnect, device number 17
[  187.305919][ T5886] em28xx 2-1:0.0: Disconnecting em28xx
[  187.319964][ T5886] em28xx 2-1:0.0: Freeing device
[  188.714380][ T9572] overlayfs: failed to clone upperpath
[  188.731482][ T9572] overlayfs: failed to clone upperpath
[  188.894743][ T9578] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1393'.
[  189.197283][    T9] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  189.371575][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  189.380761][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  189.385024][    T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  189.395209][ T9592] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[  189.398673][    T9] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  189.402266][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  189.417956][    T9] usb 2-1: config 0 descriptor??
[  189.459136][ T9592] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  189.632286][ T9612] netlink: 'syz.0.1410': attribute type 29 has an invalid length.
[  189.661734][ T9612] netlink: 'syz.0.1410': attribute type 29 has an invalid length.
[  189.671803][ T9612] netlink: 'syz.0.1410': attribute type 29 has an invalid length.
[  189.676727][ T9612] netlink: 'syz.0.1410': attribute type 29 has an invalid length.
[  189.862457][    T9] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  190.541573][ T9633] netlink: 'syz.3.1419': attribute type 3 has an invalid length.
[  190.549166][ T9633] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.1419'.
[  190.861943][ T9657] bridge1: entered allmulticast mode
[  191.282922][ T9690] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1447'.
[  191.420774][ T9704] 9pnet_fd: Insufficient options for proto=fd
[  191.516981][ T9710] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1457'.
[  191.676760][ T9722] loop1: detected capacity change from 0 to 1024
[  191.964977][ T9734] afs: Unknown parameter 'A~|vN'
[  192.042975][   T24] usb 2-1: USB disconnect, device number 18
[  192.093148][ T9738] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1469'.
[  192.337875][ T9761] overlayfs: failed to clone upperpath
[  192.585124][   T40] hfsplus: b-tree write err: -5, ino 4
[  192.847487][   T24] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  193.008330][   T24] usb 2-1: New USB device found, idVendor=0c45, idProduct=62a0, bcdDevice=a8.22
[  193.012024][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  193.023338][   T24] usb 2-1: config 0 descriptor??
[  193.033817][   T24] gspca_main: gspca_sn9c20x-2.14.0 probing 0c45:62a0
[  193.243835][   T24] gspca_sn9c20x: Write register 1000 failed -71
[  193.246437][   T24] gspca_sn9c20x: Device initialization failed
[  193.256666][   T24] gspca_sn9c20x 2-1:0.0: probe with driver gspca_sn9c20x failed with error -71
[  193.269998][   T24] usb 2-1: USB disconnect, device number 19
[  193.329049][ T9799] netlink: 180 bytes leftover after parsing attributes in process `syz.3.1499'.
[  193.911645][ T1362] ieee802154 phy0 wpan0: encryption failed: -22
[  193.914519][ T1362] ieee802154 phy1 wpan1: encryption failed: -22
[  194.101701][ T9826] overlayfs: failed to clone upperpath
[  194.832154][ T9847] x_tables: ip6_tables: quota.0 match: invalid size 24 (kernel) != (user) 144
[  194.934482][ T9857] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1525'.
[  195.068295][   T24] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  195.217629][   T24] usb 2-1: Using ep0 maxpacket: 16
[  195.221246][   T24] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  195.224259][   T24] usb 2-1: config 1 has no interface number 1
[  195.226763][   T24] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  195.232713][   T24] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  195.240423][   T24] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  195.243239][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  195.245709][   T24] usb 2-1: Product: syz
[  195.248614][   T24] usb 2-1: Manufacturer: syz
[  195.250081][   T24] usb 2-1: SerialNumber: syz
[  195.463432][   T24] usb 2-1: 2:1 : invalid channels 0
[  195.480659][   T24] usb 2-1: USB disconnect, device number 20
[  195.504018][ T5858] udevd[5858]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  195.632659][   T54] Bluetooth: hci0: unexpected cc 0x2039 length: 9 > 1
[  196.005925][ T9885] loop1: detected capacity change from 0 to 47
[  196.561501][ T9901] loop1: detected capacity change from 0 to 32768
[  196.580242][ T9903] IPVS: lc: UDP 224.0.0.2:0 - no destination available
[  196.583050][   T47] IPVS: starting estimator thread 0...
[  196.681251][ T9905] IPVS: using max 40 ests per chain, 96000 per kthread
[  197.854733][ T9931] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1555'.
[  197.872815][ T9931] gretap0: entered promiscuous mode
[  197.881910][ T9931] gretap0: left promiscuous mode
[  197.940328][ T9938] Bluetooth: MGMT ver 1.23
[  197.979275][ T9942] netlink: 'syz.1.1561': attribute type 1 has an invalid length.
[  197.987457][ T9940] netlink: 'syz.3.1560': attribute type 2 has an invalid length.
[  197.990959][ T9940] netlink: 'syz.3.1560': attribute type 1 has an invalid length.
[  198.051676][ T9948] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1562'.
[  198.309036][ T9968] af_packet: tpacket_rcv: packet too big, clamped from 42 to 4294967286. macoff=82
[  198.378441][ T9974] loop1: detected capacity change from 0 to 8192
[  198.419709][ T5858]  loop1: AHDI p1 p2
[  198.421759][ T5858] loop1: p1 size 65535 extends beyond EOD, truncated
[  198.432593][ T9974]  loop1: AHDI p1 p2
[  198.434015][ T9974] loop1: p1 size 65535 extends beyond EOD, truncated
[  198.486145][ T5858] udevd[5858]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory
[  198.503899][ T5858] udevd[5858]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory
[  198.686267][ T9998] netlink: 'syz.1.1586': attribute type 14 has an invalid length.
[  199.017759][   T24] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  199.167698][   T24] usb 2-1: Using ep0 maxpacket: 32
[  199.179705][   T24] usb 2-1: config 0 has an invalid interface number: 184 but max is 0
[  199.184811][   T24] usb 2-1: config 0 has no interface number 0
[  199.188316][   T24] usb 2-1: config 0 interface 184 has no altsetting 0
[  199.193649][   T24] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  199.199864][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  199.203177][   T24] usb 2-1: Product: syz
[  199.204900][   T24] usb 2-1: Manufacturer: syz
[  199.206482][   T24] usb 2-1: SerialNumber: syz
[  199.210898][   T24] usb 2-1: config 0 descriptor??
[  199.221571][   T24] smsc75xx v1.0.0
[  199.291903][   T33] audit: type=1326 audit(1755121551.910:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9979 comm="syz.0.1579" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff93a18ebe9 code=0x7fc00000
[  199.668279][   T54] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  199.671828][   T54] Bluetooth: hci0: Injecting HCI hardware error event
[  199.673752][T10030] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1602'.
[  199.676526][   T54] Bluetooth: hci0: hardware error 0x00
[  199.819078][   T24] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  199.823187][   T24] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  199.912031][T10038] openvswitch: netlink: Geneve opt len 62 is not a multiple of 4.
[  199.925839][T10040] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1607'.
[  199.932292][T10040] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1607'.
[  200.038555][   T24] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -71
[  200.048500][   T24] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -71
[  200.051630][   T24] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  200.055816][   T24] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -71
[  200.063856][   T24] usb 2-1: USB disconnect, device number 21
[  200.115202][T10050] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1612'.
[  200.924890][T10068] loop1: detected capacity change from 0 to 40427
[  200.928910][T10068] F2FS-fs (loop1): build fault injection rate: 14
[  200.931493][T10068] F2FS-fs (loop1): build fault injection type: 0x3bfe8c
[  200.935663][T10068] F2FS-fs (loop1): invalid crc value
[  200.943102][    C1] F2FS-fs (loop1): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  200.956015][    C1] F2FS-fs (loop1): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  200.997942][T10068] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  201.000824][T10068] F2FS-fs (loop1): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0
[  201.010539][T10068] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  201.024598][T10068] F2FS-fs (loop1): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  201.033010][T10068] F2FS-fs (loop1): inject dquot initialize in f2fs_dquot_initialize of f2fs_mknod+0x155/0x5d0
[  201.038549][T10068] F2FS-fs (loop1): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  201.060955][ T5852] F2FS-fs (loop1): inject inconsistent footer in sanity_check_node_footer of f2fs_get_dnode_of_data+0xab1/0x1cf0
[  201.067509][ T5852] F2FS-fs (loop1): inconsistent node block, node_type:0, nid:15, node_footer[nid:15,ino:3,ofs:521732,cpver:0,blkaddr:0]
[  201.077702][ T5852] syz-executor: attempt to access beyond end of device
[  201.077702][ T5852] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  201.081995][ T5852] CPU: 1 UID: 0 PID: 5852 Comm: syz-executor Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  201.082009][ T5852] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  201.082015][ T5852] Call Trace:
[  201.082019][ T5852]  <TASK>
[  201.082023][ T5852]  dump_stack_lvl+0x189/0x250
[  201.082040][ T5852]  ? __pfx_dump_stack_lvl+0x10/0x10
[  201.082050][ T5852]  ? __pfx_queue_work_on+0x10/0x10
[  201.082059][ T5852]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  201.082070][ T5852]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  201.082085][ T5852]  f2fs_handle_critical_error+0x37c/0x540
[  201.082100][ T5852]  f2fs_write_end_io+0x886/0xb60
[  201.082121][ T5852]  __submit_merged_bio+0x27a/0x6a0
[  201.082134][ T5852]  __submit_merged_write_cond+0x255/0x530
[  201.082148][ T5852]  f2fs_write_data_pages+0x261d/0x3000
[  201.082177][ T5852]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  201.082218][ T5852]  ? folios_put_refs+0x559/0x640
[  201.082234][ T5852]  ? __lock_acquire+0xab9/0xd20
[  201.082253][ T5852]  ? do_raw_spin_lock+0x121/0x290
[  201.082269][ T5852]  ? do_raw_spin_unlock+0x4d/0x240
[  201.082278][ T5852]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  201.082289][ T5852]  do_writepages+0x32e/0x550
[  201.082306][ T5852]  ? do_raw_spin_unlock+0x4d/0x240
[  201.082318][ T5852]  filemap_fdatawrite+0x199/0x240
[  201.082329][ T5852]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  201.082365][ T5852]  ? do_raw_spin_unlock+0x4d/0x240
[  201.082377][ T5852]  f2fs_sync_dirty_inodes+0x31f/0x830
[  201.082397][ T5852]  f2fs_write_checkpoint+0x95a/0x1df0
[  201.082426][ T5852]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  201.082463][ T5852]  ? kill_f2fs_super+0x298/0x6c0
[  201.082477][ T5852]  kill_f2fs_super+0x2c3/0x6c0
[  201.082492][ T5852]  ? __pfx_kill_f2fs_super+0x10/0x10
[  201.082501][ T5852]  ? radix_tree_delete_item+0x2b6/0x400
[  201.082515][ T5852]  ? shrinker_free+0x2ce/0x3e0
[  201.082526][ T5852]  deactivate_locked_super+0xbc/0x130
[  201.082538][ T5852]  cleanup_mnt+0x425/0x4c0
[  201.082548][ T5852]  ? lockdep_hardirqs_on+0x9c/0x150
[  201.082560][ T5852]  task_work_run+0x1d4/0x260
[  201.082573][ T5852]  ? __pfx_task_work_run+0x10/0x10
[  201.082582][ T5852]  ? __x64_sys_umount+0x122/0x160
[  201.082596][ T5852]  ? exit_to_user_mode_loop+0x40/0x110
[  201.082610][ T5852]  exit_to_user_mode_loop+0xec/0x110
[  201.082621][ T5852]  do_syscall_64+0x2bd/0x3b0
[  201.082631][ T5852]  ? lockdep_hardirqs_on+0x9c/0x150
[  201.082639][ T5852]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  201.082648][ T5852]  ? exc_page_fault+0x9f/0xf0
[  201.082658][ T5852]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  201.082666][ T5852] RIP: 0033:0x7f18f6d8ff17
[  201.082675][ T5852] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  201.082683][ T5852] RSP: 002b:00007ffe3a348488 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  201.082692][ T5852] RAX: 0000000000000000 RBX: 00007f18f6e11c05 RCX: 00007f18f6d8ff17
[  201.082698][ T5852] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe3a348540
[  201.082703][ T5852] RBP: 00007ffe3a348540 R08: 0000000000000000 R09: 0000000000000000
[  201.082708][ T5852] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe3a3495d0
[  201.082713][ T5852] R13: 00007f18f6e11c05 R14: 00000000000310f3 R15: 00007ffe3a349610
[  201.082728][ T5852]  </TASK>
[  201.082732][ T5852] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  201.543979][T10125] loop1: detected capacity change from 0 to 256
[  201.546558][T10125] exfat: Deprecated parameter 'utf8'
[  201.556795][T10125] exfat: Deprecated parameter 'utf8'
[  201.565118][T10125] exfat: Deprecated parameter 'utf8'
[  201.588415][T10125] exFAT-fs (loop1): failed to load upcase table (idx : 0x00011f3f, chksum : 0x96b62a4c, utbl_chksum : 0xe619d30d)
[  201.642752][T10125] exFAT-fs (loop1): error, exfat_zeroed_cluster: out of range(sect:184 len:8)
[  201.646706][T10125] exFAT-fs (loop1): Filesystem has been set read-only
[  201.747271][   T54] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  201.812958][T10146] loop1: detected capacity change from 0 to 16
[  201.823565][T10146] erofs (device loop1): negative i_size @ nid 36
[  201.882122][T10148] netlink: 5 bytes leftover after parsing attributes in process `syz.1.1655'.
[  201.885928][T10148] 0{X: renamed from macvtap0 (while UP)
[  201.892355][T10148] 0{X: entered allmulticast mode
[  201.894162][T10148] veth0_macvtap: entered allmulticast mode
[  201.896421][T10148] A link change request failed with some changes committed already. Interface 30{X may have been left with an inconsistent configuration, please check.
[  201.949664][T10150] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  202.709796][   T33] audit: type=1326 audit(1755121555.330:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10167 comm="syz.3.1665" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f934438ebe9 code=0x0
[  202.943935][T10188] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1674'.
[  203.708935][   T10] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  203.941052][   T10] usb 2-1: Using ep0 maxpacket: 32
[  203.949033][   T10] usb 2-1: config 0 has an invalid interface number: 216 but max is 0
[  203.951556][   T10] usb 2-1: config 0 has no interface number 0
[  203.958656][   T10] usb 2-1: New USB device found, idVendor=0545, idProduct=8080, bcdDevice= 0.02
[  203.962637][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  203.965325][   T10] usb 2-1: Product: syz
[  203.966649][   T10] usb 2-1: Manufacturer: syz
[  203.968750][   T10] usb 2-1: SerialNumber: syz
[  203.976039][   T10] usb 2-1: config 0 descriptor??
[  204.188695][   T10] usb 2-1: USB disconnect, device number 22
[  205.073150][T10260] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1706'.
[  205.411700][T10277] overlayfs: failed to clone upperpath
[  205.415095][T10277] overlayfs: failed to clone upperpath
[  206.507567][   T24] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  207.047741][   T24] usb 2-1: Using ep0 maxpacket: 16
[  207.052037][   T24] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  207.056332][   T24] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  207.060999][   T24] usb 2-1: config 0 interface 0 has no altsetting 0
[  207.063646][   T24] usb 2-1: New USB device found, idVendor=05ac, idProduct=0247, bcdDevice= 0.00
[  207.068125][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  207.073975][   T24] usb 2-1: config 0 descriptor??
[  207.488684][   T24] hid_parser_main: 38 callbacks suppressed
[  207.488705][   T24] apple 0003:05AC:0247.000A: unknown main item tag 0x0
[  207.493197][   T24] apple 0003:05AC:0247.000A: unknown main item tag 0x0
[  207.495428][   T24] apple 0003:05AC:0247.000A: unknown main item tag 0x0
[  207.499602][   T24] apple 0003:05AC:0247.000A: unknown main item tag 0x0
[  207.501654][   T24] apple 0003:05AC:0247.000A: unknown main item tag 0x0
[  207.503722][   T24] apple 0003:05AC:0247.000A: unknown main item tag 0x0
[  207.505776][   T24] apple 0003:05AC:0247.000A: unknown main item tag 0x0
[  207.508504][   T24] apple 0003:05AC:0247.000A: unknown main item tag 0x0
[  207.510611][   T24] apple 0003:05AC:0247.000A: unknown main item tag 0x0
[  207.512700][   T24] apple 0003:05AC:0247.000A: unknown main item tag 0x0
[  207.515148][   T24] apple 0003:05AC:0247.000A: nested delimiters
[  207.517028][   T24] apple 0003:05AC:0247.000A: item 0 2 2 10 parsing failed
[  207.521661][   T24] apple 0003:05AC:0247.000A: parse failed
[  207.523637][   T24] apple 0003:05AC:0247.000A: probe with driver apple failed with error -22
[  207.689271][   T10] usb 2-1: USB disconnect, device number 23
[  208.148923][T10375] overlayfs: failed to clone upperpath
[  208.495703][T10395] netlink: 'syz.3.1769': attribute type 14 has an invalid length.
[  209.358459][T10405] netlink: 4388 bytes leftover after parsing attributes in process `syz.1.1773'.
[  209.407934][T10409] loop1: detected capacity change from 0 to 128
[  209.425196][T10409] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  209.431015][T10409] ext4 filesystem being mounted at /482/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  209.521926][ T5852] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  210.006574][T10442] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1789'.
[  210.127027][T10452] netlink: 'syz.3.1794': attribute type 1 has an invalid length.
[  210.337408][ T5316] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  210.349834][T10474] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1804'.
[  210.499812][ T5316] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  210.503916][ T5316] usb 2-1: config 0 interface 0 has no altsetting 0
[  210.511948][ T5316] usb 2-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce
[  210.515383][ T5316] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  210.526064][ T5316] usb 2-1: Product: syz
[  210.527716][ T5316] usb 2-1: Manufacturer: syz
[  210.529203][ T5316] usb 2-1: SerialNumber: syz
[  210.532738][ T5316] usb 2-1: config 0 descriptor??
[  210.548481][ T5316] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state.
[  210.554965][ T5316] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  210.559245][ T5316] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0)
[  210.562779][ T5316] usb 2-1: media controller created
[  210.576015][ T5316] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  210.930640][ T5316] DVB: Unable to find symbol tda10046_attach()
[  210.932671][ T5316] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0'
[  210.935295][ T5316] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected.
[  211.721261][T10507] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1817'.
[  212.643491][ T5316] dvb_usb_m920x 2-1:0.0: probe with driver dvb_usb_m920x failed with error -71
[  212.655344][ T5316] usb 2-1: USB disconnect, device number 24
[  213.225735][   T33] audit: type=1326 audit(1755121565.840:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10547 comm="syz.1.1836" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f18f6d8ebe9 code=0x0
[  213.281917][T10555] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1839'.
[  213.284776][T10555] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1839'.
[  213.340457][T10559] sctp: [Deprecated]: syz.3.1841 (pid 10559) Use of int in max_burst socket option.
[  213.340457][T10559] Use struct sctp_assoc_value instead
[  213.600979][T10573] Invalid ELF header type: 0 != 1
[  213.820902][T10585] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1854'.
[  213.832164][T10587] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1855'.
[  213.836974][T10587] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1855'.
[  214.283859][T10606] netlink: 'syz.3.1864': attribute type 3 has an invalid length.
[  214.286957][T10606] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.1864'.
[  215.358400][T10646] loop1: detected capacity change from 0 to 16
[  215.376098][T10646] erofs (device loop1): mounted with root inode @ nid 36.
[  215.575456][T10650] loop1: detected capacity change from 0 to 2048
[  215.580353][T10650] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024)
[  215.593090][T10651] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  215.594913][ T5858] udevd[5858]: incorrect nilfs2 checksum on /dev/loop1
[  216.352104][T10689] netlink: 148 bytes leftover after parsing attributes in process `syz.0.1902'.
[  216.389305][T10689] netlink: 148 bytes leftover after parsing attributes in process `syz.0.1902'.
[  216.482099][   T33] audit: type=1326 audit(1755121569.100:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10698 comm="syz.3.1906" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f934438ebe9 code=0x7ffc0000
[  216.507953][   T33] audit: type=1326 audit(1755121569.100:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10698 comm="syz.3.1906" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f934438ebe9 code=0x7ffc0000
[  216.523591][   T33] audit: type=1326 audit(1755121569.120:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10698 comm="syz.3.1906" exe="/syz-executor" sig=0 arch=c000003e syscall=51 compat=0 ip=0x7f934438ebe9 code=0x7ffc0000
[  216.533701][   T33] audit: type=1326 audit(1755121569.120:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10698 comm="syz.3.1906" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f934438ebe9 code=0x7ffc0000
[  217.171137][T10726] 8021q: adding VLAN 0 to HW filter on device bond1
[  217.229921][T10733] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1922'.
[  217.325272][T10739] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1925'.
[  217.331031][T10739] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1925'.
[  217.334611][T10739] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1925'.
[  217.339127][T10739] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1925'.
[  217.342814][T10739] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1925'.
[  217.370027][T10741] loop1: detected capacity change from 0 to 512
[  217.424039][T10741] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  217.430927][T10741] ext4 filesystem being mounted at /514/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  217.488355][ T5852] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  217.784328][T10758] overlayfs: failed to clone upperpath
[  217.888100][T10762] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1935'.
[  218.464716][T10766] loop1: detected capacity change from 0 to 131072
[  218.488424][T10766] F2FS-fs (loop1): Wrong CP boundary, start(512) end(1536) blocks(0)
[  218.490868][T10766] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  218.567747][T10766] F2FS-fs (loop1): invalid crc value
[  218.731977][T10766] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  218.736719][T10766] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  218.739026][T10766] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  218.760374][T10781] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1941'.
[  219.337867][T10805] 9pnet_fd: Insufficient options for proto=fd
[  219.481744][T10816] team_slave_0: entered promiscuous mode
[  219.483947][T10816] team_slave_1: entered promiscuous mode
[  219.544070][T10829] netlink: 'syz.0.1962': attribute type 30 has an invalid length.
[  219.606537][T10835] fuse: Bad value for 'fd'
[  219.788592][T10837] loop1: detected capacity change from 0 to 32768
[  219.802792][T10837] JBD2: Ignoring recovery information on journal
[  219.836116][T10837] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  219.886629][ T5852] ocfs2: Unmounting device (7,1) on (node local)
[  219.987494][T10849] loop1: detected capacity change from 0 to 128
[  220.460971][T10870] netlink: 'syz.3.1978': attribute type 4 has an invalid length.
[  220.725590][T10879] loop1: detected capacity change from 0 to 32768
[  220.750023][T10879] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  220.799000][T10879] XFS (loop1): Ending clean mount
[  220.805403][T10879] XFS (loop1): Quotacheck needed: Please wait.
[  220.851173][T10879] XFS (loop1): Quotacheck: Done.
[  220.900836][ T5852] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  221.279410][T10916] loop1: detected capacity change from 0 to 64
[  221.292348][T10916] MINIX-fs: deleted inode referenced: 6
[  221.295420][T10916] MINIX-fs: deleted inode referenced: 6
[  221.299949][T10916] MINIX-fs: deleted inode referenced: 6
[  221.301921][T10916] MINIX-fs: deleted inode referenced: 6
[  223.468906][T10984] 9pnet_fd: Insufficient options for proto=fd
[  223.768535][T11002] __nla_validate_parse: 2 callbacks suppressed
[  223.768548][T11002] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2037'.
[  223.893291][T10994] loop1: detected capacity change from 0 to 32768
[  223.907562][T10994] bcachefs (/dev/loop1): error validating superblock: Invalid superblock section replicas_v0: no devices in entry (unknown data_type 127): 1/0 []
[  223.907562][T10994] replicas_v0 (size 24):
[  223.907562][T10994] btree: 1 [0] journal: 1 [0] user: 1 [255] (unknown data_type 127): 0 []
[  223.907562][T10994] 
[  223.925530][T10994] bcachefs: bch2_fs_get_tree() error: invalid_replicas_entry
[  224.134353][T11021] ptrace attach of "/syz-executor exec"[5852] was attempted by "/syz-executor exec"[11021]
[  224.384437][T11027] loop1: detected capacity change from 0 to 4096
[  224.451072][T11027] ntfs3(loop1): ino=9, attr_set_size
[  224.589011][T11033] overlayfs: failed to resolve './file1': -2
[  224.969453][T11057] loop1: detected capacity change from 0 to 256
[  224.978198][T11057] vfat: Unknown parameter 'shhortname'
[  226.459826][T11082] loop1: detected capacity change from 0 to 32768
[  226.471557][T11082] XFS (loop1): invalid log iosize: 1 [not 12-30]
[  226.673787][T11104] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.2082'.
[  227.540661][T11138] loop1: detected capacity change from 0 to 512
[  227.552454][T11139] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2097'.
[  227.583923][T11138] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  227.594803][T11138] ext4 filesystem being mounted at /560/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  227.664212][ T5852] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  227.770733][T11157] delete_channel: no stack
[  227.931326][T11168] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma?
[  228.818424][T11189] 9pnet_fd: Insufficient options for proto=fd
[  228.851690][T11191] loop1: detected capacity change from 0 to 256
[  228.866512][T11191] exFAT-fs (loop1): failed to load upcase table (idx : 0x00011a39, chksum : 0xd54015fb, utbl_chksum : 0xe619d30d)
[  229.436301][T11230] netlink: 156 bytes leftover after parsing attributes in process `syz.0.2137'.
[  229.765247][T11240] loop1: detected capacity change from 0 to 32768
[  229.775387][T11240] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.2142 (11240)
[  229.787719][T11240] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  229.790949][T11240] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[  229.793569][T11240] BTRFS info (device loop1): using free-space-tree
[  229.867074][ T5852] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  229.912444][   T33] audit: type=1326 audit(1755121582.530:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11258 comm="syz.3.2144" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f934438ebe9 code=0x7ffc0000
[  229.932914][   T33] audit: type=1326 audit(1755121582.530:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11258 comm="syz.3.2144" exe="/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7f934438ebe9 code=0x7ffc0000
[  229.949211][   T33] audit: type=1326 audit(1755121582.530:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11258 comm="syz.3.2144" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f934438ebe9 code=0x7ffc0000
[  229.956203][   T33] audit: type=1326 audit(1755121582.530:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11258 comm="syz.3.2144" exe="/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f934438ebe9 code=0x7ffc0000
[  229.983176][   T33] audit: type=1326 audit(1755121582.530:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11258 comm="syz.3.2144" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f934438ebe9 code=0x7ffc0000
[  229.991064][   T33] audit: type=1326 audit(1755121582.530:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11258 comm="syz.3.2144" exe="/syz-executor" sig=0 arch=c000003e syscall=128 compat=0 ip=0x7f934438ebe9 code=0x7ffc0000
[  230.001521][   T33] audit: type=1326 audit(1755121582.600:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11258 comm="syz.3.2144" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f934438ebe9 code=0x7ffc0000
[  230.035441][   T33] audit: type=1326 audit(1755121582.600:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11258 comm="syz.3.2144" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f934438ebe9 code=0x7ffc0000
[  230.523147][T11286] loop1: detected capacity change from 0 to 256
[  230.638323][T11286] exFAT-fs (loop1): error, data size is invalid(34359738378)
[  230.662922][T11286] exFAT-fs (loop1): Filesystem has been set read-only
[  230.717842][T11290] exFAT-fs (loop1): error, data size is invalid(34359738378)
[  231.197580][T11318] loop1: detected capacity change from 0 to 1024
[  231.219350][T11318] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  231.224855][T11318] ext4 filesystem being mounted at /591/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  231.269017][ T5852] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  231.891880][T11336] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2174'.
[  232.036903][T11348] ref_ctr going negative. vaddr: 0x200000ffc002, curr val: -29824, delta: 1
[  232.041177][T11348] ref_ctr increment failed for inode: 0xffe offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff888027441580
[  232.045721][   T33] audit: type=1804 audit(1755121584.650:76): pid=11348 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2180" name="file0" dev="tmpfs" ino=4094 res=1 errno=0
[  232.155994][T11358] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2185'.
[  232.164882][T11358] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2185'.
[  232.165546][T11360] 9pnet_fd: Insufficient options for proto=fd
[  232.262350][T11367] loop1: detected capacity change from 0 to 256
[  232.607552][   T24] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  232.885549][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  232.921567][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  232.934121][   T24] usb 2-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af
[  232.988079][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  233.060073][   T24] usb 2-1: config 0 descriptor??
[  233.516004][   T24] hid_parser_main: 55 callbacks suppressed
[  233.516023][   T24] playstation 0003:054C:0DF2.000B: unknown main item tag 0x0
[  233.524185][   T24] playstation 0003:054C:0DF2.000B: unknown main item tag 0x0
[  233.527011][   T24] playstation 0003:054C:0DF2.000B: unknown main item tag 0x0
[  233.529956][   T24] playstation 0003:054C:0DF2.000B: unknown main item tag 0x0
[  233.532900][   T24] playstation 0003:054C:0DF2.000B: unknown main item tag 0x0
[  233.544497][   T24] playstation 0003:054C:0DF2.000B: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.1-1/input0
[  233.909827][   T24] playstation 0003:054C:0DF2.000B: Failed to retrieve feature with reportID 32: -71
[  233.912875][   T24] playstation 0003:054C:0DF2.000B: Failed to retrieve DualSense firmware info: -71
[  233.915741][   T24] playstation 0003:054C:0DF2.000B: Failed to get firmware info from DualSense
[  233.952715][   T24] playstation 0003:054C:0DF2.000B: Failed to create dualsense.
[  233.989216][   T24] playstation 0003:054C:0DF2.000B: probe with driver playstation failed with error -71
[  234.009421][   T24] usb 2-1: USB disconnect, device number 25
[  234.033042][T11457] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2229'.
[  234.571202][T11490] batadv0: entered promiscuous mode
[  234.582682][T11490] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[  235.096664][T11534] netlink: 14 bytes leftover after parsing attributes in process `syz.3.2266'.
[  235.103839][T11534] hsr_slave_0: left promiscuous mode
[  235.109652][T11534] hsr_slave_1: left promiscuous mode
[  235.444047][T11543] netlink: 'syz.3.2270': attribute type 1 has an invalid length.
[  235.452287][T11541] loop1: detected capacity change from 0 to 4096
[  235.569420][T11549] loop1: detected capacity change from 0 to 1024
[  235.573306][T11549] EXT4-fs: Ignoring removed bh option
[  235.577003][T11549] EXT4-fs (loop1): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  235.591719][T11549] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  235.614681][T11549] overlay: Bad value for 'workdir'
[  235.656241][ T5852] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  235.968395][   T10] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  236.127309][   T10] usb 2-1: Using ep0 maxpacket: 8
[  236.133974][   T10] usb 2-1: config 0 has an invalid interface number: 92 but max is 0
[  236.138520][   T10] usb 2-1: config 0 has no interface number 0
[  236.140952][   T10] usb 2-1: config 0 interface 92 altsetting 0 endpoint 0xE has invalid maxpacket 512, setting to 64
[  236.150530][   T10] usb 2-1: New USB device found, idVendor=0a12, idProduct=5d10, bcdDevice=81.44
[  236.154082][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  236.164117][   T10] usb 2-1: Product: syz
[  236.166103][   T10] usb 2-1: Manufacturer: syz
[  236.169980][   T10] usb 2-1: SerialNumber: syz
[  236.175321][   T10] usb 2-1: config 0 descriptor??
[  236.307610][   T10] ushc 2-1:0.92: probe with driver ushc failed with error -110
[  236.383492][   T24] usb 2-1: USB disconnect, device number 26
[  237.290233][T11615] IPVS: sync thread started: state = MASTER, mcast_ifn = bridge_slave_0, syncid = 0, id = 0
[  237.818400][   T33] audit: type=1107 audit(1755121590.410:77): pid=11618 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg=''
[  238.603969][T11633] netlink: 34 bytes leftover after parsing attributes in process `syz.1.2306'.
[  238.613963][T11633] loop1: detected capacity change from 0 to 512
[  238.621051][T11633] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  238.653336][T11633] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  238.661425][T11633] ext4 filesystem being mounted at /616/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  239.613284][T11656] overlayfs: failed to clone upperpath
[  239.662453][ T5852] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  240.748633][T11680] loop1: detected capacity change from 0 to 32768
[  240.768618][   T33] audit: type=1326 audit(1755121593.390:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11685 comm="syz.0.2329" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff93a18ebe9 code=0x7ffc0000
[  240.777307][   T33] audit: type=1326 audit(1755121593.390:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11685 comm="syz.0.2329" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff93a18ebe9 code=0x7ffc0000
[  240.784126][   T33] audit: type=1326 audit(1755121593.390:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11685 comm="syz.0.2329" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff93a18ebe9 code=0x7ffc0000
[  240.809573][   T33] audit: type=1326 audit(1755121593.390:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11685 comm="syz.0.2329" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff93a18ebe9 code=0x7ffc0000
[  240.818518][ T5858]  loop1: p2 p3 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p216 p217 p218 p219 p220 p221 p222 p223 p224 p225 
[  240.826249][   T33] audit: type=1326 audit(1755121593.390:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11685 comm="syz.0.2329" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff93a18ebe9 code=0x7ffc0000
[  240.878375][   T33] audit: type=1326 audit(1755121593.400:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11685 comm="syz.0.2329" exe="/syz-executor" sig=0 arch=c000003e syscall=451 compat=0 ip=0x7ff93a18ebe9 code=0x7ffc0000
[  240.892317][   T33] audit: type=1326 audit(1755121593.400:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11685 comm="syz.0.2329" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff93a18ebe9 code=0x7ffc0000
[  240.901165][   T33] audit: type=1326 audit(1755121593.400:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11685 comm="syz.0.2329" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff93a18ebe9 code=0x7ffc0000
[  241.152247][T11715] netlink: 'syz.0.2343': attribute type 6 has an invalid length.
[  241.154750][T11715] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.2343'.
[  241.858064][T11747] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2359'.
[  242.094153][ T5858] udevd[5858]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory
[  242.102469][ T5851] udevd[5851]: inotify_add_watch(7, /dev/loop1p6, 10) failed: No such file or directory
[  242.111081][ T5855] udevd[5855]: inotify_add_watch(7, /dev/loop1p5, 10) failed: No such file or directory
[  242.114438][ T6444] udevd[6444]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory
[  242.118083][ T5999] udevd[5999]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory
[  242.122142][ T6443] udevd[6443]: inotify_add_watch(7, /dev/loop1p7, 10) failed: No such file or directory
[  242.205949][T11757] udevd[11757]: inotify_add_watch(7, /dev/loop1p8, 10) failed: No such file or directory
[  242.239907][ T6444] udevd[6444]: inotify_add_watch(7, /dev/loop1p16, 10) failed: No such file or directory
[  242.240268][ T5858] udevd[5858]: inotify_add_watch(7, /dev/loop1p14, 10) failed: No such file or directory
[  242.248613][ T5999] udevd[5999]: inotify_add_watch(7, /dev/loop1p15, 10) failed: No such file or directory
[  243.221252][T11824] loop1: detected capacity change from 0 to 512
[  243.228896][T11824] EXT4-fs: Ignoring removed bh option
[  243.241355][T11824] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  243.313211][T11824] EXT4-fs (loop1): 1 truncate cleaned up
[  243.334254][T11824] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  243.624022][   T33] audit: type=1800 audit(1755121596.220:86): pid=11838 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2392" name="bus" dev="loop1" ino=18 res=0 errno=0
[  244.059762][T11847] overlayfs: failed to resolve './bus': -2
[  244.473606][ T5852] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  245.420840][   T54] Bluetooth: hci1: unexpected event for opcode 0x0c2d
[  246.082499][T11908] netlink: 'syz.0.2427': attribute type 75 has an invalid length.
[  246.598744][T11918] netlink: 'syz.3.2432': attribute type 9 has an invalid length.
[  246.607533][T11918] netlink: 211988 bytes leftover after parsing attributes in process `syz.3.2432'.
[  246.620389][T11922] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  246.701520][T11930] macsec0: entered promiscuous mode
[  246.703427][T11930] macsec0: entered allmulticast mode
[  246.705072][T11930] veth1_macvtap: entered allmulticast mode
[  247.980503][T11975] loop1: detected capacity change from 0 to 128
[  248.028510][T11975] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (39871!=39978)
[  248.052943][T11975] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 ro without journal. Quota mode: none.
[  248.073061][T11975] EXT4-fs warning (device loop1): ext4_dirblock_csum_verify:375: inode #2: comm syz.1.2457: No space for directory leaf checksum. Please run e2fsck -D.
[  248.083106][T11975] EXT4-fs error (device loop1): htree_dirblock_to_tree:1051: inode #2: comm syz.1.2457: Directory block failed checksum
[  248.120165][ T5852] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  248.201454][T11990] loop1: detected capacity change from 0 to 128
[  248.782089][T12013] overlayfs: failed to resolve 'W': -2
[  248.902576][T12017] netlink: 'syz.1.2475': attribute type 3 has an invalid length.
[  248.906368][T12017] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2475'.
[  249.092079][T12022] loop1: detected capacity change from 0 to 256
[  249.101614][T12022] exfat: Deprecated parameter 'namecase'
[  249.107951][T12022] exfat: Deprecated parameter 'utf8'
[  249.116718][T12022] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[  249.199288][T12028] loop1: detected capacity change from 0 to 256
[  249.202680][T12028] exfat: Deprecated parameter 'utf8'
[  249.204441][T12028] exfat: Deprecated parameter 'namecase'
[  249.206829][T12028] exfat: Deprecated parameter 'namecase'
[  249.210319][T12028] exfat: Deprecated parameter 'utf8'
[  249.221854][T12028] exFAT-fs (loop1): failed to load upcase table (idx : 0x00012153, chksum : 0x5270ca8d, utbl_chksum : 0xe619d30d)
[  249.355761][T12039] loop1: detected capacity change from 0 to 64
[  249.431740][   T54] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  249.434816][   T54] Bluetooth: hci1: Injecting HCI hardware error event
[  249.441548][ T5857] Bluetooth: hci1: hardware error 0x00
[  249.799685][T12050] loop1: detected capacity change from 0 to 32768
[  249.808542][T12050] BTRFS warning: excessive commit interval 2147483647, use with care
[  249.812312][T12050] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.2490 (12050)
[  249.832978][T12050] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  249.838284][T12050] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm
[  249.841857][T12050] BTRFS info (device loop1): disk space caching is enabled
[  249.844872][T12050] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  249.951516][T12050] BTRFS info (device loop1): rebuilding free space tree
[  249.970980][T12050] BTRFS info (device loop1): disabling free space tree
[  249.973941][T12050] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  249.979231][T12050] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  250.118839][ T5852] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  250.463111][T12101] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2507'.
[  250.466887][T12101] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2507'.
[  251.189570][T12126] 9pnet_fd: Insufficient options for proto=fd
[  251.196004][T12128] tc_dump_action: action bad kind
[  251.281512][   T33] audit: type=1326 audit(1755121603.900:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12133 comm="syz.3.2523" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f934438ebe9 code=0x0
[  251.484904][T12146] netlink: 'syz.3.2528': attribute type 10 has an invalid length.
[  251.639779][T12146] batman_adv: batadv0: Local translation table size (108) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:17
[  251.707540][ T5857] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  251.711961][T12146] 8021q: adding VLAN 0 to HW filter on device batadv0
[  251.716186][T12146] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  251.723224][T12149] batman_adv: batadv0: Local translation table size (108) exceeds maximum packet size (-320); Ignoring new local tt entry: 24:02:48:ff:05:00
[  251.734711][T12149] bond0: entered promiscuous mode
[  251.736477][T12149] bond_slave_0: entered promiscuous mode
[  251.739825][T12149] bond_slave_1: entered promiscuous mode
[  251.741875][T12149] batadv0: entered promiscuous mode
[  251.921304][T12161] netlink: 'syz.3.2534': attribute type 4 has an invalid length.
[  252.103555][T12173] tipc: Started in network mode
[  252.105252][T12173] tipc: Node identity 7365725f69643d3, cluster identity 4711
[  252.108277][T12173] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  253.080035][T12210] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2559'.
[  253.774108][   T33] audit: type=1326 audit(1755121606.390:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12218 comm="syz.3.2562" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f934438ebe9 code=0x7ffc0000
[  253.825709][   T33] audit: type=1326 audit(1755121606.390:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12218 comm="syz.3.2562" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f934438ebe9 code=0x7ffc0000
[  253.856808][   T33] audit: type=1326 audit(1755121606.390:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12218 comm="syz.3.2562" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f934438ebe9 code=0x7ffc0000
[  253.875499][   T33] audit: type=1326 audit(1755121606.390:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12218 comm="syz.3.2562" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f934438ebe9 code=0x7ffc0000
[  253.906556][   T33] audit: type=1326 audit(1755121606.390:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12218 comm="syz.3.2562" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f934438ebe9 code=0x7ffc0000
[  253.919698][   T33] audit: type=1326 audit(1755121606.400:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12218 comm="syz.3.2562" exe="/syz-executor" sig=0 arch=c000003e syscall=271 compat=0 ip=0x7f934438ebe9 code=0x7ffc0000
[  253.949850][   T33] audit: type=1326 audit(1755121606.410:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12218 comm="syz.3.2562" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f934438ebe9 code=0x7ffc0000
[  253.992967][   T33] audit: type=1326 audit(1755121606.410:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12218 comm="syz.3.2562" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f934438ebe9 code=0x7ffc0000
[  254.013307][   T33] audit: type=1326 audit(1755121606.410:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12218 comm="syz.3.2562" exe="/syz-executor" sig=0 arch=c000003e syscall=283 compat=0 ip=0x7f934438ebe9 code=0x7ffc0000
[  254.526005][T12266] loop1: detected capacity change from 0 to 128
[  254.548068][T12266] befs: (loop1): invalid magic header
[  254.642772][T12276] tipc: Started in network mode
[  254.646564][T12276] tipc: Node identity ac141441, cluster identity 4711
[  254.668838][T12276] tipc: Enabled bearer <udp:syz2>, priority 10
[  254.743483][T12285] loop1: detected capacity change from 0 to 2048
[  254.746526][T12285] udf: Unknown parameter ''
[  254.761105][   T10] kernel write not supported for file /snd/midiC2D0 (pid: 10 comm: kworker/0:1)
[  254.839301][T12295] IPVS: lc: UDP 224.0.0.2:0 - no destination available
[  254.972232][T12304] delete_channel: no stack
[  255.037379][   T10] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  255.197299][   T10] usb 2-1: Using ep0 maxpacket: 8
[  255.201912][   T10] usb 2-1: config 0 has an invalid interface number: 223 but max is 0
[  255.205365][   T10] usb 2-1: config 0 has no interface number 0
[  255.208871][   T10] usb 2-1: config 0 interface 223 has no altsetting 0
[  255.216964][   T10] usb 2-1: New USB device found, idVendor=0543, idProduct=1923, bcdDevice=2f.36
[  255.220728][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  255.223425][   T10] usb 2-1: Product: syz
[  255.224823][   T10] usb 2-1: Manufacturer: syz
[  255.226423][   T10] usb 2-1: SerialNumber: syz
[  255.230615][   T10] usb 2-1: config 0 descriptor??
[  255.350699][ T1362] ieee802154 phy0 wpan0: encryption failed: -22
[  255.352851][ T1362] ieee802154 phy1 wpan1: encryption failed: -22
[  255.444696][   T10] usb 2-1: USB disconnect, device number 27
[  255.690379][   T10] tipc: Node number set to 2886997057
[  255.840967][T12327] Non-string source
[  256.295137][T12366] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2633'.
[  256.835312][T12380] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2640'.
[  257.691703][T12412] 9pnet_fd: Insufficient options for proto=fd
[  257.857201][   T33] kauditd_printk_skb: 50 callbacks suppressed
[  257.857214][   T33] audit: type=1326 audit(1755121610.470:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12419 comm="syz.0.2658" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff93a18ebe9 code=0x0
[  258.160940][T12440] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2667'.
[  258.163853][T12440] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2667'.
[  259.579248][T12479] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2685'.
[  259.583726][T12481] netlink: 'syz.3.2686': attribute type 30 has an invalid length.
[  259.586245][T12481] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2686'.
[  259.599324][T12481] (unnamed net_device) (uninitialized): option arp_missed_max: mode dependency failed, not supported in mode 802.3ad(4)
[  259.654282][T12487] overlayfs: failed to clone upperpath
[  261.106993][T12554] overlayfs: failed to clone upperpath
[  261.523427][T12568] loop1: detected capacity change from 0 to 32768
[  261.539505][T12568] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.2728 (12568)
[  261.552300][T12568] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  261.556335][T12568] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm
[  261.563440][T12568] BTRFS info (device loop1): using free-space-tree
[  261.826945][ T5852] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  262.357583][T12596] binder: 12595:12596 ioctl c0306201 200000000280 returned -14
[  263.373354][T12620] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2744'.
[  263.686565][T12628] loop6: detected capacity change from 0 to 524287999
[  263.691596][T12628] Buffer I/O error on dev loop6, logical block 0, async page read
[  263.694898][T12628] Buffer I/O error on dev loop6, logical block 0, async page read
[  263.699723][T12628] Buffer I/O error on dev loop6, logical block 0, async page read
[  263.715092][T12628] Buffer I/O error on dev loop6, logical block 0, async page read
[  263.718743][T12628] Buffer I/O error on dev loop6, logical block 0, async page read
[  263.722239][T12628] Buffer I/O error on dev loop6, logical block 0, async page read
[  263.725276][T12628] Buffer I/O error on dev loop6, logical block 0, async page read
[  263.729066][T12628] Buffer I/O error on dev loop6, logical block 0, async page read
[  263.731532][T12628] ldm_validate_partition_table(): Disk read failed.
[  263.733846][T12628] Buffer I/O error on dev loop6, logical block 0, async page read
[  263.737048][T12628] Buffer I/O error on dev loop6, logical block 0, async page read
[  263.741646][T12628] Dev loop6: unable to read RDB block 0
[  263.745519][T12628]  loop6: unable to read partition table
[  263.755477][T12628] loop_reread_partitions: partition scan of loop6 (3xC) failed (rc=-5)
[  264.260372][T12643] kAFS: No cell specified
[  264.815340][T12676] overlayfs: failed to clone upperpath
[  265.443817][T12688] kAFS: unable to lookup cell '\/'
[  265.628132][T12695] Invalid source name
[  265.629482][T12695] UBIFS error (pid: 12695): cannot open "/dev/sg0", error -22
[  265.651133][T12695] loop1: detected capacity change from 0 to 64
[  265.802217][T12706] netlink: 'syz.3.2782': attribute type 2 has an invalid length.
[  265.802250][T12706] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.2782'.
[  265.802262][T12706] nbd: must specify a device to reconfigure
[  266.492966][T12734] loop1: detected capacity change from 0 to 128
[  266.514035][T12734] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  266.521621][T12734] ext4 filesystem being mounted at /735/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  266.543458][T12734] EXT4-fs warning (device loop1): ext4_dirblock_csum_verify:375: inode #2: comm syz.1.2794: No space for directory leaf checksum. Please run e2fsck -D.
[  266.548798][T12734] EXT4-fs error (device loop1): __ext4_find_entry:1626: inode #2: comm syz.1.2794: checksumming directory block 0
[  266.578453][ T5852] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  266.595728][T12740] netlink: 'syz.0.2797': attribute type 2 has an invalid length.
[  266.689076][T12744] loop1: detected capacity change from 0 to 4096
[  266.696646][T12744] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512).
[  266.722802][T12744] ntfs3(loop1): ino=1a, mi_enum_attr
[  266.724595][T12744] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[  266.725311][T12748] netlink: 'syz.0.2800': attribute type 10 has an invalid length.
[  266.762841][T12748] team0: Port device bridge0 added
[  266.775753][T12744] ntfs3(loop1): ino=1e, "file1" ntfs3_write_inode failed, -22.
[  266.783291][T12744] ntfs3(loop1): ino=1e, "file1" ntfs3_write_inode failed, -22.
[  266.933366][T12751] netlink: 'syz.3.2802': attribute type 21 has an invalid length.
[  266.935833][T12751] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2802'.
[  267.037918][T12759] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2805'.
[  267.102775][T12765] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  267.172946][T12769] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2810'.
[  267.176618][T12769] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2810'.
[  267.930340][T12786] loop1: detected capacity change from 0 to 256
[  267.933070][T12786] exfat: Unknown parameter ''
[  268.893863][T12812] loop1: detected capacity change from 0 to 64
[  268.954933][T12816] bridge0: port 1(syz_tun) entered blocking state
[  268.958843][T12816] bridge0: port 1(syz_tun) entered disabled state
[  268.961686][T12816] syz_tun: entered allmulticast mode
[  268.965438][T12816] syz_tun: entered promiscuous mode
[  268.972332][T12816] bridge0: port 1(syz_tun) entered blocking state
[  268.975068][T12816] bridge0: port 1(syz_tun) entered forwarding state
[  268.993252][T12818] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2832'.
[  269.082082][T12822] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2834'.
[  269.235556][T12834] loop1: detected capacity change from 0 to 512
[  269.271512][T12834] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  269.286035][T12834] ext4 filesystem being mounted at /743/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  269.321571][T12834] EXT4-fs error (device loop1): ext4_get_first_dir_block:3533: inode #12: comm syz.1.2840: Attempting to read directory block (0) that is past i_size (3)
[  269.353640][ T5852] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  269.899372][T12865] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2852'.
[  270.046042][   T33] audit: type=1326 audit(1755121622.660:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12879 comm="syz.0.2859" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff93a18ebe9 code=0x7ffc0000
[  270.062140][   T33] audit: type=1326 audit(1755121622.670:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12879 comm="syz.0.2859" exe="/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7ff93a18ebe9 code=0x7ffc0000
[  270.073778][   T33] audit: type=1326 audit(1755121622.670:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12879 comm="syz.0.2859" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff93a18ebe9 code=0x7ffc0000
[  270.080761][   T33] audit: type=1326 audit(1755121622.670:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12879 comm="syz.0.2859" exe="/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7ff93a18ebe9 code=0x7ffc0000
[  270.087528][   T33] audit: type=1326 audit(1755121622.670:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12879 comm="syz.0.2859" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff93a18ebe9 code=0x7ffc0000
[  270.095033][   T33] audit: type=1326 audit(1755121622.670:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12879 comm="syz.0.2859" exe="/syz-executor" sig=0 arch=c000003e syscall=285 compat=0 ip=0x7ff93a18ebe9 code=0x7ffc0000
[  270.111458][   T33] audit: type=1326 audit(1755121622.670:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12879 comm="syz.0.2859" exe="/syz-executor" sig=0 arch=c000003e syscall=96 compat=0 ip=0xffffffffff600000 code=0x7ffc0000
[  270.123693][   T33] audit: type=1326 audit(1755121622.670:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12879 comm="syz.0.2859" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff93a18ebe9 code=0x7ffc0000
[  270.417461][   T47] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  270.448993][T12890] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2864'.
[  270.568160][   T47] usb 2-1: Using ep0 maxpacket: 8
[  270.571867][   T47] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  270.575424][   T47] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0
[  270.583614][   T47] usb 2-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52
[  270.587036][   T47] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  270.590674][   T47] usb 2-1: Product: syz
[  270.592285][   T47] usb 2-1: Manufacturer: syz
[  270.594103][   T47] usb 2-1: SerialNumber: syz
[  270.600593][   T47] usb 2-1: config 0 descriptor??
[  270.990502][T12884] orangefs_mount: mount request failed with -4
[  271.022579][   T47] usb 2-1: USB disconnect, device number 28
[  272.929520][    C1] vcan0: j1939_tp_rxtimer: 0xffff888115b15800: rx timeout, send abort
[  272.937317][    C1] vcan0: j1939_tp_rxtimer: 0xffff8881117f5000: rx timeout, send abort
[  272.941536][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888115b15800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  272.947557][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff8881117f5000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  273.880071][T12972] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  273.882468][T12972] IPv6: NLM_F_CREATE should be set when creating new route
[  273.886086][T12972] lo: entered allmulticast mode
[  273.894708][T12972] tunl0: entered allmulticast mode
[  273.908479][T12972] gre0: entered allmulticast mode
[  273.929221][T12972] gretap0: entered allmulticast mode
[  273.943019][T12972] erspan0: entered allmulticast mode
[  273.950848][T12972] ip_vti0: entered allmulticast mode
[  273.965256][T12972] ip6_vti0: entered allmulticast mode
[  273.975265][T12972] sit0: entered allmulticast mode
[  273.995980][T12972] ip6tnl0: entered allmulticast mode
[  274.003618][T12972] ip6gre0: entered allmulticast mode
[  274.016316][T12972] bridge0: port 1(syz_tun) entered disabled state
[  274.019357][T12972] ip6gretap0: entered allmulticast mode
[  274.036439][T12972] vcan0: entered allmulticast mode
[  274.039969][T12972] bond0: entered allmulticast mode
[  274.048590][T12972] team0: entered allmulticast mode
[  274.050975][T12972] dummy0: entered allmulticast mode
[  274.062430][T12972] nlmon0: entered allmulticast mode
[  274.066969][T12972] caif0: entered allmulticast mode
[  274.070907][T12972] batadv0: entered allmulticast mode
[  274.079259][T12972] vxcan0: entered allmulticast mode
[  274.083017][T12972] vxcan1: entered allmulticast mode
[  274.088426][T12972] veth0: entered allmulticast mode
[  274.093872][T12972] veth1: entered allmulticast mode
[  274.104627][T12972] wg0: entered allmulticast mode
[  274.110642][T12972] wg1: entered allmulticast mode
[  274.120001][T12972] wg2: entered allmulticast mode
[  274.125258][T12972] veth0_to_bridge: entered allmulticast mode
[  274.130901][T12972] bridge_slave_0: entered allmulticast mode
[  274.137471][T12972] veth1_to_bridge: entered allmulticast mode
[  274.142808][T12972] bridge_slave_1: entered allmulticast mode
[  274.149759][T12972] veth0_to_bond: entered allmulticast mode
[  274.155025][T12972] bond_slave_0: entered allmulticast mode
[  274.160049][T12972] veth1_to_bond: entered allmulticast mode
[  274.165152][T12972] bond_slave_1: entered allmulticast mode
[  274.169833][T12972] veth0_to_team: entered allmulticast mode
[  274.176480][T12972] team_slave_0: entered allmulticast mode
[  274.185478][T12972] veth1_to_team: entered allmulticast mode
[  274.191072][T12972] team_slave_1: entered allmulticast mode
[  274.193697][T12972] veth0_to_batadv: entered allmulticast mode
[  274.203576][T12972] batadv_slave_0: entered allmulticast mode
[  274.209827][T12972] veth1_to_batadv: entered allmulticast mode
[  274.216079][T12972] batadv_slave_1: entered allmulticast mode
[  274.223303][T12972] tipc: Resetting bearer <eth:xfrm0>
[  274.227555][T12972] xfrm0: entered allmulticast mode
[  274.233449][T12972] veth0_to_hsr: entered allmulticast mode
[  274.238264][T12972] hsr_slave_0: entered allmulticast mode
[  274.244381][T12972] veth1_to_hsr: entered allmulticast mode
[  274.249892][T12972] hsr_slave_1: entered allmulticast mode
[  274.256028][T12972] hsr0: entered allmulticast mode
[  274.262431][T12972] veth1_virt_wifi: entered allmulticast mode
[  274.272920][T12972] veth0_virt_wifi: entered allmulticast mode
[  274.285905][T12972] net veth1_virt_wifi virt_wifi0: entered allmulticast mode
[  274.293452][T12972] veth1_macvtap: entered allmulticast mode
[  274.311588][T12972] veth0_macvtap: entered allmulticast mode
[  274.324226][T12972] macvtap0: entered allmulticast mode
[  274.336130][T12972] macsec0: entered allmulticast mode
[  274.351927][T12972] geneve0: entered allmulticast mode
[  274.364216][T12972] geneve1: entered allmulticast mode
[  274.373369][T12972] netdevsim netdevsim0 netdevsim1: entered allmulticast mode
[  274.390164][T12972] netdevsim netdevsim0 netdevsim2: entered allmulticast mode
[  274.403414][T12972] netdevsim netdevsim0 netdevsim3: entered allmulticast mode
[  274.418398][T12976] loop1: detected capacity change from 0 to 40427
[  274.422575][T12976] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  274.425697][T12976] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  274.434421][T12976] F2FS-fs (loop1): invalid crc value
[  274.446422][T12972] mac80211_hwsim hwsim6 wlan0: entered allmulticast mode
[  274.475408][T12972] mac80211_hwsim hwsim7 wlan1: entered allmulticast mode
[  274.480479][T12972] gre1: entered allmulticast mode
[  274.482315][T12972] bond1: entered allmulticast mode
[  274.484172][T12972] ip6erspan0: entered allmulticast mode
[  274.485965][T12972] veth2: entered allmulticast mode
[  274.489373][T12972] veth3: entered allmulticast mode
[  274.493431][T12972] gre2: entered allmulticast mode
[  274.496227][T12972] vlan2: left promiscuous mode
[  274.499887][T12972] bridge0: left promiscuous mode
[  274.501522][T12972] gretap1: entered allmulticast mode
[  274.503381][T12972] bond2: entered allmulticast mode
[  274.505047][T12972] macsec1: entered allmulticast mode
[  274.507061][T12972] vti60: entered allmulticast mode
[  274.510620][T12972] erspan1: entered allmulticast mode
[  274.512868][T12972] geneve2: entered allmulticast mode
[  274.515667][ T5879] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  274.519507][ T5879] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  274.522815][ T5879] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  274.525769][ T5879] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  274.536727][T12976] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  274.542899][T12976] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  274.545608][T12976] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  274.592978][T12976] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix.
[  274.596392][T12976] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix.
[  274.602995][T12976] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix.
[  274.605526][T12976] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix.
[  274.611550][T12976] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix.
[  274.615093][T12976] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix.
[  274.619769][T12976] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix.
[  275.097913][T12997] loop1: detected capacity change from 0 to 32768
[  276.007697][   T24] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  276.161509][   T24] usb 2-1: New USB device found, idVendor=0c45, idProduct=8001, bcdDevice=90.0a
[  276.165481][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  276.170924][   T24] usb 2-1: config 0 descriptor??
[  276.178712][   T24] gspca_main: sn9c2028-2.14.0 probing 0c45:8001
[  276.415152][   T24] gspca_sn9c2028: read1 error -71
[  276.422762][   T24] gspca_sn9c2028: read1 error -71
[  276.428132][   T24] gspca_sn9c2028: read1 error -71
[  276.433940][   T24] sn9c2028 2-1:0.0: probe with driver sn9c2028 failed with error -71
[  276.445294][   T24] usb 2-1: USB disconnect, device number 29
[  276.650094][T13053] 9pnet_fd: Insufficient options for proto=fd
[  276.726079][T13054] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2933'.
[  277.947747][   T24] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  278.097757][   T24] usb 2-1: Using ep0 maxpacket: 8
[  278.102553][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  278.107747][   T24] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  278.113080][   T24] usb 2-1: New USB device found, idVendor=046d, idProduct=c298, bcdDevice= 0.00
[  278.116763][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  278.124417][   T24] usb 2-1: config 0 descriptor??
[  278.540862][   T24] logitech 0003:046D:C298.000C: item fetching failed at offset 4/5
[  278.544693][   T24] logitech 0003:046D:C298.000C: parse failed
[  278.552595][   T24] logitech 0003:046D:C298.000C: probe with driver logitech failed with error -22
[  278.640845][   T33] audit: type=1326 audit(1755121631.260:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13095 comm="syz.0.2953" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff93a18ebe9 code=0x7ffc0000
[  278.649539][   T33] audit: type=1326 audit(1755121631.270:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13095 comm="syz.0.2953" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff93a18ebe9 code=0x7ffc0000
[  278.658540][   T33] audit: type=1326 audit(1755121631.270:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13095 comm="syz.0.2953" exe="/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7ff93a18ebe9 code=0x7ffc0000
[  278.671721][   T33] audit: type=1326 audit(1755121631.270:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13095 comm="syz.0.2953" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff93a18ebe9 code=0x7ffc0000
[  278.684501][   T33] audit: type=1326 audit(1755121631.270:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13095 comm="syz.0.2953" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff93a18ebe9 code=0x7ffc0000
[  278.736535][   T10] usb 2-1: USB disconnect, device number 30
[  279.576900][T13128] loop1: detected capacity change from 0 to 32768
[  279.584945][T13128] bcachefs (/dev/loop1): error validating superblock: Invalid superblock section clean: entry type btree_keys overruns end of section
[  279.584945][T13128] clean (size 2912):
[  279.584945][T13128] flags:          0
[  279.584945][T13128] journal_seq:    8
[  279.584945][T13128] prio_ptrs: 
[  279.584945][T13128] usage: type=key_version v=0
[  279.584945][T13128] usage: type=reserved v=0
[  279.584945][T13128] usage: type=reserved v=0
[  279.584945][T13128] usage: type=reserved v=0
[  279.584945][T13128] usage: type=reserved v=0
[  279.584945][T13128] data_usage: btree: 1/1 [0]=2816
[  279.584945][T13128] data_usage: journal: 1/1 [0]=0
[  279.584945][T13128] data_usage: user: 1/1 [0]=32
[  279.584945][T13128] dev_usage: dev=0  
[  279.584945][T13128]   free: buckets=83 sectors=0 fragmented=0
[  279.584945][T13128]   sb: buckets=25 sectors=6152 fragmented=248
[  279.584945][T13128]   journal: buckets=8 sectors=2048 fragmented=0
[  279.584945][T13128]   btree: buckets=11 sectors=2816 fragmented=0
[  279.584945][T13128]   user: buckets=1 sectors=32 fragmented=224
[  279.584945][T13128]   cached: buckets=0 sectors=0 fragmented=0
[  279.584945][T13128]   parity: buckets=0 sectors=0 fragmented=0
[  279.584945][T13128]   stripe: buckets=0 sectors=0 fragmented=0
[  279.584945][T13128]   need_gc_gens: buckets=0 sectors=0 fragmented=0
[  279.584945][T13128]   need_discard: buckets=0 sectors=0 fragmented=0
[  279.584945][T13128] clock: read=0
[  279.584945][T13128] clock: write=1288
[  279.584945][T13128] btree_root: btree=extents level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 249e7ae2af8ee3
[  279.585143][T13128] bcachefs: bch2_fs_get_tree() error: invalid_sb_clean
[  280.342941][T13143] loop1: detected capacity change from 0 to 32768
[  280.353969][T13143] 
[  280.353969][T13143]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  280.353969][T13143] 
[  280.366355][   T33] audit: type=1800 audit(1755121632.980:161): pid=13143 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2976" name="file1" dev="loop1" ino=4 res=0 errno=0
[  280.388317][ T5852] 
[  280.388317][ T5852]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  280.388317][ T5852] 
[  280.399459][ T5852] 
[  280.399459][ T5852]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  280.399459][ T5852] 
[  280.786503][   T33] audit: type=1800 audit(1755121633.310:162): pid=13162 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2985" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  281.617865][T13176] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2990'.
[  281.766213][T13182] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  282.611293][T13206] loop1: detected capacity change from 0 to 512
[  282.620043][T13204] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3002'.
[  282.656209][T13206] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  282.663138][T13206] ext4 filesystem being mounted at /795/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  282.691577][T13206] Quota error (device loop1): do_check_range: Getting dqdh_next_free 4294967294 out of range 0-8
[  282.707431][T13206] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[  282.711798][T13206] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.3003: Failed to acquire dquot type 0
[  282.781987][ T5852] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  282.908909][T13219] loop1: detected capacity change from 0 to 2048
[  282.921688][T13219] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  283.005856][T13224] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3010'.
[  283.043576][T13224] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3010'.
[  283.503451][T13232] loop1: detected capacity change from 0 to 32768
[  283.522320][T13232] ocfs2: Slot 0 on device (7,1) was already allocated to this node!
[  283.534334][T13232] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  283.564375][T13232] (syz.1.3013,13232,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len % 4 != 0 - offset=312, inode=13845347915746889, rec_len=25793, name_len=214
[  283.604401][ T5852] ocfs2: Unmounting device (7,1) on (node local)
[  284.068700][T13270] loop1: detected capacity change from 0 to 256
[  284.098531][T13270] FAT-fs (loop1): bogus number of FAT sectors
[  284.100805][T13270] FAT-fs (loop1): Can't find a valid FAT filesystem
[  284.326242][T13279] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3035'.
[  284.623869][   T33] audit: type=1107 audit(1755121637.180:163): pid=13277 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg=''
[  285.856214][T13308] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3047'.
[  286.187408][   T10] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  286.355465][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  286.360086][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  286.364052][   T10] usb 2-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00
[  286.367880][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  286.374268][   T10] usb 2-1: config 0 descriptor??
[  286.795096][   T10] arvo 0003:1E7D:30D4.000D: bogus close delimiter
[  286.800317][   T10] arvo 0003:1E7D:30D4.000D: item 0 0 2 10 parsing failed
[  286.803895][   T10] arvo 0003:1E7D:30D4.000D: parse failed
[  286.806233][   T10] arvo 0003:1E7D:30D4.000D: probe with driver arvo failed with error -22
[  286.989870][   T24] usb 2-1: USB disconnect, device number 31
[  288.586869][T13408] loop1: detected capacity change from 0 to 16
[  288.608548][T13408] erofs (device loop1): mounted with root inode @ nid 36.
[  288.694681][T13412] syz.1.3095: attempt to access beyond end of device
[  288.694681][T13412] loop1: rw=524288, sector=128, nr_sectors = 8 limit=16
[  288.712921][T13412] syz.1.3095: attempt to access beyond end of device
[  288.712921][T13412] loop1: rw=524288, sector=0, nr_sectors = 1024 limit=16
[  288.742683][T13412] erofs (device loop1): read error -95 @ 1 of nid 89
[  288.770426][   T33] audit: type=1800 audit(1755121641.390:164): pid=13412 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3095" name="file2" dev="loop1" ino=89 res=0 errno=0
[  289.374851][T13436] netlink: 'syz.0.3109': attribute type 4 has an invalid length.
[  289.972112][T13456] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3119'.
[  291.870911][T13514] overlayfs: failed to clone upperpath
[  291.918025][T13516] sctp: [Deprecated]: syz.0.3147 (pid 13516) Use of struct sctp_assoc_value in delayed_ack socket option.
[  291.918025][T13516] Use struct sctp_sack_info instead
[  292.109527][T13512] loop1: detected capacity change from 0 to 32768
[  292.122443][T13512] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.3145 (13512)
[  292.153562][T13512] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  292.166617][T13512] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[  292.172890][T13512] BTRFS info (device loop1): using free-space-tree
[  292.349110][ T5852] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  292.698034][ T5886] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  292.847309][ T5886] usb 2-1: Using ep0 maxpacket: 32
[  292.851599][ T5886] usb 2-1: config 191 has 1 interface, different from the descriptor's value: 9
[  292.858654][ T5886] usb 2-1: New USB device found, idVendor=04e8, idProduct=6601, bcdDevice=81.9b
[  292.867260][ T5886] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  292.871040][ T5886] usb 2-1: Product: syz
[  292.872758][ T5886] usb 2-1: Manufacturer: syz
[  292.886575][ T5886] usb 2-1: SerialNumber: syz
[  292.900938][ T5886] usb 2-1: active config #191 != 1 ??
[  292.921618][T13558] netlink: 'syz.3.3160': attribute type 6 has an invalid length.
[  293.105826][ T5886] usb 2-1: USB disconnect, device number 32
[  293.123581][   T33] audit: type=1326 audit(1755121645.740:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13573 comm="syz.3.3168" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f934438ebe9 code=0x0
[  293.236143][T13580] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3171'.
[  294.547766][   T24] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  294.624560][T13628] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3193'.
[  294.701931][   T24] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  294.706233][   T24] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  294.712200][   T24] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  294.715794][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  294.721833][   T24] usb 2-1: SerialNumber: syz
[  294.939322][   T24] usb 2-1: 0:2 : does not exist
[  294.974414][   T24] usb 2-1: USB disconnect, device number 33
[  295.019755][ T5858] udevd[5858]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  295.516772][T13663] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  295.565521][T13665] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3210'.
[  295.571327][T13665] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3210'.
[  295.772480][T13671] loop1: detected capacity change from 0 to 4096
[  295.779610][T13671] ntfs3(loop1): It is recommened to use chkdsk.
[  295.783526][T13671] ntfs3(loop1): try to read out of volume at offset 0x3fffffc0c00
[  295.786962][T13671] ntfs3(loop1): try to read out of volume at offset 0x3fffffc0c00
[  295.791074][T13671] ntfs3(loop1): try to read out of volume at offset 0x3fffffc0c00
[  295.794775][T13671] ntfs3(loop1): try to read out of volume at offset 0x3fffffc0c00
[  295.799986][T13671] ntfs3(loop1): try to read out of volume at offset 0x3fffffc1c00
[  295.803202][T13671] ntfs3(loop1): try to read out of volume at offset 0x3fffffc2c00
[  295.806371][T13671] ntfs3(loop1): try to read out of volume at offset 0x3fffffc4c00
[  295.810236][T13671] ntfs3(loop1): try to read out of volume at offset 0x3fffffc8c00
[  295.813522][T13671] ntfs3(loop1): try to read out of volume at offset 0x3fffffd0c00
[  296.247569][ T5316] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  296.397268][ T5316] usb 2-1: Using ep0 maxpacket: 16
[  296.405731][ T5316] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  296.411106][ T5316] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  296.415320][ T5316] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  296.419718][ T5316] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  296.423625][ T5316] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  296.433178][ T5316] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  296.437853][ T5316] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  296.441009][ T5316] usb 2-1: Manufacturer: syz
[  296.447827][ T5316] usb 2-1: config 0 descriptor??
[  296.707207][ T5316] rc_core: IR keymap rc-hauppauge not found
[  296.713353][ T5316] Registered IR keymap rc-empty
[  296.716454][ T5316] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  296.737726][ T5316] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  296.761744][ T5316] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[  296.769576][ T5316] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input10
[  296.782915][ T5316] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  296.799213][ T5316] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  296.817822][ T5316] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  296.847972][ T5316] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  296.870504][ T5316] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  296.887441][ T5316] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  296.918737][ T5316] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  296.939359][ T5316] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  296.958083][ T5316] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  296.980419][ T5316] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  297.008147][ T5316] mceusb 2-1:0.0: Registered  with mce emulator interface version 1
[  297.011444][ T5316] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  297.116329][ T5316] usb 2-1: USB disconnect, device number 34
[  297.754258][T13731] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3239'.
[  297.762461][T13731] netlink: 88 bytes leftover after parsing attributes in process `syz.1.3239'.
[  298.132038][T13735] loop1: detected capacity change from 0 to 32768
[  298.613590][T13763] loop1: detected capacity change from 0 to 4096
[  298.623357][T13763] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[  298.637735][T13763] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps block group descriptors
[  298.658801][T13763] EXT4-fs error (device loop1): __ext4_fill_super:5500: inode #2: comm syz.1.3255: iget: special inode unallocated
[  298.667039][T13763] EXT4-fs (loop1): get root inode failed
[  298.676913][T13763] EXT4-fs (loop1): mount failed
[  299.077746][   T24] usb 2-1: new full-speed USB device number 35 using dummy_hcd
[  299.228725][   T24] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  299.231311][   T24] usb 2-1: config 0 has no interface number 0
[  299.233457][   T24] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  299.236635][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  299.251471][   T24] usb 2-1: config 0 descriptor??
[  299.266977][   T24] usb 2-1: selecting invalid altsetting 1
[  299.274923][   T24] dvb_ttusb_budget: ttusb_init_controller: error
[  299.278705][   T24] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  299.323451][   T24] DVB: Unable to find symbol cx22700_attach()
[  299.346478][   T24] DVB: Unable to find symbol tda10046_attach()
[  299.348804][   T24] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  299.460540][ T5316] usb 2-1: USB disconnect, device number 35
[  299.565455][T13780] netlink: 'syz.0.3262': attribute type 3 has an invalid length.
[  299.568824][T13780] netlink: 188 bytes leftover after parsing attributes in process `syz.0.3262'.
[  299.710900][T13788] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3266'.
[  299.754299][T13790] team_slave_0: left promiscuous mode
[  299.757231][T13790] team_slave_1: left promiscuous mode
[  300.310444][T13817] QAT: Device 7 not found
[  300.466720][T13826] loop1: detected capacity change from 0 to 512
[  300.716920][T13832] loop1: detected capacity change from 0 to 32768
[  300.850207][T13832] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names
[  300.850263][T13832]   allowing incompatible features above 0.0: (unknown version)
[  300.850272][T13832]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  300.866656][T13832] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0
[  300.870349][T13832] bcachefs (loop1): initializing new filesystem
[  300.883381][T13832] bcachefs (loop1): going read-write
[  300.897040][T13832] bcachefs (loop1): marking superblocks
[  300.906915][T13832] bcachefs (loop1): initializing freespace
[  300.915417][T13832] bcachefs (loop1): done initializing freespace
[  300.920479][T13832] bcachefs (loop1): reading snapshots table
[  300.922953][T13832] bcachefs (loop1): reading snapshots done
[  300.962992][T13832] bcachefs (loop1): done starting filesystem
[  300.983158][   T33] audit: type=1800 audit(1755121653.600:166): pid=13832 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.3287" name="file1" dev="loop1" ino=4098 res=0 errno=0
[  301.029479][T13861] netlink: 165 bytes leftover after parsing attributes in process `syz.3.3296'.
[  301.052707][   T33] audit: type=1800 audit(1755121653.670:167): pid=13862 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.3287" name="file1" dev="loop1" ino=4098 res=0 errno=0
[  301.301786][   T33] audit: type=1326 audit(1755121653.890:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13857 comm="syz.0.3295" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff93a18ebe9 code=0x7ffe0000
[  301.424365][T13832] syz.1.3287 (13832) used greatest stack depth: 15976 bytes left
[  301.461817][ T5852] bcachefs (loop1): shutting down
[  301.463569][ T5852] bcachefs (loop1): going read-only
[  301.465482][ T5852] bcachefs (loop1): finished waiting for writes to stop
[  301.476082][ T5852] bcachefs (loop1): flushing journal and stopping allocators, journal seq 84
[  301.530852][ T5852] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 85
[  301.535398][ T5852] bcachefs (loop1): clean shutdown complete, journal seq 86
[  301.555517][ T5852] bcachefs (loop1): marking filesystem clean
[  301.611668][ T5852] bcachefs (loop1): shutdown complete
[  301.636607][   T56] ==================================================================
[  301.639294][   T56] BUG: KASAN: slab-use-after-free in bch2_get_next_dev+0x371/0x4c0
[  301.642353][   T56] Write of size 8 at addr ffff8881070c4040 by task kworker/u13:0/56
[  301.646319][   T56] 
[  301.647311][   T56] CPU: 0 UID: 0 PID: 56 Comm: kworker/u13:0 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  301.647323][   T56] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  301.647331][   T56] Workqueue: bcachefs_journal journal_write_done
[  301.647350][   T56] Call Trace:
[  301.647355][   T56]  <TASK>
[  301.647360][   T56]  dump_stack_lvl+0x189/0x250
[  301.647372][   T56]  ? __kasan_check_byte+0x12/0x40
[  301.647385][   T56]  ? __pfx_dump_stack_lvl+0x10/0x10
[  301.647394][   T56]  ? lock_release+0x4b/0x3e0
[  301.647408][   T56]  ? __virt_addr_valid+0x4a5/0x5c0
[  301.647420][   T56]  print_report+0xca/0x240
[  301.647428][   T56]  ? bch2_get_next_dev+0x371/0x4c0
[  301.647438][   T56]  kasan_report+0x118/0x150
[  301.647449][   T56]  ? bch2_get_next_dev+0x371/0x4c0
[  301.647460][   T56]  kasan_check_range+0x2b0/0x2c0
[  301.647471][   T56]  bch2_get_next_dev+0x371/0x4c0
[  301.647480][   T56]  ? bch2_get_next_dev+0x27/0x4c0
[  301.647489][   T56]  bch2_do_discards+0x20/0x160
[  301.647498][   T56]  journal_write_done+0x119a/0x13d0
[  301.647513][   T56]  ? __pfx_journal_write_done+0x10/0x10
[  301.647525][   T56]  ? process_scheduled_works+0x9ef/0x17b0
[  301.647534][   T56]  ? _raw_spin_unlock_irq+0x23/0x50
[  301.647544][   T56]  ? process_scheduled_works+0x9ef/0x17b0
[  301.647551][   T56]  ? process_scheduled_works+0x9ef/0x17b0
[  301.647558][   T56]  process_scheduled_works+0xae1/0x17b0
[  301.647571][   T56]  ? __pfx_process_scheduled_works+0x10/0x10
[  301.647587][   T56]  worker_thread+0x8a0/0xda0
[  301.647600][   T56]  kthread+0x711/0x8a0
[  301.647611][   T56]  ? __pfx_worker_thread+0x10/0x10
[  301.647618][   T56]  ? __pfx_kthread+0x10/0x10
[  301.647627][   T56]  ? _raw_spin_unlock_irq+0x23/0x50
[  301.647634][   T56]  ? lockdep_hardirqs_on+0x9c/0x150
[  301.647644][   T56]  ? __pfx_kthread+0x10/0x10
[  301.647653][   T56]  ret_from_fork+0x3fc/0x770
[  301.647661][   T56]  ? __pfx_ret_from_fork+0x10/0x10
[  301.647670][   T56]  ? __switch_to_asm+0x39/0x70
[  301.647679][   T56]  ? __switch_to_asm+0x33/0x70
[  301.647688][   T56]  ? __pfx_kthread+0x10/0x10
[  301.647696][   T56]  ret_from_fork_asm+0x1a/0x30
[  301.647709][   T56]  </TASK>
[  301.647712][   T56] 
[  301.713327][   T56] Allocated by task 13832:
[  301.714727][   T56]  kasan_save_track+0x3e/0x80
[  301.716228][   T56]  __kasan_kmalloc+0x93/0xb0
[  301.717666][   T56]  __kmalloc_cache_noprof+0x230/0x3d0
[  301.719345][   T56]  __bch2_dev_alloc+0xa7/0xc30
[  301.720826][   T56]  bch2_dev_alloc+0xcd/0x180
[  301.722277][   T56]  bch2_fs_open+0x2472/0x2600
[  301.723727][   T56]  bch2_fs_get_tree+0x44f/0x1520
[  301.725261][   T56]  vfs_get_tree+0x92/0x2b0
[  301.726643][   T56]  do_new_mount+0x2a2/0x9e0
[  301.728056][   T56]  __se_sys_mount+0x317/0x410
[  301.729470][   T56]  do_syscall_64+0xfa/0x3b0
[  301.731004][   T56]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  301.732773][   T56] 
[  301.733504][   T56] Freed by task 5852:
[  301.734683][   T56]  kasan_save_track+0x3e/0x80
[  301.736090][   T56]  kasan_save_free_info+0x46/0x50
[  301.737622][   T56]  __kasan_slab_free+0x5b/0x80
[  301.739056][   T56]  kfree+0x18e/0x440
[  301.740267][   T56]  kobject_put+0x22b/0x480
[  301.741629][   T56]  bch2_fs_free+0x440/0x5a0
[  301.743043][   T56]  deactivate_locked_super+0xbc/0x130
[  301.744730][   T56]  cleanup_mnt+0x425/0x4c0
[  301.746419][   T56]  task_work_run+0x1d4/0x260
[  301.747986][   T56]  exit_to_user_mode_loop+0xec/0x110
[  301.749626][   T56]  do_syscall_64+0x2bd/0x3b0
[  301.751068][   T56]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  301.752884][   T56] 
[  301.753633][   T56] Last potentially related work creation:
[  301.755374][   T56]  kasan_save_stack+0x3e/0x60
[  301.756797][   T56]  kasan_record_aux_stack+0xbd/0xd0
[  301.758443][   T56]  insert_work+0x3d/0x330
[  301.759803][   T56]  __queue_work+0xcd2/0xfb0
[  301.761224][   T56]  queue_work_on+0x181/0x270
[  301.762653][   T56]  bch2_do_discards+0xd0/0x160
[  301.764143][   T56]  journal_write_done+0x119a/0x13d0
[  301.765719][   T56]  process_scheduled_works+0xae1/0x17b0
[  301.767449][   T56]  worker_thread+0x8a0/0xda0
[  301.768864][   T56]  kthread+0x711/0x8a0
[  301.770099][   T56]  ret_from_fork+0x3fc/0x770
[  301.771528][   T56]  ret_from_fork_asm+0x1a/0x30
[  301.772965][   T56] 
[  301.773697][   T56] Second to last potentially related work creation:
[  301.775716][   T56]  kasan_save_stack+0x3e/0x60
[  301.777149][   T56]  kasan_record_aux_stack+0xbd/0xd0
[  301.778687][   T56]  insert_work+0x3d/0x330
[  301.779997][   T56]  __queue_work+0xcd2/0xfb0
[  301.781456][   T56]  queue_work_on+0x181/0x270
[  301.782849][   T56]  bch2_do_discards+0xd0/0x160
[  301.784265][   T56]  journal_write_done+0x119a/0x13d0
[  301.785814][   T56]  process_scheduled_works+0xae1/0x17b0
[  301.787458][   T56]  worker_thread+0x8a0/0xda0
[  301.788836][   T56]  kthread+0x711/0x8a0
[  301.790070][   T56]  ret_from_fork+0x3fc/0x770
[  301.791494][   T56]  ret_from_fork_asm+0x1a/0x30
[  301.792934][   T56] 
[  301.793662][   T56] The buggy address belongs to the object at ffff8881070c4000
[  301.793662][   T56]  which belongs to the cache kmalloc-4k of size 4096
[  301.797740][   T56] The buggy address is located 64 bytes inside of
[  301.797740][   T56]  freed 4096-byte region [ffff8881070c4000, ffff8881070c5000)
[  301.801818][   T56] 
[  301.802543][   T56] The buggy address belongs to the physical page:
[  301.804425][   T56] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1070c0
[  301.807095][   T56] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  301.809579][   T56] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff)
[  301.811914][   T56] page_type: f5(slab)
[  301.813328][   T56] raw: 057ff00000000040 ffff88801a442140 ffffea00042cea00 dead000000000002
[  301.816519][   T56] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  301.819144][   T56] head: 057ff00000000040 ffff88801a442140 ffffea00042cea00 dead000000000002
[  301.821943][   T56] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  301.824492][   T56] head: 057ff00000000003 ffffea00041c3001 00000000ffffffff 00000000ffffffff
[  301.827137][   T56] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  301.829763][   T56] page dumped because: kasan: bad access detected
[  301.831685][   T56] page_owner tracks the page as allocated
[  301.833753][   T56] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1089, tgid 1089 (kworker/u10:5), ts 294068304764, free_ts 274610878175
[  301.839988][   T56]  post_alloc_hook+0x240/0x2a0
[  301.841533][   T56]  get_page_from_freelist+0x21e4/0x22c0
[  301.843243][   T56]  __alloc_frozen_pages_noprof+0x181/0x370
[  301.844970][   T56]  alloc_pages_mpol+0x232/0x4a0
[  301.846483][   T56]  allocate_slab+0x8a/0x370
[  301.847871][   T56]  ___slab_alloc+0xbeb/0x1410
[  301.849329][   T56]  __kmalloc_node_track_caller_noprof+0x2f8/0x4e0
[  301.851595][   T56]  kmalloc_reserve+0x136/0x290
[  301.853293][   T56]  __alloc_skb+0x142/0x2d0
[  301.854664][   T56]  nsim_dev_trap_report_work+0x29a/0xb80
[  301.856409][   T56]  process_scheduled_works+0xae1/0x17b0
[  301.858104][   T56]  worker_thread+0x8a0/0xda0
[  301.859563][   T56]  kthread+0x711/0x8a0
[  301.860823][   T56]  ret_from_fork+0x3fc/0x770
[  301.862260][   T56]  ret_from_fork_asm+0x1a/0x30
[  301.863714][   T56] page last free pid 5828 tgid 5828 stack trace:
[  301.865691][   T56]  __free_frozen_pages+0xbc4/0xd30
[  301.867544][   T56]  __put_partials+0x156/0x1a0
[  301.868979][   T56]  put_cpu_partial+0x17c/0x250
[  301.870547][   T56]  __slab_free+0x2d5/0x3c0
[  301.871934][   T56]  qlist_free_all+0x97/0x140
[  301.873368][   T56]  kasan_quarantine_reduce+0x148/0x160
[  301.875051][   T56]  __kasan_slab_alloc+0x22/0x80
[  301.876540][   T56]  kmem_cache_alloc_node_noprof+0x1bb/0x3c0
[  301.878322][   T56]  __alloc_skb+0x112/0x2d0
[  301.879686][   T56]  tcp_stream_alloc_skb+0x3d/0x340
[  301.881221][   T56]  tcp_sendmsg_locked+0xf38/0x5620
[  301.882793][   T56]  tcp_sendmsg+0x2f/0x50
[  301.884140][   T56]  __sock_sendmsg+0x19c/0x270
[  301.885542][   T56]  sock_write_iter+0x258/0x330
[  301.887276][   T56]  vfs_write+0x54b/0xa90
[  301.888646][   T56]  ksys_write+0x145/0x250
[  301.890027][   T56] 
[  301.890778][   T56] Memory state around the buggy address:
[  301.892471][   T56]  ffff8881070c3f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  301.894842][   T56]  ffff8881070c3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  301.897261][   T56] >ffff8881070c4000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  301.899863][   T56]                                            ^
[  301.901813][   T56]  ffff8881070c4080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  301.904377][   T56]  ffff8881070c4100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  301.906815][   T56] ==================================================================
[  301.918761][   T56] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  301.921056][   T56] CPU: 0 UID: 0 PID: 56 Comm: kworker/u13:0 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  301.924665][   T56] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  301.927726][   T56] Workqueue: bcachefs_journal journal_write_done
[  301.929683][   T56] Call Trace:
[  301.930730][   T56]  <TASK>
[  301.931621][   T56]  dump_stack_lvl+0x99/0x250
[  301.932997][   T56]  ? __asan_memcpy+0x40/0x70
[  301.934395][   T56]  ? __pfx_dump_stack_lvl+0x10/0x10
[  301.935989][   T56]  ? __pfx__printk+0x10/0x10
[  301.937412][   T56]  vpanic+0x281/0x750
[  301.938581][   T56]  ? preempt_schedule+0xae/0xc0
[  301.940093][   T56]  ? __pfx_vpanic+0x10/0x10
[  301.941517][   T56]  ? preempt_schedule_common+0x83/0xd0
[  301.943205][   T56]  ? preempt_schedule+0xae/0xc0
[  301.944677][   T56]  ? __pfx_preempt_schedule+0x10/0x10
[  301.946388][   T56]  panic+0xb9/0xc0
[  301.947549][   T56]  ? __pfx_panic+0x10/0x10
[  301.948935][   T56]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  301.950840][   T56]  ? bch2_get_next_dev+0x371/0x4c0
[  301.952436][   T56]  check_panic_on_warn+0x89/0xb0
[  301.953963][   T56]  ? bch2_get_next_dev+0x371/0x4c0
[  301.955537][   T56]  end_report+0x78/0x160
[  301.956854][   T56]  kasan_report+0x129/0x150
[  301.958269][   T56]  ? bch2_get_next_dev+0x371/0x4c0
[  301.959844][   T56]  kasan_check_range+0x2b0/0x2c0
[  301.961398][   T56]  bch2_get_next_dev+0x371/0x4c0
[  301.962962][   T56]  ? bch2_get_next_dev+0x27/0x4c0
[  301.964520][   T56]  bch2_do_discards+0x20/0x160
[  301.966052][   T56]  journal_write_done+0x119a/0x13d0
[  301.967677][   T56]  ? __pfx_journal_write_done+0x10/0x10
[  301.969399][   T56]  ? process_scheduled_works+0x9ef/0x17b0
[  301.971179][   T56]  ? _raw_spin_unlock_irq+0x23/0x50
[  301.972784][   T56]  ? process_scheduled_works+0x9ef/0x17b0
[  301.974527][   T56]  ? process_scheduled_works+0x9ef/0x17b0
[  301.976273][   T56]  process_scheduled_works+0xae1/0x17b0
[  301.977977][   T56]  ? __pfx_process_scheduled_works+0x10/0x10
[  301.979994][   T56]  worker_thread+0x8a0/0xda0
[  301.981830][   T56]  kthread+0x711/0x8a0
[  301.983053][   T56]  ? __pfx_worker_thread+0x10/0x10
[  301.984639][   T56]  ? __pfx_kthread+0x10/0x10
[  301.986092][   T56]  ? _raw_spin_unlock_irq+0x23/0x50
[  301.987731][   T56]  ? lockdep_hardirqs_on+0x9c/0x150
[  301.989368][   T56]  ? __pfx_kthread+0x10/0x10
[  301.990871][   T56]  ret_from_fork+0x3fc/0x770
[  301.992325][   T56]  ? __pfx_ret_from_fork+0x10/0x10
[  301.993960][   T56]  ? __switch_to_asm+0x39/0x70
[  301.995601][   T56]  ? __switch_to_asm+0x33/0x70
[  301.997095][   T56]  ? __pfx_kthread+0x10/0x10
[  301.998576][   T56]  ret_from_fork_asm+0x1a/0x30
[  302.000064][   T56]  </TASK>
[  302.001719][   T56] Kernel Offset: disabled
[  302.003041][   T56] Rebooting in 86400 seconds..

VM DIAGNOSIS:
21:43:18  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000074 RBX=0000000000000074 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc900007ef0d0
R8 =ffff888108ab8237 R9 =1ffff11021157046 R10=dffffc0000000000 R11=ffffffff854e75e0
R12=dffffc0000000000 R13=ffffffff99af2904 R14=ffffffff99de74e0 R15=0000000000000000
RIP=ffffffff854e765c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b8623000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b2f820ff8 CR3=000000004172c000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffff81748653 ffffffff81748632
XMM02=307a797300010009 ffffffff81748632 XMM03=0000002c03000000 4002000800000000
XMM04=0100110000001400 000000327a797300 XMM05=0300090000000030 7a79730001000900
XMM06=00000200000000ff e6000003010a0300 XMM07=00002c0300000040 0200080000000030
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007f9344412fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=1ffff9200003c09f RBX=0000000000000000 RCX=32a9256a63beaf00 RDX=0000000000000000
RSI=ffffffff8be325e0 RDI=ffffffff8be325a0 RBP=dffffc0000000000 RSP=ffffc900001e03d8
R8 =0000000000000000 R9 =ffffffff8172c195 R10=ffffc900001e04f8 R11=ffffffff81ac3890
R12=1ffff9200003c095 R13=ffffc900001e04f8 R14=ffffc900001e04a8 R15=ffffffff8172c195
RIP=ffffffff8172c24d RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007ff9383d56c0 ffffffff 00c00000
GS =0000 ffff8881a3c23000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f855fe4a440 CR3=000000004016a000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f18f6f87498 00007f18f6f87470 XMM03=00007f18f6f874a8 00007f18f6f874a0
XMM04=00007f18f7aed100 00007f18f6f87460 XMM05=00007f18f6f87478 00007f18f6f874c0
XMM06=00007f18f6f874b8 00007f18f6f874b0 XMM07=00007f18f6f874a8 00007f18f6f874a0
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 00007f18f6e12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
