last executing test programs:

1.481506811s ago: executing program 2 (id=1066):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0xc0c4}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_INNER_FLAGS={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x74}}, 0x0)

1.421274648s ago: executing program 2 (id=1067):
bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
r5 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r5, &(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10)
r6 = socket$tipc(0x1e, 0x2, 0x0)
socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x1}, 0x10)
sendmsg$tipc(r6, &(0x7f0000000540)={&(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x4}}, 0x10, 0x0}, 0x10)

1.360315704s ago: executing program 0 (id=1069):
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00')
pread64(r0, &(0x7f0000001240)=""/102400, 0x19000, 0x1000000300)

1.161264197s ago: executing program 0 (id=1071):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000710439000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)

1.101000496s ago: executing program 0 (id=1072):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge_slave_0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=@bridge_newvlan={0x28, 0x70, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r2}, [@BRIDGE_VLANDB_ENTRY={0x10, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_TUNNEL_INFO={0x4, 0x4, 0x0, 0x1, @BRIDGE_VLANDB_TINFO_ID={0x8, 0x1, 0x34000}}}]}, 0x28}}, 0x0)

1.01705831s ago: executing program 0 (id=1074):
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000440)={0x53, 0x0, 0x0, 0x0, @scatter={0x0, 0xf6ff, 0x0}, 0x0, 0x0, 0x10, 0x3d, 0x0, 0x0})

961.401327ms ago: executing program 0 (id=1076):
syz_mount_image$jfs(&(0x7f0000000000), &(0x7f0000000080)='./file1\x00', 0x4000, &(0x7f0000000040)=ANY=[], 0xff, 0x60c0, &(0x7f000000d800)="$eJzs3U1vHVf9B/DfffC147RpVP1V5R+xcFMeWkrznEB5asqCBSxAQl2TyHWrlBRQEhCtIuLKC8QGeAmw6YZFJV4BL6CvASGxJVLSVReUQWOf44xvrn3tJp659vl8pJuZ35w7vmfyveOZ65m5EwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA/OD7PznXi4irv04Tjkc8FYOIfsSRul6KeuRKfv4wIk7EenM8FxGD+Yh6/vV/nom4GBEfH4u4/+DOcj35/C77cens7Zuf/fB7//jdH9dOvPPmTz8cb//x/1346Pd3I47/6NWPPrv7ZJYdAAAASlFVVdVLH/NPps/3/a47BQC0Im//qyRPV6vVavUTrf/Q38vznzradX/Vh7Ruqia72ywiYrU5T73P4HA8ABwwq/Fp112gQ/Iv2jAijnbdCWCm9bruAPvi/oM7y72Ub6+5PVjaaM9/p9yS/2pv8/qO7YbTjJ9j0tb7ay0G8ew2/TnSUh9mSc6/P57/1Y32UXrefufflu3yH21c+lScnP9gPP8xW/L/U0Qc2Pz7E/MvVc5/uJf8VwcHeP2XPwAAAAAAh1/++//xjo//zj/+ouzKTsd/l1rqAwAAAAAAAAA8aY97/79N7v8HAAAAM6v+rF7787GH07b7LrZ6+hu9iKfHng8UZqnx5YAAAAAAAAAAAAAAQDuGEYvpvP65iHh6cbGqqvrRNF7v1ePOf9CVvvxQsq5/yQMAwIaPj41dy9+LWIiIN9J3/c0tLi5W1VxELFZH5vP+7Gh+oTrS+Fybh/W0+dEudoiHo6r+YQuN+ZqmfV6e1j7+8+rXGlWDXXSsHR0GDgARsbE1um+LdMhU1TPR9V4OB4P1//Cx/rMbXb9PAQAAgP1XVVXVS1/nfTId8+933SkAoBV5+z9+XECtVquLqT/ZmDgz/VGr97Fuqia72ywiYrU5T73P4Hb8AHDArManXXeBDsm/aMOIONF1J4CZ1uu6A+yL+w/uLPdSvr3m9mBpoz2fC7Il/9Xe+nx5/knDacbPMWnr/bUWg3h2m/4811IfZknOvz+e/9WN9nyL/818FvYn/7Zsl3+9nMc76E/Xcv6D8fzH7Pf635a16E/Mv1Q5/+Ge8h/IHwAAAAAAZlj++/9xx3/zIgMAAAAAAADAgXP/wZ3lfN1rPv7/hQnP6zXHXP95aOT8e7vO3/W/h0nOvz+e/9gJOYPG+L3XH+b/yYM7yx/e/vf/5+HM5z83GNWvPdfrD4bpnJ9q7q24HjdiJc4+8vzhlvZzj7TPbWk/P6X9wiPto7r9SG4/Hcvxi7gRb262z085MWphSns1pT3nP7D+FynnP2w86vwXU3tvbFi790H/kfW+OZz0Olf++p8vP7p2tWG4pVqLweayNRyr/znVWp8eWv8/OTqKX91auXn6N9du3755LtJgy9TzkQZPWM5/Lj1y/i++sNGef+8319d7H4z2nP+sWIvhpPzX398vNMbr5X2p5b51Iec/So+cf94CTV7/D3L+E9f/9eV7uYP+AAAAAAAAAAAAAAAAwE6qqlq/RPRKRFxO1/90dW0mANCuvP2vkjxdre6g/tffZqs/arVavbXuzVh/PkfdVE32WrOIiL8356n3GX476YcBALPsvxHxz647QWfkX7D8fX/18ItddwZo1a333v/ZtRs3Vm7e6ronAAAAAAAAAMDnle//udS4//P6eUBj943ecv/X12PpwN7/sz8arN/rPC3Q87Hz/b9Pxc73/x5Oeb25Ke2jKe3zU9oXprRPvNCjIef/fMo4538yLVhJ9399sYP+dC3nfyrd6znn/5Wx5zXzr/5ykPPvb8n/zO13f3nm1nvvv3L93Wtvr7y98vNzZy9fvHDp4oVLl868df3GytmNfzvs8f7K+ed7XzsPtCw5/5y5/MuS8/9SquVflpT/5m6o/MuS1/+8vyf/suT882cf+Zcl5/9SquVflpz/V1Mt/7Lk/F9OtfzLkvP/WqrlX5ac/yupln9Zcv6nUy3/suT8z6Ra/mXJ+ecjXPIvS84/n9kg/7Lk/M+nWv5lyflfSLX8y5Lzv5hq+Zcl538p1fIvS87/cqrlX5ac/9dTLf+y5Py/kWr5lyXn/2qq5V+WnP83Uy3/suT8v5Vq+Zcl5//tVO+U/zst9ot25Py/k2rrf1ly/t9NtfzLkvN/LdXyL8vD7/83sueRxdnoRpsjVRUxA90wsu8jXf9mAgAAAAAAAAAAAADGtXE6cdfLCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwP/YgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRX27jVGrrO+H/izV6+TQPwnIYQQiO1cMGST3fUtMcFgrv809JIGQksLdYy9dgy+1buGBKFmaWgLAqmR2hf0RSkgQEhtlahCKpUoilSk9k1VXhVFlVArIdWVoDIRVKICtjpznufZmdnZmV3vrj1zzueD4p+9M2fmmTNnZve76DsHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABotuNts380FEIo/mv8sS2E64q/bw2Hin8u7L/aKwQAAADW6+eNP//q+vyFQ6vYqOk6//iaf/n64uLiYvjgixd/8SeLi/mC7SGMbAmhcVnyTz/9yWLzdaKnw8TQcNO/h3vc/UiPy0d7XD7W4/LxHpdv6XH5RI/Ll+2AZbaWv49p3Ngdjb9uK3dpuDGMNS67o8NWTw9tGR5Ov8tpGGpsszh2PJwMp8JsmF62zVDjfyF8c0dxXw+GdF/DTfd1awjh0o8+fjStYSju4ztCy501ND93P3xL2P7ijz5+9KvzP3hlp9lzNyxbaQi7dhbr/GQIS7+uCkNhS94naZ3DTeu8tcM6R1rWOdTYrvh7+zovrXKd6XFPxHV+p8s6b41fe+L2EMJCWPE67Z4Ow+GatnvN+3uiPCKK2yieypeF0TUdJztWcZwU23z/9tbjpP2YTPt/R9wnoyusofnp+OEnxpft98s9TopH3Q/HanHbDxd3OjHR/KvVlmO1uM7H71z5GOj43HU4BvKx3HQM7Ox1DAyPjzSOgeGlNe9sOQZmlm0zHIYa93Xxzu7HwNT86XNTc09+7J6Tp4+cmD0xe2Zmev/ePfv27tm3b+r4yVOz0+Wfa9ulA+SaMJyPwZ3xvSYdg69tu27zIbn4xY17HUz0yeugeOzvuatY0HXDYYVjvLjOJ3et/3WQv+83vQ5Gm14HHd9TO7wORlfxOiiuc2nX6r5njjb912kNm/VeuK3pGLia3w+L+3z/61Z+L7w1rutTr1/r98ORZcdAelhD8bVXfCX/vDdxf9wvy4+LW4oLrh0PF+Zmz9/7xJH5+fMzIY4r4oam56r9eLmm6TGFZcfL8JqPl0N/+bO7bunw9W1xX03cvfRcjXd4Horr7J3s/lw13t0778+Wr+4OcWywK70/O303K/ZnzhJdjv3iOp+8Z/0/C+Zc0vT+N9br/W9kbLR8/xvJe2Os5f1v+VMz0lhZCJfuWd3731j870q//93YJ+9/xb56/73dj4HiOp+aWusxMNr1/e/2OIfiel4XE8NEU+7/RePyhfIwbXouex43o6Nj8bgZTffYetzsWbZNcWvFfe+avrzjZtftrc9Vy88tFTxuin31p9Pdj5viOs/PrP+9Y2v6a9N7x3ivY2BsZLxY71g+CMr3u8Wt6Ri4NxwNZ8OpcCxvUzzLxX1N7l7dMTAe/7vS7x0398kxUOyrz+3ufgwU1/n2no392WlX/Eq+TtPPTu2/X1gp898yunR77bttozN/sc637+3+u6HiOj/Yu9ac0X0/3R2/cm2H/dT++lnpmD4Wrsx+ujmu89S+7r+bKq5z4/5VHk+HQggvzLzQ+H1X/P3u31z416+3/N630++UX5h54aGpR767lvUDAHD5ftH4c2G8/Fmz6f+xXs3//w8AAAAMhJT7h+PM5H8AAACojJT7R+LM5H8AAACojJT7R+PMapL/H7//wLM/fyrkTwNcjNLlaTc8/KbyeqnjvRD/vX1xSfH1t3557NlPP7W6+x4OIfzsoVd1vP7jb0rrKp1L63xD69eXufm2Vd3/Y48uXa/58xMuHShvPz2e1R4Gqav8zandjdvd/uRMYz7/UGjMRxY+9XR5++W/0/Uv7imv/+fxQ0sOHR9q2X5XXM8dcW6Pnynz8KGl/VDMtN2zt77mH25479L9pe2Gdr608TA/93vl7abPiHrmhvL66XGvtP6//8zXni2u/8Sdndf/1HDn9V+Mt/v9OH96sLx+8z7/dNP6/yCuP91f2u7eL32r4/qfe0V5/eficfGFONvX/5Y/fvXPOz1f6X4OPVBul+5/+n/2NrZLt5duv339E0/NtOyP9tt//sXydg5+5McjzddPX0/3kzz2QOvxPRSf35YeeQjha38YWvZzeGO53d+1rT/d3rkHOq//7rZ1nhu6rbH90uPZ1vK4Pv+V3R0fb1rPob/e1vJ4nnlH3H8vTn27uN2Lj8TjMV7+v98pb6/9s0yfe0fr+026/he2la/bdHtTbet/pm39C7cV+673+h98sVz/c2/e0rL+Q++Mx9OD5ey1/hN/cX3L9l/8avl8nP/o5JmzcxdOHosPZlvb63jLxNZrrr3uJS+9Pr6Xtv/78Nn5x2fPb5/ePh3C9gH8yMDNXv+X4vzvcixs/D2Uvvvj8rj77LvK71uv/Un572fi1x+Lz2f6/vj5PxtrOV7bn/eFN5dzvet/fVzHar3iM/9xW4cv/+eyz/y9+IFvXvjb3/9B+88F6fGce/lE4/F9bsdNjcuGni8vb3+/6uXfX976uv7e6HRjfiPu18X4ycw7byrvr/3202eTfPbd5es3/SSXtg9tnyeybaT1cax3/d+LP8d86+bW9790fHzjqbZPc94WhoolLMT3h7BQXp6ulfb3Zy/d1PH+0ufwhIVXrmWZK5p7cm7q1MkzF56Ymp+dm5+ae/Jjh0+fvXBm/nDjs0sPf6jX9kuv72sar+9js/v3hsar/Ww5NtnVXv+5R48eu2/6rmOzx49cOD7/6LnZ8yeOzs0dnT02d9eR48dnP9pr+5PHDs7sPrDnvt2TJ04eO3j/gQN7DkyePHO2WEa5qB72T3948sz5w41N5g7uPTCzb9/e6cnTZ4/NHrxvenryQq/tG9+bJoutPzJ5fvbUkfmTp2cn505+bPbgzIH9+3f3/PTH0+eOz22fOn/hzNSFudnzU+Vj2T7f+HLxva/X9tTD3Nn4ftdmKP50/r679+fPxy18+RMr3lR5ldYfT8MP42dBpe9vvf6dcv9YnFlN8j8AAADUQcr98YP/ly6Q/wEAAKAyUu7fEmcm/wMAAEBlpNw/EWdWk/yv/6//r/+v/6//fwX7/0H/f6Pp/29I/385/f9V0f/X/9f/1/+nu37r/6fcvzWEWuZ/AAAAqIOU+6+JM5P/AQAAoDJS7r82zkz+BwAAgMpIuf+6OLN65P+x9r/q/+v/6/839//TdfX/g/6//v9l0v/X/+9G/1//f5DX34f9/636//Sbfuv/p9z/kjizeuR/AAAAqIWU+18aZyb/AwAAQGWk3H99nJn8DwAAAJWRcv+2OLOa5P8NPP//Z+JF+v/6/4Pe/z+djmPn/9f/1/9fP/1//f9u9P/1/wd5/X3Y/3f+f/pOv/X/U+7/f3FmNcn/AAAAUAcp978szkz+BwAAgMpIuf+GODP5HwAAACoj5f4b48xqkv83sP/v/P/6/1Xp/zed/1//v5n+v/7/5dD/1//vRv9f/3/j1z8Uf0zQ/++1vf4/V0K/9f9T7n95nFlN8j8AAADUQcr9N8WZyf8AAABQGSn3vyLOTP4HAACAyki5/+Y4s5rkf/1//X/9f/1//X/9/82k/6//343+v/7/IK9f/1//n976rf+fcv8r48xqkv8BAACgDlLuvyXOTP4HAACAyki5/1VxZvI/AAAAVEbK/bfGmdUk/+v/91X//8mg/7+8/z+s/6//X1pr/79hoff69f8312D1/4dXvET/v6T/30r/X/9f/1//n+76rf+fcv+r48xqkv8BAACgDlLuf02cmfwPAAAAlZFy/21xZvI/AAAAVEbK/dvjzGqS//X/+6r/7/z/zv+v/+/8/0v9//kh/f9VcP5//f+g/3/ZrnZ/ftDXr/+v/09v/db/T7l/R5xZTfI/AAAA1EHK/TvjzOR/AAAAqIyU+2+PM5P/AQAAoDJS7r8jzqwm+V///zL7/1tb/6n/33n9+v/6//r/zv+v/6//343+v/7/IK9f/391/f/xXjdEpfVb/z/l/jvjzGqS/wEAAKAOUu6/K85M/gcAAIDKSLn/tXFm8j8AAABURsr9u+LMapL/9f+d/1//X/9f/1//fzPp/6+6/7/1cta1Kf3/9Car/9+T/r/+/6D0/yc6bO/8/1wJ/db/T7n/dXFmNcn/AAAAUAcp978+zkz+BwAAgMpIuf/uODP5HwAAACoj5f7JOLOa5H/9f/1//X/9f/1//f/NVNX+f34fdf5//X/9f/3/Te7/f2WF7Qfl/P/UW7/1/1PuvyfOrCb5HwAAAOog5f5748zkfwAAAKiMlPun4szkfwAAAKiMlPun48xqkv+r3/9vbxaX9P9L+v/6/0H/X/9/k1W1/99+/v8Qgv6//n+m/6//32/n/+9E/58rYf39//G8SePPdfb/U+6fiTOrSf4HAACAOki5f3ecmfwPAAAAlZFy/544M/kfAAAAKiPl/r1xZjXJ/9Xv/3em/1/S/9f/D/r/+v+brC79f+f/Ly/X/y/p/+v/6//r/9fRcIevrb//v7RJ48919v9T7t8XZ1aT/A8AAAB1kHL//jgz+R8AAAAqI+X+++LM5H8AAACojJT7748zq0n+1//X/9f/1//v3/5/6/1vXv//v/T/N5H+v/5/N/r/+v+DvH79f/1/etvY/v/16+7/p9x/IM6sJvkfAAAA6iDl/jfEmcn/AAAAUBkp9z8QZyb/AwAAwEDpdB7CJOX+N8aZ1ST/6/9Xvf+/uEX/X/9/cPv/rfvT+f/1/zuJb5/6/6tUr/7/1mX3p//f6mr35wd9/fr/+v/0trH9/2U/nq65/59y/8E4s5rkfwAAAKiDlPvfFGcm/wMAAEBlpNz/5jgz+R8AAAAqI+X+Q3FmNcn/+v9V7//33/n/h8Lg9v9H9f/1//X/18z5//X/u3H+/8Hs/6fP3dD/75/+f3EM6f/Tj/qt/59y/1vizGqS/wEAAKAOUu5/a5yZ/A8AAACVkXL/2+LM5H8AAACojJT73x5nVpP8r/+v/+/8/87/r/+v/7+Z9P/1/7vR/x/M/n+i/98//X/n/6df9Vv/P+X+d8SZ1ST/AwAAQB2k3P/OODP5HwAAACoj5f7/H2cm/wMAAEBlpNz/YJxZTfJ/hfr/Y3Hq/+v/6//r/zfo//cH/X/9/270//X/B3n9+v/6//TWb/3/lPt/Kc6sJvkfAAAA6iDl/ofizOR/AAAAqIyU+98VZyb/AwAAQGWk3P/LcWY1yf8V6v+X+vT8/8P59vX/9f/1//X/9f830oD2/yf0/0v6//r/g7x+/X/9f3rrt/5/yv2/EmdWk/wPAAAAdZBy/6/Gmcn/AAAAUBkp9/9anJn8DwAAAJWRcv/DcWY1yf/6/87/r/+v/9+3/f/R1v2p/6//38mA9v+d/z/S/9f/H+T16//r/9Nbv/X/U+7/9TizmuR/AAAAqIOU+x+JM5P/AQAAoDJS7n93nJn8DwAAAJWRcv974sxqkv/1//X/9f/1//u2/9+2P/X/+7X//29dL9X/1//vRv9f/3+Q16//r/9Pb/3W/0+5/9E4s5rkfwAAAKiDlPvfG2cm/wMAAEBlpNz/G3Fm8j8AAABURsr9vxlnNpj5f3itG+j/6//r/+v/r7r/vxBC0P/X/18j/f/l/f/iPexq9v/HV3NF/f9V0f/X/9f/1/+nu37r/6fc/744s8HM/wAAAEAHKff/VpyZ/A8AAACVkXL/b8eZyf8AAABQGSn3vz/OrCb5X/9f/1//X//f+f/1/zeT/n+9zv8/HvT/g/6//r/+v/4/Wb/1/1Pu/0CcWU3yPwAAANRByv2/E2cm/wMAAEBlpNx/OM5M/gcAAIDKSLn/sTizmuR//f+r1P/fWl5f/1//vzr9/0X9f/3/jvT/69X/d/7/kv6//r/+v/4/pX7r/6fcfyTOrCb5HwAAAOog5f4PxpnJ/wAAAFAZKfcfjTOT/wEAAKAyUu4/FmdWk/yv/+/8//r/+v/O/6//v5n0//X/u9H/1/8f5PXr/+v/01u/9f9T7p+NM6tJ/gcAAIA6SLn/eJyZ/A8AAACVkXL/iTgz+R8AAAAqI+X+x+PMapL/9f/1/1fV/x8L+v/6//r/+v+XRf9f/78b/X/9/0Fev/6//j+9bVz//583pP+fcv/JOLOa5H8AAACog5T7PxRnJv8DAABAZaTc/+E4M/kfAAAAKiPl/lNxZjXJ//r/+v/O/1/B/v+o/n/Q/+8b+v/6/93o/+v/D/L69f/1/+ltKGxU/z9sSP8/5f7TcWY1yf8AAABQByn3n4kzk/8BAACgMlLuPxtnJv8DAABAZaTcfy7OrCb5X/9f/1//v4L9f+f/b9D/7w/6//r/3ej/6/8P8vr1//X/6W3jzv+/Mf3/lPt/N86sJvkfAAAA6iDl/v9j7z6a5LyrPY63riWPVK5bd3X3vAV27OAd+DWwYUuRc44GTE4m55yTiSbnnIPJORlMBkOVKWvOOfZIPd2t0fT08/zP57PgMGaseayhxvUr1beee8ct9j8AAAAMI3f/feIW+x8AAACGkbv/vnFLk/2v/9f/6//1//p//f826f/1/6vo/+fT/59Z8vfr//X/+n/WmVr/n7v/fnFLk/0PAAAAHeTuv3/cYv8DAADAMHL3PyBusf8BAABgGLn7Hxi3NNn/+n/9v/5/Mv3/fuen/9f/6/8vif5f/7/Ydf9/Lj4YvP9fRv+v/9f/s87U+v/c/Q+KW5rsfwAAAOggd/+D4xb7HwAAAIaRu/8hcYv9DwAAAMPI3f/QuKXJ/tf/6//H7f/35tb/e/9/fl9H7P9P3f5l9f/HS/+v/1/suv9v8v7/ZfT/+n/9P+tMrf/P3f+wuKXJ/gcAAIAOcvc/PG6x/wEAAGAYufsfEbfY/wAAADCM3P2PjFua7H/9v/5/3P5/du//1//n93WI/v9c/Tre/6//1/8fTv+v/5/z8+v/9f+sN7X+P3f/o+KWJvsfAAAAOsjd/+i4xf4HAACAYeTuf0zcYv8DAADAMHL3PzZuabL/9f/6f/2//l//fwLv/9f/6//1/0vp//X/c35+/b/+n/Wm1v/n7n9c3NJk/wMAAEAHufsfH7fY/wAAADCM3P1PiFvsfwAAABhG7v4nxi1N9v+l9f+n9P+H0P8vf379v/5f/6//1//r/1fR/+v/5/z8+n/9P+ttvf+/+przd9P+P3f/NXFLk/0PAAAAHeTuf1LcYv8DAADAMHL3Pzlusf8BAABgGLn7nxK3NNn/S/r/KxYzfv//2c2+tP4/vv7B/v/WU/p//f80+/9b4qeM/l//f7F59/9n9f876//39P8r+/nNfif0//p//T/rbL3/X9P7X/hx7v5r45Ym+x8AAAA6yN3/1LjF/gcAAIBh5O5/Wtxi/wMAAMAwcvc/PW5psv8v7f3/0+//vf9/t+//z193C/3/mWXPr//v0v/v8/5//f8y8+7/vf9/i/3/PfI30/v/D7frfn7uz7+q/7/rBs+v/6eDqfX/ufufEbc02f8AAADQQe7+Z8Yt9j8AAAAMI3f/s+IW+x8AAACGkbv/2XFLg/1/Wv9fz5H0/97/v1H/f27/79f/H3we/b/+fxn9v/5/ld29/1//v5hAPz/35/f+//X9/1XrfhGGN7X+P3f/c+KWBvsfAAAAusjd/9y4xf4HAACAYeTuf17cYv8DAADAMHL3Pz9uabL/9f/6f/2/9/9fVv9/xTb6/9NLfz/1//r/ZfT/+v+F/v/Idt3Pz/359f/e/896U+v/c/dfF7fU8Dt9hH9KAAAAYEpy978gbmny5/8AAADQQe7+F8Yt9j8AAAAMI3f/i+KWJvtf/6//1//r/73/X/+/Tfr/4fr/U/r/2+n/9f/6f/0/q02t/8/d/+K4pcn+BwAAgA5y978kbrH/AQAAYBi5+18at9j/AAAAMIzc/S+LW5rsf/2//l//r//X/+v/t0n/P1z/7/3/d6D/1//r//X/rDa1/j93/8vjlib7HwAAADrI3f+KuMX+BwAAgGHk7n9l3GL/AwAAwDBy978qbpnd/r+woN2M/l//r//X/+v/9f/bNP3+/8xGn6X/36f/P2hb/f/ZQ76e/n9az388/X9+9/X/jGkC/f/d7vhx7v5Xxy2z2/8AAADAYXL3vyZusf8BAABgGLn7Xxu32P8AAAAwjNz9r4tbmuz/w/r/m6/a/9/X9P/5G6b/j6v/1/8v9P9F/6//X8yi/9+M/n+f/v8g7//X/3v/v/6f1SbQ/x/4OHf/6+OWJvsfAAAAOsjd/4a4xf4HAACAYeTuf2PcYv8DAADAMHL3vyluabL/vf9f/6//1//r//X/26T/1/+vMqP+f2/ZX9T/6//1//p/Vpta/5+7/81xS5P9DwAAAB3k7n9L3GL/AwAAwDBy9781brH/AQAAYBi5+98WtzTZ//p//f/O+///GbL/P/+I+n/9v/5f/6//X21G/f9S+n/9v/5f/89qU+v/c/e/PW5psv8BAACgg9z974hb7H8AAAAYRu7+d8Yt9j8AAAAMI3f/u+KWJvtf/6//33n/7/3/Rf8f31f9v/7/Euj/9f8L/f+R7bqfn/vz6//1/6w3tf4/d/+745Ym+x8AAAA6yN3/nrjF/gcAAIBh5O6/Pm6x/wEAAGAYufvfG7c02f/6f/2//l//r//X/2+T/l//v8rJ9v/X3qz/P2jX/fzcn1//r/9nvan1/7n73xe3NNn/AAAA0EHu/vfHLfY/AAAADCN3/wfiFvsfAAAAhpG7/4NxS5P9r/+fe/9/95viCabW/+en6P/1/yv7/73FxfT/+v9Lof/X/y+28v7/C39SLKf/1//r//X/rHZi/f89r77XXW77L2v6/9z9H4pbmux/AAAA6CB3/w1xi/0PAAAAw8jd/+G4xf4HAACAYeTu/0jc0mT/9+j/z1z0aeP0/97/r/+fdP+fP1S9/1//r//X/y813f5/M/p//b/+X//PalN7/3/u/o/GLU32PwAAAHSQu/9jcYv9DwAAAMPI3f/xuMX+BwAAgGHk7v9E3NJk//fo/y+m/9937P3/rf+n/9f/l03e/6//1/9fLv2//n+h/z+yXffzc3/+ofv/Uwv9P8diav1/7v5Pxi1N9j8AAAB0kLv/U3GL/Q8AAADDyN3/6bjF/gcAAIBh5O7/TNxw5//d3SOdKP2//t/7//X/+n/9/zbp/4/Q/586vfFz6f/36f+PZtf9/Nyff+j+3/v/OSZT6/9z9382bvHn/wAAADCM3P2fi1vsfwAAABhG7v7Pxy32PwAAAAxgv3fP3f+FuKXJ/l/T/+/l5x25/z93+NfW/+v/F/p//b/+X/9/mYbs/y+B/n+f/v9odt3Pz/35Z9f/X3/wQ/0/J2FJ/3/+J/Gu+v/c/V+MW5rsfwAAAOggd/+X4hb7HwAAAIaRu//LcYv9DwAAAMPI3f+VuKXJ/l/a/+95/7/+X/+v/1/o//X/x0L/r/9fRf+v/5/z88+u/7+A/p+TMLX3/+fu/2rc0mT/AwAAQAe5+78Wt9j/AAAAMIzc/V+PW+x/AAAAGEbu/m/ELU32/5r3/+v/N/tH0f/r/5f+/0H/r//fsP8/s9D/H5n+X/+/0P8f2a77+bk//+X0/+f0/zQxtf4/d/8345Ym+x8AAAA6yN3/rbjF/gcAAIBh5O7/dtxi/wMAAMAwcvd/J25psv9H7v9XfZr+f5/+X/+/0P9Pof/3/v/LoP/X/y/0/0e2635+7s/v/f/6f9abWv+fu/+7cUuT/Q8AAAAd5O7/Xtxi/wMAAMAwcvffuFjcYP8DAADAmG48/59nF9+PW5rs/5H7/1X0//v0//r/hf5f/79l+n/9/yr6f/3/nJ9f/6//Z72p9f+5+38QtzTZ/wAAANBB7v4fxi32PwAAAAwjd/+P4hb7HwAAAIaRu//HcUuT/a//1//r//X/+n/9/zbp//X/q+j/9f9zfn79v/6f9abW/+fu/0nc0mT/AwAAQAe5+38at9j/AAAAMIzc/T+LW+x/AAAAGEbu/p/HLU32v/5f/6//1//r//X/26T/1/+vov/X/8/5+fX/+n/Wm1r/n7v/F3FLk/0PAAAAHeTu/2XcYv8DAADAMHL3/ypusf8BAABgGLn7fx23NNn/+v/bnuNc/XX9v/5f/6//T/r/49G2/7/tX6v6/7X0//r/OT+//l//z3pT6/9z9/8mbmmy/wEAAKCD3P2/jVvsfwAAABhG7v7fxS32PwAAAAwjd//v45Ym+1//7/3/+n/9/zz6/yv1//r/pSbb/3v//0b0//r/OT+//l//z3pT6/9z998UtzTZ/wAAANBB7v4/xC32PwAAAAwjd/8f4xb7HwAAAIaRu//muKXJ/tf/6/+H7P/39P/j9f/e/z/L/v9O+n/9/2r6f/3/nJ9f/6//Z72p9f+5+/8UtzTZ/wAAANBB7v4/xy32PwAAAAwjd/9f4hb7HwAAAIaRu/+vcUuT/a//1/8P2f97/7/+X/8/Gfp//f8q+n/9/5yfX/+v/2e9qfX/ufv/Frc02f8AAADQQe7+v8ct9j8AAAAMI3f/P+IW+x8AAACGkbv/n3FLk/2v/9f/6//1//p//f826f/n2/9fuThC/3/dQv+v/9f/6//1/5Sp9f+5+/8VtzTZ/wAAANBB7v5b4pal+///T+ipAAAAgOOUu//fcYs//wcAAIBh5O7/T9zSZP/r//X/+n/9v/5f/79N+v/59v/e/7+e/l//r//X/7Pa1Pr/3P3/DQAA///E7/7M")
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x1000040, &(0x7f00000002c0)={[{@barrier}, {@nodioread_nolock}, {@noquota}, {@barrier}, {@auto_da_alloc}, {@nodioread_nolock}]}, 0x1, 0x599, &(0x7f0000001280)="$eJzs3T9sG2UbAPDnznHTP/m+9JO+T/pAHSpAKlJVJ+kfKEztiqhUqQMSC0SOG1Vx4ipOoIkike4VogMC1KVsMDCCGBgQCyMrC4gZqaIRSE0HMHJ8TtPULk6I4xL/ftLZ73t39vO+d35e+053cgB962j9IY14KiIuJhHDG5YNRLbwaGO91ZWl4v2VpWIStdqlX5JIIuLeylKxuX6SPR+KiOWI+H9EfJOPOJ6uv+W+ZqG6sDg1Xi6XZrP6yNz01ZHqwuKJK9Pjk6XJ0sypF186c/b0mbGTYxube7+2sZbfWl9v/Hjz3RvfvXL75qefHVkuvj+exLkYypZt7MdOamyTfJzbNP90N4L1UNLrBrAtuSzP66n0vxiOXJb1rdQ2Dg6Du9I8oItqgxE1oE8l8h/6VPN3QP34tznt5u+PO+cbByD1uKsrS8V3ohl/oHFuIvavHZsc/DV56Mikfrx5eDcbyp60fD0iRgcGHv38J9nnb/tGd6KBdNXX5xs76tH9n66PP9Fi/Blqnjv9m5rj32o2/q22iJ9rM/5d7DDG76//9FHb+NcH4+mW8ZP1+EmL+GlEvNlh/FuvfXm23bLaxxHHonX8puTx54dHLl8pl0Ybjy1jfHXsyMvt+x9xsE38xjnb/WtfMxv7vy9rU9ph/7/49vNnlh8T//lnH7//W23/AxHxXofx/3Pvk1fbLbtzPblb/xWw1f2fRD5udxj/hXNHf8iKzhoCAAAAAAAAAMAOSteuZUvSwno5TQuFxj28/42DablSnTt+uTI/M9G45u1w5NPmlVbDjXpSr49l1+M26yc31U/lsoC5A2v1QrFSnuhx3wEAAAAAAAAAAAAAAAAAAOBJcWjT/f+/5dbu/9/8d9XAXtX+L7+BvU7+Q/96OP+TnrUD2H2+/6Fv1eQ/9C/5D/1L/kP/kv/Qv+Q/9C/5D/1L/gMAAAAAAAAAAAAAAAAAAAAAAAAAQFdcvHChPtXurywV6/WJgYX5qcpbJyZK1anC9HyxUKzMXi1MViqT5VKhWJn+q/dLKpWrozEzf21krlSdG6kuLL4xXZmfaf6naCnf9R4BAAAAAAAAAAAAAAAAAADAP8/Q2pSkhYh8o56mhULEvyLicBLJ5Svl0mhE/Dsivs/lB+v1sV43GgAAAAAAAAAAAAAAAAAAAPaY6sLi1Hi5XJrtXmEgC9XFEJ0XBrayckQs72wz6u+45Vflsw3Y4023Nwq5J+Nz+OQXejgoAQAAAAAAAAAAAAAAAABAn3pw02+nr/ijuw0CAAAAAAAAAAAAAAAAAACAvpT+nEREfTo2/NzQ5qX7ktXc2nNEvH3r0gfXxufmZsfq8++uz5/7MJt/shftBzrVzNM0Iup5DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADxQXVicGi+XS7PbLAx2sE6v+wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwHX8GAAD//xLkz18=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r0, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0x40305829, &(0x7f00000000c0)={0x17c04, 0xffffffffffffffff, 0x7, 0xfff, 0x7})
openat(0xffffffffffffff9c, 0x0, 0xc4042, 0x1ff)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x6000, 0x0)
sendfile(r1, r2, 0x0, 0x20fffe82)

870.401473ms ago: executing program 1 (id=1077):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xf}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x14}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x4080)
r1 = socket$kcm(0xa, 0x3, 0x3a)
sendmsg$kcm(r1, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback={0x0, 0xac14140c}}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000140)="8bcd", 0xffe3}], 0x1, 0x0, 0x0, 0x900}, 0x60)

869.971346ms ago: executing program 1 (id=1078):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r1 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x100})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1})
ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1})

710.776397ms ago: executing program 1 (id=1079):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'sit0\x00', <r1=>0x0})
ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={@local, 0x5, r1})
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000004c40)={@private1, r1}, 0x14)

710.501897ms ago: executing program 1 (id=1080):
syz_usb_connect(0x3, 0x51, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010102dd8a7a20670812980f240102030109023f0001f40820100904440305b79db5050905f8ff08000780040905050200020709f909050410ff0301408709050c08000409000209050a"], &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0})

530.976691ms ago: executing program 2 (id=1081):
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
io_uring_setup(0x4, &(0x7f0000000040)={0x0, 0x73e9, 0x1c410, 0x2, 0x20002f7})
io_uring_setup(0x4, &(0x7f0000000040)={0x0, 0xc89c, 0xc000, 0x2, 0x20002f7})

471.189261ms ago: executing program 2 (id=1082):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWSET={0x5c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xb}, @NFTA_SET_EXPRESSIONS={0x18, 0x12, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @last={{0x9}, @val={0x4}}}]}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x130}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x84}, 0x1, 0x0, 0x0, 0x4044050}, 0x40)

411.14739ms ago: executing program 2 (id=1083):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
sendmsg$NFC_CMD_ACTIVATE_TARGET(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000003c0)={0x14, r2, 0x1, 0x70bd2d, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x40895}, 0x20004804)

361.060588ms ago: executing program 2 (id=1084):
bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)
madvise(&(0x7f000007f000/0x4000)=nil, 0x4000, 0x10)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)

110.794764ms ago: executing program 1 (id=1085):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@ipv4_newroute={0x38, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, [@RTA_ENCAP_TYPE={0x6, 0x15, 0x4}, @RTA_ENCAP={0x14, 0x16, 0x0, 0x1, @LWTUNNEL_IP_OPTS={0x10, 0x8, 0x0, 0x1, @LWTUNNEL_IP_OPTS_GENEVE={0xc, 0x1, 0x0, 0x1, @LWTUNNEL_IP_OPT_GENEVE_CLASS={0x6, 0x1, 0x3ff}}}}]}, 0x38}}, 0x4800)

21.69349ms ago: executing program 1 (id=1086):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000001c0)={'ip6gre0\x00', &(0x7f0000000240)={'ip6_vti0\x00', 0x0, 0x4, 0x4, 0x7, 0x81, 0xc, @ipv4={'\x00', '\xff\xff', @multicast2}, @empty, 0x80, 0x9, 0xfffffffa, 0x7}})

0s ago: executing program 0 (id=1087):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000d00)={0x14, 0x14, 0x1, 0x70bd2d, 0x0, "", [@generic='\t']}, 0x14}], 0x1}, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:58819' (ED25519) to the list of known hosts.
syzkaller login: [   56.255671][ T5841] cgroup: Unknown subsys name 'net'
[   56.397023][ T5841] cgroup: Unknown subsys name 'cpuset'
[   56.402782][ T5841] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   58.389995][ T5841] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   63.573451][ T5239] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   63.577135][ T5239] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   63.580604][ T5239] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   63.584934][ T5239] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   63.588375][ T5239] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   63.612234][ T5862] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   63.621190][ T5862] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   63.624617][ T5862] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   63.628117][ T5862] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   63.631640][ T5862] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   63.667376][ T5862] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   63.671256][ T5862] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   63.676477][ T5862] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   63.680547][ T5862] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   63.692264][ T5862] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   63.927174][ T5858] chnl_net:caif_netlink_parms(): no params data found
[   63.951956][ T5855] chnl_net:caif_netlink_parms(): no params data found
[   64.068289][ T5855] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.071800][ T5855] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.074707][ T5855] bridge_slave_0: entered allmulticast mode
[   64.078102][ T5855] bridge_slave_0: entered promiscuous mode
[   64.119761][ T5855] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.123033][ T5855] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.125407][ T5855] bridge_slave_1: entered allmulticast mode
[   64.127977][ T5855] bridge_slave_1: entered promiscuous mode
[   64.130793][ T5858] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.134337][ T5858] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.136687][ T5858] bridge_slave_0: entered allmulticast mode
[   64.139353][ T5858] bridge_slave_0: entered promiscuous mode
[   64.170294][ T5858] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.173042][ T5858] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.175954][ T5858] bridge_slave_1: entered allmulticast mode
[   64.178760][ T5858] bridge_slave_1: entered promiscuous mode
[   64.193408][ T5855] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   64.201453][ T5855] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   64.222991][ T5864] chnl_net:caif_netlink_parms(): no params data found
[   64.240258][ T5858] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   64.248939][ T5855] team0: Port device team_slave_0 added
[   64.253398][ T5858] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   64.258500][ T5855] team0: Port device team_slave_1 added
[   64.312199][ T5858] team0: Port device team_slave_0 added
[   64.319680][ T5855] batman_adv: batadv0: Adding interface: batadv_slave_0
[   64.323321][ T5855] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.332545][ T5855] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   64.338092][ T5858] team0: Port device team_slave_1 added
[   64.341104][ T5855] batman_adv: batadv0: Adding interface: batadv_slave_1
[   64.344259][ T5855] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.354763][ T5855] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   64.427873][ T5858] batman_adv: batadv0: Adding interface: batadv_slave_0
[   64.430870][ T5858] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.443711][ T5858] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   64.464031][ T5855] hsr_slave_0: entered promiscuous mode
[   64.466388][ T5855] hsr_slave_1: entered promiscuous mode
[   64.469454][ T5858] batman_adv: batadv0: Adding interface: batadv_slave_1
[   64.472776][ T5858] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.481715][ T5858] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   64.498492][ T5864] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.501924][ T5864] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.504993][ T5864] bridge_slave_0: entered allmulticast mode
[   64.508816][ T5864] bridge_slave_0: entered promiscuous mode
[   64.523723][ T5864] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.526808][ T5864] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.530047][ T5864] bridge_slave_1: entered allmulticast mode
[   64.534584][ T5864] bridge_slave_1: entered promiscuous mode
[   64.584185][ T5864] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   64.623256][ T5858] hsr_slave_0: entered promiscuous mode
[   64.626362][ T5858] hsr_slave_1: entered promiscuous mode
[   64.629131][ T5858] debugfs: 'hsr0' already exists in 'hsr'
[   64.631686][ T5858] Cannot create hsr debugfs directory
[   64.635914][ T5864] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   64.694242][ T5864] team0: Port device team_slave_0 added
[   64.709673][ T5864] team0: Port device team_slave_1 added
[   64.777530][ T5864] batman_adv: batadv0: Adding interface: batadv_slave_0
[   64.779802][ T5864] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.789277][ T5864] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   64.810222][ T5864] batman_adv: batadv0: Adding interface: batadv_slave_1
[   64.812619][ T5864] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.821686][ T5864] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   64.894726][ T5864] hsr_slave_0: entered promiscuous mode
[   64.897906][ T5864] hsr_slave_1: entered promiscuous mode
[   64.900805][ T5864] debugfs: 'hsr0' already exists in 'hsr'
[   64.903888][ T5864] Cannot create hsr debugfs directory
[   64.977946][ T5855] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   64.988836][ T5855] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   65.004545][ T5855] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   65.028033][ T5855] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   65.078658][ T5858] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   65.089794][ T5858] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   65.107854][ T5858] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   65.123704][ T5858] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   65.170894][ T5864] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   65.183129][ T5864] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   65.192636][ T5864] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   65.199427][ T5864] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   65.267349][ T5855] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.304854][ T5855] 8021q: adding VLAN 0 to HW filter on device team0
[   65.317651][ T5858] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.327878][ T1019] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.331089][ T1019] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.357647][ T1019] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.360096][ T1019] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.376846][ T5858] 8021q: adding VLAN 0 to HW filter on device team0
[   65.403573][   T28] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.406551][   T28] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.419822][   T28] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.422969][   T28] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.457820][ T5864] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.484987][ T5864] 8021q: adding VLAN 0 to HW filter on device team0
[   65.497232][   T26] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.500349][   T26] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.505932][   T26] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.508845][   T26] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.617796][ T5855] 8021q: adding VLAN 0 to HW filter on device batadv0
[   65.675960][ T5860] Bluetooth: hci1: command tx timeout
[   65.678486][ T5860] Bluetooth: hci0: command tx timeout
[   65.696206][ T5855] veth0_vlan: entered promiscuous mode
[   65.706578][ T5858] 8021q: adding VLAN 0 to HW filter on device batadv0
[   65.714120][ T5855] veth1_vlan: entered promiscuous mode
[   65.752289][ T5862] Bluetooth: hci2: command tx timeout
[   65.759967][ T5855] veth0_macvtap: entered promiscuous mode
[   65.782636][ T5855] veth1_macvtap: entered promiscuous mode
[   65.808538][ T5864] 8021q: adding VLAN 0 to HW filter on device batadv0
[   65.814780][ T5858] veth0_vlan: entered promiscuous mode
[   65.837084][ T5858] veth1_vlan: entered promiscuous mode
[   65.849538][ T5855] batman_adv: batadv0: Interface activated: batadv_slave_0
[   65.864406][ T5855] batman_adv: batadv0: Interface activated: batadv_slave_1
[   65.888026][ T5864] veth0_vlan: entered promiscuous mode
[   65.896557][   T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   65.905601][ T5864] veth1_vlan: entered promiscuous mode
[   65.917151][   T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   65.926216][ T5858] veth0_macvtap: entered promiscuous mode
[   65.936281][   T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   65.947423][ T5858] veth1_macvtap: entered promiscuous mode
[   65.951865][   T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   66.000272][ T5864] veth0_macvtap: entered promiscuous mode
[   66.022839][ T5864] veth1_macvtap: entered promiscuous mode
[   66.028503][ T5858] batman_adv: batadv0: Interface activated: batadv_slave_0
[   66.035533][   T26] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.046457][   T26] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.059518][ T5858] batman_adv: batadv0: Interface activated: batadv_slave_1
[   66.099237][ T5864] batman_adv: batadv0: Interface activated: batadv_slave_0
[   66.103681][   T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   66.114746][   T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   66.116198][   T26] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.118297][   T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   66.125936][   T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   66.129788][   T26] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.153430][ T5864] batman_adv: batadv0: Interface activated: batadv_slave_1
[   66.160469][ T5884] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   66.171748][ T5885] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   66.175341][ T5885] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   66.180984][ T5885] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   66.204333][ T5855] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   66.293301][   T26] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.303182][   T26] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.314145][ T5919] syz.2.3 uses obsolete (PF_INET,SOCK_PACKET)
[   66.328857][   T26] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.334891][   T26] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.401538][ T4521] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.406842][ T4521] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.452117][ T1092] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.469745][ T1092] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.576445][ T5929] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   66.612450][ T5932] trusted_key: syz.2.7 sent an empty control message without MSG_MORE.
[   66.714951][ T5938] loop2: detected capacity change from 0 to 2048
[   66.738031][ T5938] UDF-fs: warning (device loop2): udf_load_logicalvol: Damaged or missing LVID, forcing readonly mount
[   66.780454][ T5940] netlink: 180 bytes leftover after parsing attributes in process `syz.0.8'.
[   66.803759][ T5936] netlink: 180 bytes leftover after parsing attributes in process `syz.0.8'.
[   66.807801][ T5936] netlink: 180 bytes leftover after parsing attributes in process `syz.0.8'.
[   67.068803][ T5944] input: syz1 as /devices/virtual/input/input4
[   67.078266][ T5944] input: failed to attach handler leds to device input4, error: -6
[   67.447641][ T5955] loop1: detected capacity change from 0 to 4096
[   67.464346][ T5955] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512).
[   67.487416][ T5955] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[   67.493073][ T5955] ntfs3(loop1): ino=19, mi_enum_attr
[   67.742804][ T5862] Bluetooth: hci0: command tx timeout
[   67.745881][ T5860] Bluetooth: hci1: command tx timeout
[   67.862295][ T5960] loop2: detected capacity change from 0 to 32768
[   67.871770][ T5960] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.19 (5960)
[   67.901112][ T5960] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   67.910341][ T5960] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm
[   67.952702][ T5904] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   68.049247][ T5960] BTRFS info (device loop2): rebuilding free space tree
[   68.070510][ T5960] BTRFS info (device loop2): allowing degraded mounts
[   68.073619][ T5960] BTRFS info (device loop2): enabling ssd optimizations
[   68.075936][ T5960] BTRFS info (device loop2): enabling free space tree
[   68.078965][ T5960] BTRFS info (device loop2): force clearing of disk cache
[   68.081829][ T5960] BTRFS info (device loop2): use zstd compression, level 3
[   68.084272][ T5960] BTRFS info (device loop2): max_inline set to 0
[   68.105630][   T33] audit: type=1800 audit(1756759731.452:2): pid=5960 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.19" name="file1" dev="loop2" ino=260 res=0 errno=0
[   68.121525][ T5904] usb 1-1: Using ep0 maxpacket: 16
[   68.127249][ T5904] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   68.134878][ T5904] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[   68.143209][ T5904] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[   68.150765][ T5904] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[   68.157968][ T5855] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   68.163015][ T5904] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[   68.166692][ T5904] usb 1-1: Manufacturer: syz
[   68.182769][ T5904] usb 1-1: config 0 descriptor??
[   68.342777][ T5985] loop1: detected capacity change from 0 to 32768
[   68.406794][    T9] usb 1-1: USB disconnect, device number 2
[   68.509370][ T6005] netlink: 40 bytes leftover after parsing attributes in process `syz.1.32'.
[   68.620310][ T6009] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode
[   68.626304][ T6009] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[   68.631972][ T5862] Bluetooth: hci2: command tx timeout
[   68.739003][ T6016] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   68.953184][ T6032] netlink: 8 bytes leftover after parsing attributes in process `syz.2.45'.
[   68.960106][ T6032] netlink: 'syz.2.45': attribute type 1 has an invalid length.
[   68.963792][ T6032] netlink: 'syz.2.45': attribute type 2 has an invalid length.
[   69.097735][ T6044] loop1: detected capacity change from 0 to 2048
[   69.105829][ T6044] UDF-fs: error (device loop1): udf_process_sequence: Primary Volume Descriptor not found!
[   69.114543][ T6044] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   69.213353][ T6050] loop2: detected capacity change from 0 to 8
[   69.216481][ T6050] =======================================================
[   69.216481][ T6050] WARNING: The mand mount option has been deprecated and
[   69.216481][ T6050]          and is ignored by this kernel. Remove the mand
[   69.216481][ T6050]          option from the mount to silence this warning.
[   69.216481][ T6050] =======================================================
[   69.823554][ T5862] Bluetooth: hci0: command tx timeout
[   69.826005][ T5860] Bluetooth: hci1: command tx timeout
[   70.462111][ T6100] process 'syz.2.73' launched './file0' with NULL argv: empty string added
[   70.787336][ T6110] netlink: 16 bytes leftover after parsing attributes in process `syz.2.78'.
[   70.933915][ T6114] netlink: 12 bytes leftover after parsing attributes in process `syz.2.80'.
[   71.024796][ T6122] openvswitch: netlink: Either Ethernet header or EtherType is required.
[   71.106850][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[   71.109631][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[   71.919877][ T5862] Bluetooth: hci0: command tx timeout
[   71.961511][ T5860] Bluetooth: hci1: command tx timeout
[   72.174921][ T6136] loop2: detected capacity change from 0 to 1024
[   72.194473][ T6136] hfsplus: bad catalog entry type
[   72.213495][   T26] hfsplus: b-tree write err: -5, ino 4
[   72.436902][ T6148] Zero length message leads to an empty skb
[   72.581534][  T794] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   72.731424][  T794] usb 1-1: Using ep0 maxpacket: 8
[   72.735432][  T794] usb 1-1: config 2 has an invalid interface number: 31 but max is 0
[   72.738615][  T794] usb 1-1: config 2 has no interface number 0
[   72.741048][  T794] usb 1-1: config 2 interface 31 has no altsetting 0
[   72.746746][  T794] usb 1-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f
[   72.749689][  T794] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   72.752667][  T794] usb 1-1: Product: syz
[   72.754504][  T794] usb 1-1: Manufacturer: syz
[   72.756405][  T794] usb 1-1: SerialNumber: syz
[   72.793356][ T6161] loop2: detected capacity change from 0 to 32768
[   72.802192][ T6161] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.101 (6161)
[   72.819217][ T6161] BTRFS info (device loop2 state S): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   72.823901][ T6161] BTRFS info (device loop2 state S): using crc32c (crc32c-lib) checksum algorithm
[   72.850474][   T64] BTRFS warning (device loop2 state S): checksum verify failed on logical 1052672 mirror 1 wanted 0x37e030f7 found 0x3a96e814 level 0, ignored
[   72.860344][ T6161] BTRFS error (device loop2 state S): devid 1 uuid ffe9ff7f-0000-0000-0000-9003f3eadbc4 is missing
[   72.865039][ T6161] BTRFS error (device loop2 state S): failed to read chunk tree: -2
[   72.883726][ T6161] BTRFS error (device loop2 state S): open_ctree failed: -2
[   73.125496][ T6186] sp0: Synchronizing with TNC
[   73.204935][ T6192] openvswitch: netlink: Unexpected mask (mask=240, allowed=10048)
[   73.396736][  T794] ch9200 1-1:2.31: probe with driver ch9200 failed with error -22
[   73.415331][  T794] usb 1-1: USB disconnect, device number 3
[   73.846948][ T6203] capability: warning: `syz.1.114' uses 32-bit capabilities (legacy support in use)
[   76.491479][   T95] usb 3-1: new full-speed USB device number 2 using dummy_hcd
[   76.983056][   T95] usb 3-1: New USB device found, idVendor=12d6, idProduct=0444, bcdDevice=6c.de
[   76.986831][   T95] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   76.990866][   T95] usb 3-1: Product: syz
[   76.992788][   T95] usb 3-1: Manufacturer: syz
[   76.994682][   T95] usb 3-1: SerialNumber: syz
[   77.006707][   T95] usb 3-1: config 0 descriptor??
[   77.014468][   T95] ems_usb 3-1:0.0 (unnamed net_device) (uninitialized): couldn't initialize controller: -22
[   77.022413][   T95] ems_usb 3-1:0.0: probe with driver ems_usb failed with error -22
[   77.218167][ T5904] usb 3-1: USB disconnect, device number 2
[   77.262757][ T6299] loop0: detected capacity change from 0 to 32768
[   77.280689][ T6299] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   77.310699][ T6299] XFS (loop0): Ending clean mount
[   77.319046][ T6299] XFS (loop0): Quotacheck needed: Please wait.
[   77.342979][ T6299] XFS (loop0): Quotacheck: Done.
[   77.370577][ T5864] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   77.518239][ T6315] netlink: 28 bytes leftover after parsing attributes in process `syz.1.161'.
[   77.698749][ T6331] netlink: 68 bytes leftover after parsing attributes in process `syz.0.168'.
[   77.712305][ T6332] netlink: 'syz.1.167': attribute type 1 has an invalid length.
[   77.714904][ T6332] netlink: 'syz.1.167': attribute type 4 has an invalid length.
[   77.719007][ T6332] netlink: 15334 bytes leftover after parsing attributes in process `syz.1.167'.
[   78.071484][ T5904] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   78.221446][ T5904] usb 1-1: Using ep0 maxpacket: 16
[   78.225737][ T5904] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   78.230416][ T5904] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[   78.237780][ T5904] usb 1-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice= 0.00
[   78.241916][ T5904] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   78.248848][ T5904] usb 1-1: config 0 descriptor??
[   78.682961][ T5904] input: HID 0955:7214 Haptics as /devices/virtual/input/input5
[   78.802764][ T5904] shield 0003:0955:7214.0001: Registered Thunderstrike controller
[   78.820028][ T5904] shield 0003:0955:7214.0001: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.0-1/input0
[   78.905252][  T794] shield 0003:0955:7214.0001: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[   78.947232][  T794] shield 0003:0955:7214.0001: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[   78.952349][ T5904] usb 1-1: USB disconnect, device number 4
[   78.981570][  T794] shield 0003:0955:7214.0001: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[   78.986120][  T794] shield 0003:0955:7214.0001: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[   79.322831][   T33] audit: type=1326 audit(1756759742.672:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6389 comm="syz.1.196" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f187b18ebe9 code=0x7ffc0000
[   79.333297][   T33] audit: type=1326 audit(1756759742.672:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6389 comm="syz.1.196" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f187b18ebe9 code=0x7ffc0000
[   79.341603][   T33] audit: type=1326 audit(1756759742.672:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6389 comm="syz.1.196" exe="/syz-executor" sig=0 arch=c000003e syscall=64 compat=0 ip=0x7f187b18ebe9 code=0x7ffc0000
[   79.349269][   T33] audit: type=1326 audit(1756759742.672:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6389 comm="syz.1.196" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f187b18ebe9 code=0x7ffc0000
[   79.362023][   T33] audit: type=1326 audit(1756759742.672:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6389 comm="syz.1.196" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f187b18ebe9 code=0x7ffc0000
[   79.425597][  T794] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   79.601582][  T794] usb 3-1: Using ep0 maxpacket: 32
[   79.614152][  T794] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[   79.638484][  T794] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[   79.643163][  T794] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[   79.646341][  T794] usb 3-1: Product: syz
[   79.648629][  T794] usb 3-1: Manufacturer: syz
[   79.650520][  T794] usb 3-1: SerialNumber: syz
[   79.670922][  T794] usb 3-1: config 0 descriptor??
[   79.678085][ T6382] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[   80.059271][ T6432] loop0: detected capacity change from 0 to 4096
[   80.182815][ T6432] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[   80.200245][ T6432] ntfs3(loop0): Failed to load $Extend (-22).
[   80.202450][ T6432] ntfs3(loop0): Failed to initialize $Extend.
[   80.338287][ T6441] netlink: 'syz.0.220': attribute type 1 has an invalid length.
[   80.691446][ T5917] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[   80.847923][ T5917] usb 1-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00
[   80.852532][ T5917] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   80.856017][ T5917] usb 1-1: Product: syz
[   80.857727][ T5917] usb 1-1: Manufacturer: syz
[   80.859660][ T5917] usb 1-1: SerialNumber: syz
[   80.873900][ T5917] usb 1-1: config 0 descriptor??
[   81.088232][ T5917] hso 1-1:0.0: Failed to find INT IN ep
[   81.091822][ T5917] usb-storage 1-1:0.0: USB Mass Storage device detected
[   81.294868][    T9] usb 1-1: USB disconnect, device number 5
[   81.352775][ T1882] cfg80211: failed to load regulatory.db
[   81.855544][ T6466] netlink: 'syz.0.231': attribute type 10 has an invalid length.
[   81.869538][ T6466] bridge0: port 3(netdevsim0) entered blocking state
[   81.874090][ T6466] bridge0: port 3(netdevsim0) entered disabled state
[   81.878387][ T6466] netdevsim netdevsim0 netdevsim0: entered allmulticast mode
[   81.885502][ T6466] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[   82.128354][   T33] audit: type=1326 audit(1756759745.472:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6481 comm="syz.1.239" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f187b18ebe9 code=0x0
[   82.205201][ T1882] usb 3-1: USB disconnect, device number 3
[   82.344452][ T6474] loop0: detected capacity change from 0 to 40427
[   82.372553][ T6474] F2FS-fs (loop0): invalid crc value
[   82.373481][ T6492] loop2: detected capacity change from 0 to 2048
[   82.388131][ T6492] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[   82.398663][ T6492] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   82.453161][ T6474] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[   82.462737][ T6474] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   82.687302][    C0] vkms_vblank_simulate: vblank timer overrun
[   82.724561][ T6509] loop2: detected capacity change from 0 to 16
[   82.766978][ T6509] erofs (device loop2): mounted with root inode @ nid 36.
[   83.192925][ T6522] random: crng reseeded on system resumption
[   83.413217][    T9] IPVS: starting estimator thread 0...
[   83.416716][ T6527] warning: `syz.0.254' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   83.502627][ T6528] IPVS: using max 53 ests per chain, 127200 per kthread
[   83.686804][ T6532] loop0: detected capacity change from 0 to 32768
[   83.694597][ T6532] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.256 (6532)
[   83.703480][ T6532] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   83.709038][ T6532] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[   83.830871][ T6542] sp0: Synchronizing with TNC
[   83.893718][ T6532] BTRFS info (device loop0): enabling ssd optimizations
[   83.896897][ T6532] BTRFS info (device loop0): enabling free space tree
[   83.924433][ T5864] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   83.960240][ T6557] netlink: 'syz.2.261': attribute type 3 has an invalid length.
[   84.109059][ T6565] input: syz1 as /devices/virtual/input/input6
[   84.890912][ T6573] loop2: detected capacity change from 0 to 32768
[   84.895124][ T6573] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.267 (6573)
[   84.909797][ T6573] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[   84.914869][ T6573] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[   85.004853][ T6573] BTRFS info (device loop2): rebuilding free space tree
[   85.016795][ T6573] BTRFS info (device loop2): enabling ssd optimizations
[   85.027556][ T6573] BTRFS info (device loop2): turning on sync discard
[   85.035624][ T6573] BTRFS info (device loop2): enabling free space tree
[   85.042033][ T6573] BTRFS info (device loop2): force clearing of disk cache
[   85.045036][ T6573] BTRFS info (device loop2): enabling auto defrag
[   85.047555][ T6573] BTRFS info (device loop2): doing ref verification
[   85.050873][ T6573] BTRFS info (device loop2): max_inline set to 0
[   85.283208][ T6618] netlink: 212 bytes leftover after parsing attributes in process `syz.0.280'.
[   85.287037][ T6618] netlink: 'syz.0.280': attribute type 6 has an invalid length.
[   85.338796][ T5855] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[   85.977972][ T6654] Bluetooth: MGMT ver 1.23
[   86.373054][ T6657] pimreg: tun_chr_ioctl cmd 1074025676
[   86.375210][ T6657] pimreg: owner set to 60929
[   86.598645][ T6669] overlayfs: failed to clone upperpath
[   86.857924][ T6682] netlink: 'syz.2.307': attribute type 1 has an invalid length.
[   86.921992][ T6682] 8021q: adding VLAN 0 to HW filter on device bond1
[   86.933205][ T6682] vlan2: entered allmulticast mode
[   86.935030][ T6682] batadv0: entered allmulticast mode
[   86.938455][ T6682] bond1: (slave vlan2): making interface the new active one
[   86.946070][ T6682] bond1: (slave vlan2): Enslaving as an active interface with an up link
[   86.982357][ T6682] syz.2.307 (6682) used greatest stack depth: 19880 bytes left
[   87.271963][ T6705] netlink: 8 bytes leftover after parsing attributes in process `syz.1.317'.
[   87.362182][ T6712] capability: warning: `syz.1.320' uses deprecated v2 capabilities in a way that may be insecure
[   87.588811][ T6728] loop2: detected capacity change from 0 to 256
[   87.611242][ T6728] FAT-fs (loop2): Directory bread(block 64) failed
[   87.615575][ T6728] FAT-fs (loop2): Directory bread(block 65) failed
[   87.618379][ T6728] FAT-fs (loop2): Directory bread(block 66) failed
[   87.621120][ T6728] FAT-fs (loop2): Directory bread(block 67) failed
[   87.629238][ T6728] FAT-fs (loop2): Directory bread(block 68) failed
[   87.633799][ T6728] FAT-fs (loop2): Directory bread(block 69) failed
[   87.639778][ T6728] FAT-fs (loop2): Directory bread(block 70) failed
[   87.654880][ T6728] FAT-fs (loop2): Directory bread(block 71) failed
[   87.657988][ T6728] FAT-fs (loop2): Directory bread(block 72) failed
[   87.660797][ T6728] FAT-fs (loop2): Directory bread(block 73) failed
[   87.986107][ T5862] Bluetooth: hci0: command tx timeout
[   88.743146][ T6746] netlink: 8 bytes leftover after parsing attributes in process `syz.2.333'.
[   88.747356][ T6746] netlink: 8 bytes leftover after parsing attributes in process `syz.2.333'.
[   88.772503][ T6746] futex_wake_op: syz.2.333 tries to shift op by 32; fix this program
[   88.950701][ T6759] overlayfs: failed to resolve './file0': -2
[   89.033765][ T6763] overlayfs: failed to verify upper (89/file0, ino=471, err=-116)
[   89.037090][ T6763] overlayfs: failed to verify index dir 'upper' xattr
[   89.040302][ T6763] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index.
[   89.701592][ T5917] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[   89.851570][  T794] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[   89.861585][ T5917] usb 1-1: Using ep0 maxpacket: 16
[   89.867555][ T5917] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[   89.871881][ T5917] usb 1-1: config 0 interface 0 has no altsetting 0
[   89.875046][ T5917] usb 1-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00
[   89.879034][ T5917] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   89.897095][ T5917] usb 1-1: config 0 descriptor??
[   90.001460][  T794] usb 3-1: Using ep0 maxpacket: 32
[   90.008787][  T794] usb 3-1: New USB device found, idVendor=0545, idProduct=8080, bcdDevice= 0.01
[   90.012716][  T794] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   90.016398][  T794] usb 3-1: Product: syz
[   90.018157][  T794] usb 3-1: Manufacturer: syz
[   90.020069][  T794] usb 3-1: SerialNumber: syz
[   90.027418][  T794] usb 3-1: config 0 descriptor??
[   90.236681][  T794] usb 3-1: USB disconnect, device number 4
[   90.316055][ T5917] cougar 0003:060B:500A.0002: usage count exceeds max: fixing up report descriptor
[   90.320266][ T5917] cougar 0003:060B:500A.0002: unexpected long global item
[   90.323439][ T5917] cougar 0003:060B:500A.0002: parse failed
[   90.325665][ T5917] cougar 0003:060B:500A.0002: probe with driver cougar failed with error -22
[   90.509236][  T794] usb 1-1: USB disconnect, device number 6
[   90.986987][ T6824] loop2: detected capacity change from 0 to 4096
[   91.063791][ T6831] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   91.134571][   T33] audit: type=1326 audit(1756759754.482:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6837 comm="syz.1.377" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f187b18ebe9 code=0x7ffc0000
[   91.145252][   T33] audit: type=1326 audit(1756759754.482:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6837 comm="syz.1.377" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f187b18ebe9 code=0x7ffc0000
[   91.159497][   T33] audit: type=1326 audit(1756759754.492:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6837 comm="syz.1.377" exe="/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f187b18ebe9 code=0x7ffc0000
[   91.179197][   T33] audit: type=1326 audit(1756759754.492:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6837 comm="syz.1.377" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f187b18ebe9 code=0x7ffc0000
[   91.197391][   T33] audit: type=1326 audit(1756759754.492:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6837 comm="syz.1.377" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f187b18ebe9 code=0x7ffc0000
[   91.213315][   T33] audit: type=1326 audit(1756759754.502:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6837 comm="syz.1.377" exe="/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f187b18ebe9 code=0x7ffc0000
[   91.270422][ T6824] syz.2.371 (6824) used greatest stack depth: 19592 bytes left
[   91.380120][ T6856] netlink: 'syz.0.383': attribute type 12 has an invalid length.
[   91.390825][ T6856] netlink: 4 bytes leftover after parsing attributes in process `syz.0.383'.
[   91.426981][ T5884] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   91.427057][ T6856] netlink: 'syz.0.383': attribute type 12 has an invalid length.
[   91.438148][ T5884] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   91.444393][ T6856] netlink: 4 bytes leftover after parsing attributes in process `syz.0.383'.
[   91.453341][ T5884] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   91.458219][ T5884] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   91.530827][ T6861] netlink: 964 bytes leftover after parsing attributes in process `syz.0.384'.
[   91.907187][   T33] audit: type=1326 audit(1756759755.252:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6837 comm="syz.1.377" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f187b18ebe9 code=0x7ffc0000
[   91.955575][   T33] audit: type=1326 audit(1756759755.262:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6837 comm="syz.1.377" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f187b18ebe9 code=0x7ffc0000
[   92.257507][ T6889] netlink: 'syz.1.393': attribute type 10 has an invalid length.
[   92.269763][ T6889] 8021q: adding VLAN 0 to HW filter on device team0
[   92.279840][ T6889] bond0: (slave team0): Enslaving as an active interface with an up link
[   92.551549][  T794] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[   92.722237][  T794] usb 1-1: Using ep0 maxpacket: 32
[   92.728801][  T794] usb 1-1: config 0 has an invalid interface number: 85 but max is 0
[   92.735041][  T794] usb 1-1: config 0 has no interface number 0
[   92.738987][  T794] usb 1-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[   92.747170][  T794] usb 1-1: config 0 interface 85 has no altsetting 0
[   92.756581][  T794] usb 1-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[   92.766238][  T794] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   92.769774][  T794] usb 1-1: Product: syz
[   92.775090][  T794] usb 1-1: Manufacturer: syz
[   92.781537][  T794] usb 1-1: SerialNumber: syz
[   92.785959][  T794] usb 1-1: config 0 descriptor??
[   92.869870][ T6921] fuse: Bad value for 'fd'
[   93.003773][  T794] appletouch 1-1:0.85: Failed to read mode from device.
[   93.012819][  T794] appletouch 1-1:0.85: probe with driver appletouch failed with error -5
[   93.037798][  T794] usb 1-1: USB disconnect, device number 7
[   93.108141][ T6929] netlink: 'syz.1.413': attribute type 4 has an invalid length.
[   93.340050][ T6937] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[   93.343339][ T5917] IPVS: starting estimator thread 0...
[   93.442143][ T6939] IPVS: using max 52 ests per chain, 124800 per kthread
[   93.454243][ T6949] netlink: 1284 bytes leftover after parsing attributes in process `syz.1.422'.
[   93.512097][ T6953] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.424'.
[   94.117652][ T5917] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[   94.271682][ T5917] usb 3-1: Using ep0 maxpacket: 32
[   94.279232][ T5917] usb 3-1: config 0 has an invalid interface number: 89 but max is 0
[   94.283361][ T5917] usb 3-1: config 0 has no interface number 0
[   94.286703][ T5917] usb 3-1: config 0 interface 89 has no altsetting 0
[   94.301799][ T5917] usb 3-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[   94.305462][ T5917] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   94.308698][ T5917] usb 3-1: Product: syz
[   94.310618][ T5917] usb 3-1: Manufacturer: syz
[   94.313134][ T5917] usb 3-1: SerialNumber: syz
[   94.317394][ T5917] usb 3-1: config 0 descriptor??
[   94.330384][ T5917] em28xx 3-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[   94.336677][ T5917] em28xx 3-1:0.89: Video interface 89 found: bulk
[   94.434986][ T6987] fuse: Bad value for 'fd'
[   94.830526][ T7005] tmpfs: Bad value for 'mpol'
[   94.951561][ T5917] em28xx 3-1:0.89: unknown em28xx chip ID (0)
[   95.155031][ T7023] netlink: 'syz.0.457': attribute type 27 has an invalid length.
[   95.157639][ T7023] netlink: 'syz.0.457': attribute type 1 has an invalid length.
[   95.160810][ T7023] bridge0: port 1(bridge_slave_0) entered learning state
[   95.381439][ T5917] em28xx 3-1:0.89: AC97 command still being executed: not handled properly!
[   95.577444][ T5917] em28xx 3-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[   95.585697][ T5917] em28xx 3-1:0.89: board has no eeprom
[   95.641432][ T5917] em28xx 3-1:0.89: Identified as Terratec Grabby (card=67)
[   95.644572][ T5917] em28xx 3-1:0.89: analog set to bulk mode.
[   95.647919][ T1881] em28xx 3-1:0.89: Registering V4L2 extension
[   95.663736][ T5917] usb 3-1: USB disconnect, device number 5
[   95.667156][ T5917] em28xx 3-1:0.89: Disconnecting em28xx
[   95.687188][ T1881] em28xx 3-1:0.89: Config register raw data: 0xffffffed
[   95.690568][ T1881] em28xx 3-1:0.89: AC97 chip type couldn't be determined
[   95.695339][ T1881] em28xx 3-1:0.89: No AC97 audio processor
[   95.706455][ T1881] usb 3-1: Decoder not found
[   95.708507][ T1881] em28xx 3-1:0.89: failed to create media graph
[   95.713306][ T1881] em28xx 3-1:0.89: V4L2 device video103 deregistered
[   95.720447][ T1881] em28xx 3-1:0.89: Registering snapshot button...
[   95.727957][ T1881] input: em28xx snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.89/input/input8
[   95.736669][ T1881] em28xx 3-1:0.89: Remote control support is not available for this card.
[   95.740356][ T5917] em28xx 3-1:0.89: Closing input extension
[   95.743990][ T5917] em28xx 3-1:0.89: Deregistering snapshot button
[   95.773177][ T5917] em28xx 3-1:0.89: Freeing device
[   96.133480][ T7051] netlink: 32 bytes leftover after parsing attributes in process `syz.2.470'.
[   96.148608][ T7049] loop0: detected capacity change from 0 to 32768
[   96.205366][ T7049] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[   96.259342][ T5864] ocfs2: Unmounting device (7,0) on (node local)
[   96.754417][   T33] audit: type=1326 audit(1756759760.102:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7076 comm="syz.2.480" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f132118ebe9 code=0x0
[   96.877205][ T7083] loop2: detected capacity change from 0 to 2048
[   96.906624][ T6000] Alternate GPT is invalid, using primary GPT.
[   96.909429][ T6000]  loop2: p2 p3 p7
[   96.925831][ T7083] Alternate GPT is invalid, using primary GPT.
[   96.928708][ T7083]  loop2: p2 p3 p7
[   97.005904][ T6000] udevd[6000]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory
[   97.063497][ T6002] udevd[6002]: inotify_add_watch(7, /dev/loop2p7, 10) failed: No such file or directory
[   97.067933][ T5863] udevd[5863]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory
[   97.792503][  T794] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[   98.031724][  T794] usb 1-1: Using ep0 maxpacket: 32
[   98.056399][  T794] usb 1-1: config 0 has an invalid interface number: 51 but max is 0
[   98.117580][  T794] usb 1-1: config 0 has no interface number 0
[   98.225505][  T794] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[   98.283233][  T794] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   98.286771][  T794] usb 1-1: Product: syz
[   98.288606][  T794] usb 1-1: Manufacturer: syz
[   98.290663][  T794] usb 1-1: SerialNumber: syz
[   98.297756][  T794] usb 1-1: config 0 descriptor??
[   98.306790][  T794] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[   98.389589][ T7111] Device name not specified.
[   98.389589][ T7111] 
[   98.510530][  T794] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[   98.523427][  T794] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[   98.907982][    C0] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71
[   98.910642][ T1881] usb 1-1: USB disconnect, device number 8
[   98.925360][ T1881] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[   98.940070][ T1881] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[   98.946763][ T1881] quatech2 1-1:0.51: device disconnected
[   99.065186][ T7129] delete_channel: no stack
[   99.907603][ T7142] loop0: detected capacity change from 0 to 32768
[   99.935590][ T7142] XFS (loop0): DAX unsupported by block device. Turning off DAX.
[   99.950024][ T7142] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[   99.996209][ T7142] XFS (loop0): Ending clean mount
[  100.008558][ T7142] XFS (loop0): Quotacheck needed: Please wait.
[  100.030985][ T7142] XFS (loop0): Quotacheck: Done.
[  100.069517][ T5864] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  100.649159][ T7177] overlayfs: failed to clone upperpath
[  100.710596][ T7181] loop0: detected capacity change from 0 to 764
[  100.722760][ T7183] kernel read not supported for file /   (pid: 7183 comm: syz.1.518)
[  100.746494][   T33] audit: type=1800 audit(1756759764.072:18): pid=7183 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.518" name=200120 dev="mqueue" ino=10131 res=0 errno=0
[  100.760943][ T7181] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  101.617286][ T7209] loop9: detected capacity change from 0 to 7
[  101.623680][ T7209] Buffer I/O error on dev loop9, logical block 0, async page read
[  101.627043][ T7209] Buffer I/O error on dev loop9, logical block 0, async page read
[  101.630368][ T7209] Buffer I/O error on dev loop9, logical block 0, async page read
[  101.636065][ T7209] Buffer I/O error on dev loop9, logical block 0, async page read
[  101.640867][ T7209] Buffer I/O error on dev loop9, logical block 0, async page read
[  101.644454][ T7209] Buffer I/O error on dev loop9, logical block 0, async page read
[  101.648404][ T7209] Buffer I/O error on dev loop9, logical block 0, async page read
[  101.653914][ T7209] ldm_validate_partition_table(): Disk read failed.
[  101.656711][ T7209] Buffer I/O error on dev loop9, logical block 0, async page read
[  101.660258][ T7209] Buffer I/O error on dev loop9, logical block 0, async page read
[  101.665018][ T7209] Buffer I/O error on dev loop9, logical block 0, async page read
[  101.668446][ T7209] Dev loop9: unable to read RDB block 0
[  101.670998][ T7209]  loop9: unable to read partition table
[  101.674046][ T7209] loop9: partition table beyond EOD, truncated
[  101.676741][ T7209] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ
[  101.676741][ T7209] ) failed (rc=-5)
[  102.053652][ T5917] usb 3-1: new low-speed USB device number 6 using dummy_hcd
[  102.083724][ T7232] netlink: 'syz.1.539': attribute type 12 has an invalid length.
[  102.087942][ T7232] netlink: 9472 bytes leftover after parsing attributes in process `syz.1.539'.
[  102.216545][ T5917] usb 3-1: config index 0 descriptor too short (expected 1307, got 27)
[  102.219671][ T5917] usb 3-1: config 0 has an invalid interface number: 0 but max is -1
[  102.223003][ T5917] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 0
[  102.226064][ T5917] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30
[  102.229900][ T5917] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  102.235005][ T5917] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  102.238484][ T5917] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246
[  102.246952][ T5917] usb 3-1: string descriptor 0 read error: -22
[  102.249410][ T5917] usb 3-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de
[  102.255235][ T5917] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  102.260123][ T5917] usb 3-1: config 0 descriptor??
[  102.266915][ T5917] hub 3-1:0.0: bad descriptor, ignoring hub
[  102.271580][ T5917] hub 3-1:0.0: probe with driver hub failed with error -5
[  102.279288][ T5917] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input9
[  102.477240][ T5917] usb 3-1: USB disconnect, device number 6
[  103.532433][ T7249] loop0: detected capacity change from 0 to 32768
[  103.537312][ T7249] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.546 (7249)
[  103.562813][ T7249] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  103.571215][ T7249] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[  103.651042][ T7249] BTRFS info (device loop0): enabling free space tree
[  103.657817][ T7274] netlink: 'syz.1.555': attribute type 10 has an invalid length.
[  103.675478][ T7274] netlink: 40 bytes leftover after parsing attributes in process `syz.1.555'.
[  103.704992][ T7274] team0: Port device geneve0 added
[  103.749477][ T5864] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  103.784238][ T7274] syz.1.555 (7274) used greatest stack depth: 19584 bytes left
[  103.989524][ T7299] netlink: 8 bytes leftover after parsing attributes in process `syz.1.562'.
[  103.995591][ T7299] netlink: 12 bytes leftover after parsing attributes in process `syz.1.562'.
[  104.054999][ T7303] loop2: detected capacity change from 0 to 16
[  104.060325][ T7303] erofs (device loop2): mounted with root inode @ nid 36.
[  104.073276][ T7303] syz.2.564: attempt to access beyond end of device
[  104.073276][ T7303] loop2: rw=524288, sector=7864328, nr_sectors = 8 limit=16
[  104.086665][ T7303] syz.2.564: attempt to access beyond end of device
[  104.086665][ T7303] loop2: rw=0, sector=7864328, nr_sectors = 8 limit=16
[  104.098002][ T7306] libceph: resolve '0..' (ret=-3): failed
[  104.105934][ T7303] erofs (device loop2): read error -5 @ 0 of nid 89
[  104.112575][   T33] audit: type=1800 audit(1756759767.462:19): pid=7303 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.564" name="file3" dev="loop2" ino=89 res=0 errno=0
[  104.434266][ T7321] sctp: [Deprecated]: syz.0.572 (pid 7321) Use of int in max_burst socket option deprecated.
[  104.434266][ T7321] Use struct sctp_assoc_value instead
[  105.515207][ T7361] loop2: detected capacity change from 0 to 40427
[  105.519365][ T7361] F2FS-fs (loop2): build fault injection rate: 14
[  105.524042][ T7361] F2FS-fs (loop2): build fault injection type: 0x3bfe8c
[  105.531110][ T7361] F2FS-fs (loop2): invalid crc value
[  105.537953][    C0] F2FS-fs (loop2): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  105.551012][    C0] F2FS-fs (loop2): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  105.602942][ T7361] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  105.606474][ T7361] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0
[  105.615279][ T7361] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  105.637748][ T7361] F2FS-fs (loop2): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  105.646413][ T7361] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_folio of f2fs_convert_inline_inode+0x6bd/0x880
[  105.672138][ T5855] syz-executor: attempt to access beyond end of device
[  105.672138][ T5855] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  105.680620][ T5855] CPU: 1 UID: 0 PID: 5855 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  105.680637][ T5855] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  105.680644][ T5855] Call Trace:
[  105.680649][ T5855]  <TASK>
[  105.680655][ T5855]  dump_stack_lvl+0x189/0x250
[  105.680676][ T5855]  ? __pfx_dump_stack_lvl+0x10/0x10
[  105.680690][ T5855]  ? __pfx_queue_work_on+0x10/0x10
[  105.680703][ T5855]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  105.680718][ T5855]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  105.680741][ T5855]  f2fs_handle_critical_error+0x37c/0x540
[  105.680764][ T5855]  f2fs_write_end_io+0x886/0xb60
[  105.680788][ T5855]  __submit_merged_bio+0x27a/0x6a0
[  105.680809][ T5855]  __submit_merged_write_cond+0x255/0x530
[  105.680863][ T5855]  f2fs_write_data_pages+0x261d/0x3000
[  105.680905][ T5855]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  105.680972][ T5855]  ? __lock_acquire+0xab9/0xd20
[  105.680996][ T5855]  ? do_raw_spin_lock+0x121/0x290
[  105.681017][ T5855]  ? do_raw_spin_unlock+0x4d/0x240
[  105.681031][ T5855]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  105.681049][ T5855]  do_writepages+0x32e/0x550
[  105.681074][ T5855]  ? do_raw_spin_unlock+0x4d/0x240
[  105.681091][ T5855]  filemap_fdatawrite+0x199/0x240
[  105.681107][ T5855]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  105.681162][ T5855]  ? do_raw_spin_unlock+0x4d/0x240
[  105.681179][ T5855]  f2fs_sync_dirty_inodes+0x31f/0x830
[  105.681202][ T5855]  f2fs_write_checkpoint+0x95a/0x1df0
[  105.681231][ T5855]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  105.681276][ T5855]  ? kill_f2fs_super+0x298/0x6c0
[  105.681291][ T5855]  kill_f2fs_super+0x2c3/0x6c0
[  105.681306][ T5855]  ? __pfx_kill_f2fs_super+0x10/0x10
[  105.681337][ T5855]  ? radix_tree_delete_item+0x2b6/0x400
[  105.681360][ T5855]  ? shrinker_free+0x2ce/0x3e0
[  105.681374][ T5855]  deactivate_locked_super+0xbc/0x130
[  105.681389][ T5855]  cleanup_mnt+0x425/0x4c0
[  105.681402][ T5855]  ? lockdep_hardirqs_on+0x9c/0x150
[  105.681421][ T5855]  task_work_run+0x1d4/0x260
[  105.681439][ T5855]  ? __pfx_task_work_run+0x10/0x10
[  105.681452][ T5855]  ? __x64_sys_umount+0x122/0x160
[  105.681470][ T5855]  ? exit_to_user_mode_loop+0x40/0x110
[  105.681490][ T5855]  exit_to_user_mode_loop+0xec/0x110
[  105.681506][ T5855]  do_syscall_64+0x2bd/0x3b0
[  105.681516][ T5855]  ? lockdep_hardirqs_on+0x9c/0x150
[  105.681531][ T5855]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.681543][ T5855]  ? exc_page_fault+0x9f/0xf0
[  105.681560][ T5855]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.681571][ T5855] RIP: 0033:0x7f132118ff17
[  105.681583][ T5855] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  105.681592][ T5855] RSP: 002b:00007ffe9671a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  105.681605][ T5855] RAX: 0000000000000000 RBX: 00007f1321211c05 RCX: 00007f132118ff17
[  105.681613][ T5855] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe9671a0f0
[  105.681619][ T5855] RBP: 00007ffe9671a0f0 R08: 0000000000000000 R09: 0000000000000000
[  105.681626][ T5855] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe9671b180
[  105.681633][ T5855] R13: 00007f1321211c05 R14: 0000000000019c47 R15: 00007ffe9671b1c0
[  105.681653][ T5855]  </TASK>
[  105.812997][ T5855] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  107.331538][ T1881] usb 1-1: new full-speed USB device number 9 using dummy_hcd
[  107.373363][ T7410] overlayfs: overlay with incompat feature 'volatile' cannot be mounted
[  107.487996][ T1881] usb 1-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[  107.499122][ T1881] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  107.505340][ T1881] usb 1-1: config 0 descriptor??
[  107.510100][ T1881] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[  107.628348][ T7434] loop2: detected capacity change from 0 to 2048
[  107.640332][ T7434] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  107.767039][ T1881] gp8psk: usb in 128 operation failed.
[  108.062579][ T1881] gp8psk: usb in 146 operation failed.
[  108.073655][ T1881] gp8psk: failed to get FW version
[  108.100388][ T1881] gp8psk: usb in 149 operation failed.
[  108.114627][ T1881] gp8psk: failed to get FPGA version
[  108.318706][ T1881] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  108.322987][ T1881] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19)
[  108.775187][ T5917] usb 1-1: USB disconnect, device number 9
[  109.009261][ T7454] netlink: 24 bytes leftover after parsing attributes in process `syz.2.632'.
[  109.901583][  T794] usb 3-1: new full-speed USB device number 7 using dummy_hcd
[  110.062511][  T794] usb 3-1: not running at top speed; connect to a high speed hub
[  110.067659][  T794] usb 3-1: config 95 has an invalid interface number: 1 but max is 0
[  110.070593][  T794] usb 3-1: config 95 has no interface number 0
[  110.073622][  T794] usb 3-1: config 95 interface 1 has no altsetting 0
[  110.078314][  T794] usb 3-1: New USB device found, idVendor=0763, idProduct=2031, bcdDevice=ad.3f
[  110.081404][  T794] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  110.084326][  T794] usb 3-1: Product: syz
[  110.086170][  T794] usb 3-1: Manufacturer: syz
[  110.088340][  T794] usb 3-1: SerialNumber: syz
[  110.185309][ T7487] netlink: 8 bytes leftover after parsing attributes in process `syz.1.647'.
[  110.386045][  T794] usb 3-1: USB disconnect, device number 7
[  110.525741][ T6000] udevd[6000]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:95.1/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  110.712057][ T7506] loop0: detected capacity change from 0 to 512
[  110.715485][ T7506] EXT4-fs: Ignoring removed i_version option
[  110.737706][ T7506] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  110.787563][ T5864] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  111.008936][ T7518] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  111.075359][ T1881] usb 1-1: new full-speed USB device number 10 using dummy_hcd
[  111.104261][ T7524] netlink: 20 bytes leftover after parsing attributes in process `syz.2.664'.
[  111.254562][ T1881] usb 1-1: config 36 interface 0 altsetting 0 has an endpoint descriptor with address 0x47, changing to 0x7
[  111.259161][ T1881] usb 1-1: config 36 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 0, changing to 10
[  111.265278][ T1881] usb 1-1: config 36 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  111.274060][ T1881] usb 1-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29
[  111.278016][ T1881] usb 1-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16
[  111.282206][ T1881] usb 1-1: Manufacturer: syz
[  111.284207][ T1881] usb 1-1: SerialNumber: syz
[  111.532020][ T1881] usbhid 1-1:36.0: couldn't find an input interrupt endpoint
[  111.547975][ T1881] usb 1-1: USB disconnect, device number 10
[  111.705567][ T7540] netlink: 'syz.1.671': attribute type 5 has an invalid length.
[  112.139224][   T33] audit: type=1326 audit(1756759775.482:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7558 comm="syz.1.679" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f187b18ebe9 code=0x7ffc0000
[  112.149973][   T33] audit: type=1326 audit(1756759775.482:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7558 comm="syz.1.679" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f187b18ebe9 code=0x7ffc0000
[  112.161229][   T33] audit: type=1326 audit(1756759775.492:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7558 comm="syz.1.679" exe="/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f187b18ebe9 code=0x7ffc0000
[  112.178899][   T33] audit: type=1326 audit(1756759775.492:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7558 comm="syz.1.679" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f187b18ebe9 code=0x7ffc0000
[  112.185500][ T7562] loop2: detected capacity change from 0 to 512
[  112.199838][   T33] audit: type=1326 audit(1756759775.492:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7558 comm="syz.1.679" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f187b18ebe9 code=0x7ffc0000
[  112.199847][ T7562] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  112.216511][   T33] audit: type=1326 audit(1756759775.522:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7558 comm="syz.1.679" exe="/syz-executor" sig=0 arch=c000003e syscall=280 compat=0 ip=0x7f187b18ebe9 code=0x7ffc0000
[  112.226719][ T7566] netlink: 52 bytes leftover after parsing attributes in process `syz.1.683'.
[  112.245567][   T33] audit: type=1326 audit(1756759775.522:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7558 comm="syz.1.679" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f187b18ebe9 code=0x7ffc0000
[  112.246721][ T7562] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  112.254850][   T33] audit: type=1326 audit(1756759775.522:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7558 comm="syz.1.679" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f187b18ebe9 code=0x7ffc0000
[  112.302149][ T7562] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 3: comm syz.2.681: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=12, inode=514, rec_len=0, size=2048 fake=0
[  112.311183][ T7572] netlink: 'syz.1.686': attribute type 1 has an invalid length.
[  112.318572][ T7562] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 12: comm syz.2.681: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0
[  112.333811][ T7562] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 13: comm syz.2.681: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0
[  112.342983][ T7562] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 14: comm syz.2.681: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  112.353020][ T7562] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 15: comm syz.2.681: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[  112.372476][ T7579] loop0: detected capacity change from 0 to 128
[  112.375716][ T7579] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  112.381456][ T7562] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 16: comm syz.2.681: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0
[  112.389280][ T7562] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 17: comm syz.2.681: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  112.396940][ T7579] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  112.408195][ T7562] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #2: block 18: comm syz.2.681: lblock 23 mapped to illegal pblock 18 (length 1)
[  112.420405][ T1092] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  112.421084][ T7562] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 19: comm syz.2.681: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[  112.433853][ T7562] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 20: comm syz.2.681: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=2048 fake=0
[  112.553854][ T7583] loop0: detected capacity change from 0 to 4096
[  112.749114][ T7593] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  113.077276][ T5855] EXT4-fs warning (device loop2): ext4_update_dynamic_rev:1128: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  113.088987][ T5855] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  113.157212][ T7611] loop2: detected capacity change from 0 to 8
[  113.162610][ T7611] MTD: Attempt to mount non-MTD device "/dev/loop2"
[  113.352032][ T7622] netlink: 16 bytes leftover after parsing attributes in process `syz.0.708'.
[  113.469962][ T7625] cramfs: Error -3 while decompressing!
[  113.472698][ T7625] cramfs: ffffffff99bef668(26)->ffff88802bebf000(4096)
[  113.475820][ T7625] cramfs: Error -3 while decompressing!
[  113.478259][ T7625] cramfs: ffffffff99bef682(26)->ffff88802bebe000(4096)
[  113.481460][ T7625] cramfs: Error -3 while decompressing!
[  113.483961][ T7625] cramfs: ffffffff99bef69c(16)->ffff88802bebd000(4096)
[  113.487122][ T7625] cramfs: Error -3 while decompressing!
[  113.489510][ T7625] cramfs: ffffffff99bef668(26)->ffff88802bebf000(4096)
[  113.600852][ T7626] netlink: 18316 bytes leftover after parsing attributes in process `syz.0.709'.
[  114.701468][   T33] audit: type=1326 audit(1756759778.042:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7656 comm="syz.1.723" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f187b18ebe9 code=0x7fc00000
[  114.712437][   T33] audit: type=1326 audit(1756759778.052:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7656 comm="syz.1.723" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f187b18ebe9 code=0x7fc00000
[  115.375046][ T7672] netlink: 'syz.2.728': attribute type 4 has an invalid length.
[  115.404035][ T7672] netlink: 'syz.2.728': attribute type 4 has an invalid length.
[  115.457385][ T7676] loop2: detected capacity change from 0 to 256
[  116.021436][ T5904] usb 1-1: new full-speed USB device number 11 using dummy_hcd
[  116.174002][ T5904] usb 1-1: not running at top speed; connect to a high speed hub
[  116.178554][ T5904] usb 1-1: config 2 has an invalid interface number: 33 but max is 0
[  116.182990][ T5904] usb 1-1: config 2 has no interface number 0
[  116.185571][ T5904] usb 1-1: config 2 interface 33 has no altsetting 0
[  116.190547][ T5904] usb 1-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.02
[  116.196395][ T5904] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  116.199946][ T5904] usb 1-1: Product: syz
[  116.202932][ T5904] usb 1-1: Manufacturer: syz
[  116.205555][ T5904] usb 1-1: SerialNumber: syz
[  116.425230][ T5904] go7007 1-1:2.33: probe with driver go7007 failed with error -12
[  116.433230][ T5904] usb 1-1: USB disconnect, device number 11
[  117.241979][ T7761] tipc: Trying to set illegal importance in message
[  117.367028][ T7765] netlink: 8 bytes leftover after parsing attributes in process `syz.1.771'.
[  117.380110][ T7765] netlink: 36 bytes leftover after parsing attributes in process `syz.1.771'.
[  117.473597][ T7772] netlink: 'syz.0.774': attribute type 13 has an invalid length.
[  117.524195][ T7774] loop0: detected capacity change from 0 to 1024
[  117.589020][   T26] hfsplus: b-tree write err: -5, ino 4
[  117.663030][ T7780] netlink: 8 bytes leftover after parsing attributes in process `syz.0.778'.
[  117.777451][ T7787] hugetlbfs: syz.2.781 (7787): Using mlock ulimits for SHM_HUGETLB is obsolete
[  118.506926][ T7797] openvswitch: netlink: Actions may not be safe on all matching packets
[  118.793713][ T7811] netlink: 20 bytes leftover after parsing attributes in process `syz.1.792'.
[  119.656036][ T7793] loop0: detected capacity change from 0 to 262144
[  119.662283][ T7793] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.783 (7793)
[  119.733628][ T7793] BTRFS info (device loop0): first mount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  119.737982][ T7793] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm
[  119.870985][ T7793] BTRFS info (device loop0): enabling ssd optimizations
[  119.874123][ T7793] BTRFS info (device loop0): using spread ssd allocation scheme
[  119.877208][ T7793] BTRFS info (device loop0): enabling free space tree
[  119.915038][ T7793] BTRFS info (device loop0): setting compat-ro feature flag for VERITY (0x4)
[  120.010632][ T5864] BTRFS info (device loop0): last unmount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  120.411695][ T1880] usb 1-1: new full-speed USB device number 12 using dummy_hcd
[  120.592737][ T1880] usb 1-1: New USB device found, idVendor=08ca, idProduct=0010, bcdDevice=90.d6
[  120.596422][ T1880] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  120.599683][ T1880] usb 1-1: Product: syz
[  120.608918][ T1880] usb 1-1: Manufacturer: syz
[  120.610953][ T1880] usb 1-1: SerialNumber: syz
[  120.623915][ T1880] usb 1-1: config 0 descriptor??
[  120.629003][ T1880] aiptek 1-1:0.0: interface has no int in endpoints, but must have minimum 1
[  120.832432][  T794] usb 1-1: USB disconnect, device number 12
[  121.680498][ T7867] netlink: 120 bytes leftover after parsing attributes in process `syz.2.809'.
[  121.703398][ T7867] netlink: 120 bytes leftover after parsing attributes in process `syz.2.809'.
[  121.844144][ T7874] netlink: 360 bytes leftover after parsing attributes in process `syz.2.812'.
[  121.934366][ T7879] netlink: 8 bytes leftover after parsing attributes in process `syz.2.814'.
[  122.048554][ T7884] loop2: detected capacity change from 0 to 128
[  122.287932][ T7897] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes.
[  122.659690][ T7908] netlink: 316 bytes leftover after parsing attributes in process `syz.2.825'.
[  123.812821][ T7930] evm: overlay not supported
[  123.879291][ T7936] netlink: 20 bytes leftover after parsing attributes in process `syz.0.837'.
[  124.385570][ T7974] netlink: 4 bytes leftover after parsing attributes in process `syz.0.856'.
[  124.389953][ T7975] bond0: option arp_interval: invalid value (18446744071880835072)
[  124.396768][ T7975] bond0: option arp_interval: allowed values 0 - 2147483647
[  124.997079][ T7999] loop0: detected capacity change from 0 to 32768
[  125.029829][ T8005] mac80211_hwsim hwsim4 wlan0: entered promiscuous mode
[  125.042181][ T7999] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  125.062439][ T8005] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[  125.120419][ T7999] XFS (loop0): Ending clean mount
[  125.127782][ T7999] XFS (loop0): Quotacheck needed: Please wait.
[  125.173641][ T7999] XFS (loop0): Quotacheck: Done.
[  125.326891][ T5864] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  125.350000][ T8027] ALSA: mixer_oss: invalid OSS volume 'LI'
[  125.404962][ T8030] netlink: 'syz.2.879': attribute type 1 has an invalid length.
[  125.594858][ T8040] netlink: 172 bytes leftover after parsing attributes in process `syz.2.883'.
[  125.611773][ T8040] netlink: 16 bytes leftover after parsing attributes in process `syz.2.883'.
[  125.681122][ T8043] loop0: detected capacity change from 0 to 256
[  125.706295][ T8043] FAT-fs (loop0): Directory bread(block 64) failed
[  125.710172][ T8043] FAT-fs (loop0): Directory bread(block 65) failed
[  125.722736][ T8043] FAT-fs (loop0): Directory bread(block 66) failed
[  125.727430][ T8043] FAT-fs (loop0): Directory bread(block 67) failed
[  125.736944][ T8043] FAT-fs (loop0): Directory bread(block 68) failed
[  125.742628][ T8043] FAT-fs (loop0): Directory bread(block 69) failed
[  125.748472][ T8043] FAT-fs (loop0): Directory bread(block 70) failed
[  125.753599][ T8043] FAT-fs (loop0): Directory bread(block 71) failed
[  125.760436][ T8046] loop2: detected capacity change from 0 to 1024
[  125.763320][ T8043] FAT-fs (loop0): Directory bread(block 72) failed
[  125.766203][ T8043] FAT-fs (loop0): Directory bread(block 73) failed
[  125.770966][ T8046] EXT4-fs: Ignoring removed oldalloc option
[  125.785348][ T8046] EXT4-fs (loop2): stripe (3) is not aligned with cluster size (16), stripe is disabled
[  125.811604][ T8046] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  126.119990][ T5855] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  126.860390][ T8061] netlink: 'syz.1.889': attribute type 4 has an invalid length.
[  127.338217][ T8080] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  127.435436][ T8082] loop0: detected capacity change from 0 to 4096
[  127.443853][ T8082] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512).
[  127.841433][ T1880] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  128.081535][ T1880] usb 3-1: Using ep0 maxpacket: 32
[  128.095216][ T8097] loop0: detected capacity change from 0 to 40427
[  128.117519][ T1880] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  128.129533][ T1880] usb 3-1: New USB device found, idVendor=108c, idProduct=0169, bcdDevice=75.b9
[  128.133768][ T1880] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  128.137389][ T1880] usb 3-1: Product: syz
[  128.139256][ T1880] usb 3-1: Manufacturer: syz
[  128.141288][ T1880] usb 3-1: SerialNumber: syz
[  128.195807][ T1880] usb 3-1: config 0 descriptor??
[  128.202034][ T8097] F2FS-fs (loop0): build fault injection rate: 26
[  128.204868][ T8097] F2FS-fs (loop0): build fault injection type: 0xeffa
[  128.237575][ T8097] F2FS-fs (loop0): invalid crc value
[  128.296774][ T8097] F2FS-fs (loop0): inject kvmalloc in f2fs_kvmalloc of f2fs_build_segment_manager+0x3227/0x49f0
[  128.303525][ T5862] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  128.307240][ T5862] Bluetooth: hci2: Injecting HCI hardware error event
[  128.310989][ T5862] Bluetooth: hci2: hardware error 0x00
[  128.346716][ T8097] F2FS-fs (loop0): Failed to initialize F2FS segment manager (-12)
[  128.348576][ T1880] etas_es58x 3-1:0.0: Starting syz syz (Serial Number syz)
[  128.528426][ T8111] netlink: 'syz.1.909': attribute type 4 has an invalid length.
[  128.534946][ T8111] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.909'.
[  128.556419][    T9] usb 3-1: USB disconnect, device number 8
[  128.566100][ T8113] netlink: 'syz.1.910': attribute type 3 has an invalid length.
[  128.614476][ T8117] overlay: ./cgroup is not a directory
[  128.670091][ T8121] netlink: 40 bytes leftover after parsing attributes in process `syz.1.914'.
[  128.682396][ T8121] netlink: 40 bytes leftover after parsing attributes in process `syz.1.914'.
[  128.687398][ T8121] netlink: 21 bytes leftover after parsing attributes in process `syz.1.914'.
[  128.995964][ T8150] netlink: 8 bytes leftover after parsing attributes in process `syz.1.929'.
[  129.431556][    T9] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  129.603538][    T9] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  129.607917][    T9] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 62976, setting to 1024
[  129.613147][    T9] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  129.619258][    T9] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  129.622566][    T9] usb 1-1: New USB device strings: Mfr=1, Product=130, SerialNumber=3
[  129.625340][    T9] usb 1-1: Product: syz
[  129.626851][    T9] usb 1-1: Manufacturer: syz
[  129.628541][    T9] usb 1-1: SerialNumber: syz
[  129.638417][    T9] cdc_mbim 1-1:1.0: skipping garbage
[  129.673801][ T8170] fuse: Unknown parameter '00000000000000000008'
[  129.835876][ T8168] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  129.927352][ T8188] netlink: 'syz.1.947': attribute type 2 has an invalid length.
[  129.930825][ T8188] netlink: 20 bytes leftover after parsing attributes in process `syz.1.947'.
[  130.095581][ T8204] gretap0: entered promiscuous mode
[  130.097621][ T8204] vlan3: entered promiscuous mode
[  130.381487][ T5862] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  130.442160][ T8168] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  130.646458][    T9] cdc_mbim 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[  130.649282][    T9] cdc_mbim 1-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[  130.654555][    T9] cdc_mbim 1-1:1.0: setting rx_max = 2048
[  130.850249][    T9] cdc_mbim 1-1:1.0: setting tx_max = 184
[  130.869670][    T9] cdc_ncm 1-1:1.1: probe with driver cdc_ncm failed with error -71
[  130.884937][    T9] cdc_mbim 1-1:1.1: probe with driver cdc_mbim failed with error -71
[  130.897934][    T9] usbtest 1-1:1.1: probe with driver usbtest failed with error -71
[  130.921739][    T9] usb 1-1: USB disconnect, device number 13
[  130.959905][ T8223] netlink: 12 bytes leftover after parsing attributes in process `syz.1.964'.
[  130.963285][ T8223] netlink: 12 bytes leftover after parsing attributes in process `syz.1.964'.
[  130.966301][ T8223] netlink: 32 bytes leftover after parsing attributes in process `syz.1.964'.
[  131.101652][ T5862] Bluetooth: hci1: command tx timeout
[  131.331821][ T8245] syz_tun: entered allmulticast mode
[  131.340718][ T8245] pimreg: entered allmulticast mode
[  131.348961][ T8244] syz_tun: left allmulticast mode
[  131.441462][ T1882] usb 3-1: new full-speed USB device number 9 using dummy_hcd
[  131.600879][ T1882] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  131.609751][ T1882] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22
[  131.621155][ T1882] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  131.629150][ T1882] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  131.635151][ T1882] usb 3-1: SerialNumber: syz
[  131.852494][ T1882] usb 3-1: USB disconnect, device number 9
[  131.960414][ T8266] netlink: 'syz.1.985': attribute type 1 has an invalid length.
[  131.964214][ T8266] netlink: 'syz.1.985': attribute type 1 has an invalid length.
[  132.169343][ T8278] netlink: 4 bytes leftover after parsing attributes in process `syz.1.991'.
[  132.185130][ T8278] ipvlan2: entered promiscuous mode
[  132.444070][ T8286] loop0: detected capacity change from 0 to 2048
[  132.456516][ T8286] EXT4-fs: Ignoring removed nobh option
[  132.491048][ T8286] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  132.500201][ T8286] ext4 filesystem being mounted at /253/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  132.515951][   T33] kauditd_printk_skb: 1 callbacks suppressed
[  132.515964][   T33] audit: type=1800 audit(1756759795.862:31): pid=8286 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.997" name="file0" dev="loop0" ino=13 res=0 errno=0
[  132.560998][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[  132.565863][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[  133.176011][ T8303] loop2: detected capacity change from 0 to 32768
[  133.203302][ T8303] 
[  133.203302][ T8303]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  133.203302][ T8303] 
[  133.230613][ T5855] 
[  133.230613][ T5855]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  133.230613][ T5855] 
[  133.238471][ T5855] 
[  133.238471][ T5855]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  133.238471][ T5855] 
[  133.397776][ T8313] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  133.695819][ T8317] __nla_validate_parse: 1 callbacks suppressed
[  133.695832][ T8317] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1008'.
[  133.701861][    T9] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  133.795182][ T8317] bridge0: port 2(bridge_slave_1) entered disabled state
[  133.804045][ T8317] bridge_slave_1: left allmulticast mode
[  133.806453][ T8317] bridge_slave_1: left promiscuous mode
[  133.809168][ T8317] bridge0: port 2(bridge_slave_1) entered disabled state
[  133.853427][    T9] usb 3-1: config 0 has an invalid interface number: 120 but max is 0
[  133.856463][    T9] usb 3-1: config 0 has no interface number 0
[  133.863880][ T5864] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  133.867829][    T9] usb 3-1: config 0 interface 120 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  133.877494][    T9] usb 3-1: config 0 interface 120 altsetting 0 endpoint 0x8F has an invalid bInterval 52, changing to 9
[  133.881303][    T9] usb 3-1: config 0 interface 120 altsetting 0 endpoint 0x8F has invalid maxpacket 8241, setting to 1024
[  133.891442][    T9] usb 3-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58
[  133.899622][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  133.912921][    T9] usb 3-1: config 0 descriptor??
[  133.940437][ T8322] netlink: 'syz.0.1009': attribute type 1 has an invalid length.
[  133.955726][    T9] input: USB Touchscreen 16e3:f9e9 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.120/input/input13
[  134.125359][    T9] usb 3-1: USB disconnect, device number 10
[  134.159529][ T8330] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  134.243510][ T8334] loop0: detected capacity change from 0 to 4096
[  134.247305][ T8334] EXT4-fs: Conflicting test_dummy_encryption options
[  134.564810][ T8358] bridge0: port 2(bridge_slave_1) entered disabled state
[  134.567469][ T8358] bridge0: port 1(bridge_slave_0) entered disabled state
[  134.609873][ T8358] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  134.617785][ T8358] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  134.743499][ T8368] 9pnet: p9_errstr2errno: server reported unknown error @΂00000000000000000005
[  134.754017][ T5884] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  134.762181][ T5884] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  134.773331][ T5884] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  134.776373][ T5884] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  134.779563][ T5884] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  134.812156][ T5884] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  134.815067][ T5884] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  134.818087][ T5884] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  135.151471][ T1880] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  135.301476][ T1880] usb 1-1: Using ep0 maxpacket: 16
[  135.304593][ T1880] usb 1-1: too many configurations: 112, using maximum allowed: 8
[  135.318151][ T1880] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  135.322206][ T1880] usb 1-1: New USB device strings: Mfr=144, Product=246, SerialNumber=0
[  135.325729][ T1880] usb 1-1: Product: syz
[  135.327601][ T1880] usb 1-1: Manufacturer: syz
[  135.337586][ T1880] r8152-cfgselector 1-1: Unknown version 0x0000
[  135.340294][ T1880] r8152-cfgselector 1-1: config 0 descriptor??
[  135.562768][ T1880] r8152-cfgselector 1-1: bad CDC descriptors
[  135.569769][ T1880] r8152-cfgselector 1-1: USB disconnect, device number 14
[  135.769952][ T8400] block nbd2: Attempted send on invalid socket
[  135.776984][ T8400] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  135.856696][ T8402] loop2: detected capacity change from 0 to 4096
[  135.873620][ T8402] ntfs3(loop2): Failed to initialize $Secure (-22).
[  135.929968][ T8408] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1051'.
[  135.964640][ T8410] Illegal XDP return value 8 on prog  (id 89) dev N/A, expect packet loss!
[  136.007907][ T8412] IPVS: Scheduler module ip_vs_ not found
[  136.139724][ T8423] loop2: detected capacity change from 0 to 4096
[  136.159828][ T8423] ntfs3(loop2): Failed to initialize $Extend/$ObjId.
[  136.187516][ T8423] ntfs3(loop2): ino=1e, "file1" attr_set_size
[  136.189958][ T8421] ntfs3(loop2): ino=1e, "file1" attr_set_size
[  136.307680][ T8430] netlink: 'syz.0.1062': attribute type 1 has an invalid length.
[  136.505405][ T8453] netlink: 'syz.1.1070': attribute type 29 has an invalid length.
[  136.529248][ T8453] netlink: 'syz.1.1070': attribute type 29 has an invalid length.
[  137.082572][ T8466] loop0: detected capacity change from 0 to 32768
[  137.708451][ T8466] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root
[  137.708451][ T8466] 
[  137.716228][ T8466] ERROR: (device loop0): remounting filesystem as read-only
[  137.856886][ T5864] ------------[ cut here ]------------
[  137.859208][ T5864] kernel BUG at fs/jfs/inode.c:169!
[  137.860951][ T5864] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
[  137.864099][ T5864] CPU: 0 UID: 0 PID: 5864 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  137.868005][ T5864] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  137.871747][ T5864] RIP: 0010:jfs_evict_inode+0x438/0x440
[  137.873827][ T5864] Code: fe e9 e0 fd ff ff 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 23 fe ff ff 4c 89 f7 e8 c3 69 e8 fe e9 16 fe ff ff e8 c9 fb 84 fe 90 <0f> 0b 66 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  137.880833][ T5864] RSP: 0018:ffffc90003aefae0 EFLAGS: 00010293
[  137.883040][ T5864] RAX: ffffffff833ab247 RBX: ffff888113236998 RCX: ffff888020eed640
[  137.885959][ T5864] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888113236998
[  137.888895][ T5864] RBP: 0000000000000001 R08: ffffffff8fa39037 R09: 1ffffffff1f47206
[  137.891835][ T5864] R10: dffffc0000000000 R11: ffffffff833a8f40 R12: dffffc0000000000
[  137.894766][ T5864] R13: dffffc0000000000 R14: ffff888113236620 R15: ffffffff833aae10
[  137.897571][ T5864] FS:  000055558bb38500(0000) GS:ffff8880b8618000(0000) knlGS:0000000000000000
[  137.900854][ T5864] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  137.903366][ T5864] CR2: 00007fc21a9e63bc CR3: 000000002200e000 CR4: 00000000000006f0
[  137.906309][ T5864] Call Trace:
[  137.907578][ T5864]  <TASK>
[  137.908702][ T5864]  ? evict+0x4f8/0x9c0
[  137.910254][ T5864]  ? __pfx_jfs_evict_inode+0x10/0x10
[  137.912230][ T5864]  evict+0x504/0x9c0
[  137.913683][ T5864]  ? __pfx_evict+0x10/0x10
[  137.915250][ T5864]  ? do_raw_spin_unlock+0x4d/0x240
[  137.917144][ T5864]  evict_inodes+0x64c/0x6d0
[  137.918796][ T5864]  ? __pfx_evict_inodes+0x10/0x10
[  137.920592][ T5864]  generic_shutdown_super+0x9a/0x2c0
[  137.922573][ T5864]  kill_block_super+0x44/0x90
[  137.924315][ T5864]  deactivate_locked_super+0xbc/0x130
[  137.926243][ T5864]  cleanup_mnt+0x425/0x4c0
[  137.927929][ T5864]  ? lockdep_hardirqs_on+0x9c/0x150
[  137.929886][ T5864]  task_work_run+0x1d4/0x260
[  137.931622][ T5864]  ? __pfx_task_work_run+0x10/0x10
[  137.933539][ T5864]  ? __x64_sys_umount+0x122/0x160
[  137.935420][ T5864]  ? exit_to_user_mode_loop+0x40/0x110
[  137.937451][ T5864]  exit_to_user_mode_loop+0xec/0x110
[  137.939447][ T5864]  do_syscall_64+0x2bd/0x3b0
[  137.941194][ T5864]  ? lockdep_hardirqs_on+0x9c/0x150
[  137.943147][ T5864]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  137.945404][ T5864]  ? exc_page_fault+0x9f/0xf0
[  137.947171][ T5864]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  137.949369][ T5864] RIP: 0033:0x7f093d38ff17
[  137.951056][ T5864] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  137.958148][ T5864] RSP: 002b:00007ffe57f491a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  137.961217][ T5864] RAX: 0000000000000000 RBX: 00007f093d411c05 RCX: 00007f093d38ff17
[  137.964135][ T5864] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe57f49260
[  137.966986][ T5864] RBP: 00007ffe57f49260 R08: 0000000000000000 R09: 0000000000000000
[  137.969908][ T5864] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe57f4a2f0
[  137.972836][ T5864] R13: 00007f093d411c05 R14: 00000000000219f4 R15: 00007ffe57f4a330
[  137.975772][ T5864]  </TASK>
[  137.976879][ T5864] Modules linked in:
[  137.978952][ T5864] ---[ end trace 0000000000000000 ]---
[  138.001681][ T5864] RIP: 0010:jfs_evict_inode+0x438/0x440
[  138.004206][ T5864] Code: fe e9 e0 fd ff ff 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 23 fe ff ff 4c 89 f7 e8 c3 69 e8 fe e9 16 fe ff ff e8 c9 fb 84 fe 90 <0f> 0b 66 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  138.011606][ T5864] RSP: 0018:ffffc90003aefae0 EFLAGS: 00010293
[  138.015042][ T5864] RAX: ffffffff833ab247 RBX: ffff888113236998 RCX: ffff888020eed640
[  138.018340][ T5864] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888113236998
[  138.022397][ T5864] RBP: 0000000000000001 R08: ffffffff8fa39037 R09: 1ffffffff1f47206
[  138.025201][ T5864] R10: dffffc0000000000 R11: ffffffff833a8f40 R12: dffffc0000000000
[  138.028000][ T5864] R13: dffffc0000000000 R14: ffff888113236620 R15: ffffffff833aae10
[  138.030684][ T5864] FS:  000055558bb38500(0000) GS:ffff8880b8618000(0000) knlGS:0000000000000000
[  138.033934][ T5864] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  138.036234][ T5864] CR2: 0000555592b2d5c8 CR3: 000000002200e000 CR4: 00000000000006f0
[  138.038924][ T5864] Kernel panic - not syncing: Fatal exception
[  138.041671][ T5864] Kernel Offset: disabled
[  138.043107][ T5864] Rebooting in 86400 seconds..

VM DIAGNOSIS:
20:50:01  Registers:
info registers vcpu 0

CPU#0
RAX=000000000000004e RBX=000000000000004e RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc90003aef230
R8 =ffff888108698237 R9 =1ffff110210d3046 R10=dffffc0000000000 R11=ffffffff854f3b00
R12=dffffc0000000000 R13=ffffffff99afd900 R14=ffffffff99df2420 R15=0000000000000000
RIP=ffffffff854f3b7c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 000055558bb38500 ffffffff 00c00000
GS =0000 ffff8880b8618000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fc21a9e63bc CR3=000000002200e000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000001 XMM01=0000000000000000 0000000000000000
XMM02=00005555696a46db 00005555696a4650 XMM03=00005555696a5934 00005555696a5930
XMM04=0000000000000000 00005555696a3498 XMM05=0100100007800401 0000000806060168
XMM06=d600080007e00300 100007d0030fffff XMM07=ffffffff0407c003 02100007b0032810
XMM08=00100309020834a0 0300080034980307 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=ffffffff81fa8101 RBX=ffffea00002df7c0 RCX=ffffffff81fa8119 RDX=0000000000000000
RSI=0000000000000008 RDI=ffffea00002df7c0 RBP=ffffc90007bf7390 RSP=ffffc90007bf7288
R8 =ffffea00002df7c8 R9 =ffff800000000000 R10=dffffc0000000000 R11=fffff9400005bef9
R12=0000000000000000 R13=dffffc0000000000 R14=1ffffd400005bef8 R15=1ffff92000f7ee5c
RIP=ffffffff822303e3 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f187bf6f6c0 ffffffff 00c00000
GS =0000 ffff8881a3c18000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b32f22ff8 CR3=000000010aca8000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=6161616161616161 6161616161616161
XMM06=6161616161616161 6161616161616161 XMM07=6161616161616161 6161616161616161
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007f1321212fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
