last executing test programs:

6m57.841100477s ago: executing program 1 (id=509):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port0\x00', 0x44, 0x11cfe, 0x10000000, 0x8000008, 0x3, 0x4, 0x80000001})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40505330, &(0x7f00000001c0)={0x800100, 0xffffffff, 0x4, 0xe1d9, 0x1101, 0x101})

6m57.840907101s ago: executing program 1 (id=510):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0xe00, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)={{0x14}, [@NFT_MSG_NEWRULE={0x78, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0xfffe}, [@NFTA_RULE_EXPRESSIONS={0x4c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x16}, @NFTA_CT_DIRECTION={0x5}]}}}, {0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_CT_SREG={0x8, 0x4, 0x1, 0x0, 0xc}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xa0}, 0x1, 0x0, 0x0, 0x840}, 0x0)
close(r0)

6m57.714275735s ago: executing program 1 (id=512):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
ioctl$EVIOCGMASK(r0, 0x80104592, &(0x7f0000000300)={0x0, 0xfe72, &(0x7f0000000200)="952bb3e006ae9a4c3a"})

6m57.678217001s ago: executing program 1 (id=513):
syz_mount_image$vfat(&(0x7f0000000100), &(0x7f0000000000)='./file0\x00', 0x10040, &(0x7f0000000140)={[{@utf8}, {@utf8no}, {@fat=@quiet}, {@fat=@sys_immutable}, {@fat=@codepage={'codepage', 0x3d, '864'}}, {@fat=@gid}, {@numtail}, {@iocharset={'iocharset', 0x3d, 'iso8859-9'}}, {@shortname_lower}, {@fat=@check_normal}, {@uni_xlateno}, {@shortname_win95}, {@utf8no}, {@fat=@tz_utc}]}, 0x26, 0x347, &(0x7f00000006c0)="$eJzs3T9oJNUfAPDvZpJsLnC/TfGDQ6vVTpDjErHQKuE44TCFniz+awxezj/Z9SCLC7HIXhrFUrERtLK7QsurxULEzsLWE+RUbLzu4IIjuzvZ2dndmATcPT0/nyJ8+b73nffezJCZJOTtK6uxdXkurty+fSsWFkoxu3p+Ne6UYilmIomeawEA3E/upGn8nvYUGpJxvT9cPIjmpzA3AGAyus//107nifK9nA0AMA2H/vxf9MzY7NWJTQsAmKCR5//DheahX/PPjv+zAADwr/Lciy89vbYecalaXYhovNeqtWrxZN6+diXeiHpsxrmoxH5E70Wh97bQ+frUxfUL56odPy9FrVPRqkU02q1a701hLenWl2M5KrGU1af9+qRTv9ytr0bEtXZ3/GiUWrW5WMzG/2ExNmMlKvH/kfqIi+sXVqrZAWqNg/p2xF4sHCyiM/+zUYnvXo2rUY/L0anN57+7XK2eT9cL9a3r5W6/I8xN5KIAAAAAAAAAAAAAAAAAAAAAAHDfO1vtW+rvf5M22q13Lw13WCrsj1PrNWf7A+3FYlRiPy0f7M7zfjK8P1Bxf55WbTZm7unKAQAAAAAAAAAAAAAAAAAA4J+juTMfG/X65nZz552twaA9kHnrm8+/OhXDfd5M8kzM9g5X6JPlYqAqiX552i9Pk0KfLEgi8s7Xb2THmikMUe6vYqS8E5RHmkrZnDbq9dMP/fTJuKo/8kwSI6elGJSy8QeaGv/rpf6i6vBg5Yg+N9M0Pax89+PRqihFzI5cuL8j+PrW6w881jzzeDfzZbbpwyOPVp6/+dFnv25t1CM7NfX6/HZzPz3JEKudsvwS5PdGKTvPB2f96APu5Zm97ebORvL9by88+MG3Q52T8fdPOph5+/CxvhjOzPeCzjSPs+S5MTf/+ODlu/279+QX7synqxs3dn/85bhVA98kbNQBAAAAAAAAAAAAAAAAAABTMfC/4ifwxLOTmxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATF/++f8Dwd5I5jjB3XaMNpU3t5uHDn5qqksFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOA/7M8AAAD//8jnd14=")
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
open(&(0x7f0000000780)='./bus\x00', 0x14507e, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = open(&(0x7f0000000080)='./bus\x00', 0x4600, 0xe898d2275f586838)
preadv2(r0, &(0x7f0000000980)=[{&(0x7f0000001200)=""/4096, 0xffffffa4}], 0x1, 0x8000, 0x9, 0x1b)

6m57.417976654s ago: executing program 1 (id=518):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x1f, 0x10, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x4}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x6d}}]}, &(0x7f0000000600)='GPL\x00', 0x3, 0x0, 0x0, 0x41000, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)

6m56.824911469s ago: executing program 1 (id=520):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xb8, 0x19, 0x1, 0x70bd27, 0x25dfdbfc, {{@in6=@local, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x4, 0x0, 0x0, 0x0, 0x2, 0x1}, {0x0, 0x0, 0x200000000000}, 0x8002, 0x0, 0x1, 0x0, 0x2}}, 0xb8}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
syz_emit_ethernet(0x5a, &(0x7f00000002c0)={@local, @broadcast, @void, {@ipv4={0x800, @tipc={{0x8, 0x4, 0x0, 0x3c, 0x4c, 0x67, 0x0, 0x3, 0x6, 0x0, @rand_addr=0x64010100, @local, {[@ssrr={0x89, 0x7, 0x1e, [@multicast1]}, @lsrr={0x83, 0x3, 0x93}]}}, @payload_mcast={{{{{{0x2c, 0x0, 0x0, 0x0, 0x0, 0xb, 0x1, 0x2, 0x5, 0x0, 0x1, 0x1, 0x0, 0x1, 0x800, 0x1, 0x1, 0x4e21, 0x4e22}, 0x1, 0x8000000}, 0x3, 0x3}, 0x1}}}}}}}, 0x0)

6m56.75499581s ago: executing program 32 (id=520):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xb8, 0x19, 0x1, 0x70bd27, 0x25dfdbfc, {{@in6=@local, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x4, 0x0, 0x0, 0x0, 0x2, 0x1}, {0x0, 0x0, 0x200000000000}, 0x8002, 0x0, 0x1, 0x0, 0x2}}, 0xb8}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
syz_emit_ethernet(0x5a, &(0x7f00000002c0)={@local, @broadcast, @void, {@ipv4={0x800, @tipc={{0x8, 0x4, 0x0, 0x3c, 0x4c, 0x67, 0x0, 0x3, 0x6, 0x0, @rand_addr=0x64010100, @local, {[@ssrr={0x89, 0x7, 0x1e, [@multicast1]}, @lsrr={0x83, 0x3, 0x93}]}}, @payload_mcast={{{{{{0x2c, 0x0, 0x0, 0x0, 0x0, 0xb, 0x1, 0x2, 0x5, 0x0, 0x1, 0x1, 0x0, 0x1, 0x800, 0x1, 0x1, 0x4e21, 0x4e22}, 0x1, 0x8000000}, 0x3, 0x3}, 0x1}}}}}}}, 0x0)

5m23.324232077s ago: executing program 2 (id=1599):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@newlink={0x3c, 0x10, 0xffffffffffffffff, 0x70bd28, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x21ac6, 0x71a07}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_AD_LACP_RATE={0x5, 0x15, 0x5}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000081}, 0x20040040)

5m23.171051831s ago: executing program 2 (id=1603):
r0 = semget(0x1, 0x4, 0x39c)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r1=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10000, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
semop(r0, &(0x7f0000000000)=[{0x2, 0xbbdd, 0x1000}, {0x2, 0x100, 0x800}], 0x2)

5m23.08205281s ago: executing program 2 (id=1604):
r0 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$inet_int(r0, 0x0, 0xf, &(0x7f0000000340)=0xfffffffffffffff9, 0x4)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f00000003c0)=[@in={0x2, 0x4e21, @rand_addr=0x64010102}], 0x10)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000100)=[@in={0x2, 0x0, @loopback}], 0x10)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r0, 0x84, 0x65, &(0x7f0000000000)=[@in={0x2, 0x0, @loopback}], 0x10)

5m23.081537665s ago: executing program 2 (id=1606):
r0 = socket$kcm(0x2a, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x8918, 0x0)

5m22.974426707s ago: executing program 2 (id=1608):
r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)=0x10)
statx(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x6000, &(0x7f0000000240))

5m22.974159562s ago: executing program 2 (id=1610):
capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000240)={0x0, 0x6, 0x2, 0x87, 0xffffffff, 0x40})
r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x8502, 0x0)
write$sndseq(r0, &(0x7f0000001380)=[{0x6, 0x0, 0x0, 0x0, @tick, {0x4, 0x2}, {}, @raw8={"fea7e7e1808ae646dc9fc28b"}}, {0x0, 0x0, 0x0, 0x0, @tick=0x1, {}, {}, @control={0x4, 0x4, 0x200}}, {0x10, 0x2, 0x94, 0x2, @time={0x4, 0x7}, {}, {0xfc, 0x9}, @control}, {0x0, 0x0, 0x0, 0x0, @tick=0x58, {0x0, 0x10}, {0x0, 0x6}, @control={0x1, 0x6, 0x401}}], 0x70)

5m7.882356363s ago: executing program 33 (id=1610):
capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000240)={0x0, 0x6, 0x2, 0x87, 0xffffffff, 0x40})
r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x8502, 0x0)
write$sndseq(r0, &(0x7f0000001380)=[{0x6, 0x0, 0x0, 0x0, @tick, {0x4, 0x2}, {}, @raw8={"fea7e7e1808ae646dc9fc28b"}}, {0x0, 0x0, 0x0, 0x0, @tick=0x1, {}, {}, @control={0x4, 0x4, 0x200}}, {0x10, 0x2, 0x94, 0x2, @time={0x4, 0x7}, {}, {0xfc, 0x9}, @control}, {0x0, 0x0, 0x0, 0x0, @tick=0x58, {0x0, 0x10}, {0x0, 0x6}, @control={0x1, 0x6, 0x401}}], 0x70)

4m36.992629292s ago: executing program 3 (id=2127):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000540)={0x30, 0x2d, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @fd}, @typed={0x8, 0x0, 0x0, 0x0, @uid=0xee00}, @nested={0x10, 0x0, 0x0, 0x1, [@typed={0xa, 0x1, 0x0, 0x0, @binary="3170d5cb1bc4"}]}]}, 0x30}], 0x1}, 0x0)

4m36.923634768s ago: executing program 3 (id=2129):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0xe0}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x2, 0xffffffe0}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0x50}, {0x7, 0x1, 0xb, 0x2, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {0x7, 0x0, 0x0, 0x9}, {0x7, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff1, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0xffffffb0}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

4m36.85387301s ago: executing program 3 (id=2130):
r0 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @dev={0xac, 0x14, 0x14, 0xf}}, 0xc)
syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @private, @multicast1}, @address_request={0x11, 0x2, 0x0, 0xe0000001}}}}}, 0x0)
close(0x3)

4m36.853607851s ago: executing program 3 (id=2131):
rt_tgsigqueueinfo(0x0, 0x0, 0x8, &(0x7f00000000c0)={0x24, 0x6, 0x1})

4m36.784080478s ago: executing program 3 (id=2132):
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1e0000000000000007000000", @ANYRES32], 0x48)

4m35.951964867s ago: executing program 3 (id=2136):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000012c0)={{0x3, 0x2, 0x0, 0xaaf7693a78fa7ac2, 0x6}})
readv(r0, &(0x7f0000002500)=[{&(0x7f0000003140)=""/4087, 0x6}, {&(0x7f0000000240)=""/197}, {&(0x7f0000000340)=""/15}, {&(0x7f0000000380)=""/251}, {&(0x7f0000000480)=""/221}, {&(0x7f0000000580)=""/142}, {&(0x7f0000000640)=""/34}, {&(0x7f0000001300)=""/4096}, {&(0x7f0000002300)=""/80}, {&(0x7f0000000140)=""/159}, {&(0x7f0000002440)=""/172}], 0x1)

4m35.835732446s ago: executing program 34 (id=2136):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000012c0)={{0x3, 0x2, 0x0, 0xaaf7693a78fa7ac2, 0x6}})
readv(r0, &(0x7f0000002500)=[{&(0x7f0000003140)=""/4087, 0x6}, {&(0x7f0000000240)=""/197}, {&(0x7f0000000340)=""/15}, {&(0x7f0000000380)=""/251}, {&(0x7f0000000480)=""/221}, {&(0x7f0000000580)=""/142}, {&(0x7f0000000640)=""/34}, {&(0x7f0000001300)=""/4096}, {&(0x7f0000002300)=""/80}, {&(0x7f0000000140)=""/159}, {&(0x7f0000002440)=""/172}], 0x1)

3m23.434215318s ago: executing program 4 (id=2977):
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r0, &(0x7f0000000740)={&(0x7f0000000040)={0x2, 0x0, @dev}, 0x10, 0x0, 0x0, &(0x7f0000004680)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000002bc0)=[{0x0}], 0x1}}], 0x48}, 0x0)

3m23.331287938s ago: executing program 4 (id=2978):
setsockopt$inet_sctp6_SCTP_AUTH_KEY(0xffffffffffffffff, 0x84, 0x17, 0x0, 0xffc9)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="12011003075f37407104020695a40102030109021b000142d8000a0904"], &(0x7f0000000140)={0x21, 0x0, 0x0, 0x0})

3m22.073218705s ago: executing program 4 (id=2990):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000100)=ANY=[@ANYBLOB='acl,heartbeat=none,dir_resv_level=00003,coherency=full,coherency=full,localflocks,coherency=full,noacl,\x00'/119, @ANYRES8], 0xfd, 0x443c, &(0x7f0000008940)="$eJzs3c9vVNUeAPBzb/seLQ94LY8FL3nJm+SRPKOmaVmpJbEthdJCxaAQ42aYtgNUpx3STo0LFnVH4srEhXFBNHHXFenCLf4JblziyiiJLNyYmBBrZuZOmXs7E0bSaYV8Pgk9vefXPZ3v3HPPXVxOnKjcWFzNLa7mCsu58vy11ZO5D8qltaViiPfIfp+fznQjTmK/fy6ePvvWlZMhfLPw3YOtra2tUNUbWhpp+v3XX27NN6cNcaZNtd/Wve2Wd0MIx3aMq6onhPDO1yFEIYTxJG8iSftDCEdCvezKrY+v5nZpNHfvF0/lH83e3hw9MbNxZ7P93x6F8Hnp3y9fX/r5fz2j37+4S6cHAAAAAAAAAAAAAAAAAOAZN3Xp4uU3h0fCvSj0bkQ739edStJ278du7Zr/dv+PBQAAAAAAAAAAAAAAAAAAgL+ox+//56KjLd7/n0zSsTbtt17v/hjpnuk3Lk6eGR5J9n+Pmkp++LG53sPxnjDYYt/37P7v45n+W+//Hu3a+F+J0ucdCFE8lDqO46GhEL5MNn4/Hh2MS+XVykvXymvLC7s2jGdWOv713ftT0Uk29O80/hOZ/ru///+/dnybqsdXd+8r9lxLx7+nbb2vPoo6iv/pTLu9iD9PLx3/3lpef3OFsfoEUI3/J71Pjv9kpv9uxf9ICCEXVceaS80A1TVMNb/deoW0dPz/VstLTZ3JB9nu+v8tE/8zmf73cv5PblW14/XsjYiW0vH/ey2vr170Uz15fP0Pxk++/s9m+t+P+391/Ovu/x1Jx/9APbM3VaX2SXY6/09l+u9W/C/HyTiPRKlvwEZUz2/3/9WRlo5/347yxvPVw/G4o/XfuUz7HfGPQlee/xrnbTz/Nab/F6L68x+tpePf37Zep9f/dKZdt+f/sdr6j6eVjv/BWl567TxQ+9lp/Gcy/Xcr/rVVSV8j/o/nk98P1PO/sP7rSDr+/6hnxs011ms/a+u/6Mnr//OZ/vdq/Ze6c8UhrMfdPevzIh3/Q23rVeP/bQf3/wuZdt2PfwjD1vpPLR3/w23r1a7/vpbxT117s5l23Y7//7vZOQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAzYCJJB0IUD6WO43hoKITTyfHxcDCaKyzk50rl+fdXQ5hM8nPhaHS9VJ4rlPKLy+WFYr5QKpXnQziTlB8LfdFqqVzJLxVunt3uqz+6USysVOaKhUoIYSrJ/0843OhrbrGyVLgZQji3XfbPuLxy80ZhOb+wuPLa8PDwcJjeHsNgVPywUlyu1M9eLw1hZrvtQNQ0uFrx+e2xHIreK6+tLBdKtfwLTW1K5flCqanNbFL2aRiMKitry/OFSjFfKl9vnG8/jSXp5PSlty9dGNlRfjWqpxN7OywAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/qR7o69+FkLorR/FIYRclPwSJf9S7t4vnso/mr29OXpiZuPO5oNWdQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiDHTgQAAAAAADyf22EqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqKuzSP0oDQRQH4DdjoaXHsFp2O9sVRbRwRfAEegwPo0fxEt7BIkXaFCGQzELYP7BNUn1f82B+zLwH8wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACWe3zr3l/rJiLF1fYy4vfz7/84fy71+276/sUZZuR0nl66+4e6Kf+eRvltOVq1eZ9u1l8fMVF7P4M9Ge7TwbjP0Ny+zc3X972OlKuIaEt+k3KuqmVvAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOzYgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCwAAAAAI87eOom8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4FcAAAD//2flIX0=")
symlink(&(0x7f0000000780)='./file0\x00', &(0x7f00000007c0)='./file0\x00')

3m21.617186901s ago: executing program 4 (id=2993):
syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000080)='./file0/file0\x00', &(0x7f0000000000)='./file0/file0\x00', 0x0, 0x232f453, 0x0)
umount2(&(0x7f0000000240)='./file0/file0\x00', 0x9)

3m21.401011615s ago: executing program 4 (id=2996):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_PORT_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x3c, r1, 0x1, 0x70bd26, 0x25dfdbfe, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x200040d0}, 0x40)

3m21.231752925s ago: executing program 4 (id=2997):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x6f}, 0x94)
r0 = socket(0x200000000000011, 0x2, 0xd)
bind$packet(r0, &(0x7f0000000080)={0x11, 0x800, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4)
syz_emit_ethernet(0x2e, &(0x7f0000000000)={@random="d100", @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0xe000, 0x0, 0x11, 0x0, @empty, @empty}, {0x4e21, 0x0, 0xc, 0x0, @gue={{0x1, 0x1, 0x1, 0x4, 0x0, @void}}}}}}}, 0x0)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x26}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0xfffffffffffffd2e, &(0x7f0000000000)='e', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4}, 0x48)
syz_emit_ethernet(0x32, &(0x7f0000000240)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x2, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x10, 0x0, @gue={{0x2, 0x1, 0x3, 0x6}}}}}}}, 0x0)

3m20.908508696s ago: executing program 35 (id=2997):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x6f}, 0x94)
r0 = socket(0x200000000000011, 0x2, 0xd)
bind$packet(r0, &(0x7f0000000080)={0x11, 0x800, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4)
syz_emit_ethernet(0x2e, &(0x7f0000000000)={@random="d100", @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0xe000, 0x0, 0x11, 0x0, @empty, @empty}, {0x4e21, 0x0, 0xc, 0x0, @gue={{0x1, 0x1, 0x1, 0x4, 0x0, @void}}}}}}}, 0x0)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x26}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0xfffffffffffffd2e, &(0x7f0000000000)='e', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4}, 0x48)
syz_emit_ethernet(0x32, &(0x7f0000000240)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x2, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x10, 0x0, @gue={{0x2, 0x1, 0x3, 0x6}}}}}}}, 0x0)

1m19.252798672s ago: executing program 6 (id=4371):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000005e00)={<r0=>0xffffffffffffffff})
close_range(r0, 0xffffffffffffffff, 0x2)

1m19.136487587s ago: executing program 6 (id=4374):
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1700000005000000020000000000000008"], 0x50)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000a40)={r0, 0x27, 0x13, 0x0, &(0x7f0000000000)="f8ad1dcc02cb29dcc800320088a8", 0x0, 0x4000, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x50)

1m18.788458605s ago: executing program 6 (id=4377):
socket$nl_route(0x10, 0x3, 0x0)
write(0xffffffffffffffff, &(0x7f0000000180)="2000000012", 0x5)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e00000008000000000018000380140003801000018004000300080001"], 0x44}}, 0x0)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001e80)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0700000000000000000005000000180001801400020073797a5f74756e0000000200000000000c0003800400038004000100b3a72d"], 0x38}}, 0x0)

1m18.772236208s ago: executing program 6 (id=4378):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x23e9c9e, 0x0)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
pivot_root(&(0x7f0000000080)='./file0/file0\x00', &(0x7f0000000100)='./file0/file0\x00')

1m18.698865698s ago: executing program 6 (id=4379):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000880)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001040)={0x4c, 0xd, 0xa, 0x801, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x20, 0x3, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "1e1c"}]}, @NFTA_SET_ELEM_KEY_END={0xc, 0xa, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "57b8"}]}]}]}]}, 0x4c}}, 0x8000)

1m18.409708121s ago: executing program 6 (id=4380):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$sock_int(r2, 0x1, 0x2a, &(0x7f0000000100)=0xfffe, 0x4)
recvmmsg(r2, &(0x7f0000001440)=[{{0x0, 0x0, 0x0}, 0xfffffffd}], 0x1, 0x40002102, 0x0)
sendmsg$inet(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000080)="c3ee719735", 0x5}], 0x1}, 0x0)
write$binfmt_misc(r0, &(0x7f00000000c0)='J', 0x1)
close(r1)

1m18.263130472s ago: executing program 36 (id=4380):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$sock_int(r2, 0x1, 0x2a, &(0x7f0000000100)=0xfffe, 0x4)
recvmmsg(r2, &(0x7f0000001440)=[{{0x0, 0x0, 0x0}, 0xfffffffd}], 0x1, 0x40002102, 0x0)
sendmsg$inet(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000080)="c3ee719735", 0x5}], 0x1}, 0x0)
write$binfmt_misc(r0, &(0x7f00000000c0)='J', 0x1)
close(r1)

19.006245287s ago: executing program 7 (id=5186):
r0 = syz_open_dev$video(&(0x7f0000000180), 0x101, 0xab02)
ioctl$VIDIOC_ENUMINPUT(r0, 0xc050561a, &(0x7f0000000000)={0x2, "7cc1a5c73129191131400588218436a0bf3bccd2f7fcee81d4bd9d88aea62bc4", 0x3, 0xffff, 0x3, 0x20, 0x30406, 0x4})

19.005718605s ago: executing program 7 (id=5188):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0e00000004000000040000006df2"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x14, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000100000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bca2000000000000a6020000f8ffffffb703000018000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r3=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000002c0)={r1, r3, 0x25, 0x2, @void}, 0x10)
syz_emit_ethernet(0x49, &(0x7f0000000400)=ANY=[], 0x0)

18.899854797s ago: executing program 7 (id=5189):
r0 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_channels={0x3d, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2}})
getpeername$packet(0xffffffffffffffff, 0x0, 0x0)
r1 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000140)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0x0, 0x0, 0x0, 0x4, 0x2, 0x1}})

18.847196626s ago: executing program 7 (id=5191):
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x818884, &(0x7f0000000480)=ANY=[@ANYBLOB='keep_last_dots,sys_tz,uid=', @ANYRESHEX=0xee00, @ANYBLOB=',errors=continue,umask=00000000000000000000013,namecase=1,discard,time_offset=0x0000000000000008,discard,discard,iocharset=maccenteuro,utf8,gid=', @ANYRESHEX=0x0, @ANYBLOB="2c666d61736b3d30303030303030303030303030303030303030303031302c646d61736b3d30303030303030303030303030303030303030303030302c6f626a5f726f6c653d25328cfee75f1c5d954656faab7be74628f05603027ff261d3a2b517babe95b5c24f848e33bac3689fbb41b46f88e6612dd68eeeab9384ff7f000099bfaa85597f2e099401b6648584b407efbac174d868270700000000000000d95983b0b4c88668ad69d69527e2000000000000000000002dde4b0d285273afe04dcbff0b6a266ba0b69fe36684a217b60a1f0bb5a40fa2aa042d1483733e92418b1ae82ffccb49f3ab55f962ffb3beeec0f97fbf752c736d61636b6673726f6f743d27232a265c2c6f626a5f726f6c653d616eaf261dc74bdfa87e3a447e9846af301ebc102b336edc173c8169e83d85619b2071c951cd3cc042f073f42d1e8b346b53816da95d94234da8ef543f2fc02f03059a3fb25486109abfdf6b688ccd8307a0ea79757ccd69b979285d74c880e6537a37d8fa83b8f0115f48473ebb62182c6d61736b3d5e4d41595f524541442c657569643d", @ANYRESDEC=0x0, @ANYBLOB=',\x00'], 0x81, 0x1534, &(0x7f0000000e40)="$eJzs3AucTtX6OPDnWWvtMSS9TXIZ1lrP5k0uiyTJJUkuSZIkSW4JSZMcSUgMuSUNSUguQ3IZQnKZmDTu9/slIUmaJAnJLVn/z8T8nU6d/znnd/odv/9vnu/nsz+znnftZ+2153nf/e6933fmu67DajWpXb0REcG/BS/9SASAWAAYBADXAUAAAOXjysdl9ueUmPjvbYT9uR5JudozYFcT1z974/pnb1z/7I3rn71x/bM3rn/2xvXP3rj+jGVnW2YUvJ6X7Lvw/f/sjN///xfJKD3uq3Wlb+wGEPPPpnD9//+H/0Yu1/9/reCfWYnrn71x/bOr2Ks9AfY/AL/+s4Mcf7eH65+9cf0Zy86y7gOfzlfw+li4+vej/9MLRLL3ZyBX+/nHGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYYyx7OOuvUACQ1b7a82KMMcYYY4wxxtifx+e42jNgjDHGGGOMMcbYfz8EARIUBBADOSAWckIuEAAxWf3XQxzcAHnhRsgH+aEAFIR4KASFQYMBCwQhFIGiEIWboBjcDMWhBJSEUuCgNJSBW6As3Arl4DYoD7dDBbgDKkIlqAxV4E6oCndBNbgbqsM9UANqQi2oDfdCHbgP6sL9UA8egPrwIDSAh6AhPAyN4BFoDI9CE3gMmsLj0AyaQwtoCa3+S/kvQU94GXpBb0iEPtAXXoF+0B8GwEAYBK/CYHgNhsDrkARDYRi8AcPhTRgBb8FIGAWj4W0YA+/AWBgH42ECJMNEmATvwmR4D6bAVJgG0yEFZsBMeB9mwWyYAx/AXPgQ5sF8WAALIRU+gkWwGNLgY1gCn0A6LIVlsBxWwEpYBathDayFdbAeNsBG2ASbYQtshW2wHXbATtgFn8Ju+Az2wF7YB5/DfvjiX8w/8zf53RAQUKBAhQpjMAZzQizmwlyYG3NjHsyDEYxgHMZhXsyL+TAfFsACGI/xWBgLo0GDhIRFsAhGMYrFsBgWx+JYEkuiQ4dlsAyWxVuxHJbD8lgeK2AFrIiVsBJWwSpYFatiNayG1bE61sAaWAtr4b14L/bBulgX62E9rI/1s25PYSNshI2xMTbBJtgUm2IzbIYtsAW2wlbYGltjG2yD7bAdtsf22AE7YAImYEfsiJ2wE3bGztgFu2BX7IrdsDt2z3gpB+DL+DL2xhqiD/bFvtgPk3IMwIE4EF/FwfgavoavYxIOxWH4Br6Bb+IIPI0jcRSOxtFYVbyDY3EckpiAyZiMk3ASTsbJOAWn4lScjik4A2fiTJyFs3E2foBz8UP8EOfjfFyIqZiKi3AxpmEaLsEzmI5LcRkuxxW4ElfgalyDq3Edrsd1uBE34mbcjFtxK27H7bgTd+KnqADwM9yLezEJ9+N+PIAH8CAexEN4CDMwAw/jYTyCR/AoHsVjeAyP4wk8iSfwFJ7C03gGz+JZPI/n8QK+EP9N409LrE0CkUkJJWJEjIgVsSKXyCVyi9wij8gjIiIi4kScyCvyinwinyggCoh4ES8Ki8LCCCNIhJlHChEVUVFMFBPFRXFRUpQUTjhRRpQRZUVZUU6UE+XF7aKCuENUFJVEW1dFVBFVRTtXTdwtqovqooaoKWqJ2qK2qCPqiLqirqgn6on6or5oIB4SDUUfHICPiMzKNBFDsakYhs1EcyEvH6FaixHYRrQV7cRTYhSOxA6itUsQz4qOYix2En8R4/B50UVMwK7iRdFNdBc9xEuip2jjeoneYgr2EX3FdOwn+osBYqCYhTXFBzg3Zy3xukgSQ8Uw8YZYiG+KEeItMVKMEqPF22KMeEeMFePEeDFBJIuJYpJ4V0wW74kpYqqYJqaLFDFDzBTvi1litpgjPhBzxYdinpgvFoiFIlV8JBaJxSJNfCyWiE9EulgqlonlYoVYKVaJ1WKNWCvWifVig9goNonNYovYKraJ7WKH2Cl2iU/FbvGZ2CP2in3ic7FffCEOiC/FQfGVOCS+FhniG3FYfCuOiO/EUfG9OCZ+EMfFCXFS/ChOiZ/EaXFGnBXnxHnxs7ggfhEXhRcgUQoppZKBjJE5ZKzMKXPJa2RuGWQd/2WcvEHmlTfKfDK/LCALynhZSBaWWhppJclQFpFFZVTeJIvJm2VxWUKWlKWkk6VlGXmLLCtvleXkbbK8vF1WkHfIirKSrCyryDtlVXmXhMilbdSQNWUtWVveKxPhPllX3i/ryQdkffmgbCAfkg3lw7KRfEQ2lo/KJvIx2VQ+LpvJ5rKFbClbySdka/mkbCPbynbyKdlePi07yGdkgnxWdpT+8lPkedlFviC7yhdlN9ld9pC/yIvSy16yt4Q+IPvKV2Q/2V8OkAPlIPmqHCxfk0Pk6zJJDpXD5BtyuHxTjpBvyZFylBwt35Zj5DtyrBwnx8sJMllOlJPku3KyfE9OkVPlNDldpsgZcsDlkeZI+Q/z3/2D/CG/bn2z3CK3ym1yu9whd8pd8lO5W+6We+QeuU/uk/vlfnlAHpAH5UF5SB6SGTJDHpaH5RF5RB6VR+UxeUwelyfkOfmjPCV/kqflGXlGnpPn5Xl54fLvABQqoaRSKlAxKoeKVTlVLnWNyq2uVXnUdSqirldx6gaVV92o8qn8qoAqqOJVIVVYaWWUVaRCVUQVVVF1E15+wqiSqpRyqrQqo275V/JVMXWzKq5K/CY/a36Jf2d+rVQr1Vq1Vm1UG9VOtVPtVXvVQXVQCSpBdVQdVSfVSXVWnVUX1UV1VV1VN9VN9VA9VE/VU/VSvVSiSlR91Suqn+qvBqiBapB6VWTuwxA1RCWpJDVMDVPD1XA1Qo1QI9VINVqNVmPUGDVWjVXj1XiVrJLVJDVJTVaT1RQ1RU1T01SKSlEz1Uw1S81Sc9QcNVfNVfPUPLVALVCpKlUtUotUmkpTS9QSla6WqqVquVquVqqVarVardaqtWq9Wq82qo0qXW1RW9Q2tU3tUDvULrVL7Va71R61R+1T+9R+tV8dUAfUQXVQHVKHVIbKUIfVYXVEHVFH1VF1TB1Tx9VxdVKdVKfUKXVanVZn1Vl1Xp1XF9QFdVFdzDztC0QgAhWoICaICWKD2CBXkCvIHeQO8gR5gkgQCeKCuCBvcGOQL8gfFAgKBvFBoaBwoAMT2EBcLno0uCkoFtwcFA9KBCWDUoELSgdlgluCssGtQbngtqB8cHtQIbgjqBhUCioHVYI7g6rBXUG14O6genBPUCOoGdQKagf3BnWC+4K6wf1BveCBoH7wYNAgeChoGDwcNAoeCRoHjwZNgseCpsHjQbOgedAiaBm0+lPH9/50/iddL91bJ+o+uq9+RffT/fUAPVAP0q/qwfo1PUS/rpP0UD1Mv6GH6zf1CP2WHqlH6dH6bT1Gv6PH6nF6vJ6gk/VEPUm/qyfr9/QUPVVP09N1ip6hZ+r39Sw9W8/RH+i5+kM9T8/XC/RCnao/0ov0Yp2mP9ZL9Cc6XS/Vy/RyvUKv1Kv0ar1Gr9Xr9Hq9QW/Um/RmvUVv1dv0dr1D79S79Kd6t/5M79F79T79ud6vv9AH9Jf6oP5KH9Jf6wz9jT6sv9VH9Hf6qP5eH9M/6OP6hD6pf9Sn9E/6tD6jz+pz+rz+WV/Qv+iL2mee3Ge+vRtllIkxMSbWxJpcJpfJbXKbPCaPiZiIiTNxJq/Ja/KZfKaAKWDiTbwpbAqbTGTIFDFFTNRETTFTzBQ3xU1JU9I440wZU8aUNWVNOVPOlDflTQVTwVQ0FU1lU9ncae40d5m7zN3mbnOPucfUNDVNbVPb1DF1TF1T19Qz9Ux9U980MA1MQ9PQNDKNTGPT2DQxTUxT09Q0M81MC9PCtDKtTGvT2rQxbUw70860N+1NB9PBJJgE09F0NJ1MJ9PZdDZdTBfT1XQ13Uw308P0MD1NT9PL9DKJJtH0NX1NP9PPDDADzCAzyAw2g80QM8QkmSQzzAwzw81wM8KMMCPNKDM680TVvGPGmnFmvJlgkk2ymWQmmclmsplipphpZppJMSlmpplpZplZZo6ZY+aauWaemWcWmAUm1aSaRWaRSTNpZolZYtJNullmlpkVZoVZZVaZNWaNWWfWmQ2wwWwym8wWs8VsM9vMDrPD7DK7zG6z2+wxe8w+s8/sN/vNAXPAHDQHzSFzyGSYDHPYHDZHzBFz1Bw1x8wxc9wcNyfNSXPKnDKnzWlz1pw1503+y++X3sTanDaXvcbmttfaPPY6+7dxAVvQxttCtrDVNp/N/5vYWGuL2xK2pC1lnS1ty9hbfhdXtJVsZVvF3mmr2rtstd/Fdex9tq6939azD9ja9t7fxPXtg7aBfcw2RASwzW1j29I2sY/ZpvZx28w2ty1sS9vePm072Gdsgn3WdrTP/S5eZBfbNXatXWfX2z12rz1rz9kj9jt73v5se9nedpB91Q62r9kh9nWbZIf+Lh5t37Zj7Dt2rB1nx9sJv4un2ek2xc6wM+37dpad/bs41X5k59o0O8/Otwvswl/jzDml2Y/tEvuJTbcBLLPL7Qq70q6yq//vXJfbjXaT3Wx328/sNrvd7rA77a6sE2G71+6zn9v99gt72H5rD9qv7CF71GbYb36NM/fvqP3eHrM/2OP2hD1pf7Sn7E8qKztz33+0v9iL1lsgJCBJigKKoRwUSzkpF11DuelaykPXUYSupzi6gfLSjZSP8lMBKkjxVIgKkyZDlohCKkJFKUo3Udb0SlIpclSaytAtVJZupXJ0G5Wn26kC3UEVqRJVpip0J1Wlu6ga3U3V6R6qQTWpFtWme6kO3Ud16X6qRw9QfXqQGtBD1JAepkb0CDWmR6kJPUZN6XFqRs2pBbWkVvQEtaYnqQ21pXb0FLWnp6kDPUMJ9Cx1pOeoE/2FOtPz1IVeoK70InWj7tSDXqKe9DL1ot6USH2oL71C/ag/DaCBNIhepcH0Gg2h1ymJhtIweoOG05s0gt6ikTSKRtPbNIbeobE0jsbTBEqmiTSJ3qXJ9B5Noak0jaZTCs2gmfQ+zaLZNIc+oLn0Ic2j+bSAFlIqfUSLaDGl0ce0hD6hdFpKy2g5raCVtIpW0xpaS+toPW2gjbSJNtMW2krbaDvtoJ20iz6l3fQZ7aG9tI8+p/30BR2gL+kgfUWH6GvKoG/oMH1LR+g7Okrf+970Ax2nE3SSfqRT9BOdpjN0ls7RefqZLtAvdJE8QYihCGWowiCMCXOEsWHOMFd4TZg7vDbME14XRsLrw7jwhjBveGOYL8wfFggLhvFhobBwqEMT2pDCMCwSFg2j4U1hsfDmsHhYIiwZlgpdWDosE94Slg1vDcuFt4Xlw9vDCuEdYcWwUvjYA1XCO8Oq4V1htfDusHp4T1gjrBnWCmuH94Z1wvvCuuH9Yb3wgbBc+GDYIHwobBg+HDYKHwkbh4+GTcLHwqbh42GzsHnYImwZtgqfCFuHT4ZtwrZhu/CasH34dNghfCZMCJ8NO4bP/dr/4OKs/qd+158Y9gn7hq+Er4Te3y8XRBdGU6MfRRdFF0fToh9Hl0Q/iaZHl0aXRZdHV0RXRldFV0fXRNdG10XXRzdEN0Y3RTdHva+dAxw64aRTLnAxLoeLdTldLneNy+2udXncdS7irndx7gaX193o8rn8roAr6OJdIVfYaWecdeRCV8QVdVF3kyvmbnbFXQlX0pVyzpV2ZVxL18q1cq3dk66Na+vauafcU+5p97R7xj3jnnUd3XOuk/uL6+yed13cC+4F96Lr5rq7Hu4l19NNzHPpNZno+rq+rp/r5wa4AW6QG+QGu8FuiBviklySG+aGueFuuBvhRriRbqQb7Ua7MW6MG+vGuvFuvEt2yW6Sm+Qmu8luipviprlpLsWluJluppvlZrmqsy9tZZ6b5xa4BS7VpbpFLvOcMc0tcUtcukt3y9wyt8KtcKvcKrfGrXHr3Dq3wW1wm9wmt8VtcdvcNrfD7XC73C632+12e/x1lwZ1+90Bd8AddAfdIfe1y3DfuMPuW3fEfeeOuu/dMfeDO+5OuJPuR3fK/eROuzPurDvnzruf3QX3i7vovEuOTIxMirwbmRx5LzIlMjUyLTI9khKZEZkZeT8yKzI7MifyQWRu5MPIvMj8yILIwkhq5KPIosjiSFrk48iSyCeR9MjSyLLI8siKyMqI94W2hb6IL+qj/iZfzN/si/sSvqQv5Z0v7cv4W3xZf6sv52/z5f3tvoK/w1f0lXxl/7hv5pv7Fr6lb+Wf8K39k76Nb+vb+ad8e/+07+Cf8Qn+Wd/RP+c7+b/4zv5538W/4Lv6F30339338C/5nv5l38v39om+j+/rX/H9fH8/wA/0g/yrfrB/zQ/xr/skP9QP82/44f5NP8K/5Uf6UX50zNt+TNYlMkzwyX6in+Tf9ZP9e36Kn+qn+ek+xc/wM/37fpaf7ef4D/xc/6Gf5+f7BX6hT/Uf+UV+sU/zH/sl/hOf7pdm3TT2q/xqv8av9ev8er/Bb/Sb/Ga/xW/12/x2v8Pv9Lv8p363/8zv8Xv9Pv+53++/8Af8l/6g/8of8l/7DP+NP+y/9Uf8d/6o/94f8z/44/6EP+l/9Kf8T/60P+PP+nP+vP/ZX/C/+Iv8N2uMMcYYY/+UiVea4rc9l27n9/mDHPFXK/cFgGu3F8z46/7MM8oN+S61+4v49hEAeLZ310eylho1EhMTL6+bLiEoOh8g65OgTL9+9eByvBTawdOQAG2h7B/Ov7/ofp7+wfjR2wFy/VVOLFyJr4z/JQAm/sH4Tzw1elGF8Gzc/2P8+QDFi17JyQlX4qXQ7tf7K22h3N+Zf/7W/2D+Ob9KBmjzVzm54Up8Zf5l4El4DhJ+syZjjDHGGGOMMXZJf1G5c9b1Z9Y3Pv/o+jxeXcnJAVfif3R9zhhjjDHGGGOMsavv+e49nnkiIaFt53+9Ue2/lPVPN5rCf9fI3PjDhvcAWY8oAPg3BwTIbMj/5F5s/Y9sK+nyS+dvu1ac8wH8zyjln9G4ygcmxhhjjDHG2J/uykn/bx9XV2tCjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcZYNvSf+HdiV3sfGWOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMsavt/wQAAP//pkz/nw==")
syz_open_procfs(0x0, 0x0)
mount$bind(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1333c06, 0x0)
mount$bind(0x0, 0x0, 0x0, 0x11080, 0x0)

18.720107419s ago: executing program 7 (id=5194):
r0 = syz_open_dev$usbfs(&(0x7f0000000140), 0x77, 0x3501)
ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {0x45}, 0x4f, 0x20, &(0x7f00000000c0)={0x1, 0x17, 0x0, 0x3, 0xfffe}, 0xc02ed47582f1deb0, 0x4, 0xf, 0x0, 0xd, 0x5, &(0x7f0000000100)="8fa7e880f3f292923d0b"})

18.4228815s ago: executing program 7 (id=5199):
shmctl$IPC_RMID(0x0, 0x13)

17.829140986s ago: executing program 37 (id=5199):
shmctl$IPC_RMID(0x0, 0x13)

3.67709721s ago: executing program 8 (id=5352):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x4, 0x5, &(0x7f0000002500)=ANY=[@ANYBLOB="bf16000000000000b7070000000100004870000000ffffffd40700002000000095000000000000002ba728041598fbd30cb599e83d24a3aa81d36bb3019c13bd23212fb56fa54f2681d8b02c3815e79c1414eb07eae6f0711e6bd917487960717142fa9ea4318123f602000000000080de89e661168c1886d0d4d94f204e345c65c26e278ef5b915395b19284a1a4bc72fbc1626e3a2a2ad358061d0ae0209e6e83d15645aa818d92b21aa6459512f51ee988e6ea604ce974a22a550d6f97080980400003e05df3ceb9f1feae5737ecaa8666963c474c2a100c788b277beee1cbf9b0a4d3881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3431abe802f5ab3e89cf6c662ed4048d3b3e22278d00ce00000000d3a02762c2951257b85802189d74005d2a1bcf9436e192e23fd275985bf31b714f000bcab6fcd610f25f5888000000003f11afc9bd08c6ebfbb89432fb465bc52f49129b9b6150e320c9901de2ebb9000000018e3095c4c5c7a156cec33a667dccaff950ca1e5efdd4c968dacf81baa3a509b1041d06f6b0097c430481824a3f4fddd3c643f630ba175d876defd3541772f26e27c44cfdb2d85d6d29983e830a9cdd79837b3468e8c67a571d0a017c100344c52a6f387a1340a1c8889464f90cc4cd1f570dd39877dfb2ff1ae66e1ce917474b2e650ae630afd014a337ac5d58bcb5e517232586872c5255f20100000000000000f041b665ab21372c8d8b7bac5b5c784d20a4a24d8dbd75062e1daef9dead619cc6e7baa72707157791c3d2a286ffb8d35452bb5d36c2a8682bf7ecbd53f950ef4709ec01e230d2f53594ef4839c6130c4c13a0cca84b9935f771fd49e480cd9d48aeb12b1d6acabd38a817bcd222614d1f62734d679039a97d2b74f9e8e997ccd314000f747f4e8e7025123e783df8b8a17e3aa9fe1f662aef87a065b03cfb65b4dfe4f1b56e1f23128d743753a1de172d683d5892ce9414a1d98ea93e3d35dbb6c23b90cf36e83b8a434a97d09343d7f83079ccb02e69d384146056d125cfa788237874dd42dae334bda042819a2aa24dba1c25be2794448b4f63483026b5e34d44705b76ef29241adab0dd7d68bf975e02069f6f2425e1bc97a3d588085f16bef63a06578d4f5de7bfb6aaa75f16996d536256c02284cb1d3a6fb8cae87691fae365a70c3fc69e1565bba8dd8a8ca049f798abe646f738bebd69413afc9d8a5edd7aaa000000000600001e6c2f2a287c5278a218dbfaffffff00a14db5cfa6819eb1d39c48cfdc80d215c9e16e0c4736dd19363154cca4e2f89800d18c89d7f46f679df6c9e2952ae1ebfd0ca88368ee6ce139e8b5822c22cf2e9dde943d34c432e1001171792c65986146666a5490928441f47e0fe5eac41824ca1fd0eb71aa243c88d5480e5aee9c9e5f2e5a56a6d920335c8e8726fd8329d9a733d8f9ffffff5f912ac4e34bf6ea8a86da707b03bddb491ba0cc98f6be92c50008a2b50025419dfc75c73132ca7ca26ce8a7e3ffb700f09e157f9b844051f1a642aca9ff98c9036471ccff0522903e7bcf62e18f7696bbc280b95e8e0d6fd5644b0ebde3a95b06548862de809d3dae3cccf109f7c78e8479a345e800000000000000000000009455bf417627ce723a5d9103706aba69279500bb82f6b5a3ddc0bd9856712945b70c75ce5b722578820820d010d7a3cffc99fc647d0b82ef26ab708c0b19ed144be51c3b398f0e6bb7a30006000000cba12953d58cff0f0378740fe6662f377b97d8e7cdb047050d7296cd3856476a0ea49ad127ba6570bafc2bbcf9ee721fd9cb467ff071e5604fbf0491245c0000007d932d7a64de4c4aa433fc0840aff7c47da3a4c6966d0000000000000000f6bfbae29e8a6e2a889f6ef6869d82d6bd73eb76b65c7a35a54a4a6b8ad4600e3a972a0bb5971a5f16590b0a03dafa3fd1118765cc8ab9fccf3b51c41a339f200f2fa33006910a679a9ae0187b4d750c4bd244cb0cbfd23b265f4d4da448a7a0d19c5e43eae50a31609dfa2ddf267551467eb6475293dd7012cc449009981f22820e57a0eff234ccfe21d7a2302e000669753d3c3432cc14ee1abe724adb6b5431befedd3e22971118f0e21aed186a370e9eb56b3d790b98f2bd0db1e5de6a146597b2cbb7103040d2a39d7965d36df524b760ab92efcce7dd1574a0730a9e015c7f5ffee9ff66e5dd2866b15b6e0d17618cb1f5c1ee4b05ebf1445ea110f499f840a5c965443d725556351ee25fe09f69494b053678dcadcf02e063dff2fa4bef1ac3bbbe4fe3e8cc759b05785adc346b7ffd05963f92c1d0d7d90ba878ad89e490f3e29ac51d30632869a534418f916bf6fe8167827a8e6c8f8b391c822805cb0adf1b8bd6947ff208753eb0d208ce14f7b206b2e02c21e963abc5ceb735c1b3c46b0a843de52a903375dfb663a8d8ee9c2b2705c1a81d9d3b9656b219c8cd99c9cafcd0d0540884d97aecb19983fc6af29ab44a82aff9cba921192c665b877af6539bdb1b567f481ba07982e7ad758f4e1eac69e7e88a63960975f490e161e371ec8534791e3b61c63fb9450dd03985d900a9c0839208356b53750e76fcc3c2d1bddcbd83897921bd4d0c02e8188f3df79ea2a5c5444004830e6cb227ca1bdafb977c00000000003a417193b8c5d793687335a980010000fdf278218218e04b705ec62f1608cb569b81914e68f175b392af6bc4fd2121d7fd276af2c97a441b56e7a0687d98b8e76d8d0d231e4fe00be1de76bd19cc12e2bd938eb681ed6bc951c1b4f7c51af59eea4d40c6000000000200778a677b72786311153271a3313da02645e11761699e4d04ac86dd14ff7b9a10d3fa74696fe3953a5b7706bf5d1faba4b18808d9cb0e9d3696dec4e0820ee4028d7225a2c9c427cf64cbde6fba056b2006b7a37c1181d530fb865e235cd302f3b4071ee5237ada986b9e5e3144bf479f277f10656ad3744037ccc9c63685a6f1109d2ea73773d3635f61497f1fa1ea4a16f601800bf3e59141fbf05a96113320c445f9ba8596970d5254727e804fbd99ccefb7c09269dd2c5c25e56e169ac15980f3f85f7ca36dd5950ef5b64fd46f123311829534a82940994199b3cf7a8fabea9930952f5da9b909c1946e55289f668c423fcbb31ae91864c882313151741a67538c9689dc8ecc9903c7041e5c0704e2fa55a756487517a7445cbd9e3f5175e41c00000000000000000000000000bf98efd587fffe326f474b0b089c017b16c0062cbce96f5adebec52a79f9363909842f79c50a1520be46d87003137e4c5031f00123e812a5e37cd52c9eb7336281cb8c6ce9934b157d7875a70eaf103cb3138e2361c51cd1eab8a26b232acf6bf0ab829c26dab637538b2eb1420d812d2b80c777710ba0f18e4661681aa218d9ba54023ab4305d77eb15611ae2545835e9d30e9f6d4fb43a291c69545a1eea0f8720431132d8549f99bf6c5cb060da70cbb59d0a000000000034d083fc37d2449f72de0cbea4bc1dc89c136cdbc504f849d5502d77a95c7bfff4cd9c03058d0d4d07ea64824f1acf2b39389f675f39d01719cdbab3f1ce10609c8d7b3e37cb99b41da5e485a441b6a103549f55ab09dc98767763d1f21d9d5bc27d2b40050d1f8292f4d9ec6d0000000000003932062290f4996fdd55b06023437e9e2072daf7f5d82f6f1b5b89a41134f4dc2e65bb11272fdf8c8141f41d6160b3d8b6ecd16d14267f61b4881adee7f07f3d6af5ae79e16fe2c3f55ac7a6392d2e1d9b4286b6c30600a76b85ed6e1f0000c67e6c5fcdc8c39381be4799b8cb2d08b8262c807dd755e22b801162381aa9d1af2bbc9cfd497585337eac408b8475b47a392a10cae349160f128e5f873a58064eb400c36a90624f6aed398a215e9ce64522ab249f67c38a656d32ecff5cdb2b039c4abf349d2c0f88a42e9189bbfa7f5cf35b6e7ef8f9d33163b7ea87550fb1ba334c83e3aec4714c9c4ca3ecb04f2720237615a28bf310b58ffa2a103216fdcc8c2d8f5d55e5e7ebf147105272aaae56e86da86b3cf79a3f7306436762dd1a08ce873e07cebc7892ec6f9f696da38feed3d70001500e34ad2e1b2e64af4e37211b524e20f4ae1ba89a32bad2af9030f8add5cbacc59352c290f55d971b65953533668c25f21d8d62d849e9058eaa97c63491568887548f668cdbca2abf01a361a0b64d8b523e669da350e3ec7445dfbf366b0b3bc5e76824a1e43eaaeca70db90f2fa39596443447671933079a24fe3681ad9ac361f71ac279a688f10a12105edebc5e3bbc394c8305ab129ca2dfb9b7c5e9d097bd01b495cccefddce569117f7f5d6a6270ff0f0f4c371029ca8489571b55841bf3dd003bc81460eee57ceb3c33f4e90eb1fffffffffffffcfcbb616c2070237881afdb314cecd1623f3e55ab8b7627fa1be349145a8d6313cbc790eefe2020138e82fb9d351be4ddcbcc9bc048dd3db5828d16baec6e07a007f0030f34ea3cfd524d6fa1d45da5641d6c94e1d3ae7fba1c85035d2a60ef1696e0d96aa1c60019f73ae0aa6113cd66ef26b5777337c26e1461405d86fdf091edd526f25cada439bb3609ed5c35ab60a539ade786bd6004d0ea3edbd6c4da0d8e8be8c771c8c8a0b07d9859e04adb18964dcce9bce546074c2615318bf813e788c84409dffbc2df372a016e8c845d4257000000000000000000000000000000000000f29657697d9c2b132b2dc2f5ea5122836582a7e85fe2bc166f17aefd9d861de0191f5277d4a3b5afb6f23d9eea2459f7844606e1202768d83c24cc791bde44a448022bbfa571fe029a7b2d5152639ee283894ab6168992ff0acc01b39a078f285ce615351f262019586eb9447bb3eaffd7b53d8f37ca6c5f1027dd5b7592996c8a7789ba108979cc9ad07ed86682843e2eaa855dd01443ee6ffde1811f10039d5d14458177096e15cc4d8f2582a1bea5cc98d992f3de7d1cdfb24384b9f11b615c87c441dc970ec896a5af6bf69b50a244bc138a1cae3d220bcff6bcb3058c6e0d1cc0da889710f33f5638f805ce602365492282863cc8092b16656dea03cd50182aabbac78a14506dcbf823bec4a5dad14c4d7353b6a55c28321647df3a85bf9fca4e18aeaf4867e6a3dbdd7a5dbe1a52bddae83fc368404a032b75649cf74d7af8e9e3e43fad643ad3e8575a2bb0507531eac5e10b631575f1360803c8f556e07f292ab66b9bcea0c2f09db289a5934a4f2f5fe5cfc52b270a4a5fa2a8de62dcaf7ef52f1fd84c55e6a0c5a365a3b4e73c4ac6fc26367f3f6c07b06a0874c039622ba2bd369b105f57099f742a000a36c2f044a5de24604f82a1f197d9a70b5a62f794f57ec02df70d459fedd6125ae41479a2661360a79e175f0add2820018d5985183ee80f681403a7d08e0e2b88d0750c90b7ed5fed6f81ce797f3b60445ce811d2b4e45005a5ea06c1fe927af06433cd3885dc954e698a7a73416c73bfab7773a6e5e14338797ce9148cda4c0bf05fb67915aeb3661e755e4e1a0ceedfe8e91ee5361ff4c7c07b422e1443a6616b6eb3c325d5687644a4c0a1d44d9dfd82896f56bdfa0790406984c123e1d37da4a9a9444485e9b1e3b6b548528989d2aecc1e7b6ee92ca19298801105ced8964e000000000000000000000000000000000000000000000000000000000003d1c031ee2fc25c7ad34283187545b1343f7ab862e66cf5bf4ba4dbf5fda31619c05ddb97199ad4d01471e9b3c7f485b1e74d0ed34201915e79d5ed229f0773ab6b38529c45b10d0796e005b6d663b942320339b9fe1d4e393b4bcb596898cde06955a345db3cb956b0e5da1c1dba7046f4d12fc65085302f333516804d9f"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffe89}, 0x48)

3.599219395s ago: executing program 8 (id=5355):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x300000a, 0x12, r0, 0xa6d63000)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
readv(r1, &(0x7f0000000000)=[{&(0x7f0000000080)=""/4096, 0x1000}], 0x1)
syz_emit_ethernet(0xfab, &(0x7f0000003200)={@link_local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xf9d, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x4e22, 0x4e20, 0xf89, 0x0, @opaque="c36188db1b21bc2399f98fd1cd989dfe01d7c3d227f404606b4c0592153f0f80fec6842533dba5beffd4d44f8a00d33ec86feb6fe8cca450d31cd8c1745d419c207ef81b6728feba48c1fa7fa537d8fb647d47e6ebdaa143eb866356e0ff922826aa225e5340c0f97510244713ba9400073c39f330c81fa96c48deb4f30d7406fd96c1272003a31f184ca6e6bd9856e8db9c0243fc5b81bdd97ed886f408a02eec1a17a5dd8cae119e1d76a9c0ea5baf2422f11334d516a9b24f4f867d058dbec1bb9e79d0192cab3a15f58dc06f047ee3f46a16c3da51b886c2d7224a053ed216e2910176a7f8732ebeef55a0c4e7c10aaead641c7aca6d383669a682e39859e0688b21592cdcfbce7de55d056edc4f50f609f2ae068497836808674ef7cb510aa1d9f74e718e004b04f9005918128b2b127cf89cdd56805d6b57d77c09208e344d2229ef59ec750d4fefca61f16005dbcf229d736c9a4f58aba66c15b603ea8140a0f53aa757e62ec84f7dcf6639a14264213d6b7bca298ea620f6071142bb19e30941489b44cc37593fc805abcfb76a8a59644f54bff1cf632b56625211cfc265a57795d10dca69236c200425b54150996460c30d92b59726097256d130c565160aad5a1bbba56a7a8429e2d8a05395b3374b37aac913af186e3e984147845a9ba90e6843d3f3022b5e04ba458fa54e7b6fe39cfdf73711b7deab0de9a7ab2f7b84ed53ca2536ad0550cff43563a0d387fd16e63974dcf91d113806ac8b693734fb5a439b361544443249650f723408a27b291756052dddbeb2ec97840db4b22f885f12580dc83963dc8eae77994753b496b583b015711dcb0540774884236664ab3dbf308f3449e87c7304b3b404c24413c7ea3f07c232345a64bcdee63867c78a54191139c9fe63f5aaf7da500b2b0553f20eecec18e90f1bb3254648ef3663a6c18d4d0f07b3cae2d18d3a4e764c0a4c90523615f950cd7a4c20974ddceb72f7b8a1830607c5bc6d1c2dead238029f093b7579c428ed492f783657df9eea57da574edbcae25f55ff2cd6ef2923215ddfa569e900ac72dbb1530d5a737cc065204d6f4b0e965488619f966899cccd218eb9c26974d885fd8ccdd482f4245c7201cd2f13e5aef1efaad1a70a2a6e5da24bbf349453bcd71b677d4fa4e2881699a4f1d010c934eccd1453b07e4617636094a5d9dcc645fea2095e7147d07aafdfd5f0e260abe3ef02280bae5398d51a70565a4443c7139c514fcb6bd004bfa69b3c6239783f53c72c34b37dcf6a124ae4bf26326f929635553b72b3176985584d2e424bfa62f967d9da7ca4864c24bf58011a2d279d67b25a36f8889125cfb6ecff8737a91c44c29f4a49b259388f400db063336bad95ade5b2742e6fa6ec1c0be051d6b946fc812d113423060e492944bb29ab0dcc9a468bac617ee8beec89c6d4747777b46ad0defbb679c39bc31524c6e35a0100a5bc5dfbb771c62dffe3d8cee8d47d0fde520a266fa675d58ad893bd3878f92694c75f2d4313ef8f850906b1b303078856e8362022c2df4a3003857c41efc848dbebcb78213c582a7693e74de76fff13734b4f71fe93d5e8a402adf6bc29563ca500013a2fb739bcd00916ca99f57a590b58cf9ab5dadd040d6222c553b83fa61d127918cb388a831c41d243d27f4037cbf911e3e9e94d5ebc39ef02b1f2606c7fc46c1952c529aab3886b96c04abd5be74f2fce3bab3d96e714c9b4eac73f6c4f781c0407289992a057cb62c9746c35abf8a390aa4f7e7ad1f16ffdee3ec2d1300c9ce0377b6bf645adcf064977ba158064285c399ccc5e0af6d55726ab8c7105374a2b1b4dc69f87360ddd67676108c5622a7a29a243ff2f9eec13446299a5fc2882825dc68514c0e1b3ea0c1342dc85e9c78b03323d12b0e3e8ac1b9d03b4fa31998a2e7c355b0a9623d3eb8cfd5e9c634d6a0e89d525f89722a00f51e4d79870d71d468087fa4416037a26cf0f052d94abd2e239e2a71a7354d5ff2e49373127bf4ce959bd661aa607149564817393ea26cdc94a7ea2e67cd6781daf4586366d036f5531bac80e9c0fdfe4129e445c82ed77c8a55effc523dec5da0412d1f8389ffa390bb0fc3c83502bed630693337cacd081d692abdc8416f1943907036a01331544c1b804d31e1fb148e9a1bc3909e71985bec78fb69eaee933701522c8da9b20e5cbc19c14f7f65d8fd0c8d133a58194dd758556e094e77010d315f6b6ab149fa898482f1b3b7e3eeafea99527293ab6a563d5cf3d049ddd9619e0dd221195280aecf0299b77b85d2393516d84d92d4f03f118f9712f5c072eed8ca31bfa5f05dcd5b7d408d1650b758d60c32aa39646c3bc5611d2d7d43cf31ff6a3cc8dc2efe6d2c968b1202408d807b6a01f6848e10ec8a3ee69a02348035dac5c5f5e6247092275f435cecabde71cc2b8d186df01032a195ecbbb92cc093b4e44445dbd1c2f01622e08dbee78bb545d1e29c7d354d51610bd5f5f48a4e42c0924a5ad9577080c5aafedafc7e971d571d2fc7ce41dff9120753dc221d1a4a9552180a52339dfaf697b1721346f34f1ccfc72f7a9d6cb2261a8b1deabe124cf3c18494fa988bd770726adabf7b0e57d09c0ef5a3bbeee271319218a386d7dadd0daa2c40a7131115a1a7c0c0ae654512f61414b6dcfc5d74afb2071cfdf09b00457a5cf04489dc990a0307e0cc46f90f65205457588a71fd4e772f5e5aa6d0e335debac25f40d48d016f285c2e04f36fc7b8d9419c62123e47a4b9acd40a6dcbbb0d1b8f2765e4424ad848d740fd401bc49c0acc971d1de476e8c586fda0eccf35b29a9a326818b245d75ce36b89b18407bd8f0309f5612a97ca15db0eda6048b8f46e914bdad927c2b636673de0966a09c0ecb7a5fc287af412cc427e598b65ba74000eb394eb95a2f114da106e343edb1a46d1debdf3dae2f9ef6e60f7346c2c53411f2e2e27b1f9e2c020a99442a626f94f5202a5f5023e4aac49d8ceaec8074c223707f80a72be638413c80561e6909e489dd9030f8a110b82bf63e576a73f73cdc6b539b86745ff217ce5eafd18137fc2664e2be2320713417ef1c988486acfe1ae51d21ef4ff022f134d0a817a45b862562cb58e2170d1b906358fa30131e8d23bd24b2124c80f204f8f0d3f74a408aff08f567773e95dce095a2fd61a4d7441fb1a54689b34f3ff163e4686f8f1dfec0f066e2d79cf7354a0a2ad791bc0d089adf16711f7a5a9dc66689f55ca4aaf78eca23865180e6cc87ae773bb6c3fffb71138381377ce40ff7810f015b6f2d2d1f01ef64681825eba419ab413287320f61894ded416bb70a8d6fa164d065ec8d0866c7f9f2387efd74a6eec64e4e081d2a6d2937ba00119472ad0e615bbf7df0a6406f11a01d69a95a13e12aac40eaaf07c3bc3f9a73b931ed9a2a302366e5eee5b23775fc2f253d9ef8f22debeaca87a5af2259c649ce1c2cc8d599a245760739d9d4453409707a5a5fb17e79f2461f919793ddb2fd941a2576b7a929915469faf382fbfc0d6df2c1e301a1d74eef0f8e48a5bff8176f14e9a50432f3b3aa1db9a759c51b712645259cd1f29ccc7bca24b4fdaeb2ee8f7df72b5a60d40d49a1216001395699c6f56a060c65b00d7663e9052968aaff057440978378f8ff83acc4e2e462c9a5083c7ed190dcf5b698d6d045827a88c68ef4215cb5c381ad5f233f01df5f96be0d14bb7b15a5ef60abd5a1c5145a761e9ce47152b05466eb5dd397892fb0e6fb2dd5bc5746c5bc02ff7ddce08f296ccf2fb64b60f724185ee458ccf3a2faedc912af18fc0d71f2e99bf7e1c795b3949a5b2848383d1d905b7ec0a7d00f727caaf392bab8b2c21a16079977b9597c701b42b2b7dbb6d0e882d6d0fc21c88c7ec2b6bf1164cd221c20cd31d54e8e09705b0084c12092d3220e4b16747106c9e0694c8704053e89b99fb1c403d7c848140b941879f544e896f753a12cf00ce0c6c0091fe050258b73f39a6c5e45131386d78ccaed5bd904aff197756cdf6da0a640dce609e394e41dd044a35d6a286e1619e5faa06239006c13b559c737285a1680fbd9ff4b3447808fb6fa025572ffd9f15bd37b4470724a9a573aa0c44b65db5dea2493e88e661765e6cee71b0b662dcb0a2456cb59a134e9301f7ecb44f84291bad3d0f6a229ab4a6d45e119e0e465a4d3a01eb960ded6df76a35da9c188ec1398d0ce36fe8b6c9878a92dd007c9738e3f6640c9190e819707aedae6cbfa99dac49cc598066211d231de93b960620037f4a35a3c94f188020fb2e40cc38b3896999f7cb34d7ebded96f0c696cacc12ae867850d99fe0cf2fa6eb9dd71cfd518586ee772b73bedbdc16e438bfcdbedd5bda2f9698f94e1cc85d9560e0410f21f3ca4dadeefcb1539f0126bd119e65b81654c58b0e168797c7edfd4bb72f44df3d5e0a967155d5cce7ddd90dc4e5db48a6fdf3045aab0855c930d85b038fc999a0e6c5da88aa2180c0fe413fc92cf665e0d12bbc166186669b11abb1cc7ed40c360889f5e7a74e58cdc001650145cdbed086dc2f85ba24d70b6dac47c17876a273b98f1b345f503e82b51768720337a689f70a237f8b6476c96c10335d81edc4a063fbbd878ed5108115e38e690f37cac99110fdbcbc1ec0f52afed136b44d2b12e70ca067ad87da23f9f07a79c0582694bee1d7b9d1ded93cae3dc1d509477706414130039bb9f6d6c91ea5f7538d1993373dca2dfb5c40b1ad1305004c4c81931bec9363ba166feafa32e3eee9b26b22778b6d40c11ec09eb57597c4da7ecf049d58cac998cf27498bf0d414ff444f7355d7ffdb5aebcd1f8809ca1aa5ac9b52c6dd4329e51ffbf0368f1d6e1615a1256ad321b38c591218366a20ac6ad33641c6db0e51fa7e57aa3f6f16da3a94edf130a8eb2fe714620d2687388d5c5c4dbaaa852864cd3ab38d067002b9c15268fd4635d38ba6a9eb96bc55dcb4d8df9590ae8bf2b2e5a3ca5d98532b3ec4aeb9cfc4bac61728c3bf41a094afd26151c9859c6106a0e668682e3b0c18b21a1af2ffb206c60146846650c7579a3b01ac6bbe658d17d5453d7652e5dc0dc89f7cd5b76c810a4a111d51fe85a30470f1ed67dd30fdd6d0900c2e729040cd65634c8376377528275542187f9dde3fa779224804c1f43fbbbe7f0c568f7b0b6291ed2d567ded326aaa67ffce3529c8f11251c9d562cd02739935c8e303c1c997d8820876815c763d7802e85885966f5f7e38086b7218c11d65e0f9133ef47cbe1222ea8b0652e924d8924544a88a26461e1ad24bfbc7194005b4fb3fe7344c1e68a5034aaeaedfd46c2204e465617391835af34ec320bd7dad276ae9d7fb1f09aa3dc066bb6aa153394b3edb09491fa913d0e4c158baa16e66809180420596f59f20224f61cce7c1c4bd73d6da82ce9129bc8dab8ece3a255185061b6830c99d73a73563c8880ca33abc07e36219398fb6641c39b22a099920219e66e1130d14a8bbb6f9ee2eba93ee50025970627781b38e5f6b82d7ddd5ae2f6612701758ffff9fb706e599ae109998bbba94505115aa09f36e97adf0ce23a03ec8ecda201b7e2be501122dfa"}}}}}, 0x0)

3.453306568s ago: executing program 8 (id=5360):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000180)={&(0x7f0000000040)=[<r1=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000001c0)={r1, <r2=>0x0, <r3=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000900)={0x0, 0x0, r2, r3, 0x9, 0x1, 0x4, 0x1000, {0x8, 0x5, 0x5, 0x5800, 0xc88f, 0xf84, 0x1, 0x9, 0x9, 0xd24, 0x1ff, 0xffffffff, 0xff, 0x10000, "6f471b13138557b30bd15586b7445443c57ca9743e419c2cd5a67297dceeb0be"}})

3.452959645s ago: executing program 8 (id=5362):
syz_usb_connect$uac2(0x3, 0x7b, &(0x7f00000000c0)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x20, 0x644, 0x8047, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x69, 0x3, 0x1, 0x4, 0x100, 0x7f, {0x8, 0xb, 0x0, 0x1, 0x1, 0xa, 0x20, 0x2}, {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x20, 0x0, {{0x9, 0x24, 0x1, 0x7, 0x6, 0x9, 0xb2}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x20, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x200, 0x6, 0x99, 0x80, {0x8, 0x25, 0x1, 0x1, 0x18, 0x1e}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x20, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x200, 0xe, 0x4, 0x52, {0x8, 0x25, 0x1, 0x4, 0xf, 0x43, 0x3ce}}}}}}}}]}}, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0})

2.009698531s ago: executing program 5 (id=5371):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
close(0x3)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x4e20, 0x80, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x1}]}, &(0x7f0000000140)=0x10)
getpeername(r0, 0x0, 0x0)

919.55623ms ago: executing program 5 (id=5379):
mmap(&(0x7f0000ff4000/0xc000)=nil, 0xc000, 0x1000007, 0x20031, 0xffffffffffffffff, 0xd0db8000)
mremap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ffc000/0x2000)=nil)
remap_file_pages(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0, 0x7, 0x80000)

834.011064ms ago: executing program 5 (id=5380):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x20, &(0x7f00000000c0)="0bbb268dd6ffa80800000000000000000000210d0000aaa8fa017242ba9380d41100000000000000290000000b000000", 0xfe60)

833.806304ms ago: executing program 5 (id=5381):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWRULE={0x98, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x405}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x6c, 0x4, 0x0, 0x1, [{0x68, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x58, 0x2, 0x0, 0x1, [@NFTA_INNER_HDRSIZE={0x8, 0x4, 0x1, 0x0, 0x17}, @NFTA_INNER_EXPR={0x34, 0x5, 0x0, 0x1, @payload={{0xc}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_OFFSET={0x8, 0x3, 0x1, 0x0, 0x92}, @NFTA_PAYLOAD_LEN={0x8}, @NFTA_PAYLOAD_DREG={0x8, 0x1, 0x1, 0x0, 0xd}, @NFTA_PAYLOAD_BASE={0x8, 0x2, 0x1, 0x0, 0x2}]}}}, @NFTA_INNER_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_INNER_TYPE={0x8, 0x2, 0x1, 0x0, 0x84}, @NFTA_INNER_NUM={0x8}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xc0}, 0x1, 0x0, 0x0, 0x48890}, 0x24000000)

769.754379ms ago: executing program 5 (id=5382):
r0 = socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000380)={'team0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000cc0)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xffff}, {0xffff, 0xffff}, {0x5}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0xff, [0x2, 0x2, 0x10, 0x0, 0x8, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfc, 0xff, 0x0, 0x2, 0x0, 0x2], 0x10, [0x2, 0x2, 0xfffe, 0x0, 0xfffb, 0x0, 0x2, 0x0, 0x0, 0x5c4, 0x0, 0x800, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0xfffc, 0x0, 0x6, 0xffff, 0x0, 0x4, 0x0, 0xe, 0x0, 0x0, 0xffe]}}}}]}, 0x88}}, 0x4004024)

769.55529ms ago: executing program 5 (id=5383):
timer_create(0xfffffffffffffffd, 0x0, &(0x7f00000000c0)=<r0=>0x0)
exit(0x2616)
timer_gettime(r0, &(0x7f0000000000))

267.569837ms ago: executing program 0 (id=5390):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
move_pages(0x0, 0x2, &(0x7f0000000100)=[&(0x7f0000ffc000/0x4000)=nil, &(0x7f000009b000/0x2000)=nil], &(0x7f0000001180), &(0x7f0000000000), 0x0)

267.427527ms ago: executing program 0 (id=5391):
io_setup(0x8, &(0x7f00000001c0)=<r0=>0x0)
io_submit(r0, 0x1, &(0x7f00000002c0)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0xb, 0xffffffffffffffff, &(0x7f0000000200)="867bd8e6", 0xfffffffffffffef2, 0xd5b5}])

160.866249ms ago: executing program 8 (id=5392):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000000000020000000900020073797a314000000008000440000000000900010073797a3000000000080003"], 0x64}}, 0x0)

160.627748ms ago: executing program 0 (id=5393):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)={0x60, 0x2, 0x6, 0xb05, 0x0, 0x0, {0x1, 0x0, 0x1}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_NETMASK={0x5}, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x2}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}]}, 0x60}, 0x1, 0x0, 0x0, 0x10000080}, 0x42)

85.436427ms ago: executing program 8 (id=5394):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000002c0)='./file1\x00', 0x480, &(0x7f0000000480)={[{@usrquota}, {@dioread_lock}]}, 0x2, 0x78c, &(0x7f00000005c0)="$eJzs3c1rHGUYAPBntpukptVGELSeAgUNlG5Mja2Ch4oHESwU9GwbNttQs8mW7KY0IaBFBC/iBx4EvfTcar159eOqf4B3D9JSNS1GPEhkNrvpttmNmzSbtezvB5O873zkmWfe+XizM+wE0LOG0x+ZiIMR8VEScaA2PomIvmopG3Fibb6V5aV8OiSxuvr670l1ntvLS/loWCa1r1Z5IiK+fy/icGZj3PLC4vREsViYq9VHKzPnR8sLi0fOzUxMFaYKs8fGxsePHn/u+LGdy/XPnxb33/j4lae/OvH3u49f++CHJE7E/tq0xjx2ynAM17ZJX7oJ7/JyvL3T4boq6fYKsC3pobln7SiPg0laznZ7lQCADkt7oasAQI9JXP8BoMfUPwe4vbyUrw/d/URid918KSL2ruVfv7+5NiVbu2e3t3ofdPB2ctedkSQihnYg/nBEfPHNm1fTITp0HxKgmXcuRcSZoeGN5/9kwzMLW/VMG/MM31Nfj/9zX6tFmjxNAmzHt2n/5/lm/b/Mev8n7un/fLgvYqDJsbsdLY//dZnrOxCmpbT/92LDs20rDfnXDO2p1R6u9vn6krPnioX03PZIRIxE30BaH9skxsitf261mtbY//vjk7eupPHT33fmyFzPDty9zOREZeJ+cm5081LEk9lm+Sfr7Z+06P+eajPGqy+8/3mraWn+ab71YWP+nbV6OeKppu1/54m2ZNPnE0eru8Nofado4utfPhtsFb+x/dNhZXlpNYm4uvOZNpe2/+Dm+Q8ljc9rlrce48fLB75rNa1J/vn6/0Jrmu///ckb1XJ/bdzFiUplbiyiP3lt4/ijd5at1+vzp/mPHIpss+N/s/0/7Z2caTP/7I3fvtx+/p2V5j+5pfbfeuHayvSeVvHba//xammkNqad81+7K3g/2w4AAAAAAAAAAAAAAAAAAAAAAAAA2pWJiP2RZHLr5Uwml1t7h/djMZgplsqVw2dL87OTUX1X9lD0ZepfdXmg4ftQx2rfh1+vH72n/mxEPBoRnw48VK3n8qXiZLeTBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICafS3e/5/6daDbawcAdMzebq8AALDrXP8BoPe4/gNA73H9B4De4/oPAL3H9R8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAOO3XyZDqs/rW8lE/rkxcW5qdLF45MFsrTuZn5fC5fmjufmyqVpoqFXL40819/r1gqnR+P2fmLo5VCuTJaXlg8PVOan62cPjczMVU4XejblawAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYGvKC4vTE8ViYU7hAShka63WgRCHruxWFpl6Eru16fo7lcX/YZfoWKGLJyUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAB8i/AQAA//+atSHn")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x0)
write$P9_RREADLINK(r0, &(0x7f0000000000)={0xffffffffffffff23, 0x17, 0x2, {0x7, './file0'}}, 0xfffffdab)

85.296983ms ago: executing program 0 (id=5395):
r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01)
fcntl$setstatus(r0, 0x4, 0x800)

232.541µs ago: executing program 0 (id=5396):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
unshare(0x22020600)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r0, 0x0, 0x0, 0x4}, 0x20)

0s ago: executing program 0 (id=5397):
bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000005000000020000000010"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800003ab400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r1}, 0xc)

kernel console output (not intermixed with test programs):

  389.996190][ T6040] usb 1-1: Using ep0 maxpacket: 8
[  390.005229][ T6040] usb 1-1: unable to get BOS descriptor or descriptor too short
[  390.010555][T15262] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0
[  390.014715][ T6040] usb 1-1: config 9 has an invalid interface number: 142 but max is 0
[  390.018817][ T6040] usb 1-1: config 9 has no interface number 0
[  390.024105][ T6040] usb 1-1: config 9 interface 142 altsetting 209 bulk endpoint 0xF has invalid maxpacket 32
[  390.032280][ T6040] usb 1-1: config 9 interface 142 altsetting 209 endpoint 0xD has an invalid bInterval 241, changing to 11
[  390.042514][ T6040] usb 1-1: config 9 interface 142 has no altsetting 0
[  390.052374][ T6040] usb 1-1: New USB device found, idVendor=06e0, idProduct=f110, bcdDevice=66.44
[  390.058248][ T6040] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  390.061511][ T6040] usb 1-1: Product: syz
[  390.063305][ T6040] usb 1-1: Manufacturer: syz
[  390.065466][ T6040] usb 1-1: SerialNumber: syz
[  390.073839][T15250] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  390.260341][T15268] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3805'.
[  390.276086][T11024] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  390.312239][ T6040] ti_usb_3410_5052 1-1:9.142: TI USB 3410 1 port adapter converter detected
[  390.326608][ T6040] ti_usb_3410_5052 1-1:9.142: missing endpoints
[  390.341674][ T6040] usb 1-1: USB disconnect, device number 43
[  390.373153][T15273] netlink: 'syz.5.3806': attribute type 10 has an invalid length.
[  390.517541][T15280] loop5: detected capacity change from 0 to 512
[  390.536829][T15280] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  390.542741][T15280] ext4 filesystem being mounted at /591/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  390.609160][T11024] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  391.072451][T15299] netlink: 'syz.0.3817': attribute type 1 has an invalid length.
[  391.080162][T15299] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3817'.
[  391.093520][T15299] NCSI netlink: No device for ifindex 0
[  392.060442][T15309] loop0: detected capacity change from 0 to 512
[  392.072037][T15309] EXT4-fs: inline encryption not supported
[  392.159244][T15309] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  392.164242][T15309] ext4 filesystem being mounted at /1160/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  392.214820][ T5781] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  392.459276][T15328] xt_bpf: check failed: parse error
[  392.770550][T15347] loop5: detected capacity change from 0 to 1024
[  392.781790][T15347] EXT4-fs error (device loop5): __ext4_fill_super:5596: comm syz.5.3838: inode #2: comm syz.5.3838: iget: illegal inode #
[  392.799319][T15347] loop5: lost filesystem error report for type 5 error -117
[  392.802815][T15347] EXT4-fs (loop5): Remounting filesystem read-only
[  392.807379][    C1] EXT4-fs (loop5): error count since last fsck: 1
[  392.809456][    C1] EXT4-fs (loop5): initial error at time 1778602031: __ext4_fill_super:5596
[  392.812331][    C1] EXT4-fs (loop5): last error at time 1778602031: __ext4_fill_super:5596
[  392.821258][T15347] EXT4-fs (loop5): get root inode failed
[  392.827111][T15347] EXT4-fs (loop5): mount failed
[  393.140199][ T6040] usb 1-1: new high-speed USB device number 44 using dummy_hcd
[  393.164137][T15364] tmpfs: Bad value for 'mpol'
[  393.301959][T15367] loop5: detected capacity change from 0 to 1024
[  393.314107][T15367] EXT4-fs (loop5): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  393.379473][T15367] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  393.502267][T15370] EXT4-fs error (device loop5): __ext4_remount:6837: comm syz.5.3846: Abort forced by user
[  393.534143][T15370] EXT4-fs (loop5): Remounting filesystem read-only
[  393.539014][T15370] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000.
[  393.663955][ T6040] usb 1-1: Using ep0 maxpacket: 8
[  393.997286][ T6040] usb 1-1: config 179 has an invalid interface number: 65 but max is 0
[  394.158623][ T6040] usb 1-1: config 179 has no interface number 0
[  394.165154][ T6040] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  394.166215][T11024] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  394.168951][ T6040] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  394.168967][ T6040] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  394.180313][ T6040] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  394.184335][ T6040] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  394.189576][ T6040] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  394.192510][ T6040] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  394.200278][T15352] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  394.330512][T15386] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3852'.
[  394.419991][T15388] loop5: detected capacity change from 0 to 128
[  394.442104][T15388] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  394.464562][T15388] hpfs: filesystem error: improperly stopped
[  394.505398][T15388] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  394.515060][T15388] hpfs: You really don't want any checks? You are crazy...
[  394.527122][T15388] hpfs: hpfs_map_sector(): read error
[  394.536743][T15388] hpfs: code page support is disabled
[  394.539706][T15388] hpfs: hpfs_map_4sectors(): unaligned read
[  394.544294][T15388] hpfs: hpfs_map_4sectors(): unaligned read
[  394.549238][T15388] hpfs: filesystem error: unable to find root dir
[  394.700908][    C0] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  394.700914][   T24] usb 1-1: USB disconnect, device number 44
[  394.703569][    C0] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  394.858860][T15394] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3855'.
[  396.103145][T15438] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3875'.
[  396.195754][T15440] sctp: [Deprecated]: syz.5.3876 (pid 15440) Use of struct sctp_assoc_value in delayed_ack socket option.
[  396.195754][T15440] Use struct sctp_sack_info instead
[  397.572578][T15463] loop0: detected capacity change from 0 to 1024
[  398.980986][T15480] loop6: detected capacity change from 0 to 256
[  398.984352][T15480] exfat: Deprecated parameter 'namecase'
[  399.018835][T15480] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0x36bd6320, utbl_chksum : 0xe619d30d)
[  399.062048][   T33] audit: type=1400 audit(1778602037.682:114): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AAE86AD47AA0D9495E6D80F7BDE2D18FFB36CF152AED2D408FB58E305FC8E2F2F7D91F81B621CC4214D4A27E1614FBEE0BEAC8F4A045070B770212D46D4A2DF096B791F2A4BA218E12CB76AA24945B70A7C9DD5EDEAC52B5A876F73CFBE66371A72F11F3D9544D6B59B4A5541DCEF5CBF11FFFF37DFD147CCA3E5098A207BE806EA7167101F8C1B5C8FE41E170FD0C775DBC5BE0B6DAB702E5B1DC15F9C4B3D09BE812F340E681E0694F5BADF640DA3FDFC2F929B4C2BEB9A592C577287B6021BFEEC24146C7F95608BB60A736207A09D9F47E89C4044EADDE57CDEFD15F25B822D2EAF2205DF0D6B71B63EE0B63CB598F26509AF36FD3578F6F4198A0843CC1B1BD780015007AB9709CC6211E3B5C6851551514C1413C54571515294144E3891201244195146941565453971AB282F6E13154445D1C649515954116D5D5571A7A826AA89EAA286A8296A895AA2B6A82DEA883AA2AEA82BEA897AA2BE78403410BDB13F3E24B22AD3580CC12662283615CD84BCF80ED64A0CC7D6A28D682B9E10237104B617AD5CA2785A741063B0A3F88B188BCF8ACE623C7611CF8BAEA29BE82E5E103D446BD753F41293B1B7E82
[  399.317447][T15492] loop6: detected capacity change from 0 to 1764
[  399.468827][T15497] tmpfs: Bad value for 'mpol'
[  399.671619][T15504] loop6: detected capacity change from 0 to 32768
[  399.734563][T15504] XFS (loop6): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  399.755146][T15504] XFS (loop6): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  399.770541][T15504] XFS (loop6): Starting recovery (logdev: internal)
[  399.795273][T15504] XFS (loop6): Ending recovery (logdev: internal)
[  399.811939][   T33] audit: type=1800 audit(1778602038.383:115): pid=15504 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.3902" name="file1" dev="loop6" ino=4422 res=0 errno=0
[  399.830365][   T33] audit: type=1800 audit(1778602038.393:116): pid=15504 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.3902" name="file1" dev="loop6" ino=4422 res=0 errno=0
[  400.737304][T15535] loop0: detected capacity change from 0 to 40427
[  400.743787][T15535] f2fs: Bad value for 'fault_injection'
[  401.555119][T15561] loop2: detected capacity change from 0 to 7
[  401.566413][T15561] Dev loop2: unable to read RDB block 7
[  401.571660][T15561]  loop2: unable to read partition table
[  401.576652][T15561] loop2: partition table beyond EOD, truncated
[  401.587377][T15561] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5)
[  401.804132][T15567] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  401.807619][T15565] loop5: detected capacity change from 0 to 32768
[  401.819443][T15567] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  401.877883][T15565] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  401.892390][T15567] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  401.896195][T15567] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[  401.913278][T15565] XFS (loop5): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  401.924406][T15565] XFS (loop5): Starting recovery (logdev: internal)
[  401.949223][T15565] XFS (loop5): Ending recovery (logdev: internal)
[  401.951818][T15567] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  401.967989][T15567] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  401.993871][T15565] XFS (loop5): Metadata corruption detected at xfs_inobt_verify+0x9e/0x1f0, xfs_finobt block 0x8 
[  402.001324][T15565] XFS (loop5): Unmount and run xfs_repair
[  402.003733][T15565] XFS (loop5): First 128 bytes of corrupted metadata buffer:
[  402.006747][T15565] 00000000: 41 42 33 42 00 00 00 02 ff ff ff ff ff ff ff ff  AB3B............
[  402.011867][T15565] 00000010: 00 00 00 00 00 00 00 08 00 00 00 01 00 00 00 10  ................
[  402.015369][T15565] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb  ...^T.Lr......N.
[  402.019543][T15565] 00000030: 00 00 00 00 c8 fc 31 e4 00 00 04 4e 00 00 00 02  ......1....N....
[  402.023188][T15565] 00000040: 00 00 04 60 00 00 0b a0 00 00 00 00 00 00 00 00  ...`............
[  402.026679][T15565] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  402.030128][T15565] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  402.034422][T15565] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  402.038338][T15565] XFS (loop5): metadata I/O error in "xfs_btree_read_buf_block+0x2b0/0x490" at daddr 0x8 len 8 error 117
[  402.069442][T11024] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  402.088763][T11024] XFS (loop5): Uncorrected metadata errors detected; please run xfs_repair.
[  402.508165][T15592] loop5: detected capacity change from 0 to 4096
[  402.584335][T15593] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  402.645688][T15592] NILFS (loop5): nilfs_ioctl_move_inode_block: invalid virtual block address (node): ino=7, cno=549755813889, offset=7, blocknr=0, vblocknr=1845
[  402.654042][T15592] NILFS (loop5): error -2 preparing GC: cannot read source blocks
[  402.772620][T15603] loop5: detected capacity change from 0 to 512
[  402.849609][T13136] XFS (loop6): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  402.864824][T15603] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  402.883687][T15603] ext4 filesystem being mounted at /650/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  402.957013][T11024] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  403.405546][T15625] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3948'.
[  403.416849][T15625] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3948'.
[  403.572855][   T33] audit: type=1326 audit(1778602041.910:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15638 comm="syz.5.3954" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f59cb39cdd9 code=0x0
[  403.910687][T15649] loop5: detected capacity change from 0 to 32768
[  403.913864][T15649] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.3960 (15649)
[  403.920340][T15649] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  403.924484][T15649] BTRFS info (device loop5): using sha256 checksum algorithm
[  403.940969][T15649] BTRFS info (device loop5): enabling ssd optimizations
[  403.943275][T15649] BTRFS info (device loop5): turning on async discard
[  403.945433][T15649] BTRFS info (device loop5): enabling free space tree
[  403.977180][T11024] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  404.110497][T15666] loop5: detected capacity change from 0 to 2048
[  404.114891][T15666] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024)
[  404.162246][T15667] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  404.223969][T15666] NILFS (loop5): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157
[  404.241710][T15666] NILFS error (device loop5): nilfs_bmap_last_key: broken bmap (inode number=16)
[  404.300355][T15666] Remounting filesystem read-only
[  404.303099][T15666] NILFS (loop5): error -5 truncating bmap (ino=16)
[  404.346489][T11024] NILFS (loop5): disposed unprocessed dirty file(s) when detaching log writer
[  404.964117][T15675] loop0: detected capacity change from 0 to 16
[  405.014524][T15675] erofs (device loop0): unsupported chunk format ffff of nid 36
[  405.543548][   T33] audit: type=1326 audit(1778602043.734:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15688 comm="syz.5.3966" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59cb39cdd9 code=0x7ffc0000
[  405.566396][   T33] audit: type=1326 audit(1778602043.753:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15688 comm="syz.5.3966" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59cb39cdd9 code=0x7ffc0000
[  405.590663][   T33] audit: type=1326 audit(1778602043.753:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15688 comm="syz.5.3966" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59cb39cdd9 code=0x7ffc0000
[  405.607863][   T33] audit: type=1326 audit(1778602043.753:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15688 comm="syz.5.3966" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59cb39cdd9 code=0x7ffc0000
[  405.623862][   T33] audit: type=1326 audit(1778602043.753:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15688 comm="syz.5.3966" exe="/syz-executor" sig=0 arch=c000003e syscall=67 compat=0 ip=0x7f59cb39cdd9 code=0x7ffc0000
[  405.644176][   T33] audit: type=1326 audit(1778602043.753:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15688 comm="syz.5.3966" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59cb39cdd9 code=0x7ffc0000
[  405.664911][   T33] audit: type=1326 audit(1778602043.753:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15688 comm="syz.5.3966" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59cb39cdd9 code=0x7ffc0000
[  405.675436][   T33] audit: type=1326 audit(1778602043.762:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15688 comm="syz.5.3966" exe="/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f59cb39cdd9 code=0x7ffc0000
[  405.684911][   T33] audit: type=1326 audit(1778602043.762:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15688 comm="syz.5.3966" exe="/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f59cb39cdd9 code=0x7ffc0000
[  405.790124][T15695] loop5: detected capacity change from 0 to 32768
[  406.888289][   T33] audit: type=1326 audit(1778602045.007:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15712 comm="syz.6.3977" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd06199cdd9 code=0x7ffc0000
[  406.963872][T15711] loop0: detected capacity change from 0 to 131072
[  406.966631][T15711] F2FS-fs (loop0): Wrong CP boundary, start(512) end(1536) blocks(0)
[  406.969365][T15711] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  406.973237][T15711] F2FS-fs (loop0): invalid crc value
[  407.035691][T15711] F2FS-fs (loop0): checksum invalid, nid = 3, ino_of_node = 3, b74bd9ca vs. 30330db5
[  407.038918][T15711] F2FS-fs (loop0): Failed to read root inode
[  409.065748][ T5754] usb 1-1: new full-speed USB device number 45 using dummy_hcd
[  409.238965][ T5754] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  409.245524][ T5754] usb 1-1: New USB device found, idVendor=04e8, idProduct=ff30, bcdDevice=a6.d1
[  409.251412][ T5754] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  409.254615][ T5754] usb 1-1: Product: syz
[  409.256165][ T5754] usb 1-1: Manufacturer: syz
[  409.257815][ T5754] usb 1-1: SerialNumber: syz
[  409.262472][ T5754] usb 1-1: config 0 descriptor??
[  409.272698][ T5754] imon_raw 1-1:0.0: IR endpoint missing
[  409.319915][T15737] netlink: 32 bytes leftover after parsing attributes in process `syz.6.3987'.
[  409.374176][T15739] mac80211_hwsim hwsim17 wlan1: entered allmulticast mode
[  409.404177][T15739] bridge_slave_0: left allmulticast mode
[  409.406737][T15739] bridge_slave_0: left promiscuous mode
[  409.412436][T15739] bridge0: port 1(bridge_slave_0) entered disabled state
[  409.421069][T15739] bridge_slave_1: left allmulticast mode
[  409.423470][T15739] bridge_slave_1: left promiscuous mode
[  409.426483][T15739] bridge0: port 2(bridge_slave_1) entered disabled state
[  409.442819][T15739] bond0: (slave bond_slave_0): Releasing backup interface
[  409.449155][T15739] bond0: (slave bond_slave_1): Releasing backup interface
[  409.450689][T15740] netlink: 'syz.6.3988': attribute type 10 has an invalid length.
[  409.467976][T15739] team0: Port device team_slave_0 removed
[  409.476017][T15739] team0: Port device team_slave_1 removed
[  409.479035][T15739] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  409.488322][T15739] batman_adv: batadv0: Removing interface: batadv_slave_0
[  409.491126][  T270] usb 1-1: USB disconnect, device number 45
[  409.497503][T15739] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  409.528933][T15739] netlink: 14 bytes leftover after parsing attributes in process `syz.6.3988'.
[  409.535388][T15739] bond0 (unregistering): Released all slaves
[  410.247155][T15749] netlink: 'syz.6.3992': attribute type 11 has an invalid length.
[  410.249708][T15749] netlink: 36 bytes leftover after parsing attributes in process `syz.6.3992'.
[  410.343026][T15762] netlink: 65039 bytes leftover after parsing attributes in process `syz.6.3997'.
[  410.607161][T15769] loop6: detected capacity change from 0 to 32768
[  410.649647][T15769] XFS (loop6): DAX unsupported by block device. Turning off DAX.
[  410.655299][T15769] XFS (loop6): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  410.691502][T15769] XFS (loop6): Ending clean mount
[  410.717679][T13136] XFS (loop6): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  410.904168][   T33] kauditd_printk_skb: 21 callbacks suppressed
[  410.904178][   T33] audit: type=1326 audit(1778602048.758:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15788 comm="syz.5.4007" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59cb39cdd9 code=0x7ffc0000
[  410.956474][   T33] audit: type=1326 audit(1778602048.758:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15788 comm="syz.5.4007" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59cb39cdd9 code=0x7ffc0000
[  410.967421][   T33] audit: type=1326 audit(1778602048.758:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15788 comm="syz.5.4007" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59cb39cdd9 code=0x7ffc0000
[  410.975040][   T33] audit: type=1326 audit(1778602048.758:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15788 comm="syz.5.4007" exe="/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7f59cb39cdd9 code=0x7ffc0000
[  410.983268][   T33] audit: type=1326 audit(1778602048.805:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15788 comm="syz.5.4007" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59cb39cdd9 code=0x7ffc0000
[  410.992969][   T33] audit: type=1326 audit(1778602048.805:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15788 comm="syz.5.4007" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59cb39cdd9 code=0x7ffc0000
[  411.002422][   T33] audit: type=1326 audit(1778602048.805:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15788 comm="syz.5.4007" exe="/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f59cb39cdd9 code=0x7ffc0000
[  411.014735][   T33] audit: type=1326 audit(1778602048.805:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15788 comm="syz.5.4007" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59cb39cdd9 code=0x7ffc0000
[  411.045064][   T33] audit: type=1326 audit(1778602048.805:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15788 comm="syz.5.4007" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59cb39cdd9 code=0x7ffc0000
[  411.058545][   T33] audit: type=1326 audit(1778602048.805:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15788 comm="syz.5.4007" exe="/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f59cb35d60e code=0x7ffc0000
[  411.111250][T15807] netlink: 'syz.0.4015': attribute type 3 has an invalid length.
[  411.277578][T15817] netlink: 'syz.6.4019': attribute type 11 has an invalid length.
[  411.446146][T15827] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4025'.
[  411.575235][T15836] ptrace attach of "/syz-executor exec"[5781] was attempted by "\x0a                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          
[  411.737658][T15842] Invalid source name
[  414.064740][T15872] loop0: detected capacity change from 0 to 2048
[  414.109925][T15872] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  415.421269][T15900] loop0: detected capacity change from 0 to 4096
[  415.427452][T15900] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512).
[  415.455344][T15900] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[  415.477429][T15900] ntfs3(loop0): ino=1e, "file1" The size of extended attributes must not exceed 64KiB
[  415.839395][T15904] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT
[  415.995304][T15908] netlink: 388 bytes leftover after parsing attributes in process `syz.5.4059'.
[  416.413435][T15923] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4066'.
[  416.558967][T15931] loop5: detected capacity change from 0 to 16
[  416.568126][T15931] erofs (device loop5): invalid checksum 0x48266655, 0xf8c4b9bf expected
[  416.705020][T15941] xt_CT: You must specify a L4 protocol and not use inversions on it
[  417.991879][T15970] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4087'.
[  418.260723][T15982] loop0: detected capacity change from 0 to 4096
[  418.268449][T15982] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  418.279076][T15982] EXT4-fs (loop0): Test dummy encryption mode enabled
[  418.308871][T15985] loop6: detected capacity change from 0 to 512
[  418.309546][T15982] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  418.317803][T15985] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  418.336651][T15985] EXT4-fs (loop6): ext4_check_descriptors: Block bitmap for group 0 not in group (block 3)!
[  418.348319][T15985] EXT4-fs (loop6): group descriptors corrupted!
[  418.363107][ T5781] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  418.647028][T16000] netlink: 'syz.0.4101': attribute type 11 has an invalid length.
[  418.991185][T16004] loop5: detected capacity change from 0 to 32768
[  419.008702][   T33] kauditd_printk_skb: 65 callbacks suppressed
[  419.008718][   T33] audit: type=1800 audit(1778602056.345:223): pid=16004 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.4103" name="file2" dev="loop5" ino=7 res=0 errno=0
[  419.024602][T16011] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4106'.
[  419.325050][T16021] loop5: detected capacity change from 0 to 4096
[  419.329584][T16021] ntfs3(loop5): Different NTFS sector size (4096) and media sector size (512).
[  419.333100][T16021] ntfs3(loop5): RAW NTFS volume: Filesystem size 0.00 Gb > volume size 0.00 Gb. Mount in read-only.
[  419.348305][T16021] ntfs3(loop5): ino=19, mi_enum_attr
[  419.353134][T16021] ntfs3(loop5): ino=19, mi_enum_attr
[  419.355379][T16021] ntfs3(loop5): Failed to initialize $Extend/$ObjId.
[  419.616895][T16041] xt_hashlimit: size too large, truncated to 1048576
[  419.685085][T16039] sd 0:0:0:0: PR command failed: 1026
[  419.690844][T16039] sd 0:0:0:0: Sense Key : Illegal Request [current] 
[  419.699179][T16039] sd 0:0:0:0: Add. Sense: Invalid command operation code
[  419.806907][T16048] netlink: 104 bytes leftover after parsing attributes in process `syz.5.4117'.
[  420.019878][T16067] netlink: 20 bytes leftover after parsing attributes in process `syz.6.4124'.
[  420.170339][T16057] loop5: detected capacity change from 0 to 32768
[  420.175909][T16057] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.4119 (16057)
[  420.183878][T16057] BTRFS info (device loop5): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  420.188195][T16057] BTRFS info (device loop5): using crc32c checksum algorithm
[  420.505276][T16057] BTRFS info (device loop5): enabling ssd optimizations
[  420.520959][T16057] BTRFS info (device loop5): turning on async discard
[  420.529736][T16057] BTRFS info (device loop5): enabling free space tree
[  421.139809][   T56] block nbd1: Receive control failed (result -32)
[  421.251855][T11024] BTRFS info (device loop5): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  421.287620][T16099] netlink: 'syz.6.4132': attribute type 39 has an invalid length.
[  422.066645][T16129] loop6: detected capacity change from 0 to 32768
[  422.091506][T16129] JBD2: Ignoring recovery information on journal
[  422.115519][T16129] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[  422.427487][   T10] usb 6-1: new low-speed USB device number 28 using dummy_hcd
[  422.590377][   T10] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  422.593921][   T10] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid maxpacket 16, setting to 8
[  422.597846][   T10] usb 6-1: config 0 interface 0 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  422.603902][   T10] usb 6-1: config 0 interface 0 has no altsetting 0
[  422.606320][   T10] usb 6-1: New USB device found, idVendor=0810, idProduct=0001, bcdDevice= 0.00
[  422.609881][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  422.613955][   T10] usb 6-1: config 0 descriptor??
[  422.618430][T16140] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  422.921814][T13136] ocfs2: Unmounting device (7,6) on (node local)
[  423.072004][   T10] pantherlord 0003:0810:0001.000B: unknown global tag 0xd
[  423.079002][   T10] pantherlord 0003:0810:0001.000B: item 0 4 1 13 parsing failed
[  423.087222][   T10] pantherlord 0003:0810:0001.000B: parse failed
[  423.089740][   T10] pantherlord 0003:0810:0001.000B: probe with driver pantherlord failed with error -22
[  423.300799][   T10] usb 6-1: USB disconnect, device number 28
[  423.450324][T16152] loop6: detected capacity change from 0 to 128
[  423.458737][T16152] FAT-fs (loop6): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  424.224733][T16169] loop6: detected capacity change from 0 to 512
[  424.229935][T16169] EXT4-fs (loop6): external journal device major/minor numbers have changed
[  424.238818][T16169] EXT4-fs (loop6): external journal has bad superblock
[  424.323218][T16171] netlink: 'syz.6.4163': attribute type 22 has an invalid length.
[  424.325819][T16171] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4163'.
[  424.340344][T13232] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  424.343994][T16171] netlink: 'syz.6.4163': attribute type 22 has an invalid length.
[  424.347230][T13232] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  424.351022][T16171] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4163'.
[  424.355726][T13232] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  424.359207][T13232] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  424.635964][T16182] input: syz0 as /devices/virtual/input/input18
[  425.347252][T16189] netlink: 25 bytes leftover after parsing attributes in process `syz.6.4170'.
[  425.818099][T16218] bridge_slave_1: entered allmulticast mode
[  427.742872][T16241] loop5: detected capacity change from 0 to 32768
[  427.752245][T16241] BTRFS error: failed to parse compression option 'zstd:nobarrier'
[  427.761561][T16263] 9p: Unknown access argument 18446744073709551615: -34
[  428.036121][T16266] loop6: detected capacity change from 0 to 32768
[  428.052248][T16266] XFS (loop6): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  428.060375][T16266] XFS (loop6): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x50.
[  428.069931][T16266] XFS (loop6): Starting recovery (logdev: internal)
[  428.125854][T16266] XFS (loop6): Ending recovery (logdev: internal)
[  428.193197][T13136] XFS (loop6): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  428.446546][T16299] loop6: detected capacity change from 0 to 164
[  428.874428][T16327] loop5: detected capacity change from 0 to 256
[  428.970583][T16335] Bluetooth: hci0: load_link_keys: expected 3 bytes, got 7 bytes
[  429.089965][T16339] loop6: detected capacity change from 0 to 4096
[  429.291011][T16341] loop5: detected capacity change from 0 to 512
[  429.297241][T16341] EXT4-fs: Ignoring removed orlov option
[  429.303826][T16341] EXT4-fs (loop5): Test dummy encryption mode enabled
[  429.314684][T16341] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  429.437177][T16341] EXT4-fs (loop5): 1 truncate cleaned up
[  429.468954][T16341] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  430.945348][T11024] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  431.069994][T16352] CUSE: info not properly terminated
[  431.415351][   T69] ntfs3(loop6): ino=5, mi_enum_attr
[  431.486477][T16358] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4239'.
[  431.542452][   T33] audit: type=1326 audit(1778602068.067:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16360 comm="syz.5.4240" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f59cb39cdd9 code=0x0
[  431.560408][T16362] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  431.566011][T16362] syzkaller0: MTU too low for tipc bearer
[  431.569736][T16362] tipc: Disabling bearer <eth:syzkaller0>
[  431.877884][   T10] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[  431.957939][T16374] netlink: 16 bytes leftover after parsing attributes in process `syz.6.4245'.
[  431.997900][T16374] netlink: 16 bytes leftover after parsing attributes in process `syz.6.4245'.
[  432.038084][   T10] usb 6-1: Using ep0 maxpacket: 16
[  432.046435][   T10] usb 6-1: unable to get BOS descriptor or descriptor too short
[  432.056293][   T10] usb 6-1: config 1 has an invalid interface number: 93 but max is 0
[  432.061237][   T10] usb 6-1: config 1 has no interface number 0
[  432.063970][   T10] usb 6-1: config 1 interface 93 has no altsetting 0
[  432.078347][   T10] usb 6-1: New USB device found, idVendor=2c7c, idProduct=0203, bcdDevice=56.2a
[  432.084177][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  432.087692][   T10] usb 6-1: Product: syz
[  432.089852][   T10] usb 6-1: Manufacturer: syz
[  432.092732][   T10] usb 6-1: SerialNumber: syz
[  432.335030][   T10] option 6-1:1.93: GSM modem (1-port) converter detected
[  432.343084][   T10] usb 6-1: GSM modem (1-port) converter now attached to ttyUSB0
[  432.362978][   T10] usb 6-1: USB disconnect, device number 29
[  432.391323][   T10] option1 ttyUSB0: GSM modem (1-port) converter now disconnected from ttyUSB0
[  432.397069][   T10] option 6-1:1.93: device disconnected
[  432.483414][T16387] loop0: detected capacity change from 0 to 128
[  432.509499][T16387] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  432.520394][T16387] hpfs: filesystem error: improperly stopped
[  432.522935][T16387] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  432.526060][T16387] hpfs: You really don't want any checks? You are crazy...
[  432.530117][T16387] hpfs: hpfs_map_sector(): read error
[  432.533253][T16387] hpfs: code page support is disabled
[  432.535654][T16387] hpfs: hpfs_map_4sectors(): unaligned read
[  432.538108][T16387] hpfs: hpfs_map_4sectors(): unaligned read
[  432.540845][T16387] hpfs: filesystem error: unable to find root dir
[  433.049866][T16411] bridge0: port 4(syz_tun) entered blocking state
[  433.078687][T16411] bridge0: port 4(syz_tun) entered disabled state
[  433.083375][T16411] syz_tun: entered allmulticast mode
[  433.108759][T16411] syz_tun: entered promiscuous mode
[  433.116216][T16411] bridge0: port 4(syz_tun) entered blocking state
[  433.119024][T16411] bridge0: port 4(syz_tun) entered forwarding state
[  433.197896][T16401] loop6: detected capacity change from 0 to 40427
[  433.206100][T16401] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12
[  433.212069][T16401] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  433.227099][T16401] F2FS-fs (loop6): invalid crc value
[  433.331070][T16401] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  433.347832][T16401] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[  433.351485][T16401] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  433.362115][T16424] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  433.362115][T16424] The task syz.5.4265 (16424) triggered the difference, watch for misbehavior.
[  434.301771][T16438] loop0: detected capacity change from 0 to 128
[  434.309781][T16438] EXT4-fs: inline encryption not supported
[  434.334149][T16438] EXT4-fs (loop0): Test dummy encryption mode enabled
[  434.352935][T16438] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  434.368475][T16438] ext4 filesystem being mounted at /1319/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  434.490748][ T5781] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  434.575192][T16444] loop5: detected capacity change from 0 to 32768
[  434.594583][T16444] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  434.652212][   T33] audit: type=1800 audit(1778602070.977:225): pid=16444 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.4274" name=".log" dev="loop5" ino=17058 res=0 errno=0
[  434.703433][T11024] ocfs2: Unmounting device (7,5) on (node local)
[  434.703730][T16450] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  434.946456][T16452] loop0: detected capacity change from 0 to 32768
[  434.949806][T16452] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.4278 (16452)
[  434.984686][T16452] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  434.988487][T16452] BTRFS info (device loop0): using sha256 checksum algorithm
[  435.075666][T16452] BTRFS info (device loop0): setting nodatasum
[  435.078836][T16452] BTRFS info (device loop0): enabling ssd optimizations
[  435.081575][T16452] BTRFS info (device loop0): turning on async discard
[  435.084406][T16452] BTRFS info (device loop0): enabling free space tree
[  435.099836][T16471] ieee802154 phy0 wpan0: encryption failed: -22
[  435.570643][   T33] audit: type=1800 audit(1778602071.669:226): pid=16478 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.4278" name="file1" dev="loop0" ino=260 res=0 errno=0
[  435.716807][ T5754] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[  435.905151][ T5754] usb 6-1: config 0 has an invalid interface number: 50 but max is 0
[  435.911520][ T5754] usb 6-1: config 0 has no interface number 0
[  435.918161][ T5754] usb 6-1: config 0 interface 50 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  435.930112][ T5754] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc
[  435.933352][ T5754] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  435.936236][ T5754] usb 6-1: Product: syz
[  435.949466][ T5754] usb 6-1: Manufacturer: syz
[  435.954031][ T5754] usb 6-1: SerialNumber: syz
[  435.958101][ T5754] usb 6-1: config 0 descriptor??
[  435.973256][ T5781] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  435.978110][ T5754] yurex 6-1:0.50: USB YUREX device now attached to Yurex #0
[  436.210291][ T5754] usb 6-1: USB disconnect, device number 30
[  436.219401][ T5754] yurex 6-1:0.50: USB YUREX #0 now disconnected
[  436.371890][T16487] loop0: detected capacity change from 0 to 1024
[  436.380948][T16487] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  436.411892][ T5781] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  436.465944][T16491] xt_limit: Overflow, try lower: 268435456/134217728
[  437.078627][T16526] loop5: detected capacity change from 0 to 22
[  437.085630][T16526] MTD: Attempt to mount non-MTD device "/dev/loop5"
[  437.116759][T16526] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  437.127335][T16531] loop6: detected capacity change from 0 to 1024
[  437.130406][T16531] hfsplus: unable to find HFS+ superblock
[  437.241064][T16533] loop6: detected capacity change from 0 to 8192
[  437.503774][T16549] loop6: detected capacity change from 0 to 128
[  437.539774][T16549] affs: No valid root block on device loop6
[  437.781161][    C1] hpet: Lost 1 RTC interrupts
[  437.908485][T16562] vlan2: entered promiscuous mode
[  437.910829][T16562] bridge0: entered promiscuous mode
[  438.216864][T16564] loop0: detected capacity change from 0 to 40427
[  438.223174][T16564] F2FS-fs (loop0): Invalid Fs Meta Ino: node(0) meta(2) root(0)
[  438.230101][T16564] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  438.238571][T16564] F2FS-fs (loop0): build fault injection rate: 27487
[  438.242371][T16564] F2FS-fs (loop0): invalid crc value
[  438.307976][T16564] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  438.325016][T16564] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  438.328653][T16564] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
[  439.465045][T16592] loop6: detected capacity change from 0 to 131072
[  439.470010][T16592] F2FS-fs (loop6): Test dummy encryption mode enabled
[  439.473273][T16592] F2FS-fs (loop6): invalid crc value
[  439.507065][T16592] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  439.516612][T16592] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  440.221431][T16616] loop0: detected capacity change from 0 to 128
[  440.224070][T16616] EXT4-fs: Ignoring removed nomblk_io_submit option
[  440.227676][T16616] EXT4-fs (loop0): Test dummy encryption mode enabled
[  440.244151][T16616] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  440.250126][T16616] ext4 filesystem being mounted at /1347/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  440.308532][ T5781] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  440.738973][T16640] netlink: 96 bytes leftover after parsing attributes in process `syz.0.4346'.
[  441.763762][T16659] tls_set_device_offload_rx: netdev not found
[  441.793887][T16661] netlink: 2028 bytes leftover after parsing attributes in process `syz.0.4353'.
[  441.797735][T16661] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4353'.
[  441.938223][T16668] could not allocate digest TFM handle xxhash64-generic
[  442.356016][T16681] loop5: detected capacity change from 0 to 512
[  442.366084][T16681] EXT4-fs: Ignoring removed orlov option
[  442.390949][T16681] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  442.397110][T16681] ext4 filesystem being mounted at /782/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  442.414317][T16681] EXT4-fs error (device loop5): ext4_get_verity_descriptor_location:337: inode #15: comm syz.5.4363: verity file corrupted; can't find descriptor
[  442.420546][T16681] EXT4-fs (loop5): Remounting filesystem read-only
[  442.423999][T16681] fs-verity (loop5, inode 15): Error -117 getting verity descriptor size
[  442.454997][T11024] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  442.821400][T16709] cgroup: No subsys list or none specified
[  443.335619][ T5754] usb 1-1: new full-speed USB device number 46 using dummy_hcd
[  443.509283][ T5754] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  443.569620][ T5754] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84
[  443.576597][ T5754] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  443.588357][ T5754] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 255, setting to 64
[  443.596949][ T5754] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  443.611629][ T5754] usb 1-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae
[  443.618866][ T5754] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  443.622127][ T5754] usb 1-1: Product: syz
[  443.623921][ T5754] usb 1-1: Manufacturer: syz
[  443.628865][ T5754] usb 1-1: SerialNumber: syz
[  443.635392][ T5754] usb 1-1: config 0 descriptor??
[  443.642911][T16711] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  443.656495][ T5754] input: KB Gear Tablet as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input20
[  443.724762][   T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  443.746727][   T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  443.755261][   T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  443.761969][   T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  443.768180][   T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  443.784534][ T5003] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  443.807275][ T5003] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  443.810506][ T5003] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  443.826391][ T5003] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  443.831897][ T5003] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  443.907498][ T5754] usb 1-1: USB disconnect, device number 46
[  444.066462][T16721] lo speed is unknown, defaulting to 1000
[  444.246777][T16721] bridge0: port 1(bridge_slave_0) entered blocking state
[  444.249419][T16721] bridge0: port 1(bridge_slave_0) entered disabled state
[  444.251890][T16721] bridge_slave_0: entered allmulticast mode
[  444.255475][T16721] bridge_slave_0: entered promiscuous mode
[  444.259194][T16721] bridge0: port 2(bridge_slave_1) entered blocking state
[  444.262027][T16721] bridge0: port 2(bridge_slave_1) entered disabled state
[  444.264807][T16721] bridge_slave_1: entered allmulticast mode
[  444.269133][T16721] bridge_slave_1: entered promiscuous mode
[  444.288234][T16721] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  444.293994][T16721] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  444.328727][T16721] team0: Port device team_slave_0 added
[  444.333820][T16721] team0: Port device team_slave_1 added
[  444.361756][T16721] batman_adv: batadv0: Adding interface: batadv_slave_0
[  444.364705][T16721] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  444.375105][T16721] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  444.381319][T16721] batman_adv: batadv0: Adding interface: batadv_slave_1
[  444.384863][T16721] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  444.394380][T16721] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  444.435785][T16721] hsr_slave_0: entered promiscuous mode
[  444.439287][T16721] hsr_slave_1: entered promiscuous mode
[  444.442074][T16721] debugfs: 'hsr0' already exists in 'hsr'
[  444.444422][T16721] Cannot create hsr debugfs directory
[  444.502487][T16743] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4385'.
[  444.666319][T16751] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4388'.
[  444.684300][T16751] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4388'.
[  444.805187][T16753] netlink: 120 bytes leftover after parsing attributes in process `syz.0.4389'.
[  444.808898][T16753] netlink: 88 bytes leftover after parsing attributes in process `syz.0.4389'.
[  444.841995][T16721] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  444.868733][T16721] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  444.877319][T16721] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  444.881394][T16721] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  444.884333][T16721] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  444.894654][T16721] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  444.907045][T16721] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  444.919031][T16721] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  444.927147][T16762] netlink: 'syz.5.4393': attribute type 4 has an invalid length.
[  444.935017][T16762] netlink: 3581 bytes leftover after parsing attributes in process `syz.5.4393'.
[  445.040160][T16721] 8021q: adding VLAN 0 to HW filter on device bond0
[  445.072352][T16721] 8021q: adding VLAN 0 to HW filter on device team0
[  445.096225][T13700] bridge0: port 1(bridge_slave_0) entered blocking state
[  445.098967][T13700] bridge0: port 1(bridge_slave_0) entered forwarding state
[  445.108804][T13700] bridge0: port 2(bridge_slave_1) entered blocking state
[  445.111485][T13700] bridge0: port 2(bridge_slave_1) entered forwarding state
[  445.485899][T16721] 8021q: adding VLAN 0 to HW filter on device batadv0
[  445.637684][T16721] veth0_vlan: entered promiscuous mode
[  445.646450][T16721] veth1_vlan: entered promiscuous mode
[  445.672772][T16721] veth0_macvtap: entered promiscuous mode
[  445.679440][T16721] veth1_macvtap: entered promiscuous mode
[  445.691399][T16721] batman_adv: batadv0: Interface activated: batadv_slave_0
[  445.698983][T16721] batman_adv: batadv0: Interface activated: batadv_slave_1
[  445.725680][T13229] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  445.731901][T13229] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  445.742491][T13229] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  445.750092][T13229] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  445.947980][ T3373] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  445.961734][ T3373] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  445.999883][T16817] xt_l2tp: v2 doesn't support IP mode
[  446.032181][ T5003] Bluetooth: hci1: command tx timeout
[  446.071421][T13705] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  446.085094][T13705] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  446.226258][T16830] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4413'.
[  446.230738][T16830] bridge: RTM_NEWNEIGH with invalid ether address
[  446.780121][T16859] fuse: fd is not a fuse device
[  447.222373][T13229] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  447.227862][T13229] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  447.294973][ T5747] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  447.509302][T16871] loop7: detected capacity change from 0 to 512
[  447.551412][T16871] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  447.556380][T16871] ext4 filesystem being mounted at /5/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  448.051155][T16878] loop5: detected capacity change from 0 to 131072
[  448.056248][T16878] F2FS-fs (loop5): Invalid log sectorsize (67108873)
[  448.058922][T16878] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  448.063359][T16878] F2FS-fs (loop5): invalid crc value
[  448.086322][T16721] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  448.098289][T16878] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  448.105922][T16878] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  448.108279][T16878] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4
[  448.241941][ T5003] Bluetooth: hci1: command tx timeout
[  448.654293][T16913] loop5: detected capacity change from 0 to 1764
[  448.935774][T16929] loop5: detected capacity change from 0 to 2048
[  448.951940][T16929] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  449.067374][T16935] overlayfs: failed to create directory ./bus/work (errno: 22); mounting read-only
[  449.183035][  T270] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  449.372843][T16956] loop7: detected capacity change from 0 to 256
[  449.380513][T16954] loop5: detected capacity change from 0 to 2048
[  449.404065][T16956] FAT-fs (loop7): Directory bread(block 64) failed
[  449.410539][T16956] FAT-fs (loop7): Directory bread(block 65) failed
[  449.412722][T16956] FAT-fs (loop7): Directory bread(block 66) failed
[  449.414662][T16956] FAT-fs (loop7): Directory bread(block 67) failed
[  449.415254][T16954] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  449.416854][T16956] FAT-fs (loop7): Directory bread(block 68) failed
[  449.422380][T16956] FAT-fs (loop7): Directory bread(block 69) failed
[  449.424576][T16956] FAT-fs (loop7): Directory bread(block 70) failed
[  449.427076][T16956] FAT-fs (loop7): Directory bread(block 71) failed
[  449.434919][T16956] FAT-fs (loop7): Directory bread(block 72) failed
[  449.438043][T16956] FAT-fs (loop7): Directory bread(block 73) failed
[  449.782820][ T1380] ieee802154 phy0 wpan0: encryption failed: -22
[  449.785553][ T1380] ieee802154 phy1 wpan1: encryption failed: -22
[  449.869638][  T270] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  450.207649][T16994] loop5: detected capacity change from 0 to 256
[  450.269734][  T270] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  450.318274][T16994] syz.5.4482: attempt to access beyond end of device
[  450.318274][T16994] loop5: rw=0, sector=272, nr_sectors = 4 limit=256
[  450.335796][T16994] FAT-fs (loop5): error, fat_free: invalid cluster chain (i_pos 198)
[  450.347913][T16994] FAT-fs (loop5): error, fat_free: invalid cluster chain (i_pos 198)
[  450.384552][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  450.465793][ T5003] Bluetooth: hci1: command tx timeout
[  450.768022][T17004] futex_wake_op: syz.0.4487 tries to shift op by 144; fix this program
[  451.152676][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  451.235979][T13708] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  451.342781][ T5747] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  451.376540][T17002] loop5: detected capacity change from 0 to 32768
[  451.423253][T17010] netlink: 7 bytes leftover after parsing attributes in process `syz.7.4490'.
[  451.560192][T17018] netlink: 199836 bytes leftover after parsing attributes in process `syz.7.4494'.
[  451.563789][T17018] ksmbd: Unknown IPC event: 3, ignore.
[  451.814246][T17023] loop7: detected capacity change from 0 to 40427
[  451.817356][T17023] F2FS-fs (loop7): build fault injection rate: 174
[  451.819883][T17023] F2FS-fs (loop7): build fault injection type: 0x3bfe8c
[  451.824011][T17023] F2FS-fs (loop7): invalid crc value
[  451.870204][T17023] F2FS-fs (loop7): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  451.879919][T17023] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  451.919265][T17035] xt_addrtype: output interface limitation not valid in PREROUTING and INPUT
[  451.991597][T16721] syz-executor: attempt to access beyond end of device
[  451.991597][T16721] loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  452.039469][T16721] CPU: 0 UID: 0 PID: 16721 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  452.039492][T16721] Tainted: [L]=SOFTLOCKUP
[  452.039498][T16721] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  452.039531][T16721] Call Trace:
[  452.039537][T16721]  <TASK>
[  452.039543][T16721]  dump_stack_lvl+0xe8/0x150
[  452.039564][T16721]  f2fs_stop_checkpoint+0x3c7/0x590
[  452.039584][T16721]  f2fs_write_end_io+0x1274/0x1740
[  452.039615][T16721]  __submit_merged_bio+0x256/0x6a0
[  452.039635][T16721]  __submit_merged_write_cond+0x3c9/0x4e0
[  452.039657][T16721]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  452.039687][T16721]  f2fs_write_data_pages+0x287e/0x34f0
[  452.039704][T16721]  ? unwind_next_frame+0xa6/0x2550
[  452.039743][T16721]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  452.039759][T16721]  ? is_bpf_text_address+0x26/0x2b0
[  452.039780][T16721]  ? arch_stack_walk+0xfb/0x150
[  452.039815][T16721]  ? add_lock_to_list+0xc7/0x100
[  452.039832][T16721]  ? lockdep_unlock+0x5d/0xd0
[  452.039843][T16721]  ? __lock_acquire+0x146e/0x2cf0
[  452.039875][T16721]  ? do_raw_spin_lock+0x12b/0x2f0
[  452.039901][T16721]  ? do_raw_spin_unlock+0x4d/0x210
[  452.039919][T16721]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  452.039935][T16721]  do_writepages+0x32e/0x550
[  452.039957][T16721]  ? do_raw_spin_unlock+0x4d/0x210
[  452.039997][T16721]  filemap_fdatawrite+0x1e9/0x2f0
[  452.040014][T16721]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  452.040057][T16721]  ? do_raw_spin_unlock+0x4d/0x210
[  452.040079][T16721]  f2fs_sync_dirty_inodes+0x30e/0x830
[  452.040107][T16721]  f2fs_write_checkpoint+0x9df/0x26a0
[  452.040123][T16721]  ? __lock_acquire+0x6b5/0x2cf0
[  452.040159][T16721]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  452.040210][T16721]  kill_f2fs_super+0x314/0x730
[  452.040233][T16721]  ? __pfx_kill_f2fs_super+0x10/0x10
[  452.040257][T16721]  ? lockdep_hardirqs_on+0x7a/0x110
[  452.040284][T16721]  deactivate_locked_super+0xbc/0x130
[  452.040305][T16721]  cleanup_mnt+0x437/0x4d0
[  452.040324][T16721]  ? _raw_spin_unlock_irq+0x23/0x50
[  452.040347][T16721]  task_work_run+0x1d9/0x270
[  452.040366][T16721]  ? __pfx_task_work_run+0x10/0x10
[  452.040388][T16721]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  452.040423][T16721]  exit_to_user_mode_loop+0xed/0x480
[  452.040438][T16721]  ? rcu_is_watching+0x15/0xb0
[  452.040454][T16721]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  452.040467][T16721]  do_syscall_64+0x33e/0xf80
[  452.040481][T16721]  ? trace_irq_disable+0x3b/0x140
[  452.040524][T16721]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  452.040540][T16721] RIP: 0033:0x7f16c199e017
[  452.040554][T16721] Code: a2 c7 05 dc 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  452.040564][T16721] RSP: 002b:00007fff9e57a798 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  452.040578][T16721] RAX: 0000000000000000 RBX: 00007f16c1a32120 RCX: 00007f16c199e017
[  452.040586][T16721] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff9e57a850
[  452.040595][T16721] RBP: 00007fff9e57a850 R08: 00007fff9e57b850 R09: 00000000ffffffff
[  452.040603][T16721] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff9e57b8e0
[  452.040611][T16721] R13: 00007f16c1a32120 R14: 000000000006d2d3 R15: 00007fff9e57b920
[  452.040632][T16721]  </TASK>
[  452.043857][T16721] F2FS-fs (loop7): Stopped filesystem due to reason: 3
[  452.191658][T17045] netlink: 'syz.0.4505': attribute type 1 has an invalid length.
[  452.194971][T17045] netlink: 'syz.0.4505': attribute type 4 has an invalid length.
[  452.198493][T17045] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.4505'.
[  452.372494][T17050] fuse: fd is not a fuse device
[  452.691927][ T5003] Bluetooth: hci1: command tx timeout
[  453.073127][T17081] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4521'.
[  453.117308][  T270] net_ratelimit: 3 callbacks suppressed
[  453.117321][  T270] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  453.292895][T17090] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4525'.
[  453.343249][T17092] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  453.482649][T17103] loop7: detected capacity change from 0 to 8
[  453.547183][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  453.900309][T17108] loop7: detected capacity change from 0 to 32768
[  453.931207][T17108] read_mapping_page failed!
[  453.933187][T17108] ERROR: (device loop7): txCommit: 
[  453.933187][T17108] 
[  454.154644][T17120] loop7: detected capacity change from 0 to 512
[  454.158680][T17120] EXT4-fs (loop7): feature flags set on rev 0 fs, running e2fsck is recommended
[  454.187792][T17120] EXT4-fs warning (device loop7): ext4_update_dynamic_rev:1148: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  454.201331][T17120] EXT4-fs error (device loop7): ext4_validate_block_bitmap:441: comm syz.7.4537: bg 0: block 248: padding at end of block bitmap is not set
[  454.210060][T17120] loop7: lost filesystem error report for type 5 error -117
[  454.212952][T17120] Quota error (device loop7): write_blk: dquota write failed
[  454.219233][    C1] EXT4-fs (loop7): error count since last fsck: 1
[  454.219249][    C1] EXT4-fs (loop7): last error at time 1779126377: ext4_validate_block_bitmap:441
[  454.224831][T17120] Quota error (device loop7): qtree_write_dquot: Error -28 occurred while creating quota
[  454.228726][T17120] EXT4-fs error (device loop7): ext4_acquire_dquot:7034: comm syz.7.4537: Failed to acquire dquot type 1
[  454.233370][T17120] loop7: lost filesystem error report for type 5 error -28
[  454.235373][T17120] EXT4-fs (loop7): 1 truncate cleaned up
[  454.242905][T17120] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0008-000000000000 r/w without journal. Quota mode: writeback.
[  454.280254][T17119] Quota error (device loop7): find_tree_dqentry: Cycle in quota tree detected: block 2 index 2
[  454.283972][T17119] Quota error (device loop7): qtree_read_dquot: Can't read quota structure for id 131074
[  454.288684][T17119] EXT4-fs error (device loop7): ext4_acquire_dquot:7034: comm syz.7.4537: Failed to acquire dquot type 1
[  454.377096][T16721] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0008-000000000000.
[  454.426910][T17128] ip6t_srh: unknown srh invflags 4000
[  454.533989][T17139] xt_policy: output policy not valid in PREROUTING and INPUT
[  454.658677][ T5754] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  455.127672][T17146] loop5: detected capacity change from 0 to 32768
[  455.167776][T17146] read_mapping_page failed!
[  455.171209][T17146] ERROR: (device loop5): txCommit: 
[  455.171209][T17146] 
[  455.220254][T13705] read_mapping_page failed!
[  455.222353][T13705] ERROR: (device loop5): txCommit: 
[  455.222353][T13705] 
[  455.226658][T13705] jfs_write_inode: jfs_commit_inode failed!
[  455.300851][T17154] overlayfs: failed to clone upperpath
[  455.538872][T17160] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4553'.
[  455.541963][T17160] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4553'.
[  455.545788][T17160] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4553'.
[  455.774500][ T5754] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  455.936811][T17164] loop5: detected capacity change from 0 to 40427
[  455.942728][T17164] F2FS-fs (loop5): build fault injection rate: 4
[  455.945625][T17164] F2FS-fs (loop5): build fault injection type: 0x1dff
[  455.948003][T17164] F2FS-fs (loop5): inject kvmalloc in f2fs_kvmalloc of f2fs_fill_super+0x44bf/0x78f0
[  455.952210][T17164] F2FS-fs (loop5): Failed to get valid F2FS checkpoint
[  456.314129][ T5754] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  456.375134][  T270] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  456.490379][ T5754] usb 8-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  456.494383][ T5754] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  456.497696][ T5754] usb 8-1: Product: syz
[  456.499284][ T5754] usb 8-1: Manufacturer: syz
[  456.501493][ T5754] usb 8-1: SerialNumber: syz
[  456.508660][ T5754] usb 8-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  456.548567][ T5754] usb 8-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  456.884788][ T5877] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  457.383539][ T5877] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  457.394558][   T24] usb 8-1: USB disconnect, device number 2
[  457.661370][ T5754] ath9k_htc 8-1:1.0: ath9k_htc: Target is unresponsive
[  457.669395][ T5754] ath9k_htc: Failed to initialize the device
[  457.684168][   T24] usb 8-1: ath9k_htc: USB layer deinitialized
[  457.756292][T17179] xt_hashlimit: size too large, truncated to 1048576
[  457.993401][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  458.005819][ T5754] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  458.239287][T17177] bridge0: port 1(bridge_slave_0) entered forwarding state
[  458.441002][T17197] loop7: detected capacity change from 0 to 2048
[  458.447436][T17197] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  458.481113][T17197] UDF-fs: warning (device loop7): udf_rmdir: empty directory has nlink != 2 (0)
[  458.487411][T17197] UDF-fs: warning (device loop7): udf_rmdir: parent dir link count too low (2)
[  458.720484][T17215] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  459.072881][   T10] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  459.235282][   T10] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  459.238172][   T10] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  459.241418][   T10] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66
[  459.246985][   T10] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  459.253088][   T10] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  459.261860][   T10] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  459.264354][   T10] usb 8-1: Product: syz
[  459.265986][   T10] usb 8-1: Manufacturer: syz
[  459.272938][   T10] cdc_wdm 8-1:1.0: skipping garbage
[  459.274902][   T10] cdc_wdm 8-1:1.0: skipping garbage
[  459.284176][   T10] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device
[  459.286222][   T10] cdc_wdm 8-1:1.0: Unknown control protocol
[  459.530977][    C0] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[  459.533660][    C0] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[  459.537002][    C0] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[  459.539630][    C0] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[  459.542075][    C0] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[  459.544278][    C0] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[  459.547087][    C0] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[  459.549174][    C0] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[  459.551607][    C0] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[  459.553755][    C0] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[  459.555946][    C0] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[  459.558256][    C0] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[  459.560712][    C0] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[  459.562824][    C0] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[  459.565018][  T270] usb 8-1: USB disconnect, device number 3
[  459.567659][    C0] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[  459.567670][    C0] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[  459.567675][    C0] cdc_wdm 8-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  460.496261][T17240] loop7: detected capacity change from 0 to 1024
[  460.515667][T17240] hfsplus: Filesystem was not cleanly unmounted, running fsck.hfsplus is recommended.  mounting read-only.
[  460.534142][T17240] hfsplus: unknown catalog record type 1792
[  460.637187][T17246] loop5: detected capacity change from 0 to 512
[  460.664644][T17246] EXT4-fs error (device loop5): ext4_orphan_get:1397: inode #15: comm syz.5.4592: iget: bad i_size value: 38620345925642
[  460.674431][T17246] loop5: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[  460.674834][T17246] EXT4-fs error (device loop5): ext4_orphan_get:1402: comm syz.5.4592: couldn't read orphan inode 15 (err -117)
[  460.678550][    C1] EXT4-fs (loop5): error count since last fsck: 1
[  460.678566][    C1] EXT4-fs (loop5): initial error at time 1779126383: ext4_orphan_get:1397: inode 15
[  460.678587][    C1] EXT4-fs (loop5): last error at time 1779126383: ext4_orphan_get:1397: inode 15
[  460.699332][T17246] loop5: lost filesystem error report for type 5 error -117
[  460.700966][T17246] EXT4-fs (loop5): mounted filesystem 00000000-0000-00a1-0000-000000000000 r/w without journal. Quota mode: writeback.
[  460.785472][T11024] EXT4-fs (loop5): unmounting filesystem 00000000-0000-00a1-0000-000000000000.
[  460.913102][ T5754] usb 8-1: new full-speed USB device number 4 using dummy_hcd
[  461.087190][ T5754] usb 8-1: unable to get BOS descriptor or descriptor too short
[  461.095523][ T5754] usb 8-1: not running at top speed; connect to a high speed hub
[  461.100960][ T5754] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  461.108002][ T5754] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3
[  461.113646][ T5754] usb 8-1: New USB device found, idVendor=1235, idProduct=8207, bcdDevice= 0.40
[  461.117283][ T5754] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=3
[  461.120292][ T5754] usb 8-1: Product: syz
[  461.121614][ T5754] usb 8-1: Manufacturer: syz
[  461.123098][ T5754] usb 8-1: SerialNumber: syz
[  461.146406][T17279] binder: 17278:17279 ioctl 40046210 0 returned -14
[  461.258798][T17282] loop5: detected capacity change from 0 to 4096
[  461.261550][T17282] ntfs3(loop5): Different NTFS sector size (4096) and media sector size (512).
[  461.264367][T17282] ntfs3(loop5): RAW NTFS volume: Filesystem size 0.00 Gb > volume size 0.00 Gb. Mount in read-only.
[  461.281318][T17282] ntfs3(loop5): ino=19, mi_enum_attr
[  461.284322][T17282] ntfs3(loop5): ino=19, mi_enum_attr
[  461.286972][T17282] ntfs3(loop5): Failed to initialize $Extend/$ObjId.
[  461.397414][T17291] vlan2: entered promiscuous mode
[  461.399353][T17291] dummy0: entered promiscuous mode
[  461.422879][ T5754] usb 8-1: USB disconnect, device number 4
[  461.443773][T17293] xt_connbytes: Forcing CT accounting to be enabled
[  461.757524][T17312] loop5: detected capacity change from 0 to 4096
[  461.764234][T17312] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  461.781891][T17312] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  461.802164][T17312] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  461.824299][T11024] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  462.097368][T17330] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input21
[  462.205676][  T270] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[  462.367274][  T270] usb 6-1: Using ep0 maxpacket: 8
[  462.373396][  T270] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  462.378633][  T270] usb 6-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[  462.383234][  T270] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  462.394242][  T270] usb 6-1: config 0 descriptor??
[  462.407248][  T270] gspca_main: vc032x-2.14.0 probing 046d:0892
[  462.715707][ T5754] hsr0: entered promiscuous mode
[  462.780324][T17349] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4638'.
[  462.840473][  T270] gspca_vc032x: reg_w err -71
[  462.842245][  T270] vc032x 6-1:0.0: probe with driver vc032x failed with error -71
[  462.851405][  T270] usb 6-1: USB disconnect, device number 31
[  463.628085][T17370] tmpfs: Bad value for 'mpol'
[  463.666391][T17369] lo speed is unknown, defaulting to 1000
[  464.055989][T17389] netlink: 'syz.0.4655': attribute type 2 has an invalid length.
[  464.116480][T17393] PKCS7: Unknown OID: [4] 5.25.43183.11314.97.496.3.846527319083.2007.15776
[  464.120333][T17393] PKCS7: Only support pkcs7_signedData type
[  464.574389][T17416] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  464.610237][T17416] binder: 17411:17416 ioctl 400c620e 2000000003c0 returned -22
[  464.693300][T17416] loop5: detected capacity change from 0 to 512
[  464.717635][T17416] ext4: Unknown parameter 'appraise_type'
[  465.495602][T17433] loop7: detected capacity change from 0 to 32768
[  465.500011][T17433] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.4675 (17433)
[  465.518281][T17433] BTRFS info (device loop7): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  465.524042][T17433] BTRFS info (device loop7): using crc32c checksum algorithm
[  465.580767][T17433] BTRFS info (device loop7): enabling ssd optimizations
[  465.596652][T17433] BTRFS info (device loop7): turning on flush-on-commit
[  465.604628][T17433] BTRFS info (device loop7): enabling free space tree
[  465.613441][T17433] BTRFS info (device loop7): enabling auto defrag
[  465.617124][T17433] BTRFS info (device loop7): use lzo compression, level 1
[  465.621541][T17433] BTRFS info (device loop7): max_inline set to 4096
[  465.662733][T16721] BTRFS info (device loop7): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  466.019369][ T5754] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[  466.250588][ T5754] usb 6-1: Using ep0 maxpacket: 8
[  466.323733][ T5754] usb 6-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d
[  466.331596][ T5754] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  466.336587][ T5754] usb 6-1: Product: syz
[  466.337904][ T5754] usb 6-1: Manufacturer: syz
[  466.341190][ T5754] usb 6-1: SerialNumber: syz
[  466.353157][ T5754] usb 6-1: config 0 descriptor??
[  466.362442][ T5754] gspca_main: sonixj-2.14.0 probing 0c45:613e
[  466.444363][T17473] openvswitch: netlink: ufid size 20 bytes exceeds the range (1, 16)
[  466.446966][T17473] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  466.957060][T17497] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4697'.
[  467.208647][T17501] loop7: detected capacity change from 0 to 4096
[  467.223385][T17501] NILFS (loop7): invalid segment: Checksum error in segment payload
[  467.226595][T17501] NILFS (loop7): trying rollback from an earlier position
[  467.241984][T17501] NILFS (loop7): recovery complete
[  467.682298][ T5754] gspca_sonixj: reg_w1 err -71
[  467.787925][ T5754] sonixj 6-1:0.0: probe with driver sonixj failed with error -71
[  467.798461][ T5754] usb 6-1: USB disconnect, device number 32
[  467.812135][T17523] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4709'.
[  467.918390][T17521] loop7: detected capacity change from 0 to 32768
[  467.923894][T17521] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.4708 (17521)
[  467.977218][T17521] BTRFS info (device loop7): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  467.981038][T17521] BTRFS info (device loop7): using blake2b checksum algorithm
[  468.217266][T17521] BTRFS info (device loop7): enabling ssd optimizations
[  468.221640][T17521] BTRFS info (device loop7): turning on async discard
[  468.227609][T17521] BTRFS info (device loop7): enabling free space tree
[  468.231450][T17521] BTRFS info (device loop7): use zstd compression, level 3
[  468.349675][T16721] BTRFS info (device loop7): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  468.455018][T17547] nft_compat: unsupported protocol 8
[  468.485160][    C1] hpet: Lost 1 RTC interrupts
[  468.548210][    C1] hpet: Lost 1 RTC interrupts
[  468.608485][T17552] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  468.970740][T17564] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4720'.
[  469.210953][T17583] securityfs: Unknown parameter ''
[  469.256418][   T10] usb 6-1: new high-speed USB device number 33 using dummy_hcd
[  469.266502][T17586] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4731'.
[  469.269920][T17586] netlink: 48 bytes leftover after parsing attributes in process `syz.7.4731'.
[  469.272731][T17586] netlink: 48 bytes leftover after parsing attributes in process `syz.7.4731'.
[  469.424700][   T10] usb 6-1: config 0 has an invalid interface number: 255 but max is 0
[  469.428124][   T10] usb 6-1: config 0 has no interface number 0
[  469.430660][   T10] usb 6-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30
[  469.435289][   T10] usb 6-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  469.440781][   T10] usb 6-1: config 0 interface 255 has no altsetting 0
[  469.443512][   T10] usb 6-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b
[  469.447588][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  469.452880][   T10] usb 6-1: config 0 descriptor??
[  469.719790][   T10] ums-realtek 6-1:0.255: USB Mass Storage device detected
[  469.853475][T17594] 9p: Bad value for 'rfdno'
[  469.922540][T17598] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4735'.
[  469.940340][   T10] usb 6-1: USB disconnect, device number 33
[  470.593495][T17618] loop7: detected capacity change from 0 to 512
[  470.628335][T17622] openvswitch: netlink: Tunnel attr 78 out of range max 16
[  470.644036][T17618] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  470.682214][T17624] netlink: 'syz.5.4746': attribute type 4 has an invalid length.
[  470.743470][   T24] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[  470.758984][   T24] hid-generic 0000:0000:0000.000C: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  470.768962][T17626] loop5: detected capacity change from 0 to 2048
[  470.775833][T17626] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  470.931345][T16721] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  471.634592][T17645] loop7: detected capacity change from 0 to 512
[  471.641312][T17645] EXT4-fs: Ignoring removed orlov option
[  471.678568][T17645] EXT4-fs (loop7): Test dummy encryption mode enabled
[  471.696781][T17645] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[  471.708081][T17645] EXT4-fs (loop7): 1 truncate cleaned up
[  471.717793][T17645] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  471.891727][T16721] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  471.991607][T17653] loop7: detected capacity change from 0 to 128
[  472.049876][T17653] FAT-fs (loop7): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  472.550364][T17659] loop5: detected capacity change from 0 to 8
[  472.799341][T17677] overlayfs: failed to resolve './cgroup': -2
[  473.112541][   T10] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  473.271872][   T10] usb 8-1: Using ep0 maxpacket: 16
[  473.275773][   T10] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  473.280401][   T10] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  473.286619][   T10] usb 8-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  473.290420][   T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  473.295930][   T10] usb 8-1: config 0 descriptor??
[  473.381299][T17708] netlink: 212344 bytes leftover after parsing attributes in process `syz.0.4783'.
[  474.134864][   T10] usbhid 8-1:0.0: can't add hid device: -71
[  474.138453][   T10] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  474.155119][   T10] usb 8-1: USB disconnect, device number 5
[  474.276430][T17748] sctp: [Deprecated]: syz.5.4802 (pid 17748) Use of int in maxseg socket option.
[  474.276430][T17748] Use struct sctp_assoc_value instead
[  474.317087][T17750] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  474.323263][T17750] IPv6: NLM_F_CREATE should be set when creating new route
[  474.466604][T17756] loop5: detected capacity change from 0 to 256
[  474.489496][T17756] FAT-fs (loop5): Directory bread(block 64) failed
[  474.492189][T17756] FAT-fs (loop5): Directory bread(block 65) failed
[  474.495036][T17756] FAT-fs (loop5): Directory bread(block 66) failed
[  474.497687][T17756] FAT-fs (loop5): Directory bread(block 67) failed
[  474.500863][T17756] FAT-fs (loop5): Directory bread(block 68) failed
[  474.504996][T17756] FAT-fs (loop5): Directory bread(block 69) failed
[  474.507570][T17756] FAT-fs (loop5): Directory bread(block 70) failed
[  474.509727][T17756] FAT-fs (loop5): Directory bread(block 71) failed
[  474.511724][T17756] FAT-fs (loop5): Directory bread(block 72) failed
[  474.514642][T17756] FAT-fs (loop5): Directory bread(block 73) failed
[  475.047058][ T5747] usb 8-1: new full-speed USB device number 6 using dummy_hcd
[  475.261648][ T5747] usb 8-1: unable to get BOS descriptor or descriptor too short
[  475.265868][ T5747] usb 8-1: not running at top speed; connect to a high speed hub
[  475.272721][ T5747] usb 8-1: New USB device found, idVendor=1235, idProduct=4661, bcdDevice=ae.13
[  475.275848][ T5747] usb 8-1: New USB device strings: Mfr=17, Product=2, SerialNumber=3
[  475.281805][ T5747] usb 8-1: Product: syz
[  475.285031][ T5747] usb 8-1: Manufacturer: syz
[  475.287879][ T5747] usb 8-1: SerialNumber: syz
[  475.297704][ T5747] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[  475.336779][ T5747] snd-usb-audio 8-1:8.0: probe with driver snd-usb-audio failed with error -2
[  475.354822][ T7701] udevd[7701]: error opening ATTR{/sys/devices/platform/dummy_hcd.7/usb8/8-1/8-1:8.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  475.516102][ T5078] usb 8-1: USB disconnect, device number 6
[  476.100012][T17782] netlink: 196 bytes leftover after parsing attributes in process `syz.0.4817'.
[  476.151759][T17784] netlink: 20 bytes leftover after parsing attributes in process `syz.7.4818'.
[  476.575904][   T24] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  476.736312][   T24] usb 8-1: Using ep0 maxpacket: 8
[  476.742273][   T24] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 15
[  476.745795][   T24] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  476.753424][   T24] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  476.758037][   T24] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  476.765695][   T24] usb 8-1: New USB device found, idVendor=077d, idProduct=04aa, bcdDevice=5b.d8
[  476.769780][   T24] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  476.772970][   T24] usb 8-1: Product: syz
[  476.774777][   T24] usb 8-1: Manufacturer: syz
[  476.776700][   T24] usb 8-1: SerialNumber: syz
[  476.781746][   T24] usb 8-1: config 0 descriptor??
[  476.788000][T17788] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  477.014494][   T24] powermate: Expected payload of 3--6 bytes, found 1024 bytes!
[  477.022788][   T24] input: Griffin SoundKnob as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/input/input22
[  477.487227][    C1] powermate: config urb returned -71
[  477.489248][    C1] powermate: config urb returned -71
[  477.491369][    C1] powermate: config urb returned -71
[  477.493630][   T10] usb 8-1: USB disconnect, device number 7
[  477.493683][    C1] powermate 8-1:0.0: powermate_irq - usb_submit_urb failed with result: -19
[  477.524495][T17810] loop5: detected capacity change from 0 to 16
[  477.534772][T17810] erofs: Unexpected value for 'user_xattr'
[  477.542254][T17807] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4830'.
[  477.629171][T17815] sctp: [Deprecated]: syz.0.4832 (pid 17815) Use of struct sctp_assoc_value in delayed_ack socket option.
[  477.629171][T17815] Use struct sctp_sack_info instead
[  479.385564][T17845] loop5: detected capacity change from 0 to 64
[  479.812970][T17875] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4858'.
[  479.921842][T17885] netlink: 4768 bytes leftover after parsing attributes in process `syz.7.4863'.
[  481.628831][T17921] loop5: detected capacity change from 0 to 32768
[  481.650236][T17921] XFS (loop5): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  481.739131][T17921] XFS (loop5): Ending clean mount
[  481.821461][T17950] netlink: 'syz.0.4887': attribute type 11 has an invalid length.
[  481.871879][T17950] 8021q: adding VLAN 0 to HW filter on device team0
[  481.874824][T17950] team_slave_0: entered promiscuous mode
[  481.877925][T17950] team_slave_1: entered promiscuous mode
[  481.881939][T17950] dummy0: entered promiscuous mode
[  481.899654][T17953] loop7: detected capacity change from 0 to 256
[  481.965119][T17954] mac80211_hwsim hwsim6 wlan0: entered promiscuous mode
[  481.968089][T17954] mac80211_hwsim hwsim6 wlan0: entered allmulticast mode
[  481.995507][T11024] XFS (loop5): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  482.003757][ T5746] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  482.031208][ T5746] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[  482.100091][T17958] mac80211_hwsim hwsim20 wlan0: entered promiscuous mode
[  482.124966][T17958] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[  482.832339][  T270] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[  482.992108][  T270] usb 8-1: config 1 interface 0 has no altsetting 0
[  482.996786][  T270] usb 8-1: New USB device found, idVendor=05ac, idProduct=0245, bcdDevice= 0.40
[  483.000054][  T270] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  483.002961][  T270] usb 8-1: Product: syz
[  483.004581][  T270] usb 8-1: Manufacturer: syz
[  483.006458][  T270] usb 8-1: SerialNumber: syz
[  483.242856][  T270] input: bcm5974 as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:1.0/input/input23
[  483.252575][ T5046] bcm5974 8-1:1.0: could not read from device
[  483.371884][  T270] usb 8-1: USB disconnect, device number 8
[  483.374427][ T5046] bcm5974 8-1:1.0: could not read from device
[  483.451919][T17981] loop5: detected capacity change from 0 to 4096
[  483.511769][T17981] ntfs3(loop5): ino=21, The size of extended attributes must not exceed 64KiB
[  484.587544][T18036] bond1: entered allmulticast mode
[  485.128773][   T24] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[  485.291915][   T24] usb 8-1: config 220 has an invalid interface number: 76 but max is 2
[  485.295360][   T24] usb 8-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  485.299071][   T24] usb 8-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  485.302823][   T24] usb 8-1: config 220 has no interface number 2
[  485.305311][   T24] usb 8-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  485.310807][   T24] usb 8-1: config 220 interface 0 has no altsetting 0
[  485.314311][   T24] usb 8-1: config 220 interface 76 has no altsetting 0
[  485.317154][   T24] usb 8-1: config 220 interface 1 has no altsetting 0
[  485.322123][   T24] usb 8-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  485.325958][   T24] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  485.329906][   T24] usb 8-1: Product: syz
[  485.331759][   T24] usb 8-1: Manufacturer: syz
[  485.342593][   T24] usb 8-1: SerialNumber: syz
[  485.432052][T18053] Device name not specified.
[  485.432052][T18053] 
[  485.526066][T18057] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4932'.
[  485.599258][   T24] usb 8-1: selecting invalid altsetting 0
[  485.616372][   T24] uvcvideo 8-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[  485.619882][   T24] uvcvideo 8-1:220.0: No valid video chain found.
[  485.638642][   T24] usb 8-1: selecting invalid altsetting 0
[  485.642810][   T24] usbtest 8-1:220.1: probe with driver usbtest failed with error -22
[  485.647085][   T24] usb 8-1: USB disconnect, device number 9
[  485.965319][T18060] loop5: detected capacity change from 0 to 40427
[  485.971894][T18060] F2FS-fs (loop5): Fix alignment : internally, start(4096) end(16896) block(12288)
[  485.984714][T18060] F2FS-fs (loop5): invalid crc value
[  485.992363][T18060] F2FS-fs (loop5): Current segment's next free block offset is inconsistent with bitmap, logtype:5, segno:2, type:0, next_blkoff:0, blkofs:1
[  486.000731][T18060] F2FS-fs (loop5): Failed to initialize F2FS segment manager (-117)
[  486.200317][T18087] loop5: detected capacity change from 0 to 764
[  486.204369][T18087] rock: directory entry would overflow storage
[  486.206809][T18087] rock: sig=0x4654, size=5, remaining=4
[  486.223077][T18089] netlink: 'syz.7.4945': attribute type 11 has an invalid length.
[  486.230554][T18089] netlink: 56 bytes leftover after parsing attributes in process `syz.7.4945'.
[  486.242149][T18089] netlink: 'syz.7.4945': attribute type 11 has an invalid length.
[  486.248364][T18089] netlink: 56 bytes leftover after parsing attributes in process `syz.7.4945'.
[  486.315700][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  486.524978][T18097] input: syz1 as /devices/virtual/input/input24
[  486.572131][    C1] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[  487.126623][T18100] loop7: detected capacity change from 0 to 512
[  487.154586][T18100] EXT4-fs: Ignoring removed i_version option
[  487.211981][T18100] EXT4-fs (loop7): invalid inodes per group: 32
[  487.211981][T18100] 
[  487.373131][T18104] bridge4: entered promiscuous mode
[  488.333211][T18134] loop7: detected capacity change from 0 to 128
[  488.341495][T18134] FAT-fs (loop7): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  488.349437][T18134] FAT-fs (loop7): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  488.756221][T18139] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  488.905103][T18147] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4972'.
[  488.970416][ T3343] FAT-fs (loop7): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  489.104920][T18161] loop5: detected capacity change from 0 to 512
[  489.123749][T18165] loop7: detected capacity change from 0 to 24
[  489.128530][T18165] MTD: Attempt to mount non-MTD device "/dev/loop7"
[  489.146020][T18161] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0007-000000000000 r/w without journal. Quota mode: writeback.
[  489.154670][T18165] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  489.157685][T18161] ext4 filesystem being mounted at /954/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  490.102590][T11024] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0007-000000000000.
[  490.110774][  T270] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[  490.271332][  T270] usb 8-1: Using ep0 maxpacket: 8
[  490.277333][  T270] usb 8-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  490.287109][  T270] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  490.294140][  T270] usb 8-1: Product: syz
[  490.297573][  T270] usb 8-1: Manufacturer: syz
[  490.300592][  T270] usb 8-1: SerialNumber: syz
[  490.311748][  T270] usb 8-1: config 0 descriptor??
[  490.539245][  T270] usb 8-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  490.761280][  T270] dvb_usb_rtl28xxu 8-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  490.767549][  T270] usb 8-1: USB disconnect, device number 10
[  490.919877][T18221] xt_bpf: check failed: parse error
[  491.047327][T18204] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  491.051534][T18204] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  491.421667][T18251] trusted_key: syz.7.5012 sent an empty control message without MSG_MORE.
[  491.602198][T18257] hm3): entered promiscuous mode
[  492.658884][T18285] netlink: 28 bytes leftover after parsing attributes in process `syz.7.5027'.
[  492.701720][T18288] loop7: detected capacity change from 0 to 1024
[  492.708051][T18288] hfsplus: Filesystem was not cleanly unmounted, running fsck.hfsplus is recommended.  mounting read-only.
[  492.922534][T18292] loop7: detected capacity change from 0 to 40427
[  492.927806][T18292] F2FS-fs (loop7): invalid crc value
[  492.981353][T18292] F2FS-fs (loop7): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  492.992520][T18292] F2FS-fs (loop7): Start checkpoint disabled!
[  493.006279][T18292] F2FS-fs (loop7): f2fs_disable_checkpoint() finish, err:0
[  493.010969][T18292] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e6
[  493.123552][T18292] F2FS-fs (loop7): ino:10, start:0, end:143, need to trigger GC to reclaim enough free segment when checkpoint is enabled
[  493.207089][T13700] kworker/u9:3: attempt to access beyond end of device
[  493.207089][T13700] loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  493.221378][T13700] CPU: 0 UID: 0 PID: 13700 Comm: kworker/u9:3 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  493.221401][T13700] Tainted: [L]=SOFTLOCKUP
[  493.221407][T13700] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  493.221415][T13700] Workqueue: writeback wb_workfn (flush-7:7)
[  493.221437][T13700] Call Trace:
[  493.221443][T13700]  <TASK>
[  493.221449][T13700]  dump_stack_lvl+0xe8/0x150
[  493.221467][T13700]  f2fs_stop_checkpoint+0x3c7/0x590
[  493.221487][T13700]  f2fs_write_end_io+0x1274/0x1740
[  493.221519][T13700]  __submit_merged_bio+0x256/0x6a0
[  493.221539][T13700]  __submit_merged_write_cond+0x3c9/0x4e0
[  493.221567][T13700]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  493.221617][T13700]  f2fs_write_data_pages+0x287e/0x34f0
[  493.221662][T13700]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  493.221727][T13700]  ? __lock_acquire+0x6b5/0x2cf0
[  493.221757][T13700]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  493.221775][T13700]  do_writepages+0x32e/0x550
[  493.221795][T13700]  ? reacquire_held_locks+0x104/0x190
[  493.221811][T13700]  ? writeback_sb_inodes+0x463/0x19d0
[  493.221831][T13700]  __writeback_single_inode+0x133/0x10e0
[  493.221848][T13700]  ? do_raw_spin_unlock+0x4d/0x210
[  493.221869][T13700]  writeback_sb_inodes+0x979/0x19d0
[  493.221883][T13700]  ? __lock_acquire+0x6b5/0x2cf0
[  493.221915][T13700]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  493.221929][T13700]  ? do_raw_spin_lock+0x12b/0x2f0
[  493.221973][T13700]  ? rcu_is_watching+0x15/0xb0
[  493.222016][T13700]  wb_writeback+0x445/0xb00
[  493.222036][T13700]  ? queue_io+0x261/0x470
[  493.222057][T13700]  ? __pfx_wb_writeback+0x10/0x10
[  493.222069][T13700]  ? do_raw_spin_lock+0x12b/0x2f0
[  493.222098][T13700]  wb_workfn+0x3f8/0xf10
[  493.222111][T13700]  ? __lock_acquire+0x6b5/0x2cf0
[  493.222122][T13700]  ? look_up_lock_class+0x57/0x110
[  493.222151][T13700]  ? __pfx_wb_workfn+0x10/0x10
[  493.222165][T13700]  ? do_raw_spin_lock+0x12b/0x2f0
[  493.222181][T13700]  ? lock_acquire+0x106/0x350
[  493.222196][T13700]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  493.222216][T13700]  ? process_scheduled_works+0xa70/0x1860
[  493.222257][T13700]  ? process_scheduled_works+0xa70/0x1860
[  493.222278][T13700]  ? process_scheduled_works+0xa70/0x1860
[  493.222290][T13700]  ? process_scheduled_works+0xa70/0x1860
[  493.222305][T13700]  process_scheduled_works+0xb5d/0x1860
[  493.222340][T13700]  ? __pfx_process_scheduled_works+0x10/0x10
[  493.222359][T13700]  ? assign_work+0x3d5/0x5e0
[  493.222377][T13700]  worker_thread+0xa53/0xfc0
[  493.222409][T13700]  kthread+0x388/0x470
[  493.222426][T13700]  ? __pfx_worker_thread+0x10/0x10
[  493.222438][T13700]  ? __pfx_kthread+0x10/0x10
[  493.222455][T13700]  ret_from_fork+0x514/0xb70
[  493.222472][T13700]  ? __pfx_ret_from_fork+0x10/0x10
[  493.222486][T13700]  ? __switch_to+0xc79/0x1410
[  493.222506][T13700]  ? __pfx_kthread+0x10/0x10
[  493.222523][T13700]  ret_from_fork_asm+0x1a/0x30
[  493.222551][T13700]  </TASK>
[  493.399567][T13700] F2FS-fs (loop7): Stopped filesystem due to reason: 3
[  493.698358][T18322] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5045'.
[  493.705883][T18322] bridge0: port 2(bridge_slave_1) entered disabled state
[  493.724923][T18322] bridge_slave_1 (unregistering): left allmulticast mode
[  493.727374][T18322] bridge_slave_1 (unregistering): left promiscuous mode
[  493.729924][T18322] bridge0: port 2(bridge_slave_1) entered disabled state
[  493.758797][   T33] audit: type=1326 audit(2000000012.936:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18321 comm="syz.5.5045" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f59cb39cdd9 code=0x0
[  494.183146][T18340] loop7: detected capacity change from 0 to 32768
[  494.204591][T18340] XFS (loop7): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  494.265856][T18340] XFS (loop7): Ending clean mount
[  494.319477][T16721] XFS (loop7): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  494.375838][    C1] hpet: Lost 1 RTC interrupts
[  494.704370][T18400] loop7: detected capacity change from 0 to 1024
[  494.709549][T18400] hfsplus: Filesystem was not cleanly unmounted, running fsck.hfsplus is recommended.  mounting read-only.
[  494.752203][  T270] usb 6-1: new high-speed USB device number 34 using dummy_hcd
[  494.839994][   T10] IPVS: starting estimator thread 0...
[  494.920721][  T270] usb 6-1: config 8 has an invalid interface number: 177 but max is 0
[  494.930583][  T270] usb 6-1: config 8 has no interface number 0
[  494.932303][T18403] IPVS: using max 86 ests per chain, 206400 per kthread
[  494.936014][  T270] usb 6-1: config 8 interface 177 altsetting 9 has an endpoint descriptor with address 0xE8, changing to 0x88
[  494.943268][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  494.946776][  T270] usb 6-1: config 8 interface 177 altsetting 9 bulk endpoint 0x88 has invalid maxpacket 1023
[  494.953399][  T270] usb 6-1: config 8 interface 177 altsetting 9 endpoint 0x87 has invalid wMaxPacketSize 0
[  494.964351][  T270] usb 6-1: config 8 interface 177 has no altsetting 0
[  494.969504][  T270] usb 6-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1
[  494.984266][  T270] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  495.003409][T18383] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  495.123486][   T10] usb 8-1: new full-speed USB device number 11 using dummy_hcd
[  495.253495][  T270] usb 6-1: string descriptor 0 read error: -71
[  495.286316][   T10] usb 8-1: device descriptor read/64, error -71
[  495.299668][  T270] ir_toy 6-1:8.177: required endpoints not found
[  495.322516][  T270] usb 6-1: USB disconnect, device number 34
[  495.552404][   T10] usb 8-1: new full-speed USB device number 12 using dummy_hcd
[  495.627286][    C1] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[  495.691731][   T10] usb 8-1: device descriptor read/64, error -71
[  495.810587][   T10] usb usb8-port1: attempt power cycle
[  495.948640][T18424] netlink: 'syz.5.5087': attribute type 1 has an invalid length.
[  496.020448][T18430] loop5: detected capacity change from 0 to 64
[  496.032812][T18430] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing
[  496.183439][   T10] usb 8-1: new full-speed USB device number 13 using dummy_hcd
[  496.217808][   T10] usb 8-1: device descriptor read/8, error -71
[  496.405131][   T33] audit: type=1326 audit(2000000015.405:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18459 comm="syz.5.5103" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59cb39cdd9 code=0x7ffc0000
[  496.414133][   T33] audit: type=1326 audit(2000000015.424:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18459 comm="syz.5.5103" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59cb39cdd9 code=0x7ffc0000
[  496.424107][   T33] audit: type=1326 audit(2000000015.424:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18459 comm="syz.5.5103" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59cb39cdd9 code=0x7ffc0000
[  496.437165][   T33] audit: type=1326 audit(2000000015.424:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18459 comm="syz.5.5103" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59cb39cdd9 code=0x7ffc0000
[  496.447828][   T33] audit: type=1326 audit(2000000015.433:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18459 comm="syz.5.5103" exe="/syz-executor" sig=0 arch=c000003e syscall=107 compat=0 ip=0x7f59cb39cdd9 code=0x7ffc0000
[  496.463294][   T33] audit: type=1326 audit(2000000015.433:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18459 comm="syz.5.5103" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59cb39cdd9 code=0x7ffc0000
[  496.475333][   T33] audit: type=1326 audit(2000000015.433:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18459 comm="syz.5.5103" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59cb39cdd9 code=0x7ffc0000
[  496.484350][   T10] usb 8-1: new full-speed USB device number 14 using dummy_hcd
[  496.484995][   T33] audit: type=1326 audit(2000000015.433:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18459 comm="syz.5.5103" exe="/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f59cb39cdd9 code=0x7ffc0000
[  496.525671][   T10] usb 8-1: device descriptor read/8, error -71
[  496.578696][T18469] loop5: detected capacity change from 0 to 4096
[  496.646406][   T10] usb usb8-port1: unable to enumerate USB device
[  497.211002][T18486] ceph: No mds server is up or the cluster is laggy
[  497.287471][ T5747] libceph: connect (1)[c::]:6789 error -22
[  497.297127][ T5747] libceph: mon0 (1)[c::]:6789 connect error
[  497.883095][T18502] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  498.084012][T18516] vlan0: entered promiscuous mode
[  498.184904][T18526] loop7: detected capacity change from 0 to 1024
[  499.186655][T18549] JFS: charset not found
[  499.814112][T18574] 9pnet: Found fid 0 not clunked
[  500.333074][T18582] loop7: detected capacity change from 0 to 32768
[  500.340364][T18582] ocfs2: Slot 0 on device (7,7) was already allocated to this node!
[  500.353957][T18582] JBD2: Ignoring recovery information on journal
[  500.391799][T18582] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode.
[  500.483939][T16721] ocfs2: Unmounting device (7,7) on (node local)
[  501.432696][T18612] loop7: detected capacity change from 0 to 2048
[  501.453325][T18612] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  501.462739][T18612] ext4 filesystem being mounted at /187/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  501.554407][T16721] EXT4-fs error (device loop7): ext4_free_inode:354: comm syz-executor: bit already cleared for inode 11
[  501.565728][T16721] EXT4-fs error (device loop7) in ext4_free_inode:361: Corrupt filesystem
[  501.580823][T16721] EXT4-fs error (device loop7) in ext4_free_inode:361: Corrupt filesystem
[  501.675924][T16721] EXT4-fs error (device loop7) in ext4_free_inode:361: Corrupt filesystem
[  501.698141][T16721] EXT4-fs error (device loop7) in ext4_free_inode:361: Corrupt filesystem
[  501.710828][T16721] EXT4-fs error (device loop7) in ext4_free_inode:361: Corrupt filesystem
[  501.714963][T16721] EXT4-fs error (device loop7) in ext4_free_inode:361: Corrupt filesystem
[  501.715812][T18622] netlink: 'syz.0.5173': attribute type 1 has an invalid length.
[  501.856721][T18623] input: syz0 as /devices/virtual/input/input25
[  502.023018][T16721] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  502.837206][T18655] netlink: 'syz.5.5187': attribute type 10 has an invalid length.
[  502.869883][T18655] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  502.979880][T18663] loop7: detected capacity change from 0 to 256
[  502.986891][T18663] exfat: Deprecated parameter 'namecase'
[  502.991154][T18663] exfat: Deprecated parameter 'utf8'
[  503.015161][T18663] exFAT-fs (loop7): failed to load upcase table (idx : 0x00010000, chksum : 0x544194fd, utbl_chksum : 0xe619d30d)
[  503.354929][T18676] loop5: detected capacity change from 0 to 512
[  503.363760][T18676] FAT-fs (loop5): bogus sectors per cluster 0
[  503.375874][T18676] FAT-fs (loop5): This doesn't look like a DOS 1.x volume; no bootstrapping code
[  503.387888][T18676] FAT-fs (loop5): Can't find a valid FAT filesystem
[  503.674085][ T5746] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  504.056857][ T5746] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  504.133294][   T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  504.145770][   T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  504.151224][   T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  504.171907][   T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  504.175615][ T5746] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  504.193419][   T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  504.219591][ T5003] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  504.224760][ T5003] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  504.228569][ T5003] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  504.242829][ T5003] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  504.255588][ T5003] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  504.331758][ T5746] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  504.598223][T18686] lo speed is unknown, defaulting to 1000
[  504.803330][ T5746] bridge_slave_1: left allmulticast mode
[  504.805608][ T5746] bridge_slave_1: left promiscuous mode
[  504.813368][ T5746] bridge0: port 2(bridge_slave_1) entered disabled state
[  504.821296][    T9] usb 6-1: new high-speed USB device number 35 using dummy_hcd
[  504.826686][ T5746] bridge_slave_0: left allmulticast mode
[  504.829550][ T5746] bridge_slave_0: left promiscuous mode
[  504.835442][ T5746] bridge0: port 1(bridge_slave_0) entered disabled state
[  505.003706][    T9] usb 6-1: Using ep0 maxpacket: 8
[  505.007685][    T9] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  505.011814][    T9] usb 6-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  505.018564][    T9] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  505.028306][    T9] usb 6-1: New USB device found, idVendor=0582, idProduct=0025, bcdDevice= 0.40
[  505.035464][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  505.045715][    T9] usb 6-1: Product: syz
[  505.047530][    T9] usb 6-1: Manufacturer: syz
[  505.049489][    T9] usb 6-1: SerialNumber: syz
[  505.107563][T18721] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5212'.
[  505.128856][ T5746] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  505.134856][ T5746] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  505.138970][ T5746] bond0 (unregistering): Released all slaves
[  505.150829][ T5746] bond1 (unregistering): Released all slaves
[  505.173680][ T5358] 8021q: adding VLAN 0 to HW filter on device eth13
[  505.346434][ T5746] hm3): left promiscuous mode
[  505.688890][    T9] usb 6-1: USB disconnect, device number 35
[  505.775988][ T5616] udevd[5616]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  505.897116][ T5358] 8021q: adding VLAN 0 to HW filter on device eth14
[  505.916669][T18686] bridge0: port 1(bridge_slave_0) entered blocking state
[  505.924036][T18686] bridge0: port 1(bridge_slave_0) entered disabled state
[  505.927561][T18686] bridge_slave_0: entered allmulticast mode
[  505.931929][T18686] bridge_slave_0: entered promiscuous mode
[  505.942245][T18686] bridge0: port 2(bridge_slave_1) entered blocking state
[  505.944837][T18686] bridge0: port 2(bridge_slave_1) entered disabled state
[  505.954688][T18686] bridge_slave_1: entered allmulticast mode
[  505.958004][T18686] bridge_slave_1: entered promiscuous mode
[  506.001813][T18686] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  506.015010][T18686] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  506.107614][T18686] team0: Port device team_slave_0 added
[  506.121056][T18686] team0: Port device team_slave_1 added
[  506.154861][ T5746] hsr_slave_0: left promiscuous mode
[  506.157946][ T5746] hsr_slave_1: left promiscuous mode
[  506.160190][ T5746] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  506.162629][ T5746] batman_adv: batadv0: Removing interface: batadv_slave_0
[  506.165842][ T5746] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  506.168049][ T5746] batman_adv: batadv0: Removing interface: batadv_slave_1
[  506.179938][ T5746] veth1_macvtap: left promiscuous mode
[  506.182327][ T5746] veth0_macvtap: left promiscuous mode
[  506.184370][ T5746] veth1_vlan: left promiscuous mode
[  506.186313][ T5746] veth0_vlan: left promiscuous mode
[  506.500138][ T5003] Bluetooth: hci1: command tx timeout
[  506.645860][T18758] loop5: detected capacity change from 0 to 32768
[  506.650217][T18758] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.5220 (18758)
[  506.668737][T18758] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  506.676244][T18758] BTRFS info (device loop5): using crc32c checksum algorithm
[  506.698968][T18758] BTRFS info (device loop5): enabling ssd optimizations
[  506.701267][T18758] BTRFS info (device loop5): turning on flush-on-commit
[  506.703886][T18758] BTRFS info (device loop5): enabling free space tree
[  506.705945][T18758] BTRFS info (device loop5): enabling auto defrag
[  506.707835][T18758] BTRFS info (device loop5): use lzo compression, level 1
[  506.710758][T18758] BTRFS info (device loop5): max_inline set to 4096
[  506.750844][ T5746] team0 (unregistering): Port device team_slave_1 removed
[  506.786736][ T5746] team0 (unregistering): Port device team_slave_0 removed
[  506.984130][T11024] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  506.994445][ T5358] 8021q: adding VLAN 0 to HW filter on device eth15
[  507.022854][T18686] batman_adv: batadv0: Adding interface: batadv_slave_0
[  507.041761][T18686] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  507.079412][T18686] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  507.131195][T18686] batman_adv: batadv0: Adding interface: batadv_slave_1
[  507.133859][T18686] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  507.151922][T18686] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  507.307479][T18686] hsr_slave_0: entered promiscuous mode
[  507.309792][T18686] hsr_slave_1: entered promiscuous mode
[  507.311985][T18686] debugfs: 'hsr0' already exists in 'hsr'
[  507.314567][T18686] Cannot create hsr debugfs directory
[  507.344433][T18797] ip6_vti0: entered allmulticast mode
[  507.348640][T18795] ip6_vti0: left allmulticast mode
[  507.502936][T18802] loop5: detected capacity change from 0 to 24
[  507.507830][T18802] romfs: Unknown parameter 'smackfsroot'
[  507.869426][ T5358] 8021q: adding VLAN 0 to HW filter on device eth16
[  507.886503][T18815] netem: unknown loss type 8
[  507.897830][T18815] netem: change failed
[  508.072282][ T5746] IPVS: stop unused estimator thread 0...
[  508.386650][T18686] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  508.411967][T18686] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  508.415731][T18686] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  508.422434][T18686] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  508.443443][T18686] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  508.453287][T18686] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  508.457320][T18686] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  508.476279][T18686] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  508.591413][T18686] 8021q: adding VLAN 0 to HW filter on device bond0
[  508.608606][T18686] 8021q: adding VLAN 0 to HW filter on device team0
[  508.617367][ T1110] bridge0: port 1(bridge_slave_0) entered blocking state
[  508.620390][ T1110] bridge0: port 1(bridge_slave_0) entered forwarding state
[  508.637601][ T1110] bridge0: port 2(bridge_slave_1) entered blocking state
[  508.640536][ T1110] bridge0: port 2(bridge_slave_1) entered forwarding state
[  508.646540][T18845] netlink: 48 bytes leftover after parsing attributes in process `syz.0.5243'.
[  508.651438][T18845] netlink: 48 bytes leftover after parsing attributes in process `syz.0.5243'.
[  508.655272][T18845] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  508.705591][T18847] overlayfs: failed to clone lowerpath
[  508.714203][ T5003] Bluetooth: hci1: command tx timeout
[  508.775228][T18852] netlink: 52 bytes leftover after parsing attributes in process `syz.0.5245'.
[  508.785191][T18852] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  508.808548][    T9] lo speed is unknown, defaulting to 1000
[  508.812740][    T9] syz0: Port: 1 Link DOWN
[  509.017282][T18869] handle_userfault: 1 callbacks suppressed
[  509.017299][T18869] FAULT_FLAG_ALLOW_RETRY missing 801
[  509.025563][T18869] CPU: 1 UID: 0 PID: 18869 Comm: syz.5.5248 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  509.025578][T18869] Tainted: [L]=SOFTLOCKUP
[  509.025581][T18869] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  509.025586][T18869] Call Trace:
[  509.025590][T18869]  <TASK>
[  509.025594][T18869]  dump_stack_lvl+0xe8/0x150
[  509.025609][T18869]  handle_userfault+0x1532/0x17f0
[  509.025626][T18869]  ? rcu_read_unlock+0x87/0xa0
[  509.025641][T18869]  ? __pfx_handle_userfault+0x10/0x10
[  509.025661][T18869]  handle_mm_fault+0x1bd7/0x3170
[  509.025676][T18869]  ? handle_mm_fault+0xee/0x3170
[  509.025689][T18869]  ? __pfx_handle_mm_fault+0x10/0x10
[  509.025700][T18869]  ? follow_page_pte+0x6b5/0xe50
[  509.025713][T18869]  ? __pfx_follow_page_pte+0x10/0x10
[  509.025727][T18869]  __get_user_pages+0x1683/0x2720
[  509.025748][T18869]  populate_vma_page_range+0x2be/0x3c0
[  509.025779][T18869]  ? __pfx_populate_vma_page_range+0x10/0x10
[  509.025788][T18869]  ? vma_wants_writenotify+0xba/0x2c0
[  509.025798][T18869]  ? vma_set_page_prot+0xc3/0x100
[  509.025809][T18869]  mprotect_fixup+0x9e5/0xb60
[  509.025819][T18869]  ? __pfx_mprotect_fixup+0x10/0x10
[  509.025834][T18869]  ? apparmor_file_mprotect+0x1d0/0x400
[  509.025843][T18869]  ? security_file_mprotect+0x1a/0x290
[  509.025856][T18869]  do_mprotect_pkey+0x8d5/0xd20
[  509.025869][T18869]  ? __pfx_do_mprotect_pkey+0x10/0x10
[  509.025888][T18869]  ? rcu_is_watching+0x15/0xb0
[  509.025899][T18869]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  509.025908][T18869]  __x64_sys_mprotect+0x80/0x90
[  509.025916][T18869]  do_syscall_64+0x15f/0xf80
[  509.025927][T18869]  ? trace_irq_disable+0x3b/0x140
[  509.025940][T18869]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  509.025948][T18869] RIP: 0033:0x7f59cb39cdd9
[  509.025957][T18869] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  509.025969][T18869] RSP: 002b:00007f59cc299028 EFLAGS: 00000246 ORIG_RAX: 000000000000000a
[  509.025979][T18869] RAX: ffffffffffffffda RBX: 00007f59cb616090 RCX: 00007f59cb39cdd9
[  509.025985][T18869] RDX: 000000000000000a RSI: 0000000000c00000 RDI: 0000200000400000
[  509.025990][T18869] RBP: 00007f59cb432d69 R08: 0000000000000000 R09: 0000000000000000
[  509.025995][T18869] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  509.026000][T18869] R13: 00007f59cb616128 R14: 00007f59cb616090 R15: 00007ffc0c932ff8
[  509.026013][T18869]  </TASK>
[  509.113078][    C1] hpet: Lost 4 RTC interrupts
[  509.169115][T18686] 8021q: adding VLAN 0 to HW filter on device batadv0
[  509.310323][T18686] veth0_vlan: entered promiscuous mode
[  509.325465][T18686] veth1_vlan: entered promiscuous mode
[  509.379083][T18686] veth0_macvtap: entered promiscuous mode
[  509.391302][T18686] veth1_macvtap: entered promiscuous mode
[  509.407683][T18686] batman_adv: batadv0: Interface activated: batadv_slave_0
[  509.420440][T18686] batman_adv: batadv0: Interface activated: batadv_slave_1
[  509.430579][T13232] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  509.434023][T13232] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  509.438517][T13232] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  509.444287][T13232] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  509.661194][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  509.663715][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  509.680671][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  509.684035][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  509.731789][T18892] kernel read not supported for file /media4 (pid: 18892 comm: kworker/0:7)
[  509.790168][T18900] netlink: 'syz.8.5258': attribute type 8 has an invalid length.
[  509.793488][T18900] sch_fq: defrate 0 ignored.
[  509.991923][T18916] netlink: 8 bytes leftover after parsing attributes in process `syz.8.5266'.
[  509.995422][T18916] netlink: 8 bytes leftover after parsing attributes in process `syz.8.5266'.
[  510.686161][T18924] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5269'.
[  510.936660][ T5003] Bluetooth: hci1: command tx timeout
[  511.364098][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  512.487156][T18959] bridge0: port 1(bridge_slave_0) entered disabled state
[  512.536389][T18959] bridge_slave_0 (unregistering): left allmulticast mode
[  512.538621][T18959] bridge_slave_0 (unregistering): left promiscuous mode
[  512.541364][T18959] bridge0: port 1(bridge_slave_0) entered disabled state
[  512.709760][T18964] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5287'.
[  512.732487][    C1] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[  512.867899][T18970] PKCS7: Unknown OID: [4] 0.0.0.0(bad)
[  512.870343][T18970] PKCS7: Only support pkcs7_signedData type
[  513.160194][ T5003] Bluetooth: hci1: command tx timeout
[  513.998696][T18999] bond2: option min_links: invalid value (18446744073709551612)
[  514.002121][T18999] bond2: option min_links: allowed values 0 - 2147483647
[  514.009518][T18999] bond2 (unregistering): Released all slaves
[  514.276339][T19009] tipc: Failed to remove unknown binding: 66,0,0/15444650:2101908618/2101908620
[  514.284519][T19009] tipc: Failed to remove unknown binding: 66,0,0/15444650:2101908618/2101908619
[  514.290079][T19009] tipc: Failed to remove unknown binding: 66,0,0/15444650:2101908618/2101908620
[  514.301230][T19009] tipc: Failed to remove unknown binding: 66,0,0/15444650:2101908618/2101908619
[  514.619384][T19025] loop8: detected capacity change from 0 to 2048
[  514.651796][T19025] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  515.471201][ T1380] ieee802154 phy0 wpan0: encryption failed: -22
[  515.476825][ T1380] ieee802154 phy1 wpan1: encryption failed: -22
[  517.433627][T19077] dns_resolver: Unsupported content type (231)
[  517.516952][T19081] loop5: detected capacity change from 0 to 512
[  517.521636][T19081] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  517.548626][T19081] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4222: comm syz.5.5336: Allocating blocks 41-42 which overlap fs metadata
[  517.564938][T19081] loop5: lost filesystem error report for type 5 error -117
[  517.574954][T19081] Quota error (device loop5): write_blk: dquota write failed
[  517.578801][    C1] EXT4-fs (loop5): error count since last fsck: 1
[  517.578820][    C1] EXT4-fs (loop5): initial error at time 2000000035: ext4_mb_mark_diskspace_used:4222
[  517.578839][    C1] EXT4-fs (loop5): last error at time 2000000035: ext4_mb_mark_diskspace_used:4222
[  517.594691][T19081] Quota error (device loop5): find_free_dqentry: Can't write quota data block 5
[  517.598951][T19081] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4222: comm syz.5.5336: Allocating blocks 41-42 which overlap fs metadata
[  517.612453][T19081] loop5: lost filesystem error report for type 5 error -117
[  517.612970][T19081] Quota error (device loop5): write_blk: dquota write failed
[  517.619784][T19081] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota
[  517.623332][T19081] EXT4-fs error (device loop5): ext4_acquire_dquot:7034: comm syz.5.5336: Failed to acquire dquot type 1
[  517.627901][T19081] loop5: lost filesystem error report for type 5 error -117
[  517.632659][T19081] EXT4-fs error (device loop5): mb_free_blocks:2049: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt.
[  517.689634][    C1] hpet: Lost 1 RTC interrupts
[  517.696358][T19081] EXT4-fs error (device loop5): ext4_do_update_inode:5690: inode #12: comm syz.5.5336: corrupted inode contents
[  517.703897][T19081] loop5: lost file I/O error report for ino 12 type 5 pos 0x0 len 0x0 error -117
[  517.713219][T19081] EXT4-fs error (device loop5): ext4_dirty_inode:6587: inode #12: comm syz.5.5336: mark_inode_dirty error
[  517.722572][T19081] loop5: lost file I/O error report for ino 12 type 5 pos 0x0 len 0x0 error -117
[  517.723270][T19081] EXT4-fs error (device loop5): ext4_do_update_inode:5690: inode #12: comm syz.5.5336: corrupted inode contents
[  517.731983][T19081] loop5: lost file I/O error report for ino 12 type 5 pos 0x0 len 0x0 error -117
[  517.732652][T19081] EXT4-fs error (device loop5): __ext4_ext_dirty:207: inode #12: comm syz.5.5336: mark_inode_dirty error
[  517.741515][T19081] loop5: lost file I/O error report for ino 12 type 5 pos 0x0 len 0x0 error -117
[  517.741950][T19081] EXT4-fs error (device loop5): ext4_do_update_inode:5690: inode #12: comm syz.5.5336: corrupted inode contents
[  517.755304][T19081] loop5: lost file I/O error report for ino 12 type 5 pos 0x0 len 0x0 error -117
[  517.760654][T19081] EXT4-fs error (device loop5) in ext4_orphan_del:303: Corrupt filesystem
[  517.769134][T19081] loop5: lost filesystem error report for type 5 error -117
[  517.769486][T19081] EXT4-fs error (device loop5): ext4_do_update_inode:5690: inode #12: comm syz.5.5336: corrupted inode contents
[  517.777583][T19081] loop5: lost file I/O error report for ino 12 type 5 pos 0x0 len 0x0 error -117
[  517.778783][T19093] overlayfs: failed to clone upperpath
[  517.791475][T19081] EXT4-fs error (device loop5): ext4_truncate:4690: inode #12: comm syz.5.5336: mark_inode_dirty error
[  517.795607][T19081] loop5: lost file I/O error report for ino 12 type 5 pos 0x0 len 0x0 error -117
[  517.800733][T19081] EXT4-fs error (device loop5) in ext4_process_orphan:345: Corrupt filesystem
[  517.806763][T19081] loop5: lost filesystem error report for type 5 error -117
[  517.809320][T19081] EXT4-fs (loop5): 1 truncate cleaned up
[  517.815025][T19081] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  517.827762][T19095] netlink: 'syz.0.5341': attribute type 17 has an invalid length.
[  517.872470][T11024] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  518.301012][T19127] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[  518.473393][   T10] usb 6-1: new high-speed USB device number 36 using dummy_hcd
[  518.638597][   T10] usb 6-1: unable to get BOS descriptor or descriptor too short
[  518.642904][   T10] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  518.647427][   T10] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  518.659789][   T10] usb 6-1: New USB device found, idVendor=0d8c, idProduct=0102, bcdDevice= 0.40
[  518.668322][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  518.672682][   T10] usb 6-1: Product: syz
[  518.674498][   T10] usb 6-1: Manufacturer: syz
[  518.678188][   T10] usb 6-1: SerialNumber: syz
[  518.903768][T19119] netlink: 'syz.5.5353': attribute type 4 has an invalid length.
[  518.908774][T19119] netlink: 60 bytes leftover after parsing attributes in process `syz.5.5353'.
[  518.913472][    C0] raw-gadget.0 gadget.5: ignoring, device is not running
[  518.917658][   T10] snd-usb-audio 6-1:1.0: probe with driver snd-usb-audio failed with error -71
[  518.927870][   T10] usb 6-1: USB disconnect, device number 36
[  520.423125][T19210] netlink: 92 bytes leftover after parsing attributes in process `syz.0.5377'.
[  521.114830][T19230] syz.0.5384(19230): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored.
[  521.738463][T19252] loop8: detected capacity change from 0 to 2048
[  521.780973][T19252] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  521.898268][   T36] 
[  521.899091][   T36] ======================================================
[  521.901234][   T36] WARNING: possible circular locking dependency detected
[  521.903437][   T36] syzkaller #0 Tainted: G             L     
[  521.906074][   T36] ------------------------------------------------------
[  521.908927][   T36] kworker/u10:1/36 is trying to acquire lock:
[  521.910952][   T36] ffff8881baedd4d8 (&ei->xattr_sem){++++}-{4:4}, at: ext4_destroy_inline_data+0x28/0xe0
[  521.913937][   T36] 
[  521.913937][   T36] but task is already holding lock:
[  521.916477][   T36] ffff88811f67cc18 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_writepages+0x205/0x3b0
[  521.919588][   T36] 
[  521.919588][   T36] which lock already depends on the new lock.
[  521.919588][   T36] 
[  521.922777][   T36] 
[  521.922777][   T36] the existing dependency chain (in reverse order) is:
[  521.925480][   T36] 
[  521.925480][   T36] -> #1 (&sbi->s_writepages_rwsem){++++}-{0:0}:
[  521.928032][   T36]        percpu_down_read_internal+0x48/0x1c0
[  521.929914][   T36]        ext4_writepages+0x205/0x3b0
[  521.931533][   T36]        do_writepages+0x32e/0x550
[  521.933121][   T36]        __writeback_single_inode+0x133/0x10e0
[  521.935125][   T36]        writeback_single_inode+0x4ac/0xdc0
[  521.937210][   T36]        write_inode_now+0x1c2/0x290
[  521.938938][   T36]        iput+0x8c1/0xe80
[  521.940281][   T36]        ext4_xattr_block_set+0x1fd4/0x2ad0
[  521.942097][   T36]        ext4_expand_extra_isize_ea+0x12cf/0x1ea0
[  521.944066][   T36]        __ext4_expand_extra_isize+0x30d/0x400
[  521.946230][   T36]        __ext4_mark_inode_dirty+0x45c/0x710
[  521.948168][   T36]        ext4_evict_inode+0x986/0x10e0
[  521.950292][   T36]        evict+0x61e/0xb10
[  521.951783][   T36]        ext4_orphan_cleanup+0xc38/0x1470
[  521.953679][   T36]        ext4_fill_super+0x5a19/0x6330
[  521.955630][   T36]        get_tree_bdev_flags+0x431/0x4f0
[  521.957570][   T36]        vfs_get_tree+0x92/0x2a0
[  521.959192][   T36]        do_new_mount+0x341/0xd30
[  521.960768][   T36]        __se_sys_mount+0x31d/0x420
[  521.962387][   T36]        do_syscall_64+0x15f/0xf80
[  521.963977][   T36]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  521.965941][   T36] 
[  521.965941][   T36] -> #0 (&ei->xattr_sem){++++}-{4:4}:
[  521.968294][   T36]        __lock_acquire+0x15a5/0x2cf0
[  521.969941][   T36]        lock_acquire+0x106/0x350
[  521.971510][   T36]        down_write+0x96/0x200
[  521.973325][   T36]        ext4_destroy_inline_data+0x28/0xe0
[  521.975629][   T36]        ext4_do_writepages+0x51e/0x4670
[  521.977815][   T36]        ext4_writepages+0x241/0x3b0
[  521.979816][   T36]        do_writepages+0x32e/0x550
[  521.981781][   T36]        __writeback_single_inode+0x133/0x10e0
[  521.984034][   T36]        writeback_sb_inodes+0x979/0x19d0
[  521.986262][   T36]        wb_writeback+0x445/0xb00
[  521.987887][   T36]        wb_workfn+0x3f8/0xf10
[  521.989726][   T36]        process_scheduled_works+0xb5d/0x1860
[  521.992100][   T36]        worker_thread+0xa53/0xfc0
[  521.994124][   T36]        kthread+0x388/0x470
[  521.995943][   T36]        ret_from_fork+0x514/0xb70
[  521.997961][   T36]        ret_from_fork_asm+0x1a/0x30
[  522.000081][   T36] 
[  522.000081][   T36] other info that might help us debug this:
[  522.000081][   T36] 
[  522.004101][   T36]  Possible unsafe locking scenario:
[  522.004101][   T36] 
[  522.007097][   T36]        CPU0                    CPU1
[  522.009250][   T36]        ----                    ----
[  522.011412][   T36]   rlock(&sbi->s_writepages_rwsem);
[  522.013619][   T36]                                lock(&ei->xattr_sem);
[  522.016324][   T36]                                lock(&sbi->s_writepages_rwsem);
[  522.018840][   T36]   lock(&ei->xattr_sem);
[  522.020486][   T36] 
[  522.020486][   T36]  *** DEADLOCK ***
[  522.020486][   T36] 
[  522.023456][   T36] 3 locks held by kworker/u10:1/36:
[  522.025466][   T36]  #0: ffff888162a99940 ((wq_completion)writeback){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860
[  522.028872][   T36]  #1: ffffc90000ac7c40 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860
[  522.033153][   T36]  #2: ffff88811f67cc18 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_writepages+0x205/0x3b0
[  522.036774][   T36] 
[  522.036774][   T36] stack backtrace:
[  522.038705][   T36] CPU: 1 UID: 0 PID: 36 Comm: kworker/u10:1 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  522.038718][   T36] Tainted: [L]=SOFTLOCKUP
[  522.038721][   T36] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  522.038727][   T36] Workqueue: writeback wb_workfn (flush-7:8)
[  522.038742][   T36] Call Trace:
[  522.038747][   T36]  <TASK>
[  522.038752][   T36]  dump_stack_lvl+0xe8/0x150
[  522.038762][   T36]  print_circular_bug+0x2e1/0x300
[  522.038773][   T36]  check_noncircular+0x12e/0x150
[  522.038783][   T36]  __lock_acquire+0x15a5/0x2cf0
[  522.038792][   T36]  ? stack_depot_save_flags+0x33/0x810
[  522.038804][   T36]  ? kasan_save_track+0x4f/0x80
[  522.038814][   T36]  ? kasan_save_track+0x3e/0x80
[  522.038829][   T36]  ? kasan_save_free_info+0x46/0x50
[  522.038837][   T36]  ? __kasan_slab_free+0x5c/0x80
[  522.038846][   T36]  ? kfree+0x1c5/0x640
[  522.038855][   T36]  ? ieee80211_inform_bss+0xc75/0x1160
[  522.038868][   T36]  ? ext4_destroy_inline_data+0x28/0xe0
[  522.038878][   T36]  lock_acquire+0x106/0x350
[  522.038886][   T36]  ? ext4_destroy_inline_data+0x28/0xe0
[  522.038897][   T36]  down_write+0x96/0x200
[  522.038907][   T36]  ? ext4_destroy_inline_data+0x28/0xe0
[  522.038917][   T36]  ? __pfx_down_write+0x10/0x10
[  522.038926][   T36]  ? ext4_journal_check_start+0x1c/0x2b0
[  522.038935][   T36]  ? ext4_journal_check_start+0x1cf/0x2b0
[  522.038944][   T36]  ext4_destroy_inline_data+0x28/0xe0
[  522.038955][   T36]  ext4_do_writepages+0x51e/0x4670
[  522.038963][   T36]  ? lockdep_hardirqs_on+0x7a/0x110
[  522.038973][   T36]  ? kfree+0x1c5/0x640
[  522.038981][   T36]  ? ieee80211_inform_bss+0xc75/0x1160
[  522.038993][   T36]  ? __pfx_ieee80211_inform_bss+0x10/0x10
[  522.039004][   T36]  ? cfg80211_inform_single_bss_data+0x13b9/0x1af0
[  522.039013][   T36]  ? look_up_lock_class+0x57/0x110
[  522.039022][   T36]  ? register_lock_class+0x31/0x2e0
[  522.039029][   T36]  ? trace_cfg80211_return_bss+0x7c/0x1f0
[  522.039036][   T36]  ? __pfx_ext4_do_writepages+0x10/0x10
[  522.039069][   T36]  ? __lock_acquire+0x6b5/0x2cf0
[  522.039081][   T36]  ? __pfx_cfg80211_inform_single_bss_data+0x10/0x10
[  522.039096][   T36]  ? __lock_acquire+0x6b5/0x2cf0
[  522.039108][   T36]  ? ext4_writepages+0x205/0x3b0
[  522.039123][   T36]  ? ext4_writepages+0x205/0x3b0
[  522.039138][   T36]  ext4_writepages+0x241/0x3b0
[  522.039149][   T36]  ? __pfx_ext4_writepages+0x10/0x10
[  522.039160][   T36]  ? do_raw_spin_unlock+0x4d/0x210
[  522.039170][   T36]  ? __pfx_ext4_writepages+0x10/0x10
[  522.039179][   T36]  do_writepages+0x32e/0x550
[  522.039188][   T36]  ? reacquire_held_locks+0x104/0x190
[  522.039196][   T36]  ? writeback_sb_inodes+0x463/0x19d0
[  522.039206][   T36]  __writeback_single_inode+0x133/0x10e0
[  522.039216][   T36]  ? do_raw_spin_unlock+0x4d/0x210
[  522.039226][   T36]  writeback_sb_inodes+0x979/0x19d0
[  522.039234][   T36]  ? __lock_acquire+0x6b5/0x2cf0
[  522.039245][   T36]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  522.039253][   T36]  ? do_raw_spin_lock+0x12b/0x2f0
[  522.039268][   T36]  ? rcu_is_watching+0x15/0xb0
[  522.039278][   T36]  wb_writeback+0x445/0xb00
[  522.039287][   T36]  ? queue_io+0x261/0x470
[  522.039296][   T36]  ? __pfx_wb_writeback+0x10/0x10
[  522.039304][   T36]  ? do_raw_spin_lock+0x12b/0x2f0
[  522.039316][   T36]  wb_workfn+0x3f8/0xf10
[  522.039324][   T36]  ? __lock_acquire+0x6b5/0x2cf0
[  522.039331][   T36]  ? look_up_lock_class+0x57/0x110
[  522.039342][   T36]  ? __pfx_wb_workfn+0x10/0x10
[  522.039349][   T36]  ? do_raw_spin_lock+0x12b/0x2f0
[  522.039358][   T36]  ? lock_acquire+0x106/0x350
[  522.039365][   T36]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  522.039375][   T36]  ? process_scheduled_works+0xa70/0x1860
[  522.039383][   T36]  ? process_scheduled_works+0xa70/0x1860
[  522.039391][   T36]  ? process_scheduled_works+0xa70/0x1860
[  522.039398][   T36]  ? process_scheduled_works+0xa70/0x1860
[  522.039405][   T36]  process_scheduled_works+0xb5d/0x1860
[  522.039416][   T36]  ? __pfx_process_scheduled_works+0x10/0x10
[  522.039425][   T36]  ? assign_work+0x3d5/0x5e0
[  522.039432][   T36]  worker_thread+0xa53/0xfc0
[  522.039443][   T36]  kthread+0x388/0x470
[  522.039453][   T36]  ? __pfx_worker_thread+0x10/0x10
[  522.039459][   T36]  ? __pfx_kthread+0x10/0x10
[  522.039468][   T36]  ret_from_fork+0x514/0xb70
[  522.039477][   T36]  ? __pfx_ret_from_fork+0x10/0x10
[  522.039484][   T36]  ? __switch_to+0xc79/0x1410
[  522.039494][   T36]  ? __pfx_kthread+0x10/0x10
[  522.039503][   T36]  ret_from_fork_asm+0x1a/0x30
[  522.039514][   T36]  </TASK>
[  522.183850][    C1] hpet: Lost 17 RTC interrupts
[  522.201465][   T36] EXT4-fs error (device loop8): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 25 vs 281 free clusters
[  522.207207][   T36] EXT4-fs (loop8): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 530 with error 28
[  522.211122][   T36] EXT4-fs (loop8): This should not happen!! Data will be lost
[  522.211122][   T36] 
[  522.214181][   T36] EXT4-fs (loop8): Total free blocks count 0
[  522.217300][   T36] EXT4-fs (loop8): Free/Dirty block details
[  522.230101][   T36] EXT4-fs (loop8): free_blocks=4096
[  522.231822][   T36] EXT4-fs (loop8): dirty_blocks=544
[  522.234030][   T36] EXT4-fs (loop8): Block reservation details
[  522.235966][   T36] EXT4-fs (loop8): i_reserved_data_blocks=34
[  522.241414][T18686] EXT4-fs warning (device loop8): ext4_evict_inode:195: inode #15: comm syz-executor: data will be lost
[  522.249224][T18686] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  522.277504][   T33] audit: type=1326 audit(2000000039.604:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19264 comm="syz.8.5399" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a5c59cdd9 code=0x7ffc0000
[  522.284927][   T33] audit: type=1326 audit(2000000039.604:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19264 comm="syz.8.5399" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a5c59cdd9 code=0x7ffc0000
[  522.293574][   T33] audit: type=1326 audit(2000000039.604:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19264 comm="syz.8.5399" exe="/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f3a5c59cdd9 code=0x7ffc0000
[  522.302927][   T33] audit: type=1326 audit(2000000039.604:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19264 comm="" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a5c59cdd9 code=0x7ffc0000
