last executing test programs:

3.443671809s ago: executing program 4 (id=1543):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000140), 0x40082)
write$sndseq(r0, 0x0, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r1, 0x4058534c, &(0x7f00000000c0)={0x80, 0x7})
getsockopt$ARPT_SO_GET_INFO(r1, 0x0, 0x60, &(0x7f00000004c0)={'filter\x00', 0x0, [0xbf, 0xffff, 0x5]}, &(0x7f0000000540)=0x44)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x2, r1}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='9p_client_req\x00', r2}, 0x10)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="dc0000006c00020026bd7000fbdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="006000000000000004001400080028000a5301001400140068737230000000000000000000000000080028670700592e00000c002b8008000100", @ANYRES32=r2, @ANYBLOB="08000400090000000a0001000effacb47bb8000068001980140005001063d2b09f7f700438a0971aebc8b1c8140005006aabbadd045e7f6b90801a800bc8d4c9080001000002000005000200000000001400040007b8b43ee7349c8bed6ade63e2f2f29305000600040000000500060001000000070002007b2f00000a0001000000000000000000"], 0xdc}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040000)
r4 = fsopen(&(0x7f00000000c0)='sysfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000000)='mand\x00', &(0x7f0000000040)='sysfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r5, 0x8933, &(0x7f0000000300)={'wpan0\x00', <r8=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r7, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)={0x28, r6, 0x801, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}]}, 0x28}}, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f0000000380)='cmdline\x00')
preadv(r9, &(0x7f0000000000)=[{0x0, 0x2}, {&(0x7f0000000080)=""/102, 0x66}], 0x2, 0x0, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440)={<r10=>0x0}, &(0x7f0000000480)=0xc)
r11 = signalfd4(r0, &(0x7f0000000680)={[0xfffffffffffffeff]}, 0x8, 0x1000)
sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, &(0x7f0000000780)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000740)={&(0x7f00000006c0)={0x58, r6, 0x600, 0x70bd25, 0x25dfdbfb, {}, [@NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r9}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x3}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_PID={0x8, 0x1c, r10}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r11}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r1}]}, 0x58}, 0x1, 0x0, 0x0, 0x41}, 0x40)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x2)
fsmount(r4, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r3, 0x8933, &(0x7f0000000180)={'wg2\x00'})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'veth1_macvtap\x00', <r12=>0x0})
r13 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r13, 0x8933, &(0x7f00000001c0)={'macvlan0\x00', <r14=>0x0})
r15 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r15, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=@newlink={0x54, 0x10, 0x503, 0x70bd2b, 0x29d24, {0x0, 0x0, 0x0, 0x0, 0x14415, 0x8001}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_MACSEC_ENCODING_SA={0x5, 0x6, 0x1}, @IFLA_MACSEC_ENCRYPT={0x5, 0x7, 0x1}]}}}, @IFLA_LINK={0x8, 0x5, r12}, @IFLA_MASTER={0x8, 0xa, r14}]}, 0x54}}, 0x0)

3.231953167s ago: executing program 4 (id=1545):
unshare(0x4000400)
r0 = epoll_create1(0x0)
r1 = fcntl$dupfd(r0, 0x2, 0xffffffffffffffff)
r2 = fanotify_init(0x0, 0x0)
fanotify_mark(r2, 0xd, 0x4000003a, r1, 0x0)

3.19258236s ago: executing program 4 (id=1547):
mremap(&(0x7f00007f5000/0x4000)=nil, 0x4000, 0xffff00000ad7e000, 0x3, &(0x7f0000ec0000/0x4000)=nil)

3.111879127s ago: executing program 4 (id=1548):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd0301000009210000000122010009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="002281"], 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0)
ioctl$HIDIOCSREPORT(r1, 0x400c4808, &(0x7f0000000400)={0x1})

2.7151465s ago: executing program 2 (id=1554):
openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
open(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x0, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e1301"], 0x16)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_open_dev$sndpcmp(&(0x7f0000000340), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_PARAMS(r1, 0xc2604110, &(0x7f0000000380)={0x0, [[0x1fe, 0x0, 0xfffffffc], [0x2000002, 0x1000000], [0x8002]], '\x00', [{0x9, 0x610cfd08}, {0x6, 0xc}, {0x0, 0x1efb660a}, {}, {}, {0x8000, 0x98b}, {}, {}, {0x9b99}, {0x0, 0x1}], '\x00', 0x3f9, 0x0, 0x0, 0x0, 0x0, 0x2})
syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x2, 0x1c}, @l2cap_cid_le_signaling={{0x18}, @l2cap_ecred_conn_req={{0x17, 0x3, 0x14}, {0x1, 0x8, 0x96, 0x5, [0x4, 0xe3, 0x0, 0x100, 0xfffe, 0x9]}}}}, 0x21)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={{0x14, 0x10, 0x4}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}, @NFT_MSG_NEWSETELEM={0x74, 0xc, 0xa, 0x301, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x48, 0x3, 0x0, 0x1, [{0x44, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPRESSIONS={0x38, 0xb, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @quota={{0xa}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_QUOTA_BYTES={0xc}]}}}, {0x14, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x4}}}]}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xf8}}, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r3, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000280)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010800000000000000000c00000008000300", @ANYRES32=r4, @ANYBLOB="0a0006000802110000000074ff382e129f660d02020000004802cb092e987b97ac7125766ff2d5906a02"], 0x34}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x1c, r6, 0x5, 0x0, 0x0, {{0xe}, {@val={0x8, 0x3, r7}, @void}}}, 0x1c}}, 0x0)
sendmsg$NL80211_CMD_NEW_MPATH(r1, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x58, r2, 0x28, 0x70bd29, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r7}, @val={0xc, 0x99, {0x7, 0x4d}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}]}, 0x58}}, 0x2000c000)
sched_setscheduler(0x0, 0x0, 0x0)
unshare(0x0)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e1f0a"], 0x22)
syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}}}, 0x7)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
syz_usb_connect$cdc_ncm(0x0, 0x0, 0x0, 0x0)

2.25086356s ago: executing program 1 (id=1557):
r0 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x181c01, 0x0)
write$P9_RWRITE(r0, 0x0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtaction={0x8c, 0x30, 0x1, 0x0, 0x0, {0x7a}, [{0x78, 0x1, [@m_police={0x74, 0x1, 0x0, 0x0, {{0xb}, {0x64, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c}, @TCA_POLICE_RESULT={0x8, 0x5, 0x20000000}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x8c}}, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r2, &(0x7f0000000080)=0x6, 0x9)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=@gettaction={0x30, 0x32, 0x909, 0x0, 0x0, {}, [@action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x18, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}, {0xc, 0x1, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x1c}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000740)=<r5=>0x0)
r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8b1a, &(0x7f0000000000)={'wlan1\x00'})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x24, r8, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000080}, 0x0)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000c00), 0xffffffffffffffff)
r11 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r12=>0x0})
sendmsg$NL80211_CMD_DEAUTHENTICATE(r4, &(0x7f0000000680)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="fdffffff0000000000d2a742b4bf4b4e77c7ac20dbfcad28030c1568aaf2117a7a87318ab71e8aebab098179c63bab69305f20796fd1b04347eb9facc4da9afbb4a0f16df43ef421ba8945c5bcef3b2ca70db6978f71f58e76d9b465687df510d6f312cf9090759f371dba8abda9662ab175ee04ae7707b2ea2c7f13538fcad12b58db0668108f726210557dc19c5131c72c038ad8804b2aff2caffef8f1e09d58debd1b85dc651e0378094ededbd60a5d90c8", @ANYRES32=r12, @ANYBLOB="0c009900ff0000002600000006003600ff07000004005f000a00060094f538bc85b700000a0034000202020202020000"], 0x4c}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f0000001600)={0x0, 0x29, &(0x7f0000000300)={&(0x7f00000017c0)=ANY=[@ANYRESOCT=r8, @ANYRES16, @ANYRES8=r12, @ANYBLOB="7a9ccda10c8cd16d6f0eb45521661be8d29a7b114983b304173721f35aca476cdf551299faac9cf7cd7f3b720f6ce5b379874837f05f9397cc3de2f7f672a6a5423071cf26352768cecc684a50927d49fb31cb2d69d8dfe7927e87f7a4acc62432fd2eec690bb8934370fb9837fdb89ac1a50c994eb053f3d5c3ad242e5b0087abb253021e2ee20dc6daa98dfcdada9013a3da0fb0e3cf0eda8edb733bcce24849", @ANYRESOCT=r5], 0x28}, 0x1, 0x0, 0x0, 0x40d4}, 0x814)
ioctl$BTRFS_IOC_SNAP_DESTROY_V2(0xffffffffffffffff, 0x5000943f, &(0x7f0000000780)={{}, r5, 0x12, @inherit={0x68, &(0x7f0000000100)=ANY=[@ANYBLOB="010000000000000004000000000000000500000000002000060000000000000004000010000000000100000000b6000005005692e5d1978aedd030fe0000000000000300000000000000000000000a210000ffffffffffffffff0800"]}, @subvolid=0x8})
ioctl$BTRFS_IOC_WAIT_SYNC(r3, 0x40089416, &(0x7f0000000140)=r5)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r1, 0xc0c89425, &(0x7f0000000000)={"338c9cd805af89504fd04983bb74c369", 0x0, r5, {0xdaa, 0xc1}, {0x9, 0x9}, 0x200, [0x69e5, 0x1, 0x9, 0x5, 0x1f, 0x100000000, 0x9, 0x4, 0x870, 0x7, 0x1200000000000, 0x8, 0xfffffffffffffff8, 0x7fffffffffffffff, 0x1ff, 0xd20]})
ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(0xffffffffffffffff, 0x50009418, &(0x7f00000001c0)={{r0}, r5, 0x12, @inherit={0x58, &(0x7f0000000000)={0x0, 0x2, 0x1, 0x80, {0x20, 0x7fffffff, 0x8, 0x4, 0xb9}, [0xffffffffffff0001, 0x7]}}, @subvolid=0x24})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r13 = open(&(0x7f0000000080)='./file0\x00', 0x1eb142, 0x0)
pwrite64(r13, &(0x7f0000000180)="f5", 0x1, 0x0)

2.147827719s ago: executing program 1 (id=1559):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0)
ioctl$SNDCTL_DSP_GETODELAY(r0, 0x80045017, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000100))
r2 = syz_open_dev$sndpcmp(&(0x7f0000000040), 0x0, 0xa2465)
ioctl$SNDRV_PCM_IOCTL_REWIND(r2, 0xc0884123, &(0x7f0000000000))
ioctl$SNDCTL_DSP_GETOPTR(r0, 0x800c5012, &(0x7f0000000140))

2.108059282s ago: executing program 2 (id=1561):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x281200c, &(0x7f0000000c40)=ANY=[@ANYRESHEX=r0, @ANYRESOCT=r0, @ANYRESOCT, @ANYRES64=0x0, @ANYRESOCT=0x0, @ANYRES8, @ANYRESOCT=r0, @ANYRES16, @ANYRES16=0x0], 0x4, 0x715, &(0x7f0000000500)="$eJzs3UtoHOcdAPD/rFaPVcGREz/SEsgSQ1oqaksWSqte6pZSdAglpIeeF3sdL1rLQVKKbEqj9HHvIaee0oNuoYeS3g3tuSFQ0qOOgUIuOemmMrMz+9C+pMiyZOf3EzPzzXyP+eY/OzP7QHwBfGOtzkf5cSSxOv/mdrq+t7vUnNhdmo6YSVebETEVEaWIckSSbkrWYzpd3sqn+HbkOV3LPh82Vt7+/Ku9L1pr5XzKypdG1Rtgqn/TTj5FNSIm8mW/ySEtfnJ49z3t3R7a3lEl7SNMA3atCFz85UStwokd9Nlp5338n2zeLjOg+nGuW+CcSlrPzdxBVPLUXMRstN4MZE/9/O5QOos+Pkk7Z90BAAAAOK7K8au8sB/7sR0XTqM7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8LzKx/9P8qlUpKuRFOP/T+XbIk+fQ+MHQvxsurV8fPqdAQAAAAAAAIBT9+p+7Md2XCjWD5LsN//Xun7j/1a8F5tRj424HttRi63Yio1YjIi5roamtmtbWxuLWc2ISyNq3oxPB9S8ObyPt3pXkydx3AAAAAAAAABwjs2MyV+b7N/2+1jt/P4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADnQRIx0Vpk06UiPRelckTMFOV2Ij6NiKmz7e2xJIM2Pn76/QAAAIATmeldTWaOUOeF92M/tuNCsX6QZJ/5r2Sfl2fivViPrWjEVjSjHnfyz9Dpp/7S3u5Sc2936X469bf70y+P1fWsxWh99zB4zy9nJSpxNxrZlutxO5I4yJTyVl7e211Kl/cH9+uDtE/JT3IjejPRlb6Tzq5+kqX/3PstQvlYh3hEhxstDS05l+VOtiOykPctrXGxiMDgSIw9O+WRe1qMUvubn0uj9zQ45h+M3vvsoVIDv7k5E4cjcTNK7TN0ZXQkIr77j49/fa+5vnbv7ub8+Tmkgd4fW+JwJJa6InH1OYrEeAtZJC6311fjF/GrmI8vp9+KjWjEb6IWW1GvFvm1/PWczudGR+qz2e61t8b1JL0mq+3716A+VaOnT1GNn2epWryWndML0YgkHkREPd7I/m7GYvtu0DnDl49w1ZeOcKftcu172aIdpqgML/u3ozX5pKRxvdgV1+577lyW172lE6UXB0apeNYd/XnUpfydPJG28IeRz4en7XAkFrsi8dKw10srpH89SOebzfW1jXu1d4+4v9fzZXod/WnEU+JUHtMjpWf4xZjJD+5iNk+ya2ohy3up3asiXv9tRCxmeZfarfQ+cdO8y+16rSv1l/Eg7vRcqT+M5ViOlaz0laz0ZN8TK8272m6p9x6e5qXvtMrtH3a63289iGbr/VDEzjN/2wZ4ziTdj7vZ789OVf5X+Xflo8ofK/cqb878bPpH069MxeS/Jn9cXph4vfRK8vf4KH7X+fwPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8fZsPH63Vms36xuBEaXBWMrpWrXlQDCTWrG9M5smhhdNEkg+VM6Y/aSLZfPjoYEyZcYnpvE9fs/qTTBSjNY4vXD3FbiQ77fOVb5kZfy6KUZ56s/q3PHy0luTDVHa9tMa9JEYlij13tkyeg1N5OFE9dq1q33Hlien+i+j4r97KoPM1ERGDCo+5cUyc7L4DnL0bW/ffvbH58NEPGvdr79Tfqa9PLi+vLKwsv7F0426jWV9ozbsqPP1R9YBT0vu2LTcVEa+OrztioFYAAAAAAAAAAADgFD2N/4U462MEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnm2r81F+HEksLlxfSNf3dpea6VSkOyXLEVGKiOS3Eck/I25Fa4q5ruaSYfv5sLHy9udf7X3RaatclC9F7AytN6rNjp18impETOTLE+hp7/b49qY6yekB2Un7KNKAXSsCB2ft/wEAAP//ikHuLA==")
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$EVIOCSKEYCODE_V2(0xffffffffffffffff, 0x40284504, &(0x7f00000004c0)={0x0, 0x0, 0x20, 0x0, "cbfea29368cc60a1ff856ae471fe261fdfb44a306ea8d6996bbcb8eb45d73158"})
ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000040))
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x41, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r1, 0x4400ae8f, &(0x7f0000000140)={0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x1})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil)
r2 = memfd_create(&(0x7f0000000140)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa6Ey\xdb\xd1\x86\xb1S\xf1:)\x00\xca\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddL)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x05\x1d\xa1\xce\x8b\x19\xea\xef\xe3\x8dr\xd6\xb2.\xbf|\x1e\x01)\xa6iIn.b\x8c*b\xc8\x06\xf4P\x1f\x86aJ\x7f\xf4\xd1o\xb6h\xdf\xd0\x93/T\x1e\x1at\x89\xdf\x80\xee-\xa3\xf2F80\xec[\x94\x86\x03\xf3M\x016\xdd\xd0}\x9d\xd1e\x81\x88\xc5\x8as\xf1\xcc\x120|W-\xc9\x17\x94M\xa8\x7f\x1b\xa5\x890O\x7f\x05\xcd\xe0\x05`.\x9en\x86NO\xc5\x1d\x9f\xf1\x14\x96', 0x0)
r3 = dup(r2)
r4 = socket$inet6(0xa, 0x2, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'lo\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001040)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}, {0x3}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x14, 0x2, [@TCA_FQ_CODEL_TARGET={0x8}, @TCA_FQ_CODEL_CE_THRESHOLD={0x8}]}}]}, 0x48}}, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(r4, 0x29, 0x3b, &(0x7f0000000080)=ANY=[], 0x8)
setsockopt$inet6_mtu(r4, 0x29, 0x17, &(0x7f0000000040)=0x5, 0x4)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
sendto$inet6(r4, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
execveat(r3, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)

2.043596677s ago: executing program 1 (id=1562):
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x10, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x79, 0x10, 0x48}, [@ldst={0x3, 0x0, 0x6}], {0x95, 0x0, 0x74}}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f0000000400)=""/198, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffff52}, 0x37)

1.974953213s ago: executing program 1 (id=1564):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r1}, 0x10)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)

1.928255927s ago: executing program 2 (id=1566):
syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000fdc01a40f30c74933bbc0000000109021b000100000000090400000187a00f000905029054"], 0x0)

1.870724102s ago: executing program 1 (id=1567):
r0 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$netlink(r0, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000080)={0xe0, 0x10, 0x509, 0x0, 0x0, "", [@generic="6f6d8864d22a3f2ffaa46c88bc", @typed={0xa9, 0x0, 0x0, 0x0, @binary="2b0e13e735a3184f123d6da2f1acfac0ee2dd2b184b27db1f302de337c0004060000000000bf852c8986626691b01b2d44e4ce28712d28bdda0a9423debbb86f9dba4a2dba4dbe076c02262600c446a567de243ab0d67683f7bb11c9cab3b3eed8a8bef4ff1631aa78acefca03c1a66db4424a8ba100022db228bb7b5eb5100e434db5dd5e995aa0912086d9f4606d2e4cc898739222c5d3a83cb6b707f3336336ebb7d681"}, @nested={0x14, 0x0, 0x0, 0x1, [@typed={0xd, 0x0, 0x0, 0x0, @binary="cfe7336f91087ba18b"}]}]}, 0xe0}], 0x1}, 0x0)

1.722814814s ago: executing program 1 (id=1569):
r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
syz_usb_disconnect(r0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f00000001c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0xb05, 0x1807, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, {0x9}, {{{0x9, 0x5, 0x81, 0x3, 0x40}}}}}]}}]}}, 0x0)
ioctl$EVIOCRMFF(r0, 0x4004550f, 0x0)

1.53985055s ago: executing program 3 (id=1572):
openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
open(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x0, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e1301"], 0x16)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_open_dev$sndpcmp(&(0x7f0000000340), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_PARAMS(r1, 0xc2604110, &(0x7f0000000380)={0x0, [[0x1fe, 0x0, 0xfffffffc], [0x2000002, 0x1000000], [0x8002]], '\x00', [{0x9, 0x610cfd08}, {0x6, 0xc}, {0x0, 0x1efb660a}, {}, {}, {0x8000, 0x98b}, {}, {}, {0x9b99}, {0x0, 0x1}], '\x00', 0x3f9, 0x0, 0x0, 0x0, 0x0, 0x2})
syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x2, 0x1c}, @l2cap_cid_le_signaling={{0x18}, @l2cap_ecred_conn_req={{0x17, 0x3, 0x14}, {0x1, 0x8, 0x96, 0x5, [0x4, 0xe3, 0x0, 0x100, 0xfffe, 0x9]}}}}, 0x21)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={{0x14, 0x10, 0x4}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}, @NFT_MSG_NEWSETELEM={0x74, 0xc, 0xa, 0x301, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x48, 0x3, 0x0, 0x1, [{0x44, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPRESSIONS={0x38, 0xb, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @quota={{0xa}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_QUOTA_BYTES={0xc}]}}}, {0x14, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x4}}}]}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xf8}}, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r3, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000280)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010800000000000000000c00000008000300", @ANYRES32=r4, @ANYBLOB="0a0006000802110000000074ff382e129f660d02020000004802cb092e987b97ac7125766ff2d5906a02"], 0x34}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x1c, r6, 0x5, 0x0, 0x0, {{0xe}, {@val={0x8, 0x3, r7}, @void}}}, 0x1c}}, 0x0)
sendmsg$NL80211_CMD_NEW_MPATH(r1, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x58, r2, 0x28, 0x70bd29, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r7}, @val={0xc, 0x99, {0x7, 0x4d}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}]}, 0x58}}, 0x2000c000)
sched_setscheduler(0x0, 0x0, 0x0)
unshare(0x0)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e1f0a"], 0x22)
syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}}}, 0x7)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
syz_usb_connect$cdc_ncm(0x0, 0x0, 0x0, 0x0)

1.274269113s ago: executing program 0 (id=1577):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r1}, 0x10)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)

1.239475665s ago: executing program 0 (id=1578):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xe)
ioctl$TIOCSSOFTCAR(r0, 0x541a, 0x0)

1.168781781s ago: executing program 0 (id=1579):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x281200c, &(0x7f0000000c40)=ANY=[@ANYRESHEX=r0, @ANYRESOCT=r0, @ANYRESOCT, @ANYRES64=0x0, @ANYRESOCT=0x0, @ANYRES8, @ANYRESOCT=r0, @ANYRES16, @ANYRES16=0x0], 0x4, 0x715, &(0x7f0000000500)="$eJzs3UtoHOcdAPD/rFaPVcGREz/SEsgSQ1oqaksWSqte6pZSdAglpIeeF3sdL1rLQVKKbEqj9HHvIaee0oNuoYeS3g3tuSFQ0qOOgUIuOemmMrMz+9C+pMiyZOf3EzPzzXyP+eY/OzP7QHwBfGOtzkf5cSSxOv/mdrq+t7vUnNhdmo6YSVebETEVEaWIckSSbkrWYzpd3sqn+HbkOV3LPh82Vt7+/Ku9L1pr5XzKypdG1Rtgqn/TTj5FNSIm8mW/ySEtfnJ49z3t3R7a3lEl7SNMA3atCFz85UStwokd9Nlp5338n2zeLjOg+nGuW+CcSlrPzdxBVPLUXMRstN4MZE/9/O5QOos+Pkk7Z90BAAAAOK7K8au8sB/7sR0XTqM7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8LzKx/9P8qlUpKuRFOP/T+XbIk+fQ+MHQvxsurV8fPqdAQAAAAAAAIBT9+p+7Md2XCjWD5LsN//Xun7j/1a8F5tRj424HttRi63Yio1YjIi5roamtmtbWxuLWc2ISyNq3oxPB9S8ObyPt3pXkydx3AAAAAAAAABwjs2MyV+b7N/2+1jt/P4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADnQRIx0Vpk06UiPRelckTMFOV2Ij6NiKmz7e2xJIM2Pn76/QAAAIATmeldTWaOUOeF92M/tuNCsX6QZJ/5r2Sfl2fivViPrWjEVjSjHnfyz9Dpp/7S3u5Sc2936X469bf70y+P1fWsxWh99zB4zy9nJSpxNxrZlutxO5I4yJTyVl7e211Kl/cH9+uDtE/JT3IjejPRlb6Tzq5+kqX/3PstQvlYh3hEhxstDS05l+VOtiOykPctrXGxiMDgSIw9O+WRe1qMUvubn0uj9zQ45h+M3vvsoVIDv7k5E4cjcTNK7TN0ZXQkIr77j49/fa+5vnbv7ub8+Tmkgd4fW+JwJJa6InH1OYrEeAtZJC6311fjF/GrmI8vp9+KjWjEb6IWW1GvFvm1/PWczudGR+qz2e61t8b1JL0mq+3716A+VaOnT1GNn2epWryWndML0YgkHkREPd7I/m7GYvtu0DnDl49w1ZeOcKftcu172aIdpqgML/u3ozX5pKRxvdgV1+577lyW172lE6UXB0apeNYd/XnUpfydPJG28IeRz4en7XAkFrsi8dKw10srpH89SOebzfW1jXu1d4+4v9fzZXod/WnEU+JUHtMjpWf4xZjJD+5iNk+ya2ohy3up3asiXv9tRCxmeZfarfQ+cdO8y+16rSv1l/Eg7vRcqT+M5ViOlaz0laz0ZN8TK8272m6p9x6e5qXvtMrtH3a63289iGbr/VDEzjN/2wZ4ziTdj7vZ789OVf5X+Xflo8ofK/cqb878bPpH069MxeS/Jn9cXph4vfRK8vf4KH7X+fwPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8fZsPH63Vms36xuBEaXBWMrpWrXlQDCTWrG9M5smhhdNEkg+VM6Y/aSLZfPjoYEyZcYnpvE9fs/qTTBSjNY4vXD3FbiQ77fOVb5kZfy6KUZ56s/q3PHy0luTDVHa9tMa9JEYlij13tkyeg1N5OFE9dq1q33Hlien+i+j4r97KoPM1ERGDCo+5cUyc7L4DnL0bW/ffvbH58NEPGvdr79Tfqa9PLi+vLKwsv7F0426jWV9ozbsqPP1R9YBT0vu2LTcVEa+OrztioFYAAAAAAAAAAADgFD2N/4U462MEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnm2r81F+HEksLlxfSNf3dpea6VSkOyXLEVGKiOS3Eck/I25Fa4q5ruaSYfv5sLHy9udf7X3RaatclC9F7AytN6rNjp18impETOTLE+hp7/b49qY6yekB2Un7KNKAXSsCB2ft/wEAAP//ikHuLA==")
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$EVIOCSKEYCODE_V2(0xffffffffffffffff, 0x40284504, &(0x7f00000004c0)={0x0, 0x0, 0x20, 0x0, "cbfea29368cc60a1ff856ae471fe261fdfb44a306ea8d6996bbcb8eb45d73158"})
ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000040))
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x41, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r1, 0x4400ae8f, &(0x7f0000000140)={0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x1})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil)
r2 = memfd_create(&(0x7f0000000140)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa6Ey\xdb\xd1\x86\xb1S\xf1:)\x00\xca\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddL)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x05\x1d\xa1\xce\x8b\x19\xea\xef\xe3\x8dr\xd6\xb2.\xbf|\x1e\x01)\xa6iIn.b\x8c*b\xc8\x06\xf4P\x1f\x86aJ\x7f\xf4\xd1o\xb6h\xdf\xd0\x93/T\x1e\x1at\x89\xdf\x80\xee-\xa3\xf2F80\xec[\x94\x86\x03\xf3M\x016\xdd\xd0}\x9d\xd1e\x81\x88\xc5\x8as\xf1\xcc\x120|W-\xc9\x17\x94M\xa8\x7f\x1b\xa5\x890O\x7f\x05\xcd\xe0\x05`.\x9en\x86NO\xc5\x1d\x9f\xf1\x14\x96', 0x0)
r3 = dup(r2)
r4 = socket$inet6(0xa, 0x2, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'lo\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001040)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}, {0x3}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x14, 0x2, [@TCA_FQ_CODEL_TARGET={0x8}, @TCA_FQ_CODEL_CE_THRESHOLD={0x8}]}}]}, 0x48}}, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(r4, 0x29, 0x3b, &(0x7f0000000080)=ANY=[], 0x8)
setsockopt$inet6_mtu(r4, 0x29, 0x17, &(0x7f0000000040)=0x5, 0x4)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
sendto$inet6(r4, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
execveat(r3, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)

1.06036142s ago: executing program 0 (id=1580):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x6, 0x18, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000730000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000a80)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

987.531917ms ago: executing program 0 (id=1581):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000140), 0x40082)
write$sndseq(r0, 0x0, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r1, 0x4058534c, &(0x7f00000000c0)={0x80, 0x7})
getsockopt$ARPT_SO_GET_INFO(r1, 0x0, 0x60, &(0x7f00000004c0)={'filter\x00', 0x0, [0xbf, 0xffff, 0x5]}, &(0x7f0000000540)=0x44)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x2, r1}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='9p_client_req\x00', r2}, 0x10)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="dc0000006c00020026bd7000fbdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="006000000000000004001400080028000a5301001400140068737230000000000000000000000000080028670700592e00000c002b8008000100", @ANYRES32=r2, @ANYBLOB="08000400090000000a0001000effacb47bb8000068001980140005001063d2b09f7f700438a0971aebc8b1c8140005006aabbadd045e7f6b90801a800bc8d4c9080001000002000005000200000000001400040007b8b43ee7349c8bed6ade63e2f2f29305000600040000000500060001000000070002007b2f00000a0001000000000000000000"], 0xdc}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040000)
r4 = fsopen(&(0x7f00000000c0)='sysfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000000)='mand\x00', &(0x7f0000000040)='sysfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r5, 0x8933, &(0x7f0000000300)={'wpan0\x00', <r8=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r7, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)={0x28, r6, 0x801, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}]}, 0x28}}, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f0000000380)='cmdline\x00')
preadv(r9, &(0x7f0000000000)=[{0x0, 0x2}, {&(0x7f0000000080)=""/102, 0x66}], 0x2, 0x0, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440)={<r10=>0x0}, &(0x7f0000000480)=0xc)
r11 = signalfd4(r0, &(0x7f0000000680)={[0xfffffffffffffeff]}, 0x8, 0x1000)
sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, &(0x7f0000000780)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000740)={&(0x7f00000006c0)={0x58, r6, 0x600, 0x70bd25, 0x25dfdbfb, {}, [@NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r9}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x3}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_PID={0x8, 0x1c, r10}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r11}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r1}]}, 0x58}, 0x1, 0x0, 0x0, 0x41}, 0x40)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x2)
fsmount(r4, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r3, 0x8933, &(0x7f0000000180)={'wg2\x00'})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'veth1_macvtap\x00', <r12=>0x0})
r13 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r13, 0x8933, &(0x7f00000001c0)={'macvlan0\x00', <r14=>0x0})
r15 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r15, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=@newlink={0x54, 0x10, 0x503, 0x70bd2b, 0x29d24, {0x0, 0x0, 0x0, 0x0, 0x14415, 0x8001}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_MACSEC_ENCODING_SA={0x5, 0x6, 0x1}, @IFLA_MACSEC_ENCRYPT={0x5, 0x7, 0x1}]}}}, @IFLA_LINK={0x8, 0x5, r12}, @IFLA_MASTER={0x8, 0xa, r14}]}, 0x54}}, 0x0)

921.528232ms ago: executing program 3 (id=1582):
syz_mount_image$hfs(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x802, &(0x7f0000000140)={[{@codepage={'codepage', 0x3d, 'cp1250'}}, {@iocharset={'iocharset', 0x3d, 'iso8859-6'}}, {@umask={'umask', 0x3d, 0x5}}, {@file_umask={'file_umask', 0x3d, 0x6}}, {@gid}]}, 0x7, 0x2db, &(0x7f0000000800)="$eJzs3c9u00oUx/HfOEmb/lGvb9urK7EBFSrBpqLAArEJQtmyZ4WAJpUqoiLaIgGbFsQS8QDseQUegg2IF4AVKx6gO6MZT1w7dZwWNXHTfj9SImc84znW2Jk5ltoIwLl1r/nj081f9mWkiiqS7kiBpLpUlfSf/q+/2NzZ2Om0W0UHqrgW9mUUtzSH6qxttvOa2nauhRfaT1XNpsswHFEU3f1ZdhAonbv7cwTSpL8P3f76iOMalj3pYtkxjFp6gM2+9vVScyWGAwA4Bfz8H/hpYtYVGQWBtOyn/TM1/++XHcDJutU5VBQVNkjN/251Fxk7vv+4XQf5nkvh7P6gmyUeJZhaz+cJxVdWZoFpBmWVLpZgan2jqpW1N2oFequGl6q26N5b8aXbNSDapZzctED/o9V0fzo+G7ei7OVD2l3f6LQn7VZO/AuFPU4eJ86jMV/MN/PQhPqoVrL+q0bGDpMbqbBnpIKajf96/yPOuFa2lnza32g0gkyVf10nF3wP3oBRqudnJOljdh8Q7CURFMXp+p5X9rFCfHarA1ot5LUKk099Wi1mWtmzsX2trD3rFD5KGY7uKZoP5oFZ0m99VjO1/g9sfMtK3ZlFX/XG1fRXRnw+E/k1q65meGjmOLhdLiUReEO46M+D4z0te68nuq257Vevn1Y6nfaW3Xic2TCyG89nt4wvqb2TeuqMaqOigjraOyiJrN0oOuqRo2EGf+1ED2i/P5ISe/vkVbZ3WVISjHqYzstG86uKLsjx2Ygiqc+uoX1P4RTZNnasU1PHVJnRoAR23WXi/M+t5P2qzqVI9i0sWKcXJ5nKHHE1yeCyS8F59z59rAxupn8Gl+rxRp+c0eVcl69KV1KFRoU9hj7OM8I09V2PeP4PAAAAAAAAAAAAAAAAAAAwbkbxlwZlnyMAAAAAAAAAAAAAAAAAAAAAAOPur37/N+9/xLvf/w35/V9gjPwJAAD//2tCdrA=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
mkdirat(r0, &(0x7f00000000c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)

883.045335ms ago: executing program 0 (id=1583):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000005c0)={0x44, &(0x7f00000003c0)={0x0, 0x0, 0x3, "7b2ebf"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)

775.407224ms ago: executing program 3 (id=1584):
syz_mount_image$udf(&(0x7f00000000c0), &(0x7f0000000180)='./file0\x00', 0x2000002, &(0x7f00000006c0)={[{@volume={'volume', 0x3d, 0x3e}}, {@gid}, {@dmode={'dmode', 0x3d, 0x4}}, {@rootdir={'rootdir', 0x3d, 0x4}}, {@iocharset={'iocharset', 0x3d, 'cp1251'}}, {@gid_forget}, {@gid_ignore}, {@iocharset={'iocharset', 0x3d, 'cp865'}}, {@longad}]}, 0x1, 0xc32, &(0x7f0000000e00)="$eJzs3U1sXNd9N+D/uRyKI/l9KyZ2FCeNi0lbpLJiufqKqViFO6pptgFkWQjF7AJwJI7UgSmSIKlGNtKC6aaLLgIURRdZEWiNAikaGE0RdMm0LpBsvCiy6opoYSMoumCLAFkFLO6dM9KQIm1GFCVKeh6b+s3ce86dc+4Z3ysLOvcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDxe6+dP3EyPexWAAAP0sXxr5445f4PAE+Uy/7/HwAAAAAAAAAAAAAA9rsURTwdKeYurqXJ6n1X/UJn8OatidGxrasdTFXNgap8+VM/eer0mS+9NHK2lxc6Mx9R/377bLwxfvl849XZG3Pz7YWF9lRjYqZzdXaqveMj7Lb+ZseqE9C48ebNqWvXFhqnXjy9Yfet4Q+HnjoyfG7k+ePP9cpOjI6Njd8pUu8vX7vnhnRtN8PjQBRxPFK88L2fplZEFLH7c1F/sGO/2cGqE8eqTkyMjlUdme60ZhbLnZd6J6KIaPRVavbO0dZjEbXBB9qH7TUjlsrmlw0+VnZvfK4137oy3W5cas0vdhY7szOXUre1ZX8aUcTZFLEcEatDdx9uMIqoRYrvHF5LVyJioHcevlhNDN6+HcUe9nEHynY2BiOWi0dgzPaxoSji9Ujxs/eOxtV8namuNV+IeL3MH0S8U+YrEan8YpyJ+GCL7xGPploU8efl+J9bS1PV9aB3XbnwtcZXZq7N9pXtXVd+yfvDXVeKh3R/OLgpH4x9fm2qRxGt6oq/lu79NzsAAAAAAAAAAAAAAAAA3G8Ho4jPRIrX/u2PqnnFUc1LP3xu5PeH/3//nPFnP+Y4ZdkXI2Kp2Nmc3AN5YuCldCmlhzyX+ElWjyL+OM//+9bDbgwAAAAAAAAAAAAAAAAAAMATrYifRIqX3z+alqN/TfHOzPXG5daV6e6qsL21f3trpq+vr683UjebOSdzLuVczrmSczVnFLl+zmbOyZxLOZdzruRczRkDuX7OZs7JnEs5l3Ou5FzNGbVcP2cz52TOpZzLOVdyruaMfbJ2LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA46SIIn4RKb79jbUUKSKaEZPRzZWhh906AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA0lIr4fqRo/EHz9rZaRKTq366j5S9nonmgzE9Gc6TMV6J5PmerylrzWw+h/ezOYCrix5FiqP7u7QHP4z/YfXf7axDvfPPOu8/WujnQ2zn84dBTRw6fGxn7tWe3e522asCxC52Zm7caE6NjY+N9m2v50z/Zt204f25xf7pORCy89fabrenp9vy9vyi/Aruo/gi9SLUnpadeVC+iti+a8XD6zhOgvP9/ECl++/1/793wu/f/evy/7rvbd/j4+Z/cuf+/vPlAO7z/1zbXy/f/8p6+1f3/6b5tL+ffjQzWIuqLN+YGj0TUF956+3jnRut6+3p75syJE18eGfny6RODByLq1zrT7b5X9+V0AQAAAAAAAAAAAAAAADw4qYjfjRStH6+lRkTcquZrDZ8bef74cwMxUM232jBv+43xy+cbr87emJtvLyy0pxoTM52rs1PtnX5cvZruNTE6tied+VgH97j9B+uvzs69Nd+5/oeLW+4/VD9/ZWFxvnV1691xMIqIZv+WY1WDJ0bHqkZPd1ozVdVLW06m/+UNpiL+I1JcPdNIn8/b8vz/zTP8N8z/X9p8oD2a//+Jvm3lZ6ZUxM8jxW/9xbPx+aqdh+Kuc5bL/U2kOHb2c7lcHCjL9drQfa5Ad2ZgWfZ/IsU//GJj2d58yKfvlD254xP7iCjH/3Ck+P6ffTd+PW/b+PyHrcf/0OYD7dH4P9O37dCG5xXsuuvk8T8eKV55+t34jbzto57/0Xv2xtFc+PbzOfZo/D/Vt204f+5v3p+uAwAAAAAAAAAAPNIGUxF/Gyl+OFZLL+VtO/n7f1ObD7RHf//r033bpu7PekUf+2LXJxUAAAAA9onBVMRPIsX1xXdvz6HeOP+7b/7n79yZ/zmaNu2t/pzvV6rnBtzPP//rN5w/d3L33QYAAAAAAAAAAAAAAAAAAIB9JaUiXsrrqU9W8/mntl1PfSVSvPZfL+Ry6UhZrrcO/HD1a/3i7Mzx89PTs1dbi60r0+3G+Fzrarus+0ykWPvrz+W6RbW+em+9+e4a73fWYp+PFGN/1yvbXYu9tzb5M72yS+2TZdlPRIr//PuNZXvrWH/qznFPlWX/KlJ8/Z+2LnvkTtnTZdnvRooffb3RK3uoLNt7Puqn75R98epssQejAgAAAAAAAAAAAAAAAAAAwJNmMBXxp5Hiv28s357Ln9f/H+x7W3nnm33r/W9yq1rnf7ha/3+71/ey/n/1XIGl7T4VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeTymKeDtSzF1cSytD5fuu+oXOzM1bE6NjW1c7mKqaA1X58qd+8tTpM196aeRsLz+6/v32mXhj/PL5xquzN+bm2wsL7anGxEzn6uxUe8dH2G39zY5VJ6Bx482bU9euLTROvXh6w+5bwx8OPXVk+NzI88ef65WdGB0bG+8rUxu850+/S9pm+4Eo4i8jxQvf+2n64VBEEbs/Fx/z3dlrB6tOHKs6MTE6VnVkutOaWSx3XuqdiCKi0Vep2TtHD2AsdqUZsVQ2v2zwsbJ743Ot+daV6XbjUmt+sbPYmZ25lLqtLfvTiCLOpojliFgduvtwg1HEm5HiO4fX0j8PRQz0zsMXL45/9cSp7dtR7GEfd6BsZ2MwYrn4qDHbosNsMBRF/GOk+Nl7R+NfhiJq0f2JL0S8XuYPIt6J7nin8otxJuIDp/WxUYsi/rcc/3Nr6b2h8nrQu65c+FrjKzPXZvvK9q4rj/z94UHa5/eTehTxo+qKv5b+1X/XAAAAAAAAAAAAAAAAAPtIEb8aKV5+/2iq5gffnlPcmbneuNy6Mt2d1teb+9ebM72+vr7eSN1s5pzMuZRzOedKztWcUeT6OZtl1tfXJ/P7pZzLOVdyruaMgVw/ZzPnZM6lnMs5V3Ku5oxarp+zmXMy51LO5ZwrOVdzxj6ZuwcAAAAAAAAAAAAAAAAAADxeiuqfFN/+xlpaH6rWlx7o7VuxHuhj7/8CAAD//0pa+Ck=")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000006ac0)='cpuacct.stat\x00', 0x275a, 0x0)

761.137696ms ago: executing program 4 (id=1585):
syz_mount_image$jfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="696f636861727365743d6d616363726f617469616e2c646973636172643d3078303030303030303030303030303030332c6e6f646973636172642c6572726f72733d636f6e74696e75652c696f636861727365743d6d6163637972696c6c69632c0067add4ceec7cb8702b1b4a0ff322839e69b507d7478e0706b00408dc59283f5c0159b8e3c0289dcb182504844ef8e6972cdb3f50680fc9602ed27c1f6b47a91f941f154ae205d34a9b7a7c67efa0c0e2a70251d664fce12ae64a5a521aa83080b7672c4e1566a61a0ade4b6c9d78151053d9fb31fd2cfc77f269f873e14e5fe3c46c0acbb22d40391ae31d2025dcd947adf76739ae4ecbe3b630040b37e2b09d7816e0b93981de1147532cf2f46d4d4904f68fb43cd165b9"], 0xfe, 0x619d, &(0x7f0000000780)="$eJzs3cuOHFcZB/Cv+jaXEMfKIgoWQpPEXEKIr8EYAiRZwIINC+QtsjWZRBYOINsgJ7LwRLNhwUOAkFgCYsmKB8iCLTseAEs2EiirFKqZc8Y1nW732M509cz5/aRx1denavqU/119marqEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA/PAHPz5bRcTlX6Ubjkd8LvoRvYiVpl6LiJW143n5QUQ8H9vN8VxEDJciqtz4TMRrEfHRsYh792+vNzed22c/vv+Xf/7hJ0/96B9/Gp7+319v9l+fttytW7/979/uPP72AgAAQInquq6r9DH/RPp83+u6UwDAXOTX/zrJt6sXrt5csP6o1Wq1+hDWbfVkd9pFRGy212neMzgcDwCHzGZ83HUX6JD8izaIiKe67gSw0KquO8CBuHf/9nqV8q3arwdrO+35XJA9+W9Wu9d3TJvOMn6OybweX1vRj2en9GdlTn1YJDn/3nj+l3faR2m5g85/XqblP9q59Kk4Of/+eP5jjk7+vYn5lyrnP3ik/PvyBwAAAACABZb//n+84+O/S0++KfvysOO/a3PqAwAAAAAAAAB81p50/L9dlfH/AAAAYFE1n9Ubvzv24LZp38XW3H6pinh6bHmgMOlimdWu+wEAAAAAAAAAAAAAJRnsnMN7qYoYRsTTq6t1XTc/beP1o3rS9Q+70rcfStb1kzwAAOz46NjYtfxVxHJEXErf9TdcXV2t6+WV1Xq1XlnK72dHS8v1SutzbZ42ty2N9vGGeDCqm1+23Fqvbdbn5Vnt47+vua9R3d9Hx+ajw8ABICJ2Xo3ueUU6Yur6mej6XQ6Hg/3/6LH/sx9dP04BAACAg1fXdV2lr/M+kY7597ruFAAwF/n1f/y4gFqtVqvV6qNXt9WT3WkXEbHZXqd5z2A4fgA4ZDbj4667QIfkX7RBRDzfdSeAhVZ13QEOxL37t9erlG/Vfj1I47vnc0H25L9Zba+X1580nWX8HJN5Pb62oh/PTunPc3PqwyLJ+ffG87+80z5Kyx10/vMyLf9mO4930J+u5fz74/mPOTr59ybmX6qc/+CR8u/LHwAAAAAAFlj++//xhTr+O3rczZnpYcd/1w7sXgEAAAAAAADgYN27f3s9X/eaj/9/YcJyrv88mnL+lfyLlPPvjeX/1bHl+q35u289yP8/92+v//Hmvz+fp/vNfynPVOmRVaVHRJXuqRqk6ZNs3adtDfuj5p6GVa8/SOf81MN34mpci404s2fZXvr/eNB+dk9709Phdnvd32k/t6d9sNue1z+/p32YznSqV3L7qViPn8e1eHu7vWlbmrH9yzPa6xntOf++/b9IOf9B66fJfzW1V2PTxt0Pe5/a79vTSffz5tUv/ubMwW/OTFvR3922tmb7XuygP9v/J0+N4pc3Nq6funXl5s3rZyNN9tx6LtLkM5bzH6af3ef/l3ba8/N+e3+9++HokfNfFFsxmJr/S635ZntfnnPfupDzH6WfnP/bqX3y/n+Y85++/7/SQX8AAAAAAAAAAAAAAADgYeq63r5E9M2IuJCu/+nq2kwAYL7y63+d5NvnVfcfd/0/792OrvqvVs+5rhasP3OtP6kXqz9q9WGs2+rJ3mgXEfH39jrNe4ZfT/plAMAi+yQi/tV1J+iM/AuWv++vmZ7sujPAXN14/4OfXrl2beP6ja57AgAAAAAAAAA8rjz+51pr/OeTdV3fGVtuz/ivb8Xak47/OcgzuwOMThmouv/o2/QwW71Rv9cabvyFmDb+93B37mHjfw9m3N9wRvtoRvvSjPblGe0TL/Royfm/0Brv/GREnBgbfr2E8V/Hx7wvQc7/xdbjucn/K2PLtfOvf3+Y8+/tyf/0zfd+cfrG+x+8evW9K+9uvLvxs/Nnz545f+HCxYsXT79z9drGmZ1/O+zxwcr557GvnQdalpx/zlz+Zcn5fynV8i9Lzv/LqZZ/WXL++f2e/MuS88+ffeRflpz/y6mWf1ly/l9LtfzLkvN/JdXyL0vO/+upln9Zcv6vplr+Zcn5n0q1/MuS8z+d6n3mv3LQ/WI+cv75CJf9vyw5/3xmg/zLkvM/l2r5lyXnfz7V8i9Lzv+1VMu/LDn/b6Ra/mXJ+V9ItfzLkvP/ZqrlX5ac/8VUy78sOf9vpVr+Zcn5fzvV8i9Lzv/1VMu/LDn/76Ra/mXJ+X831fIvS87/e6mWf1ly/m+kWv5lefD9/2bMmDGTZ7p+ZgIAAAAAAAAAAAAAxs3jdOKutxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD/7MCBAAAAAACQ/2sjVFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWEHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoKe3cXI9dZ3w/8zL557UBiIOTv5G/C2jHGOJvs+iV+oXUx4bXhrSSEQl+wXe/aLPgNr10CjWpHgRIJo6KKtuGiLSDU5qbCqrigFaBcoFaVKpH2gt4gKlQuoiqggFSJVpCtZs7zPDszOzuz6x07Z875fKTkl505M+fMmWdm92vnuwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANBsy5tmP1PLsqxWq+UXbMyyl9Tn+omNjUte/+IeHwAAALB2v2z8+/lb0gWHV3Cjpm3+6c7vfn1hYWEh+8Dwn45+YWEhXTGRZaPrsqxxXXT1hx+sNW8TPJ6N14aavh7qsfvhHteP9Lh+tMf1Yz2uX9fj+vEe1y85AUusz2rpzrY1/nNjfkqzW7PRxnXbOtzq8dq6ofq5S7fNao3bLIyeyOayU9lsNt2yfb5trbH9N7fU9/X2LO5rqGlfm+sr5KePHo/HUAvneFvLvhbvM/rxG7OJn/300eN/feG52zvNnqeh5f7y49yxtX6cnwqX5Mday9alcxKPc6jpODd3eE6GW46z1rhd/b/bj/P5FR7n8OJh3lDtz/l4NtT472ca52mklnU4T5vDZT+/K8uyy4uH3b7Nkn1lQ9mGlkuGFp+f8XxF1u+jvpReno2sap1uWcE6rc+Zba3rtP01EZ//LeF2I8scQ/PT9OPHxpqe918sXMs6jeqPernXSvsa7PdrpShrMK6LZxoP+omOa3BbePyPbl9+DXZcOx3WYHrcTWtwa681ODQ23Djm9CTUGrdZXIO7WrYfbuyp1pjPbu++BqcunD43Nf+JT94zd/rYydmTs2f27No1vWffvgMHDkydmDs1O53/+xrPdvFtyIbSa2BrOHfxNfDatm2bl+rCl8eWvP9e6+twvMvrcGPbtv1+HY60P7jajXlBLl3T+WvjffWTPn5lKFvmNdZ4fnau/XWYHnfT63Ck6XXY8XtKh9fhyApeh/Vtzu1c2c8sI03/dDqG5b8XrG0Nbmxag+0/j7SvwX7/PFKUNTge1sX3dy7/vWBzON4nJlf788jwkjWYHm5476lfkn7eHz/QGJ3W5R31K24ayy7Oz56/95FjFy6c35WFcUO8ommttK/XDU2PKVuyXodWvV4Pz935xB0dLt8YztX4PfV/jS/7XNW32Xtv9+eq8d2t8/lsuXR3Fkaf3ejz2em7ef18jmXZF7/z2IPfevSLb1r2fNbz5qem1v6zeMqlTe+/o8u8/8bc/0K+v3RXjw+PjuSv3+F0dkZb3o9bn6qRxntXrbHv56dW9n48Gv650e/Ht3Z5P97Utm2/349H2x9cfD+u9frTjrVpfz7Hwzo5Nd39/bi+zabdq12TI13fj+8KsxbO/+tCUki5qGntLLdu075GRkbD4xqJe2hdp3tath8N2ay+r6d2X9s63XFXfl/D6dEtulHrdKJt236v0/RnX8ut01qvP327Nu3P53hYF7fu6b5O69s8vXft753r4382vXeO9VqDo8Nj9WMeTYuw8X6fLayPa/De7Hh2NjuVzTSuHWusp1pjX5P3rWwNjoV/bvR75aYua3BH27b9XoPp+9hya682svTB90H78zke1sWT93Vfg/Vt3ry/vz+77giXpG2afnZt//O15f7M646203S91spIOM7v7O/+Z7P1bU4dWG3O7H6e7g6X3NThPLW/fpd7Tc1kN+Y8bQrH+dyB5c9T/Xjq23zh4ArX0+Esyy597P7Gn/eGv1/5u4vf+3rL37t0+judSx+7/ycvPfGPqzl+AAbfC/nYkH+va/qbqZX8/T8AAAAwEGLuHwozkf8BAACgNGLuj/9XeCL/AwAAQGnE3D8SZlKR/L/pzc/NvXApS838hSBen07DA/l2seM6Hb6eWFhUv/z+r87+9z9cWtm+h7Is+8UDf9Bx+00PxOPKTYTjvPqW1suX+Po9K9r30Ycvpf0299e/FO4/Pp6VLoNOFdzpLMu+ecvnGvuZ+OCVxnz6gaON+eDlJx6vb/P8wfzrePtnX5Fv/xeh/Hv4xLGW2z8bzsOPwpx+R+fzEW/3tSuv27z//Yv7i7erbb258bCf/FB+v/H35Hz+8Xz7eJ6XO/5vffapr9W3f+Q1nY//0lDn438q3O9Xw/yfV+XbNz8H9a/j7T4djj/uL97u3q98u+PxX/1Mvv25t+bbHQ0z7n9H+HrbW5+baz5fj9SOtTyu7G35dnH/09/748b18f7i/bcf//iRKy3no319PP1v+f1MtW0fL4/7if6+bf/1+2len3H/T/3R0Zbz3Gv/Vx989lX1+23f/91t25372M7G/hfvr/U3Nv3lpz/XcX/xeA7/7bmWx3P4veF1HPb/5IfCegzX/+/V/P7af7vC0fe2vv/E7b+08VLL44ne/rN8/1ffcLIx142v33DTS1568+VX189dlj2zLr+/Xvs/+VdnW47/y7fl5yNeHzv67ftfTtz/+Y9Pnjk7f3FuJp3VR29p/O6cd+bHE4/3lvDe2v71kbMXPjx7fmJ6YjrLJsr7K/Su2VfC/Ek+LnffemHJO+jOh8Pzeceff3PD9n/9bLz839+XX37lHfn3rdeG7T4fLt8Ynr/V7X+pJ7fc1nh9154OR7iw9PcFr8Xmbf91YEUbhsff/nNBXO/nXvnhxnmoX9f4vhFf12s8/h/M5PfzjXBeF8JvZt562+L+mrePvxvhykP5633N5y+8zcXn9W/C8/2uH+X3H48rPt4fhJ9jvr2p9f0uro9vXBpqv//Gb/G4HN5Pssv59XGreL6vPH9bx8OLv4cku3x74+s/Sfdz+6oe5nLmPzE/dWruzMVHpi7Mzl+Ymv/EJ4+cPnvxzIUjjd/leeQjvW6/+P60ofH+NDO7b2/WeLc6m4/r7MU+/nMPH5/ZP719ZvbEsYsnLjx8bvb8yePz88dnZ+a3HztxYvbjvW4/N3No1+6De/bvnjw5N3PowMGDew5Ozp05Wz+M/KB62Df90ckz5480bjJ/aO/BXffdt3d68vTZmdlD+6enJy/2un3je9Nk/da/P3l+9tSxC3OnZyfn5z45e2jXwX37dvf8bYCnz52Yn5g6f/HM1MX52fNT+WOZuNC4uP69r9ftKaf5/8h/nm1Xy38RX/aeu/el389a99XHlr2rfJO2XyD6XPhdNP/8snMHVvJ1zP2jYSYVyf8AAABQBTH3j4WZyP8AAABQGjH3rwszkf8BAACgNGLuHw8zqUj+L13/f9OlFe1f/1//v/l86f9XrP//UNH6//n7hf5/f6y1f6//H+j/6//r/+v/6//TB0Xr/8fcvz7LKpn/AQAAoApi7t8QZiL/AwAAQGnE3H9TmIn8DwAAAKURc/9Lwkwqkv/1//X/9f/1//X/O+9f/38w6f93p//fg/7/VFat/v/lfh6//r/+P0sVrf8fc/9Lw0wqkv8BAACgCmLuvznMRP4HAACA0oi5/5YwE/kfAAAASiPm/o1hJhXJ//r/+v/6//r/+v+d96//P5j0/7vT/+9B/9/n/+v/6//TV0Xr/8fc/7Iwk4rkfwAAAKiCmPtfHmYi/wMAAEDxjFzbzWLuf0WYyZL8f407AAAAAF50MfffmrUVwSvy9//6//r/xe//r0vX6f/r/2eF7P8PZ/r/xaH/353+fw/6//r/+v/6//RV0fr/jdyfjWevDDOpSP4HAACAKoi5/7YwE/kfAAAASiPm/v8XZiL/AwAAQGnE3L8pzKQi+V//X/+/+P1/n/+v/1/0/r/P/y8S/f/u9P970P/X/9f/1/+nr4rW/4+5//Ywk4rkfwAAAKiCmPvvCDOR/wEAAKA0Yu7//2Em8j8AAACURsz9m8NMKpL/9f8L3v+PzVH9f/1//X/9f/3/FdH/707/vwf9f/1//X/9f/qqaP3/mPtfFWZSkfwPAAAAVRBz/51hJvI/AAAAlEbM/a8OM5H/AQAAoDRi7p8IM6lI/tf/L3j/P+/Bj/n8f/1//X/9f/3/ldH/707/vwf9f/3/vvT/Fy7p/+v/kyta/z/m/i1hJhXJ/wAAAFAFMfdvDTOR/wEAAKA0Yu6/K8xE/gcAAIDSiLl/W5hJRfK//v9A9P8z/X/9f/1//X/9/5XR/+9O/78H/X/9f5//r/9PXxWt/x9z/2vCTCqS/wEAAKAKYu7fHmYi/wMAAEBpxNz/2jAT+R8AAABKI+b+HWEmFcn/+v/6//r/+v/6/533r/8/mPT/u9P/70H/X/9f/1//n74qWv8/5v7XhZlUJP8DAABAFcTcvzPMRP4HAACA0oi5/+4wE/kfAAAASiPm/skwk4rkf/1//X/9f/1//f/O+9f/H0z6/93p//eg/6//r/+v/09fFa3/H3P/PWEmFcn/AAAAUAUx998bZiL/AwAAQGnE3D8VZiL/AwAAQGnE3D8dZlKR/K//r/+v/6//v6r+/6sX71f/P6f/Xyz6/93p//eg/6///6L3/0f1/ymVovX/Y+7fFWZSkfwPAAAAVRBz/+4wE/kfAAAASiPm/j1hJvI/AAAAlEbM/XvDTCqS//X/9f/1//X/ff5/5/3r/w8m/f/u+t//jw9R/1//X//f5//r/7NU0fr/MfffF2ZSkfwPAAAAVRBz/74wE/kfAAAASiPm/v1hJvI/AAAAlEbM/QfCTCqS//X/9f/1//X/9f8771//fzDp/3fn8/970P/X/9f/1/9njR76w+avitb/j7n/YJhJRfI/AAAAVEHM/a8PM5H/AQAAoDRi7v+VMBP5HwAAAEoj5v5fDTOpSP7X/9f/1//X/9f/77x//f/BpP/fnf5/D/r/+v/6//r/9FXR+v8x9x8KM6lI/gcAAIAqiLn/18JM5H8AAAAojZj73xBmIv8DAABAacTcfzjMpCL5X/9f/1//X/9f/7/z/m90/38s3q/+/5ro/3en/9+D/r/+v/6//j99VbT+f8z9bwwzqUj+BwAAgCqIuf/+MBP5HwAAAEoj5v43hZnI/wAAAFAaMfe/OcykIvlf/1//X/9f/1//v/P+ff7/YNL/707/vwf9f/1//X/9f/qqaP3/mPvfEmZSkfwPAAAAVRBz/1vDTOR/AAAAKI2Y+98WZiL/AwAAQGnE3P/2MJOK5H/9f/1//X/9f/3/zvvX/x9M+v/d6f/3oP+v/6//r/9PXxWt/x9z/6+HmVQk/wMAAEAVxNz/QJiJ/A8AAAClEXP/O8JM5H8AAAAojZj73xlmUpH8r/+v/6//r/+v/995//r/g0n/v7sB6///8uZwuf5/Tv+/2Me/2v7/SNvX16X//8Pl+v8L69pvr//P9VC0/n/M/e8KM6lI/gcAAIAqiLn/3WEm8j8AAACURsz97wkzkf8BAACgNGLu/40wk4rkf/3/+nEstpf1/8va/x/S/9f/1/+vCP3/7gas/+/z/9vo/xf7+H3+v/4/SxWt/x9z/3vDTCqS/wEAAKAKYu5/MMxE/gcAAIDSiLn/oTAT+R8AAABKI+b+94WZVCT/6//7/P9q9P99/n+m/6//XxH6/93p//eg/6//X7T+/3/q/zPYitb/j7n/4TCTiuR/AAAAqIKY+98fZiL/AwAAQGnE3P+bYSbyPwAAAJRGzP0fCDOpSP7X/x+U/v/EgPb/H9P/v479/ztvzrfT/9f/Z5H+f3f6/z3o/+v/F63/7/P/GXBF6//H3P/BMJOV5//xFW8JAAAAvChi7v+tMJOK/P0/AAAAVEHM/b8dZiL/AwAAQGnE3P87YSYVyf/6/4PS//f5/5n+v8//b3s8+v/6/53cuP5/fOfR/9f/1/+P9P/1//X/aVe0/n/M/b8bZlKR/A8AAABVEHP/h8JM5H8AAAAYCJ3+n+x2MfcfCTOR/wEAAKA0Yu4/GmZSkfyv/6//r/9f0P7/n239l+9/991Hd+n/6//r/6/KDf38//qL3+f/6//r/yf6//r/+v+0K1r/P+b+Y2EmFcn/AAAAUAUx9/9emIn8DwAAAKURc//xMBP5HwAAAEoj5v6ZMJOK5H/9f/1//f+C9v8H+PP/4/nQ/2/Vt/5/fNPV/+8o79+nVXR9+//vX+yJ6/+vtv8/1vFS/X/9/0E+fv1//X+WKlr/P+b+2TCTiuR/AAAAqIKQ+4dO5HPxCvkfAAAASiPm/pNhJvI/AAAAlEbM/R8OM6lI/tf/1//X/9f/9/n/nfffrf9fG/H5/0WV+vc/b7xQ9P/bFKf/35n+v/7/IB+//r/+P0sVrf8fc/9cmElF8j8AAABUQcz9Hwkzkf8BAACgNGLu/2iYifwPAAAApRFz/6kwk4rkf/1//X/9f/1//f/O+y/s5//r/3e11v69/n+g/6//r/+v/6//Tx8Urf8fc//pMJOK5H8AAACogpj7z4SZyP8AAABQGjH3/x97d9JkWVntcfjkvUVUVnAHd3YHd2KEQz8CAx3rB3DgxIFGGA5ERcWewr5FUbFXBPsGGxBEVLBvwA7FHlTs+wY7RIkyyFprVWXmzn0yq05m7v2+zzNgyZHkHIkK4F9ZP/f5cYv9DwAAAM3I3f/YuKWT/a//1/832/8/UP+/0/vr//X/LdP/j9P/L6H/1//r//X/rNTU+v/c/Y+LWzrZ/wAAANCD3P2Pj1vsfwAAAGhG7v4L4hb7HwAAAJqRu/8JcUsn+39L/7+26LP/z4xX/99S/+/5/zu+v/5f/9+yg+3/L77v73z6f/2//j/o/3fV/x/d6ev1/7Roav1/7v4nxi2d7H8AAADoQe7+J8Ut9j8AAAA0I3f/hXGL/Q8AAADNyN3/5Lilk/2/uuf/H9t4fab9f9H/6/83XtD/6//1/7Pl+f/jeur/L7jt3Mfcdd3/X7+X99f/6/89/1//z2pNrf/P3f+UuKWT/Q8AAAA9yN3/1LjF/gcAAIBm5O5/Wtxi/wMAAEAzcvc/PW7pZP+vrv+f9fP/i/5f/7/xgv5f/6//ny39/7ie+v8zeX/9v/5f/6//Z7Wm1v/n7n9G3NLJ/gcAAIAe5O5/Ztxi/wMAAEAzcvdfFLfY/wAAANCM3P3H45ZO9r/+f//7/3v1//r/uPp//b/+f//p/8fp/5fQ/+v/9f/6f1Zqav1/7v6L45ZO9j8AAAD0IHf/s+IW+x8AAACakbv/2XGL/Q8AAADNyN3/nLilk/2v//f8f/2//l//P/z++v950v+P0/8vof8/237+HP2//l//z+n22P/fM/K37ZX0/7n7nxu3dLL/AQAAoAe5+58Xt9j/AAAA0Izc/c+PW+x/AAAAaEbu/hfELZ3sf/2//l//r/8/4/5/+w+9Dfr/Yfr/g6H/HzeZ/n/tyODL+v/Z9/+e/6//1/+zydSe/5+7/4VxSyf7HwAAAHqQu/9FccvI/t/zT+YDAAAAhyp3/4vjFt//BwAAgNnL6ix3/0vilk72v/5f/6//1/97/v/w+4/1/9ef9vn0/9Oi/x83mf5/B/p//f+cP7/+X//PdlPr/3P3vzRu6WT/AwAAQA9y918St9j/AAAA0Izc/S+LW+x/AAAAaEbu/pfHLZ3s/+H+/9R/r//fHf3/5s+v/x/+8bGq/j//jPr/0f7/QZ7/3yf9/7iD7/+P6v83//n1//vosD9/4/3/sWVfr/9nyNT6/9z9l8Ytnex/AAAA6EHu/lfELfY/AAAANCN3/yvjFvsfAAAAmpG7/1VxSyf73/P/9f/6//n1/57/f9JhPv9/ceD9/xH9/y7p/8d5/v8S+n/9v/7f8/9Zqan1/7n7L4tbOtn/AAAA0IPL7l5s7P5XLxb2PwAAAMzR6b92YOsvKA25+18Tt9j/AAAA0Izc/a+NWzrZ//p//b/+X/+v/x9+/2n1/57/v1v6/3H6/yX0//vRzx9prP+/fKevn0L/f5H+n4nZ1P/feOr1w+r/c/e/Lm7pZP8DAABAD3L3vz5usf8BAACgGbn73xC32P8AAADQjNz9b4xbOtn/+97/H9v5vfX/+n/9v/5f/6//XzX9/zj9/xL6f8//9/x//T8rtan/P81h9f+5+98Ut3Sy/wEAAKAHufvfHLfY/wAAANCM3P2Xxy32PwAAADQjd/9b4pZO9r/n/+v/9f/6f/3/8Pvr/+dJ/z9O/7+E/l//r//X/7NSU+v/c/dfEbd0sv8BAACgB7n7r4xb7H8AAABoRu7+t8Yt9j8AAAA0I3f/2+KWTva//n9/+/98Xf+v/1/o//X/+v8D0W3/vzb0T6Ltduj/b3nU8YdsfkX/r//X/+v/9f+swCT6/xOn/u0yd//b45ZO9j8AAAD0IHf/O+IW+x8AAACakbv/nXGL/Q8AAADNyN3/rrhlj/v/f1f6qQ6O/t/z//X/+n/9//D76//nqdv+f5c8/38J/b/+X/+v/2elJtH/n/b7ufvfHbf4/j8AAAA0I3f/e+IW+x8AAACakbv/vXGL/Q8AAADNyN3/vrilk/2v/9f/6//1//r/4fc/0/5/fTFM/38w9P/j9P9L6P/1//p//T8rNbX+P3f/VXFLJ/sfAAAAepC7//1xi/0PAAAAzcjd/4G4xf4HAACAZuTu/2Dc0sn+1//r//X/+n/9//D7e/7/POn/x+n/F4vF1SMfYKj/P3FU/6//1//r/zlDU+v/c/d/KG7pZP8DAABAD3L3Xx232P8AAADQjNz918Qt9j8AAAA0I3f/h+OWTva//l//r//X/+v/h99f/z9P+v9x+v8lPP9f/6//1/+zUlPr/3P3Xxu3dLL/AQAAoAe5+6+LW+x/AAAAaEbu/o/ELfY/AAAANCN3//VxSyf7X/+v/9f/6//3pf8/rv/fSv9/MPav/1/o//X/+v8l9P/6f/0/Wx1U/39P/P1+Wf+fu/+jcUsn+x8AAAB6kLv/hrjF/gcAAIBm5O7/WNxi/wMAAEAzcvd/PG7pZP/r//X/+n/9v+f/D7+//n+ePP9/nP5/Cf2//l//r/9npQ6q/9+p99/6+7n7PxG3dLL/AQAAoAe5+2+MW+x/AAAAaEbu/pviFvsfAAAAmpG7/5NxSyf7X/+v/9/c/y8W+n/9v/7/pAPo/9cX+v+V0/+P0/8vof9vs///r0VD/f+xHb9e/88UTa3/z93/qbilk/0PAAAAPcjd/+m4xf4HAACAZuTu/0zcYv8DAABAM3L3fzZuaWn/37tz+jb//v/oli/U/y8Wi9sv9Px//f/I++v/J9P/119V/f/q6P/H6f+X0P+32f97/r/+n0Mztf4/d//n4paW9j8AAAB0Lnf/5+MW+x8AAACakbv/C3GL/Q8AAADNyN3/xbilk/0///5/6xfq/xdn9fx//f/GC/p//b/+f7bOtr+/Yj3+mab/1//r/wf7+bUd/r1nof/X/+v/GTC1/j93/5filk72PwAAAPQgd//NcYv9DwAAAM3I3X9L3GL/AwAAQDNy9385bulk/+v/9f/6/3n2/+v6f/2//n/QVJ7/f955D75V/6//b7H/H6P/1//r/9lqav1/7v6vxC2d7H8AAADoQe7+r8Yt9j8AAAA0I3f/1+IW+x8AAACakbv/63FLJ/t/e/9/zuJkoXrSUP8fjZr+/zT6/82fX/8//OPD8//1//r//TeV/t/z/8/s8+v/9f9z/vx76v/vt/3r9f+0aGr9f+7+W+OWTvY/AAAA9CB3/zfiFvsfAAAAmpG7/5txi/0PAAAAzcjdf1vc0sn+9/x//b/+X/+v/x9+f/3/POn/x+n/l9D/6/89///8R/y3/p/VmVr/n7v/W3HLxvC7//+c4f9MAAAAYEJy9387bunk+/8AAADQg9z934lb7H8AAABoRu7+78Ytnex//b/+X/+v/9f/D7+//n+e9P/j9P9L9NP/rw+9eNj9/Nk67M/fTP/v+f+s0NT6/9z934tbOtn/AAAA0IPc/d+PW+x/AAAAaEbu/h/ELfY/AAAANCN3/+1xSyf7X/+v/2+//3+4/n/L++v/9f8t0//nP9GH6f+X6Kf/H3TY/fzcP7/+X//PdlPr/3P33xG3dLL/AQAAoAe5+38Yt9j/AAAA0Izc/T+KW+x/AAAAaEbu/h/HLZ3sf/1/X/3/2qLH/t/z//X/+v+ezKf/v/LI0Kue/6//1//P9/Pr//X/bDe1/j93/51rR7rc/wAAADBXD33Ao+/Y7R9758Zv1xc/iVvsfwAAAGhG7v6fxi32PwAAADQjd//P4pZO9r/+v6/+v8/n/+v/9f/6/57Mp/8fpv/X/+v/5/v59f/6f7abWv+fu//ncctpw2/w/6AHAAAAmI3c/b+IWzr5/j8AAAD0IHf/L+OWbfv/xC5/VTsAAAAwNbn7fxW3dPL9f/3/xPv/xT71//HH6f9P0v/r/4feX/8/T/r/cWfZ/59Y0//r/0fo//X/+n+2mlr/n7v/hmsXXe5/AAAAaNSmn1H49cZv1xe/iVvsfwAAAGhG7v7fxi32PwAAADQjd//v4pZO9r/+f+L9/xk9//9Y/SfP/++8/79kffD99f/6/5bp/8d5/v8S+n/9v/5f/89K7aH/3xik+93/5+7/fdzSyf4HAACAHuTu/0PcYv8DAABAM3L3/zFusf8BAACgGbn7/xS3dLL/9f+H0P9fenSx2Nf+fxfP/9f/99H/7/D+7fT//3fu8Zsf9shrrtL/c8pB9v/5Y0H/r//X/5+k/9f/6//ZamrP/8/d/+e4pZP9DwAAAD3I3X9X3GL/AwAAQDNy9/8lbrlv/990WJ8KAAAAWKXc/X+NWzr5/r/+v8Xn/8+z/8+/1ofQ/x+fX/+fTXHv/b/n/+v/t/P8/3H6/yX0//p//b/+n5WaWv+fu/9vcUsn+x8AAAB6kLv/73FL7v+1Pf/UPQAAADAxufv/Ebf4/j8AAAA0I3f/3XFLJ/tf/6//n0r/nzz//9TXef7/Sfp//f9e6P/H6f+X0P/r//X/+n9Wamr9f+7+f8Ytnex/AAAA6EHu/nviFvsfAAAAmpG7/19xi/0PAAAAzcjd/++4pZP9r//X/+v/9f/6/+H31//Pk/5/nP5/Cf2//l//r/9npabW/+fu/08AAAD//zekcr0=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
symlink(&(0x7f0000000580)='.\x02/file1\x00', &(0x7f00000002c0)='.\x02\x00')
write$FUSE_BMAP(r0, &(0x7f0000000140)={0x18}, 0x18)

499.888518ms ago: executing program 3 (id=1586):
r0 = syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r0, 0xc2604110, &(0x7f0000000040)={0x0, [[0x20000005], [0x0, 0x5], [0x6]], '\x00', [{0x0, 0x1}]})

483.628099ms ago: executing program 3 (id=1587):
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x10, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x79, 0x10, 0x48}, [@ldst={0x3, 0x0, 0x6}], {0x95, 0x0, 0x74}}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f0000000400)=""/198, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffff52}, 0x37)

422.763225ms ago: executing program 3 (id=1588):
syz_usb_connect(0x0, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000c4b20710200e01015a7a010203010902240001000000000904"], 0x0)

274.015847ms ago: executing program 2 (id=1589):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xe)
ioctl$TIOCSSOFTCAR(r0, 0x541a, 0x0)

204.671763ms ago: executing program 2 (id=1590):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000002c0)=0xa0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@local})
ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r0, 0x7af, &(0x7f0000000180))
r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000000)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000080)={@host})
r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000000)=0x90000)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000001200)={@local})

302.86µs ago: executing program 4 (id=1591):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x281200c, &(0x7f0000000c40)=ANY=[@ANYRESHEX=r0, @ANYRESOCT=r0, @ANYRESOCT, @ANYRES64=0x0, @ANYRESOCT=0x0, @ANYRES8, @ANYRESOCT=r0, @ANYRES16, @ANYRES16=0x0], 0x4, 0x715, &(0x7f0000000500)="$eJzs3UtoHOcdAPD/rFaPVcGREz/SEsgSQ1oqaksWSqte6pZSdAglpIeeF3sdL1rLQVKKbEqj9HHvIaee0oNuoYeS3g3tuSFQ0qOOgUIuOemmMrMz+9C+pMiyZOf3EzPzzXyP+eY/OzP7QHwBfGOtzkf5cSSxOv/mdrq+t7vUnNhdmo6YSVebETEVEaWIckSSbkrWYzpd3sqn+HbkOV3LPh82Vt7+/Ku9L1pr5XzKypdG1Rtgqn/TTj5FNSIm8mW/ySEtfnJ49z3t3R7a3lEl7SNMA3atCFz85UStwokd9Nlp5338n2zeLjOg+nGuW+CcSlrPzdxBVPLUXMRstN4MZE/9/O5QOos+Pkk7Z90BAAAAOK7K8au8sB/7sR0XTqM7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8LzKx/9P8qlUpKuRFOP/T+XbIk+fQ+MHQvxsurV8fPqdAQAAAAAAAIBT9+p+7Md2XCjWD5LsN//Xun7j/1a8F5tRj424HttRi63Yio1YjIi5roamtmtbWxuLWc2ISyNq3oxPB9S8ObyPt3pXkydx3AAAAAAAAABwjs2MyV+b7N/2+1jt/P4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADnQRIx0Vpk06UiPRelckTMFOV2Ij6NiKmz7e2xJIM2Pn76/QAAAIATmeldTWaOUOeF92M/tuNCsX6QZJ/5r2Sfl2fivViPrWjEVjSjHnfyz9Dpp/7S3u5Sc2936X469bf70y+P1fWsxWh99zB4zy9nJSpxNxrZlutxO5I4yJTyVl7e211Kl/cH9+uDtE/JT3IjejPRlb6Tzq5+kqX/3PstQvlYh3hEhxstDS05l+VOtiOykPctrXGxiMDgSIw9O+WRe1qMUvubn0uj9zQ45h+M3vvsoVIDv7k5E4cjcTNK7TN0ZXQkIr77j49/fa+5vnbv7ub8+Tmkgd4fW+JwJJa6InH1OYrEeAtZJC6311fjF/GrmI8vp9+KjWjEb6IWW1GvFvm1/PWczudGR+qz2e61t8b1JL0mq+3716A+VaOnT1GNn2epWryWndML0YgkHkREPd7I/m7GYvtu0DnDl49w1ZeOcKftcu172aIdpqgML/u3ozX5pKRxvdgV1+577lyW172lE6UXB0apeNYd/XnUpfydPJG28IeRz4en7XAkFrsi8dKw10srpH89SOebzfW1jXu1d4+4v9fzZXod/WnEU+JUHtMjpWf4xZjJD+5iNk+ya2ohy3up3asiXv9tRCxmeZfarfQ+cdO8y+16rSv1l/Eg7vRcqT+M5ViOlaz0laz0ZN8TK8272m6p9x6e5qXvtMrtH3a63289iGbr/VDEzjN/2wZ4ziTdj7vZ789OVf5X+Xflo8ofK/cqb878bPpH069MxeS/Jn9cXph4vfRK8vf4KH7X+fwPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8fZsPH63Vms36xuBEaXBWMrpWrXlQDCTWrG9M5smhhdNEkg+VM6Y/aSLZfPjoYEyZcYnpvE9fs/qTTBSjNY4vXD3FbiQ77fOVb5kZfy6KUZ56s/q3PHy0luTDVHa9tMa9JEYlij13tkyeg1N5OFE9dq1q33Hlien+i+j4r97KoPM1ERGDCo+5cUyc7L4DnL0bW/ffvbH58NEPGvdr79Tfqa9PLi+vLKwsv7F0426jWV9ozbsqPP1R9YBT0vu2LTcVEa+OrztioFYAAAAAAAAAAADgFD2N/4U462MEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnm2r81F+HEksLlxfSNf3dpea6VSkOyXLEVGKiOS3Eck/I25Fa4q5ruaSYfv5sLHy9udf7X3RaatclC9F7AytN6rNjp18impETOTLE+hp7/b49qY6yekB2Un7KNKAXSsCB2ft/wEAAP//ikHuLA==")
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$EVIOCSKEYCODE_V2(0xffffffffffffffff, 0x40284504, &(0x7f00000004c0)={0x0, 0x0, 0x20, 0x0, "cbfea29368cc60a1ff856ae471fe261fdfb44a306ea8d6996bbcb8eb45d73158"})
ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000040))
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x41, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r1, 0x4400ae8f, &(0x7f0000000140)={0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x1})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil)
r2 = memfd_create(&(0x7f0000000140)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa6Ey\xdb\xd1\x86\xb1S\xf1:)\x00\xca\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddL)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x05\x1d\xa1\xce\x8b\x19\xea\xef\xe3\x8dr\xd6\xb2.\xbf|\x1e\x01)\xa6iIn.b\x8c*b\xc8\x06\xf4P\x1f\x86aJ\x7f\xf4\xd1o\xb6h\xdf\xd0\x93/T\x1e\x1at\x89\xdf\x80\xee-\xa3\xf2F80\xec[\x94\x86\x03\xf3M\x016\xdd\xd0}\x9d\xd1e\x81\x88\xc5\x8as\xf1\xcc\x120|W-\xc9\x17\x94M\xa8\x7f\x1b\xa5\x890O\x7f\x05\xcd\xe0\x05`.\x9en\x86NO\xc5\x1d\x9f\xf1\x14\x96', 0x0)
r3 = dup(r2)
r4 = socket$inet6(0xa, 0x2, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'lo\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001040)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}, {0x3}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x14, 0x2, [@TCA_FQ_CODEL_TARGET={0x8}, @TCA_FQ_CODEL_CE_THRESHOLD={0x8}]}}]}, 0x48}}, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(r4, 0x29, 0x3b, &(0x7f0000000080)=ANY=[], 0x8)
setsockopt$inet6_mtu(r4, 0x29, 0x17, &(0x7f0000000040)=0x5, 0x4)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
sendto$inet6(r4, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
execveat(r3, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)

0s ago: executing program 2 (id=1592):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x6, 0x18, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000730000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000a80)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

kernel console output (not intermixed with test programs):

.930:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6406 comm="syz.4.861" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05d6575ad9 code=0x7ffc0000
[  199.845981][ T6443] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  200.139381][ T6455] loop1: detected capacity change from 0 to 128
[  200.180809][ T6457] loop2: detected capacity change from 0 to 512
[  200.320411][ T6457] EXT4-fs (loop2): Test dummy encryption mode enabled
[  200.344507][ T6455] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  200.475959][ T6455] ext4 filesystem being mounted at /96/file0 supports timestamps until 2038 (0x7fffffff)
[  200.537942][ T6457] EXT4-fs error (device loop2): __ext4_fill_super:5399: inode #2: comm syz.2.883: casefold flag without casefold feature
[  200.742507][ T6457] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended
[  201.039027][ T6457] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  201.199793][ T5545] EXT4-fs error (device loop2): ext4_lookup:1855: inode #15: comm syz-executor: iget: bad extra_isize 65531 (inode size 512)
[  201.255010][ T5545] EXT4-fs error (device loop2): ext4_lookup:1855: inode #15: comm syz-executor: iget: bad extra_isize 65531 (inode size 512)
[  201.454751][ T3623] kernel write not supported for file bpf-prog (pid: 3623 comm: kworker/1:6)
[  201.671561][ T5028] EXT4-fs (loop1): unmounting filesystem.
[  202.683230][ T5545] EXT4-fs (loop2): unmounting filesystem.
[  202.864317][ T6498] loop1: detected capacity change from 0 to 64
[  202.939137][ T4557] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  203.063614][ T6501] loop4: detected capacity change from 0 to 512
[  203.175811][ T6501] EXT4-fs (loop4): Test dummy encryption mode enabled
[  203.207365][ T4557] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  203.217972][ T6501] EXT4-fs error (device loop4): __ext4_fill_super:5399: inode #2: comm syz.4.900: casefold flag without casefold feature
[  203.218496][ T6501] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended
[  203.281895][ T6506] libceph: resolve '40.' (ret=-3): failed
[  203.296128][ T6501] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  203.423664][ T4557] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  203.492241][ T3564] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  203.503848][ T3564] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  203.511761][ T3569] EXT4-fs error (device loop4): ext4_lookup:1855: inode #15: comm syz-executor: iget: bad extra_isize 65531 (inode size 512)
[  203.528697][ T3564] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  203.538935][ T3564] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  203.549996][ T3564] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  203.557694][ T3564] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  203.576589][ T3569] EXT4-fs error (device loop4): ext4_lookup:1855: inode #15: comm syz-executor: iget: bad extra_isize 65531 (inode size 512)
[  203.738700][ T4557] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  204.025990][ T6529] loop3: detected capacity change from 0 to 1024
[  204.058355][ T6529] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  204.069531][ T6529] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  204.089942][ T6529] jbd2_journal_init_inode: Cannot locate journal superblock
[  204.097371][ T6529] EXT4-fs (loop3): Could not load journal inode
[  205.071618][ T6527] sched: RT throttling activated
[  205.645490][   T48] Bluetooth: hci2: command tx timeout
[  205.671445][   T27] kauditd_printk_skb: 25 callbacks suppressed
[  205.671463][   T27] audit: type=1800 audit(1721266445.400:191): pid=6533 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.912" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0
[  205.888459][ T3569] EXT4-fs (loop4): unmounting filesystem.
[  206.081722][ T6515] chnl_net:caif_netlink_parms(): no params data found
[  206.274323][ T6515] bridge0: port 1(bridge_slave_0) entered blocking state
[  206.315965][ T6515] bridge0: port 1(bridge_slave_0) entered disabled state
[  206.324262][ T6515] device bridge_slave_0 entered promiscuous mode
[  206.639212][ T6515] bridge0: port 2(bridge_slave_1) entered blocking state
[  206.655708][ T6515] bridge0: port 2(bridge_slave_1) entered disabled state
[  206.664017][ T6515] device bridge_slave_1 entered promiscuous mode
[  206.932005][ T3564] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  206.943958][ T3564] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  206.955952][ T3564] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  206.975713][ T3564] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  206.983756][ T3564] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  206.991275][ T3564] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  207.167191][ T6569] netlink: 'syz.0.922': attribute type 1 has an invalid length.
[  207.426492][ T6515] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  207.469140][ T6515] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  207.725435][ T3564] Bluetooth: hci2: command tx timeout
[  207.740338][ T6515] team0: Port device team_slave_0 added
[  207.777275][ T6570] loop1: detected capacity change from 0 to 32768
[  208.427235][ T6515] team0: Port device team_slave_1 added
[  208.457139][ T6570] XFS (loop1): Mounting V5 Filesystem
[  208.525787][ T6570] XFS (loop1): Ending clean mount
[  208.597026][ T6570] XFS (loop1): Quotacheck needed: Please wait.
[  208.685674][ T6570] XFS (loop1): Quotacheck: Done.
[  208.730507][ T6515] batman_adv: batadv0: Adding interface: batadv_slave_0
[  208.748283][ T6515] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  208.836665][ T5028] XFS (loop1): Unmounting Filesystem
[  208.845658][ T6515] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  208.990745][ T6581] loop3: detected capacity change from 0 to 32768
[  209.023955][ T6515] batman_adv: batadv0: Adding interface: batadv_slave_1
[  209.046018][ T6515] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  209.085564][   T48] Bluetooth: hci4: command tx timeout
[  209.217107][ T6515] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  209.466253][ T6515] device hsr_slave_0 entered promiscuous mode
[  209.503451][ T6515] device hsr_slave_1 entered promiscuous mode
[  209.534481][ T6515] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  209.547726][ T6515] Cannot create hsr debugfs directory
[  209.753461][ T6619] libceph: resolve '40.' (ret=-3): failed
[  209.805693][   T48] Bluetooth: hci2: command tx timeout
[  209.815777][   T27] audit: type=1326 audit(1721266449.550:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6615 comm="syz.1.927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02d3575ad9 code=0x7fc00000
[  209.885558][   T27] audit: type=1326 audit(1721266449.570:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6615 comm="syz.1.927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7f02d3575ad9 code=0x7fc00000
[  210.514861][   T27] audit: type=1326 audit(1721266450.240:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6615 comm="syz.1.927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02d3575ad9 code=0x7fc00000
[  210.755899][   T27] audit: type=1326 audit(1721266450.270:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6615 comm="syz.1.927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7f02d3575ad9 code=0x7fc00000
[  210.844804][ T3604] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  210.853543][   T27] audit: type=1326 audit(1721266450.270:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6615 comm="syz.1.927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02d3575ad9 code=0x7fc00000
[  210.877746][   T27] audit: type=1326 audit(1721266450.270:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6615 comm="syz.1.927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02d3575ad9 code=0x7fc00000
[  210.926376][   T27] audit: type=1326 audit(1721266450.270:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6615 comm="syz.1.927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02d3575ad9 code=0x7fc00000
[  211.010790][   T27] audit: type=1326 audit(1721266450.270:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6615 comm="syz.1.927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02d3575ad9 code=0x7fc00000
[  211.085468][   T27] audit: type=1326 audit(1721266450.270:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6615 comm="syz.1.927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02d3575ad9 code=0x7fc00000
[  211.109415][ T3604] usb 1-1: Using ep0 maxpacket: 32
[  211.141954][   T27] audit: type=1326 audit(1721266450.270:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6615 comm="syz.1.927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02d3575ad9 code=0x7fc00000
[  211.165388][   T48] Bluetooth: hci4: command tx timeout
[  211.185179][ T6576] chnl_net:caif_netlink_parms(): no params data found
[  211.200212][   T27] audit: type=1326 audit(1721266450.280:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6615 comm="syz.1.927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02d3575ad9 code=0x7fc00000
[  211.235658][ T3604] usb 1-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  211.244761][ T3604] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  211.270116][   T27] audit: type=1326 audit(1721266450.280:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6615 comm="syz.1.927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02d3575ad9 code=0x7fc00000
[  211.307286][ T3604] usb 1-1: config 0 descriptor??
[  211.317950][   T27] audit: type=1326 audit(1721266450.280:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6615 comm="syz.1.927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02d3575ad9 code=0x7fc00000
[  211.357544][ T3604] gspca_main: nw80x-2.14.0 probing 055f:d001
[  211.525162][ T4557] device hsr_slave_0 left promiscuous mode
[  211.622354][ T4557] device hsr_slave_1 left promiscuous mode
[  211.646775][ T4557] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  211.664504][ T4557] batman_adv: batadv0: Removing interface: batadv_slave_0
[  211.763252][ T4557] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  211.783851][ T4557] batman_adv: batadv0: Removing interface: batadv_slave_1
[  211.813232][ T4557] device bridge_slave_1 left promiscuous mode
[  211.823264][ T4557] bridge0: port 2(bridge_slave_1) entered disabled state
[  211.874374][ T4557] device bridge_slave_0 left promiscuous mode
[  211.893616][   T48] Bluetooth: hci2: command tx timeout
[  211.915522][ T4557] bridge0: port 1(bridge_slave_0) entered disabled state
[  211.967052][ T6646] loop1: detected capacity change from 0 to 32768
[  212.012142][ T4557] device veth1_macvtap left promiscuous mode
[  212.024428][ T4557] device veth0_macvtap left promiscuous mode
[  212.031209][ T4557] device veth1_vlan left promiscuous mode
[  212.036501][ T6646] XFS (loop1): Mounting V5 Filesystem
[  212.037279][ T4557] device veth0_vlan left promiscuous mode
[  212.139108][ T6646] XFS (loop1): Ending clean mount
[  212.161995][ T6646] XFS (loop1): Quotacheck needed: Please wait.
[  212.272942][ T6646] XFS (loop1): Quotacheck: Done.
[  212.282392][ T6648] loop3: detected capacity change from 0 to 32768
[  212.378941][ T5028] XFS (loop1): Unmounting Filesystem
[  212.674434][ T6658] libceph: resolve '40.' (ret=-3): failed
[  212.895499][ T3604] gspca_nw80x: reg_w err -71
[  212.900209][ T3604] nw80x: probe of 1-1:0.0 failed with error -71
[  212.922924][ T3604] usb 1-1: USB disconnect, device number 12
[  212.982075][ T6667] loop3: detected capacity change from 0 to 2048
[  213.014714][ T6667] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  213.040242][ T6667] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  213.247897][   T48] Bluetooth: hci4: command tx timeout
[  213.339885][ T4557] team0 (unregistering): Port device team_slave_1 removed
[  213.387844][ T4557] team0 (unregistering): Port device team_slave_0 removed
[  213.450952][ T4557] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  213.508443][ T4557] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  214.317401][ T4557] bond0 (unregistering): Released all slaves
[  214.603830][ T6701] libceph: resolve '40.' (ret=-3): failed
[  214.916597][ T6576] bridge0: port 1(bridge_slave_0) entered blocking state
[  214.923746][ T6576] bridge0: port 1(bridge_slave_0) entered disabled state
[  214.946904][ T6576] device bridge_slave_0 entered promiscuous mode
[  215.058492][ T6709] loop1: detected capacity change from 0 to 2048
[  215.101604][ T6576] bridge0: port 2(bridge_slave_1) entered blocking state
[  215.113901][ T6576] bridge0: port 2(bridge_slave_1) entered disabled state
[  215.122174][ T6709] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  215.143224][ T6576] device bridge_slave_1 entered promiscuous mode
[  215.163800][ T6709] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  215.318183][ T6576] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  215.327645][   T48] Bluetooth: hci4: command tx timeout
[  215.448569][ T6576] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  216.391550][ T6576] team0: Port device team_slave_0 added
[  216.402857][ T6576] team0: Port device team_slave_1 added
[  216.548581][ T6576] batman_adv: batadv0: Adding interface: batadv_slave_0
[  216.582418][ T6576] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  216.673157][ T6576] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  216.753058][ T6731] netlink: 24 bytes leftover after parsing attributes in process `syz.1.953'.
[  216.834523][ T6515] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  216.920577][ T6576] batman_adv: batadv0: Adding interface: batadv_slave_1
[  216.939480][ T6576] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  217.032653][ T6576] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  217.068945][ T6515] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  217.124904][ T6515] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  217.180595][ T6515] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  217.379818][ T6576] device hsr_slave_0 entered promiscuous mode
[  217.402679][ T6576] device hsr_slave_1 entered promiscuous mode
[  217.410387][ T6744] loop1: detected capacity change from 0 to 256
[  217.436379][ T6576] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  217.444051][ T6576] Cannot create hsr debugfs directory
[  217.489684][ T6744] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  217.820707][ T6754] loop1: detected capacity change from 0 to 64
[  217.911927][ T6515] 8021q: adding VLAN 0 to HW filter on device bond0
[  217.913749][ T3551] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  218.080035][ T6576] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  218.159909][ T6760] loop3: detected capacity change from 0 to 2048
[  218.175408][ T3907] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  218.186356][ T3907] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  218.198455][ T6515] 8021q: adding VLAN 0 to HW filter on device team0
[  218.326450][ T6760] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  218.343953][ T6576] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  218.419139][ T6772] netlink: 24 bytes leftover after parsing attributes in process `syz.1.965'.
[  218.486710][ T3907] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  218.525842][ T3907] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  218.534323][ T3907] bridge0: port 1(bridge_slave_0) entered blocking state
[  218.541547][ T3907] bridge0: port 1(bridge_slave_0) entered forwarding state
[  218.544822][ T5168] EXT4-fs (loop3): unmounting filesystem.
[  218.580224][ T3907] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  218.606355][ T3907] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  218.634665][ T3907] bridge0: port 2(bridge_slave_1) entered blocking state
[  218.641874][ T3907] bridge0: port 2(bridge_slave_1) entered forwarding state
[  218.770199][ T6576] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  218.822016][ T3604] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  218.838147][ T3604] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  218.852551][ T3604] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  218.954896][ T6576] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  218.984811][ T6515] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  219.034225][ T6515] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  219.113660][ T3908] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  219.142559][ T3908] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  219.193585][ T3908] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  219.205984][ T6788] loop1: detected capacity change from 0 to 256
[  219.228913][ T3908] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  219.253554][ T3908] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  219.277631][ T6788] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  219.283718][ T3908] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  219.316696][ T3908] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  219.339808][ T3908] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  219.395807][ T3908] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  219.453031][ T3908] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  219.799841][ T6802] Bluetooth: MGMT ver 1.22
[  219.881343][ T6576] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  219.951893][ T6576] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  220.011267][ T6576] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  220.076644][ T6576] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  220.194246][ T3604] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  220.212974][ T3604] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  220.271163][ T6515] 8021q: adding VLAN 0 to HW filter on device batadv0
[  220.368969][ T3604] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  220.379725][ T6814] loop1: detected capacity change from 0 to 512
[  220.393602][ T3604] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  220.469535][ T3551] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  220.500776][ T6515] device veth0_vlan entered promiscuous mode
[  220.524747][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  220.548824][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  220.666790][ T6515] device veth1_vlan entered promiscuous mode
[  220.770456][ T3564] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  220.784553][ T3564] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  220.797950][ T3564] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  220.816843][ T3559] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  220.825843][ T3559] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  220.834096][ T3559] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  220.846570][ T6822] loop1: detected capacity change from 0 to 512
[  220.914435][ T3604] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  220.921370][ T6822] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  220.933093][ T3604] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  220.956157][ T3604] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  220.964134][ T6822] ext4 filesystem being mounted at /126/file0 supports timestamps until 2038 (0x7fffffff)
[  221.093818][ T6576] 8021q: adding VLAN 0 to HW filter on device bond0
[  221.208971][ T3604] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  221.225243][ T6809] loop3: detected capacity change from 0 to 40427
[  221.232873][ T3604] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  221.256294][ T3604] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  221.276867][ T6809] F2FS-fs (loop3): Invalid log sectors per block(3) log sectorsize(10)
[  221.285484][ T6809] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  221.345663][ T6576] 8021q: adding VLAN 0 to HW filter on device team0
[  221.354344][ T6809] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045589454292453)
[  221.370504][ T6515] device veth0_macvtap entered promiscuous mode
[  221.387647][ T3609] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  221.406313][ T3609] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  221.414407][ T3609] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  221.466441][ T6515] device veth1_macvtap entered promiscuous mode
[  221.475391][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  221.488564][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  221.497857][   T26] bridge0: port 1(bridge_slave_0) entered blocking state
[  221.505002][   T26] bridge0: port 1(bridge_slave_0) entered forwarding state
[  221.513492][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  221.522672][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  221.533171][   T26] bridge0: port 2(bridge_slave_1) entered blocking state
[  221.540357][   T26] bridge0: port 2(bridge_slave_1) entered forwarding state
[  221.631604][ T3623] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  221.642053][ T6809] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  221.642898][ T3623] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  221.667475][ T3623] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  221.675804][ T6809] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  221.687238][ T3623] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  221.703169][ T3623] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  221.752249][ T6515] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  221.789517][ T6515] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  221.818374][ T6515] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  221.832913][ T6515] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  221.851313][ T6515] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  221.872237][ T6515] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  221.886677][ T6515] batman_adv: batadv0: Interface activated: batadv_slave_0
[  221.965631][ T3609] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  221.986071][ T3609] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  222.014484][ T3609] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  222.040744][ T3609] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  222.059836][ T3609] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  222.085184][ T3609] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  222.116038][ T3609] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  222.137525][ T3609] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  222.156676][ T3609] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  222.183054][ T6515] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  222.215317][ T6515] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  222.225186][ T6515] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  222.263427][ T6515] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  222.281342][ T6515] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  222.292878][ T6515] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  222.323213][ T6515] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  222.346466][ T6515] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  222.373873][ T6515] batman_adv: batadv0: Interface activated: batadv_slave_1
[  222.402811][ T6576] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  222.454877][ T3623] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  222.486378][ T3623] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  222.592571][ T6515] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  222.611205][ T6515] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  222.635879][ T6515] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  222.644659][ T6515] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  222.704401][ T5028] EXT4-fs (loop1): unmounting filesystem.
[  222.925497][ T3559] Bluetooth: hci0: command tx timeout
[  223.267402][ T6294] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  223.282833][ T6876] Bluetooth: MGMT ver 1.22
[  223.293263][ T6294] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  223.339094][ T3623] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  223.356254][ T3623] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  223.391547][ T3623] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  223.398933][ T6851] loop3: detected capacity change from 0 to 40427
[  223.476629][   T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  223.484018][ T6576] 8021q: adding VLAN 0 to HW filter on device batadv0
[  223.484797][   T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  223.534419][ T6851] F2FS-fs (loop3): Found nat_bits in checkpoint
[  223.544130][ T6818] chnl_net:caif_netlink_parms(): no params data found
[  223.634207][ T6886] netlink: 'syz.1.984': attribute type 32 has an invalid length.
[  223.645939][ T6886] netlink: 280 bytes leftover after parsing attributes in process `syz.1.984'.
[  223.710483][ T6851] F2FS-fs (loop3): Cannot turn on quotas: -2 on 2
[  223.715536][ T6886] unsupported nla_type 8192
[  223.759937][ T6851] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  223.800757][ T3907] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  223.886845][ T4557] device hsr_slave_0 left promiscuous mode
[  223.906226][ T6851] bio_check_eod: 9 callbacks suppressed
[  223.906246][ T6851] syz.3.978: attempt to access beyond end of device
[  223.906246][ T6851] loop3: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  223.951973][ T4557] device hsr_slave_1 left promiscuous mode
[  223.985103][ T4557] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  223.995455][ T4557] batman_adv: batadv0: Removing interface: batadv_slave_0
[  224.004470][ T4557] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  224.023029][ T4557] batman_adv: batadv0: Removing interface: batadv_slave_1
[  224.042949][ T4557] batman_adv: batadv0: Removing interface: macvlan2
[  224.086347][ T4557] device bridge_slave_1 left promiscuous mode
[  224.092628][ T4557] bridge0: port 2(bridge_slave_1) entered disabled state
[  224.110843][ T4557] device bridge_slave_0 left promiscuous mode
[  224.126465][ T4557] bridge0: port 1(bridge_slave_0) entered disabled state
[  224.221085][ T4557] device veth1_macvtap left promiscuous mode
[  224.227363][ T4557] device veth0_macvtap left promiscuous mode
[  224.233594][ T4557] device veth1_vlan left promiscuous mode
[  224.244022][ T4557] device veth0_vlan left promiscuous mode
[  224.640068][ T6891] loop1: detected capacity change from 0 to 32768
[  224.674928][ T6891] XFS (loop1): Mounting V5 Filesystem
[  224.731270][ T6891] XFS (loop1): Ending clean mount
[  224.745865][ T6891] XFS (loop1): Quotacheck needed: Please wait.
[  224.869888][ T6891] XFS (loop1): Quotacheck: Done.
[  224.956176][ T5028] XFS (loop1): Unmounting Filesystem
[  225.005800][ T3559] Bluetooth: hci0: command tx timeout
[  225.213141][ T4557] device team_slave_1 left promiscuous mode
[  225.229189][ T4557] team0 (unregistering): Port device team_slave_1 removed
[  225.358391][ T4557] device team_slave_0 left promiscuous mode
[  225.374288][ T4557] team0 (unregistering): Port device team_slave_0 removed
[  225.374343][ T6919] loop1: detected capacity change from 0 to 512
[  225.431155][ T4557] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  225.442358][ T3551] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  225.460525][ T4557] device bond_slave_1 left promiscuous mode
[  225.561703][ T4557] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  225.574764][ T4557] device bond_slave_0 left promiscuous mode
[  225.607002][ T6921] loop1: detected capacity change from 0 to 4096
[  225.638945][ T6921] ntfs3: loop1: Different NTFS' sector size (4096) and media sector size (512)
[  225.727029][ T6921] ntfs3: loop1: Mark volume as dirty due to NTFS errors
[  225.735692][ T6921] ntfs3: loop1: Failed to load $Extend.
[  226.184096][ T4557] bond0 (unregistering): Released all slaves
[  226.404408][ T6818] bridge0: port 1(bridge_slave_0) entered blocking state
[  226.411818][ T6818] bridge0: port 1(bridge_slave_0) entered disabled state
[  226.420453][ T6818] device bridge_slave_0 entered promiscuous mode
[  226.429756][ T6818] bridge0: port 2(bridge_slave_1) entered blocking state
[  226.437750][ T6818] bridge0: port 2(bridge_slave_1) entered disabled state
[  226.446707][ T6818] device bridge_slave_1 entered promiscuous mode
[  226.520093][ T6818] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  226.558380][ T6818] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  226.691479][ T6818] team0: Port device team_slave_0 added
[  226.709894][ T6818] team0: Port device team_slave_1 added
[  226.783587][ T6818] batman_adv: batadv0: Adding interface: batadv_slave_0
[  226.801008][ T6818] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  226.896430][ T6818] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  226.974219][ T3907] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  227.013972][ T3907] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  227.029089][ T6818] batman_adv: batadv0: Adding interface: batadv_slave_1
[  227.036967][ T6818] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  227.085665][ T3559] Bluetooth: hci0: command tx timeout
[  227.205442][ T6818] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  227.332268][ T3604] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  227.353099][ T3604] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  227.398702][ T6576] device veth0_vlan entered promiscuous mode
[  227.510315][ T6948] netlink: 12 bytes leftover after parsing attributes in process `syz.1.999'.
[  228.216448][ T6818] device hsr_slave_0 entered promiscuous mode
[  228.295916][ T6818] device hsr_slave_1 entered promiscuous mode
[  228.319461][ T3603] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  228.328481][ T3603] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  228.363933][ T6576] device veth1_vlan entered promiscuous mode
[  228.398385][ T6932] loop3: detected capacity change from 0 to 40427
[  228.436748][ T6932] F2FS-fs (loop3): Found nat_bits in checkpoint
[  228.597035][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  228.613002][ T6961] loop1: detected capacity change from 0 to 512
[  228.621516][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  228.637533][ T6932] F2FS-fs (loop3): Cannot turn on quotas: -2 on 2
[  228.654048][ T6576] device veth0_macvtap entered promiscuous mode
[  228.716796][ T6932] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  228.774684][ T6961] EXT4-fs error (device loop1): ext4_orphan_get:1422: comm syz.1.1005: bad orphan inode 1
[  228.788537][ T6965] loop2: detected capacity change from 0 to 512
[  228.802887][ T6576] device veth1_macvtap entered promiscuous mode
[  228.837892][ T6576] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  228.848730][ T6576] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  228.850130][ T6961] EXT4-fs (loop1): Remounting filesystem read-only
[  228.860619][ T6576] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  228.879561][ T6576] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  228.885739][ T6961] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  228.890116][ T6932] syz.3.994: attempt to access beyond end of device
[  228.890116][ T6932] loop3: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  228.913227][ T6576] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  228.925306][ T6576] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  228.937351][ T6576] batman_adv: batadv0: Interface activated: batadv_slave_0
[  228.938018][ T6965] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  228.945093][ T3609] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  228.963379][ T3609] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  228.982674][ T3609] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  228.991461][ T6965] ext4 filesystem being mounted at /8/file0 supports timestamps until 2038 (0x7fffffff)
[  229.013056][ T3609] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  229.113408][ T6576] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  229.130980][ T6576] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  229.161604][ T6576] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  229.166522][ T3559] Bluetooth: hci0: command tx timeout
[  229.202997][ T6576] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  229.232357][ T6576] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  229.270974][ T6576] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  229.307038][ T6576] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  229.365534][ T6576] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  229.401551][ T6576] batman_adv: batadv0: Interface activated: batadv_slave_1
[  229.510044][ T6818] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  229.567995][ T3623] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  229.609667][ T3623] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  229.626029][ T5028] EXT4-fs (loop1): unmounting filesystem.
[  229.633855][ T6576] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  229.655802][ T6576] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  229.674783][ T6576] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  229.721706][ T6576] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  229.819120][ T6818] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  229.983133][ T6818] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  230.158691][ T6818] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  230.242344][ T6285] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  230.266850][ T6285] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  230.333607][ T6987] loop1: detected capacity change from 0 to 256
[  230.376686][ T6987] FAT-fs (loop1): Unrecognized mount option "./file0" or missing value
[  230.385140][ T3907] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  230.402099][ T3584] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  230.436949][ T3584] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  230.519019][ T3643] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  230.662805][ T6818] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  230.729559][ T6818] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  230.766179][ T6818] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  230.839035][ T6818] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  231.138065][ T6515] EXT4-fs (loop2): unmounting filesystem.
[  231.152802][ T6818] 8021q: adding VLAN 0 to HW filter on device bond0
[  231.285485][ T6818] 8021q: adding VLAN 0 to HW filter on device team0
[  231.294770][ T3603] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  231.306300][ T3603] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  231.349556][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  231.366711][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  231.375319][  T155] bridge0: port 1(bridge_slave_0) entered blocking state
[  231.382455][  T155] bridge0: port 1(bridge_slave_0) entered forwarding state
[  231.412849][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  231.432132][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  231.452229][  T155] bridge0: port 2(bridge_slave_1) entered blocking state
[  231.459550][  T155] bridge0: port 2(bridge_slave_1) entered forwarding state
[  231.479805][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  231.519023][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  231.546583][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  231.576133][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  231.593637][ T6989] loop3: detected capacity change from 0 to 32768
[  231.603246][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  231.682354][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  231.707394][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  231.745140][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  231.765928][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  231.784427][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  231.810665][ T6989] XFS (loop3): Mounting V5 Filesystem
[  231.856475][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  231.865214][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  231.876052][ T6818] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  231.996271][ T6989] XFS (loop3): Ending clean mount
[  232.102337][ T5168] XFS (loop3): Unmounting Filesystem
[  232.149895][ T6991] loop4: detected capacity change from 0 to 40427
[  232.264291][ T6991] F2FS-fs (loop4): Encrypt feature is off
[  232.405505][ T3551] I/O error, dev loop4, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  232.657118][ T7032] loop2: detected capacity change from 0 to 8
[  233.059879][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  233.075525][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  233.082565][ T7042] loop1: detected capacity change from 0 to 256
[  233.088319][ T6818] 8021q: adding VLAN 0 to HW filter on device batadv0
[  233.174843][ T7042] FAT-fs (loop1): Directory bread(block 64) failed
[  233.195074][ T7042] FAT-fs (loop1): Directory bread(block 65) failed
[  233.240263][ T7042] FAT-fs (loop1): Directory bread(block 66) failed
[  233.252266][ T3908] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  233.256003][ T7042] FAT-fs (loop1): Directory bread(block 67) failed
[  233.275694][   T14] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  233.284585][ T7042] FAT-fs (loop1): Directory bread(block 68) failed
[  233.286623][ T3908] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  233.310558][ T7042] FAT-fs (loop1): Directory bread(block 69) failed
[  233.351379][ T7042] FAT-fs (loop1): Directory bread(block 70) failed
[  233.396326][ T3623] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  233.404194][ T7042] FAT-fs (loop1): Directory bread(block 71) failed
[  233.418820][ T7042] FAT-fs (loop1): Directory bread(block 72) failed
[  233.427885][ T3623] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  233.439423][ T7042] FAT-fs (loop1): Directory bread(block 73) failed
[  233.532026][ T6818] device veth0_vlan entered promiscuous mode
[  233.539775][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  233.549809][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  233.592632][ T6818] device veth1_vlan entered promiscuous mode
[  233.635644][   T14] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 4
[  233.648084][   T14] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  233.815752][   T14] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  233.845486][   T14] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  233.853629][   T14] usb 4-1: SerialNumber: syz
[  233.860077][ T3623] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  233.888453][ T3623] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  233.908163][ T3623] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  233.915962][ T7039] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  233.956241][ T3623] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  233.988433][ T6818] device veth0_macvtap entered promiscuous mode
[  234.019072][ T3623] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  234.054911][ T4557] device hsr_slave_0 left promiscuous mode
[  234.066060][ T4557] device hsr_slave_1 left promiscuous mode
[  234.079400][ T4557] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  234.095605][ T4557] batman_adv: batadv0: Removing interface: batadv_slave_0
[  234.112972][ T4557] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  234.130917][ T4557] batman_adv: batadv0: Removing interface: batadv_slave_1
[  234.139789][ T7039] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  234.148703][ T4557] batman_adv: batadv0: Removing interface: macvlan2
[  234.174537][ T4557] device bridge_slave_1 left promiscuous mode
[  234.187611][ T4557] bridge0: port 2(bridge_slave_1) entered disabled state
[  234.205969][ T4557] device bridge_slave_0 left promiscuous mode
[  234.212272][ T4557] bridge0: port 1(bridge_slave_0) entered disabled state
[  234.266046][ T4557] device veth1_macvtap left promiscuous mode
[  234.272316][ T4557] device veth0_macvtap left promiscuous mode
[  234.278587][ T4557] device veth1_vlan left promiscuous mode
[  234.284583][ T4557] device veth0_vlan left promiscuous mode
[  234.298615][ T7049] loop4: detected capacity change from 0 to 32768
[  234.377228][ T7049] XFS (loop4): Mounting V5 Filesystem
[  234.484697][ T7049] XFS (loop4): Ending clean mount
[  234.621220][   T14] cdc_ether: probe of 4-1:1.0 failed with error -22
[  234.831052][ T3907] usb 4-1: USB disconnect, device number 9
[  235.195684][ T7073] loop1: detected capacity change from 0 to 40427
[  235.205051][ T7073] F2FS-fs (loop1): Encrypt feature is off
[  235.594589][ T7083] loop1: detected capacity change from 0 to 4096
[  235.621646][ T7083] ntfs3: loop1: Failed to load $MFT.
[  235.638893][ T4557] team0 (unregistering): Port device team_slave_1 removed
[  235.787322][ T4557] team0 (unregistering): Port device team_slave_0 removed
[  235.852047][ T4557] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  235.913562][ T4557] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  236.042132][ T7094] loop1: detected capacity change from 0 to 512
[  236.113220][ T7094] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  236.123862][ T7094] ext4 filesystem being mounted at /164/file0 supports timestamps until 2038 (0x7fffffff)
[  236.604147][ T4557] bond0 (unregistering): Released all slaves
[  236.716350][ T6818] device veth1_macvtap entered promiscuous mode
[  236.774864][ T6818] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  236.806044][ T6818] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  236.832739][ T6818] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  236.871045][ T6818] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  236.883119][ T6818] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  236.902561][ T6818] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  236.928643][ T6818] batman_adv: batadv0: Interface activated: batadv_slave_0
[  236.948704][ T3908] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  236.958743][ T3908] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  236.967327][ T6576] XFS (loop4): Unmounting Filesystem
[  236.991835][ T6818] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  237.052048][ T6818] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  237.078668][ T6818] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  237.099172][ T6818] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  237.112680][ T6818] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  237.130085][ T6818] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  237.143654][ T6818] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  237.160231][ T6818] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  237.191128][ T5028] EXT4-fs (loop1): unmounting filesystem.
[  237.213942][ T6818] batman_adv: batadv0: Interface activated: batadv_slave_1
[  237.242887][ T6818] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  237.355354][ T6818] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  237.364120][ T6818] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  237.377472][ T6818] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  237.396449][ T3609] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  237.415115][ T3609] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  237.571414][ T7112] Falling back ldisc for ptm0.
[  237.824333][ T6190] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  237.859649][ T6190] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  237.927199][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  239.303130][ T7105] loop2: detected capacity change from 0 to 40427
[  239.377147][ T7105] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  239.385029][ T7105] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  239.395417][ T7105] F2FS-fs (loop2): invalid crc value
[  239.403262][ T3584] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  239.417893][ T3584] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  239.446190][ T7124] loop1: detected capacity change from 0 to 1024
[  239.453321][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  239.493821][ T7105] F2FS-fs (loop2): Found nat_bits in checkpoint
[  239.516128][ T7124] EXT4-fs: Ignoring removed oldalloc option
[  239.566297][ T7124] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  239.629721][ T7126] loop4: detected capacity change from 0 to 4096
[  239.640170][ T7105] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  239.653558][ T7124] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  239.680984][ T7105] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  239.691764][ T7109] loop3: detected capacity change from 0 to 32768
[  239.704087][ T7126] ntfs3: loop4: Failed to load $MFT.
[  239.743720][ T7109] XFS: ikeep mount option is deprecated.
[  239.771795][ T7109] XFS: ikeep mount option is deprecated.
[  239.796038][ T5028] EXT4-fs (loop1): unmounting filesystem.
[  239.966366][ T7109] XFS (loop3): Mounting V5 Filesystem
[  240.050479][ T7144] loop1: detected capacity change from 0 to 512
[  240.057493][ T7109] XFS (loop3): log mount failed
[  240.586388][ T7144] EXT4-fs error (device loop1): __ext4_fill_super:5399: inode #2: comm syz.1.1059: casefold flag without casefold feature
[  240.749195][ T7144] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended
[  240.835812][ T7144] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  240.901884][ T6292] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  241.000257][ T6292] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  241.013653][ T5028] EXT4-fs (loop1): unmounting filesystem.
[  241.704122][ T7168] loop1: detected capacity change from 0 to 8192
[  241.797799][ T3551] I/O error, dev loop1, sector 8064 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  241.835703][    T7] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  241.996784][ T7168] loop1: detected capacity change from 0 to 256
[  242.195608][    T7] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  242.410815][    T7] usb 4-1: New USB device found, idVendor=05ac, idProduct=0272, bcdDevice= 0.40
[  242.429741][    T7] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  242.452638][    T7] usb 4-1: Product: syz
[  242.476519][    T7] usb 4-1: Manufacturer: syz
[  242.489672][    T7] usb 4-1: SerialNumber: syz
[  242.495231][ T7180] loop1: detected capacity change from 0 to 4096
[  242.553845][    T7] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/input/input9
[  242.624419][ T7180] ntfs3: loop1: Failed to load $MFT.
[  242.775576][ T2987] bcm5974 4-1:1.0: could not read from device
[  242.835638][    T7] usb 4-1: USB disconnect, device number 10
[  243.036664][ T7174] loop4: detected capacity change from 0 to 40427
[  243.138029][ T7174] F2FS-fs (loop4): Found nat_bits in checkpoint
[  243.284334][ T7197] syz.1.1078 uses obsolete (PF_INET,SOCK_PACKET)
[  243.303749][ T7174] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  243.457156][ T7174] syz.4.1072: attempt to access beyond end of device
[  243.457156][ T7174] loop4: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  243.789166][ T6576] syz-executor: attempt to access beyond end of device
[  243.789166][ T6576] loop4: rw=2049, sector=45104, nr_sectors = 16 limit=40427
[  245.202945][ T7236] loop1: detected capacity change from 0 to 1024
[  245.229092][ T7236] EXT4-fs: Ignoring removed oldalloc option
[  245.285990][ T7236] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  245.364267][ T7245] loop3: detected capacity change from 0 to 256
[  245.441984][ T7236] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  245.650129][ T5028] EXT4-fs (loop1): unmounting filesystem.
[  245.657562][ T7246] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(12)
[  245.664599][ T7246] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  245.672950][ T7256] loop3: detected capacity change from 0 to 512
[  245.713439][ T7256] EXT4-fs (loop3): filesystem is read-only
[  245.845450][ T7246] vhci_hcd vhci_hcd.0: Device attached
[  245.915537][ T7254] vhci_hcd: connection closed
[  245.953344][ T6292] vhci_hcd: stop threads
[  245.974401][ T7256] loop3: detected capacity change from 0 to 256
[  245.982591][ T6292] vhci_hcd: release socket
[  246.004578][ T7256] FAT-fs (loop3): Unrecognized mount option "uni_x" or missing value
[  246.045490][ T6292] vhci_hcd: disconnect device
[  246.867404][ T7294] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  246.909227][ T7295] loop4: detected capacity change from 0 to 1024
[  247.019927][ T7295] hfsplus: catalog name length corrupted
[  248.551447][ T7320] loop3: detected capacity change from 0 to 1024
[  248.600864][ T7324] loop2: detected capacity change from 0 to 256
[  248.678295][ T7324] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d)
[  249.030272][ T7334] loop2: detected capacity change from 0 to 64
[  249.084284][ T7334] hfs: unable to read volume bitmap
[  249.128868][ T7334] hfs: can't find a HFS filesystem on dev loop2
[  249.146307][ T7336] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  249.305644][ T7345] loop3: detected capacity change from 0 to 512
[  249.343903][ T7345] EXT4-fs: Ignoring removed mblk_io_submit option
[  249.382921][ T7345] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  249.389519][ T7350] loop2: detected capacity change from 0 to 1024
[  249.476930][ T7345] EXT4-fs error (device loop3): __ext4_iget:5044: inode #11: block 1: comm syz.3.1139: invalid block
[  249.497988][ T7345] EXT4-fs error (device loop3): ext4_orphan_get:1401: comm syz.3.1139: couldn't read orphan inode 11 (err -117)
[  249.515810][ T7345] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  249.672843][ T5168] EXT4-fs (loop3): unmounting filesystem.
[  249.820812][ T7360] loop3: detected capacity change from 0 to 256
[  249.880569][ T7360] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d)
[  250.394945][ T7348] loop1: detected capacity change from 0 to 32768
[  250.450293][ T7348] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.1140 (7348)
[  250.514055][ T7348] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  250.527516][ T7382] loop2: detected capacity change from 0 to 1024
[  250.544727][ T7348] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  250.556571][ T7386] loop4: detected capacity change from 0 to 512
[  250.568064][ T7348] BTRFS info (device loop1): using free space tree
[  250.582017][ T7386] EXT4-fs: Ignoring removed mblk_io_submit option
[  250.603644][ T7386] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  250.712547][ T7386] EXT4-fs error (device loop4): __ext4_iget:5044: inode #11: block 1: comm syz.4.1156: invalid block
[  250.786554][ T7386] EXT4-fs error (device loop4): ext4_orphan_get:1401: comm syz.4.1156: couldn't read orphan inode 11 (err -117)
[  250.809952][ T7402] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  250.837057][ T7386] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  250.936762][ T7348] BTRFS info (device loop1): enabling ssd optimizations
[  250.992478][ T6576] EXT4-fs (loop4): unmounting filesystem.
[  251.123002][ T7418] loop4: detected capacity change from 0 to 256
[  251.171208][ T7418] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d)
[  251.175011][ T5028] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  251.404854][ T7394] loop3: detected capacity change from 0 to 40427
[  251.428323][ T7394] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  251.453773][ T7394] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  251.520083][ T7394] F2FS-fs (loop3): invalid crc value
[  251.579722][ T7394] F2FS-fs (loop3): Found nat_bits in checkpoint
[  251.724009][ T7439] loop4: detected capacity change from 0 to 512
[  251.792017][ T7394] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  251.802774][ T7394] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  251.841269][ T7439] EXT4-fs error (device loop4): ext4_orphan_get:1396: inode #15: comm syz.4.1168: casefold flag without casefold feature
[  251.893651][ T7439] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #2: comm syz.4.1168: missing EA_INODE flag
[  251.999511][ T7439] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz.4.1168: error while reading EA inode 2 err=-117
[  252.019306][ T7439] EXT4-fs (loop4): 1 orphan inode deleted
[  252.025211][ T7439] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  252.402489][ T3559] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  252.414155][ T3559] Bluetooth: hci0: Injecting HCI hardware error event
[  253.057425][ T3559] Bluetooth: hci0: hardware error 0x00
[  253.279452][ T6289] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  253.311202][ T6289] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  253.372106][ T3643] kernel write not supported for file /cpu/0/msr (pid: 3643 comm: kworker/1:8)
[  253.505048][ T6576] EXT4-fs (loop4): unmounting filesystem.
[  253.782583][ T6289] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  253.811595][ T6289] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  254.166528][ T3603] kernel write not supported for file /cpu/0/msr (pid: 3603 comm: kworker/0:4)
[  254.258102][ T7495] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  254.534738][ T7503] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  255.017797][ T7485] loop2: detected capacity change from 0 to 32768
[  255.057272][ T7485] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.1183 (7485)
[  255.085454][ T3559] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  255.111250][ T7485] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  255.155483][ T7485] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  255.164233][ T7485] BTRFS info (device loop2): using free space tree
[  255.174470][ T7488] loop1: detected capacity change from 0 to 40427
[  255.192445][ T7488] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  255.202926][ T7488] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  255.224477][ T7513] loop3: detected capacity change from 0 to 8
[  255.232570][ T7488] F2FS-fs (loop1): invalid crc value
[  255.247057][ T7513] MTD: Attempt to mount non-MTD device "/dev/loop3"
[  255.307388][ T6289] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  255.321670][ T7488] F2FS-fs (loop1): Found nat_bits in checkpoint
[  255.375644][ T6289] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  255.455627][ T7485] BTRFS info (device loop2): enabling ssd optimizations
[  255.487809][ T1255] ieee802154 phy0 wpan0: encryption failed: -22
[  255.494268][ T1255] ieee802154 phy1 wpan1: encryption failed: -22
[  255.575352][ T7488] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  255.587633][ T7488] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  255.621218][ T6515] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  255.822935][ T7505] loop4: detected capacity change from 0 to 32768
[  255.850949][ T7426] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  256.585666][ T7505] XFS (loop4): Mounting V5 Filesystem
[  256.911779][ T7505] XFS (loop4): Ending clean mount
[  256.938410][ T6289] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  256.982803][ T6289] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  256.985613][ T7426] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  257.029518][ T7426] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  257.057609][ T7426] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  257.091195][ T7426] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  257.122090][ T6576] XFS (loop4): Unmounting Filesystem
[  257.133388][ T7426] usb 4-1: config 0 descriptor??
[  257.590175][ T7576] A link change request failed with some changes committed already. Interface macvlan0 may have been left with an inconsistent configuration, please check.
[  257.617224][ T7426] cm6533_jd 0003:0D8C:0022.0007: item fetching failed at offset 0/5
[  257.626118][ T7426] cm6533_jd 0003:0D8C:0022.0007: parse failed
[  257.632300][ T7426] cm6533_jd: probe of 0003:0D8C:0022.0007 failed with error -22
[  257.763189][ T6190] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  257.774305][ T6190] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  257.819405][ T7426] usb 4-1: USB disconnect, device number 11
[  257.850343][ T3559] Bluetooth: hci4: ISO packet for unknown connection handle 0
[  257.879465][ T7587] loop1: detected capacity change from 0 to 512
[  257.947592][ T7587] EXT4-fs (loop1): 1 truncate cleaned up
[  257.973807][ T7587] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  258.126295][ T5028] EXT4-fs (loop1): unmounting filesystem.
[  258.149515][ T7594] overlayfs: failed to resolve './file1': -2
[  258.284747][ T7598] loop4: detected capacity change from 0 to 128
[  258.324613][ T7598] VFS: Found a Xenix FS (block size = 1024) on device loop4
[  258.414777][ T7590] loop2: detected capacity change from 0 to 40427
[  258.434412][ T6576] sysv_free_block: flc_count > flc_size
[  258.445542][ T7590] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  258.461167][ T6576] sysv_free_block: flc_count > flc_size
[  258.463734][ T7590] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  258.474743][ T6576] sysv_free_block: flc_count > flc_size
[  258.492405][ T6576] sysv_free_block: flc_count > flc_size
[  258.498819][ T7590] F2FS-fs (loop2): invalid crc value
[  258.499273][ T6576] sysv_free_block: flc_count > flc_size
[  258.517608][ T6576] sysv_free_block: flc_count > flc_size
[  258.528211][ T6576] sysv_free_block: flc_count > flc_size
[  258.533816][ T6576] sysv_free_block: flc_count > flc_size
[  258.543552][ T6576] sysv_free_block: flc_count > flc_size
[  258.551034][ T6576] sysv_free_block: flc_count > flc_size
[  258.553454][ T7590] F2FS-fs (loop2): Found nat_bits in checkpoint
[  258.564464][ T6576] sysv_free_inode: inode 0,1,2 or nonexistent inode
[  258.762159][ T7590] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  258.774295][ T7590] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  260.341306][ T7626] loop1: detected capacity change from 0 to 1024
[  260.413919][ T7626] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  260.427379][  T102] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  260.475745][  T102] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  260.544702][ T7641] loop3: detected capacity change from 0 to 512
[  260.581277][ T7641] EXT4-fs error (device loop3): ext4_orphan_get:1396: inode #15: comm syz.3.1231: casefold flag without casefold feature
[  260.622762][ T7641] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #2: comm syz.3.1231: missing EA_INODE flag
[  260.652962][ T7641] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.1231: error while reading EA inode 2 err=-117
[  260.686167][ T5028] EXT4-fs warning (device loop1): ext4_rmdir:3197: inode #11: comm syz-executor: empty directory 'lost+found' has too many links (0)
[  260.701179][ T7641] EXT4-fs (loop3): 1 orphan inode deleted
[  260.726626][ T7641] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  260.888300][ T5028] EXT4-fs (loop1): unmounting filesystem.
[  260.948254][ T5168] EXT4-fs (loop3): unmounting filesystem.
[  261.365863][ T3643] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  261.745667][ T3643] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  261.767918][ T3643] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  261.802977][ T3643] usb 3-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  261.827943][ T7695] A link change request failed with some changes committed already. Interface macvlan0 may have been left with an inconsistent configuration, please check.
[  261.837614][ T3643] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  261.886015][ T3559] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  261.895072][ T3559] Bluetooth: hci4: Injecting HCI hardware error event
[  261.910762][   T48] Bluetooth: hci4: hardware error 0x00
[  261.924884][ T3643] usb 3-1: config 0 descriptor??
[  262.544454][ T3643] cm6533_jd 0003:0D8C:0022.0008: item fetching failed at offset 0/5
[  262.629393][ T3643] cm6533_jd 0003:0D8C:0022.0008: parse failed
[  262.684687][ T3643] cm6533_jd: probe of 0003:0D8C:0022.0008 failed with error -22
[  262.864297][ T3643] usb 3-1: USB disconnect, device number 7
[  263.268982][ T7721] loop3: detected capacity change from 0 to 2048
[  263.285383][ T7424] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  263.340216][ T7721] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  263.357508][ T7730] loop1: detected capacity change from 0 to 2048
[  263.364822][ T7730] ext4: Unknown parameter 'subj_user'
[  263.370464][ T7721] ext4 filesystem being mounted at /152/bus supports timestamps until 2038 (0x7fffffff)
[  263.437777][ T5168] EXT4-fs (loop3): unmounting filesystem.
[  263.489206][ T7734] netlink: 'syz.1.1273': attribute type 13 has an invalid length.
[  263.510884][ T7734] netlink: 'syz.1.1273': attribute type 14 has an invalid length.
[  263.535704][ T7734] netlink: 156 bytes leftover after parsing attributes in process `syz.1.1273'.
[  263.562731][ T7732] loop4: detected capacity change from 0 to 8192
[  263.655601][ T7424] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  263.676819][ T7424] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  263.693902][ T7742] loop3: detected capacity change from 0 to 128
[  263.710715][ T7424] usb 1-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.00
[  263.717857][ T7745] fuse: Bad value for 'fd'
[  263.730190][ T7424] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  263.757270][ T7424] usb 1-1: config 0 descriptor??
[  264.045476][   T48] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  264.300778][ T6296] kworker/u4:21: attempt to access beyond end of device
[  264.300778][ T6296] loop3: rw=1, sector=145, nr_sectors = 664 limit=128
[  264.353865][ T7755] loop4: detected capacity change from 0 to 128
[  264.449060][ T7424] holtek_kbd 0003:04D9:A055.0009: hidraw0: USB HID v0.00 Device [HID 04d9:a055] on usb-dummy_hcd.0-1/input0
[  264.804649][ T7424] usb 1-1: USB disconnect, device number 13
[  264.827059][   T27] kauditd_printk_skb: 59 callbacks suppressed
[  264.827076][   T27] audit: type=1800 audit(1721266504.560:264): pid=7758 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1281" name="bus" dev="loop4" ino=1048735 res=0 errno=0
[  264.909975][ T7760] loop1: detected capacity change from 0 to 2048
[  264.927249][ T7762] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1282'.
[  264.984828][ T7760] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  264.994855][ T7760] ext4 filesystem being mounted at /212/bus supports timestamps until 2038 (0x7fffffff)
[  265.017729][ T7766] netlink: 'syz.3.1285': attribute type 13 has an invalid length.
[  265.044044][ T7768] misc userio: No port type given on /dev/userio
[  265.052738][ T7766] netlink: 'syz.3.1285': attribute type 14 has an invalid length.
[  265.081187][ T7766] netlink: 156 bytes leftover after parsing attributes in process `syz.3.1285'.
[  265.109805][ T5028] EXT4-fs (loop1): unmounting filesystem.
[  265.230109][ T7774] fuse: Bad value for 'fd'
[  265.242077][ T7772] loop4: detected capacity change from 0 to 8192
[  265.390600][ T7777] loop3: detected capacity change from 0 to 512
[  265.806506][ T7777] ptrace attach of "./syz-executor exec"[5168] was attempted by ""[7777]
[  266.437322][ T7785] loop1: detected capacity change from 0 to 8192
[  266.486072][ T7785] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  266.495454][ T3611] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  266.507520][ T7785] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal
[  266.549360][ T7785] REISERFS (device loop1): using ordered data mode
[  266.560182][ T7798] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1296'.
[  266.606068][ T7785] reiserfs: using flush barriers
[  266.621753][ T7785] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  266.726438][ T7791] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(12)
[  266.733193][ T7791] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  266.762214][ T7791] vhci_hcd vhci_hcd.0: Device attached
[  266.766802][ T7785] REISERFS (device loop1): checking transaction log (loop1)
[  266.781812][ T7785] REISERFS (device loop1): Using r5 hash to sort names
[  266.830315][ T7785] reiserfs: enabling write barrier flush mode
[  266.853854][ T7785] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
[  266.915625][ T3611] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  266.916588][ T3564] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  266.926980][ T3611] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  266.949950][ T3564] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  266.959177][ T3564] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  266.969293][ T3564] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  266.969902][ T3564] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  266.970213][ T3564] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  267.024238][ T6292] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  267.024872][ T3611] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  267.024903][ T3611] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  267.028648][ T7807] misc userio: No port type given on /dev/userio
[  267.040095][ T3611] usb 4-1: config 0 descriptor??
[  267.085818][   T26] usb 10-1: SetAddress Request (2) to port 0
[  267.085994][   T26] usb 10-1: new SuperSpeed USB device number 2 using vhci_hcd
[  267.118985][ T7799] vhci_hcd: connection reset by peer
[  267.121007][ T3584] vhci_hcd: stop threads
[  267.121066][ T3584] vhci_hcd: release socket
[  267.121754][ T3584] vhci_hcd: disconnect device
[  267.204980][ T6292] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  267.211156][ T7810] netlink: 'syz.2.1299': attribute type 13 has an invalid length.
[  267.211179][ T7810] netlink: 'syz.2.1299': attribute type 14 has an invalid length.
[  267.211194][ T7810] netlink: 156 bytes leftover after parsing attributes in process `syz.2.1299'.
[  267.336605][ T6292] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  267.371515][ T7808] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(10)
[  267.371597][ T7808] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  267.371681][ T7808] vhci_hcd vhci_hcd.0: Device attached
[  267.395601][ T3611] usbhid 4-1:0.0: can't add hid device: -71
[  267.395712][ T3611] usbhid: probe of 4-1:0.0 failed with error -71
[  267.397462][ T3611] usb 4-1: USB disconnect, device number 12
[  267.424256][ T6292] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  267.635384][ T4132] usb 2-1: new full-speed USB device number 8 using dummy_hcd
[  267.674778][ T7804] chnl_net:caif_netlink_parms(): no params data found
[  267.715470][ T3907] usb 12-1: SetAddress Request (2) to port 0
[  267.825364][ T3907] usb 12-1: new SuperSpeed USB device number 2 using vhci_hcd
[  267.885354][   T48] Bluetooth: hci1: command 0x0406 tx timeout
[  268.025607][ T4132] usb 2-1: config 0 has an invalid interface number: 172 but max is 0
[  268.027961][ T7814] loop2: detected capacity change from 0 to 32768
[  268.033823][ T4132] usb 2-1: config 0 has an invalid descriptor of length 238, skipping remainder of the config
[  268.057918][ T7826] loop3: detected capacity change from 0 to 2048
[  268.065485][ T4132] usb 2-1: config 0 has no interface number 0
[  268.071692][ T4132] usb 2-1: config 0 interface 172 altsetting 0 has an invalid endpoint with address 0x80, skipping
[  268.077163][ T7814] XFS (loop2): Mounting V5 Filesystem
[  268.091425][ T4132] usb 2-1: config 0 interface 172 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 7
[  268.101800][ T7826] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  268.105598][ T7819] IPv6: addrconf: prefix option has invalid lifetime
[  268.120734][ T4132] usb 2-1: New USB device found, idVendor=13d8, idProduct=0011, bcdDevice=a2.34
[  268.130814][ T4132] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  268.150513][ T4132] usb 2-1: config 0 descriptor??
[  268.169811][ T7814] XFS (loop2): Ending clean mount
[  268.177125][ T7804] bridge0: port 1(bridge_slave_0) entered blocking state
[  268.183089][ T7814] XFS (loop2): Quotacheck needed: Please wait.
[  268.191622][ T7804] bridge0: port 1(bridge_slave_0) entered disabled state
[  268.214055][ T7804] device bridge_slave_0 entered promiscuous mode
[  268.250232][ T7814] XFS (loop2): Quotacheck: Done.
[  268.283193][ T7804] bridge0: port 2(bridge_slave_1) entered blocking state
[  268.291572][ T7826] EXT4-fs error (device loop3): ext4_group_add:1746: comm syz.3.1302: inode #7: comm syz.3.1302: iget: illegal inode #
[  268.311560][ T7826] EXT4-fs warning (device loop3): ext4_group_add:1748: Error opening resize inode
[  268.311694][ T7804] bridge0: port 2(bridge_slave_1) entered disabled state
[  268.325101][ T7804] device bridge_slave_1 entered promiscuous mode
[  268.370718][ T5168] EXT4-fs (loop3): unmounting filesystem.
[  268.433264][ T6515] XFS (loop2): Unmounting Filesystem
[  268.440439][ T7812] vhci_hcd: connection reset by peer
[  268.443323][ T7804] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  268.450848][ T3584] vhci_hcd: stop threads
[  268.460428][ T3584] vhci_hcd: release socket
[  268.467491][ T4132] usb 2-1: string descriptor 0 read error: -71
[  268.477643][ T3584] vhci_hcd: disconnect device
[  268.478498][ T7804] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  268.528900][ T4132] comedi comedi0: This driver needs USB 2.0 to operate. Aborting...
[  268.543172][ T4132] usbduxfast 2-1:0.172: driver 'usbduxfast' failed to auto-configure device.
[  268.566100][ T4132] usb 2-1: USB disconnect, device number 8
[  268.711138][ T7804] team0: Port device team_slave_0 added
[  268.737926][ T7804] team0: Port device team_slave_1 added
[  269.057243][ T3564] Bluetooth: hci4: command tx timeout
[  269.299989][ T7804] batman_adv: batadv0: Adding interface: batadv_slave_0
[  269.383910][ T7804] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  269.646966][ T7424] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  269.685385][ T7804] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  269.737417][ T7804] batman_adv: batadv0: Adding interface: batadv_slave_1
[  269.744562][ T7804] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  269.795039][ T7804] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  269.950592][ T7804] device hsr_slave_0 entered promiscuous mode
[  269.971105][ T7804] device hsr_slave_1 entered promiscuous mode
[  269.988195][ T7804] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  269.996272][ T7804] Cannot create hsr debugfs directory
[  270.005947][ T7857] loop1: detected capacity change from 0 to 4096
[  270.013241][ T7857] ntfs3: Invalid value for dmask.
[  270.095588][ T7424] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  270.122298][ T7424] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  270.133676][ T7424] usb 3-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.00
[  270.153286][ T7424] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  270.163155][ T7424] usb 3-1: config 0 descriptor??
[  270.447400][ T7426] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  271.195324][ T3564] Bluetooth: hci4: command tx timeout
[  271.277753][ T7424] holtek_kbd 0003:04D9:A055.000A: hidraw0: USB HID v0.00 Device [HID 04d9:a055] on usb-dummy_hcd.2-1/input0
[  271.291427][ T7424] usb 3-1: USB disconnect, device number 8
[  271.382303][ T6292] device hsr_slave_0 left promiscuous mode
[  271.418898][ T6292] device hsr_slave_1 left promiscuous mode
[  271.441421][ T6292] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  271.459365][ T6292] batman_adv: batadv0: Removing interface: batadv_slave_0
[  271.480478][ T6292] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  271.512413][ T6292] batman_adv: batadv0: Removing interface: batadv_slave_1
[  271.535923][ T6292] device bridge_slave_1 left promiscuous mode
[  271.543559][ T6292] bridge0: port 2(bridge_slave_1) entered disabled state
[  271.571339][ T6292] device bridge_slave_0 left promiscuous mode
[  271.577964][ T6292] bridge0: port 1(bridge_slave_0) entered disabled state
[  271.624540][ T6292] device veth1_macvtap left promiscuous mode
[  271.631104][ T6292] device veth0_macvtap left promiscuous mode
[  271.637430][ T6292] device veth1_vlan left promiscuous mode
[  271.643522][ T6292] device veth0_vlan left promiscuous mode
[  271.645722][ T7426] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  271.667210][ T7426] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  271.681444][ T7426] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  271.692915][ T7426] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  271.709934][ T7426] usb 4-1: config 0 descriptor??
[  272.137037][   T26] usb 10-1: device descriptor read/8, error -110
[  272.187555][ T7426] cm6533_jd 0003:0D8C:0022.000B: item fetching failed at offset 0/5
[  272.196210][ T7426] cm6533_jd 0003:0D8C:0022.000B: parse failed
[  272.202325][ T7426] cm6533_jd: probe of 0003:0D8C:0022.000B failed with error -22
[  272.303385][ T6292] team0 (unregistering): Port device team_slave_1 removed
[  272.349087][ T6292] team0 (unregistering): Port device team_slave_0 removed
[  272.402973][ T4132] usb 4-1: USB disconnect, device number 13
[  272.418423][ T6292] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  272.464004][ T6292] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  272.576390][   T26] usb usb10-port1: attempt power cycle
[  272.922513][ T6292] bond0 (unregistering): Released all slaves
[  272.928712][ T3907] usb 12-1: device descriptor read/8, error -110
[  273.143164][ T7903] loop1: detected capacity change from 0 to 16
[  273.170113][ T7903] erofs: (device loop1): mounted with root inode @ nid 36.
[  273.223053][   T26] usb usb10-port1: unable to enumerate USB device
[  273.245577][   T48] Bluetooth: hci4: command tx timeout
[  273.356394][ T3907] usb usb12-port1: attempt power cycle
[  273.451666][ T7424] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  273.520107][ T7915] loop1: detected capacity change from 0 to 256
[  273.520409][ T7804] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  273.561442][ T7915] FAT-fs (loop1): Unrecognized mount option "nnonumtail=1" or missing value
[  273.565706][ T7804] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  273.607723][ T7804] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  273.628638][ T7804] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  273.814971][ T7919] loop1: detected capacity change from 0 to 2048
[  273.835690][ T7424] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  273.852088][ T7804] 8021q: adding VLAN 0 to HW filter on device bond0
[  273.858944][ T7424] usb 4-1: New USB device found, idVendor=c98b, idProduct=0ac7, bcdDevice=ec.f6
[  273.895318][ T7424] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  273.904789][ T7919] ext4: Unknown parameter 'measure'
[  273.916413][ T7424] usb 4-1: config 0 descriptor??
[  273.926065][ T7804] 8021q: adding VLAN 0 to HW filter on device team0
[  273.933396][ T3611] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  273.942386][ T3611] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  273.956898][ T7424] rndis_host 4-1:0.0: skipping garbage
[  273.962423][ T7424] usb 4-1: bad CDC descriptors
[  273.996228][ T3907] usb usb12-port1: unable to enumerate USB device
[  274.021279][ T3907] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  274.033394][ T3907] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  274.056340][ T3907] bridge0: port 1(bridge_slave_0) entered blocking state
[  274.063653][ T3907] bridge0: port 1(bridge_slave_0) entered forwarding state
[  274.085696][ T3907] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  274.094544][ T3907] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  274.135879][ T3907] bridge0: port 2(bridge_slave_1) entered blocking state
[  274.143156][ T3907] bridge0: port 2(bridge_slave_1) entered forwarding state
[  274.160948][ T3907] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  274.172033][   T26] usb 4-1: USB disconnect, device number 14
[  274.193852][ T3907] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  274.245605][ T3611] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  274.253820][ T3611] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  274.277352][ T3611] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  274.310854][ T3611] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  274.331170][ T3611] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  274.356278][ T3611] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  274.384864][ T3611] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  274.425511][ T7804] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  274.464850][ T7804] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  274.488452][ T3907] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  274.497492][ T3907] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  274.523560][ T3907] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  274.715461][   T26] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  275.061540][ T7424] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  275.081036][ T7424] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  275.095763][   T26] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  275.109897][ T7804] 8021q: adding VLAN 0 to HW filter on device batadv0
[  275.126912][   T26] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  275.168104][   T26] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  275.198474][   T26] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  275.246140][   T26] usb 2-1: config 0 descriptor??
[  275.279681][ T7943] loop2: detected capacity change from 0 to 2048
[  275.325597][   T48] Bluetooth: hci4: command tx timeout
[  275.636993][ T7959] 9pnet_fd: Insufficient options for proto=fd
[  275.665570][ T3907] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  275.680509][ T7959] loop2: detected capacity change from 0 to 1024
[  275.691097][ T7959] EXT4-fs: Ignoring removed nomblk_io_submit option
[  275.705402][ T7959] EXT4-fs: Ignoring removed nomblk_io_submit option
[  275.759700][   T26] cm6533_jd 0003:0D8C:0022.000C: item fetching failed at offset 0/5
[  275.783618][ T7959] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  275.816015][   T26] cm6533_jd 0003:0D8C:0022.000C: parse failed
[  275.822820][   T26] cm6533_jd: probe of 0003:0D8C:0022.000C failed with error -22
[  275.873443][ T7959] EXT4-fs (loop2): unmounting filesystem.
[  275.908843][ T7804] device veth0_vlan entered promiscuous mode
[  275.948114][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  275.981784][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  276.023995][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  276.025597][ T3907] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  276.043046][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  276.060691][ T3609] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  276.068209][ T3907] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  276.071925][ T3623] usb 2-1: USB disconnect, device number 9
[  276.097035][ T3609] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  276.097602][ T3907] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  276.123281][ T7804] device veth1_vlan entered promiscuous mode
[  276.157018][ T3907] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  276.196677][ T3604] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  276.198914][ T7967] loop2: detected capacity change from 0 to 4096
[  276.205000][ T3604] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  276.218853][ T7949] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  276.276575][ T3604] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  276.299403][ T3604] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  276.319214][ T7804] device veth0_macvtap entered promiscuous mode
[  276.337127][ T3907] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  276.354079][ T7804] device veth1_macvtap entered promiscuous mode
[  276.400405][ T7804] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  276.418533][ T7804] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  276.432981][ T7804] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  276.465364][ T7804] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  276.487061][ T7804] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  276.514401][ T7804] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  276.541959][ T7804] batman_adv: batadv0: Interface activated: batadv_slave_0
[  276.562179][ T3907] usb 4-1: USB disconnect, device number 15
[  276.583598][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  276.606264][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  276.657474][ T7804] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  276.755326][ T7804] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  276.765203][ T7804] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  276.860780][ T7804] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  276.870895][ T7804] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  276.901847][ T7804] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  276.944767][ T7804] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  276.965412][ T7804] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  276.978911][ T7804] batman_adv: batadv0: Interface activated: batadv_slave_1
[  276.996789][ T7804] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  277.012103][ T7804] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  277.038659][ T7804] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  277.058287][ T7804] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  277.074278][ T7426] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  277.093757][ T7426] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  277.226823][ T6292] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  277.241236][ T6292] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  277.278485][ T4132] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  277.297973][ T6190] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  277.322181][ T6190] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  277.350682][ T4132] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  277.475358][   T26] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  277.592617][ T7999] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1360'.
[  277.609464][ T8001] loop3: detected capacity change from 0 to 64
[  277.637627][ T8001] Bad inode number on dev loop3: 1 is out of range
[  277.670774][ T8001] MINIX-fs: get root inode failed
[  277.870535][   T26] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  277.895883][   T26] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  277.920881][   T26] usb 2-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.00
[  277.945689][   T26] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  277.966037][   T26] usb 2-1: config 0 descriptor??
[  278.096393][ T8010] loop4: detected capacity change from 0 to 4096
[  278.124341][ T8010] ntfs3: loop4: Different NTFS' sector size (2048) and media sector size (512)
[  278.182331][ T8010] ntfs3: loop4: Mark volume as dirty due to NTFS errors
[  278.195936][ T8010] ntfs3: loop4: Failed to load $AttrDef -> 0
[  278.313215][ T7995] loop2: detected capacity change from 0 to 32768
[  278.479935][   T26] holtek_kbd 0003:04D9:A055.000D: hidraw0: USB HID v0.00 Device [HID 04d9:a055] on usb-dummy_hcd.1-1/input0
[  278.491804][ T8023] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1373'.
[  278.506792][ T3564] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  278.520858][ T3564] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  278.530419][ T3564] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  278.539100][ T3564] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  278.546784][ T3564] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  278.554200][ T3564] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  278.706030][ T3609] usb 2-1: USB disconnect, device number 10
[  278.721699][ T8033] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1376'.
[  278.899975][ T6285] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  278.951556][ T8026] chnl_net:caif_netlink_parms(): no params data found
[  279.004822][ T6285] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  279.155618][ T8045] loop2: detected capacity change from 0 to 64
[  279.179534][ T6285] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  279.251999][ T8026] bridge0: port 1(bridge_slave_0) entered blocking state
[  279.265434][ T8026] bridge0: port 1(bridge_slave_0) entered disabled state
[  279.296624][ T8026] device bridge_slave_0 entered promiscuous mode
[  279.317004][ T8026] bridge0: port 2(bridge_slave_1) entered blocking state
[  279.325082][ T8026] bridge0: port 2(bridge_slave_1) entered disabled state
[  279.349561][ T8026] device bridge_slave_1 entered promiscuous mode
[  279.439910][ T6285] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  279.547638][ T8026] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  279.594162][ T8026] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  279.734555][ T8026] team0: Port device team_slave_0 added
[  279.777048][ T8026] team0: Port device team_slave_1 added
[  279.876658][ T8055] IPv6: addrconf: prefix option has invalid lifetime
[  279.894140][ T8026] batman_adv: batadv0: Adding interface: batadv_slave_0
[  279.914792][ T8026] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  279.987357][ T8026] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  280.036071][ T8026] batman_adv: batadv0: Adding interface: batadv_slave_1
[  280.049222][ T8026] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  280.106854][ T8026] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  280.188351][ T8049] loop2: detected capacity change from 0 to 32768
[  280.202154][ T8049] XFS (loop2): Mounting V5 Filesystem
[  280.297663][ T8049] XFS (loop2): Ending clean mount
[  280.322123][ T8049] XFS (loop2): Quotacheck needed: Please wait.
[  280.343882][ T8026] device hsr_slave_0 entered promiscuous mode
[  280.359115][ T8026] device hsr_slave_1 entered promiscuous mode
[  280.370508][ T8026] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  280.407137][ T8049] XFS (loop2): Quotacheck: Done.
[  280.433166][ T8026] Cannot create hsr debugfs directory
[  280.550718][ T6515] XFS (loop2): Unmounting Filesystem
[  280.556374][ T8073] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1387'.
[  280.607653][   T48] Bluetooth: hci1: command tx timeout
[  280.667507][ T8058] loop1: detected capacity change from 0 to 32768
[  281.010818][ T8063] loop4: detected capacity change from 0 to 32768
[  281.074656][ T8063] XFS (loop4): Mounting V5 Filesystem
[  281.290291][ T8063] XFS (loop4): Ending clean mount
[  281.322013][ T8063] XFS (loop4): Quotacheck needed: Please wait.
[  281.415682][ T8094] 9pnet_fd: Insufficient options for proto=fd
[  281.431290][ T8063] XFS (loop4): Quotacheck: Done.
[  281.480393][ T8094] loop2: detected capacity change from 0 to 1024
[  281.502277][ T8094] EXT4-fs: Ignoring removed nomblk_io_submit option
[  281.545454][ T8094] EXT4-fs: Ignoring removed nomblk_io_submit option
[  281.652587][ T7804] XFS (loop4): Unmounting Filesystem
[  281.686596][ T8094] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  281.710714][ T8094] EXT4-fs (loop2): unmounting filesystem.
[  281.804170][ T8085] loop1: detected capacity change from 0 to 32768
[  281.836713][ T8085] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop1 scanned by syz.1.1389 (8085)
[  281.906720][ T8085] BTRFS info (device loop1): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  281.926371][ T8085] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm
[  281.954675][ T8085] BTRFS info (device loop1): using free space tree
[  282.033625][ T8109] loop2: detected capacity change from 0 to 64
[  282.122537][ T6285] device hsr_slave_0 left promiscuous mode
[  282.161712][ T6285] device hsr_slave_1 left promiscuous mode
[  282.189067][ T8085] BTRFS info (device loop1): enabling ssd optimizations
[  282.201290][ T6285] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  282.224723][ T6285] batman_adv: batadv0: Removing interface: batadv_slave_0
[  282.266144][ T6285] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  282.288157][ T6285] batman_adv: batadv0: Removing interface: batadv_slave_1
[  282.328906][ T6285] device bridge_slave_1 left promiscuous mode
[  282.355575][ T6285] bridge0: port 2(bridge_slave_1) entered disabled state
[  282.401907][ T6285] device bridge_slave_0 left promiscuous mode
[  282.420603][ T6285] bridge0: port 1(bridge_slave_0) entered disabled state
[  282.513477][ T6285] device veth1_macvtap left promiscuous mode
[  282.528120][ T6285] device veth0_macvtap left promiscuous mode
[  282.541159][ T6285] device veth1_vlan left promiscuous mode
[  282.565413][ T6285] device veth0_vlan left promiscuous mode
[  282.650439][ T5028] BTRFS info (device loop1): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  282.685760][   T48] Bluetooth: hci1: command tx timeout
[  282.822963][ T8146] 9pnet_fd: Insufficient options for proto=fd
[  283.783934][ T6285] team0 (unregistering): Port device team_slave_1 removed
[  283.858881][ T6285] team0 (unregistering): Port device team_slave_0 removed
[  283.918481][ T6285] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  283.990956][ T6285] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  284.731928][ T6285] bond0 (unregistering): Released all slaves
[  284.765484][ T3564] Bluetooth: hci1: command tx timeout
[  284.952606][ T8026] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  284.984739][ T8026] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  285.006121][ T8026] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  285.062444][ T8026] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  285.150004][ T8185] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1423'.
[  285.303688][ T8191] netlink: 'syz.0.1426': attribute type 1 has an invalid length.
[  285.389276][ T8026] 8021q: adding VLAN 0 to HW filter on device bond0
[  285.461298][ T7424] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  285.476137][ T7424] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  285.547759][ T8026] 8021q: adding VLAN 0 to HW filter on device team0
[  285.578702][ T8198] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1428'.
[  285.591625][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  285.606892][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  285.636947][  T155] bridge0: port 1(bridge_slave_0) entered blocking state
[  285.644107][  T155] bridge0: port 1(bridge_slave_0) entered forwarding state
[  285.711393][ T7424] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  285.738123][ T7424] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  285.766375][ T7424] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  285.794301][ T7424] bridge0: port 2(bridge_slave_1) entered blocking state
[  285.801495][ T7424] bridge0: port 2(bridge_slave_1) entered forwarding state
[  285.846302][ T7424] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  285.924703][ T7424] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  285.962968][ T7424] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  285.997111][ T7424] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  286.042890][ T7424] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  286.076881][ T7424] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  286.114523][ T7424] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  286.142271][ T7424] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  286.173344][ T7424] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  286.196183][ T7424] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  286.226104][ T7424] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  286.256636][ T8026] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  286.492872][ T8219] netlink: 'syz.4.1438': attribute type 5 has an invalid length.
[  286.532480][ T8221] netlink: 'syz.1.1437': attribute type 2 has an invalid length.
[  286.554896][ T8223] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1439'.
[  286.575340][ T3611] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  286.715041][ T8231] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1442'.
[  286.757624][ T3609] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  286.772046][ T3609] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  286.790626][ T8026] 8021q: adding VLAN 0 to HW filter on device batadv0
[  286.843483][ T7424] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  286.855773][ T3564] Bluetooth: hci1: command tx timeout
[  286.875890][ T7424] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  286.901079][ T8235] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1443'.
[  286.944906][ T8235] netlink: 'syz.1.1443': attribute type 18 has an invalid length.
[  286.953395][ T3611] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  286.965336][   T26] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  286.976113][ T3611] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  286.991168][ T3611] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  287.020976][ T3611] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  287.055766][ T8211] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  287.066494][ T3609] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  287.079794][ T3609] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  287.106892][ T4121] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  287.120911][ T4121] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  287.145992][ T8026] device veth0_vlan entered promiscuous mode
[  287.189934][ T8026] device veth1_vlan entered promiscuous mode
[  287.268757][ T4121] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  287.289783][ T4121] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  287.302368][ T4121] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  287.319084][ T4121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  287.343808][ T8026] device veth0_macvtap entered promiscuous mode
[  287.365074][ T8026] device veth1_macvtap entered promiscuous mode
[  287.429298][ T4121] usb 3-1: USB disconnect, device number 9
[  287.441824][ T8026] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  287.550097][ T8026] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  287.560646][   T26] usb 5-1: New USB device found, idVendor=041e, idProduct=400a, bcdDevice=9e.b6
[  287.593524][   T26] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  287.615277][ T8026] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  287.634408][   T26] usb 5-1: Product: syz
[  287.645427][   T26] usb 5-1: Manufacturer: syz
[  287.660303][ T8026] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  287.670428][   T26] usb 5-1: SerialNumber: syz
[  287.685802][   T26] usb 5-1: config 0 descriptor??
[  287.702022][ T8026] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  287.727548][   T26] gspca_main: spca500-2.14.0 probing 041e:400a
[  287.732332][ T8026] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  287.771138][ T8026] batman_adv: batadv0: Interface activated: batadv_slave_0
[  287.803847][ T7424] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  287.830618][ T7424] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  287.849848][ T7424] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  287.861376][ T7424] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  287.885673][ T8238] netlink: 'syz.0.1444': attribute type 1 has an invalid length.
[  287.907150][ T8026] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  287.939864][ T8026] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  287.952283][   T26] usb 5-1: USB disconnect, device number 8
[  287.959848][ T8026] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  288.019947][ T8026] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  288.040244][ T8026] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  288.063636][ T8026] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  288.099538][ T8026] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  288.131144][ T8026] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  288.175566][ T8026] batman_adv: batadv0: Interface activated: batadv_slave_1
[  288.199257][ T7424] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  288.218812][ T7424] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  288.244433][ T8026] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  288.264642][ T8026] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  288.299609][ T8026] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  288.308717][ T8026] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  288.552742][   T41] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  288.581470][   T41] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  288.665034][ T3611] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  288.699288][   T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  288.734488][   T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  288.789733][ T8253] netlink: 'syz.4.1450': attribute type 2 has an invalid length.
[  288.829986][ T7424] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  288.861549][ T8255] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1451'.
[  288.998297][ T8262] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1454'.
[  289.023788][ T8263] loop3: detected capacity change from 0 to 1024
[  289.063020][ T8265] loop2: detected capacity change from 0 to 2048
[  289.162561][ T8263] hfsplus: bad catalog entry type
[  289.212309][ T8272] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  289.262695][   T41] hfsplus: b-tree write err: -5, ino 4
[  289.974549][ T8300] loop2: detected capacity change from 0 to 1024
[  290.043773][ T8301] loop3: detected capacity change from 0 to 2364
[  290.062551][ T8300] hfsplus: bad catalog entry type
[  290.067807][ T7424] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  290.118429][ T6285] hfsplus: b-tree write err: -5, ino 4
[  290.190314][ T8307] loop4: detected capacity change from 0 to 2048
[  290.239494][ T8312] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  290.446344][ T7424] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 84, setting to 64
[  290.472558][ T7424] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  290.487515][ T7424] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  290.493805][ T8326] netlink: 'syz.3.1481': attribute type 2 has an invalid length.
[  290.524725][ T7424] usb 1-1: config 0 descriptor??
[  290.619652][ T8332] loop1: detected capacity change from 0 to 1024
[  290.701939][ T8332] hfsplus: bad catalog entry type
[  290.776888][ T7424] ath6kl: Failed to submit usb control message: -71
[  290.782314][ T8342] loop3: detected capacity change from 0 to 2048
[  290.783566][ T7424] ath6kl: unable to send the bmi data to the device: -71
[  290.783584][ T7424] ath6kl: Unable to send get target info: -71
[  290.805155][ T7424] ath6kl: Failed to init ath6kl core: -71
[  290.811850][ T6287] hfsplus: b-tree write err: -5, ino 4
[  290.876259][ T8344] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  290.893012][ T7424] ath6kl_usb: probe of 1-1:0.0 failed with error -71
[  290.908122][ T7424] usb 1-1: USB disconnect, device number 14
[  292.633499][ T8403] loop4: detected capacity change from 0 to 1024
[  292.696799][ T3609] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  292.752826][ T8407] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1519'.
[  292.778064][ T3564] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection
[  292.795555][ T7426] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  292.815615][ T3907] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  292.975437][ T3609] usb 3-1: Using ep0 maxpacket: 16
[  293.085620][   T26] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  293.105645][ T3609] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  293.165484][ T7426] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  293.176902][ T3907] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  293.188036][ T7426] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  293.199220][ T3907] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  293.209071][ T7426] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  293.218896][ T3907] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  293.229051][ T7426] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  293.242077][ T3907] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  293.261052][ T3907] usb 1-1: config 0 descriptor??
[  293.285522][ T3609] usb 3-1: New USB device found, idVendor=0b05, idProduct=1807, bcdDevice= 0.40
[  293.294846][ T3609] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  293.302954][ T3609] usb 3-1: Product: syz
[  293.307398][ T3609] usb 3-1: Manufacturer: syz
[  293.312026][ T3609] usb 3-1: SerialNumber: syz
[  293.336190][ T7426] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  293.347349][ T7426] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  293.355889][ T7426] usb 2-1: Manufacturer: syz
[  293.363848][ T8413] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1522'.
[  293.364488][ T7426] usb 2-1: config 0 descriptor??
[  293.375687][ T3609] usbhid 3-1:1.0: couldn't find an input interrupt endpoint
[  293.513569][ T8396] kernel profiling enabled (shift: 9)
[  293.610225][ T3643] usb 3-1: USB disconnect, device number 10
[  293.675586][   T26] usb 5-1: New USB device found, idVendor=041e, idProduct=400a, bcdDevice=9e.b6
[  293.689688][   T26] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  293.698717][   T26] usb 5-1: Product: syz
[  293.703670][   T26] usb 5-1: Manufacturer: syz
[  293.713506][   T26] usb 5-1: SerialNumber: syz
[  293.721650][   T26] usb 5-1: config 0 descriptor??
[  293.777183][   T26] gspca_main: spca500-2.14.0 probing 041e:400a
[  293.856845][ T7426] appleir 0003:05AC:8243.000F: unknown main item tag 0x0
[  293.864438][ T7426] appleir 0003:05AC:8243.000F: No inputs registered, leaving
[  293.891774][ T7426] appleir 0003:05AC:8243.000F: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0
[  293.993678][ T3643] usb 5-1: USB disconnect, device number 9
[  294.166343][ T7426] usb 2-1: USB disconnect, device number 11
[  294.335595][ T3907] usb 1-1: string descriptor 0 read error: -71
[  294.355558][ T3907] uclogic 0003:256C:006D.000E: failed retrieving string descriptor #200: -71
[  294.379148][ T3907] uclogic 0003:256C:006D.000E: failed retrieving pen parameters: -71
[  294.394434][ T3907] uclogic 0003:256C:006D.000E: failed probing pen v2 parameters: -71
[  294.402789][ T3907] uclogic 0003:256C:006D.000E: failed probing parameters: -71
[  294.416653][ T3907] uclogic: probe of 0003:256C:006D.000E failed with error -71
[  294.442250][ T3907] usb 1-1: USB disconnect, device number 15
[  294.765570][   T48] Bluetooth: hci1: command tx timeout
[  295.130758][ T8459] loop4: detected capacity change from 0 to 2364
[  295.285306][ T3643] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  295.335518][ T3907] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  295.396616][ T3611] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  295.443288][ T8462] sctp: [Deprecated]: syz.4.1542 (pid 8462) Use of int in maxseg socket option.
[  295.443288][ T8462] Use struct sctp_assoc_value instead
[  295.675791][ T3611] usb 4-1: Using ep0 maxpacket: 16
[  295.705547][ T3907] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  295.715594][ T3643] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 84, setting to 64
[  295.725417][ T3907] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  295.734686][ T3643] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  295.747217][ T3907] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  295.751902][ T3643] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  295.767669][ T3907] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  295.779246][ T3643] usb 2-1: config 0 descriptor??
[  295.788146][ T3907] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  295.798639][ T3611] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  295.813060][ T3907] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  295.854619][ T8467] tc_dump_action: action bad kind
[  295.971927][ T3611] usb 4-1: New USB device found, idVendor=0b05, idProduct=1807, bcdDevice= 0.40
[  295.989870][ T3907] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  295.999417][ T3611] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  296.007673][ T3907] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  296.016039][ T3611] usb 4-1: Product: syz
[  296.020307][ T3907] usb 1-1: Product: syz
[  296.024496][ T3907] usb 1-1: Manufacturer: syz
[  296.029266][ T3611] usb 4-1: Manufacturer: syz
[  296.033977][ T3611] usb 4-1: SerialNumber: syz
[  296.035489][ T3643] ath6kl: Failed to submit usb control message: -71
[  296.038741][ T3907] usb 1-1: SerialNumber: syz
[  296.051181][ T3643] ath6kl: unable to send the bmi data to the device: -71
[  296.058790][ T3643] ath6kl: Unable to send get target info: -71
[  296.072350][ T3643] ath6kl: Failed to init ath6kl core: -71
[  296.087955][ T3611] usbhid 4-1:1.0: couldn't find an input interrupt endpoint
[  296.112524][ T8477] loop2: detected capacity change from 0 to 1024
[  296.113094][ T3643] ath6kl_usb: probe of 2-1:0.0 failed with error -71
[  296.128809][ T3643] usb 2-1: USB disconnect, device number 12
[  296.265499][   T22] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  296.311737][ T3611] usb 4-1: USB disconnect, device number 16
[  296.444304][ T8488] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1554'.
[  296.474518][ T3559] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection
[  296.665606][   T22] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  296.676555][   T22] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  296.689220][   T22] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  296.699856][   T22] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  296.816182][   T22] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  296.825500][   T22] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  296.833630][   T22] usb 5-1: Manufacturer: syz
[  296.840091][   T22] usb 5-1: config 0 descriptor??
[  296.914608][ T8495] tc_dump_action: action bad kind
[  296.925620][ T3559] Bluetooth: hci1: command 0x0406 tx timeout
[  296.927187][ T8497] loop3: detected capacity change from 0 to 64
[  297.049064][ T8501] loop2: detected capacity change from 0 to 1024
[  297.205570][ T3907] cdc_ncm 1-1:1.0: bind() failure
[  297.222520][ T3907] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found
[  297.249345][ T3907] cdc_ncm 1-1:1.1: bind() failure
[  297.260981][ T3907] usb 1-1: USB disconnect, device number 16
[  297.357134][   T22] appleir 0003:05AC:8243.0010: unknown main item tag 0x0
[  297.371389][   T22] appleir 0003:05AC:8243.0010: No inputs registered, leaving
[  297.403975][   T22] appleir 0003:05AC:8243.0010: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0
[  297.485448][   T26] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  297.496319][ T8523] tc_dump_action: action bad kind
[  297.548504][ T8525] loop3: detected capacity change from 0 to 64
[  297.614584][ T3559] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection
[  297.630968][ T8527] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1572'.
[  297.653198][   T22] usb 5-1: USB disconnect, device number 10
[  297.677267][ T3559] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection
[  297.895583][ T7424] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  297.897989][   T26] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 84, setting to 64
[  297.917654][   T26] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  297.927090][   T26] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  297.938517][   T26] usb 3-1: config 0 descriptor??
[  298.135380][ T7424] usb 2-1: Using ep0 maxpacket: 16
[  298.230395][   T26] ath6kl: Failed to submit usb control message: -71
[  298.240870][   T26] ath6kl: unable to send the bmi data to the device: -71
[  298.255641][ T7424] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  298.257443][   T26] ath6kl: Unable to send get target info: -71
[  298.281629][ T8550] loop3: detected capacity change from 0 to 64
[  298.288249][   T26] ath6kl: Failed to init ath6kl core: -71
[  298.341076][   T26] ath6kl_usb: probe of 3-1:0.0 failed with error -71
[  298.353505][   T26] usb 3-1: USB disconnect, device number 11
[  298.445434][ T3559] Bluetooth: hci2: command tx timeout
[  298.451418][ T7424] usb 2-1: New USB device found, idVendor=0b05, idProduct=1807, bcdDevice= 0.40
[  298.471040][ T7424] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  298.479199][ T7424] usb 2-1: Product: syz
[  298.483521][ T7424] usb 2-1: Manufacturer: syz
[  298.489741][ T8555] loop3: detected capacity change from 0 to 2048
[  298.496339][ T7424] usb 2-1: SerialNumber: syz
[  298.514267][ T8555] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  298.537772][ T7424] usbhid 2-1:1.0: couldn't find an input interrupt endpoint
[  298.565379][ T3611] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  298.778709][ T8553] loop4: detected capacity change from 0 to 32768
[  298.789761][ T8553] 
[  298.789761][ T8553]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  298.789761][ T8553] 
[  298.801409][ T7424] usb 2-1: USB disconnect, device number 13
[  298.824364][ T8553] 
[  298.824364][ T8553]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  298.824364][ T8553] 
[  298.838484][ T8553] 
[  298.838484][ T8553]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  298.838484][ T8553] 
[  298.849711][ T8553] 
[  298.849711][ T8553]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  298.849711][ T8553] 
[  298.861967][ T8553] 
[  298.861967][ T8553]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  298.861967][ T8553] 
[  298.879837][  T134] 
[  298.879837][  T134]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  298.879837][  T134] 
[  298.904739][ T8553] 
[  298.904739][ T8553]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  298.904739][ T8553] 
[  298.924246][ T8553] 
[  298.924246][ T8553]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  298.924246][ T8553] 
[  298.932456][ T3611] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  298.935707][ T8553] 
[  298.935707][ T8553]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  298.935707][ T8553] 
[  298.960061][ T3611] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  298.967503][ T8553] 
[  298.967503][ T8553]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  298.967503][ T8553] 
[  298.976992][ T3611] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  298.982567][ T8553] 
[  298.982567][ T8553]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  298.982567][ T8553] 
[  298.995015][ T3611] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  299.013190][  T134] 
[  299.013190][  T134]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  299.013190][  T134] 
[  299.020691][ T3611] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  299.033829][ T3611] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  299.035713][   T26] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  299.078199][   T41] 
[  299.078199][   T41]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  299.078199][   T41] 
[  299.089387][   T41] 
[  299.089387][   T41]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  299.089387][   T41] 
[  299.100553][   T41] 
[  299.100553][   T41]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  299.100553][   T41] 
[  299.111998][ T7804] 
[  299.111998][ T7804]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  299.111998][ T7804] 
[  299.130591][  T134] 
[  299.130591][  T134]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  299.130591][  T134] 
[  299.150463][ T7804] 
[  299.150463][ T7804]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  299.150463][ T7804] 
[  299.168521][  T134] ==================================================================
[  299.176721][  T134] BUG: KASAN: use-after-free in txEnd+0x350/0x560
[  299.183196][  T134] Write of size 8 at addr ffff888076f24840 by task jfsCommit/134
[  299.190934][  T134] 
[  299.193283][  T134] CPU: 0 PID: 134 Comm: jfsCommit Not tainted 6.1.99-syzkaller #0
[  299.201106][  T134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  299.211194][  T134] Call Trace:
[  299.214494][  T134]  <TASK>
[  299.217442][  T134]  dump_stack_lvl+0x1e3/0x2cb
[  299.222155][  T134]  ? nf_tcp_handle_invalid+0x642/0x642
[  299.227652][  T134]  ? panic+0x764/0x764
[  299.231759][  T134]  ? _printk+0xd1/0x111
[  299.235938][  T134]  ? __virt_addr_valid+0x17f/0x520
[  299.241061][  T134]  ? __virt_addr_valid+0x17f/0x520
[  299.246182][  T134]  print_report+0x15f/0x4f0
[  299.250691][  T134]  ? __virt_addr_valid+0x17f/0x520
[  299.255820][  T134]  ? __virt_addr_valid+0x17f/0x520
[  299.260937][  T134]  ? __virt_addr_valid+0x44a/0x520
[  299.266055][  T134]  ? __phys_addr+0xb6/0x170
[  299.270569][  T134]  ? txEnd+0x350/0x560
[  299.274638][  T134]  kasan_report+0x136/0x160
[  299.279146][  T134]  ? txEnd+0x350/0x560
[  299.283223][  T134]  kasan_check_range+0x27f/0x290
[  299.288167][  T134]  txEnd+0x350/0x560
[  299.292068][  T134]  jfs_lazycommit+0x610/0xb60
[  299.296745][  T134]  ? _raw_spin_unlock_irqrestore+0x8b/0x130
[  299.302648][  T134]  ? lockdep_hardirqs_on+0x94/0x130
[  299.307881][  T134]  ? txFreelock+0x580/0x580
[  299.312478][  T134]  ? do_task_dead+0xd0/0xd0
[  299.317001][  T134]  ? _raw_spin_unlock+0x40/0x40
[  299.321861][  T134]  ? __kthread_parkme+0x168/0x1c0
[  299.326909][  T134]  kthread+0x28d/0x320
[  299.330981][  T134]  ? txFreelock+0x580/0x580
[  299.335483][  T134]  ? kthread_blkcg+0xd0/0xd0
[  299.340074][  T134]  ret_from_fork+0x1f/0x30
[  299.344512][  T134]  </TASK>
[  299.347533][  T134] 
[  299.349888][  T134] Allocated by task 8553:
[  299.354214][  T134]  kasan_set_track+0x4b/0x70
[  299.358834][  T134]  __kasan_kmalloc+0x97/0xb0
[  299.363424][  T134]  lmLogOpen+0x314/0x1030
[  299.367765][  T134]  jfs_mount_rw+0xe3/0x640
[  299.372192][  T134]  jfs_fill_super+0x67d/0xc40
[  299.376879][  T134]  mount_bdev+0x2c9/0x3f0
[  299.381219][  T134]  legacy_get_tree+0xeb/0x180
[  299.385909][  T134]  vfs_get_tree+0x88/0x270
[  299.390329][  T134]  do_new_mount+0x2ba/0xb40
[  299.394837][  T134]  __se_sys_mount+0x2d5/0x3c0
[  299.399534][  T134]  do_syscall_64+0x3b/0xb0
[  299.403957][  T134]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  299.409887][  T134] 
[  299.412207][  T134] Freed by task 7804:
[  299.416206][  T134]  kasan_set_track+0x4b/0x70
[  299.420831][  T134]  kasan_save_free_info+0x27/0x40
[  299.425866][  T134]  ____kasan_slab_free+0xd6/0x120
[  299.430907][  T134]  __kmem_cache_free+0x25c/0x3c0
[  299.435890][  T134]  lmLogClose+0x29d/0x530
[  299.440232][  T134]  jfs_umount+0x298/0x370
[  299.444562][  T134]  jfs_put_super+0x86/0x180
[  299.449095][  T134]  generic_shutdown_super+0x130/0x340
[  299.454471][  T134]  kill_block_super+0x7a/0xe0
[  299.459153][  T134]  deactivate_locked_super+0xa0/0x110
[  299.464532][  T134]  cleanup_mnt+0x490/0x520
[  299.468955][  T134]  task_work_run+0x246/0x300
[  299.473555][  T134]  exit_to_user_mode_loop+0xde/0x100
[  299.478841][  T134]  exit_to_user_mode_prepare+0xb1/0x140
[  299.484403][  T134]  syscall_exit_to_user_mode+0x60/0x270
[  299.489952][  T134]  do_syscall_64+0x47/0xb0
[  299.494376][  T134]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  299.500276][  T134] 
[  299.502603][  T134] The buggy address belongs to the object at ffff888076f24800
[  299.502603][  T134]  which belongs to the cache kmalloc-1k of size 1024
[  299.516654][  T134] The buggy address is located 64 bytes inside of
[  299.516654][  T134]  1024-byte region [ffff888076f24800, ffff888076f24c00)
[  299.529954][  T134] 
[  299.532276][  T134] The buggy address belongs to the physical page:
[  299.538781][  T134] page:ffffea0001dbc800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x76f20
[  299.548938][  T134] head:ffffea0001dbc800 order:3 compound_mapcount:0 compound_pincount:0
[  299.557260][  T134] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  299.565258][  T134] raw: 00fff00000010200 ffffea0001f62600 dead000000000002 ffff888012441dc0
[  299.573843][  T134] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[  299.582426][  T134] page dumped because: kasan: bad access detected
[  299.588854][  T134] page_owner tracks the page as allocated
[  299.594567][  T134] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1f2a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_MEMALLOC|__GFP_HARDWALL), pid 6189, tgid 6189 (kworker/u4:12), ts 264906718953, free_ts 264764964611
[  299.618360][  T134]  post_alloc_hook+0x18d/0x1b0
[  299.623125][  T134]  get_page_from_freelist+0x322e/0x33b0
[  299.628670][  T134]  __alloc_pages+0x28d/0x770
[  299.633260][  T134]  alloc_slab_page+0x6a/0x150
[  299.637944][  T134]  new_slab+0x84/0x2d0
[  299.642015][  T134]  ___slab_alloc+0xc20/0x1270
[  299.646699][  T134]  __kmem_cache_alloc_node+0x19f/0x260
[  299.652164][  T134]  __kmalloc_node_track_caller+0xa0/0x220
[  299.657887][  T134]  __alloc_skb+0x135/0x670
[  299.662318][  T134]  __netdev_alloc_skb+0xfb/0x500
[  299.667262][  T134]  batadv_iv_ogm_queue_add+0x6a0/0xbf0
[  299.672756][  T134]  batadv_iv_ogm_schedule+0xc49/0x1090
[  299.678222][  T134]  batadv_iv_send_outstanding_bat_ogm_packet+0x6fa/0x800
[  299.685256][  T134]  process_one_work+0x8a9/0x11d0
[  299.690195][  T134]  worker_thread+0xa47/0x1200
[  299.694882][  T134]  kthread+0x28d/0x320
[  299.698948][  T134] page last free stack trace:
[  299.703617][  T134]  free_unref_page_prepare+0xf63/0x1120
[  299.709165][  T134]  free_unref_page+0x33/0x3e0
[  299.713837][  T134]  qlist_free_all+0x76/0xe0
[  299.718345][  T134]  kasan_quarantine_reduce+0x156/0x170
[  299.723804][  T134]  __kasan_slab_alloc+0x1f/0x70
[  299.728653][  T134]  slab_post_alloc_hook+0x52/0x3a0
[  299.733767][  T134]  kmem_cache_alloc+0x10c/0x2d0
[  299.738622][  T134]  ptlock_alloc+0x1c/0x60
[  299.742955][  T134]  pte_alloc_one+0xd1/0x360
[  299.747465][  T134]  __pte_alloc+0x75/0x220
[  299.751792][  T134]  handle_mm_fault+0x491c/0x5340
[  299.756733][  T134]  exc_page_fault+0x26f/0x620
[  299.761413][  T134]  asm_exc_page_fault+0x22/0x30
[  299.766275][  T134] 
[  299.768596][  T134] Memory state around the buggy address:
[  299.774222][  T134]  ffff888076f24700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  299.782280][  T134]  ffff888076f24780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  299.790335][  T134] >ffff888076f24800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  299.798392][  T134]                                            ^
[  299.804567][  T134]  ffff888076f24880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  299.812635][  T134]  ffff888076f24900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  299.820696][  T134] ==================================================================
[  299.871891][  T134] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  299.879225][  T134] CPU: 1 PID: 134 Comm: jfsCommit Not tainted 6.1.99-syzkaller #0
[  299.885582][ T3611] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  299.885614][ T3611] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  299.885635][ T3611] usb 1-1: Product: syz
[  299.885649][ T3611] usb 1-1: Manufacturer: syz
[  299.885664][ T3611] usb 1-1: SerialNumber: syz
[  299.917436][  T134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  299.923037][ T8570] loop4: detected capacity change from 0 to 1024
[  299.933929][  T134] Call Trace:
[  299.937216][  T134]  <TASK>
[  299.940159][  T134]  dump_stack_lvl+0x1e3/0x2cb
[  299.944855][  T134]  ? nf_tcp_handle_invalid+0x642/0x642
[  299.950344][  T134]  ? panic+0x764/0x764
[  299.954417][  T134]  ? vscnprintf+0x59/0x80
[  299.958752][  T134]  panic+0x318/0x764
[  299.962649][  T134]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[  299.968817][  T134]  ? check_panic_on_warn+0x1d/0xa0
[  299.973934][  T134]  ? memcpy_page_flushcache+0xfc/0xfc
[  299.979310][  T134]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[  299.985312][  T134]  ? _raw_spin_unlock+0x40/0x40
[  299.990195][  T134]  check_panic_on_warn+0x7e/0xa0
[  299.995151][  T134]  ? txEnd+0x350/0x560
[  299.999230][  T134]  end_report+0x66/0x110
[  300.003504][  T134]  kasan_report+0x143/0x160
[  300.008011][  T134]  ? txEnd+0x350/0x560
[  300.012078][  T134]  kasan_check_range+0x27f/0x290
[  300.017044][  T134]  txEnd+0x350/0x560
[  300.020942][  T134]  jfs_lazycommit+0x610/0xb60
[  300.025614][  T134]  ? _raw_spin_unlock_irqrestore+0x8b/0x130
[  300.031508][  T134]  ? lockdep_hardirqs_on+0x94/0x130
[  300.036706][  T134]  ? txFreelock+0x580/0x580
[  300.041203][  T134]  ? do_task_dead+0xd0/0xd0
[  300.045719][  T134]  ? _raw_spin_unlock+0x40/0x40
[  300.050628][  T134]  ? __kthread_parkme+0x168/0x1c0
[  300.055670][  T134]  kthread+0x28d/0x320
[  300.059748][  T134]  ? txFreelock+0x580/0x580
[  300.064289][  T134]  ? kthread_blkcg+0xd0/0xd0
[  300.068886][  T134]  ret_from_fork+0x1f/0x30
[  300.073329][  T134]  </TASK>
[  300.076665][  T134] Kernel Offset: disabled
[  300.080994][  T134] Rebooting in 86400 seconds..