last executing test programs:

26.736611767s ago: executing program 1 (id=10387):
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x101a02, 0x0)
pwritev(r0, &(0x7f0000000000)=[{&(0x7f0000000480)="8704039ebb4768106c958114", 0xc}], 0x1, 0x0, 0x0)

26.597749078s ago: executing program 1 (id=10389):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000005c00)={&(0x7f0000000000)=@newtaction={0x5c, 0x30, 0x9, 0x2, 0x0, {}, [{0x48, 0x1, [@m_bpf={0x44, 0x1, 0x0, 0x0, {{0x8}, {0x1c, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x0, 0x0, 0x10000000, 0x0, 0xfffffff7}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x24000004}, 0x0)

26.44823267s ago: executing program 1 (id=10392):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000300)="2e00000011008188040f80ec59acbc0413a181004000000004000000000000000e000a000d00000002800200121f", 0x2e}], 0x1}, 0x0)

26.054550981s ago: executing program 1 (id=10396):
syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0xc0ed4040, &(0x7f0000000340)={[{@noblock_validity}, {@stripe={'stripe', 0x3d, 0x1}}, {@nouid32}, {@grpid}, {@bsdgroups}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x3}}, {@nolazytime}, {@noload}]}, 0xf5, 0x47a, &(0x7f0000000f80)="$eJzs3M9vFFUcAPDvTLel5YdFxB8gaBWMxB8tLT/kYGI0mnjQaKIHjKd1WwhSwEBNhBBFDxjjwZB4Nx5N/As86cWoJxOveDckxHABPa2ZnRnaLrulpQu7uJ9PMux7M7O89903b/fNe7sNoG+NZf8kEesj4mJEjEZEpfmEsfzh2pWztX+unK0lUa+/9XeSPS2uXjlbK/6LxpZZl++o14v8mhblnn83ojo7O3OyyE/MHftg4tTpM88eOVY9PHN45vjUgQN792wf2j+1ryNxZnFd3frxiW1bXn3nwuu1gxfe+/X7rL7ri+NlHJ00lr+6LT3R6cK6bMOCdFLpYkVYkazdBovtYozGQIxcPzYar3zW1coBt1ul1edz4Vwd+B/LBupAPyo/6LP733K7Q+OOnnD5xXzCI4v7WrHlRyqRFucMNt3fdtJwRBw89+832Ra3aR4CAGChH7PxzzOtxn9pPLDgvHuKNZSNEXFvRGyKiPsiYnNE3B/ROPfBiHhoheU3r5DcOP5JLy3K1gdWWMLSsvHf88Xa1uLxXzn6i40DRW5DI/7B5NCR2ZndxWuyKwbXZPnJRU9Z7KeX//iqed+XxTT72ILxX7Zl5S+OML3UPEE3XZ2rrj7y3OVPI7ZWWsWfXF8HTCJiS0RsvcUyjjz13bZ2x1rFX46Fb6oD60z1byOezNv/XDTFX0rark9OPrd/at/EcMzO7J4or4ob/fb7+Tfblb+q+Dsga/+1La//PP7sHjEZjjh1+szRxnrtqVso5M/Pa0mbQ5tvGv+N139tZ8RQ8nYjPVSeVTwOJa9lDyPl/o+qc3Mnp+afW+Ybj5N5/Lt2zMdfjfn+vym/PWu8Eg9HRHYRb4+IRyLi0aLtHouIxyNixxLh//LSzvfbHWvf/kvMyndQFv/0Eu2fveVlqfn2X3li4OjPP7Qrv76s9t/bSO0q9izn/W+5FVzNawcAAAB3i7TxHfgkHb+eTtPx8fw7/JtjbVqJiKcPnfjw+HT+XfmNMZiWM12jC+ZDJ4u54TI/1ZTfU8wbfz0w0siP107MTnc7eOhz69r0/8xfnV1qAXqR32tB/9L/oX/p/9C/9H/oXy90uwJAdwy13v3Jna4H0BUrH/8P35Z6AHee+3/oX/o/9C/9H/pS29/Gp6v6yf/dmqj0RjVaJkZ6oxplItKeqEbnEm98kXeJXqlPmags+49Z3GJiTctD3X5nAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6Iz/AgAA///NIdoS")
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000040)='sysfs\x00', 0x0, 0x0)

25.612310436s ago: executing program 1 (id=10402):
r0 = socket(0x40000000015, 0x5, 0x0)
getsockopt(r0, 0x200000000114, 0x2717, 0x0, &(0x7f0000000000))

24.967455887s ago: executing program 1 (id=10406):
r0 = socket$kcm(0x2a, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000001540)={&(0x7f0000000580)=@qipcrtr={0x2a, 0x1, 0x3fff}, 0x80, 0x0}, 0x0)

24.270480913s ago: executing program 32 (id=10406):
r0 = socket$kcm(0x2a, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000001540)={&(0x7f0000000580)=@qipcrtr={0x2a, 0x1, 0x3fff}, 0x80, 0x0}, 0x0)

4.78796622s ago: executing program 4 (id=10571):
syz_mount_image$ocfs2(&(0x7f0000000040), &(0x7f00000001c0)='./bus\x00', 0x88c0, &(0x7f00000002c0)=ANY=[@ANYBLOB="61636c2c6e6f696e74722c6174696d655f7175616e74756d3d30303030303030303030303030303030303030372c6c6f63616c666c6f636b732c6c6f63616c616c6c6f633d30303030303030303030303030303030303030332c6c6f63616c666c6f636b732c696e74722c6865617274626561743d6e6f6e652c0024855616ead4c7dc9e9da093713b0e6a6e67e1af8e4f5d7cbff1185218b41bcefa2f4f41b8212051258a0a6168526c8eef9d759bbb36a4b49ff8042320899ca9b6e9fa68a0abe364e0e2d46408f18da37d557aa1ebb8aa29451a584f1980dc477bd97f6a0446b8957872e51c2adf98e1acff806babdc9d58bc06d6d0b19476862cebe64cafa5a069852602786f40bf6a1bf7594e171d16ced9409b168ef591c2f5b676a2eb18e8a3b91275fd4467aea2037bd9790e240137bc7c80cc99e9dd662a5f"], 0x8, 0x443d, &(0x7f0000008c00)="$eJzs3c9vFG0dAPBnpkVaBGyRAyYmbiKJRk3TckJLYlsKpYWKQSHGy7JtF6huu6TdGg8c6o3Ek4kH44Fo4q0n0oNX/BO8eMQziRy8mJiQd9/s7mzZmd1N9212W+D9fA6dzvO7+5159pnD9IkTlSfr27n17VxhM1defbR9JfebcmlnoxjiY9Kx/1PH1z+9GcR1ctLX3pfZ3es3f/bgSgj/WPvXm2q1Wg01w6GjqZbf//ffZ6utx6Y4U6fWbufW+uWXIYSLbeOqGQoh/OLvIUQhhNkkbS45joYQzoVG3oNnv3+Y69NoXr4uXsu/W36+P315ae/Ffve/PQrhz6Vv/ODxxn++PTT97+8d3nK1TyMEAAAAAAAAAAAAAAAAAOBDtnDv7v2fTk6FV1EY3ova39ddSI7d3o+t9s23Bv/HAgAAAAAAAAAAAAAAAAAAwAfq/fv/uehCh/f/55PjTJf61R93Tv9Kn8fJYCz+5O78jcmpZP/3qC3/alTfRj28nR0K4x32fc/u/z6bqd95//f2fo7qapTudyxE8UTqPI4nJkL4a7Lx+6XoTFwqb1e+/6i8s7nWt2F8tNLxb+zen4pOsqF/r/Gfy7Q/+P3/v952NdXOH/bvEvukpeM/1LXc334X9RT/65l6xxF/ji4d/+F62mhrgZnGBFCL/x+GD4//fKb9QcX/fAghF9XGmkvNALU1TC2923qFtHT8T9XTUlNn8kF2u///n4n/jUz7JzX/72a/iOgoHf/Gqn0kVeL9/T8eH37/38y0fxLxr41/1/d/T9LxP91IHE4VqX+Svc7/C5n2BxX/+3EyzvNR6grYixrp3f5fHWkt8Q/vqiNt+c3nq7ezcU/rv1uZ+sf1/Nfst/n815z+vxs1nv/oLH3/j3Yt1+v9v5ipN+j5f6a+/uOo0vE/U09Lr53H6j97jf9Spv1Bxb++Khlpxv/9fPLZ6Ub6X6z/epKO/1cbiXFrid36z/r6Lzp8/X870/5JrP9q49+NB9vrpyId/7Ndy9WeDP7Zw/f/nUy9lvi3Ly76ZNJa/8jS8T/XtVz9/h85PP7LmXqDvv+/M8jGAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4Cc8lxLERj6fM4npgI4XpyfimciVYKa/mVUnn119shzCfpuXAhelwqrxRK+fXN8loxXyiVyqsh3EjyL4aRaLtUruQ3Ck9vHrQ1Gj0pFrYqK8VCJYSwkKR/M5xrtrWyXtkoPA0h3DrI+1pc3nr6pLCZX1vf+tHk5ORkWDwYw3hU/G2luFlp9N7IDWHpoO5Y1DK4evbtg7GcjX5V3tnaLJTq6Xda6pTKq4VSS53lJO+PYTyqbO1srhYqxXyp/LjZ30maSY7zi/d+fu/OVFv+w6hxnDveYQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwBb2a/uGfQgjDjbM4hDDT/CXqVP7l6+K1/Lvl5/vTl5f2Xuy/6VYOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD5nBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCrt0jNJAEIUB+M1YqJ3HsFp2O9sVRbRwRfAEegwPo0fxEt4hRYq0KUIgmYWw2YVtkur7mgfzM/MezAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOZ5eu8+3uomIsXV5jLi7+t/cZi/lPpzP37/4gwzcjrPr93DY92Uf09H+V05WrZ5l65X358xUnu/gz0Z7tNe3+d6cq6pfZuar+97EylXEdGW/DblXFXz3gIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2LIDBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFHTgWAAAAABDmbx1F3wYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCvAAAA//94Oh30")
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x800053, 0x0, 0x40, 0x0, &(0x7f0000000140))

4.089226826s ago: executing program 2 (id=10577):
r0 = syz_open_dev$sg(&(0x7f0000000080), 0xf9ba, 0x14b082)
ioctl$SG_SET_DEBUG(r0, 0x227e, &(0x7f0000000000)=0x1)

3.830733766s ago: executing program 2 (id=10579):
syz_mount_image$squashfs(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x0, &(0x7f00000002c0)={[{}]}, 0x1, 0x232, &(0x7f0000000000)="$eJzKKC4sZmdgYPj7sSaZgUGAAQRYGEQYLjAwMrAwMDDIM4KFGD4yQeipUPomlGaDyl+B0r5Q8XYo/de8KiKKgYExU+meGdMB8RRFRgEGHpGvpx4wJDPwxzJYzvNecykoc8pVobdL94PUe4VWbmJgVE/hXzRnwwSnmbxgYxkjo5DNYT4gM4sDZBADA8PkPxH3HrBIMoggmSXK8U/sVMvyVWad9xlmdExLY2A0mMXBwMCgd0R3pp0BbzcT1MziyqrsxJyc1KLiAwyo5k9m3M+kyAhSd+bv1eAHjHYM3bEMjAxyG/zVFn/7I1W5cVN95PSqiJqp3U03l66PY9im//eKidT7iRlh/x8cEtSyyMv/ME9G6fvmhjkfauqemDh2NirP5W+9/Pfd+5ja4gQ1psfiXYVs/AluWjWfnJ3cLB/PTa9u31KsuCArzWXisakX/yYcX8vAMPnCE1t9BgaGDSDnulXOjbnrFi/ItUz9fN2bFwwHoz5PZGBkZGBgYmCYGbZzD7K/yhugkcHAzMDAoMIAUsTCkJaZk2rgwcDIwMzAws6ADGCqmRg4wKr0kvNzUtoZGMFJAKxtOQML3AzDxwys/CDlII7RYwZWuIyxRQPMyHYorQKlPaD0cij9GErLoyUbFrAJ/VCeRgMDAxtDReJ//iJDNgYGhorEkpIiQ4hYSUmREVzMSABuMxPU1rlMqJ47zsQwCkbBKBgFo2AUjIJRMApGwSgYBSMZAAIAAP//kpC1eQ==")
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120100006325a640402000207265970000010902240001000000000904000002214c6a0009050702000000da000905"], 0x0)

3.106109424s ago: executing program 4 (id=10584):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@security={'security\x00', 0xe, 0x4, 0x368, 0xffffffff, 0xd0, 0x1c8, 0xd0, 0xffffffff, 0xffffffff, 0x298, 0x298, 0x298, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@dev={0xfe, 0x80, '\x00', 0x37}, @ipv4={'\x00', '\xff\xff', @remote}, [0xffffffff, 0xff, 0xff000000], [0xff000000, 0xff000000, 0xff000000, 0xffffff00], 'syz_tun\x00', 'dummy0\x00', {}, {}, 0x70, 0x5c, 0x1}, 0x0, 0xa8, 0xd0}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xb}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@hl={{}, {0x1, 0x8}}]}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffc}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@inet=@SYNPROXY={0x28, 'SYNPROXY\x00', 0x0, {0x1b, 0x9, 0xfff}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x41f)

2.811746737s ago: executing program 3 (id=10587):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
ioprio_get$uid(0x3, 0x0)

2.598196424s ago: executing program 3 (id=10590):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x480, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xdc)

2.498234962s ago: executing program 0 (id=10591):
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x401, 0x0)
ioctl$LOOP_CLR_FD(r0, 0x1263)

2.407985929s ago: executing program 0 (id=10592):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@setlink={0x3c, 0x10, 0x401, 0xfffffffd, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4280, 0x48c00}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bond={{0x9}, {0x4}}}, @IFLA_MASTER={0x8, 0x3a}]}, 0x3c}}, 0x0)

2.232446903s ago: executing program 4 (id=10593):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$inet_buf(r0, 0x0, 0x29, &(0x7f0000000180)="55bb4b41704123096211899081e4cd3a52", 0x11)

2.158127139s ago: executing program 3 (id=10594):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_GET_MSRS_sys(r0, 0xc008ae88, &(0x7f0000000080)={0x2, 0x0, [{0x48a, 0x0, 0x10004}, {0x917, 0x0, 0x2}]})

1.825635796s ago: executing program 0 (id=10595):
r0 = syz_open_dev$radio(&(0x7f0000000040), 0x2, 0x2)
ioctl$VIDIOC_S_HW_FREQ_SEEK(r0, 0x40305652, &(0x7f00000000c0)={0x0, 0x1, 0x80, 0x0, 0x1e, 0x1002084, 0x65f4a})

1.672301328s ago: executing program 4 (id=10596):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)={0x2, 0x3, 0x0, 0x2, 0x10, 0x0, 0x0, 0x0, [@sadb_key={0x2, 0x8, 0x8, 0x0, "a3"}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @private2}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x9}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @empty}}]}, 0x80}, 0x1, 0x7}, 0x0)

1.560726566s ago: executing program 3 (id=10597):
r0 = socket$tipc(0x1e, 0x5, 0x0)
getsockopt$TIPC_DEST_DROPPABLE(r0, 0x10f, 0x81, 0xffffffffffffffff, &(0x7f0000000000)=0xc)

1.469364904s ago: executing program 2 (id=10598):
capset(&(0x7f0000000100)={0x20071026}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffffb})
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0x1, 0xbf27, 0x500}, 0x48)

1.359892103s ago: executing program 0 (id=10599):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x2, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x1b, 0x1, 0x0, "093d4a3b5b7bc69a21cfb7f5eaac46dbe89b13471a0488a6679f9a2102249341", 0x34524742})

1.01543496s ago: executing program 2 (id=10600):
r0 = socket$l2tp(0x2, 0x2, 0x73)
sendto$l2tp(r0, 0x0, 0x18, 0x0, &(0x7f00000000c0)={0x2, 0x0, @multicast1=0xe000006a}, 0x10)

959.549104ms ago: executing program 4 (id=10601):
r0 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)="580000001400192340834b80040d8c560a067fbc45ff810500000000000058000b480400945f6400947e570028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010005081000418e00000004fcff", 0x58}], 0x1)

927.438267ms ago: executing program 0 (id=10602):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f00000002c0), 0x800, 0x0)
ioctl$SOUND_MIXER_READ_DEVMASK(r0, 0x80044dfe, &(0x7f0000000300))

912.119248ms ago: executing program 3 (id=10603):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_LOOPBACK(r0, 0x65, 0x3, &(0x7f0000000180), 0x4)

552.554147ms ago: executing program 2 (id=10604):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000380)={0x0, 0x1}, 0x8)

234.156422ms ago: executing program 0 (id=10605):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x2, &(0x7f00000001c0)=@raw=[@call={0x85, 0x0, 0x0, 0x50}, @exit], &(0x7f0000000180)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x11}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x3}, 0x50)

192.179715ms ago: executing program 3 (id=10606):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x1f, 0xc, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x7}, [@call={0x85, 0x0, 0x0, 0x5}, @printk={@llu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)

125.49813ms ago: executing program 4 (id=10607):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0x10, 0x0, &(0x7f00000001c0)=0xb00)

0s ago: executing program 2 (id=10608):
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000180)='/sys/power/resume_offset', 0x2, 0x0)
sendfile(r0, r0, 0x0, 0x6)

kernel console output (not intermixed with test programs):

t: type=1326 audit(1756139792.256:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27485 comm="syz.0.9350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f41fe38d84a code=0x7ffc0000
[ 1340.237138][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1340.280044][T27498] netlink: 'syz.0.9356': attribute type 10 has an invalid length.
[ 1340.293984][   T28] audit: type=1326 audit(1756139792.256:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27485 comm="syz.0.9350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41fe38ebe9 code=0x7ffc0000
[ 1340.316095][T27498] netlink: 210880 bytes leftover after parsing attributes in process `syz.0.9356'.
[ 1340.331252][T12846] Bluetooth: hci0: unexpected event for opcode 0x0428
[ 1340.365333][   T28] audit: type=1326 audit(1756139792.256:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27485 comm="syz.0.9350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41fe38ebe9 code=0x7ffc0000
[ 1340.980628][T27519] netlink: 77 bytes leftover after parsing attributes in process `syz.3.9365'.
[ 1341.284629][T27531] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1341.811182][T27553] netlink: 4768 bytes leftover after parsing attributes in process `syz.0.9382'.
[ 1342.860627][T27590] (unnamed net_device) (uninitialized): option packets_per_slave: mode dependency failed, not supported in mode balance-tlb(5)
[ 1343.248171][T27602] netlink: 'syz.3.9405': attribute type 10 has an invalid length.
[ 1343.254865][T27576] loop1: detected capacity change from 0 to 32768
[ 1343.264065][T27602] netlink: 210880 bytes leftover after parsing attributes in process `syz.3.9405'.
[ 1343.282424][T27576] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.9400 (27576)
[ 1343.345314][T27576] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 1343.361785][T27576] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[ 1343.370953][T27576] BTRFS info (device loop1): using free space tree
[ 1343.507610][T27576] BTRFS info (device loop1): enabling ssd optimizations
[ 1343.537412][T27576] BTRFS info (device loop1): auto enabling async discard
[ 1343.782535][ T5787] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 1344.556773][T27643] loop3: detected capacity change from 0 to 1764
[ 1344.654061][T27646] loop0: detected capacity change from 0 to 4096
[ 1344.695762][T27646] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512).
[ 1344.823891][T27646] ntfs3: loop0: Mark volume as dirty due to NTFS errors
[ 1344.841906][T27646] ntfs3: loop0: Failed to load $Extend (-22).
[ 1344.869689][T27646] ntfs3: loop0: Failed to initialize $Extend.
[ 1345.598356][T27675] netlink: 'syz.1.9434': attribute type 2 has an invalid length.
[ 1345.653797][T27678] netlink: 288 bytes leftover after parsing attributes in process `syz.0.9436'.
[ 1345.841721][T27683] tmpfs: Bad value for 'mpol'
[ 1346.139114][T27660] loop3: detected capacity change from 0 to 32768
[ 1346.170634][T27692] netlink: 'syz.2.9443': attribute type 10 has an invalid length.
[ 1346.204864][T27692] netlink: 210880 bytes leftover after parsing attributes in process `syz.2.9443'.
[ 1346.215192][T27660] XFS (loop3): Mounting V5 Filesystem 6b3d8c96-b8b2-4f73-8344-2893082bca0b
[ 1346.518640][T27660] XFS (loop3): Ending clean mount
[ 1346.785543][T27717] netlink: 9 bytes leftover after parsing attributes in process `syz.2.9451'.
[ 1346.906678][ T5786] XFS (loop3): Unmounting Filesystem 6b3d8c96-b8b2-4f73-8344-2893082bca0b
[ 1347.014281][T27721] loop2: detected capacity change from 0 to 512
[ 1347.087934][T27721] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[ 1347.122507][T27721] ext4 filesystem being mounted at /2374/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1347.166610][T27721] Quota error (device loop2): do_check_range: Getting dqdh_next_free 4294967294 out of range 0-8
[ 1347.191042][T27721] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[ 1347.218000][T27721] EXT4-fs error (device loop2): ext4_acquire_dquot:6938: comm syz.2.9454: Failed to acquire dquot type 0
[ 1347.239720][T27728] netlink: 'syz.1.9456': attribute type 1 has an invalid length.
[ 1347.248249][T27710] loop0: detected capacity change from 0 to 32768
[ 1347.260858][T27710] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.9446 (27710)
[ 1347.292048][T27710] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 1347.314382][T27710] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 1347.337352][T27710] BTRFS info (device loop0): using free space tree
[ 1347.377262][ T5789] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[ 1347.585087][T27710] BTRFS info (device loop0): enabling ssd optimizations
[ 1347.592166][T27710] BTRFS info (device loop0): auto enabling async discard
[ 1347.816708][T27756] tmpfs: Bad value for 'mpol'
[ 1347.888665][ T5788] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 1348.182638][   T28] audit: type=1326 audit(1756139800.104:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27765 comm="syz.2.9468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f373a78ebe9 code=0x7ffc0000
[ 1348.274756][   T28] audit: type=1326 audit(1756139800.104:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27765 comm="syz.2.9468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f373a78ebe9 code=0x7ffc0000
[ 1348.419052][   T28] audit: type=1326 audit(1756139800.142:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27765 comm="syz.2.9468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7f373a78ebe9 code=0x7ffc0000
[ 1348.491554][   T28] audit: type=1326 audit(1756142378.150:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27765 comm="syz.2.9468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f373a78ebe9 code=0x7ffc0000
[ 1348.536819][ T5904] usb 1-1: new high-speed USB device number 62 using dummy_hcd
[ 1348.577068][   T28] audit: type=1326 audit(1756142378.150:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27765 comm="syz.2.9468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f373a78ebe9 code=0x7ffc0000
[ 1348.781346][ T5904] usb 1-1: Using ep0 maxpacket: 8
[ 1348.791513][ T5904] usb 1-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d
[ 1348.824000][ T5904] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1348.856809][ T5904] usb 1-1: Product: syz
[ 1348.861073][ T5904] usb 1-1: Manufacturer: syz
[ 1348.865816][ T5904] usb 1-1: SerialNumber: syz
[ 1348.961406][ T5904] usb 1-1: config 0 descriptor??
[ 1348.987953][ T5904] gspca_main: sonixj-2.14.0 probing 0c45:613e
[ 1349.442100][ T5904] gspca_sonixj: reg_r err -71
[ 1349.453740][ T5904] sonixj: probe of 1-1:0.0 failed with error -71
[ 1349.483060][ T5904] usb 1-1: USB disconnect, device number 62
[ 1349.588609][T27799] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[ 1349.684337][T27802] loop1: detected capacity change from 0 to 4096
[ 1349.706404][T27802] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512).
[ 1349.769741][T27802] ntfs3: loop1: Failed to initialize $Extend/$Reparse.
[ 1349.947694][ T5787] ntfs3: loop1: ino=1a, ntfs_sync_fs failed, -22.
[ 1349.954416][ T5787] ntfs3: loop1: Mark volume as dirty due to NTFS errors
[ 1350.103023][T27813] loop2: detected capacity change from 0 to 2048
[ 1350.162739][T27813] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024)
[ 1350.198468][T27819] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1350.254708][T27813] /dev/loop2: Can't open blockdev
[ 1350.749392][   T28] audit: type=1326 audit(1756142380.517:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27833 comm="syz.3.9498" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f750a38ebe9 code=0x7ffc0000
[ 1350.792644][   T28] audit: type=1326 audit(1756142380.517:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27833 comm="syz.3.9498" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f750a38ebe9 code=0x7ffc0000
[ 1350.823196][   T28] audit: type=1326 audit(1756142380.527:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27833 comm="syz.3.9498" exe="/root/syz-executor" sig=0 arch=c000003e syscall=274 compat=0 ip=0x7f750a38ebe9 code=0x7ffc0000
[ 1351.015330][T27844] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app
[ 1351.029431][T27845] loop3: detected capacity change from 0 to 256
[ 1351.182083][T27845] FAT-fs (loop3): Directory bread(block 64) failed
[ 1351.207541][T27845] FAT-fs (loop3): Directory bread(block 65) failed
[ 1351.214835][T27845] FAT-fs (loop3): Directory bread(block 66) failed
[ 1351.227617][T27845] FAT-fs (loop3): Directory bread(block 67) failed
[ 1351.239783][T27845] FAT-fs (loop3): Directory bread(block 68) failed
[ 1351.246424][T27845] FAT-fs (loop3): Directory bread(block 69) failed
[ 1351.258931][T27842] loop2: detected capacity change from 0 to 8192
[ 1351.280867][T27845] FAT-fs (loop3): Directory bread(block 70) failed
[ 1351.296862][T27842] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[ 1351.297091][T27845] FAT-fs (loop3): Directory bread(block 71) failed
[ 1351.317688][T27845] FAT-fs (loop3): Directory bread(block 72) failed
[ 1351.324588][T27845] FAT-fs (loop3): Directory bread(block 73) failed
[ 1351.355330][T27842] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal
[ 1351.378693][T27842] REISERFS (device loop2): using ordered data mode
[ 1351.385376][T27842] reiserfs: using flush barriers
[ 1351.421846][T27842] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[ 1351.496993][T27842] REISERFS (device loop2): checking transaction log (loop2)
[ 1351.896947][T27842] REISERFS (device loop2): Using tea hash to sort names
[ 1352.013980][T27867] tc_dump_action: action bad kind
[ 1352.119404][T27873] loop1: detected capacity change from 0 to 512
[ 1352.211823][T27873] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1352.269081][T27873] ext4 filesystem being mounted at /2438/bus supports timestamps until 2038-01-19 (0x7fffffff)
[ 1352.543504][T27888] loop3: detected capacity change from 0 to 128
[ 1352.570529][T27888] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[ 1352.625492][ T5787] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1352.671756][T27888] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 550)
[ 1352.719502][T27888] FAT-fs (loop3): Filesystem has been set read-only
[ 1352.737367][T27888] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 550)
[ 1352.750222][T27888] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 550)
[ 1352.768975][T27888] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 550)
[ 1352.787096][T27888] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 550)
[ 1352.797834][T27888] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 550)
[ 1352.837121][T27888] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 550)
[ 1352.883589][T27888] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 550)
[ 1352.903719][T27888] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 550)
[ 1352.947801][T27888] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 550)
[ 1352.982464][   T28] kauditd_printk_skb: 2 callbacks suppressed
[ 1352.982483][   T28] audit: type=1800 audit(1756142382.594:72): pid=27888 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.9519" name="file2" dev="loop3" ino=1048601 res=0 errno=0
[ 1353.006049][T27888] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF
[ 1353.078757][T27888] syz.3.9519 (27888) used greatest stack depth: 19952 bytes left
[ 1353.658968][T27922] netlink: 16 bytes leftover after parsing attributes in process `syz.1.9536'.
[ 1353.689825][T27922] netlink: 30 bytes leftover after parsing attributes in process `syz.1.9536'.
[ 1354.071662][T27932] loop2: detected capacity change from 0 to 256
[ 1354.148947][T27932] FAT-fs (loop2): Directory bread(block 64) failed
[ 1354.170877][T27932] FAT-fs (loop2): Directory bread(block 65) failed
[ 1354.206637][T27932] FAT-fs (loop2): Directory bread(block 66) failed
[ 1354.248015][T27918] loop3: detected capacity change from 0 to 32768
[ 1354.253931][T27932] FAT-fs (loop2): Directory bread(block 67) failed
[ 1354.268054][T27936] loop0: detected capacity change from 0 to 256
[ 1354.270745][T27932] FAT-fs (loop2): Directory bread(block 68) failed
[ 1354.316566][T27932] FAT-fs (loop2): Directory bread(block 69) failed
[ 1354.332825][T27936] FAT-fs (loop0): Directory bread(block 64) failed
[ 1354.350232][T27932] FAT-fs (loop2): Directory bread(block 70) failed
[ 1354.356354][T27936] FAT-fs (loop0): Directory bread(block 65) failed
[ 1354.371057][T27932] FAT-fs (loop2): Directory bread(block 71) failed
[ 1354.385641][T27936] FAT-fs (loop0): Directory bread(block 66) failed
[ 1354.392406][T27936] FAT-fs (loop0): Directory bread(block 67) failed
[ 1354.393181][T27932] FAT-fs (loop2): Directory bread(block 72) failed
[ 1354.424966][T27932] FAT-fs (loop2): Directory bread(block 73) failed
[ 1354.439214][T27936] FAT-fs (loop0): Directory bread(block 68) failed
[ 1354.453435][T27936] FAT-fs (loop0): Directory bread(block 69) failed
[ 1354.491434][T27936] FAT-fs (loop0): Directory bread(block 70) failed
[ 1354.541447][T27936] FAT-fs (loop0): Directory bread(block 71) failed
[ 1354.584777][T27936] FAT-fs (loop0): Directory bread(block 72) failed
[ 1354.627901][T27936] FAT-fs (loop0): Directory bread(block 73) failed
[ 1354.831695][T27944] loop1: detected capacity change from 0 to 512
[ 1354.842823][T27936] FAT-fs (loop0): Filesystem has been set read-only
[ 1354.873724][   T28] audit: type=1800 audit(1756142384.344:73): pid=27936 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.9544" name="cpu.stat" dev="loop0" ino=1048603 res=0 errno=0
[ 1354.924884][T27944] EXT4-fs error (device loop1): ext4_orphan_get:1425: comm syz.1.9547: bad orphan inode 15
[ 1354.933756][T27936] FAT-fs (loop0): error, invalid access to FAT (entry 0x00003861)
[ 1354.979270][   T28] audit: type=1326 audit(1756142384.419:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27947 comm="syz.2.9549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f373a78ebe9 code=0x7ffc0000
[ 1355.018934][T27944] ext4_test_bit(bit=14, block=5) = 0
[ 1355.033667][T27944] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1355.131865][   T28] audit: type=1326 audit(1756142384.419:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27947 comm="syz.2.9549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f373a78ebe9 code=0x7ffc0000
[ 1355.159613][T27944] EXT4-fs error (device loop1): __ext4_new_inode:1075: comm syz.1.9547: reserved inode found cleared - inode=1
[ 1355.241611][   T28] audit: type=1326 audit(1756142384.456:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27947 comm="syz.2.9549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=191 compat=0 ip=0x7f373a78ebe9 code=0x7ffc0000
[ 1355.312070][   T28] audit: type=1326 audit(1756142384.456:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27947 comm="syz.2.9549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f373a78ebe9 code=0x7ffc0000
[ 1355.382799][   T28] audit: type=1326 audit(1756142384.456:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27947 comm="syz.2.9549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f373a78ebe9 code=0x7ffc0000
[ 1355.438538][ T5787] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1355.560873][T27963] comedi comedi0: dt2815: I/O port conflict (0x3,2)
[ 1355.705492][T27968] netlink: 188 bytes leftover after parsing attributes in process `syz.1.9558'.
[ 1355.725186][   T28] audit: type=1326 audit(1756142385.167:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27967 comm="syz.2.9559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f373a78ebe9 code=0x7ffc0000
[ 1355.803713][   T28] audit: type=1326 audit(1756142385.186:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27967 comm="syz.2.9559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f373a78ebe9 code=0x7ffc0000
[ 1355.878718][   T28] audit: type=1326 audit(1756142385.204:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27967 comm="syz.2.9559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=160 compat=0 ip=0x7f373a78ebe9 code=0x7ffc0000
[ 1356.138232][T27984] loop0: detected capacity change from 0 to 16
[ 1356.173881][T27984] erofs: (device loop0): mounted with root inode @ nid 36.
[ 1356.230745][T27984] erofs: (device loop0): erofs_read_inode: bogus i_mode (0) @ nid 46
[ 1356.232966][T27987] sctp: [Deprecated]: syz.2.9568 (pid 27987) Use of int in maxseg socket option.
[ 1356.232966][T27987] Use struct sctp_assoc_value instead
[ 1356.924317][T28011] netlink: 'syz.2.9580': attribute type 3 has an invalid length.
[ 1356.933573][T28011] netlink: 156 bytes leftover after parsing attributes in process `syz.2.9580'.
[ 1357.083741][T28015] loop2: detected capacity change from 0 to 128
[ 1357.109042][T28015] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[ 1357.144708][T28017] nfs: Deprecated parameter 'nointr'
[ 1357.150483][T19954] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[ 1357.183490][T28015] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 550)
[ 1357.192539][T28015] FAT-fs (loop2): Filesystem has been set read-only
[ 1357.227056][T28015] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 550)
[ 1357.236275][T28015] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 550)
[ 1357.245900][T28015] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 550)
[ 1357.255419][T28015] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 550)
[ 1357.266611][T28015] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 550)
[ 1357.282432][T28015] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 550)
[ 1357.291349][T28015] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 550)
[ 1357.305415][T28015] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 550)
[ 1357.315463][T28015] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 550)
[ 1357.322414][T28003] loop0: detected capacity change from 0 to 32768
[ 1357.331327][T28015] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF
[ 1357.371180][T28003] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[ 1357.381703][T19954] usb 4-1: Using ep0 maxpacket: 32
[ 1357.395362][T19954] usb 4-1: config 0 has an invalid interface number: 108 but max is 0
[ 1357.404864][T19954] usb 4-1: config 0 has no interface number 0
[ 1357.411922][T19954] usb 4-1: config 0 interface 108 has no altsetting 0
[ 1357.426446][T19954] usb 4-1: New USB device found, idVendor=99fa, idProduct=8988, bcdDevice=65.cd
[ 1357.439667][T19954] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1357.448930][T19954] usb 4-1: Product: syz
[ 1357.453866][T19954] usb 4-1: Manufacturer: syz
[ 1357.459039][T19954] usb 4-1: SerialNumber: syz
[ 1357.476069][T19954] usb 4-1: config 0 descriptor??
[ 1357.485045][T19954] gspca_main: spca506-2.14.0 probing 99fa:8988
[ 1357.659304][ T5788] ocfs2: Unmounting device (7,0) on (node local)
[ 1357.950307][T19954] usb 4-1: USB disconnect, device number 42
[ 1358.061988][T28032] loop2: detected capacity change from 0 to 256
[ 1358.102792][T28032] FAT-fs (loop2): Directory bread(block 1285) failed
[ 1358.196245][T28032] FAT-fs (loop2): Directory bread(block 1285) failed
[ 1358.253520][T28032] FAT-fs (loop2): FAT read failed (blocknr 1281)
[ 1358.466134][T28041] netlink: 20 bytes leftover after parsing attributes in process `syz.2.9591'.
[ 1358.475648][T28041] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0
[ 1358.604857][T28047] loop0: detected capacity change from 0 to 512
[ 1358.680361][T28047] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1358.693534][T28047] ext4 filesystem being mounted at /2323/bus supports timestamps until 2038-01-19 (0x7fffffff)
[ 1358.816878][ T5788] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1358.822309][T28057] program syz.1.9598 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1358.832854][T28055] loop2: detected capacity change from 0 to 512
[ 1358.960333][T28055] EXT4-fs error (device loop2): ext4_do_update_inode:5230: inode #16: comm syz.2.9597: corrupted inode contents
[ 1358.991474][T28055] EXT4-fs error (device loop2): ext4_dirty_inode:6106: inode #16: comm syz.2.9597: mark_inode_dirty error
[ 1359.031091][T28055] EXT4-fs error (device loop2): ext4_do_update_inode:5230: inode #16: comm syz.2.9597: corrupted inode contents
[ 1359.068679][T28055] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #16: comm syz.2.9597: mark_inode_dirty error
[ 1359.102454][T28055] EXT4-fs error (device loop2): ext4_do_update_inode:5230: inode #16: comm syz.2.9597: corrupted inode contents
[ 1359.119792][T28055] EXT4-fs error (device loop2) in ext4_orphan_del:305: Corrupt filesystem
[ 1359.131871][T28055] EXT4-fs error (device loop2): ext4_do_update_inode:5230: inode #16: comm syz.2.9597: corrupted inode contents
[ 1359.147052][T28055] EXT4-fs error (device loop2): ext4_truncate:4288: inode #16: comm syz.2.9597: mark_inode_dirty error
[ 1359.164974][T28055] EXT4-fs error (device loop2) in ext4_process_orphan:347: Corrupt filesystem
[ 1359.222381][T28055] EXT4-fs (loop2): 1 truncate cleaned up
[ 1359.228932][ T2958] __quota_error: 3 callbacks suppressed
[ 1359.228950][ T2958] Quota error (device loop2): do_check_range: Getting dqdh_entries 15 out of range 0-14
[ 1359.250771][T28055] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1359.263537][ T2958] EXT4-fs error (device loop2): ext4_release_dquot:6974: comm kworker/u4:9: Failed to release dquot type 1
[ 1359.283773][T28055] ext4 filesystem being mounted at /2417/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1359.431247][ T5789] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1359.638155][T28081] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9608'.
[ 1360.030765][T28095] xt_connbytes: Forcing CT accounting to be enabled
[ 1360.079341][ T5842] usb 1-1: new full-speed USB device number 63 using dummy_hcd
[ 1360.319795][ T5842] usb 1-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[ 1360.335676][ T5842] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1360.355024][ T5842] usb 1-1: Product: syz
[ 1360.360740][ T5842] usb 1-1: Manufacturer: syz
[ 1360.365500][ T5842] usb 1-1: SerialNumber: syz
[ 1360.379627][ T5842] usb 1-1: config 0 descriptor??
[ 1360.392712][ T5842] gspca_main: stk1135-2.14.0 probing 174f:6a31
[ 1360.431892][T18307] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[ 1360.452260][T28089] loop2: detected capacity change from 0 to 32768
[ 1360.472311][T28089] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop2 scanned by syz.2.9612 (28089)
[ 1360.498369][T28089] BTRFS info (device loop2): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[ 1360.509658][T28089] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm
[ 1360.523382][T28089] BTRFS info (device loop2): using free space tree
[ 1360.565728][T28089] BTRFS info (device loop2): enabling ssd optimizations
[ 1360.573493][T28089] BTRFS info (device loop2): auto enabling async discard
[ 1360.641807][T18307] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1360.656998][T19954] usb 2-1: new high-speed USB device number 69 using dummy_hcd
[ 1360.675987][T18307] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1360.704076][T18307] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1360.724636][T18307] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67
[ 1360.752624][T18307] usb 4-1: SerialNumber: syz
[ 1360.797879][ T5789] BTRFS info (device loop2): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[ 1360.844807][ T5842] gspca_stk1135: reg_w 0x0 err -71
[ 1360.869584][ T5842] gspca_stk1135: serial bus timeout: status=0x00
[ 1360.880409][T19954] usb 2-1: config 0 has an invalid interface number: 216 but max is 0
[ 1360.899197][ T5842] gspca_stk1135: Sensor write failed
[ 1360.903788][T19954] usb 2-1: config 0 has no interface number 0
[ 1360.909314][ T5842] gspca_stk1135: serial bus timeout: status=0x00
[ 1360.921175][T19954] usb 2-1: config 0 interface 216 altsetting 4 bulk endpoint 0x8F has invalid maxpacket 64
[ 1360.942901][ T5842] gspca_stk1135: Sensor write failed
[ 1360.961737][ T5842] gspca_stk1135: serial bus timeout: status=0x00
[ 1360.966338][T19954] usb 2-1: config 0 interface 216 altsetting 4 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1360.990612][ T5842] gspca_stk1135: Sensor read failed
[ 1360.998398][T19954] usb 2-1: config 0 interface 216 has no altsetting 0
[ 1361.001588][ T5842] gspca_stk1135: serial bus timeout: status=0x00
[ 1361.018616][T19954] usb 2-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice=c1.2e
[ 1361.026971][T18307] usb 4-1: 0:2 : does not exist
[ 1361.034958][T19954] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1361.047642][ T5842] gspca_stk1135: Sensor read failed
[ 1361.069747][ T7072] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 10 /dev/loop2 scanned by udevd (7072)
[ 1361.086506][ T5842] gspca_stk1135: Detected sensor type unknown (0x0)
[ 1361.107003][ T5842] gspca_stk1135: serial bus timeout: status=0x00
[ 1361.112166][T19954] usb 2-1: config 0 descriptor??
[ 1361.118513][ T5842] gspca_stk1135: Sensor read failed
[ 1361.118552][ T5842] gspca_stk1135: serial bus timeout: status=0x00
[ 1361.140517][T28102] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[ 1361.152223][T19954] usb 2-1: NFC: intf ffff888018ed6000 id ffffffff8d63c3c0
[ 1361.164278][T18307] usb 4-1: USB disconnect, device number 43
[ 1361.170782][ T5842] gspca_stk1135: Sensor read failed
[ 1361.187189][ T5842] gspca_stk1135: serial bus timeout: status=0x00
[ 1361.205449][ T5842] gspca_stk1135: Sensor write failed
[ 1361.221761][ T5842] gspca_stk1135: serial bus timeout: status=0x00
[ 1361.243335][ T5842] gspca_stk1135: Sensor write failed
[ 1361.254230][ T5842] stk1135: probe of 1-1:0.0 failed with error -71
[ 1361.303228][ T5842] usb 1-1: USB disconnect, device number 63
[ 1361.459052][ T5904] usb 2-1: USB disconnect, device number 69
[ 1362.441411][T28157] Cannot find map_set index 0 as target
[ 1363.159702][T28182] loop3: detected capacity change from 0 to 512
[ 1363.173822][T28184] loop2: detected capacity change from 0 to 64
[ 1363.240894][T28182] EXT4-fs error (device loop3): ext4_do_update_inode:5230: inode #16: comm syz.3.9648: corrupted inode contents
[ 1363.243605][T28188] usb usb1: usbfs: process 28188 (syz.1.9649) did not claim interface 0 before use
[ 1363.284731][T28182] EXT4-fs error (device loop3): ext4_dirty_inode:6106: inode #16: comm syz.3.9648: mark_inode_dirty error
[ 1363.384216][T28182] EXT4-fs error (device loop3): ext4_do_update_inode:5230: inode #16: comm syz.3.9648: corrupted inode contents
[ 1363.435974][T28182] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #16: comm syz.3.9648: mark_inode_dirty error
[ 1363.479604][T28182] EXT4-fs error (device loop3): ext4_do_update_inode:5230: inode #16: comm syz.3.9648: corrupted inode contents
[ 1363.559730][T28182] EXT4-fs error (device loop3) in ext4_orphan_del:305: Corrupt filesystem
[ 1363.607484][T28182] EXT4-fs error (device loop3): ext4_do_update_inode:5230: inode #16: comm syz.3.9648: corrupted inode contents
[ 1363.641092][T28182] EXT4-fs error (device loop3): ext4_truncate:4288: inode #16: comm syz.3.9648: mark_inode_dirty error
[ 1363.682177][T28182] EXT4-fs error (device loop3) in ext4_process_orphan:347: Corrupt filesystem
[ 1363.761258][T28182] EXT4-fs (loop3): 1 truncate cleaned up
[ 1363.779863][T28182] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1363.783891][T10874] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14
[ 1363.820931][T28182] ext4 filesystem being mounted at /2401/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1363.831779][T10874] EXT4-fs error (device loop3): ext4_release_dquot:6974: comm kworker/u4:0: Failed to release dquot type 1
[ 1364.025237][ T5786] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1364.210017][T28212] loop2: detected capacity change from 0 to 256
[ 1364.227832][T28212] exfat: Deprecated parameter 'namecase'
[ 1364.233646][T28212] exfat: Deprecated parameter 'namecase'
[ 1364.262024][T28212] exfat: Deprecated parameter 'utf8'
[ 1364.282702][T28212] exFAT-fs (loop2): failed to load upcase table (idx : 0x00012366, chksum : 0xd06b6363, utbl_chksum : 0xe619d30d)
[ 1364.540755][T28202] loop0: detected capacity change from 0 to 32768
[ 1364.551984][T28202] BTRFS error: device /dev/loop0 already registered with a higher generation, found 8 expect 10
[ 1364.867437][ T5913] BTRFS error: device /dev/loop0 already registered with a higher generation, found 8 expect 10
[ 1365.167813][T28245] xt_l2tp: invalid flags combination: c
[ 1365.692224][T28264] loop0: detected capacity change from 0 to 256
[ 1365.719971][T28264] exFAT-fs (loop0): failed to load upcase table (idx : 0x00012c80, chksum : 0x0ff561db, utbl_chksum : 0xe619d30d)
[ 1366.412715][T28292] netlink: 'syz.0.9697': attribute type 2 has an invalid length.
[ 1366.431563][T28292] netlink: 'syz.0.9697': attribute type 8 has an invalid length.
[ 1366.461188][T28292] netlink: 32 bytes leftover after parsing attributes in process `syz.0.9697'.
[ 1366.720192][T28300] loop1: detected capacity change from 0 to 2048
[ 1366.752069][T28300] UDF-fs: error (device loop1): udf_process_sequence: Primary Volume Descriptor not found!
[ 1366.786160][T28300] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1366.865229][T28300] UDF-fs: error (device loop1): udf_verify_fi: directory (ino 1376) has entry at pos 0 with unaligned length of impUse field
[ 1367.213358][T28313] loop0: detected capacity change from 0 to 1024
[ 1367.235953][T28313] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945)
[ 1367.266344][T28313] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[ 1367.319109][T28313] EXT4-fs (loop0): revision level too high, forcing read-only mode
[ 1367.337087][T28313] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 1367.344497][T28313] EXT4-fs error (device loop0): ext4_read_inode_bitmap:168: comm syz.0.9707: Inode bitmap for bg 0 marked uninitialized
[ 1367.360248][T28313] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[ 1367.495321][T28313] EXT4-fs (loop0): ext4_remount: Checksum for group 0 failed (32298!=35945)
[ 1367.583882][T28325] exFAT-fs (nullb0): mounting with "discard" option, but the device does not support discard
[ 1367.617816][T28325] exFAT-fs (nullb0): invalid boot record signature
[ 1367.633206][T28329] xt_l2tp: invalid flags combination: c
[ 1367.637477][T28325] exFAT-fs (nullb0): failed to read boot sector
[ 1367.646402][T28325] exFAT-fs (nullb0): failed to recognize exfat type
[ 1367.655526][ T5788] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1367.833665][T28333] netlink: 52 bytes leftover after parsing attributes in process `syz.1.9719'.
[ 1367.859955][T28337] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9716'.
[ 1369.175289][T14511] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[ 1369.378350][T14511] usb 4-1: Using ep0 maxpacket: 16
[ 1369.389444][T14511] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 1369.400729][T14511] usb 4-1: config 1 has an invalid descriptor of length 14, skipping remainder of the config
[ 1369.423481][T28366] loop1: detected capacity change from 0 to 32768
[ 1369.431311][T14511] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 1369.456642][T14511] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1369.484172][T14511] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1369.503477][T14511] usb 4-1: Product: syz
[ 1369.508277][T14511] usb 4-1: Manufacturer: syz
[ 1369.513015][T14511] usb 4-1: SerialNumber: syz
[ 1369.537307][T28366] JBD2: Ignoring recovery information on journal
[ 1369.622841][T28366] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[ 1369.753954][T14511] cdc_ether 4-1:1.0: skipping garbage
[ 1369.767758][T14511] cdc_ether 4-1:1.0: skipping garbage
[ 1369.789573][T14511] cdc_ether 4-1:1.0: skipping garbage
[ 1369.811762][T14511] cdc_ether 4-1:1.0: skipping garbage
[ 1369.824823][T14511] cdc_ether 4-1:1.0: skipping garbage
[ 1369.841191][T14511] cdc_ether: probe of 4-1:1.0 failed with error -22
[ 1369.864587][T14511] usb 4-1: USB disconnect, device number 44
[ 1369.928078][ T5787] ocfs2: Unmounting device (7,1) on (node local)
[ 1370.225035][T28400] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9749'.
[ 1370.239529][T28400] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9749'.
[ 1370.743189][   T28] audit: type=1326 audit(1756142399.210:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28419 comm="syz.1.9757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52e4f8ebe9 code=0x7ffc0000
[ 1370.802280][   T28] audit: type=1326 audit(1756142399.210:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28419 comm="syz.1.9757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52e4f8ebe9 code=0x7ffc0000
[ 1370.884669][   T28] audit: type=1326 audit(1756142399.238:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28419 comm="syz.1.9757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=154 compat=0 ip=0x7f52e4f8ebe9 code=0x7ffc0000
[ 1370.920461][   T28] audit: type=1326 audit(1756142399.238:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28419 comm="syz.1.9757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52e4f8ebe9 code=0x7ffc0000
[ 1370.951454][   T28] audit: type=1326 audit(1756142399.238:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28419 comm="syz.1.9757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52e4f8ebe9 code=0x7ffc0000
[ 1371.601724][T28452] netlink: 'syz.3.9767': attribute type 58 has an invalid length.
[ 1371.980563][T28467] netlink: 164 bytes leftover after parsing attributes in process `syz.0.9775'.
[ 1372.582637][T28494] netlink: 236 bytes leftover after parsing attributes in process `syz.3.9788'.
[ 1372.606482][T19954] usb 2-1: new low-speed USB device number 70 using dummy_hcd
[ 1372.818903][T28504] loop2: detected capacity change from 0 to 2048
[ 1372.832381][T19954] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[ 1372.846525][T19954] usb 2-1: config 0 has no interface number 0
[ 1372.872091][T19954] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[ 1372.900114][T19954] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1372.922745][T28504] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1372.941473][T19954] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1372.973961][T19954] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1373.025591][T19954] usb 2-1: config 0 descriptor??
[ 1373.080951][T19954] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[ 1373.139695][ T5789] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1373.281933][T28484] iowarrior 2-1:0.1: Error -90 while submitting URB
[ 1373.305200][T19954] usb 2-1: USB disconnect, device number 70
[ 1373.736860][T28527] syz.3.9802: attempt to access beyond end of device
[ 1373.736860][T28527] nbd3: rw=0, sector=64, nr_sectors = 1 limit=0
[ 1373.750434][T28527] syz.3.9802: attempt to access beyond end of device
[ 1373.750434][T28527] nbd3: rw=0, sector=256, nr_sectors = 1 limit=0
[ 1373.764593][T28527] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[ 1373.775684][T28527] syz.3.9802: attempt to access beyond end of device
[ 1373.775684][T28527] nbd3: rw=0, sector=512, nr_sectors = 1 limit=0
[ 1373.793936][T28527] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[ 1373.809085][T28527] syz.3.9802: attempt to access beyond end of device
[ 1373.809085][T28527] nbd3: rw=0, sector=64, nr_sectors = 2 limit=0
[ 1373.826367][T28527] syz.3.9802: attempt to access beyond end of device
[ 1373.826367][T28527] nbd3: rw=0, sector=512, nr_sectors = 2 limit=0
[ 1373.841475][T28527] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[ 1373.851512][T28527] syz.3.9802: attempt to access beyond end of device
[ 1373.851512][T28527] nbd3: rw=0, sector=1024, nr_sectors = 2 limit=0
[ 1373.866239][T28527] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[ 1373.876601][T28527] syz.3.9802: attempt to access beyond end of device
[ 1373.876601][T28527] nbd3: rw=0, sector=64, nr_sectors = 4 limit=0
[ 1373.903505][T28527] syz.3.9802: attempt to access beyond end of device
[ 1373.903505][T28527] nbd3: rw=0, sector=1024, nr_sectors = 4 limit=0
[ 1373.916963][T28527] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[ 1373.942595][T28527] syz.3.9802: attempt to access beyond end of device
[ 1373.942595][T28527] nbd3: rw=0, sector=2048, nr_sectors = 4 limit=0
[ 1373.981313][T28527] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[ 1373.996657][T28527] syz.3.9802: attempt to access beyond end of device
[ 1373.996657][T28527] nbd3: rw=0, sector=64, nr_sectors = 8 limit=0
[ 1374.014400][T28527] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[ 1374.025968][T28527] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[ 1374.038613][T28527] UDF-fs: warning (device nbd3): udf_fill_super: No partition found (1)
[ 1374.436740][T28538] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1374.622960][T28523] loop2: detected capacity change from 0 to 65536
[ 1374.735254][T28523] XFS (loop2): Mounting V5 Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[ 1374.803772][T28553] i2c i2c-0: Invalid block write size 252
[ 1374.922846][T28523] XFS (loop2): Ending clean mount
[ 1375.081538][ T5789] XFS (loop2): Unmounting Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[ 1376.458967][T28609] bond0: option ad_select: unable to set because the bond device is up
[ 1376.545612][T28611] bond3: entered promiscuous mode
[ 1376.551356][T28611] bond3: entered allmulticast mode
[ 1376.998813][T28631] tmpfs: Bad value for 'mpol'
[ 1377.187365][T28638] 9pnet: Found fid 0 not clunked
[ 1377.206537][T28641] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9852'.
[ 1378.158354][T28674] sctp: [Deprecated]: syz.0.9867 (pid 28674) Use of int in maxseg socket option.
[ 1378.158354][T28674] Use struct sctp_assoc_value instead
[ 1378.278950][T28678] loop2: detected capacity change from 0 to 2048
[ 1378.329427][T28678] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024)
[ 1378.407919][T28680] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1378.478792][T28678] NILFS (loop2): I/O error reading meta-data file (ino=6, block-offset=0)
[ 1378.557828][T28665] loop1: detected capacity change from 0 to 32768
[ 1378.609424][T28665] (syz.1.9863,28665,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[ 1378.629879][T28665] (syz.1.9863,28665,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[ 1378.688556][T28683] xt_l2tp: invalid flags combination: 0
[ 1378.737854][T28665] JBD2: Ignoring recovery information on journal
[ 1378.875040][T28665] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[ 1378.899327][T28668] loop3: detected capacity change from 0 to 32768
[ 1378.952610][T28668] jfs_lookup: iget failed on inum 32
[ 1378.989499][T28668] jfs_lookup: iget failed on inum 32
[ 1379.164762][T28695] 9pnet: Found fid 0 not clunked
[ 1379.301514][ T5787] ocfs2: Unmounting device (7,1) on (node local)
[ 1379.754630][T28709] netlink: 40 bytes leftover after parsing attributes in process `syz.2.9884'.
[ 1380.383460][T28735] netlink: 20 bytes leftover after parsing attributes in process `syz.1.9895'.
[ 1380.550299][T28740] netlink: 28 bytes leftover after parsing attributes in process `syz.3.9899'.
[ 1380.574119][T28740] netlink: 28 bytes leftover after parsing attributes in process `syz.3.9899'.
[ 1380.617850][T28744] IPVS: sync thread started: state = MASTER, mcast_ifn = geneve0, syncid = 10802, id = 0
[ 1380.918300][T28752] loop1: detected capacity change from 0 to 4096
[ 1380.965470][T28752] ntfs3: loop1: It is recommened to use chkdsk.
[ 1381.013509][T28752] ntfs3: loop1: try to read out of volume at offset 0x3fffffc0c00
[ 1381.049333][T28752] ntfs3: loop1: try to read out of volume at offset 0x3fffffc0c00
[ 1381.072023][T28752] ntfs3: loop1: try to read out of volume at offset 0x3fffffc0c00
[ 1381.098036][T28752] ntfs3: loop1: try to read out of volume at offset 0x3fffffc0c00
[ 1381.135827][T28752] ntfs3: loop1: try to read out of volume at offset 0x3fffffc1c00
[ 1381.144505][T28752] ntfs3: loop1: try to read out of volume at offset 0x3fffffc2c00
[ 1381.199950][T28752] ntfs3: loop1: try to read out of volume at offset 0x3fffffc4c00
[ 1381.207998][T28752] ntfs3: loop1: try to read out of volume at offset 0x3fffffc8c00
[ 1381.242024][T28752] ntfs3: loop1: try to read out of volume at offset 0x3fffffd0c00
[ 1381.905568][T19954] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[ 1381.988214][T28787] loop0: detected capacity change from 0 to 1024
[ 1382.081998][T28787] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1382.129917][T19954] usb 4-1: Using ep0 maxpacket: 32
[ 1382.143361][T19954] usb 4-1: config 0 has an invalid interface number: 89 but max is 0
[ 1382.194530][T19954] usb 4-1: config 0 has no interface number 0
[ 1382.237257][T19954] usb 4-1: config 0 interface 89 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1382.273464][T28787] EXT4-fs warning (device loop0): empty_inline_dir:1838: bad inline directory (dir #12) - no `..'
[ 1382.297312][T19954] usb 4-1: config 0 interface 89 has no altsetting 0
[ 1382.314098][T19954] usb 4-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[ 1382.329627][T19954] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[ 1382.355991][T19954] usb 4-1: Product: syz
[ 1382.360326][T19954] usb 4-1: Manufacturer: syz
[ 1382.372729][T19954] usb 4-1: SerialNumber: syz
[ 1382.398259][T19954] usb 4-1: config 0 descriptor??
[ 1382.422251][T19954] em28xx 4-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[ 1382.465748][ T5788] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1382.467063][T19954] em28xx 4-1:0.89: Video interface 89 found:
[ 1382.675121][T28808] netlink: 16 bytes leftover after parsing attributes in process `syz.2.9931'.
[ 1382.707941][T28810] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.9932'.
[ 1382.884447][ T1278] ieee802154 phy0 wpan0: encryption failed: -22
[ 1382.894783][ T1278] ieee802154 phy1 wpan1: encryption failed: -22
[ 1382.964837][T19954] em28xx 4-1:0.89: unknown em28xx chip ID (0)
[ 1383.076184][T19954] em28xx 4-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[ 1383.096413][T19954] em28xx 4-1:0.89: board has no eeprom
[ 1383.188118][T19954] em28xx 4-1:0.89: Identified as Terratec Grabby (card=67)
[ 1383.195593][T19954] em28xx 4-1:0.89: analog set to bulk mode.
[ 1383.226891][T14511] em28xx 4-1:0.89: Registering V4L2 extension
[ 1383.241783][T19954] usb 4-1: USB disconnect, device number 45
[ 1383.262549][T19954] em28xx 4-1:0.89: Disconnecting em28xx
[ 1383.395805][T14511] em28xx 4-1:0.89: Config register raw data: 0xffffffed
[ 1383.412484][T14511] em28xx 4-1:0.89: AC97 chip type couldn't be determined
[ 1383.433970][T14511] em28xx 4-1:0.89: No AC97 audio processor
[ 1383.443936][T14511] usb 4-1: Decoder not found
[ 1383.466075][T14511] em28xx 4-1:0.89: failed to create media graph
[ 1383.472895][T14511] em28xx 4-1:0.89: V4L2 device video103 deregistered
[ 1383.521247][T14511] em28xx 4-1:0.89: Registering snapshot button...
[ 1383.541893][T28828] loop2: detected capacity change from 0 to 256
[ 1383.563989][T28828] exfat: Deprecated parameter 'namecase'
[ 1383.567441][T14511] input: em28xx snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.89/input/input77
[ 1383.569886][T28828] exfat: Deprecated parameter 'utf8'
[ 1383.643583][T28812] loop0: detected capacity change from 0 to 32768
[ 1383.663016][T14511] em28xx 4-1:0.89: Remote control support is not available for this card.
[ 1383.684304][T28828] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d)
[ 1383.705458][T19954] em28xx 4-1:0.89: Closing input extension
[ 1383.713630][T19954] em28xx 4-1:0.89: Deregistering snapshot button
[ 1383.724698][T28812] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.9933 (28812)
[ 1383.769057][T28828] tmpfs: Bad value for 'grpquota_block_hardlimit'
[ 1383.800872][T28812] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1383.828927][T28812] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 1383.848451][T19954] em28xx 4-1:0.89: Freeing device
[ 1383.861519][T28812] BTRFS info (device loop0): using free space tree
[ 1384.065027][T28812] BTRFS info (device loop0): enabling ssd optimizations
[ 1384.072253][T28812] BTRFS info (device loop0): auto enabling async discard
[ 1384.297954][ T5788] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1384.421019][T28821] loop1: detected capacity change from 0 to 32768
[ 1384.548460][T28821] XFS (loop1): Mounting V5 Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4
[ 1384.609048][T28862] netlink: 'syz.0.9944': attribute type 10 has an invalid length.
[ 1384.712275][T28862] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1384.789540][T28862] bond0: (slave batadv0): Enslaving as an active interface with an up link
[ 1384.836763][T28869] netlink: 'syz.2.9947': attribute type 10 has an invalid length.
[ 1384.853095][T13941] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 9 /dev/loop0 scanned by udevd (13941)
[ 1384.876841][T28869] netlink: 40 bytes leftover after parsing attributes in process `syz.2.9947'.
[ 1384.960842][T28869] batman_adv: batadv0: Adding interface: virt_wifi0
[ 1384.974767][T28869] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1385.049128][T28869] batman_adv: batadv0: Interface activated: virt_wifi0
[ 1385.111647][T28821] XFS (loop1): Starting recovery (logdev: internal)
[ 1385.233311][T28821] XFS (loop1): Ending recovery (logdev: internal)
[ 1385.245850][T28877] loop3: detected capacity change from 0 to 2048
[ 1385.309788][T28877] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024)
[ 1385.368071][T28877] bio_check_eod: 4 callbacks suppressed
[ 1385.368091][T28877] syz.3.9950: attempt to access beyond end of device
[ 1385.368091][T28877] loop3: rw=524288, sector=33554430, nr_sectors = 2 limit=2048
[ 1385.392192][T28882] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1385.502610][ T5787] XFS (loop1): Unmounting Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4
[ 1385.565869][T28877] syz.3.9950: attempt to access beyond end of device
[ 1385.565869][T28877] loop3: rw=0, sector=9437254, nr_sectors = 2 limit=2048
[ 1385.630536][T28877] NILFS (loop3): I/O error reading meta-data file (ino=6, block-offset=0)
[ 1386.174647][T28898] netlink: 32 bytes leftover after parsing attributes in process `syz.1.9954'.
[ 1386.347655][T28903] netlink: 28 bytes leftover after parsing attributes in process `syz.0.9962'.
[ 1386.348984][T28906] loop3: detected capacity change from 0 to 8
[ 1386.787739][T28922] netlink: 'syz.0.9972': attribute type 29 has an invalid length.
[ 1386.814187][T28924] netdevsim netdevsim2 ªªªªªª: renamed from netdevsim0 (while UP)
[ 1386.907341][T28928] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9975'.
[ 1387.028676][   T28] audit: type=1326 audit(1756142414.450:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28929 comm="syz.1.9976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52e4f8ebe9 code=0x7ffc0000
[ 1387.064088][T14511] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[ 1387.077537][T28933] netlink: 16 bytes leftover after parsing attributes in process `syz.0.9978'.
[ 1387.094761][   T28] audit: type=1326 audit(1756142414.450:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28929 comm="syz.1.9976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52e4f8ebe9 code=0x7ffc0000
[ 1387.147000][   T28] audit: type=1326 audit(1756142414.497:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28929 comm="syz.1.9976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=296 compat=0 ip=0x7f52e4f8ebe9 code=0x7ffc0000
[ 1387.232026][   T28] audit: type=1326 audit(1756142414.497:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28929 comm="syz.1.9976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52e4f8ebe9 code=0x7ffc0000
[ 1387.297210][   T28] audit: type=1326 audit(1756142414.497:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28929 comm="syz.1.9976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52e4f8ebe9 code=0x7ffc0000
[ 1387.297218][T14511] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1387.297251][T14511] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1387.391516][T14511] usb 4-1: config 0 descriptor??
[ 1387.404614][T14511] cp210x 4-1:0.0: cp210x converter detected
[ 1387.513650][T28944] netlink: 'syz.1.9982': attribute type 10 has an invalid length.
[ 1387.528350][T28944] netlink: 40 bytes leftover after parsing attributes in process `syz.1.9982'.
[ 1387.551357][T28944] batman_adv: batadv0: Adding interface: virt_wifi0
[ 1387.558108][T28944] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1387.609071][T28944] batman_adv: batadv0: Interface activated: virt_wifi0
[ 1387.818605][T28952] loop1: detected capacity change from 0 to 2048
[ 1387.858258][T28952] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024)
[ 1387.877756][T14511] usb 4-1: cp210x converter now attached to ttyUSB0
[ 1387.904835][T14511] usb 4-1: USB disconnect, device number 46
[ 1387.920136][T28955] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1387.924351][T28952] syz.1.9986: attempt to access beyond end of device
[ 1387.924351][T28952] loop1: rw=524288, sector=33554430, nr_sectors = 2 limit=2048
[ 1387.936081][T14511] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 1388.023992][T14511] cp210x 4-1:0.0: device disconnected
[ 1388.139484][T28952] syz.1.9986: attempt to access beyond end of device
[ 1388.139484][T28952] loop1: rw=0, sector=9437254, nr_sectors = 2 limit=2048
[ 1388.197398][T28952] NILFS (loop1): I/O error reading meta-data file (ino=6, block-offset=0)
[ 1388.363072][T28965] netlink: 'syz.0.9993': attribute type 75 has an invalid length.
[ 1388.499388][T28969] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9995'.
[ 1388.624061][T28973] ip6erspan0: entered promiscuous mode
[ 1389.008844][T28988] warning: `syz.3.10004' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[ 1389.027526][T28990] netlink: 'syz.0.10003': attribute type 1 has an invalid length.
[ 1389.045006][T28990] netlink: 232 bytes leftover after parsing attributes in process `syz.0.10003'.
[ 1389.559391][T29011] binfmt_misc: register: failed to install interpreter file ./bus
[ 1389.595536][T29013] netdevsim netdevsim1 ªªªªªª: renamed from netdevsim0 (while UP)
[ 1389.601220][T29015] netlink: 'syz.3.10018': attribute type 1 has an invalid length.
[ 1389.729573][    T9] usb 3-1: new high-speed USB device number 73 using dummy_hcd
[ 1389.932596][    T9] usb 3-1: Using ep0 maxpacket: 32
[ 1389.941145][    T9] usb 3-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64
[ 1389.956885][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1389.983751][    T9] usb 3-1: config 0 descriptor??
[ 1390.010434][    T9] as10x_usb: device has been detected
[ 1390.026438][    T9] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle)
[ 1390.104215][    T9] usb 3-1: DVB: registering adapter 3 frontend 0 (nBox DVB-T Dongle)...
[ 1390.121128][    T9] as10x_usb: error during firmware upload part1
[ 1390.157635][    T9] Registered device nBox DVB-T Dongle
[ 1390.214371][T29035] netlink: 'syz.1.10028': attribute type 10 has an invalid length.
[ 1390.286065][T29035] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1390.311484][    T9] usb 3-1: USB disconnect, device number 73
[ 1390.314866][T29035] bond0: (slave batadv0): Enslaving as an active interface with an up link
[ 1390.358745][    T9] Unregistered device nBox DVB-T Dongle
[ 1390.369619][    T9] as10x_usb: device has been disconnected
[ 1390.507559][T29039] loop3: detected capacity change from 0 to 512
[ 1390.553392][T29039] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem
[ 1390.597523][T29039] EXT4-fs (loop3): orphan cleanup on readonly fs
[ 1390.604542][T29039] EXT4-fs error (device loop3): ext4_orphan_get:1399: inode #15: comm syz.3.10030: iget: bad i_size value: 360287970189639680
[ 1390.626109][T29039] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.10030: couldn't read orphan inode 15 (err -117)
[ 1390.641288][T29039] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[ 1390.775123][ T5786] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1390.912504][T29052] netlink: 20 bytes leftover after parsing attributes in process `syz.0.10036'.
[ 1390.923978][T29052] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10036'.
[ 1391.055120][    T9] usb 2-1: new low-speed USB device number 71 using dummy_hcd
[ 1391.081988][T29056] loop0: detected capacity change from 0 to 256
[ 1391.111586][T29058] mmap: syz.2.10039 (29058): VmData 37462016 exceed data ulimit 2. Update limits or use boot option ignore_rlimit_data.
[ 1391.151631][T29056] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xd67973f8, utbl_chksum : 0xe619d30d)
[ 1391.246184][T29056] exFAT-fs (loop0): error, found bogus dentry(12) beyond unused empty group(11) (start_clu : 5, cur_clu : 5)
[ 1391.274379][T29056] exFAT-fs (loop0): Filesystem has been set read-only
[ 1391.290659][    T9] usb 2-1: config index 0 descriptor too short (expected 1307, got 27)
[ 1391.299297][    T9] usb 2-1: config 0 has an invalid interface number: 0 but max is -1
[ 1391.318810][    T9] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 0
[ 1391.332776][    T9] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30
[ 1391.359305][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt
[ 1391.380401][    T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246
[ 1391.426259][    T9] usb 2-1: string descriptor 0 read error: -22
[ 1391.435093][    T9] usb 2-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de
[ 1391.445541][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1391.464690][    T9] usb 2-1: config 0 descriptor??
[ 1391.471517][T29048] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1391.482013][    T9] hub 2-1:0.0: bad descriptor, ignoring hub
[ 1391.493068][    T9] hub: probe of 2-1:0.0 failed with error -5
[ 1391.514895][    T9] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input78
[ 1391.546581][ T5842] usb 3-1: new high-speed USB device number 74 using dummy_hcd
[ 1391.566481][    C0] usb_acecad 2-1:0.0: can't resubmit intr, dummy_hcd.1-1/input0, status -1
[ 1391.757817][ T5842] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[ 1391.785811][ T5842] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[ 1391.809465][ T5842] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[ 1391.818055][    T9] usb 2-1: USB disconnect, device number 71
[ 1391.829185][ T5842] usb 3-1: New USB device found, idVendor=07c9, idProduct=0012, bcdDevice=c2.f4
[ 1391.848491][ T5842] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1391.861709][ T5842] usb 3-1: Product: syz
[ 1391.866593][ T5842] usb 3-1: Manufacturer: syz
[ 1391.871933][ T5842] usb 3-1: SerialNumber: syz
[ 1391.884841][ T5842] usb 3-1: config 0 descriptor??
[ 1391.998906][T29060] loop3: detected capacity change from 0 to 32768
[ 1392.016283][T29060] BTRFS error: device /dev/loop3 already registered with a higher generation, found 8 expect 9
[ 1392.118858][ T5913] BTRFS error: device /dev/loop3 already registered with a higher generation, found 8 expect 9
[ 1392.178691][ T5842] usb 3-1: USB disconnect, device number 74
[ 1392.253778][T29074] ip6erspan0: entered promiscuous mode
[ 1392.720588][T29087] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic
[ 1392.863103][T29094] netlink: 'syz.3.10055': attribute type 27 has an invalid length.
[ 1393.391007][T29115] QAT: Stopping all acceleration devices.
[ 1393.965900][T29135] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10074'.
[ 1394.297365][T29147] loop1: detected capacity change from 0 to 256
[ 1394.336510][T29147] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x987a2e96, utbl_chksum : 0xe619d30d)
[ 1395.149076][ T5842] usb 1-1: new high-speed USB device number 64 using dummy_hcd
[ 1395.351750][ T5842] usb 1-1: Using ep0 maxpacket: 16
[ 1395.371883][ T5842] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[ 1395.371917][ T5842] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1395.371938][ T5842] usb 1-1: Product: syz
[ 1395.371953][ T5842] usb 1-1: Manufacturer: syz
[ 1395.371969][ T5842] usb 1-1: SerialNumber: syz
[ 1395.375320][ T5842] r8152-cfgselector 1-1: config 0 descriptor??
[ 1395.825751][ T5842] r8152-cfgselector 1-1: Unknown version 0x0000
[ 1395.848097][ T5842] r8152-cfgselector 1-1: USB disconnect, device number 64
[ 1396.316033][T29220] netlink: 'syz.3.10115': attribute type 2 has an invalid length.
[ 1396.365418][T29220] netlink: 'syz.3.10115': attribute type 1 has an invalid length.
[ 1396.891114][T14511] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[ 1396.953636][T29218] loop2: detected capacity change from 0 to 32768
[ 1397.067545][T29218] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1397.118390][T14511] usb 4-1: New USB device found, idVendor=1d50, idProduct=6089, bcdDevice=d0.1d
[ 1397.161447][T14511] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1397.202058][T14511] usb 4-1: config 0 descriptor??
[ 1397.485073][T29218] XFS (loop2): Ending clean mount
[ 1397.502074][T29218] XFS (loop2): Quotacheck needed: Please wait.
[ 1397.633835][T29218] XFS (loop2): Quotacheck: Done.
[ 1397.650411][T14511] hackrf 4-1:0.0: usb_control_msg() failed -71 request 0f
[ 1397.658740][T14511] hackrf 4-1:0.0: Could not detect board
[ 1397.669615][T14511] hackrf: probe of 4-1:0.0 failed with error -71
[ 1397.682779][T14511] usb 4-1: USB disconnect, device number 47
[ 1397.918566][ T5789] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1398.476349][   T27] usb 1-1: new low-speed USB device number 65 using dummy_hcd
[ 1398.701068][T29288] comedi comedi3: Minor 20263 is invalid!
[ 1398.709196][   T27] usb 1-1: config index 0 descriptor too short (expected 1307, got 27)
[ 1398.732927][   T27] usb 1-1: config 0 has an invalid interface number: 0 but max is -1
[ 1398.752385][T29290] (unnamed net_device) (uninitialized): option downdelay: invalid value (18446744073709551609)
[ 1398.772888][   T27] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 0
[ 1398.782089][   T27] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30
[ 1398.798608][T29290] (unnamed net_device) (uninitialized): option downdelay: allowed values 0 - 2147483647
[ 1398.830325][   T27] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt
[ 1398.860191][   T27] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246
[ 1398.904794][   T27] usb 1-1: string descriptor 0 read error: -22
[ 1398.930069][   T27] usb 1-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de
[ 1398.964405][   T27] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1398.991292][   T27] usb 1-1: config 0 descriptor??
[ 1399.012371][T29272] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1399.046187][   T27] hub 1-1:0.0: bad descriptor, ignoring hub
[ 1399.066207][   T27] hub: probe of 1-1:0.0 failed with error -5
[ 1399.085803][   T27] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input79
[ 1399.155591][T29303] loop1: detected capacity change from 0 to 1024
[ 1399.251027][T29305] xt_l2tp: unknown flags: 17
[ 1399.286028][T29303] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1399.630066][    T9] usb 1-1: USB disconnect, device number 65
[ 1399.665717][ T5787] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1399.800344][T29316] loop2: detected capacity change from 0 to 1024
[ 1400.017672][  T168] hfsplus: b-tree write err: -5, ino 4
[ 1400.668037][T29341] loop1: detected capacity change from 0 to 1024
[ 1400.718501][T29341] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1400.805878][T29341] EXT4-fs error (device loop1): ext4_get_first_dir_block:3595: inode #11: comm syz.1.10166: directory missing '.'
[ 1400.932063][T29341] EXT4-fs (loop1): Remounting filesystem read-only
[ 1401.049771][ T5787] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1401.262929][T29363] AppArmor: change_hat: Invalid input 'ˆ'
[ 1401.493871][T29370] mac80211_hwsim hwsim6 wlan0: entered promiscuous mode
[ 1401.542045][T29370] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[ 1403.382264][T29441] loop1: detected capacity change from 0 to 4096
[ 1403.400291][ T5904] usb 4-1: new low-speed USB device number 48 using dummy_hcd
[ 1403.632489][ T5904] usb 4-1: config index 0 descriptor too short (expected 1307, got 27)
[ 1403.657486][ T5904] usb 4-1: config 0 has an invalid interface number: 0 but max is -1
[ 1403.666355][ T5904] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 0
[ 1403.680377][T29453] netlink: 12 bytes leftover after parsing attributes in process `syz.1.10222'.
[ 1403.689031][ T5904] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30
[ 1403.706970][ T5904] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt
[ 1403.717643][T29453] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10222'.
[ 1403.756785][ T5904] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246
[ 1403.818629][ T5904] usb 4-1: string descriptor 0 read error: -22
[ 1403.825223][ T5904] usb 4-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de
[ 1403.859776][ T5904] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1403.892885][ T5904] usb 4-1: config 0 descriptor??
[ 1403.903091][T29433] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1403.925069][ T5904] hub 4-1:0.0: bad descriptor, ignoring hub
[ 1403.931298][ T5904] hub: probe of 4-1:0.0 failed with error -5
[ 1403.976621][ T5904] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input80
[ 1404.325083][ T5904] usb 4-1: USB disconnect, device number 48
[ 1404.854041][T29483] syz.1.10236 (29483): drop_caches: 0
[ 1405.059587][T29487] netlink: 8 bytes leftover after parsing attributes in process `syz.2.10238'.
[ 1405.297584][T29475] loop0: detected capacity change from 0 to 32768
[ 1405.344261][T29475] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1405.641749][T29475] XFS (loop0): Ending clean mount
[ 1405.698581][ T5842] usb 4-1: new high-speed USB device number 49 using dummy_hcd
[ 1405.775153][ T5788] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1405.926959][ T5842] usb 4-1: config 0 has an invalid interface number: 50 but max is 0
[ 1405.940349][ T5842] usb 4-1: config 0 has no interface number 0
[ 1405.964075][ T5842] usb 4-1: config 0 interface 50 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1405.995093][ T5842] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc
[ 1406.009264][ T5842] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1406.031126][ T5842] usb 4-1: Product: syz
[ 1406.035469][ T5842] usb 4-1: Manufacturer: syz
[ 1406.040821][ T5842] usb 4-1: SerialNumber: syz
[ 1406.049498][ T5842] usb 4-1: config 0 descriptor??
[ 1406.066663][ T5842] yurex 4-1:0.50: USB YUREX device now attached to Yurex #0
[ 1406.079059][T29523] Cannot find add_set index 3 as target
[ 1406.537251][T29536] syz.2.10258 uses obsolete (PF_INET,SOCK_PACKET)
[ 1406.570443][   T27] usb 4-1: USB disconnect, device number 49
[ 1406.601299][   T27] yurex 4-1:0.50: USB YUREX #0 now disconnected
[ 1406.806888][   T28] audit: type=1800 audit(1756142432.956:95): pid=29531 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz.1.10256" name="/" dev="sockfs" ino=72124 res=0 errno=0
[ 1406.970363][T29546] netlink: 'syz.1.10262': attribute type 1 has an invalid length.
[ 1406.989569][T29546] netlink: 224 bytes leftover after parsing attributes in process `syz.1.10262'.
[ 1407.148341][T29534] loop0: detected capacity change from 0 to 32768
[ 1407.161802][T29534] (syz.0.10257,29534,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[ 1407.192691][T29534] (syz.0.10257,29534,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[ 1407.302779][T29534] JBD2: Ignoring recovery information on journal
[ 1407.457367][T29534] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[ 1407.467181][T29560] netlink: 32 bytes leftover after parsing attributes in process `syz.1.10268'.
[ 1407.733145][ T5788] ocfs2: Unmounting device (7,0) on (node local)
[ 1408.134173][T29576] loop2: detected capacity change from 0 to 512
[ 1408.206074][T29576] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1408.264913][T29576] ext4 filesystem being mounted at /2604/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1408.371998][ T5789] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1408.407886][T29587] netlink: 36 bytes leftover after parsing attributes in process `syz.3.10280'.
[ 1408.435724][T29587] netlink: 12 bytes leftover after parsing attributes in process `syz.3.10280'.
[ 1408.444981][T29587] netlink: 16 bytes leftover after parsing attributes in process `syz.3.10280'.
[ 1408.657095][T29597] loop2: detected capacity change from 0 to 512
[ 1408.684575][T29597] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[ 1408.765288][T29597] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1408.822038][T29597] ext4 filesystem being mounted at /2605/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1409.003268][T29597] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #15: comm syz.2.10281: corrupted xattr block 32: bad e_name length
[ 1409.209481][ T5789] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1409.587664][T29631] loop3: detected capacity change from 0 to 2048
[ 1409.656854][T29631] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1409.675267][T29635] loop1: detected capacity change from 0 to 8
[ 1410.026879][T29643] netlink: 'syz.1.10307': attribute type 22 has an invalid length.
[ 1410.185959][T29647] tmpfs: Group quota inode hardlimit too large.
[ 1410.264647][T29651] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10311'.
[ 1410.433992][T29653] netlink: 12 bytes leftover after parsing attributes in process `syz.2.10312'.
[ 1410.443557][T29653] netlink: 68 bytes leftover after parsing attributes in process `syz.2.10312'.
[ 1410.454791][T29653] netlink: 12 bytes leftover after parsing attributes in process `syz.2.10312'.
[ 1410.475670][T29653] netlink: 68 bytes leftover after parsing attributes in process `syz.2.10312'.
[ 1410.652111][T29661] A link change request failed with some changes committed already. Interface macsec0 may have been left with an inconsistent configuration, please check.
[ 1410.706607][T29663] overlayfs: unescaped trailing colons in lowerdir mount option.
[ 1410.726441][T29641] loop0: detected capacity change from 0 to 32768
[ 1410.812292][T29641] ERROR: (device loop0): dtSearch: DT_GETPAGE: dtree page corrupt
[ 1410.812292][T29641] 
[ 1410.860991][T29641] ERROR: (device loop0): remounting filesystem as read-only
[ 1410.880083][T29641] jfs_lookup: dtSearch returned -5
[ 1411.121489][T29677] netlink: 48 bytes leftover after parsing attributes in process `syz.2.10324'.
[ 1412.068535][T29699] netlink: 'syz.2.10335': attribute type 30 has an invalid length.
[ 1412.152443][T29681] loop1: detected capacity change from 0 to 32768
[ 1412.207464][T29681] XFS (loop1): DAX unsupported by block device. Turning off DAX.
[ 1412.257574][T29681] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[ 1412.336233][ T5855] usb 4-1: new high-speed USB device number 50 using dummy_hcd
[ 1412.410181][T29681] XFS (loop1): Ending clean mount
[ 1412.498384][T29681] XFS (loop1): Quotacheck needed: Please wait.
[ 1412.511792][   T28] audit: type=1800 audit(1756142438.289:96): pid=29696 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz.0.10333" name="/" dev="sockfs" ino=72413 res=0 errno=0
[ 1412.540573][T14511] XFS (loop1): Metadata CRC error detected at xfs_allocbt_read_verify+0x42/0xd0, xfs_cntbt block 0x10 
[ 1412.585998][T14511] XFS (loop1): Unmount and run xfs_repair
[ 1412.592022][T14511] XFS (loop1): First 128 bytes of corrupted metadata buffer:
[ 1412.613917][ T5855] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[ 1412.620455][T14511] 00000000: 41 42 33 43 00 00 00 02 ff ff ff ff ff ff ff ff  AB3C............
[ 1412.623543][ T5855] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1412.641359][ T5855] usb 4-1: config 0 descriptor??
[ 1412.706219][T14511] 00000010: 00 00 00 00 00 00 00 10 00 00 00 01 00 00 00 10  ................
[ 1412.728365][T14511] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb  ...^T.Lr......N.
[ 1412.759688][T14511] 00000030: 00 00 00 00 20 bb 84 11 00 00 04 4e 00 00 00 02  .... ......N....
[ 1412.783485][T14511] 00000040: 00 00 04 60 00 00 0b a0 00 00 00 00 00 00 00 00  ...`............
[ 1412.831438][T14511] 00000050: 00 00 00 00 00 00 07 00 00 00 00 00 00 00 00 00  ................
[ 1412.858245][T14511] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[ 1412.879640][T14511] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[ 1412.890448][ T5855] [drm] vendor descriptor length:6 data:06 5f 01 ff 00 00 00 00 00 00 00
[ 1412.902514][ T5855] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor
[ 1412.907431][   T62] XFS (loop1): metadata I/O error in "xfs_btree_read_buf_block+0x1d7/0x2d0" at daddr 0x10 len 8 error 74
[ 1412.960369][T29681] XFS (loop1): Quotacheck: Unsuccessful (Error -117): Disabling quotas.
[ 1413.115978][ T5855] [drm:udl_init] *ERROR* Selecting channel failed
[ 1413.126260][ T5787] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[ 1413.184080][ T5855] [drm] Initialized udl 0.0.1 20120220 for 4-1:0.0 on minor 2
[ 1413.218188][ T5855] [drm] Initialized udl on minor 2
[ 1413.273316][ T5855] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[ 1413.328742][ T5855] udl 4-1:0.0: [drm] Cannot find any crtc or sizes
[ 1413.387604][   T27] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[ 1413.404529][ T5855] usb 4-1: USB disconnect, device number 50
[ 1413.412230][   T27] udl 4-1:0.0: [drm] Cannot find any crtc or sizes
[ 1413.421800][T29734] netlink: 'syz.0.10347': attribute type 3 has an invalid length.
[ 1413.443086][T29734] netlink: 16 bytes leftover after parsing attributes in process `syz.0.10347'.
[ 1413.984595][   T28] audit: type=1400 audit(1756142439.673:97): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name="#(%#{//&@\)//&" pid=29749 comm="syz.3.10354"
[ 1414.003528][T29752] loop0: detected capacity change from 0 to 164
[ 1414.071018][T29752] isofs: Unable to find the ".." directory for NFS.
[ 1414.385614][T29762] geneve2: entered allmulticast mode
[ 1414.572196][T29772] netlink: 'syz.3.10365': attribute type 13 has an invalid length.
[ 1414.756641][T29779] netlink: 14 bytes leftover after parsing attributes in process `syz.0.10368'.
[ 1414.791280][T29779] hsr_slave_0: left promiscuous mode
[ 1414.830568][T29779] hsr_slave_1: left promiscuous mode
[ 1415.413568][T29803] netlink: 28 bytes leftover after parsing attributes in process `syz.3.10380'.
[ 1415.464913][T29803] netlink: 28 bytes leftover after parsing attributes in process `syz.3.10380'.
[ 1415.634621][T29811] netlink: 'syz.3.10384': attribute type 30 has an invalid length.
[ 1416.090862][T29828] netlink: 'syz.1.10392': attribute type 10 has an invalid length.
[ 1416.131225][T29828] veth1_macvtap: left promiscuous mode
[ 1416.509716][T29838] loop1: detected capacity change from 0 to 512
[ 1416.616963][T29838] EXT4-fs error (device loop1): ext4_orphan_get:1425: comm syz.1.10396: bad orphan inode 15
[ 1416.686856][T29838] ext4_test_bit(bit=14, block=5) = 0
[ 1416.693810][T29838] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1416.743124][T29825] loop0: detected capacity change from 0 to 32768
[ 1416.817704][ T5787] EXT4-fs error (device loop1): ext4_lookup:1858: inode #17: comm syz-executor: iget: bad extra_isize 255 (inode size 256)
[ 1416.878043][ T5787] EXT4-fs error (device loop1): ext4_lookup:1858: inode #17: comm syz-executor: iget: bad extra_isize 255 (inode size 256)
[ 1416.976667][T24896] read_mapping_page failed!
[ 1416.981853][T24896] ERROR: (device loop0): txCommit: 
[ 1416.981853][T24896] 
[ 1417.035668][T24896] ERROR: (device loop0): remounting filesystem as read-only
[ 1417.050446][T24896] jfs_write_inode: jfs_commit_inode failed!
[ 1417.387050][ T5787] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1417.652244][T29846] loop2: detected capacity change from 0 to 32768
[ 1417.666326][T29846] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.10399 (29846)
[ 1417.711208][T24896] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1417.736185][T29846] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 1417.769776][T29846] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[ 1417.795669][T29846] BTRFS info (device loop2): using free space tree
[ 1417.935582][T24896] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1418.027169][T29846] BTRFS info (device loop2): enabling ssd optimizations
[ 1418.046482][T29846] BTRFS info (device loop2): auto enabling async discard
[ 1418.136858][T24896] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1418.137210][ T5789] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 1418.357505][T24896] netdevsim netdevsim1 ªªªªªª (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1418.490934][T29883] netlink: 22 bytes leftover after parsing attributes in process `syz.3.10414'.
[ 1418.787864][T29888] loop3: detected capacity change from 0 to 512
[ 1418.836253][T29888] EXT4-fs: Ignoring removed i_version option
[ 1418.874578][T29888] EXT4-fs: Ignoring removed mblk_io_submit option
[ 1418.908681][T29888] EXT4-fs error (device loop3): ext4_orphan_get:1399: comm syz.3.10416: inode #13: comm syz.3.10416: iget: illegal inode #
[ 1419.041956][T29894] Cannot find del_set index 1 as target
[ 1419.042523][T29888] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.10416: couldn't read orphan inode 13 (err -117)
[ 1419.093286][T29888] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1419.456923][ T5786] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1419.578194][T28037] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1419.621327][T28037] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1419.648740][T28037] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1419.666793][T28037] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1419.680220][T28037] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[ 1419.688001][T28037] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1419.740546][T29899] netlink: 14 bytes leftover after parsing attributes in process `syz.2.10418'.
[ 1419.755573][T29899] hsr_slave_0: left promiscuous mode
[ 1419.784799][T29899] hsr_slave_1: left promiscuous mode
[ 1420.163852][T29917] loop3: detected capacity change from 0 to 4096
[ 1420.197091][T29917] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512).
[ 1420.420189][T29917] ntfs3: loop3: failed to convert "c46c" to cp861
[ 1421.945441][T12846] Bluetooth: hci3: command tx timeout
[ 1422.025146][T29949] loop0: detected capacity change from 0 to 32768
[ 1422.036180][    T9] usb 3-1: new high-speed USB device number 75 using dummy_hcd
[ 1422.055217][T29949] ocfs2: Slot 0 on device (7,0) was already allocated to this node!
[ 1422.077700][T29949] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[ 1422.190982][ T5904] usb 4-1: new high-speed USB device number 51 using dummy_hcd
[ 1422.223324][T29949] syz.0.10436 (29949) used greatest stack depth: 18896 bytes left
[ 1422.272169][    T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1422.306951][    T9] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18
[ 1422.321200][T24896] hsr_slave_0: left promiscuous mode
[ 1422.331755][T24896] hsr_slave_1: left promiscuous mode
[ 1422.342375][    T9] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1422.357869][T24896] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1422.365593][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1422.374890][T24896] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1422.383955][    T9] usb 3-1: SerialNumber: syz
[ 1422.397168][    T9] usb 3-1: bad CDC descriptors
[ 1422.402518][T24896] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1422.410237][ T5904] usb 4-1: Using ep0 maxpacket: 8
[ 1422.433134][ T5904] usb 4-1: config 1 has an invalid interface number: 128 but max is 1
[ 1422.448932][T24896] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1422.457106][ T5788] ocfs2: Unmounting device (7,0) on (node local)
[ 1422.468999][ T5904] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1422.511758][ T5904] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1422.521284][ T5904] usb 4-1: config 1 has no interface number 0
[ 1422.528394][T24896] batman_adv: batadv0: Interface deactivated: virt_wifi0
[ 1422.544012][T24896] batman_adv: batadv0: Removing interface: virt_wifi0
[ 1422.555654][ T5904] usb 4-1: config 1 interface 128 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1422.589575][T24896] bridge_slave_1: left allmulticast mode
[ 1422.595313][T24896] bridge_slave_1: left promiscuous mode
[ 1422.602363][ T5904] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1422.619898][ T5904] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1422.628216][ T5904] usb 4-1: Product: syz
[ 1422.643219][T24896] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1422.658354][ T5904] usb 4-1: Manufacturer: syz
[ 1422.664004][ T5904] usb 4-1: SerialNumber: syz
[ 1422.679354][T24896] bridge_slave_0: left allmulticast mode
[ 1422.686878][    T9] usb 3-1: USB disconnect, device number 75
[ 1422.699226][T24896] bridge_slave_0: left promiscuous mode
[ 1422.709013][T24896] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1422.720192][ T5904] cdc_wdm 4-1:1.128: skipping garbage
[ 1422.733913][ T5904] cdc_wdm 4-1:1.128: invalid descriptor buffer length
[ 1422.742046][ T5904] cdc_wdm: probe of 4-1:1.128 failed with error -22
[ 1422.799203][T24896] veth0_macvtap: left promiscuous mode
[ 1422.816835][T24896] veth1_vlan: left promiscuous mode
[ 1422.829772][T24896] veth0_vlan: left promiscuous mode
[ 1422.925814][ T5904] usb 4-1: USB disconnect, device number 51
[ 1423.040296][T24896] bond4 (unregistering): Released all slaves
[ 1423.070494][T24896] bond3 (unregistering): Released all slaves
[ 1423.392521][T24896] bond2 (unregistering): Released all slaves
[ 1423.411103][T24896] bond1 (unregistering): Released all slaves
[ 1424.152154][T24896] team0 (unregistering): Port device team_slave_1 removed
[ 1424.179510][T12846] Bluetooth: hci3: command tx timeout
[ 1424.236778][T24896] team0 (unregistering): Port device team_slave_0 removed
[ 1424.311396][T24896] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1424.388632][T24896] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1424.718626][T24896] bond0 (unregistering): (slave batadv0): Releasing backup interface
[ 1425.208444][T24896] bond0 (unregistering): Released all slaves
[ 1425.329623][T29980] netlink: 16 bytes leftover after parsing attributes in process `syz.0.10442'.
[ 1425.343989][T29986] netlink: 'syz.3.10445': attribute type 5 has an invalid length.
[ 1425.352009][T29986] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.10445'.
[ 1425.440568][T29904] chnl_net:caif_netlink_parms(): no params data found
[ 1425.627087][T29989] netlink: 'syz.0.10448': attribute type 2 has an invalid length.
[ 1425.860980][T29996] loop3: detected capacity change from 0 to 8192
[ 1425.916602][T29996] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[ 1426.012835][T29904] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1426.057800][T29904] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1426.095187][T29904] bridge_slave_0: entered allmulticast mode
[ 1426.132397][T29904] bridge_slave_0: entered promiscuous mode
[ 1426.211461][T29904] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1426.251603][T29904] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1426.301205][T29904] bridge_slave_1: entered allmulticast mode
[ 1426.349382][T29904] bridge_slave_1: entered promiscuous mode
[ 1426.412106][T12846] Bluetooth: hci3: command tx timeout
[ 1426.545679][T29990] loop2: detected capacity change from 0 to 32768
[ 1426.729900][T29904] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1426.812715][T29904] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1426.857018][T17281] read_mapping_page failed!
[ 1426.861629][T17281] ERROR: (device loop2): txCommit: 
[ 1426.861629][T17281] 
[ 1426.921758][T17281] ERROR: (device loop2): remounting filesystem as read-only
[ 1426.947348][T17281] jfs_write_inode: jfs_commit_inode failed!
[ 1427.033705][T29904] team0: Port device team_slave_0 added
[ 1427.068454][T29904] team0: Port device team_slave_1 added
[ 1427.323049][T29904] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1427.330328][T29904] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1427.427803][T29904] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1427.447574][T29904] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1427.454974][T29904] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1427.482052][T29904] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1427.759963][T29904] hsr_slave_0: entered promiscuous mode
[ 1427.791487][T29904] hsr_slave_1: entered promiscuous mode
[ 1428.377415][T30064] loop2: detected capacity change from 0 to 128
[ 1428.563971][T30069] No such timeout policy "syz0"
[ 1428.609963][T29904] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1428.625591][T12846] Bluetooth: hci3: command tx timeout
[ 1428.713912][T29904] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1428.791096][T29904] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1428.853211][T29904] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1429.232327][T29904] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1429.293801][T29904] 8021q: adding VLAN 0 to HW filter on device team0
[ 1429.331898][    T8] usb 4-1: new high-speed USB device number 52 using dummy_hcd
[ 1429.375505][T24896] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1429.384710][T24896] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1429.407897][T24896] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1429.415298][T24896] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1429.569544][    T8] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1429.584146][    T8] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18
[ 1429.602981][T30109] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10488'.
[ 1429.628979][T30108] loop2: detected capacity change from 0 to 2048
[ 1429.638625][    T8] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1429.652233][    T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1429.660922][    T8] usb 4-1: SerialNumber: syz
[ 1429.698058][T30108] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1429.702172][    T8] usb 4-1: bad CDC descriptors
[ 1429.989761][    T8] usb 4-1: USB disconnect, device number 52
[ 1430.105179][T30118] 9pnet_fd: p9_fd_create_tcp (30118): problem connecting socket to 127.0.0.1
[ 1430.379094][T29904] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1430.787898][T30143] loop3: detected capacity change from 0 to 1024
[ 1430.839244][T12846] Bluetooth: hci3: command tx timeout
[ 1430.977819][T24896] hfsplus: b-tree write err: -5, ino 4
[ 1431.073272][   T27] usb 1-1: new high-speed USB device number 66 using dummy_hcd
[ 1431.290434][T29904] veth0_vlan: entered promiscuous mode
[ 1431.322935][   T27] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[ 1431.336581][T29904] veth1_vlan: entered promiscuous mode
[ 1431.342603][   T27] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1431.366010][   T27] usb 1-1: config 0 descriptor??
[ 1431.444043][T29904] veth0_macvtap: entered promiscuous mode
[ 1431.510846][T29904] veth1_macvtap: entered promiscuous mode
[ 1431.599273][   T27] [drm] vendor descriptor length:6 data:06 5f 01 ff 00 00 00 00 00 00 00
[ 1431.616327][T29904] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1431.631585][   T27] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor
[ 1431.650372][T29904] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1431.682382][T29904] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1431.698681][T30165] loop2: detected capacity change from 0 to 2048
[ 1431.714699][T29904] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1431.735028][T29904] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1431.746943][T29904] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1431.775946][T30165] UDF-fs: error (device loop2): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[ 1431.787784][T29904] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1431.815765][   T27] [drm:udl_init] *ERROR* Selecting channel failed
[ 1431.841653][T30165] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found
[ 1431.855350][T29904] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1431.889143][T30165] UDF-fs: Scanning with blocksize 512 failed
[ 1431.911345][   T27] [drm] Initialized udl 0.0.1 20120220 for 1-1:0.0 on minor 2
[ 1431.917916][T30165] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1431.921920][T29904] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1431.949268][   T27] [drm] Initialized udl on minor 2
[ 1431.977165][   T27] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[ 1431.989622][T29904] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1432.005517][   T27] udl 1-1:0.0: [drm] Cannot find any crtc or sizes
[ 1432.016147][ T5855] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[ 1432.035453][T29904] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1432.062930][ T5855] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[ 1432.071881][   T27] usb 1-1: USB disconnect, device number 66
[ 1432.077945][T29904] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1432.100275][ T5855] udl 1-1:0.0: [drm] Cannot find any crtc or sizes
[ 1432.107577][T29904] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1432.151027][T29904] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1432.218031][T29904] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1432.257597][T29904] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1432.268700][T29904] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1432.278127][T29904] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1432.333125][T30161] loop3: detected capacity change from 0 to 32768
[ 1432.394697][T30161] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.10501 (30161)
[ 1432.406403][   T28] audit: type=1326 audit(1756142456.907:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30173 comm="syz.2.10504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f373a78ebe9 code=0x7ffc0000
[ 1432.438083][   T28] audit: type=1326 audit(1756142456.935:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30173 comm="syz.2.10504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f373a78ebe9 code=0x7ffc0000
[ 1432.484950][T30161] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 1432.524993][T30161] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[ 1432.546108][T30161] BTRFS info (device loop3): using free space tree
[ 1432.557578][   T28] audit: type=1326 audit(1756142456.953:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30173 comm="syz.2.10504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=79 compat=0 ip=0x7f373a78ebe9 code=0x7ffc0000
[ 1432.599945][   T28] audit: type=1326 audit(1756142456.953:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30173 comm="syz.2.10504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f373a78ebe9 code=0x7ffc0000
[ 1432.665954][T17281] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1432.674119][T17281] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1432.722191][   T28] audit: type=1326 audit(1756142456.953:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30173 comm="syz.2.10504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f373a78ebe9 code=0x7ffc0000
[ 1432.852162][   T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1432.861306][   T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1432.869606][T30192] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1432.880520][T30161] BTRFS info (device loop3): enabling ssd optimizations
[ 1432.887636][T30161] BTRFS info (device loop3): auto enabling async discard
[ 1433.260142][ T5786] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 1433.323732][T30208] loop4: detected capacity change from 0 to 512
[ 1433.486365][T30208] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1433.575137][T30208] ext4 filesystem being mounted at /0/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1433.674698][T30218] 9pnet_fd: p9_fd_create_tcp (30218): problem connecting socket to 127.0.0.1
[ 1433.950138][T29904] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1434.626381][T30245] loop3: detected capacity change from 0 to 512
[ 1434.732431][T30245] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2802e028, mo2=0002]
[ 1434.791211][T30245] System zones: 1-12
[ 1434.825846][T30245] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.10524: invalid indirect mapped block 8 (level 2)
[ 1434.925766][T30245] EXT4-fs (loop3): Remounting filesystem read-only
[ 1434.965203][T30245] EXT4-fs (loop3): 1 truncate cleaned up
[ 1434.972947][T30245] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1435.095596][T30264] kAFS: unparsable volume name
[ 1435.201914][ T5786] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1435.624965][T30285] IPv6: NLM_F_CREATE should be specified when creating new route
[ 1435.669501][T30285] IPv6: Can't replace route, no match found
[ 1435.745678][T30291] netlink: 144 bytes leftover after parsing attributes in process `syz.3.10540'.
[ 1435.914721][T30298] 9pnet_fd: p9_fd_create_tcp (30298): problem connecting socket to 127.0.0.1
[ 1436.504451][T30319] netlink: 80 bytes leftover after parsing attributes in process `syz.3.10553'.
[ 1436.567304][T30319] netlink: 80 bytes leftover after parsing attributes in process `syz.3.10553'.
[ 1436.795644][T30331] netlink: 'syz.3.10557': attribute type 2 has an invalid length.
[ 1437.178449][   T28] audit: type=1326 audit(1756142461.379:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30349 comm="syz.0.10564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41fe38ebe9 code=0x7ffc0000
[ 1437.272645][   T28] audit: type=1326 audit(1756142461.388:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30349 comm="syz.0.10564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41fe38ebe9 code=0x7ffc0000
[ 1437.355760][   T28] audit: type=1326 audit(1756142461.388:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30349 comm="syz.0.10564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f41fe38ebe9 code=0x7ffc0000
[ 1437.408432][   T28] audit: type=1326 audit(1756142461.388:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30349 comm="syz.0.10564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41fe38ebe9 code=0x7ffc0000
[ 1437.454316][   T28] audit: type=1326 audit(1756142461.388:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30349 comm="syz.0.10564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41fe38ebe9 code=0x7ffc0000
[ 1437.465012][ T5904] usb 4-1: new high-speed USB device number 53 using dummy_hcd
[ 1437.768489][ T5904] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[ 1437.796602][ T5904] usb 4-1: New USB device found, idVendor=2040, idProduct=5530, bcdDevice=a8.82
[ 1437.806277][ T5904] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1437.856862][T30374] netlink: 'syz.0.10573': attribute type 11 has an invalid length.
[ 1437.867291][ T5904] usb 4-1: config 0 descriptor??
[ 1437.890775][ T5904] smsusb:smsusb_probe: board id=8, interface number 0
[ 1437.920619][ T5904] smsusb:smsusb_probe: Device initialized with return code -19
[ 1438.130198][   T27] usb 4-1: USB disconnect, device number 53
[ 1438.142451][T30380] loop2: detected capacity change from 0 to 16
[ 1438.162266][T30380] erofs: (device loop2): mounted with root inode @ nid 36.
[ 1438.216739][T30380] erofs: (device loop2): z_erofs_read_folio: read error -22 @ 43 of nid 36
[ 1438.498764][T30388] netlink: 32 bytes leftover after parsing attributes in process `syz.0.10578'.
[ 1438.509905][T30388] netlink: 48 bytes leftover after parsing attributes in process `syz.0.10578'.
[ 1438.528436][T30388] netlink: 48 bytes leftover after parsing attributes in process `syz.0.10578'.
[ 1438.704007][T30369] loop4: detected capacity change from 0 to 32768
[ 1438.724183][T30392] loop2: detected capacity change from 0 to 8
[ 1438.830098][T30369] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[ 1438.917382][T30392] SQUASHFS error: xz decompression failed, data probably corrupt
[ 1438.926614][T30392] SQUASHFS error: Failed to read block 0x108: -5
[ 1438.933836][T30392] SQUASHFS error: Unable to read metadata cache entry [106]
[ 1438.942020][T30392] SQUASHFS error: Unable to read inode 0x11f
[ 1438.953054][T30369] (syz.4.10571,30369,0):ocfs2_find_entry:1086 ERROR: status = -117
[ 1439.022599][T30369] (syz.4.10571,30369,0):ocfs2_find_entry:1086 ERROR: status = -117
[ 1439.066983][T30369] (syz.4.10571,30369,0):ocfs2_mknod:502 ERROR: status = -117
[ 1439.115944][T30369] (syz.4.10571,30369,0):ocfs2_mkdir:659 ERROR: status = -117
[ 1439.281240][T29904] (syz-executor,29904,1):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 76
[ 1439.367611][T29904] ocfs2: Unmounting device (7,4) on (node local)
[ 1439.410385][ T5855] usb 3-1: new high-speed USB device number 76 using dummy_hcd
[ 1439.637969][ T5855] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[ 1439.659173][ T5855] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[ 1439.699413][ T5855] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 33119, setting to 1024
[ 1439.731159][ T5855] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[ 1439.775306][ T5855] usb 3-1: New USB device found, idVendor=2040, idProduct=2000, bcdDevice=65.72
[ 1439.785517][ T5855] usb 3-1: New USB device strings: Mfr=151, Product=0, SerialNumber=0
[ 1439.794728][ T5855] usb 3-1: Manufacturer: syz
[ 1439.838518][ T5855] usb 3-1: config 0 descriptor??
[ 1439.855564][T30392] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1439.868279][ T5855] smsusb:smsusb_probe: board id=9, interface number 0
[ 1439.903970][ T5855] smsusb:siano_media_device_register: media controller created
[ 1439.941282][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1439.948894][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1439.956377][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1439.964032][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1439.971606][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1439.983421][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1439.990962][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1439.998562][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.006088][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.013591][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.022257][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.029891][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.037477][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.045046][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.052525][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.061547][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.068932][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.076539][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.084414][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.091866][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.110171][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.117770][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.125261][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.132916][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.140378][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.148148][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.155730][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.163172][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.170743][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.178165][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.189568][ T5855] smsmdtv:smscore_sendrequest_and_wait: sendrequest returned error -22
[ 1440.198702][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.198829][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.198927][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.199024][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.199121][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.199216][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.199312][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.199406][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.199521][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.199596][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.275389][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.282857][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.290209][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.297563][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.305032][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.312456][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.319823][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.327442][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.337569][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.345463][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.352919][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.360484][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.367913][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.375246][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.382667][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.390097][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.397749][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.406510][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.414015][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.421641][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.429376][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.436741][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.444174][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.451784][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.459218][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.466557][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.482658][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.490229][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.497726][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.505231][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.512556][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.519839][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.528364][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.535723][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.543379][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.551046][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.558735][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.566586][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.574063][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.581688][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.594232][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.602136][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.609660][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.616985][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.624504][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.631935][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.639528][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.648078][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.655532][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.663159][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.670851][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.678356][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.685866][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.693633][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.701262][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.709410][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.716761][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.724473][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.732062][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.739503][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.747104][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.754553][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.762786][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.770627][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.778190][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.785929][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.793628][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.800993][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.808618][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.816083][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.824444][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.832280][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.840239][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.847873][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.855477][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.862930][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.870628][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.878056][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.886291][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.893816][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.901509][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.909249][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.916719][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.924256][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.931864][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.939198][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.947581][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.955113][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.962776][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.970183][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.977592][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.985057][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1440.992633][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.000055][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.008432][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.015933][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.023896][ T5855] smsmdtv:smscore_set_device_mode: mode detect failed -22
[ 1441.032097][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.032219][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.032315][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.032411][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.032519][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.032612][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.032705][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.032798][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.032890][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.032983][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.109994][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.117349][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.124819][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.132152][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.139643][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.147055][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.154389][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.161906][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.173722][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.181281][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.188714][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.196239][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.203767][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.216780][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.224426][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.231868][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.239750][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.247564][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.255185][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.262513][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.269953][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.277488][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.285321][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.293879][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.301344][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.308978][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.316357][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.323773][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.331086][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.338401][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.345806][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.353929][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.361575][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.369133][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.376620][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.387815][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.395543][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.403066][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.410433][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.418235][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.425676][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.433213][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.441246][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.448758][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.456277][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.464201][ T5855] smsmdtv:smscore_start_device: set device mode failed , rc -22
[ 1441.472099][ T5855] smsusb:smsusb_init_device: smscore_start_device(...) failed
[ 1441.480460][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.480578][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.480704][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.480796][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.480889][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.480980][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.481068][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.481168][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.481260][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.481351][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.559267][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.566759][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.574293][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.581816][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.589274][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.596726][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.604113][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.612576][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.620368][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.628167][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.635730][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.643495][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.650926][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.658444][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.665784][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.673415][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.680766][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.688288][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.696144][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.703507][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.711277][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.718618][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.726234][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.733681][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.741188][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.748555][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.757515][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.764887][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.772405][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.779992][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.787480][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.794926][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.802595][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.809970][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.817328][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.829169][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.836812][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.844325][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.852023][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.859370][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.866876][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.874298][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.881748][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.890024][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.897359][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.904779][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.912589][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.919975][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.927239][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.934690][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.941962][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.949411][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.957880][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.965235][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.972662][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.979997][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.987423][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1441.994765][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.002306][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.009858][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.017593][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.025756][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.033196][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.040788][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.048499][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.056242][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.063601][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.070938][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.078462][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.086500][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.094790][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.102430][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.109855][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.117355][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.124693][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.132107][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.140153][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.147609][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.155019][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.162665][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.169994][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.177420][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.185006][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.192435][    C1] smsusb:smsusb_onresponse: error, urb status -2, 0 bytes
[ 1442.199698][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.207031][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.215969][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.223325][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.230654][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.237990][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.245322][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.252658][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.260284][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.267876][    C1] smsusb:smsusb_onresponse: error, urb status -2, 0 bytes
[ 1442.275695][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.293734][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.301112][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.308626][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.316068][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.323508][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.330850][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.338279][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.365012][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.372459][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.379798][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.388630][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.396155][    C1] smsusb:smsusb_onresponse: error, urb status -2, 0 bytes
[ 1442.403842][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.411451][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[ 1442.422388][ T5855] ------------[ cut here ]------------
[ 1442.428883][ T5855] ODEBUG: free active (active state 0) object: ffff88807ce307a8 object type: work_struct hint: do_submit_urb+0x0/0x360
[ 1442.441984][T25176] ==================================================================
[ 1442.450122][T25176] BUG: KASAN: slab-use-after-free in __lock_acquire+0xff/0x7c80
[ 1442.457998][T25176] Read of size 8 at addr ffff88805be19098 by task kworker/1:0/25176
[ 1442.466021][T25176] 
[ 1442.468382][T25176] CPU: 1 PID: 25176 Comm: kworker/1:0 Not tainted 6.6.102-syzkaller #0
[ 1442.476748][T25176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1442.487019][T25176] Workqueue: events do_submit_urb
[ 1442.492194][T25176] Call Trace:
[ 1442.495505][T25176]  <TASK>
[ 1442.498924][T25176]  dump_stack_lvl+0x16c/0x230
[ 1442.503837][T25176]  ? __lock_acquire+0x7c80/0x7c80
[ 1442.509007][T25176]  ? show_regs_print_info+0x20/0x20
[ 1442.514355][T25176]  ? load_image+0x3b0/0x3b0
[ 1442.519184][T25176]  ? __virt_addr_valid+0x469/0x540
[ 1442.524407][T25176]  print_report+0xac/0x220
[ 1442.528959][T25176]  ? __lock_acquire+0xff/0x7c80
[ 1442.533834][T25176]  kasan_report+0x117/0x150
[ 1442.538381][T25176]  ? mark_lock+0x94/0x320
[ 1442.542817][T25176]  ? __lock_acquire+0xff/0x7c80
[ 1442.547688][T25176]  __lock_acquire+0xff/0x7c80
[ 1442.552562][T25176]  ? mark_lock+0x94/0x320
[ 1442.556919][T25176]  ? look_up_lock_class+0x75/0x140
[ 1442.562156][T25176]  ? verify_lock_unused+0x140/0x140
[ 1442.567467][T25176]  ? register_lock_class+0xb5/0x890
[ 1442.572772][T25176]  ? is_dynamic_key+0x260/0x260
[ 1442.577856][T25176]  ? mark_lock+0x94/0x320
[ 1442.582207][T25176]  ? __lock_acquire+0x1334/0x7c80
[ 1442.587444][T25176]  lock_acquire+0x197/0x410
[ 1442.591992][T25176]  ? smscore_getbuffer+0xa9/0x440
[ 1442.597384][T25176]  ? read_lock_is_recursive+0x20/0x20
[ 1442.603045][T25176]  _raw_spin_lock_irqsave+0xa8/0xf0
[ 1442.608379][T25176]  ? smscore_getbuffer+0xa9/0x440
[ 1442.613873][T25176]  ? _raw_spin_lock+0x40/0x40
[ 1442.618777][T25176]  smscore_getbuffer+0xa9/0x440
[ 1442.623758][T25176]  ? smscore_onresponse+0xf10/0xf10
[ 1442.628977][T25176]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[ 1442.635082][T25176]  ? read_lock_is_recursive+0x20/0x20
[ 1442.640886][T25176]  do_submit_urb+0x98/0x360
[ 1442.645516][T25176]  ? process_scheduled_works+0x957/0x15b0
[ 1442.651518][T25176]  ? process_scheduled_works+0x957/0x15b0
[ 1442.657449][T25176]  process_scheduled_works+0xa45/0x15b0
[ 1442.663118][T25176]  ? assign_work+0x400/0x400
[ 1442.667730][T25176]  ? assign_work+0x39e/0x400
[ 1442.672364][T25176]  worker_thread+0xa55/0xfc0
[ 1442.677000][T25176]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[ 1442.683292][T25176]  ? _raw_spin_unlock+0x40/0x40
[ 1442.688315][T25176]  ? _raw_spin_unlock_irqrestore+0x86/0x110
[ 1442.694437][T25176]  kthread+0x2fa/0x390
[ 1442.698562][T25176]  ? pr_cont_work+0x560/0x560
[ 1442.703485][T25176]  ? kthread_blkcg+0xd0/0xd0
[ 1442.708093][T25176]  ret_from_fork+0x48/0x80
[ 1442.712799][T25176]  ? kthread_blkcg+0xd0/0xd0
[ 1442.717534][T25176]  ret_from_fork_asm+0x11/0x20
[ 1442.722344][T25176]  </TASK>
[ 1442.725718][T25176] 
[ 1442.728055][T25176] Allocated by task 5855:
[ 1442.732396][T25176]  kasan_set_track+0x4e/0x70
[ 1442.737144][T25176]  __kasan_kmalloc+0x8f/0xa0
[ 1442.741750][T25176]  smscore_register_device+0x63/0x10f0
[ 1442.747496][T25176]  smsusb_probe+0x1362/0x1da0
[ 1442.752376][T25176]  usb_probe_interface+0x5a4/0xb00
[ 1442.757621][T25176]  really_probe+0x25b/0xb40
[ 1442.762224][T25176]  __driver_probe_device+0x18c/0x330
[ 1442.767536][T25176]  driver_probe_device+0x4f/0x420
[ 1442.772589][T25176]  __device_attach_driver+0x2ca/0x520
[ 1442.778015][T25176]  bus_for_each_drv+0x24b/0x2d0
[ 1442.783165][T25176]  __device_attach+0x2b5/0x400
[ 1442.788047][T25176]  bus_probe_device+0x180/0x260
[ 1442.793014][T25176]  device_add+0x85b/0xc20
[ 1442.797460][T25176]  usb_set_configuration+0x1a79/0x20c0
[ 1442.803400][T25176]  usb_generic_driver_probe+0x8d/0x150
[ 1442.808893][T25176]  usb_probe_device+0x13d/0x280
[ 1442.814138][T25176]  really_probe+0x25b/0xb40
[ 1442.818831][T25176]  __driver_probe_device+0x18c/0x330
[ 1442.824136][T25176]  driver_probe_device+0x4f/0x420
[ 1442.829299][T25176]  __device_attach_driver+0x2ca/0x520
[ 1442.834777][T25176]  bus_for_each_drv+0x24b/0x2d0
[ 1442.839735][T25176]  __device_attach+0x2b5/0x400
[ 1442.844608][T25176]  bus_probe_device+0x180/0x260
[ 1442.849563][T25176]  device_add+0x85b/0xc20
[ 1442.853910][T25176]  usb_new_device+0xa31/0x1630
[ 1442.858694][T25176]  hub_event+0x2962/0x49c0
[ 1442.863489][T25176]  process_scheduled_works+0xa45/0x15b0
[ 1442.869060][T25176]  worker_thread+0xa55/0xfc0
[ 1442.873678][T25176]  kthread+0x2fa/0x390
[ 1442.877774][T25176]  ret_from_fork+0x48/0x80
[ 1442.882318][T25176]  ret_from_fork_asm+0x11/0x20
[ 1442.887112][T25176] 
[ 1442.889448][T25176] Freed by task 5855:
[ 1442.893433][T25176]  kasan_set_track+0x4e/0x70
[ 1442.898118][T25176]  kasan_save_free_info+0x2e/0x50
[ 1442.903262][T25176]  ____kasan_slab_free+0x126/0x1e0
[ 1442.908843][T25176]  slab_free_freelist_hook+0x130/0x1b0
[ 1442.914361][T25176]  __kmem_cache_free+0xba/0x1f0
[ 1442.919412][T25176]  smscore_unregister_device+0x603/0x6e0
[ 1442.925234][T25176]  smsusb_term_device+0x18f/0x220
[ 1442.930455][T25176]  smsusb_probe+0x1708/0x1da0
[ 1442.935242][T25176]  usb_probe_interface+0x5a4/0xb00
[ 1442.940389][T25176]  really_probe+0x25b/0xb40
[ 1442.944932][T25176]  __driver_probe_device+0x18c/0x330
[ 1442.950236][T25176]  driver_probe_device+0x4f/0x420
[ 1442.955319][T25176]  __device_attach_driver+0x2ca/0x520
[ 1442.960968][T25176]  bus_for_each_drv+0x24b/0x2d0
[ 1442.965834][T25176]  __device_attach+0x2b5/0x400
[ 1442.970617][T25176]  bus_probe_device+0x180/0x260
[ 1442.975502][T25176]  device_add+0x85b/0xc20
[ 1442.979938][T25176]  usb_set_configuration+0x1a79/0x20c0
[ 1442.985432][T25176]  usb_generic_driver_probe+0x8d/0x150
[ 1442.991088][T25176]  usb_probe_device+0x13d/0x280
[ 1442.995963][T25176]  really_probe+0x25b/0xb40
[ 1443.000564][T25176]  __driver_probe_device+0x18c/0x330
[ 1443.005875][T25176]  driver_probe_device+0x4f/0x420
[ 1443.010915][T25176]  __device_attach_driver+0x2ca/0x520
[ 1443.016390][T25176]  bus_for_each_drv+0x24b/0x2d0
[ 1443.021254][T25176]  __device_attach+0x2b5/0x400
[ 1443.026126][T25176]  bus_probe_device+0x180/0x260
[ 1443.030993][T25176]  device_add+0x85b/0xc20
[ 1443.035339][T25176]  usb_new_device+0xa31/0x1630
[ 1443.040121][T25176]  hub_event+0x2962/0x49c0
[ 1443.044547][T25176]  process_scheduled_works+0xa45/0x15b0
[ 1443.050108][T25176]  worker_thread+0xa55/0xfc0
[ 1443.054711][T25176]  kthread+0x2fa/0x390
[ 1443.058879][T25176]  ret_from_fork+0x48/0x80
[ 1443.063309][T25176]  ret_from_fork_asm+0x11/0x20
[ 1443.068087][T25176] 
[ 1443.070430][T25176] The buggy address belongs to the object at ffff88805be19000
[ 1443.070430][T25176]  which belongs to the cache kmalloc-2k of size 2048
[ 1443.085057][T25176] The buggy address is located 152 bytes inside of
[ 1443.085057][T25176]  freed 2048-byte region [ffff88805be19000, ffff88805be19800)
[ 1443.099142][T25176] 
[ 1443.101491][T25176] The buggy address belongs to the physical page:
[ 1443.107926][T25176] page:ffffea00016f8600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5be18
[ 1443.118265][T25176] head:ffffea00016f8600 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1443.127393][T25176] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 1443.135492][T25176] page_type: 0xffffffff()
[ 1443.139838][T25176] raw: 00fff00000000840 ffff888017842000 ffffea0001e8fa00 dead000000000002
[ 1443.148528][T25176] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[ 1443.157212][T25176] page dumped because: kasan: bad access detected
[ 1443.163679][T25176] page_owner tracks the page as allocated
[ 1443.169411][T25176] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5835, tgid 5835 (kworker/0:3), ts 95434113730, free_ts 29103113317
[ 1443.192181][T25176]  post_alloc_hook+0x1cd/0x210
[ 1443.196980][T25176]  get_page_from_freelist+0x195c/0x19f0
[ 1443.202838][T25176]  __alloc_pages+0x1e3/0x460
[ 1443.207741][T25176]  alloc_slab_page+0x5d/0x170
[ 1443.212776][T25176]  new_slab+0x87/0x2e0
[ 1443.217049][T25176]  ___slab_alloc+0xc6d/0x12f0
[ 1443.221948][T25176]  __kmem_cache_alloc_node+0x1a2/0x260
[ 1443.227516][T25176]  __kmalloc_node_track_caller+0xa2/0x230
[ 1443.233347][T25176]  kmalloc_reserve+0x117/0x260
[ 1443.238478][T25176]  __alloc_skb+0x138/0x2c0
[ 1443.242920][T25176]  mld_newpack+0x143/0xbf0
[ 1443.247441][T25176]  add_grhead+0x5a/0x2a0
[ 1443.251816][T25176]  add_grec+0x13ad/0x1660
[ 1443.256424][T25176]  mld_send_initial_cr+0xed/0x240
[ 1443.261464][T25176]  mld_dad_work+0x40/0x270
[ 1443.265982][T25176]  process_scheduled_works+0xa45/0x15b0
[ 1443.271642][T25176] page last free stack trace:
[ 1443.276329][T25176]  free_unref_page_prepare+0x7ce/0x8e0
[ 1443.282076][T25176]  free_unref_page+0x32/0x2e0
[ 1443.286870][T25176]  free_contig_range+0xa1/0x160
[ 1443.291763][T25176]  destroy_args+0x87/0x770
[ 1443.296299][T25176]  debug_vm_pgtable+0x3cc/0x410
[ 1443.301173][T25176]  do_one_initcall+0x1fd/0x750
[ 1443.306044][T25176]  do_initcall_level+0x137/0x1f0
[ 1443.311221][T25176]  do_initcalls+0x69/0xd0
[ 1443.315570][T25176]  kernel_init_freeable+0x3d2/0x570
[ 1443.320796][T25176]  kernel_init+0x1d/0x1c0
[ 1443.325139][T25176]  ret_from_fork+0x48/0x80
[ 1443.329670][T25176]  ret_from_fork_asm+0x11/0x20
[ 1443.334479][T25176] 
[ 1443.336846][T25176] Memory state around the buggy address:
[ 1443.342663][T25176]  ffff88805be18f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1443.350799][T25176]  ffff88805be19000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1443.358977][T25176] >ffff88805be19080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1443.367144][T25176]                             ^
[ 1443.372530][T25176]  ffff88805be19100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1443.380704][T25176]  ffff88805be19180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1443.388878][T25176] ==================================================================
[ 1443.396963][T25176] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1443.404174][T25176] CPU: 1 PID: 25176 Comm: kworker/1:0 Not tainted 6.6.102-syzkaller #0
[ 1443.412798][T25176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1443.422889][T25176] Workqueue: events do_submit_urb
[ 1443.428035][T25176] Call Trace:
[ 1443.431471][T25176]  <TASK>
[ 1443.434443][T25176]  dump_stack_lvl+0x16c/0x230
[ 1443.439178][T25176]  ? show_regs_print_info+0x20/0x20
[ 1443.444414][T25176]  ? load_image+0x3b0/0x3b0
[ 1443.448953][T25176]  panic+0x2c0/0x710
[ 1443.453011][T25176]  ? bpf_jit_dump+0xd0/0xd0
[ 1443.457560][T25176]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[ 1443.463489][T25176]  ? _raw_spin_unlock+0x40/0x40
[ 1443.468373][T25176]  ? print_memory_metadata+0x314/0x400
[ 1443.473858][T25176]  ? __lock_acquire+0xff/0x7c80
[ 1443.478815][T25176]  check_panic_on_warn+0x84/0xa0
[ 1443.483787][T25176]  ? __lock_acquire+0xff/0x7c80
[ 1443.491797][T25176]  end_report+0x6f/0x140
[ 1443.496059][T25176]  kasan_report+0x128/0x150
[ 1443.500699][T25176]  ? mark_lock+0x94/0x320
[ 1443.505228][T25176]  ? __lock_acquire+0xff/0x7c80
[ 1443.510105][T25176]  __lock_acquire+0xff/0x7c80
[ 1443.514919][T25176]  ? mark_lock+0x94/0x320
[ 1443.519384][T25176]  ? look_up_lock_class+0x75/0x140
[ 1443.525146][T25176]  ? verify_lock_unused+0x140/0x140
[ 1443.530363][T25176]  ? register_lock_class+0xb5/0x890
[ 1443.535681][T25176]  ? is_dynamic_key+0x260/0x260
[ 1443.540633][T25176]  ? mark_lock+0x94/0x320
[ 1443.545008][T25176]  ? __lock_acquire+0x1334/0x7c80
[ 1443.550141][T25176]  lock_acquire+0x197/0x410
[ 1443.554664][T25176]  ? smscore_getbuffer+0xa9/0x440
[ 1443.559723][T25176]  ? read_lock_is_recursive+0x20/0x20
[ 1443.565136][T25176]  _raw_spin_lock_irqsave+0xa8/0xf0
[ 1443.570461][T25176]  ? smscore_getbuffer+0xa9/0x440
[ 1443.575532][T25176]  ? _raw_spin_lock+0x40/0x40
[ 1443.580513][T25176]  smscore_getbuffer+0xa9/0x440
[ 1443.585667][T25176]  ? smscore_onresponse+0xf10/0xf10
[ 1443.591248][T25176]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[ 1443.597361][T25176]  ? read_lock_is_recursive+0x20/0x20
[ 1443.602847][T25176]  do_submit_urb+0x98/0x360
[ 1443.607562][T25176]  ? process_scheduled_works+0x957/0x15b0
[ 1443.613312][T25176]  ? process_scheduled_works+0x957/0x15b0
[ 1443.619150][T25176]  process_scheduled_works+0xa45/0x15b0
[ 1443.624815][T25176]  ? assign_work+0x400/0x400
[ 1443.629462][T25176]  ? assign_work+0x39e/0x400
[ 1443.634081][T25176]  worker_thread+0xa55/0xfc0
[ 1443.638778][T25176]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[ 1443.644693][T25176]  ? _raw_spin_unlock+0x40/0x40
[ 1443.649837][T25176]  ? _raw_spin_unlock_irqrestore+0x86/0x110
[ 1443.656022][T25176]  kthread+0x2fa/0x390
[ 1443.660308][T25176]  ? pr_cont_work+0x560/0x560
[ 1443.665095][T25176]  ? kthread_blkcg+0xd0/0xd0
[ 1443.669796][T25176]  ret_from_fork+0x48/0x80
[ 1443.674228][T25176]  ? kthread_blkcg+0xd0/0xd0
[ 1443.678929][T25176]  ret_from_fork_asm+0x11/0x20
[ 1443.683721][T25176]  </TASK>
[ 1443.687114][T25176] Kernel Offset: disabled
[ 1443.691500][T25176] Rebooting in 86400 seconds..