last executing test programs:

4.294693449s ago: executing program 5 (id=2238):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x34}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3}}, &(0x7f0000000080)='syzkaller\x00', 0x8, 0x0, 0x0, 0x41000}, 0x94)

3.952510177s ago: executing program 5 (id=2243):
syz_mount_image$minix(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00e611ed6229b237ad2a184a94283e2b34c24caf7280c18475708140abe763dfb52cdb0ba0cdc8c572346d0a832984b36248c4fa844eda0af4b1652605421a7821dcfde12aa77458d811a84538a156b05b0ec3eaf24a90ceb5b7463d9fd38b49d41fbfa868653605702abe43d9c2c30aed4da0b8cc18c6b369f086a965442c1217f19a67a534064b7236a6660000000000"], 0x1, 0x190, &(0x7f0000000e40)="$eJzs2zuPElEYxvHnDAMi3lC8JMbCytjIACaoHX4UAiMhDkrABmKifg8L7fxwEmNnJRvmtsssxQbCHHb5/xrOw8vJvBMy8IaLABytjp7KyKi0Ck/K1S81Y7slADlZxrf/lwCOT+Gf7Q4A2LF4K40l/f77uadCKRkLHiWLVb2T1Mvn54fFN+mxG9dNWdez88VP6Vmy31Q27q+k9Rsb689VjerOTd3Sbd1RVXd1T7W43o/2S+bhbsMQAABHwqiezWt3OHo3DPxGmothbqriRrkU5lZaj/LLNF8Lc733Mejv8SwAbMNR/dfZnL3+C5nr342vfwCX33Q2f98NAn+S0yL6fMCxdPSdFvp6EG1EC6Poe9ottxd1EGcxmc7+XOjBP6x1WMz9oK6sPymrhcUXJQC58D6Nxt50Nn8xHHUH/sD/0G61228ar181vXDw99bHfwBXyOmbvu1OAAAAAAAAAAAAAADAtu7rge0WAAAAAORkj39Qk76LXxYDAAAAAAAAAAAAAAAAALAHJwEAAP//zigUWQ==")
unlinkat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x200)

3.48171062s ago: executing program 5 (id=2251):
r0 = socket(0x1e, 0x2, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000480)=@req={0x5, 0xfffffffc}, 0x10)

3.115636808s ago: executing program 5 (id=2257):
r0 = syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x0, &(0x7f00000002c0), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=")
ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40e8662e, &(0x7f0000000040)={0xfff, 0x100000000, 0x5, 0x3, 0xffffffff})

2.81077363s ago: executing program 2 (id=2261):
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/sockstat6\x00')
writev(r0, &(0x7f0000000100)=[{&(0x7f0000000240)="da", 0x1}], 0x1)

2.789648133s ago: executing program 4 (id=2262):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB="c8000000100001002cbd70002000000000000000", @ANYRES32=0x0, @ANYBLOB="08009757c0200000140003006e657464657673696d3000000000000005001100010000008c0016807800018054000c8014000100"], 0xc8}, 0x1, 0x0, 0x0, 0x200080c5}, 0x20000010)

2.516852762s ago: executing program 2 (id=2265):
syz_mount_image$nilfs2(&(0x7f0000000ec0), &(0x7f0000000080)='./file0\x00', 0x40, &(0x7f0000000cc0)=ANY=[], 0x4, 0xfbd, &(0x7f0000006d00)="$eJzs3U+MG+XZAPB3vPb+yS5ZL/DBAh8hH3wVgcJuSCI1vQWBeqmEuPQOCgmNWChqaCUiIJseEJUQRUKcKg4gLpRKKVKRQJUq1FPbU6v21F5QL1SqUimohxYpcZXdd7z2rCf2ztpje/37SY/ffecdz/OM19nMjO3XAZhYlY3bY8eWkxDe/vStR19+Kvn42rK7mmsc3LhNYq8eQqi19JPM9j6PC65cfulkpzYJRzZu03547FLzvvMhhPVwMHwW6uHD1bUvP3jnkUMfvTp7yxvnnnllQLvflN0PAADYiy7+fu0v9/39dw8sfXXxwIkw01yeHp/XY38+HvcfjgfK6fFyJbT3k5ZoNZ1ZbypGJbPeVGa9aiZPNSdfLbOdWs56013yTbUs67SfAAAAMI7S89p6SCorbf1KZWVl87z/ms8Xp5OV586snT47pEIBAACAwv51fuNNt2McsyNQg8jGXPoE29n9Pvz2zu+zq6iUnK9acr6JiWLPNyGEEEKI/oXjETEG0Vgs8WIDAAAAQIf5wrZZ7+9MXc2t1XvLf+nhSuf7Qx9knn/bp53o8/P/+vlnt69Qav4OBp+/NuT8193/9y/4iwMAQHF79Wgy3a/0ODqdxyA7j+BU273mp3Z6/lHJbKe6wzrz5hUcl/kG8+qcKrmOovLq3+nvcVjy6s/Ohzmq8urPztM5qvLqnym5jqLy6u9w5SeM4j/rvPrnSq6jqLz695VcR1F59c+XXEdRefUvlFxHUXn131ByHUXl1b+/5DqKyqt/XN5Wm1d/veQ6isqrf2mzGfnDiLz6byy5jqLy6r+p5DqKyqv/5pLrGJY7Y5s+Dgdy1pvvcPA3cgeDAAAAQEf/Gfv5//ZkJF3XqQ69xomPjdfYh5h/agQeg0HHfP+3+fTCCOyXGKW4sPmfYfvy2Q7LxK6iMgI1DCrmOj2HhBBCiJGM88O79AAAAACMiPRzAemn3htROj61bfyv7127TcerreOzWxtIx2tdtj/dZXymyzgAAAAQwq9eO33bm8nWfHfZz/TvdD68dN6oufDx1VBgHqPsfIQ7zb/bec92m7/zhCPjMhsbAAAAe1Xyrc+u3v/ouy8sfXXxwImWs9+r8Xw3nQe0Gq8NfBL76fsCFjL9JD2HPtGep5KzXvb6wA1523t8lzsKAAAAEyw9f6+HpLLSct5dD5XKysrW+fhyqCWnz6ydOhz76fez/HaxNnNt+UMl1w0AAAD0but8v/P5f/o9vsthOll57sza6bOb/YXm8lql9brA4tbypPW6QD2z/EjO8qOxH7+/M3x3cW5j+crJ76091e+dBwAAgAlx9sVzzzy5tnbq+5PzQzWEsKvthFHYCz/4YaA/DPsvEwAA0G9ffPFW7QdHF369+fn/rfnvrsYfDsZ+Pc7t94e4PH2fQPo5gG2f13+iPc9i3nrPt69Xz6w3FWMmU/dsy3bCxnyD7fdbystXb9/OdE6++Uy+hUy+7DwF1cz6SYe5BEOHmQDT9RYzy7PzMFYzOZJM/rs75AIAAIDU6gvPPr969sVzD5559smnTz196rmjR45/8/jxww9946HVjff1r7a+ux8AAAAYR1tv+h12JQAAAAAAAAAAAAAAAAAAADC5yvg6sWHvIwAAAEy6f54PIawLkRPpFwwOu45xj2QEahhcNGaGX8PejuDfoRCiQ/z5jeHXMAJR8fdRiN5iuOd9s+UeyzQajcYIPOYjGI1G9pvmAQAAAAbryuWXTra226wnfc3X3Fp9s7ka86btwoN/WroW6WqXHm6/XrKvr9Uw6cp+/ss/qvlnOo6/f6G/+TcuxNe3+t3//lXaN3Bi47Yae3O95r139WfLzfwhhNurPeZv2/8LITzea8Z2hzL57w295W+8m3n8n2jrVXrNf18m/74e81/K/v6fz8swe93898f8y7F/6J5e87fv4kwmW69PgK9n9v+p0Gv+zP7Xe0yY8UDMDwCTqPm/eeP8cAvps/QoIT2eno/9dH/TA9bsux92evxfyWynuuvK27ebHgfdGvvNo7r19rypndafPi4Lsb2hYJ1Z4/Kukrz6+/V7HLS8+msl11FUXv3TJddRVF79nc/ei6w0WHn1X//scXTk1d/zhYghy6t/XK4r59U/X3IdReXVv1ByHUXl1b/T/8eHJa/+/SXXUVRe/Ysl11FUXv0FL6uVLq/+pZLrKCqv/htLrqOovPpvKrmOovLqv7nkOobljtjmnQ+n55+LcSzt1zP9mQ6PZc8vhgAAAAAD9Y+RnP+v5crB0GsRQghRdtT8/RcFYmoEahBinOPfjU3DrkP0IRqLw69BjGRszIvIxErG6L3iAPTPYGezYNT5/U82v//J5vfP9aSvxCeZfmqqy3i1y3ity/h0ZjzJ3HEmbzy6KbPdRnpdM7q5y/j/xD3IG9+fuf8PM+O3dtn+cpfx27qM395l/I4u4wAAAEyGW2Lr/BAAAAD2rpd//snrv7z3ictLX108cCJMb5t3/nDsz8TX1l+L/ey896lafM3/R7H/Xmx/E9u/Zdb3/hMAAAAYvPR7Yrz+DwAAAHtX+j2lzv8BAABg71qKrfN/AAAA2LtujK3zfwAAANjDktnOi2ObXhe4O7a9zusHAIy+/43tnbE9ENu7Yvt/sU2PA+6J7f+XVB8A0D8//c6Pj7+ZbM33fzQzfiUuT9tt1jevFCSV9pn852K7L7Zf67Ge7PcB9Jo/tb/HPIPKv7jL/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA3lHZuD12bDkJ4e1P33r0J9Ov//HasruaaxzcuE1irx5CqDXvl45u9X8RV7xy+aWTre3V2CbhSEhC0lweHrvUzDQfQlgPB8NnoR4+XF378oN3Hjn00auzt7xx7plXBvgQtO0fAAAA7EX/DQAA//8Q4Bqg")
rmdir(&(0x7f00000001c0)='./file0\x00')

2.434722411s ago: executing program 5 (id=2266):
syz_mount_image$jfs(&(0x7f0000000000), &(0x7f0000000100)='./file2\x00', 0x10000, &(0x7f0000000340)=ANY=[], 0x2, 0x6385, &(0x7f000000e9c0)="$eJzs3c1vHGcdB/Df7JtfStuoh6pECLlteCmleS0hUKDtAQ5cOKBcUSLXrSJSQElAaRURV75w4I8AIXFBQogjJ8S5B67c+AOIlCCBKg4dtN7nccbTtddOujNrz+cjOTO/eWY9z/i7493NzPgJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACC+/70fnisi4sov0oITEZ+JfkQvYmVcr0XEytqJvP4gIp6L7eZ4NiKGSxFFbnw64tWI+PCpiPsP7qyPF50/YD+++6d//O5HT/zg738cnvnvn2/1X9trvdu3f/2fv9x99P0FAACALirLsizSx/yT6fN9r+1OAQCNyK//ZZKXqw9fr8Rcv//mIdf/X9s/D7VarVYvXl1VTne3WkTEZvUx4/cMTscDwBGzGR+13QVaJP9OG0TEE213AlhoRdsdYC7uP7izXqR8i+rrwdqkPV8Lsiv/zWLn/o69prPUrzFp6vm1Ff14Zo/+rDTUh0WS8+/V878yaR+l9eadf1P2yn80ufWpc3L+/Xr+Nccn/97U/Lsq5z84VP59+QMAAAAAwALL//9/ouXzv0uPvysHst/537WG+gAAAAAAAAAAn7bHHf9vR2H8PwAAAFhU48/qY7956uGy6rX+o9i9/HIR8WRtfeB4+dusG3LSzTKrTXQGAAAAAAAAAAAAAJgYTK7hvVxEDCPiydXVsizHX1X1+rAe9/FHXdf3H7qs7V/yAAAw8eFTtXv5i4jliLic/tbfcHV1tSyXV1bL1XJlKb+fHS0tlyuVz7V5Ol62NDrAG+LBqBx/s+XK46pmfV6e1V7/fuNtjcr+ATrWjBYDB4CImLwa3feKdMyU5dPR9rscjgbH//Hj+Ocg2n6eAgAAAPNXlmVZpD/nfTKd8++13SkAoBH59b9+XkCtVqvVanXD9fLDBfPaXlU53d1qERGb1ceM3zMYjh8AjpjN+KjtLtAi+XfaICKea7sTwEIr2u4Ac3H/wZ31IuVbVF8P0vju+VqQXflvFtuPy4+fNp2lfo1JU8+vrejHM3v059mG+rBIcv69ev5XJu2jtN6882/KXvmP9/NEC/1pW86/X8+/5vjk35uaf1fl/AeHyr8vfwAAAAAAWGD5//9PLNT539Gj7s5M+53/XZvbVgEAAAAAAABgvu4/uLOe73vN5/8/N2U9938eTzn/Qv6dlPPv1fL/cm29fmX+3psP8//3gzvrv7/1r8/m6UHzX8ozRXpmFekZUaQtFYM0fZy9+6StYX803tKw6PUH6Zqfcvh2XIvrsRFnd63bSz+Ph+3ndrWPezrcbi/7k/bzu9oHO+358Rd2tQ/TlU7lSm4/Hevx07geb223j9uWZuz/8oz2cv/2Uc6/7/jvpJz/oPI1zn81tRe16di9D3qfOO6r02nbeePa5391dv67M9NW9Hf2rWq8fy+00J/tn8kTo/j5zY0bp29fvXXrxrlIk11Lz0eafMpy/sP0tfP7/8VJe/69Xz1e730wOnT+i2IrBnvm/2Jlfry/LzXctzbk/EfpK+f/VmqffvwfIv/eHxrbl4PY7/h/uYX+AAAAAAAAAAAAAAAAwH7Ksty+RfSNiLiY7v9p695MAKBZ+fW/TPLypup+w9tTq494XSxYfxqtPy4Xqz9q9VGsq8rpXq8WEfHX6mPG7xl+Oe2bAQCL7OOI+GfbnaA18u+w/Pf+xtNTbXcGaNTN997/8dXr1zdu3Gy7JwAAAAAAAADAo8rjf65Vxn8+VZbl3dp6u8Z/fTPWHnf810Ge2RlgdI+BqvuH36f9bPVG/V5luPHnY6/xv4c7c/uN/z2Ysb3hjPbRjPalGe3LM9qn3uhRkfN/vjLe+amIOFkbfv2Rx39dMPuN/1of874Lcv4vVJ7P4/y/VFuvmn/526Ocf29X/mduvfuzMzffe/+Va+9efWfjnY2fXDh37uyFixcvXbp05u1r1zfOTv5tscfzlfPPY1+7DrRbcv45c/l3S87/C6mWf7fk/L+Yavl3S84/v9+Tf7fk/PNnH/l3S87/pVTLv1ty/l9Jtfy7Jef/cqrl3y05/6+mWv7dkvN/JdXy75ac/+lUy79bcv5nUn3A/Ffm3S+akfPPZ7gc/92S889XNsi/W3L+51Mt/27J+V9Itfy7Jef/aqrl3y05/6+lWv7dkvO/mGr5d0vO/+upln+35PwvpVr+3ZLz/0aq5d8tOf9vplr+3ZLzfy3V8u+WnP+3Ui3/bsn5fzvV8u+WnP93Ui3/bsn5v55q+XfLw7//b8aMGTN5pu3fTAAAAAAAAAAAAABAXROXE7e9jwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/9mBAwEAAAAAIP/XRqiqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrCDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFfbuN0aOs74D+Oz9txMSAyF1UhMujgkhueTOduI/tCkm/G34VxJCgbbYru9sjjq28dkl0Kh2FCiRMCqqaBtetAWE2rypsCoq0QpQXqBWlSpB+4KqEqJC5UVUBRSQKrUVcNXuPM9zu3t7u3e+9d3szOcj2T/f7uzMM7PPzt7vzt8dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJrd+vq5T9ayLKvVavkN27Ls2nrdMrmtcctrNnd8AAAAwPr9rPH3C9enGw6t4kFNy/zjLd/6yuLi4mL23uE/Hv3s4mK8/Xtbsmx0PMsa90WXv/++WtMy0ZPZRG2o6euhHpsf7nH/SI/7R3vcP9bj/vEe90/0uH/ZAVhmS1ZLK9vV+Oe2LMsmsyy7IRtt3Lerw6OerI0P1Y9demxWazxmcfR4Np+dzOaymZbl82VrjeW/dmt9W2/J4raGmra1oz5Dfvz4sTiGWjjGu1q2tbTO6IevyyZ/8uPHj/3luedv6lR7HoaW9eXjvGNnfZwfD7fkY61l4+mYxHEONY1zR4fnZLhlnLXG4+r/bh/nC6sc5/DSMDdU+3M+kQ01/v3txnEaqWUdjtOOcNv/3JZl2cWlYbcvs2xb2VC2teWWoaXnZyKfkfV11KfSS7KR7vN0sdYyT29dxTyt19ldrfO0/TURn/9bw+NGVhhD89P0wyfGmp73ny5eyTyN6nu90mulfQ72+7VSlDkY58W3Gzv9VMc5uCvs/+O3rzwHO86dDnMw7XfTHNzZaw4OjQ03xpyehFrjMUtzcHfL8sONLdUa9bnbu8/B6XOPnple+OjH7p5/9OiJuRNzp/bu3j2zd9++AwcOTB+fPzk3k/99hUe7+LZmQ+k1sDMcu/gaeFXbss1TdfELY8vOv1f6Opzo8jrc1rZsv1+HI+07V9uYF+TyOZ2/Nt5dP+gTl4ayFV5jjefnzvW/DtN+N70OR5pehx3fUzq8DkdW8TqsL3PmztV9zzLS9KfTGFZ+L1jfHNzWNAfbvx9pn4P9/n6kKHNwIsyL79658nvBjjDep6bW+v3I8LI5mHY3nHvqt+Tf75+4Nps40PhXp3l5c/2Oa8ay8wtzZ+957Oi5c2d3Z6FsiJc2zZX2+bq1aZ+yZfN1aM3z9dD8LU/d3OH2beFYTdxd/2tixeeqvsy993R/rhrvbp2PZ8ute7JQ+iwcz8XxDTqend7N68dzLMs+980nHvr64597/YrHs95vfnx6/d+Lp7606fw7usL5N/b9P8+3l1b15PDoSP76HU5HZ7TlfNz6VI00zl21xrZfmF7d+Xg0/Nno8/ENXc7H29uW7ff5eLR95+L5uNbrpx3r0/58ToR5cnKm+/m4vsz2PWudkyNdz8e3hVoLx//VoVNIfVHT3Flp3qZtjYyMhv0aiVtonad7W5YfDb1ZfVvP7LmyeXrHbfm6htPeLdmoeTrZtmy/52n62ddK87TW66dvV6b9+ZwI8+KGvd3naX2ZZ+9d/7lzS/xn07lzrNccHB0eq495NE3Cxvk+W9wS5+A92bHsdHYym23cO9aYT7XGtqbuW90cHAt/Nvpcub3LHLyjbdl+z8H0PrbS3KuNLN/5Pmh/PifCvHj6vu5zsL7MG/b393vXO8ItaZmm713bf7620s+8bm47TFdrroyEcX5zf/efzdaXOXlgrX1m9+N0V7jlmg7Hqf31u9JrajbbmOO0PYzz+QMrH6f6eOrLfPbgKufToSzLLnz4gcbPe8PvV/7m/He+0vJ7l06/07nw4Qd+9KLj/7CW8QMw+H6el635e13Tb6ZW8/t/AAAAYCDEvn8o1ET/DwAAAKUR+/74v8IT/T8AAACURuz7R0JNKtL/b3/D8/M/v5ClZP5iEO9Ph+HBfLmYcZ0JX08uLqnf/sCX5v777y+sbttDWZb99MHf67j89gfjuHKTYZyX39h6+zJfuXtV2z7yyIW03eb8+ufD+uP+rHYadIrgzmRZ9rXrP93YzuT7LjXqsw8eadSHLj71ZH2ZFw7mX8fHP/fSfPk/C+HfQ8ePtjz+uXAcfhDqzFs7H4/4uC9fevWO/e9Z2l58XG3ndY3dfvoD+Xrj5+R85sl8+XicVxr/1z/1zJfryz/2ys7jvzDUefzPhPV+KdT/fXm+fPNzUP86Pu4TYfxxe/Fx93zxGx3Hf/mT+fJn3pQvdyTUuP07wte73vT8fPPxeqx2tGW/sjfny8Xtz3znDxv3x/XF9bePf+LwpZbj0T4/nv3XfD3TbcvH2+N2or9r2359Pc3zM27/mT840nKce23/8kPPvby+3vbt39W23JkP39nY/tL6Wj+x6c8/8emO24vjOfTXZ1r259C7wus4bP/pD4T5GO7/v8v5+to/XeHIu1rPP3H5z2+70LI/0Vt+km//8mtPNOr4xJat11z7ousuvqJ+7LLs2+P5+npt/8RfnG4Z/xduzI9HvD9m9Nu3v5K4/bMfmTp1euH8/Gw6qo9f3/jsnLfl44njvT6cW9u/Pnz63Afnzk7OTM5k2WR5P0Lvin0x1B/l5WL3pReXnUHvfCQ8nzf/6de23v4vn4q3/9u789svvTV/33pVWO4z4fZt4flb2/aXe/rWGxuv79qzYYSLyz8veD127PqvA6taMOx/+/cFcb6fedkHG8ehfl/jfSO+rtc5/u/N5uv5ajiui+GTmXfeuLS95uXjZyNcejh/va/7+IXTXHxe/yo832//Qb7+OK64v98L38d8Y3vr+S7Oj69eGGpff+NTPC6G80l2Mb8/LhWP96UXbuw4vPg5JNnFmxpf/1Faz01r2s2VLHx0Yfrk/Knzj02fm1s4N73w0Y8dfvT0+VPnDjc+y/Pwh3o9fun8tLVxfpqd23dv1jhbnc7LVbbZ4z/zyLHZ/TO3z84dP3r++LlHzsydPXFsYeHY3OzC7UePH5/7SK/Hz8/ev3vPwb3790ydmJ+9/8DBg3sPTs2fOl0fRj6oHvbN/M7UqbOHGw9ZuP/eg7vvu+/emalHT8/O3b9/ZmbqfK/HN96bpuqP/t2ps3Mnj56bf3RuamH+Y3P37z64b9+enp8G+OiZ4wuT02fPn5o+vzB3djrfl8lzjZvr7329Hk85LfxH/v1su1r+QXzZO+/alz6fte5LT6y4qnyRtg8QfT58Fs0/vfjMgdV8Hfv+0VCTivT/AAAAUAWx7x8LNdH/AwAAQGnEvn881ET/DwAAAKUR+/6JUJOK9P+ly/9vv7Cq7cv/y/83Hy/5/4rl/x8uWv4/P1/I//fHevP35cj/b1nxHvn/HuT/5f8HMP+/GN6Q5P8poqLl/2PfvyXLKtn/AwAAQBXEvn9rqIn+HwAAAEoj9v3XhJro/wEAAKA0Yt9/bahJRfp/+X/5f/l/+X/5/87bl/8fTPL/3cn/9yD/P51VK/9/sZ/jd/1/+X+WK1r+P/b9Lwo1qUj/DwAAAFUQ+/7rQk30/wAAAFAase+/PtRE/w8AAAClEfv+baEmFen/5f/l/+X/5f/l/ztvX/5/MMn/dyf/34P8v+v/y//L/9NXRcv/x77/xaEmFen/AQAAoApi3/+SUBP9PwAAABTPyJU9LPb9Lw01Wdb/X+EGAAAAgE0X+/4bsrYgeEV+/y//L/9f/Pz/eLpP/l/+Pytk/n84k/8vDvn/7uT/e5D/l/+X/5f/p6+Klv9v9P3ZRPayUJOK9P8AAABQBbHvvzHURP8PAAAApRH7/l8INdH/AwAAQGnEvn97qElF+n/5f/n/zc7/j7aN3fX/lx4n/58rfv7f9f+LRP6/O/n/HuT/5f/l/+X/6aui5f9j339TqElF+n8AAACogtj33xxqov8HAACA0oh9/y+Gmuj/AQAAoDRi378j1KQi/b/8f8Hz/zE5WuL8f+/r/8v/y//L/8v/r578f3fy/z3I/8v/y//L/9NXRcv/x77/5aEmFen/AQAAoApi339LqIn+HwAAAEoj9v2vCDXR/wMAAEBpxL5/MtSkIv2//H/B8/95Dn6szNf/l/+X/5f/l//vJ/n/7uT/ewinuR9mWSb/P6j5//iV/L/8P0VQtPx/7PtvDTWpSP8PAAAAVRD7/p2hJvp/AAAAKI3Y998WaqL/BwAAgNKIff+uUJOK9P/y/wOR/8/k/+X/5f/l/+X/V0f+vzv5/x5c/78E+X/X/2/K/9enlvw/m6po+f/Y978y1KQi/T8AAABUQez7bw810f8DAABAacS+/1WhJvp/AAAAKI3Y998RalKR/l/+X/5f/l/+X/6/8/bl/weT/H938v89yP/L/5cr/+/6/2y6ouX/Y9//6lCTivT/AAAAUAWx778z1ET/DwAAAKUR+/67Qk1a+/9O/70bAAAAGBCx758KNanI7//l/+X/5f/l/+X/O29f/n8wyf93J//fg/y//L/8v/w/fdWe/0/fz21S/j/2/XeHmlSk/wcAAIAqiH3/PaEm+n8AAAAojdj3T4ea6P8BAACgNGLfPxNqUpH+X/5f/l/+X/5/Tfn/VyytV/4/J/9fLPL/3cn/9yD/L/+/6fn/Ufl/SqVo1/+Pff/uUJPU+I1dwV4CAAAARRL7/j2hJhX5/T8AAABUQez794aa6P8BAACgNGLff2+oSUX6f/l/+X/5f/l/1//vvH35/8Ek/99d//P/cRfl/+X/5f9d/1/+n+WKlv+Pff99oSYV6f8BAACgCmLfvy/URP8PAAAApRH7/v2hJvp/AAAAKI3Y9x8INalI/y//L/8v/y//H28fbVtO/l/+fxDJ/3fn+v89FC///9rmh/c//z/e8lVzfr6+Lfl/+X/5f9bu4d9v/qpo+f/Y9x8MNalI/w8AAABVEPv+14Sa6P8BAACgNGLf/0uhJt37//GrOyoAAACgn2Lf/8uhJhX5/b/8v/y//L/8v+v/d96+/P9gkv/vTv6/h+Ll/1u4/n+xxy//L//PckXL/8e+//5Qk4r0/wAAAFAFse//lVAT/T8AAACURuz7Xxtqov8HAACA0oh9/6FQg05x7kHxt9vWsLD8v/z/KvP/cZGC5P8n5P/l/0uX/x+L65X/Xxf5/+7k/3uQ/5f/l//vQ/7/3+X/SYqW/499/+tCTfz+HwAAAEoj9v0PhJro/wEAAKA0Yt//+lAT/T8AAACURuz73xBqUpH+X/5f/t/1/+X/5f87b9/1/weT/H938v89yP/L/8v/u/4/fVW0/H/s+98YalKR/h8AAACqIPb9bwo10f8DAABAacS+/82hJvp/AAAAKI3Y978l1KQi/b/8v/z/Zub/cxfl/+X/G+T/5f/7Qf6/O/n/HuT/5f/l/+X/6aui5f9j3/+roSYV6f8BAACgCmLf/2Coif4fAAAASiP2/W8NNdH/AwAAQGnEvv9toSYV6f/l/+X/Xf+/MPn/+mLy//L/8v/rJP/f3YDl/392Xbhd/j8n/1/s8a81/z/S9vVVyf9/f6X8/+J4++Pl/7kaipb/j33/20NNKtL/AwAAQBXEvv8doSb6fwAAACiN2Pe/M9Skqf/v63+8AwAAADZc7Pt/LdSkIr//l/+vj2MpvSz/L//fuMH1/+X/5f8Hlvx/dwOW/3f9/zby/8Uev+v/y/+zXNHy/7Hvf1eoSUX6fwAAAKiC2Pc/FGqi/wcAAIDSiH3/w6Em+n8AAAAojdj3vzvUpCL9v/y/6//L/8v/y/933r78/2CS/+9O/r8H+X/5/6Ll//9T/p/BVrT8f+z7Hwk1qUj/DwAAAFUQ+/73hJro/wEAAKA0Yt//66Em+n8AAAAojdj3vzfUpCL9v/z/oOT/Jwc0//+E/P9VzP/fcl2+nPy//D9L5P+7k//vQf5f/r9o+X/X/2fAFS3/H/v+94WarL7/n1j1kgAAAMBVNLLiPbHvf3+oSUV+/w8AAABVEPv+3wg10f8DAABAacS+/zdDTSrS/8v/D0r+3/X/M/l/1/9v2x/5f/n/TjYu/x/PPPL/8v/Fyv9vW9MOt9rs/Px6bfb4q5v/z98Z5f/ppGj5/9j3/1aoSUX6fwAAAKiC2Pd/INRE/w8AAAADodP/yW4X+/7DoSb6fwAAACiN2PcfCTWpSP8v/y//L/9f0Pz/n+z85+9+6x1Hdsv/ryn/f/b98v9V05au3tjr/9c37vr/8v8Fy/+vx2bn5zdq/LUVLg0m/+/6//Rf0fL/se8/GmpSkf4fAAAAqiD2/b8daqL/BwAAgNKIff+xUBP9PwAAAJRG7PtnQ00q0v/L/8v/y/8XNP8/wNf/j8fD9f9b9S3/H0+68v8dbWj+/z1LOXH5/7Xm/8c63ir/L/8/yOOX/5f/Z7mi5f9j3z8XalKR/h8AAACqIPT9Q8fzunSH/h8AAABKI/b9J0JN9P8AAABQGrHv/2CoSUX6f/l/+X/5f/n/Ml3/P9ug/H9txPX/i0r+v7vi5P87k/+X/x/k8cv/y/+zXNHy/7Hvnw81qUj/DwAAAFUQ+/4PhZro/wEAAP6fvTt5sjSt6jj+Zld2VVa0YbBz4cYIl/4JLGSte1y40IVGOIKK80S184i2irOiqDiBAwi2qKg4Aw4ozqCi4jwiCqJGEZ15zsnMmzfvzZt1h+d9ns9n0cfKrqx7Lcvq/lXVt1/oRu7+T4xb7H8AAADoRu7+T4pbBtn/+n/9v/5f/6//X/76zT7/X/+/kv5/Nf3/Gvp//b/+X//PVrXW/+fu/+S4ZZD9DwAAACPI3f+8uMX+BwAAgG7k7n9+3GL/AwAAQOvu3fQr5u7/lLhlkP2v/9f/d9v/f6j+/7rX1//r/3u2n/7/ifr6+n/9v/7/nP5f/6//Z1Fr/X/u/k+NWwbZ/wAAADCC3P2fFrfY/wAAANCN3P0viFvsfwAAAOhG7v5Pj1sG2f8L/f/RNGb/X/+9CP1/R/2/5/9f+/r6/0fo/+/o/1u33+f/P/nMz3z6f/2//j/o/2/U/1/73ynT/9Oj1vr/3P2fEbcMsv8BAABgBLn7PzNusf8BAACgG7n778Qt9j8AAAB04yzEOZk+O24ZZP9v7/n/908/PtP+v8ys/7+r/9f/6//33P8fn39Z/9+m/fb/3Tz//7ErH+mg/3/BW5543jtf84FPb/L6+n/9v+f/6//Zrtb6/9z9nxO3DLL/AQAAYAS5+z83brH/AQAAoBu5+z8vbrH/AQAAoBu5+z8/bhlk/2+v/z/Y8/+PLuWVY/X/nv+v/9f/77v/f67n/7dO/7/azp//f6ed/v82r6//1//r//X/bNeh+//8hvPLufu/IG4ZZP8DAADACHL3f2HcYv8DAABAN3L3vzBusf8BAACgG7n7H8Qtg+z/Dvr/hU9sr///f/3/Zv3/wyP9f9D/n9H/6/83of9fbef9f0PP/7/N6+v/9f/6f/0/23Xo/n/xy7n7n4xbBtn/AAAAMILc/V8Ut9j/AAAA0I3c/V8ct9j/AAAA0I3c/V8Stwyy//X/nv/fXP/v+f9F/39G/6//34T+fzX9/xr6/0ft5x/X/8+w/49/kdL/swsb9v/vXfHT9lb6/9z9Xxq3DLL/AQAAYAS5+78sbrH/AQAAoBu5+788brH/AQAAoBu5+78ibhlk/+v/9f/6f/3/rfv/qz/0Tun/l9P/74f+f7Vm+v+j46Uf1v/Pvv/3/P859v9B/88utPb8/9z9Xxm3DLL/AQAAYAS5+78qblmx/zf+xXwAAADgoHL3f3Xc4vf/AQAAYPayOsvd/zVxyyD7X/+v/9f/6/89/3/566/q/5++8P70/23R/6/WTP9/Df2//n/O71//r//nqtb6/9z9Xxu3DLL/AQAAYAS5+18Ut9j/AAAA0I3c/V8Xt9j/AAAA0I3c/V8ftwyy/5f3/+d/X/9/M/r/y+9f/7/8x8e2+v/8FvX/K/v/53j+/5j0/6vtv/+/p/+//O3r/3fo0O+/8/7//rrP1/+zTGv9f+7+p+KWQfY/AAAAjCB3/zfELfY/AAAAdCN3/zfGLfY/AAAAdCN3/zfFLYPs/wM////Ju9e9L/3/Kf2//t/z/9t8/v+09/7/WP9/Q/r/1Tz/fw39v/5f/+/5/2xVa/1/7v4Xxy2D7H8AAAAYwYvfM53u/m+eJvsfAAAA5ujinx1Y/AOlIXf/t8Qt9j8AAAB0I3f/t8Ytg+z/A/f/u3r+/+PrXlv/r/+/+P2l/9f/L3v9tvp/z/+/Kf3/avr/NfT/u+jnjzvr/19y3ee30P+/UP9PYy71/687//ih+v/c/d8Wtwyy/wEAAGAEufu/PW6x/wEAAKAbufu/I26x/wEAAKAbufu/M24ZZP/vvP+/H/dNH3/ltXfY/6+l/9f/X/z+0v/r/5e9vv5/nvT/q+n/19D/e/6/5//r/9mqS/3/BYfq/3P3f1fcMsj+BwAAgBHk7v/uuMX+BwAAgG7k7n9J3GL/AwAAQDdy939P3DLI/u/0+f9r6f/1/xe/v/T/+v9lr6//nyf9/2r6/zX0//p//f/6/n/xH9RB/z+gu+u/Smv9f+7+741bBtn/AAAAMILc/S+NW+x/AAAA6Ebu/u+LW+x/AAAA6Ebu/u+PWwbZ//r/3fb/+XH9v/5/2qT/j0/Q/5/R/+v/NzG3/n/x/39u3a8fLfsn0VXX9P9v/LgHH375I/p//b/+X//v+f9sQRP9/8Pzf7vM3f8Dccsg+x8AAABGkLv/ZXGL/Q8AAADdyN3/g3GL/Q8AAADdyN3/Q3HLhvv/WVt9V/uj//f8f/1/g/1/0P+f0f/r/zcxt/5/kef/6//1//N9//p//T9XNdH/X/hy7v4fjlv8/j8AAAB0I3f/j8Qt9j8AAAB0I3f/j8Yt9j8AAAB0I3f/y+OWQfb/gfr/d+en6P/1//p//X9v/f/JtJz+fz/0/6vp/9fQ/+v/9f/6f7aqtf4/d/8r4pZB9j8AAACMIHf/j8Ut9j8AAAB0I3f/j8ct9j8AAADMSaZjS+Xu/4m4ZZD97/n/+n/9/xz6//evb0f/337/fx39/37MtP+vnwbn2v/fmVP//8oVb2BZ///wnv5f/6//1/9zS631/7n7fzJuGWT/AwAAwAhy978ybrH/AQAAoBu5+18Vt9j/AAAA0I3c/T8Vtwyy//X/+n/9/xz6f8//n3X/f/bTq/5/T2ba/5e59v+e/6//n/T/+n/9P0u01v/n7n913DLI/gcAAIAR5O5/Tdxi/wMAAEA3cvf/dNxi/wMAAEA3cvc/HbcMsv/1//p//b/+X/+//PU9/3+edtf/T4fr/9/x2KbfzLX0/8sd5f+t9P/6f/2//p+taq3/z93/M3HLIPsfAAAARpC7/7Vxi/0PAAAA3cjd/7Nxi/0PAAAA3cjd/3NxyyD7f8z+/67+v8X+//7Z59ys/3/qZNn71/9fff1j/b/+fzCe/7+a/n8N/b/+X/+v/2erWuv/c/f/fNwyyP4HAACAEeTuf13cYv8DAABAN3L3/0LcYv8DAABAN3L3/2LcMsj+H7P/9/z/6/v/afL8/776/2Wvr/9vpv8/mfT/W6f/X+1m/f9zFvv/u/l32u7/z3/20P/fzqH7+Z29/8emjvr/+9d+vv6fFrXW/+fu/6W4ZZD9DwAAACPI3f/6019Otf8BAACgL2d/dub1p389mX45brH/AQAAoGXHm3zl3P2/ErcMsv/n3//fW/hE/f80TW/9rDk+/z/o/88/T/9/puP+v75X9f/bo/9fzfP/19D/99n/e/6//p+Daa3/z93/q3HLIPsfAAAARpC7/9fiFvsfAAAAupG7/9fjFvsfAAAAupG7/zfilkH2//z7/8VP1P9Pj/T8f/3/6Qf0//p//f9s6f9X0/+vof9f288fXfPvPZP+X/+v/2eJ1vr/3P2/GbcMsv8BAABgBLn73xC32P8AAADQjdz9b4xb7H8AAADoRu7+N8Utg+x//b/+X/8/z/7/RP+v/9f/L9VK///sZ3/Ym/X/+v8e+/9V9P/6f/0/i1rr/3P3/1bcMsj+BwAAgBHk7v/tuMX+BwAAgG7k7v+duMX+BwAAgG7k7v/duGWQ/X+1/398OitUzyzr/6NR0/9foP+//P71/8t/fHj+v/5f/797rfT/nv9/u/ev/9f/z/n9b9T/f9DVz9f/06PW+v/c/W+OWwbZ/wAAADCC3P2/F7fY/wAAANCN3P2/H7fY/wAAANCN3P1viVsG2f+e/7/b/v8x/b/+X/9//uNS/6//3wP9/2r6/zX0//p/z/9//sfc0f+zPa31/7n7/yBuOR1+H/x+t/xfEwAAAGhI7v4/jFsG+f1/AAAAGEHu/j+KW+x/AAAA6Ebu/j+OWwbZ//p/z//X/+v/9f/LX1//P0/6/9X0/2uM0v8fXfyX3nOH7ucf1aHffzf9v+f/s0Wt9f+5+/8kbhlk/wMAAMAIcvf/adxi/wMAAEA3cvf/Wdxi/wMAAEA3cve/NW4ZZP/r//X//ff/H63/X3h9/b/+v2f6//wn+nL6/zVG6f+vceh+fu7vv5H+/2Ufpf+nIa31/7n73xa3DLL/AQAAYAS5+/88brH/AQAAoBu5+/8ibrH/AQAAoBu5+/8ybhlk/x+k/48aUv+///7/aBqx//f8f/2//n8k8+n/X3q87KOe/6//1//P9/030v97/j9Naa3/z93/9qPjIfc/AAAAzNVHfMgnvO2mX/ftp389mf4qbrH/AQAAoBu5+/86brH/AQAAoBu5+/8mbhlk/3v+/1j9/5jP/9f/6//1/yOZT/8/Lf0a+n/9v/5/vu9f/6//56rW+v/c/e+IWy4Mv6X/gR4AAABgNnL3/23cMsjv/wMAAMAIcvf/XdxyZf8/vOGfagcAAABak7v/7+OWQX7/X//feP8/7aj/j6+n/z+j/9f/L3t9/f88za7/X7DYr9+bmur/Hx7p//X/K+j/9f/6fxa11v/n7n/tq6ch9z8AAAB06tKvKPzD6V9Ppn+MW+x/AAAA6Ebu/n+KW+x/AAAA6Ebu/n+OWwbZ//r/xvv/Wz3//379T9t8/v/0LP3/7Pr/F50sfX39v/6/Z731/57/f/Zx/f8Z/X/b71//r//nqg36/9NBuuv+P3f/v8Qtg+x/AAAAGEHu/n+NW+x/AAAA6Ebu/n+LW+x/AAAA6Ebu/n+PWwbZ//r/A/T/T92bpp32/zd4/v/q/v9omjz/v4v+/5rX76f//4AnHrzhIz/2Va/Q/3Nun/1//ljQ/+v/D9D/vzx+/On/G3r/+n/9P1e19vz/3P3/EbcMsv8BAABgBLn73xn3bv4N+x8AAAC6kbv/P+MW+x8AAAC6kbv/XXHLIPtf/9/j8/+X9f/veuTn/++6/8/v6wP0/w/m1/9nUzx6/+/5//r/qzz/fzX9/xrz6f9Pv+z5/229f/2//p+rWuv/c/f/V9wyyP4HAACAEeTu/++4Jff/0ca/dA8AAAA0Jnf/u+MWv/8PAAAA3cjd/564Zd77/7lrA6Gg/x+l/9/o+f8H6f+T5/+ff57n/5/R/+v/N6H/X03/v4b+X/+v/9f/s1Wt9f+5+/8nbpn3/gcAAAAuyN3/3rjF/gcAAIBu5O7/37jF/gcAAIBu5O7/v7hlkP2v/99K/39f/3/5/ev/L9P/x48H/b/+fw/0/6vp/59x9/o3oP/X/+v/9f9sVWv9f+7+9wUAAP//tBFbAA==")
truncate(&(0x7f0000000040)='./file1\x00', 0x1bfc)

2.256576224s ago: executing program 4 (id=2268):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)={0x30, 0x2c, 0x107, 0x70bd2b, 0x25dfdbff, {0x6, 0x7c}, [@nested={0x8, 0x1, 0x0, 0x1, [@nested={0x1, 0xdd}]}, @nested={0x14, 0x3, 0x0, 0x1, [@nested={0x10, 0x1, 0x0, 0x1, [@nested={0x0, 0x12f, 0x0, 0x1, [@typed={0x0, 0x74}, @typed={0x0, 0xfe, 0x0, 0x0, @u32=0x4}, @typed={0x0, 0x4c}, @typed={0x0, 0x148, 0x0, 0x0, @ipv4=@multicast2}, @typed={0x0, 0x8a, 0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0x15}}, @generic="92557b1db244ab351d2a49c5d3353e8ea7c863b7a4e97cf78a6d05ab3f777541105a53fedb265cb159b9b4fff991db173d"]}]}, @generic="c3beb899adffc9c05eb8c1126ae35569f307076b0926b332d3469eb51c22e2ad08d45d9a15c8e07521442eb906e345d5f7f6c5826f5fcaef4b5dd7f7938088ef6434cca8de28558248719d15c75c1e7a98", @generic="6fbf19734b1cdba2c8622e21c82835e31a63b9eda6cd5afcf7d09d6c35db1f3455cea6e21829a8ff488d88ef4d77892be7211d9bbaa724fafb6253858450c6b156518155ecfa7e5d2f00a7394cab8c3dd121484859bc94b7a936aa", @typed={0x0, 0x65, 0x0, 0x0, @uid}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x10000004}, 0xc010)

2.224114929s ago: executing program 0 (id=2269):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$sock_buf(r0, 0x1, 0x3b, 0x0, &(0x7f0000000380))

1.984518817s ago: executing program 1 (id=2271):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01040000000000000000010080030900010073797a30000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a3200000000b4000000060a010400000000000000000100000008000b40000000008c000480340001800b000100657874686472000024000280080001400000000e080003400000000008000440000000220500020007000000540001800c0001006269747769736500440002800800034000000002080001400000001408000240000000121c000580040001008b6074f501258cfeb4b4dac46617946e69a517c50c000480060001008a9500000900010073797a30"], 0x128}, 0x1, 0x0, 0x0, 0x1}, 0x0)

1.908548528s ago: executing program 0 (id=2272):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
syncfs(r0)

1.801133931s ago: executing program 4 (id=2273):
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000280)={0x1, {0x0, 0x0, 0x0, 0x3, 0x3}}, 0x48)

1.643549203s ago: executing program 3 (id=2274):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01040000000000000000010000020900010073797a30000000002c000000030a010200000000000000000100fffe0900010073797a30000000000900030073797a300000000064000000060a010400000000000000000100000008000b40000000003c000480380001800e000100696d6d656469617465000000240002800800014000000000180002801400028008100180fffffffc08000340000000010900010073797a30"], 0xd8}}, 0x0)

1.597225569s ago: executing program 2 (id=2275):
r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x84, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r0, 0x40045542, &(0x7f00000001c0))

1.568089209s ago: executing program 1 (id=2276):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_opts(r0, 0x0, 0xb, 0x0, &(0x7f0000000040))

1.554248379s ago: executing program 0 (id=2277):
r0 = socket$isdn_base(0x22, 0x3, 0x0)
accept4(r0, 0x0, 0x0, 0x80800)

1.433494288s ago: executing program 4 (id=2278):
syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000a80)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="6e6c733d63703835322c6e6f626172726965722c63726561746f723dbd3c66f52c626172726965722c706172743d3078303030303030303030303030303030322c756d61736b3d30303030303030303030303030303030303030363734352c00b08558549e3fb3af8feff2a5c10c825cef8ec0f1ddcd940f6058a48f0cc0887456a5b70061a195d3ed592d"], 0x3, 0x6a4, &(0x7f0000000100)="$eJzs3U9sHFcdB/DvbDbrbJBS918aEFKtRqqgEYmdVUmQkBoQQjlEKIJLr1biNFY2aeW4KK0Q2QAFiRMn1AOHIhQOPSGEkMoJUc5ISFw4+R6JG4ccAKOZnV2v7Y1jJ7HXbT8faTzv7Zv33m9+nT+7s402wGfW+ddzsJci509cuFXWV+52uit3O9cH5SRTSRpJs79K0U6Kj5Nz6S/5fPliPVzxoHlevfdR0Xz/w06/1qyXavvGVv02GbtlLzk0rBxIMtMv/mfbw24ar1qqcS6tjfeIimHcZcKODxIHk7a6SW+tsfHQ7ts/b4F963b/vrnJdHI4/btr+T4g9dXh4VeGydvy2tTbuzgAAABgt4z9LD/qqfu5n1s5sjfhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKdD0f/NwKJeGoPyTIrB7/+3Rn5TvzXhcB/Te1eq1XefmnQgAAAAAAAAAPBYXryf+7mVI4P6alF95/9SVXmu+vu5vJ2bWchSTuZW5rOc5SxlLsn0yECtW/PLy0tzm3v+MmXP1dXV23XP02N7nl4fV29joOP+T4NNGwEAAAAAAADAZ9aPcn7t+38AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgPiuRAf1Utzw3K02k0kxxK0ipmhpu3JhrsE/DnSQcAAAAAu69dr48U/+sXVovqM//R6nP/obydG1nOYpbTzUIuV88C+p/6G3/vdbordzvXy2XzwN/4147iqEZM/9nD+Jlnqy2eH/Y4n2/nezmRmVzMUhbz/cxnOQuZybeq0nyKTNdPL6ZX7rYziHVzvOfW1S5ujO3FkXIZ37EqknauZLGK7WQutQahN+rtjo3M9sdWsmHGO2V2itdq28zR5Xpd7tEv6vX+MF3t+cFhRmbr3JfZeHo075tzv8PjZONMc2kMn0E9tzZLWd040yPl/HC9LnP9093N+Q4fpa3PRO/nZW1w9B3dOufJl//xl4tXGzeuXb1y88T+OYwe0cZjojOSiRe2lYlumYneY2Ti0OPE/+S06mz0r6I7u1q+VPU9ksV8J2/mchZyJrOZy9nM5ms5nU5Oj+T1+a3zWp1rjZ2da8e/VBfKe9LPRu5Ne2bqQQ1lXp8eyevolW66aht9ZS1Lz2wjS0Ur47P0z7GhNL9QF8o5fjxyx5m8jZmYG8nEs1tn4tf/XU1ys3vj2tLV+be2Od/L9bo8bd9bf23+zRPZoZ2rd7c8Xp4p/2Olf9sYPTrKtmcHbRvy1aq/cWnWg61ra6U6n/ttDztTy5GO3hk3Ur/thbGzdKq2YyNt697l5M10h+9CANjHDr9yuNW+1/5b+4P2T9pX2xcOfXPq7NQXWzn41+afDvyu8dvG14tX8kF+mCOTjhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4Nbr7z7rX5bndhaR8W0njCA94Z2zRIRf+V1v7Y909qYWqrI+r3Sbbo3ppEzO0k+yJ1ae7BXFMZ03Rh+Eo7aQzjSXJtn/zAHbAbTi1ff+vUzXfe/cri9fk3Ft5YuHH67JnXznS+Onf71JXF7sJs/++kowR2w9rbgElHAgAAAAAAAAAAAGzXXvzzhjHTFr0J7CsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwyXT+9Rzspcjc7MnZsr5yt9Mtl0F5bctmkkaS4gdJ8XFyLv0l0yPDFQ+a59V7H/3q5fc/7KyN1Rxs39jQ7w//Xl3d4V706iUzSQ7U64eb2tZ4l0bG6+0wsL5iuIdlwo4PEgeT9v8AAAD//x5LB84=")
getxattr(&(0x7f0000005140)='./file0\x00', &(0x7f0000000b00)=@random={'osx.', 'system.posix_acl_access\x00'}, 0x0, 0x0)

1.355254417s ago: executing program 3 (id=2279):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=@flushpolicy={0x1c, 0x1d, 0x1, 0x0, 0x4, "", [@policy_type={0xa, 0x10, {0x1}}]}, 0x1c}, 0x1, 0x0, 0x0, 0x24004811}, 0x0)

1.223530285s ago: executing program 1 (id=2280):
r0 = socket(0x2000000015, 0x80005, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0xa, 0x1, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c)

1.179917379s ago: executing program 2 (id=2281):
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
ioctl$USBDEVFS_BULK(r0, 0xc0185502, &(0x7f0000000080)={{{0x1, 0x1}}, 0x0, 0x0, 0x0})

1.154776553s ago: executing program 0 (id=2282):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000500)=@raw={'raw\x00', 0x3c1, 0x3, 0x438, 0x0, 0x168, 0x0, 0x268, 0xa, 0x368, 0x250, 0x250, 0x368, 0x250, 0x3, 0x0, {[{{@uncond, 0x0, 0x228, 0x268, 0x0, {0x0, 0x28e}, [@common=@inet=@hashlimit3={{0x158}, {'caif0\x00', {0x0, 0x7ff, 0x0, 0x1, 0x300, 0x6, 0x1000}}}, @inet=@rpfilter={{0x28}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x0, 0x0, "48c01c5140d722edd3fb24545886bbd1be494201b400"}}}, {{@uncond, 0x0, 0xd0, 0x100, 0x0, {}, [@common=@inet=@set2={{0x28}}]}, @common=@inet=@SET2={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x498)

1.042963717s ago: executing program 3 (id=2283):
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000080)={0x1, 0x0, {0x3, 0x0, 0x0, 0xa, 0x0, 0x64}})

935.484843ms ago: executing program 4 (id=2284):
r0 = syz_open_dev$video4linux(&(0x7f0000000480), 0xd, 0x123002)
ioctl$VIDIOC_SUBDEV_S_FMT(r0, 0xc0585605, &(0x7f0000001180)={0x1, 0x0, {0xe, 0x7, 0x3013, 0x0, 0x4, 0x2}})

847.517787ms ago: executing program 1 (id=2285):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=@newsa={0x180, 0x1a, 0x1, 0xfffffffe, 0x100, {{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x4001, 0x71c, 0x4e23, 0x5, 0xa, 0x80, 0x80, 0x3a}, {@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4d4, 0x6c}, @in=@multicast1, {0x0, 0x192, 0x9ba3, 0xffff, 0x8251c, 0x5, 0x81}, {0xffffffffffffffff, 0x0, 0x1d, 0xfffffffffffffffe}, {0xfffffffa, 0x3fc, 0xff}, 0x80, 0x3504, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @algo_crypt={0x48, 0x2, {{'ctr(serpent)\x00'}}}]}, 0x180}}, 0x844)

783.501616ms ago: executing program 2 (id=2286):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000700)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_MIIMON={0x8, 0x3, 0x10000}, @IFLA_BOND_ARP_INTERVAL={0x8, 0x7, 0x3}]}}}]}, 0x44}}, 0x0)

729.770782ms ago: executing program 0 (id=2287):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x8991, &(0x7f0000000340)={'vlan0\x00', @multicast})

688.632611ms ago: executing program 3 (id=2288):
r0 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x2000, 0x0)
ioctl$SNDCTL_SEQ_GETOUTCOUNT(r0, 0x80045104, 0x0)

588.458351ms ago: executing program 4 (id=2289):
syz_mount_image$nilfs2(&(0x7f0000000ec0), &(0x7f0000000080)='./file0\x00', 0x40, &(0x7f0000000cc0)=ANY=[], 0x4, 0xfbd, &(0x7f0000006d00)="$eJzs3U+MG+XZAPB3vPb+yS5ZL/DBAh8hH3wVgcJuSCI1vQWBeqmEuPQOCgmNWChqaCUiIJseEJUQRUKcKg4gLpRKKVKRQJUq1FPbU6v21F5QL1SqUimohxYpcZXdd7z2rCf2ztpje/37SY/ffecdz/OM19nMjO3XAZhYlY3bY8eWkxDe/vStR19+Kvn42rK7mmsc3LhNYq8eQqi19JPM9j6PC65cfulkpzYJRzZu03547FLzvvMhhPVwMHwW6uHD1bUvP3jnkUMfvTp7yxvnnnllQLvflN0PAADYiy7+fu0v9/39dw8sfXXxwIkw01yeHp/XY38+HvcfjgfK6fFyJbT3k5ZoNZ1ZbypGJbPeVGa9aiZPNSdfLbOdWs56013yTbUs67SfAAAAMI7S89p6SCorbf1KZWVl87z/ms8Xp5OV586snT47pEIBAACAwv51fuNNt2McsyNQg8jGXPoE29n9Pvz2zu+zq6iUnK9acr6JiWLPNyGEEEKI/oXjETEG0Vgs8WIDAAAAQIf5wrZZ7+9MXc2t1XvLf+nhSuf7Qx9knn/bp53o8/P/+vlnt69Qav4OBp+/NuT8193/9y/4iwMAQHF79Wgy3a/0ODqdxyA7j+BU273mp3Z6/lHJbKe6wzrz5hUcl/kG8+qcKrmOovLq3+nvcVjy6s/Ohzmq8urPztM5qvLqnym5jqLy6u9w5SeM4j/rvPrnSq6jqLz695VcR1F59c+XXEdRefUvlFxHUXn131ByHUXl1b+/5DqKyqt/XN5Wm1d/veQ6isqrf2mzGfnDiLz6byy5jqLy6r+p5DqKyqv/5pLrGJY7Y5s+Dgdy1pvvcPA3cgeDAAAAQEf/Gfv5//ZkJF3XqQ69xomPjdfYh5h/agQeg0HHfP+3+fTCCOyXGKW4sPmfYfvy2Q7LxK6iMgI1DCrmOj2HhBBCiJGM88O79AAAAACMiPRzAemn3htROj61bfyv7127TcerreOzWxtIx2tdtj/dZXymyzgAAAAQwq9eO33bm8nWfHfZz/TvdD68dN6oufDx1VBgHqPsfIQ7zb/bec92m7/zhCPjMhsbAAAAe1Xyrc+u3v/ouy8sfXXxwImWs9+r8Xw3nQe0Gq8NfBL76fsCFjL9JD2HPtGep5KzXvb6wA1523t8lzsKAAAAEyw9f6+HpLLSct5dD5XKysrW+fhyqCWnz6ydOhz76fez/HaxNnNt+UMl1w0AAAD0but8v/P5f/o9vsthOll57sza6bOb/YXm8lql9brA4tbypPW6QD2z/EjO8qOxH7+/M3x3cW5j+crJ76091e+dBwAAgAlx9sVzzzy5tnbq+5PzQzWEsKvthFHYCz/4YaA/DPsvEwAA0G9ffPFW7QdHF369+fn/rfnvrsYfDsZ+Pc7t94e4PH2fQPo5gG2f13+iPc9i3nrPt69Xz6w3FWMmU/dsy3bCxnyD7fdbystXb9/OdE6++Uy+hUy+7DwF1cz6SYe5BEOHmQDT9RYzy7PzMFYzOZJM/rs75AIAAIDU6gvPPr969sVzD5559smnTz196rmjR45/8/jxww9946HVjff1r7a+ux8AAAAYR1tv+h12JQAAAAAAAAAAAAAAAAAAADC5yvg6sWHvIwAAAEy6f54PIawLkRPpFwwOu45xj2QEahhcNGaGX8PejuDfoRCiQ/z5jeHXMAJR8fdRiN5iuOd9s+UeyzQajcYIPOYjGI1G9pvmAQAAAAbryuWXTra226wnfc3X3Fp9s7ka86btwoN/WroW6WqXHm6/XrKvr9Uw6cp+/ss/qvlnOo6/f6G/+TcuxNe3+t3//lXaN3Bi47Yae3O95r139WfLzfwhhNurPeZv2/8LITzea8Z2hzL57w295W+8m3n8n2jrVXrNf18m/74e81/K/v6fz8swe93898f8y7F/6J5e87fv4kwmW69PgK9n9v+p0Gv+zP7Xe0yY8UDMDwCTqPm/eeP8cAvps/QoIT2eno/9dH/TA9bsux92evxfyWynuuvK27ebHgfdGvvNo7r19rypndafPi4Lsb2hYJ1Z4/Kukrz6+/V7HLS8+msl11FUXv3TJddRVF79nc/ei6w0WHn1X//scXTk1d/zhYghy6t/XK4r59U/X3IdReXVv1ByHUXl1b/T/8eHJa/+/SXXUVRe/Ysl11FUXv0FL6uVLq/+pZLrKCqv/htLrqOovPpvKrmOovLqv7nkOobljtjmnQ+n55+LcSzt1zP9mQ6PZc8vhgAAAAAD9Y+RnP+v5crB0GsRQghRdtT8/RcFYmoEahBinOPfjU3DrkP0IRqLw69BjGRszIvIxErG6L3iAPTPYGezYNT5/U82v//J5vfP9aSvxCeZfmqqy3i1y3ity/h0ZjzJ3HEmbzy6KbPdRnpdM7q5y/j/xD3IG9+fuf8PM+O3dtn+cpfx27qM395l/I4u4wAAAEyGW2Lr/BAAAAD2rpd//snrv7z3ictLX108cCJMb5t3/nDsz8TX1l+L/ey896lafM3/R7H/Xmx/E9u/Zdb3/hMAAAAYvPR7Yrz+DwAAAHtX+j2lzv8BAABg71qKrfN/AAAA2LtujK3zfwAAANjDktnOi2ObXhe4O7a9zusHAIy+/43tnbE9ENu7Yvt/sU2PA+6J7f+XVB8A0D8//c6Pj7+ZbM33fzQzfiUuT9tt1jevFCSV9pn852K7L7Zf67Ge7PcB9Jo/tb/HPIPKv7jL/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA3lHZuD12bDkJ4e1P33r0J9Ov//HasruaaxzcuE1irx5CqDXvl45u9X8RV7xy+aWTre3V2CbhSEhC0lweHrvUzDQfQlgPB8NnoR4+XF378oN3Hjn00auzt7xx7plXBvgQtO0fAAAA7EX/DQAA//8Q4Bqg")
rmdir(&(0x7f00000001c0)='./file0\x00')

585.734609ms ago: executing program 1 (id=2290):
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000240)='./file0\x00', 0x2000085c, &(0x7f0000000440)=ANY=[@ANYBLOB='iocharset=ascii,discard,dmask=00000000000000000000007,uid=', @ANYRESDEC=0x0, @ANYBLOB=',discard,\x00', @ANYBLOB="f9ee7ee6616006527905abd668ea17e382e0c83dc34879c344493674bfcb9afe6942e9f3d383d25450ee2c31ef3422c5857ce514a621738e2e8b8bb22211f40606af5eedb6115a0ca9f3b51f9577ee83ca37bd7a2dda7be50c943889823da42fa1d61769bcf9be27857939030378203de5ad9ccf10f333", @ANYRESOCT=0x0, @ANYRES16=0x0, @ANYRES8=0x0, @ANYRESDEC, @ANYRESHEX, @ANYRES32], 0xc1, 0x1521, &(0x7f0000003fc0)="$eJzs3AuYjlX3MPC99t43Y5r0NMlh2GuvmycNtkmSHBJySJIkSXJKSJokSUgMOSUNSchxkhyGkBwmJo3z+ZBz0uSVJklyCgn7u/T2/3vff+/79n+/+j7f95/1u649s9d1P2s9637WXPPc93NdM991H1GnWd2aTYhI/CHw128pQogYIcQQIcR1QohACFEhvkL85eP5FKT8sSdhf66H0692B+xq4vnnbjz/3I3nn7vx/HM3nn/uxvPP3Xj+uRvPn7HcbNusItfzyr3rKn/+7+GPPSv7Q/j9/3+QnLITv9pQ9sYe/0YKzz83kv+54/nnbjz/3I3nn7vx/HM3nv//fDX+xTGef+7G82csN7vanz//f7Rifn3JrnYff+q6yj9+jDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcZyiXP+Ci2E+I/91e6LMcYYY4wxxhhjfx6f92p3wBhjjDHGGGOMsf/zQEihhBaByCPyihiRT8SKa0ScuFbkF9eJiLhexIsbRAFxoygoConCoohIEEVFMWEECitIhKK4KCGi4iZRUtwsEkUpUVqUEU6UFUniFlFO3CrKi9tEBXG7qCjuEJVEZVFFVBV3imriLlFd1BA1xd2ilqgt6oi64h5RT9wr6ov7RANxv2goHhCNxIOisXhINBEPi6biEdFMPCqai8dEC9FStBKtRZv/rfyXRG/xsugj+ooU0U/0F6+IAWKgGCQGiyHiVTFUvCaGiddFqhguRog3xEjxphgl3hKjxRgxVrwtxonxYoKYKCaJySJNvCOmiHfFVPGemCamixlipkgXs8Rs8b6YI+aKeeIDMV98KBaIhWKRWCwyxEdiiVgqMsXHYpn4RGSJ5WKFWClWidVijVgr1on1YoPYKDaJzWKL2Cq2iU/FdrFD7BS7xG6xR+wVn4l94nOxX3whssWX/2b+2f+S3wMECJAgQYOGPJAHYiAGYiEW4iAO8kN+iEAE4iEeCkABKAgFoTAUhgRIgGJQDBAQCAiKQ3GIQhRKQklIhEQoDaXBgYMkSIJycCuUh/JQASpARagIlaAyVIaqUBWqQTWoDtWhJtSEWlAL6kAduAfugXuhPtSHBtAAGkJDaASNoDE0hibQBJpCU2gGzaA5NIcW0AJaQStoA22gLbSFdtAOOkAH6AgdoRN0gmRIhs7QGbpAF+gKXaEbdIPu0B16QE/oCS/BS/AyvAx9oZbsB/2hPwyAATAIBsNgeBWGwmvwGrwOqTAcRsAb8Aa8CaPgDIyGMTAWxkI1OR4mwEQgORnSIA2mwBSYClNhGkyH6TAT0mEWzIbZMAfmwlz4AObDh+c+hIWwEBZDBmTAElgKmZAJy+AsZMFyWAErYRWshlWwFtbBWtgAG2EDbIbNsBW2wqfwKeyAHbALdsEe2AOfwWfwOXwOqZAN2XAADsBBOAiH4BDkQA4chsNwBI7AUTgKx+AYHIcTcBJOwGk4DWfgLJyDc3AezsMFeCHhm6Z7Sq1PFfIyLbXMI/PIGBkjY2WsjJNxMr/MLyMyIuNlvCwgC8iCsqAsLAvLBJkgi8liEiVKkqEsLovLqIzKkrKkTJSJsrQsLZ10MkkmyXKynCwvy8sK8nZZUd4hK8nKsr2rKqvKarKDqy5ryJqypqwla8s6sq6sK+vJerK+rC8byAayoWwoG8kHZWPZDwbBw/LyZJrJ4dBcjoAWsqVsJVvLN+Fx2VaOgnayvewgn5RjYDR0km1dsnxGdpYToIt8Tk6E52U3ORm6yxdlD9lT9pIvyd6ynesj+8pp0E/2lzNhgBwoB8nBcg7UlpcnVke+LlPlcDlCviEXw5tylHxLjpZj5Fj5thwnx8sJcqKcJCfLNPmOnCLflVPle3KanC5nyJkyXc6Ss+X7co6cK+fJD+R8+aFcIBfKRXKxzJAfySVyqcyUH8tl8hOZJZfLFXKlXCVXyzVyrVwn18sNcqPcJDfLLXKr3CY/ldvlDrlT7pK75R65V34m98nP5X75hcyWX8oD8i/yoPxKHpJfyxz5jTwsv5VH5HfyqPxeHpM/yOPyhDwpT8nT8kd5Rp6V5+RP8rz8WV6QF+Ul6aVQoKRSSqtA5VF5VYzKp2LVNSpOXavyq+tURF2v4tUNqoC6URVUhVRhVUQlqKKqmDIKlVWkQlVclVBRdZMqqW5WiaqUKq3KKKfKqiR1iyqnblXl1W2qgrpdVVR3qEqqsqqiqqo7VTV1l6quaqia6m5VS9VWdVRddY+qp+5V9dV9qoG6XzVUD6hG6kHVWD2kmqiHVVP1iGqmHlXN1WOqhWqpWqnWqo16XLVVT6h2qr3qoJ5UHdVTqpN6WiWrZ1Rn9azqop5TXdXzqpt6QXVXL6oeqqfqpS6qS8qrPqqvSlH9VH/1ihqgBqpBarAaol5VQ9Vraph6XaWq4WqEekONVG+qUeotNVqNUWPV22qcGq8mqIlqkpqs0tQ7aop6V01V76lparqaoWaqdDVLDfq10rz/Rv67/yB/2C/PvlVtU5+q7WqH2ql2qd1qj9qr9qp9ap/ar/arbJWtDqgD6qA6qA6pQypH5ajD6rA6oo6oo+qoOqaOqePqhPpJnVKn1Y/qjDqrzqqf1Hl1Xl349TUQGrTUSmsd6Dw6r47R+XSsvkbH6Wt1fn2djujrdby+QRfQN+qCupAurIvoBF1UF9NGo7aadKiL6xI6qm/SJfXNOlGX0qV1Ge10WZ2kb/nD+b/XXxvdRrfVbXU73U530B10R91Rd9KddLJO1p11Z91Fd9FddVfdTXfT3XV33UP30L10L91b99Z9dB+dolN0f/2KHqAH6kF6sB6iX9VD9VA9TA/TqTpVj9Aj9Eg9Uo/So/RoPVqP1WP1OD1OT9AT9CQ9SafpND1FT9FT9VQ9TU/TM/QMna7T9Ww9W8/Rc/Q8PU/P1/P1Ar1AL9KLdIbO0Ev0Ep2pM/UyvUxn6eV6uV6pV+rVerVeq9fq9Xq93qg36s16s87S2/Q2vV1v1zv1Tr1b79Z79V69T+/T+/V+na2z9QF9QB/UB/UhfUjn6Bx9WB/WR/QRfVQf1cf0MX1cH9cn9Ul9Wp/WZ/QZfU6f0+f1eX1BX9CX9KXLl32BDGSgAx3kCfIEMUFMEBvEBnFBXJA/yB9EgkgQH8QHBYIbg4JBoaBwUCRICIoGxQITYGADCsKgeFAiiAY3BSWDm4PEoFRQOigTuKBskBTcEpQLbg3KB7cFFYLbg4rBHUGloHJQJaga3BlUC+4Kqgc1gprB3UGtoHZQJ6gbVB7/12vS+4IGwf1Bw+CBoFHwYNA4eChoEjwcNA0eCZoFjwbNg8eCFkHLoFXQOmjzb9W/J6gX3BvUD/5Zfe/PFHrC9TF9TYrpZ/qbV8wAM9AMMoPNEPOqGWpeM8PM6ybVDDcjzBtmpHnTjDJvmdFmjBlr3jbjzHgzwUw0k8xkk2beMVPMu2aqec9MM9PNDDPTpJtZZrZ538wxc80884GZbz40C8xCs8gsNhnmI7PELDWZ5mOzzHxissxys8KsNKvMarPGrDXrzHqzwWw0m8xms8VsNdvMp2a72WF2ml1mt9lj9prPzD7zudlvvjDZ5ktzwPzFHDRfmUPma5NjvjGHzbfmiPnOHDXfm2PmB3PcnDAnzSlz2vxozpiz5pz5yZw3P5sL5qK5ZPzli/vLb++oUWMezIMxGIOxGItxGIf5MT9GMILxGI8FsAAWxIJYGAtjAiZgMSyGlxESFsfiGMUolsSSmIiJWBpLo0OHSZiE5bAclsfyWAErYEWsiJWwElbBKngn3ol34V1YA2vg3Xg31sbaWBfrYj2sh/WxPjbABtgQG2IjbISNsTE2wSbYFJtiM2yGzbE5tsAW2ApbYRtsg22xLbbDdtgBO2BH7IidsBMmYzJ2xs7YBbtgV+yK3bAbdsfu2AN7YC/shb2xN/bBPpiCKdgf++MAHICDcBAOwSE4FIfiMByGqZiKI3AEjsSROApH4Wgcg2PxbRyH43ECTsRJOBnTMA2n4BScilNxGk7DGTgD0zEdZ+NsnINzcB7Ow/k4HxfgAlyEizADM/IKXIKZmInLcBlmYRauwBW4ClfhGlyD63AdbsANuAk34RbcgttwG27H7bgTd+Ju3I17cS/uw324H/djNmbjATyAB/EgHsJDmIM5eBgP4xE8gkfxKB7DY3gcj+NJPImn8TSewTN4Ds/hefwZL+BFvIQeY6wUsfYaG2evtfntdTbG5rN/Gxe2RWyCLWqLWWML2kJ/F6O1NtGWsqVtGetsWZtkb/lNXMlWtlVsVXunrWbvstV/E9ez99r69j7bwN5v69p7/i5uaB+wjeyjtrF9zDaxLW1T29o2s4/a5vYx28K2tK1sa9vRPmU72adtsn3GdrbP/iZeYpfadXa93WA32n32c3vO/mSP2O/sefuz7WP72iH2VTvUvmaH2ddtqh3+m3isfduOs+PtBDvRTrKTfxPPsDNtup1lZ9v37Rw79zdxhv3IzreZdoFdaBfZxb/El3vKtB/bZfYTm2WX2xV2pV1lV9s1du1/9rrSbrZb7Fa7135mt9sddqfdZXfbPb/El89jv/3CZtsv7WH7rT1ov7KH7FGbY7/5Jb58fkft9/aY/cEetyfsSXvKnrY/2jP27C/nf/ncT9mL9pL1VhCQJEWaAspDeSmG8lEsXUNxdC3lp+soQtdTPN1ABehGKkiFqDAVoQQqSsXIEJIlopCKUwmK0k1Ukm6mRCpFpakMOSpLSXQLlaNbqTzdRhXodqpId1AlqkxVqCrdSdXoLqpONagm3U21qDbVobp0D9Wje6k+3UcN6H5qSA9QI3qQGtND1IQepqb0CDWjR6k5PUYtqCW1otbUhh6ntvQEtaP21IGepI70FHWipymZnqHO9Cx1oeeoKz1P3egF6k4vUg/qSb3oJepNL1Mf6ksp1I/60ys0gAbSIBpMQ+hVGkqv0TB6nVJpOI2gN2gkvUmj6C0aTWNoLL1N42g8TaCJNIkmUxq9Q1PoXZpK79E0mk4zaCal0yyaTe/THJpL8+gDmk8f0gJaSItoMWXQR7SEllImfUzL6BPKouW0glbSKlpNa2gtraP1tIE20ibaTFtoK22jT2k77aCdtIt20x7aS5/RPvqc9tMXlE1f0gH6Cx2kr+gQfU059A0dpm/pCH1HR+l7OkY/0HE6QSfpFJ2mH+kMnaVz9BOdp5/pAl2kS+RJhBDKUIU6DMI8Yd4wJswXxobXhHHhtWH+8LowEl4fxoc3hAXCG8OCYaGwcFgkTAiLhsVCE2JoQwrDsHhYIoyGN4Ulw5vDxLBUWDosE7qwbJgU3hKWC28Ny4e3hRXC28OK4R1hpbBy+Oj9VcM7w2rhXWH1sEZYM7w7rBXWDuuEdcN7wnrhvWH98L6wQXh/WD58IGwUPhg2Dh8Km4QPh03DR8Jm4aNh8/CxsEXYMmwVtg7bhI+HbcMnwnZh+7BD+GTYMXwq7BQ+HSaHz4Sdw2d/93hK2C/sH74SvhJ6f59aFF0czYh+FF0SXRrNjH4cXRb9JJoVXR5dEV0ZXRVdHV0TXRtdF10f3RDdGN0U3RzdEt0a9b5uXuHASaecdoHL4/K6GJfPxbprXJy71uV317mIu97FuxtcAXejK+gKucKuiEtwRV0xZxw668iFrrgr4aLuJlfS3ewSXSlX2pVxzpV1Sa61a+PauLbuCdfOtXcd3JPuSfeUe8o97Z52z7jO7lnXxT3nurrnXTf3gnvBveh6uJ6ul3vJ9XYvuz6ur0txKa6/6+8GuAFukBvkhrghbqgb6oa5YS7VpboRboQb6Ua6UW6UG+1Gu7FurBvnxrkJboKb5Ca5NJfmprgpbqqb6qa5aW6Gm+HSXbqb7Wa7OW6Om+fmufmJ890Ct8AtcotchstwS9wSl+ky3TK3zGW5LLfCrXCr3Cq3xq1x69w6t8FtcJvcJrfFbXHb3Da33W13O91Ot9vtdnvdXrfP7XP73X6X7bLdAXfAHXQH3SH3tctx37jD7lt3xH3njrrv3TH3gzvuTriT7pQ77X50Z9xZd8795M67n90Fd9Fdct6lRd6JTIm8G5kaeS8yLTI9MiMyM5IemRWZHXk/MicyNzIv8kFkfuTDyILIwsiiyOJIRuSjyJLI0khm5OPIssgnkazI8siKyMrIqsjqiPdFt4e+uC/ho/4mX9Lf7BN9KV/al/HOl/VJ/hZfzt/qy/vbfAV/u6/o7/CVfGVfxT/mW/iWvpVv7dv4x31b/4Rv59v7Dv5J39E/5Tv5p32yf8Z39s/6Lv4539U/77v5F3x3/6Lv4Xv6Xv4l39u/7Pv4vj7F9/P9/St+gB/oB/nBfoh/1Q/1r/lh/nWf6of7Ef4NP9K/6Uf5t/xoP8aP9W/7cX68n+An+kl+sk/z7/gp/l0/1b/np/npfoaf6dP9LD/bv+/n+Ll+nv/Az/cf+gV+oV/kF/sM/5Ff4pf6TP+xX+Y/8Vl+uV/hV/pVfrVf49f6dX693+A3+k1+s9/it/pt/lO/3e/wO/0uv9vv8Xv9Z36f/9zv91/4bP+lP+D/4g/6r/wh/7XP8d/4w/5bf8R/54/67/0x/4M/7k/4k/6UP+1/9Gf8WX/O/+TP+5/9BX/RX+K/WWOMMcYY+2/ZUvBfH+/3X+JTXggp/rou6y+EuHZHkZy/fYwSQmz6te5AmdAxIoR4pm/3h/9j1aqVkpLy62OzlAhKLBRCRK7k5xFX4uW/fE0W7UW5f9jfQNnzPP1O/ejtQsT+TU6MuBIvFx3EU7/Uv/Wf1H/8ybFLKobn4v9F/YVCJJa4kpNPXImv1C//T+oXavs7/ef7Kk2Idn+TEyeuxFfqJ4knxLMi+e8eyRhjjDHGGGOM/dVAWaXr790/X74/T9BXcvKKK/GV+89/fH/OGGOMMcYYY4yxq+/5nr2efjw5uX1X3vzhDcD/E23whjd/wuZq/2ZijDHGGGOM/dmuXPRf7U4YY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjLHc6//GvxO72ufIGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMXW3/KwAA///UIjrY")
open(&(0x7f0000000000)='./file0\x00', 0x1607c0, 0x78e22799f4a46ffe)

347.508945ms ago: executing program 3 (id=2291):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000680)=ANY=[@ANYBLOB="4c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001c00128009000100766c616e000000000c000280060001000000000008000500", @ANYRES32, @ANYBLOB="08003f0086fc"], 0x4c}, 0x1, 0xba01, 0x0, 0x4004001}, 0x20044890)

226.248303ms ago: executing program 0 (id=2292):
r0 = syz_open_dev$evdev(&(0x7f0000000c00), 0x803, 0x0)
ioctl$EVIOCSKEYCODE_V2(r0, 0x40284504, &(0x7f0000001940)={0x12, 0xff, 0x200, 0x1, "f3f1d6ae82fe8cfbfdd2864bf4f326246f6941e463910f8b80ac3d34969600"})

44.530301ms ago: executing program 2 (id=2293):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000240)={0x268, 0x25, 0x1, 0x0, 0x0, "", [@nested={0x255, 0x20b1, 0x0, 0x1, [@typed={0xc, 0x1, 0x0, 0x0, @u64=0x2}, @nested={0x165, 0x1fc, 0x0, 0x1, [@generic="aacb078fbe8fcbd3844064688b2b4f72c8b118a6a90ed572e0926e98ff65077497ecdfa2dd0b5be86a30b081592ea9aee28a5b9348e4309e890e00a64b80b2f24c4e21bbf0e68a8e654b69e6ffbeb86cad20e8b308763f888071387b6411d1d7a3daf18fa5b322cf482b526b0a09ec57b041b4725cdc1a60af0c680b1c0876c75d014155cffa2183cb7b0cef3d0fb8771666304bb326ae16138cf54860b3b23ea42b6d60982de3c6ad7bddef702a654f13fff71f05637e0a13e0534ac5ddf248333a135ad7629cff78c318eefec08d0d3b67eb20d03f38eb4ac5ec825788c56d07a5ef39bdbc3913dd175f1b1f1fc98ec55124715319", @generic="fae644f50596f81d9ad9081d397c66b15f5eaf36bc97fc82590eed387df8a1852954f8892f18315574824837ae0ffbd6ee87e5a331e118cfdbd0ea0cb2c9afbcc6c7f301d71f0a16bff8718e908545b6008dd320da4618006dccda8c1c3249c67738b4e6ecd1164f16d2ad"]}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe8101000000010000008b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fd"]}]}, 0x268}], 0x1}, 0x0)

6.437141ms ago: executing program 1 (id=2294):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x1c, 0x2e, 0x9, 0x70bd27, 0x0, {0x4}, [@nested={0x5, 0x11, 0x0, 0x1, [@generic='\x00']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x42804}, 0x4000000)

6.033611ms ago: executing program 3 (id=2295):
r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x80000001, 0x82002)
ioctl$MON_IOCX_GET(r0, 0x40189206, 0x0)

0s ago: executing program 5 (id=2296):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000001600)={0x0, 0x0, 0x0, 0x3}, 0x10)

kernel console output (not intermixed with test programs):

2][  T791] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 31, changing to 7
[  276.774895][  T791] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  276.821919][  T791] usb 3-1: language id specifier not provided by device, defaulting to English
[  276.853832][  T791] usb 3-1: New USB device found, idVendor=2013, idProduct=0251, bcdDevice=e8.6e
[  276.903036][  T791] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  276.916821][  T791] usb 3-1: Manufacturer: ‰
[  276.921589][  T791] usb 3-1: SerialNumber: syz
[  276.921992][ T9034] BTRFS info (device loop1): enabling ssd optimizations
[  276.956087][  T791] usb 3-1: config 0 descriptor??
[  276.983015][ T9034] BTRFS info (device loop1): turning on async discard
[  276.995913][  T791] em28xx 3-1:0.0: New device ‰  @ 480 Mbps (2013:0251, interface 0, class 0)
[  277.027294][ T9034] BTRFS info (device loop1): enabling free space tree
[  277.074928][  T791] em28xx 3-1:0.0: Audio interface 0 found (Vendor Class)
[  277.174669][ T5904] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 748ms
[  277.211424][ T5904] gfs2: fsid=syz:syz.0: jid=0: Done
[  277.220100][ T9067] loop4: detected capacity change from 0 to 1024
[  277.226004][ T9013] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  277.265398][  T791] em28xx 3-1:0.0: unknown em28xx chip ID (0)
[  277.290345][ T9013] gfs2: fsid=syz:syz.0: can't create logd thread: -4
[  277.327528][  T791] em28xx 3-1:0.0: Config register raw data: 0xfffffffb
[  277.357981][  T791] em28xx 3-1:0.0: AC97 chip type couldn't be determined
[  277.372899][  T791] em28xx 3-1:0.0: No AC97 audio processor
[  277.427825][ T5826] BTRFS info (device loop1): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  277.438566][  T791] usb 3-1: USB disconnect, device number 31
[  277.440147][  T791] em28xx 3-1:0.0: Disconnecting em28xx
[  277.495651][  T791] em28xx 3-1:0.0: Freeing device
[  277.869204][ T9072] loop1: detected capacity change from 0 to 128
[  278.376389][ T9074] loop2: detected capacity change from 0 to 4096
[  278.490158][ T9074] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  278.800595][ T5836] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  279.207470][ T9070] loop4: detected capacity change from 0 to 32768
[  279.235188][ T9070] BTRFS: device fsid 59b5568a-a427-4554-b73a-27dcd238cc5a devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1218 (9070)
[  279.264973][ T5980] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  279.317345][ T9070] BTRFS info (device loop4): first mount of filesystem 59b5568a-a427-4554-b73a-27dcd238cc5a
[  279.359961][ T9070] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm
[  279.374141][ T9076] loop1: detected capacity change from 0 to 32768
[  279.406787][ T9076] BTRFS: device fsid 28302361-d975-4c41-bd4c-c547b14b74a1 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1221 (9076)
[  279.434442][ T5980] usb 3-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96
[  279.445605][ T5980] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  279.453718][ T5980] usb 3-1: Product: syz
[  279.468920][ T5980] usb 3-1: Manufacturer: syz
[  279.474403][ T5980] usb 3-1: SerialNumber: syz
[  279.482754][ T9076] BTRFS info (device loop1): first mount of filesystem 28302361-d975-4c41-bd4c-c547b14b74a1
[  279.506129][ T9076] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm
[  279.657872][ T5980] usb 3-1: config 0 descriptor??
[  279.706596][ T9070] BTRFS info (device loop4): enabling ssd optimizations
[  279.744931][ T9070] BTRFS info (device loop4): turning on async discard
[  279.752061][ T9070] BTRFS info (device loop4): enabling free space tree
[  279.796172][ T9076] BTRFS info (device loop1): enabling ssd optimizations
[  279.803169][ T9076] BTRFS info (device loop1): turning on async discard
[  279.844971][ T9076] BTRFS info (device loop1): enabling free space tree
[  279.860523][ T9114] loop3: detected capacity change from 0 to 1756
[  279.975051][ T5980] peak_usb 3-1:0.0 can0: unable to request usb[type=0 value=1] err=-71
[  280.017749][ T5980] peak_usb 3-1:0.0: unable to read PCAN-USB FD firmware info (err -71)
[  280.052674][ T9082] loop5: detected capacity change from 0 to 32768
[  280.088645][ T9082] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1222 (9082)
[  280.123272][ T5826] BTRFS info (device loop1): last unmount of filesystem 28302361-d975-4c41-bd4c-c547b14b74a1
[  280.153827][ T9082] BTRFS info (device loop5): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928
[  280.191305][ T9082] BTRFS info (device loop5): using sha256 (sha256-lib) checksum algorithm
[  280.195203][ T5838] BTRFS info (device loop4): last unmount of filesystem 59b5568a-a427-4554-b73a-27dcd238cc5a
[  280.376617][ T5980] peak_usb 3-1:0.0: probe with driver peak_usb failed with error -71
[  280.406330][ T9122] loop3: detected capacity change from 0 to 512
[  280.495666][ T5980] usb 3-1: USB disconnect, device number 32
[  280.516402][ T9122] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  280.550989][ T9082] BTRFS info (device loop5): enabling ssd optimizations
[  280.597932][ T9082] BTRFS info (device loop5): turning on async discard
[  280.622592][ T9122] ext4 filesystem being mounted at /193/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  280.688971][ T9082] BTRFS info (device loop5): enabling free space tree
[  280.847336][ T9136] loop4: detected capacity change from 0 to 1764
[  280.998917][ T5842] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  281.078699][ T5827] BTRFS info (device loop5): last unmount of filesystem d552757d-9c39-40e3-95f0-16d819589928
[  281.485121][ T9142] loop1: detected capacity change from 0 to 2368
[  282.768179][ T9140] loop3: detected capacity change from 0 to 32768
[  282.814345][ T9140] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1229 (9140)
[  282.868730][ T9140] BTRFS info (device loop3): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31
[  282.887808][ T9145] loop4: detected capacity change from 0 to 32768
[  282.906931][ T9140] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  282.926283][ T9145] BTRFS: device fsid e0cb6322-611b-4325-acdf-015f79de3787 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1231 (9145)
[  283.007164][ T9145] BTRFS info (device loop4): first mount of filesystem e0cb6322-611b-4325-acdf-015f79de3787
[  283.025089][ T9145] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm
[  283.160874][ T9140] BTRFS info (device loop3): enabling ssd optimizations
[  283.214962][ T9140] BTRFS info (device loop3): turning on async discard
[  283.225926][ T9140] BTRFS info (device loop3): enabling free space tree
[  283.291979][ T9145] BTRFS info (device loop4): enabling ssd optimizations
[  283.317302][ T9145] BTRFS info (device loop4): turning on async discard
[  283.325524][ T9145] BTRFS info (device loop4): enabling free space tree
[  283.560630][ T5842] BTRFS info (device loop3): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31
[  283.605278][ T5838] BTRFS info (device loop4): last unmount of filesystem e0cb6322-611b-4325-acdf-015f79de3787
[  283.897441][ T9146] loop5: detected capacity change from 0 to 32768
[  283.970400][ T9149] loop0: detected capacity change from 0 to 32768
[  284.006628][ T9146] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  284.024933][ T9146] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  284.073101][ T9149] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz'
[  284.139955][ T9149] CPU: 0 UID: 0 PID: 9149 Comm: syz.0.1233 Not tainted syzkaller #0 PREEMPT(full) 
[  284.140006][ T9149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  284.140035][ T9149] Call Trace:
[  284.140047][ T9149]  <TASK>
[  284.140060][ T9149]  dump_stack_lvl+0x100/0x190
[  284.140113][ T9149]  sysfs_warn_dup.cold+0x1c/0x28
[  284.140168][ T9149]  sysfs_create_dir_ns+0x24b/0x2b0
[  284.140218][ T9149]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  284.140264][ T9149]  ? find_held_lock+0x2b/0x80
[  284.140313][ T9149]  ? kobject_add_internal+0x25f/0x930
[  284.140371][ T9149]  ? kobject_add_internal+0x25f/0x930
[  284.140429][ T9149]  ? srso_alias_return_thunk+0x5/0xfbef5
[  284.140477][ T9149]  ? do_raw_spin_unlock+0x145/0x1e0
[  284.140525][ T9149]  kobject_add_internal+0x2c8/0x930
[  284.140581][ T9149]  ? kmemdup_nul+0x51/0xd0
[  284.140624][ T9149]  kobject_init_and_add+0x121/0x180
[  284.140685][ T9149]  ? __pfx_kobject_init_and_add+0x10/0x10
[  284.140753][ T9149]  ? srso_alias_return_thunk+0x5/0xfbef5
[  284.140801][ T9149]  ? lockdep_init_map_type+0x5c/0x250
[  284.140868][ T9149]  ? srso_alias_return_thunk+0x5/0xfbef5
[  284.140915][ T9149]  ? lockdep_init_map_type+0x5c/0x250
[  284.140989][ T9149]  gfs2_sys_fs_add+0x209/0x410
[  284.141031][ T9149]  ? __pfx_gfs2_sys_fs_add+0x10/0x10
[  284.141067][ T9149]  ? lockdep_init_map_type+0xe6/0x250
[  284.141132][ T9149]  ? srso_alias_return_thunk+0x5/0xfbef5
[  284.141180][ T9149]  ? alloc_workqueue_noprof+0x198/0x200
[  284.141243][ T9149]  ? __pfx_alloc_workqueue_noprof+0x10/0x10
[  284.141317][ T9149]  ? srso_alias_return_thunk+0x5/0xfbef5
[  284.141381][ T9149]  gfs2_fill_super+0x143b/0x2d00
[  284.141426][ T9149]  ? __pfx_vsnprintf+0x10/0x10
[  284.141467][ T9149]  ? __lock_acquire+0x4a5/0x2630
[  284.141544][ T9149]  ? __pfx_gfs2_fill_super+0x10/0x10
[  284.141590][ T9149]  ? __pfx_snprintf+0x10/0x10
[  284.141636][ T9149]  ? find_held_lock+0x2b/0x80
[  284.141685][ T9149]  ? srso_alias_return_thunk+0x5/0xfbef5
[  284.141737][ T9149]  ? set_blocksize+0x403/0x510
[  284.141775][ T9149]  ? setup_bdev_super+0x337/0x730
[  284.141834][ T9149]  ? srso_alias_return_thunk+0x5/0xfbef5
[  284.141882][ T9149]  ? sb_set_blocksize+0x1fe/0x290
[  284.141932][ T9149]  ? get_tree_bdev_flags+0x38c/0x620
[  284.141990][ T9149]  get_tree_bdev_flags+0x38c/0x620
[  284.142055][ T9149]  ? __pfx_gfs2_fill_super+0x10/0x10
[  284.142104][ T9149]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[  284.142163][ T9149]  ? vfs_parse_fs_qstr+0x144/0x1c0
[  284.142213][ T9149]  ? srso_alias_return_thunk+0x5/0xfbef5
[  284.142261][ T9149]  ? srso_alias_return_thunk+0x5/0xfbef5
[  284.142308][ T9149]  ? apparmor_capable+0x1d7/0x4e0
[  284.142357][ T9149]  ? __asan_memset+0x23/0x50
[  284.142418][ T9149]  gfs2_get_tree+0x4e/0x280
[  284.142465][ T9149]  vfs_get_tree+0x92/0x320
[  284.142514][ T9149]  ? srso_alias_return_thunk+0x5/0xfbef5
[  284.142565][ T9149]  path_mount+0x7d0/0x23c0
[  284.142619][ T9149]  ? __pfx_path_mount+0x10/0x10
[  284.142665][ T9149]  ? kmem_cache_free+0x143/0x720
[  284.142723][ T9149]  ? strncpy_from_user+0x19d/0x2d0
[  284.142778][ T9149]  ? putname+0xf5/0x1a0
[  284.142826][ T9149]  ? srso_alias_return_thunk+0x5/0xfbef5
[  284.142874][ T9149]  ? putname+0xfa/0x1a0
[  284.142919][ T9149]  ? __x64_sys_mount+0x293/0x310
[  284.142962][ T9149]  ? srso_alias_return_thunk+0x5/0xfbef5
[  284.143008][ T9149]  __x64_sys_mount+0x293/0x310
[  284.143059][ T9149]  ? __pfx___x64_sys_mount+0x10/0x10
[  284.143120][ T9149]  do_syscall_64+0xc9/0xf80
[  284.143172][ T9149]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  284.143213][ T9149] RIP: 0033:0x7f5bd499bf4a
[  284.143243][ T9149] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  284.143282][ T9149] RSP: 002b:00007f5bd5786e58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  284.143319][ T9149] RAX: ffffffffffffffda RBX: 00007f5bd5786ee0 RCX: 00007f5bd499bf4a
[  284.143347][ T9149] RDX: 0000200000013400 RSI: 0000200000013440 RDI: 00007f5bd5786ea0
[  284.143373][ T9149] RBP: 0000200000013400 R08: 00007f5bd5786ee0 R09: 0000000000000000
[  284.143398][ T9149] R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000013440
[  284.143423][ T9149] R13: 00007f5bd5786ea0 R14: 00000000000133f4 R15: 0000200000013480
[  284.143474][ T9149]  </TASK>
[  284.571487][ T9149] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory.
[  284.586440][ T9149] gfs2: fsid=syz:syz: error -17 adding sysfs files
[  284.622335][ T9146] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms
[  284.797366][ T5980] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  284.804455][ T5980] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  284.928696][ T9190] loop3: detected capacity change from 0 to 512
[  285.213972][ T9197] loop0: detected capacity change from 0 to 64
[  285.244393][ T9190] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  285.501225][ T5980] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 696ms
[  285.572395][ T5980] gfs2: fsid=syz:syz.0: jid=0: Done
[  285.593363][ T9146] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  285.610384][ T9146] gfs2: fsid=syz:syz.0: can't create logd thread: -4
[  285.724087][ T5842] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  285.739039][ T9200] loop0: detected capacity change from 0 to 64
[  285.768339][ T9202] loop1: detected capacity change from 0 to 128
[  285.985266][ T9204] loop3: detected capacity change from 0 to 132
[  286.376789][ T9207] loop1: detected capacity change from 0 to 2048
[  286.430778][ T9210] loop3: detected capacity change from 0 to 512
[  286.901992][ T9194] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  286.925626][ T9187] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  286.959007][ T9187] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  287.101653][ T9187] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms
[  287.119223][ T5904] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  287.120172][ T9194] XFS (loop2): Torn write (CRC failure) detected at log block 0x40. Truncating head block from 0x50.
[  287.165944][ T9194] XFS (loop2): Starting recovery (logdev: internal)
[  287.172779][ T5904] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  287.292234][ T9194] XFS (loop2): Ending recovery (logdev: internal)
[  287.515368][ T5836] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  287.765858][ T5904] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 593ms
[  287.814449][ T5904] gfs2: fsid=syz:syz.0: jid=0: Done
[  287.821014][ T9208] BTRFS: device fsid c6b85f58-0c7e-41ca-a553-c8d9f94f6663 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.1243 (9208)
[  287.854212][ T9187] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  287.922771][ T9187] gfs2: fsid=syz:syz.0: can't create logd thread: -4
[  287.933630][ T9208] BTRFS info (device loop0): first mount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663
[  287.978193][ T9208] BTRFS info (device loop0): using blake2b (blake2b-256-lib) checksum algorithm
[  288.275599][ T9208] BTRFS info (device loop0): enabling ssd optimizations
[  288.282607][ T9208] BTRFS info (device loop0): turning on async discard
[  288.344870][ T9208] BTRFS info (device loop0): enabling free space tree
[  288.627683][ T5828] BTRFS info (device loop0): last unmount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663
[  288.682422][ T9212] set_capacity_and_notify: 3 callbacks suppressed
[  288.682448][ T9212] loop5: detected capacity change from 0 to 32768
[  288.729337][ T9220] loop3: detected capacity change from 0 to 32768
[  288.786821][ T9212] gfs2: fsid=syz:syz: Trying to join cluster "lock_dlm", "syz:syz"
[  288.806757][ T9212] dlm: no local IP address has been set
[  288.812327][ T9212] dlm: cannot start dlm midcomms -107
[  288.853356][ T9220] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz'
[  288.874038][ T9212] gfs2: fsid=syz:syz: dlm_new_lockspace error -107
[  288.911409][ T9220] CPU: 0 UID: 0 PID: 9220 Comm: syz.3.1247 Not tainted syzkaller #0 PREEMPT(full) 
[  288.911462][ T9220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  288.911487][ T9220] Call Trace:
[  288.911499][ T9220]  <TASK>
[  288.911512][ T9220]  dump_stack_lvl+0x100/0x190
[  288.911567][ T9220]  sysfs_warn_dup.cold+0x1c/0x28
[  288.911623][ T9220]  sysfs_create_dir_ns+0x24b/0x2b0
[  288.911674][ T9220]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  288.911720][ T9220]  ? find_held_lock+0x2b/0x80
[  288.911768][ T9220]  ? kobject_add_internal+0x25f/0x930
[  288.911825][ T9220]  ? kobject_add_internal+0x25f/0x930
[  288.911886][ T9220]  ? srso_alias_return_thunk+0x5/0xfbef5
[  288.911936][ T9220]  ? do_raw_spin_unlock+0x145/0x1e0
[  288.911984][ T9220]  kobject_add_internal+0x2c8/0x930
[  288.912047][ T9220]  ? kmemdup_nul+0x51/0xd0
[  288.912089][ T9220]  kobject_init_and_add+0x121/0x180
[  288.912150][ T9220]  ? __pfx_kobject_init_and_add+0x10/0x10
[  288.912217][ T9220]  ? srso_alias_return_thunk+0x5/0xfbef5
[  288.912265][ T9220]  ? lockdep_init_map_type+0x5c/0x250
[  288.912334][ T9220]  ? srso_alias_return_thunk+0x5/0xfbef5
[  288.912382][ T9220]  ? lockdep_init_map_type+0x5c/0x250
[  288.912457][ T9220]  gfs2_sys_fs_add+0x209/0x410
[  288.912496][ T9220]  ? __pfx_gfs2_sys_fs_add+0x10/0x10
[  288.912532][ T9220]  ? lockdep_init_map_type+0xe6/0x250
[  288.912599][ T9220]  ? srso_alias_return_thunk+0x5/0xfbef5
[  288.912646][ T9220]  ? alloc_workqueue_noprof+0x198/0x200
[  288.912728][ T9220]  ? __pfx_alloc_workqueue_noprof+0x10/0x10
[  288.912803][ T9220]  ? srso_alias_return_thunk+0x5/0xfbef5
[  288.912864][ T9220]  gfs2_fill_super+0x143b/0x2d00
[  288.912910][ T9220]  ? __pfx_vsnprintf+0x10/0x10
[  288.912951][ T9220]  ? __lock_acquire+0x4a5/0x2630
[  288.913034][ T9220]  ? __pfx_gfs2_fill_super+0x10/0x10
[  288.913079][ T9220]  ? __pfx_snprintf+0x10/0x10
[  288.913126][ T9220]  ? find_held_lock+0x2b/0x80
[  288.913174][ T9220]  ? srso_alias_return_thunk+0x5/0xfbef5
[  288.913221][ T9220]  ? set_blocksize+0x403/0x510
[  288.913260][ T9220]  ? setup_bdev_super+0x337/0x730
[  288.913321][ T9220]  ? srso_alias_return_thunk+0x5/0xfbef5
[  288.913369][ T9220]  ? sb_set_blocksize+0x1fe/0x290
[  288.913420][ T9220]  ? get_tree_bdev_flags+0x38c/0x620
[  288.913479][ T9220]  get_tree_bdev_flags+0x38c/0x620
[  288.913538][ T9220]  ? __pfx_gfs2_fill_super+0x10/0x10
[  288.913587][ T9220]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[  288.913647][ T9220]  ? vfs_parse_fs_qstr+0x144/0x1c0
[  288.913696][ T9220]  ? srso_alias_return_thunk+0x5/0xfbef5
[  288.913746][ T9220]  ? srso_alias_return_thunk+0x5/0xfbef5
[  288.913797][ T9220]  ? apparmor_capable+0x1d7/0x4e0
[  288.913848][ T9220]  ? __asan_memset+0x23/0x50
[  288.913909][ T9220]  gfs2_get_tree+0x4e/0x280
[  288.913955][ T9220]  vfs_get_tree+0x92/0x320
[  288.914011][ T9220]  ? srso_alias_return_thunk+0x5/0xfbef5
[  288.914071][ T9220]  path_mount+0x7d0/0x23c0
[  288.914125][ T9220]  ? __pfx_path_mount+0x10/0x10
[  288.914171][ T9220]  ? kmem_cache_free+0x143/0x720
[  288.914230][ T9220]  ? strncpy_from_user+0x19d/0x2d0
[  288.914287][ T9220]  ? putname+0xf5/0x1a0
[  288.914335][ T9220]  ? srso_alias_return_thunk+0x5/0xfbef5
[  288.914383][ T9220]  ? putname+0xfa/0x1a0
[  288.914428][ T9220]  ? __x64_sys_mount+0x293/0x310
[  288.914471][ T9220]  ? srso_alias_return_thunk+0x5/0xfbef5
[  288.914517][ T9220]  __x64_sys_mount+0x293/0x310
[  288.914565][ T9220]  ? __pfx___x64_sys_mount+0x10/0x10
[  288.914624][ T9220]  do_syscall_64+0xc9/0xf80
[  288.914677][ T9220]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  288.914717][ T9220] RIP: 0033:0x7fbccfb9bf4a
[  288.914747][ T9220] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  288.914790][ T9220] RSP: 002b:00007fbcd09d2e58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  288.914828][ T9220] RAX: ffffffffffffffda RBX: 00007fbcd09d2ee0 RCX: 00007fbccfb9bf4a
[  288.914854][ T9220] RDX: 000020000003b280 RSI: 000020000003b2c0 RDI: 00007fbcd09d2ea0
[  288.914879][ T9220] RBP: 000020000003b280 R08: 00007fbcd09d2ee0 R09: 0000000000000000
[  288.914905][ T9220] R10: 0000000000000000 R11: 0000000000000246 R12: 000020000003b2c0
[  288.914931][ T9220] R13: 00007fbcd09d2ea0 R14: 000000000003b273 R15: 000020000003b300
[  288.914982][ T9220]  </TASK>
[  289.357590][ T9214] loop1: detected capacity change from 0 to 32768
[  289.381864][ T9220] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory.
[  289.497066][ T9220] gfs2: fsid=syz:syz: error -17 adding sysfs files
[  289.613811][ T9214] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  289.702681][ T9256] loop0: detected capacity change from 0 to 256
[  289.717308][ T9214] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  289.771871][ T9254] loop4: detected capacity change from 0 to 2048
[  289.881359][ T9244] loop2: detected capacity change from 0 to 32768
[  289.975165][ T9244] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz'
[  290.024942][ T9244] CPU: 1 UID: 0 PID: 9244 Comm: syz.2.1248 Not tainted syzkaller #0 PREEMPT(full) 
[  290.024997][ T9244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  290.025022][ T9244] Call Trace:
[  290.025035][ T9244]  <TASK>
[  290.025050][ T9244]  dump_stack_lvl+0x100/0x190
[  290.025106][ T9244]  sysfs_warn_dup.cold+0x1c/0x28
[  290.025162][ T9244]  sysfs_create_dir_ns+0x24b/0x2b0
[  290.025214][ T9244]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  290.025262][ T9244]  ? find_held_lock+0x2b/0x80
[  290.025316][ T9244]  ? kobject_add_internal+0x25f/0x930
[  290.025377][ T9244]  ? kobject_add_internal+0x25f/0x930
[  290.025439][ T9244]  ? srso_alias_return_thunk+0x5/0xfbef5
[  290.025490][ T9244]  ? do_raw_spin_unlock+0x145/0x1e0
[  290.025538][ T9244]  kobject_add_internal+0x2c8/0x930
[  290.025594][ T9244]  ? kmemdup_nul+0x51/0xd0
[  290.025637][ T9244]  kobject_init_and_add+0x121/0x180
[  290.025699][ T9244]  ? __pfx_kobject_init_and_add+0x10/0x10
[  290.025767][ T9244]  ? srso_alias_return_thunk+0x5/0xfbef5
[  290.025907][ T9244]  ? lockdep_init_map_type+0x5c/0x250
[  290.025981][ T9244]  ? srso_alias_return_thunk+0x5/0xfbef5
[  290.026028][ T9244]  ? lockdep_init_map_type+0x5c/0x250
[  290.026097][ T9244]  gfs2_sys_fs_add+0x209/0x410
[  290.026136][ T9244]  ? __pfx_gfs2_sys_fs_add+0x10/0x10
[  290.026174][ T9244]  ? lockdep_init_map_type+0xe6/0x250
[  290.026242][ T9244]  ? srso_alias_return_thunk+0x5/0xfbef5
[  290.026290][ T9244]  ? alloc_workqueue_noprof+0x198/0x200
[  290.026354][ T9244]  ? __pfx_alloc_workqueue_noprof+0x10/0x10
[  290.026430][ T9244]  ? srso_alias_return_thunk+0x5/0xfbef5
[  290.026491][ T9244]  gfs2_fill_super+0x143b/0x2d00
[  290.026538][ T9244]  ? __pfx_vsnprintf+0x10/0x10
[  290.026579][ T9244]  ? __lock_acquire+0x4a5/0x2630
[  290.026657][ T9244]  ? __pfx_gfs2_fill_super+0x10/0x10
[  290.026704][ T9244]  ? __pfx_snprintf+0x10/0x10
[  290.026750][ T9244]  ? find_held_lock+0x2b/0x80
[  290.026808][ T9244]  ? srso_alias_return_thunk+0x5/0xfbef5
[  290.026856][ T9244]  ? set_blocksize+0x403/0x510
[  290.026896][ T9244]  ? setup_bdev_super+0x337/0x730
[  290.026957][ T9244]  ? srso_alias_return_thunk+0x5/0xfbef5
[  290.027003][ T9244]  ? sb_set_blocksize+0x1fe/0x290
[  290.027055][ T9244]  ? get_tree_bdev_flags+0x38c/0x620
[  290.027114][ T9244]  get_tree_bdev_flags+0x38c/0x620
[  290.027173][ T9244]  ? __pfx_gfs2_fill_super+0x10/0x10
[  290.027224][ T9244]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[  290.027285][ T9244]  ? vfs_parse_fs_qstr+0x144/0x1c0
[  290.027336][ T9244]  ? srso_alias_return_thunk+0x5/0xfbef5
[  290.027386][ T9244]  ? srso_alias_return_thunk+0x5/0xfbef5
[  290.027435][ T9244]  ? apparmor_capable+0x1d7/0x4e0
[  290.027495][ T9244]  gfs2_get_tree+0x4e/0x280
[  290.027549][ T9244]  vfs_get_tree+0x92/0x320
[  290.027599][ T9244]  ? srso_alias_return_thunk+0x5/0xfbef5
[  290.027651][ T9244]  path_mount+0x7d0/0x23c0
[  290.027705][ T9244]  ? __pfx_path_mount+0x10/0x10
[  290.027752][ T9244]  ? kmem_cache_free+0x143/0x720
[  290.027818][ T9244]  ? strncpy_from_user+0x19d/0x2d0
[  290.027874][ T9244]  ? putname+0xf5/0x1a0
[  290.027922][ T9244]  ? srso_alias_return_thunk+0x5/0xfbef5
[  290.027970][ T9244]  ? putname+0xfa/0x1a0
[  290.028016][ T9244]  ? __x64_sys_mount+0x293/0x310
[  290.028059][ T9244]  ? srso_alias_return_thunk+0x5/0xfbef5
[  290.028107][ T9244]  __x64_sys_mount+0x293/0x310
[  290.028155][ T9244]  ? __pfx___x64_sys_mount+0x10/0x10
[  290.028217][ T9244]  do_syscall_64+0xc9/0xf80
[  290.028271][ T9244]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  290.028312][ T9244] RIP: 0033:0x7f134e99bf4a
[  290.028343][ T9244] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  290.028383][ T9244] RSP: 002b:00007f134f935e58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  290.028422][ T9244] RAX: ffffffffffffffda RBX: 00007f134f935ee0 RCX: 00007f134e99bf4a
[  290.028450][ T9244] RDX: 0000200000000400 RSI: 0000200000012500 RDI: 00007f134f935ea0
[  290.028477][ T9244] RBP: 0000200000000400 R08: 00007f134f935ee0 R09: 0000000000000000
[  290.028503][ T9244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000012500
[  290.028529][ T9244] R13: 00007f134f935ea0 R14: 00000000000125bb R15: 0000200000000440
[  290.028580][ T9244]  </TASK>
[  290.028699][ T9244] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory.
[  290.496674][ T9214] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 1ms
[  290.510123][ T5980] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  290.534850][ T5980] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  290.585254][ T9244] gfs2: fsid=syz:syz: error -17 adding sysfs files
[  290.784586][ T9260] loop3: detected capacity change from 0 to 2048
[  290.871548][ T9262] loop4: detected capacity change from 0 to 128
[  291.230347][ T5980] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 695ms
[  291.273007][ T5980] gfs2: fsid=syz:syz.0: jid=0: Done
[  291.304706][ T9214] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  291.353610][ T9214] gfs2: fsid=syz:syz.0: can't create logd thread: -4
[  291.385064][ T9266] loop3: detected capacity change from 0 to 128
[  291.505264][ T9269] loop4: detected capacity change from 0 to 256
[  292.170529][ T9276] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  292.440312][ T9283] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  292.574967][   T10] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  292.782514][   T10] usb 2-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96
[  292.814488][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  292.852459][   T10] usb 2-1: Product: syz
[  292.866987][   T10] usb 2-1: Manufacturer: syz
[  292.903789][   T10] usb 2-1: SerialNumber: syz
[  292.946676][   T10] usb 2-1: config 0 descriptor??
[  293.182246][   T10] peak_usb 2-1:0.0 can0: unable to request usb[type=0 value=1] err=-71
[  293.240505][   T10] peak_usb 2-1:0.0: unable to read PCAN-USB FD firmware info (err -71)
[  293.465962][   T10] peak_usb 2-1:0.0: probe with driver peak_usb failed with error -71
[  293.516190][   T10] usb 2-1: USB disconnect, device number 39
[  293.974569][ T9271] set_capacity_and_notify: 7 callbacks suppressed
[  293.974597][ T9271] loop2: detected capacity change from 0 to 32768
[  294.082475][ T9271] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  294.092181][ T9271] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  294.174098][ T9271] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms
[  294.218789][ T5904] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  294.228511][ T5904] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  294.677063][ T5904] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 448ms
[  294.717063][ T5904] gfs2: fsid=syz:syz.0: jid=0: Done
[  294.736735][ T9271] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  294.765537][ T9271] gfs2: fsid=syz:syz.0: can't create logd thread: -4
[  294.805906][ T9293] loop4: detected capacity change from 0 to 32768
[  294.916094][ T9293] (syz.4.1267,9293,1):ocfs2_check_set_options:1244 ERROR: Invalid heartbeat mount options
[  295.029957][ T9293] (syz.4.1267,9293,1):ocfs2_fill_super:1177 ERROR: status = -22
[  295.171400][ T9297] loop1: detected capacity change from 0 to 32768
[  295.247726][ T9297] (syz.1.1268,9297,0):ocfs2_check_set_options:1244 ERROR: Invalid heartbeat mount options
[  295.313461][ T9297] (syz.1.1268,9297,1):ocfs2_fill_super:1177 ERROR: status = -22
[  296.515274][ T9302] loop4: detected capacity change from 0 to 32768
[  296.580232][ T9302] (syz.4.1270,9302,1):ocfs2_check_set_options:1244 ERROR: Invalid heartbeat mount options
[  296.667704][ T9302] (syz.4.1270,9302,1):ocfs2_fill_super:1177 ERROR: status = -22
[  297.359186][ T9308] loop5: detected capacity change from 0 to 32768
[  297.443672][ T9308] (syz.5.1272,9308,1):ocfs2_check_set_options:1244 ERROR: Invalid heartbeat mount options
[  297.509711][ T9304] loop1: detected capacity change from 0 to 32768
[  297.560684][ T9308] (syz.5.1272,9308,1):ocfs2_fill_super:1177 ERROR: status = -22
[  297.594409][ T9304] gfs2: fsid=syz:syz: Trying to join cluster "lock_dlm", "syz:syz"
[  297.647990][ T9311] loop3: detected capacity change from 0 to 32768
[  297.679963][ T9304] dlm: no local IP address has been set
[  297.726341][ T9304] dlm: cannot start dlm midcomms -107
[  297.731791][ T9304] gfs2: fsid=syz:syz: dlm_new_lockspace error -107
[  297.798917][ T9311] (syz.3.1273,9311,0):ocfs2_check_set_options:1244 ERROR: Invalid heartbeat mount options
[  297.842101][ T9311] (syz.3.1273,9311,1):ocfs2_fill_super:1177 ERROR: status = -22
[  298.447641][ T9323] loop1: detected capacity change from 0 to 4096
[  298.483589][ T9313] loop4: detected capacity change from 0 to 32768
[  298.549315][ T9313] (syz.4.1274,9313,0):ocfs2_check_set_options:1244 ERROR: Invalid heartbeat mount options
[  298.600132][ T9313] (syz.4.1274,9313,1):ocfs2_fill_super:1177 ERROR: status = -22
[  299.009732][ T9318] loop0: detected capacity change from 0 to 32768
[  299.104012][ T9318] (syz.0.1275,9318,1):ocfs2_check_set_options:1244 ERROR: Invalid heartbeat mount options
[  299.113494][ T9330] loop4: detected capacity change from 0 to 128
[  299.188576][ T9318] (syz.0.1275,9318,1):ocfs2_fill_super:1177 ERROR: status = -22
[  299.643717][ T9337] loop4: detected capacity change from 0 to 22
[  299.678651][ T9337] MTD: Attempt to mount non-MTD device "/dev/loop4"
[  299.726374][ T9337] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  300.232972][ T9339] loop4: detected capacity change from 0 to 2048
[  300.581864][ T9341] loop2: detected capacity change from 0 to 3
[  300.632011][ T9341] syz.2.1285: attempt to access beyond end of device
[  300.632011][ T9341] loop2: rw=2048, sector=0, nr_sectors = 8 limit=3
[  300.700228][ T9343] loop4: detected capacity change from 0 to 8
[  300.718059][ T9341] SQUASHFS error: Failed to read block 0x0: -5
[  300.724365][ T9341] unable to read squashfs_super_block
[  301.189647][ T9347] loop2: detected capacity change from 0 to 2048
[  301.200865][ T9325] loop3: detected capacity change from 0 to 65536
[  301.256079][ T9347] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  301.662459][ T9349] loop3: detected capacity change from 0 to 2048
[  301.663099][ T9351] loop2: detected capacity change from 0 to 128
[  301.733164][ T9349] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  301.767802][ T9351] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[  301.815600][ T9351] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  302.253787][ T9353] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[  302.319421][ T9353] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512
[  302.362523][ T9353] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
[  302.408745][ T9353] UDF-fs: Scanning with blocksize 512 failed
[  302.462486][ T9353] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[  302.506910][ T9353] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  303.095206][ T9363] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  303.144534][ T9363] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512
[  303.179716][ T9361] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
[  303.187805][ T9363] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found
[  303.231914][ T9363] UDF-fs: Scanning with blocksize 512 failed
[  303.236189][ T9361] UDF-fs: Scanning with blocksize 512 failed
[  303.290421][ T9361] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  303.299310][ T9363] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  303.304754][ T9363] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  303.533306][ T9367] UDF-fs: warning (device loop2): udf_load_vrs: No VRS found
[  303.544972][ T9367] UDF-fs: Scanning with blocksize 512 failed
[  303.574889][ T9367] UDF-fs: warning (device loop2): udf_load_vrs: No VRS found
[  303.608690][ T9367] UDF-fs: Scanning with blocksize 1024 failed
[  303.666332][ T9367] UDF-fs: warning (device loop2): udf_load_vrs: No VRS found
[  303.736741][ T9367] UDF-fs: Scanning with blocksize 2048 failed
[  303.834040][ T9367] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[  303.844992][ T9369] UDF-fs: warning (device loop3): udf_load_vrs: No VRS found
[  303.852409][ T9369] UDF-fs: Scanning with blocksize 512 failed
[  303.917665][ T9369] UDF-fs: warning (device loop3): udf_load_vrs: No VRS found
[  303.926727][ T9367] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  303.951780][ T9369] UDF-fs: Scanning with blocksize 1024 failed
[  303.958723][ T9372] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  303.979223][ T9371] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  304.022109][ T9369] UDF-fs: warning (device loop3): udf_load_vrs: No VRS found
[  304.051960][ T9369] UDF-fs: Scanning with blocksize 2048 failed
[  304.085119][ T9371] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  304.102886][ T9369] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[  304.167778][ T9369] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  304.462048][ T9374] set_capacity_and_notify: 9 callbacks suppressed
[  304.462075][ T9374] loop4: detected capacity change from 0 to 512
[  304.616823][ T9374] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found
[  304.617267][ T9378] loop3: detected capacity change from 0 to 512
[  304.624252][ T9374] UDF-fs: Scanning with blocksize 512 failed
[  304.669286][ T9374] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found
[  304.671398][ T9380] loop1: detected capacity change from 0 to 512
[  304.713911][ T9380] UDF-fs: warning (device loop1): udf_load_vrs: No VRS found
[  304.724863][ T9374] UDF-fs: Scanning with blocksize 1024 failed
[  304.754221][ T9380] UDF-fs: Scanning with blocksize 512 failed
[  304.784884][ T9374] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found
[  304.794870][ T9374] UDF-fs: Scanning with blocksize 2048 failed
[  304.795723][ T9380] UDF-fs: warning (device loop1): udf_load_vrs: No VRS found
[  304.821914][ T9374] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[  304.870179][ T9380] UDF-fs: Scanning with blocksize 1024 failed
[  304.876942][ T9356] loop5: detected capacity change from 0 to 32768
[  304.918561][ T9374] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  304.930933][ T9356] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  304.950173][ T9380] UDF-fs: warning (device loop1): udf_load_vrs: No VRS found
[  304.984117][ T9376] loop2: detected capacity change from 0 to 8192
[  305.041954][ T9380] UDF-fs: Scanning with blocksize 2048 failed
[  305.069251][ T9356] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  305.081816][ T9376] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512).
[  305.128894][ T9380] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  305.150264][ T9356] gfs2: fsid=syz:syz.s: journal 0 mapped with 5 extents in 0ms
[  305.197289][ T9380] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  305.461263][ T9384] loop3: detected capacity change from 0 to 2048
[  305.478998][ T9356] gfs2: fsid=syz:syz.s: first mount done, others may mount
[  305.855375][ T9386] loop4: detected capacity change from 0 to 8192
[  305.873829][ T9386] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found
[  305.946617][ T9386] UDF-fs: Scanning with blocksize 512 failed
[  306.034899][ T9386] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found
[  306.073584][ T9386] UDF-fs: Scanning with blocksize 1024 failed
[  306.134202][ T9386] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found
[  306.170958][ T9386] UDF-fs: Scanning with blocksize 2048 failed
[  306.213118][ T9392] loop3: detected capacity change from 0 to 128
[  306.257434][ T9386] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  306.346971][ T9389] loop2: detected capacity change from 0 to 8192
[  306.381666][ T9389] UDF-fs: warning (device loop2): udf_load_vrs: No VRS found
[  306.423110][ T9389] UDF-fs: Scanning with blocksize 512 failed
[  306.475678][ T9389] UDF-fs: warning (device loop2): udf_load_vrs: No VRS found
[  306.531087][ T9389] UDF-fs: Scanning with blocksize 1024 failed
[  306.589806][ T9389] UDF-fs: warning (device loop2): udf_load_vrs: No VRS found
[  306.634607][ T9389] UDF-fs: Scanning with blocksize 2048 failed
[  306.687771][ T9389] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  306.828296][ T9398] loop5: detected capacity change from 0 to 128
[  307.863532][ T9412] UDF-fs: warning (device loop5): udf_load_vrs: No VRS found
[  307.904864][ T9412] UDF-fs: Scanning with blocksize 512 failed
[  307.936363][ T9412] UDF-fs: warning (device loop5): udf_load_vrs: No VRS found
[  307.972337][ T9412] UDF-fs: Scanning with blocksize 1024 failed
[  308.009221][ T9412] UDF-fs: warning (device loop5): udf_load_vrs: No VRS found
[  308.035629][ T9412] UDF-fs: Scanning with blocksize 2048 failed
[  308.067543][ T9412] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256
[  308.097795][ T9412] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  309.054404][ T9414] XFS (loop2): Mounting V5 Filesystem bc2378ed-6193-40d5-9d59-7ebcb787b415
[  309.142137][ T9414] XFS (loop2): Log size 516 blocks too small, minimum size is 636 blocks
[  309.164908][ T9414] XFS (loop2): AAIEEE! Log failed size checks. Abort!
[  309.185317][ T9414] XFS (loop2): log mount failed
[  310.697178][ T9427] set_capacity_and_notify: 5 callbacks suppressed
[  310.697205][ T9427] loop2: detected capacity change from 0 to 32768
[  310.822727][ T9427] XFS (loop2): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a
[  311.112995][ T9427] XFS (loop2): Ending clean mount
[  311.328761][ T5836] XFS (loop2): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a
[  311.642723][ T9429] loop3: detected capacity change from 0 to 32768
[  311.707772][ T9441] loop4: detected capacity change from 0 to 32768
[  311.776672][ T6032]  loop4: p1 p9 p11
[  311.787437][ T9425] loop1: detected capacity change from 0 to 65536
[  311.793009][ T9429] XFS (loop3): Mounting V5 Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[  311.836409][ T9441]  loop4: p1 p9 p11
[  311.910284][ T9425] XFS (loop1): Mounting V5 Filesystem 4194cad6-cad4-4798-ac4c-c2118f686eb1
[  311.967651][ T9429] XFS (loop3): Ending clean mount
[  312.277353][ T5842] XFS (loop3): Unmounting Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[  312.352459][ T9425] XFS (loop1): Ending clean mount
[  312.522847][ T5826] XFS (loop1): Unmounting Filesystem 4194cad6-cad4-4798-ac4c-c2118f686eb1
[  313.310453][ T6204] udevd[6204]: inotify_add_watch(7, /dev/loop4p11, 10) failed: No such file or directory
[  313.317100][ T8518] udevd[8518]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory
[  313.329804][ T6047] udevd[6047]: inotify_add_watch(7, /dev/loop4p9, 10) failed: No such file or directory
[  313.461238][ T6032] udevd[6032]: inotify_add_watch(7, /dev/loop4p9, 10) failed: No such file or directory
[  313.473982][ T6047] udevd[6047]: inotify_add_watch(7, /dev/loop4p11, 10) failed: No such file or directory
[  313.487455][ T8518] udevd[8518]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory
[  314.951739][ T9461] loop4: detected capacity change from 0 to 65536
[  315.077281][ T9461] XFS (loop4): Deprecated V4 format (crc=0) not supported by kernel.
[  315.353861][ T9465] loop2: detected capacity change from 0 to 65536
[  315.472058][ T9465] XFS (loop2): Deprecated V4 format (crc=0) not supported by kernel.
[  316.312980][ T9485] ip6gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue
[  316.418675][ T9481] loop4: detected capacity change from 0 to 16384
[  316.517218][ T9481] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found
[  316.564904][ T9481] UDF-fs: Scanning with blocksize 512 failed
[  316.647386][ T9481] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found
[  316.684947][ T9481] UDF-fs: Scanning with blocksize 1024 failed
[  316.739313][ T9481] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found
[  316.764908][ T9481] UDF-fs: Scanning with blocksize 2048 failed
[  316.780337][ T9488] loop2: detected capacity change from 0 to 256
[  316.847415][ T9488] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[  316.877055][ T9481] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  316.897662][ T9488] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=512, location=512
[  316.929042][ T9488] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found
[  316.969726][ T9488] UDF-fs: Scanning with blocksize 512 failed
[  317.051083][ T9488] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[  317.129564][ T9488] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  317.634273][ T9503] loop2: detected capacity change from 0 to 512
[  317.684886][ T9503] UDF-fs: warning (device loop2): udf_load_vrs: No VRS found
[  317.715244][ T9503] UDF-fs: Scanning with blocksize 512 failed
[  317.760958][ T9503] UDF-fs: warning (device loop2): udf_load_vrs: No VRS found
[  317.795360][ T9503] UDF-fs: Scanning with blocksize 1024 failed
[  317.825038][ T5891] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  318.027965][ T5891] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  318.041206][ T9497] loop4: detected capacity change from 0 to 32768
[  318.049864][ T9503] UDF-fs: warning (device loop2): udf_load_vrs: No VRS found
[  318.074671][ T5891] usb 2-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d
[  318.086598][ T9503] UDF-fs: Scanning with blocksize 2048 failed
[  318.115667][ T5891] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  318.128397][ T6032]  loop4: p1 p3 < p5 p6 >
[  318.128800][ T9503] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[  318.161853][ T5891] usb 2-1: config 0 descriptor??
[  318.186764][ T9503] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  318.198340][ T5891] uvcvideo 2-1:0.0: probe with driver uvcvideo failed with error -22
[  318.209691][ T9497]  loop4: p1 p3 < p5 p6 >
[  318.236694][ T9507] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1346'.
[  318.386999][ T5891] usb 2-1: USB disconnect, device number 40
[  318.953532][ T9496] loop5: detected capacity change from 0 to 32768
[  319.055784][ T9496] XFS (loop5): Mounting V5 Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4
[  319.159154][ T6032] udevd[6032]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory
[  319.162761][ T6204] udevd[6204]: inotify_add_watch(7, /dev/loop4p5, 10) failed: No such file or directory
[  319.179589][ T5976] udevd[5976]: inotify_add_watch(7, /dev/loop4p6, 10) failed: No such file or directory
[  319.239173][ T6047] udevd[6047]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory
[  319.326520][ T9496] XFS (loop5): Ending clean mount
[  319.471274][ T8518] udevd[8518]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory
[  319.497144][ T6032] udevd[6032]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory
[  319.528976][ T6047] udevd[6047]: inotify_add_watch(7, /dev/loop4p5, 10) failed: No such file or directory
[  319.556343][ T6204] udevd[6204]: inotify_add_watch(7, /dev/loop4p6, 10) failed: No such file or directory
[  319.665319][ T5827] XFS (loop5): Unmounting Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4
[  319.719726][ T9533] loop0: detected capacity change from 0 to 8192
[  320.261469][ T9557] Cannot find add_set index 0 as target
[  320.508928][ T9563] netlink: 'syz.3.1370': attribute type 2 has an invalid length.
[  320.677083][ T9571] netlink: 'syz.1.1374': attribute type 4 has an invalid length.
[  320.771567][ T9569] loop4: detected capacity change from 0 to 2048
[  320.832306][ T9569] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024)
[  320.891317][ T9576] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  321.014429][ T9580] openvswitch: netlink: Actions may not be safe on all matching packets
[  321.128886][ T9585] netlink: 'syz.5.1379': attribute type 8 has an invalid length.
[  321.144979][ T9586] loop1: detected capacity change from 0 to 64
[  321.357106][ T9590] IPVS: set_ctl: invalid protocol: 137 0.0.0.0:20002
[  322.432039][ T9631] openvswitch: netlink: nsh attribute has 1 unknown bytes.
[  322.543952][ T9604] orangefs_mount: mount request failed with -4
[  322.631570][ T9634] loop0: detected capacity change from 0 to 512
[  322.740876][ T9638] loop1: detected capacity change from 0 to 256
[  322.810927][ T9638] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  322.925816][ T9638] exFAT-fs (loop1): valid_size(150994954) is greater than size(10)
[  323.124952][ T5980] usb 6-1: new high-speed USB device number 38 using dummy_hcd
[  323.306970][ T5980] usb 6-1: Using ep0 maxpacket: 32
[  323.327518][ T5980] usb 6-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=67.fe
[  323.362276][ T5980] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  323.397071][ T5980] usb 6-1: Product: syz
[  323.401280][ T5980] usb 6-1: Manufacturer: syz
[  323.432567][ T5980] usb 6-1: SerialNumber: syz
[  323.504554][ T5980] usb 6-1: config 0 descriptor??
[  323.507251][ T9660] netlink: 'syz.4.1418': attribute type 21 has an invalid length.
[  323.558175][ T9660] netlink: 128 bytes leftover after parsing attributes in process `syz.4.1418'.
[  323.573455][ T9664] loop3: detected capacity change from 0 to 64
[  323.585584][ T9660] netlink: 'syz.4.1418': attribute type 4 has an invalid length.
[  323.599319][ T9664] MINIX-fs: mounting unchecked file system, running fsck is recommended
[  323.628629][ T9660] netlink: 'syz.4.1418': attribute type 5 has an invalid length.
[  323.673946][ T9664] minix_free_inode: bit 5 already cleared
[  323.686277][ T9660] netlink: 3 bytes leftover after parsing attributes in process `syz.4.1418'.
[  323.765013][ T5980] snd-usb-6fire 6-1:0.0: unknown device firmware state received from device:
[  323.804236][ T5980] 00 00 00 00 00 00 00 00 
[  323.810688][ T5980] snd-usb-6fire 6-1:0.0: probe with driver snd-usb-6fire failed with error -5
[  324.071063][ T5933] usb 6-1: USB disconnect, device number 38
[  324.129059][ T9672] netlink: 'syz.0.1424': attribute type 8 has an invalid length.
[  324.864949][ T9698] netlink: 7 bytes leftover after parsing attributes in process `syz.2.1434'.
[  324.876534][ T9692] loop5: detected capacity change from 0 to 1764
[  325.231339][ T9707] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  325.542835][ T9718] netlink: 'syz.1.1447': attribute type 1 has an invalid length.
[  325.689662][ T9724] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1450'.
[  325.720101][ T9724] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1450'.
[  325.986033][ T9732] SET target dimension over the limit!
[  326.295405][ T9740] loop5: detected capacity change from 0 to 2048
[  326.344440][ T9744] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  326.402646][ T9740] NILFS error (device loop5): nilfs_check_folio: bad entry in directory #2: rec_len is too small for name_len - offset=16, inode=2, rec_len=16, name_len=255
[  326.509585][ T9740] Remounting filesystem read-only
[  326.809520][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  326.816148][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  327.565001][   T10] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  327.730167][   T10] usb 2-1: Using ep0 maxpacket: 32
[  327.743445][   T10] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86
[  327.785992][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7
[  327.827331][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid maxpacket 8960, setting to 1024
[  327.870836][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 255, changing to 11
[  327.933701][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 59391, setting to 1024
[  327.939671][ T9716] loop3: detected capacity change from 0 to 65536
[  327.963591][   T10] usb 2-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[  327.989226][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  328.056582][   T10] usb 2-1: Product: syz
[  328.079768][   T10] usb 2-1: Manufacturer: syz
[  328.104309][ T9716] XFS (loop3): Mounting V5 Filesystem 96fa0d02-eac2-4cc4-980a-feab0601d24f
[  328.121728][   T10] usb 2-1: SerialNumber: syz
[  328.151439][   T10] usb 2-1: config 0 descriptor??
[  328.315570][ T9716] XFS (loop3): Ending clean mount
[  328.553795][ T5842] XFS (loop3): Unmounting Filesystem 96fa0d02-eac2-4cc4-980a-feab0601d24f
[  328.600649][   T10] iforce 2-1:0.0: usb_submit_urb failed: -71
[  328.622084][   T10] input input15: Device does not respond to id packet M
[  328.637335][   T10] iforce 2-1:0.0: usb_submit_urb failed: -71
[  328.643488][   T10] input input15: Device does not respond to id packet P
[  328.677330][   T10] iforce 2-1:0.0: usb_submit_urb failed: -71
[  328.700579][   T10] input input15: Device does not respond to id packet B
[  328.712123][   T10] iforce 2-1:0.0: usb_submit_urb failed: -71
[  328.724880][   T10] input input15: Device does not respond to id packet N
[  328.775446][   T10] iforce 2-1:0.0: usb_submit_urb failed: -71
[  328.786447][   T10] iforce 2-1:0.0: usb_submit_urb failed: -71
[  328.827038][   T10] iforce 2-1:0.0: usb_submit_urb failed: -71
[  328.846034][   T10] iforce 2-1:0.0: usb_submit_urb failed: -71
[  328.863330][   T10] input: Unknown I-Force Device [%04x:%04x] as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input15
[  328.982912][   T10] usb 2-1: USB disconnect, device number 41
[  329.277683][ T9826] xt_time: invalid argument - start or stop time greater than 23:59:59
[  329.627080][ T9835] loop0: detected capacity change from 0 to 8
[  329.713416][ T9835] SQUASHFS error: Failed to read block 0x636: -5
[  329.745814][ T9835] SQUASHFS error: Unable to read metadata cache entry [634]
[  329.845078][   T10] IPVS: starting estimator thread 0...
[  329.950476][ T9840] IPVS: using max 22 ests per chain, 52800 per kthread
[  330.107270][ T9850] netlink: 'syz.1.1503': attribute type 1 has an invalid length.
[  330.353577][ T9858] loop3: detected capacity change from 0 to 512
[  330.360613][ T9856] loop4: detected capacity change from 0 to 1024
[  330.390161][ T9856] EXT4-fs: Ignoring removed mblk_io_submit option
[  330.435938][ T9858] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #15: comm syz.3.1507: inode has both inline data and extents flags
[  330.456317][ T9856] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  330.486603][ T9856] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  330.487035][ T9858] EXT4-fs error (device loop3): ext4_orphan_get:1394: comm syz.3.1507: couldn't read orphan inode 15 (err -117)
[  330.528604][ T9856] EXT4-fs error (device loop4): ext4_ext_check_inode:523: inode #11: comm syz.4.1505: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[  330.546471][ T9862] ip6erspan0: entered allmulticast mode
[  330.588648][ T9856] EXT4-fs error (device loop4): ext4_orphan_get:1394: comm syz.4.1505: couldn't read orphan inode 11 (err -117)
[  330.603722][ T9856] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  330.615559][ T9858] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  330.734656][ T9867] loop2: detected capacity change from 0 to 2048
[  330.745777][ T9858] EXT4-fs: Cannot specify journal on remount
[  330.765149][ T9856] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:482: comm syz.4.1505: Invalid block bitmap block 0 in block_group 0
[  330.797477][ T9867] NILFS (loop2): invalid segment: Inconsistency found
[  330.804321][ T9867] NILFS (loop2): trying rollback from an earlier position
[  330.848048][ T9856] Quota error (device loop4): write_blk: dquota write failed
[  330.878341][ T9867] NILFS (loop2): recovery complete
[  330.886248][ T9856] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[  330.906052][ T9872] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  330.918986][ T9856] EXT4-fs error (device loop4): ext4_acquire_dquot:6984: comm syz.4.1505: Failed to acquire dquot type 0
[  330.958552][ T5842] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  331.025110][ T5891] usb 6-1: new high-speed USB device number 39 using dummy_hcd
[  331.141884][ T5838] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  331.199415][ T5891] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  331.220295][ T5891] usb 6-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d
[  331.274255][ T5891] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  331.316085][ T5891] usb 6-1: config 0 descriptor??
[  331.330576][ T5891] uvcvideo 6-1:0.0: probe with driver uvcvideo failed with error -22
[  331.574241][ T5980] usb 6-1: USB disconnect, device number 39
[  332.245364][ T9910] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  332.590533][ T9922] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  332.717423][ T9929] netlink: 'syz.3.1539': attribute type 10 has an invalid length.
[  332.897092][ T9929] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  332.913429][ T9934] netlink: 'syz.2.1542': attribute type 8 has an invalid length.
[  332.990388][ T9936] loop5: detected capacity change from 0 to 2048
[  333.031053][ T9936] UDF-fs: error (device loop5): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  333.060099][ T9936] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  333.424510][   T10] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  333.460000][ T9947] netlink: 72 bytes leftover after parsing attributes in process `syz.5.1548'.
[  333.502852][ T9947] netlink: 72 bytes leftover after parsing attributes in process `syz.5.1548'.
[  333.617329][   T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  333.657350][   T10] usb 4-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d
[  333.691357][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  333.726975][   T10] usb 4-1: config 0 descriptor??
[  333.759278][   T10] uvcvideo 4-1:0.0: probe with driver uvcvideo failed with error -22
[  333.875452][ T5891] usb 5-1: new low-speed USB device number 36 using dummy_hcd
[  333.922973][ T9963] xt_TCPMSS: Only works on TCP SYN packets
[  334.037029][ T5980] usb 4-1: USB disconnect, device number 40
[  334.050607][ T5891] usb 5-1: config index 0 descriptor too short (expected 1307, got 27)
[  334.078249][ T5891] usb 5-1: config 0 has an invalid interface number: 0 but max is -1
[  334.106226][ T5891] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 0
[  334.144971][ T5891] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30
[  334.159711][ T9970] loop2: detected capacity change from 0 to 256
[  334.161067][ T5834] Bluetooth: hci5: command 0x0406 tx timeout
[  334.184935][ T5891] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt
[  334.202928][ T5891] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  334.213193][ T5891] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246
[  334.243381][ T5891] usb 5-1: string descriptor 0 read error: -22
[  334.250087][ T5891] usb 5-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de
[  334.274067][ T5891] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  334.309661][ T5891] usb 5-1: config 0 descriptor??
[  334.341336][ T9970] FAT-fs (loop2): Directory bread(block 64) failed
[  334.355224][ T5891] hub 5-1:0.0: bad descriptor, ignoring hub
[  334.373457][ T9970] FAT-fs (loop2): Directory bread(block 65) failed
[  334.386322][ T5891] hub 5-1:0.0: probe with driver hub failed with error -5
[  334.404249][ T9970] FAT-fs (loop2): Directory bread(block 66) failed
[  334.433958][ T5891] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input16
[  334.475854][ T9970] FAT-fs (loop2): Directory bread(block 67) failed
[  334.502890][ T9970] FAT-fs (loop2): Directory bread(block 68) failed
[  334.529671][ T9970] FAT-fs (loop2): Directory bread(block 69) failed
[  334.562815][ T9970] FAT-fs (loop2): Directory bread(block 70) failed
[  334.579707][ T9970] FAT-fs (loop2): Directory bread(block 71) failed
[  334.586838][ T9970] FAT-fs (loop2): Directory bread(block 72) failed
[  334.593742][ T9970] FAT-fs (loop2): Directory bread(block 73) failed
[  334.716967][ T5891] usb 5-1: USB disconnect, device number 36
[  335.024909][ T5913] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  335.196822][ T5913] usb 4-1: Using ep0 maxpacket: 32
[  335.204529][ T5913] usb 4-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  335.234624][ T5913] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  335.275953][ T5913] usb 4-1: config 0 descriptor??
[  335.294225][ T5913] gspca_main: sunplus-2.14.0 probing 041e:400b
[  335.432806][T10000] usb usb7: usbfs: process 10000 (syz.2.1575) did not claim interface 0 before use
[  335.700422][ T5913] gspca_sunplus: reg_w_riv err -71
[  335.714116][ T5913] sunplus 4-1:0.0: probe with driver sunplus failed with error -71
[  335.728869][T10009] delete_channel: no stack
[  335.754880][ T5913] usb 4-1: USB disconnect, device number 41
[  335.825768][   T31] audit: type=1326 audit(1769284129.301:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10013 comm="syz.4.1579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e84b9acb9 code=0x7ffc0000
[  335.911948][   T31] audit: type=1326 audit(1769284129.301:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10013 comm="syz.4.1579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e84b9acb9 code=0x7ffc0000
[  336.006894][   T31] audit: type=1326 audit(1769284129.301:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10013 comm="syz.4.1579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f6e84b9acb9 code=0x7ffc0000
[  336.007452][T10016] usb usb8: usbfs: process 10016 (syz.2.1580) did not claim interface 0 before use
[  336.105962][   T31] audit: type=1326 audit(1769284129.301:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10013 comm="syz.4.1579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e84b9acb9 code=0x7ffc0000
[  336.200977][   T31] audit: type=1326 audit(1769284129.301:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10013 comm="syz.4.1579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e84b9acb9 code=0x7ffc0000
[  336.467800][T10027] loop2: detected capacity change from 0 to 64
[  336.578392][   T31] audit: type=1800 audit(1769284130.041:9): pid=10027 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1585" name="file1" dev="loop2" ino=5 res=0 errno=0
[  336.617752][T10033] netlink: 'syz.5.1589': attribute type 12 has an invalid length.
[  336.637471][T10033] netlink: 132 bytes leftover after parsing attributes in process `syz.5.1589'.
[  336.988500][T10045] netlink: 'syz.5.1595': attribute type 12 has an invalid length.
[  337.073754][T10047] 
: renamed from bond_slave_0 (while UP)
[  337.589396][T10058] loop3: detected capacity change from 0 to 4096
[  337.787605][T10066] loop0: detected capacity change from 0 to 512
[  337.845352][T10072] netlink: 'syz.5.1607': attribute type 12 has an invalid length.
[  337.863145][T10066] EXT4-fs error (device loop0): ext4_orphan_get:1391: inode #15: comm syz.0.1608: inode has both inline data and extents flags
[  337.933835][T10066] EXT4-fs error (device loop0): ext4_orphan_get:1394: comm syz.0.1608: couldn't read orphan inode 15 (err -117)
[  337.979185][T10066] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  338.025020][ T5913] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  338.247565][ T5828] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  338.255460][ T5913] usb 5-1: Using ep0 maxpacket: 32
[  338.270487][ T5913] usb 5-1: config 0 interface 0 has no altsetting 0
[  338.279105][ T5913] usb 5-1: New USB device found, idVendor=2040, idProduct=c603, bcdDevice= 1.8e
[  338.299177][ T5913] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  338.334956][ T5891] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  338.352474][ T5913] usb 5-1: config 0 descriptor??
[  338.382720][ T5913] usb 5-1: dvb_usb_v2: found a 'Hauppauge 126xxx ATSC+' in warm state
[  338.494102][ T5913] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  338.556507][ T5913] dvbdev: DVB: registering new adapter (Hauppauge 126xxx ATSC+)
[  338.574938][ T5891] usb 2-1: New USB device found, idVendor=0f11, idProduct=1000, bcdDevice= 0.7f
[  338.599950][ T5891] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  338.608171][ T5913] usb 5-1: media controller created
[  338.642105][ T5891] usb 2-1: config 0 descriptor??
[  338.657905][ T5913] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  338.671523][T10085] loop5: detected capacity change from 0 to 764
[  338.731020][T10085] rock: directory entry would overflow storage
[  338.743763][T10085] rock: sig=0x5245, size=8, remaining=5
[  338.751355][ T5913] usb 5-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  338.775336][ T5913] error writing reg: 0xff, val: 0x00
[  338.875012][ T5891] usb 2-1: string descriptor 0 read error: -71
[  338.919338][ T5891] ldusb 2-1:0.0: Interrupt in endpoint not found
[  338.940875][ T5913] dvb_usb_mxl111sf 5-1:0.0: probe with driver dvb_usb_mxl111sf failed with error -22
[  338.958041][T10091] netlink: 7064 bytes leftover after parsing attributes in process `syz.0.1616'.
[  338.976039][ T5891] usb 2-1: USB disconnect, device number 42
[  338.995979][T10091] openvswitch: netlink: Missing key (keys=40, expected=100)
[  339.011004][ T5913] usb 5-1: USB disconnect, device number 37
[  339.265871][T10099] netlink: 'syz.0.1620': attribute type 12 has an invalid length.
[  339.521425][T10105] snd_dummy snd_dummy.0: control 6:3945:6:syz1:7 is already present
[  339.868184][T10115] loop0: detected capacity change from 0 to 512
[  339.934678][T10115] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -13
[  339.945390][T10115] EXT4-fs error (device loop0): ext4_free_branches:1020: inode #13: comm syz.0.1627: invalid indirect mapped block 2683928664 (level 1)
[  340.013904][T10115] EXT4-fs (loop0): Remounting filesystem read-only
[  340.025701][T10115] EXT4-fs (loop0): 1 truncate cleaned up
[  340.037172][T10115] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  340.240833][T10134] loop2: detected capacity change from 0 to 512
[  340.262913][T10132] loop3: detected capacity change from 0 to 1024
[  340.295149][T10134] EXT4-fs: Ignoring removed nobh option
[  340.332404][T10132] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869)
[  340.359888][T10132] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  340.371141][ T5828] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  340.435130][T10132] EXT4-fs error (device loop3): ext4_get_journal_inode:5849: inode #32: comm syz.3.1636: iget: special inode unallocated
[  340.455033][T10134] EXT4-fs (loop2): mounted filesystem 00800000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  340.516062][T10140] netlink: 'syz.1.1640': attribute type 12 has an invalid length.
[  340.523994][T10132] EXT4-fs (loop3): Remounting filesystem read-only
[  340.527780][T10134] ext4 filesystem being mounted at /303/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  340.531700][T10132] EXT4-fs (loop3): no journal found
[  340.551046][T10132] EXT4-fs (loop3): can't get journal size
[  340.596964][T10132] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  340.688518][T10134] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1303: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[  340.778770][T10134] EXT4-fs (loop2): Remounting filesystem read-only
[  340.934343][ T5842] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  340.971593][ T5836] EXT4-fs (loop2): unmounting filesystem 00800000-0000-0000-0000-000000000000.
[  341.015111][   T37] Quota error (device loop2): dquot_write_dquot: Can't write quota structure (error -30). Quota may get out of sync!
[  341.094165][   T37] Quota error (device loop2): dquot_write_dquot: Can't write quota structure (error -30). Quota may get out of sync!
[  341.350161][T10149] bond1 (unregistering): Released all slaves
[  341.356956][ T5913] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[  341.416712][T10162] loop2: detected capacity change from 0 to 2048
[  341.492082][T10162] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  341.527980][ T5913] usb 4-1: Using ep0 maxpacket: 8
[  341.542805][ T5913] usb 4-1: config 0 has an invalid interface number: 186 but max is 0
[  341.570495][ T5913] usb 4-1: config 0 has no interface number 0
[  341.604515][ T5913] usb 4-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  341.628726][   T31] audit: type=1800 audit(1769284135.101:10): pid=10162 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1646" name="file1" dev="loop2" ino=1367 res=0 errno=0
[  341.684936][ T5913] usb 4-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A
[  341.749824][ T5913] usb 4-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  341.791693][ T5913] usb 4-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  341.867664][ T5913] usb 4-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[  341.893229][ T5913] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  341.945104][ T5913] usb 4-1: Product: syz
[  341.949329][ T5913] usb 4-1: Manufacturer: syz
[  341.996201][ T5913] usb 4-1: SerialNumber: syz
[  342.025892][ T5913] usb 4-1: config 0 descriptor??
[  342.110324][T10178] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1656'.
[  342.280127][ T5913] iowarrior 4-1:0.186: IOWarrior product=0x1505, serial= interface=186 now attached to iowarrior0
[  342.372456][ T5913] usb 4-1: USB disconnect, device number 42
[  342.607665][T10188] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  342.655003][T10190] warning: `syz.0.1661' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  342.770901][T10195] loop1: detected capacity change from 0 to 1764
[  342.953360][T10198] loop5: detected capacity change from 0 to 256
[  343.240212][T10198] FAT-fs (loop5): Directory bread(block 64) failed
[  343.295931][T10198] FAT-fs (loop5): Directory bread(block 65) failed
[  343.311786][T10198] FAT-fs (loop5): Directory bread(block 66) failed
[  343.323506][T10211] loop0: detected capacity change from 0 to 512
[  343.358710][T10198] FAT-fs (loop5): Directory bread(block 67) failed
[  343.368085][T10211] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  343.420649][T10198] FAT-fs (loop5): Directory bread(block 68) failed
[  343.478574][T10198] FAT-fs (loop5): Directory bread(block 69) failed
[  343.534967][T10198] FAT-fs (loop5): Directory bread(block 70) failed
[  343.572051][T10198] FAT-fs (loop5): Directory bread(block 71) failed
[  343.611700][T10198] FAT-fs (loop5): Directory bread(block 72) failed
[  343.665067][T10198] FAT-fs (loop5): Directory bread(block 73) failed
[  344.301974][T10233] loop2: detected capacity change from 0 to 2048
[  344.371398][T10233] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  344.415518][T10240] loop1: detected capacity change from 0 to 1024
[  344.457898][T10240] EXT4-fs (loop1): stripe (3) is not aligned with cluster size (16), stripe is disabled
[  344.524307][T10240] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  344.594894][ T5904] usb 1-1: new high-speed USB device number 42 using dummy_hcd
[  344.653326][T10240] EXT4-fs error (device loop1): ext4_xattr_inode_iget:441: inode #11: comm syz.1.1685: missing EA_INODE flag
[  344.761895][T10240] EXT4-fs (loop1): Remounting filesystem read-only
[  344.785156][ T5904] usb 1-1: Using ep0 maxpacket: 32
[  344.840980][ T5904] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86
[  344.897352][ T5904] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7
[  344.974998][ T5904] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid maxpacket 8960, setting to 1024
[  345.005071][ T5904] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 255, changing to 11
[  345.041595][ T5904] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 59391, setting to 1024
[  345.043710][ T5826] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  345.067952][ T5904] usb 1-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[  345.077510][ T5904] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  345.126916][ T5904] usb 1-1: Product: syz
[  345.131141][ T5904] usb 1-1: Manufacturer: syz
[  345.175613][ T5904] usb 1-1: SerialNumber: syz
[  345.216874][ T5904] usb 1-1: config 0 descriptor??
[  345.454268][T10270] loop2: detected capacity change from 0 to 128
[  345.517565][T10270] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  345.555888][T10270] hpfs: filesystem error: improperly stopped
[  345.614932][T10270] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  345.638498][T10270] hpfs: You really don't want any checks? You are crazy...
[  345.646116][ T5904] iforce 1-1:0.0: usb_submit_urb failed: -71
[  345.694997][ T5904] input input17: Device does not respond to id packet M
[  345.695039][T10270] hpfs: hpfs_map_sector(): read error
[  345.726594][ T5904] iforce 1-1:0.0: usb_submit_urb failed: -71
[  345.740703][T10270] hpfs: code page support is disabled
[  345.745735][ T5904] input input17: Device does not respond to id packet P
[  345.763769][ T5904] iforce 1-1:0.0: usb_submit_urb failed: -71
[  345.768846][T10270] hpfs: hpfs_map_4sectors(): unaligned read
[  345.773095][ T5904] input input17: Device does not respond to id packet B
[  345.798464][T10270] hpfs: hpfs_map_4sectors(): unaligned read
[  345.824847][T10270] hpfs: filesystem error: unable to find root dir
[  345.836316][ T5904] iforce 1-1:0.0: usb_submit_urb failed: -71
[  345.842414][ T5904] input input17: Device does not respond to id packet N
[  345.886859][ T5904] iforce 1-1:0.0: usb_submit_urb failed: -71
[  345.939804][ T5904] iforce 1-1:0.0: usb_submit_urb failed: -71
[  345.993078][ T5904] iforce 1-1:0.0: usb_submit_urb failed: -71
[  346.028474][ T5904] iforce 1-1:0.0: usb_submit_urb failed: -71
[  346.065053][ T5904] input: Unknown I-Force Device [%04x:%04x] as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input17
[  346.173280][ T5904] usb 1-1: USB disconnect, device number 42
[  346.179406][    C0] iforce 1-1:0.0: iforce_usb_irq - usb_submit_urb failed with result -19
[  346.412431][T10293] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1710'.
[  346.453322][T10298] IPVS: length: 228 != 24
[  347.124615][T10315] loop1: detected capacity change from 0 to 4096
[  347.139689][T10311] loop3: detected capacity change from 0 to 4096
[  347.158858][T10313] loop4: detected capacity change from 0 to 4096
[  347.205369][T10322] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  347.266079][T10323] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  347.296099][T10315] syz.1.1722: attempt to access beyond end of device
[  347.296099][T10315] loop1: rw=8388608, sector=26388279066816, nr_sectors = 8 limit=4096
[  347.344927][T10315] NILFS (loop1): I/O error reading meta-data file (ino=6, block-offset=1)
[  347.378708][T10313] ntfs3(loop4): ino=1a, mi_enum_attr
[  347.384081][T10313] ntfs3(loop4): Mark volume as dirty due to NTFS errors
[  347.393546][T10311] NILFS (loop3): DAT doesn't have a block to manage vblocknr = 648518346341351424
[  347.404336][   T10] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  347.432825][T10311] NILFS error (device loop3): nilfs_bmap_truncate: broken bmap (inode number=12)
[  347.489604][T10311] Remounting filesystem read-only
[  347.511825][T10311] NILFS (loop3): error -5 truncating bmap (ino=12)
[  347.605494][   T10] usb 3-1: Using ep0 maxpacket: 32
[  347.635065][   T10] usb 3-1: config 0 interface 0 has no altsetting 0
[  347.641766][   T10] usb 3-1: New USB device found, idVendor=2040, idProduct=c603, bcdDevice= 1.8e
[  347.724877][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  347.747879][   T10] usb 3-1: config 0 descriptor??
[  347.796717][ T5842] NILFS (loop3): disposed unprocessed dirty file(s) when detaching log writer
[  347.834118][   T10] usb 3-1: dvb_usb_v2: found a 'Hauppauge 126xxx ATSC+' in warm state
[  347.879453][   T10] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  347.965983][   T10] dvbdev: DVB: registering new adapter (Hauppauge 126xxx ATSC+)
[  347.989474][   T10] usb 3-1: media controller created
[  348.080703][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  348.110555][T10338] netlink: 'syz.3.1730': attribute type 10 has an invalid length.
[  348.193218][   T10] usb 3-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  348.241213][   T10] error writing reg: 0xff, val: 0x00
[  348.378332][   T10] dvb_usb_mxl111sf 3-1:0.0: probe with driver dvb_usb_mxl111sf failed with error -22
[  348.461603][   T10] usb 3-1: USB disconnect, device number 33
[  348.524283][T10348] loop5: detected capacity change from 0 to 2048
[  348.581720][T10350] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  348.605464][T10348] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  348.707098][   T31] audit: type=1326 audit(1769284142.181:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10354 comm="syz.4.1740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e84b9acb9 code=0x7ffc0000
[  348.770782][   T31] audit: type=1326 audit(1769284142.211:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10354 comm="syz.4.1740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e84b9acb9 code=0x7ffc0000
[  348.830632][   T31] audit: type=1326 audit(1769284142.211:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10354 comm="syz.4.1740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=268 compat=0 ip=0x7f6e84b9acb9 code=0x7ffc0000
[  348.957363][   T31] audit: type=1326 audit(1769284142.211:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10354 comm="syz.4.1740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e84b9acb9 code=0x7ffc0000
[  349.132490][T10363] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  349.214919][  T791] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[  349.253745][T10367] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1745'.
[  349.305679][T10367] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1745'.
[  349.375039][  T791] usb 4-1: Using ep0 maxpacket: 8
[  349.390178][  T791] usb 4-1: config 0 has an invalid interface number: 55 but max is 0
[  349.402162][  T791] usb 4-1: config 0 has no interface number 0
[  349.454913][  T791] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  349.494918][  T791] usb 4-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  349.533645][  T791] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  349.604884][  T791] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  349.614744][  T791] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  349.692561][  T791] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  349.730118][  T791] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  349.780218][  T791] usb 4-1: config 0 descriptor??
[  349.828220][  T791] ldusb 4-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  349.974884][ T5904] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  350.030798][T10386] loop0: detected capacity change from 0 to 4096
[  350.070870][T10386] ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512).
[  350.075993][T10357] ldusb 4-1:0.55: Couldn't submit interrupt_in_urb -90
[  350.124607][ T5933] usb 4-1: USB disconnect, device number 43
[  350.155809][ T5904] usb 5-1: Using ep0 maxpacket: 8
[  350.169257][ T5933] ldusb 4-1:0.55: LD USB Device #0 now disconnected
[  350.184236][ T5904] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  350.213162][ T5904] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  350.245139][T10386] ntfs3(loop0): ino=19, mi_enum_attr
[  350.251908][T10386] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[  350.259120][ T5904] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  350.323504][ T5904] usb 5-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[  350.335002][ T5904] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  350.354301][ T5904] usb 5-1: Product: syz
[  350.377049][T10386] ntfs3(loop0): failed to convert "c46c" to maccenteuro
[  350.378634][ T5904] usb 5-1: Manufacturer: syz
[  350.415148][T10386] ntfs3(loop0): ino=20, mi_enum_attr
[  350.424178][ T5904] usb 5-1: SerialNumber: syz
[  350.476597][ T5904] usb 5-1: config 0 descriptor??
[  350.498923][ T5904] streamzap 5-1:0.0: streamzap_probe: endpoint Max Packet Size is 0!?!
[  350.835013][ T5904] usb 5-1: USB disconnect, device number 38
[  351.017643][T10417] loop1: detected capacity change from 0 to 16
[  351.045627][T10417] erofs (device loop1): mounted with root inode @ nid 36.
[  351.070912][T10417] erofs (device loop1): read error -95 @ 8200 of nid 36
[  351.190365][T10421] netlink: 'syz.2.1771': attribute type 10 has an invalid length.
[  351.250017][T10421] macvlan0: entered promiscuous mode
[  351.261540][T10421] macvlan0: entered allmulticast mode
[  351.315201][T10421] veth1_vlan: entered allmulticast mode
[  351.347281][T10421] bond0: (slave macvlan0): Enslaving as an active interface with an up link
[  352.014921][ T5891] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[  352.048644][T10452] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1786'.
[  352.205044][ T5891] usb 4-1: Using ep0 maxpacket: 32
[  352.227778][ T5891] usb 4-1: unable to get BOS descriptor or descriptor too short
[  352.248392][ T5891] usb 4-1: config 128 has an invalid interface number: 127 but max is 3
[  352.287843][ T5891] usb 4-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config
[  352.331892][ T5891] usb 4-1: config 128 has 1 interface, different from the descriptor's value: 4
[  352.376574][ T5891] usb 4-1: config 128 has no interface number 0
[  352.413571][ T5891] usb 4-1: config 128 interface 127 altsetting 14 endpoint 0x5 has an invalid bInterval 0, changing to 7
[  352.435259][ T5891] usb 4-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid wMaxPacketSize 0
[  352.477839][ T5891] usb 4-1: config 128 interface 127 has no altsetting 0
[  352.500438][ T5891] usb 4-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55
[  352.510152][ T5891] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  352.522027][T10467] netlink: 'syz.4.1795': attribute type 1 has an invalid length.
[  352.531312][ T5891] usb 4-1: Product: syz
[  352.550244][ T5891] usb 4-1: Manufacturer: syz
[  352.593880][ T5891] usb 4-1: SerialNumber: syz
[  352.699735][T10473] IPv6: NLM_F_CREATE should be specified when creating new route
[  352.971640][ T5891] usb 4-1: USB disconnect, device number 44
[  353.073477][T10485] netlink: 148 bytes leftover after parsing attributes in process `syz.5.1804'.
[  353.108604][T10485] netlink: 56 bytes leftover after parsing attributes in process `syz.5.1804'.
[  353.138405][ T8518] udevd[8518]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:128.127/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  353.160891][T10485] netlink: 'syz.5.1804': attribute type 1 has an invalid length.
[  353.235283][ T5913] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  353.396459][ T5913] usb 2-1: Using ep0 maxpacket: 32
[  353.407695][ T5913] usb 2-1: config 0 interface 0 has no altsetting 0
[  353.434921][ T5913] usb 2-1: New USB device found, idVendor=2040, idProduct=c603, bcdDevice= 1.8e
[  353.444447][ T5913] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  353.486049][ T5913] usb 2-1: config 0 descriptor??
[  353.529468][ T5913] usb 2-1: dvb_usb_v2: found a 'Hauppauge 126xxx ATSC+' in warm state
[  353.587926][ T5913] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  353.631920][ T5913] dvbdev: DVB: registering new adapter (Hauppauge 126xxx ATSC+)
[  353.656094][ T5913] usb 2-1: media controller created
[  353.732813][ T5913] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  353.785724][ T5913] usb 2-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  353.792100][ T5913] error writing reg: 0xff, val: 0x00
[  353.910528][ T5913] dvb_usb_mxl111sf 2-1:0.0: probe with driver dvb_usb_mxl111sf failed with error -22
[  354.083373][ T5980] usb 2-1: USB disconnect, device number 43
[  354.525119][T10525] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate.
[  354.768523][T10531] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1827'.
[  354.863211][T10537] netlink: 'syz.4.1828': attribute type 3 has an invalid length.
[  354.923647][T10536] loop2: detected capacity change from 0 to 4096
[  355.096038][T10536] ntfs3(loop2): ino=5, "/" indx_read
[  355.533241][T10523] loop5: detected capacity change from 0 to 32768
[  355.595181][T10523] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1824 (10523)
[  355.678916][T10523] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  355.715097][ T5980] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  355.748028][T10523] BTRFS info (device loop5): using sha256 (sha256-lib) checksum algorithm
[  355.922426][ T5980] usb 3-1: New USB device found, idVendor=13d8, idProduct=0011, bcdDevice=d0.62
[  355.955043][ T5980] usb 3-1: New USB device strings: Mfr=1, Product=6, SerialNumber=3
[  355.974906][ T5980] usb 3-1: Product: syz
[  355.979180][ T5980] usb 3-1: Manufacturer: syz
[  355.982549][T10523] BTRFS info (device loop5): enabling ssd optimizations
[  355.983778][ T5980] usb 3-1: SerialNumber: syz
[  356.017627][T10523] BTRFS info (device loop5): turning on async discard
[  356.017813][ T5980] usb 3-1: config 0 descriptor??
[  356.024527][T10523] BTRFS info (device loop5): enabling free space tree
[  356.065823][ T5980] usb 3-1: selecting invalid altsetting 1
[  356.088240][ T5980] comedi comedi5: could not switch to alternate setting 1
[  356.111220][ T5980] usbduxfast 3-1:0.0: driver 'usbduxfast' failed to auto-configure device.
[  356.236952][T10582] loop1: detected capacity change from 0 to 64
[  356.325016][ T5980] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[  356.344946][ T5933] usb 1-1: new high-speed USB device number 43 using dummy_hcd
[  356.374524][ T5827] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  356.378162][ T5904] usb 3-1: USB disconnect, device number 34
[  356.505187][ T5980] usb 4-1: Using ep0 maxpacket: 32
[  356.517498][ T5980] usb 4-1: config 0 interface 0 has no altsetting 0
[  356.536562][ T5933] usb 1-1: config 0 has an invalid interface number: 197 but max is 0
[  356.554877][ T5980] usb 4-1: New USB device found, idVendor=2040, idProduct=c603, bcdDevice= 1.8e
[  356.568615][ T5933] usb 1-1: config 0 has no interface number 0
[  356.589028][ T5980] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  356.605773][ T5933] usb 1-1: config 0 interface 197 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 8
[  356.653717][ T5933] usb 1-1: config 0 interface 197 altsetting 0 bulk endpoint 0x87 has invalid maxpacket 1024
[  356.675134][ T5980] usb 4-1: config 0 descriptor??
[  356.714522][ T5980] usb 4-1: dvb_usb_v2: found a 'Hauppauge 126xxx ATSC+' in warm state
[  356.754396][ T5933] usb 1-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=bb.42
[  356.783820][ T5933] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  356.802657][ T5933] usb 1-1: Product: syz
[  356.807334][ T5980] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  356.836789][ T5980] dvbdev: DVB: registering new adapter (Hauppauge 126xxx ATSC+)
[  356.841621][ T5933] usb 1-1: Manufacturer: syz
[  356.855216][ T5980] usb 4-1: media controller created
[  356.872186][ T5933] usb 1-1: SerialNumber: syz
[  356.904766][ T5933] usb 1-1: config 0 descriptor??
[  356.914481][T10580] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  356.932200][ T5980] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  356.955286][T10580] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  357.061865][ T5980] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  357.105696][ T5980] error writing reg: 0xff, val: 0x00
[  357.164711][T10591] vti0: entered promiscuous mode
[  357.241022][ T5980] dvb_usb_mxl111sf 4-1:0.0: probe with driver dvb_usb_mxl111sf failed with error -22
[  357.294569][ T5980] usb 4-1: USB disconnect, device number 45
[  357.310618][T10591] vti0: entered allmulticast mode
[  358.168503][T10619] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1862'.
[  358.243618][T10623] loop2: detected capacity change from 0 to 128
[  358.255423][T10621] netlink: zone id is out of range
[  358.265978][T10623] minix: Unknown parameter ''
[  358.274921][T10621] netlink: zone id is out of range
[  358.305522][T10621] netlink: zone id is out of range
[  358.313772][T10621] netlink: zone id is out of range
[  358.337849][T10621] netlink: zone id is out of range
[  358.353426][T10621] netlink: zone id is out of range
[  358.372255][T10621] netlink: zone id is out of range
[  358.390163][T10621] netlink: zone id is out of range
[  358.409493][T10621] netlink: zone id is out of range
[  358.428620][T10621] netlink: zone id is out of range
[  358.655989][T10633] loop1: detected capacity change from 0 to 256
[  358.966183][T10639] loop3: detected capacity change from 0 to 1024
[  359.158143][  T791] usb 1-1: USB disconnect, device number 43
[  359.306884][ T5933] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  359.515133][ T5933] usb 3-1: Using ep0 maxpacket: 8
[  359.536239][T10650] bond1 (unregistering): Released all slaves
[  359.554743][ T5933] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  359.586230][ T5933] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0
[  359.631125][ T5933] usb 3-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52
[  359.663246][ T5933] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  359.689356][T10665] loop0: detected capacity change from 0 to 64
[  359.695617][ T5933] usb 3-1: Product: syz
[  359.695651][ T5933] usb 3-1: Manufacturer: syz
[  359.695681][ T5933] usb 3-1: SerialNumber: syz
[  359.717801][ T5933] usb 3-1: config 0 descriptor??
[  360.226837][ T5904] usb 3-1: USB disconnect, device number 35
[  360.248622][T10680] netlink: 'syz.4.1892': attribute type 23 has an invalid length.
[  360.587844][T10689] loop4: detected capacity change from 0 to 64
[  360.675286][T10689] syz.4.1897: attempt to access beyond end of device
[  360.675286][T10689] loop4: rw=8388608, sector=1024, nr_sectors = 2 limit=64
[  360.716038][T10689] Buffer I/O error on dev loop4, logical block 512, async page read
[  360.757301][T10693] xt_cgroup: path and classid specified
[  360.772623][T10689] syz.4.1897: attempt to access beyond end of device
[  360.772623][T10689] loop4: rw=8388608, sector=113152, nr_sectors = 2 limit=64
[  360.869303][T10689] Buffer I/O error on dev loop4, logical block 56576, async page read
[  361.066175][T10702] netlink: 'syz.0.1904': attribute type 21 has an invalid length.
[  361.094983][T10702] IPv6: NLM_F_CREATE should be specified when creating new route
[  361.694465][T10724] netlink: 'syz.5.1915': attribute type 12 has an invalid length.
[  361.739850][ T5847] Bluetooth: hci2: Unable to find connection with handle 0x0000
[  363.004345][T10771] loop3: detected capacity change from 0 to 512
[  363.037791][T10771] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  363.107872][T10771] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  363.161007][T10771] ext4 filesystem being mounted at /310/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  363.281796][ T5842] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  363.294886][ T5980] usb 6-1: new high-speed USB device number 40 using dummy_hcd
[  363.382733][T10785] netlink: 7 bytes leftover after parsing attributes in process `syz.4.1943'.
[  363.393459][T10785] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1943'.
[  363.403899][T10785] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1943'.
[  363.459722][ T5980] usb 6-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  363.504548][ T5980] usb 6-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18
[  363.535278][ T5980] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  363.571423][ T5980] gspca_main: stv0680-2.14.0 probing 041e:4007
[  363.673210][T10793] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1945'.
[  363.742221][T10793] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1945'.
[  363.956291][ T5933] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[  364.119341][ T5933] usb 4-1: Using ep0 maxpacket: 32
[  364.133095][ T5933] usb 4-1: config 0 has an invalid interface number: 196 but max is 0
[  364.159058][ T5933] usb 4-1: config 0 has no interface number 0
[  364.170646][ T5933] usb 4-1: config 0 interface 196 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  364.181914][ T5933] usb 4-1: config 0 interface 196 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  364.198138][ T5933] usb 4-1: config 0 interface 196 has no altsetting 0
[  364.208492][ T5933] usb 4-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a
[  364.231485][ T5933] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  364.261492][ T5933] usb 4-1: Product: syz
[  364.277415][ T5933] usb 4-1: Manufacturer: syz
[  364.291118][ T5933] usb 4-1: SerialNumber: syz
[  364.305557][T10811] capability: warning: `syz.0.1954' uses 32-bit capabilities (legacy support in use)
[  364.321844][ T5933] usb 4-1: config 0 descriptor??
[  364.560252][ T5933] ipheth 4-1:0.196: Unable to find endpoints
[  364.596771][ T5933] usb 4-1: USB disconnect, device number 46
[  364.838622][ T5980] gspca_stv0680: usb_control_msg error 2, request = 0x6, error = -71
[  364.859387][ T5980] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71
[  364.875006][ T5980] stv0680 6-1:4.0: last error: 86,  command = 0x78
[  364.924919][ T5980] usb 6-1: USB disconnect, device number 40
[  364.997676][T10826] loop0: detected capacity change from 0 to 64
[  365.751880][T10818] loop4: detected capacity change from 0 to 32768
[  365.840898][T10818] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  366.094900][T10818] XFS (loop4): Ending clean mount
[  366.112313][T10818] XFS (loop4): Quotacheck needed: Please wait.
[  366.278167][T10818] XFS (loop4): Quotacheck: Done.
[  366.327193][T10859] loop3: detected capacity change from 0 to 128
[  366.521493][T10830] loop1: detected capacity change from 0 to 32768
[  366.568173][ T5838] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  366.669263][T10830] JBD2: Ignoring recovery information on journal
[  366.744273][T10841] loop5: detected capacity change from 0 to 32768
[  366.839586][T10839] loop2: detected capacity change from 0 to 32768
[  366.878726][T10841] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  366.935468][T10830] ocfs2: Mounting device (7,1) on (node local, slot 0) with writeback data mode.
[  366.945623][T10839] 
[  366.945623][T10839]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  366.945623][T10839] 
[  367.107208][T10839] ERROR: (device loop2): dbAlloc: the hint is outside the map
[  367.107208][T10839] 
[  367.141080][T10841] XFS (loop5): Ending clean mount
[  367.187651][T10830] OCFS2: ERROR (device loop1): ocfs2_reserve_suballoc_bits: Invalid chain allocator 4106
[  367.244903][T10830] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  367.299660][T10830] OCFS2: File system is now read-only.
[  367.356845][T10830] (syz.1.1963,10830,1):ocfs2_reserve_suballoc_bits:857 ERROR: status = -30
[  367.404893][T10830] (syz.1.1963,10830,1):ocfs2_reserve_new_inode:1098 ERROR: status = -30
[  367.419545][   T37] read_mapping_page failed!
[  367.424277][   T37] ERROR: (device loop2): txAbort: 
[  367.424277][   T37] 
[  367.444892][T10830] (syz.1.1963,10830,1):ocfs2_reserve_new_inode:1121 ERROR: status = -30
[  367.458567][T10830] (syz.1.1963,10830,1):ocfs2_mknod:310 ERROR: status = -30
[  367.490805][   T37] jfs_write_inode: jfs_commit_inode failed!
[  367.501036][T10830] (syz.1.1963,10830,1):ocfs2_mknod:506 ERROR: status = -30
[  367.511132][ T5836] 
[  367.511132][ T5836]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  367.511132][ T5836] 
[  367.512111][ T5827] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  367.555185][ T5836] 
[  367.555185][ T5836]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  367.555185][ T5836] 
[  367.565228][T10830] (syz.1.1963,10830,1):ocfs2_mkdir:662 ERROR: status = -30
[  368.035093][ T5826] ocfs2: Unmounting device (7,1) on (node local)
[  368.715897][ T5904] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[  368.758858][T10903] loop2: detected capacity change from 0 to 2048
[  368.768810][T10906] loop4: detected capacity change from 0 to 512
[  368.869755][T10906] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  368.882685][T10903] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  368.899403][ T5904] usb 4-1: Using ep0 maxpacket: 16
[  368.939296][ T5904] usb 4-1: config index 0 descriptor too short (expected 65, got 36)
[  368.945146][T10906] ext4 filesystem being mounted at /353/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  368.990798][T10906] Quota error (device loop4): do_check_range: Getting block 83886082 out of range 1-5
[  368.994987][ T5904] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  369.024956][T10906] Quota error (device loop4): qtree_read_dquot: Can't read quota structure for id 0
[  369.068855][ T5904] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  369.099081][T10906] EXT4-fs error (device loop4): ext4_acquire_dquot:6984: comm syz.4.1992: Failed to acquire dquot type 1
[  369.133246][ T5904] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  369.183570][ T5836] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  369.206236][ T5904] usb 4-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00
[  369.244849][ T5904] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  369.271926][T10885] loop5: detected capacity change from 0 to 32768
[  369.279991][ T5904] usb 4-1: config 0 descriptor??
[  369.302776][ T5904] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input19
[  369.348542][ T5176] pxrc 4-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  369.400886][T10885] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  369.475839][ T5838] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  369.531173][T10927] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  369.591390][T10885] XFS (loop5): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  369.691458][ T5176] pxrc 4-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  369.705842][T10885] XFS (loop5): Starting recovery (logdev: internal)
[  369.761379][ T5904] usb 4-1: USB disconnect, device number 47
[  369.802941][ T5176] pxrc 4-1:0.0: pxrc_open - usb_submit_urb failed, error: -19
[  369.844894][T10885] XFS (loop5): Ending recovery (logdev: internal)
[  369.862618][T10885] XFS (loop5): AG 0: Corrupt finobt pointer at level 1 index 0.
[  369.893246][T10885] XFS (loop5): Failed to initialize disk quotas, err -117.
[  370.041424][T10885] XFS (loop5): AG 0: Corrupt finobt pointer at level 1 index 0.
[  370.220602][ T5827] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  370.221269][ T5827] XFS (loop5): Uncorrected metadata errors detected; please run xfs_repair.
[  370.311743][T10943] program syz.4.2003 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  370.359729][T10944] loop2: detected capacity change from 0 to 128
[  370.376797][T10944] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  370.378673][T10944] ext4 filesystem being mounted at /359/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  370.675866][ T5836] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  370.788350][T10948] loop1: detected capacity change from 0 to 4096
[  370.817400][T10948] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512).
[  370.876310][T10948] ntfs3(loop1): ino=19, mi_enum_attr
[  370.914302][T10948] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[  371.038983][T10948] ntfs3(loop1): failed to convert "c46c" to cp1251
[  371.079787][T10948] ntfs3(loop1): ino=20, mi_enum_attr
[  371.326079][T10960] bond1 (unregistering): Released all slaves
[  371.581076][T10974] ipt_REJECT: TCP_RESET invalid for non-tcp
[  371.584324][T10975] ip6t_REJECT: ECHOREPLY is not supported
[  371.854917][ T5913] usb 6-1: new high-speed USB device number 41 using dummy_hcd
[  371.893203][T10986] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2024'.
[  371.998209][T10986] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2024'.
[  372.045999][ T5913] usb 6-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00
[  372.093340][ T5913] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  372.124891][ T5913] usb 6-1: Product: syz
[  372.131249][ T5913] usb 6-1: Manufacturer: syz
[  372.159785][ T5913] usb 6-1: SerialNumber: syz
[  372.198940][ T5913] usb 6-1: config 0 descriptor??
[  372.417621][ T5913] hso 6-1:0.0: Can't find BULK IN endpoint
[  372.427186][T11000] net_ratelimit: 392 callbacks suppressed
[  372.427212][T11000] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  372.451824][ T5913] usb-storage 6-1:0.0: USB Mass Storage device detected
[  372.572310][T10998] loop1: detected capacity change from 0 to 8192
[  372.588247][T10998] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  372.653024][ T5913] usb 6-1: USB disconnect, device number 41
[  372.950129][T11012] bond1 (unregistering): Released all slaves
[  373.734351][T11036] loop5: detected capacity change from 0 to 1024
[  373.757237][ T5904] usb 4-1: new high-speed USB device number 48 using dummy_hcd
[  373.886994][T11036] hfsplus: xattr searching failed
[  373.930179][ T5904] usb 4-1: config 0 has an invalid interface number: 255 but max is 0
[  373.964950][ T5904] usb 4-1: config 0 has no interface number 0
[  373.998590][ T5904] usb 4-1: New USB device found, idVendor=0b95, idProduct=2790, bcdDevice=c4.f4
[  374.014498][ T5904] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  374.033878][ T5904] usb 4-1: Product: syz
[  374.039276][ T5904] usb 4-1: Manufacturer: syz
[  374.054133][ T5904] usb 4-1: SerialNumber: syz
[  374.086165][ T5904] usb 4-1: config 0 descriptor??
[  374.090173][T11009] loop0: detected capacity change from 0 to 32768
[  374.180881][T11009] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  374.346007][T11059] loop1: detected capacity change from 0 to 8
[  374.375610][ T5904] usb 4-1: USB disconnect, device number 48
[  374.398174][T11009] XFS (loop0): Ending clean mount
[  374.432437][T11009] XFS (loop0): Quotacheck needed: Please wait.
[  374.504990][T11061] netlink: 'syz.5.2056': attribute type 31 has an invalid length.
[  374.525312][   T31] audit: type=1800 audit(1769284167.991:15): pid=11059 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2055" name="file1" dev="loop1" ino=5 res=0 errno=0
[  374.530322][T11009] XFS (loop0): Quotacheck: Done.
[  374.919247][ T5828] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  375.135079][  T791] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  375.314941][  T791] usb 3-1: Using ep0 maxpacket: 16
[  375.334048][  T791] usb 3-1: config index 0 descriptor too short (expected 65, got 36)
[  375.360613][  T791] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  375.384849][  T791] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  375.415089][  T791] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  375.433624][T11083] loop1: detected capacity change from 0 to 4096
[  375.444156][  T791] usb 3-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00
[  375.493011][  T791] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  375.547262][  T791] usb 3-1: config 0 descriptor??
[  375.633964][  T791] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input20
[  375.701343][ T5176] pxrc 3-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  375.704346][T11089] netlink: 148 bytes leftover after parsing attributes in process `syz.4.2070'.
[  375.785947][T11089] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2070'.
[  375.803143][  T791] usb 3-1: USB disconnect, device number 36
[  375.835204][T11089] netlink: 'syz.4.2070': attribute type 1 has an invalid length.
[  375.878936][ T5176] pxrc 3-1:0.0: pxrc_open - usb_submit_urb failed, error: -19
[  376.506912][  T791] usb 6-1: new high-speed USB device number 42 using dummy_hcd
[  376.668039][  T791] usb 6-1: config 0 has an invalid interface number: 255 but max is 0
[  376.680165][  T791] usb 6-1: config 0 has no interface number 0
[  376.748834][  T791] usb 6-1: New USB device found, idVendor=0b95, idProduct=2790, bcdDevice=c4.f4
[  376.775026][  T791] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  376.794309][  T791] usb 6-1: Product: syz
[  376.823013][  T791] usb 6-1: Manufacturer: syz
[  376.834907][  T791] usb 6-1: SerialNumber: syz
[  376.848462][  T791] usb 6-1: config 0 descriptor??
[  377.046455][  T791] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  377.122096][T11102] loop4: detected capacity change from 0 to 32768
[  377.130908][T11102] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.2076 (11102)
[  377.156716][ T5904] usb 6-1: USB disconnect, device number 42
[  377.169708][T11102] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  377.199301][T11102] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm
[  377.225130][ T5891] usb 1-1: new high-speed USB device number 44 using dummy_hcd
[  377.232952][  T791] usb 2-1: Using ep0 maxpacket: 8
[  377.260757][  T791] usb 2-1: config 0 has an invalid interface number: 55 but max is 0
[  377.291483][  T791] usb 2-1: config 0 has no interface number 0
[  377.315960][  T791] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  377.352509][  T791] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  377.353749][T11102] BTRFS info (device loop4): enabling ssd optimizations
[  377.396131][T11102] BTRFS info (device loop4): turning on async discard
[  377.412881][  T791] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  377.427549][T11102] BTRFS info (device loop4): enabling free space tree
[  377.448319][ T5891] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  377.463241][  T791] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  377.485929][ T5891] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  377.517147][  T791] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  377.536202][ T5891] usb 1-1: config 0 descriptor??
[  377.551745][  T791] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  377.565683][ T5891] cp210x 1-1:0.0: cp210x converter detected
[  377.578235][  T791] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  377.662189][  T791] usb 2-1: config 0 descriptor??
[  377.686597][  T791] ldusb 2-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  377.706601][ T5838] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  378.026593][T11120] ldusb 2-1:0.55: Couldn't submit interrupt_in_urb -90
[  378.037631][ T5891] cp210x 1-1:0.0: failed to get vendor val 0x000e size 3: -71
[  378.048760][ T5913] usb 2-1: USB disconnect, device number 44
[  378.077558][ T5891] cp210x 1-1:0.0: failed to get vendor val 0x370c size 73: -71
[  378.085765][ T5891] cp210x 1-1:0.0: GPIO initialisation failed: -71
[  378.119668][ T5891] usb 1-1: cp210x converter now attached to ttyUSB0
[  378.127372][ T5913] ldusb 2-1:0.55: LD USB Device #0 now disconnected
[  378.208502][ T5891] usb 1-1: USB disconnect, device number 44
[  378.265646][ T5891] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  378.284566][ T5891] cp210x 1-1:0.0: device disconnected
[  378.349837][T11157] loop4: detected capacity change from 0 to 4096
[  378.426992][T11157] ntfs3(loop4): Different NTFS sector size (4096) and media sector size (512).
[  378.534086][T11157] ntfs3(loop4): ino=19, mi_enum_attr
[  378.539660][T11157] ntfs3(loop4): Mark volume as dirty due to NTFS errors
[  378.600110][T11137] loop3: detected capacity change from 0 to 32768
[  378.628821][T11157] ntfs3(loop4): failed to convert "c46c" to cp1251
[  378.655967][T11157] ntfs3(loop4): ino=20, mi_enum_attr
[  378.684130][T11163] loop5: detected capacity change from 0 to 64
[  378.742036][T11137] 
[  378.742036][T11137]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  378.742036][T11137] 
[  378.840770][T11137] ERROR: (device loop3): dbAlloc: the hint is outside the map
[  378.840770][T11137] 
[  378.936074][T11167] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2100'.
[  379.117918][   T60] read_mapping_page failed!
[  379.122504][   T60] ERROR: (device loop3): txAbort: 
[  379.122504][   T60] 
[  379.185964][   T60] jfs_write_inode: jfs_commit_inode failed!
[  379.205730][ T5842] 
[  379.205730][ T5842]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  379.205730][ T5842] 
[  379.275975][ T5842] 
[  379.275975][ T5842]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  379.275975][ T5842] 
[  379.596055][T11185] loop2: detected capacity change from 0 to 512
[  379.647469][T11185] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  379.762110][T11185] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  379.784379][T11185] ext4 filesystem being mounted at /385/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  379.864282][T11198] loop4: detected capacity change from 0 to 512
[  379.880210][T11197] Unsupported ieee802154 address type: 0
[  379.968367][T11185] Quota error (device loop2): do_check_range: Getting dqdh_next_free 4294967294 out of range 0-8
[  380.016343][T11185] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[  380.016533][T11198] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  380.050891][T11185] EXT4-fs error (device loop2): ext4_acquire_dquot:6984: comm syz.2.2109: Failed to acquire dquot type 0
[  380.147819][T11198] ext4 filesystem being mounted at /375/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  380.245980][ T5836] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  380.682490][ T5838] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  380.954482][   T31] audit: type=1326 audit(1769284174.421:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11224 comm="syz.4.2124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e84b9acb9 code=0x7ffc0000
[  380.963193][ T5847] Bluetooth: hci2: unexpected event for opcode 0x2010
[  381.093367][   T31] audit: type=1326 audit(1769284174.421:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11224 comm="syz.4.2124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e84b9acb9 code=0x7ffc0000
[  381.170967][   T31] audit: type=1326 audit(1769284174.461:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11224 comm="syz.4.2124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e84b9acb9 code=0x7ffc0000
[  381.186287][T11233] loop1: detected capacity change from 0 to 1764
[  381.245847][ T5847] Bluetooth: hci5: unexpected event for opcode 0x2040
[  381.275155][   T31] audit: type=1326 audit(1769284174.461:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11224 comm="syz.4.2124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e84b9acb9 code=0x7ffc0000
[  381.336139][   T31] audit: type=1326 audit(1769284174.461:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11224 comm="syz.4.2124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=459 compat=0 ip=0x7f6e84b9acb9 code=0x7ffc0000
[  381.383905][   T31] audit: type=1326 audit(1769284174.461:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11224 comm="syz.4.2124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e84b9acb9 code=0x7ffc0000
[  381.490506][   T31] audit: type=1326 audit(1769284174.461:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11224 comm="syz.4.2124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e84b9acb9 code=0x7ffc0000
[  381.575545][T11240] loop2: detected capacity change from 0 to 4096
[  381.583251][T11240] EXT4-fs: Ignoring removed mblk_io_submit option
[  381.604880][   T31] audit: type=1326 audit(1769284174.471:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11224 comm="syz.4.2124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e84b9acb9 code=0x7ffc0000
[  381.647887][T11240] EXT4-fs (loop2): Test dummy encryption mode enabled
[  381.682186][T11248] ip6t_srh: unknown srh match flags  4000
[  381.755911][T11240] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  382.004395][T11254] loop3: detected capacity change from 0 to 256
[  382.026419][T11254] vfat: Deprecated parameter 'posix'
[  382.053651][T11254] FAT-fs: "posix" option is obsolete, not supported now
[  382.095096][ T5836] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  382.469494][T11264] vti0: entered promiscuous mode
[  382.514286][T11264] vti0: entered allmulticast mode
[  382.815736][T11274] loop0: detected capacity change from 0 to 512
[  382.903715][T11274] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  383.063652][T11284] loop5: detected capacity change from 0 to 764
[  383.083620][T11274] EXT4-fs (loop0): 1 orphan inode deleted
[  383.107381][ T4879] EXT4-fs error (device loop0): ext4_release_dquot:7020: comm kworker/u8:9: Failed to release dquot type 1
[  383.190436][T11274] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  383.260185][T11274] ext4 filesystem being mounted at /336/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  383.292052][T11258] loop4: detected capacity change from 0 to 32768
[  383.361693][T11258] JBD2: Ignoring recovery information on journal
[  383.412973][T11293] tmpfs: Bad value for 'mpol'
[  383.607063][T11258] ocfs2: Mounting device (7,4) on (node local, slot 0) with writeback data mode.
[  383.657668][ T5828] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  383.786781][T11258] OCFS2: ERROR (device loop4): ocfs2_reserve_suballoc_bits: Invalid chain allocator 4106
[  383.833354][T11258] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  383.900143][T11258] OCFS2: File system is now read-only.
[  383.938266][T11258] (syz.4.2141,11258,1):ocfs2_reserve_suballoc_bits:857 ERROR: status = -30
[  384.051807][T11258] (syz.4.2141,11258,1):ocfs2_reserve_new_inode:1098 ERROR: status = -30
[  384.077846][T11309] ip6t_srh: unknown srh invflags 4000
[  384.112352][T11258] (syz.4.2141,11258,1):ocfs2_reserve_new_inode:1121 ERROR: status = -30
[  384.112452][T11310] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2165'.
[  384.140683][T11258] (syz.4.2141,11258,1):ocfs2_mknod:310 ERROR: status = -30
[  384.181823][T11258] (syz.4.2141,11258,1):ocfs2_mknod:506 ERROR: status = -30
[  384.242721][T11258] (syz.4.2141,11258,1):ocfs2_mkdir:662 ERROR: status = -30
[  384.355607][T11316] loop0: detected capacity change from 0 to 64
[  384.527158][ T5838] ocfs2: Unmounting device (7,4) on (node local)
[  384.531419][T11322] loop1: detected capacity change from 0 to 128
[  384.584516][T11322] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  384.650347][T11322] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  384.687288][T11324] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  384.762966][T11322] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 93: 0x5d != 0x05
[  384.809438][T11322] UDF-fs: error (device loop1): udf_count_free_bitmap: udf_count_free failed
[  384.957783][ T5847] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  384.967395][ T5847] Bluetooth: hci2: Injecting HCI hardware error event
[  384.976223][ T5847] Bluetooth: hci2: hardware error 0x00
[  385.805238][T11358] loop0: detected capacity change from 0 to 16
[  385.856656][T11358] erofs (device loop0): mounted with root inode @ nid 36.
[  385.876440][T11359] netlink: 'syz.4.2187': attribute type 1 has an invalid length.
[  385.902828][T11358] cifs: Unknown parameter 'cache_strategy'
[  385.919404][T11358] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  385.975060][T11365] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  386.003715][T11358] CIFS mount error: No usable UNC path provided in device string!
[  386.003715][T11358] 
[  386.045154][T11358] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  386.404598][T11333] loop3: detected capacity change from 0 to 32768
[  386.503360][T11380] loop1: detected capacity change from 0 to 16
[  386.585382][T11380] erofs (device loop1): mounted with root inode @ nid 36.
[  386.652606][T11380] erofs (device loop1): bogus lookback distance 1388 @ lcn 42 of nid 36
[  386.700094][T11380] erofs (device loop1): failed to decompress (lz4) -117 @ pa 4096 size 4096 => 1851
[  386.742887][T11380] erofs (device loop1): read error -117 @ 43 of nid 36
[  386.759778][T11386] loop4: detected capacity change from 0 to 128
[  386.787096][T11389] loop2: detected capacity change from 0 to 64
[  386.871223][T11386] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  387.026290][T11386] ext4 filesystem being mounted at /385/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  387.124707][ T5847] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  387.370246][ T5838] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  387.479051][T11405] Illegal XDP return value 188 on prog  (id 98) dev N/A, expect packet loss!
[  387.785509][T11414] EXT4-fs (loop1): 1 orphan inode deleted
[  387.807820][ T1878] __quota_error: 3 callbacks suppressed
[  387.807853][ T1878] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  387.894051][ T1878] EXT4-fs error (device loop1): ext4_release_dquot:7020: comm kworker/u8:5: Failed to release dquot type 1
[  387.933949][T11420] set_capacity_and_notify: 1 callbacks suppressed
[  387.933978][T11420] loop4: detected capacity change from 0 to 16
[  387.942414][T11414] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  387.989683][T11420] erofs (device loop4): mounted with root inode @ nid 36.
[  388.023682][T11414] ext4 filesystem being mounted at /372/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  388.074664][T11426] xt_CT: You must specify a L4 protocol and not use inversions on it
[  388.252161][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  388.258757][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  388.314567][ T5826] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  388.349621][T11430] openvswitch: netlink: ERSPAN option length err (len 256, max 255).
[  388.791202][T11442] loop1: detected capacity change from 0 to 4096
[  388.896054][T11442] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  388.930338][T11444] loop2: detected capacity change from 0 to 1764
[  389.200972][ T5826] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  389.957542][T11480] loop5: detected capacity change from 0 to 64
[  390.620692][T11503] loop4: detected capacity change from 0 to 256
[  390.813845][T11510] loop5: detected capacity change from 0 to 128
[  390.940803][T11510] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  391.023702][T11510] ext4 filesystem being mounted at /356/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  391.188156][T11523] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2262'.
[  391.222279][T11523] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  391.301885][T11526] nvme_fabrics: unknown parameter or missing value '‚' in ctrl creation request
[  391.326934][ T5827] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  391.534863][   T31] audit: type=1326 audit(1769284185.001:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11530 comm="syz.1.2267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd61019acb9 code=0x7ffc0000
[  391.585864][T11529] loop2: detected capacity change from 0 to 4096
[  391.638210][   T31] audit: type=1326 audit(1769284185.031:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11530 comm="syz.1.2267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd61019acb9 code=0x7ffc0000
[  391.664479][T11536] netlink: 'syz.4.2268': attribute type 1 has an invalid length.
[  391.703225][T11538] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  391.756054][   T31] audit: type=1326 audit(1769284185.031:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11530 comm="syz.1.2267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=303 compat=0 ip=0x7fd61019acb9 code=0x7ffc0000
[  391.796469][T11529] NILFS (loop2): DAT doesn't have a block to manage vblocknr = 648518346341351424
[  391.847806][T11529] NILFS error (device loop2): nilfs_bmap_truncate: broken bmap (inode number=12)
[  391.877271][   T31] audit: type=1326 audit(1769284185.031:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11530 comm="syz.1.2267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd61019acb9 code=0x7ffc0000
[  391.902064][T11529] Remounting filesystem read-only
[  391.915522][T11542] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2271'.
[  391.934773][T11529] NILFS (loop2): error -5 truncating bmap (ino=12)
[  392.010847][   T31] audit: type=1326 audit(1769284185.031:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11530 comm="syz.1.2267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd61019acb9 code=0x7ffc0000
[  392.182889][ T5836] NILFS (loop2): disposed unprocessed dirty file(s) when detaching log writer
[  392.204329][T11549] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2274'.
[  392.533419][T11557] loop4: detected capacity change from 0 to 1024
[  392.794725][T11564] usb usb9: usbfs: process 11564 (syz.2.2281) did not claim interface 0 before use
[  392.806363][T11566] Cannot find set identified by id 0 to match
[  392.829788][   T37] hfsplus: b-tree write err: -5, ino 4
[  393.239464][T11575] bond1 (unregistering): Released all slaves
[  393.265164][T11533] loop5: detected capacity change from 0 to 32768
[  393.309987][T11583] loop1: detected capacity change from 0 to 256
[  393.341536][T11533] 
[  393.341536][T11533]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  393.341536][T11533] 
[  393.383483][T11583] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x9059ffb0, utbl_chksum : 0xe619d30d)
[  393.416390][T11533] 
[  393.416390][T11533]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  393.416390][T11533] 
[  393.477441][T11533] 
[  393.477441][T11533]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  393.477441][T11533] 
[  393.550137][  T110] 
[  393.550137][  T110]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  393.550137][  T110] 
[  393.652657][T11584] loop4: detected capacity change from 0 to 4096
[  393.764056][   T60] 
[  393.764056][   T60]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  393.764056][   T60] 
[  393.785194][T11589] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  393.814945][   T60] 
[  393.814945][   T60]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  393.814945][   T60] 
[  393.827603][ T5827] 
[  393.827603][ T5827]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  393.827603][ T5827] 
[  393.842839][ T5827] 
[  393.842839][ T5827]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  393.842839][ T5827] 
[  393.865969][  T111] ==================================================================
[  393.874074][  T111] BUG: KASAN: slab-use-after-free in _raw_spin_lock_irqsave+0x3a/0x60
[  393.882266][  T111] Read of size 1 at addr ffff88807da988d8 by task jfsCommit/111
[  393.889922][  T111] 
[  393.892254][  T111] CPU: 0 UID: 0 PID: 111 Comm: jfsCommit Not tainted syzkaller #0 PREEMPT(full) 
[  393.892300][  T111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  393.892326][  T111] Call Trace:
[  393.892340][  T111]  <TASK>
[  393.892355][  T111]  dump_stack_lvl+0x100/0x190
[  393.892407][  T111]  print_report+0x156/0x4c9
[  393.892460][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  393.892508][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  393.892555][  T111]  ? __phys_addr+0xe8/0x180
[  393.892619][  T111]  ? _raw_spin_lock_irqsave+0x3a/0x60
[  393.892659][  T111]  kasan_report+0xdf/0x1a0
[  393.892701][  T111]  ? _raw_spin_lock_irqsave+0x3a/0x60
[  393.892746][  T111]  ? _raw_spin_lock_irqsave+0x3a/0x60
[  393.892805][  T111]  __kasan_check_byte+0x36/0x50
[  393.892850][  T111]  lock_acquire+0xf5/0x330
[  393.892912][  T111]  ? __pfx_osq_unlock+0x10/0x10
[  393.892954][  T111]  ? __mutex_lock+0x151d/0x1b90
[  393.893004][  T111]  _raw_spin_lock_irqsave+0x3a/0x60
[  393.893044][  T111]  ? __mutex_lock+0x31c/0x1b90
[  393.893092][  T111]  __mutex_lock+0x31c/0x1b90
[  393.893143][  T111]  ? jfs_syncpt+0x2a/0xa0
[  393.893181][  T111]  ? __pfx___mutex_lock+0x10/0x10
[  393.893235][  T111]  ? do_raw_spin_lock+0x128/0x260
[  393.893281][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  393.893331][  T111]  ? find_held_lock+0x2b/0x80
[  393.893380][  T111]  ? txEnd+0x30b/0x490
[  393.893419][  T111]  ? jfs_syncpt+0x2a/0xa0
[  393.893451][  T111]  jfs_syncpt+0x2a/0xa0
[  393.893487][  T111]  txEnd+0x318/0x490
[  393.893525][  T111]  jfs_lazycommit+0x748/0xab0
[  393.893571][  T111]  ? __pfx_jfs_lazycommit+0x10/0x10
[  393.893613][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  393.893660][  T111]  ? rcu_is_watching+0x12/0xc0
[  393.893708][  T111]  ? __pfx_default_wake_function+0x10/0x10
[  393.893763][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  393.893811][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  393.893864][  T111]  ? __kthread_parkme+0x18c/0x230
[  393.893924][  T111]  ? __pfx_jfs_lazycommit+0x10/0x10
[  393.893964][  T111]  kthread+0x3b3/0x730
[  393.894001][  T111]  ? __pfx_kthread+0x10/0x10
[  393.894036][  T111]  ? ret_from_fork+0x79/0xaf0
[  393.894076][  T111]  ? ret_from_fork+0x79/0xaf0
[  393.894114][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  393.894159][  T111]  ? rcu_is_watching+0x12/0xc0
[  393.894203][  T111]  ? __pfx_kthread+0x10/0x10
[  393.894240][  T111]  ret_from_fork+0x754/0xaf0
[  393.894282][  T111]  ? __pfx_ret_from_fork+0x10/0x10
[  393.894323][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  393.894371][  T111]  ? __switch_to+0x7b9/0x10c0
[  393.894421][  T111]  ? __pfx_kthread+0x10/0x10
[  393.894459][  T111]  ret_from_fork_asm+0x1a/0x30
[  393.894531][  T111]  </TASK>
[  393.894545][  T111] 
[  393.895104][T11591] netlink: 'syz.2.2293': attribute type 1 has an invalid length.
[  393.903647][  T111] Allocated by task 11533:
[  393.903673][  T111]  kasan_save_stack+0x30/0x50
[  394.172493][  T111]  kasan_save_track+0x14/0x30
[  394.177237][  T111]  __kasan_kmalloc+0xaa/0xb0
[  394.181864][  T111]  lmLogOpen+0x571/0x1360
[  394.186225][  T111]  jfs_mount_rw+0x2e0/0x690
[  394.190785][  T111]  jfs_fill_super+0xbc0/0xf50
[  394.195526][  T111]  get_tree_bdev_flags+0x38c/0x620
[  394.200668][  T111]  vfs_get_tree+0x92/0x320
[  394.205194][  T111]  path_mount+0x7d0/0x23c0
[  394.209623][  T111]  __x64_sys_mount+0x293/0x310
[  394.214397][  T111]  do_syscall_64+0xc9/0xf80
[  394.218927][  T111]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  394.224839][  T111] 
[  394.227157][  T111] Freed by task 5827:
[  394.231129][  T111]  kasan_save_stack+0x30/0x50
[  394.235834][  T111]  kasan_save_track+0x14/0x30
[  394.240545][  T111]  kasan_save_free_info+0x3b/0x70
[  394.245591][  T111]  __kasan_slab_free+0x5f/0x80
[  394.250366][  T111]  kfree+0x1c7/0x690
[  394.254288][  T111]  lmLogClose+0x55f/0x6f0
[  394.258625][  T111]  jfs_umount+0x2f0/0x410
[  394.262984][  T111]  jfs_put_super+0x88/0x1a0
[  394.267501][  T111]  generic_shutdown_super+0x15f/0x360
[  394.273160][  T111]  kill_block_super+0x3b/0xa0
[  394.277860][  T111]  deactivate_locked_super+0xc1/0x1b0
[  394.283262][  T111]  deactivate_super+0xe7/0x110
[  394.288162][  T111]  cleanup_mnt+0x21f/0x450
[  394.292608][  T111]  task_work_run+0x150/0x240
[  394.297213][  T111]  exit_to_user_mode_loop+0x100/0x4b0
[  394.302681][  T111]  do_syscall_64+0x4fe/0xf80
[  394.307289][  T111]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  394.313199][  T111] 
[  394.315527][  T111] The buggy address belongs to the object at ffff88807da98800
[  394.315527][  T111]  which belongs to the cache kmalloc-1k of size 1024
[  394.329590][  T111] The buggy address is located 216 bytes inside of
[  394.329590][  T111]  freed 1024-byte region [ffff88807da98800, ffff88807da98c00)
[  394.343499][  T111] 
[  394.345838][  T111] The buggy address belongs to the physical page:
[  394.352255][  T111] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807da99000 pfn:0x7da98
[  394.362345][  T111] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  394.370860][  T111] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
[  394.379373][  T111] page_type: f5(slab)
[  394.383364][  T111] raw: 00fff00000000240 ffff88813ff26dc0 ffffea0001653e10 ffffea00015c4010
[  394.391962][  T111] raw: ffff88807da99000 000000000010000f 00000000f5000000 0000000000000000
[  394.400566][  T111] head: 00fff00000000240 ffff88813ff26dc0 ffffea0001653e10 ffffea00015c4010
[  394.409466][  T111] head: ffff88807da99000 000000000010000f 00000000f5000000 0000000000000000
[  394.418153][  T111] head: 00fff00000000003 ffffea0001f6a601 00000000ffffffff 00000000ffffffff
[  394.426837][  T111] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  394.435507][  T111] page dumped because: kasan: bad access detected
[  394.442012][  T111] page_owner tracks the page as allocated
[  394.447747][  T111] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5904, tgid 5904 (kworker/0:4), ts 110884514608, free_ts 110778513718
[  394.467156][  T111]  post_alloc_hook+0x1e1/0x250
[  394.471969][  T111]  get_page_from_freelist+0xe3d/0x2e10
[  394.477459][  T111]  __alloc_frozen_pages_noprof+0x26c/0x2410
[  394.483392][  T111]  alloc_pages_mpol+0x1fb/0x550
[  394.488257][  T111]  new_slab+0x2c4/0x440
[  394.492433][  T111]  ___slab_alloc+0xda3/0x1ca0
[  394.497135][  T111]  __slab_alloc.isra.0+0x63/0x110
[  394.502274][  T111]  __kmalloc_noprof+0x618/0x9c0
[  394.507148][  T111]  ___neigh_create+0x150d/0x2910
[  394.512102][  T111]  ip6_finish_output2+0x11aa/0x1cd0
[  394.517313][  T111]  __ip6_finish_output+0x3cd/0x10d0
[  394.522527][  T111]  ip6_output+0x2aa/0xa60
[  394.526883][  T111]  NF_HOOK.constprop.0+0x114/0x8b0
[  394.532015][  T111]  mld_sendpack+0x8f7/0xec0
[  394.536623][  T111]  mld_ifc_work+0x75a/0xc10
[  394.541141][  T111]  process_one_work+0x9c2/0x1840
[  394.546098][  T111] page last free pid 2994 tgid 2994 stack trace:
[  394.552422][  T111]  __free_frozen_pages+0x822/0x1130
[  394.557641][  T111]  qlist_free_all+0x47/0xe0
[  394.562174][  T111]  kasan_quarantine_reduce+0x1a0/0x1f0
[  394.567667][  T111]  __kasan_slab_alloc+0x69/0x90
[  394.572701][  T111]  __kmalloc_cache_noprof+0x2e1/0x810
[  394.578112][  T111]  __ipv6_dev_mc_inc+0x2f1/0xbc0
[  394.583068][  T111]  addrconf_dad_work+0x276/0x1360
[  394.588107][  T111]  process_one_work+0x9c2/0x1840
[  394.593060][  T111]  worker_thread+0x5da/0xe40
[  394.597664][  T111]  kthread+0x3b3/0x730
[  394.601737][  T111]  ret_from_fork+0x754/0xaf0
[  394.606338][  T111]  ret_from_fork_asm+0x1a/0x30
[  394.611129][  T111] 
[  394.613441][  T111] Memory state around the buggy address:
[  394.619069][  T111]  ffff88807da98780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  394.627217][  T111]  ffff88807da98800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  394.635469][  T111] >ffff88807da98880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  394.643548][  T111]                                                     ^
[  394.650482][  T111]  ffff88807da98900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  394.658551][  T111]  ffff88807da98980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  394.666970][  T111] ==================================================================
[  394.675139][  T111] Disabling lock debugging due to kernel taint
[  394.681453][  T111] ==================================================================
[  394.689512][  T111] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x23b/0x260
[  394.697350][  T111] Read of size 4 at addr ffff88807da988c4 by task jfsCommit/111
[  394.704985][  T111] 
[  394.707312][  T111] CPU: 0 UID: 0 PID: 111 Comm: jfsCommit Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  394.707363][  T111] Tainted: [B]=BAD_PAGE
[  394.707377][  T111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  394.707399][  T111] Call Trace:
[  394.707415][  T111]  <TASK>
[  394.707430][  T111]  dump_stack_lvl+0x100/0x190
[  394.707478][  T111]  print_report+0x156/0x4c9
[  394.707527][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  394.707571][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  394.707614][  T111]  ? __phys_addr+0xe8/0x180
[  394.707673][  T111]  ? do_raw_spin_lock+0x23b/0x260
[  394.707711][  T111]  kasan_report+0xdf/0x1a0
[  394.707750][  T111]  ? do_raw_spin_lock+0x23b/0x260
[  394.707794][  T111]  do_raw_spin_lock+0x23b/0x260
[  394.707832][  T111]  ? __kasan_check_byte+0x36/0x50
[  394.707868][  T111]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  394.707907][  T111]  ? lock_acquire+0xf5/0x330
[  394.707962][  T111]  ? __pfx_osq_unlock+0x10/0x10
[  394.708001][  T111]  ? __mutex_lock+0x151d/0x1b90
[  394.708048][  T111]  _raw_spin_lock_irqsave+0x42/0x60
[  394.708091][  T111]  ? __mutex_lock+0x31c/0x1b90
[  394.708136][  T111]  __mutex_lock+0x31c/0x1b90
[  394.708183][  T111]  ? jfs_syncpt+0x2a/0xa0
[  394.708220][  T111]  ? __pfx___mutex_lock+0x10/0x10
[  394.708270][  T111]  ? do_raw_spin_lock+0x128/0x260
[  394.708313][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  394.708356][  T111]  ? find_held_lock+0x2b/0x80
[  394.708400][  T111]  ? txEnd+0x30b/0x490
[  394.708436][  T111]  ? jfs_syncpt+0x2a/0xa0
[  394.708466][  T111]  jfs_syncpt+0x2a/0xa0
[  394.708499][  T111]  txEnd+0x318/0x490
[  394.708535][  T111]  jfs_lazycommit+0x748/0xab0
[  394.708577][  T111]  ? __pfx_jfs_lazycommit+0x10/0x10
[  394.708615][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  394.708659][  T111]  ? rcu_is_watching+0x12/0xc0
[  394.708704][  T111]  ? __pfx_default_wake_function+0x10/0x10
[  394.708755][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  394.708799][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  394.708843][  T111]  ? __kthread_parkme+0x18c/0x230
[  394.708899][  T111]  ? __pfx_jfs_lazycommit+0x10/0x10
[  394.708936][  T111]  kthread+0x3b3/0x730
[  394.708970][  T111]  ? __pfx_kthread+0x10/0x10
[  394.709002][  T111]  ? ret_from_fork+0x79/0xaf0
[  394.709039][  T111]  ? ret_from_fork+0x79/0xaf0
[  394.709075][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  394.709123][  T111]  ? rcu_is_watching+0x12/0xc0
[  394.709167][  T111]  ? __pfx_kthread+0x10/0x10
[  394.709201][  T111]  ret_from_fork+0x754/0xaf0
[  394.709239][  T111]  ? __pfx_ret_from_fork+0x10/0x10
[  394.709278][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  394.709321][  T111]  ? __switch_to+0x7b9/0x10c0
[  394.709369][  T111]  ? __pfx_kthread+0x10/0x10
[  394.709403][  T111]  ret_from_fork_asm+0x1a/0x30
[  394.709470][  T111]  </TASK>
[  394.709482][  T111] 
[  394.980356][  T111] Allocated by task 11533:
[  394.984776][  T111]  kasan_save_stack+0x30/0x50
[  394.989598][  T111]  kasan_save_track+0x14/0x30
[  394.994395][  T111]  __kasan_kmalloc+0xaa/0xb0
[  394.999014][  T111]  lmLogOpen+0x571/0x1360
[  395.003352][  T111]  jfs_mount_rw+0x2e0/0x690
[  395.007898][  T111]  jfs_fill_super+0xbc0/0xf50
[  395.012598][  T111]  get_tree_bdev_flags+0x38c/0x620
[  395.017748][  T111]  vfs_get_tree+0x92/0x320
[  395.022269][  T111]  path_mount+0x7d0/0x23c0
[  395.026692][  T111]  __x64_sys_mount+0x293/0x310
[  395.031470][  T111]  do_syscall_64+0xc9/0xf80
[  395.035986][  T111]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  395.041972][  T111] 
[  395.044300][  T111] Freed by task 5827:
[  395.048311][  T111]  kasan_save_stack+0x30/0x50
[  395.053018][  T111]  kasan_save_track+0x14/0x30
[  395.057817][  T111]  kasan_save_free_info+0x3b/0x70
[  395.062869][  T111]  __kasan_slab_free+0x5f/0x80
[  395.067729][  T111]  kfree+0x1c7/0x690
[  395.071656][  T111]  lmLogClose+0x55f/0x6f0
[  395.075991][  T111]  jfs_umount+0x2f0/0x410
[  395.080356][  T111]  jfs_put_super+0x88/0x1a0
[  395.084902][  T111]  generic_shutdown_super+0x15f/0x360
[  395.090359][  T111]  kill_block_super+0x3b/0xa0
[  395.095063][  T111]  deactivate_locked_super+0xc1/0x1b0
[  395.100459][  T111]  deactivate_super+0xe7/0x110
[  395.105250][  T111]  cleanup_mnt+0x21f/0x450
[  395.109704][  T111]  task_work_run+0x150/0x240
[  395.114395][  T111]  exit_to_user_mode_loop+0x100/0x4b0
[  395.119867][  T111]  do_syscall_64+0x4fe/0xf80
[  395.124482][  T111]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  395.130391][  T111] 
[  395.132713][  T111] The buggy address belongs to the object at ffff88807da98800
[  395.132713][  T111]  which belongs to the cache kmalloc-1k of size 1024
[  395.146797][  T111] The buggy address is located 196 bytes inside of
[  395.146797][  T111]  freed 1024-byte region [ffff88807da98800, ffff88807da98c00)
[  395.160708][  T111] 
[  395.163301][  T111] The buggy address belongs to the physical page:
[  395.169715][  T111] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807da99000 pfn:0x7da98
[  395.179885][  T111] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  395.188486][  T111] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
[  395.197011][  T111] page_type: f5(slab)
[  395.201015][  T111] raw: 00fff00000000240 ffff88813ff26dc0 ffffea0001653e10 ffffea00015c4010
[  395.209638][  T111] raw: ffff88807da99000 000000000010000f 00000000f5000000 0000000000000000
[  395.218288][  T111] head: 00fff00000000240 ffff88813ff26dc0 ffffea0001653e10 ffffea00015c4010
[  395.227145][  T111] head: ffff88807da99000 000000000010000f 00000000f5000000 0000000000000000
[  395.235828][  T111] head: 00fff00000000003 ffffea0001f6a601 00000000ffffffff 00000000ffffffff
[  395.244510][  T111] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  395.253265][  T111] page dumped because: kasan: bad access detected
[  395.259676][  T111] page_owner tracks the page as allocated
[  395.265382][  T111] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5904, tgid 5904 (kworker/0:4), ts 110884514608, free_ts 110778513718
[  395.284776][  T111]  post_alloc_hook+0x1e1/0x250
[  395.289584][  T111]  get_page_from_freelist+0xe3d/0x2e10
[  395.295070][  T111]  __alloc_frozen_pages_noprof+0x26c/0x2410
[  395.301016][  T111]  alloc_pages_mpol+0x1fb/0x550
[  395.305966][  T111]  new_slab+0x2c4/0x440
[  395.310138][  T111]  ___slab_alloc+0xda3/0x1ca0
[  395.314836][  T111]  __slab_alloc.isra.0+0x63/0x110
[  395.319881][  T111]  __kmalloc_noprof+0x618/0x9c0
[  395.324749][  T111]  ___neigh_create+0x150d/0x2910
[  395.329793][  T111]  ip6_finish_output2+0x11aa/0x1cd0
[  395.335001][  T111]  __ip6_finish_output+0x3cd/0x10d0
[  395.340253][  T111]  ip6_output+0x2aa/0xa60
[  395.344768][  T111]  NF_HOOK.constprop.0+0x114/0x8b0
[  395.350096][  T111]  mld_sendpack+0x8f7/0xec0
[  395.354655][  T111]  mld_ifc_work+0x75a/0xc10
[  395.359185][  T111]  process_one_work+0x9c2/0x1840
[  395.364153][  T111] page last free pid 2994 tgid 2994 stack trace:
[  395.370578][  T111]  __free_frozen_pages+0x822/0x1130
[  395.375841][  T111]  qlist_free_all+0x47/0xe0
[  395.380375][  T111]  kasan_quarantine_reduce+0x1a0/0x1f0
[  395.385907][  T111]  __kasan_slab_alloc+0x69/0x90
[  395.390769][  T111]  __kmalloc_cache_noprof+0x2e1/0x810
[  395.396172][  T111]  __ipv6_dev_mc_inc+0x2f1/0xbc0
[  395.401137][  T111]  addrconf_dad_work+0x276/0x1360
[  395.406174][  T111]  process_one_work+0x9c2/0x1840
[  395.411126][  T111]  worker_thread+0x5da/0xe40
[  395.415736][  T111]  kthread+0x3b3/0x730
[  395.419816][  T111]  ret_from_fork+0x754/0xaf0
[  395.424421][  T111]  ret_from_fork_asm+0x1a/0x30
[  395.429215][  T111] 
[  395.431536][  T111] Memory state around the buggy address:
[  395.437165][  T111]  ffff88807da98780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  395.445231][  T111]  ffff88807da98800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  395.453297][  T111] >ffff88807da98880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  395.461359][  T111]                                            ^
[  395.467521][  T111]  ffff88807da98900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  395.475590][  T111]  ffff88807da98980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  395.483712][  T111] ==================================================================
[  395.491772][  T111] ==================================================================
[  395.500270][  T111] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x248/0x260
[  395.508096][  T111] Read of size 8 at addr ffff88807da988d0 by task jfsCommit/111
[  395.515736][  T111] 
[  395.518085][  T111] CPU: 0 UID: 0 PID: 111 Comm: jfsCommit Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  395.518136][  T111] Tainted: [B]=BAD_PAGE
[  395.518150][  T111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  395.518172][  T111] Call Trace:
[  395.518184][  T111]  <TASK>
[  395.518199][  T111]  dump_stack_lvl+0x100/0x190
[  395.518244][  T111]  print_report+0x156/0x4c9
[  395.518293][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  395.518336][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  395.518379][  T111]  ? __phys_addr+0xe8/0x180
[  395.518437][  T111]  ? do_raw_spin_lock+0x248/0x260
[  395.518475][  T111]  kasan_report+0xdf/0x1a0
[  395.518513][  T111]  ? do_raw_spin_lock+0x248/0x260
[  395.518557][  T111]  do_raw_spin_lock+0x248/0x260
[  395.518595][  T111]  ? __kasan_check_byte+0x36/0x50
[  395.518630][  T111]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  395.518668][  T111]  ? lock_acquire+0xf5/0x330
[  395.518723][  T111]  ? __pfx_osq_unlock+0x10/0x10
[  395.518761][  T111]  ? __mutex_lock+0x151d/0x1b90
[  395.518809][  T111]  _raw_spin_lock_irqsave+0x42/0x60
[  395.518851][  T111]  ? __mutex_lock+0x31c/0x1b90
[  395.518896][  T111]  __mutex_lock+0x31c/0x1b90
[  395.518942][  T111]  ? jfs_syncpt+0x2a/0xa0
[  395.518979][  T111]  ? __pfx___mutex_lock+0x10/0x10
[  395.519028][  T111]  ? do_raw_spin_lock+0x128/0x260
[  395.519070][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  395.519114][  T111]  ? find_held_lock+0x2b/0x80
[  395.519157][  T111]  ? txEnd+0x30b/0x490
[  395.519193][  T111]  ? jfs_syncpt+0x2a/0xa0
[  395.519223][  T111]  jfs_syncpt+0x2a/0xa0
[  395.519256][  T111]  txEnd+0x318/0x490
[  395.519291][  T111]  jfs_lazycommit+0x748/0xab0
[  395.519332][  T111]  ? __pfx_jfs_lazycommit+0x10/0x10
[  395.519370][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  395.519413][  T111]  ? rcu_is_watching+0x12/0xc0
[  395.519457][  T111]  ? __pfx_default_wake_function+0x10/0x10
[  395.519507][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  395.519551][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  395.519595][  T111]  ? __kthread_parkme+0x18c/0x230
[  395.519649][  T111]  ? __pfx_jfs_lazycommit+0x10/0x10
[  395.519686][  T111]  kthread+0x3b3/0x730
[  395.519720][  T111]  ? __pfx_kthread+0x10/0x10
[  395.519752][  T111]  ? ret_from_fork+0x79/0xaf0
[  395.519788][  T111]  ? ret_from_fork+0x79/0xaf0
[  395.519824][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  395.519872][  T111]  ? rcu_is_watching+0x12/0xc0
[  395.519915][  T111]  ? __pfx_kthread+0x10/0x10
[  395.519950][  T111]  ret_from_fork+0x754/0xaf0
[  395.519987][  T111]  ? __pfx_ret_from_fork+0x10/0x10
[  395.520026][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  395.520069][  T111]  ? __switch_to+0x7b9/0x10c0
[  395.520116][  T111]  ? __pfx_kthread+0x10/0x10
[  395.520150][  T111]  ret_from_fork_asm+0x1a/0x30
[  395.520216][  T111]  </TASK>
[  395.520229][  T111] 
[  395.791640][  T111] Allocated by task 11533:
[  395.796143][  T111]  kasan_save_stack+0x30/0x50
[  395.800853][  T111]  kasan_save_track+0x14/0x30
[  395.805601][  T111]  __kasan_kmalloc+0xaa/0xb0
[  395.810227][  T111]  lmLogOpen+0x571/0x1360
[  395.814563][  T111]  jfs_mount_rw+0x2e0/0x690
[  395.819189][  T111]  jfs_fill_super+0xbc0/0xf50
[  395.824014][  T111]  get_tree_bdev_flags+0x38c/0x620
[  395.829155][  T111]  vfs_get_tree+0x92/0x320
[  395.833594][  T111]  path_mount+0x7d0/0x23c0
[  395.838036][  T111]  __x64_sys_mount+0x293/0x310
[  395.842840][  T111]  do_syscall_64+0xc9/0xf80
[  395.847365][  T111]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  395.853276][  T111] 
[  395.855591][  T111] Freed by task 5827:
[  395.859574][  T111]  kasan_save_stack+0x30/0x50
[  395.864279][  T111]  kasan_save_track+0x14/0x30
[  395.869148][  T111]  kasan_save_free_info+0x3b/0x70
[  395.874381][  T111]  __kasan_slab_free+0x5f/0x80
[  395.879159][  T111]  kfree+0x1c7/0x690
[  395.883074][  T111]  lmLogClose+0x55f/0x6f0
[  395.887418][  T111]  jfs_umount+0x2f0/0x410
[  395.891781][  T111]  jfs_put_super+0x88/0x1a0
[  395.896310][  T111]  generic_shutdown_super+0x15f/0x360
[  395.901708][  T111]  kill_block_super+0x3b/0xa0
[  395.906404][  T111]  deactivate_locked_super+0xc1/0x1b0
[  395.911791][  T111]  deactivate_super+0xe7/0x110
[  395.916660][  T111]  cleanup_mnt+0x21f/0x450
[  395.921118][  T111]  task_work_run+0x150/0x240
[  395.925718][  T111]  exit_to_user_mode_loop+0x100/0x4b0
[  395.931097][  T111]  do_syscall_64+0x4fe/0xf80
[  395.935699][  T111]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  395.941603][  T111] 
[  395.943920][  T111] The buggy address belongs to the object at ffff88807da98800
[  395.943920][  T111]  which belongs to the cache kmalloc-1k of size 1024
[  395.957975][  T111] The buggy address is located 208 bytes inside of
[  395.957975][  T111]  freed 1024-byte region [ffff88807da98800, ffff88807da98c00)
[  395.971868][  T111] 
[  395.974187][  T111] The buggy address belongs to the physical page:
[  395.980586][  T111] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807da99000 pfn:0x7da98
[  395.990687][  T111] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  395.999285][  T111] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
[  396.007800][  T111] page_type: f5(slab)
[  396.011785][  T111] raw: 00fff00000000240 ffff88813ff26dc0 ffffea0001653e10 ffffea00015c4010
[  396.020466][  T111] raw: ffff88807da99000 000000000010000f 00000000f5000000 0000000000000000
[  396.029129][  T111] head: 00fff00000000240 ffff88813ff26dc0 ffffea0001653e10 ffffea00015c4010
[  396.037829][  T111] head: ffff88807da99000 000000000010000f 00000000f5000000 0000000000000000
[  396.046520][  T111] head: 00fff00000000003 ffffea0001f6a601 00000000ffffffff 00000000ffffffff
[  396.055210][  T111] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  396.063888][  T111] page dumped because: kasan: bad access detected
[  396.070405][  T111] page_owner tracks the page as allocated
[  396.076133][  T111] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5904, tgid 5904 (kworker/0:4), ts 110884514608, free_ts 110778513718
[  396.095654][  T111]  post_alloc_hook+0x1e1/0x250
[  396.100546][  T111]  get_page_from_freelist+0xe3d/0x2e10
[  396.106324][  T111]  __alloc_frozen_pages_noprof+0x26c/0x2410
[  396.112348][  T111]  alloc_pages_mpol+0x1fb/0x550
[  396.117216][  T111]  new_slab+0x2c4/0x440
[  396.121392][  T111]  ___slab_alloc+0xda3/0x1ca0
[  396.126089][  T111]  __slab_alloc.isra.0+0x63/0x110
[  396.131155][  T111]  __kmalloc_noprof+0x618/0x9c0
[  396.136029][  T111]  ___neigh_create+0x150d/0x2910
[  396.140978][  T111]  ip6_finish_output2+0x11aa/0x1cd0
[  396.146282][  T111]  __ip6_finish_output+0x3cd/0x10d0
[  396.151670][  T111]  ip6_output+0x2aa/0xa60
[  396.156010][  T111]  NF_HOOK.constprop.0+0x114/0x8b0
[  396.161147][  T111]  mld_sendpack+0x8f7/0xec0
[  396.165683][  T111]  mld_ifc_work+0x75a/0xc10
[  396.170211][  T111]  process_one_work+0x9c2/0x1840
[  396.175180][  T111] page last free pid 2994 tgid 2994 stack trace:
[  396.181503][  T111]  __free_frozen_pages+0x822/0x1130
[  396.186724][  T111]  qlist_free_all+0x47/0xe0
[  396.191260][  T111]  kasan_quarantine_reduce+0x1a0/0x1f0
[  396.196751][  T111]  __kasan_slab_alloc+0x69/0x90
[  396.201625][  T111]  __kmalloc_cache_noprof+0x2e1/0x810
[  396.207021][  T111]  __ipv6_dev_mc_inc+0x2f1/0xbc0
[  396.211978][  T111]  addrconf_dad_work+0x276/0x1360
[  396.217010][  T111]  process_one_work+0x9c2/0x1840
[  396.221958][  T111]  worker_thread+0x5da/0xe40
[  396.226557][  T111]  kthread+0x3b3/0x730
[  396.230631][  T111]  ret_from_fork+0x754/0xaf0
[  396.235230][  T111]  ret_from_fork_asm+0x1a/0x30
[  396.240026][  T111] 
[  396.242347][  T111] Memory state around the buggy address:
[  396.247981][  T111]  ffff88807da98780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  396.256046][  T111]  ffff88807da98800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  396.264115][  T111] >ffff88807da98880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  396.272176][  T111]                                                  ^
[  396.278853][  T111]  ffff88807da98900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  396.286917][  T111]  ffff88807da98980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  396.294978][  T111] ==================================================================
[  396.303067][  T111] ==================================================================
[  396.311192][  T111] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x231/0x260
[  396.319106][  T111] Read of size 4 at addr ffff88807da988c8 by task jfsCommit/111
[  396.326753][  T111] 
[  396.329107][  T111] CPU: 0 UID: 0 PID: 111 Comm: jfsCommit Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  396.329159][  T111] Tainted: [B]=BAD_PAGE
[  396.329173][  T111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  396.329195][  T111] Call Trace:
[  396.329210][  T111]  <TASK>
[  396.329225][  T111]  dump_stack_lvl+0x100/0x190
[  396.329273][  T111]  print_report+0x156/0x4c9
[  396.329323][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  396.329368][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  396.329411][  T111]  ? __phys_addr+0xe8/0x180
[  396.329470][  T111]  ? do_raw_spin_lock+0x231/0x260
[  396.329508][  T111]  kasan_report+0xdf/0x1a0
[  396.329547][  T111]  ? do_raw_spin_lock+0x231/0x260
[  396.329592][  T111]  do_raw_spin_lock+0x231/0x260
[  396.329630][  T111]  ? __kasan_check_byte+0x36/0x50
[  396.329666][  T111]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  396.329705][  T111]  ? lock_acquire+0xf5/0x330
[  396.329760][  T111]  ? __pfx_osq_unlock+0x10/0x10
[  396.329799][  T111]  ? __mutex_lock+0x151d/0x1b90
[  396.329846][  T111]  _raw_spin_lock_irqsave+0x42/0x60
[  396.329884][  T111]  ? __mutex_lock+0x31c/0x1b90
[  396.329928][  T111]  __mutex_lock+0x31c/0x1b90
[  396.329975][  T111]  ? jfs_syncpt+0x2a/0xa0
[  396.330012][  T111]  ? __pfx___mutex_lock+0x10/0x10
[  396.330062][  T111]  ? do_raw_spin_lock+0x128/0x260
[  396.330110][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  396.330154][  T111]  ? find_held_lock+0x2b/0x80
[  396.330198][  T111]  ? txEnd+0x30b/0x490
[  396.330234][  T111]  ? jfs_syncpt+0x2a/0xa0
[  396.330264][  T111]  jfs_syncpt+0x2a/0xa0
[  396.330297][  T111]  txEnd+0x318/0x490
[  396.330332][  T111]  jfs_lazycommit+0x748/0xab0
[  396.330374][  T111]  ? __pfx_jfs_lazycommit+0x10/0x10
[  396.330412][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  396.330456][  T111]  ? rcu_is_watching+0x12/0xc0
[  396.330500][  T111]  ? __pfx_default_wake_function+0x10/0x10
[  396.330551][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  396.330596][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  396.330639][  T111]  ? __kthread_parkme+0x18c/0x230
[  396.330695][  T111]  ? __pfx_jfs_lazycommit+0x10/0x10
[  396.330732][  T111]  kthread+0x3b3/0x730
[  396.330766][  T111]  ? __pfx_kthread+0x10/0x10
[  396.330798][  T111]  ? ret_from_fork+0x79/0xaf0
[  396.330835][  T111]  ? ret_from_fork+0x79/0xaf0
[  396.330871][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  396.330914][  T111]  ? rcu_is_watching+0x12/0xc0
[  396.330958][  T111]  ? __pfx_kthread+0x10/0x10
[  396.330993][  T111]  ret_from_fork+0x754/0xaf0
[  396.331031][  T111]  ? __pfx_ret_from_fork+0x10/0x10
[  396.331070][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  396.331118][  T111]  ? __switch_to+0x7b9/0x10c0
[  396.331166][  T111]  ? __pfx_kthread+0x10/0x10
[  396.331200][  T111]  ret_from_fork_asm+0x1a/0x30
[  396.331267][  T111]  </TASK>
[  396.331280][  T111] 
[  396.602736][  T111] Allocated by task 11533:
[  396.607155][  T111]  kasan_save_stack+0x30/0x50
[  396.611867][  T111]  kasan_save_track+0x14/0x30
[  396.616570][  T111]  __kasan_kmalloc+0xaa/0xb0
[  396.621374][  T111]  lmLogOpen+0x571/0x1360
[  396.625709][  T111]  jfs_mount_rw+0x2e0/0x690
[  396.630241][  T111]  jfs_fill_super+0xbc0/0xf50
[  396.634945][  T111]  get_tree_bdev_flags+0x38c/0x620
[  396.640086][  T111]  vfs_get_tree+0x92/0x320
[  396.644522][  T111]  path_mount+0x7d0/0x23c0
[  396.648948][  T111]  __x64_sys_mount+0x293/0x310
[  396.653727][  T111]  do_syscall_64+0xc9/0xf80
[  396.658247][  T111]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  396.664148][  T111] 
[  396.666463][  T111] Freed by task 5827:
[  396.670436][  T111]  kasan_save_stack+0x30/0x50
[  396.675145][  T111]  kasan_save_track+0x14/0x30
[  396.679851][  T111]  kasan_save_free_info+0x3b/0x70
[  396.684893][  T111]  __kasan_slab_free+0x5f/0x80
[  396.689665][  T111]  kfree+0x1c7/0x690
[  396.693584][  T111]  lmLogClose+0x55f/0x6f0
[  396.697918][  T111]  jfs_umount+0x2f0/0x410
[  396.702278][  T111]  jfs_put_super+0x88/0x1a0
[  396.706799][  T111]  generic_shutdown_super+0x15f/0x360
[  396.712193][  T111]  kill_block_super+0x3b/0xa0
[  396.716906][  T111]  deactivate_locked_super+0xc1/0x1b0
[  396.722299][  T111]  deactivate_super+0xe7/0x110
[  396.727083][  T111]  cleanup_mnt+0x21f/0x450
[  396.731550][  T111]  task_work_run+0x150/0x240
[  396.736149][  T111]  exit_to_user_mode_loop+0x100/0x4b0
[  396.741531][  T111]  do_syscall_64+0x4fe/0xf80
[  396.746142][  T111]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  396.752128][  T111] 
[  396.754453][  T111] The buggy address belongs to the object at ffff88807da98800
[  396.754453][  T111]  which belongs to the cache kmalloc-1k of size 1024
[  396.768598][  T111] The buggy address is located 200 bytes inside of
[  396.768598][  T111]  freed 1024-byte region [ffff88807da98800, ffff88807da98c00)
[  396.782583][  T111] 
[  396.784911][  T111] The buggy address belongs to the physical page:
[  396.791320][  T111] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807da99000 pfn:0x7da98
[  396.801481][  T111] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  396.810142][  T111] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  396.818411][  T111] page_type: f5(slab)
[  396.822402][  T111] raw: 00fff00000000040 ffff88813ff26dc0 0000000000000000 dead000000000001
[  396.831105][  T111] raw: ffff88807da99000 000000000010000f 00000000f5000000 0000000000000000
[  396.839729][  T111] head: 00fff00000000040 ffff88813ff26dc0 0000000000000000 dead000000000001
[  396.848504][  T111] head: ffff88807da99000 000000000010000f 00000000f5000000 0000000000000000
[  396.857277][  T111] head: 00fff00000000003 ffffea0001f6a601 00000000ffffffff 00000000ffffffff
[  396.866244][  T111] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  396.875007][  T111] page dumped because: kasan: bad access detected
[  396.881588][  T111] page_owner tracks the page as allocated
[  396.887471][  T111] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5904, tgid 5904 (kworker/0:4), ts 110884514608, free_ts 110778513718
[  396.906866][  T111]  post_alloc_hook+0x1e1/0x250
[  396.911665][  T111]  get_page_from_freelist+0xe3d/0x2e10
[  396.917151][  T111]  __alloc_frozen_pages_noprof+0x26c/0x2410
[  396.923070][  T111]  alloc_pages_mpol+0x1fb/0x550
[  396.927939][  T111]  new_slab+0x2c4/0x440
[  396.932107][  T111]  ___slab_alloc+0xda3/0x1ca0
[  396.936840][  T111]  __slab_alloc.isra.0+0x63/0x110
[  396.941889][  T111]  __kmalloc_noprof+0x618/0x9c0
[  396.946841][  T111]  ___neigh_create+0x150d/0x2910
[  396.951802][  T111]  ip6_finish_output2+0x11aa/0x1cd0
[  396.957019][  T111]  __ip6_finish_output+0x3cd/0x10d0
[  396.962252][  T111]  ip6_output+0x2aa/0xa60
[  396.966592][  T111]  NF_HOOK.constprop.0+0x114/0x8b0
[  396.971720][  T111]  mld_sendpack+0x8f7/0xec0
[  396.976239][  T111]  mld_ifc_work+0x75a/0xc10
[  396.980755][  T111]  process_one_work+0x9c2/0x1840
[  396.986052][  T111] page last free pid 2994 tgid 2994 stack trace:
[  396.992374][  T111]  __free_frozen_pages+0x822/0x1130
[  396.997592][  T111]  qlist_free_all+0x47/0xe0
[  397.002159][  T111]  kasan_quarantine_reduce+0x1a0/0x1f0
[  397.007730][  T111]  __kasan_slab_alloc+0x69/0x90
[  397.012587][  T111]  __kmalloc_cache_noprof+0x2e1/0x810
[  397.017983][  T111]  __ipv6_dev_mc_inc+0x2f1/0xbc0
[  397.022941][  T111]  addrconf_dad_work+0x276/0x1360
[  397.027968][  T111]  process_one_work+0x9c2/0x1840
[  397.032915][  T111]  worker_thread+0x5da/0xe40
[  397.037510][  T111]  kthread+0x3b3/0x730
[  397.041578][  T111]  ret_from_fork+0x754/0xaf0
[  397.046181][  T111]  ret_from_fork_asm+0x1a/0x30
[  397.050970][  T111] 
[  397.053281][  T111] Memory state around the buggy address:
[  397.058987][  T111]  ffff88807da98780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  397.067049][  T111]  ffff88807da98800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  397.075118][  T111] >ffff88807da98880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  397.083178][  T111]                                               ^
[  397.089586][  T111]  ffff88807da98900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  397.097652][  T111]  ffff88807da98980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  397.105718][  T111] ==================================================================
[  397.113777][  T111] ==================================================================
[  397.121925][  T111] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x119/0x260
[  397.129750][  T111] Write of size 4 at addr ffff88807da988c0 by task jfsCommit/111
[  397.137471][  T111] 
[  397.139804][  T111] CPU: 0 UID: 0 PID: 111 Comm: jfsCommit Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  397.139892][  T111] Tainted: [B]=BAD_PAGE
[  397.139906][  T111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  397.139928][  T111] Call Trace:
[  397.139942][  T111]  <TASK>
[  397.139957][  T111]  dump_stack_lvl+0x100/0x190
[  397.140005][  T111]  print_report+0x156/0x4c9
[  397.140054][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  397.140099][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  397.140141][  T111]  ? __phys_addr+0xe8/0x180
[  397.140199][  T111]  ? do_raw_spin_lock+0x119/0x260
[  397.140238][  T111]  kasan_report+0xdf/0x1a0
[  397.140276][  T111]  ? do_raw_spin_lock+0x119/0x260
[  397.140320][  T111]  kasan_check_range+0x10f/0x1e0
[  397.140365][  T111]  do_raw_spin_lock+0x119/0x260
[  397.140402][  T111]  ? __kasan_check_byte+0x36/0x50
[  397.140437][  T111]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  397.140476][  T111]  ? lock_acquire+0xf5/0x330
[  397.140529][  T111]  ? __pfx_osq_unlock+0x10/0x10
[  397.140568][  T111]  ? __mutex_lock+0x151d/0x1b90
[  397.140615][  T111]  _raw_spin_lock_irqsave+0x42/0x60
[  397.140653][  T111]  ? __mutex_lock+0x31c/0x1b90
[  397.140697][  T111]  __mutex_lock+0x31c/0x1b90
[  397.140743][  T111]  ? jfs_syncpt+0x2a/0xa0
[  397.140780][  T111]  ? __pfx___mutex_lock+0x10/0x10
[  397.140829][  T111]  ? do_raw_spin_lock+0x128/0x260
[  397.140877][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  397.140920][  T111]  ? find_held_lock+0x2b/0x80
[  397.140963][  T111]  ? txEnd+0x30b/0x490
[  397.140999][  T111]  ? jfs_syncpt+0x2a/0xa0
[  397.141029][  T111]  jfs_syncpt+0x2a/0xa0
[  397.141061][  T111]  txEnd+0x318/0x490
[  397.141096][  T111]  jfs_lazycommit+0x748/0xab0
[  397.141139][  T111]  ? __pfx_jfs_lazycommit+0x10/0x10
[  397.141176][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  397.141220][  T111]  ? rcu_is_watching+0x12/0xc0
[  397.141264][  T111]  ? __pfx_default_wake_function+0x10/0x10
[  397.141314][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  397.141359][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  397.141401][  T111]  ? __kthread_parkme+0x18c/0x230
[  397.141456][  T111]  ? __pfx_jfs_lazycommit+0x10/0x10
[  397.141493][  T111]  kthread+0x3b3/0x730
[  397.141528][  T111]  ? __pfx_kthread+0x10/0x10
[  397.141559][  T111]  ? ret_from_fork+0x79/0xaf0
[  397.141596][  T111]  ? ret_from_fork+0x79/0xaf0
[  397.141631][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  397.141677][  T111]  ? rcu_is_watching+0x12/0xc0
[  397.141728][  T111]  ? __pfx_kthread+0x10/0x10
[  397.141769][  T111]  ret_from_fork+0x754/0xaf0
[  397.141813][  T111]  ? __pfx_ret_from_fork+0x10/0x10
[  397.141864][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  397.141915][  T111]  ? __switch_to+0x7b9/0x10c0
[  397.141969][  T111]  ? __pfx_kthread+0x10/0x10
[  397.142009][  T111]  ret_from_fork_asm+0x1a/0x30
[  397.142087][  T111]  </TASK>
[  397.142101][  T111] 
[  397.417924][  T111] Allocated by task 11533:
[  397.422344][  T111]  kasan_save_stack+0x30/0x50
[  397.427056][  T111]  kasan_save_track+0x14/0x30
[  397.431765][  T111]  __kasan_kmalloc+0xaa/0xb0
[  397.436381][  T111]  lmLogOpen+0x571/0x1360
[  397.440714][  T111]  jfs_mount_rw+0x2e0/0x690
[  397.445242][  T111]  jfs_fill_super+0xbc0/0xf50
[  397.450026][  T111]  get_tree_bdev_flags+0x38c/0x620
[  397.455165][  T111]  vfs_get_tree+0x92/0x320
[  397.459599][  T111]  path_mount+0x7d0/0x23c0
[  397.464031][  T111]  __x64_sys_mount+0x293/0x310
[  397.468807][  T111]  do_syscall_64+0xc9/0xf80
[  397.473335][  T111]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  397.479237][  T111] 
[  397.481551][  T111] Freed by task 5827:
[  397.485521][  T111]  kasan_save_stack+0x30/0x50
[  397.490230][  T111]  kasan_save_track+0x14/0x30
[  397.494932][  T111]  kasan_save_free_info+0x3b/0x70
[  397.499974][  T111]  __kasan_slab_free+0x5f/0x80
[  397.504738][  T111]  kfree+0x1c7/0x690
[  397.508652][  T111]  lmLogClose+0x55f/0x6f0
[  397.513073][  T111]  jfs_umount+0x2f0/0x410
[  397.517439][  T111]  jfs_put_super+0x88/0x1a0
[  397.521962][  T111]  generic_shutdown_super+0x15f/0x360
[  397.527357][  T111]  kill_block_super+0x3b/0xa0
[  397.532058][  T111]  deactivate_locked_super+0xc1/0x1b0
[  397.537451][  T111]  deactivate_super+0xe7/0x110
[  397.542234][  T111]  cleanup_mnt+0x21f/0x450
[  397.546677][  T111]  task_work_run+0x150/0x240
[  397.551291][  T111]  exit_to_user_mode_loop+0x100/0x4b0
[  397.556689][  T111]  do_syscall_64+0x4fe/0xf80
[  397.561295][  T111]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  397.567202][  T111] 
[  397.569521][  T111] The buggy address belongs to the object at ffff88807da98800
[  397.569521][  T111]  which belongs to the cache kmalloc-1k of size 1024
[  397.583625][  T111] The buggy address is located 192 bytes inside of
[  397.583625][  T111]  freed 1024-byte region [ffff88807da98800, ffff88807da98c00)
[  397.597726][  T111] 
[  397.600053][  T111] The buggy address belongs to the physical page:
[  397.606463][  T111] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7da98
[  397.615312][  T111] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  397.623815][  T111] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  397.631808][  T111] page_type: f5(slab)
[  397.635825][  T111] raw: 00fff00000000040 ffff88813ff26dc0 0000000000000000 dead000000000001
[  397.644463][  T111] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  397.653083][  T111] head: 00fff00000000040 ffff88813ff26dc0 0000000000000000 dead000000000001
[  397.661802][  T111] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  397.670503][  T111] head: 00fff00000000003 ffffea0001f6a601 00000000ffffffff 00000000ffffffff
[  397.679194][  T111] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  397.687966][  T111] page dumped because: kasan: bad access detected
[  397.694404][  T111] page_owner tracks the page as allocated
[  397.700122][  T111] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5904, tgid 5904 (kworker/0:4), ts 110884514608, free_ts 110778513718
[  397.719546][  T111]  post_alloc_hook+0x1e1/0x250
[  397.724346][  T111]  get_page_from_freelist+0xe3d/0x2e10
[  397.730010][  T111]  __alloc_frozen_pages_noprof+0x26c/0x2410
[  397.735944][  T111]  alloc_pages_mpol+0x1fb/0x550
[  397.740823][  T111]  new_slab+0x2c4/0x440
[  397.745098][  T111]  ___slab_alloc+0xda3/0x1ca0
[  397.750231][  T111]  __slab_alloc.isra.0+0x63/0x110
[  397.755369][  T111]  __kmalloc_noprof+0x618/0x9c0
[  397.760237][  T111]  ___neigh_create+0x150d/0x2910
[  397.765182][  T111]  ip6_finish_output2+0x11aa/0x1cd0
[  397.770399][  T111]  __ip6_finish_output+0x3cd/0x10d0
[  397.775631][  T111]  ip6_output+0x2aa/0xa60
[  397.780099][  T111]  NF_HOOK.constprop.0+0x114/0x8b0
[  397.785407][  T111]  mld_sendpack+0x8f7/0xec0
[  397.789927][  T111]  mld_ifc_work+0x75a/0xc10
[  397.794468][  T111]  process_one_work+0x9c2/0x1840
[  397.799444][  T111] page last free pid 2994 tgid 2994 stack trace:
[  397.805768][  T111]  __free_frozen_pages+0x822/0x1130
[  397.810991][  T111]  qlist_free_all+0x47/0xe0
[  397.815520][  T111]  kasan_quarantine_reduce+0x1a0/0x1f0
[  397.821008][  T111]  __kasan_slab_alloc+0x69/0x90
[  397.825950][  T111]  __kmalloc_cache_noprof+0x2e1/0x810
[  397.831342][  T111]  __ipv6_dev_mc_inc+0x2f1/0xbc0
[  397.836302][  T111]  addrconf_dad_work+0x276/0x1360
[  397.841423][  T111]  process_one_work+0x9c2/0x1840
[  397.846380][  T111]  worker_thread+0x5da/0xe40
[  397.850974][  T111]  kthread+0x3b3/0x730
[  397.855044][  T111]  ret_from_fork+0x754/0xaf0
[  397.859646][  T111]  ret_from_fork_asm+0x1a/0x30
[  397.864447][  T111] 
[  397.866757][  T111] Memory state around the buggy address:
[  397.872467][  T111]  ffff88807da98780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  397.880533][  T111]  ffff88807da98800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  397.888602][  T111] >ffff88807da98880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  397.896721][  T111]                                            ^
[  397.902868][  T111]  ffff88807da98900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  397.910928][  T111]  ffff88807da98980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  397.919070][  T111] ==================================================================
[  397.927130][  T111] Kernel panic - not syncing: kasan.fault=panic_on_write set ...
[  397.934855][  T111] CPU: 0 UID: 0 PID: 111 Comm: jfsCommit Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  397.945549][  T111] Tainted: [B]=BAD_PAGE
[  397.949695][  T111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  397.959760][  T111] Call Trace:
[  397.963037][  T111]  <TASK>
[  397.965966][  T111]  dump_stack_lvl+0x100/0x190
[  397.970665][  T111]  vpanic+0x20d/0x630
[  397.974661][  T111]  panic+0xd1/0xd1
[  397.978492][  T111]  ? __pfx_panic+0x10/0x10
[  397.982922][  T111]  ? end_report.part.0+0x23/0x90
[  397.987883][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  397.993628][  T111]  ? rcu_is_watching+0x12/0xc0
[  397.998499][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  398.004237][  T111]  ? lock_release+0x21e/0x2e0
[  398.008982][  T111]  end_report.part.0+0x68/0x90
[  398.013771][  T111]  kasan_report.cold+0xe/0x18
[  398.018478][  T111]  ? do_raw_spin_lock+0x119/0x260
[  398.023523][  T111]  kasan_check_range+0x10f/0x1e0
[  398.028482][  T111]  do_raw_spin_lock+0x119/0x260
[  398.033350][  T111]  ? __kasan_check_byte+0x36/0x50
[  398.038472][  T111]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  398.043857][  T111]  ? lock_acquire+0xf5/0x330
[  398.048570][  T111]  ? __pfx_osq_unlock+0x10/0x10
[  398.053477][  T111]  ? __mutex_lock+0x151d/0x1b90
[  398.058350][  T111]  _raw_spin_lock_irqsave+0x42/0x60
[  398.063559][  T111]  ? __mutex_lock+0x31c/0x1b90
[  398.068343][  T111]  __mutex_lock+0x31c/0x1b90
[  398.072970][  T111]  ? jfs_syncpt+0x2a/0xa0
[  398.077325][  T111]  ? __pfx___mutex_lock+0x10/0x10
[  398.082376][  T111]  ? do_raw_spin_lock+0x128/0x260
[  398.087423][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  398.093078][  T111]  ? find_held_lock+0x2b/0x80
[  398.097789][  T111]  ? txEnd+0x30b/0x490
[  398.101884][  T111]  ? jfs_syncpt+0x2a/0xa0
[  398.106229][  T111]  jfs_syncpt+0x2a/0xa0
[  398.110394][  T111]  txEnd+0x318/0x490
[  398.114296][  T111]  jfs_lazycommit+0x748/0xab0
[  398.118997][  T111]  ? __pfx_jfs_lazycommit+0x10/0x10
[  398.124231][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  398.129911][  T111]  ? rcu_is_watching+0x12/0xc0
[  398.134694][  T111]  ? __pfx_default_wake_function+0x10/0x10
[  398.140617][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  398.146277][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  398.151933][  T111]  ? __kthread_parkme+0x18c/0x230
[  398.157354][  T111]  ? __pfx_jfs_lazycommit+0x10/0x10
[  398.162611][  T111]  kthread+0x3b3/0x730
[  398.166712][  T111]  ? __pfx_kthread+0x10/0x10
[  398.171324][  T111]  ? ret_from_fork+0x79/0xaf0
[  398.176071][  T111]  ? ret_from_fork+0x79/0xaf0
[  398.180952][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  398.186615][  T111]  ? rcu_is_watching+0x12/0xc0
[  398.191427][  T111]  ? __pfx_kthread+0x10/0x10
[  398.196036][  T111]  ret_from_fork+0x754/0xaf0
[  398.200649][  T111]  ? __pfx_ret_from_fork+0x10/0x10
[  398.205784][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  398.211497][  T111]  ? __switch_to+0x7b9/0x10c0
[  398.216205][  T111]  ? __pfx_kthread+0x10/0x10
[  398.220905][  T111]  ret_from_fork_asm+0x1a/0x30
[  398.225719][  T111]  </TASK>
[  398.229351][  T111] Kernel Offset: disabled
[  398.233673][  T111] Rebooting in 86400 seconds..