last executing test programs:

1m33.744003304s ago: executing program 2 (id=829):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000640)={&(0x7f00000011c0)=ANY=[@ANYBLOB="9feb0100180000000000000028000000280000000a000000080000000100000f020000000300200000000000ff0300004977000000000000000f02000000176000000000000000005f"], &(0x7f0000000600)=""/4, 0x4a, 0x4, 0x1}, 0x28)

1m33.709428086s ago: executing program 2 (id=830):
r0 = fsopen(&(0x7f0000000040)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f00000005c0)='#mS\xb2j\xcb\xa18:.)\xc7\xcb\xc5\xd8\x91\xa1\"\xd5\r\x89M;\x99\xd6\x8e?K\x82\xd5\xd7\xab\x10\xea\x14\n\xea\xe9\xcc\xdc\xf3\xc0\xf8\x89\xd0\x0ep\xb1I\x04T[\r&\xf0z\xde\xc0\xf3\xcd\x9a\xae\xa8*v_(\x94]\xdf\xf1\x95!\xb3+\x1aD\xda\xa1G\x06M\xdaz2\xe9\xe6\xda\x92U\xaaN\xff\xca\xb37-<3\xb28\xb8:UQ\x95|\xe5\xaa\x0e\xe7{\xd4T\x84\x83\x86\x9d', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000f00)='source', &(0x7f0000000f40)=',%\x00', 0x0)

1m33.627849354s ago: executing program 2 (id=832):
unshare(0x22020600)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
pipe(&(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fanotify_init(0x200, 0x0)
fanotify_mark(r3, 0x1, 0x8000003, r0, 0x0)
write(r2, &(0x7f0000000140)='f', 0x1)
tee(r1, r0, 0x3, 0x0)

1m33.582534421s ago: executing program 2 (id=835):
syz_mount_image$vfat(&(0x7f0000000280), &(0x7f00000002c0)='./file0\x00', 0x2bc3c1f, 0xffffffffffffffff, 0x7, 0x0, 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='hugetlbfs\x00', 0x16, 0x0)

1m33.437412729s ago: executing program 2 (id=838):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), r0)
sendmsg$ETHTOOL_MSG_CHANNELS_GET(r0, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000000cc0)={0x2c, r1, 0x605, 0x70bd25, 0x25dfdbfe, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x1040)

1m33.223500352s ago: executing program 2 (id=845):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001080)=@base={0x9, 0x18, 0x8, 0x40, 0x42, 0x1}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000580), 0x1000, r0}, 0x38)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000001600)={r0, &(0x7f00000002c0)="cd", &(0x7f0000000380)=""/100}, 0x20)

1m33.102037962s ago: executing program 32 (id=845):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001080)=@base={0x9, 0x18, 0x8, 0x40, 0x42, 0x1}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000580), 0x1000, r0}, 0x38)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000001600)={r0, &(0x7f00000002c0)="cd", &(0x7f0000000380)=""/100}, 0x20)

1m10.214149939s ago: executing program 3 (id=1054):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
sendmmsg(r0, &(0x7f00000036c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x160}}], 0x2, 0x20004840)

1m10.154089884s ago: executing program 3 (id=1056):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x1, 0x7, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x94)
r1 = socket$packet(0x11, 0x2, 0x300)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000180)=r2, 0x4)
syz_emit_ethernet(0x11, &(0x7f0000001b00)={@local, @empty, @void, {@llc_tr={0x11, {@llc={0xf4, 0xf0, "c1"}}}}}, 0x0)

1m10.095531093s ago: executing program 3 (id=1059):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@ipv4_newroute={0x34, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, [@RTA_ENCAP_TYPE={0x6, 0x15, 0x3}, @RTA_ENCAP={0x10, 0x16, 0x0, 0x1, @LWTUNNEL_IP_OPTS={0xc, 0x8, 0x0, 0x1, @LWTUNNEL_IP_OPTS_GENEVE={0x8, 0x1, 0x0, 0x1, @LWTUNNEL_IP_OPT_GENEVE_DATA={0x4}}}}]}, 0x34}}, 0x0)

1m10.095401013s ago: executing program 3 (id=1060):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000400)='devtmpfs\x00', 0x10, 0x0)
syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000280)='./file0\x00', 0xa0, &(0x7f0000000700)=ANY=[], 0x1, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
symlinkat(&(0x7f0000000000)='.\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00')
mount$overlay(0x0, &(0x7f0000000340)='./bus\x00', &(0x7f0000000b80), 0x200008, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})

1m10.043488843s ago: executing program 3 (id=1062):
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x6, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x1d3, 0x0, 0x0, 0x0, 0x43, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10)
setsockopt$inet6_int(r0, 0x29, 0x3c, &(0x7f0000311ffc)=0x9, 0x4)
setsockopt$inet6_buf(r0, 0x29, 0x3e, &(0x7f00002cef88)="d84f7398", 0x4)
sendto$inet6(r0, &(0x7f0000000800)="51e251578851f74182a74b89b27df427aeef44966d202e4138b5a18e75a0424e7fe93b0d32c7abba87b65f97aba1c26a06b6d94c4aefd8fdca10e744391062c8e612721c20051608d9aa6dacf61e1eb331a4daad402b9885599d56130f7149fb1111fa116e94324d585a0569fbd311dad54cb4e32ff7f02216844ec3d526c878d5135ad1c9262239339c18885e2a0a95854d6cde3dd2feeaa50216af6c5760923413af81199a65a6332b02ec7bbf79d557c033cbe032fdc44f66a5c59cc4a3c5d218f5896b359d1efd60baf98df6396567478f7b817ce6e11d59a7def452a068e9607f57f626a5b8d476636ef1ee76307524009ae49be402000000000000001e80fed632155e14da1f7324d97bc61a3c1edc4431ee8a6caa2ed9f85cea5a2a9b263630c7d6fc35dda6002da571a2e51917e7c1019d8ce21a608147e408074c7c5f444fab931bda86d977d7c9ccefd881e5ef05b287f41eea526862885881c2cdc687dfff01a9b70a9b08734ac4d62c7f34465c34aa9e9f136c7f796d9eea41aa37f61830508338bb1f887089070567a1dd96cd700e7a098dabedb60f31acd17d487bc8be1a3101d2b5ac1715003793596c6daa93a27f4adb4d6fbea5669cabc206c944317ea18a2c762457f1bc945fec8f849641d44e7e2a24faeee28f3f266395fe18b0dce20c1f64e8896c8ff0e4a44a116fb32462471a0fcde143e551723d57339722765673b4163d66f473ac10f988cb252f106632f9884a47866d284b4efc6bb1aa74ed48d4a6535795f0873a99907ebc22be2337364cf9acc063e32f7d2e02fad64d04aa405d2dbdee1128ab1e4761d2dd30885ad37dd168478f10789d172feef4c817a5cd372caade57f23300e45f47e001e3ea093680ffffff802477368b9910f4e24037c871cb8251568c792287a6f49fa61b7c2600accaa0e7b40c59d88a29af5886c1f5dfc6837c58aaef12a9e100225c70441144ffa82927fa4802ed9ebb03eea8e945af5f4993f21a7f53baf7ec5bb6cc96b917dde82c18840c3500e9565f68f687b1c73d834c0d99d4acb002dc5682dbcdb1217a98f6c3ef8318b7fa93894e8a097b4511ba5c035e27c9fe8bfe7754741ac21bbc0303b81672e3117e5590fe2d92f912759b9937f64204ec5caa92e2cccb31016b13ed8d7bcabb03e176b1c9bda3bf1c1256ab74ab6f42ed9bafbbd0096263be1a7da1e1c88deec55a653d170e1e13c77dacaa60a37a6ba2383e661ebc9f13dbaade2dd884c9951819fb4608e19e70cd2496ccfb12f24c71f496cfe90400fe1bbea1e9a24b1d4664fb0776aca6269b396779680e52f86877d9209988d12ccb137be01ab7496d00547a7d4849d365a18dbb55c429cde87d33c4b74ad2273cdfee88b5418866ef327f25e9cbcd5a64d97107339f7e4cb5f8de171d2779c0f68884ae835e398f982d5749f085628d3608986656ea04b721f828202e9342bd7d19dfa091e772aebf9718030167a8c029df7c58b7f40029d7cfcaf26fd1900d8775ef373e8e2c5bf3525f907add3be426cd5a079c49abffe933e9ee213a3baf34f932d1299312691e1c53e6247ae0989ad66070d51fad22856a8b6b28954e7d41189b11c5321789eec8670de9e8db0b0473ba2e02731e60e7222697d61e052c18d4bcc6d1572fdf426f7b2fee6c1dee66c85c497b90facaf63b8ec5cde4a73400f9180bcfc0f81eca9580a7c81462a077f9034026bf72aa7c6de4b3c15d4a2dbd6fd7d87084aea9f25fb4bf5ec83eb56874a760533792dff2695407ccdd6a7375e0007230fd3f6501c152f1c1ff279b1d67cc95f2820762b7927659368e41657bdef2dd15b63498a93b787bdb26809d734aaf98b86fcf9fc643a34d03ebbe072820662d20d4774d66c5ae270adade5b8f6242a059b926221ee3d677487471c432b0d6d64dad030703475bb3ecac39b204a814f5ece5961621358e36f8a2cf7196c76959824bbb475a7cad8f57853fe05f59f341b5207cc9bb8d686982c2f158e0d8f5c7ec6cbfd500"/1453, 0x5ad, 0x0, &(0x7f0000000080)={0xa, 0x5e20, 0x3, @mcast2}, 0x1c)
sendto$inet6(r0, &(0x7f0000001380)="f26f01dee642b0491c8f905a4e6910b785d5a4ad508bf8ba13307092fb923bebcc12f52d8f084291e519cd1ee4e39ac22206da3e6dbc3d59b54db781f51fa7e4f31329f930b6f90d648c576822df0f95e2c1b9d225c7d79e24850ae3410257ca5cf9c56d59196e2e8c4b62009fb425683284e163747b28f01790afe36f206b4d2dd95006dba1a466f7b2ea72bd147fd9b01c6a73d63514dcf86ea5a1fd7cc9ab0fdce4d6529369b6ef20daa08f66cd52d46f824ae8d1f3bd4a4effed8fb291c6737d67221677551aa531e2eda3b6b84a7c7af18e964b6dcd7d39b1246d6a575913d48b18b03de48e0b2ae6a455461328b979dd2051eacd6963f30fb1bc9575f5a5e7d6e9f8c4131130ab1702139ce0167fa4e232562ca02b6550e4451d41d0fb563b67a83448466155c03170d9b5746bd0d2d6c349b3f28dc266a5d08fc9d7fd816e3c6422edc059ea902f4029b4b3c2f117dfe5c2daf5e8357b1003ca9d85b589174bb49d8a8b1b06ff8cc17eb0d41be3e7bcd9d660d5953b1c00ad963f185e9ec1b9de53a17590680fdff44d946092d1ac857baf24bc00b291fc9b00cb35dae98eff33476c0d1578f060aa995400f183927f6185341ae220b3f1b1ac3c1a6c307355dd11f96ca67b879ae7fd62af75005fb7ba5080c30987c99bbdb18170e398a1c071f6728043342d8c41454abb1d7d8e223236c3709382dca89f8b5bb01672bb594bc09de72934fc392df68fd23d927bac15dda81b03f7b78cdcf82ec5ec4c2c5bd68508fb3026019027424486bdb1d5fb150ac9fb3970fbe3c6612fcb15b531eda9561c608cae4dfb754d45af6bc4dd1bde0b04bf03d0e8c7117930bfa532f3f6c52773231178c6d65e6ddb550a8a2dc49c4096459e4b77918853ba9ba12dd8154ce119f2bbae093ae59131013b657900279a91fb2bde2090d513f47953a5faa6b531a931208c0afa1e7a1061189ca26025fb1f0b329b82d3a1adf01f5deb49ffd97bf363a72d83b39065d1a44cf112d6c95939e983372b6b090768b0dd4e5065935bf5e7bbbb723b59d1315b21ff031496a70a4e79b1d9ce89be0ff6cbfa616474c6a07960b35c7d370559ae8486f405411db45a317834eac8e0875545baf99ec38c33c3c034d9a42f93b07942673dbaf222f2d5796ad826fd92999e99913dedac52ee57066456a0380d7558848e92523f942485c47fbeffb70ac33a55529bc613a31f15f0afe7ebdbad5a473f4914254df2c89e89615c0cf49f3dd7ab46f2d5f8e487f79a5e7de76b3dc7256b73049b5effd4a6b42253dacaaf682f83a9a1de23145beae5bb0e61ba89c6b66a6b85e069902791669c9c0dc4bc00c6ea2fe757feb0863a123127435252820b0245a722d53a51889ec32e314ad07e30430eabf0296bceca5292161fb89e68fa818ad4cc15b717f59a4cb80d3c24070c44afff375c03b520c669118468debf007a5d7ac3eaa9e0829a13a40e297320c6dff7dbd2173b895bd6b9121be72b90fc56a471b4ef43503c4a8ad09656b1039311e327afb064a33509a6f61a6c484db71b28b46f246fc382dae30cf52b94bd8cca40e8de13dc7b4dbac1b9ebf547dd00cdd1ffb0a3bcbe220ca73bc4e3097346936ba5ebab55edf9c58bf2844e3826fb89814207e0c2e0c167964244499a09dddb9d60adf27a606055021dc9270f5fd4f460c580e927d35ebace821fdaea496ce85e624a07dcb3390a2d72fb7ba0110a5117f3839794f5258689c2b0960cee2339da5af304ef2c0d37a8fe14c27bd2b995bd0fd28bba66f9a97223ec33ad18bca07c308afebee83882a446d7874d851fa8e61025337c0fe7bb483cb33258fd1cecc35c533fdd0c87b01dc63574fb186db8f1cda52b50240d9202241c234fdb6d4ba70a050fe52b0bf7bdc62967870c249315f8bd57bbb21ce6e37580d87b3f18b17d8c2935c4e82335366044fb85434212bf4629fbc737adc6efab82", 0x57b, 0x1, &(0x7f0000000400)={0xa, 0x4e23, 0x9, @remote, 0x5}, 0x1c)

1m9.764225122s ago: executing program 3 (id=1068):
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0xfffffffc, {0x0, 0x0, 0x0, r1, {0x0, 0x4}, {0xffff, 0xffff}, {0xfff3}}, [@qdisc_kind_options=@q_etf={{0x8}, {0x14, 0x2, @TCA_ETF_PARMS={0x10, 0x1, {0x0, 0xb, 0x4}}}}]}, 0x40}}, 0x0)

1m9.648220125s ago: executing program 33 (id=1068):
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0xfffffffc, {0x0, 0x0, 0x0, r1, {0x0, 0x4}, {0xffff, 0xffff}, {0xfff3}}, [@qdisc_kind_options=@q_etf={{0x8}, {0x14, 0x2, @TCA_ETF_PARMS={0x10, 0x1, {0x0, 0xb, 0x4}}}}]}, 0x40}}, 0x0)

3.742976876s ago: executing program 4 (id=1755):
migrate_pages(0x0, 0xa94b, 0x0, &(0x7f0000000bc0)=0x27e0407a)

3.742832402s ago: executing program 4 (id=1756):
r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000000c0), 0x2)
r1 = memfd_create(&(0x7f0000000940)='y\x105\xfb\xf7u\x83%\b\x00\x00\x00\x00\x00\x00\x00\xea_\xccZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x10\x00\x00\x00\x04\x879\xa24\xa9a\b\x00\xb2\xd3\xcbZJ\x7fa\xc4\x1acB\xaa\xc1\xfb Q\x96\xd9xJ2\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea\b\x00\x00\x00\x00\x00\x00\x00\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9V\x01A\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\x0f<\x91\xb0\xa8\x9eo\xebF(\a\x00\x01vRk\xaabB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\x80\x81\xa0\xa2-g\b\x99\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\xd5\xf3\\\x00\xbe]Et\xad*\xecn\x02\xc8\xc4\f\x04\x99\xf6\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc8L\xae\x1ff\xcf\xb3\xb65\x12\x89\x02\x82t\x0f\xb0\xe89\x16\fO\x19\x91\xfd\x10\x0e\xa7r\x12\xab\xd4\xd1d\xad\f\x11\xb3\xb3c\xe2\xfe\xcd\x9f7\xa1\x14\xfa\xe2\xdf\x7f\xf4NG\xe3\xeb\x18\xde|\xb3\xf5S\x9a\x04\xb4Lry\xa9\xd6\xfb\xbc\n+N\xf7\xf6\x87\x95\xd9+\xd2sc/\x06\xaa#K3,k\xf3(\xcc\xc7\xb47\xfa\xc3\x1c\x91!\xd3\xd2`-\xa2xrR\x1c\x81i\x87u|29Q\xdf\xed\x10\x9b\x930\xa8v\xa0\x88\xa4t\x17\xb2\xca9\x02\x03\xc9P\xcc\xe0\xb7\x9c\x82\xb4\x03\x83e\xee\x95\xccO\x1b\x83\f\n{\xf3\x12\x90\xcf\x10\xb5>\b3\x80\x8d\xb2%7\x10\xeee\xe4\xc3\xb2^\xad\xb6~\xa2\xbdE\xbf\x91\vqt\x81\xbd\x19\xde\x81\tw\xd4p\xd1\x8aNJ\xb3M\a\xc4\xfa\xb0,$\x81j\xb4Hs\x93>\x16U\xd0t\xe4\xca0T\xb7\xf7\x9d4\b\xd9\xdeps\xec\xa0\nJ\xa5\xfe\xda{(\xee\xb5\x11?\xc3I-\x8bc\xc9\xfb\a\xe5\xab\xf8v1\xdc\xc5\x8c\xebs1\x81\xca\x81l\xa12\xff<\xf5\x12\xcc+\xd4\xab\x84\x16\xa4+\x0e\xd4\x02\xe3\xaa1\xeam\x8ce\xb4r\x0eo&3wff\xe6\x91\x7f\xba\xad\x05\xdd\xc0+\"\xa5\x80\'#\xfd\x9dA&\xee \x18\xe5\x17\x1bd\xd0\xb9\x90\xde\xec\xe4M\xe5\x06\x03r\fc\x8c\x10\x99x\xec`e`\xc3F\xdf\xbc\xa8\xff\x05\xe6\xea\xc3u\xd7\t\x88<\"\xf7!\xd6\x0e\xbbE^\xcd\xb0\x15g\xe6\xf2?y1\x9f\xd3\x95\xc4E\xd0\xb4\x16`r\x14\xad\x02\x17\x9a\x86I]\x02f\xd3\xc9\xe1H\xd7c\xcaQ\x8cE7\xcc\xcf=\xf3\xf7\xb9\xf6s\x88\bZi\b*w\xc5;\x88\r\xab\xa1\t\xf1\x02)5\x00\x84', 0xb)
fcntl$addseals(r1, 0x409, 0x7)
ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f00000002c0)={r1, 0x0, 0x0, 0x8000})

3.704219401s ago: executing program 4 (id=1757):
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_HANDLE(r0, 0x113, 0x3, 0x0, &(0x7f0000000040))

3.570417728s ago: executing program 4 (id=1760):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100009e173610ef171e7206de01020309090212000100000000090400000002"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)

1.088618002s ago: executing program 1 (id=1782):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
r1 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, &(0x7f0000000280)={{0x8}, 0x0, [0x40000000, 0x0, 0x4, 0x3, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x80000000, 0x2, 0x3, 0x4, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x5, 0x4829d, 0x1000000000000, 0x0, 0x0, 0x0, 0x1000008000, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x9, 0x0, 0xfffffffffffffffc, 0x4, 0x0, 0x10000, 0x4, 0xfdfffffffffffffe, 0x0, 0xd0, 0x0, 0x0, 0x1, 0x20040000000, 0x0, 0x8, 0x80000000, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x2, 0x0, 0x0, 0x100003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x7, 0x1, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x2000000000000000, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1075, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x3, 0x7, 0x0, 0x20, 0x6, 0xffffffff80000001, 0x2, 0x0, 0xfffffffffffffffc, 0x4]})

1.088289295s ago: executing program 0 (id=1783):
r0 = openat$cachefiles(0xffffff9c, &(0x7f0000000000), 0x40, 0x0)
poll(&(0x7f0000000240)=[{r0, 0xc}], 0x1, 0x1)

1.085419297s ago: executing program 1 (id=1784):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = dup(r0)
write$UHID_INPUT(r1, &(0x7f0000001040)={0x9, {"a2e339084fc752f91b2909094bf70e0dd038e7ff7fc6e5539b324c078b089b34333b6d1a0890e0878f0e1ac6e7049b076d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31300d366d0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea76db496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff94ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2375fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df0784c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495103f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b4bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d618e462071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158ee3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc00100000000000000662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af44863c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000000000000000000d1b0000000000000000000000000000000000000000000000000000510b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200", 0x1000}}, 0x1006)

1.00370569s ago: executing program 0 (id=1785):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000000), r0)
sendmsg$IEEE802154_ADD_IFACE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)={0x34, r1, 0x201, 0x70bd2d, 0x25dfdbff, {}, [@IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy1\x00'}, @IEEE802154_ATTR_DEV_TYPE={0x5, 0x20, 0xff}, @IEEE802154_ATTR_HW_ADDR={0xc}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000)

1.003344688s ago: executing program 0 (id=1786):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r4, 0x6, 0xe, &(0x7f00000010c0)={@in6={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}}, 0x0, 0x0, 0x1b, 0x0, "61a1ed8439cde8054f2ada6fcd5fe76b933e8bb0ac60081e33dffa150835f7519d5f73b4f5d80eb4881a5b98cb9fb96d225d602392f816d0bdcc09b5063087117502d8c24f1fe97f61fd27a06d6a38a7"}, 0xd8)
fcntl$getownex(r3, 0x10, 0x0)
sendto$inet6(r4, 0x0, 0x0, 0x20000841, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @empty}, 0x1c)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r5, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x24, 0x1, 0x4, 0x101, 0x0, 0x0, {0x1, 0x0, 0x5}, [@NFULA_CFG_CMD={0x5, 0x1, 0x1}, @NFULA_CFG_NLBUFSIZ={0x8, 0x3, 0x1, 0x0, 0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x4040000}, 0x0)

923.4407ms ago: executing program 1 (id=1787):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000001c0)={'syz_tun\x00', &(0x7f0000002fc0)=@ethtool_wolinfo={0x3, 0x100, 0x7f, "37d28d588abe"}})

923.197003ms ago: executing program 1 (id=1788):
sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x38, 0x1403, 0x1, 0x70bd2c, 0x25dfdbfc, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB=' \x00\x00'], 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x2000004)
r0 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7734, 0x80, 0x0, 0x34f}, &(0x7f00000000c0)=<r1=>0x0, &(0x7f0000000000)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x15523ea56aa22b9a, 0x0, 0x0, 0x0, 0x12345})
io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0)

437.866278ms ago: executing program 4 (id=1789):
r0 = socket$inet(0x2, 0x2, 0x1)
sendmsg$inet(r0, &(0x7f00000000c0)={&(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10, &(0x7f0000000540)=[{&(0x7f0000000280)="08001efbb07d5a6e", 0x8}], 0x1, &(0x7f0000000000)=[@ip_retopts={{0x14, 0x0, 0x7, {[@generic={0x86, 0x2}]}}}], 0x18}, 0x4840)

436.687854ms ago: executing program 4 (id=1790):
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x13ec, 0x6, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0xc5, [{{0x9, 0x4, 0x0, 0x0, 0x4, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x1, 0x1, {0x22, 0x3}}, {{{0x9, 0x5, 0x81, 0x3, 0x40, 0x8, 0x4}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000400)={0x24, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="002218"], 0x0}, 0x0)

435.960824ms ago: executing program 1 (id=1791):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000001c0)='./binderfs/binder0\x00', 0x806, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
r2 = dup3(r1, r0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x7}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r3}, 0x10)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x1080})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})

333.478442ms ago: executing program 1 (id=1792):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000240)='./file0\x00', 0x8c0, &(0x7f0000000100)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6572726f72733d72656d6f756e742d726f2c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c6c6f63616c666c6f636b732c696e74722c6e6f61636c2c001967b9b8a6cdd636d75428f2c5e8054d01858eef552755576e749526b36860cf2511040d1ce5a743ffd83d29d1ba3a54a59d8c7aa249f08d3c8c6d04ac105d67934db6190d59f2323b55a5a4"], 0x1, 0x4431, &(0x7f00000088c0)="$eJzs3b9PHFceAPA3Az6Dz/ZhnwufdNKtdJbudHdC4OoSLAVjbAw2ceTELtKsF1jbJAtrwRKlcEE6S6kipYhSWImUjspCSu38CWlSOrWlpEgTKZIVop2dxcywGzaEhdj6fIod5v2G78zbN8Xw4lTt7vxyYX65UFosVGdvL58tvFetrCyUQ7xPWvZ/aP/6pzPduE5+rc0v92zktHLtwqU3b54N4au5b55ubGxshLre0NLwlp9//OH+7NZjU5yrU2+3dWt75e0Qwqlt46rrCSH0hRCiEML5NG0sPfaHEI6leTfvf3irsEejefSkfK74bPrB+siZqbWH6+1/9yiETyt/+9+dhe/+2TPy7X/2qHsAAAAAAAAAAAAAAAAAAF5wE9ev3XhjaDg8jkLvWrT9fd2J9Nju/diNPfOP7v+yAAAAAAAAAAAAAAAAAAAA8Af1/P3/QnSyxfv/4+lxtE39jde6P0a6Z/L1a+MXh4bT/d+jbfn/T5O+P98TTrTY9z2///v5XP3W+79v72e3muNr9jsQongwcx7Hg4MhfJ5u/H46OhJXqsu1/96urizO7dkwXljZ+Dd2789EJ93Qv8P4x2O59ru///9ft11N9fNbe3eJvdSy8e9pW+6LD6KO7v8LuXr7EX92Lxv/3iStf2uB0cYEUI//R707x38813634n88hFCI6mMtZGaA+hqmnt5uvUJWNv6HkrTM1Jn+Idvd/z/l4n8x1/5Bzf+r+S8iWsrG/09JWl+mxOHkM4l/vPP9fynX/kHEvz7+Vd//HcnGvxHr0JspkvwlO53/J3Ltt43/4d837htxOs7jUeYKWIsa6e3+Xx1Z2fj3bct//vwXd7T+u5yrv1/Pf81+m89/zen/31Hj+Y/WsvHvb1uu0/t/Mlev2/P/aLL+Y7ey8T+SpGXXzgPJZ6fxn8q13634J08lfc34P59Pfj7cSP/M+q8j2fj/uZEYby2xmnwm679o5/X/lVz7B7H+q49/Ne5ury+LbPyPti1Xj//XHXz/X83V6378Qxiy1t+1bPyPtS2X3P99O8d/Olev2/H/VzcbBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgBjKXHgRDFg5nzOB4cDOFCen46HIlmSnPFmUp19t3lEMbT9EI4Gd2pVGdKleL8YnWuXCxVKtXZEC6m+adCX7RcqdaKC6V7lzbb6o/ulktLtZlyqRZCmEjT/x6ONduama8tlO6FEC5v5v0lri7du1taLM7NL706NDQ0FCY3x3AiKr9fKy/WGr03ckOY2qw7EG0ZXJJ9ZXMsR6N3qitLi6VKkn51S51KdbZU2VJnOs37OJyIaksri7OlWrlYqd5p9neQRtPj+OT1t65fHd6WfytqHMf2d1gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/EaPR175JITQ2ziLQwijzR+iVuUfPSmfKz6bfrA+cmZq7eH603blAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgF3bgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwS8eoCQRRGIDfTIokXY6Rakm6tBsCISmyQfAEegwPo0fxEt7BwsLWQgTZRV13YRutvq95MD8z78E8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGCY71E1/n97j0jxtH+MWE5X6/P8t67zz+77D3eYkdv5+au+Tn+YrvKP+mhT5mO6284m0VEbi9aetPfpss9z71x9+9Y3X9P3JVIuIqKs89eUc1EMewsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgwA4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRR9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC/AgAA////gRtE")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
r1 = syz_io_uring_setup(0xd5, &(0x7f0000000640)={0x0, 0xc12b, 0x0, 0x0, 0x1f8}, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000080)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0xffffffffffffffff, 0x0})
io_uring_enter(r1, 0x47ba, 0x0, 0x0, 0x0, 0x0)

73.479844ms ago: executing program 0 (id=1793):
prlimit64(0x0, 0x6, &(0x7f0000000140)={0x8, 0x89}, 0x0)
syz_clone(0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0)

122.408µs ago: executing program 0 (id=1794):
r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0x7fff, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000000)={0x24, 0x1, 0x0, "3a8e00000034b52ba75066c25a91ca55e21f0000000000b2b678d200", 0x3447504d})

0s ago: executing program 0 (id=1795):
bpf$MAP_CREATE(0x0, &(0x7f0000002d40)=@bloom_filter={0x1e, 0x0, 0xc, 0xfffffff5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1}, 0x50)

kernel console output (not intermixed with test programs):

 comm="syz.0.805" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f0da0f2add9 code=0x7ffc0000
[  134.048366][   T33] audit: type=1326 audit(1755269217.710:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7777 comm="syz.0.805" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f0da0f2add9 code=0x7ffc0000
[  134.364447][ T7784] netlink: 8 bytes leftover after parsing attributes in process `syz.0.808'.
[  134.733949][ T7801] loop2: detected capacity change from 0 to 4096
[  135.001659][ T7814] netlink: 8 bytes leftover after parsing attributes in process `syz.2.821'.
[  135.037522][ T7816] loop2: detected capacity change from 0 to 256
[  135.040581][ T7816] exfat: Deprecated parameter 'namecase'
[  135.047730][ T7816] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x2eabf3fa, utbl_chksum : 0xe619d30d)
[  135.380264][ T7838] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  135.395868][ T7840] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  135.407741][ T7840] batman_adv: batadv0: Removing interface: batadv_slave_0
[  135.420420][ T7840] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check.
[  135.788019][ T5944] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  135.863793][ T5849] usb 2-1: new full-speed USB device number 11 using dummy_hcd
[  135.885053][ T5944] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  135.977007][ T5944] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  136.025635][ T5849] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  136.030101][ T5849] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  136.050889][ T5849] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  136.055449][ T5849] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  136.058762][ T5849] usb 2-1: Product: syz
[  136.060525][ T5849] usb 2-1: Manufacturer: syz
[  136.063015][ T5849] usb 2-1: SerialNumber: syz
[  136.079808][ T5944] netdevsim netdevsim2 netdevsim0 (unregistering): left allmulticast mode
[  136.094992][ T5944] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  136.181798][ T7860] pvfs2: Unexpected value for 'acl'
[  136.236927][ T5934] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  136.240433][ T5934] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  136.247598][ T5934] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  136.251470][ T5934] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  136.256472][ T5934] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  136.321223][ T5849] usb 2-1: 0:2 : does not exist
[  136.334829][ T5944] bridge_slave_1: left allmulticast mode
[  136.337815][ T5944] bridge_slave_1: left promiscuous mode
[  136.341221][ T5944] bridge0: port 2(bridge_slave_1) entered disabled state
[  136.345748][ T5849] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[  136.359929][ T5944] bridge_slave_0: left allmulticast mode
[  136.362435][ T5944] bridge_slave_0: left promiscuous mode
[  136.365948][ T5944] bridge0: port 1(bridge_slave_0) entered disabled state
[  136.397876][ T5849] usb 2-1: USB disconnect, device number 11
[  136.451673][ T6765] udevd[6765]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  136.674804][ T5944] team0: Port device geneve0 removed
[  136.848273][ T5944] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  136.857443][ T5944] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  136.867867][ T5944] bond0 (unregistering): (slave batadv0): Releasing backup interface
[  136.878092][ T5944] bond0 (unregistering): Released all slaves
[  136.944576][ T7895] netlink: 8 bytes leftover after parsing attributes in process `syz.1.859'.
[  136.948163][ T7895] netlink: 4 bytes leftover after parsing attributes in process `syz.1.859'.
[  136.951582][ T7895] netlink: 'syz.1.859': attribute type 6 has an invalid length.
[  137.107561][ T7901] loop1: detected capacity change from 0 to 512
[  137.150142][ T7901] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  137.226003][ T7901] UDF-fs: error (device loop1): udf_read_inode: (ino 19) failed ident=264
[  137.229355][ T7901] binfmt_misc: register: failed to install interpreter file ./file0
[  137.289454][ T7862] chnl_net:caif_netlink_parms(): no params data found
[  137.632286][ T7862] bridge0: port 1(bridge_slave_0) entered blocking state
[  137.646455][ T7862] bridge0: port 1(bridge_slave_0) entered disabled state
[  137.651576][ T7862] bridge_slave_0: entered allmulticast mode
[  137.666025][ T7862] bridge_slave_0: entered promiscuous mode
[  137.669379][ T7914] loop1: detected capacity change from 0 to 2048
[  137.687610][ T7862] bridge0: port 2(bridge_slave_1) entered blocking state
[  137.712250][ T7862] bridge0: port 2(bridge_slave_1) entered disabled state
[  137.726852][ T7916] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  137.735341][ T7862] bridge_slave_1: entered allmulticast mode
[  137.742783][ T7862] bridge_slave_1: entered promiscuous mode
[  137.928005][ T7862] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  137.966349][ T7920] loop1: detected capacity change from 0 to 2048
[  137.972278][ T7862] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  138.039761][ T6765]  loop1: p3 < > p4 < >
[  138.045641][ T6765] loop1: partition table partially beyond EOD, truncated
[  138.063482][ T6765] loop1: p3 start 4284289 is beyond EOD, truncated
[  138.110627][ T7920]  loop1: p3 < > p4 < >
[  138.115843][ T7920] loop1: partition table partially beyond EOD, truncated
[  138.146678][ T7920] loop1: p3 start 4284289 is beyond EOD, truncated
[  138.187305][ T7862] team0: Port device team_slave_0 added
[  138.214398][ T7862] team0: Port device team_slave_1 added
[  138.303747][ T5934] Bluetooth: hci2: command tx timeout
[  138.331880][ T7862] batman_adv: batadv0: Adding interface: batadv_slave_0
[  138.335663][ T7862] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  138.357861][ T7862] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  138.385761][ T7862] batman_adv: batadv0: Adding interface: batadv_slave_1
[  138.390518][ T7862] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  138.401766][ T7862] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  138.500378][ T7933] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  138.505772][ T7933] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock
[  138.510139][ T7933] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  138.512351][ T7862] hsr_slave_0: entered promiscuous mode
[  138.514149][ T7933] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock
[  138.523222][ T7862] hsr_slave_1: entered promiscuous mode
[  138.536449][ T7862] debugfs: 'hsr0' already exists in 'hsr'
[  138.538979][ T7862] Cannot create hsr debugfs directory
[  138.823850][    T9] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  138.827929][ T5944] hsr_slave_0: left promiscuous mode
[  138.831152][ T5944] hsr_slave_1: left promiscuous mode
[  138.835302][ T5944] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  138.838678][ T5944] batman_adv: batadv0: Removing interface: batadv_slave_0
[  138.842952][ T5944] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  138.849817][ T5944] batman_adv: batadv0: Removing interface: batadv_slave_1
[  138.873829][ T5944] veth1_macvtap: left promiscuous mode
[  138.876558][ T5944] veth0_macvtap: left promiscuous mode
[  138.879037][ T5944] veth1_vlan: left promiscuous mode
[  138.881589][ T5944] veth0_vlan: left promiscuous mode
[  139.018259][    T9] usb 1-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  139.022793][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  139.032065][    T9] usb 1-1: config 0 descriptor??
[  139.251275][ T5944] team0 (unregistering): Port device team_slave_1 removed
[  139.294110][ T5944] team0 (unregistering): Port device team_slave_0 removed
[  139.801150][ T7862] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  139.817493][ T7862] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  139.830755][ T7862] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  139.848450][ T7862] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  139.854205][    T9] usb 1-1: Cannot set autoneg
[  139.856355][    T9] MOSCHIP usb-ethernet driver 1-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[  139.875674][    T9] usb 1-1: USB disconnect, device number 13
[  140.028720][ T7862] 8021q: adding VLAN 0 to HW filter on device bond0
[  140.060408][ T7862] 8021q: adding VLAN 0 to HW filter on device team0
[  140.070679][ T1118] bridge0: port 1(bridge_slave_0) entered blocking state
[  140.073708][ T1118] bridge0: port 1(bridge_slave_0) entered forwarding state
[  140.083136][ T1118] bridge0: port 2(bridge_slave_1) entered blocking state
[  140.085851][ T1118] bridge0: port 2(bridge_slave_1) entered forwarding state
[  140.257241][ T7862] 8021q: adding VLAN 0 to HW filter on device batadv0
[  140.300583][ T7862] veth0_vlan: entered promiscuous mode
[  140.318146][ T7862] veth1_vlan: entered promiscuous mode
[  140.360660][ T7862] veth0_macvtap: entered promiscuous mode
[  140.386691][ T5934] Bluetooth: hci2: command tx timeout
[  140.398247][ T7862] veth1_macvtap: entered promiscuous mode
[  140.436558][ T7862] batman_adv: batadv0: Interface activated: batadv_slave_0
[  140.447697][ T7862] batman_adv: batadv0: Interface activated: batadv_slave_1
[  140.470770][ T5944] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  140.477541][ T5944] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  140.481309][ T5944] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  140.485575][ T5944] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  140.611572][ T1118] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  140.624870][ T1118] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  140.659386][  T656] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  140.665729][  T656] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  140.783956][   T47] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  140.933820][   T47] usb 2-1: Using ep0 maxpacket: 32
[  140.938131][   T47] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  140.942675][   T47] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  140.950186][   T47] usb 2-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  140.955970][   T47] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  140.961355][   T47] usb 2-1: config 0 descriptor??
[  141.414795][   T33] kauditd_printk_skb: 567 callbacks suppressed
[  141.414958][   T33] audit: type=1400 audit(1755269225.180:586): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name=3A273A02 pid=8026 comm="syz.3.887"
[  141.482044][   T47] ft260 0003:0403:6030.0007: unknown main item tag 0x7
[  141.571320][ T8037] loop3: detected capacity change from 0 to 256
[  141.580053][ T8037] exfat: Deprecated parameter 'namecase'
[  141.586778][ T8037] exfat: Deprecated parameter 'utf8'
[  141.600383][ T8037] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d)
[  141.650782][   T47] ft260 0003:0403:6030.0007: chip code: 6424 8183
[  141.851339][   T47] ft260 0003:0403:6030.0007: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.1-1/input0
[  142.052066][   T47] ft260 0003:0403:6030.0007: failed to retrieve status: -32, no wakeup
[  142.067977][   T47] ft260 0003:0403:6030.0007: failed to retrieve status: -32
[  142.210718][ T8062] netlink: 4 bytes leftover after parsing attributes in process `syz.3.899'.
[  142.275323][ T2299] usb 1-1: new full-speed USB device number 14 using dummy_hcd
[  142.293323][    T9] usb 2-1: USB disconnect, device number 12
[  142.339209][ T8068] netlink: 'syz.3.902': attribute type 1 has an invalid length.
[  142.342394][ T8068] netlink: 184 bytes leftover after parsing attributes in process `syz.3.902'.
[  142.351296][ T8068] netlink: 'syz.3.902': attribute type 1 has an invalid length.
[  142.419546][ T8072] loop3: detected capacity change from 0 to 512
[  142.435485][ T2299] usb 1-1: unable to get BOS descriptor or descriptor too short
[  142.438947][ T2299] usb 1-1: not running at top speed; connect to a high speed hub
[  142.441588][ T8072] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  142.446094][ T8072] ext4 filesystem being mounted at /17/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  142.449832][ T2299] usb 1-1: config 129 has an invalid interface number: 135 but max is 1
[  142.453181][ T2299] usb 1-1: config 129 has no interface number 1
[  142.456138][ T5934] Bluetooth: hci2: command tx timeout
[  142.458460][ T2299] usb 1-1: config 129 interface 0 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 5
[  142.465819][ T2299] usb 1-1: config 129 interface 135 has no altsetting 0
[  142.468630][ T2299] usb 1-1: config 129 interface 0 has no altsetting 0
[  142.474686][ T2299] usb 1-1: New USB device found, idVendor=2040, idProduct=721f, bcdDevice=f2.62
[  142.478486][ T2299] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  142.481483][ T2299] usb 1-1: Product: syz
[  142.483509][ T2299] usb 1-1: Manufacturer: syz
[  142.489973][ T2299] usb 1-1: SerialNumber: syz
[  142.496295][ T7862] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  142.565592][ T8077] loop3: detected capacity change from 0 to 764
[  142.709973][ T2299] au0828: au0828: Device initialization failed.
[  142.712208][ T2299] au0828: au0828: Device must be connected to a high-speed USB 2.0 port.
[  142.721475][ T2299] usb 1-1: USB disconnect, device number 14
[  142.862711][ T8083] loop3: detected capacity change from 0 to 32768
[  142.874774][ T8083] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.908 (8083)
[  143.042566][ T8083] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  143.046851][ T8083] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  143.050555][ T8083] BTRFS info (device loop3): using free-space-tree
[  143.415790][   T36] BTRFS warning (device loop3): checksum verify failed on logical 5328896 mirror 1 wanted 0xac8366d3d2e6f7dc04e332773638acafeccdac9b39be662d19e98924efedf548 found 0x09baaddde01c70d9f564d40d40bbd1072cb01ca9c506f6ee2b940aea4af18207 level 0
[  143.458057][ T8083] BTRFS warning (device loop3): failed to read root (objectid=4): -5
[  143.461113][ T8083] BTRFS warning (device loop3): try to load backup roots slot 1
[  143.475230][ T8083] BTRFS warning (device loop3): global root 2 0 already exists
[  143.478649][ T8083] BTRFS error (device loop3): failed to load root extent
[  143.481639][ T8083] BTRFS warning (device loop3): try to load backup roots slot 2
[  143.485518][   T36] BTRFS error (device loop3): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  143.489693][ T8083] BTRFS warning (device loop3): couldn't read tree root
[  143.492229][ T8083] BTRFS warning (device loop3): try to load backup roots slot 3
[  143.498224][   T36] BTRFS warning (device loop3): checksum verify failed on logical 5251072 mirror 1 wanted 0x3733e4df68c3b780deac4f047b3ac85a180e047a8c6c5314b53c1b8a9369ce12 found 0x14b35fdb1819392a43b7915d2192f571ea07cbff49835ef44835d3e0976a7a91 level 0
[  143.506731][ T8083] BTRFS error (device loop3): failed to load root extent
[  143.525029][ T8083] BTRFS error (device loop3): open_ctree failed: -5
[  143.649081][ T8113] netlink: 12 bytes leftover after parsing attributes in process `syz.3.912'.
[  144.095310][  T795] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  144.246233][  T795] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  144.249929][  T795] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  144.253497][  T795] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  144.259169][  T795] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  144.262596][  T795] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  144.268030][  T795] usb 4-1: config 0 descriptor??
[  144.533956][ T5934] Bluetooth: hci2: command tx timeout
[  144.667536][ T8137] overlayfs: conflicting options: userxattr,redirect_dir=follow
[  144.688436][  T795] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x3
[  144.691758][  T795] plantronics 0003:047F:FFFF.0008: unbalanced collection at end of report description
[  144.699835][  T795] plantronics 0003:047F:FFFF.0008: parse failed
[  144.706699][  T795] plantronics 0003:047F:FFFF.0008: probe with driver plantronics failed with error -22
[  144.895950][ T2299] usb 4-1: USB disconnect, device number 2
[  144.949536][ T8149] netlink: 'syz.1.929': attribute type 2 has an invalid length.
[  144.952260][ T8149] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.929'.
[  144.970221][ T8149] nbd: must specify at least one socket
[  145.294749][ T8172] tap0: tun_chr_ioctl cmd 1074025675
[  145.297186][ T8172] tap0: persist enabled
[  145.299380][ T8172] tap0: tun_chr_ioctl cmd 1074025675
[  145.301763][ T8172] tap0: persist enabled
[  145.691641][ T8188] netlink: 148 bytes leftover after parsing attributes in process `syz.3.947'.
[  145.720657][ T8188] netlink: 116 bytes leftover after parsing attributes in process `syz.3.947'.
[  147.189189][ T8196] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  147.295143][   T33] audit: type=1326 audit(1755269231.070:587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8201 comm="syz.1.952" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb03078ebe9 code=0x7ffc0000
[  147.323708][   T33] audit: type=1326 audit(1755269231.070:588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8201 comm="syz.1.952" exe="/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7fb03078ebe9 code=0x7ffc0000
[  147.336004][   T33] audit: type=1326 audit(1755269231.070:589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8201 comm="syz.1.952" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb03078ebe9 code=0x7ffc0000
[  147.355200][   T33] audit: type=1326 audit(1755269231.070:590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8201 comm="syz.1.952" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb03078ebe9 code=0x7ffc0000
[  147.542241][ T8200] loop3: detected capacity change from 0 to 32768
[  147.564946][ T8204] loop1: detected capacity change from 0 to 32768
[  147.572749][ T8204] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.953 (8204)
[  147.580857][ T8204] BTRFS info (device loop1): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  147.586069][ T8204] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm
[  147.590132][ T8204] BTRFS info (device loop1): disk space caching is enabled
[  147.594634][ T8204] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  147.762098][ T8204] BTRFS info (device loop1): rebuilding free space tree
[  147.779359][ T8204] BTRFS info (device loop1): disabling free space tree
[  147.779776][ T8229] loop3: detected capacity change from 0 to 512
[  147.782313][ T8204] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  147.802742][ T8229] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2
[  147.807259][ T8229] EXT4-fs error (device loop3): ext4_orphan_get:1418: comm syz.3.956: bad orphan inode 15
[  147.823366][ T8229] ext4_test_bit(bit=14, block=4) = 1
[  147.832989][ T8204] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  147.839694][ T8229] is_bad_inode(inode)=0
[  147.841420][ T8229] NEXT_ORPHAN(inode)=0
[  147.860854][ T8229] max_ino=32
[  147.862377][ T8229] i_nlink=1
[  147.870619][ T8229] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  147.925847][ T5958] BTRFS info (device loop1): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  147.938325][ T7862] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  148.793147][ T8247] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8)
[  148.796081][ T8247] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  148.823431][ T8247] vhci_hcd vhci_hcd.0: Device attached
[  148.862323][ T8255] vhci_hcd: connection closed
[  148.863547][ T5944] vhci_hcd: stop threads
[  148.873309][ T5944] vhci_hcd: release socket
[  148.879996][ T5944] vhci_hcd: disconnect device
[  149.403565][ T8261] loop1: detected capacity change from 0 to 8
[  149.422521][ T8261] process 'syz.1.965' launched './file0/file0' with NULL argv: empty string added
[  149.723769][   T10] usb 2-1: new low-speed USB device number 13 using dummy_hcd
[  149.876786][   T10] usb 2-1: config index 0 descriptor too short (expected 1307, got 27)
[  149.880418][   T10] usb 2-1: config 0 has an invalid interface number: 0 but max is -1
[  149.884132][   T10] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 0
[  149.888166][   T10] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30
[  149.892824][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt
[  149.897158][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  149.901552][   T10] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246
[  149.918681][   T10] usb 2-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de
[  149.922559][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  149.925996][   T10] usb 2-1: Manufacturer: и
[  149.930784][   T10] usb 2-1: config 0 descriptor??
[  149.935611][   T10] hub 2-1:0.0: bad descriptor, ignoring hub
[  149.938261][   T10] hub 2-1:0.0: probe with driver hub failed with error -5
[  149.945923][   T10] input: и as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input6
[  150.150605][   T47] usb 2-1: USB disconnect, device number 13
[  150.262260][ T8271] Driver unsupported XDP return value 0 on prog  (id 87) dev N/A, expect packet loss!
[  150.340707][ T8275] loop3: detected capacity change from 0 to 2048
[  150.348276][ T8275] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  151.090009][ T8292] netlink: 16 bytes leftover after parsing attributes in process `syz.1.976'.
[  151.296254][ T8300] capability: warning: `syz.0.980' uses 32-bit capabilities (legacy support in use)
[  151.341040][ T8304] netlink: 28 bytes leftover after parsing attributes in process `syz.0.982'.
[  151.794125][  T795] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  151.954074][  T795] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  151.962372][  T795] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  151.966756][  T795] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  151.970076][  T795] usb 4-1: Product: syz
[  151.973530][  T795] usb 4-1: Manufacturer: syz
[  151.978526][  T795] usb 4-1: SerialNumber: syz
[  151.990160][  T795] usb 4-1: config 0 descriptor??
[  152.079459][  T795] snd-usb-audio 4-1:0.0: probe with driver snd-usb-audio failed with error -22
[  152.200483][ T6765] udevd[6765]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  152.262816][  T795] usb 4-1: USB disconnect, device number 3
[  152.775993][   T33] audit: type=1326 audit(1755269236.560:591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8341 comm="syz.0.994" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0da0f8ebe9 code=0x0
[  153.070754][ T8351] loop1: detected capacity change from 0 to 32768
[  153.116651][ T8351] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  153.163816][ T2299] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  153.168200][  T795] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  153.192718][ T5958] ocfs2: Unmounting device (7,1) on (node local)
[  153.324976][ T2299] usb 1-1: Using ep0 maxpacket: 32
[  153.328454][  T795] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e
[  153.331429][  T795] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  153.335485][ T2299] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  153.341889][ T2299] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  153.347361][ T2299] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  153.352439][  T795] usb 4-1: config 0 descriptor??
[  153.356593][ T2299] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  153.376274][ T2299] usb 1-1: config 0 descriptor??
[  153.385386][ T2299] hub 1-1:0.0: USB hub found
[  153.572382][  T795] ath6kl: Failed to submit usb control message: -71
[  153.587777][  T795] ath6kl: unable to send the bmi data to the device: -71
[  153.595619][ T2299] hub 1-1:0.0: 1 port detected
[  153.599185][  T795] ath6kl: Unable to send get target info: -71
[  153.612341][  T795] ath6kl: Failed to init ath6kl core: -71
[  153.615575][  T795] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -71
[  153.636501][  T795] usb 4-1: USB disconnect, device number 4
[  154.203038][ T2299] hub 1-1:0.0: activate --> -90
[  154.404990][   T47] usb 1-1: USB disconnect, device number 15
[  154.407578][ T2299] hub 1-1:0.0: hub_ext_port_status failed (err = -71)
[  154.613829][  T795] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  154.785382][  T795] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  154.789603][  T795] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  154.793374][  T795] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  154.798426][  T795] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  154.802218][  T795] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  154.807347][  T795] usb 2-1: config 0 descriptor??
[  154.810467][  T795] hub 2-1:0.0: USB hub found
[  155.015187][  T795] hub 2-1:0.0: 14 ports detected
[  155.023485][  T795] hub 2-1:0.0: insufficient power available to use all downstream ports
[  155.212592][  T795] hub 2-1:0.0: hub_hub_status failed (err = -71)
[  155.217998][  T795] hub 2-1:0.0: config failed, can't get hub status (err -71)
[  155.254420][  T795] usb 2-1: USB disconnect, device number 14
[  155.545952][ T8444] netlink: 5636 bytes leftover after parsing attributes in process `syz.0.1024'.
[  155.575371][   T47] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  155.744806][   T47] usb 4-1: config 2 has an invalid interface number: 243 but max is 0
[  155.748109][   T47] usb 4-1: config 2 has no interface number 0
[  155.750634][   T47] usb 4-1: config 2 interface 243 has no altsetting 0
[  155.757056][   T47] usb 4-1: New USB device found, idVendor=0547, idProduct=7303, bcdDevice=b9.ff
[  155.760880][   T47] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  155.764937][   T47] usb 4-1: Product: syz
[  155.766714][   T47] usb 4-1: Manufacturer: syz
[  155.768619][   T47] usb 4-1: SerialNumber: syz
[  155.837207][  T795] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  155.971502][ T8450] loop1: detected capacity change from 0 to 32768
[  155.978810][ T8450] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1027 (8450)
[  155.979670][   T47] gspca_main: dtcs033-2.14.0 probing 0547:7303
[  155.991975][ T8450] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  155.995242][ T8450] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm
[  155.998335][ T8450] BTRFS info (device loop1): using free-space-tree
[  156.004529][  T795] usb 1-1: Using ep0 maxpacket: 32
[  156.009231][   T47] usb 4-1: USB disconnect, device number 5
[  156.020471][  T795] usb 1-1: New USB device found, idVendor=04cb, idProduct=013d, bcdDevice=a4.42
[  156.033725][  T795] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  156.049449][  T795] usb 1-1: config 0 descriptor??
[  156.058133][  T795] gspca_main: finepix-2.14.0 probing 04cb:013d
[  156.159878][ T5958] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  156.267674][  T795] usb 1-1: USB disconnect, device number 16
[  157.153699][  T795] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  157.304030][  T795] usb 1-1: Using ep0 maxpacket: 16
[  157.309524][  T795] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  157.313532][  T795] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  157.317789][  T795] usb 1-1: New USB device found, idVendor=05ac, idProduct=024b, bcdDevice= 0.00
[  157.320870][  T795] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  157.326787][  T795] usb 1-1: config 0 descriptor??
[  157.817944][  T795] apple 0003:05AC:024B.0009: unknown main item tag 0x6
[  157.820684][  T795] apple 0003:05AC:024B.0009: ignoring exceeding usage max
[  157.824426][  T795] apple 0003:05AC:024B.0009: invalid report_size 16640
[  157.826942][  T795] apple 0003:05AC:024B.0009: item 0 2 1 7 parsing failed
[  157.829962][  T795] apple 0003:05AC:024B.0009: parse failed
[  157.832319][  T795] apple 0003:05AC:024B.0009: probe with driver apple failed with error -22
[  158.155802][  T795] usb 1-1: USB disconnect, device number 17
[  158.650103][ T8525] 9pnet_fd: p9_fd_create_unix (8525): problem connecting socket: ./bus: -1
[  159.122124][ T8553] comedi comedi2: dt2814: I/O port conflict (0x1,2)
[  159.161676][   T33] audit: type=1326 audit(1755269242.940:592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8554 comm="syz.1.1067" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb03078ebe9 code=0x0
[  159.222875][ T5944] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  159.244454][  T795] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  159.277921][ T5944] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  159.366111][ T5944] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  159.413686][  T795] usb 1-1: Using ep0 maxpacket: 32
[  159.421676][  T795] usb 1-1: config 0 has an invalid interface number: 89 but max is 0
[  159.422402][ T5944] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  159.433003][  T795] usb 1-1: config 0 has no interface number 0
[  159.437122][  T795] usb 1-1: config 0 interface 89 has no altsetting 0
[  159.445986][  T795] usb 1-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  159.449482][  T795] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  159.452712][  T795] usb 1-1: Product: syz
[  159.463743][  T795] usb 1-1: Manufacturer: syz
[  159.465741][  T795] usb 1-1: SerialNumber: syz
[  159.474521][  T795] usb 1-1: config 0 descriptor??
[  159.490061][  T795] em28xx 1-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[  159.500243][  T795] em28xx 1-1:0.89: Video interface 89 found: bulk
[  159.585100][ T5944] bridge_slave_1: left allmulticast mode
[  159.587073][ T5944] bridge_slave_1: left promiscuous mode
[  159.589448][ T5944] bridge0: port 2(bridge_slave_1) entered disabled state
[  159.596883][ T5944] bridge_slave_0: left allmulticast mode
[  159.601572][ T5944] bridge_slave_0: left promiscuous mode
[  159.608139][ T5944] bridge0: port 1(bridge_slave_0) entered disabled state
[  159.690940][ T5960] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  159.696967][ T5960] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  159.706556][ T5960] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  159.712033][ T5960] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  159.718679][ T5960] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  160.042451][ T5944] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  160.048661][ T5944] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  160.053437][ T5944] bond0 (unregistering): Released all slaves
[  160.098444][  T795] em28xx 1-1:0.89: unknown em28xx chip ID (0)
[  160.409186][ T8560] chnl_net:caif_netlink_parms(): no params data found
[  160.475828][ T8567] loop1: detected capacity change from 0 to 32768
[  160.516420][ T5944] hsr_slave_0: left promiscuous mode
[  160.518755][ T5944] hsr_slave_1: left promiscuous mode
[  160.527613][ T8567] XFS (loop1): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a
[  160.529629][ T5944] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  160.533326][ T5944] batman_adv: batadv0: Removing interface: batadv_slave_0
[  160.539379][ T5944] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  160.542039][ T5944] batman_adv: batadv0: Removing interface: batadv_slave_1
[  160.557391][ T5944] veth1_macvtap: left promiscuous mode
[  160.559431][ T5944] veth0_macvtap: left promiscuous mode
[  160.563022][ T5944] veth1_vlan: left promiscuous mode
[  160.564935][ T8567] XFS (loop1): Ending clean mount
[  160.566383][ T5944] veth0_vlan: left promiscuous mode
[  160.661307][ T5958] XFS (loop1): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a
[  160.734600][  T795] em28xx 1-1:0.89: read from i2c device at 0xa0 failed with unknown error (status=64)
[  160.738898][  T795] em28xx 1-1:0.89: board has no eeprom
[  160.998762][  T795] em28xx 1-1:0.89: Identified as Terratec Grabby (card=67)
[  161.001787][  T795] em28xx 1-1:0.89: analog set to bulk mode.
[  161.004960][   T47] em28xx 1-1:0.89: Registering V4L2 extension
[  161.029482][  T795] usb 1-1: USB disconnect, device number 18
[  161.046924][  T795] em28xx 1-1:0.89: Disconnecting em28xx
[  161.059482][   T47] em28xx 1-1:0.89: Config register raw data: 0xffffffed
[  161.069333][   T47] em28xx 1-1:0.89: AC97 chip type couldn't be determined
[  161.072380][   T47] em28xx 1-1:0.89: No AC97 audio processor
[  161.096495][   T47] usb 1-1: Decoder not found
[  161.098131][   T47] em28xx 1-1:0.89: failed to create media graph
[  161.100032][   T47] em28xx 1-1:0.89: V4L2 device video103 deregistered
[  161.116052][   T47] em28xx 1-1:0.89: Registering snapshot button...
[  161.120867][   T47] input: em28xx snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.89/input/input7
[  161.146110][   T47] em28xx 1-1:0.89: Remote control support is not available for this card.
[  161.149198][  T795] em28xx 1-1:0.89: Closing input extension
[  161.152719][  T795] em28xx 1-1:0.89: Deregistering snapshot button
[  161.168201][ T8589] loop1: detected capacity change from 0 to 32768
[  161.176281][ T8589] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1071 (8589)
[  161.209188][  T795] em28xx 1-1:0.89: Freeing device
[  161.209983][ T8589] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  161.231315][ T8589] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm
[  161.253377][ T8589] BTRFS info (device loop1): using free-space-tree
[  161.316097][ T5944] team0 (unregistering): Port device team_slave_1 removed
[  161.391080][ T5944] team0 (unregistering): Port device team_slave_0 removed
[  161.433041][ T5958] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  161.784829][   T47] usb 1-1: new full-speed USB device number 19 using dummy_hcd
[  161.824103][ T5934] Bluetooth: hci2: command tx timeout
[  161.948662][   T47] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  161.953204][   T47] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  161.956796][   T47] usb 1-1: Product: syz
[  161.958512][   T47] usb 1-1: Manufacturer: syz
[  161.960982][   T47] usb 1-1: SerialNumber: syz
[  161.968122][   T47] usb 1-1: config 0 descriptor??
[  162.026494][ T8617] pim6reg: entered allmulticast mode
[  162.029996][ T8618] pim6reg: left allmulticast mode
[  162.062380][ T8560] bridge0: port 1(bridge_slave_0) entered blocking state
[  162.065660][ T8560] bridge0: port 1(bridge_slave_0) entered disabled state
[  162.068976][ T8560] bridge_slave_0: entered allmulticast mode
[  162.076397][ T8560] bridge_slave_0: entered promiscuous mode
[  162.100453][ T8560] bridge0: port 2(bridge_slave_1) entered blocking state
[  162.114029][ T8560] bridge0: port 2(bridge_slave_1) entered disabled state
[  162.117398][ T8560] bridge_slave_1: entered allmulticast mode
[  162.122192][ T8560] bridge_slave_1: entered promiscuous mode
[  162.189705][   T47] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  162.221662][ T8560] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  162.263917][ T8560] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  162.383222][ T8560] team0: Port device team_slave_0 added
[  162.389655][ T8560] team0: Port device team_slave_1 added
[  162.489883][ T8560] batman_adv: batadv0: Adding interface: batadv_slave_0
[  162.492667][ T8560] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  162.524273][ T8560] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  162.633160][ T8560] batman_adv: batadv0: Adding interface: batadv_slave_1
[  162.637147][ T8560] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  162.693911][ T8560] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  162.771965][ T8560] hsr_slave_0: entered promiscuous mode
[  162.774763][ T8560] hsr_slave_1: entered promiscuous mode
[  162.777370][ T8560] debugfs: 'hsr0' already exists in 'hsr'
[  162.780095][ T8560] Cannot create hsr debugfs directory
[  162.889760][ T8560] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  162.898197][ T8560] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  162.906597][ T8560] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  162.916466][ T8560] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  162.977419][ T8560] 8021q: adding VLAN 0 to HW filter on device bond0
[  163.008172][   T47] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  163.008829][ T8560] 8021q: adding VLAN 0 to HW filter on device team0
[  163.015939][   T47] usb 1-1: USB disconnect, device number 19
[  163.034229][  T164] bridge0: port 1(bridge_slave_0) entered blocking state
[  163.037048][  T164] bridge0: port 1(bridge_slave_0) entered forwarding state
[  163.048374][  T164] bridge0: port 2(bridge_slave_1) entered blocking state
[  163.051788][  T164] bridge0: port 2(bridge_slave_1) entered forwarding state
[  163.207656][ T8560] 8021q: adding VLAN 0 to HW filter on device batadv0
[  163.473435][ T8560] veth0_vlan: entered promiscuous mode
[  163.480241][ T8560] veth1_vlan: entered promiscuous mode
[  163.532104][ T8560] veth0_macvtap: entered promiscuous mode
[  163.537413][ T8560] veth1_macvtap: entered promiscuous mode
[  163.546652][ T8560] batman_adv: batadv0: Interface activated: batadv_slave_0
[  163.553471][ T8560] batman_adv: batadv0: Interface activated: batadv_slave_1
[  163.573515][   T13] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  163.588426][   T13] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  163.611161][   T13] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  163.620855][   T13] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  163.659251][  T164] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  163.662077][  T164] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  163.694717][  T656] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  163.697374][  T656] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  163.754470][   T10] usb 2-1: new full-speed USB device number 15 using dummy_hcd
[  163.894019][ T5934] Bluetooth: hci2: command tx timeout
[  163.921110][   T10] usb 2-1: config 2 has an invalid interface number: 1 but max is 0
[  163.924130][   T10] usb 2-1: config 2 has no interface number 0
[  163.926135][   T10] usb 2-1: config 2 interface 1 has no altsetting 0
[  163.938487][   T10] usb 2-1: New USB device found, idVendor=0644, idProduct=8021, bcdDevice=47.78
[  163.941652][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  163.964541][   T10] usb 2-1: Product: syz
[  163.971609][   T10] usb 2-1: Manufacturer: syz
[  163.973535][   T10] usb 2-1: SerialNumber: syz
[  164.070869][ T8707] loop4: detected capacity change from 0 to 256
[  164.254844][ T8707] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  164.271764][ T8707] exFAT-fs (loop4): Medium has reported failures. Some data may be lost.
[  164.360593][ T8707] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  164.362738][   T10] snd-usb-audio 2-1:2.1: probe with driver snd-usb-audio failed with error -22
[  164.371038][   T10] snd-usb-us122l 2-1:2.1: usb_set_interface error
[  164.373265][   T10] snd-usb-us122l 2-1:2.1: probe with driver snd-usb-us122l failed with error -22
[  164.380811][   T10] usb 2-1: USB disconnect, device number 15
[  164.392896][ T6765] udevd[6765]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:2.1/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  164.788283][ T8731] loop4: detected capacity change from 0 to 256
[  164.793486][ T8731] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  164.802017][ T8731] exFAT-fs (loop4): Medium has reported failures. Some data may be lost.
[  164.812995][ T8731] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  165.472301][ T8746] loop4: detected capacity change from 0 to 512
[  165.517075][ T8746] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  165.526124][ T8746] ext4 filesystem being mounted at /12/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  165.755352][ T8560] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  165.974194][ T5934] Bluetooth: hci2: command tx timeout
[  166.581464][ T8736] loop1: detected capacity change from 0 to 65536
[  166.945751][ T8736] XFS (loop1): Deprecated V4 format (crc=0) not supported by kernel.
[  167.846161][ T8796] netlink: 248 bytes leftover after parsing attributes in process `syz.0.1118'.
[  168.054166][ T5934] Bluetooth: hci2: command tx timeout
[  168.524999][ T5849] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  168.713685][ T5849] usb 1-1: Using ep0 maxpacket: 8
[  168.731509][ T5849] usb 1-1: config 179 has an invalid interface number: 65 but max is 0
[  168.737088][ T5849] usb 1-1: config 179 has no interface number 0
[  168.741839][ T5849] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  168.749224][ T5849] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  168.754409][ T5849] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  168.761486][ T5849] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  168.767761][ T5849] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  168.773976][ T5849] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  168.782889][ T5849] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  168.813267][ T8802] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  168.925903][ T8799] loop1: detected capacity change from 0 to 32768
[  169.002565][ T8799] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  169.018554][ T8799] XFS (loop1): Ending clean mount
[  169.075472][    C0] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  169.075477][   T47] usb 1-1: USB disconnect, device number 20
[  169.081941][    C0] dummy_hcd dummy_hcd.0: timer fired with no URBs pending?
[  169.119204][ T5958] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  169.511684][ T8847] loop4: detected capacity change from 0 to 1024
[  169.553743][   T36] hfsplus: b-tree write err: -5, ino 4
[  169.715116][ T5849] usb 2-1: new full-speed USB device number 16 using dummy_hcd
[  169.817493][ T8864] loop4: detected capacity change from 0 to 1024
[  169.828200][ T8864] ext3: Unknown parameter 'nouser_xattr'
[  169.885892][ T5849] usb 2-1: config 201 has an invalid interface number: 249 but max is 0
[  169.889536][ T5849] usb 2-1: config 201 has an invalid descriptor of length 0, skipping remainder of the config
[  169.903768][ T5849] usb 2-1: config 201 has no interface number 0
[  169.913542][ T5849] usb 2-1: config 201 interface 249 altsetting 4 has an endpoint descriptor with address 0xF1, changing to 0x81
[  169.919239][ T5849] usb 2-1: config 201 interface 249 altsetting 4 endpoint 0x3 has an invalid bInterval 0, changing to 10
[  169.930079][ T5849] usb 2-1: config 201 interface 249 altsetting 4 endpoint 0x3 has invalid maxpacket 255, setting to 64
[  169.943734][ T5849] usb 2-1: config 201 interface 249 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  169.953987][ T5849] usb 2-1: config 201 interface 249 has no altsetting 0
[  169.961587][ T5849] usb 2-1: New USB device found, idVendor=04da, idProduct=390d, bcdDevice=fa.df
[  169.968424][ T5849] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  169.982032][ T5849] usb 2-1: Product: syz
[  169.984098][ T5849] usb 2-1: Manufacturer: syz
[  169.986139][ T5849] usb 2-1: SerialNumber: syz
[  169.991239][ T8844] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  170.000887][ T8871] netlink: 'syz.0.1136': attribute type 1 has an invalid length.
[  170.139270][ T8864] loop4: detected capacity change from 0 to 32768
[  170.167060][ T8864] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1133 (8864)
[  170.217853][ T5849] ath6kl: Failed to submit usb control message: -71
[  170.220547][ T5849] ath6kl: unable to send the bmi data to the device: -71
[  170.223549][ T5849] ath6kl: Unable to send get target info: -71
[  170.228859][ T5849] ath6kl: Failed to init ath6kl core: -71
[  170.232623][ T5849] ath6kl_usb 2-1:201.249: probe with driver ath6kl_usb failed with error -71
[  170.275949][ T5849] usb 2-1: USB disconnect, device number 16
[  170.289531][ T8864] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  170.292871][ T8864] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm
[  170.301252][ T8864] BTRFS info (device loop4): disk space caching is enabled
[  170.304557][ T8864] BTRFS warning (device loop4): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  170.589337][ T8864] BTRFS info (device loop4): rebuilding free space tree
[  170.599009][ T8864] BTRFS info (device loop4): disabling free space tree
[  170.601808][ T8864] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  170.606782][ T8864] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  170.699632][ T8560] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  170.901342][ T8906] netlink: 'syz.4.1142': attribute type 1 has an invalid length.
[  171.184989][ T8924] loop4: detected capacity change from 0 to 2048
[  171.234013][ T8924] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  171.371715][ T8560] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  171.498239][ T8943] netlink: 'syz.4.1157': attribute type 1 has an invalid length.
[  171.665051][ T8951] loop4: detected capacity change from 0 to 256
[  171.807178][   T47] usb 2-1: new low-speed USB device number 17 using dummy_hcd
[  172.029357][   T47] usb 2-1: unable to get BOS descriptor or descriptor too short
[  172.079315][   T47] usb 2-1: config 7 has an invalid interface number: 252 but max is 0
[  172.090705][   T47] usb 2-1: config 7 has no interface number 0
[  172.100055][   T47] usb 2-1: config 7 interface 252 altsetting 8 endpoint 0xF has invalid wMaxPacketSize 0
[  172.114551][   T47] usb 2-1: config 7 interface 252 has no altsetting 0
[  172.126383][   T47] usb 2-1: string descriptor 0 read error: -22
[  172.132503][   T47] usb 2-1: New USB device found, idVendor=0681, idProduct=0005, bcdDevice=56.c0
[  172.139225][   T47] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  172.153324][   T47] idmouse 2-1:7.252: Unable to find bulk-in endpoint.
[  172.357897][   T47] usb 2-1: USB disconnect, device number 17
[  172.985240][ T8970] input: syz0 as /devices/virtual/input/input8
[  173.006324][ T8970] input: failed to attach handler leds to device input8, error: -6
[  173.264455][ T8990] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1178'.
[  173.276988][ T8990] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1178'.
[  173.609025][  T795] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  173.874618][  T795] usb 2-1: Using ep0 maxpacket: 16
[  173.880034][  T795] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  173.888336][  T795] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  173.898428][  T795] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  173.902499][ T9014] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1187'.
[  173.906623][  T795] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  173.910119][  T795] usb 2-1: Product: syz
[  173.912042][  T795] usb 2-1: Manufacturer: syz
[  173.914228][  T795] usb 2-1: SerialNumber: syz
[  174.244638][ T9006] ceph: No mds server is up or the cluster is laggy
[  174.370590][  T795] usb 2-1: cannot find UAC_HEADER
[  174.410639][  T795] snd-usb-audio 2-1:1.0: probe with driver snd-usb-audio failed with error -22
[  174.418919][  T795] usb 2-1: USB disconnect, device number 18
[  174.440848][ T6765] udevd[6765]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  175.212148][ T9037] loop1: detected capacity change from 0 to 65
[  175.227583][ T9037] BFS-fs: bfs_fill_super(): NOTE: filesystem loop1 was created with 512 inodes, the real maximum is 511, mounting anyway
[  175.893936][ T5960] Bluetooth: hci2: command 0x0405 tx timeout
[  176.402596][ T9053] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:16x16 (0x30314142, 8, 0, 0, 0)
[  177.333135][ T9101] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1211'.
[  177.373693][   T47] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  177.408576][   T33] audit: type=1326 audit(1755269261.180:593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9108 comm="syz.0.1213" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0da0f8ebe9 code=0x7ffc0000
[  177.416970][   T33] audit: type=1326 audit(1755269261.190:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9108 comm="syz.0.1213" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0da0f8ebe9 code=0x7ffc0000
[  177.426687][   T33] audit: type=1326 audit(1755269261.190:595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9108 comm="syz.0.1213" exe="/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7f0da0f8ebe9 code=0x7ffc0000
[  177.435805][   T33] audit: type=1326 audit(1755269261.190:596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9108 comm="syz.0.1213" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0da0f8ebe9 code=0x7ffc0000
[  177.451471][   T33] audit: type=1326 audit(1755269261.190:597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9108 comm="syz.0.1213" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0da0f8ebe9 code=0x7ffc0000
[  177.470131][   T33] audit: type=1326 audit(1755269261.200:598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9108 comm="syz.0.1213" exe="/syz-executor" sig=0 arch=c000003e syscall=278 compat=0 ip=0x7f0da0f8ebe9 code=0x7ffc0000
[  177.481514][   T33] audit: type=1326 audit(1755269261.200:599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9108 comm="syz.0.1213" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0da0f8ebe9 code=0x7ffc0000
[  177.491717][   T33] audit: type=1326 audit(1755269261.200:600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9108 comm="syz.0.1213" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0da0f8ebe9 code=0x7ffc0000
[  177.536391][   T47] usb 5-1: config 3 has an invalid interface number: 71 but max is 0
[  177.539771][   T47] usb 5-1: config 3 has no interface number 0
[  177.542349][   T47] usb 5-1: config 3 interface 71 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  177.547299][   T47] usb 5-1: New USB device found, idVendor=0bc7, idProduct=0004, bcdDevice=a7.ac
[  177.551034][   T47] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  177.573384][   T47] ati_remote 5-1:3.71: ati_remote_probe: Unexpected endpoint_in
[  177.710154][ T9133] syz.0.1220 uses obsolete (PF_INET,SOCK_PACKET)
[  177.777814][   T47] usb 5-1: USB disconnect, device number 2
[  178.981041][ T9174] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1234'.
[  179.023933][  T795] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  179.340773][  T795] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  179.374959][  T795] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[  179.398319][  T795] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  179.410190][  T795] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0
[  179.440931][  T795] usb 5-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[  179.454360][  T795] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  179.525083][  T795] usb 5-1: config 0 descriptor??
[  179.778090][  T795] hdpvr 5-1:0.0: firmware version 0x8 dated )˟=J+noKܐo5foɠObL
[  179.978710][  T795] hdpvr 5-1:0.0: device init failed
[  179.985019][  T795] hdpvr 5-1:0.0: probe with driver hdpvr failed with error -12
[  179.993268][  T795] usb 5-1: USB disconnect, device number 3
[  180.376417][ T9199] loop1: detected capacity change from 0 to 32768
[  180.384630][ T9199] bcachefs (/dev/loop1): error validating superblock: Invalid superblock section downgrade: downgrade entry with mismatched major version (0 != 1)
[  180.384630][ T9199] downgrade (size 2912):
[  180.384630][ T9199] version:	0.0: (unknown version)
[  180.384630][ T9199] recovery passes:	
[  180.384630][ T9199] errors:	sb_clean_missing
[  180.384630][ T9199] version:	0.0: (unknown version)
[  180.384630][ T9199] recovery passes:	snapshots_read
[  180.384630][ T9199] errors:	
[  180.384630][ T9199] version:	0.0: (unknown version)
[  180.384630][ T9199] recovery passes:	set_fs_needs_rebalance
[  180.384630][ T9199] errors:	
[  180.384630][ T9199] version:	0.0: (unknown version)
[  180.384630][ T9199] recovery passes:	alloc_read,check_inodes,delete_dead_inodes,set_fs_needs_rebalance
[  180.384630][ T9199] errors:	(unknown error 512)
[  180.384630][ T9199] version:	0.5: (unknown version)
[  180.384630][ T9199] recovery passes:	
[  180.384630][ T9199] errors:	
[  180.384630][ T9199] version:	0.0: (unknown version)
[  180.384630][ T9199] recovery passes:	
[  180.384630][ T9199] errors:	
[  180.384630][ T9199] version:	0.0: (unknown version)
[  180.384630][ T9199] recovery passes:	fs_freespace_init,bucket_gens_init,check_inodes,delete_dead_inodes
[  180.384630][ T9199] errors:	
[  180.384630][ T9199] version:	0.0: (unknown version)
[  180.384630][ T9199] recovery passes:	
[  180.384630][ T9199] errors:	
[  180.384630][ T9199] version:	0.6: (unknown version)
[  180.384630][ T9199] recovery passes:	check_subvols
[  180.384630][ T9199] errors:	
[  180.384630][ T9199] version:	0.33: (unknown version)
[  180.384630][ T9199] recovery passes:	check_snapshots
[  180.384630][ T9199] errors:	
[  180.384630][ T9199] version:	0.0: (unknown version)
[  180.448614][ T9199] bcachefs: bch2_fs_get_tree() error: invalid_sb_downgrade
[  180.659561][ T9207] loop4: detected capacity change from 0 to 256
[  180.680912][ T9207] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x89cb6648, utbl_chksum : 0xe619d30d)
[  180.698041][ T9207] exFAT-fs (loop4): start_clu is invalid cluster(0xffffffff)
[  180.869471][ T9221] netlink: 'syz.0.1250': attribute type 11 has an invalid length.
[  181.246454][ T9248] loop4: detected capacity change from 0 to 128
[  181.702880][ T9268] loop4: detected capacity change from 0 to 1024
[  181.751832][ T3912] hfsplus: b-tree write err: -5, ino 3
[  181.754966][ T8560] hfsplus: node 4:3 still has 1 user(s)!
[  181.775582][ T9270] input: syz1 as /devices/virtual/input/input9
[  181.815125][ T9272] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  181.819125][ T9272] overlayfs: missing 'lowerdir'
[  181.893964][ T5849] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  181.897701][ T9276] loop4: detected capacity change from 0 to 512
[  181.958548][ T9276] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  181.966861][ T9276] ext4 filesystem being mounted at /76/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  181.992938][ T8560] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  182.074483][ T5849] usb 2-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  182.078745][ T5849] usb 2-1: config 220 has 1 interface, different from the descriptor's value: 3
[  182.082606][ T5849] usb 2-1: config 220 interface 0 has no altsetting 0
[  182.098340][ T5849] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  182.101981][ T5849] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  182.118339][ T5849] usb 2-1: Product: syz
[  182.122879][ T5849] usb 2-1: Manufacturer: syz
[  182.126243][ T5849] usb 2-1: SerialNumber: syz
[  182.424776][ T9288] vim2m vim2m.0: Fourcc format (0x56595559) invalid.
[  182.453565][ T5849] usb 2-1: Found UVC 7.01 device syz (8086:0b07)
[  182.463288][ T5849] usb 2-1: No valid video chain found.
[  182.471587][ T5849] usb 2-1: USB disconnect, device number 19
[  182.891972][ T9296] ALSA: mixer_oss: invalid OSS volume 'T'
[  182.991649][ T9300] loop1: detected capacity change from 0 to 256
[  183.007804][ T9300] FAT-fs (loop1): Directory bread(block 64) failed
[  183.009939][ T9300] FAT-fs (loop1): Directory bread(block 65) failed
[  183.012109][ T9300] FAT-fs (loop1): Directory bread(block 66) failed
[  183.020112][ T9300] FAT-fs (loop1): Directory bread(block 67) failed
[  183.027636][ T9300] FAT-fs (loop1): Directory bread(block 68) failed
[  183.032800][ T9300] FAT-fs (loop1): Directory bread(block 69) failed
[  183.037991][ T9300] FAT-fs (loop1): Directory bread(block 70) failed
[  183.040015][ T9300] FAT-fs (loop1): Directory bread(block 71) failed
[  183.042415][ T9300] FAT-fs (loop1): Directory bread(block 72) failed
[  183.046145][ T9300] FAT-fs (loop1): Directory bread(block 73) failed
[  183.229341][ T9308] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1285'.
[  183.250321][ T2299] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  183.414323][ T2299] usb 1-1: Using ep0 maxpacket: 16
[  183.425454][ T2299] usb 1-1: config 0 has an invalid interface number: 214 but max is 0
[  183.432900][ T2299] usb 1-1: config 0 has no interface number 0
[  183.441664][ T2299] usb 1-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 1023, setting to 64
[  183.458590][ T2299] usb 1-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[  183.466694][ T2299] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  183.473761][ T2299] usb 1-1: Product: syz
[  183.475460][ T2299] usb 1-1: Manufacturer: syz
[  183.483958][ T2299] usb 1-1: SerialNumber: syz
[  183.497554][ T2299] usb 1-1: config 0 descriptor??
[  183.542493][ T9323] netlink: 276 bytes leftover after parsing attributes in process `syz.4.1292'.
[  183.546637][ T9323] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1292'.
[  183.549768][ T9323] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1292'.
[  183.612763][ T9327] loop1: detected capacity change from 0 to 512
[  183.651008][ T9327] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  183.674917][ T9327] ext4 filesystem being mounted at /335/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  183.717897][ T2299] usbtouchscreen 1-1:0.214: Failed to read FW rev: -71
[  183.721057][ T2299] usbtouchscreen 1-1:0.214: probe with driver usbtouchscreen failed with error -71
[  183.728675][ T2299] usb 1-1: USB disconnect, device number 21
[  183.752790][ T9327] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  183.828794][ T9334] loop4: detected capacity change from 0 to 1024
[  183.849356][ T5958] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  183.859940][ T9334] hfsplus: request for non-existent node 65536 in B*Tree
[  183.873538][ T9334] hfsplus: request for non-existent node 65536 in B*Tree
[  183.885216][ T9334] hfsplus: failed to load root directory
[  183.888313][ T9338] loop1: detected capacity change from 0 to 128
[  183.917560][ T9338] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  183.926619][ T9338] ext4 filesystem being mounted at /336/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  183.984708][ T5958] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  184.516583][ T9368] loop4: detected capacity change from 0 to 32768
[  184.532693][ T9368] ocfs2: Mounting device (7,4) on (node local, slot 0) with writeback data mode.
[  184.620328][ T8560] ocfs2: Unmounting device (7,4) on (node local)
[  184.663896][ T5849] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  184.814912][ T5849] usb 1-1: Using ep0 maxpacket: 16
[  184.818576][ T5849] usb 1-1: config 5 has an invalid descriptor of length 0, skipping remainder of the config
[  184.822239][ T5849] usb 1-1: config 5 has 0 interfaces, different from the descriptor's value: 1
[  184.837524][ T5849] usb 1-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  184.841342][ T5849] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  184.845121][ T5849] usb 1-1: Product: syz
[  184.852841][ T5849] usb 1-1: Manufacturer: syz
[  184.855428][ T5849] usb 1-1: SerialNumber: syz
[  185.050060][ T9390] loop8: detected capacity change from 0 to 16384
[  185.227824][ T9391] loop8: detected capacity change from 16384 to 16383
[  185.472209][ T2299] usb 1-1: USB disconnect, device number 22
[  186.395711][ T9411] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1327'.
[  186.750274][ T9420] ALSA: mixer_oss: invalid OSS volume '/proc/self'
[  186.753425][ T9423] Dead loop on virtual device ip6_vti0, fix it urgently!
[  186.775204][ T9423] Dead loop on virtual device ip6_vti0, fix it urgently!
[  186.785639][ T9423] Dead loop on virtual device ip6_vti0, fix it urgently!
[  186.789334][ T9423] Dead loop on virtual device ip6_vti0, fix it urgently!
[  186.795266][ T9423] Dead loop on virtual device ip6_vti0, fix it urgently!
[  186.797983][ T9423] Dead loop on virtual device ip6_vti0, fix it urgently!
[  186.902761][ T9435] loop4: detected capacity change from 0 to 512
[  186.912451][ T9435] EXT4-fs: Ignoring removed i_version option
[  186.923330][ T9435] EXT4-fs: Ignoring removed nobh option
[  186.931815][ T9435] EXT4-fs (loop4): Test dummy encryption mode enabled
[  186.940388][ T9435] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  186.948014][ T9435] EXT4-fs (loop4): 1 truncate cleaned up
[  186.950893][ T9435] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  186.972630][ T9441] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1341'.
[  187.034770][ T9435] fscrypt: AES-256-CBC-CTS using implementation "cts(cbc(ecb(aes-fixed-time)))"
[  187.102673][ T8560] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  187.147368][ T9454] loop6: detected capacity change from 0 to 2560
[  187.151065][ T9456] loop4: detected capacity change from 0 to 65
[  187.160745][ T9456] BFS-fs: bfs_fill_super(): NOTE: filesystem loop4 was created with 512 inodes, the real maximum is 511, mounting anyway
[  187.168600][ T9454] Buffer I/O error on dev loop6, logical block 0, async page read
[  187.180959][ T9454] Buffer I/O error on dev loop6, logical block 0, async page read
[  187.194868][ T9454] Buffer I/O error on dev loop6, logical block 0, async page read
[  187.197909][ T9454] Buffer I/O error on dev loop6, logical block 0, async page read
[  187.200373][ T9454] Buffer I/O error on dev loop6, logical block 0, async page read
[  187.203504][ T9454] Buffer I/O error on dev loop6, logical block 0, async page read
[  187.210091][ T9454] Buffer I/O error on dev loop6, logical block 0, async page read
[  187.231166][ T9454] Buffer I/O error on dev loop6, logical block 0, async page read
[  187.234852][ T9454] ldm_validate_partition_table(): Disk read failed.
[  187.237731][ T9454] Buffer I/O error on dev loop6, logical block 0, async page read
[  187.240641][ T9454] Buffer I/O error on dev loop6, logical block 0, async page read
[  187.243338][ T9454] Dev loop6: unable to read RDB block 0
[  187.246563][ T9454]  loop6: unable to read partition table
[  187.252132][ T9454] loop_reread_partitions: partition scan of loop6 (3) failed (rc=-5)
[  187.302304][ T9451] loop1: detected capacity change from 0 to 32768
[  187.311671][ T9460] netlink: 'syz.4.1349': attribute type 23 has an invalid length.
[  187.332894][ T9451] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  187.349407][ T9451] XFS (loop1): Ending clean mount
[  187.401494][ T5958] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  187.521238][   T33] audit: type=1326 audit(1755269271.300:601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9477 comm="syz.4.1355" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9c0758ebe9 code=0x0
[  187.996519][ T9515] loop1: detected capacity change from 0 to 1024
[  187.999887][ T9515] EXT4-fs: Ignoring removed bh option
[  188.017182][ T9515] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  188.035220][ T5958] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  188.153831][ T6003] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  188.528360][ T6003] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  188.533081][ T6003] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  188.543258][ T6003] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  188.553534][ T6003] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  188.557501][ T6003] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  188.593497][ T6003] usb 1-1: config 0 descriptor??
[  188.606481][ T9542] loop1: detected capacity change from 0 to 2048
[  188.609546][ T9542] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024)
[  188.613171][ T9542] NILFS (loop1): mounting unchecked fs
[  188.619744][ T6765] udevd[6765]: incorrect nilfs2 checksum on /dev/loop1
[  188.627120][ T9542] NILFS (loop1): recovery complete
[  188.630064][ T9543] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  188.639958][ T9544] orangefs_devreq_open: device cannot be opened in blocking mode
[  188.723491][ T9546] bridge0: port 1(bridge_slave_0) entered disabled state
[  188.732349][ T9546] bridge0: port 2(bridge_slave_1) entered disabled state
[  188.793421][ T9546] netlink: 'syz.4.1381': attribute type 16 has an invalid length.
[  188.798347][ T9546] netlink: 'syz.4.1381': attribute type 17 has an invalid length.
[  188.810795][ T9546] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  188.931934][ T9554] loop4: detected capacity change from 0 to 256
[  189.040781][ T6003] plantronics 0003:047F:FFFF.000A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  189.210719][ T9573] loop1: detected capacity change from 0 to 4096
[  189.289571][ T9582] loop1: detected capacity change from 0 to 2048
[  189.296179][ T9582] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  189.401670][ T9586] comedi comedi4: bad chanlist[0]=0x0000b8eb chan=47339 range length=2
[  189.447317][ T9588] loop1: detected capacity change from 0 to 512
[  189.470371][ T9588] FAT-fs (loop1): error, corrupted directory (invalid entries)
[  189.778804][ T5934] Bluetooth: hci1: Unknown advertising packet type: 0x7f
[  189.778906][ T5934] Bluetooth: hci1: Unknown advertising packet type: 0x5d
[  189.782273][ T5934] Bluetooth: hci1: Unknown advertising packet type: 0x7f
[  189.785504][ T5934] Bluetooth: hci1: Unknown advertising packet type: 0x7f
[  189.788580][ T5934] Bluetooth: hci1: Malformed LE Event: 0x0d
[  190.030412][ T9576] ceph: No mds server is up or the cluster is laggy
[  190.618255][ T9606] loop1: detected capacity change from 0 to 256
[  190.631732][ T9606] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  190.636338][ T9606] exFAT-fs (loop1): Medium has reported failures. Some data may be lost.
[  190.642403][ T9606] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  190.675571][   T10] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  190.807932][ T9614] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  190.812953][ T9614] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  190.825693][   T10] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD6, changing to 0x86
[  190.834870][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7
[  190.845603][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[  190.856538][   T10] usb 5-1: New USB device found, idVendor=05f3, idProduct=0240, bcdDevice=1b.24
[  190.860319][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  190.873667][   T10] usb 5-1: Product: syz
[  190.875462][   T10] usb 5-1: Manufacturer: syz
[  190.877518][   T10] usb 5-1: SerialNumber: syz
[  190.881568][   T10] usb 5-1: config 0 descriptor??
[  191.075343][ T6003] usb 1-1: USB disconnect, device number 23
[  191.164074][   T10] powermate: unknown product id 0240
[  191.166303][   T10] powermate: Expected payload of 3--6 bytes, found 0 bytes!
[  191.169534][   T10] powermate 5-1:0.0: probe with driver powermate failed with error -5
[  191.528187][   T10] usb 5-1: USB disconnect, device number 4
[  191.528784][ T9612] loop1: detected capacity change from 0 to 40427
[  191.551294][ T9612] F2FS-fs (loop1): build fault injection rate: 771
[  191.564713][ T9612] F2FS-fs (loop1): invalid crc value
[  191.606055][ T9612] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  191.610686][ T9612] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  191.634575][ T9628] f2fs_ckpt-7:1: attempt to access beyond end of device
[  191.634575][ T9628] loop1: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  191.642815][ T9628] CPU: 1 UID: 0 PID: 9628 Comm: f2fs_ckpt-7:1 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  191.642829][ T9628] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  191.642833][ T9628] Call Trace:
[  191.642837][ T9628]  <TASK>
[  191.642841][ T9628]  dump_stack_lvl+0x189/0x250
[  191.642855][ T9628]  ? __pfx_dump_stack_lvl+0x10/0x10
[  191.642864][ T9628]  ? __pfx_queue_work_on+0x10/0x10
[  191.642871][ T9628]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  191.642881][ T9628]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  191.642894][ T9628]  f2fs_handle_critical_error+0x37c/0x540
[  191.642907][ T9628]  f2fs_write_end_io+0x886/0xb60
[  191.642928][ T9628]  __submit_merged_bio+0x27a/0x6a0
[  191.642941][ T9628]  ? up_write+0x1c4/0x420
[  191.642955][ T9628]  __submit_merged_write_cond+0x44c/0x530
[  191.642975][ T9628]  f2fs_sync_node_pages+0x1479/0x15e0
[  191.643005][ T9628]  ? __pfx_f2fs_sync_node_pages+0x10/0x10
[  191.643039][ T9628]  ? f2fs_write_checkpoint+0xe43/0x1df0
[  191.643056][ T9628]  ? up_write+0x1c4/0x420
[  191.643067][ T9628]  ? do_raw_spin_unlock+0x4d/0x240
[  191.643080][ T9628]  f2fs_write_checkpoint+0xe6f/0x1df0
[  191.643097][ T9628]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  191.643143][ T9628]  ? down_write+0x162/0x1f0
[  191.643151][ T9628]  ? __pfx_down_write+0x10/0x10
[  191.643158][ T9628]  ? __pfx___schedule+0x10/0x10
[  191.643170][ T9628]  __checkpoint_and_complete_reqs+0xd9/0x3b0
[  191.643180][ T9628]  ? __pfx___checkpoint_and_complete_reqs+0x10/0x10
[  191.643193][ T9628]  issue_checkpoint_thread+0xd9/0x260
[  191.643202][ T9628]  ? __pfx_issue_checkpoint_thread+0x10/0x10
[  191.643209][ T9628]  ? __pfx_autoremove_wake_function+0x10/0x10
[  191.643218][ T9628]  ? __kthread_parkme+0x7b/0x200
[  191.643226][ T9628]  ? __kthread_parkme+0x1a1/0x200
[  191.643236][ T9628]  kthread+0x711/0x8a0
[  191.643245][ T9628]  ? __pfx_issue_checkpoint_thread+0x10/0x10
[  191.643252][ T9628]  ? __pfx_kthread+0x10/0x10
[  191.643261][ T9628]  ? _raw_spin_unlock_irq+0x23/0x50
[  191.643269][ T9628]  ? lockdep_hardirqs_on+0x9c/0x150
[  191.643278][ T9628]  ? __pfx_kthread+0x10/0x10
[  191.643286][ T9628]  ret_from_fork+0x3fc/0x770
[  191.643295][ T9628]  ? __pfx_ret_from_fork+0x10/0x10
[  191.643304][ T9628]  ? __switch_to_asm+0x39/0x70
[  191.643312][ T9628]  ? __switch_to_asm+0x33/0x70
[  191.643319][ T9628]  ? __pfx_kthread+0x10/0x10
[  191.643327][ T9628]  ret_from_fork_asm+0x1a/0x30
[  191.643342][ T9628]  </TASK>
[  191.643346][ T9628] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  191.757172][ T9628] CPU: 1 UID: 0 PID: 9628 Comm: f2fs_ckpt-7:1 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  191.757193][ T9628] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  191.757199][ T9628] Call Trace:
[  191.757205][ T9628]  <TASK>
[  191.757210][ T9628]  dump_stack_lvl+0x189/0x250
[  191.757235][ T9628]  ? __pfx_dump_stack_lvl+0x10/0x10
[  191.757248][ T9628]  ? __pfx_queue_work_on+0x10/0x10
[  191.757260][ T9628]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  191.757276][ T9628]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  191.757302][ T9628]  f2fs_handle_critical_error+0x37c/0x540
[  191.757342][ T9628]  f2fs_write_end_io+0x886/0xb60
[  191.757374][ T9628]  __submit_merged_bio+0x27a/0x6a0
[  191.757388][ T9628]  ? up_write+0x1c4/0x420
[  191.757405][ T9628]  __submit_merged_write_cond+0x44c/0x530
[  191.757428][ T9628]  f2fs_sync_node_pages+0x1479/0x15e0
[  191.757460][ T9628]  ? __pfx_f2fs_sync_node_pages+0x10/0x10
[  191.757499][ T9628]  ? f2fs_write_checkpoint+0xe43/0x1df0
[  191.757515][ T9628]  ? up_write+0x1c4/0x420
[  191.757525][ T9628]  ? do_raw_spin_unlock+0x4d/0x240
[  191.757544][ T9628]  f2fs_write_checkpoint+0xe6f/0x1df0
[  191.757578][ T9628]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  191.757622][ T9628]  ? down_write+0x162/0x1f0
[  191.757633][ T9628]  ? __pfx_down_write+0x10/0x10
[  191.757644][ T9628]  ? __pfx___schedule+0x10/0x10
[  191.757665][ T9628]  __checkpoint_and_complete_reqs+0xd9/0x3b0
[  191.757683][ T9628]  ? __pfx___checkpoint_and_complete_reqs+0x10/0x10
[  191.757709][ T9628]  issue_checkpoint_thread+0xd9/0x260
[  191.757724][ T9628]  ? __pfx_issue_checkpoint_thread+0x10/0x10
[  191.757738][ T9628]  ? __pfx_autoremove_wake_function+0x10/0x10
[  191.757754][ T9628]  ? __kthread_parkme+0x7b/0x200
[  191.757766][ T9628]  ? __kthread_parkme+0x1a1/0x200
[  191.757785][ T9628]  kthread+0x711/0x8a0
[  191.757804][ T9628]  ? __pfx_issue_checkpoint_thread+0x10/0x10
[  191.757815][ T9628]  ? __pfx_kthread+0x10/0x10
[  191.757831][ T9628]  ? _raw_spin_unlock_irq+0x23/0x50
[  191.757845][ T9628]  ? lockdep_hardirqs_on+0x9c/0x150
[  191.757859][ T9628]  ? __pfx_kthread+0x10/0x10
[  191.757875][ T9628]  ret_from_fork+0x3fc/0x770
[  191.757891][ T9628]  ? __pfx_ret_from_fork+0x10/0x10
[  191.757914][ T9628]  ? __switch_to_asm+0x39/0x70
[  191.757926][ T9628]  ? __switch_to_asm+0x33/0x70
[  191.757938][ T9628]  ? __pfx_kthread+0x10/0x10
[  191.757953][ T9628]  ret_from_fork_asm+0x1a/0x30
[  191.757982][ T9628]  </TASK>
[  191.759221][ T9628] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  191.966955][   T33] audit: type=1326 audit(1755269275.750:602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9644 comm="syz.4.1422" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c0758ebe9 code=0x7ffc0000
[  191.983660][   T33] audit: type=1326 audit(1755269275.760:603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9644 comm="syz.4.1422" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c0758ebe9 code=0x7ffc0000
[  192.006009][   T33] audit: type=1326 audit(1755269275.760:604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9644 comm="syz.4.1422" exe="/syz-executor" sig=0 arch=c000003e syscall=31 compat=0 ip=0x7f9c0758ebe9 code=0x7ffc0000
[  192.024306][   T33] audit: type=1326 audit(1755269275.760:605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9644 comm="syz.4.1422" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c0758ebe9 code=0x7ffc0000
[  192.036261][   T33] audit: type=1326 audit(1755269275.760:606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9644 comm="syz.4.1422" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c0758ebe9 code=0x7ffc0000
[  192.196814][ T9667] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1420'.
[  192.774184][ T5934] Bluetooth: hci1: command tx timeout
[  193.016070][ T9704] ALSA: mixer_oss: invalid OSS volume 'DI'
[  193.704251][   T10] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  193.867304][   T10] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  193.880022][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  193.890237][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  193.900630][   T10] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  193.916782][   T10] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  193.924732][   T10] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  193.928433][   T10] usb 5-1: Manufacturer: syz
[  193.941029][   T10] usb 5-1: config 0 descriptor??
[  194.075424][ T1365] ieee802154 phy0 wpan0: encryption failed: -22
[  194.078168][ T1365] ieee802154 phy1 wpan1: encryption failed: -22
[  194.406163][   T10] appleir 0003:05AC:8243.000B: unknown main item tag 0x0
[  194.430855][   T10] appleir 0003:05AC:8243.000B: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0
[  194.583800][  T795] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  194.661994][ T2299] usb 5-1: USB disconnect, device number 5
[  194.733938][  T795] usb 2-1: Using ep0 maxpacket: 8
[  194.741549][  T795] usb 2-1: unable to get BOS descriptor or descriptor too short
[  194.747536][  T795] usb 2-1: config 4 interface 0 has no altsetting 0
[  194.765652][  T795] usb 2-1: string descriptor 0 read error: -22
[  194.768532][  T795] usb 2-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  194.772118][  T795] usb 2-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3
[  194.800233][  T795] usb 2-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  194.817991][  T795] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  194.824075][  T795] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  194.827191][  T795] usb 2-1: media controller created
[  194.895344][  T795] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  195.250042][   T10] usb 2-1: USB disconnect, device number 20
[  195.659557][ T9734] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1459'.
[  195.703897][ T9734] mac80211_hwsim hwsim12 wlan0: entered promiscuous mode
[  195.707932][ T9734] macvtap1: entered allmulticast mode
[  195.719053][ T9735] loop4: detected capacity change from 0 to 512
[  195.722796][ T9734] mac80211_hwsim hwsim12 wlan0: entered allmulticast mode
[  195.758355][ T9735] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  195.839335][ T9735] EXT4-fs (loop4): 1 truncate cleaned up
[  195.843029][ T9735] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  196.447500][ T5934] Bluetooth: hci1: command 0x0406 tx timeout
[  196.497340][ T8560] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  197.266048][ T9756] loop1: detected capacity change from 0 to 32768
[  197.282938][ T9756] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  197.306414][ T9756] XFS (loop1): Ending clean mount
[  197.330652][ T5958] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  197.473806][  T795] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  197.649732][  T795] usb 1-1: Using ep0 maxpacket: 32
[  197.667362][  T795] usb 1-1: config 0 has an invalid interface number: 51 but max is 0
[  197.679490][  T795] usb 1-1: config 0 has no interface number 0
[  197.689682][  T795] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  197.696874][  T795] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  197.700279][  T795] usb 1-1: Product: syz
[  197.702045][  T795] usb 1-1: Manufacturer: syz
[  197.713696][  T795] usb 1-1: SerialNumber: syz
[  197.720800][  T795] usb 1-1: config 0 descriptor??
[  197.737135][  T795] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  197.907020][ T9788] loop4: detected capacity change from 0 to 32768
[  197.945675][  T795] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  197.964260][  T795] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  198.039199][ T9802] netlink: 'syz.1.1485': attribute type 153 has an invalid length.
[  198.396413][    C1] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71
[  198.408979][   T10] usb 1-1: USB disconnect, device number 24
[  198.573545][   T10] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  198.598082][   T10] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  198.602242][   T10] quatech2 1-1:0.51: device disconnected
[  198.790654][ T9816] loop4: detected capacity change from 0 to 256
[  198.798727][ T9816] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x36bd6320, utbl_chksum : 0xe619d30d)
[  198.819561][   T33] audit: type=1800 audit(1755269282.600:607): pid=9816 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1490" name="file1" dev="loop4" ino=1048717 res=0 errno=0
[  198.870015][ T9818] bridge_slave_1: left allmulticast mode
[  198.872450][ T9818] bridge_slave_1: left promiscuous mode
[  198.879314][ T9818] bridge0: port 2(bridge_slave_1) entered disabled state
[  199.010702][ T9822] netlink: 536 bytes leftover after parsing attributes in process `syz.0.1493'.
[  199.082853][ T9825] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1494'.
[  199.478743][ T9840] loop4: detected capacity change from 0 to 4096
[  199.483342][ T9840] ntfs3(loop4): Mark volume as dirty due to NTFS errors
[  199.491880][ T9840] ntfs3(loop4): volume is dirty and "force" flag is not set!
[  199.907365][ T9844] loop4: detected capacity change from 0 to 16
[  199.926772][ T9844] erofs (device loop4): rootino(nid 36) is not a directory(i_mode 10000)
[  200.038153][ T5960] Bluetooth: min 0 < 6
[  200.180602][ T9854] syzkaller1: tun_chr_ioctl cmd 1074025675
[  200.183075][ T9854] syzkaller1: persist disabled
[  200.287344][   T47] usb 2-1: new full-speed USB device number 21 using dummy_hcd
[  200.456247][   T47] usb 2-1: config 0 has an invalid interface number: 113 but max is 0
[  200.459694][   T47] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  200.474804][   T47] usb 2-1: config 0 has no interface number 0
[  200.480574][   T47] usb 2-1: config 0 interface 113 altsetting 2 has an endpoint descriptor with address 0x14, changing to 0x4
[  200.491509][   T47] usb 2-1: config 0 interface 113 altsetting 2 endpoint 0x4 has invalid wMaxPacketSize 0
[  200.502749][   T47] usb 2-1: config 0 interface 113 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  200.518637][   T47] usb 2-1: config 0 interface 113 has no altsetting 0
[  200.528225][   T47] usb 2-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8
[  200.542173][   T47] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  200.545662][   T47] usb 2-1: Product: syz
[  200.547356][   T47] usb 2-1: Manufacturer: syz
[  200.549213][   T47] usb 2-1: SerialNumber: syz
[  200.567736][   T47] usb 2-1: config 0 descriptor??
[  200.573486][   T47] pn533_usb 2-1:0.113: NFC: Could not find bulk-in or bulk-out endpoint
[  200.577735][ T9860] loop4: detected capacity change from 0 to 40427
[  200.582103][ T9860] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  200.585424][ T9860] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  200.590907][ T9860] F2FS-fs (loop4): invalid crc value
[  200.654922][ T9860] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  200.665247][ T9860] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  200.668977][ T9860] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  200.752572][ T9874] batadv0: entered promiscuous mode
[  200.760966][ T9874] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[  200.796555][   T47] usb 2-1: USB disconnect, device number 21
[  201.697583][ T9893] loop1: detected capacity change from 0 to 16
[  201.703239][ T9893] erofs: Unknown parameter '00000000000000000000017777777777777777777770177777777777777777777718446744073709551615000000000000000000000x000000000000000018446744073709551615$'
[  201.863401][   T33] audit: type=1800 audit(1755269284.750:608): pid=9880 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1510" name="file1" dev="loop4" ino=10 res=0 errno=0
[  202.040528][ T9897] loop1: detected capacity change from 0 to 32768
[  202.045736][ T9897] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1523 (9897)
[  202.053877][ T5960] Bluetooth: hci2: command 0x0405 tx timeout
[  202.064550][ T9897] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  202.068909][ T9897] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[  202.072475][ T9897] BTRFS info (device loop1): disk space caching is enabled
[  202.075679][ T9897] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  202.207239][ T9897] BTRFS info (device loop1): rebuilding free space tree
[  202.220336][ T9897] BTRFS info (device loop1): disabling free space tree
[  202.223361][ T9897] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  202.228058][ T9897] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  202.240512][ T9897] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  202.723798][   T47] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  202.875736][   T47] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  202.880461][   T47] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  202.884689][   T47] usb 2-1: New USB device found, idVendor=06cb, idProduct=2968, bcdDevice= 0.00
[  202.888307][   T47] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  202.893519][   T47] usb 2-1: config 0 descriptor??
[  203.027522][ T2299] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  203.183692][ T2299] usb 1-1: Using ep0 maxpacket: 16
[  203.188544][ T2299] usb 1-1: config 1 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  203.193885][ T2299] usb 1-1: config 1 interface 0 has no altsetting 0
[  203.199146][ T2299] usb 1-1: New USB device found, idVendor=05ac, idProduct=0292, bcdDevice= 0.40
[  203.202858][ T2299] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  203.206713][ T2299] usb 1-1: Product: syz
[  203.209222][ T2299] usb 1-1: Manufacturer: syz
[  203.211732][ T2299] usb 1-1: SerialNumber: syz
[  203.316744][   T47] itetech 0003:06CB:2968.000C: hidraw0: USB HID v0.00 Device [HID 06cb:2968] on usb-dummy_hcd.1-1/input0
[  203.436132][ T2299] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input13
[  203.439544][ T8560] syz-executor: attempt to access beyond end of device
[  203.439544][ T8560] loop4: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  203.448803][ T8560] CPU: 0 UID: 0 PID: 8560 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  203.448821][ T8560] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  203.448829][ T8560] Call Trace:
[  203.448835][ T8560]  <TASK>
[  203.448840][ T8560]  dump_stack_lvl+0x189/0x250
[  203.448861][ T8560]  ? __pfx_dump_stack_lvl+0x10/0x10
[  203.448875][ T8560]  ? __pfx_queue_work_on+0x10/0x10
[  203.448886][ T8560]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  203.448902][ T8560]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  203.448924][ T8560]  f2fs_handle_critical_error+0x37c/0x540
[  203.448942][ T8560]  f2fs_write_end_io+0x886/0xb60
[  203.448967][ T8560]  __submit_merged_bio+0x27a/0x6a0
[  203.448981][ T8560]  ? up_write+0x1c4/0x420
[  203.448999][ T8560]  __submit_merged_write_cond+0x44c/0x530
[  203.449049][ T8560]  f2fs_sync_node_pages+0x1479/0x15e0
[  203.449076][ T8560]  ? __pfx_f2fs_sync_node_pages+0x10/0x10
[  203.449113][ T8560]  ? f2fs_write_checkpoint+0xe43/0x1df0
[  203.449129][ T8560]  ? up_write+0x1c4/0x420
[  203.449139][ T8560]  ? do_raw_spin_unlock+0x4d/0x240
[  203.449157][ T8560]  f2fs_write_checkpoint+0xe6f/0x1df0
[  203.449184][ T8560]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  203.449229][ T8560]  ? kill_f2fs_super+0x298/0x6c0
[  203.449245][ T8560]  kill_f2fs_super+0x2c3/0x6c0
[  203.449262][ T8560]  ? __pfx_kill_f2fs_super+0x10/0x10
[  203.449271][ T8560]  ? radix_tree_delete_item+0x2b6/0x400
[  203.449288][ T8560]  ? shrinker_free+0x2ce/0x3e0
[  203.449323][ T8560]  deactivate_locked_super+0xbc/0x130
[  203.449340][ T8560]  cleanup_mnt+0x425/0x4c0
[  203.449354][ T8560]  ? lockdep_hardirqs_on+0x9c/0x150
[  203.449371][ T8560]  task_work_run+0x1d4/0x260
[  203.449389][ T8560]  ? __pfx_task_work_run+0x10/0x10
[  203.449401][ T8560]  ? __x64_sys_umount+0x122/0x160
[  203.449417][ T8560]  ? exit_to_user_mode_loop+0x40/0x110
[  203.449436][ T8560]  exit_to_user_mode_loop+0xec/0x110
[  203.449453][ T8560]  do_syscall_64+0x2bd/0x3b0
[  203.449469][ T8560]  ? lockdep_hardirqs_on+0x9c/0x150
[  203.449483][ T8560]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  203.449492][ T8560]  ? exc_page_fault+0x9f/0xf0
[  203.449507][ T8560]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  203.449516][ T8560] RIP: 0033:0x7f9c0758ff17
[  203.449528][ T8560] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  203.449537][ T8560] RSP: 002b:00007ffe097f3048 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  203.449551][ T8560] RAX: 0000000000000000 RBX: 00007f9c07611c05 RCX: 00007f9c0758ff17
[  203.449559][ T8560] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe097f3100
[  203.449566][ T8560] RBP: 00007ffe097f3100 R08: 0000000000000000 R09: 0000000000000000
[  203.449573][ T8560] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe097f4190
[  203.449581][ T8560] R13: 00007f9c07611c05 R14: 000000000003141f R15: 00007ffe097f41d0
[  203.449602][ T8560]  </TASK>
[  203.450446][ T8560] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  203.519708][   T47] usb 2-1: USB disconnect, device number 22
[  203.610333][ T2299] usb 1-1: USB disconnect, device number 25
[  204.224429][   T10] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  204.363849][ T5849] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  204.385039][   T10] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA4, changing to 0x84
[  204.389245][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  204.393222][   T10] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  204.396687][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  204.402299][   T10] usb 1-1: config 0 descriptor??
[  204.533742][ T5849] usb 2-1: Using ep0 maxpacket: 32
[  204.541084][ T5849] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86
[  204.545785][ T5849] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7
[  204.550146][ T5849] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[  204.554083][ T5849] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  204.561743][ T5849] usb 2-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[  204.565778][ T5849] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  204.569257][ T5849] usb 2-1: Product: syz
[  204.571066][ T5849] usb 2-1: Manufacturer: syz
[  204.573107][ T5849] usb 2-1: SerialNumber: syz
[  204.578921][ T5849] usb 2-1: config 0 descriptor??
[  204.610720][   T10] ath6kl: Failed to submit usb control message: -71
[  204.613531][   T10] ath6kl: unable to send the bmi data to the device: -71
[  204.615770][   T10] ath6kl: Unable to send get target info: -71
[  204.625833][   T10] ath6kl: Failed to init ath6kl core: -71
[  204.628415][   T10] ath6kl_usb 1-1:0.0: probe with driver ath6kl_usb failed with error -71
[  204.633749][   T10] usb 1-1: USB disconnect, device number 26
[  204.790694][   T47] usb 2-1: USB disconnect, device number 23
[  205.059569][ T9947] loop4: detected capacity change from 0 to 32768
[  205.071617][ T9947] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  205.085447][ T9947] XFS (loop4): Ending clean mount
[  205.204353][ T8560] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  205.496817][ T9972] loop4: detected capacity change from 0 to 512
[  205.510812][ T9972] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  205.520748][ T9972] EXT4-fs (loop4): orphan cleanup on readonly fs
[  205.544613][ T9972] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #16: comm syz.4.1546: corrupted inode contents
[  205.550608][ T9972] EXT4-fs (loop4): Remounting filesystem read-only
[  205.553944][ T9972] EXT4-fs (loop4): 1 truncate cleaned up
[  205.579058][   T36] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  205.594037][   T36] Quota error (device loop4): write_blk: dquota write failed
[  205.601703][   T36] Quota error (device loop4): remove_free_dqentry: Can't write block (5) with free entries
[  205.611078][   T36] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  205.618059][   T36] Quota error (device loop4): write_blk: dquota write failed
[  205.621582][   T36] Quota error (device loop4): free_dqentry: Can't move quota data block (5) to free list
[  205.631646][   T36] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started
[  205.637743][   T36] Quota error (device loop4): v2_write_file_info: Can't write info structure
[  205.642286][ T9983] loop1: detected capacity change from 0 to 512
[  205.644074][   T36] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  205.649621][ T9983] EXT4-fs (loop1): Test dummy encryption mode enabled
[  205.651949][ T9983] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  205.655166][ T9972] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  205.672212][ T9983] EXT4-fs (loop1): 1 truncate cleaned up
[  205.675994][ T9983] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  205.682610][ T8560] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  205.741980][ T5958] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  205.803744][ T9993] loop1: detected capacity change from 0 to 8
[  205.809328][ T9993] SQUASHFS error: lzo decompression failed, data probably corrupt
[  205.812702][ T9993] SQUASHFS error: Failed to read block 0x91: -5
[  205.817587][ T9993] SQUASHFS error: Unable to read metadata cache entry [8f]
[  205.820637][ T9993] SQUASHFS error: Unable to read inode 0x11f
[  205.835471][   T10] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  205.883342][ T9995] loop1: detected capacity change from 0 to 512
[  205.889790][ T9995] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  205.919546][ T9995] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  205.925256][ T9995] ext4 filesystem being mounted at /445/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  205.965240][ T5958] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  205.993785][   T10] usb 1-1: Using ep0 maxpacket: 8
[  206.001372][   T10] usb 1-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  206.009799][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  206.013371][   T10] usb 1-1: Product: syz
[  206.022377][   T10] usb 1-1: Manufacturer: syz
[  206.024893][   T10] usb 1-1: SerialNumber: syz
[  206.027541][ T9990] loop4: detected capacity change from 0 to 32768
[  206.035843][   T10] usb 1-1: config 0 descriptor??
[  206.051854][   T10] gspca_main: se401-2.14.0 probing 047d:5003
[  206.419687][T10010] loop4: detected capacity change from 0 to 512
[  206.448089][T10010] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  206.448331][   T10] gspca_se401: ExtraFeatures: 117
[  206.455755][T10010] ext4 filesystem being mounted at /159/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  206.461911][   T10] gspca_se401: Too many frame sizes
[  206.693391][   T47] usb 1-1: USB disconnect, device number 27
[  207.532574][T10019] pim6reg1: entered promiscuous mode
[  207.535741][T10019] pim6reg1: entered allmulticast mode
[  207.551406][T10015] loop1: detected capacity change from 0 to 32768
[  207.557251][T10015] ocfs2: Unknown parameter 'heartberemount-ro'
[  207.795531][ T8560] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  208.260778][T10060] vlan2: entered allmulticast mode
[  208.263133][T10060] veth1: entered allmulticast mode
[  208.265926][ T5849] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  208.416587][ T5849] usb 2-1: config 8 has an invalid interface number: 177 but max is 0
[  208.420103][ T5849] usb 2-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[  208.425369][ T5849] usb 2-1: config 8 has no interface number 0
[  208.427859][ T5849] usb 2-1: config 8 interface 177 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  208.433383][ T5849] usb 2-1: config 8 interface 177 has no altsetting 0
[  208.436273][ T5849] usb 2-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1
[  208.439797][ T5849] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  208.451552][ T5849] ir_toy 2-1:8.177: required endpoints not found
[  208.543805][   T10] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  208.555327][T10064] netlink: 'syz.0.1584': attribute type 64 has an invalid length.
[  208.558662][T10064] netlink: 9 bytes leftover after parsing attributes in process `syz.0.1584'.
[  208.655866][ T5849] usb 2-1: USB disconnect, device number 24
[  208.693764][   T10] usb 5-1: Using ep0 maxpacket: 8
[  208.834058][   T10] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 17
[  208.863175][   T10] usb 5-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=c8.07
[  208.871088][   T10] usb 5-1: New USB device strings: Mfr=209, Product=185, SerialNumber=60
[  208.880309][   T10] usb 5-1: Product: syz
[  208.882883][   T10] usb 5-1: Manufacturer: syz
[  208.885853][   T10] usb 5-1: SerialNumber: syz
[  208.912798][   T10] usb 5-1: config 0 descriptor??
[  209.138041][   T10] gspca_main: sunplus-2.14.0 probing 04a5:3003
[  209.721347][T10091] loop1: detected capacity change from 0 to 256
[  209.727791][T10091] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  209.736096][T10091] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  209.757955][ T5960] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201'
[  209.762040][ T5960] CPU: 1 UID: 0 PID: 5960 Comm: kworker/u11:3 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  209.762059][ T5960] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  209.762068][ T5960] Workqueue: hci1 hci_rx_work
[  209.762088][ T5960] Call Trace:
[  209.762095][ T5960]  <TASK>
[  209.762101][ T5960]  dump_stack_lvl+0x189/0x250
[  209.762122][ T5960]  ? __pfx_dump_stack_lvl+0x10/0x10
[  209.762138][ T5960]  ? __pfx__printk+0x10/0x10
[  209.762161][ T5960]  ? kernfs_path_from_node+0x250/0x290
[  209.762177][ T5960]  ? kernfs_path_from_node+0x2f/0x290
[  209.762196][ T5960]  sysfs_create_dir_ns+0x259/0x280
[  209.762213][ T5960]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  209.762229][ T5960]  ? do_raw_spin_unlock+0x4d/0x240
[  209.762248][ T5960]  kobject_add_internal+0x59f/0xb40
[  209.762273][ T5960]  kobject_add+0x155/0x220
[  209.762296][ T5960]  ? __pfx_kobject_add+0x10/0x10
[  209.762315][ T5960]  ? _raw_spin_unlock+0x28/0x50
[  209.762333][ T5960]  ? get_device_parent+0x366/0x3a0
[  209.762349][ T5960]  device_add+0x408/0xb50
[  209.762366][ T5960]  hci_conn_add_sysfs+0xd5/0x1e0
[  209.762381][ T5960]  le_conn_complete_evt+0xc3a/0x1220
[  209.762410][ T5960]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  209.762427][ T5960]  ? __mutex_unlock_slowpath+0x1a1/0x760
[  209.762450][ T5960]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  209.762466][ T5960]  ? skb_pull_data+0xfb/0x200
[  209.762483][ T5960]  hci_le_enh_conn_complete_evt+0x189/0x470
[  209.762502][ T5960]  ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10
[  209.762521][ T5960]  hci_event_packet+0x78f/0x1200
[  209.762538][ T5960]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  209.762558][ T5960]  ? __pfx_hci_event_packet+0x10/0x10
[  209.762574][ T5960]  ? kcov_remote_start+0x4d3/0x7f0
[  209.762591][ T5960]  ? lockdep_hardirqs_on+0x90/0x150
[  209.762609][ T5960]  ? hci_send_to_monitor+0xe2/0x570
[  209.762630][ T5960]  hci_rx_work+0x46a/0xe80
[  209.762651][ T5960]  ? process_scheduled_works+0x9ef/0x17b0
[  209.762665][ T5960]  process_scheduled_works+0xae1/0x17b0
[  209.762706][ T5960]  ? __pfx_process_scheduled_works+0x10/0x10
[  209.762733][ T5960]  worker_thread+0x8a0/0xda0
[  209.762768][ T5960]  kthread+0x711/0x8a0
[  209.762787][ T5960]  ? __pfx_worker_thread+0x10/0x10
[  209.762800][ T5960]  ? __pfx_kthread+0x10/0x10
[  209.762817][ T5960]  ? _raw_spin_unlock_irq+0x23/0x50
[  209.762832][ T5960]  ? lockdep_hardirqs_on+0x9c/0x150
[  209.762848][ T5960]  ? __pfx_kthread+0x10/0x10
[  209.762864][ T5960]  ret_from_fork+0x3fc/0x770
[  209.762881][ T5960]  ? __pfx_ret_from_fork+0x10/0x10
[  209.762900][ T5960]  ? __switch_to_asm+0x39/0x70
[  209.762914][ T5960]  ? __switch_to_asm+0x33/0x70
[  209.762929][ T5960]  ? __pfx_kthread+0x10/0x10
[  209.762945][ T5960]  ret_from_fork_asm+0x1a/0x30
[  209.763002][ T5960]  </TASK>
[  209.763027][ T5960] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  209.894760][ T5960] Bluetooth: hci1: failed to register connection device
[  210.283665][    T9] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  210.347734][   T10] gspca_sunplus: reg_w_riv err -71
[  210.349779][   T10] sunplus 5-1:0.0: probe with driver sunplus failed with error -71
[  210.350851][T10105] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1603'.
[  210.365371][   T10] usb 5-1: USB disconnect, device number 6
[  210.416203][T10107] loop1: detected capacity change from 0 to 512
[  210.426650][T10107] EXT4-fs: Ignoring removed mblk_io_submit option
[  210.438805][    T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  210.442505][    T9] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2
[  210.447886][    T9] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  210.450011][T10107] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  210.458851][T10107] EXT4-fs (loop1): orphan cleanup on readonly fs
[  210.462190][T10107] Quota error (device loop1): v2_read_file_info: Block with free entry 1 out of range (1, 6).
[  210.468742][T10107] EXT4-fs warning (device loop1): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  210.475280][    T9] usb 1-1: New USB device found, idVendor=8086, idProduct=0b5b, bcdDevice=e1.c5
[  210.478863][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  210.479042][T10107] EXT4-fs (loop1): Cannot turn on quotas: error -117
[  210.481783][    T9] usb 1-1: Product: syz
[  210.481794][    T9] usb 1-1: Manufacturer: syz
[  210.481802][    T9] usb 1-1: SerialNumber: syz
[  210.484496][    T9] usb 1-1: config 0 descriptor??
[  210.491805][T10107] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.1604: bg 0: block 40: padding at end of block bitmap is not set
[  210.501500][T10107] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  210.506501][T10107] EXT4-fs (loop1): 1 truncate cleaned up
[  210.510173][T10107] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  210.544629][ T5958] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  210.705553][    T9] usb 1-1: Found UVC 34.00 device syz (8086:0b5b)
[  210.708126][    T9] usb 1-1: No valid video chain found.
[  210.712726][    T9] usb 1-1: USB disconnect, device number 28
[  211.427803][T10126] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1610'.
[  212.649818][ T5960] Bluetooth: hci2: link tx timeout
[  212.652270][ T5960] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  212.973972][    T9] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  213.106926][T10183] program syz.1.1634 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  213.126995][    T9] usb 5-1: config 1 interface 0 altsetting 165 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  213.136184][    T9] usb 5-1: config 1 interface 0 has no altsetting 0
[  213.142007][    T9] usb 5-1: New USB device found, idVendor=18d1, idProduct=503c, bcdDevice= 0.40
[  213.145754][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  213.148460][    T9] usb 5-1: Product: syz
[  213.150157][    T9] usb 5-1: Manufacturer: syz
[  213.156063][    T9] usb 5-1: SerialNumber: syz
[  213.333258][T10197] input: syz0 as /devices/virtual/input/input14
[  213.378589][    T9] usbhid 5-1:1.0: can't add hid device: -71
[  213.381024][    T9] usbhid 5-1:1.0: probe with driver usbhid failed with error -71
[  213.396599][    T9] usb 5-1: USB disconnect, device number 7
[  214.305514][T10219] loop1: detected capacity change from 0 to 1764
[  214.307719][T10215] loop4: detected capacity change from 0 to 32768
[  214.329693][T10215] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  214.380185][T10215] XFS (loop4): Ending clean mount
[  214.436832][ T8560] XFS (loop4): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  214.573381][T10240] netlink: 'syz.1.1656': attribute type 1 has an invalid length.
[  214.683489][T10244] syzkaller1: tun_chr_ioctl cmd 1074025672
[  214.687992][T10244] syzkaller1: ignored: set checksum enabled
[  214.703906][ T5934] Bluetooth: hci2: command 0x0405 tx timeout
[  215.161382][T10248] loop1: detected capacity change from 0 to 32768
[  215.190282][T10248] JBD2: Ignoring recovery information on journal
[  215.272967][T10248] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  215.348801][ T5958] ocfs2: Unmounting device (7,1) on (node local)
[  215.840417][T10261] loop4: detected capacity change from 0 to 32768
[  216.001234][T10261] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=errors=continue,data_checksum=none,compression=lz4,degraded=yes,no_splitbrain_check,fix_errors=no,norecovery,recovery_pass_last=resume_logged_ops,nojournal_transaction_names,version_upgrade=none
[  216.001247][T10261]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  216.054182][T10261] bcachefs (loop4): Using encoding defined by superblock: utf8-12.1.0
[  216.058111][T10261] bcachefs (loop4): recovering from clean shutdown, journal seq 10
[  216.064168][T10261] bcachefs (loop4): superblock requires following recovery passes to be run:
[  216.064168][T10261]   recovery_pass_empty,check_unreachable_inodes,lookup_root_inode
[  216.121775][T10261] bcachefs (loop4): accounting_read... done
[  216.131428][T10261] bcachefs (loop4): alloc_read... done
[  216.153900][T10261] bcachefs (loop4): snapshots_read... done
[  216.156763][T10261] bcachefs (loop4): done starting filesystem
[  216.225720][T10288] loop1: detected capacity change from 0 to 32768
[  216.228642][T10288] bcachefs: bch2_fs_parse_param() Error parsing option gc_reserve_bytes: option_value
[  216.286061][ T8560] bcachefs (loop4): shutting down
[  216.324689][ T8560] bcachefs (loop4): shutdown complete
[  217.103957][ T6003] usb 1-1: new full-speed USB device number 29 using dummy_hcd
[  217.276324][ T6003] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  217.280845][ T6003] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  217.288499][ T6003] usb 1-1: New USB device found, idVendor=056a, idProduct=0020, bcdDevice= 0.00
[  217.293955][ T6003] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  217.299385][ T6003] usb 1-1: config 0 descriptor??
[  217.303812][T10306] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  217.648117][   T33] audit: type=1326 audit(1755269301.430:609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10327 comm="syz.1.1688" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb03078ebe9 code=0x7ffc0000
[  217.660092][   T33] audit: type=1326 audit(1755269301.430:610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10327 comm="syz.1.1688" exe="/syz-executor" sig=0 arch=c000003e syscall=261 compat=0 ip=0x7fb03078ebe9 code=0x7ffc0000
[  217.673303][T10333] loop4: detected capacity change from 0 to 4096
[  217.677357][   T33] audit: type=1326 audit(1755269301.430:611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10327 comm="syz.1.1688" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb03078ebe9 code=0x7ffc0000
[  217.687316][T10333] ntfs3(loop4): Different NTFS sector size (4096) and media sector size (512).
[  217.707116][   T33] audit: type=1326 audit(1755269301.430:612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10327 comm="syz.1.1688" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb03078ebe9 code=0x7ffc0000
[  217.721720][ T6003] usbhid 1-1:0.0: can't add hid device: -71
[  217.725340][ T6003] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  217.730129][ T6003] usb 1-1: USB disconnect, device number 29
[  217.749148][T10333] ntfs3(loop4): ino=19, mi_enum_attr
[  217.778144][T10333] ntfs3(loop4): failed to convert "c46c" to cp936
[  217.784230][T10333] ntfs3(loop4): ino=20, mi_enum_attr
[  217.789775][T10337] loop1: detected capacity change from 0 to 256
[  217.829971][T10337] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d)
[  217.857209][T10337] exFAT-fs (loop1): start_clu is invalid cluster(0x0)
[  218.173724][   T24] usb 2-1: new full-speed USB device number 25 using dummy_hcd
[  218.224034][ T6003] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  218.325039][   T24] usb 2-1: not running at top speed; connect to a high speed hub
[  218.328595][   T24] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  218.331709][   T24] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  218.336085][   T24] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  218.339721][   T24] usb 2-1: config 1 has no interface number 1
[  218.342030][   T24] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4
[  218.346622][   T24] usb 2-1: config 1 interface 2 has no altsetting 0
[  218.350670][   T24] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  218.353720][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  218.356677][   T24] usb 2-1: Product: syz
[  218.358036][   T24] usb 2-1: Manufacturer: syz
[  218.359508][   T24] usb 2-1: SerialNumber: syz
[  218.374548][ T6003] usb 1-1: Using ep0 maxpacket: 16
[  218.378319][ T6003] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  218.384986][ T6003] usb 1-1: New USB device found, idVendor=0586, idProduct=401a, bcdDevice= 0.00
[  218.388753][ T6003] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  218.394854][ T6003] usb 1-1: config 0 descriptor??
[  218.399576][ T6003] rtl8150 1-1:0.0: couldn't find required endpoints
[  218.402583][ T6003] rtl8150 1-1:0.0: probe with driver rtl8150 failed with error -5
[  218.503696][   T10] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  218.571357][   T24] usb 2-1: 2:1 : no or invalid class specific endpoint descriptor
[  218.574461][   T24] usb 2-1: 2:1 : format type 9 is not supported yet
[  218.576798][   T24] usb 2-1: selecting invalid altsetting 0
[  218.585993][   T24] usb 2-1: USB disconnect, device number 25
[  218.605322][ T6003] usbhid 1-1:0.0: can't add hid device: -71
[  218.607773][ T6765] udevd[6765]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  218.607988][ T6003] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  218.619997][ T6003] usb 1-1: USB disconnect, device number 30
[  218.654990][   T10] usb 5-1: Using ep0 maxpacket: 32
[  218.658795][   T10] usb 5-1: config 0 has an invalid interface number: 51 but max is 0
[  218.662193][   T10] usb 5-1: config 0 has no interface number 0
[  218.665622][   T10] usb 5-1: config 0 interface 51 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  218.669866][   T10] usb 5-1: config 0 interface 51 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  218.679144][   T10] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  218.682988][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  218.687259][   T10] usb 5-1: Product: syz
[  218.690082][   T10] usb 5-1: Manufacturer: syz
[  218.692013][   T10] usb 5-1: SerialNumber: syz
[  218.696300][   T10] usb 5-1: config 0 descriptor??
[  218.703948][   T10] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  218.906319][   T10] usb 5-1: qt2_setup_urbs - submit read urb failed -90
[  218.909222][   T10] quatech2 5-1:0.51: probe with driver quatech2 failed with error -90
[  219.112392][   T24] usb 5-1: USB disconnect, device number 8
[  219.127848][T10361] netlink: 'syz.1.1701': attribute type 1 has an invalid length.
[  219.131242][T10361] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1701'.
[  219.284177][T10370] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4)
[  219.286397][T10370] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  219.304360][T10370] vhci_hcd vhci_hcd.0: Device attached
[  219.543982][   T24] usb 35-1: new high-speed USB device number 2 using vhci_hcd
[  219.801524][T10382] loop4: detected capacity change from 0 to 2048
[  219.851067][T10382] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  220.059142][T10371] vhci_hcd: connection reset by peer
[  220.065060][   T13] vhci_hcd: stop threads
[  220.067328][   T13] vhci_hcd: release socket
[  220.071015][   T13] vhci_hcd: disconnect device
[  220.423841][   T47] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  220.585635][   T47] usb 5-1: config 0 has an invalid interface number: 120 but max is 0
[  220.589030][   T47] usb 5-1: config 0 has no interface number 0
[  220.591581][   T47] usb 5-1: config 0 interface 120 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  220.597251][   T47] usb 5-1: config 0 interface 120 altsetting 0 endpoint 0x8F has an invalid bInterval 52, changing to 9
[  220.601761][   T47] usb 5-1: config 0 interface 120 altsetting 0 endpoint 0x8F has invalid maxpacket 8241, setting to 1024
[  220.606630][   T47] usb 5-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58
[  220.610499][   T47] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  220.634639][   T47] usb 5-1: config 0 descriptor??
[  220.950722][   T47] input: USB Touchscreen 16e3:f9e9 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.120/input/input15
[  221.010522][   T47] usb 5-1: USB disconnect, device number 9
[  221.012864][    C1] usbtouchscreen 5-1:0.120: usbtouch_irq - usb_submit_urb failed with result: -19
[  221.331233][T10403] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  221.753168][T10411] loop4: detected capacity change from 0 to 256
[  221.770102][T10411] FAT-fs (loop4): Directory bread(block 64) failed
[  221.772529][T10411] FAT-fs (loop4): Directory bread(block 65) failed
[  221.776006][T10411] FAT-fs (loop4): Directory bread(block 66) failed
[  221.778544][T10411] FAT-fs (loop4): Directory bread(block 67) failed
[  221.780931][T10411] FAT-fs (loop4): Directory bread(block 68) failed
[  221.783388][T10411] FAT-fs (loop4): Directory bread(block 69) failed
[  221.786100][T10411] FAT-fs (loop4): Directory bread(block 70) failed
[  221.788334][T10411] FAT-fs (loop4): Directory bread(block 71) failed
[  221.790862][T10411] FAT-fs (loop4): Directory bread(block 72) failed
[  221.793287][T10411] FAT-fs (loop4): Directory bread(block 73) failed
[  223.008905][T10440] netlink: 'syz.0.1732': attribute type 2 has an invalid length.
[  223.059603][T10440] k*]: entered promiscuous mode
[  223.825516][ T5960] Bluetooth: hci1: ACL packet for unknown connection handle 200
[  223.831063][T10470] tipc: Enabling of bearer <etl:g> rejected, media not registered
[  223.935150][T10477] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1745'.
[  223.984143][T10479] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  223.987633][T10479] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  224.279968][T10485] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1749'.
[  224.683898][   T24] vhci_hcd: vhci_device speed not set
[  224.842931][T10490] loop1: detected capacity change from 0 to 32768
[  224.847358][T10490] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1751 (10490)
[  224.856512][T10490] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  224.860584][T10490] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[  224.871736][T10490] BTRFS info (device loop1): using free-space-tree
[  225.172726][T10513] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1754'.
[  225.325823][ T5958] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  225.939430][T10529] loop1: detected capacity change from 0 to 2048
[  225.943768][T10389] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  225.947909][T10529] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024)
[  225.956444][ T6765] udevd[6765]: incorrect nilfs2 checksum on /dev/loop1
[  225.960469][T10529] NILFS (loop1): mounting unchecked fs
[  225.971097][ T6765] udevd[6765]: incorrect nilfs2 checksum on /dev/loop1
[  225.971574][T10529] NILFS (loop1): recovery complete
[  225.991099][T10530] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  226.103730][T10389] usb 5-1: Using ep0 maxpacket: 16
[  226.106539][T10389] usb 5-1: too many configurations: 9, using maximum allowed: 8
[  226.122568][T10389] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  226.126418][T10389] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  226.129674][T10389] usb 5-1: Product: syz
[  226.131635][T10389] usb 5-1: Manufacturer: syz
[  226.133621][T10389] usb 5-1: SerialNumber: syz
[  226.143424][T10389] r8152-cfgselector 5-1: Unknown version 0x0000
[  226.146039][T10389] r8152-cfgselector 5-1: config 0 descriptor??
[  226.353731][    T9] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  226.856891][    T9] usb 2-1: New USB device found, idVendor=046d, idProduct=08b6, bcdDevice=ca.8e
[  226.860230][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  226.866831][    T9] pwc: Logitech/Cisco VT Camera webcam detected.
[  227.269779][    T9] pwc: send_video_command error -71
[  227.273274][    T9] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  227.278791][    T9] Philips webcam 2-1:127.0: probe with driver Philips webcam failed with error -71
[  227.289182][    T9] usb 2-1: USB disconnect, device number 26
[  228.493388][   T10] r8152-cfgselector 5-1: USB disconnect, device number 10
[  228.598846][T10598] binder: 10596:10598 ioctl c0306201 2000000003c0 returned -22
[  228.903726][   T10] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  228.931455][T10600] loop1: detected capacity change from 0 to 32768
[  228.969228][T10600] ocfs2: Slot 0 on device (7,1) was already allocated to this node!
[  228.989898][T10600] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  229.009141][T10600] 
[  229.010281][T10600] ======================================================
[  229.013028][T10600] WARNING: possible circular locking dependency detected
[  229.015756][T10600] 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 Not tainted
[  229.020181][T10600] ------------------------------------------------------
[  229.023029][T10600] syz.1.1792/10600 is trying to acquire lock:
[  229.025477][T10600] ffff8881035731e0 (&ocfs2_file_ip_alloc_sem_key){++++}-{4:4}, at: ocfs2_try_remove_refcount_tree+0xb6/0x320
[  229.030045][T10600] 
[  229.030045][T10600] but task is already holding lock:
[  229.033047][T10600] ffff888103573278 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_try_remove_refcount_tree+0xa4/0x320
[  229.037325][T10600] 
[  229.037325][T10600] which lock already depends on the new lock.
[  229.037325][T10600] 
[  229.041431][T10600] 
[  229.041431][T10600] the existing dependency chain (in reverse order) is:
[  229.045023][T10600] 
[  229.045023][T10600] -> #4 (&oi->ip_xattr_sem){++++}-{4:4}:
[  229.048225][T10600]        lock_acquire+0x120/0x360
[  229.050228][T10600]        down_read+0x46/0x2e0
[  229.052190][T10600]        ocfs2_init_acl+0x2f9/0x720
[  229.054278][T10600]        ocfs2_mknod+0x1321/0x2050
[  229.056432][T10600]        ocfs2_create+0x1a5/0x440
[  229.058479][T10600]        path_openat+0x14f4/0x3830
[  229.060593][T10600]        do_filp_open+0x1fa/0x410
[  229.062655][T10600]        do_sys_openat2+0x121/0x1c0
[  229.064681][T10600]        __x64_sys_openat+0x138/0x170
[  229.066561][T10600]        do_syscall_64+0xfa/0x3b0
[  229.068313][T10600]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  229.070496][T10600] 
[  229.070496][T10600] -> #3 (jbd2_handle){++++}-{0:0}:
[  229.072976][T10600]        lock_acquire+0x120/0x360
[  229.074705][T10600]        start_this_handle+0x1fa7/0x21c0
[  229.076640][T10600]        jbd2__journal_start+0x2c1/0x5b0
[  229.078648][T10600]        jbd2_journal_start+0x2a/0x40
[  229.080546][T10600]        ocfs2_start_trans+0x376/0x6d0
[  229.082494][T10600]        ocfs2_reserve_suballoc_bits+0x711/0x4640
[  229.084865][T10600]        ocfs2_reserve_new_metadata_blocks+0x403/0x940
[  229.087240][T10600]        ocfs2_extend_dir+0xc76/0x4870
[  229.089158][T10600]        ocfs2_prepare_dir_for_insert+0x2fe8/0x5450
[  229.091495][T10600]        ocfs2_symlink+0xaa4/0x23e0
[  229.093358][T10600]        vfs_symlink+0x143/0x2f0
[  229.095125][T10600]        do_symlinkat+0x1b1/0x3f0
[  229.096894][T10600]        __x64_sys_symlink+0x7a/0x90
[  229.098744][T10600]        do_syscall_64+0xfa/0x3b0
[  229.100473][T10600]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  229.102689][T10600] 
[  229.102689][T10600] -> #2 (&journal->j_trans_barrier){.+.+}-{4:4}:
[  229.105624][T10600]        lock_acquire+0x120/0x360
[  229.107381][T10600]        down_read+0x46/0x2e0
[  229.109100][T10600]        ocfs2_start_trans+0x36a/0x6d0
[  229.111020][T10600]        ocfs2_reserve_suballoc_bits+0x711/0x4640
[  229.113285][T10600]        ocfs2_reserve_new_metadata_blocks+0x403/0x940
[  229.115656][T10600]        ocfs2_extend_dir+0xc76/0x4870
[  229.117635][T10600]        ocfs2_prepare_dir_for_insert+0x2fe8/0x5450
[  229.119968][T10600]        ocfs2_symlink+0xaa4/0x23e0
[  229.121810][T10600]        vfs_symlink+0x143/0x2f0
[  229.123611][T10600]        do_symlinkat+0x1b1/0x3f0
[  229.125394][T10600]        __x64_sys_symlink+0x7a/0x90
[  229.127320][T10600]        do_syscall_64+0xfa/0x3b0
[  229.129184][T10600]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  229.131466][T10600] 
[  229.131466][T10600] -> #1 (sb_internal#4){.+.+}-{0:0}:
[  229.134209][T10600]        lock_acquire+0x120/0x360
[  229.135946][T10600]        ocfs2_start_trans+0x26b/0x6d0
[  229.137840][T10600]        ocfs2_truncate_file+0x643/0x1420
[  229.139889][T10600]        ocfs2_setattr+0x1520/0x1b40
[  229.141787][T10600]        notify_change+0xb36/0xe40
[  229.143522][T10600]        do_truncate+0x1a4/0x220
[  229.145343][T10600]        path_openat+0x306c/0x3830
[  229.147160][T10600]        do_filp_open+0x1fa/0x410
[  229.148909][T10600]        do_sys_openat2+0x121/0x1c0
[  229.150715][T10600]        __x64_sys_openat+0x138/0x170
[  229.152578][T10600]        do_syscall_64+0xfa/0x3b0
[  229.154368][T10600]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  229.156611][T10600] 
[  229.156611][T10600] -> #0 (&ocfs2_file_ip_alloc_sem_key){++++}-{4:4}:
[  229.159712][T10600]        validate_chain+0xb9b/0x2140
[  229.161561][T10600]        __lock_acquire+0xab9/0xd20
[  229.163463][T10600]        lock_acquire+0x120/0x360
[  229.165305][T10600]        down_write+0x96/0x1f0
[  229.167053][T10600]        ocfs2_try_remove_refcount_tree+0xb6/0x320
[  229.169447][T10600]        ocfs2_truncate_file+0xda0/0x1420
[  229.171557][T10600]        ocfs2_setattr+0x1520/0x1b40
[  229.173500][T10600]        notify_change+0xb36/0xe40
[  229.175340][T10600]        do_truncate+0x1a4/0x220
[  229.177131][T10600]        path_openat+0x306c/0x3830
[  229.179005][T10600]        do_filp_open+0x1fa/0x410
[  229.180841][T10600]        do_sys_openat2+0x121/0x1c0
[  229.182724][T10600]        __x64_sys_openat+0x138/0x170
[  229.184728][T10600]        do_syscall_64+0xfa/0x3b0
[  229.186572][T10600]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  229.188940][T10600] 
[  229.188940][T10600] other info that might help us debug this:
[  229.188940][T10600] 
[  229.192556][T10600] Chain exists of:
[  229.192556][T10600]   &ocfs2_file_ip_alloc_sem_key --> jbd2_handle --> &oi->ip_xattr_sem
[  229.192556][T10600] 
[  229.197350][T10600]  Possible unsafe locking scenario:
[  229.197350][T10600] 
[  229.200018][T10600]        CPU0                    CPU1
[  229.201945][T10600]        ----                    ----
[  229.203940][T10600]   lock(&oi->ip_xattr_sem);
[  229.205648][T10600]                                lock(jbd2_handle);
[  229.207965][T10600]                                lock(&oi->ip_xattr_sem);
[  229.210404][T10600]   lock(&ocfs2_file_ip_alloc_sem_key);
[  229.212351][T10600] 
[  229.212351][T10600]  *** DEADLOCK ***
[  229.212351][T10600] 
[  229.215119][T10600] 3 locks held by syz.1.1792/10600:
[  229.216970][T10600]  #0: ffff888111eb2428 (sb_writers#35){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[  229.220253][T10600]  #1: ffff888103573540 (&sb->s_type->i_mutex_key#39){+.+.}-{4:4}, at: do_truncate+0x171/0x220
[  229.224076][T10600]  #2: ffff888103573278 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_try_remove_refcount_tree+0xa4/0x320
[  229.227974][T10600] 
[  229.227974][T10600] stack backtrace:
[  229.230107][T10600] CPU: 0 UID: 0 PID: 10600 Comm: syz.1.1792 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  229.230121][T10600] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  229.230128][T10600] Call Trace:
[  229.230134][T10600]  <TASK>
[  229.230140][T10600]  dump_stack_lvl+0x189/0x250
[  229.230155][T10600]  ? __pfx_dump_stack_lvl+0x10/0x10
[  229.230165][T10600]  ? __pfx__printk+0x10/0x10
[  229.230179][T10600]  ? print_lock_name+0xde/0x100
[  229.230193][T10600]  print_circular_bug+0x2ee/0x310
[  229.230206][T10600]  check_noncircular+0x134/0x160
[  229.230217][T10600]  validate_chain+0xb9b/0x2140
[  229.230232][T10600]  __lock_acquire+0xab9/0xd20
[  229.230248][T10600]  ? ocfs2_try_remove_refcount_tree+0xb6/0x320
[  229.230257][T10600]  lock_acquire+0x120/0x360
[  229.230269][T10600]  ? ocfs2_try_remove_refcount_tree+0xb6/0x320
[  229.230281][T10600]  down_write+0x96/0x1f0
[  229.230290][T10600]  ? ocfs2_try_remove_refcount_tree+0xb6/0x320
[  229.230300][T10600]  ? __pfx_down_write+0x10/0x10
[  229.230309][T10600]  ocfs2_try_remove_refcount_tree+0xb6/0x320
[  229.230319][T10600]  ? __pfx_ocfs2_try_remove_refcount_tree+0x10/0x10
[  229.230330][T10600]  ? up_write+0x1c4/0x420
[  229.230340][T10600]  ocfs2_truncate_file+0xda0/0x1420
[  229.230356][T10600]  ? __pfx_ocfs2_truncate_file+0x10/0x10
[  229.230368][T10600]  ? do_raw_spin_unlock+0x4d/0x240
[  229.230379][T10600]  ? _raw_spin_unlock+0x28/0x50
[  229.230388][T10600]  ? ocfs2_inode_lock_tracker+0x3ec/0x660
[  229.230400][T10600]  ? __pfx_ocfs2_inode_lock_tracker+0x10/0x10
[  229.230410][T10600]  ? ocfs2_rw_lock+0x13a/0x240
[  229.230418][T10600]  ? __pfx___dquot_initialize+0x10/0x10
[  229.230427][T10600]  ? __pfx_ocfs2_rw_lock+0x10/0x10
[  229.230434][T10600]  ? setattr_prepare+0x1e7/0xac0
[  229.230445][T10600]  ? jbd2_journal_begin_ordered_truncate+0xbb/0x150
[  229.230460][T10600]  ocfs2_setattr+0x1520/0x1b40
[  229.230475][T10600]  ? __pfx_ocfs2_setattr+0x10/0x10
[  229.230487][T10600]  ? ktime_get_coarse_real_ts64_mg+0x52/0x1e0
[  229.230498][T10600]  ? seqcount_lockdep_reader_access+0x175/0x1c0
[  229.230511][T10600]  ? ktime_get_coarse_real_ts64_mg+0x1be/0x1e0
[  229.230523][T10600]  ? current_time+0x222/0x370
[  229.230536][T10600]  ? evm_inode_setattr+0x1b6/0x7d0
[  229.230546][T10600]  ? __pfx_current_time+0x10/0x10
[  229.230555][T10600]  ? try_break_deleg+0x79/0x130
[  229.230565][T10600]  ? __pfx_ocfs2_setattr+0x10/0x10
[  229.230577][T10600]  notify_change+0xb36/0xe40
[  229.230590][T10600]  do_truncate+0x1a4/0x220
[  229.230602][T10600]  ? __pfx_do_truncate+0x10/0x10
[  229.230612][T10600]  ? apparmor_file_truncate+0x23e/0x2d0
[  229.230628][T10600]  path_openat+0x306c/0x3830
[  229.230639][T10600]  ? arch_stack_walk+0xfc/0x150
[  229.230654][T10600]  ? stack_depot_save_flags+0x40/0x860
[  229.230668][T10600]  ? __pfx_path_openat+0x10/0x10
[  229.230677][T10600]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  229.230690][T10600]  do_filp_open+0x1fa/0x410
[  229.230699][T10600]  ? __lock_acquire+0xab9/0xd20
[  229.230712][T10600]  ? __pfx_do_filp_open+0x10/0x10
[  229.230725][T10600]  ? _raw_spin_unlock+0x28/0x50
[  229.230735][T10600]  ? alloc_fd+0x64c/0x6c0
[  229.230748][T10600]  do_sys_openat2+0x121/0x1c0
[  229.230757][T10600]  ? __se_sys_futex+0x36f/0x400
[  229.230768][T10600]  ? __pfx_do_sys_openat2+0x10/0x10
[  229.230778][T10600]  ? __pfx___se_sys_futex+0x10/0x10
[  229.230788][T10600]  ? rcu_is_watching+0x15/0xb0
[  229.230797][T10600]  __x64_sys_openat+0x138/0x170
[  229.230808][T10600]  do_syscall_64+0xfa/0x3b0
[  229.230845][T10600]  ? lockdep_hardirqs_on+0x9c/0x150
[  229.230858][T10600]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  229.230867][T10600]  ? exc_page_fault+0x9f/0xf0
[  229.230879][T10600]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  229.230889][T10600] RIP: 0033:0x7fb03078ebe9
[  229.230899][T10600] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  229.230908][T10600] RSP: 002b:00007fb0315d8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  229.230919][T10600] RAX: ffffffffffffffda RBX: 00007fb0309b5fa0 RCX: 00007fb03078ebe9
[  229.230926][T10600] RDX: 0000000000007a05 RSI: 0000200000000140 RDI: ffffffffffffff9c
[  229.230933][T10600] RBP: 00007fb030811e19 R08: 0000000000000000 R09: 0000000000000000
[  229.230939][T10600] R10: 0000000000001700 R11: 0000000000000246 R12: 0000000000000000
[  229.230944][T10600] R13: 00007fb0309b6038 R14: 00007fb0309b5fa0 R15: 00007ffc4ca68928
[  229.230953][T10600]  </TASK>
[  229.434214][   T10] usb 5-1: Using ep0 maxpacket: 32
[  229.438123][   T10] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  229.444166][   T10] usb 5-1: New USB device found, idVendor=13ec, idProduct=0006, bcdDevice= 0.00
[  229.448106][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  229.452952][   T10] usb 5-1: config 0 descriptor??
[  229.467292][ T5958] ocfs2: Unmounting device (7,1) on (node local)
[  229.862499][   T10] zydacron 0003:13EC:0006.000D: unknown main item tag 0x0
[  229.866522][   T10] zydacron 0003:13EC:0006.000D: unknown main item tag 0x0
[  229.869388][   T10] zydacron 0003:13EC:0006.000D: unknown main item tag 0x0
[  229.872765][   T10] zydacron 0003:13EC:0006.000D: hidraw0: USB HID v0.00 Device [HID 13ec:0006] on usb-dummy_hcd.4-1/input0
[  230.069907][   T10] usb 5-1: USB disconnect, device number 11

VM DIAGNOSIS:
14:48:32  Registers:
info registers vcpu 0

CPU#0
RAX=000000000000002d RBX=000000000000002d RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000001902 RDI=0000000000001903 RBP=00000000000003f8 RSP=ffffc90002a5e850
R8 =ffff8881070c8237 R9 =1ffff11020e19046 R10=dffffc0000000000 R11=ffffffff854f1730
R12=dffffc0000000000 R13=ffffffff99afa900 R14=ffffffff99def3a0 R15=0000000000000000
RIP=ffffffff854f17ac RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fb0315d86c0 ffffffff 00c00000
GS =0000 ffff8880b861b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000557e44b57058 CR3=0000000112eb0000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ffffffffffffffff ffffff0000000000 XMM01=0101010101010101 0101010000000000
XMM02=695f746e756f6d5f 7a79730032736667 XMM03=75663d79636e6572 65686f632c6c6c75
XMM04=692c736b636f6c66 6c61636f6c2c6c6c XMM05=0000000000000000 00007fb0315d76e0
XMM06=00007fb0315d76e0 00007fb0315d7560 XMM07=00007fb0315d75a0 00007fb0315d7580
XMM08=0000000000000000 0000001b7d1475bf XMM09=0000000000000000 00007fb030812fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000000 RBX=ffffffff81d06faf RCX=7ca24df71e844800 RDX=ffffc90002a4f001
RSI=ffffffff8be333e0 RDI=ffffffff81d06faf RBP=ffffc90002a4f130 RSP=ffffc90002a4f058
R8 =ffffc90002a4fd30 R9 =0000000000000000 R10=ffffc90002a4f0f8 R11=fffff52000549e21
R12=ffff88810b643980 R13=1ffff92000549e40 R14=dffffc0000000000 R15=1ffff92000549e1e
RIP=ffffffff818c7ec8 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f0da1e586c0 ffffffff 00c00000
GS =0000 ffff8881a3c1b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b31123ffc CR3=0000000112eb2000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=6161616161616161 6161616161616161
XMM06=6161616161616161 6161616161616161 XMM07=6161616161616161 6161616161616161
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007f0da1012fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
