last executing test programs:

6m37.023418701s ago: executing program 32 (id=596):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000140)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_GET_KEY(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)={0x30, r1, 0x1, 0x70bd29, 0x25dfdbf8, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x2}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x5}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000851}, 0x40)

6m29.84841272s ago: executing program 3 (id=670):
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xc1, 0x6a, 0xdc, 0x20, 0x67b, 0x307, 0x1370, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xb0, 0x2d, [{{0x9, 0x4, 0x32, 0x2, 0x2, 0xd3, 0x7, 0xa6, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)

6m29.268637638s ago: executing program 3 (id=671):
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x40, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x4000, 0x0, 0x865d, 0xfd, "ffff00"})
syz_open_pts(r0, 0x0)
r1 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x8, 0x1, 0x40000333}, &(0x7f00000006c0)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

6m29.036866308s ago: executing program 33 (id=671):
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x40, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x4000, 0x0, 0x865d, 0xfd, "ffff00"})
syz_open_pts(r0, 0x0)
r1 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x8, 0x1, 0x40000333}, &(0x7f00000006c0)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

6m26.272051245s ago: executing program 34 (id=693):
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000000)='./bus\x00', 0x0, &(0x7f0000001b80)=ANY=[], 0xfd, 0x26d, &(0x7f0000000600)="$eJzs3E9rXFUYB+D3tilNE5KJ+I8WxINudHNpsnLhokFaEAOKNoIK0lsz0SGTmZA7BEakyc6tH8G1uHQnSL9ANn6CIu6yybIL8cp0hjoTptaW6IX0eTb3Zc79DedyZs6cxcscvf3d9tZmmW8WvTiXZTFzLQ7ifhZLcS7Ox9BBvHnnrXuvfPTJp++trq1d/zClG6s3l1dSSouv/vLZNz++drc3//FPiz9fjMOlz4+OV34/fOnw8tGfN79qlalVpk63l4p0u9vtFbfbzbTRKrfylD5oN4uymVqdsrk7Mb7Z7u7s9FPR2ViY29ltlmUqOv201eynXjf1dvup+LJodVKe52lhLngal0bX9R/uV1UcVxduRVVVl76P+buxcC8akT2XsuevZS/eyl4+yC4fV1VjLJ3VNGtO39OsP2fHxPrvP1z/2dGw9T/jfP+fbWOHutmI7W/31vfWh9fh+OpmtKIdzbgajfgjBh+TkWF9492161fTA0uRtvdH+f299fOT+eVoxNL0/PIwnybzF2NuPL8SjXhhen5lan423nh9LJ9HI379IrrRjo0YZP/O31lO6Z33107krzy4DwDgrMnTQ1PPb3n+qPFh/gnOhyfOVzNxZabeZyei7H+9VbTbzd0aiwujudQ8DcVjizj4D945ovbnmlIs/uM984sRk68MNry653yqRc0bE/+Lsj/4ER4set0zAQAAAAAAAAAA4ElMNP39Nn+iDbB6VIdgNvoTgH/VThgROr0BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMf6KwAA//9rr+bZ")
chdir(&(0x7f0000000280)='./file0\x00')
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]})
socket$unix(0x1, 0x2, 0x0)
ppoll(&(0x7f0000000000), 0x0, 0x0, 0x0, 0x0)
memfd_create(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000580)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8)
r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
gettid()
r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r2, 0xc008561c, &(0x7f0000000040)={0xf0f024})
syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f0000000100)={0x2, @vbi={0x9, 0x7, 0x7ffffffd, 0x4f565559, [0x1000, 0x1000007], [0x63b, 0x1000], 0x108}})
r3 = io_uring_setup(0x5741, 0x0)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r1, 0xc0189378, &(0x7f0000000240)={{0x1, 0x1, 0x18, <r4=>0xffffffffffffffff, {r2}}, './bus\x00'})
io_uring_register$IORING_REGISTER_PBUF_RING(r4, 0x16, &(0x7f00000005c0)={0x0}, 0x1)
io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)

5m52.80148492s ago: executing program 35 (id=956):
r0 = semget$private(0x0, 0x6, 0x0)
semtimedop(r0, &(0x7f00000003c0)=[{0x2, 0x4, 0x1800}], 0x1, 0x0)
unshare(0x20040400)
semop(r0, &(0x7f0000000040)=[{0x4, 0xbf0d, 0x1800}], 0x1)
semctl$IPC_RMID(r0, 0x0, 0x0)

5m41.407597872s ago: executing program 4 (id=1070):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$unix(r0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18, 0x4000010}, 0x4000010)
recvmsg$unix(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x2062)

5m41.28092523s ago: executing program 4 (id=1073):
r0 = syz_open_dev$vbi(&(0x7f0000000080), 0x3, 0x2)
ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000100)={0x0, 0x0, '\x00', @bt={0x8, 0xfffff6d7, 0x5, 0x4, 0x7, 0x0, 0x1b, 0xc}})

5m41.231590618s ago: executing program 4 (id=1075):
r0 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2000}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @mcast2}, @IFLA_IPTUN_TTL={0x5, 0x4, 0x8}]}}}]}, 0x50}}, 0x0)

5m41.142845608s ago: executing program 4 (id=1076):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f00000000c0)={[{@noinit_itable}, {@dax_inode}, {@nolazytime}, {@abort}, {@dax_inode}, {@lazytime}, {@noload}, {}, {@noauto_da_alloc}]}, 0xfe, 0x558, &(0x7f0000000c00)="$eJzs3U1rG0cfAPD/ynbenOeJAyG0PRRDDk1JI8d2X1LoIT2WNjTQ3lNhb0ywHAVLDrEbaHJoLr2UUCilgdIP0HuPoV+gnyLQBkIJpj30orLyylFsyZZtpVaq3w82mdldaXY0+x/PaCQUwMAaz/4pRLwcEV8nEcdajg1HfnB87bzVJ7dmsi2Jev2TP5JI8n3N85P8/9E881JE/PJlxJnC5nKryyvzpXI5XczzE7WF6xPV5ZWzVxdKc+lcem1qevr8W9NT777zds/q+vqlv777+MEH5786tfrtT4+O30viQhzNj7XWYw9ut2bGYzx/TUbiwoYTJ3tQWD9J9vsC2JWhPM5HIusDjsVQHvXAf98XEVEHBlQi/mFANccBzbl9j+bBL4zH769NgDbXf3jtvZE41JgbHVlNnpkZZfPdsR6Un5Xx8+/372Vb9O59CIBt3b4TEeeGhzf3f0ne/+3euS7O2VjGDvu/+g4vCWjxIBv/vNFu/FNYH/9Em/HPaJvY3Y3t47/wqAfFdJSN/95rO/5dX7QaG8pz/2uM+UaSK1fLada3/T8iTsfIwSy/1XrO+dWHHfup1vFftmXlN8eC+XU8Gj747GNmS7XSXurc6vGdiFfajn+T9fZP2rR/9npc6rKMk+n9Vzsd277+z1f9x4jX2rb/0xWtZOv1yYnG/TDRvCs2+/PuyV87lb/f9c/a/8jW9R9LWtdrqzsv44dDf6edju32/j+QfNpIH8j33SzVaouTEQeSjzbvn3r62Ga+eX5W/9Ontu7/2t3/hyPisy7rf/fE3Y6n9kP7z+6o/XeeePjh5993Kr+79n+zkTqd7+mm/+v2Avfy2gEAAAAAAEC/KUTE0UgKxfV0oVAsrn2+40QcKZQr1dqZK5Wla7PR+K7sWIwUmivdoy2fh5jMPw/bzE9tyE9HxPGI+GbocCNfnKmUZ/e78gAAAAAAAAAAAAAAAAAAANAnRjt8/z/z29B+Xx3w3PnJbxhc28Z/L37pCehL/v7D4BL/MLjEPwwu8Q+DS/zD4BL/MLjEPwwu8Q8AAAAAAAAAAAAAAAAAAAAAAAAAAAA9denixWyrrz65NZPlZ28sL81XbpydTavzxYWlmeJMZfF6ca5SmSunxZnKwnbPV65Urk9OxdLNiVparU1Ul1cuL1SWrtUuX10ozaWX05F/pVYAAAAAAAAAAAAAAAAAAADwYqkur8yXyuV0UUJiV4nh/rgMibVEM7D3/IT72y8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQKt/AgAA//+jgjYy")
mount$overlay(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f0000001600)={[{@workdir={'workdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@redirect_dir_nofollow}, {@userxattr}], [], 0x2c})

5m40.988229685s ago: executing program 4 (id=1079):
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000040)={0x18, 0x0, {0x8001, @multicast, 'gre0\x00'}}, 0x1e)
sendto(r0, 0x0, 0x0, 0x2004c880, 0x0, 0x0)

5m40.624336034s ago: executing program 4 (id=1084):
r0 = socket$kcm(0xa, 0x922000000003, 0x11)
setsockopt$sock_attach_bpf(r0, 0x29, 0x24, &(0x7f00000000c0), 0x19)
sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f00000007c0)=@l2tp6={0xa, 0x0, 0x28e, @mcast1, 0x9}, 0x80, &(0x7f0000000100)=[{&(0x7f0000000140)="f4000900062b2c25fe80000000000000dc8b850f238466ccfe8000000000e82ff6ed88672eb00944", 0x28}, {0x0}], 0x2}, 0x20000884)

5m40.454817785s ago: executing program 36 (id=1084):
r0 = socket$kcm(0xa, 0x922000000003, 0x11)
setsockopt$sock_attach_bpf(r0, 0x29, 0x24, &(0x7f00000000c0), 0x19)
sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f00000007c0)=@l2tp6={0xa, 0x0, 0x28e, @mcast1, 0x9}, 0x80, &(0x7f0000000100)=[{&(0x7f0000000140)="f4000900062b2c25fe80000000000000dc8b850f238466ccfe8000000000e82ff6ed88672eb00944", 0x28}, {0x0}], 0x2}, 0x20000884)

5m34.632995074s ago: executing program 6 (id=1134):
r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$sock_x25_SIOCDELRT(r0, 0x890c, 0x0)

5m34.632671295s ago: executing program 6 (id=1135):
syz_mount_image$squashfs(&(0x7f0000000100), &(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="3d0d8f929d36bc9c19d99c138002cdf0e58683ee6a6abe3f845d219f9f86cc41c0ed8b279cd28575a6a50679baf75e3aa7774f87987e5460c109d882afd2c2bfb760eaaae9b071cf23", @ANYRES16=0x0], 0x1, 0x192, &(0x7f0000000200)="$eJzsVT9PIkEU/83usAtX3F19ueSKu5xQCMuixk4rwwewNhJckbj4hyVRCAVWfA8bvojfwUJjg4UxscDejJmZt+tiYmGiCZL5JfB7f+e9x4Q3e9Fx5AJ4mvTrWIeCje+4YgwcwB+mbRuu5ntHc5H0O665QPZz4mviqNvbr4Vh0H4tsLdd7xU+7KDZFrY+v4S8zBmYdM4F+stgVvqZX+FFXTuz8KB22eWkX5fCNgAhhADi+wBLx9gALpIY4BdXH2ZDJDEyUyoLAEqd1lEp6vYWm61aI2gEB75fWfGWPG/ZL+02w8DT3yxVwqK6kgsA5E7NpfwZADc5HfMN02Cp1sjP0rlOajnn/07nWownuTFnySdzabdD/gSb+K98JwMmCID4QRFqpCoYbHCllHmqPz1bVjmK9cNwZwgG+a4IF/BG4LDitDEysSJTEyWorA7itofE/4irxCPiMXH8ZsVvEVcn3JKWHwAOTmudTrssTVpKbH5i838mlS2q+uhMD/fbhYGBgYGBgYHBF8NzAAAA//+ajGF3")
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmmsg$unix(r0, &(0x7f0000000d40)=[{{&(0x7f0000000080)=@abs={0x1, 0x30, 0x30}, 0x6e, 0x0}}], 0x1, 0x0)

5m34.530166268s ago: executing program 6 (id=1136):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x2, 0x4, 0x2, 0x1, 0xc7}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)

5m34.473154264s ago: executing program 6 (id=1137):
syz_mount_image$ext4(&(0x7f0000000340)='ext4\x00', &(0x7f0000000980)='./file0\x00', 0x3000010, &(0x7f0000000100)={[{@resuid}, {@nobh}]}, 0x1, 0x519, &(0x7f00000009c0)="$eJzs3cFvI1cZAPBvJvE2u5tiFxAqlSgVLcpWsHbS0DZCCMoFTpWA5b6ExImi2HEUO2UTVZCK/wAhgcSJExck/gCkqgfEGVWqBBfEAQECIdjCAQnoII/HJevYSaBJnI1/P+mt35sZz/e9ifw8M56dCWBiPRURL0XEVEQ8GxHlYnpalDjole5yb99/daVbksiyO39JIimm9dfVbU9HxM3ibTMR8ZUvRnw9ORq3vbe/udxo1HeKdq3T3K619/ZvbzSX1+vr9a3FxYUXll5cen5pPiu8p35W+pUffeGzr3/yG7+9+6db3+ym9ZkPRSkG+nGWel0v5duir7uNds4j2BhMFf0pjTsRAABOpbuP//6I+Fi+/1+OqXxvbsDUODIDAAAAzkr2udn4VxKRAQAAAFdWGhGzkaTV4lqA2UjTa8W5gQ/GjbTRanc+sdba3VrtzouoRCld22jU54trhStRSrrtheIa2377uYH2YkQ8FhHfLV/P29WVVmN1zOc+AAAAYFLcHDj+/3s5zesnG/L/BAAAAIDLqzKyAQAAAFwVDvkBAADg6hs8/n99THkAAAAA5+JLL7/cLVn/+derr+ztbrZeub1ab29Wm7sr1ZXWznZ1vdVaz+/Z1zxpfY1Wa/tTsbV7r9aptzu19t7+3WZrd6tzd+OBR2ADAAAAF+ixj77xqyQiDj59PS9R3AcQ4AG/H3cCwFmaGncCwNi4izdMrlK/cm28eQDjk5ww38U7AADw8Jv78NHf//unAkpjzQw4b671AYDJ4/d/mFwlVwDCREsj4n296iOjlhn5+/8vThslyyLeLB+e4vwiAABcrNm8JGm1OA6YjTStViMejUgrUUrWNhr1+eL44Jfl0iPd9kL+zuTEa4YBAAAAAAAAAAAAAAAAAAAAAAAAgJ4sSyIDAAAArrSI9I9Jfjf/iLnyM7OD5weuJf8oxx+Kxg/ufO/ecqezs9Cd/tf8WV7XIqLz/TulfPpzIx8fBgAAAJy15GDkrN5xevG6cKFZAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAB3r7/6kq/XGTcP38+IirD4k/HTP46E6WIuPG3JKYPvS+JiKkziH/wWkQ8Pix+Eu9kWVYpshgW//o5x6/km2Z4/DQibp5BfJhkb3THn5eGff7SeCp/Hf75my7KezV6/EuLyI/n49yw8efRI2trDo3xxFs/qY2M/1rEE9PDx5/++JuMiP/0kbX9M8uyozG+9tX9/VHxsx9GzA39/kkeiFXrNLdr7b392xvN5fX6en1rcXHhhaUXl55fmq+tbTTqxb9DY3znIz9957j+3xgS/ze/7o2/x/X/mVErHfDvt+7d/0CvWhoW/9bTQ79/Z2JE/LT47vt4Ue/On+vXD3r1w5788ZtPHtf/1RHb/6S//61T9v/ZL3/7d6dcFAC4AO29/c3lRqO+c0xl5hTLPIyVn81cijT+x0r2rd5f7rLk8/9Wunur/53S79UlSOxQJbuwWFNxSbr8bmWswxIAAHAOfv7uTv+4MwEAAAAAAAAAAAAAAAAAAIDJdRG3ExuMeTCergIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHOs/AQAA//9GB9/T")
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x891018, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f00000002c0)='./file0/file0\x00', &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
umount2(&(0x7f00000001c0)='./file0/../file0\x00', 0x8)

5m34.27059224s ago: executing program 6 (id=1138):
r0 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x1, 0x1)
fchdir(r1)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x90)
getdents64(r2, 0x0, 0x0)

5m34.063269603s ago: executing program 6 (id=1142):
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x685})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x0, &(0x7f0000000100), 0xc06620, 0x4)

5m33.961266487s ago: executing program 37 (id=1142):
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x685})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x0, &(0x7f0000000100), 0xc06620, 0x4)

5m9.085533501s ago: executing program 5 (id=1439):
r0 = syz_open_dev$sndpcmc(&(0x7f0000000000), 0x1, 0x181000)
ioctl$SNDRV_PCM_IOCTL_USER_PVERSION(r0, 0x40044104, &(0x7f00000000c0)=0x5)

5m9.085338162s ago: executing program 5 (id=1440):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_buf(r0, 0x29, 0x46, 0x0, &(0x7f0000000240))

5m9.00571764s ago: executing program 5 (id=1441):
r0 = socket$kcm(0x21, 0x2, 0xa)
sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001200)=ANY=[@ANYBLOB="1000000000000000100100000b"], 0x20}, 0x0)

5m9.003480943s ago: executing program 5 (id=1443):
syz_mount_image$minix(&(0x7f0000000300), &(0x7f0000000180)='./file2\x00', 0x4040, &(0x7f0000000000)=ANY=[], 0x1, 0x21d, &(0x7f00000006c0)="$eJzs209PE0EYx/HfdttS0Yhi/BNPJibGi60CCelJeQFePJp4ILWQxqJGvEBIlDfh3asnXwKJvg/fAD1489Qxszu1LN20O3XLhvL9JHQf2HlmngVmu9NuBeDCehY9BgpUiyJjzKd7kl4+l1QuuDgAM2Xctm+GwsE+AHMu7E+b+YrzBHCu9Tbss31NR4H06/dB69h91UauFNIXA72NUhwE0vGJ/Eue1yF3y8n8RUmXM9RgvgbR9oEG+bbyg9aVjOP2DuP8RSXH17Ws+fHxP7yvik7kX5W0JEXdXJe0LOmGtGDb3lRJpcT4VffdMP9O/IPDjIcBAAAAAMBYdvVZ/69sqT6xg1Bu6TvCroO3Ot32Y7+BB8tnVVz+E7/8f6ouf2VcIzM5fzW1utOCYViJNwsuv956133tUTeQh5Lf/B95WdD+Rx9N6CCeDsup+8KR+V/JXo17RXCr88UrB0Bsd2//zWa32/6QZ/B0XBvJt0N7Rsi5wvTgmw30J35nZMZjTRPYk+206YM3ZPIu7LMmtzEZ2sxTUM739/xDwel5Wk5Mou/ub+vR84u0XVUl5mlCeMYnJgAz1/i4876xu7f/qLOzud3ebr9dW28219dWV5qN6LLcPpqloqsEMAvDZ/+Unb438QAAAAAAAAAAAAAAgELcknQ7in72PdK4MwAAAAA4h87iQ1FFHyMAAAAAAAAAAAAAAPPubwAAAP//GgQs4g==")
openat$nullb(0xffffffffffffff9c, 0x0, 0xa8042, 0x0)
mount$afs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f00000002c0), 0x5, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f0000000340)='./file0\x00')
r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r0, 0x0, 0x0)

5m8.921356469s ago: executing program 5 (id=1444):
syz_emit_ethernet(0x46, &(0x7f0000000000)={@multicast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x1, 0x6, '\x00', 0x10, 0x3a, 0xff, @local, @loopback, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x2d, 0x0, 0x999, 0x5932}}}}}}, 0x0)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f00000002c0)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0x50, 0x0, &(0x7f0000000000)="ff", 0x0, 0x36, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x50)

5m8.739503542s ago: executing program 5 (id=1445):
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
getpeername(r0, 0x0, &(0x7f0000001500))

5m8.584595403s ago: executing program 38 (id=1445):
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
getpeername(r0, 0x0, &(0x7f0000001500))

3m41.200841082s ago: executing program 8 (id=2294):
r0 = socket(0x18, 0x800, 0x0)
connect$pppoe(r0, &(0x7f0000000100)={0x18, 0x0, {0x2, @multicast, 'vcan0\x00'}}, 0x1e)
sendmsg$L2TP_CMD_SESSION_DELETE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000010c0)=ANY=[], 0x3c}, 0x1, 0x0, 0x0, 0x4044840}, 0x20008000)

3m41.143063938s ago: executing program 8 (id=2296):
sendmsg$NL80211_CMD_DEL_PMKSA(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x400c1)
r0 = socket$l2tp(0x2, 0x2, 0x73)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10)
syz_emit_ethernet(0x74, &(0x7f0000000000)={@link_local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x73, 0x0, @private=0x300, @multicast1}, {0x0, 0x0, 0xfffffe9a, 0x0, @gue={{0x2}}}}}}}, 0x0)
ioctl$sock_SIOCINQ(r0, 0x541b, 0x0)

3m41.142552847s ago: executing program 8 (id=2298):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x6, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
getegid()

3m41.082196287s ago: executing program 8 (id=2300):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x101091, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262)

3m41.018236196s ago: executing program 8 (id=2302):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r0)
sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000000000000040000001400050003030000000a0000005dc00000000001080002000500000014000600ff01000a00f2f3f31f000a0000000001060001"], 0x4c}, 0x1, 0x0, 0x0, 0x8014}, 0x404c000)
getsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, &(0x7f0000000180))
sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[], 0x4c}, 0x1, 0x0, 0x0, 0x4008004}, 0x4040000)

3m40.953167833s ago: executing program 8 (id=2304):
timer_create(0x2, &(0x7f0000000200)={0x0, 0x3c, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000240)=<r0=>0x0)
timer_settime(r0, 0x1, &(0x7f00000002c0)={{}, {0x77359400}}, 0x0)

3m40.7836457s ago: executing program 39 (id=2304):
timer_create(0x2, &(0x7f0000000200)={0x0, 0x3c, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000240)=<r0=>0x0)
timer_settime(r0, 0x1, &(0x7f00000002c0)={{}, {0x77359400}}, 0x0)

2m1.457060554s ago: executing program 1 (id=3482):
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
getsockopt$rose(r0, 0x104, 0x4, 0x0, 0x0)

2m1.369634166s ago: executing program 1 (id=3484):
r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
bind$x25(r0, &(0x7f00000000c0), 0x12)

2m1.283237228s ago: executing program 1 (id=3486):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)={0x14, 0x0, 0x3, 0x301, 0x70bd28, 0x25dfdbfc, {0x5, 0x0, 0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x20000090)

2m1.220875748s ago: executing program 1 (id=3487):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r2 = open_tree(r1, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r2, &(0x7f00000001c0)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x220)

2m1.139136662s ago: executing program 1 (id=3490):
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000180)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xee01}}, './file0\x00'})
r0 = socket$inet6(0xa, 0x3, 0x3c)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x5000, 0x0, @loopback, 0x5}, 0x1c)
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000100)=',', 0xffdf}], 0x1)

2m0.443474274s ago: executing program 1 (id=3498):
sendto$inet(0xffffffffffffffff, &(0x7f0000000100)="1ce0", 0x2, 0x0, 0x0, 0x0)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
fsetxattr$security_capability(r1, 0x0, 0x0, 0xfffffe04, 0x1)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r2, 0xc008561c, &(0x7f0000000040)={0xf0f002, 0x5})

2m0.25007758s ago: executing program 40 (id=3498):
sendto$inet(0xffffffffffffffff, &(0x7f0000000100)="1ce0", 0x2, 0x0, 0x0, 0x0)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
fsetxattr$security_capability(r1, 0x0, 0x0, 0xfffffe04, 0x1)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r2, 0xc008561c, &(0x7f0000000040)={0xf0f002, 0x5})

1m56.832967139s ago: executing program 3 (id=3499):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000400)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000003c0)={<r1=>0xffffffffffffffff}, 0x111, 0x8}}, 0x20)
write$RDMA_USER_CM_CMD_DISCONNECT(r0, &(0x7f00000004c0)={0xa, 0x4, 0xfa00, {r1}}, 0xc)

1m56.737173901s ago: executing program 3 (id=3536):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
umount2(&(0x7f00000002c0)='./file0/../file0\x00', 0xc)

1m56.736887041s ago: executing program 3 (id=3537):
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000640)='./file0\x00', 0x800, &(0x7f0000000680)={[{@debug}, {@nolazytime}, {@dax_inode}, {@jqfmt_vfsv0}, {@dioread_lock}, {@usrjquota_path={'usrjquota', 0x3d, '.'}}, {@test_dummy_encryption}]}, 0x3, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x6)
ioctl$FS_IOC_RESVSP(r0, 0x40305839, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1000})

1m55.443293878s ago: executing program 3 (id=3553):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'tunl0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=@newqdisc={0x148, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffe, {0x0, 0x0, 0x0, r1, {0x0, 0x1}, {0xffff, 0xffff}, {0x16}}, [@qdisc_kind_options=@q_red={{0x8}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "09000081000000208f29d158039b90627d7b60f0d5ca47f33eed46409b7c8722ce020df6b24c2e6ac7b97dc04d01be2092874115214b1ebb764511f69cd1e9f6263346363d2c639c76000067af25166c2f0f85f36aa8867406119c010400002e31dea98204000000d560eae59ea49ef95d73202a6e3b5e1eb38244e694e7410d33bc92794ad27031f2a19698b5142ddf36e2a876a4fc871207bf12a84f1d4d132f5bb7edcf2d08d677e6a7268e106b6ced3c7f53df24092ddb9e0fac6a1153c3fc88bfd1404fef22cf3e825a6e19c6a48a5444eabb459ac3ec9a278df4011773d2f2e6529ed0ad424b47ec67522477f979360b76d1008000"}, @TCA_RED_PARMS={0x14, 0x1, {0x3f26, 0x7, 0x81, 0xc, 0xb, 0x14, 0x5}}]}}]}, 0x148}}, 0x0)

1m55.246995019s ago: executing program 41 (id=3553):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'tunl0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=@newqdisc={0x148, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffe, {0x0, 0x0, 0x0, r1, {0x0, 0x1}, {0xffff, 0xffff}, {0x16}}, [@qdisc_kind_options=@q_red={{0x8}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "09000081000000208f29d158039b90627d7b60f0d5ca47f33eed46409b7c8722ce020df6b24c2e6ac7b97dc04d01be2092874115214b1ebb764511f69cd1e9f6263346363d2c639c76000067af25166c2f0f85f36aa8867406119c010400002e31dea98204000000d560eae59ea49ef95d73202a6e3b5e1eb38244e694e7410d33bc92794ad27031f2a19698b5142ddf36e2a876a4fc871207bf12a84f1d4d132f5bb7edcf2d08d677e6a7268e106b6ced3c7f53df24092ddb9e0fac6a1153c3fc88bfd1404fef22cf3e825a6e19c6a48a5444eabb459ac3ec9a278df4011773d2f2e6529ed0ad424b47ec67522477f979360b76d1008000"}, @TCA_RED_PARMS={0x14, 0x1, {0x3f26, 0x7, 0x81, 0xc, 0xb, 0x14, 0x5}}]}}]}, 0x148}}, 0x0)

1m22.911567884s ago: executing program 9 (id=3926):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
recvmmsg(r0, &(0x7f0000004980)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)}, 0x4}], 0x1, 0x2, 0x0)
setsockopt$inet_int(r0, 0x0, 0x12, &(0x7f00000001c0)=0x3fd, 0x4)
setsockopt$inet_int(r0, 0x0, 0x7, &(0x7f0000000140)=0x30, 0x4)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x32, &(0x7f00000002c0)={@broadcast, @link_local, @void, {@ipv4={0x800, @udp={{0x6, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty, {[@timestamp={0x44, 0x4, 0xc6}]}}, {0x0, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0)

1m22.846144334s ago: executing program 9 (id=3929):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB="340000003e0007010000000000000000027c00000400fc800c000180060006"], 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0xc050)

1m22.773035337s ago: executing program 9 (id=3931):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000040)={0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0x8}, 0xe)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={<r1=>0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10)
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f0000002040)={r1}, &(0x7f0000003080)=0x8)

1m22.772631056s ago: executing program 9 (id=3932):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
unshare(0x20020400)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0)
mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b100a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='mountinfo\x00')
read$FUSE(r0, &(0x7f00000002c0)={0x2020}, 0x2020)

1m22.660092641s ago: executing program 9 (id=3933):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$inet_int(r0, 0x0, 0x7, &(0x7f0000000080)=0x7, 0x4)
syz_emit_ethernet(0x32, &(0x7f0000000500)={@local, @random="fad1e048716e", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x10, 0x0, @gue={{0x2, 0x0, 0x0, 0x4, 0x0, @val=0x80}}}}}}}, 0x0)
setsockopt$inet_int(r0, 0x0, 0x14, &(0x7f00000001c0)=0x3f7, 0x4)
recvmmsg(r0, &(0x7f0000001980)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2, 0x0)

1m22.358786041s ago: executing program 9 (id=3938):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca0000c441f96ec80fc4c60066400fe2def3ad46c7045300101000f00fc01ec422e10399c5c1202066410f6f15040000000000e1f563df", 0xdc000006, 0x0}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
poll(&(0x7f0000000040)=[{r0, 0x80cd}], 0x1, 0x7)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000001540)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220f"], 0x0}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r2, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x12, r2, 0x0)
sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)

1m22.202955753s ago: executing program 42 (id=3938):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca0000c441f96ec80fc4c60066400fe2def3ad46c7045300101000f00fc01ec422e10399c5c1202066410f6f15040000000000e1f563df", 0xdc000006, 0x0}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
poll(&(0x7f0000000040)=[{r0, 0x80cd}], 0x1, 0x7)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000001540)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220f"], 0x0}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r2, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x12, r2, 0x0)
sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)

4.409702553s ago: executing program 0 (id=4866):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), r0)
sendmsg$NET_DM_CMD_STOP(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)={0x14, r1, 0x1, 0x70bd2c, 0x25dfdbfb}, 0x14}}, 0x800)

4.305657616s ago: executing program 0 (id=4869):
syz_emit_ethernet(0x3e, &(0x7f00000001c0)=ANY=[@ANYBLOB="0180c2000004aaaaaaaaaaaa86dd672d5115000800fffc010000000000000000000000000001ff02000000000000000000000000000188000104ed"], 0x0)

4.211936611s ago: executing program 0 (id=4872):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeef, 0x8031, 0xffffffffffffffff, 0x55779000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
sendmmsg$inet(r4, &(0x7f0000005b40)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10, &(0x7f00000001c0)=[{&(0x7f0000000040)="f37481d90eeaead391345b4da9d27e24c9c670da3afc5c00000000007fffffff00"/50, 0x32}, {&(0x7f0000000140)="ead5e96719a44591801f33", 0xff02}, {&(0x7f0000000180)="f3f97053495b072215aee864193557c0dabdd253711d5ed9b131c5abd8796e5759ab1f639211e68e24bf4471b6ab1429b165c7248cded82bfb4a3f48e8d0", 0x3e}], 0x3, &(0x7f0000000240)=[@ip_retopts={{0x2c, 0x0, 0x7, {[@timestamp_addr={0x44, 0x1c, 0x93, 0x1, 0x0, [{@broadcast}, {}, {@private}]}]}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @multicast2}}}], 0x50}}, {{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000380)="c1ad061c5d914eadd95de7fb63eb7b0306d91c25f3fba6c97eda8ade2420dfe1fe0f5c7a01d724be33a44f1cd52028110d8f7dd4b3421a3fe4b2066d179f938ba15c3956e1aaad35035bcde7b90ed59ee2de06c8a4af3de95bda", 0x5a}], 0x1}}, {{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f0000000480)="f41fa963edcd5e2a5d", 0x9}, {&(0x7f00000004c0)="0c71e8d7705b19c24e8c3ec98b4243ae0be48cd79f024361b8082d328363e63e360e122e7ec929c89aea0b338987609655fb5f5f91cd457584f30946f63e00fd0e8c536ae0106beb7d02fb4eb35db10c37c4bf3f2c6df9254d540598ae9b7098b74908c7da448e8891bc1b46f58553776f43370d090df693f3a4e4a724dbb498e51860bd766e36c41c0a0ee41019a0b05b519107c1fbb944f26f16f9fc127f3cd86c3fdbcf169912fc1c42a4a7051d3e85591ccd24b19681da775dc34c98ad24ab07c6feab583ba1f5efb430a06d66c039dbf40a84f04cfdfca240676e96579502925e57864815d3fe17edaf5cdbc3a4b48843c22372f9f1cf363d8428fe6341fb474ba53db6be689703ce5f7b6639b3493a5aca4c9316df8b4600d73533021932eb359ce7c1f00a54cb1318076ccb00e27ba0934db1867e078ee47b86d3e367b96ba948c3aa029c365eb0dc99685c5fd7bfbd1916b889da42d6ad1ab2466e989b5c8304b1e2190d4efeb9ccbd3a7a48c3b393470fc215e164cb91e238c5a28c4f40b4b99ee8f9481fe62e0bcf0a9831e491dc1150ad9c023217df6432487219a3083b310958cdbc217f99d02a19414987ff1bc176e3267c205827f466ea1912cbc0e304faf034602b85db010d8796d2ab18c2c4badf39db5312ad908d8555c30d0cc7d3bce8b4fcfc5764ed6e8bf4e8e4af6bbb3f82ac014f021dc6cb81cebe4b7d071e4d019719d1b0354ce0a2ff3b66ba7bf0f4598bde90a9115ddc4f197bcd881e0cd0baabb57316e75d108b14acc668ee906acf7bffdff3aef11ecf107b3eccd67a56c6b26e0a9a72d404a7a2dd3da8759e676c0eef6a95890d4f647269d1bf972d75307bd867819f385df6f57a7c28332307f444d1157c303c30a478b056d6e11111398aafcb6fff1b6a985cf888afa04586e35e7d3b292d254acf08a6bd38fbbd22bc9919052e6693c1e454aade6348679e027d1b102618476c9ab1f9928fc7f505046cb8383b9e1d79b961895502cded12f1842705102dffddc11f7bea0bd53833f1a455e661f6bda92d35b1159e1489cf762da76c125060ffedc7cc54238b3bd2d894a91d92a6c5cce9bf5417674a2bd0e38271912f7481e58ec7ab422db826482ffb80ce45dab2cb43105356c292a2fd1db8a758b37d56f46721163f24c075d980a37917cca20acce274c404828efaed50b881a5481f9ad268e99e25884db25426d5a5f338f405748817bba32b89e4c18b0f061e6758d46b5f0f2865b1c41be4f7ff999d289538a8fca45b2cf76a2fc398b7913db0ea85ee4d00156432f764ef888094dceb05c68da62fdf667b511276ac97dcf0b34819d9307cf0066267f94ab80fcc19c9f3d682e6e375ac25d7d6b71ae6d084ca1ed7e21b46b1ca0abc6cd50b3aa40e341cfc0a75f2040cc71c26e6cff3d76cc6c629051c47d8b950d01de19d324f2705e37a7a41364ecc70e5021ef955b50144860dafe6fc8b14fb6c451c0444aef66c3081097b6072c304f17206810b4e937bd5673720071d5f1d964f8bb21ab4ffbda1ece1e95005c6abdf00f78681f37c34936e8c9ba1bf420ba0dbfb84698931da95003dd2a34f59a179420ce004664f0495d1548e04e544c238599e6c41831d05c568607f0cd59153422fea60f7de8c4c1ab308b977e2280372c1f57506c22caf84ef2d912b3dbdd9d05fd1fe78ea2965f9542b0010009efea9c642f1", 0x4c6}], 0x2}}, {{0x0, 0x0, &(0x7f0000004240), 0x300}}], 0x4, 0xc080)

3.515432889s ago: executing program 7 (id=4882):
syz_mount_image$minix(&(0x7f00000000c0), &(0x7f00000001c0)='./file1\x00', 0x1000817, &(0x7f0000000140)=ANY=[@ANYBLOB="0049cef4df796851925f86c004000000e4cf62dc777d55387afc4a70d087ede4c51394f97b0b9047144790d8f3affa2044cbd987d631e3f20494f83c208cf1dcd4ec10f5138b1f4efbdc2a7be39782db000000000000002c2e5cf00c404f4a3246fb740282b4265c2c2c686173682c00"], 0x5, 0x176, &(0x7f0000000200)="$eJzs299K+mAcx/HP/P/zV2JZJ9HBoIM6SVPpj2d1D92A6BJplmQnShBdRBfQ/SXUDWQ43MIpBIZO5/t19Hz2MPd9hGd+B04A1pYpU4YMxYdhP5V9zhlBlwRgQQaSvgYA1lP0Y+rR4b0BQKj1r6S2pPfPp5qicX978JqRdOnORxIT/UP/RdqLjeaNpFL+/uJNOnTPN/5NNiBZKe3Np6d+/tGBe/3/2tCmMho+o2xpezRf987f/WM3BKwXQ3l/HjsQ0U3Ttk68HHdy0csJJ5d8uezlpJPztXu7Pq8lAJhR5Jf9H/Xt/5hv/wNYXZ1u77Zq29bD8g6MmLQEZYRyYC7yoqaCWan71LkMX/jqDAK+MQGYu8Jjq13odHvHzVa1YTWsu9JFqXJWPi2eVwpO55/UWP8PIDx+fvSDrgQAAAAAAAAAAAAAAMwqp52gSwAAAACwIM7/f6/n+zpR0GsEAAAAAAAAAAAAAAAAAAAAwuI7AAD//yEAGGc=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x7f)
write$tun(r0, &(0x7f0000001bc0)=ANY=[], 0x1022)

3.493516679s ago: executing program 7 (id=4883):
socket$nl_route(0x10, 0x3, 0x0)
socket$packet(0x11, 0x2, 0x300)
r0 = epoll_create1(0x0)
r1 = epoll_create1(0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x3, 0x2}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000240)={{}, 0x0, &(0x7f0000000200)='%pS    \x00'}, 0x20)
bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)={0xa000000d})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r4, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r5, {0x2, 0x4e23, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e)
bind$inet6(r5, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)
syz_emit_ethernet(0x50, &(0x7f0000000600)={@link_local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2a}, @val={@void}, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x16, 0x11, 0xff, @remote, @local, {[], {0x0, 0xe22, 0x16, 0x0, @gue={{0x2, 0x0, 0x0, 0x3}, "30b00afe4e79"}}}}}}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000400)={0xa})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'ipvlan0\x00'})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0)
ioctl$sock_inet6_tcp_SIOCINQ(0xffffffffffffffff, 0x8916, &(0x7f0000000000))
epoll_pwait(r0, &(0x7f0000000080)=[{}], 0x1, 0x80000000, 0x0, 0x0)

3.22747672s ago: executing program 0 (id=4886):
syz_mount_image$iso9660(&(0x7f00000000c0), &(0x7f0000000280)='./file0\x00', 0x3800813, &(0x7f0000000480)={[{@cruft}, {@map_acorn}, {@unhide}, {@nojoliet}, {@nojoliet}, {@overriderock}, {@dmode={'dmode', 0x3d, 0x3}}, {@nocompress}, {@overriderock}, {}, {@block={'block', 0x3d, 0x200}}, {}, {@overriderock}, {@nojoliet}, {@map_acorn}]}, 0x1, 0xa61, &(0x7f0000001cc0)="$eJzs3c1vHGcZAPBn1nbsuiVJ21BK1MablKRua5y1QxOsHorjXTtbbC+yHakRh6Y0DopiKLQgtRVSUwlxagUSiAPcKk6cKvVCOaBeENzoiQMS6r9QcQqnRTO7a+/au17b+Kvp7+fs7nw8877P7Mw7b/ZrJvh8qR5rGatWs9sOx6/+cR8y5hC7XPz0/Q/eS2/v3Ikj0RPPJn+KGIiIfERvRDwa0TdVXKjMdSnodsT1iPg4IomI/qg9bsn1SH4ZD6yNfxzJ79N6Ozqy1ZLppsoX2kHvfwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcBglU8VCYSw5EuX5qy/mayLyG0wVFypJVKsb5zSWqfkou+p38tFmdfY26k7/DQw0LvX96Im1kEciIn8mHquNPZZdkLx/IN66/5Hjzz3cm6stm7TJcxf0b73Y19986/bLKyvLr7WdmyS7mNUhU9tHZkrz5cVKeW5yppQvL1byExcvFs5fmV7MT5dnS4vXFpdKc/mphdLkUmUhPzz1VH5sYuJCvjR6rXJ1fqY4OltqTLz09fFC4WL+hdHvlCYXFivz518YXZy6Up6dLc/PZDHp7DTmUrojfru8lF8qTc7l8zdvrSxfWJdZT6zbf9OgsW7rkwaNdwsaL4yPj42Nj4+9U7969uqEi89OPHupUOgt1DwQ9YHYELFHOy2Hy32dN/MeHMVhZ3K1/j9iNsoxH1fjxci3/ZuKYixEJeY6zK9r9P9nz5c2rTay/rvW/9d7+d6m+SfTuzNxqj46MJDdb+j/O+Syf3+vx5vxVtyOl2MlVmI5XjvwjPb3byZKMR/lWIxKlGMuJrMp+fqUfEzExbgYhXgprsRQLEZvTEc5ZqMUi3EtFmMpStkeNRULUYrJWIpKLEQ+hmMqnop8jMVETMSFyEcpRuNaVOJqzMdMFGMyK+Vm3Mqe9wub5LgaNLaVoPFNgjZ05p36/1XrFymt/88J96Dcplt5D47isDPVev9/pHvo8FTLaO/eJQUAAADsqq/+PY6eeOhv/45I4vHsM/np8mypcNBpAQAAALso+7reY+lDXzr0eCRe/wMAAMC9Jsl+Y5dExGAM1YYav4TyJgAAAADcI7LP/09FMrQ2wet/AAAAuMesO8d+m3Psdo1IRhqn/83fqD3eqEfUxpLB6fJsaXSqMvvcWJzLzjKQ/dJgQ2k9EUlf9vODp+N0Ler0YO1xcK3EtM6BNGps9LmxeDrO1Fdk+In04YnhNpHjtcgna5FPNkf2REvkhTQSAO51Zzbpj7fa/z8dI7WIkZNZl997sqUP7sl61oKeFQAOi9Vr7Py3fkmzNv3/qdq5AU516v+/scnr/zTiobg5VPtKwWi8Eq/GStyIkah/42CoXamNqxHUvoYw0uXdgMH6VxY+uZSLkQ3vBwysrmtz7HKMx0jbdwSayk0aOVyoxfXs1VYAgP11ZtN+uNH/Z2+Sd+z/RzZ//d/U5/pKIQAcBqtXsN/uwNDWgw96HQGAVnppAAAAAAAAAAAAAAAAAAAAAAAAAAAA2H1bOoH/P85FrKwsR+z0YgFtBj7565+/1DHm3fsjBraT4eYDudiVnPsjYlfWvTGQ7HaBt3siYlcL3MbA87HtpdJtfBCp3usDyZ2swf5f5RzwgQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB9kUT0tJuei+iPiEJEnN//rPbOnYNOYLfkd7ZYcjfuxhtxdLfTAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4oquf/z8Xtcf7a5OiNxdxNiKuR8R3DzrH7RjoMv/uPuVx+Pwgu286/38uoi+qSfRGtVqtRiR9U8WFyly6KyT96fxP3//gvfTWsci3GwMbr6qQFpDW0HJxiXoNTVP6Wpd6MFtqsLj8+u2fvPqjfPFytmNeXpqeLc7NLHxrLfCR5MPaJRCaL4PQyPdnZ//yq6bJR+qVfxi9nVZkfb3TWb3FjfV+pd3SHerdglsry+NpTUulF5d++sNc86yH4nTEE8MRw601fT+9dajp9Prns1XyWfKL5Gj8Nq5n2z99NpJqkm6iY0k9ZGV59JVXV26s5vT2rTeaCjgeQxFxo7WVdclpKJJO+aQHm8j13by1slzIgtK7E13K21RTiWNrz2vLOjyY7TKD21qHfOd1yHR53usZXVifUTVtJL/+8cNxbtMt3d+mxHNdamwr+Sz5V3Il/hk/b7r+Ry7d/mejbetsU0QWmbsvXZ9sT2me19K8cmfX1ny8ecZL68vs2CrZA+/G9+Kbq9s/lx3/m9vNeId2s3o8er5pYod202haHdpFf2tL3dAu6rq1i40t9Q/HNvQorbXGiXU9Uv3o02mZep4nalEd8vxyPBPRe3JbR5RnuhxRui2/0/b/u2Q4/hN3XP8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4/JKInnbTcxFnI+J4RBxLx/MR1fUxd3ZQX24w2Umau2YnOX/+JB1XNLkbd+ONOLrfGQEAAAAAAACwNy4XP33/g/fSW/Z5fE98LVefk4/ojYjjyW/6pooLlbkuBfVFXG98pD/QPqTD5Lie3j2wNv5xOvZol/oO9usDAPC59r8AAAD//2xZa78=")
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0)
mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc11, 0x0)
mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x887008, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r0, &(0x7f0000006b40)={0x2020}, 0x2020)

3.079949891s ago: executing program 0 (id=4888):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000006c0), 0x48200, 0x0)
r1 = syz_io_uring_setup(0x239, &(0x7f0000000300)={0x0, 0x9c0e, 0x10100}, &(0x7f0000000000)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r1, 0x2df0, 0x0, 0x0, 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000340)=0xf)

2.629896545s ago: executing program 2 (id=4893):
mount$9p_unix(0x0, &(0x7f0000003600)='.\x00', &(0x7f0000003640), 0x2000000, &(0x7f0000003680))

2.629523407s ago: executing program 2 (id=4894):
r0 = socket(0x10, 0x3, 0x0)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
sendmsg$nl_route(r0, &(0x7f0000000380)={&(0x7f0000001300), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)=@bridge_getlink={0x34, 0x12, 0x1, 0x0, 0x0, {}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'wg0\x00'}]}, 0x34}}, 0x0)

2.517299725s ago: executing program 7 (id=4895):
r0 = syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x5, 0x38011, r0, 0x0)

2.516977906s ago: executing program 7 (id=4896):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x9)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$inet6(0xa, 0x1, 0x8010000000000084)
r3 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
ioctl$USBDEVFS_ALLOW_SUSPEND(r3, 0x5522)
ioctl$USBDEVFS_CONTROL(r3, 0xc0105500, &(0x7f0000000040)={0x0, 0xe, 0x1, 0x7, 0x0, 0x7, 0x0})
bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[], 0x140}}, 0x0)
r4 = openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, 0x0)
mmap(&(0x7f0000fed000/0x12000)=nil, 0x12000, 0x2, 0x11, 0xffffffffffffffff, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x317, 0x1, 0x34, 0x9}, 0x9c)

2.432917815s ago: executing program 2 (id=4897):
r0 = socket(0xa, 0x5, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000200)=[@in={0x2, 0x4e24, @empty}], 0x10)
sendmsg$inet_sctp(r0, &(0x7f0000001640)={&(0x7f0000000080)=@in6={0xa, 0x4e24, 0xffff, @rand_addr=' \x01\x00'}, 0x1c, &(0x7f0000000280)=[{&(0x7f0000000040)=')', 0x1}], 0x1, 0x0, 0x0, 0x8000}, 0x20000000)
sendmsg$inet(r0, &(0x7f0000000300)={&(0x7f0000000180)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x26}}, 0x10, &(0x7f00000001c0)=[{&(0x7f0000000240)="01", 0x1}], 0x1}, 0x49ae57ea648cf403)

2.309233395s ago: executing program 0 (id=4898):
syz_mount_image$vfat(&(0x7f0000000400), &(0x7f0000000100)='./file0\x00', 0x1000000, &(0x7f0000000000)=ANY=[@ANYBLOB="6e6f6e756d7461696c2c6e66732c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d697865642c757466383d312c004845160000000000"], 0x1, 0x2bb, &(0x7f0000000440)="$eJzs3UFrE1sYxvGnTW+TprTJhcuFe0E96EY3oY0fQIO0IAaU2hR1IUztREPGpMyESkRsNuLWD+Gq6M6doC7ddCNu3LsrguCmC3HETNImbVrTNklj+/9BmTd5z8OcttPyptDJ2o1n9/NZL5G1ShqMGA1KFa1L8V9VzUDtOFith9WoonOj3z6duH7z1pVUOj01Y8x0avZ80hgzfurNg0cvTr8rjc69Gn8d1mr89trX5OfVf1f/W/sxey/nmZxnCsWSscx8sViy5h3bLOS8fMKYa45tebbJFTzbbepnneLiYtlYhYWx6KJre56xCmWTt8umVDQlt2ysu1auYBKJhBmL6ngbamNNZmVmxkrt2PZDHd0Rum6k1ZOum6q0bmZWerAnAADQZ3af/4NZf+f5Pz0XHNua/18+l9qb/6VOzv8DPf2C9rlK06PfzP84Elw3ZUVrP7/NmP8BAAAAAAAAAAAAAAAAAAAAAPgTrPt+zPf9WP1Y/whLikiqPz7sfaI79vn9v3BI20WHNfzjXkRyni5lljLBMeinssrJka0JxfS9ej3UBPX05fTUhKmK662zXMsvL2VCCtfzdfFW+ZN/TwZ505z/S9HG8ycV0z+tz59smR/W2TMN+YRi+nBHRTlaqF7Xm/nHk8Zcuprekh+prgMAAAAA4ChImA3bXr9X+9UFEW3vB/k9/H1gy+vrIf3fzi0qAQAAAADAgXnlh3nLcWx3H0VY0gHieyj8ga6fonNFSH2xjS3FRUl9sI1eFRFJwTNmP/EvG/G2Un4ba4YkHfTzivTw0jrs30wAAAAAOm1z6N9D6OOTLu4IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDjp937gdXXb2vVG7vEG04X0vuNtwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjp2fAQAA//91iCZA")
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff6000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r0 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a2, 0xc000, 0x8, 0xc1})
setsockopt$bt_hci_HCI_FILTER(0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000140)={0x2, [0x5, 0x2], 0x1ff}, 0x10)
writev(0xffffffffffffffff, &(0x7f0000000080)=[{0x0}], 0x1)
memfd_create(&(0x7f0000000080)='%\x00', 0x3)
io_uring_enter(r0, 0x2219, 0xcf74, 0x16, 0x0, 0x0)

2.14106601s ago: executing program 43 (id=4898):
syz_mount_image$vfat(&(0x7f0000000400), &(0x7f0000000100)='./file0\x00', 0x1000000, &(0x7f0000000000)=ANY=[@ANYBLOB="6e6f6e756d7461696c2c6e66732c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d697865642c757466383d312c004845160000000000"], 0x1, 0x2bb, &(0x7f0000000440)="$eJzs3UFrE1sYxvGnTW+TprTJhcuFe0E96EY3oY0fQIO0IAaU2hR1IUztREPGpMyESkRsNuLWD+Gq6M6doC7ddCNu3LsrguCmC3HETNImbVrTNklj+/9BmTd5z8OcttPyptDJ2o1n9/NZL5G1ShqMGA1KFa1L8V9VzUDtOFith9WoonOj3z6duH7z1pVUOj01Y8x0avZ80hgzfurNg0cvTr8rjc69Gn8d1mr89trX5OfVf1f/W/sxey/nmZxnCsWSscx8sViy5h3bLOS8fMKYa45tebbJFTzbbepnneLiYtlYhYWx6KJre56xCmWTt8umVDQlt2ysu1auYBKJhBmL6ngbamNNZmVmxkrt2PZDHd0Rum6k1ZOum6q0bmZWerAnAADQZ3af/4NZf+f5Pz0XHNua/18+l9qb/6VOzv8DPf2C9rlK06PfzP84Elw3ZUVrP7/NmP8BAAAAAAAAAAAAAAAAAAAAAPgTrPt+zPf9WP1Y/whLikiqPz7sfaI79vn9v3BI20WHNfzjXkRyni5lljLBMeinssrJka0JxfS9ej3UBPX05fTUhKmK662zXMsvL2VCCtfzdfFW+ZN/TwZ505z/S9HG8ycV0z+tz59smR/W2TMN+YRi+nBHRTlaqF7Xm/nHk8Zcuprekh+prgMAAAAA4ChImA3bXr9X+9UFEW3vB/k9/H1gy+vrIf3fzi0qAQAAAADAgXnlh3nLcWx3H0VY0gHieyj8ga6fonNFSH2xjS3FRUl9sI1eFRFJwTNmP/EvG/G2Un4ba4YkHfTzivTw0jrs30wAAAAAOm1z6N9D6OOTLu4IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDjp937gdXXb2vVG7vEG04X0vuNtwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjp2fAQAA//91iCZA")
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff6000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r0 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a2, 0xc000, 0x8, 0xc1})
setsockopt$bt_hci_HCI_FILTER(0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000140)={0x2, [0x5, 0x2], 0x1ff}, 0x10)
writev(0xffffffffffffffff, &(0x7f0000000080)=[{0x0}], 0x1)
memfd_create(&(0x7f0000000080)='%\x00', 0x3)
io_uring_enter(r0, 0x2219, 0xcf74, 0x16, 0x0, 0x0)

1.598837884s ago: executing program 7 (id=4900):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r2, &(0x7f0000001980)={0x0, 0x0, &(0x7f0000001940)={0x0, 0xf4}, 0x1, 0x0, 0x0, 0xc001}, 0x4000000)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x54, 0x10, 0xffffff1f, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x34080}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x2}, @IFLA_GRE_ENCAP_FLAGS={0x6, 0xf, 0x7}, @IFLA_GRE_REMOTE={0x8, 0x7, @dev={0xac, 0x14, 0x14, 0x28}}]}}}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x54}}, 0x0)

1.431936494s ago: executing program 2 (id=4901):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002040)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0xf}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
ioctl(r0, 0x8b1a, &(0x7f0000000040))

110.494051ms ago: executing program 2 (id=4902):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
getsockopt$sock_timeval(r0, 0x1, 0x15, 0x0, &(0x7f00000010c0))

109.917217ms ago: executing program 7 (id=4903):
r0 = syz_mount_image$btrfs(&(0x7f0000000000), &(0x7f00000015c0)='./bus\x00', 0x0, &(0x7f0000001600), 0x0, 0x559e, &(0x7f0000005680)="$eJzs3X9sVeX9B/BzWwoN+C39jhUYfxAgBoMkyJYtjqB4MQa24eKlgsKcCEQlBivYRDcYqUWSZcaghU4EF5GQaDJjscM/FMywy7CMZfzY5hZjs4JSaZZsAzVrHDG69N77XO49l9tembNOXy/SnvPcz3me+9yT88d9X/qcGwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAURUcSc9+d0f3i0ZE1X77/Hz+e+OjGn4zfvX/roVvu23T/gjMjbto5a1nf+mlN8zdsbDjS/PS+ObdGUSLdL5Htf9u136q/88bbvlsdBly+MLOtrS31lJmuJzON4QUP9vcr/FkRRVFVbIDK7PbV7E5FwQC53cbiAQf0Tuui6O7J8ya1dT01bklyYU/xS6df9VBPYKhkr6ue89dSMv27InZErp136SUKLtFM//gF96m8CADgY5mZSm9yb0ezb3Fz7eZ4PdZOxtotsXZ4h9CS37gYmXGHl5rnpHh9iOaZzESFESXnGatnz3+unYr3j7VjUeNjzLPw0GykqS41z7Wx+lDNEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCzZOzxo2tWtD2y575fdtQceff9OVc+8KWOw22LT4y8eunKHWum/HTWsr7105rmb9jYcKT56X1zbo2i2nS/RKZ74kTL5b9NjZ3fvXfcG427n6vpq8yOG7bD8g6OXg87s0ZH0cq8Sk8Y9q81UZQqLKSb0Y7iwl3pnW+HAgAAAJ8nX0n/rsi1M3GwqqCdSKfJRPpfkAmL77Quiu6ePG9SW9dT45YkF/Zc/HipEuMlLzherl17/ieRF4xD/I2Pd74eDm0sGmdg8RHjef7SMWPefmty/eSvT5v7xA3PjOru+r8nZ2xJ/bGu5oUrru+tf/a6ovxfO3D+D2dO/gcAAOA/If/HxxnYYPn/jqVTt7z+i2Grft3a8MTB+h1/bv3OMzsXneq54Ud9L09N3v7o1UX5f1LBUxbl/zDjkP8roovL/wAAAPBZ9t/O/8micQY2WP5vONM3+wcHX6vr+PucxXt+9dAVi8+e/tv8U7t3DV9zR8v6uoeuLMr/M8vL/8Pypx0e/F2Y8OrRUTSz/JMKAAAAFAj/737+o4WQ1zOfHMTz+rX/vKp5380ffPMbD97zpzff/s2xA7MnrdteN/PgyzfVf1j5ve3dRfk/WV7+r/p0Xi4AAABQhuePrpw773jPucfPvtB18vDu3pMznjyzrqnvdOslLatXbTr2WlH+T5WX/0cMzcsBAAAALuDeO59bsfnVl/oe2H/X2Ck9FVc1XpK4ZduOqU0TPuq8tPfy7VuL8v/y8vL/yOw2u/Ih06kz/BVC6+goqu7fWZspHIparskVAAAAgE9IyOlbP1ixbOzOsb3jj59+rObQG4dn/2Vt55yN13RXdW/uXNZ4WdH9AkJiL3X//3Cng7D+v+D+f0Xr//MKmbv+zXZjAAAAAL6Iitfzh9vjZ765oNT375e7/n9J3cQTiba33lv11XMHzo1ZsP/7129aV9/be8+El37/wz9M/6i6KP83l5f/K/O3n+T3/wEAAMBF+F/7/r+lReMMbLD7/zdV9DWsWrd3+uota7csTCw7UH3qwdV731+w5l9Tb36+qea6A0X5v6W8/B+2o/JfXkc4P5tGR9H4/p3s3QR/Hqa7OlZor8orZE58rMeNoUe20D4ir5C2Ntbja6OjaHL/TnOs8P+h0BIrnK3JFnbFCsdCIXs95Ap7YoWOcKVtq8lON154MRSyCyzawwqKUbklEbEe75Xq0V+4YI+u3JMDAAB8oYTwnM2yVYXNKB5l2xODHTBysAMqBjugcrADhsUOiB9Y6vFoeWEhPH575yMbNjVMSb7y8NzHfvbms40T9j1+WV3v5g9f2XbvxJ3TW6YW5f9d5eX/cCqGZzal1v9HYf1/9nsNc+v/l4dCbazQHgqp+B0DUuE5MmH34fActalsj7PjcwUAAAD4XAufC1QO8TwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/s3evcdJVd0JAj/d9INumqaNE9GMk3TUgGakaWwNw+AoaoxGRZpZddxkNBBoEGmE8FgFURtQZxziZ3ztrJnoCAoiu+qHGFeDwUhcxIw6iWLiA/Cxjq7r+h6VGM2E/XTfOkXVrS67EFDa+X7/6DpVv/O89eg69946FwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/xjuPfjlk4YunP0PHzace8nqqqmL/kfH6Mv+cNW3vvjUPy5b9G9h/i9GnLll3kEXHjd/wbR/6Vi++ogzQmjtKleWFC977oqvPtS613HP3jFw48wbb63fUpWpNxMP/Tr/lGfuXBxbfbF/CHeXhVCRDgypSwKVmft1sb5960LYI2wLZEu01SYl0g2HB2pCWBK2BbJVra4JoS4ncMqG+++7vDNxTU0IXwkhVKfbeKY6aaMmHRhUlQRq04HpFUngt1sT2cBPypMA7LD4Zsi+6Fe15mdo6L5ckddf5U7r2KcrPbw+MdFQPN/rR+3iTuWoSj/QukNPW0F17BIFb4+13m294N1WsJ2v8LTlfpHKfEPZui1UHcontk0aP6d9dnykPDQ19SlW0y56np9+e/6E7Un3mtdh7EDDTnkdXvrYiun9lo2+9OrNvxqz4ayaA3a0m0/lbNLc9K5WHTKvuV7zPEajfJ70grdfwbekRl+6Qghbzz17xtfnTDz7iD63PLnu1QcfrNty9pwFvzhz4nmLLj55w7/Pf6lg/t/w0fP/+HKOt+V5uWOrH9Ync/P4SF1MvFmfzM0BAACg1+gNe01Xnv/6X73+/bWtMxed/u23Dj73w71afz3i/gFVB7yxrqn1/I2ff6Vg/t9Y2vH/eMi/Lne0a0MY1ZVYNCCEvbseTwIrY3e+OyCEL3elWvMDR6UCa0PYpytxULaqVIm+sURjKvByfSYwKhVYHwOtqcDyGLgiFbg4BlalAhNiYG0qcHQMhCn54/hqfWYcJQdqYmBcshFXxbMQ3qmPraW21aZsVQAAADtJZnZYmX8351yHHc0Qp5eranrKEM/ALpqhOlVDegabnVYVraGipxrKe6ohO+6Ojx5+Qc1lPdVccBpGWX6GG9f85X2LXjzsC2P3mvj5xUMvmPKz8eGst++uerx5yYtv7XvEzesK5v/NHz3/r+6mI2UFx/9DGNv1N+Yuz0Tas/FxrXkZAAAAgB1w0R//xR61Lw85oGHT+2X3zl/7xKMrfrl5j1NOf3/c8a//8PCaxnsL5v+jSjv/P+4T6ZOTOTwSd0NMHRBCc34gqXZkYSA56t0vEwAAAIDeIHs8PnssfErmNjlFOz2fLszfup3544H/Ud3m//09/7P2jq3/+mLZBd89d0TNgKX/9GrHhBNOPvqW47/1zj4VB/yyvGD+31ra+f+1+bdJJ9bHXlw9IIS+OYEHYy87A10aY+D5I/MDmfGvjxtgcawqc2JCtqrFscS4GGhOBZYUK/FotsTe+YHMk5VtfFF2HFMyJXICAAAA8ImLuwPicfl4/n/LGSNO++vvzfrbha88eN7qCy75q+Ed80eedP/THzbMvXJp2PTmEQXz/3Hbd/5/1zy44PT+9n4hDK0IoU/6hwGP1CYLA8ZAXVkmcW9tUlefdFULa0MY2TmwdFUvZNb/r0ivMfh4TVJVDOy93y1vD+pMLKsJYWhu4IlvLz2sMzEnFcg2flpNCF/qHG268bv6Jo1Xphu/tm8IX8wJZKua0DeEzsaq0lX9r+rMdQzSVa2qDmHPnEC2quHVIcwNAPRW8X/pxNwHZ82dN3V8e3vbzF2YiDvxa8KkKe1tTROmt0+sLtKniak+561jtKBwTKVe+mZTZo2ixSsnV5aSzv5QsDm3rcyO/IIzBzP345ehyq5xHlKZd7clPeQD9y9sIuR8lSo25PJdPOTa3Eq2PYkF9cf8VaFf6DtnVtvMpvPGz549c1jyt9TshyR/43GmZFsNS2+r2u76VsLLo+hyWSkfd1sNyq1k6OxpM4bOmjtvyJRp4ye3TW47p+XQP2sZMXz410YM7RxUc/K3h5EO6q7m1Ei3Li1xWDtxpF+oyKnkk/jQkJCQ6G2J/f7L5odH77n+nOt/9tqPz+/3zdPu3fvImT889KqpD1Xve/ji24ccWDD/n/HR8//4qRM/+DPrMxQ7/t8QD/Mnj287zD8uBpaUevy/odjR/OyJAY2pQEcMdDjMDwAAwGdD3B0Z92bGndKbb1m/buOSlrk/aHin5dY17Utvuum+U39y58ATvjQ47LXhuhM+VzD/7yjt9/87af3/7NL1JxRb5v+gWKK52Pr/6WX+s+v/dxRb/z+9zH92/f8ln8L6/3OygdQmecf6/wAAwGfBJ7f+f4/L+6cvEFCQocfl/dMXCCjI0OMy/qVeIGC71/9f8+Bff6Wq35g7/qTlN/WXvPZ39xzWeuS6zTP/5Etb10+877qxt6wpmP9fUdr838L9AAAAsPv4z5ddU3H02Xff0bJu6sZxbw5+98m3lgzq80HF0Q+3j3xh4Bu3nlcw/19S2vz/k1//LxQ7/7+xWKC12MKA1v8DAACglyq2/t89Q1sa/zCm/x+eHvab5Q/ePPqnj/z898v3+/mJPyvfZ8Gxz8+8bFLB/H9VafP/eNpFeV7u2JsP65M17UJ6Tbs367M/GQAAAIDeoTw0NVWWmDdvYdSjPn6bT2eWAv2odK7vvXLt2ZtfmH7c46ev+7uaEwbvOWHaBasa/2b4gXd+ftQley7ddGrB/H9tafP/vN9lXPrYiun9lo2+9MOrN/9qzIazag7YdvwfAAAA2HVK3S8BAAAAAAAAAAAAAAB8+s7tWHzhI8uOfe+bt//F/kcseXXwbXcd+Lsh/V664qoHJq1648zJXy/4/X8Y21Wu2O//43X/4u8L/igvd2y15/X/MvdPOfH2uV1LFj5SH8L+uYGpC6fuETLX5h+cG7jvjIMGdiYWpkusefbolzoT30kHjh/yuS2dicNTgXFxkcR90oF4VcUt/VOBuLzi4+lA3B6r0oGqTOCy/sk4ytLb6pW6ZFuVpbfVxroQBuQEstvq7rqkjbL0AK9JBbID/F46EAd4ciZQnu7V7f2SXsVAXSx6Q7+kVwAA7Lbit8DKMGlKe1tz/Aofb79QkX8b5S1ZtqCw2rISm9+UWZps8crJlaWk+6S/i2671nhlqO4cwrCCr6u5Wcq6Rrlzaulh0/1RkSH3tNpbeZFyadu76aqKj6gmGVHThOntEyt7HHhLz1kOqegxy7CCyU5ulvKuTVpCLSX0pYQRlbhtSuhyvF8empr6pHL9eQw2hDw9vSJK/b1+7jp/xV4FuXluO/TKt758zE+f++CfP/9E/2+cVnP7rO+/e+KvX7//wEOOuG5C05otBfP/htLm/9W549qSuRhAR7yy3sgBIYwrcUQAAADw2XfbRbfecfr09a9MWlvx5GOPTS0fc3rl1vl3zp93ycZ7Fx9/2cErdjR+2Fm//f5vBu//b89e9dJPR+7zwA03/58nD3v8z3//8I8eeqduZZ+x7xXM/xtLm//HPViZQ8HJ3o618fr/iwaE0HVp/YYksDIO97sDQvhyV6o1lkguqH9CLNGcBFbGHSYHxRLjWvOr6hsDq1KBl+szgbWpwPoYyOyluCVkduVcWR/CYV2psfklZsQSDanAmBhoTAWaYqA5FegfA6NSgdf6ZwKtqcDDMRCm5G+rH/fPbCsAAIDtkZlnVebfDel53qqKnjKU9ZShtqcM5T1lqO4pQ7FRxPt3xAyVqZNXynIyVaZrrUnVUpAhXgx/u/tVkCE8mp8zXbCg6Xj+QfZ8g7L8DFf+4NlT1w+e/tDqzcd8beBt/zhkz4Obp9e9t+CGp3475pzrnv/TQQXz/+bS5v+1+bdJ6+vj/H/b9f+SwIOxe1fHU8cbY+D5I/MDmR0D6+Nkd3G2qtZMicykfXEsMSoGGlOBGTEwKhUYNzYTWDIwP5CZaWcbX5RtfEqmRE4AAAAAPnFxB0HcTRPn/zce9YOr3x8wccuyeTPvH9vyxMmjv3H1XT+6d/9ld767YvCAce99p2D+P6q0+X9sr19uYxfH3rzYP4S7y7b1JhsYUpcE4n6Muvjz+H3rQtgjZwdHtkRbbVKiKtVweKAm+YV6Vbqq1TXJGgPx/ikb7r/v8s7ENTUhfCVn70u2jWeqkzZq0oFBVUmgNh2YXpEE4p6fbOAn5UkAdlh2r2B8QWVOdclq6L5ckdffZ+WaoOnhFewD7SZfd7+52lWq0w9k9qlmbd/TVlAdu0TB22Otd1tvfLc1eLflfpHKfEPZui1UHcontk0aP6d9dnwk95esBXbR85z7K9VS0jvhddjx8Xvbs+p0B5pTHx/N3Zfr/nVYFqu79LEV0/stG33p1Zt/NWbDWTUHlNyNIuIPhX+05X9XPpWzeXe16pB5zfW6z5NWnye98d9Ao6cthHDZ9cfsu+TdX+/33A3Pnbqu7Maxr/7lrHs2Lf+bysNHrXv/yaGjLy+Y/7eWNv+vSN12+V3cmLMGhHBgzsZ9JG7+YwYkn4M5geRTcs/CQHLI/V/ri35yAgAAwM6W3d2R3V8wJXObnBCenicX5m/dzvxxf8WobvOX2u9j121cedLQN6474G8vOPGNv7/28Kceuv6ysnXL//vYD1avuXzxe08UzP/HffT8v2+qm47/O/7PLuL4f7d2913RfdMPdOzQruiC6tglHP/v1u7+bnP8v1uO/zv+3x3H/3vg+H+3dvenreBb0gxfujonwdff+fPfTbzpg7mN+x180lPPHDrxun+6quXuu0555b+de9601761uWD+P6O0+b/1/7pftC+7/t+4Yuv/zSi2/l+H9f8AAIBdqshCc+l5XsHqfQUZ0qv3FWTocYHAHpcYtP7fdq//t3Dkv1904Q+fb7n2nTvHXb5m07Fnvvr0utXPzFpx3Lnnv9V6112tBfP/jtLm//Hl0C+39d6y/l/j2CJVXREDMywMCAAAwO6o2A4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPl2HnvbO+5d8/R/aBv1ixc1/f+v/+7/P1q594JvfuGn4L6f86RllazZcM+LMLfMOuvC4+Qum/UvH8tVHnBHClK5yZUnxsueu+OpDrXsd9+wdAzfOvPHW+i3VmXorM7d/nJc7tvphfQhLch6pi4k36zvvbAuccuLtcys6E4/Uh7B/bmDqwql7dCaW14cwODdw3xkHDexMLEyXWPPs0S91Jr6TDhw/5HNbOhOHZwJl6e5e1z/pblm6u5f3D2FATiDb3bP751eVbeO4TKA83caKuqSNGKiLRa+tS9qIgfZYYkrfEIZWhNAnXdU/VydV9UlXdU91UlWfdFUXVYcwMoRQka7quaqkqor0yB+tSqqKgb33u+XtQZ2JpVUhDM0NPPHtpYd1JmamAtnG/1NVCF/qfMmkG/9xZdJ4Zbrx/1oZwhdDCFXpEu9VJCWq0iVeqAhhz5zAto1YEcLcwGdD/PSZmPvgrLnzpo5vb2+buQsTVZm2asKkKe1tTROmt0+sTvWpmLKc9NYFH3/sm96eP6HzdvHKyZWlpCsy5Sq7unxIZd7dlt2997FftbmVbHs+CuqP+atCv9B3zqy2mU3njZ89e+aw5G+p2Q9J/vbJRJNtNay3bKtBuZUMnT1txtBZc+cNmTJt/OS2yW3ntBz6Zy0jhg//2oihnYNqTv7ujJEu/eRH+oWKnEo+ife/hIREb0uU5326Ne/un+MFX/S3dbQyVHd9QBdMK3KzlHWNcmcM+qiPOeKP8zWlxxENK5g4FGQ5pOcsLQWTiW1ZapIsXV/rCiaHuTWVd23SeL88NDX1KbYdGvLv5m7e13dg8z6d2XSlpgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCwAAAAAIMzfOoyeDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4FAAA//8fSxmR")
ioctl$BTRFS_IOC_QGROUP_CREATE(r0, 0xc4089434, &(0x7f0000000740)={0x1, 0x4})

0s ago: executing program 2 (id=4904):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, 0x0, 0x0)
sendmsg$NFNL_MSG_ACCT_GET(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x18, 0x1, 0x7, 0x101, 0x0, 0x0, {0x7, 0x0, 0x1}, [@NFACCT_FILTER={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x8000}, 0x4)
ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f00000000c0)={0x4000001, 0x71, 0x200000009})
pread64(r0, 0x0, 0x2000, 0xce2)
syz_usb_connect(0x0, 0x24, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000005e00))
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
connect$inet6(r3, &(0x7f0000000040)={0xa, 0x4e23, 0x2, @dev={0xfe, 0x80, '\x00', 0x32}, 0x9}, 0x1c)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000100)={0x1})

kernel console output (not intermixed with test programs):

alid length.
[  347.807478][T13490] loop1: detected capacity change from 0 to 256
[  347.811895][T13490] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  347.816330][T13490] exFAT-fs (loop1): Medium has reported failures. Some data may be lost.
[  347.825993][T13490] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62dd34a, utbl_chksum : 0xe619d30d)
[  348.183545][T13498] loop1: detected capacity change from 0 to 4096
[  348.194491][T13498] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  348.208900][T13498] EXT4-fs (loop1): shut down requested (2)
[  348.236755][T11764] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  348.409206][T13506] loop9: detected capacity change from 0 to 256
[  348.434264][T13506] UDF-fs: error (device loop9): udf_read_tagged: read failed, block=256, location=256
[  348.440470][T13506] UDF-fs: error (device loop9): udf_read_tagged: read failed, block=512, location=512
[  348.444544][T13506] UDF-fs: warning (device loop9): udf_load_vrs: No anchor found
[  348.447784][T13506] UDF-fs: Scanning with blocksize 512 failed
[  348.452194][T13506] UDF-fs: error (device loop9): udf_read_tagged: read failed, block=256, location=256
[  348.458564][T13506] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  348.709587][ T5849] usb 10-1: new high-speed USB device number 25 using dummy_hcd
[  348.872104][ T5849] usb 10-1: Using ep0 maxpacket: 16
[  348.876508][ T5849] usb 10-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 255, changing to 7
[  348.885076][ T5849] usb 10-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  348.896194][ T5849] usb 10-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  348.900997][ T5849] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  348.904370][ T5849] usb 10-1: Product: syz
[  348.906367][ T5849] usb 10-1: SerialNumber: syz
[  349.125385][ T5849] usb 10-1: 2:1 : unknown format tag 0x0 is detected.  processed as MPEG.
[  349.128201][ T5849] usb 10-1: found format II with max.bitrate = 0, frame size=0
[  349.133674][ T5849] usb 10-1: 2:1 : unknown format tag 0x0 is detected.  processed as MPEG.
[  349.136634][ T5849] usb 10-1: found format II with max.bitrate = 0, frame size=0
[  349.147553][ T5849] usb 10-1: failed to enable PITCH for EP 0x82
[  349.152538][ T5849] usb 10-1: unit 4 not found!
[  349.184037][ T5849] usb 10-1: USB disconnect, device number 25
[  349.356257][T13534] 9pnet_fd: p9_fd_create_unix (13534): address too long: ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  349.385104][T13536] loop1: detected capacity change from 0 to 512
[  349.423663][T13536] EXT4-fs: Ignoring removed bh option
[  349.426425][T13536] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  349.434622][T13536] EXT4-fs (loop1): 1 truncate cleaned up
[  349.437270][T13536] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  349.467943][T11764] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  349.507776][T13540] veth0_to_team: entered promiscuous mode
[  349.509960][T13540] veth0_to_team: entered allmulticast mode
[  349.703408][T13553] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3059'.
[  349.708358][T13554] loop9: detected capacity change from 0 to 128
[  349.718373][T13554] EXT4-fs: Ignoring removed nobh option
[  349.741430][T13554] EXT4-fs (loop9): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  349.751444][T13554] ext4 filesystem being mounted at /475/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  349.788690][ T9458] EXT4-fs (loop9): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  351.066890][T13596] netlink: 'syz.7.3076': attribute type 1 has an invalid length.
[  351.072018][T13596] netlink: 'syz.7.3076': attribute type 4 has an invalid length.
[  351.074515][T13596] netlink: 9462 bytes leftover after parsing attributes in process `syz.7.3076'.
[  351.078126][T13596] netlink: 'syz.7.3076': attribute type 1 has an invalid length.
[  351.085858][T13596] netlink: 'syz.7.3076': attribute type 4 has an invalid length.
[  351.091135][T13596] netlink: 9462 bytes leftover after parsing attributes in process `syz.7.3076'.
[  351.494453][T13611] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it.
[  351.498215][T13611] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.
[  351.503923][T13611] overlayfs: missing 'lowerdir'
[  351.882556][T13633] loop9: detected capacity change from 0 to 512
[  351.885299][T13633] /dev/loop9: Can't open blockdev
[  351.963413][T13638] netlink: 4 bytes leftover after parsing attributes in process `syz.9.3094'.
[  351.982431][T13638] netlink: 72 bytes leftover after parsing attributes in process `syz.9.3094'.
[  351.985570][T13638] A link change request failed with some changes committed already. Interface veth1_macvtap may have been left with an inconsistent configuration, please check.
[  352.293214][T13668] netlink: 12 bytes leftover after parsing attributes in process `syz.7.3109'.
[  352.320603][T13663] loop9: detected capacity change from 0 to 4096
[  352.629592][   T24] libceph: connect (1)[c::]:6789 error -101
[  352.631913][   T24] libceph: mon0 (1)[c::]:6789 connect error
[  352.729944][T13699] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3122'.
[  353.128939][   T24] libceph: connect (1)[c::]:6789 error -101
[  353.148507][   T24] libceph: mon0 (1)[c::]:6789 connect error
[  353.223677][T13693] ceph: No mds server is up or the cluster is laggy
[  353.340975][   T33] audit: type=1326 audit(1757384475.143:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13692 comm="syz.9.3121" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f492358ebe9 code=0x0
[  353.378566][T13710] loop1: detected capacity change from 0 to 256
[  353.655690][T13722] loop1: detected capacity change from 0 to 8
[  353.682465][T13722] SQUASHFS error: zlib decompression failed, data probably corrupt
[  353.694915][T13722] SQUASHFS error: Failed to read block 0x9b: -5
[  353.697426][T13722] SQUASHFS error: Unable to read metadata cache entry [99]
[  353.700774][T13722] SQUASHFS error: Unable to read inode 0x127
[  353.905303][T13739] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3141'.
[  354.679661][T13768] block nbd9: NBD_DISCONNECT
[  354.689837][T13768] block nbd9: Send disconnect failed -22
[  354.698411][T13762] block nbd9: Disconnected due to user request.
[  354.719545][T13762] block nbd9: shutting down sockets
[  354.920264][T13767] loop1: detected capacity change from 0 to 32768
[  354.935409][T13767] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  355.013159][T11764] ocfs2: Unmounting device (7,1) on (node local)
[  355.325197][T13801] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_to_hsr, syncid = 0, id = 0
[  356.130854][ T6187] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  356.289882][ T6187] usb 2-1: Using ep0 maxpacket: 32
[  356.301984][ T6187] usb 2-1: config 2 has an invalid interface number: 194 but max is 0
[  356.305231][ T6187] usb 2-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  356.308926][ T6187] usb 2-1: config 2 has no interface number 0
[  356.314542][ T6187] usb 2-1: config 2 interface 194 altsetting 0 bulk endpoint 0xA has invalid maxpacket 7
[  356.318668][ T6187] usb 2-1: config 2 interface 194 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 4
[  356.324755][ T6187] usb 2-1: New USB device found, idVendor=0499, idProduct=1025, bcdDevice=9c.f6
[  356.328681][ T6187] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  356.343521][T13808] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  356.425043][T13829] loop9: detected capacity change from 0 to 512
[  356.452429][T13829] EXT4-fs (loop9): corrupt root inode, run e2fsck
[  356.455200][T13829] EXT4-fs (loop9): mount failed
[  356.561775][ T6187] usb 2-1: string descriptor 0 read error: -71
[  356.566255][ T6187] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  356.601405][ T6187] usb 2-1: USB disconnect, device number 12
[  356.789662][T13835] loop9: detected capacity change from 0 to 32768
[  356.804673][T13835] XFS (loop9): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  356.824447][T13835] XFS (loop9): Ending clean mount
[  356.893648][ T9458] XFS (loop9): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  358.225830][T13863] overlayfs: failed to clone upperpath
[  358.536599][T13871] loop9: detected capacity change from 0 to 16
[  358.553028][T13871] erofs (device loop9): mounted with root inode @ nid 36.
[  359.128942][T13876] erofs (device loop9): bogus lookback distance 1586 @ lcn 46 of nid 36
[  359.133359][T13876] erofs (device loop9): readahead error at folio 47 @ nid 36
[  359.136362][T13876] erofs (device loop9): bogus lookback distance 1586 @ lcn 46 of nid 36
[  359.139760][T13876] erofs (device loop9): readahead error at folio 46 @ nid 36
[  359.142644][T13876] erofs (device loop9): readahead error at folio 45 @ nid 36
[  359.145742][T13876] erofs (device loop9): bogus lookback distance 1388 @ lcn 42 of nid 36
[  359.149006][T13876] erofs (device loop9): readahead error at folio 43 @ nid 36
[  359.152218][T13876] erofs (device loop9): bogus lookback distance 1388 @ lcn 42 of nid 36
[  359.155654][T13876] erofs (device loop9): readahead error at folio 42 @ nid 36
[  359.158550][T13876] erofs (device loop9): bogus lookback distance 774 @ lcn 40 of nid 36
[  359.161945][T13876] erofs (device loop9): readahead error at folio 41 @ nid 36
[  359.164934][T13876] erofs (device loop9): bogus lookback distance 774 @ lcn 40 of nid 36
[  359.168147][T13876] erofs (device loop9): readahead error at folio 40 @ nid 36
[  359.171178][T13876] erofs (device loop9): readahead error at folio 39 @ nid 36
[  359.174093][T13876] erofs (device loop9): readahead error at folio 38 @ nid 36
[  359.177517][T13876] erofs (device loop9): readahead error at folio 36 @ nid 36
[  359.180844][T13876] erofs (device loop9): bogus lookback distance 1468 @ lcn 31 of nid 36
[  359.184095][T13876] erofs (device loop9): readahead error at folio 31 @ nid 36
[  359.187211][T13876] erofs (device loop9): readahead error at folio 25 @ nid 36
[  359.190282][T13876] erofs (device loop9): readahead error at folio 24 @ nid 36
[  359.193364][T13876] erofs (device loop9): readahead error at folio 19 @ nid 36
[  359.200893][T13876] syz.9.3190: attempt to access beyond end of device
[  359.200893][T13876] loop9: rw=524288, sector=784, nr_sectors = 64 limit=16
[  359.206457][T13876] syz.9.3190: attempt to access beyond end of device
[  359.206457][T13876] loop9: rw=524288, sector=13478624080, nr_sectors = 24 limit=16
[  359.212295][T13876] syz.9.3190: attempt to access beyond end of device
[  359.212295][T13876] loop9: rw=524288, sector=13478624032, nr_sectors = 48 limit=16
[  359.218120][T13876] syz.9.3190: attempt to access beyond end of device
[  359.218120][T13876] loop9: rw=524288, sector=16, nr_sectors = 16 limit=16
[  359.702119][T13869] loop1: detected capacity change from 0 to 32768
[  359.766799][T13869] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  359.766818][T13869]   allowing incompatible features above 0.0: (unknown version)
[  359.766824][T13869]   features: 
[  359.780493][T13869] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0
[  359.783853][T13869] bcachefs (loop1): initializing new filesystem
[  359.793552][T13869] bcachefs (loop1): going read-write
[  359.804096][T13869] bcachefs (loop1): marking superblocks
[  359.824607][T13869] bcachefs (loop1): initializing freespace
[  359.837486][T13869] bcachefs (loop1): done initializing freespace
[  359.847452][T13869] bcachefs (loop1): reading snapshots table
[  359.849360][T13869] bcachefs (loop1): reading snapshots done
[  359.878319][T13869] bcachefs (loop1): done starting filesystem
[  359.911113][T11764] bcachefs (loop1): shutting down
[  359.916775][T11764] bcachefs (loop1): going read-only
[  359.918847][T11764] bcachefs (loop1): finished waiting for writes to stop
[  359.922673][T11764] bcachefs (loop1): flushing journal and stopping allocators, journal seq 3
[  359.963715][T11764] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 3
[  359.968388][T11764] bcachefs (loop1): clean shutdown complete, journal seq 4
[  359.975720][T11764] bcachefs (loop1): marking filesystem clean
[  360.094545][T11764] bcachefs (loop1): shutdown complete
[  360.153928][T13897] program syz.9.3197 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  360.285079][T13907] loop9: detected capacity change from 0 to 128
[  360.291955][T13907] hpfs: hpfs_map_4sectors(): unaligned read
[  360.293994][T13907] hpfs: filesystem error: can't load hotfix map; already mounted read-only
[  360.300264][T13907] hpfs: hpfs_map_sector(): read error
[  360.388814][T13914] loop9: detected capacity change from 0 to 8
[  360.397880][T13914] SQUASHFS error: xz decompression failed, data probably corrupt
[  360.400994][T13914] SQUASHFS error: Failed to read block 0x108: -5
[  360.403402][T13914] SQUASHFS error: Unable to read metadata cache entry [106]
[  360.405816][T13914] SQUASHFS error: Unable to read inode 0x11f
[  360.485277][T13918] input: syz0 as /devices/virtual/input/input19
[  361.095323][T13934] loop9: detected capacity change from 0 to 32768
[  361.156939][T13934] XFS (loop9): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  361.193933][T13934] XFS (loop9): Ending clean mount
[  361.336715][ T9458] XFS (loop9): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  361.989127][T13967] loop9: detected capacity change from 0 to 4096
[  362.034220][T13967] ntfs3(loop9): ino=5, "/" indx_read
[  362.036526][T13967] ntfs3(loop9): Mark volume as dirty due to NTFS errors
[  362.066461][T13967] ntfs3(loop9): ino=5, "/" ntfs_readdir
[  362.582844][   T24] usb 10-1: new high-speed USB device number 26 using dummy_hcd
[  362.760439][   T24] usb 10-1: Using ep0 maxpacket: 16
[  362.769211][   T24] usb 10-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice=10.00
[  362.774806][   T24] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  362.778869][   T24] usb 10-1: Product: syz
[  362.782496][   T24] usb 10-1: Manufacturer: syz
[  362.785722][   T24] usb 10-1: SerialNumber: syz
[  362.790748][   T24] usb 10-1: config 0 descriptor??
[  362.795638][   T24] ftdi_sio 10-1:0.0: FTDI USB Serial Device converter detected
[  362.803709][   T24] usb 10-1: Detected FT-X
[  362.998249][   T24] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[  363.132720][T13991] loop1: detected capacity change from 0 to 256
[  363.152792][T13991] FAT-fs (loop1): Directory bread(block 64) failed
[  363.155519][T13991] FAT-fs (loop1): Directory bread(block 65) failed
[  363.158492][T13991] FAT-fs (loop1): Directory bread(block 66) failed
[  363.163126][T13991] FAT-fs (loop1): Directory bread(block 67) failed
[  363.168588][T13991] FAT-fs (loop1): Directory bread(block 68) failed
[  363.175665][T13991] FAT-fs (loop1): Directory bread(block 69) failed
[  363.178643][T13991] FAT-fs (loop1): Directory bread(block 70) failed
[  363.183729][T13991] FAT-fs (loop1): Directory bread(block 71) failed
[  363.188300][T13991] FAT-fs (loop1): Directory bread(block 72) failed
[  363.194794][T13991] FAT-fs (loop1): Directory bread(block 73) failed
[  363.455578][   T24] usb 10-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  363.602651][T13999] FAT-fs (loop1): Filesystem has been set read-only
[  363.674567][   T33] audit: type=1800 audit(1757384485.433:99): pid=13999 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3236" name="cpu.stat" dev="loop1" ino=1048725 res=0 errno=0
[  363.734578][   T10] usb 10-1: USB disconnect, device number 26
[  363.849353][   T10] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  363.853544][   T10] ftdi_sio 10-1:0.0: device disconnected
[  364.906349][T14028] loop9: detected capacity change from 0 to 512
[  364.909798][T14028] EXT4-fs: Ignoring removed i_version option
[  364.934921][T14028] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode
[  364.967494][T14028] EXT4-fs (loop9): 1 truncate cleaned up
[  364.971142][T14028] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  365.019553][T14028] EXT4-fs warning (device loop9): ext4_group_extend:1891: can't read last block, resize aborted
[  365.091693][ T9458] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  365.508513][T14049] loop1: detected capacity change from 0 to 512
[  365.532537][T14049] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  365.541213][T14049] ext4 filesystem being mounted at /272/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  365.571214][T14049] EXT4-fs: Ignoring removed nomblk_io_submit option
[  365.597885][T14049] EXT4-fs: Cannot change journaled quota options when quota turned on
[  365.650588][T11764] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  366.060422][T14078] netlink: set zone limit has 4 unknown bytes
[  366.652585][ T5849] usb 2-1: new full-speed USB device number 13 using dummy_hcd
[  366.845428][ T6144] Bluetooth: hci0: command tx timeout
[  366.858038][ T5849] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  366.863481][ T5849] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  366.879646][ T5849] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  366.882443][ T5849] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  366.898711][ T5849] usb 2-1: Product: syz
[  366.900126][ T5849] usb 2-1: Manufacturer: syz
[  366.901534][ T5849] usb 2-1: SerialNumber: syz
[  367.164023][ T5849] usb 2-1: 0:2 : does not exist
[  367.190349][ T5849] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[  367.281396][ T5849] usb 2-1: USB disconnect, device number 13
[  368.509465][T14107] loop9: detected capacity change from 0 to 128
[  368.908911][T14124] loop1: detected capacity change from 0 to 512
[  369.047114][T14124] Quota error (device loop1): v2_read_file_info: Free block number 1 out of range (1, 6).
[  369.054170][T14124] EXT4-fs warning (device loop1): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  369.074062][T14124] EXT4-fs (loop1): mount failed
[  369.296280][T14133] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3294'.
[  369.778214][T14139] loop1: detected capacity change from 0 to 4096
[  369.847294][T14139] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512).
[  370.169576][T14139] overlayfs: upper fs does not support tmpfile.
[  370.218930][T14139] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  371.804583][T14164] loop1: detected capacity change from 0 to 8192
[  372.121660][T14164]  loop1: p1 p2 p3 p4[EZD]
[  372.138161][T14164] loop1: p1 start 171116544 is beyond EOD, truncated
[  372.195469][T14164] loop1: p3 start 360447 is beyond EOD, truncated
[  372.201787][T14164] loop1: p4 size 262912 extends beyond EOD, truncated
[  373.128911][T14194] loop1: detected capacity change from 0 to 4096
[  374.538037][T14209] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3324'.
[  374.600611][T14204] loop1: detected capacity change from 0 to 32768
[  374.603795][T14204] bcachefs: bch2_fs_parse_param() Error parsing option move_bytes_in_flight: option_value
[  375.002289][   T10] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  375.086502][T14226] netlink: 'syz.9.3332': attribute type 3 has an invalid length.
[  375.133923][T14228] netlink: 8 bytes leftover after parsing attributes in process `syz.9.3333'.
[  375.163195][   T10] usb 2-1: Using ep0 maxpacket: 8
[  375.168647][   T10] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x99, changing to 0x89
[  375.173953][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[  375.181933][   T10] usb 2-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[  375.187682][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  375.190992][   T10] usb 2-1: Product: syz
[  375.192619][   T10] usb 2-1: Manufacturer: syz
[  375.194447][   T10] usb 2-1: SerialNumber: syz
[  375.200678][   T10] usb 2-1: config 0 descriptor??
[  375.280390][   T10] rc_core: IR keymap rc-streamzap not found
[  375.282872][   T10] Registered IR keymap rc-empty
[  375.288698][   T10] rc rc0: Streamzap PC Remote Infrared Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[  375.305960][   T10] input: Streamzap PC Remote Infrared Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input20
[  375.480361][   T24] usb 2-1: USB disconnect, device number 14
[  376.492373][T14248] netlink: 'syz.7.3341': attribute type 9 has an invalid length.
[  376.821276][T14263] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3347'.
[  377.127825][T14286] No source specified
[  377.242427][T14297] loop1: detected capacity change from 0 to 22
[  377.245424][T14297] MTD: Attempt to mount non-MTD device "/dev/loop1"
[  377.263837][T14297] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  377.314899][T14299] netlink: 72 bytes leftover after parsing attributes in process `syz.7.3365'.
[  377.660089][T14324] loop1: detected capacity change from 0 to 128
[  377.663058][T14324] EXT4-fs: Ignoring removed nobh option
[  377.669079][T14324] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  377.674448][T14324] ext4 filesystem being mounted at /318/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  377.684211][T14324] fscrypt (loop1, inode 12): Unsupported log2_data_unit_size in encryption policy: 179
[  377.710525][T11764] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  377.744535][T14328] loop1: detected capacity change from 0 to 512
[  377.823257][T14330] sctp: [Deprecated]: syz.9.3379 (pid 14330) Use of struct sctp_assoc_value in delayed_ack socket option.
[  377.823257][T14330] Use struct sctp_sack_info instead
[  377.928527][T14343] loop9: detected capacity change from 0 to 512
[  377.931324][T14343] EXT4-fs: Ignoring removed mblk_io_submit option
[  377.935790][T14343] EXT4-fs (loop9): mounting ext3 file system using the ext4 subsystem
[  377.943509][T14343] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a042c118, mo2=0002]
[  377.946140][T14343] System zones: 1-12
[  377.947624][T14343] EXT4-fs error (device loop9): ext4_iget_extra_inode:5104: inode #15: comm syz.9.3385: corrupted in-inode xattr: e_value size too large
[  377.954248][T14343] EXT4-fs error (device loop9): ext4_orphan_get:1397: comm syz.9.3385: couldn't read orphan inode 15 (err -117)
[  377.959294][T14343] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  378.001250][ T9458] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  378.240043][T14358] loop9: detected capacity change from 0 to 1764
[  378.268421][T14358] iso9660: Corrupted directory entry in block 2 of inode 1920
[  378.380723][ T7434] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  378.565432][ T7434] usb 2-1: Using ep0 maxpacket: 32
[  378.579384][ T7434] usb 2-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b
[  378.585810][ T7434] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  378.591108][ T7434] usb 2-1: Product: syz
[  378.592886][ T7434] usb 2-1: Manufacturer: syz
[  378.605108][ T7434] usb 2-1: SerialNumber: syz
[  378.616282][ T7434] usb 2-1: config 0 descriptor??
[  378.845684][T14400] loop9: detected capacity change from 0 to 512
[  378.854853][ T7434] peak_usb 2-1:0.0 can0: unable to request usb[type=0 value=1] err=-71
[  378.857941][ T7434] peak_usb 2-1:0.0: unable to read PCAN-USB Pro firmware info (err -71)
[  378.863870][T14400] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode
[  378.879183][T14402] overlayfs: failed to clone upperpath
[  378.889224][T14400] EXT4-fs (loop9): 1 truncate cleaned up
[  378.897853][T14400] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  378.913866][   T33] audit: type=1800 audit(1757384499.789:100): pid=14400 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.3412" name="file1" dev="loop9" ino=15 res=0 errno=0
[  378.922380][   T33] audit: type=1800 audit(1757384499.789:101): pid=14400 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.3412" name="file1" dev="loop9" ino=15 res=0 errno=0
[  378.952444][ T7434] peak_usb 2-1:0.0: probe with driver peak_usb failed with error -71
[  378.967137][ T7434] usb 2-1: USB disconnect, device number 15
[  379.009669][ T9458] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  379.072867][T14409] netlink: 8 bytes leftover after parsing attributes in process `syz.9.3417'.
[  379.134948][T14411] loop9: detected capacity change from 0 to 736
[  379.177540][T14411] rock: directory entry would overflow storage
[  379.180541][T14411] rock: sig=0x00, size=4, remaining=3
[  379.349812][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[  379.506425][T14413] loop9: detected capacity change from 0 to 32768
[  379.628031][T14424] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3421'.
[  379.632368][T14424] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3421'.
[  379.649951][T14413] bcachefs (loop9): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,checksum_err_retry_nr=12,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,degraded=yes,nojournal_transaction_names
[  379.649977][T14413]   allowing incompatible features above 0.0: (unknown version)
[  379.649986][T14413]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  379.674194][T14413] bcachefs (loop9): Using encoding defined by superblock: utf8-12.1.0
[  379.677549][T14413] bcachefs (loop9): initializing new filesystem
[  379.700555][T14413] bcachefs (loop9): going read-write
[  379.715004][T14413] bcachefs (loop9): marking superblocks
[  379.748182][T14413] bcachefs (loop9): initializing freespace
[  379.769075][T14413] bcachefs (loop9): done initializing freespace
[  379.775762][T14413] bcachefs (loop9): reading snapshots table
[  379.778295][T14413] bcachefs (loop9): reading snapshots done
[  379.828275][T14413] bcachefs (loop9): done starting filesystem
[  379.912124][ T9458] bcachefs (loop9): shutting down
[  379.918929][ T9458] bcachefs (loop9): going read-only
[  379.922919][ T9458] bcachefs (loop9): finished waiting for writes to stop
[  379.930711][ T9458] bcachefs (loop9): flushing journal and stopping allocators, journal seq 2
[  379.943269][   T33] audit: type=1326 audit(1757384500.752:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14432 comm="syz.7.3424" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbcaf8ebe9 code=0x7ffc0000
[  379.993925][   T33] audit: type=1326 audit(1757384500.752:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14432 comm="syz.7.3424" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbcaf8ebe9 code=0x7ffc0000
[  380.004490][   T33] audit: type=1326 audit(1757384500.761:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14432 comm="syz.7.3424" exe="/syz-executor" sig=0 arch=c000003e syscall=29 compat=0 ip=0x7ffbcaf8ebe9 code=0x7ffc0000
[  380.012330][ T9458] bcachefs (loop9): flushing journal and stopping allocators complete, journal seq 3
[  380.013697][   T33] audit: type=1326 audit(1757384500.761:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14432 comm="syz.7.3424" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbcaf8ebe9 code=0x7ffc0000
[  380.040182][   T33] audit: type=1326 audit(1757384500.761:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14432 comm="syz.7.3424" exe="/syz-executor" sig=0 arch=c000003e syscall=30 compat=0 ip=0x7ffbcaf8ebe9 code=0x7ffc0000
[  380.040257][ T9458] bcachefs (loop9): clean shutdown complete, journal seq 4
[  380.054150][   T33] audit: type=1326 audit(1757384500.771:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14432 comm="syz.7.3424" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbcaf8ebe9 code=0x7ffc0000
[  380.063676][ T9458] bcachefs (loop9): marking filesystem clean
[  380.091073][   T33] audit: type=1326 audit(1757384500.771:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14432 comm="syz.7.3424" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbcaf8ebe9 code=0x7ffc0000
[  380.099942][   T33] audit: type=1326 audit(1757384500.771:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14432 comm="syz.7.3424" exe="/syz-executor" sig=0 arch=c000003e syscall=25 compat=0 ip=0x7ffbcaf8ebe9 code=0x7ffc0000
[  380.119512][ T9458] bcachefs (loop9): shutdown complete
[  381.180834][T14485] loop1: detected capacity change from 0 to 1024
[  381.185733][T14485] EXT4-fs: Ignoring removed nobh option
[  381.187961][T14485] EXT4-fs: Ignoring removed bh option
[  381.196136][T14485] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  381.217640][T14485] syz_tun: entered allmulticast mode
[  381.282099][T14485] EXT4-fs error (device loop1): mb_free_blocks:2017: group 0, inode 15: block 129:freeing already freed block (bit 8); block bitmap corrupt.
[  381.310085][T14484] syz_tun: left allmulticast mode
[  381.342875][T11764] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  381.473900][T14501] 9pnet_fd: p9_fd_create_tcp (14501): problem connecting socket to 127.0.0.1
[  381.512117][T14503] netlink: 'syz.1.3457': attribute type 21 has an invalid length.
[  381.516480][T14503] netlink: 'syz.1.3457': attribute type 6 has an invalid length.
[  381.519448][T14503] netlink: 132 bytes leftover after parsing attributes in process `syz.1.3457'.
[  381.606388][T14507] loop9: detected capacity change from 0 to 1024
[  381.612092][T14507] ext4: Unknown parameter 'euid<00000000000000000000'
[  382.436007][T14517] loop9: detected capacity change from 0 to 32768
[  382.451486][T14517] ocfs2: Mounting device (7,9) on (node local, slot 0) with ordered data mode.
[  382.536703][ T9458] ocfs2: Unmounting device (7,9) on (node local)
[  383.601628][T14542] loop1: detected capacity change from 0 to 64
[  383.698014][T14542] Trying to free block not in datazone
[  383.722412][T14542] Trying to free block not in datazone
[  383.724587][T14542] Trying to free block not in datazone
[  383.740091][T14542] Trying to free block not in datazone
[  383.750716][T14542] Trying to free block not in datazone
[  383.770888][T14542] minix_free_block (loop1:6): bit already cleared
[  383.774189][T14542] Trying to free block not in datazone
[  383.776280][T14542] Trying to free block not in datazone
[  384.387905][T14581] loop9: detected capacity change from 0 to 4096
[  384.417574][T14581] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  384.486808][ T9458] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  384.664767][T14589] loop9: detected capacity change from 0 to 256
[  384.758535][T14593] loop9: detected capacity change from 0 to 1024
[  384.847187][ T1095] hfsplus: bad catalog file entry
[  384.853974][ T1095] hfsplus: b-tree write err: -5, ino 3
[  385.188612][T14595] loop9: detected capacity change from 0 to 32768
[  385.601525][   T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  385.611486][   T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  385.617217][   T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  385.626626][   T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  385.630277][   T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  385.679488][T14612] wlan0 speed is unknown, defaulting to 1000
[  385.829743][T14612] chnl_net:caif_netlink_parms(): no params data found
[  385.916645][T14612] bridge0: port 1(bridge_slave_0) entered blocking state
[  385.920568][T14612] bridge0: port 1(bridge_slave_0) entered disabled state
[  385.923434][T14612] bridge_slave_0: entered allmulticast mode
[  385.927456][T14612] bridge_slave_0: entered promiscuous mode
[  385.932725][T14612] bridge0: port 2(bridge_slave_1) entered blocking state
[  385.936454][T14612] bridge0: port 2(bridge_slave_1) entered disabled state
[  385.940023][T14612] bridge_slave_1: entered allmulticast mode
[  385.943844][T14612] bridge_slave_1: entered promiscuous mode
[  385.974721][T14612] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  385.980795][T14612] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  386.009993][T14612] team0: Port device team_slave_0 added
[  386.014823][T14612] team0: Port device team_slave_1 added
[  386.039869][T14612] batman_adv: batadv0: Adding interface: batadv_slave_0
[  386.042594][T14612] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  386.053831][T14612] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  386.060002][T14612] batman_adv: batadv0: Adding interface: batadv_slave_1
[  386.062713][T14612] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  386.073052][T14612] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  386.101212][T14622] Device name not specified.
[  386.101212][T14622] 
[  386.121980][T14612] hsr_slave_0: entered promiscuous mode
[  386.124887][T14612] hsr_slave_1: entered promiscuous mode
[  386.127599][T14612] debugfs: 'hsr0' already exists in 'hsr'
[  386.129929][T14612] Cannot create hsr debugfs directory
[  386.934987][T14657] GUP no longer grows the stack in syz.9.3514 (14657): 200000004000-20000000a000 (200000002000)
[  386.941905][T14657] CPU: 0 UID: 0 PID: 14657 Comm: syz.9.3514 Not tainted syzkaller #0 PREEMPT(full) 
[  386.941930][T14657] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  386.941940][T14657] Call Trace:
[  386.941948][T14657]  <TASK>
[  386.941956][T14657]  dump_stack_lvl+0x189/0x250
[  386.941986][T14657]  ? __pfx_dump_stack_lvl+0x10/0x10
[  386.942005][T14657]  ? __pfx__printk+0x10/0x10
[  386.942023][T14657]  ? find_vma+0xe7/0x160
[  386.942052][T14657]  __get_user_pages+0x24d0/0x2ce0
[  386.942103][T14657]  ? mtree_load+0x100/0x700
[  386.942127][T14657]  get_user_pages_remote+0x2f1/0xad0
[  386.942146][T14657]  ? __pfx_mtree_load+0x10/0x10
[  386.942198][T14657]  ? __pfx_get_user_pages_remote+0x10/0x10
[  386.942220][T14657]  ? __access_remote_vm+0x367/0x7d0
[  386.942245][T14657]  __access_remote_vm+0x211/0x7d0
[  386.942270][T14657]  ? __pfx___access_remote_vm+0x10/0x10
[  386.942291][T14657]  ? alloc_pages_noprof+0xbe/0x190
[  386.942313][T14657]  proc_pid_cmdline_read+0x430/0x810
[  386.942335][T14657]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[  386.942352][T14657]  ? rw_verify_area+0x2a6/0x4d0
[  386.942375][T14657]  vfs_readv+0x5aa/0x850
[  386.942391][T14657]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[  386.942409][T14657]  ? __pfx_vfs_readv+0x10/0x10
[  386.942435][T14657]  ? __fget_files+0x2a/0x420
[  386.942452][T14657]  ? __fget_files+0x3a0/0x420
[  386.942463][T14657]  ? __fget_files+0x2a/0x420
[  386.942482][T14657]  __x64_sys_preadv+0x197/0x2a0
[  386.942505][T14657]  ? __pfx___x64_sys_preadv+0x10/0x10
[  386.942519][T14657]  ? rcu_is_watching+0x15/0xb0
[  386.942537][T14657]  ? do_syscall_64+0xbe/0x3b0
[  386.942558][T14657]  do_syscall_64+0xfa/0x3b0
[  386.942573][T14657]  ? lockdep_hardirqs_on+0x9c/0x150
[  386.942588][T14657]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  386.942603][T14657]  ? exc_page_fault+0x9f/0xf0
[  386.942617][T14657]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  386.942631][T14657] RIP: 0033:0x7f492358ebe9
[  386.942646][T14657] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  386.942659][T14657] RSP: 002b:00007f49217f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  386.942676][T14657] RAX: ffffffffffffffda RBX: 00007f49237c5fa0 RCX: 00007f492358ebe9
[  386.942687][T14657] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000003
[  386.942696][T14657] RBP: 00007f4923611e19 R08: 0000000000000000 R09: 0000000000000000
[  386.942706][T14657] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000
[  386.942715][T14657] R13: 00007f49237c6038 R14: 00007f49237c5fa0 R15: 00007ffcee8cbd48
[  386.942738][T14657]  </TASK>
[  387.590274][T14612] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  387.600922][T14612] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  387.635495][T14612] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  387.656517][T14612] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  387.805286][ T6144] Bluetooth: hci0: command tx timeout
[  387.825264][T14693] loop9: detected capacity change from 0 to 64
[  387.873896][T14612] 8021q: adding VLAN 0 to HW filter on device bond0
[  387.893898][   T33] kauditd_printk_skb: 5 callbacks suppressed
[  387.893912][   T33] audit: type=1326 audit(1757384508.188:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14695 comm="syz.7.3524" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbcaf8ebe9 code=0x7ffc0000
[  387.912568][T14612] 8021q: adding VLAN 0 to HW filter on device team0
[  387.919726][T10168] bridge0: port 1(bridge_slave_0) entered blocking state
[  387.922045][T10168] bridge0: port 1(bridge_slave_0) entered forwarding state
[  387.925586][   T33] audit: type=1326 audit(1757384508.188:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14695 comm="syz.7.3524" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbcaf8ebe9 code=0x7ffc0000
[  387.934971][   T33] audit: type=1326 audit(1757384508.207:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14695 comm="syz.7.3524" exe="/syz-executor" sig=0 arch=c000003e syscall=284 compat=0 ip=0x7ffbcaf8ebe9 code=0x7ffc0000
[  387.954049][T10168] bridge0: port 2(bridge_slave_1) entered blocking state
[  387.956363][T10168] bridge0: port 2(bridge_slave_1) entered forwarding state
[  387.962718][   T33] audit: type=1326 audit(1757384508.207:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14695 comm="syz.7.3524" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbcaf8ebe9 code=0x7ffc0000
[  387.970372][   T33] audit: type=1326 audit(1757384508.207:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14695 comm="syz.7.3524" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbcaf8ebe9 code=0x7ffc0000
[  388.027473][T14612] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  388.215269][T14612] 8021q: adding VLAN 0 to HW filter on device batadv0
[  388.305142][T14612] veth0_vlan: entered promiscuous mode
[  388.324184][T14612] veth1_vlan: entered promiscuous mode
[  388.402130][T14612] veth0_macvtap: entered promiscuous mode
[  388.431830][T14612] veth1_macvtap: entered promiscuous mode
[  388.457303][T14612] batman_adv: batadv0: Interface activated: batadv_slave_0
[  388.470048][T14612] batman_adv: batadv0: Interface activated: batadv_slave_1
[  388.480056][ T6201] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  388.492403][ T6201] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  388.500173][ T6201] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  388.503624][ T6201] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  388.615455][   T27] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  388.618433][   T27] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  388.659927][   T27] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  388.662753][   T27] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  388.761830][   T51] usb 10-1: new high-speed USB device number 27 using dummy_hcd
[  388.955717][   T51] usb 10-1: config 0 has an invalid interface number: 93 but max is 0
[  388.959055][   T51] usb 10-1: config 0 has no interface number 0
[  388.969185][   T51] usb 10-1: New USB device found, idVendor=1a0a, idProduct=0104, bcdDevice=3f.ac
[  388.972841][   T51] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  388.976087][   T51] usb 10-1: Product: syz
[  388.978074][   T51] usb 10-1: Manufacturer: syz
[  388.980017][   T51] usb 10-1: SerialNumber: syz
[  388.984349][   T51] usb 10-1: config 0 descriptor??
[  389.226358][   T51] usb_ehset_test 10-1:0.93: probe with driver usb_ehset_test failed with error -32
[  389.244142][   T51] usb 10-1: USB disconnect, device number 27
[  389.927642][T14790] loop9: detected capacity change from 0 to 4096
[  389.931791][T14790] nilfs2: Unknown parameter 'p'L7S#L7ara.	mvnbM֗?6SakٕK>S;vuk(>'
[  389.960233][T14790] bond0: option arp_validate: invalid value (18446744073214590903)
[  390.147853][   T13] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  390.221047][   T33] audit: type=1800 audit(1757384510.368:120): pid=14794 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.9.3552" name="/" dev="9p" ino=2 res=0 errno=0
[  390.371682][T14797] openvswitch: netlink: Flow key attr not present in new flow.
[  390.451438][T14801] netlink: 'syz.9.3557': attribute type 21 has an invalid length.
[  390.509117][T14805] loop9: detected capacity change from 0 to 512
[  390.523147][T14805] EXT4-fs error (device loop9): ext4_orphan_get:1392: inode #15: comm syz.9.3559: casefold flag without casefold feature
[  390.528596][T14805] EXT4-fs error (device loop9): ext4_orphan_get:1397: comm syz.9.3559: couldn't read orphan inode 15 (err -117)
[  390.534630][T14805] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  390.592539][ T9458] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  390.604484][T14809] netlink: 130984 bytes leftover after parsing attributes in process `syz.7.3560'.
[  390.684175][   T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  390.685034][T14811] input: syz1 as /devices/virtual/input/input21
[  390.692580][   T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  390.700439][   T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  390.709884][   T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  390.721346][   T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  390.758505][T14812] wlan0 speed is unknown, defaulting to 1000
[  390.952430][T14812] chnl_net:caif_netlink_parms(): no params data found
[  391.098819][T14826] @: renamed from vlan0 (while UP)
[  391.196226][   T13] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  391.323839][T14812] bridge0: port 1(bridge_slave_0) entered blocking state
[  391.328485][T14812] bridge0: port 1(bridge_slave_0) entered disabled state
[  391.331601][T14812] bridge_slave_0: entered allmulticast mode
[  391.335892][T14812] bridge_slave_0: entered promiscuous mode
[  391.345738][T14812] bridge0: port 2(bridge_slave_1) entered blocking state
[  391.350563][T14812] bridge0: port 2(bridge_slave_1) entered disabled state
[  391.353378][T14812] bridge_slave_1: entered allmulticast mode
[  391.356562][T14812] bridge_slave_1: entered promiscuous mode
[  391.409619][T14812] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  391.430198][T14812] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  391.482565][T14812] team0: Port device team_slave_0 added
[  391.492532][T14812] team0: Port device team_slave_1 added
[  391.544433][T14812] batman_adv: batadv0: Adding interface: batadv_slave_0
[  391.547247][T14812] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  391.559673][T14812] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  391.567278][T14812] batman_adv: batadv0: Adding interface: batadv_slave_1
[  391.570061][T14812] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  391.580950][T14812] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  391.640513][T14812] hsr_slave_0: entered promiscuous mode
[  391.643576][T14812] hsr_slave_1: entered promiscuous mode
[  391.646376][T14812] debugfs: 'hsr0' already exists in 'hsr'
[  391.649850][T14812] Cannot create hsr debugfs directory
[  391.795876][   T13] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  391.911102][   T13] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  392.348554][   T13] bridge_slave_1: left allmulticast mode
[  392.351026][   T13] bridge_slave_1: left promiscuous mode
[  392.355234][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  392.364870][   T13] bridge_slave_0: left allmulticast mode
[  392.369434][   T13] bridge_slave_0: left promiscuous mode
[  392.371880][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  392.930814][ T6144] Bluetooth: hci0: command tx timeout
[  393.252304][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  393.258262][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  393.264698][   T13] bond0 (unregistering): Released all slaves
[  393.589649][T14906] IPVS: sh: SCTP 127.0.0.1:0 - no destination available
[  393.800411][T14917] netlink: 17 bytes leftover after parsing attributes in process `syz.9.3592'.
[  393.804194][T14917] netlink: zone id is out of range
[  393.806417][T14917] netlink: zone id is out of range
[  393.810854][T14917] netlink: zone id is out of range
[  393.829706][T14917] netlink: zone id is out of range
[  393.831972][T14917] netlink: zone id is out of range
[  393.861358][T14917] netlink: zone id is out of range
[  393.869048][T14917] netlink: zone id is out of range
[  393.872857][T14917] netlink: zone id is out of range
[  394.084026][   T13] hsr_slave_0: left promiscuous mode
[  394.099398][   T13] hsr_slave_1: left promiscuous mode
[  394.101742][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  394.104368][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  394.116213][T14932] loop9: detected capacity change from 0 to 4096
[  394.124690][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  394.127209][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  394.163107][T14932] ntfs3(loop9): ino=1e, "file1" attr_set_size
[  394.175090][   T13] veth1_macvtap: left promiscuous mode
[  394.187072][   T13] veth0_macvtap: left promiscuous mode
[  394.188982][   T13] veth1_vlan: left promiscuous mode
[  394.190703][   T13] veth0_vlan: left promiscuous mode
[  394.577076][ T5849] usb 10-1: new high-speed USB device number 28 using dummy_hcd
[  394.756269][ T5849] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  394.761838][ T5849] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  394.765985][ T5849] usb 10-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00
[  394.774344][ T5849] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  394.780366][ T5849] usb 10-1: config 0 descriptor??
[  395.076241][   T13] team0 (unregistering): Port device team_slave_1 removed
[  395.146304][   T13] team0 (unregistering): Port device team_slave_0 removed
[  395.154209][ T6144] Bluetooth: hci0: command tx timeout
[  395.660914][ T5849] hid-led 0003:27B8:01ED.0013: hidraw0: USB HID v0.00 Device [HID 27b8:01ed] on usb-dummy_hcd.9-1/input0
[  395.772395][ T5849] hid-led 0003:27B8:01ED.0013: ThingM blink(1) initialized
[  395.882963][   T51] usb 10-1: USB disconnect, device number 28
[  396.271584][T14812] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  396.286880][T14812] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  396.322599][T14812] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  396.363876][T14812] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  396.403720][T14949] tc_dump_action: action bad kind
[  396.519836][T14959] net_ratelimit: 78 callbacks suppressed
[  396.519882][T14959] IPVS: sh: SCTP 127.0.0.1:0 - no destination available
[  396.644418][T14812] 8021q: adding VLAN 0 to HW filter on device bond0
[  396.675931][T14812] 8021q: adding VLAN 0 to HW filter on device team0
[  396.717561][ T1095] bridge0: port 1(bridge_slave_0) entered blocking state
[  396.720922][ T1095] bridge0: port 1(bridge_slave_0) entered forwarding state
[  396.727998][ T1095] bridge0: port 2(bridge_slave_1) entered blocking state
[  396.730734][ T1095] bridge0: port 2(bridge_slave_1) entered forwarding state
[  396.811320][ T6188] usb 10-1: new high-speed USB device number 29 using dummy_hcd
[  396.975106][ T6188] usb 10-1: Using ep0 maxpacket: 16
[  396.979359][ T6188] usb 10-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  396.986704][ T6188] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  396.995851][ T6188] usb 10-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  396.999168][ T6188] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  397.002395][ T6188] usb 10-1: Product: syz
[  397.010912][ T6188] usb 10-1: Manufacturer: syz
[  397.012551][ T6188] usb 10-1: SerialNumber: syz
[  397.021982][ T6188] usb 10-1: config 0 descriptor??
[  397.033525][ T6188] em28xx 10-1:0.0: error: skipping audio endpoint 0x83, because it uses bulk transfers !
[  397.073049][T14812] 8021q: adding VLAN 0 to HW filter on device batadv0
[  397.144845][T14812] veth0_vlan: entered promiscuous mode
[  397.157706][T14988] overlayfs: failed to clone upperpath
[  397.166485][T14812] veth1_vlan: entered promiscuous mode
[  397.192851][T14812] veth0_macvtap: entered promiscuous mode
[  397.202953][T14812] veth1_macvtap: entered promiscuous mode
[  397.229512][T14812] batman_adv: batadv0: Interface activated: batadv_slave_0
[  397.257880][ T5849] usb 10-1: USB disconnect, device number 29
[  397.267180][T14812] batman_adv: batadv0: Interface activated: batadv_slave_1
[  397.302499][   T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  397.307631][   T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  397.311259][   T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  397.328621][   T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  397.377846][ T6144] Bluetooth: hci0: command tx timeout
[  397.492269][T10618] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  397.505704][T10618] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  397.531284][T10618] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  397.534755][T10618] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  398.105686][T15014] netlink: 'syz.9.3618': attribute type 12 has an invalid length.
[  398.353165][T15022] loop9: detected capacity change from 0 to 32768
[  398.551339][T15038] evm: overlay not supported
[  398.598360][ T7215] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  398.613401][T15042] netlink: 12 bytes leftover after parsing attributes in process `syz.7.3632'.
[  398.763375][ T7215] usb 3-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[  398.766272][ T7215] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  398.780783][ T7215] usb 3-1: Product: syz
[  398.782645][ T7215] usb 3-1: Manufacturer: syz
[  398.784582][ T7215] usb 3-1: SerialNumber: syz
[  398.793263][ T7215] usb 3-1: config 0 descriptor??
[  398.800239][ T7215] gspca_main: sunplus-2.14.0 probing 04fc:504a
[  398.823144][T15054] bond0: Unable to set down delay as MII monitoring is disabled
[  399.016601][ T7215] gspca_sunplus: reg_r err -71
[  399.021050][ T7215] usb 3-1: USB disconnect, device number 4
[  399.365137][T15063] loop9: detected capacity change from 0 to 32768
[  399.374332][T15063] ERROR: (device loop9): dbAlloc: the hint is outside the map
[  399.374332][T15063] 
[  399.379780][T15063] ialloc: diAlloc returned -5!
[  399.604614][ T6144] Bluetooth: hci0: command tx timeout
[  399.632245][T15069] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3645'.
[  399.761948][ T5849] usb 10-1: new high-speed USB device number 30 using dummy_hcd
[  399.778435][T15075] Bluetooth: Invalid esc byte 0x02
[  400.113089][ T5849] usb 10-1: Using ep0 maxpacket: 16
[  400.117108][ T5849] usb 10-1: unable to get BOS descriptor or descriptor too short
[  400.142364][ T5849] usb 10-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  400.146077][ T5849] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  400.151468][ T5849] usb 10-1: Product: syz
[  400.153228][ T5849] usb 10-1: Manufacturer: syz
[  400.155136][ T5849] usb 10-1: SerialNumber: syz
[  400.241573][T15093] netlink: 'syz.2.3657': attribute type 3 has an invalid length.
[  400.281872][T15095] random: crng reseeded on system resumption
[  400.386882][ T5849] usb 10-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  400.408774][ T5849] usb 10-1: USB disconnect, device number 30
[  400.536488][T15101] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  400.843575][T15121] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3671'.
[  400.847434][T15121] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3671'.
[  400.880662][T15123] ALSA: mixer_oss: invalid OSS volume ''
[  401.108007][T15139] netlink: 'syz.7.3680': attribute type 4 has an invalid length.
[  401.160429][T15143] @: renamed from bond_slave_0 (while UP)
[  401.241302][T15133] loop9: detected capacity change from 0 to 32768
[  401.252887][T15133] ocfs2: Mounting device (7,9) on (node local, slot 0) with ordered data mode.
[  401.281478][ T9458] (syz-executor,9458,0):ocfs2_inode_is_valid_to_delete:948 ERROR: Skipping delete of system file 72
[  401.287301][ T9458] ocfs2: Unmounting device (7,9) on (node local)
[  401.444158][T15153] tmpfs: Bad value for 'mpol'
[  402.712544][ T7434] usb 10-1: new high-speed USB device number 31 using dummy_hcd
[  402.882811][ T7434] usb 10-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  402.891068][ T7434] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  402.970366][ T7434] usb 10-1: config 0 descriptor??
[  402.983371][ T7434] cp210x 10-1:0.0: cp210x converter detected
[  403.445108][ T7434] cp210x 10-1:0.0: failed to get vendor val 0x000e size 3: -32
[  403.456478][ T7434] usb 10-1: cp210x converter now attached to ttyUSB0
[  403.675599][ T7434] usb 10-1: USB disconnect, device number 31
[  403.705049][ T7434] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  403.749881][ T7434] cp210x 10-1:0.0: device disconnected
[  404.776918][   T51] usb 10-1: new high-speed USB device number 32 using dummy_hcd
[  404.803147][T15206] openvswitch: netlink: IPv4 frag type 32 is out of range max 2
[  404.969683][   T51] usb 10-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  404.978814][   T51] usb 10-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  404.990311][   T51] usb 10-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  405.002103][   T51] usb 10-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  405.005124][   T51] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  405.027184][T15204] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[  405.249201][   T51] aiptek 10-1:17.0: Aiptek using 400 ms programming speed
[  405.262627][   T51] input: Aiptek as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:17.0/input/input22
[  405.285836][   T51] usb 10-1: USB disconnect, device number 32
[  405.285900][    C1] aiptek 10-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  406.087226][T15234] input: syz1 as /devices/virtual/input/input23
[  406.601989][   T33] audit: type=1326 audit(1757384525.690:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15251 comm="syz.2.3730" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfd6b8ebe9 code=0x7ffc0000
[  406.620991][   T33] audit: type=1326 audit(1757384525.708:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15251 comm="syz.2.3730" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfd6b8ebe9 code=0x7ffc0000
[  406.646593][   T33] audit: type=1326 audit(1757384525.708:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15251 comm="syz.2.3730" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fbfd6b8d550 code=0x7ffc0000
[  406.655265][   T33] audit: type=1326 audit(1757384525.708:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15251 comm="syz.2.3730" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfd6b8ebe9 code=0x7ffc0000
[  406.673874][   T33] audit: type=1326 audit(1757384525.708:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15251 comm="syz.2.3730" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfd6b8ebe9 code=0x7ffc0000
[  406.682994][   T33] audit: type=1326 audit(1757384525.708:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15251 comm="syz.2.3730" exe="/syz-executor" sig=0 arch=c000003e syscall=40 compat=0 ip=0x7fbfd6b8ebe9 code=0x7ffc0000
[  406.695679][   T33] audit: type=1326 audit(1757384525.708:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15251 comm="syz.2.3730" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfd6b8ebe9 code=0x7ffc0000
[  406.706903][T15244] loop9: detected capacity change from 0 to 40427
[  406.712229][T15244] F2FS-fs (loop9): build fault injection rate: 14
[  406.714828][T15244] F2FS-fs (loop9): build fault injection type: 0x3bfe8c
[  406.719737][T15244] F2FS-fs (loop9): invalid crc value
[  406.726820][    C1] F2FS-fs (loop9): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  406.738407][    C1] F2FS-fs (loop9): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  406.777576][T15244] F2FS-fs (loop9): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  406.781201][T15244] F2FS-fs (loop9): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0
[  406.786875][T15244] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5
[  406.817995][T15244] F2FS-fs (loop9): Stopped filesystem due to reason: 0
[  406.831515][   T33] audit: type=1326 audit(1757384525.905:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15262 comm="syz.2.3734" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfd6b8ebe9 code=0x7ffc0000
[  406.858424][   T33] audit: type=1326 audit(1757384525.905:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15262 comm="syz.2.3734" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfd6b8ebe9 code=0x7ffc0000
[  406.883094][   T33] audit: type=1326 audit(1757384525.924:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15262 comm="syz.2.3734" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbfd6b8ebe9 code=0x7ffc0000
[  407.157506][T15274] loop9: detected capacity change from 0 to 256
[  407.230199][T15279] futex_wake_op: syz.9.3741 tries to shift op by 32; fix this program
[  407.248021][T15280] overlayfs: missing 'workdir'
[  407.769640][   T51] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  407.961646][   T51] usb 3-1: Using ep0 maxpacket: 16
[  407.970842][   T51] usb 3-1: config 1 has an invalid descriptor of length 97, skipping remainder of the config
[  407.976817][   T51] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  407.985973][   T51] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  407.990092][   T51] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  407.995696][   T51] usb 3-1: Product: syz
[  407.997675][   T51] usb 3-1: Manufacturer: syz
[  407.999647][   T51] usb 3-1: SerialNumber: syz
[  408.283297][   T51] usb 3-1: 0:2 : does not exist
[  408.289792][   T51] usb 3-1: 5:0: failed to get current value for ch 0 (-22)
[  408.301911][T15307] cgroup: noprefix used incorrectly
[  408.307515][   T51] usb 3-1: USB disconnect, device number 5
[  408.415127][T15315] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  408.750247][T15329] loop9: detected capacity change from 0 to 128
[  408.755382][T15329] EXT4-fs: Ignoring removed nobh option
[  408.768084][T15329] EXT4-fs (loop9): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  408.776161][T15329] ext4 filesystem being mounted at /685/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  408.809550][T15329] fscrypt (loop9, inode 12): Sub-block data units not yet supported with IV_INO_LBLK_32
[  408.871390][ T9458] EXT4-fs (loop9): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  408.983345][T15338] loop9: detected capacity change from 0 to 512
[  408.986781][T15338] EXT4-fs: Ignoring removed nobh option
[  409.074281][T15338] EXT4-fs error (device loop9): ext4_orphan_get:1392: inode #15: comm syz.9.3766: iget: bad i_size value: 38620345925642
[  409.080673][T15338] EXT4-fs error (device loop9): ext4_orphan_get:1397: comm syz.9.3766: couldn't read orphan inode 15 (err -117)
[  409.098343][T15338] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  409.734959][T15344] EXT4-fs error (device loop9): ext4_validate_block_bitmap:432: comm syz.9.3766: bg 0: block 5: invalid block bitmap
[  410.088250][T15344] overlayfs: failed to verify upper root origin
[  410.157450][ T9458] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  410.383446][T15358] netlink: 1041 bytes leftover after parsing attributes in process `syz.7.3773'.
[  410.504084][T15369] program syz.2.3771 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  410.755547][T15380] overlayfs: conflicting options: metacopy=on,redirect_dir=follow
[  411.146619][T15394] netlink: 32 bytes leftover after parsing attributes in process `syz.9.3788'.
[  411.966550][T15425] netlink: 'syz.7.3802': attribute type 23 has an invalid length.
[  412.230827][T15435] netlink: 'syz.7.3807': attribute type 2 has an invalid length.
[  412.268979][T15437] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  412.334984][T15441] netlink: 'syz.9.3810': attribute type 1 has an invalid length.
[  412.338191][T15441] netlink: 'syz.9.3810': attribute type 3 has an invalid length.
[  412.341431][T15441] netlink: 224 bytes leftover after parsing attributes in process `syz.9.3810'.
[  413.416561][T15453] loop9: detected capacity change from 0 to 32768
[  413.419619][T15453] XFS: noikeep mount option is deprecated.
[  413.455208][T15453] XFS (loop9): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  413.484420][T15453] XFS (loop9): invalid iclog size (4096 bytes), using lsunit (32768 bytes)
[  413.490814][T15453] XFS (loop9): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  413.501199][T15453] XFS (loop9): Starting recovery (logdev: internal)
[  413.522359][T15453] XFS (loop9): Ending recovery (logdev: internal)
[  413.588046][ T9458] XFS (loop9): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  414.398558][T15486] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  414.592005][    T9] usb 3-1: new low-speed USB device number 6 using dummy_hcd
[  414.751907][    T9] usb 3-1: No LPM exit latency info found, disabling LPM.
[  414.756020][    T9] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 8
[  414.760210][    T9] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x82 is Bulk; changing to Interrupt
[  414.764575][    T9] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 is Bulk; changing to Interrupt
[  414.771433][    T9] usb 3-1: string descriptor 0 read error: -22
[  414.773652][    T9] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  414.777159][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  414.784874][   T10] usb 10-1: new full-speed USB device number 33 using dummy_hcd
[  414.789191][T15482] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  414.957449][   T10] usb 10-1: config 253 has an invalid interface number: 57 but max is 0
[  414.960431][   T10] usb 10-1: config 253 has no interface number 0
[  414.966741][   T10] usb 10-1: config 253 interface 57 altsetting 0 endpoint 0x8 has invalid maxpacket 1023, setting to 64
[  414.976541][   T10] usb 10-1: New USB device found, idVendor=1546, idProduct=1313, bcdDevice=1c.86
[  414.984895][   T10] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  414.988295][   T10] usb 10-1: Product: syz
[  414.995945][   T10] usb 10-1: Manufacturer: syz
[  414.997537][   T10] usb 10-1: SerialNumber: syz
[  415.019880][    T9] cdc_ncm 3-1:1.0: bind() failure
[  415.028717][    T9] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[  415.031517][    T9] cdc_ncm 3-1:1.1: bind() failure
[  415.039970][    T9] usb 3-1: USB disconnect, device number 6
[  415.235445][   T10] cdc_ether 10-1:253.57: invalid descriptor buffer length
[  415.238392][   T10] usb 10-1: bad CDC descriptors
[  415.244894][   T10] usb 10-1: USB disconnect, device number 33
[  415.752167][T15522] overlayfs: failed to create directory ./bus/work (errno: 22); mounting read-only
[  415.889230][T15531] wlan0 speed is unknown, defaulting to 1000
[  415.896020][T15535] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  415.967792][T15538] netlink: 12 bytes leftover after parsing attributes in process `syz.9.3846'.
[  416.096847][T15531] netlink: 'syz.7.3843': attribute type 2 has an invalid length.
[  416.264635][   T33] kauditd_printk_skb: 25 callbacks suppressed
[  416.264648][   T33] audit: type=1326 audit(1757384534.726:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15553 comm="syz.7.3853" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ffbcaf8ebe9 code=0x0
[  416.439686][T15550] loop9: detected capacity change from 0 to 32768
[  416.442844][T15550] BTRFS warning: excessive commit interval 491628334, use with care
[  416.446255][T15550] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop9 (7:9) scanned by syz.9.3851 (15550)
[  416.454094][T15550] BTRFS info (device loop9): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  416.458130][T15550] BTRFS info (device loop9): using crc32c (crc32c-lib) checksum algorithm
[  416.479710][T15550] BTRFS info (device loop9): setting nodatasum
[  416.482149][T15550] BTRFS info (device loop9): enabling ssd optimizations
[  416.484713][T15550] BTRFS info (device loop9): enabling free space tree
[  416.487067][T15550] BTRFS info (device loop9): max_inline set to 0
[  416.534766][ T9458] BTRFS info (device loop9): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  416.753688][T15572] loop9: detected capacity change from 0 to 256
[  416.784717][T15572] exFAT-fs (loop9): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[  417.958318][ T7215] usb 10-1: new high-speed USB device number 34 using dummy_hcd
[  418.141190][ T7215] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  418.145633][ T7215] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 3
[  418.151859][ T7215] usb 10-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  418.155823][ T7215] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67
[  418.159360][ T7215] usb 10-1: SerialNumber: syz
[  418.445280][ T7215] usb 10-1: 0:2 : does not exist
[  418.467442][ T7215] usb 10-1: USB disconnect, device number 34
[  418.996056][T15613] loop9: detected capacity change from 0 to 8
[  419.010354][T15613] SQUASHFS error: lzo decompression failed, data probably corrupt
[  419.021953][T15613] SQUASHFS error: Failed to read block 0x1c0: -5
[  419.024555][T15613] SQUASHFS error: Unable to read metadata cache entry [1be]
[  419.176817][T15620] tmpfs: Unknown parameter 'quot'
[  419.190267][T15620] lo speed is unknown, defaulting to 1000
[  419.192717][T15620] lo speed is unknown, defaulting to 1000
[  419.198166][T15620] lo speed is unknown, defaulting to 1000
[  419.241697][T15620] infiniband 3yz0: RDMA CMA: cma_listen_on_dev, error -98
[  419.336270][T15620] lo speed is unknown, defaulting to 1000
[  419.345901][T15620] lo speed is unknown, defaulting to 1000
[  419.356753][T15620] lo speed is unknown, defaulting to 1000
[  419.371580][T15620] lo speed is unknown, defaulting to 1000
[  419.381403][T15620] lo speed is unknown, defaulting to 1000
[  419.450705][T15624] [U] 
[  419.452760][T15624] [U] 
[  419.453804][T15624] [U] 
[  419.454858][T15624] [U] 
[  419.456414][T15623] [U] 
[  419.833811][T15648] netlink: 16222 bytes leftover after parsing attributes in process `syz.9.3888'.
[  419.995857][T15658] misc userio: The device must be registered before sending interrupts
[  420.010085][   T33] audit: type=1800 audit(1757384538.224:157): pid=15654 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.3890" name="bus" dev="tmpfs" ino=5461 res=0 errno=0
[  420.144699][T15669] loop9: detected capacity change from 0 to 8
[  420.153319][T15669] SQUASHFS error: xz decompression failed, data probably corrupt
[  420.156252][T15669] SQUASHFS error: Failed to read block 0x108: -5
[  420.158435][T15669] SQUASHFS error: Unable to read metadata cache entry [106]
[  420.163427][T15669] SQUASHFS error: Unable to read inode 0x11f
[  420.249097][T15673] netlink: 512 bytes leftover after parsing attributes in process `syz.9.3898'.
[  420.297679][T15675] netlink: 4 bytes leftover after parsing attributes in process `syz.9.3899'.
[  420.463348][T15682] loop9: detected capacity change from 0 to 1024
[  420.502901][T15682] syz.9.3902: attempt to access beyond end of device
[  420.502901][T15682] loop9: rw=0, sector=393220, nr_sectors = 2 limit=1024
[  420.608220][T15684] loop9: detected capacity change from 0 to 4096
[  420.624202][T15684] ntfs3(loop9): ino=1a, mi_enum_attr
[  420.626777][T15684] ntfs3(loop9): Mark volume as dirty due to NTFS errors
[  420.739819][T15686] loop9: detected capacity change from 0 to 4096
[  420.754356][T15687] NILFS (loop9): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  420.807313][T15689] overlayfs: fs on './bus' does not support file handles, falling back to index=off,nfs_export=off.
[  420.814731][T15689] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  421.057091][T15695] loop9: detected capacity change from 0 to 32768
[  421.549421][   T33] audit: type=1800 audit(1757384539.496:158): pid=15701 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.3908" name="file1" dev="loop9" ino=9 res=0 errno=0
[  422.646771][T15741] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3928'.
[  422.686076][T15745] netlink: 16 bytes leftover after parsing attributes in process `syz.9.3929'.
[  422.689864][T15745] openvswitch: netlink: EtherType 0 is less than min 600
[  422.908677][T10145] syz_tun (unregistering): left allmulticast mode
[  422.940499][T10145] team0: Port device macvlan2 removed
[  423.019136][T15754] siw: device registration error -23
[  423.198856][   T13] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  423.319344][   T13] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  423.432519][   T13] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  423.562434][   T13] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  423.767778][   T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  423.775890][   T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  423.780394][   T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  423.790909][   T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  423.793798][   T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  423.884406][T15776] netlink: 4280 bytes leftover after parsing attributes in process `syz.7.3944'.
[  423.888414][T15776] netlink: 4280 bytes leftover after parsing attributes in process `syz.7.3944'.
[  424.038314][   T13] bridge_slave_1: left allmulticast mode
[  424.044714][   T13] bridge_slave_1: left promiscuous mode
[  424.047363][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  424.055080][   T13] bridge_slave_0: left allmulticast mode
[  424.057145][   T13] bridge_slave_0: left promiscuous mode
[  424.059234][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  424.816109][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  424.822255][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  424.827714][   T13] bond0 (unregistering): Released all slaves
[  424.842191][T15772] wlan0 speed is unknown, defaulting to 1000
[  424.845833][T15772] lo speed is unknown, defaulting to 1000
[  425.016623][T15772] chnl_net:caif_netlink_parms(): no params data found
[  425.236481][T15772] bridge0: port 1(bridge_slave_0) entered blocking state
[  425.246371][T15772] bridge0: port 1(bridge_slave_0) entered disabled state
[  425.250204][T15772] bridge_slave_0: entered allmulticast mode
[  425.254228][T15772] bridge_slave_0: entered promiscuous mode
[  425.287469][T15772] bridge0: port 2(bridge_slave_1) entered blocking state
[  425.290373][T15772] bridge0: port 2(bridge_slave_1) entered disabled state
[  425.293753][T15772] bridge_slave_1: entered allmulticast mode
[  425.297652][T15772] bridge_slave_1: entered promiscuous mode
[  425.335126][T15772] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  425.364034][T15772] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  425.394623][   T13] hsr_slave_0: left promiscuous mode
[  425.402058][   T13] hsr_slave_1: left promiscuous mode
[  425.404423][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  425.407230][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  425.412005][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  425.414827][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  425.432380][   T13] veth1_macvtap: left promiscuous mode
[  425.434258][   T13] veth0_macvtap: left allmulticast mode
[  425.436347][   T13] veth0_macvtap: left promiscuous mode
[  425.438484][   T13] veth1_vlan: left promiscuous mode
[  425.440428][   T13] veth0_vlan: left promiscuous mode
[  426.232064][   T54] Bluetooth: hci1: command tx timeout
[  427.157099][   T13] team0 (unregistering): Port device team_slave_1 removed
[  427.266950][   T13] team0 (unregistering): Port device team_slave_0 removed
[  428.006141][T15772] team0: Port device team_slave_0 added
[  428.018312][T15772] team0: Port device team_slave_1 added
[  428.060332][T15772] batman_adv: batadv0: Adding interface: batadv_slave_0
[  428.063211][T15772] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  428.098918][T15772] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  428.100859][T15826] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3965'.
[  428.109038][T15772] batman_adv: batadv0: Adding interface: batadv_slave_1
[  428.112072][T15772] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  428.122601][T15772] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  428.255499][T15772] hsr_slave_0: entered promiscuous mode
[  428.258873][T15772] hsr_slave_1: entered promiscuous mode
[  428.262785][T15772] debugfs: 'hsr0' already exists in 'hsr'
[  428.265610][T15772] Cannot create hsr debugfs directory
[  428.434365][   T54] Bluetooth: hci1: command tx timeout
[  428.536506][   T13] IPVS: stop unused estimator thread 0...
[  428.985876][T15772] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  429.000380][T15772] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  429.010306][T15772] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  429.022825][T15772] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  429.158672][T15772] 8021q: adding VLAN 0 to HW filter on device bond0
[  429.186122][T15772] 8021q: adding VLAN 0 to HW filter on device team0
[  429.194609][T10168] bridge0: port 1(bridge_slave_0) entered blocking state
[  429.197555][T10168] bridge0: port 1(bridge_slave_0) entered forwarding state
[  429.218266][T10168] bridge0: port 2(bridge_slave_1) entered blocking state
[  429.221186][T10168] bridge0: port 2(bridge_slave_1) entered forwarding state
[  429.443424][T15772] 8021q: adding VLAN 0 to HW filter on device batadv0
[  429.520884][T15772] veth0_vlan: entered promiscuous mode
[  429.529598][T15772] veth1_vlan: entered promiscuous mode
[  429.552139][T15772] veth0_macvtap: entered promiscuous mode
[  429.559965][T15772] veth1_macvtap: entered promiscuous mode
[  429.575230][T15772] batman_adv: batadv0: Interface activated: batadv_slave_0
[  429.589937][T15772] batman_adv: batadv0: Interface activated: batadv_slave_1
[  429.600718][ T6186] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  429.605550][ T6186] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  429.617850][ T6186] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  429.635422][ T6186] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  429.763058][   T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  429.766264][   T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  429.800444][   T64] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  429.804441][   T64] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  430.084148][T15876] loop0: detected capacity change from 0 to 40427
[  430.190270][T15876] F2FS-fs (loop0): invalid crc value
[  430.325833][T15876] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  430.329301][T15876] F2FS-fs (loop0): Start checkpoint disabled!
[  430.340120][T15876] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  430.364125][T15876] syz.0.3939: attempt to access beyond end of device
[  430.364125][T15876] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  430.412281][T10618] kworker/u10:13: attempt to access beyond end of device
[  430.412281][T10618] loop0: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  430.418779][T10618] CPU: 1 UID: 0 PID: 10618 Comm: kworker/u10:13 Not tainted syzkaller #0 PREEMPT(full) 
[  430.418800][T10618] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  430.418810][T10618] Workqueue: writeback wb_workfn (flush-7:0)
[  430.418831][T10618] Call Trace:
[  430.418838][T10618]  <TASK>
[  430.418846][T10618]  dump_stack_lvl+0x189/0x250
[  430.418869][T10618]  ? __pfx_dump_stack_lvl+0x10/0x10
[  430.418885][T10618]  ? __pfx_queue_work_on+0x10/0x10
[  430.418899][T10618]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  430.418920][T10618]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  430.418943][T10618]  f2fs_handle_critical_error+0x37c/0x540
[  430.418960][T10618]  f2fs_write_end_io+0x886/0xb60
[  430.418978][T10618]  __submit_merged_bio+0x27a/0x6a0
[  430.418994][T10618]  __submit_merged_write_cond+0x255/0x530
[  430.419009][T10618]  f2fs_write_data_pages+0x261d/0x3000
[  430.419034][T10618]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  430.419049][T10618]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  430.419076][T10618]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  430.419094][T10618]  ? trace_f2fs_writepages+0x7f/0x200
[  430.419105][T10618]  ? f2fs_write_node_pages+0x478/0x6e0
[  430.419119][T10618]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  430.419138][T10618]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  430.419146][T10618]  do_writepages+0x32e/0x550
[  430.419161][T10618]  ? reacquire_held_locks+0x127/0x1d0
[  430.419169][T10618]  ? writeback_sb_inodes+0x384/0x1010
[  430.419183][T10618]  __writeback_single_inode+0x145/0xff0
[  430.419193][T10618]  ? do_raw_spin_unlock+0x4d/0x240
[  430.419205][T10618]  writeback_sb_inodes+0x6c7/0x1010
[  430.419260][T10618]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  430.419309][T10618]  ? rcu_is_watching+0x15/0xb0
[  430.419325][T10618]  wb_writeback+0x43b/0xaf0
[  430.419340][T10618]  ? queue_io+0x311/0x590
[  430.419351][T10618]  ? __pfx_wb_writeback+0x10/0x10
[  430.419366][T10618]  ? _raw_spin_unlock_irq+0x23/0x50
[  430.419380][T10618]  wb_workfn+0x409/0xef0
[  430.419396][T10618]  ? __pfx_wb_workfn+0x10/0x10
[  430.419407][T10618]  ? __lock_acquire+0xab9/0xd20
[  430.419424][T10618]  ? process_scheduled_works+0x9ef/0x17b0
[  430.419436][T10618]  ? _raw_spin_unlock_irq+0x23/0x50
[  430.419446][T10618]  ? process_scheduled_works+0x9ef/0x17b0
[  430.419452][T10618]  ? process_scheduled_works+0x9ef/0x17b0
[  430.419461][T10618]  process_scheduled_works+0xae1/0x17b0
[  430.419483][T10618]  ? __pfx_process_scheduled_works+0x10/0x10
[  430.419500][T10618]  worker_thread+0x8a0/0xda0
[  430.419523][T10618]  kthread+0x711/0x8a0
[  430.419535][T10618]  ? __pfx_worker_thread+0x10/0x10
[  430.419550][T10618]  ? __pfx_kthread+0x10/0x10
[  430.419560][T10618]  ? _raw_spin_unlock_irq+0x23/0x50
[  430.419571][T10618]  ? lockdep_hardirqs_on+0x9c/0x150
[  430.419579][T10618]  ? __pfx_kthread+0x10/0x10
[  430.419589][T10618]  ret_from_fork+0x3fc/0x770
[  430.419600][T10618]  ? __pfx_ret_from_fork+0x10/0x10
[  430.419611][T10618]  ? __switch_to_asm+0x39/0x70
[  430.419621][T10618]  ? __switch_to_asm+0x33/0x70
[  430.419629][T10618]  ? __pfx_kthread+0x10/0x10
[  430.419640][T10618]  ret_from_fork_asm+0x1a/0x30
[  430.419658][T10618]  </TASK>
[  430.420461][T10618] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  430.648679][   T54] Bluetooth: hci1: command tx timeout
[  431.815505][T15904] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  432.154568][ T7434] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  432.318559][ T7434] usb 1-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  432.321650][ T7434] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  432.326278][ T7434] usb 1-1: config 0 descriptor??
[  432.520570][T15921] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3998'.
[  432.567067][ T7434] usb 1-1: Cannot read MAC address
[  432.569848][ T7434] MOSCHIP usb-ethernet driver 1-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[  432.579567][ T7434] usb 1-1: USB disconnect, device number 13
[  432.604876][T15921] vxlan0: entered promiscuous mode
[  432.612332][ T6186] netdevsim netdevsim7 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  432.618272][ T6186] netdevsim netdevsim7 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  432.623821][ T6186] netdevsim netdevsim7 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  432.631598][ T6186] netdevsim netdevsim7 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  432.812132][T15930] ieee802154 phy0 wpan0: encryption failed: -22
[  432.870925][   T54] Bluetooth: hci1: command tx timeout
[  433.121608][T15946] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4012'.
[  433.389350][T15962] loop0: detected capacity change from 0 to 512
[  433.392669][T15962] EXT4-fs: Ignoring removed nomblk_io_submit option
[  433.400622][T15962] EXT4-fs: Ignoring removed nomblk_io_submit option
[  433.403982][T15962] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[  433.570368][T15962] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2
[  433.573553][T15962] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -2
[  433.623765][T15962] EXT4-fs (loop0): 1 truncate cleaned up
[  433.627442][T15962] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  433.690449][T15962] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  434.097312][T15772] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  434.452932][   T10] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  434.498321][T15982] netlink: 209852 bytes leftover after parsing attributes in process `syz.7.4027'.
[  434.549552][T15986] pim6reg: entered allmulticast mode
[  434.629344][   T10] usb 1-1: New USB device found, idVendor=0c45, idProduct=8003, bcdDevice=d6.bb
[  434.633041][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  434.639302][   T10] usb 1-1: Product: syz
[  434.641089][   T10] usb 1-1: Manufacturer: syz
[  434.643024][   T10] usb 1-1: SerialNumber: syz
[  434.651210][   T10] usb 1-1: config 0 descriptor??
[  434.662759][   T10] gspca_main: sn9c2028-2.14.0 probing 0c45:8003
[  434.884970][   T10] gspca_sn9c2028: read1 error -71
[  434.888845][   T10] gspca_sn9c2028: read1 error -71
[  434.896144][   T10] gspca_sn9c2028: read1 error -71
[  434.898160][   T10] sn9c2028 1-1:0.0: probe with driver sn9c2028 failed with error -71
[  434.917470][   T10] usb 1-1: USB disconnect, device number 14
[  437.425102][   T24] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  437.585433][   T24] usb 1-1: Using ep0 maxpacket: 32
[  437.592401][   T24] usb 1-1: config 0 has an invalid interface number: 219 but max is 0
[  437.596967][   T24] usb 1-1: config 0 has no interface number 0
[  437.599618][   T24] usb 1-1: config 0 interface 219 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1023
[  437.613314][   T24] usb 1-1: New USB device found, idVendor=108c, idProduct=0169, bcdDevice=75.b9
[  437.619149][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  437.622583][   T24] usb 1-1: Product: syz
[  437.624484][   T24] usb 1-1: Manufacturer: syz
[  437.626519][   T24] usb 1-1: SerialNumber: syz
[  437.633352][   T24] usb 1-1: config 0 descriptor??
[  437.636385][T16080] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  437.830316][T16101] raw_sendmsg: syz.2.4079 forgot to set AF_INET. Fix it!
[  437.889771][   T24] etas_es58x 1-1:0.219: Starting syz syz (Serial Number syz)
[  437.899741][   T24] usb 1-1: USB disconnect, device number 15
[  438.262100][T16111] /dev/nullb0: Can't lookup blockdev
[  438.558695][   T10] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  438.730227][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  438.734819][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  438.738915][   T10] usb 3-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  438.760850][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  438.783346][   T10] usb 3-1: config 0 descriptor??
[  439.116914][T16131] loop0: detected capacity change from 0 to 32768
[  439.145312][T16131] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  439.203463][T16131] XFS (loop0): Ending clean mount
[  439.212794][T16131] XFS (loop0): Quotacheck needed: Please wait.
[  439.242909][   T10] cp2112 0003:10C4:EA90.0014: unknown main item tag 0x0
[  439.245767][   T10] cp2112 0003:10C4:EA90.0014: unknown main item tag 0x0
[  439.275378][T16131] XFS (loop0): Quotacheck: Done.
[  439.279800][   T10] cp2112 0003:10C4:EA90.0014: unknown main item tag 0x0
[  439.282719][   T10] cp2112 0003:10C4:EA90.0014: unknown main item tag 0x0
[  439.285639][   T10] cp2112 0003:10C4:EA90.0014: unknown main item tag 0x0
[  439.288444][   T10] cp2112 0003:10C4:EA90.0014: unknown main item tag 0x0
[  439.291666][   T10] cp2112 0003:10C4:EA90.0014: unknown main item tag 0x0
[  439.305756][   T10] cp2112 0003:10C4:EA90.0014: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.2-1/input0
[  439.353862][T15772] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  439.462826][   T10] cp2112 0003:10C4:EA90.0014: Part Number: 0x00 Device Version: 0x00
[  439.660836][T16163] loop0: detected capacity change from 0 to 512
[  439.664717][T16163] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  439.686737][T16163] EXT4-fs (loop0): 1 truncate cleaned up
[  439.690240][T16163] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  439.752720][T15772] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  439.881296][T16171] loop0: detected capacity change from 0 to 512
[  439.889938][T16171] EXT4-fs (loop0): couldn't mount as ext3 due to feature incompatibilities
[  440.109860][T16113] i2c i2c-1: Invalid block write size 151
[  440.116642][   T10] cp2112 0003:10C4:EA90.0014: error reading lock byte: -71
[  440.128897][T16181] loop0: detected capacity change from 0 to 256
[  440.133103][   T10] usb 3-1: USB disconnect, device number 7
[  440.136661][T16181] exfat: Deprecated parameter 'namecase'
[  440.138715][T16181] exfat: Deprecated parameter 'utf8'
[  440.147797][T16181] exFAT-fs (loop0): failed to load upcase table (idx : 0x0001ff53, chksum : 0xd72bb7d8, utbl_chksum : 0xe619d30d)
[  440.295548][T16187] netlink: 'syz.7.4116': attribute type 4 has an invalid length.
[  440.298389][T16187] netlink: 24 bytes leftover after parsing attributes in process `syz.7.4116'.
[  440.853551][T16210] syzkaller0: entered promiscuous mode
[  440.856167][T16210] syzkaller0: entered allmulticast mode
[  440.861257][T16210] PF_CAN: dropped non conform CAN FD skbuff: dev type 280, len 65487
[  441.626973][   T33] audit: type=1326 audit(1757384558.447:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16216 comm="syz.0.4131" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7effed98ebe9 code=0x0
[  442.523715][T16250] loop0: detected capacity change from 0 to 32768
[  442.543146][T16250] XFS (loop0): DAX unsupported by block device. Turning off DAX.
[  442.546376][T16250] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  442.567857][T16250] XFS (loop0): Ending clean mount
[  442.573806][T16250] XFS (loop0): Quotacheck needed: Please wait.
[  442.645504][T16250] XFS (loop0): Quotacheck: Done.
[  443.304929][T15772] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  443.592677][T16290] sp0: Synchronizing with TNC
[  444.458922][T16301] input: syz0 as /devices/virtual/input/input24
[  444.580715][T16304] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4164'.
[  444.693227][T16310] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[  445.039534][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[  446.640259][ T7379] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  446.815766][ T7379] usb 3-1: New USB device found, idVendor=07fd, idProduct=0004, bcdDevice=26.50
[  446.821805][ T7379] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  446.825881][ T7379] usb 3-1: Product: syz
[  446.827924][ T7379] usb 3-1: Manufacturer: syz
[  446.830046][ T7379] usb 3-1: SerialNumber: syz
[  446.837607][ T7379] usb 3-1: config 0 descriptor??
[  446.846320][ T7379] usb 3-1: Waiting for MOTU Microbook II to boot up...
[  446.849422][ T7379] usb 3-1: failed setting the sample rate for Motu MicroBook II: -22
[  446.853092][ T7379] snd-usb-audio 3-1:0.0: probe with driver snd-usb-audio failed with error -22
[  447.060640][ T7379] usb 3-1: USB disconnect, device number 8
[  447.724848][   T33] audit: type=1326 audit(1757384564.153:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16364 comm="syz.2.4190" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfd6b8ebe9 code=0x7ffc0000
[  447.736931][   T33] audit: type=1326 audit(1757384564.153:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16364 comm="syz.2.4190" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfd6b8ebe9 code=0x7ffc0000
[  447.745610][   T33] audit: type=1326 audit(1757384564.153:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16364 comm="syz.2.4190" exe="/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fbfd6b8ebe9 code=0x7ffc0000
[  447.759940][   T33] audit: type=1326 audit(1757384564.153:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16364 comm="syz.2.4190" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfd6b8ebe9 code=0x7ffc0000
[  447.770190][   T33] audit: type=1326 audit(1757384564.153:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16364 comm="syz.2.4190" exe="/syz-executor" sig=0 arch=c000003e syscall=226 compat=0 ip=0x7fbfd6b8ebe9 code=0x7ffc0000
[  447.781621][   T33] audit: type=1326 audit(1757384564.153:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16364 comm="syz.2.4190" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfd6b8ebe9 code=0x7ffc0000
[  447.844749][T16369] netlink: 'syz.2.4192': attribute type 83 has an invalid length.
[  449.350199][T16407] ICMPv6: NA: 01:80:c2:00:00:03 advertised our address fe80::aa on syz_tun!
[  449.644099][T16422] netlink: 256 bytes leftover after parsing attributes in process `syz.0.4214'.
[  449.818200][T16428] loop0: detected capacity change from 0 to 512
[  449.823224][T16428] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  449.830588][T16428] EXT4-fs (loop0): orphan cleanup on readonly fs
[  449.833557][T16428] Quota error (device loop0): v2_read_file_info: Block with free entry 4294967071 out of range (1, 6).
[  449.837818][T16428] EXT4-fs warning (device loop0): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  449.842935][T16428] EXT4-fs (loop0): Cannot turn on quotas: error -117
[  449.848703][T16428] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.4217: bg 0: block 40: padding at end of block bitmap is not set
[  449.853878][T16428] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  449.856993][T16428] EXT4-fs (loop0): 1 truncate cleaned up
[  449.860272][T16428] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  449.879860][T15772] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  450.224674][ T7434] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  450.381428][T16442] netlink: 8916 bytes leftover after parsing attributes in process `syz.2.4222'.
[  450.395528][ T7434] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  450.399355][ T7434] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  450.417582][ T7434] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121
[  450.429515][ T7434] usb 1-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  450.432693][ T7434] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  450.436632][ T7434] usb 1-1: Product: syz
[  450.438470][ T7434] usb 1-1: Manufacturer: syz
[  450.440590][ T7434] usb 1-1: SerialNumber: syz
[  450.444143][ T7434] usb 1-1: config 0 descriptor??
[  450.448880][T16436] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  450.452002][T16436] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  450.455816][ T7434] usb 1-1: ucan: probing device on interface #0
[  450.895292][ T7434] usb 1-1: ucan: device reported invalid device info
[  450.898060][ T7434] usb 1-1: ucan: probe failed; try to update the device firmware
[  451.341440][   T24] usb 1-1: USB disconnect, device number 16
[  451.454081][T16457] netlink: 830 bytes leftover after parsing attributes in process `syz.7.4228'.
[  451.459086][T16457] netlink: 830 bytes leftover after parsing attributes in process `syz.7.4228'.
[  451.814466][T16473] openvswitch: netlink: Unexpected mask (mask=200040, allowed=10048)
[  451.924514][T16483] netlink: 'syz.7.4241': attribute type 29 has an invalid length.
[  452.035700][T16493] loop0: detected capacity change from 0 to 512
[  452.041843][T16493] EXT4-fs error (device loop0): ext4_orphan_get:1392: inode #15: comm syz.0.4245: iget: bad i_size value: 38620345925642
[  452.047151][T16493] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.4245: couldn't read orphan inode 15 (err -117)
[  452.056859][T16493] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  452.111058][T15772] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  452.379967][T16515] loop0: detected capacity change from 0 to 4096
[  452.412823][T16517] cifs: Unknown parameter 'no'aN[Gzob,er;%j
[  452.412823][T16517] z,@qJ#"h/.W1ȱnNC"C׈E)8+1<;8+`#'
[  452.486871][T16520] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  452.583751][T16526] loop0: detected capacity change from 0 to 512
[  452.591022][T16526] EXT4-fs: Ignoring removed nomblk_io_submit option
[  452.594316][T16526] EXT4-fs (loop0): filesystem is read-only
[  452.598313][T16526] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[  452.603952][T16526] EXT4-fs (loop0): filesystem is read-only
[  452.614177][T16526] EXT4-fs (loop0): orphan cleanup on readonly fs
[  452.617559][T16526] EXT4-fs error (device loop0): ext4_orphan_get:1392: inode #16: comm syz.0.4259: iget: bad i_size value: 648518346341360424
[  452.630643][T16526] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.4259: couldn't read orphan inode 16 (err -117)
[  452.639960][T16526] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  452.655725][T15772] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  453.826957][T16553] netlink: 'syz.7.4270': attribute type 20 has an invalid length.
[  453.830399][T16553] IPv6: NLM_F_CREATE should be specified when creating new route
[  453.833323][T16553] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  453.836644][T16553] IPv6: NLM_F_CREATE should be set when creating new route
[  453.986812][T16561] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4274'.
[  453.991981][T16561] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4274'.
[  454.057626][T16565] loop0: detected capacity change from 0 to 256
[  454.080268][T16565] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  454.100818][T16565] exFAT-fs (loop0): valid_size(150994954) is greater than size(10)
[  454.249537][T16574] loop0: detected capacity change from 0 to 2048
[  454.263608][T16574] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=66359, location=66359
[  454.276697][T16574] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  454.790303][   T33] audit: type=1800 audit(1757384570.617:166): pid=16588 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.4280" name="file1" dev="loop0" ino=1367 res=0 errno=0
[  455.375424][T16603] netlink: 24 bytes leftover after parsing attributes in process `syz.7.4292'.
[  455.823338][ T7379] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  455.992089][ T7379] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  456.008081][ T7379] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  456.013147][ T7379] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  456.025170][ T7379] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  456.035336][ T7379] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  456.042126][ T7379] usb 1-1: config 0 descriptor??
[  456.425145][T16628] netlink: 40 bytes leftover after parsing attributes in process `syz.7.4304'.
[  456.515977][ T7379] plantronics 0003:047F:FFFF.0015: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  457.266194][   T33] audit: type=1326 audit(1757384573.077:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16636 comm="syz.2.4306" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfd6b8ebe9 code=0x7ffc0000
[  457.275809][   T33] audit: type=1326 audit(1757384573.077:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16636 comm="syz.2.4306" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfd6b8ebe9 code=0x7ffc0000
[  457.285441][   T33] audit: type=1326 audit(1757384573.086:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16636 comm="syz.2.4306" exe="/syz-executor" sig=0 arch=c000003e syscall=193 compat=0 ip=0x7fbfd6b8ebe9 code=0x7ffc0000
[  457.296696][   T33] audit: type=1326 audit(1757384573.086:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16636 comm="syz.2.4306" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfd6b8ebe9 code=0x7ffc0000
[  457.311555][   T33] audit: type=1326 audit(1757384573.086:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16636 comm="syz.2.4306" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfd6b8ebe9 code=0x7ffc0000
[  458.731605][T16656] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4315'.
[  458.795835][   T51] usb 1-1: USB disconnect, device number 17
[  459.340639][   T51] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  459.519744][   T51] usb 1-1: config 0 has an invalid interface number: 168 but max is 0
[  459.525143][   T51] usb 1-1: config 0 has no interface number 0
[  459.527784][   T51] usb 1-1: New USB device found, idVendor=05ab, idProduct=0060, bcdDevice=11.06
[  459.531504][   T51] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  459.541497][   T51] usb 1-1: config 0 descriptor??
[  459.764100][T16671] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  459.771085][T16671] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  459.776597][   T54] Bluetooth: hci1: Malformed LE Event: 0x0d
[  459.781507][   T51] usb 1-1: string descriptor 0 read error: -71
[  459.785095][   T51] usb-storage 1-1:0.168: USB Mass Storage device detected
[  459.791318][   T51] usb-storage 1-1:0.168: Quirks match for vid 05ab pid 0060: 2
[  459.847127][   T51] usb 1-1: USB disconnect, device number 18
[  460.235774][T16694] netlink: 48 bytes leftover after parsing attributes in process `syz.2.4331'.
[  460.419308][T16702] program syz.2.4334 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  461.097919][T16725] netlink: 68 bytes leftover after parsing attributes in process `syz.7.4345'.
[  461.321553][T16738] netlink: 16255 bytes leftover after parsing attributes in process `syz.0.4352'.
[  461.825908][T16757] netlink: 12 bytes leftover after parsing attributes in process `syz.7.4360'.
[  461.830000][T16757] netlink: 12 bytes leftover after parsing attributes in process `syz.7.4360'.
[  461.838751][T16757] netlink: 32 bytes leftover after parsing attributes in process `syz.7.4360'.
[  462.411719][T16768] 9pnet: p9_errstr2errno: server reported unknown error 184467440
[  462.425843][T16770] loop0: detected capacity change from 0 to 128
[  465.303258][T16799] batadv_slave_0: entered promiscuous mode
[  465.308578][T16797] batadv_slave_0: left promiscuous mode
[  466.135095][T16810] bridge1: the hash_elasticity option has been deprecated and is always 16
[  466.767130][T16829] veth3: entered promiscuous mode
[  466.768869][T16829] veth3: entered allmulticast mode
[  468.675345][T16857] autofs4:pid:16857:validate_dev_ioctl: invalid path supplied for cmd(0xc018937a)
[  469.088173][T16848] overlayfs: overlapping lowerdir path
[  469.152277][T16867] netlink: 'syz.7.4406': attribute type 4 has an invalid length.
[  469.737542][T16888] Invalid source name
[  470.129252][T16901] input: syz1 as /devices/virtual/input/input25
[  470.140519][T16859] loop0: detected capacity change from 0 to 262144
[  470.151259][T16859] F2FS-fs (loop0): invalid crc value
[  470.208176][T16859] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  470.215187][T16859] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  470.242693][   T33] audit: type=1800 audit(1757384585.219:172): pid=16859 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.4402" name="bus" dev="loop0" ino=10 res=0 errno=0
[  471.988097][   T51] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  472.095803][ T7379] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  472.163482][   T51] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  472.167918][   T51] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  472.172233][   T51] usb 1-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  472.175899][   T51] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  472.181717][   T51] usb 1-1: config 0 descriptor??
[  472.257346][ T7379] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  472.262106][ T7379] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  472.266891][ T7379] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  472.273296][ T7379] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  472.277354][ T7379] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  472.282909][ T7379] usb 3-1: config 0 descriptor??
[  472.628709][   T51] cm6533_jd 0003:0D8C:0022.0016: invalid report_size -101239751
[  472.632123][   T51] cm6533_jd 0003:0D8C:0022.0016: item 0 4 1 7 parsing failed
[  472.636970][   T51] cm6533_jd 0003:0D8C:0022.0016: parse failed
[  472.644744][   T51] cm6533_jd 0003:0D8C:0022.0016: probe with driver cm6533_jd failed with error -22
[  472.724807][ T7379] plantronics 0003:047F:FFFF.0017: reserved main item tag 0xe
[  472.728393][ T7379] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0
[  472.734849][ T7379] plantronics 0003:047F:FFFF.0017: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  472.847653][ T7379] usb 1-1: USB disconnect, device number 19
[  472.944598][ T5849] usb 3-1: USB disconnect, device number 9
[  474.218682][ T5849] hid-generic 0008:0007:0000.0018: hidraw0: <UNKNOWN> HID v0.04 Device [syz0] on syz0
[  474.419044][T17025] netlink: 20 bytes leftover after parsing attributes in process `syz.7.4476'.
[  475.837155][T17052] rdma_op ffff88810ebad1f0 conn xmit_rdma 0000000000000000
[  476.164091][T17057] netlink: 'syz.0.4488': attribute type 2 has an invalid length.
[  476.305307][T17069] autofs: Bad value for 'fd'
[  476.374571][T17073] tmpfs: Bad value for 'usrquota_block_hardlimit'
[  476.476918][T17067] loop0: detected capacity change from 0 to 32768
[  476.513697][T17067] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  476.539516][T17067] XFS (loop0): Ending clean mount
[  476.548215][T17067] XFS (loop0): Quotacheck needed: Please wait.
[  476.633619][T17067] XFS (loop0): Quotacheck: Done.
[  476.664318][T15772] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  476.664328][T17098] netlink: 'syz.7.4503': attribute type 3 has an invalid length.
[  476.712087][T17100] netlink: 12 bytes leftover after parsing attributes in process `syz.7.4505'.
[  477.409662][T17121] loop0: detected capacity change from 0 to 256
[  477.823605][T17127] syz.0.4514 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  477.883118][T17130] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4516'.
[  479.045386][T17162] loop0: detected capacity change from 0 to 4096
[  479.470061][T17178] cgroup: none used incorrectly
[  479.596728][T17184] loop0: detected capacity change from 0 to 4096
[  479.601727][T17184] ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512).
[  479.627107][T17184] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[  479.638216][T17184] ntfs3(loop0): Failed to initialize $Extend/$Reparse.
[  480.057246][T17211] netlink: 12 bytes leftover after parsing attributes in process `syz.7.4552'.
[  480.260444][T17221] loop0: detected capacity change from 0 to 4096
[  480.276221][T17221] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512).
[  480.423183][T17235] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4564'.
[  480.537775][T17242] loop0: detected capacity change from 0 to 2048
[  480.548321][T17242] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  481.365847][   T33] audit: type=1326 audit(1757384595.630:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17264 comm="syz.0.4577" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7effed98ebe9 code=0x0
[  481.662261][T17277] loop0: detected capacity change from 0 to 8
[  481.677043][T17277] SQUASHFS error: Unable to read directory block [1d0:62]
[  481.816325][T17286] tmpfs: Bad value for 'mpol'
[  482.023653][T17296] loop0: detected capacity change from 0 to 512
[  482.026667][T17296] EXT4-fs: Ignoring removed orlov option
[  482.029069][T17296] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[  482.033796][T17296] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c119, mo2=0002]
[  482.038211][T17296] EXT4-fs error (device loop0): ext4_iget_extra_inode:5104: inode #15: comm syz.0.4592: corrupted in-inode xattr: e_value size too large
[  482.044139][T17296] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.4592: couldn't read orphan inode 15 (err -117)
[  482.052884][T17296] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  482.089342][T15772] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  482.188001][T17305] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4595'.
[  482.565203][   T54] Bluetooth: hci0: command tx timeout
[  483.085671][T17333] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  483.224231][T17341] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4612'.
[  483.237378][T17341] batadv0: entered promiscuous mode
[  483.239823][T17341] macsec1: entered promiscuous mode
[  483.242266][T17341] macsec1: entered allmulticast mode
[  483.244176][T17341] batadv0: entered allmulticast mode
[  483.332166][T17347] openvswitch: netlink: VXLAN extension message has 4 unknown bytes.
[  483.672408][   T51] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  483.836290][   T51] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[  483.840312][   T51] usb 3-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94
[  483.850096][   T51] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  483.856738][   T51] usb 3-1: config 0 descriptor??
[  484.035861][ T7215] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  484.086769][ T7379] usb 3-1: USB disconnect, device number 10
[  484.218658][ T7215] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  484.222812][ T7215] usb 1-1: config 0 interface 0 has no altsetting 0
[  484.232635][ T7215] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  484.236265][ T7215] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  484.241178][ T7215] usb 1-1: Product: syz
[  484.242932][ T7215] usb 1-1: Manufacturer: syz
[  484.244806][ T7215] usb 1-1: SerialNumber: syz
[  484.265089][ T7215] usb 1-1: config 0 descriptor??
[  484.272413][ T7215] usb 1-1: selecting invalid altsetting 0
[  484.715748][ T7379] usb 1-1: USB disconnect, device number 20
[  485.351355][T17402] delete_channel: no stack
[  485.353181][T17402] delete_channel: no stack
[  486.063887][ T7379] hid-generic 00A0:0008:0003.0019: unknown main item tag 0x0
[  486.072147][ T7379] hid-generic 00A0:0008:0003.0019: unknown main item tag 0x0
[  486.078701][ T7379] hid-generic 00A0:0008:0003.0019: unknown main item tag 0x0
[  486.083438][ T7379] hid-generic 00A0:0008:0003.0019: unknown main item tag 0x0
[  486.087558][ T7379] hid-generic 00A0:0008:0003.0019: unknown main item tag 0x0
[  486.096760][ T7379] hid-generic 00A0:0008:0003.0019: unknown main item tag 0x0
[  486.104783][ T7379] hid-generic 00A0:0008:0003.0019: unknown main item tag 0x0
[  486.110638][ T7379] hid-generic 00A0:0008:0003.0019: unknown main item tag 0x0
[  486.116048][ T7379] hid-generic 00A0:0008:0003.0019: unknown main item tag 0x0
[  486.121429][ T7379] hid-generic 00A0:0008:0003.0019: unknown main item tag 0x0
[  486.139343][ T7379] hid-generic 00A0:0008:0003.0019: hidraw0: <UNKNOWN> HID v0.05 Device [syz1] on syz0
[  486.960372][T17471] loop0: detected capacity change from 0 to 2048
[  486.999964][T17471] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  487.017943][T17471] EXT4-fs (loop0): Online resizing not supported with bigalloc
[  487.039171][T15772] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  487.242571][T17494] vivid-007: =================  START STATUS  =================
[  487.253107][T17494] vivid-007: Enable Output Cropping: true grabbed
[  487.264481][T17494] vivid-007: Enable Output Composing: true grabbed
[  487.267139][T17494] vivid-007: Enable Output Scaler: true grabbed
[  487.269713][T17494] vivid-007: Tx RGB Quantization Range: Automatic grabbed
[  487.272590][T17494] vivid-007: Transmit Mode: HDMI grabbed
[  487.274809][T17494] vivid-007: Hotplug Present: 0x00000000
[  487.290771][T17494] vivid-007: RxSense Present: 0x00000000
[  487.293118][T17494] vivid-007: EDID Present: 0x00000000
[  487.295294][T17494] vivid-007: ==================  END STATUS  ==================
[  487.331665][T17501] netlink: 28 bytes leftover after parsing attributes in process `syz.7.4684'.
[  487.335364][T17501] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4684'.
[  487.638298][T17519] Bluetooth: MGMT ver 1.23
[  487.653510][T17521] netlink: 12 bytes leftover after parsing attributes in process `syz.7.4692'.
[  487.661004][T17521] vlan0: entered promiscuous mode
[  487.886409][T17535] x_tables: ip_tables: recent.0 match: invalid size 216 (kernel) != (user) 4096
[  488.053237][T17549] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4706'.
[  488.926569][T17573] netlink: 'syz.7.4717': attribute type 2 has an invalid length.
[  489.094679][T17581] loop0: detected capacity change from 0 to 2048
[  489.099658][T17581] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found!
[  489.107380][T17581] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  489.752133][T17602] loop0: detected capacity change from 0 to 512
[  489.792287][T17602] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.4730: bg 0: block 248: padding at end of block bitmap is not set
[  489.797297][T17602] Quota error (device loop0): write_blk: dquota write failed
[  489.803725][T17602] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  489.809175][T17602] EXT4-fs error (device loop0): ext4_acquire_dquot:6937: comm syz.0.4730: Failed to acquire dquot type 1
[  489.815227][T17602] EXT4-fs (loop0): 1 truncate cleaned up
[  489.818445][T17602] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  489.826723][T17602] ext4 filesystem being mounted at /212/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  489.922510][T15772] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  489.933158][   T32] Quota error (device loop0): do_check_range: Getting block 0 out of range 1-5
[  489.940043][   T32] EXT4-fs error (device loop0): ext4_release_dquot:6973: comm kworker/u9:1: Failed to release dquot type 1
[  490.326206][T17621] netlink: 108 bytes leftover after parsing attributes in process `syz.7.4737'.
[  491.249322][T17627] ceph: No mds server is up or the cluster is laggy
[  491.322101][T17640] netlink: 228 bytes leftover after parsing attributes in process `syz.2.4743'.
[  491.436162][T17647] netlink: 96 bytes leftover after parsing attributes in process `syz.7.4746'.
[  491.444661][T17647] netlink: 15 bytes leftover after parsing attributes in process `syz.7.4746'.
[  491.778857][T17667] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4756'.
[  492.323788][T17684] overlayfs: failed to decode file handle (len=6, type=251, flags=0, err=-22)
[  493.093475][ T6144] Bluetooth: hci1: command 0x0405 tx timeout
[  494.523013][T17738] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes.
[  494.682721][T17751] netlink: 'syz.0.4788': attribute type 2 has an invalid length.
[  495.570130][T17768] loop0: detected capacity change from 0 to 32768
[  495.590653][T17768] ERROR: (device loop0): xtSearch: xt_getpage: xtree page corrupt
[  495.590653][T17768] 
[  495.595833][T17768] xtLookup: xtSearch returned -5
[  495.597826][T17768] read_mapping_page failed!
[  495.599606][T17768] jfs_mount: diMount(ipaimap) failed w/rc = -5
[  495.607594][T17768] Mount JFS Failure: -5
[  495.609324][T17768] jfs_mount failed w/return code = -5
[  496.789930][ T7434] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  496.875360][ T7215] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  496.973672][ T7434] usb 1-1: Using ep0 maxpacket: 8
[  496.978643][ T7434] usb 1-1: unable to get BOS descriptor or descriptor too short
[  496.984714][ T7434] usb 1-1: config 62 has an invalid interface number: 59 but max is 1
[  496.988055][ T7434] usb 1-1: config 62 has no interface number 1
[  496.990616][ T7434] usb 1-1: config 62 interface 0 has no altsetting 0
[  496.994376][ T7434] usb 1-1: config 62 interface 59 has no altsetting 0
[  496.999580][ T7434] usb 1-1: New USB device found, idVendor=0a4e, idProduct=4040, bcdDevice=40.3d
[  497.003218][ T7434] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  497.006565][ T7434] usb 1-1: Product: syz
[  497.008133][ T7434] usb 1-1: Manufacturer: syz
[  497.010051][ T7434] usb 1-1: SerialNumber: syz
[  497.038346][ T7215] usb 3-1: Using ep0 maxpacket: 8
[  497.043058][ T7215] usb 3-1: config 0 has an invalid interface number: 239 but max is 0
[  497.046536][ T7215] usb 3-1: config 0 has no interface number 0
[  497.049932][ T7215] usb 3-1: config 0 interface 239 altsetting 0 has an endpoint descriptor with address 0x64, changing to 0x4
[  497.054550][ T7215] usb 3-1: config 0 interface 239 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 8
[  497.061630][ T7215] usb 3-1: New USB device found, idVendor=04da, idProduct=390d, bcdDevice=99.1a
[  497.065313][ T7215] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  497.069530][ T7215] usb 3-1: Product: syz
[  497.071409][ T7215] usb 3-1: Manufacturer: syz
[  497.073388][ T7215] usb 3-1: SerialNumber: syz
[  497.078919][ T7215] usb 3-1: config 0 descriptor??
[  497.082117][T17814] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  497.271718][ T7434] usb 1-1: selecting invalid altsetting 0
[  497.342361][ T7215] ath6kl: Failed to submit usb control message: -71
[  497.345041][ T7215] ath6kl: unable to send the bmi data to the device: -71
[  497.365111][ T7434] usb 1-1: USB disconnect, device number 21
[  497.369618][T17818] netlink: 'syz.7.4819': attribute type 1 has an invalid length.
[  497.385228][ T7215] ath6kl: Unable to send get target info: -71
[  497.390740][ T7215] ath6kl: Failed to init ath6kl core: -71
[  497.395355][ T7215] ath6kl_usb 3-1:0.239: probe with driver ath6kl_usb failed with error -71
[  497.408753][ T7215] usb 3-1: USB disconnect, device number 11
[  497.510332][T17822] netlink: 16 bytes leftover after parsing attributes in process `syz.7.4821'.
[  499.135813][T17871] l2tp_ppp: sess 2/0: no socket in recv
[  499.148543][T17874] netlink: 'syz.0.4842': attribute type 21 has an invalid length.
[  499.199321][T17879] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4844'.
[  499.202942][T17879] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4844'.
[  499.813453][T17890] overlayfs: failed to clone upperpath
[  500.623075][ T6186] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  500.805050][ T6186] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  500.831260][T17914] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4859'.
[  501.007556][ T6186] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  501.200473][ T6186] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  501.226519][T17939] netdevsim netdevsim7 netdevsim0: left promiscuous mode
[  501.228822][T17939] netdevsim netdevsim7 netdevsim0: entered allmulticast mode
[  501.572134][T17952] netlink: 'syz.7.4876': attribute type 1 has an invalid length.
[  501.581821][T17952] nbd: couldn't find a device at index 393224
[  501.821977][ T6186] bridge_slave_1: left allmulticast mode
[  501.824323][ T6186] bridge_slave_1: left promiscuous mode
[  501.833836][ T6186] bridge0: port 2(bridge_slave_1) entered disabled state
[  501.842915][ T6186] bridge_slave_0: left allmulticast mode
[  501.845409][ T6186] bridge_slave_0: left promiscuous mode
[  501.848471][ T6186] bridge0: port 1(bridge_slave_0) entered disabled state
[  502.315601][T17976] loop0: detected capacity change from 0 to 1764
[  502.946089][ T6186] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  502.952763][ T6186] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  502.959557][ T6186] bond0 (unregistering): Released all slaves
[  503.102554][ T6186] IPVS: stopping master sync thread 13801 ...
[  503.429850][ T6186] hsr_slave_0: left promiscuous mode
[  503.439296][ T6186] hsr_slave_1: left promiscuous mode
[  503.444679][ T6186] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  503.447528][ T6186] batman_adv: batadv0: Removing interface: batadv_slave_0
[  503.456294][ T6186] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  503.459625][ T6186] batman_adv: batadv0: Removing interface: batadv_slave_1
[  503.485664][ T6186] veth1_macvtap: left promiscuous mode
[  503.488113][ T6186] veth0_macvtap: left promiscuous mode
[  503.490486][ T6186] veth1_vlan: left promiscuous mode
[  503.496718][ T6186] veth0_vlan: left promiscuous mode
[  503.697791][ T6144] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  503.747864][ T6144] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  503.753703][ T6144] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  503.757364][ T6144] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  503.760938][ T6144] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  503.941137][T18004] netlink: 'syz.7.4900': attribute type 1 has an invalid length.
[  504.411119][ T6186] team0 (unregistering): Port device team_slave_1 removed
[  504.482413][ T6186] team0 (unregistering): Port device team_slave_0 removed
[  505.271159][T18004] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR
[  505.350085][T18001] wlan0 speed is unknown, defaulting to 1000
[  505.364490][T18001] lo speed is unknown, defaulting to 1000
[  505.798059][T18001] chnl_net:caif_netlink_parms(): no params data found
[  505.995735][ T6144] Bluetooth: hci1: command tx timeout
[  506.154572][ T6186] ------------[ cut here ]------------
[  506.157738][ T6186] WARNING: CPU: 1 PID: 6186 at net/xfrm/xfrm_state.c:3308 xfrm_state_fini+0x289/0x2f0
[  506.161740][ T6186] Modules linked in:
[  506.165582][ T6186] CPU: 1 UID: 0 PID: 6186 Comm: kworker/u8:3 Not tainted syzkaller #0 PREEMPT(full) 
[  506.170548][ T6186] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  506.174937][ T6186] Workqueue: netns cleanup_net
[  506.177246][ T6186] RIP: 0010:xfrm_state_fini+0x289/0x2f0
[  506.179519][ T6186] Code: 41 5f 5d e9 d9 4c e1 f7 e8 74 20 9d f7 90 0f 0b 90 e9 fd fd ff ff e8 66 20 9d f7 90 0f 0b 90 e9 60 fe ff ff e8 58 20 9d f7 90 <0f> 0b 90 43 80 3c 2c 00 0f 85 c7 fe ff ff e9 ca fe ff ff e8 3f 20
[  506.187736][ T6186] RSP: 0018:ffffc90002e0f898 EFLAGS: 00010293
[  506.190240][ T6186] RAX: ffffffff8a228e88 RBX: ffff888105384880 RCX: ffff8881099a0000
[  506.193473][ T6186] RDX: 0000000000000000 RSI: ffffffff8d9b9313 RDI: ffffffff8be33980
[  506.196718][ T6186] RBP: 0000000000000040 R08: ffffffff8fa3a037 R09: 1ffffffff1f47406
[  506.199986][ T6186] R10: dffffc0000000000 R11: fffffbfff1f47407 R12: 1ffff11020a70ba4
[  506.203248][ T6186] R13: dffffc0000000000 R14: ffff888105385d20 R15: ffff888022faf600
[  506.206594][ T6186] FS:  0000000000000000(0000) GS:ffff8881a3c15000(0000) knlGS:0000000000000000
[  506.211669][ T6186] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  506.215042][ T6186] CR2: 0000200000021000 CR3: 00000000390fa000 CR4: 00000000000006f0
[  506.218511][ T6186] Call Trace:
[  506.219839][ T6186]  <TASK>
[  506.220953][ T6186]  xfrm_net_exit+0x2d/0x70
[  506.222884][ T6186]  ops_undo_list+0x49a/0x990
[  506.224718][ T6186]  ? __pfx_ops_undo_list+0x10/0x10
[  506.226628][ T6186]  ? do_raw_spin_unlock+0x4d/0x240
[  506.229068][ T6186]  cleanup_net+0x4c5/0x800
[  506.230839][ T6186]  ? __pfx_cleanup_net+0x10/0x10
[  506.232733][ T6186]  ? _raw_spin_unlock_irq+0x23/0x50
[  506.234785][ T6186]  ? process_scheduled_works+0x9ef/0x17b0
[  506.237055][ T6186]  ? process_scheduled_works+0x9ef/0x17b0
[  506.239414][ T6186]  process_scheduled_works+0xae1/0x17b0
[  506.241671][ T6186]  ? __pfx_process_scheduled_works+0x10/0x10
[  506.244189][ T6186]  worker_thread+0x8a0/0xda0
[  506.246049][ T6186]  ? __kthread_parkme+0x7b/0x200
[  506.247999][ T6186]  kthread+0x711/0x8a0
[  506.249679][ T6186]  ? __pfx_worker_thread+0x10/0x10
[  506.252120][ T6186]  ? __pfx_kthread+0x10/0x10
[  506.253936][ T6186]  ? __pfx_kthread+0x10/0x10
[  506.255727][ T6186]  ret_from_fork+0x3fc/0x770
[  506.257610][ T6186]  ? __pfx_ret_from_fork+0x10/0x10
[  506.259682][ T6186]  ? __switch_to_asm+0x39/0x70
[  506.262099][ T6186]  ? __switch_to_asm+0x33/0x70
[  506.263951][ T6186]  ? __pfx_kthread+0x10/0x10
[  506.265796][ T6186]  ret_from_fork_asm+0x1a/0x30
[  506.267664][ T6186]  </TASK>
[  506.268928][ T6186] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  506.271866][ T6186] CPU: 1 UID: 0 PID: 6186 Comm: kworker/u8:3 Not tainted syzkaller #0 PREEMPT(full) 
[  506.275569][ T6186] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  506.279650][ T6186] Workqueue: netns cleanup_net
[  506.281576][ T6186] Call Trace:
[  506.282890][ T6186]  <TASK>
[  506.284067][ T6186]  dump_stack_lvl+0x99/0x250
[  506.285913][ T6186]  ? __asan_memcpy+0x40/0x70
[  506.287751][ T6186]  ? __pfx_dump_stack_lvl+0x10/0x10
[  506.289843][ T6186]  ? __pfx__printk+0x10/0x10
[  506.291711][ T6186]  vpanic+0x281/0x750
[  506.293359][ T6186]  ? __pfx__printk+0x10/0x10
[  506.295233][ T6186]  ? __pfx_vpanic+0x10/0x10
[  506.297063][ T6186]  ? is_bpf_text_address+0x292/0x2b0
[  506.299132][ T6186]  panic+0xb9/0xc0
[  506.300642][ T6186]  ? __pfx_panic+0x10/0x10
[  506.302564][ T6186]  __warn+0x31b/0x4b0
[  506.304228][ T6186]  ? xfrm_state_fini+0x289/0x2f0
[  506.306239][ T6186]  ? xfrm_state_fini+0x289/0x2f0
[  506.308244][ T6186]  report_bug+0x2be/0x4f0
[  506.309989][ T6186]  ? xfrm_state_fini+0x289/0x2f0
[  506.312035][ T6186]  ? xfrm_state_fini+0x289/0x2f0
[  506.313936][ T6186]  ? xfrm_state_fini+0x28b/0x2f0
[  506.315819][ T6186]  handle_bug+0x84/0x160
[  506.317537][ T6186]  exc_invalid_op+0x1a/0x50
[  506.319403][ T6186]  asm_exc_invalid_op+0x1a/0x20
[  506.321429][ T6186] RIP: 0010:xfrm_state_fini+0x289/0x2f0
[  506.323657][ T6186] Code: 41 5f 5d e9 d9 4c e1 f7 e8 74 20 9d f7 90 0f 0b 90 e9 fd fd ff ff e8 66 20 9d f7 90 0f 0b 90 e9 60 fe ff ff e8 58 20 9d f7 90 <0f> 0b 90 43 80 3c 2c 00 0f 85 c7 fe ff ff e9 ca fe ff ff e8 3f 20
[  506.331233][ T6186] RSP: 0018:ffffc90002e0f898 EFLAGS: 00010293
[  506.333886][ T6186] RAX: ffffffff8a228e88 RBX: ffff888105384880 RCX: ffff8881099a0000
[  506.336929][ T6186] RDX: 0000000000000000 RSI: ffffffff8d9b9313 RDI: ffffffff8be33980
[  506.339911][ T6186] RBP: 0000000000000040 R08: ffffffff8fa3a037 R09: 1ffffffff1f47406
[  506.342583][ T6186] R10: dffffc0000000000 R11: fffffbfff1f47407 R12: 1ffff11020a70ba4
[  506.345013][ T6186] R13: dffffc0000000000 R14: ffff888105385d20 R15: ffff888022faf600
[  506.347357][ T6186]  ? xfrm_state_fini+0x288/0x2f0
[  506.348871][ T6186]  ? xfrm_state_fini+0x288/0x2f0
[  506.350600][ T6186]  xfrm_net_exit+0x2d/0x70
[  506.352287][ T6186]  ops_undo_list+0x49a/0x990
[  506.354116][ T6186]  ? __pfx_ops_undo_list+0x10/0x10
[  506.355950][ T6186]  ? do_raw_spin_unlock+0x4d/0x240
[  506.358353][ T6186]  cleanup_net+0x4c5/0x800
[  506.360273][ T6186]  ? __pfx_cleanup_net+0x10/0x10
[  506.362214][ T6186]  ? _raw_spin_unlock_irq+0x23/0x50
[  506.363914][ T6186]  ? process_scheduled_works+0x9ef/0x17b0
[  506.365755][ T6186]  ? process_scheduled_works+0x9ef/0x17b0
[  506.367540][ T6186]  process_scheduled_works+0xae1/0x17b0
[  506.369278][ T6186]  ? __pfx_process_scheduled_works+0x10/0x10
[  506.371353][ T6186]  worker_thread+0x8a0/0xda0
[  506.373094][ T6186]  ? __kthread_parkme+0x7b/0x200
[  506.375020][ T6186]  kthread+0x711/0x8a0
[  506.376548][ T6186]  ? __pfx_worker_thread+0x10/0x10
[  506.378416][ T6186]  ? __pfx_kthread+0x10/0x10
[  506.379964][ T6186]  ? __pfx_kthread+0x10/0x10
[  506.381492][ T6186]  ret_from_fork+0x3fc/0x770
[  506.382908][ T6186]  ? __pfx_ret_from_fork+0x10/0x10
[  506.384844][ T6186]  ? __switch_to_asm+0x39/0x70
[  506.386732][ T6186]  ? __switch_to_asm+0x33/0x70
[  506.388646][ T6186]  ? __pfx_kthread+0x10/0x10
[  506.390485][ T6186]  ret_from_fork_asm+0x1a/0x30
[  506.392387][ T6186]  </TASK>
[  506.394350][ T6186] Kernel Offset: disabled
[  506.396206][ T6186] Rebooting in 86400 seconds..

VM DIAGNOSIS:
02:23:57  Registers:
info registers vcpu 0

CPU#0
RAX=ffffffff8fb7eba0 RBX=ffffffff8fb7eba0 RCX=ffffffff8fb7eba8 RDX=ffffffff8fb7eb8c
RSI=ffffffff90342432 RDI=ffffffff8be33920 RBP=ffffffff8fb7eb8c RSP=ffffc900031ced98
R8 =000000000000000e R9 =ffffffff8172c195 R10=ffffc900031ceeb8 R11=ffffffff81ac3ae0
R12=ffffffff8184636e R13=ffffffff8fb7eb8c R14=ffffc900031cee68 R15=ffffffff8fb7eba4
RIP=ffffffff8172d3c6 RFL=00000283 [--S---C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 000055558a788500 ffffffff 00c00000
GS =0000 ffff8880b8615000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f9b530f7d60 CR3=000000000df36000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00007f9b525976c3 00007f9b525976c3 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 00ff000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 0000000000ff0000 XMM05=000055558a7a3aff 000055558a7a3990
XMM06=000055558a7a1164 000055558a7a1160 XMM07=0004980300080004 9003000800048803
XMM08=0208000480030380 040881c3889a0800 XMM09=6c5f636c6c5f636d 7320622030306566
XMM10=34312e79656b5f5f 2e74696e695f7267 XMM11=3265663030613966 666666666666660a
XMM12=3132303863616d20 6220306537313130 XMM13=5f5f2e74696e695f 6365736c6c5f3435
XMM14=3130613966666666 666666660a79656b XMM15=3435313230386361 6d20622030303831
info registers vcpu 1

CPU#1
RAX=0000000000000020 RBX=0000000000000020 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc90002e0f030
R8 =ffff888106480237 R9 =1ffff11020c90046 R10=dffffc0000000000 R11=ffffffff854f6e40
R12=dffffc0000000000 R13=ffffffff99b008ef R14=ffffffff99df5420 R15=0000000000000000
RIP=ffffffff854f6ebc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c15000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000200000021000 CR3=00000000390fa000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 000000ff00000000 XMM05=0000000000000000 00007f09b1a12e53
XMM06=0000000000000000 00007f09b1a12e4d XMM07=0000000000000000 00007f09b1a12e61
XMM08=0000000000000000 00007f09b1a12ee7 XMM09=0000000000000000 00007f09b1a12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
