last executing test programs:

1m46.262953585s ago: executing program 2 (id=215):
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x0, 0xc26bfe8e8f6baca8}, 0x20)

1m46.26089369s ago: executing program 2 (id=216):
r0 = socket(0x200000100000011, 0x3, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000240)={'batadv0\x00', <r2=>0x0})
bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x800b, 0x4)
sendmsg$netlink(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000580)=ANY=[@ANYBLOB="34000000020000010040030000000000d96e6c8d5e85080045f0"], 0x34}], 0x1}, 0x0)

1m46.000555313s ago: executing program 2 (id=221):
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000036000/0x2000)=nil, &(0x7f0000594000/0x4000)=nil, &(0x7f0000f36000/0x2000)=nil, &(0x7f0000918000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000c12000/0x2000)=nil, &(0x7f000003f000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0x30}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r0 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1})
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1d, 0x4, 0x1, 0xbf22, 0x0, 0xffffffffffffffff, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x200002, 0x1}, 0x50)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)

1m45.940434296s ago: executing program 2 (id=223):
syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x400c84, &(0x7f0000000340), 0x1, 0x786, &(0x7f0000001900)="$eJzs3c9rHGUfAPDvbJKmTfu+yQsvaL0YEDRQmpgaWwWFigcRLBT0bLtstqFmky3ZTWlCQIsIXgQVD4JeevLgj3rz6o+r/hcexFI1LVY8SGQ2s+2m2U03abIbzecDk32emdl8n+/Or2d3hpkA9qzh9E8u4nBEvJtEDGbjk4joq5V6I06uzndreamQDkmsrLz8a1Kb5+byUiEa3pM6mFUejIhv34o4klsft7KwOJ0vlYpzWX2sOnNhrLKwePT8TH6qOFWcPT4+MXHsxJMnjm9frr//sHjo2nsvPPbFyT/ffODqO98lcTIOZdMa89iyZ9dWh2M4+0z60o9wjefvO9juknS7AWxJumn2rG7lcTgGo6dWAgD+zV6PiBUAYI9JHP8BYI+p/w5wc3mpUB+6+4tEZ11/LiL2r+ZfP7+5OqU3O2e3v3YedOBmsubMSBIRQ9sQfzgiPv7q1c/SIbbrPCRAG964HBFnh4bX7/+TddcsbNbjG0zbl70O3zU+je8MNHTG12n/56lm/b/c7f5PNOn/9DfZdrei2fa/ZsSBbQiygeufRDzTcG3brYb8M0M9We0/tT5fX3LufKmY7tv+GxEj0def1sc3iDFy468braY19v9+e/+1T9P46eudOXI/9/avfc9kvpq/n5wbXb8c8VBvs/yT28s/adH/Pd1mjBeffvujVtPS/NN868P6/CO7OmlnrFyJeLTp8r9zRVuy4fWJY7XVYay+UjTx5Y8fDrSK37j80yGNX/8u0Anp8h/YOP+hpPF6zcrmY3x/ZfCbVtPunX/z9X9f8kqtXO9HXMpXq3PjEfuSl9aPP3bnvZfyD2el1fnT/Eceab79b7T+p98Jz7aZf++1Xz7fev47K81/clPLf/OFq7eme1rFb2/5T9RKI9mYdvZ/7Tbwfj47AAAAAAAAAAAAAAAAAAAAAAAAAGhXLiIORZIbvV3O5UZHV5/h/f8YyJXKleqRc+X52cmoPSt7KPpy9VtdDjbcD3U8ux9+vX7srvoTEfG/iPig/0BSv4/iZJdzBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC6gy2e/5/6qb/brQMAdsz+bjcAAOg4x38A2Hsc/wFg72nv+N+z4+0AADrH938A2Hsc/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANhhp0+dSoeVP5aXCml98uLC/HT54tHJYmV6dGa+MFooz10YnSqXp0rF0UJ55l7/r1QuX5iI2flLY9VipTpWWVg8M1Oen62eOT+TnyqeKfZ1JCsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2JzKwuJ0vlQqzilsobCyO5rR/UJPtjrtlvZ0tJDsjmZsc6HLOyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf4i/AwAA//+3ACFj")
creat(&(0x7f0000000300)='./bus\x00', 0x0)
mount(&(0x7f0000000440)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x40, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x400, 0x0, 0x0, 0x1, 0x0, "ef35af413bb901527fe4d0ce5d29c3ee5e5c3676345a41499db7aac63a01000000000000004faa2ae2c084a0ea0000000000000000000c00002000", "036c47c67808200400000000000000335263bdbcef549ba197fce47ddfdd753abd950100002a00ffffffffffffffff00000000e8f20000000200", "b7326736181c208220000000b9000000000000000000f0fffffffff2ff00", [0x4]})
r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r1, 0x0, 0x0)

1m44.7508878s ago: executing program 2 (id=226):
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x10800, &(0x7f00000002c0)={[{@allow_utime}, {@gid}, {@utf8}, {@errors_continue}, {@iocharset={'iocharset', 0x3d, 'cp861'}}, {@iocharset={'iocharset', 0x3d, 'cp869'}}, {@fmask={'fmask', 0x3d, 0x8000}}, {@discard}, {@fmask={'fmask', 0x3d, 0x200}}, {@iocharset={'iocharset', 0x3d, 'maccroatian'}}]}, 0x1, 0x152d, &(0x7f0000001f80)="$eJzs3AuYTtUaOPD3XWvtMSS+JrkMa6138yWXZZIklyS5JEklSXJLSJrkSEJiCEkakpBchiSGkFwmJo37/X5JSJImSXLLLVn/Z8Lf6dT5dy79j/OceX/Psx/rtfZa+93f+13W3jPzfddlSK3Gtas3JCL4t+CFf5IAIBYABgBAXgAIAKB8XPm4rP6cEpP+vYOwP9dDqVc6A3Ylcf2zN65/9sb1z964/tkb1z974/pnb1z/7I3rz1h2tnFqoWt4y74b3//Pzvjz/39IZpkxX60uc11XgJh/dAjXP3vj+v/PCv6Rnbj+2RvXP7uKvdIJsP8C/PrPDnL83R6uf/bG9WcsO7vS95+v9AaR/7LH4HDOC4X5T50/Y4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDH2H3DaX6YA4FL7SufFGGOMMcYYY4yxP4/PcaUzYIwxxhhjjDHG2P9/CAIkKAggBnJALOSEXCAA4GrIA3khAtdAHFwL+eA6yA8FoCAUgngoDEVAgwELBCEUhWIQheuhONwAJaAklILS4KAMJMCNUBZugnJwM5SHW6AC3AoVoRJUhipwG1SF26Ea3AHV4U6oATWhFtSGu6AO3A114R6oB/dCfbgP7ocHoAE8CA3hIWgED0NjeASawKPQFJpBc2gBLf+l8S9AD3gRekIvSILe0Adegr7QD/rDyzAAXoGB8CoMgtcgGQbDEHgdhsIbMAzehOEwAkbCWzAK3obRMAbGwjhIgfEwAd6BifAuTIL3YDJMgVSYCtPgfZgOM2AmfACz4EOYDXNgLsyDNPgI5sMCSIePYSF8AhmwCBbDElgKy2A5rICVsApWwxpYC+tgPWyAjbAJNsMW2ArbYDt8CjvgM9gJu2A3fA574It/cvypvxnfFQEBBQpUqDAGYzAWYzEX5sLcmBvzYB6MYATjMA7zYT7Mj/mxIBbEeIzHIlgEDRokJCyKRTGKUSyOxbEElsBSWAodOkzABCyLN2E5LIflsTxWwApYESthJayCVbAqVsVqWA2rY3WsgTWwFtbCu/Au7I11sS7Ww3pYH+tfuj2FDbEhNsJG2BgbYxNsgk2xKTbH5tgSW2IrbIWtsTW2xbbYDtthe2yPiZiIHbADdsSO2Ak7YWfsjF2wC3bFbtgt84UcgC/ii9gLa4je2Af7YF9MztEfX8aX8RUciK/iq/gaJuNgHIKv4+v4Bg7DkzgcR+BIHIlVxds4GscgiXGYgik4ASfgRJyIWYm+h1MwFafiNJyG03EGzsAPcBZ+iB/iHJyD8zAN03A+LsB0TMeFeAozcBEuxiW4FJfhUlyBK3EFrsY1uBrX4TrcgBtwE27CLbgFt+E2/BQVAH6Gu3AXJuMe3IN7cS/uw324H/djJmbiATyAB/EgHsJDeBgP4xE8isfwKJ7AE3gST+FpPI1n8Syew+fiv2n0aclVySCyKKFEjIgRsSJW5BK5RG6RW+QReURERESciBP5RD6RX+QXBUVBES/iRRFRRBhhBIkwBgBEVERFcVFclBAlRClRSjjhRIJIEGVFWVFOlBPlxS2igrhVVBSVRBtXRVQRVUVbV03cIaqL6qKGqClqidqitqgj6oi6oq6oJ+qJ+qK+uF88IBqI3tgfHxJZlWksBmMTMQSbimZCXnwHayWGYWvRRrQVT4gROBzbi1YuUTwtOojR2FH8RYzBZ0VnMQ67iOdFV9FNdBcviB6itespeolJ2Fv0EVOwr+gn+ouXxXSsKT7AWTlriddEshgshojXxTx8QwwTb4rhYoQYKd4So8TbYrQYI8aKcSJFjBcTxDtionhXTBLvicliikgVU8U08b6YLmaImeIDMUt8KGaLOWKumCfSxEdivlgg0sXHYqH4RGSIRWKxWCKWimViuVghVopVYrVYI9aKdWK92CA2ik1is4iFrWKb2C4+FTvEZ2Kn2CV2i8/FHvGF2Cu+FPvEV2K/+Fpkim/EAfGtOCi+E4fE9+Kw+EEcEUfFMXFcnBA/ipPilDgtzoiz4idxTvwszgsvQKIUUkolAxkjc8hYmVPmklfJ3DK4+OheI+PktTKfvE7mlwVkQVlIxsvCsojU0kgrSYayqCwmo/J6WVzeIEvIkrKULC2dLCMT5I2yrLxJlpM3y/LyFllB3iorykqysqwib5NV5e0SIheOUUPWlLVkbXmXTIK7ZV15j6wn75X15X3yfvmAbCAflA3lQ7KRfFg2lo/IJvJR2VQ2k81lC9lSPiZbycdla9lGtpVPyHbySdlePiUT5dOyg/QXnyLPys7yOdlFPi+7ym6yu/xZnpde9pS9JPQG2Ue+JPvKfrJ/LADIV+RA+aocJF+TyXKwHCJfl0PlG3KYfFMOlyPkSPmWHCXflqPlGDlWjpMpcrycIN+RE+W7cpJ8T06WU2SqnCr7ywG/zDRTyj8c/87vjB/0y9E3yI1yk9wst8itcpvcLj+VO+QOuVPulLvlbrlH7pF75V65T+6T++V+mSkz5QF5QB6UB+UheUgeloflEXlUnpHH5Qn5ozwpT8lT8ow8K8/KcxcfA1CohJJKqUDFqBwqVuVUudRVKre6WuVReVVEXaPi1LUqn7pO5VcFVEFVSMWrwqqI0sooq0iFqqgqpqLqerz4hFGlVGnlVBmVoG78Z8ar4uoGVUKV/NX4S/kl/Z38WqqWqpVqpVqr1qqtaqvaqXaqvWqvElWi6qA6qI6qo+qkOqnOqrPqorqorqqr6q66qx6qh+qpeqoklaT6qJdUX9VP9VcvqwHqFTVQDVSD1CCVrJLVEDVEDVVD1TA1TA1Xw9VINVKNUqPUaDVajVVjVYpKURPUBDVRTVST1CQ1WU1WqSpVTVPT1HQ1Xc1UM9UsNUvNVrPVXDVXpak0NV/NV+kqXS1UC1WGWqQWqSVqiVqmlqkVaoVapVapNWqNWqfWqQy1UW1Um9VmtVVtVdvVdrVD7VA7xU61W+1We9QetVftVfvUPrVf7VeZKlMdUAfUQXVQHVKH1GF1WB1RR9QxdUydUCfUSXVSnVan1Vl1Vp1T59R5dT5r2ReIQAQqUEFMEBPEBrFBriBXkDvIHeQJ8gSRIBLEBXFBvuC6IH9QICgYFArig8JBkUAHJrCBuFj0aHB9UDy4ISgRlAxKBaUDF5QJEoIbg7LBTUG54OagfHBLUCG4NagYVAoqB1WC24Kqwe1BteCOoHpwZ1AjqBnUCmoHdwV1gruDusE9Qb3g3qB+cF9wf/BA0CB4MGgYPBQ0Ch4OGgePBE2CR4OmQbOgedAiaPmnzu/9yQKPu566l07SvXUf/ZLuq/vp/vplPUC/ogfqV/Ug/ZpO1oP1EP26Hqrf0MP0m3q4HqFH6rf0KP22Hq3H6LF6nE7R4/UE/Y6eqN/Vk/R7erKeolP1VD1Nv6+n6xl6pv5Az9If6tl6jp6r5+k0/ZGerxfodP2xXqg/0Rl6kV6sl+ileplerlfolXqVXq3X6LV6nV6vN+iNepPerLforXqb3q4/1Tv0Z3qn3qV368/1Hv2F3qu/1Pv0V3q//lpn6m/0Af2tPqi/04f09/qw/kEf0Uf1MX1cn9A/6pP6lD6tz+iz+id9Tv+sz2uftbjP+ng3yigTY2JMrIk1uUwuk9vkNnlMHhMxERNn4kw+k8/kN/lNQVPQxJt4U8QUMVnIkClqipqoiZriprgpYUqYUqaUccaZBJNgypqyppwpZ8qb8qaCqWAqmoqmsqlsbjO3mdvN7eYOc4e509xpapqaprapbeqYOqauqWvqmXqmvqlv7jf3mwamgWloGppGppFpbBqbJqaJaWqamuamuWlpWppWppVpbVqbtqataWfamfamvUk0iaaD6WA6mo6mk+lkOpvOpovpYrqarqa76W56mB6mp+lpkkyS6WP6mL6mr+lv+psBZoAZaAaaQWaQSTbJZogZYoaaoWaYGWaGmxFmZNZC1bxtRpsxZqwZZ1JMiplgJpiJZqKZZCaZyWaySTWpZpqZZqab6WammWlmmVlmtplt5pq5Js2kmflmvkk36WahWWgyTIZZbBabpWapWW6Wm5VmpVltVpu1sNasN+vNRrPRbDabzVaz1Ww3280Os8PsNDvNbrPb7DF7zF6z1+wz+8x+s99kmkxzwBwwB81Bc8gcMofNYXPEHDHHzDFzwpwwJ81Jc9qcNmdNgYufl97E2pw2l73K5rZX2zw2r/3buKAtZONtYVvEapvfFvhVbKy1JWxJW8qWts6WsQn2xt/EFW0lW9lWsbfZqvZ2W+03cR17t61r77H17L22tr3rV3F9e5/NWp00QASwzWwj28I2to/YJvZR29Q2s81tC9vOPmnb26dson3adrDP/CaebxfYlXaVXW3X2J12lz1tz9iD9jt71v5ke9pedoB9xQ60r9pB9jWbbAf/Jh5p37Kj7Nt2tB1jx9pxv4kn2yk21U610+z7drqd8Zs4zX5kZ9l0O9vOsXPtvF/irJzS7cd2of3EZtgAFtsldqldZpfbFZdy9XntOrvebrA77Gd2s91it9ptdvulhbDdZXfbz+0e+4U9YL+1++xXdr89ZDPtN7/EWed3yH5vD9sf7BF71B6zx+0J+6O6NDrr3I/bn+156y0QEpAkRQHFUA6KpZyUi66i3HQ15aG8FKFrKI6upXx0HeWnAlSQClE8FaYipMmQJaKQilIxitL1dCm9UlSaHJWhBLqRytJNVI5upvJ0C1WgW6kiVaLKVIVuo6p0O1WjO6g63Uk1qCbVotp0F9Whu6ku3UP16F6qT/fR/fQANaAHqSE9RI3oYWpMj1ATepSaUjNqTi2oJT1Grehxak1tqC09Qe3oSWpPT1EiPU0d6BnqSH+hTvQsdabnqAs9T12pG3WnF6gHvUg9qRclUW/qQy9RX+pH/ellGkCv0EB6lQbRa5RMg2kIvU5D6Q0aRm/ScBpBI+ktGkVv02gaQ2NpHKXQeJpA79BEepcm0Xs0maZQKk2lafQ+TacZNJM+oFn0Ic2mOTSX5lEafUTzaQGl08e0kD6hDFpEi2kJLaVltJxW0EpaRatpDa2ldbSeNtBG2kSbaQttpW20nT6lHfQZ7aRdtJs+pz30BSF9SfvoK9pPX1MmfUMH6Fs6SN/RIfre96If6AgdpWN0nE7Qj3SSTtFpOkNn6Sc6Rz/TefIEIYYilKEKgzAmzBHGhjnDXOFVYe7w6jBPmDeMhNeEceG1Yb7wujB/WCAsGBYK48PCYZFQhya0IYVhWDQsFkbD68Pi4Q1hibBkWCosHbqwTJgQ3hiWDW8Ky4U3h+XDW8IK4a1hxbBS+Mi9VcLbwqrh7WG18I6wenhnWCOsGdYKa4d3hXXCu8O64T1hvfDesFx4X3h/+EDYIHwwbBg+FDYKHw4bh4+ETcJHw6Zhs7B52CJsGT4WtgofD1uHbcK24RNhu/DJsH34VJgYPh12CJ/5pf++BX+/PynsHfYJXwpfCr2/R86NzoumRT+Kzo8uiKZHP44ujH4SzYguii6OLokujS6LLo+uiK6Mroqujq6Jro2ui66Pboh6XzsHOHTCSadc4GJcDhfrcrpc7iqX213t8ri8LuKucXHuWpfPXefyuwKuoCvk4l1hV8RpZ5x15EJX1BVzUXe9K+5ucCVcSVfKlXbOlXEJroVr6Vq6Vu5x19q1cW3dE+4J96R70j3lnnJPuw7uGdfR/cV1cs+6zu4595x73nV13Vx394Lr4cbnufCaTHJ9XB/X1/V1/V1/N8ANcAPdQDfIDXLJLtkNcUPcUDfUDXPD3HA33I10I90oN8qNdqPdWDfWpbgUN8FNcBPdRDfJTXKT3WSX6lLdNDfNTXfTXdUZF44y2812c91cl+bS3HyXtWZMdwvdQpfhMtxit9gtdUvdcrfcrXQr3Wq32q11a916t95tdBvdZrfZbXVb3Xa33e1wO9xOn/fCpG6P2+v2un1un9vvvnaZ7ht3wH3rDrrv3CH3vTvsfnBH3FF3zB13J9yP7qQ75U67M+6s+8mdcz+78867lMj4yITIO5GJkXcjkyLvRSZHpkRSI1Mj0yLvR6ZHZkRmRj6IzIp8GJkdmROZG5kXSYt8FJkfWRBJj3wcWRj5JJIRWRRZHFkSWRpZFvG+8ObQF/XFfNRf74v7G3wJX9KX8qW982V8gr/Rl/U3+XL+Zl/e3+Ir+Ft9RV/JV/aP+qa+mW/uW/iW/jHfyj/uW/s2vq1/wrfzT/r2/imf6J/2HfwzvqP/i+/kn/Wd/XO+i3/ed/XdfHf/gu/hX/Q9fS+f5Hv7Pv4l39f38/39y36Af8UP9K/6Qf41n+wH+yH+dT/Uv+GH+Tf9cD/Cj4x5y4+6dIkM43yKH+8n+Hf8RP+un+Tf85P9FJ/qp/pp/n0/3c/wM/0Hfpb/0M/2c/xcP8+n+Y/8fL/Ap/uP/UL/ic/wiy7dVPbL/Qq/0q/yq/0av9av8+v9Br/Rb/Kb/Ra/1W/z2/2nfof/zO/0u/xu/7nf47/we/2Xfp//yu/3X/tM/40/4L/1B/13/pD/3h/2P/gj/qg/5o/7E/5Hf9Kf8qf9GX/W/+TP+Z/9ef6bNcYYY4yxf8j4y03x654Lt/N7/84Y8Vc79wGAq7cUyvzr/qwV5dr8F9r9RHy7CAA83avLQ5e2GjWSkpIu7pshISg2B+DST4KyxMDleBG0hSchEdpA2d/Nv5/odpb+YP7oLQC5/mpMLFyOL8//JQAm/c78jz0xcn6F8HTc/2P+OQAlil0ekxMux4ug7S/3V9pAub+Tf4FWf5B/zq9SAFr/1ZjccDm+nH8CPA7PQOKv9mSMMcYYY4wxxi7oJyp3unT9eek3Pn/v+jxeXR6TAy7Hf3R9zhhjjDHGGGOMsSvv2W7dn3osMbFNp3++Ue2P91H/2sy/NJrAv5oYN/6lhvcA/7dwAPBvTgiQ1ZD/ybPY9B85VvLFl87fdi094wP47yjln9G4wm9MjDHGGGOMsT/d5UX/r/9fXamEGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4yxbOjf/Y43+Ae+pe9KnyNjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDF2pf2fAAAA//+Bqfni")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0)

1m44.160515511s ago: executing program 2 (id=229):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r1 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x3c00, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x1223}})
io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f00000000c0)={0x4000001, 0x71, 0x200000009})
r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r5=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f0000000300)={r5, <r6=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r6, 0x0, 0x0, 0x1f5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "b4bc323ef77d1f000071849800000000dfff00"}})

1m43.692794752s ago: executing program 32 (id=229):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r1 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x3c00, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x1223}})
io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f00000000c0)={0x4000001, 0x71, 0x200000009})
r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r5=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f0000000300)={r5, <r6=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r6, 0x0, 0x0, 0x1f5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "b4bc323ef77d1f000071849800000000dfff00"}})

1m38.879087846s ago: executing program 0 (id=279):
unshare(0x400)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r0, 0x0, 0x2c, 0xe1515f8735398fb, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}, 0x40)

1m38.652332066s ago: executing program 0 (id=280):
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x400, &(0x7f0000000500)={[{@force}, {@barrier}, {@uid}, {@gid={'gid', 0x3d, 0xee01}}, {@type={'type', 0x3d, "ddb44502"}}, {}, {@gid}, {@nodecompose}, {@barrier}, {@nls={'nls', 0x3d, 'cp936'}}]}, 0x3, 0x6b3, &(0x7f0000000780)="$eJzs3U9sHFcdB/DvbDbrbJBSt03TgJBiNVIFjUjsrEqChNSAEMohQhFcerUSp7HipJXjorRCZAMUJE6cUA8cilA49IQQQionRDkjIXHhlHskbhxyAIzmz9pre+PYieN1289Hmp03+96895tf5s/ubKwJ8Jl1/vXs76fI+RMXbpXL9+72Fu7d7V0flJNMJGkl7XqWopsUHyfnUk/5fPlm013xsHFevf9R0X7/w1691G6mqn1rs/U2GNmynxxYWdiXZKou/mcLHbZG91dNVT+XVvt7TMVK3GXCjg8SB+O2vEF/tXLUobHW1o9bYM+6XV83N5hMDqa+upafA9KcHR59Zhi/Tc9N/d2LAwAAAJ6Wkd/lhz3zIA9yK4d2JxwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4dCjqZwYWzdQalKdSDJ7/3xl6pn5nzOE+ofeuVLPvPjPuQAAAAAAAAADgiRx7kAe5lUOD5eWi+s3/pWrhcPX6ubydm5nLYk7mVmazlKUsZibJ5FBHnVuzS0uLMxvX/GXKNZeXl283a54euebptXH11wc66n8abGgEAAAAAAAAAJ9ZP8r51d//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgLyiSffWsmg4PypNptZMcSNIpplaad8Ya7A7487gDAAAAgKev28wPFf+rC8tF9Z3/SPW9/0Dezo0sZT5LWchcLlf3Aupv/a2/93sL9+72rpfTxo6/8a9txVH1mPrew+iRp6sWL6yscT7fzvdyIlO5mMXM5/uZzVLmMpVvVaXZFJls7l5M3rvbzSDWjfGeW7N0cX1sx4bKZXxHq0i6uZL5KraTudQZhN5q2h0dGu2PnWTdiHfK7BSvNbaYo8vNvNyiXzTzvWGy2vL9KxmZbnJfZuPZ4bxvzP0295P1I82ktXIP6vDqKOXi+pEeK+cHm3mZ658+3Zxv81ba2kz0f14uDfa+I5vnPPnyP/5y8WrrxrWrV26e2Du70WNav0/0hjLx4pYysVBmov8EmTjwJPHvnE6Tjfosur2z5UvVuocyn+/kzVzOXM5kOjM5m+l8LafTy+mhvL6weV6rY621vWPt+JeaQnlN+tnQtWnXTDysoszrs0N5HT7TTVZ1w++sZum5LWSp6GR0lv45MpT2F5pCOcaPh64447c+EzNDmXh+80z8+r/LSW4u3Li2eHX2rS2O93IzLw/b99aem3+zIxu0fc3mlvvLc+U/VurLxvDeUdY9P6hbl69O84tLu+lsTV0n1fFc1z3qSC17OnJnVE913YsjR+lVdUeH6tZ8ysmbWVj5FNLY9YMUgC04+MrBTvd+92/dD7o/6V7tXjjwzYmzE1/sZP9f23/a97vWb1tfL17JB/lhDo07UgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+DS4+c6712YXFuYW92AhrR3u8M7IqkEq6nc6I9ocyx7IxiejMLHZHvX71I9resjqnXHE3M1D49ndQtq7MNZERlRdWHmnm7RW4klybY884A54Gk4tXX/r1M133v3K/PXZN+bemLtx+uyZ1870vjpz+9SV+YW56fq1adwec7DAjlr9GDDuSAAAAAAAAAAAAICt2o0/bxgxbNEfw7YCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAn0znX8/+forMTJ+cLpfv3e0tlNOgvNqynaSVpPhBUnycnEs9ZXKou+Jh47x6/6Nfvfz+h73VvtqD9q116/3h38vL29yKfjNlKsm+Zv5oE1vq79JQf/1tBlYrVrawTNjxQeJg3P4fAAD//+/HBYc=")
mkdir(&(0x7f00000003c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0)
mount(0x0, &(0x7f0000000300)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x10000, 0x0)

1m38.218313696s ago: executing program 0 (id=281):
r0 = socket$xdp(0x2c, 0x3, 0x0)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00', <r2=>0x0})
r3 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f0000000440)=0x400, 0x4)
bind$xdp(r0, &(0x7f0000000240)={0x2c, 0x1, r2, 0x1000001, r3}, 0x10)

1m37.90185929s ago: executing program 0 (id=283):
syz_mount_image$udf(&(0x7f00000000c0), &(0x7f0000000180)='./file0\x00', 0x4080, &(0x7f00000001c0)=ANY=[@ANYBLOB='lastblock=00000000000000000000,umask=00000000000000000000002,dmode=00000000000000000077777,novrs,shortad,shortad,undelete,iocharset=cp437,shortad,umask=00000000000000000000006,dmode=00000000000000000000002,nostrict,uid=', @ANYRESOCT=0x0, @ANYRES16], 0x2, 0xc36, &(0x7f0000002540)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIRRzC8AVSakLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNi2SEmV9Pjb13Z19b/a9eeMZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cun0mfSwWwEAPEhXRr56+qz7PwA8Vq75/38AAAAAAAAAAAAAADjoUhTxZKSYvbKaxqr3HfXL7b7bd0aHhreudiRVNQ9V5cuf+pmz585/6YXBC9283J7+gPp77bPx2si1S42XZ27Nzk3Oz09ONEan2+MzE5M73sNu6292sjoAjVuv3564cWO+cfb5cxs+vjPwfv8TxwcuDj576plu2dGh4eGR9SL13vK1+25Ix3YzPA5HEacixXPf+2lqRUQRuz8W9Qc79psdqTpxsurE6NBw1ZGpdmt6ofzwavdAFBGNnkrN7jHaeiyi1vdA+7C9ZsRi2fyywSfL7o3MtuZa16cmG1dbcwvthfbM9NXUaW3Zn0YUcSFFLEXESv+9u+uLImqR4jvHVtP1iDjUPQ5frCYGb9+OYh/7uANlOxt9EUvFIzBmB1h/FPFqpPjZOydiPF9nqmvNFyJeLfMHEW+V+VJEKk+M8xHvbXEe8WiqRRF/WY7/xdU0UV0PuteVy19rfGX6xkxP2e515SPeH+65Ujyk+8ORTflgHPBrUz2KaFVX/NV0/7/ZAQAAAAAAAAAAAAAAAGCvHYkiPhMpXvmPP6nmFUc1L/3YxcE/HPjV3jnjT3/Ifsqyz0fEYrGzObmH88TAq+lqSg95LvHjrB5F/Gme//eth90YAAAAAAAAAAAAAAAAAACAx1oRP4kUL757Ii1F75ri7embjWut61OdVWG7a/9210xfW1tba6RONnOO5VzMuZRzOedKzihy/ZzNnGM5F3Mu5VzOuZIzDuX6OZs5x3Iu5lzKuZxzJWfUcv2czZxjORfLrK93dDlvX8kZB2TtXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAj5MiivhFpPj2N1ZTpIhoRoxFJ5f7H3brAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBSfyri+5Gi8UfNu9tqEZGqfztOlL+cj+bhMj8ZzcEyX4rmpZytKmvNbz2E9rM7famIH0eK/vrbdwc8j39f593d0yDe+ub6u8/WOnmo++HA+/1PHD92cXD4N57e7nXaqgEnL7enb99pjA4ND4/0bK7lb/9kz7aB/L3F3nSdiJh/483XW1NTk3P3/6I8BXZR/RF6kWqPS08f1ovFvTgh9+5F1A5EMx5O33kMlPf/9yLF7777n90bfuf+X49f6by7e4ePn//Z+v3/xc072uH9v7a5Xr7/l/f0re7/T/ZsezH/bqSvFlFfuDXbdzyiPv/Gm6fat1o3J29OTp8/ffrLg4NfPne673BE/UZ7arLn1Z4cLgAAAAAAAAAAAAAAAIAHJxXx+5Gi9ePV1IiIO9V8rYGLg8+eeuZQHKrmW22Yt/3ayLVLjZdnbs3OTc7PT040Rqfb4zMTkzv9uno13Wt0aHhfOvOhjuxz+4/UX56ZfWOuffOPF7b8/Gj90vX5hbnW+NYfx5EoIpq9W05WDR4dGq4aPdVuTVdVr245mf6j60tF/FekGD/fSJ/P2/L8/80z/DfM/1/cvKN9mv//iZ5t5XemVMTPI8Xv/NXT8fmqnUfjnmOWy/1dpDh54XO5XBwuy3Xb0HmuQGdmYFn2/yLFP/1iY9nufMgn18ue2fGBfUSU438sUnz/L74bv5m3bXz+w9bjf3TzjvZp/J/q2XZ0w/MKdt118vifihQvPfl2/Fbe9kHP/+g+e+NELnz3+Rz7NP6f6tk2kL/3t/em6wAAAAAAAAAAAI+0vlTE30eKHw7X0gt5207+/t/E5h3t09//+nTPtom9Wa/oQ1/s+qACAAAAwAHRl4r4SaS4ufD23TnUG+d/98z//L31+Z9DadOn1Z/z/Vr13IC9/PO/XgP5e8d2320AAAAAAAAAAAAAAAAAAAA4UFIq4oW8nvpYNZ9/Ytv11JcjxSv/81wul46X5brrwA9Uv9avzEyfujQ1NTPeWmhdn5psjMy2xifLuk9FitW//VyuW1Trq3fXm++s8b6+FvtcpBj+h27Zzlrs3bXJn1ove6Ys+4lI8d//uLFsdx3rT62XPVuW/ZtI8fV/2brs8fWy58qy340UP/p6o1v2aFm2+3zUT6+XfX58ptiHUQEAAAAAAAAAAAAAAAAAAOBx05eK+PNI8b+3lu7O5c/r//f1vK289c2e9f43uVOt8z9Qrf+/3ev7Wf+/eq7A4nbfCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH08pingzUsxeWU3L/eX7jvrl9vTtO6NDw1tXO5Kqmoeq8uVP/czZc+e/9MLghW5+cP299pl4beTapcbLM7dm5ybn5ycnGqPT7fGZickd72G39Tc7WR2Axq3Xb0/cuDHfOPv8uQ0f3xl4v/+J4wMXB5899Uy37OjQ8PBIT5la331/+z3SNtsPRxF/HSme+95P0w/7I4rY/bH4kHNnvx2pOnGy6sTo0HDVkal2a3qh/PBq90AUEY2eSs3uMXoAY7ErzYjFsvllg0+W3RuZbc21rk9NNq625hbaC+2Z6aup09qyP40o4kKKWIqIlf57d9cXRbweKb5zbDX9a3/Eoe5x+OKVka+ePrt9O4p97OMOlO1s9EUsFY/AmB1g/VHEP0eKn71zIv6tP6IWnZ/4QsSrZf4g4q3ojHcqT4zzEe9tcR7xaKpFEf9fjv/F1fROf3k96F5XLn+t8ZXpGzM9ZbvXlUf+/vAgHfBrUz2K+FF1xV9N/+6/awAAAAAAAAAAAAAAAIADpIhfjxQvvnsiVfOD784pbk/fbFxrXZ/qTOvrzv3rzpleW1tba6RONnOO5VzMuZRzOedKzihy/ZzNMutra2P5/WLOpZzLOVdyxqFcP2cz51jOxZxLOZdzruSMWq6fs5lzLOdizqWcyzlXcsYBmbsHAAAAAAAAAAAAAAAAAAB8vBTVPym+/Y3VtNbfWV96LDq5bD3Qj71fBgAA//8dq/O8")
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})

1m37.69781268s ago: executing program 0 (id=285):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_FD_FRAMES(r0, 0x65, 0x8, &(0x7f0000000000)=0xffefffff, 0x4)

1m37.347656546s ago: executing program 0 (id=286):
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000140)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x800, &(0x7f0000001d00)=ANY=[@ANYBLOB='iocharset=cp850,errors=continue,errors=remount-ro,errors=remount-ro,allow_utime=00000000000000000000007,uid=', @ANYRESHEX=0x0, @ANYBLOB=',allow_utime=00000000000000000000002,umask=00000000000000000000003,errors=continue,uid=', @ANYRESHEX=0x0, @ANYBLOB=',fowner=', @ANYRESDEC=0x0, @ANYBLOB="280ffa242dc35b1cdfcfe8d900"], 0x1, 0x1520, &(0x7f00000037c0)="$eJzs3Au4TtXWOPAx5pxr23bS204umznnWLzJZdpJkkuSXJIkSZLcEpJ2ciQhscktaZOE5LJJLpuQ3GKn7X6/XxKSpJ0kIbkl8//s8Hc6db5zznf6ju/59vg9z3rM8a415hrrHet937XWg+86D6nRqGbVBkQE/xa8+EcyAMQCwAAAuA4AAgAoG182Pmt9TonJ/95O2J/rkbSrXQG7mrj/2Rv3P3vj/mdv3P/sjfufvXH/szfuf/bG/WcsO9s8rcD1vGTfhZ//Z2f8+/9/SGapMV+tLXVjF4CYfzaF+5+9cf//zwr+mY24/9kb9z+7ir3aBbD/Bfjznx3k+LtruP/ZG/efsezsaj9/vtoLRLL3e3C1zz/GGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY9nDGX+FAoDL46tdF2OMMcYYY4wxxv48PsfVroAxxhhjjDHGGGP/8xAESFAQQAzkgFjICXEgAOBayA3XQQSuh3i4AfLAjZAX8kF+KAAJUBAKgQYDFghCKAxFIAo3QVG4GYpBcSgBJcFBKUiEW6A03Apl4DYoC7dDObgDykMFqAiV4E6oDHdBFbgbqsI9UA2qQw2oCfdCLbgPasP9UAcegLrwINSDh6A+PAwN4BFoCI9CI3gMGsPj0ASaQjNoDi3+W/kvQXd4GXpAT0iGXtAbXoE+0Bf6QX8YAK/CQHgNBsHrkAKDYQi8AUPhTRgGb8FwGAEj4W0YBe/AaBgDY2EcpMJ4mADvwkR4DybBZJgCUyENpsF0eB9mwEyYBR/AbPgQ5sBcmAfzYQF8BAthEaTDx7AYPoEMWAJLYRkshxWwElbBalgDa2EdrIcNsBE2wWbYAlthG2yHHbATPoVd8Bnshj2wFz6HffDFv5h/+m/yuyAgoECBChXGYAzGYizGYRzmwlyYG3NjBCMYj/GYB/NgXsyL+TE/JmACFsJCaNAgIWFhLIxRjGJRLIrFsBiWwBLo0GEiJmJpvBXLYBksi2WxHJbD8lgBK2AlrISVsTJWwSpYFatiNayGNbAG3ov3Yi+sjbWxDtbBulj38uMpbIANsCE2xEbYCBtjY2yCTbAZNsMW2AJbYktsha2wDbbBttgW22E7TMIkbI/tsQN2wI7YETthJ+yMnbELdsWumS/lAHwZX8aeWE30wt7YG/tgSo5+2B/746s4EF/D1/B1TMHBOATfwDfwTRyGp3A4jsCROBIri3dwNI5BEuMwFVNxAk7AiTgRJ+FknIxTMQ2n4XScjjNwJs7ED3A2fogf4lyci/NxAS7AhbgI0zEdF+NpzMAluBSX4XJcgctxFa7GVbgW1+Fa3IAbcBNuwi24BbfhNtyBO/BTVAD4Ge7BPZiC+3Af7sf9eAAP4EE8iJmYiYfwEB7Gw3gEj+BRPIrH8DiewON4Ek/iKTyNZ/AMnsNzeB5fSPim4afF16SAyKKEEjEiRsSKWBEn4kQukUvkFrlFREREvIgXeUQekVfkFflFfpEgEkQhUUgYYQSJMAYARFRERVFRVBQTxQBECeGEE4kiUZQWpUUZUUaUFbeLcuIOUV5UEK1dJVFJVBZtXBVxt6gqqopqorqoIWqKmqKWqCVqi9qijqgj6oq6op54SNQXvbAfPiKyOtNIDMbGYgg2EU2FvPQN1lIMw1aitWgjnhIjcDi2Ey1dknhWtBejsYP4ixiDz4tOYhx2Fi+KLqKr6CZeEt1FK9dD9BSTsJfoLaZiH9FX9BP9xQysLj7A2TlriNdFihgshog3xHx8UwwTb4nhYoQYKd4Wo8Q7YrQYI8aKcSJVjBcTxLtionhPTBKTxRQxVaSJaWK6eF/MEDPFLPGBmC0+FHPEXDFPzBcLxEdioVgk0sXHYrH4RGSIJWKpWCaWixVipVglVos1Yq1YJ9aLDWKj2CQ2iy1iq9gmtosdYqf4VOwSn4ndYo/YKz4X+8QXYr/4UhwQX4mD4muRKb4Rh8S34rD4ThwR34uj4gdxTBwXJ8SP4qT4SZwSp8UZcVacEz+L8+IXcUF4ARKlkFIqGcgYmUPGypwyTl4jc8ng0rt7vYyXN8g88kaZV+aT+WUBmSALykJSSyOtJBnKwrKIjMqbZFF5sywmi8sSsqR0spRMlLfI0vJWWUbeJsvK22U5eYcsLyvIirKSvFNWlndJiFzcRzVZXdaQNeW9Mhnuk7Xl/bKOfEDWlQ/KevIhWV8+LBvIR2RD+ahsJB+TjeXjsolsKpvJ5rKFfEK2lE/KVrK1bCOfkm3l07KdfEYmyWdle+kvnSLPy07yBdlZvii7yK6ym/xFXpBe9pA9JfQC2Vu+IvvIvrKf7C8HyFflQPmaHCRflylysBwi35BD5ZtymHxLDpcj5Ej5thwl35Gj5Rg5Vo6TqXK8nCDflRPle3KSnCynyKkyTU6T/S7NNEvKf5j/7h/kD/p175vkZrlFbpXb5Ha5Q+6Un8pdcpfcLXfLvXKv3Cf3yf1yvzwgD8iD8qDMlJnykDwkD8vD8og8Io/Ko/KYPC7Pyh/lSfmTPCVPy9PyrDwnz8nzl94DUKiEkkqpQMWoHCpW5VRx6hqVS12rcqvrVERdr+LVDSqPulHlVflUflVAJaiCqpDSyiirSIWqsCqiouomvHTCqBKqpHKqlEpUt/wr+aqoulkVU8V/k3+5vuS/U18L1UK1VC1VK9VKtVFtVFvVVrVT7VSSSlLtVXvVQXVQHVVH1Ul1Up1VZ9VFdVHdVDfVXXVXPVQPlaySVW/1iuqj+qp+qr8aoF5VA9VANUgNUikqRQ1RQ9RQNVQNU8PUcDVcjVQj1Sg1So1Wo9VYNValqlQ1QU1QE9VENUlNUlPUFJWm0tR0NV3NUDPULDVLzVaz1Rw1R81T89QCtUAtVAtVukpXi9VilaGWqCVqmVqmVqgVapVapdaoNWqdWqc2qA0qQ21Wm9VWtVVtV9vVTrVT7VK71G61W+1Ve9U+tU/tV/vVAXVAHVQHVabKVIfUIXVYHVZH1BF1VB1Vx9QxdUKdUCfVSXVKnVJn1Bl1Tp1T59V5dUFdyLrsC0QgAhWoICaICWKD2CAuiAtyBbmC3EHuIBJEgvggPsgT3BjkDfIF+YMCQUJQMCgU6MAENhCXmh4NbgqKBjcHxYLiQYmgZOCCUkFicEtQOrg1KBPcFpQNbg/KBXcE5YMKQcWgUnBnUDm4K6gS3B1UDe4JqgXVgxpBzeDeoFZwX1A7uD+oEzwQ1A0eDOoFDwX1g4eDBsEjQcPg0aBR8FjQOHg8aBI0DZoFzYMWf+r83p/K96TroXvqZN1L99av6D66r+6n++sB+lU9UL+mB+nXdYoerIfoN/RQ/aYept/Sw/UIPVK/rUfpd/RoPUaP1eN0qh6vJ+h39UT9np6kJ+speqpO09P0dP2+nqFn6ln6Az1bf6jn6Ll6np6vF+iP9EK9SKfrj/Vi/YnO0Ev0Ur1ML9cr9Eq9Sq/Wa/RavU6v1xv0Rr1Jb9Zb9Fa9TW/XO/RO/anepT/Tu/UevVd/rvfpL/R+/aU+oL/SB/XXOlN/ow/pb/Vh/Z0+or/XR/UP+pg+rk/oH/VJ/ZM+pU/rM/qsPqd/1uf1L/qC9lkX91k/70YZZWJMjIk1sSbOxJlcJpfJbXKbiImYeBNv8pg8Jq/Ja/Kb/CbBJJhCppDJQoZMYVPYRE3UFDVFTTFTzJQwJYwzziSaRFPalDZlTBlT1pQ15Uw5U96UNxVNRXOnudPcZe4yd5u7zT3mHlPdVDc1TU1Ty9QytU1tU8fUMXVNXVPP1DP1TX3TwDQwDU1D08g0Mo1NY9PENDHNTDPTwrQwLU1L08q0Mm1MG9PWtDXtTDuTZJJMe9PedDAdTEfT0XQynUxn09l0MV1MN9PNdDfdTQ/TwySbZNPb9DZ9TB/Tz/QzA8wAM9AMNIPMIJNiUswQM8QMNUPNMDPMDDcjzMisC1XzjhltxpixZpxJNalmgplgJpqJZpKZZKaYKSbNpJnpZrqZYWaYWWaWmW1mmzlmjpln5pkFZoFZaBaadJNuFpvFJsNkmKVmqVlulpuVZqVZbVabtWatWQ/rzUaz0Ww2m81Ws9VsN9vNTrPT7DK7zG6z2+w1e80+s8/sN/vNAXPAHDQHTabJNIfMIXPYHDZHzBFz1Bw1x8wxc8KcMCfNSXPKnDJnzBlzzuS79HvpTazNaePsNTaXvdbmttfZv43z2wI2wRa0hay2eW2+38TGWlvMFrclbEnrbCmbaG/5XVzeVrAVbSV7p61s77JVfhfXsvfZ2vZ+W8c+YGvae38T17UP2nr2MVsfEcA2tQ1tc9vIPmYb28dtE9vUNrPNbVv7tG1nn7FJ9lnb3j73u3ihXWRX2zV2rV1nd9s99ow9aw/b7+w5+7PtYXvaAfZVO9C+ZgfZ122KHfy7eKR9246y79jRdowda8f9Lp5ip9o0O81Ot+/bGXbm7+IF9iM726bbOXaunWfn/xpn1ZRuP7aL7Sc2wwaw1C6zy+0Ku9Ku+v+1LrMb7Ea7ye6yn9mtdpvdbnfYnZcvhO0eu9d+bvfZL+wh+609YL+yB+0Rm2m/+TXOOr4j9nt71P5gj9nj9oT90Z60P6nL2VnH/qP9xV6w3gIhAUlSFFAM5aBYyklxdA3lomspN11HEbqe4ukGykM3Ul7KR/mpACVQQSpEmgxZIgqpMBWhKN1El8srQSXJUSlKpFuoNN1KZeg2Kku3Uzm6g8pTBapIlehOqkx3URW6m6rSPVSNqlMNqkn3Ui26j2rT/VSHHqC69CDVo4eoPj1MDegRakiPUiN6jBrT49SEmlIzak4t6AlqSU9SK2pNbegpaktPUzt6hpLoWWpPz1EH+gt1pOepE71AnelF6kJdqRu9RN3pZepBPSmZelFveoX6UF/qR/1pAL1KA+k1GkSvUwoNpiH0Bg2lN2kYvUXDaQSNpLdpFL1Do2kMjaVxlErjaQK9SxPpPZpEk2kKTaU0mkbT6X2aQTNpFn1As+lDmkNzaR7NpwX0ES2kRZROH9Ni+oQyaAktpWW0nFbQSlpFq2kNraV1tJ420EbaRJtpC22lbbSddtBO+pR20We0m/bQXvqc9tEXtJ++pAP0FR2krymTvqFD9C0dpu/oCH3ve9IPdIyO0wn6kU7ST3SKTtMZOkvn6Gc6T7/QBfIEIYYilKEKgzAmzBHGhjnDuPCaMFd4bZh1wkTC68P48IYwT3hjmDfMF+YPC4QJYcGwUKhDE9qQwjAsHBYJo+FNYdHw5rBYWDwsEZYMXVgqTAxvCUuHt4ZlwtvCsuHtYbnwjrB8WCF87IFK4Z1h5fCusEp4d1g1vCesFlYPa4Q1w3vDWuF9Ye3w/rBO+EBYJnwwrBc+FNYPHw4bhI+EDcNHw0bhY2Hj8PGwSdg0bBY2D1uET4QtwyfDVmHrsE34VNg2fDpsFz4TJoXPhu3D535d/+Civ78+OewV9g5fCV8Jvb9fzovOjy6IfhRdGF0UTY9+HF0c/SSaEV0SXRpdFl0eXRFdGV0VXR1dE10bXRddH90Q3RjdFPW+Zg5w6ISTTrnAxbgcLtbldHHuGpfLXetyu+tcxF3v4t0NLo+70eV1+Vx+V8AluIKukNPOOOvIha6wK+Ki7iZX1N3sirniroQr6Zwr5RJdc9fCtXAt3ZOulWvt2rin3FPuafe0e8Y945517d1zroP7i+vonned3AvuBfei6+K6um7uJdfdjc998TOZ7Hq73q6P6+P6uX5ugBvgBrqBbpAb5FJcihvihrihbqgb5oa54W64G+lGulFulBvtRruxbqxLdalugpvgJrqJbpKb5Ka4KS7Npbnpbrqb4Wa4yjMv7mWOm+PmuXlugVvgFrqsa8Z0t9gtdhkuwy11S91yt9ytdCvdarfarXVr3Xq33m10G91mt9ltdVvddrfd7XQ73S63y+32112c1O1z+91+d8AdcAfd1y7TfeMOuW/dYfedO+K+d0fdD+6YO+5OuB/dSfeTO+VOuzPurDvnfnbn3S/ugvMuNTI+MiHybmRi5L3IpMjkyJTI1EhaZFpkeuT9yIzIzMisyAeR2ZEPI3MicyPzIvMjCB9FFkYWRdIjH0cWRz6JZESWRJZGlkWWR1ZEvC+4NfSFfREf9Tf5ov5mX8wX9yV8Se98KZ/ob/Gl/a2+jL/Nl/W3+3L+Dl/eV/AV/eO+iW/qm/nmvoV/wrf0T/pWvrVv45/ybf3Tvp1/xif5Z317/5zv4P/iO/rnfSf/gu/sX/RdfFffzb/ku/uXfQ/f0yf7Xr63f8X38X19P9/fD/Cv+oH+NT/Iv+5T/GA/xL/hh/o3/TD/lh/uR/iRMW/7UZdvkWGcT/Xj/QT/rp/o3/OT/GQ/xU/1aX6an+7f9zP8TD/Lf+Bn+w/9HD/Xz/Pz/QL/kV/oF/l0/7Ff7D/xGX7J5YfKfqVf5Vf7NX6tX+fX+w1+o9/kN/stfqvf5rf7HX6n/9Tv8p/53X6P3+s/9/v8F36//9If8F/5g/5rn+m/8Yd+ffr3nT/iv/dH/Q/+mD/uT/gf/Un/kz/lT/sz/qw/53/25/0v/gL/mzXGGGOMsX/K+CtD8ds1Fx/n9/qDHPFXG/cGgGu3Fcj86/VZV5Tr814c9xUJbSMA8GzPzo9cXqpVS05OvrRthoSgyNysG8or+TFwJV4CbeBpSILWUPoP6+8rup6jfzB/9HaAuL/KiYUr8ZX5vwTA5D+Y/4mnRi4sF56J/y/mnwtQrMiVnJxwJV4CbX59vtIayvyd+vO1/Af15/wqFaDVX+XkgivxlfoT4Ul4DpJ+syVjjDHGGGOMMXZRX1Gx4+X7z8t/4/OP7s8T1JWcHHAl/kf354wxxhhjjDHGGLv6nu/a7ZknkpJad/zXB1X+W1n/9KAx/E/NzIM/HHgPcPkVBQD/5oQAWQP5nzyKLf+RfaVc+uj87arlZ30A/zta+WcMrvIXE2OMMcYYY+xPd+Wi/7evq6tVEGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxlg39J/47sat9jIwxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxtjV9v8CAAD//3K3/hI=")
mount$nfs(&(0x7f0000000540)='\xb2\x83\x87J9I\xc3i\xe4\x81\xc5:\xccLD\x9d\xd8\xc7\x90v\x8b\x82\x90\xa4\xdd\x98\xb8\rQh#\xfacl\x01\x8cC\x1f|\xa5\xcb\x8f\xe5WJ\x00>\xf2\xd6\t\xf4IE\xcb\x15A\xb5\xbbG\xa0\xea\xc4\x03\xf2\xf5\xf4\xa1\x98', &(0x7f0000000240)='./file0\x00', 0x0, 0x201008, 0x0)

1m37.110787252s ago: executing program 33 (id=286):
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000140)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x800, &(0x7f0000001d00)=ANY=[@ANYBLOB='iocharset=cp850,errors=continue,errors=remount-ro,errors=remount-ro,allow_utime=00000000000000000000007,uid=', @ANYRESHEX=0x0, @ANYBLOB=',allow_utime=00000000000000000000002,umask=00000000000000000000003,errors=continue,uid=', @ANYRESHEX=0x0, @ANYBLOB=',fowner=', @ANYRESDEC=0x0, @ANYBLOB="280ffa242dc35b1cdfcfe8d900"], 0x1, 0x1520, &(0x7f00000037c0)="$eJzs3Au4TtXWOPAx5pxr23bS204umznnWLzJZdpJkkuSXJIkSZLcEpJ2ciQhscktaZOE5LJJLpuQ3GKn7X6/XxKSpJ0kIbkl8//s8Hc6db5zznf6ju/59vg9z3rM8a415hrrHet937XWg+86D6nRqGbVBkQE/xa8+EcyAMQCwAAAuA4AAgAoG182Pmt9TonJ/95O2J/rkbSrXQG7mrj/2Rv3P3vj/mdv3P/sjfufvXH/szfuf/bG/WcsO9s8rcD1vGTfhZ//Z2f8+/9/SGapMV+tLXVjF4CYfzaF+5+9cf//zwr+mY24/9kb9z+7ir3aBbD/Bfjznx3k+LtruP/ZG/efsezsaj9/vtoLRLL3e3C1zz/GGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY9nDGX+FAoDL46tdF2OMMcYYY4wxxv48PsfVroAxxhhjjDHGGGP/8xAESFAQQAzkgFjICXEgAOBayA3XQQSuh3i4AfLAjZAX8kF+KAAJUBAKgQYDFghCKAxFIAo3QVG4GYpBcSgBJcFBKUiEW6A03Apl4DYoC7dDObgDykMFqAiV4E6oDHdBFbgbqsI9UA2qQw2oCfdCLbgPasP9UAcegLrwINSDh6A+PAwN4BFoCI9CI3gMGsPj0ASaQjNoDi3+W/kvQXd4GXpAT0iGXtAbXoE+0Bf6QX8YAK/CQHgNBsHrkAKDYQi8AUPhTRgGb8FwGAEj4W0YBe/AaBgDY2EcpMJ4mADvwkR4DybBZJgCUyENpsF0eB9mwEyYBR/AbPgQ5sBcmAfzYQF8BAthEaTDx7AYPoEMWAJLYRkshxWwElbBalgDa2EdrIcNsBE2wWbYAlthG2yHHbATPoVd8Bnshj2wFz6HffDFv5h/+m/yuyAgoECBChXGYAzGYizGYRzmwlyYG3NjBCMYj/GYB/NgXsyL+TE/JmACFsJCaNAgIWFhLIxRjGJRLIrFsBiWwBLo0GEiJmJpvBXLYBksi2WxHJbD8lgBK2AlrISVsTJWwSpYFatiNayGNbAG3ov3Yi+sjbWxDtbBulj38uMpbIANsCE2xEbYCBtjY2yCTbAZNsMW2AJbYktsha2wDbbBttgW22E7TMIkbI/tsQN2wI7YETthJ+yMnbELdsWumS/lAHwZX8aeWE30wt7YG/tgSo5+2B/746s4EF/D1/B1TMHBOATfwDfwTRyGp3A4jsCROBIri3dwNI5BEuMwFVNxAk7AiTgRJ+FknIxTMQ2n4XScjjNwJs7ED3A2fogf4lyci/NxAS7AhbgI0zEdF+NpzMAluBSX4XJcgctxFa7GVbgW1+Fa3IAbcBNuwi24BbfhNtyBO/BTVAD4Ge7BPZiC+3Af7sf9eAAP4EE8iJmYiYfwEB7Gw3gEj+BRPIrH8DiewON4Ek/iKTyNZ/AMnsNzeB5fSPim4afF16SAyKKEEjEiRsSKWBEn4kQukUvkFrlFREREvIgXeUQekVfkFflFfpEgEkQhUUgYYQSJMAYARFRERVFRVBQTxQBECeGEE4kiUZQWpUUZUUaUFbeLcuIOUV5UEK1dJVFJVBZtXBVxt6gqqopqorqoIWqKmqKWqCVqi9qijqgj6oq6op54SNQXvbAfPiKyOtNIDMbGYgg2EU2FvPQN1lIMw1aitWgjnhIjcDi2Ey1dknhWtBejsYP4ixiDz4tOYhx2Fi+KLqKr6CZeEt1FK9dD9BSTsJfoLaZiH9FX9BP9xQysLj7A2TlriNdFihgshog3xHx8UwwTb4nhYoQYKd4Wo8Q7YrQYI8aKcSJVjBcTxLtionhPTBKTxRQxVaSJaWK6eF/MEDPFLPGBmC0+FHPEXDFPzBcLxEdioVgk0sXHYrH4RGSIJWKpWCaWixVipVglVos1Yq1YJ9aLDWKj2CQ2iy1iq9gmtosdYqf4VOwSn4ndYo/YKz4X+8QXYr/4UhwQX4mD4muRKb4Rh8S34rD4ThwR34uj4gdxTBwXJ8SP4qT4SZwSp8UZcVacEz+L8+IXcUF4ARKlkFIqGcgYmUPGypwyTl4jc8ng0rt7vYyXN8g88kaZV+aT+WUBmSALykJSSyOtJBnKwrKIjMqbZFF5sywmi8sSsqR0spRMlLfI0vJWWUbeJsvK22U5eYcsLyvIirKSvFNWlndJiFzcRzVZXdaQNeW9Mhnuk7Xl/bKOfEDWlQ/KevIhWV8+LBvIR2RD+ahsJB+TjeXjsolsKpvJ5rKFfEK2lE/KVrK1bCOfkm3l07KdfEYmyWdle+kvnSLPy07yBdlZvii7yK6ym/xFXpBe9pA9JfQC2Vu+IvvIvrKf7C8HyFflQPmaHCRflylysBwi35BD5ZtymHxLDpcj5Ej5thwl35Gj5Rg5Vo6TqXK8nCDflRPle3KSnCynyKkyTU6T/S7NNEvKf5j/7h/kD/p175vkZrlFbpXb5Ha5Q+6Un8pdcpfcLXfLvXKv3Cf3yf1yvzwgD8iD8qDMlJnykDwkD8vD8og8Io/Ko/KYPC7Pyh/lSfmTPCVPy9PyrDwnz8nzl94DUKiEkkqpQMWoHCpW5VRx6hqVS12rcqvrVERdr+LVDSqPulHlVflUflVAJaiCqpDSyiirSIWqsCqiouomvHTCqBKqpHKqlEpUt/wr+aqoulkVU8V/k3+5vuS/U18L1UK1VC1VK9VKtVFtVFvVVrVT7VSSSlLtVXvVQXVQHVVH1Ul1Up1VZ9VFdVHdVDfVXXVXPVQPlaySVW/1iuqj+qp+qr8aoF5VA9VANUgNUikqRQ1RQ9RQNVQNU8PUcDVcjVQj1Sg1So1Wo9VYNValqlQ1QU1QE9VENUlNUlPUFJWm0tR0NV3NUDPULDVLzVaz1Rw1R81T89QCtUAtVAtVukpXi9VilaGWqCVqmVqmVqgVapVapdaoNWqdWqc2qA0qQ21Wm9VWtVVtV9vVTrVT7VK71G61W+1Ve9U+tU/tV/vVAXVAHVQHVabKVIfUIXVYHVZH1BF1VB1Vx9QxdUKdUCfVSXVKnVJn1Bl1Tp1T59V5dUFdyLrsC0QgAhWoICaICWKD2CAuiAtyBbmC3EHuIBJEgvggPsgT3BjkDfIF+YMCQUJQMCgU6MAENhCXmh4NbgqKBjcHxYLiQYmgZOCCUkFicEtQOrg1KBPcFpQNbg/KBXcE5YMKQcWgUnBnUDm4K6gS3B1UDe4JqgXVgxpBzeDeoFZwX1A7uD+oEzwQ1A0eDOoFDwX1g4eDBsEjQcPg0aBR8FjQOHg8aBI0DZoFzYMWf+r83p/K96TroXvqZN1L99av6D66r+6n++sB+lU9UL+mB+nXdYoerIfoN/RQ/aYept/Sw/UIPVK/rUfpd/RoPUaP1eN0qh6vJ+h39UT9np6kJ+speqpO09P0dP2+nqFn6ln6Az1bf6jn6Ll6np6vF+iP9EK9SKfrj/Vi/YnO0Ev0Ur1ML9cr9Eq9Sq/Wa/RavU6v1xv0Rr1Jb9Zb9Fa9TW/XO/RO/anepT/Tu/UevVd/rvfpL/R+/aU+oL/SB/XXOlN/ow/pb/Vh/Z0+or/XR/UP+pg+rk/oH/VJ/ZM+pU/rM/qsPqd/1uf1L/qC9lkX91k/70YZZWJMjIk1sSbOxJlcJpfJbXKbiImYeBNv8pg8Jq/Ja/Kb/CbBJJhCppDJQoZMYVPYRE3UFDVFTTFTzJQwJYwzziSaRFPalDZlTBlT1pQ15Uw5U96UNxVNRXOnudPcZe4yd5u7zT3mHlPdVDc1TU1Ty9QytU1tU8fUMXVNXVPP1DP1TX3TwDQwDU1D08g0Mo1NY9PENDHNTDPTwrQwLU1L08q0Mm1MG9PWtDXtTDuTZJJMe9PedDAdTEfT0XQynUxn09l0MV1MN9PNdDfdTQ/TwySbZNPb9DZ9TB/Tz/QzA8wAM9AMNIPMIJNiUswQM8QMNUPNMDPMDDcjzMisC1XzjhltxpixZpxJNalmgplgJpqJZpKZZKaYKSbNpJnpZrqZYWaYWWaWmW1mmzlmjpln5pkFZoFZaBaadJNuFpvFJsNkmKVmqVlulpuVZqVZbVabtWatWQ/rzUaz0Ww2m81Ws9VsN9vNTrPT7DK7zG6z2+w1e80+s8/sN/vNAXPAHDQHTabJNIfMIXPYHDZHzBFz1Bw1x8wxc8KcMCfNSXPKnDJnzBlzzuS79HvpTazNaePsNTaXvdbmttfZv43z2wI2wRa0hay2eW2+38TGWlvMFrclbEnrbCmbaG/5XVzeVrAVbSV7p61s77JVfhfXsvfZ2vZ+W8c+YGvae38T17UP2nr2MVsfEcA2tQ1tc9vIPmYb28dtE9vUNrPNbVv7tG1nn7FJ9lnb3j73u3ihXWRX2zV2rV1nd9s99ow9aw/b7+w5+7PtYXvaAfZVO9C+ZgfZ122KHfy7eKR9246y79jRdowda8f9Lp5ip9o0O81Ot+/bGXbm7+IF9iM726bbOXaunWfn/xpn1ZRuP7aL7Sc2wwaw1C6zy+0Ku9Ku+v+1LrMb7Ea7ye6yn9mtdpvdbnfYnZcvhO0eu9d+bvfZL+wh+609YL+yB+0Rm2m/+TXOOr4j9nt71P5gj9nj9oT90Z60P6nL2VnH/qP9xV6w3gIhAUlSFFAM5aBYyklxdA3lomspN11HEbqe4ukGykM3Ul7KR/mpACVQQSpEmgxZIgqpMBWhKN1El8srQSXJUSlKpFuoNN1KZeg2Kku3Uzm6g8pTBapIlehOqkx3URW6m6rSPVSNqlMNqkn3Ui26j2rT/VSHHqC69CDVo4eoPj1MDegRakiPUiN6jBrT49SEmlIzak4t6AlqSU9SK2pNbegpaktPUzt6hpLoWWpPz1EH+gt1pOepE71AnelF6kJdqRu9RN3pZepBPSmZelFveoX6UF/qR/1pAL1KA+k1GkSvUwoNpiH0Bg2lN2kYvUXDaQSNpLdpFL1Do2kMjaVxlErjaQK9SxPpPZpEk2kKTaU0mkbT6X2aQTNpFn1As+lDmkNzaR7NpwX0ES2kRZROH9Ni+oQyaAktpWW0nFbQSlpFq2kNraV1tJ420EbaRJtpC22lbbSddtBO+pR20We0m/bQXvqc9tEXtJ++pAP0FR2krymTvqFD9C0dpu/oCH3ve9IPdIyO0wn6kU7ST3SKTtMZOkvn6Gc6T7/QBfIEIYYilKEKgzAmzBHGhjnDuPCaMFd4bZh1wkTC68P48IYwT3hjmDfMF+YPC4QJYcGwUKhDE9qQwjAsHBYJo+FNYdHw5rBYWDwsEZYMXVgqTAxvCUuHt4ZlwtvCsuHtYbnwjrB8WCF87IFK4Z1h5fCusEp4d1g1vCesFlYPa4Q1w3vDWuF9Ye3w/rBO+EBYJnwwrBc+FNYPHw4bhI+EDcNHw0bhY2Hj8PGwSdg0bBY2D1uET4QtwyfDVmHrsE34VNg2fDpsFz4TJoXPhu3D535d/+Civ78+OewV9g5fCV8Jvb9fzovOjy6IfhRdGF0UTY9+HF0c/SSaEV0SXRpdFl0eXRFdGV0VXR1dE10bXRddH90Q3RjdFPW+Zg5w6ISTTrnAxbgcLtbldHHuGpfLXetyu+tcxF3v4t0NLo+70eV1+Vx+V8AluIKukNPOOOvIha6wK+Ki7iZX1N3sirniroQr6Zwr5RJdc9fCtXAt3ZOulWvt2rin3FPuafe0e8Y945517d1zroP7i+vonned3AvuBfei6+K6um7uJdfdjc998TOZ7Hq73q6P6+P6uX5ugBvgBrqBbpAb5FJcihvihrihbqgb5oa54W64G+lGulFulBvtRruxbqxLdalugpvgJrqJbpKb5Ka4KS7Npbnpbrqb4Wa4yjMv7mWOm+PmuXlugVvgFrqsa8Z0t9gtdhkuwy11S91yt9ytdCvdarfarXVr3Xq33m10G91mt9ltdVvddrfd7XQ73S63y+32112c1O1z+91+d8AdcAfd1y7TfeMOuW/dYfedO+K+d0fdD+6YO+5OuB/dSfeTO+VOuzPurDvnfnbn3S/ugvMuNTI+MiHybmRi5L3IpMjkyJTI1EhaZFpkeuT9yIzIzMisyAeR2ZEPI3MicyPzIvMjCB9FFkYWRdIjH0cWRz6JZESWRJZGlkWWR1ZEvC+4NfSFfREf9Tf5ov5mX8wX9yV8Se98KZ/ob/Gl/a2+jL/Nl/W3+3L+Dl/eV/AV/eO+iW/qm/nmvoV/wrf0T/pWvrVv45/ybf3Tvp1/xif5Z317/5zv4P/iO/rnfSf/gu/sX/RdfFffzb/ku/uXfQ/f0yf7Xr63f8X38X19P9/fD/Cv+oH+NT/Iv+5T/GA/xL/hh/o3/TD/lh/uR/iRMW/7UZdvkWGcT/Xj/QT/rp/o3/OT/GQ/xU/1aX6an+7f9zP8TD/Lf+Bn+w/9HD/Xz/Pz/QL/kV/oF/l0/7Ff7D/xGX7J5YfKfqVf5Vf7NX6tX+fX+w1+o9/kN/stfqvf5rf7HX6n/9Tv8p/53X6P3+s/9/v8F36//9If8F/5g/5rn+m/8Yd+ffr3nT/iv/dH/Q/+mD/uT/gf/Un/kz/lT/sz/qw/53/25/0v/gL/mzXGGGOMsX/K+CtD8ds1Fx/n9/qDHPFXG/cGgGu3Fcj86/VZV5Tr814c9xUJbSMA8GzPzo9cXqpVS05OvrRthoSgyNysG8or+TFwJV4CbeBpSILWUPoP6+8rup6jfzB/9HaAuL/KiYUr8ZX5vwTA5D+Y/4mnRi4sF56J/y/mnwtQrMiVnJxwJV4CbX59vtIayvyd+vO1/Af15/wqFaDVX+XkgivxlfoT4Ul4DpJ+syVjjDHGGGOMMXZRX1Gx4+X7z8t/4/OP7s8T1JWcHHAl/kf354wxxhhjjDHGGLv6nu/a7ZknkpJad/zXB1X+W1n/9KAx/E/NzIM/HHgPcPkVBQD/5oQAWQP5nzyKLf+RfaVc+uj87arlZ30A/zta+WcMrvIXE2OMMcYYY+xPd+Wi/7evq6tVEGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxlg39J/47sat9jIwxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxtjV9v8CAAD//3K3/hI=")
mount$nfs(&(0x7f0000000540)='\xb2\x83\x87J9I\xc3i\xe4\x81\xc5:\xccLD\x9d\xd8\xc7\x90v\x8b\x82\x90\xa4\xdd\x98\xb8\rQh#\xfacl\x01\x8cC\x1f|\xa5\xcb\x8f\xe5WJ\x00>\xf2\xd6\t\xf4IE\xcb\x15A\xb5\xbbG\xa0\xea\xc4\x03\xf2\xf5\xf4\xa1\x98', &(0x7f0000000240)='./file0\x00', 0x0, 0x201008, 0x0)

1.114948912s ago: executing program 3 (id=1094):
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000040)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x1e, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0xa0}}]}, &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_lookup=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.011460422s ago: executing program 3 (id=1096):
syz_emit_ethernet(0x3e, &(0x7f00000003c0)={@local, @random="a15cc14e96b3", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x27, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x5, 0x0, 0x0, 0x3, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}}}}}}, 0x0)

929.834122ms ago: executing program 4 (id=1098):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)={{0x14}, [@NFT_MSG_NEWRULE={0x7c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x50, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @socket={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_SOCKET_DREG={0x8, 0x2, 0x1, 0x0, 0xb}, @NFTA_SOCKET_KEY={0x8, 0x1, 0x1, 0x0, 0x3}, @NFTA_SOCKET_LEVEL={0x8, 0x3, 0x89}]}}}, {0x20, 0x1, 0x0, 0x1, @dup_ipv6={{0x8}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_DUP_SREG_DEV={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_DUP_SREG_ADDR={0x8, 0x1, 0x1, 0x0, 0xc}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0xa4}}, 0x0)

850.54124ms ago: executing program 3 (id=1101):
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x40, 0x40, 0x2, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x3, 0x3}}, @int={0x0, 0x0, 0x0, 0x1, 0x5, 0x24}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x2}}]}}, 0x0, 0x5a}, 0x28)

791.04364ms ago: executing program 3 (id=1103):
r0 = socket$xdp(0x2c, 0x3, 0x0)
mmap$xdp(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1, 0x811, r0, 0x0)
prctl$PR_SET_MM(0x23, 0xa, &(0x7f00002d5000/0x2000)=nil)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='environ\x00')
preadv(r1, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x200000b1}], 0x1, 0xc002a0, 0x0)

741.315398ms ago: executing program 4 (id=1104):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0xd, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018210000", @ANYRES32=r0, @ANYBLOB="0000000002000000b705000008000000850000005d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x4, 0x1019, &(0x7f0000000880)=""/4121, 0x40f00}, 0x94)

649.383162ms ago: executing program 4 (id=1106):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x5, &(0x7f00000027c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000f000000850000005000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='sys_exit\x00', r0}, 0x10)
rt_sigsuspend(0x0, 0x0)

569.432869ms ago: executing program 3 (id=1108):
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000008c0)={[{@iocharset={'iocharset', 0x3d, 'cp850'}}, {@time_offset={'time_offset', 0x3d, 0xe}}, {@keep_last_dots}, {@iocharset={'iocharset', 0x3d, 'cp936'}}, {@iocharset={'iocharset', 0x3d, 'iso8859-14'}}, {@allow_utime={'allow_utime', 0x3d, 0x7}}, {@gid}, {@dmask={'dmask', 0x3d, 0x4f7}}, {@namecase}, {@fmask={'fmask', 0x3d, 0x40}}], [{@uid_eq}, {@fsmagic={'fsmagic', 0x3d, 0x10001}}, {@euid_lt}, {@subj_type={'subj_type', 0x3d, 'schc\x011\x80-\xaaw\x01\x8a\xcdE\r\xf3\f\x14\x15?\x8e\x7f\xa2B\xc9\xf7~(\x0fG\x1d\x15\xb5\x16n\x92s\x9c\x1f4L\xffi\x8b\xd0\x80\x8f\xd0\xbf\xf0F=\x9d\xe3Y\xf7\xdd\xed\xdf\x9c\xa2\xd7;z\xeb\xfbv/\xc2\x87\xf4\xf5\x0f,\x1f\xdd\xb3\f\x05q\xb7\xad\x7f\r\x9bp\xe4\xb2\xd9\xda>\x94\xae3+\xe8E\xb3\xba\xea\xd7nXpfp\x18\xb8\x88\xd6r\'\xc8\x1d3#\xfd\x8c\x06j\xdd$T\xd4T*\x7f\x03\xb2\"\x10h\xb0T&\x15\x1a\xb1\x14,E\xbf\xd2\xdb\x81\x82\x9fh\x9e\xd1\x9a\xb1\xd0\x88\xe3\x19.X%\b\xda\xb1\xe9\x11\xa0\x11w\xbc\xfc\xc8\xfde\x908\xa1!\x84\xe3\xf6\xdd\x8b\xd9\xbb\xaa\xfdj\x1b_\xd9\xf4K\xddqU\xd1E\xefd\xfe\x8f{\xb1L\xf1\x92h\t\xf9\xd7\x13k\x9e\xf8f\xa8~\x01\xc5\x17\xec\xe9J.5+\v\xc6\xcc\x01\xcft\xee[u\xc4z\xad\x154\xafh\xde\xd37P\xc0B\xac\"])\xf2\xc2\xdb\xad7\xd4\x15D\xa1\xb1\x93\x880\xe2\xa6\xc2\xcey\xf2hI\x81\xa6\x00>\x98\x9d|\v-#\xb7?Y\x00'/295}}, {@fowner_eq}, {@appraise_type}]}, 0x1, 0x152f, &(0x7f00000037c0)="$eJzs3AucTVX7OPDnWWvtMSSdJrkMa61nc5LLIklySZJLkiRJkltC0iSvJCSG3JKGJCSXIbkMIblMTBr3+/2SkCRNkoTklqz/Z8r81Vvv/33f39svv/9vnu/nsz+znrP2s/ba85yzz977nJlvug6r1aR29UZEBP8R/OVHIgDEAsAgALgGAAIAKB9XPi6zP6fExP9sI+zP9VDKlZ4Bu5K4/tkb1z974/pnb1z/7I3rn71x/bM3rn/2xvVnLDvbMqPgtbxk34Xv/2dn/P7/v0hG6XFfrCt9fTeAmH81hev//z/8D3K5/v9rBf/KSlz/7I3rn13FXukJsP8B+PWfHeT4hz1c/+yN689Ydvbre8GxcOXvR//VC0Sy92cgV/r5xxhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGMsezjrL1MAkNW+0vNijDHGGGOMMcbYn8fnuNIzYIwxxhhjjDHG2H8/BAESFAQQAzkgFnJCLhAAMVn910IcXAd54XrIB/mhABSEeCgEhUGDAQsEIRSBohCFG6AY3AjFoQSUhFLgoDSUgZugLNwM5eAWKA+3QgW4DSpCJagMVeB2qAp3QDW4E6rDXVADakItqA13Qx24B+rCvVAP7oP6cD80gAegITwIjeAhaAwPQxN4BJrCo9AMmkMLaAmt/kv5L0BPeBF6QW9IhD7QF16CftAfBsBAGAQvw2B4BYbAq5AEQ2EYvAbD4XUYAW/ASBgFo+FNGANvwVgYB+NhAiTDRJgEb8NkeAemwFSYBtMhBWbATHgXZsFsmAPvwVx4H+bBfFgACyEVPoBFsBjS4ENYAh9BOiyFZbAcVsBKWAWrYQ2shXWwHjbARtgEm2ELbIVtsB12wE7YBR/DbvgE9sBe2Aefwn747N/MP/N3+d0QEFCgQIUKYzAGYzEWc2EuzI25MQ/mwQhGMA7jMC/mxXyYDwtgAYzHeCyMhdGgQULCIlgEoxjFYlgMi2NxLIkl0aHDMlgGy+LNWA7LYXksjxWwAlbESlgJq2AVrIpVsRpWw+pYHWtgDayFtfBuvBv7YF2si/WwHtbH+lm3p7ARNsLG2BibYBNsik2xGTbDFtgCW2ErbI2tsQ22wXbYDttje+yAHTABE7AjdsRO2Ak7Y2fsgl2wK3bFbtgdu2e8kAPwRXwRe2MN0Qf7Yl/sh0k5BuBAHIgv42B8BV/BVzEJh+IwfA1fw9dxBJ7GkTgKR+NorCrewrE4DklMwGRMxkk4CSfjZJyCU3EqTscUnIEzcSbOwtk4G9/Dufg+vo/zcT4uxFRMxUW4GNMwDZfgGUzHpbgMl+MKXIkrcDWuwdW4DtfjOtyIG3EzbsatuBW343bciTvxY1QA+Anuxb2YhPtxPx7AA3gQD+IhPIQZmIGH8TAewSN4FI/iMTyGx/EEnsQTeApP4Wk8g2fxLJ7H83gBn4v/qvHHJdYmgcikhBIxIkbEiliRS+QSuUVukUfkEREREXEiTuQVeUU+kU8UEAVEvIgXhUVhYYQRJMLMI4WIiqgoJoqJ4qK4KClKCiecKCPKiLKirCgnyony4lZRQdwmKopKoq2rIqqIqqKdqybuFNVFdVFD1BS1RG1RW9QRdURdUVfUE/VEfVFfNBAPiIaiDw7Ah0RmZZqIodhUDMNmormQl45QrcUIbCPainbiCTEKR2IH0doliKdFRzEWO4m/iXH4rOgiJmBX8bzoJrqLHuIF0VO0cb1EbzEF+4i+Yjr2E/3FADFQzMKa4j2cm7OWeFUkiaFimHhNLMTXxQjxhhgpRonR4k0xRrwlxopxYryYIJLFRDFJvC0mi3fEFDFVTBPTRYqYIWaKd8UsMVvMEe+JueJ9MU/MFwvEQpEqPhCLxGKRJj4US8RHIl0sFcvEcrFCrBSrxGqxRqwV68R6sUFsFJvEZrFFbBXbxHaxQ+wUu8THYrf4ROwRe8U+8anYLz4TB8Tn4qD4QhwSX4oM8ZU4LL4WR8Q34qj4VhwT34nj4oQ4Kb4Xp8QP4rQ4I86Kc+K8+FFcED+Ji8ILkCiFlFLJQMbIHDJW5pS55FUytwyyjv8yTl4n88rrZT6ZXxaQBWW8LCQLSy2NtJJkKIvIojIqb5DF5I2yuCwhS8pS0snSsoy8SZaVN8ty8hZZXt4qK8jbZEVZSVaWVeTtsqq8Q0Lkl23UkDVlLVlb3i0T4R5ZV94r68n7ZH15v2wgH5AN5YOykXxINpYPyybyEdlUPiqbyeayhWwpW8nHZGv5uGwj28p28gnZXj4pO8inZIJ8WnaU/tJT5FnZRT4nu8rnZTfZXfaQP8mL0stesreEPiD7ypdkP9lfDpAD5SD5shwsX5FD5KsySQ6Vw+Rrcrh8XY6Qb8iRcpQcLd+UY+RbcqwcJ8fLCTJZTpST5NtysnxHTpFT5TQ5XabIGXLApZHmSPlP89/+g/whP299s9wit8ptcrvcIXfKXfJjuVvulnvkHrlP7pP75X55QB6QB+VBeUgekhkyQx6Wh+UReUQelUflMXlMHpcn5Dn5vTwlf5Cn5Rl5Rp6T5+V5eeHS7wAUKqGkUipQMSqHilU5VS51lcqtrlZ51DUqoq5Vceo6lVddr/Kp/KqAKqjiVSFVWGlllFWkQlVEFVVRdQNeesKokqqUcqq0KqNu+nfyVTF1oyquSvwmP2t+if9gfq1UK9VatVZtVBvVTrVT7VV71UF1UAkqQXVUHVUn1Ul1Vp1VF9VFdVVdVTfVTfVQPVRP1VP1Ur1UokpUfdVLqp/qrwaogWqQellk7sMQNUQlqSQ1TA1Tw9VwNUKNUCPVSDVajVZj1Bg1Vo1V49V4layS1SQ1SU1Wk9UUNUVNU9NUikpRM9VMNUvNUnPUHDVXzVXz1Dy1QC1QqSpVLVKLVJpKU0vUEpWulqqlarlarlaqlWq1Wq3WqrVqvVqvNqqNKl1tUVvUNrVN7VA71C61S+1Wu9UetUftU/vUfrVfHVAH1EF1UB1Sh1SGylCH1WF1RB1RR9VRdUwdU8fVcXVSnVSn1Cl1Wp1WZ9VZdV6dVxfUBXVRXcw87QtEIAIVqCAmiAlig9ggV5AryB3kDvIEeYJIEAnigrggb3B9kC/IHxQICgbxQaGgcKADE9hAXCp6NLghKBbcGBQPSgQlg1KBC0oHZYKbgrLBzUG54JagfHBrUCG4LagYVAoqB1WC24OqwR1BteDOoHpwV1AjqBnUCmoHdwd1gnuCusG9Qb3gvqB+cH/QIHggaBg8GDQKHgoaBw8HTYJHgqbBo0GzoHnQImgZtPpTx/f+dP7HXS/dWyfqPrqvfkn30/31AD1QD9Iv68H6FT1Ev6qT9FA9TL+mh+vX9Qj9hh6pR+nR+k09Rr+lx+pxeryeoJP1RD1Jv60n63f0FD1VT9PTdYqeoWfqd/UsPVvP0e/pufp9PU/P1wv0Qp2qP9CL9GKdpj/US/RHOl0v1cv0cr1Cr9Sr9Gq9Rq/V6/R6vUFv1Jv0Zr1Fb9Xb9Ha9Q+/Uu/THerf+RO/Re/U+/anerz/TB/Tn+qD+Qh/SX+oM/ZU+rL/WR/Q3+qj+Vh/T3+nj+oQ+qb/Xp/QP+rQ+o8/qc/q8/lFf0D/pi9pnntxnvr0bZZSJMTEm1sSaXCaXyW1ymzwmj4mYiIkzcSavyWvymXymgClg4k28KWwKm0xkyBQxRUzURE0xU8wUN8VNSVPSOONMGVPGlDVlTTlTzpQ35U0FU8FUNBVNZVPZ3G5uN3eYO8yd5k5zl7nL1DQ1TW1T29QxdUxdU9fUM/VMfVPfNDANTEPT0DQyjUxj09g0MU1MU9PUNDPNTAvTwrQyrUxr09q0MW1MO9POtDftTQfTwSSYBNPRdDSdTCfT2XQ2XUwX09V0Nd1MN9PD9DA9TU/Ty/QyiSbR9DV9TT/TzwwwA8wgM8gMNoPNEDPEJJkkM8wMM8PNcDPCjDAjzSgzOvNE1bxlxppxZryZYJJNsplkJpnJZrKZYqaYaWaaSTEpZqaZaWaZWWaOmWPmmrlmnplnFpgFJtWkmkVmkUkzaWaJWWLSTbpZZpaZFWaFWWVWmTVmjVln1pkNsMFsMpvMFrPFbDPbzA6zw+wyu8xus9vsMXvMPrPP7Df7zQFzwBw0B80hc8hkmAxz2Bw2R8wRc9QcNcfMMXPcHDcnzUlzypwyp81pc9acNedN/kvvl97E2pw2l73K5rZX2zz2Gvv3cQFb0MbbQraw1Tafzf+b2Fhri9sStqQtZZ0tbcvYm34XV7SVbGVbxd5uq9o7bLXfxXXsPbauvdfWs/fZ2vbu38T17f22gX3ENkQEsM1tY9vSNrGP2Kb2UdvMNrctbEvb3j5pO9inbIJ92na0z/wuXmQX2zV2rV1n19s9dq89a8/ZI/Ybe97+aHvZ3naQfdkOtq/YIfZVm2SH/i4ebd+0Y+xbdqwdZ8fbCb+Lp9npNsXOsDPtu3aWnf27ONV+YOfaNDvPzrcL7MKf48w5pdkP7RL7kU23ASyzy+0Ku9Kusqv/71yX2412k91sd9tP7Da73e6wO+2urBNhu9fus5/a/fYze9h+bQ/aL+whe9Rm2K9+jjP376j91h6z39nj9oQ9ab+3p+wPKis7c9+/tz/Zi9ZbICQgSYoCiqEcFEs5KRddRbnpaspD11CErqU4uo7y0vWUj/JTASpI8VSICpMmQ5aIQipCRSlKN1DW9EpSKXJUmsrQTVSWbqZydAuVp1upAt1GFakSVaYqdDtVpTuoGt1J1ekuqkE1qRbVprupDt1Ddeleqkf3UX26nxrQA9SQHqRG9BA1poepCT1CTelRakbNqQW1pFb0GLWmx6kNtaV29AS1pyepAz1FCfQ0daRnqBP9jTrTs9SFnqOu9Dx1o+7Ug16gnvQi9aLelEh9qC+9RP2oPw2ggTSIXqbB9AoNoVcpiYbSMHqNhtPrNILeoJE0ikbTmzSG3qKxNI7G0wRKpok0id6myfQOTaGpNI2mUwrNoJn0Ls2i2TSH3qO59D7No/m0gBZSKn1Ai2gxpdGHtIQ+onRaSstoOa2glbSKVtMaWkvraD1toI20iTbTFtpK22g77aCdtIs+pt30Ce2hvbSPPqX99BkdoM/pIH1Bh+hLyqCv6DB9TUfoGzpK3/re9B0dpxN0kr6nU/QDnaYzdJbO0Xn6kS7QT3SRPEGIoQhlqMIgjAlzhLFhzjBXeFWYO7w6zBNeE0bCa8O48Lowb3h9mC/MHxYIC4bxYaGwcKhDE9qQwjAsEhYNo+ENYbHwxrB4WCIsGZYKXVg6LBPeFJYNbw7LhbeE5cNbwwrhbWHFsFL4yH1VwtvDquEdYbXwzrB6eFdYI6wZ1gprh3eHdcJ7wrrhvWG98L6wXHh/2CB8IGwYPhg2Ch8KG4cPh03CR8Km4aNhs7B52CJsGbYKHwtbh4+HbcK2YbvwqrB9+GTYIXwqTAifDjuGz/zcf//irP4nftefGPYJ+4YvhS+F3t8rF0QXRlOjH0QXRRdH06IfRpdEP4qmR5dGl0WXR1dEV0ZXRVdH10TXRtdF10c3RDdGN0U3R72vnQMcOuGkUy5wMS6Hi3U5XS53lcvtrnZ53DUu4q51ce46l9dd7/K5/K6AK+jiXSFX2GlnnHXkQlfEFXVRd4Mr5m50xV0JV9KVcs6VdmVcS9fKtXKt3eOujWvr2rkn3BPuSfeke8o95Z52Hd0zrpP7m+vsnnVd3HPuOfe86+a6ux7uBdfTTczzy2sy0fV1fV0/188NcAPcIDfIDXaD3RA3xCW5JDfMDXPD3XA3wo1wI91IN9qNdmPcGDfWjXXj3XiX7JLdJDfJTXaT3RQ3xU1z01yKS3Ez3Uw3y81yVWf/spV5bp5b4Ba4VJfqFrnMc8Y0t8Qtceku3S1zy9wKt8KtcqvcGrfGrXPr3Aa3wW1ym9wWt8Vtc9vcDrfD7XK73G632+3x1/wyqNvvDrgD7qA76A65L12G+8oddl+7I+4bd9R9646579xxd8KddN+7U+4Hd9qdcWfdOXfe/eguuJ/cReddcmRiZFLk7cjkyDuRKZGpkWmR6ZGUyIzIzMi7kVmR2ZE5kfcicyPvR+ZF5kcWRBZGUiMfRBZFFkfSIh9GlkQ+iqRHlkaWRZZHVkRWRrwvtC30RXxRH/U3+GL+Rl/cl/AlfSnvfGlfxt/ky/qbfTl/iy/vb/UV/G2+oq/kK/tHfTPf3LfwLX0r/5hv7R/3bXxb384/4dv7J30H/5RP8E/7jv4Z38n/zXf2z/ou/jnf1T/vu/nuvod/wff0L/pevrdP9H18X/+S7+f7+wF+oB/kX/aD/St+iH/VJ/mhfph/zQ/3r/sR/g0/0o/yo2Pe9GOyLpFhgk/2E/0k/7af7N/xU/xUP81P9yl+hp/p3/Wz/Gw/x7/n5/r3/Tw/3y/wC32q/8Av8ot9mv/QL/Ef+XS/NOumsV/lV/s1fq1f59f7DX6j3+Q3+y1+q9/mt/sdfqff5T/2u/0nfo/f6/f5T/1+/5k/4D/3B/0X/pD/0mf4r/xh/7U/4r/xR/23/pj/zh/3J/xJ/70/5X/wp/0Zf9af8+f9j/6C/8lf5L9ZY4wxxhj7l0y83BS/7fnldn6fP8gRv1q5LwBcvb1gxq/7M88oN+T7pd1fxLePAMDTvbs+lLXUqJGYmHhp3XQJQdH5AFmfBGX6+asHl+Kl0A6ehARoC2X/cP79Rffz9E/Gj94KkOtXObFwOb48/ucAmPgH4z/2xOhFFcKzcf+P8ecDFC96OScnXI6XQruf76+0hXL/YP75W/+T+ef8Ihmgza9ycsPl+PL8y8Dj8Awk/GZNxhhjjDHGGGPsF/1F5c5Z159Z3/j8o+vzeHU5Jwdcjv/Z9TljjDHGGGOMMcauvGe793jqsYSEtp3//Ua1/1LWv9xoCv9dI3PjDxveA2Q9ogDgPxwQILMh/8q92PqXbCvp0kvn77tWnPMB/M8o5Z/RuMIHJsYYY4wxxtif7vJJ/28fV1dqQowxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGWDb0V/w7sSu9j4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxtiV9n8CAAD//7wUAB0=")
chdir(&(0x7f00000004c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00')

569.247751ms ago: executing program 4 (id=1109):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c)
mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000580)=[{&(0x7f0000000080)="268292", 0xfff6}], 0x1)
r1 = io_uring_setup(0x3ead, &(0x7f0000000080)={0x0, 0xc95e, 0x0, 0x3})
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x1ef6e3}], 0x100000000000011a)

491.393667ms ago: executing program 1 (id=1111):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000400000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000001000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b70300000000ffff850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$tipc(r2, &(0x7f0000004440)={&(0x7f0000000ec0)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x2}}, 0x10, 0x0}, 0x0)

398.219582ms ago: executing program 4 (id=1112):
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000180), 0x4)

397.827629ms ago: executing program 3 (id=1113):
r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
syz_usb_disconnect(r0)
syz_usb_connect$printer(0x3, 0x2d, &(0x7f0000000180)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x8, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0xf, 0x80, 0x8, [{{0x9, 0x4, 0x0, 0x60, 0x2, 0x7, 0x1, 0x1, 0x4a, "", {{{0x9, 0x5, 0x1, 0x2, 0x3ff, 0x0, 0x2, 0x6}}}}}]}}]}}, 0x0)
ioctl$EVIOCRMFF(r0, 0x4004550e, 0xfffffffffffffffe)

396.09682ms ago: executing program 1 (id=1114):
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$nl_rdma(0x10, 0x3, 0x14)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'user:', 'syz', 0x20, 0xffd}, 0x2a, 0x0)
r1 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
keyctl$update(0x2, r1, 0x0, 0x0)

278.904668ms ago: executing program 4 (id=1115):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f00000001c0)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6572726f72733d72656d6f756e742d726f2c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c6c6f63616c666c6f636b732c6572726f72733d72656d6f756e742d726f2c61636c2c00a9b504852143b698d2e379891a0dde7f9adfca8cbec85bf8e749e04e"], 0x11, 0x443f, &(0x7f00000088c0)="$eJzs3c1PHOcdAOB3BlyD6w9wfXClSl2pllq1FQKf2mKpGGNjsKkrt7aqXtYLrG3ahbVgqXqwFHKzlFOkHKIcrETKjZPFIVfnT8glR+dsKTnkEimSFaLdnYWdYVds0C7EzvMcmJ33e/c3H+8chjdOVB4ureWW1nKFlVx54f7axdz/yqX15WKID0nL/o8dXv90phfHyVEfez9lt65c+8fdiyF8uvj5y+3t7e1Q1R9aGmv6/M3Xjxeatw1xpk613datdcu/Qwjn9oyrqi+E8K9PQohCCJeTtMlkOxhCOBXqeXcfv3Mv16XRPHtRvJR/Nfdka/zC7ObTrfbfPQrhg9Iv//hg+cvf9I1/8fsudQ8AAAAAAAAAAAAAAAAAwGtu+vatO38fHQvPo9C/Ge19X3c62bZ7P3a7a37d+y8LAAAAAAAAAAAAAAAAAAAAP1K77//norMt3v+fSrYTbepv/7VNxvHujpPemPnbramro2PJ+u/Rnvw/JUlfXe4Lwy3Wfc+u/345U7/1+u97+zmoxvga/Q6FKB7ZfmsnfyjE8chICB8lC7+fj07EpfJa5Q/3y+sri10bxmsrHf/66v2p6CQL+nca/8lM+71f//8Xe46m6v697h1ib7R0/Pvalvv47aij+F/J1DuM+HNw6fj319IGmwtM1C8A1fi/279//Kcy7fcq/qdDCLmoOtZc6gpQncNU09vNV0hLx/9YLS116Ux+yHbn/7eZ+F/NtN8u/me69g1aX/83sjciWkrH/2e1tIFUid3zfzje//y/lmn/KO7/1fFvuP93JB3/5KGtP1Wk9kt2ev2fzrTfq/jfiZNxno5SR8BmVE9v9//qSEvHf2BP/u7zX9zR/O96pv5hPf81+q09/zU9h/wuqj//0Vo6/oNty3V6/s9k6vX6+j9Rm/9xUOn4n6ilpefOQ7W/ncZ/NtN+r+Jfm5UMNOK/ez357ng9/UPzv46k4//zemLcXGKj9rc2/4v2n//fyLR/FPO/6vg34t72+qZIx/9k23LV+H/Wwf3/ZqZe7+Mfwqi5/oGl43+qbbna+T+wf/znMvV6Hf/f9rJxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNfAZLIdClE8ktqP45GREK4k++fDiWi+sJifL5UX/rsWwlSSngtnowel8nyhlF9aKS8W84VSqbwQwtUk/1wYiNZK5Up+ufDo2k5bg9HDYmG1Ml8sVEII00n6r8KpRlvzS5XlwqMQwvWdvDNxefXRw8JKfnFp9S+jo6OjYWZnDMNR8f+V4kql3ns9N4TZnbpDUdPgatk3dsZyMvpPeX11pVCqpd9sqlMqLxRKTXXmkrz3wnBUWV1fWShUivlS+UGjv6M0kWynZm7/8/bNsT3596L6dvJwhwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAD/R8/M/vhxD663txCGGi8SFqVf7Zi+Kl/Ku5J1vjF2Y3n269bFcOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOB7duBAAAAAAADI/7URqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrBLxygRA1EYgN+Mhdp5DKuQdLYJimhhRPAEegwPE4/iJbyDhYWthQhmBjTuQprd6vuaB/l5eT8kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACsc3k33t+2XUSKo6/DiJfH17ff+XWZ0zDPvNg/2FNPduPqZjy/aLvy3dO//Kw8eu/zT/r58fQQG2b1PPzdX/5Ps3rneGuvaVjXv/ard08i5SYi+pKfppybZt27AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPhmBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCjtwLAAAAAAgzN86ir4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4FcAAAD//78SIGU=")
setxattr$trusted_overlay_origin(&(0x7f0000000240)='.\x00', &(0x7f0000000000), 0x0, 0x0, 0x0)

151.25835ms ago: executing program 1 (id=1116):
unshare(0x2a020400)
r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r0, &(0x7f0000001fc0)=""/171, 0xab)

150.899898ms ago: executing program 1 (id=1117):
r0 = socket$inet6(0xa, 0x3, 0x7)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c)
setsockopt$sock_int(r0, 0x1, 0x35, &(0x7f0000000040)=0x1, 0x4)

66.437162ms ago: executing program 1 (id=1118):
r0 = syz_open_dev$loop(&(0x7f0000000040), 0x101, 0x101000)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0)

0s ago: executing program 1 (id=1119):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x60, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8}, @IPSET_ATTR_BUCKETSIZE={0x5}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x60}}, 0x0)

kernel console output (not intermixed with test programs):

5][ T5847] EXT4-fs error (device loop2): __ext4_get_inode_loc_noinmem:4984: inode #11: block 5: comm syz-executor: unable to read itable block
[   92.588507][ T5847] syz-executor: attempt to access beyond end of device
[   92.588507][ T5847] loop2: rw=145409, sector=0, nr_sectors = 4 limit=0
[   92.594731][ T5847] Buffer I/O error on dev loop2, logical block 0, lost sync page write
[   92.598152][ T5847] EXT4-fs (loop2): I/O error while writing superblock
[   92.603129][ T5847] syz-executor: attempt to access beyond end of device
[   92.603129][ T5847] loop2: rw=524288, sector=16, nr_sectors = 4 limit=0
[   92.609811][ T5847] syz-executor: attempt to access beyond end of device
[   92.609811][ T5847] loop2: rw=524288, sector=24, nr_sectors = 4 limit=0
[   92.616012][ T5847] syz-executor: attempt to access beyond end of device
[   92.616012][ T5847] loop2: rw=524288, sector=28, nr_sectors = 4 limit=0
[   92.623012][ T5847] syz-executor: attempt to access beyond end of device
[   92.623012][ T5847] loop2: rw=524288, sector=32, nr_sectors = 4 limit=0
[   92.628438][ T5847] EXT4-fs error (device loop2): __ext4_get_inode_loc_noinmem:4984: inode #11: block 5: comm syz-executor: unable to read itable block
[   92.635079][ T5847] Buffer I/O error on dev loop2, logical block 0, lost sync page write
[   92.638299][ T5847] EXT4-fs (loop2): I/O error while writing superblock
[   92.837960][ T6046] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   92.856856][ T6046] Buffer I/O error on dev loop2, logical block 0, lost sync page write
[   92.860185][ T6046] EXT4-fs (loop2): I/O error while writing superblock
[   92.886667][ T6501] Buffer I/O error on dev loop2, logical block 64, lost sync page write
[   93.327241][   T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   93.467203][ T6513] loop1: detected capacity change from 0 to 32768
[   93.474031][ T6513] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.228 (6513)
[   93.478124][   T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   93.507669][ T6513] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   93.520769][ T6513] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[   93.524071][ T6513] BTRFS info (device loop1): using free-space-tree
[   93.609725][   T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   93.683527][ T6513] BTRFS info (device loop1): rebuilding free space tree
[   93.692913][   T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   93.938236][ T5855] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   93.962784][   T12] bridge_slave_1: left allmulticast mode
[   93.974092][   T12] bridge_slave_1: left promiscuous mode
[   93.978587][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.063676][   T12] bridge_slave_0: left allmulticast mode
[   94.065994][   T12] bridge_slave_0: left promiscuous mode
[   94.068449][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.150289][ T5857] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   94.161099][ T5857] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   94.164969][ T5857] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   94.167677][ T5857] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   94.170347][ T5857] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   94.589533][ T6544] loop0: detected capacity change from 0 to 40427
[   94.596077][ T6544] F2FS-fs (loop0): build fault injection rate: 771
[   94.613903][ T6544] F2FS-fs (loop0): invalid crc value
[   94.619873][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   94.634980][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   94.640311][   T12] bond0 (unregistering): Released all slaves
[   94.703244][ T6544] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   94.715498][ T6544] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   94.856160][ T5851] CPU: 1 UID: 0 PID: 5851 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[   94.856175][ T5851] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   94.856180][ T5851] Call Trace:
[   94.856185][ T5851]  <TASK>
[   94.856191][ T5851]  dump_stack_lvl+0x189/0x250
[   94.856208][ T5851]  ? __pfx_dump_stack_lvl+0x10/0x10
[   94.856219][ T5851]  ? __pfx_queue_work_on+0x10/0x10
[   94.856229][ T5851]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   94.856245][ T5851]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   94.856260][ T5851]  f2fs_handle_critical_error+0x37c/0x540
[   94.856277][ T5851]  f2fs_write_end_io+0x886/0xb60
[   94.856295][ T5851]  __submit_merged_bio+0x27a/0x6a0
[   94.856310][ T5851]  __submit_merged_write_cond+0x255/0x530
[   94.856323][ T5851]  f2fs_write_data_pages+0x261d/0x3000
[   94.856350][ T5851]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   94.856366][ T5851]  ? arch_stack_walk+0xfc/0x150
[   94.856415][ T5851]  ? __mod_zone_page_state+0xd7/0x140
[   94.856433][ T5851]  ? folios_put_refs+0x560/0x640
[   94.856448][ T5851]  ? __pfx_folios_put_refs+0x10/0x10
[   94.856456][ T5851]  ? rcu_is_watching+0x15/0xb0
[   94.856469][ T5851]  ? __lock_acquire+0xab9/0xd20
[   94.856490][ T5851]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   94.856502][ T5851]  do_writepages+0x32e/0x550
[   94.856519][ T5851]  ? do_raw_spin_unlock+0x4d/0x240
[   94.856530][ T5851]  filemap_fdatawrite+0x199/0x240
[   94.856542][ T5851]  ? __pfx_filemap_fdatawrite+0x10/0x10
[   94.856573][ T5851]  ? do_raw_spin_unlock+0x4d/0x240
[   94.856584][ T5851]  f2fs_sync_dirty_inodes+0x31f/0x830
[   94.856599][ T5851]  f2fs_write_checkpoint+0x95a/0x1df0
[   94.856618][ T5851]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[   94.856643][ T5851]  ? f2fs_stop_gc_thread+0x7f/0xb0
[   94.856651][ T5851]  ? kfree+0x18e/0x440
[   94.856663][ T5851]  ? kill_f2fs_super+0x298/0x6c0
[   94.856674][ T5851]  kill_f2fs_super+0x2c3/0x6c0
[   94.856685][ T5851]  ? __pfx_kill_f2fs_super+0x10/0x10
[   94.856692][ T5851]  ? radix_tree_delete_item+0x2b6/0x400
[   94.856706][ T5851]  ? shrinker_free+0x2ce/0x3e0
[   94.856716][ T5851]  deactivate_locked_super+0xbc/0x130
[   94.856728][ T5851]  cleanup_mnt+0x425/0x4c0
[   94.856739][ T5851]  ? lockdep_hardirqs_on+0x9c/0x150
[   94.856752][ T5851]  task_work_run+0x1d4/0x260
[   94.856772][ T5851]  ? __pfx_task_work_run+0x10/0x10
[   94.856781][ T5851]  ? __x64_sys_umount+0x122/0x160
[   94.856795][ T5851]  ? exit_to_user_mode_loop+0x40/0x110
[   94.856810][ T5851]  exit_to_user_mode_loop+0xec/0x110
[   94.856821][ T5851]  do_syscall_64+0x2bd/0x3b0
[   94.856832][ T5851]  ? lockdep_hardirqs_on+0x9c/0x150
[   94.856842][ T5851]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.856851][ T5851]  ? exc_page_fault+0x9f/0xf0
[   94.856861][ T5851]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.856869][ T5851] RIP: 0033:0x7fa89838ff17
[   94.856878][ T5851] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[   94.856886][ T5851] RSP: 002b:00007ffcd1e13658 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   94.856895][ T5851] RAX: 0000000000000000 RBX: 00007fa898411c05 RCX: 00007fa89838ff17
[   94.856901][ T5851] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffcd1e13710
[   94.856905][ T5851] RBP: 00007ffcd1e13710 R08: 0000000000000000 R09: 0000000000000000
[   94.856910][ T5851] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffcd1e147a0
[   94.856915][ T5851] R13: 00007fa898411c05 R14: 00000000000171ed R15: 00007ffcd1e147e0
[   94.856928][ T5851]  </TASK>
[   94.856932][ T5851] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[   95.325252][ T6540] chnl_net:caif_netlink_parms(): no params data found
[   95.419120][   T12] hsr_slave_0: left promiscuous mode
[   95.432146][   T12] hsr_slave_1: left promiscuous mode
[   95.458851][   T12] veth1_macvtap: left promiscuous mode
[   95.462158][   T12] veth0_macvtap: left promiscuous mode
[   95.464037][   T12] veth1_vlan: left promiscuous mode
[   95.466021][   T12] veth0_vlan: left promiscuous mode
[   95.971407][ T6607] netlink: 32 bytes leftover after parsing attributes in process `syz.1.257'.
[   96.190760][ T5857] Bluetooth: hci0: command tx timeout
[   96.309416][ T6623] loop1: detected capacity change from 0 to 1024
[   96.316255][   T12] team0 (unregistering): Port device team_slave_1 removed
[   96.329051][ T6623] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   96.367558][ T6627] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   96.384163][   T12] team0 (unregistering): Port device team_slave_0 removed
[   97.088838][ T6654] netlink: 4 bytes leftover after parsing attributes in process `syz.0.275'.
[   97.137683][ T6540] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.149980][ T6540] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.169345][ T6540] bridge_slave_0: entered allmulticast mode
[   97.187906][ T6540] bridge_slave_0: entered promiscuous mode
[   97.217380][ T6540] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.221030][ T6540] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.225137][ T6540] bridge_slave_1: entered allmulticast mode
[   97.249912][ T6540] bridge_slave_1: entered promiscuous mode
[   97.475964][ T6540] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   97.479691][ T6659] syz_tun: entered allmulticast mode
[   97.499824][ T6540] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   97.730945][ T6657] syz_tun: left allmulticast mode
[   97.737178][ T6540] team0: Port device team_slave_0 added
[   97.772531][ T6540] team0: Port device team_slave_1 added
[   97.914815][ T6540] batman_adv: batadv0: Adding interface: batadv_slave_0
[   97.917375][ T6540] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   97.968853][ T6540] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   97.988836][ T6540] batman_adv: batadv0: Adding interface: batadv_slave_1
[   98.000620][ T6540] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   98.009901][ T6540] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   98.126552][ T6665] capability: warning: `syz.1.278' uses 32-bit capabilities (legacy support in use)
[   98.160893][ T6665] netlink: 16 bytes leftover after parsing attributes in process `syz.1.278'.
[   98.280721][ T5857] Bluetooth: hci0: command tx timeout
[   98.327506][ T6540] hsr_slave_0: entered promiscuous mode
[   98.335369][ T6540] hsr_slave_1: entered promiscuous mode
[   98.798174][ T6673] loop0: detected capacity change from 0 to 1024
[   99.168344][ T1094] hfsplus: b-tree write err: -5, ino 4
[   99.514998][ T6540] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   99.549150][ T6540] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   99.555747][ T6684] loop0: detected capacity change from 0 to 2048
[   99.565467][ T6540] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   99.587221][ T6540] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   99.603894][ T6684] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[   99.642300][ T6684] overlayfs: upper fs needs to support d_type.
[   99.649465][ T6684] overlayfs: upper fs does not support RENAME_WHITEOUT.
[   99.654702][ T6684] overlayfs: failed to set xattr on upper
[   99.657981][ T6684] overlayfs: ...falling back to redirect_dir=nofollow.
[   99.660281][ T6684] overlayfs: ...falling back to index=off.
[   99.664724][ T6684] overlayfs: ...falling back to uuid=null.
[   99.719488][ T6540] 8021q: adding VLAN 0 to HW filter on device bond0
[   99.724249][ T5851] UDF-fs: error (device loop0): udf_read_inode: (ino 1317) failed !bh
[   99.728235][ T5851] UDF-fs: error (device loop0): udf_read_inode: (ino 1317) failed !bh
[   99.743097][ T6540] 8021q: adding VLAN 0 to HW filter on device team0
[   99.750012][   T28] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.752939][   T28] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.765882][   T28] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.768465][   T28] bridge0: port 2(bridge_slave_1) entered forwarding state
[  100.024514][   T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.073331][ T6540] 8021q: adding VLAN 0 to HW filter on device batadv0
[  100.100466][   T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.203979][   T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.232223][ T6540] veth0_vlan: entered promiscuous mode
[  100.253787][ T6540] veth1_vlan: entered promiscuous mode
[  100.309351][   T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.350789][ T5857] Bluetooth: hci0: command tx timeout
[  100.389197][ T6540] veth0_macvtap: entered promiscuous mode
[  100.405074][ T6540] veth1_macvtap: entered promiscuous mode
[  100.456192][ T6540] batman_adv: batadv0: Interface activated: batadv_slave_0
[  100.539038][ T6540] batman_adv: batadv0: Interface activated: batadv_slave_1
[  100.571659][   T13] bridge_slave_1: left allmulticast mode
[  100.573824][   T13] bridge_slave_1: left promiscuous mode
[  100.576032][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  100.586644][   T13] bridge_slave_0: left allmulticast mode
[  100.588929][   T13] bridge_slave_0: left promiscuous mode
[  100.607244][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  100.803848][ T5858] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  100.808473][ T5858] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  100.813403][ T5858] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  100.816992][ T5858] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  100.831606][ T5858] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  100.985889][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  100.992157][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  100.996898][   T13] bond0 (unregistering): Released all slaves
[  101.023162][   T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  101.047442][   T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  101.052589][   T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  101.076520][   T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  101.519497][ T6720] chnl_net:caif_netlink_parms(): no params data found
[  101.590234][ T6733] netlink: 4 bytes leftover after parsing attributes in process `syz.1.290'.
[  101.610291][   T28] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.613133][   T28] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.631925][   T13] hsr_slave_0: left promiscuous mode
[  101.635604][   T13] hsr_slave_1: left promiscuous mode
[  101.639573][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  101.644564][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  101.649496][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  101.655459][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  101.675574][   T13] veth1_macvtap: left promiscuous mode
[  101.677985][   T13] veth0_macvtap: left promiscuous mode
[  101.680314][   T13] veth1_vlan: left promiscuous mode
[  101.683176][   T13] veth0_vlan: left promiscuous mode
[  102.150219][   T13] team0 (unregistering): Port device team_slave_1 removed
[  102.200286][   T13] team0 (unregistering): Port device team_slave_0 removed
[  102.434807][ T5858] Bluetooth: hci0: command tx timeout
[  102.639374][   T24] infiniband syz1: ib_query_port failed (-19)
[  102.748380][ T6720] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.754024][ T1090] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  102.758290][ T1090] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  102.764764][ T6720] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.767573][ T6720] bridge_slave_0: entered allmulticast mode
[  102.789544][ T6720] bridge_slave_0: entered promiscuous mode
[  102.796955][ T6720] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.799657][ T6720] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.826286][ T6720] bridge_slave_1: entered allmulticast mode
[  102.849743][ T6720] bridge_slave_1: entered promiscuous mode
[  102.914071][ T5858] Bluetooth: hci1: command tx timeout
[  102.960198][ T6720] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  102.982578][ T6720] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  103.148296][ T6720] team0: Port device team_slave_0 added
[  103.172774][ T6720] team0: Port device team_slave_1 added
[  103.218195][ T6757] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  103.225081][ T5899] IPVS: starting estimator thread 0...
[  103.268623][ T6720] batman_adv: batadv0: Adding interface: batadv_slave_0
[  103.275435][ T6720] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  103.289896][ T6720] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  103.301166][ T6720] batman_adv: batadv0: Adding interface: batadv_slave_1
[  103.303866][ T6720] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  103.334138][ T6766] netlink: 8 bytes leftover after parsing attributes in process `syz.3.296'.
[  103.339008][ T6720] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  103.353356][ T6763] IPVS: using max 61 ests per chain, 146400 per kthread
[  103.502529][ T6720] hsr_slave_0: entered promiscuous mode
[  103.507198][ T6720] hsr_slave_1: entered promiscuous mode
[  103.510880][ T6720] debugfs: 'hsr0' already exists in 'hsr'
[  103.519181][ T6720] Cannot create hsr debugfs directory
[  103.648817][ T6778] netlink: 5 bytes leftover after parsing attributes in process `syz.3.300'.
[  103.660295][ T6778] 0{X: renamed from macvtap0 (while UP)
[  103.667576][ T6778] 0{X: entered allmulticast mode
[  103.669879][ T6778] veth0_macvtap: entered allmulticast mode
[  103.675528][ T6778] A link change request failed with some changes committed already. Interface 30{X may have been left with an inconsistent configuration, please check.
[  103.824281][ T6720] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  103.838757][ T6720] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  103.849497][ T6720] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  103.868166][ T6720] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  104.078270][ T6800] mmap: syz.3.303 (6800) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  104.094212][ T6720] 8021q: adding VLAN 0 to HW filter on device bond0
[  104.133611][ T6720] 8021q: adding VLAN 0 to HW filter on device team0
[  104.157120][   T53] bridge0: port 1(bridge_slave_0) entered blocking state
[  104.160650][   T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[  104.173150][   T53] bridge0: port 2(bridge_slave_1) entered blocking state
[  104.176104][   T53] bridge0: port 2(bridge_slave_1) entered forwarding state
[  104.477474][ T6720] 8021q: adding VLAN 0 to HW filter on device batadv0
[  104.683249][ T5833] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  104.708048][ T6720] veth0_vlan: entered promiscuous mode
[  104.716672][ T6720] veth1_vlan: entered promiscuous mode
[  104.745611][ T6720] veth0_macvtap: entered promiscuous mode
[  104.752861][ T6720] veth1_macvtap: entered promiscuous mode
[  104.768567][ T6720] batman_adv: batadv0: Interface activated: batadv_slave_0
[  104.780390][ T6720] batman_adv: batadv0: Interface activated: batadv_slave_1
[  104.793381][ T5878] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  104.796917][ T5878] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  104.800407][ T5878] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  104.808074][ T5878] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  104.842217][ T5833] usb 2-1: Using ep0 maxpacket: 16
[  104.857920][ T5833] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  104.867097][ T5833] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  104.883311][ T5833] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  104.888418][ T5833] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  104.904389][ T5833] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  104.920898][ T5833] usb 2-1: config 0 descriptor??
[  104.936553][ T1090] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  104.939795][ T1090] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  104.993957][ T5858] Bluetooth: hci1: command tx timeout
[  105.012693][ T3596] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  105.016622][ T3596] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  105.134901][ T6835] program syz.4.287 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  105.344981][ T5833] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0
[  105.367200][ T5833] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0
[  105.370192][ T5833] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0
[  105.395898][ T5833] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0
[  105.405275][ T6846] loop4: detected capacity change from 0 to 1024
[  105.409811][ T5833] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0
[  105.418031][ T5833] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0
[  105.423394][ T6846] EXT4-fs: Ignoring removed orlov option
[  105.429845][ T5833] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0
[  105.439840][ T6846] EXT4-fs (loop4): Test dummy encryption mode enabled
[  105.443049][ T5833] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0
[  105.447936][ T6846] EXT4-fs (loop4): stripe (7) is not aligned with cluster size (16), stripe is disabled
[  105.452492][ T5833] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0
[  105.455635][ T5833] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0
[  105.478097][ T6846] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  105.487484][ T5833] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0002/input/input6
[  105.520735][ T5833] microsoft 0003:045E:07DA.0002: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[  105.576797][ T5833] usb 2-1: USB disconnect, device number 4
[  105.684528][ T6846] fscrypt: AES-256-CBC-CTS using implementation "cts(cbc(ecb(aes-fixed-time)))"
[  106.168510][ T6720] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  106.543626][ T6874] netlink: 12 bytes leftover after parsing attributes in process `syz.1.315'.
[  106.742911][ T6879] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  106.747849][ T6879] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  107.081085][ T5858] Bluetooth: hci1: command tx timeout
[  107.942981][ T6904] netlink: 'syz.4.323': attribute type 30 has an invalid length.
[  108.359789][ T6916] loop4: detected capacity change from 0 to 512
[  108.382786][ T6916] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  108.615077][ T6720] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  108.711467][ T6936] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  109.033765][ T6953] netlink: 256 bytes leftover after parsing attributes in process `syz.3.339'.
[  109.153423][ T5858] Bluetooth: hci1: command tx timeout
[  109.291790][ T6968] bond_slave_0: entered promiscuous mode
[  109.294340][ T6968] bond_slave_1: entered promiscuous mode
[  109.307748][ T6968] macvtap0: entered allmulticast mode
[  109.317705][ T6968] bond0: entered allmulticast mode
[  109.319398][ T6968] bond_slave_0: entered allmulticast mode
[  109.321686][ T6968] bond_slave_1: entered allmulticast mode
[  109.324627][ T6968] 8021q: adding VLAN 0 to HW filter on device macvtap0
[  109.353973][ T6968] bond0: left allmulticast mode
[  109.356123][ T6968] bond_slave_0: left allmulticast mode
[  109.398366][ T6968] bond_slave_1: left allmulticast mode
[  109.402955][ T6968] bond_slave_0: left promiscuous mode
[  109.405409][ T6968] bond_slave_1: left promiscuous mode
[  110.204819][ T6990] capability: warning: `syz.1.352' uses deprecated v2 capabilities in a way that may be insecure
[  110.594874][ T7008] syz.1.356 uses obsolete (PF_INET,SOCK_PACKET)
[  110.740249][ T7017] netdevsim0: mtu less than device minimum
[  110.845842][ T7022] netlink: 12 bytes leftover after parsing attributes in process `syz.4.360'.
[  110.880002][ T7025] loop1: detected capacity change from 0 to 1024
[  111.052974][ T7032] netlink: 'syz.4.364': attribute type 27 has an invalid length.
[  111.176628][ T7037] loop4: detected capacity change from 0 to 2048
[  111.186701][ T7037] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  111.199567][ T7039] netlink: 'syz.1.365': attribute type 2 has an invalid length.
[  111.251446][ T7039] : entered promiscuous mode
[  111.848000][ T7066] batadv0: entered promiscuous mode
[  111.851655][ T7066] macvtap1: entered promiscuous mode
[  111.858259][ T7066] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  111.887177][ T7066] batadv0: left promiscuous mode
[  112.264866][ T7074] loop3: detected capacity change from 0 to 256
[  112.270257][ T7074] exfat: Deprecated parameter 'namecase'
[  112.290865][ T7074] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d)
[  112.341026][ T7060] loop4: detected capacity change from 0 to 40427
[  112.348358][ T7060] F2FS-fs (loop4): invalid crc value
[  112.523431][ T7060] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  112.527967][ T7060] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  112.566990][ T7060] bio_check_eod: 5 callbacks suppressed
[  112.567022][ T7060] syz.4.375: attempt to access beyond end of device
[  112.567022][ T7060] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  112.647868][ T6720] syz-executor: attempt to access beyond end of device
[  112.647868][ T6720] loop4: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  112.654765][ T6720] CPU: 0 UID: 0 PID: 6720 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  112.654784][ T6720] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  112.654825][ T6720] Call Trace:
[  112.654832][ T6720]  <TASK>
[  112.654838][ T6720]  dump_stack_lvl+0x189/0x250
[  112.654862][ T6720]  ? __pfx_dump_stack_lvl+0x10/0x10
[  112.654878][ T6720]  ? __pfx_queue_work_on+0x10/0x10
[  112.654892][ T6720]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  112.654910][ T6720]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  112.654938][ T6720]  f2fs_handle_critical_error+0x37c/0x540
[  112.654964][ T6720]  f2fs_write_end_io+0x886/0xb60
[  112.654991][ T6720]  __submit_merged_bio+0x27a/0x6a0
[  112.655014][ T6720]  __submit_merged_write_cond+0x255/0x530
[  112.655039][ T6720]  f2fs_write_data_pages+0x261d/0x3000
[  112.655092][ T6720]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  112.655152][ T6720]  ? __mod_zone_page_state+0xd7/0x140
[  112.655180][ T6720]  ? folios_put_refs+0x560/0x640
[  112.655205][ T6720]  ? __pfx_folios_put_refs+0x10/0x10
[  112.655218][ T6720]  ? rcu_is_watching+0x15/0xb0
[  112.655239][ T6720]  ? __lock_acquire+0xab9/0xd20
[  112.655275][ T6720]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  112.655296][ T6720]  do_writepages+0x32e/0x550
[  112.655323][ T6720]  ? do_raw_spin_unlock+0x4d/0x240
[  112.655344][ T6720]  filemap_fdatawrite+0x199/0x240
[  112.655364][ T6720]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  112.655425][ T6720]  ? do_raw_spin_unlock+0x4d/0x240
[  112.655453][ T6720]  f2fs_sync_dirty_inodes+0x31f/0x830
[  112.655480][ T6720]  f2fs_write_checkpoint+0x95a/0x1df0
[  112.655517][ T6720]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  112.655569][ T6720]  ? kill_f2fs_super+0x298/0x6c0
[  112.655586][ T6720]  kill_f2fs_super+0x2c3/0x6c0
[  112.655604][ T6720]  ? __pfx_kill_f2fs_super+0x10/0x10
[  112.655614][ T6720]  ? radix_tree_delete_item+0x2b6/0x400
[  112.655637][ T6720]  ? shrinker_free+0x2ce/0x3e0
[  112.655655][ T6720]  deactivate_locked_super+0xbc/0x130
[  112.655673][ T6720]  cleanup_mnt+0x425/0x4c0
[  112.655687][ T6720]  ? lockdep_hardirqs_on+0x9c/0x150
[  112.655706][ T6720]  task_work_run+0x1d4/0x260
[  112.655727][ T6720]  ? __pfx_task_work_run+0x10/0x10
[  112.655741][ T6720]  ? __x64_sys_umount+0x122/0x160
[  112.655764][ T6720]  ? exit_to_user_mode_loop+0x40/0x110
[  112.655787][ T6720]  exit_to_user_mode_loop+0xec/0x110
[  112.655840][ T6720]  do_syscall_64+0x2bd/0x3b0
[  112.655857][ T6720]  ? lockdep_hardirqs_on+0x9c/0x150
[  112.655875][ T6720]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.655889][ T6720]  ? exc_page_fault+0x9f/0xf0
[  112.655908][ T6720]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.655921][ T6720] RIP: 0033:0x7f24f678ff17
[  112.655935][ T6720] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  112.655945][ T6720] RSP: 002b:00007ffcf5383608 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  112.655960][ T6720] RAX: 0000000000000000 RBX: 00007f24f6811c05 RCX: 00007f24f678ff17
[  112.655969][ T6720] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffcf53836c0
[  112.655977][ T6720] RBP: 00007ffcf53836c0 R08: 0000000000000000 R09: 0000000000000000
[  112.655985][ T6720] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffcf5384750
[  112.655994][ T6720] R13: 00007f24f6811c05 R14: 000000000001b774 R15: 00007ffcf5384790
[  112.656019][ T6720]  </TASK>
[  112.656026][ T6720] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  113.196956][ T7101] netlink: 104 bytes leftover after parsing attributes in process `syz.1.392'.
[  113.351961][ T7110] loop3: detected capacity change from 0 to 8
[  113.588151][ T7119] loop1: detected capacity change from 0 to 1764
[  114.268192][ T7128] loop1: detected capacity change from 0 to 32768
[  114.271640][ T7128] XFS: ikeep mount option is deprecated.
[  114.315804][ T7128] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  114.371112][ T7128] XFS (loop1): Ending clean mount
[  114.376156][ T7128] XFS (loop1): Quotacheck needed: Please wait.
[  114.454858][ T7128] XFS (loop1): Quotacheck: Done.
[  115.133273][ T7158] loop3: detected capacity change from 0 to 256
[  115.454504][ T7158] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[  116.584718][ T5855] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  116.643872][ T7178] loop3: detected capacity change from 0 to 1024
[  116.886763][   T28] hfsplus: b-tree write err: -5, ino 4
[  117.538752][ T7199] Illegal XDP return value 342184576 on prog  (id 44) dev N/A, expect packet loss!
[  118.275009][ T7224] netlink: 'syz.1.426': attribute type 13 has an invalid length.
[  118.723999][ T7221] loop3: detected capacity change from 0 to 32768
[  118.771888][ T7221] ocfs2: Mounting device (7,3) on (node local, slot 0) with writeback data mode.
[  118.926097][ T7221] (syz.3.425,7221,0):ocfs2_check_set_options:1244 ERROR: Invalid heartbeat mount options
[  119.246557][ T6540] ocfs2: Unmounting device (7,3) on (node local)
[  120.747616][ T7247] loop3: detected capacity change from 0 to 32768
[  120.764694][ T7277] netlink: 'syz.4.439': attribute type 10 has an invalid length.
[  120.776761][ T7247] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.430 (7247)
[  120.793623][ T7277] macvlan1: entered allmulticast mode
[  120.811298][ T7247] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  120.814760][ T7247] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  120.817648][ T7247] BTRFS info (device loop3): using free-space-tree
[  120.822045][ T7277] veth1_vlan: entered allmulticast mode
[  120.834927][ T7277] team0: Port device macvlan1 added
[  120.841932][ T7283] netlink: 420 bytes leftover after parsing attributes in process `syz.1.440'.
[  120.845971][ T7283] netlink: 16 bytes leftover after parsing attributes in process `syz.1.440'.
[  120.861973][ T7283] netlink: 16 bytes leftover after parsing attributes in process `syz.1.440'.
[  120.864727][ T7283] netlink: 4 bytes leftover after parsing attributes in process `syz.1.440'.
[  120.958768][ T7247] BTRFS info (device loop3): rebuilding free space tree
[  121.014030][ T7305] loop1: detected capacity change from 0 to 512
[  121.024095][ T7305] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  121.028192][ T7303] sock: sock_set_timeout: `syz.4.441' (pid 7303) tries to set negative timeout
[  121.071911][ T7305] EXT4-fs (loop1): 1 truncate cleaned up
[  121.091840][ T7305] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  121.173954][ T7313] loop4: detected capacity change from 0 to 16
[  121.218515][   T13] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared)
[  121.225959][ T7313] erofs (device loop4): mounted with root inode @ nid 36.
[  121.229990][ T5855] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  121.309112][ T6540] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  121.355325][ T7318] netlink: 'syz.1.444': attribute type 10 has an invalid length.
[  121.381684][ T7318] netlink: 40 bytes leftover after parsing attributes in process `syz.1.444'.
[  121.395217][ T7318] batadv0: entered promiscuous mode
[  121.397080][ T7318] batadv0: entered allmulticast mode
[  121.399708][ T7318] bridge0: port 3(batadv0) entered blocking state
[  121.403758][ T7318] bridge0: port 3(batadv0) entered disabled state
[  121.422355][ T7318] bridge0: port 3(batadv0) entered blocking state
[  121.424642][ T7318] bridge0: port 3(batadv0) entered forwarding state
[  121.820782][   T13] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[  121.823840][   T13] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[  121.954299][ T7355] binder: 7354:7355 ioctl 541b 0 returned -22
[  122.156903][ T7364] loop3: detected capacity change from 0 to 4096
[  122.165858][ T7364] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512).
[  122.175259][ T7371] fuse: Unknown parameter 'fd0xffffffffffffffff'
[  122.410549][ T7382] loop4: detected capacity change from 0 to 512
[  122.419790][ T7382] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  122.460099][ T7382] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  122.472152][ T7382] ext4 filesystem being mounted at /59/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  122.681650][ T7395] loop3: detected capacity change from 0 to 256
[  122.689917][ T6720] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  123.907356][ T7426] loop4: detected capacity change from 0 to 32768
[  123.927391][ T7426] bcachefs (/dev/loop4): error validating superblock: Invalid superblock section replicas_v0: invalid device 1 in entry (unknown data_type 224): 1/245 [0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 4 5 5 6 10 11 11 11 26 33 34 45 45 56 80]
[  123.927391][ T7426] replicas_v0 (size 40):
[  123.927391][ T7426] (unknown data_type 224): 15 [0 0 0 0 0 0 255 255 255 255 255 255 255 255 255] (unknown data_type 224): 245 [5 0 0 0 0 1 0 0 0 0 0 0 0 80 0 0 0 10 0 0 0 0 0 0 0 0 0 0 0 56 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 34 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 45 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
[  123.927558][ T7426] bcachefs: bch2_fs_get_tree() error: invalid_replicas_entry
[  124.120885][ T5913] usb 2-1: new full-speed USB device number 5 using dummy_hcd
[  124.273659][ T5913] usb 2-1: config 0 has an invalid interface number: 152 but max is 0
[  124.282534][ T5913] usb 2-1: config 0 has no interface number 0
[  124.286825][ T5913] usb 2-1: config 0 interface 152 altsetting 7 endpoint 0xA has invalid maxpacket 1024, setting to 64
[  124.301025][ T5913] usb 2-1: config 0 interface 152 has no altsetting 0
[  124.316231][ T5913] usb 2-1: New USB device found, idVendor=0e7e, idProduct=1001, bcdDevice=a3.17
[  124.319006][   T33] audit: type=1326 audit(1755689693.861:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7452 comm="syz.4.477" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f24f678ebe9 code=0x0
[  124.319856][ T5913] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  124.334038][ T5913] usb 2-1: Product: syz
[  124.335735][ T5913] usb 2-1: Manufacturer: syz
[  124.337643][ T5913] usb 2-1: SerialNumber: syz
[  124.347209][ T5913] usb 2-1: config 0 descriptor??
[  124.355432][ T7432] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  124.567891][ T7432] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  124.587661][ T5913] cdc_subset 2-1:0.152 usb0: register 'cdc_subset' at usb-dummy_hcd.1-1, Yopy, b2:45:a7:8d:4f:b7
[  124.786324][  T792] usb 2-1: USB disconnect, device number 5
[  124.799562][  T792] cdc_subset 2-1:0.152 usb0: unregister 'cdc_subset' usb-dummy_hcd.1-1, Yopy
[  125.770685][  T792] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  125.942580][  T792] usb 2-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  125.946485][  T792] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  125.957093][  T792] usb 2-1: config 0 descriptor??
[  125.978525][  T792] gspca_main: cpia1-2.14.0 probing 0813:0001
[  126.172125][ T7474] loop4: detected capacity change from 0 to 131072
[  126.181113][ T7474] F2FS-fs (loop4): Test dummy encryption mode enabled
[  126.199996][ T7474] F2FS-fs (loop4): invalid crc value
[  126.259641][ T7474] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  126.264620][ T7474] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  126.487574][ T7474] fscrypt (loop4, inode 10): Missing crypto API support for AES-256-XTS (API name: "xts(aes)")
[  126.523218][  T792] cpia1 2-1:0.0: unexpected state after lo power cmd: 00
[  127.552543][  T792] gspca_cpia1: usb_control_msg 01, error -110
[  127.564494][  T792] cpia1 2-1:0.0: only firmware version 1 is supported (got: 0)
[  127.984584][ T7514] (unnamed net_device) (uninitialized): option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  127.993943][ T5913] usb 2-1: USB disconnect, device number 6
[  128.241022][   T47] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  128.403104][   T47] usb 4-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad
[  128.406299][   T47] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  128.411648][   T47] usb 4-1: config 0 descriptor??
[  128.416143][   T47] gspca_main: spca508-2.14.0 probing 8086:0110
[  128.753829][ T7518] loop1: detected capacity change from 0 to 40427
[  128.757458][   T47] gspca_spca508: reg_read err -32
[  128.762662][ T7518] F2FS-fs (loop1): Wrong SSA boundary, start(3584) end(4096) blocks(0)
[  128.766010][ T7518] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  128.769064][ T7518] F2FS-fs (loop1): build fault injection type: 0x6
[  128.772292][ T7518] F2FS-fs (loop1): invalid crc value
[  128.774123][   T47] gspca_spca508: reg_read err -32
[  128.811284][ T7518] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  128.815041][ T7518] F2FS-fs (loop1): Start checkpoint disabled!
[  128.822665][ T7518] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  128.825057][ T7518] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  128.827934][   T47] gspca_spca508: reg_read err -32
[  128.830338][   T47] gspca_spca508: reg_read err -32
[  128.835128][ T7514] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  128.838995][ T7514] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  129.342360][   T47] gspca_spca508: reg_read err -110
[  129.349262][   T47] gspca_spca508: reg write: error -32
[  129.364207][   T47] spca508 4-1:0.0: probe with driver spca508 failed with error -32
[  130.490723][   T24] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  130.668361][   T24] usb 5-1: Using ep0 maxpacket: 16
[  130.673577][   T24] usb 5-1: config 0 interface 0 has no altsetting 0
[  130.679210][   T24] usb 5-1: New USB device found, idVendor=0566, idProduct=3004, bcdDevice= 0.00
[  130.687383][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  130.697219][   T40] kworker/u10:2: attempt to access beyond end of device
[  130.697219][   T40] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  130.705376][   T24] usb 5-1: config 0 descriptor??
[  130.707844][   T40] CPU: 1 UID: 0 PID: 40 Comm: kworker/u10:2 Not tainted syzkaller #0 PREEMPT(full) 
[  130.707856][   T40] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  130.707862][   T40] Workqueue: writeback wb_workfn (flush-7:1)
[  130.707877][   T40] Call Trace:
[  130.707881][   T40]  <TASK>
[  130.707885][   T40]  dump_stack_lvl+0x189/0x250
[  130.707899][   T40]  ? __pfx_dump_stack_lvl+0x10/0x10
[  130.707908][   T40]  ? __pfx_queue_work_on+0x10/0x10
[  130.707916][   T40]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  130.707927][   T40]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  130.707942][   T40]  f2fs_handle_critical_error+0x37c/0x540
[  130.707957][   T40]  f2fs_write_end_io+0x886/0xb60
[  130.707972][   T40]  __submit_merged_bio+0x27a/0x6a0
[  130.707986][   T40]  __submit_merged_write_cond+0x255/0x530
[  130.707999][   T40]  f2fs_write_data_pages+0x261d/0x3000
[  130.708025][   T40]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  130.708043][   T40]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  130.708066][   T40]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  130.708099][   T40]  ? look_up_lock_class+0x74/0x170
[  130.708116][   T40]  ? trace_f2fs_writepages+0x7f/0x200
[  130.708127][   T40]  ? f2fs_write_node_pages+0x478/0x6e0
[  130.708139][   T40]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  130.708156][   T40]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  130.708168][   T40]  do_writepages+0x32e/0x550
[  130.708206][   T40]  ? reacquire_held_locks+0x127/0x1d0
[  130.708215][   T40]  ? writeback_sb_inodes+0x384/0x1010
[  130.708230][   T40]  __writeback_single_inode+0x145/0xff0
[  130.708241][   T40]  ? do_raw_spin_unlock+0x4d/0x240
[  130.708252][   T40]  writeback_sb_inodes+0x6c7/0x1010
[  130.708265][   T40]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  130.708282][   T40]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  130.708310][   T40]  ? rcu_is_watching+0x15/0xb0
[  130.708327][   T40]  wb_writeback+0x43b/0xaf0
[  130.708347][   T40]  ? queue_io+0x321/0x590
[  130.708362][   T40]  ? __pfx_wb_writeback+0x10/0x10
[  130.708380][   T40]  ? _raw_spin_unlock_irq+0x23/0x50
[  130.708398][   T40]  wb_workfn+0x409/0xef0
[  130.708416][   T40]  ? __pfx_wb_workfn+0x10/0x10
[  130.708426][   T40]  ? __lock_acquire+0xab9/0xd20
[  130.708447][   T40]  ? process_scheduled_works+0x9ef/0x17b0
[  130.708466][   T40]  ? _raw_spin_unlock_irq+0x23/0x50
[  130.708481][   T40]  ? process_scheduled_works+0x9ef/0x17b0
[  130.708491][   T40]  ? process_scheduled_works+0x9ef/0x17b0
[  130.708500][   T40]  process_scheduled_works+0xae1/0x17b0
[  130.708521][   T40]  ? __pfx_process_scheduled_works+0x10/0x10
[  130.708537][   T40]  worker_thread+0x8a0/0xda0
[  130.708557][   T40]  kthread+0x711/0x8a0
[  130.708575][   T40]  ? __pfx_worker_thread+0x10/0x10
[  130.708583][   T40]  ? __pfx_kthread+0x10/0x10
[  130.708593][   T40]  ? _raw_spin_unlock_irq+0x23/0x50
[  130.708602][   T40]  ? lockdep_hardirqs_on+0x9c/0x150
[  130.708611][   T40]  ? __pfx_kthread+0x10/0x10
[  130.708621][   T40]  ret_from_fork+0x3fc/0x770
[  130.708632][   T40]  ? __pfx_ret_from_fork+0x10/0x10
[  130.708643][   T40]  ? __switch_to_asm+0x39/0x70
[  130.708653][   T40]  ? __switch_to_asm+0x33/0x70
[  130.708662][   T40]  ? __pfx_kthread+0x10/0x10
[  130.708672][   T40]  ret_from_fork_asm+0x1a/0x30
[  130.708689][   T40]  </TASK>
[  130.813261][   T40] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  131.030185][ T6030] usb 4-1: USB disconnect, device number 2
[  131.204044][ T7545] netlink: 'syz.3.501': attribute type 21 has an invalid length.
[  131.207161][ T7545] netlink: 132 bytes leftover after parsing attributes in process `syz.3.501'.
[  131.215163][ T7545] netlink: 'syz.3.501': attribute type 1 has an invalid length.
[  131.234122][   T24] monterey 0003:0566:3004.0003: unknown main item tag 0x0
[  131.239987][   T24] monterey 0003:0566:3004.0003: unknown main item tag 0x0
[  131.247368][   T24] monterey 0003:0566:3004.0003: unknown main item tag 0x0
[  131.257550][   T24] monterey 0003:0566:3004.0003: unknown main item tag 0x0
[  131.260001][   T24] monterey 0003:0566:3004.0003: unknown main item tag 0x0
[  131.268087][   T24] monterey 0003:0566:3004.0003: unknown main item tag 0x0
[  131.289931][   T24] monterey 0003:0566:3004.0003: unknown main item tag 0x0
[  131.299306][   T24] monterey 0003:0566:3004.0003: unknown main item tag 0x0
[  131.336006][   T24] monterey 0003:0566:3004.0003: unknown main item tag 0x0
[  131.357792][   T24] monterey 0003:0566:3004.0003: unknown main item tag 0x0
[  131.423245][   T24] monterey 0003:0566:3004.0003: hidraw0: USB HID v0.00 Device [HID 0566:3004] on usb-dummy_hcd.4-1/input0
[  131.448915][   T24] usb 5-1: USB disconnect, device number 2
[  131.989766][ T7563] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  132.161335][ T7565] Bluetooth: MGMT ver 1.23
[  132.443386][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[  132.446203][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[  133.474448][ T7604] netlink: 88 bytes leftover after parsing attributes in process `syz.4.522'.
[  133.624018][ T7608] ptrace attach of "/syz-executor exec"[6720] was attempted by "ߖ鷴)Qo  \x0dvҢ9T{-92\x0ap_3j nޭOa)bkߟ.\x0aK~򜛱تKOkF^3B3){\x5crHBd,X\x09\x0b3c\x22&W\x22\x1bTL'\x09!_Nhٹ=n>a (G6茷A+&ϋЈUߍa{@{\x0b[ɸYacAzÂGl:d<]u~v!9,?Ŵ>\x22ar\x1blKڬY*VS8ȁ6]kK.=`#\x07x!gMDR*OLK\x0c}oKbA>{@aMdnQj̖5)];r,L\x0c=\x0dWAE n`>Ɵs-3`yfeH^/$L1&NP\x0d1D<\x07cPd(EdtaE!ҭ \x09@ݞHG~H<D$\x0crX`-ͪ/IFEtI;{*W\x0c\x0a:ÈV'\x0c8sejke~ɫRLB*\x0b-r@\x07VMšv%OymWGܕ|ʤ=tU?hK0uӣٜ0G 'b,\x22ߊ;2Ո'G/޳7Wd\x5c!w%xg\x22x[4!NlQ(\x0a@[+ ؐǬ[[zN sB&X>%3{- ^Qǚ4e3\x0b>sF̗H]+\x0
[  134.000693][ T5913] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  134.204953][ T5913] usb 4-1: config 0 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  134.209203][ T5913] usb 4-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0
[  134.220916][ T5913] usb 4-1: config 0 interface 0 has no altsetting 0
[  134.223647][ T5913] usb 4-1: New USB device found, idVendor=5543, idProduct=0005, bcdDevice= 0.00
[  134.231208][ T5913] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  134.243257][ T5913] usb 4-1: config 0 descriptor??
[  134.479867][ T7620] netlink: 1 bytes leftover after parsing attributes in process `syz.4.529'.
[  134.484476][ T7620] netlink: 1 bytes leftover after parsing attributes in process `syz.4.529'.
[  134.660717][ T6030] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  134.694437][ T5913] uclogic 0003:5543:0005.0004: item 0 2 0 8 parsing failed
[  134.706910][ T5913] uclogic 0003:5543:0005.0004: parse failed
[  134.709516][ T5913] uclogic 0003:5543:0005.0004: probe with driver uclogic failed with error -22
[  134.831014][ T6030] usb 2-1: Using ep0 maxpacket: 32
[  134.836871][ T6030] usb 2-1: config 0 has an invalid interface number: 51 but max is 0
[  134.839960][ T6030] usb 2-1: config 0 has no interface number 0
[  134.850209][ T6030] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  134.854361][ T6030] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  134.859214][ T6030] usb 2-1: Product: syz
[  134.863097][ T6030] usb 2-1: Manufacturer: syz
[  134.865152][ T6030] usb 2-1: SerialNumber: syz
[  134.890298][ T5913] usb 4-1: USB disconnect, device number 3
[  134.891660][ T6030] usb 2-1: config 0 descriptor??
[  134.910240][ T6030] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  135.125524][ T6030] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  135.141437][ T6030] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  135.524950][    C1] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71
[  135.526310][ T5913] usb 2-1: USB disconnect, device number 7
[  135.577316][ T5913] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  135.622088][ T5913] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  135.633142][ T5913] quatech2 2-1:0.51: device disconnected
[  136.026347][ T7640] loop4: detected capacity change from 0 to 512
[  136.074484][ T7640] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem
[  136.094071][ T7640] EXT4-fs error (device loop4): ext4_orphan_get:1418: comm syz.4.536: bad orphan inode 15
[  136.096097][ T7643] netlink: 'syz.1.537': attribute type 9 has an invalid length.
[  136.101839][ T7640] ext4_test_bit(bit=14, block=18) = 1
[  136.103605][ T7640] is_bad_inode(inode)=0
[  136.104820][ T7640] NEXT_ORPHAN(inode)=1023
[  136.105304][ T7643] netlink: 200108 bytes leftover after parsing attributes in process `syz.1.537'.
[  136.106082][ T7640] max_ino=32
[  136.109938][ T7643] openvswitch: netlink: Message has 5 unknown bytes.
[  136.126670][ T7640] i_nlink=0
[  136.137130][ T7640] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0009-000000000000 r/w without journal. Quota mode: none.
[  136.147172][ T7640] ext2 filesystem being mounted at /90/qY3aK supports timestamps until 2038-01-19 (0x7fffffff)
[  136.203185][ T6720] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0009-000000000000.
[  136.229409][ T7638] loop3: detected capacity change from 0 to 32768
[  137.000902][ T5913] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  137.185918][ T5913] usb 2-1: config 1 has an invalid descriptor of length 126, skipping remainder of the config
[  137.190041][ T5913] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18
[  137.196937][ T5913] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  137.202279][ T5913] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  137.205568][ T5913] usb 2-1: SerialNumber: syz
[  137.429940][  T793] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  137.437889][ T5913] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -22
[  137.454180][ T5913] usb 2-1: USB disconnect, device number 8
[  137.580829][  T793] usb 4-1: Using ep0 maxpacket: 32
[  137.585021][  T793] usb 4-1: unable to get BOS descriptor or descriptor too short
[  137.589533][  T793] usb 4-1: config 4 has an invalid interface number: 10 but max is 0
[  137.594246][  T793] usb 4-1: config 4 has no interface number 0
[  137.596740][  T793] usb 4-1: config 4 interface 10 has no altsetting 0
[  137.602387][  T793] usb 4-1: New USB device found, idVendor=06e1, idProduct=a155, bcdDevice=b6.15
[  137.605922][  T793] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  137.609016][  T793] usb 4-1: Product: syz
[  137.612288][  T793] usb 4-1: Manufacturer: syz
[  137.614517][  T793] usb 4-1: SerialNumber: syz
[  138.167405][  T793] radio-si470x 4-1:4.10: could not find interrupt in endpoint
[  138.169829][  T793] radio-si470x 4-1:4.10: probe with driver radio-si470x failed with error -5
[  138.175936][  T793] usbhid 4-1:4.10: couldn't find an input interrupt endpoint
[  138.182788][  T793] usb 4-1: USB disconnect, device number 4
[  138.529551][ T7691] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 3946
[  138.534511][ T7687] loop1: detected capacity change from 0 to 32768
[  138.544931][ T7687] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.556 (7687)
[  138.580976][ T7687] BTRFS info (device loop1 state S): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  138.596642][ T7687] BTRFS info (device loop1 state S): using blake2b (blake2b-256-generic) checksum algorithm
[  138.600391][ T7687] BTRFS info (device loop1 state S): disk space caching is enabled
[  138.624066][ T7687] BTRFS warning (device loop1 state S): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  138.636018][ T7687] workqueue: max_active 2097158 requested for btrfs-worker is out of range, clamping between 1 and 2048
[  138.654959][ T7687] workqueue: max_active 2097158 requested for btrfs-delalloc is out of range, clamping between 1 and 2048
[  138.681047][ T7687] workqueue: max_active 2097158 requested for btrfs-endio is out of range, clamping between 1 and 2048
[  138.695628][ T7687] workqueue: max_active 2097158 requested for btrfs-endio-meta is out of range, clamping between 1 and 2048
[  138.699627][ T7687] workqueue: max_active 2097158 requested for btrfs-rmw is out of range, clamping between 1 and 2048
[  138.730673][ T7687] workqueue: max_active 2097158 requested for btrfs-endio-write is out of range, clamping between 1 and 2048
[  138.737948][ T7687] workqueue: max_active 2097158 requested for btrfs-compressed-write is out of range, clamping between 1 and 2048
[  138.804341][ T7719] loop4: detected capacity change from 0 to 1024
[  138.827817][ T7719] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  138.849526][ T7719] ext4 filesystem being mounted at /102/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  138.858837][ T5855] BTRFS info (device loop1 state CS): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  138.863220][   T33] audit: type=1800 audit(1755689708.401:6): pid=7719 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.565" name="file1" dev="loop4" ino=15 res=0 errno=0
[  138.944295][ T6720] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  138.952752][   T33] audit: type=1326 audit(1755689708.491:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7708 comm="syz.3.563" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f809d18ebe9 code=0x7fc00000
[  139.287274][ T7735] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  139.290033][ T7735] IPv6: NLM_F_CREATE should be set when creating new route
[  139.292560][ T7735] IPv6: NLM_F_CREATE should be set when creating new route
[  139.294916][ T7735] IPv6: NLM_F_CREATE should be set when creating new route
[  139.552012][   T33] audit: type=1326 audit(1755689709.101:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7708 comm="syz.3.563" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f809d18ebe9 code=0x7fc00000
[  139.960815][ T6030] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  139.988096][ T7743] tmpfs: Group quota block hardlimit too large.
[  140.049622][ T7745] tmpfs: Bad value for 'mpol'
[  140.113381][ T6030] usb 4-1: Using ep0 maxpacket: 16
[  140.151250][ T6030] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  140.183420][ T6030] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  140.196585][ T6030] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  140.201799][ T6030] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  140.205487][ T6030] usb 4-1: Product: syz
[  140.207294][ T6030] usb 4-1: Manufacturer: syz
[  140.209391][ T6030] usb 4-1: SerialNumber: syz
[  140.631543][ T6030] usb 4-1: 0:2 : does not exist
[  140.668482][ T6030] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[  140.785941][ T6030] usb 4-1: USB disconnect, device number 5
[  140.921673][ T6226] udevd[6226]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  141.086516][ T7761] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  141.188367][ T7763] loop4: detected capacity change from 0 to 64
[  141.704085][ T7781] netlink: 20 bytes leftover after parsing attributes in process `syz.4.588'.
[  141.708018][ T7765] loop3: detected capacity change from 0 to 32768
[  141.766472][ T7765] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  141.802539][ T7765] XFS (loop3): Ending clean mount
[  141.826046][ T7765] XFS (loop3): Quotacheck needed: Please wait.
[  141.888401][ T7765] XFS (loop3): Quotacheck: Done.
[  141.922787][   T33] audit: type=1804 audit(1755689967.469:9): pid=7765 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.580" name="/newroot/88/file0/file1" dev="loop3" ino=9286 res=1 errno=0
[  141.964004][ T6540] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  142.242818][ T7795] loop4: detected capacity change from 0 to 40427
[  142.249129][ T7795] F2FS-fs (loop4): invalid crc value
[  142.553585][ T7795] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  142.582653][ T7795] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  142.621528][ T6720] syz-executor: attempt to access beyond end of device
[  142.621528][ T6720] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  142.626916][ T6720] CPU: 0 UID: 0 PID: 6720 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  142.626935][ T6720] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  142.626944][ T6720] Call Trace:
[  142.626950][ T6720]  <TASK>
[  142.626956][ T6720]  dump_stack_lvl+0x189/0x250
[  142.626981][ T6720]  ? __pfx_dump_stack_lvl+0x10/0x10
[  142.626998][ T6720]  ? __pfx_queue_work_on+0x10/0x10
[  142.627012][ T6720]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  142.627030][ T6720]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  142.627056][ T6720]  f2fs_handle_critical_error+0x37c/0x540
[  142.627084][ T6720]  f2fs_write_end_io+0x886/0xb60
[  142.627141][ T6720]  __submit_merged_bio+0x27a/0x6a0
[  142.627168][ T6720]  __submit_merged_write_cond+0x255/0x530
[  142.627194][ T6720]  f2fs_write_data_pages+0x261d/0x3000
[  142.627247][ T6720]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  142.627308][ T6720]  ? __mod_zone_page_state+0xd7/0x140
[  142.627337][ T6720]  ? folios_put_refs+0x560/0x640
[  142.627365][ T6720]  ? __lock_acquire+0xab9/0xd20
[  142.627393][ T6720]  ? do_raw_spin_lock+0x121/0x290
[  142.627421][ T6720]  ? do_raw_spin_unlock+0x4d/0x240
[  142.627438][ T6720]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  142.627460][ T6720]  do_writepages+0x32e/0x550
[  142.627489][ T6720]  ? do_raw_spin_unlock+0x4d/0x240
[  142.627510][ T6720]  filemap_fdatawrite+0x199/0x240
[  142.627529][ T6720]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  142.627593][ T6720]  ? do_raw_spin_unlock+0x4d/0x240
[  142.627614][ T6720]  f2fs_sync_dirty_inodes+0x31f/0x830
[  142.627641][ T6720]  f2fs_write_checkpoint+0x95a/0x1df0
[  142.627676][ T6720]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  142.627735][ T6720]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  142.627750][ T6720]  ? kfree+0x18e/0x440
[  142.627768][ T6720]  ? kill_f2fs_super+0x298/0x6c0
[  142.627787][ T6720]  kill_f2fs_super+0x2c3/0x6c0
[  142.627808][ T6720]  ? __pfx_kill_f2fs_super+0x10/0x10
[  142.627820][ T6720]  ? radix_tree_delete_item+0x2b6/0x400
[  142.627865][ T6720]  ? shrinker_free+0x2ce/0x3e0
[  142.627883][ T6720]  deactivate_locked_super+0xbc/0x130
[  142.627903][ T6720]  cleanup_mnt+0x425/0x4c0
[  142.627920][ T6720]  ? lockdep_hardirqs_on+0x9c/0x150
[  142.627940][ T6720]  task_work_run+0x1d4/0x260
[  142.627963][ T6720]  ? __pfx_task_work_run+0x10/0x10
[  142.627979][ T6720]  ? __x64_sys_umount+0x122/0x160
[  142.628003][ T6720]  ? exit_to_user_mode_loop+0x40/0x110
[  142.628026][ T6720]  exit_to_user_mode_loop+0xec/0x110
[  142.628047][ T6720]  do_syscall_64+0x2bd/0x3b0
[  142.628065][ T6720]  ? lockdep_hardirqs_on+0x9c/0x150
[  142.628082][ T6720]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.628097][ T6720]  ? exc_page_fault+0x9f/0xf0
[  142.628145][ T6720]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.628159][ T6720] RIP: 0033:0x7f24f678ff17
[  142.628172][ T6720] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  142.628183][ T6720] RSP: 002b:00007ffcf5383608 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  142.628197][ T6720] RAX: 0000000000000000 RBX: 00007f24f6811c05 RCX: 00007f24f678ff17
[  142.628207][ T6720] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffcf53836c0
[  142.628215][ T6720] RBP: 00007ffcf53836c0 R08: 0000000000000000 R09: 0000000000000000
[  142.628223][ T6720] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffcf5384750
[  142.628232][ T6720] R13: 00007f24f6811c05 R14: 0000000000022c9b R15: 00007ffcf5384790
[  142.628259][ T6720]  </TASK>
[  142.629216][ T6720] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  143.404015][ T7812] loop4: detected capacity change from 0 to 4096
[  143.424474][ T7813] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  143.460006][ T6720] NILFS (loop4): DAT doesn't have a block to manage vblocknr = 648518346341351424
[  143.463389][ T6720] NILFS error (device loop4): nilfs_bmap_truncate: broken bmap (inode number=12)
[  143.470022][ T6720] Remounting filesystem read-only
[  143.472574][ T6720] NILFS (loop4): error -5 truncating bmap (ino=12)
[  143.477058][ T6720] NILFS (loop4): disposed unprocessed dirty file(s) when detaching log writer
[  143.580627][    T9] usb 4-1: new full-speed USB device number 6 using dummy_hcd
[  143.747165][ T7819] veth1_macvtap: left promiscuous mode
[  143.749439][ T7819] macsec0: entered promiscuous mode
[  143.755835][ T7819] macsec0: entered allmulticast mode
[  143.764299][ T7819] veth1_macvtap: entered promiscuous mode
[  143.766521][ T7819] veth1_macvtap: entered allmulticast mode
[  143.769570][ T7819] macsec0: left promiscuous mode
[  143.774830][ T7819] macsec0: left allmulticast mode
[  143.776823][ T7819] veth1_macvtap: left allmulticast mode
[  143.782222][    T9] usb 4-1: unable to get BOS descriptor or descriptor too short
[  143.786615][    T9] usb 4-1: not running at top speed; connect to a high speed hub
[  143.831375][    T9] usb 4-1: config 14 has an invalid interface number: 18 but max is 0
[  143.835034][    T9] usb 4-1: config 14 has an invalid descriptor of length 0, skipping remainder of the config
[  143.839227][    T9] usb 4-1: config 14 has no interface number 0
[  143.844248][    T9] usb 4-1: config 14 interface 18 altsetting 180 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  143.848710][    T9] usb 4-1: config 14 interface 18 has no altsetting 0
[  143.964486][    T9] usb 4-1: New USB device found, idVendor=3980, idProduct=0003, bcdDevice=de.62
[  143.968208][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  143.970833][    T9] usb 4-1: Product: syz
[  143.972197][    T9] usb 4-1: Manufacturer: syz
[  143.973703][    T9] usb 4-1: SerialNumber: syz
[  144.231562][    T9] rtl8150 4-1:14.18: couldn't find required endpoints
[  144.235281][    T9] rtl8150 4-1:14.18: probe with driver rtl8150 failed with error -5
[  144.254361][    T9] usb 4-1: USB disconnect, device number 6
[  144.617629][ T7777] Set syz1 is full, maxelem 65536 reached
[  144.796109][ T7835] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  144.933230][ T7840] loop3: detected capacity change from 0 to 4096
[  144.942174][ T7840] ntfs3(loop3): Different NTFS sector size (2048) and media sector size (512).
[  144.962980][ T7840] ntfs3(loop3): try to read out of volume at offset 0x103000
[  144.967881][ T7840] ntfs3(loop3): Failed to load $Volume (-5).
[  146.100622][    T9] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  146.254260][    T9] usb 2-1: Using ep0 maxpacket: 16
[  146.258608][    T9] usb 2-1: config index 0 descriptor too short (expected 1051, got 27)
[  146.268855][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7
[  146.274275][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[  146.282177][    T9] usb 2-1: New USB device found, idVendor=06f8, idProduct=b000, bcdDevice=7d.f9
[  146.286419][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  146.289760][    T9] usb 2-1: Product: syz
[  146.292357][    T9] usb 2-1: Manufacturer: syz
[  146.294992][    T9] usb 2-1: SerialNumber: syz
[  146.308054][    T9] usb 2-1: config 0 descriptor??
[  146.521722][    T9] usb 2-1: USB disconnect, device number 9
[  148.129709][ T7890] loop1: detected capacity change from 0 to 512
[  148.163365][ T7890] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  148.168323][ T7890] ext4 filesystem being mounted at /220/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  148.190072][ T7890] EXT4-fs: can't change dax mount option while remounting
[  148.219081][ T5855] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  148.572269][ T7910] xt_socket: unknown flags 0xe4
[  148.961515][ T7929] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  148.963710][ T7929] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  148.973240][ T7929] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  148.977209][ T7929] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  148.979479][ T7929] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  148.984534][ T7929] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  148.988125][ T7929] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  148.994751][ T7929] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  148.998012][ T7929] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  149.100668][   T24] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  149.257856][   T24] usb 4-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  149.261547][   T47] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  149.264642][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  149.268066][   T24] usb 4-1: Product: syz
[  149.270262][   T24] usb 4-1: Manufacturer: syz
[  149.272557][   T24] usb 4-1: SerialNumber: syz
[  149.296334][   T24] usb 4-1: config 0 descriptor??
[  149.410643][   T47] usb 5-1: Using ep0 maxpacket: 32
[  149.414922][   T47] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  149.418060][   T47] usb 5-1: config 0 has no interface number 0
[  149.423847][   T47] usb 5-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  149.427586][   T47] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  149.431821][   T47] usb 5-1: Product: syz
[  149.433495][   T47] usb 5-1: Manufacturer: syz
[  149.435417][   T47] usb 5-1: SerialNumber: syz
[  149.442799][   T47] usb 5-1: config 0 descriptor??
[  149.452544][   T47] usb 5-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  149.455978][   T47] usb 5-1: selecting invalid altsetting 1
[  149.458339][   T47] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  149.469802][   T47] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  149.475873][   T47] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  149.479425][   T47] usb 5-1: media controller created
[  149.500301][   T47] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  149.509631][   T24] usb 4-1: USB disconnect, device number 7
[  149.654095][   T47] usb 5-1: DVB: registering adapter 1 frontend 0 (Zarlink ZL10353 DVB-T)...
[  149.654346][ T7936] loop1: detected capacity change from 0 to 32768
[  149.657643][   T47] dvbdev: dvb_create_media_entity: media entity 'Zarlink ZL10353 DVB-T' registered.
[  149.701939][   T47] DVB: Unable to find symbol mxl5005s_attach()
[  149.833927][ T7939] loop1: detected capacity change from 0 to 128
[  149.851807][ T7939] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  149.869798][   T47] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  149.906954][   T47] usb 5-1: USB disconnect, device number 3
[  150.435001][   T24] psmouse serio2: Failed to reset mouse on : -5
[  150.541717][  T793] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  150.700582][  T793] usb 2-1: Using ep0 maxpacket: 8
[  150.705210][  T793] usb 2-1: config 0 has an invalid interface number: 186 but max is 0
[  150.708720][  T793] usb 2-1: config 0 has no interface number 0
[  150.712472][  T793] usb 2-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  150.716931][  T793] usb 2-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A
[  150.722146][  T793] usb 2-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  150.726477][  T793] usb 2-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  150.735017][  T793] usb 2-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[  150.738719][  T793] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  150.742643][  T793] usb 2-1: Product: syz
[  150.744325][  T793] usb 2-1: Manufacturer: syz
[  150.746207][  T793] usb 2-1: SerialNumber: syz
[  150.753184][  T793] usb 2-1: config 0 descriptor??
[  150.979282][  T793] iowarrior 2-1:0.186: IOWarrior product=0x1505, serial= interface=186 now attached to iowarrior0
[  150.991452][ T5858] Bluetooth: hci1: command 0x0c1a tx timeout
[  150.991527][ T5853] Bluetooth: hci2: command 0x0c1a tx timeout
[  150.997599][ T5857] Bluetooth: hci0: command 0x0c1a tx timeout
[  151.261078][    C0] iowarrior 2-1:0.186: iowarrior_callback - usb_submit_urb failed with result -1
[  151.280115][  T793] usb 2-1: USB disconnect, device number 10
[  151.948567][ T7969] loop1: detected capacity change from 0 to 256
[  151.965656][ T7969] exFAT-fs (loop1): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x00949fb8, utbl_chksum : 0x7319d30d)
[  152.309890][ T7990] netlink: 8 bytes leftover after parsing attributes in process `syz.1.673'.
[  152.339887][ T7992] netlink: 'syz.1.674': attribute type 21 has an invalid length.
[  152.352978][ T7992] netlink: 132 bytes leftover after parsing attributes in process `syz.1.674'.
[  153.071697][ T5853] Bluetooth: hci2: command 0x0c1a tx timeout
[  153.073951][ T5857] Bluetooth: hci0: command 0x0c1a tx timeout
[  153.083540][ T5857] Bluetooth: hci1: command 0x0c1a tx timeout
[  153.525489][ T8007] loop4: detected capacity change from 0 to 2048
[  153.536116][ T8007] NILFS (loop4): invalid segment: Inconsistency found
[  153.539102][ T8007] NILFS (loop4): trying rollback from an earlier position
[  153.560244][ T8007] NILFS (loop4): recovery complete
[  153.571842][ T8009] loop1: detected capacity change from 0 to 16
[  153.587905][ T8009] erofs (device loop1): mounted with root inode @ nid 36.
[  153.840411][ T8013] loop4: detected capacity change from 0 to 32768
[  153.859443][ T8013] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  153.881514][ T8013] OCFS2: ERROR (device loop4): int ocfs2_reserve_suballoc_bits(struct ocfs2_super *, struct ocfs2_alloc_context *, int, u32, u64 *, int): Invalid chain allocator 74
[  153.887713][ T8013] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  153.900852][ T8013] OCFS2: Returning error to the calling process.
[  153.903018][ T8013] (syz.4.683,8013,1):ocfs2_reserve_suballoc_bits:856 ERROR: status = -5
[  153.906245][ T8013] (syz.4.683,8013,1):ocfs2_reserve_new_inode:1097 ERROR: status = -5
[  153.909374][ T8013] (syz.4.683,8013,1):ocfs2_reserve_new_inode:1120 ERROR: status = -5
[  153.927724][ T8013] (syz.4.683,8013,1):ocfs2_mknod:309 ERROR: status = -5
[  153.930033][ T8013] (syz.4.683,8013,1):ocfs2_mknod:505 ERROR: status = -5
[  153.932482][ T8013] (syz.4.683,8013,1):ocfs2_mkdir:661 ERROR: status = -5
[  153.955992][ T8015] loop1: detected capacity change from 0 to 40427
[  153.956583][ T6720] ocfs2: Unmounting device (7,4) on (node local)
[  153.963931][ T8015] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  153.966602][ T8015] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  154.066866][ T8015] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  154.074701][ T8015] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  154.077534][ T8015] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  154.240915][   T24] misc userio: Buffer overflowed, userio client isn't keeping up
[  154.449591][ T8031] loop1: detected capacity change from 0 to 256
[  154.475475][ T8031] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[  154.547706][ T8027] loop4: detected capacity change from 0 to 32768
[  154.558634][ T8027] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.688 (8027)
[  154.594165][ T8027] BTRFS info (device loop4): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  154.598197][ T8027] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm
[  154.605701][ T8033] loop1: detected capacity change from 0 to 4096
[  154.608742][ T8027] BTRFS info (device loop4): using free-space-tree
[  154.621303][ T8033] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512).
[  154.663789][ T8033] ntfs3(loop1): This driver is compiled without CONFIG_NTFS3_64BIT_CLUSTER (like windows driver).
[  154.663789][ T8033] Volume contains 64 bits run: vcn 0, lcn ffffe00000009000, len 13.
[  154.663789][ T8033] Activate CONFIG_NTFS3_64BIT_CLUSTER to process this case
[  154.681137][ T8033] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[  154.687101][ T8033] ntfs3(loop1): Failed to load $Secure (-95).
[  154.693374][ T8033] ntfs3(loop1): Failed to initialize $Secure (-95).
[  154.708822][   T33] audit: type=1800 audit(1755689980.249:10): pid=8027 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.688" name="file1" dev="loop4" ino=260 res=0 errno=0
[  155.151811][ T5857] Bluetooth: hci1: command 0x0c1a tx timeout
[  155.153834][ T5857] Bluetooth: hci0: command 0x0c1a tx timeout
[  155.155826][ T5857] Bluetooth: hci2: command 0x0c1a tx timeout
[  155.163067][ T6720] BTRFS info (device loop4): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  155.294757][   T24] input: PS/2 Generic Mouse as /devices/serio2/input/input8
[  155.513593][   T24] psmouse serio2: Failed to enable mouse on 
[  155.652053][ T8070] netlink: 8 bytes leftover after parsing attributes in process `syz.3.700'.
[  155.827276][ T8077] netlink: 12 bytes leftover after parsing attributes in process `syz.1.703'.
[  155.871194][ T8077] bridge1: port 1(veth0_to_bond) entered blocking state
[  155.876227][ T8077] bridge1: port 1(veth0_to_bond) entered disabled state
[  155.878781][ T8077] veth0_to_bond: entered allmulticast mode
[  155.891633][ T8077] veth0_to_bond: entered promiscuous mode
[  156.530990][   T24] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  156.555062][ T8109] random: crng reseeded on system resumption
[  156.692346][   T24] usb 4-1: Using ep0 maxpacket: 32
[  156.698763][   T24] usb 4-1: config 0 has an invalid interface number: 255 but max is 0
[  156.702569][   T24] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  156.706706][   T24] usb 4-1: config 0 has no interface number 0
[  156.709404][   T24] usb 4-1: config 0 interface 255 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0
[  156.715673][   T24] usb 4-1: config 0 interface 255 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0
[  156.719735][   T24] usb 4-1: config 0 interface 255 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  156.727502][   T24] usb 4-1: New USB device found, idVendor=0499, idProduct=152e, bcdDevice=b4.9a
[  156.735473][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  156.738051][   T24] usb 4-1: Product: syz
[  156.739573][   T24] usb 4-1: Manufacturer: syz
[  156.741189][   T24] usb 4-1: SerialNumber: syz
[  156.744766][   T24] usb 4-1: config 0 descriptor??
[  156.992297][   T24] usb 4-1: USB disconnect, device number 8
[  157.016206][ T6226] udevd[6226]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.255/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  157.618245][ T8130] loop3: detected capacity change from 0 to 512
[  157.635245][ T8130] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1)
[  157.826849][   T33] audit: type=1326 audit(1755689983.369:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8141 comm="syz.4.733" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f24f678ebe9 code=0x0
[  157.972783][ T8152] loop3: detected capacity change from 0 to 1024
[  157.999269][ T8152] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  158.006690][ T8152] EXT4-fs error (device loop3): ext4_xattr_set_entry:1660: inode #16: comm syz.3.738: corrupted xattr entries
[  158.015095][ T8152] EXT4-fs (loop3): Remounting filesystem read-only
[  158.309781][ T6540] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  159.210794][   T47] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  159.360701][   T47] usb 5-1: Using ep0 maxpacket: 32
[  159.365835][   T47] usb 5-1: config 0 interface 0 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  159.371710][   T47] usb 5-1: config 0 interface 0 has no altsetting 0
[  159.374364][   T47] usb 5-1: New USB device found, idVendor=1b1c, idProduct=1c09, bcdDevice= 0.00
[  159.377972][   T47] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  159.384247][   T47] usb 5-1: config 0 descriptor??
[  159.665971][ T8190] netlink: 'syz.3.754': attribute type 1 has an invalid length.
[  159.687055][ T8190] 8021q: adding VLAN 0 to HW filter on device bond1
[  159.716778][ T8190] bond1: (slave bridge1): making interface the new active one
[  159.720005][ T8190] bond1: (slave bridge1): Enslaving as an active interface with an up link
[  159.766490][ T8190] bond1: (slave vlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened)
[  159.814645][   T47] hid_parser_main: 1260 callbacks suppressed
[  159.814670][   T47] corsair-psu 0003:1B1C:1C09.0005: unknown main item tag 0x0
[  159.833915][   T47] corsair-psu 0003:1B1C:1C09.0005: unknown main item tag 0x0
[  159.836660][   T47] corsair-psu 0003:1B1C:1C09.0005: unknown main item tag 0x0
[  159.839214][   T47] corsair-psu 0003:1B1C:1C09.0005: unknown main item tag 0x0
[  159.843054][   T47] corsair-psu 0003:1B1C:1C09.0005: unknown main item tag 0x0
[  159.848394][   T47] corsair-psu 0003:1B1C:1C09.0005: hidraw0: USB HID v4.08 Device [HID 1b1c:1c09] on usb-dummy_hcd.4-1/input0
[  159.910919][   T47] corsair-psu 0003:1B1C:1C09.0005: unable to initialize device (-38)
[  159.922761][   T47] corsair-psu 0003:1B1C:1C09.0005: probe with driver corsair-psu failed with error -38
[  160.004929][ T8193] loop1: detected capacity change from 0 to 32768
[  160.073040][ T5913] usb 5-1: USB disconnect, device number 4
[  160.709168][ T8198] loop1: detected capacity change from 0 to 32768
[  160.753079][ T8198]  loop1: p9 p11 p16
[  160.811219][ T5859] udevd[5859]: inotify_add_watch(7, /dev/loop1p16, 10) failed: No such file or directory
[  160.822322][ T6534] udevd[6534]: inotify_add_watch(7, /dev/loop1p11, 10) failed: No such file or directory
[  160.881771][ T8206] program syz.1.760 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  160.920328][ T8208] sctp: [Deprecated]: syz.4.759 (pid 8208) Use of int in maxseg socket option.
[  160.920328][ T8208] Use struct sctp_assoc_value instead
[  160.924888][ T6226] udevd[6226]: inotify_add_watch(7, /dev/loop1p9, 10) failed: No such file or directory
[  160.973843][ T6534] udevd[6534]: inotify_add_watch(7, /dev/loop1p16, 10) failed: No such file or directory
[  160.976427][ T6226] udevd[6226]: inotify_add_watch(7, /dev/loop1p11, 10) failed: No such file or directory
[  160.980212][ T5859] udevd[5859]: inotify_add_watch(7, /dev/loop1p9, 10) failed: No such file or directory
[  161.051299][ T8216] loop1: detected capacity change from 0 to 512
[  161.065178][ T8216] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  161.090789][ T8216] EXT4-fs (loop1): blocks per group (64) and clusters per group (32768) inconsistent
[  162.296185][ T8252] netlink: 116 bytes leftover after parsing attributes in process `syz.3.775'.
[  162.559479][ T8250] loop4: detected capacity change from 0 to 32768
[  162.572678][ T8250] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.774 (8250)
[  162.649836][ T8250] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  162.671918][ T8250] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm
[  162.675028][ T8250] BTRFS info (device loop4): disk space caching is enabled
[  162.677467][ T8250] BTRFS warning (device loop4): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  162.719972][ T8264] loop3: detected capacity change from 0 to 8192
[  163.014455][ T8250] BTRFS info (device loop4): rebuilding free space tree
[  163.044115][ T8250] BTRFS info (device loop4): disabling free space tree
[  163.058751][ T8250] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  163.079165][ T8250] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  163.470201][ T8297] netlink: 'syz.3.780': attribute type 1 has an invalid length.
[  163.535192][ T6720] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  163.880658][ T5913] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  164.050858][ T5913] usb 4-1: Using ep0 maxpacket: 8
[  164.061760][ T5913] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[  164.065937][ T5913] usb 4-1: config 179 has no interface number 0
[  164.069578][ T5913] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[  164.089443][ T5913] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[  164.116922][ T5913] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  164.127576][ T5913] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0
[  164.145686][ T5913] usb 4-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  164.163648][ T5913] usb 4-1: config 179 interface 65 has no altsetting 0
[  164.169403][ T5913] usb 4-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  164.175498][ T5913] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  164.186843][ T8317] loop1: detected capacity change from 0 to 2048
[  164.239401][ T8317] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  164.243497][ T5913] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input9
[  164.255129][ T8317] ext4 filesystem being mounted at /275/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  164.345099][ T5855] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  164.404657][ T5913] usb 4-1: USB disconnect, device number 9
[  164.407270][    C0] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  164.710919][   T24] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  164.870801][   T24] usb 5-1: Using ep0 maxpacket: 32
[  164.875597][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  164.885991][   T24] usb 5-1: New USB device found, idVendor=0c72, idProduct=0011, bcdDevice= 9.75
[  164.889715][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  164.900687][   T24] usb 5-1: Product: syz
[  164.902477][   T24] usb 5-1: Manufacturer: syz
[  164.904453][   T24] usb 5-1: SerialNumber: syz
[  164.921589][   T24] usb 5-1: config 0 descriptor??
[  164.944273][ T8349] netlink: 'syz.1.803': attribute type 5 has an invalid length.
[  164.947433][ T8349] netlink: 'syz.1.803': attribute type 5 has an invalid length.
[  164.951287][ T8349] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.803'.
[  165.011970][ T8353] loop3: detected capacity change from 0 to 256
[  165.029142][ T8353] FAT-fs (loop3): Directory bread(block 64) failed
[  165.032723][ T8353] FAT-fs (loop3): Directory bread(block 65) failed
[  165.035457][ T8353] FAT-fs (loop3): Directory bread(block 66) failed
[  165.037930][ T8353] FAT-fs (loop3): Directory bread(block 67) failed
[  165.040139][ T8353] FAT-fs (loop3): Directory bread(block 68) failed
[  165.042678][ T8353] FAT-fs (loop3): Directory bread(block 69) failed
[  165.045064][ T8353] FAT-fs (loop3): Directory bread(block 70) failed
[  165.047760][ T8353] FAT-fs (loop3): Directory bread(block 71) failed
[  165.050371][ T8353] FAT-fs (loop3): Directory bread(block 72) failed
[  165.054977][ T8353] FAT-fs (loop3): Directory bread(block 73) failed
[  165.142322][   T47] usb 5-1: USB disconnect, device number 5
[  165.241887][   T24] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  165.393063][   T24] usb 2-1: Using ep0 maxpacket: 8
[  165.404557][   T24] usb 2-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[  165.408492][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  165.412518][   T24] usb 2-1: Product: syz
[  165.414242][   T24] usb 2-1: Manufacturer: syz
[  165.416158][   T24] usb 2-1: SerialNumber: syz
[  165.423363][   T24] usb 2-1: config 0 descriptor??
[  165.428479][   T24] gspca_main: sonixj-2.14.0 probing 0c45:613a
[  165.595854][ T8363] delete_channel: no stack
[  166.123906][   T33] audit: type=1326 audit(1755689991.669:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8377 comm="syz.4.812" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f24f678ebe9 code=0x0
[  166.278154][ T8381] loop3: detected capacity change from 0 to 512
[  166.284661][ T8381] EXT4-fs: Ignoring removed oldalloc option
[  166.317894][ T8381] EXT4-fs error (device loop3): ext4_xattr_inode_iget:433: comm syz.3.813: Parent and EA inode have the same ino 15
[  166.338024][ T8381] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  166.344841][ T8381] EXT4-fs error (device loop3): ext4_xattr_inode_iget:433: comm syz.3.813: Parent and EA inode have the same ino 15
[  166.355905][ T8381] EXT4-fs (loop3): 1 orphan inode deleted
[  166.360389][ T8381] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  166.377653][ T8381] EXT4-fs warning (device loop3): __ext4_unlink:3282: inode #15: comm syz.3.813: Deleting file 'file1' with no links
[  166.406517][ T6540] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  166.640361][ T5879] usb 2-1: USB disconnect, device number 11
[  166.890314][ T8408] _Z`Ԁ@: entered promiscuous mode
[  167.018581][ T5853] Bluetooth: hci0: ACL packet for unknown connection handle 200
[  167.311088][ T5879] usb 4-1: new full-speed USB device number 10 using dummy_hcd
[  167.464317][ T5879] usb 4-1: config 6 has an invalid interface number: 2 but max is 0
[  167.467557][ T5879] usb 4-1: config 6 has no interface number 0
[  167.470117][ T5879] usb 4-1: config 6 interface 2 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  167.475324][ T5879] usb 4-1: config 6 interface 2 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  167.479699][ T5879] usb 4-1: config 6 interface 2 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  167.484302][ T5879] usb 4-1: config 6 interface 2 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  167.490951][ T5879] usb 4-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[  167.494430][ T5879] usb 4-1: New USB device strings: Mfr=17, Product=2, SerialNumber=3
[  167.497514][ T5879] usb 4-1: Product: syz
[  167.499177][ T5879] usb 4-1: Manufacturer: syz
[  167.502409][ T5879] usb 4-1: SerialNumber: syz
[  167.509834][ T8437] nr0: tun_chr_ioctl cmd 1074554389
[  167.529930][ T5879] hso 4-1:6.2: Failed to find BULK IN ep
[  167.702800][ T8443] netlink: 'syz.1.836': attribute type 2 has an invalid length.
[  167.705973][ T8443] netlink: 'syz.1.836': attribute type 1 has an invalid length.
[  167.730414][   T24] usb 4-1: USB disconnect, device number 10
[  167.743291][ T5853] Bluetooth: hci1: ACL packet for unknown connection handle 201
[  167.747259][ T5853] Bluetooth: hci1: ACL packet for unknown connection handle 201
[  168.386503][ T8454] loop3: detected capacity change from 0 to 512
[  168.400859][ T8454] EXT4-fs: Ignoring removed bh option
[  168.406734][ T8454] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  168.487079][ T8454] EXT4-fs (loop3): 1 truncate cleaned up
[  168.492255][ T8454] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  168.849506][ T8463] lo speed is unknown, defaulting to 1000
[  168.852695][ T8463] lo speed is unknown, defaulting to 1000
[  168.867557][ T8463] lo speed is unknown, defaulting to 1000
[  168.957220][ T8463] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  168.974646][ T8463] lo speed is unknown, defaulting to 1000
[  168.977364][ T8463] lo speed is unknown, defaulting to 1000
[  168.980280][ T8463] lo speed is unknown, defaulting to 1000
[  169.229046][ T6540] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  169.233598][   T33] audit: type=1326 audit(1755689994.779:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8470 comm="syz.4.848" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f24f678ebe9 code=0x0
[  169.483544][ T8483] netlink: 64 bytes leftover after parsing attributes in process `syz.3.853'.
[  169.487152][ T8483] netlink: 64 bytes leftover after parsing attributes in process `syz.3.853'.
[  169.607835][ T8489] loop3: detected capacity change from 0 to 512
[  169.640380][ T8489] Quota error (device loop3): v2_read_file_info: Free block number 1 out of range (1, 6).
[  169.657736][ T8489] EXT4-fs warning (device loop3): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  169.684915][ T8489] EXT4-fs (loop3): mount failed
[  170.240657][   T24] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  170.395379][   T24] usb 5-1: config 0 has an invalid interface number: 84 but max is 0
[  170.398652][   T24] usb 5-1: config 0 has an invalid interface number: 66 but max is 0
[  170.402716][   T24] usb 5-1: config 0 has 2 interfaces, different from the descriptor's value: 1
[  170.408702][   T24] usb 5-1: config 0 has no interface number 0
[  170.411858][   T24] usb 5-1: config 0 has no interface number 1
[  170.414432][   T24] usb 5-1: config 0 interface 84 altsetting 0 endpoint 0x4 has invalid maxpacket 1560, setting to 64
[  170.418780][   T24] usb 5-1: config 0 interface 84 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  170.430581][   T24] usb 5-1: too many endpoints for config 0 interface 66 altsetting 153: 216, using maximum allowed: 30
[  170.434074][   T24] usb 5-1: config 0 interface 66 altsetting 153 bulk endpoint 0x5 has invalid maxpacket 32
[  170.437675][   T24] usb 5-1: config 0 interface 66 altsetting 153 has an endpoint descriptor with address 0x12, changing to 0x2
[  170.447346][   T24] usb 5-1: config 0 interface 66 altsetting 153 has an endpoint descriptor with address 0xE6, changing to 0x86
[  170.454321][   T24] usb 5-1: config 0 interface 66 altsetting 153 endpoint 0x86 has invalid maxpacket 34869, setting to 1024
[  170.461721][   T24] usb 5-1: config 0 interface 66 altsetting 153 bulk endpoint 0x86 has invalid maxpacket 1024
[  170.465811][   T24] usb 5-1: config 0 interface 66 altsetting 153 has 3 endpoint descriptors, different from the interface descriptor's value: 216
[  170.478145][   T24] usb 5-1: config 0 interface 66 has no altsetting 0
[  170.572388][   T24] usb 5-1: New USB device found, idVendor=8086, idProduct=0b63, bcdDevice=ca.f3
[  170.576086][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  170.579291][   T24] usb 5-1: Product: syz
[  170.584890][   T24] usb 5-1: Manufacturer: syz
[  170.586776][   T24] usb 5-1: SerialNumber: syz
[  170.599881][   T24] usb 5-1: config 0 descriptor??
[  170.636869][   T24] ljca 5-1:0.84: bulk endpoints not found
[  170.840114][   T24] ljca 5-1:0.66: probe with driver ljca failed with error -71
[  170.857481][   T24] usb 5-1: USB disconnect, device number 6
[  171.962942][ T8552] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.879'.
[  172.589651][ T8576] netlink: 8 bytes leftover after parsing attributes in process `syz.1.889'.
[  172.780142][ T8581] syz_tun: entered allmulticast mode
[  172.789914][ T8580] syz_tun: left allmulticast mode
[  172.905999][ T8590] loop1: detected capacity change from 0 to 256
[  173.002783][ T8591] RDS: rds_bind could not find a transport for fe80::bb, load rds_tcp or rds_rdma?
[  173.020205][   T33] audit: type=1800 audit(1755689998.559:14): pid=8591 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.895" name="file1" dev="loop1" ino=1048628 res=0 errno=0
[  173.238845][ T8586] loop3: detected capacity change from 0 to 32768
[  173.247342][ T8586] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.892 (8586)
[  173.263924][ T8586] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  173.269517][ T8586] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  173.281121][ T8586] BTRFS info (device loop3): using free-space-tree
[  173.585841][ T6540] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  174.174507][ T8615] loop4: detected capacity change from 0 to 1024
[  174.202380][ T8615] EXT4-fs: Ignoring removed bh option
[  174.298240][ T8615] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  174.379065][ T8615] EXT4-fs error (device loop4): ext4_xattr_inode_iget:437: comm syz.4.899: inode #6: comm syz.4.899: iget: illegal inode #
[  174.386798][ T8615] EXT4-fs (loop4): Remounting filesystem read-only
[  174.390222][ T8615] EXT4-fs warning (device loop4): ext4_xattr_block_set:2190: inode #19: comm syz.4.899: dec ref error=-30
[  174.441404][ T6720] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  174.567356][ T8613] loop3: detected capacity change from 0 to 32768
[  174.567367][ T8622] program syz.4.900 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  174.617200][ T8613] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  174.644178][ T8620] 9pnet: bogus RWRITE count (2 > 1)
[  174.685301][ T8634] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  174.709773][ T8613] XFS (loop3): Ending clean mount
[  174.733612][ T8613] XFS (loop3): Quotacheck needed: Please wait.
[  174.789115][ T8613] XFS (loop3): Quotacheck: Done.
[  174.956042][ T6540] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  175.158585][   T33] audit: type=1326 audit(1755690000.699:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8651 comm="syz.4.913" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24f678ebe9 code=0x7ffc0000
[  175.198560][   T33] audit: type=1326 audit(1755690000.699:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8651 comm="syz.4.913" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24f678ebe9 code=0x7ffc0000
[  175.209114][   T33] audit: type=1326 audit(1755690000.699:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8651 comm="syz.4.913" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f24f678ebe9 code=0x7ffc0000
[  175.228950][   T33] audit: type=1326 audit(1755690000.699:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8651 comm="syz.4.913" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24f678ebe9 code=0x7ffc0000
[  175.253459][   T33] audit: type=1326 audit(1755690000.699:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8651 comm="syz.4.913" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24f678ebe9 code=0x7ffc0000
[  175.280777][   T33] audit: type=1326 audit(1755690000.699:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8651 comm="syz.4.913" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f24f678ebe9 code=0x7ffc0000
[  175.288818][   T33] audit: type=1326 audit(1755690000.699:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8651 comm="syz.4.913" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24f678ebe9 code=0x7ffc0000
[  175.317981][   T33] audit: type=1326 audit(1755690000.699:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8651 comm="syz.4.913" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f24f678ebe9 code=0x7ffc0000
[  175.326798][   T33] audit: type=1326 audit(1755690000.709:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8651 comm="syz.4.913" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24f678ebe9 code=0x7ffc0000
[  175.353298][ T8658] netlink: 104 bytes leftover after parsing attributes in process `syz.4.914'.
[  175.964914][ T8691] loop3: detected capacity change from 0 to 1764
[  175.998495][ T8691] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[  176.812717][ T8693] loop1: detected capacity change from 0 to 32768
[  176.819785][ T8693] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.930 (8693)
[  176.862141][ T8693] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  176.866216][ T8693] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[  176.886520][ T8706] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  176.886520][ T8706] The task syz.4.932 (8706) triggered the difference, watch for misbehavior.
[  176.931716][ T8693] BTRFS info (device loop1): rebuilding free space tree
[  176.945661][ T8693] BTRFS info (device loop1): disabling free space tree
[  176.948097][ T8693] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  176.953411][ T8693] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  176.989293][ T8719] loop3: detected capacity change from 0 to 4096
[  177.006693][ T8719] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  177.086389][ T6540] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  177.127308][ T5855] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  177.405120][ T8729] loop1: detected capacity change from 0 to 1024
[  177.458746][ T8729] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3)
[  177.461452][ T8729] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  177.497190][ T8729] vhci_hcd vhci_hcd.0: Device attached
[  177.895205][ T6030] usb 35-1: new high-speed USB device number 2 using vhci_hcd
[  178.420398][ T8730] vhci_hcd: connection reset by peer
[  178.435634][ T5878] vhci_hcd: stop threads
[  178.536308][ T8742] ALSA: mixer_oss: invalid OSS volume 'A141=wVe]'
[  178.539232][ T8742] ALSA: mixer_oss: invalid OSS volume 'ұB;T`@$EcXMYd,'
[  178.569092][ T5878] vhci_hcd: release socket
[  178.598179][ T5878] vhci_hcd: disconnect device
[  178.602821][ T8742] ALSA: mixer_oss: invalid OSS volume 'b@h#'
[  178.612263][ T8742] ALSA: mixer_oss: invalid OSS volume 'h4XS4v=0_>&'
[  178.621326][ T8742] ALSA: mixer_oss: invalid OSS volume '|/"tj'
[  178.625843][ T8742] ALSA: mixer_oss: invalid OSS volume '-z5c^J6$'
[  178.634112][ T8742] ALSA: mixer_oss: invalid OSS volume '0Ty󉴪jP&at'
[  178.643143][ T8742] ALSA: mixer_oss: invalid OSS volume '|~\'
[  178.647818][ T8742] ALSA: mixer_oss: invalid OSS volume '@^3bɜ}G$#\("/oL'
[  178.662844][ T8742] ALSA: mixer_oss: invalid OSS volume ''
[  179.058531][ T8747] loop4: detected capacity change from 0 to 32768
[  179.084546][ T8747] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  179.126115][ T8747] XFS (loop4): Ending clean mount
[  179.130384][ T8747] XFS (loop4): Quotacheck needed: Please wait.
[  179.192962][ T8747] XFS (loop4): Quotacheck: Done.
[  179.232154][ T6720] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  180.771230][ T8765] unknown channel width for channel at 909000KHz?
[  181.337947][ T8784] loop3: detected capacity change from 0 to 64
[  181.353785][ T8784] MINIX-fs: file system does not have enough zmap blocks allocated.  Refusing to mount.
[  181.357973][ T8784] MINIX-fs: bad superblock or unable to read bitmaps
[  181.660605][   T24] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  181.700770][  T793] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  181.743304][ T8792] loop1: detected capacity change from 0 to 16
[  181.759529][ T8792] erofs (device loop1): mounted with root inode @ nid 36.
[  181.810888][   T24] usb 4-1: Using ep0 maxpacket: 32
[  181.821920][   T24] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  181.825537][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  181.835474][   T24] usb 4-1: config 0 descriptor??
[  181.860656][  T793] usb 5-1: Using ep0 maxpacket: 16
[  181.867700][  T793] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  181.880542][  T793] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  181.883663][  T793] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  181.887664][  T793] usb 5-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00
[  181.890440][  T793] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  181.903066][  T793] usb 5-1: config 0 descriptor??
[  181.912915][  T793] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input10
[  181.931845][ T5281] pxrc 5-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  181.944471][ T5281] pxrc 5-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  181.953701][ T5281] pxrc 5-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  181.980231][ T5281] pxrc 5-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  181.988181][ T6534] pxrc 5-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  181.993796][ T5281] pxrc 5-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  182.005986][ T5281] pxrc 5-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  182.014431][ T5281] pxrc 5-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  182.041233][   T24] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  182.048697][   T24] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  182.052945][   T24] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  182.055746][   T24] usb 4-1: media controller created
[  182.071607][   T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  182.111166][  T793] usb 5-1: USB disconnect, device number 7
[  182.133309][ T8796] loop1: detected capacity change from 0 to 32768
[  182.209163][ T8796] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names
[  182.209179][ T8796]   allowing incompatible features above 0.0: (unknown version)
[  182.209185][ T8796]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  182.224955][ T8796] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0
[  182.228219][ T8796] bcachefs (loop1): initializing new filesystem
[  182.238638][ T8796] bcachefs (loop1): going read-write
[  182.248116][   T24] az6027: usb out operation failed. (-71)
[  182.252743][   T24] az6027: usb out operation failed. (-71)
[  182.256003][   T24] stb0899_attach: Driver disabled by Kconfig
[  182.258435][   T24] az6027: no front-end attached
[  182.258435][   T24] 
[  182.261755][ T8796] bcachefs (loop1): marking superblocks
[  182.264512][   T24] az6027: usb out operation failed. (-71)
[  182.266847][   T24] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  182.273130][   T24] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input11
[  182.287013][   T24] dvb-usb: schedule remote query interval to 400 msecs.
[  182.290002][   T24] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  182.302329][   T24] usb 4-1: USB disconnect, device number 11
[  182.322208][ T8796] bcachefs (loop1): initializing freespace
[  182.341641][ T8796] bcachefs (loop1): done initializing freespace
[  182.358354][ T8796] bcachefs (loop1): reading snapshots table
[  182.368925][ T8796] bcachefs (loop1): reading snapshots done
[  182.373054][   T24] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  182.418275][ T8796] bcachefs (loop1): done starting filesystem
[  182.510183][ T8796] syz.1.960 (8796) used greatest stack depth: 16984 bytes left
[  182.526567][ T5855] bcachefs (loop1): shutting down
[  182.528941][ T5855] bcachefs (loop1): going read-only
[  182.534166][ T5855] bcachefs (loop1): finished waiting for writes to stop
[  182.540302][ T5855] bcachefs (loop1): flushing journal and stopping allocators, journal seq 2
[  182.595000][ T5855] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 3
[  182.603411][ T5855] bcachefs (loop1): clean shutdown complete, journal seq 4
[  182.607263][ T5855] bcachefs (loop1): marking filesystem clean
[  182.666059][ T5855] bcachefs (loop1): shutdown complete
[  182.981942][ T8810] loop4: detected capacity change from 0 to 32768
[  183.000396][ T8810] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.962 (8810)
[  183.049775][ T8810] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  183.059265][ T8810] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm
[  183.070705][ T8810] BTRFS info (device loop4): disk space caching is enabled
[  183.073522][ T8810] BTRFS warning (device loop4): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  183.087145][ T8818] loop3: detected capacity change from 0 to 2048
[  183.093839][ T6030] vhci_hcd: vhci_device speed not set
[  183.137417][ T8818]  loop3: p3 < > p4 < >
[  183.139249][ T8818] loop3: partition table partially beyond EOD, truncated
[  183.151970][ T8818] loop3: p3 start 4284289 is beyond EOD, truncated
[  183.291824][ T8810] BTRFS info (device loop4): rebuilding free space tree
[  183.306055][ T8810] BTRFS info (device loop4): disabling free space tree
[  183.308852][ T8810] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  183.313238][ T8810] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  183.768946][ T6720] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  184.086990][ T8844] netlink: 'syz.3.969': attribute type 4 has an invalid length.
[  184.240750][ T8848] loop3: detected capacity change from 0 to 4096
[  184.246324][ T8848] ntfs3(loop3): Primary boot: unsupported bytes per index 8192.
[  184.269787][ T8848] ntfs3(loop3): try to read out of volume at offset 0x1ffe00
[  184.530005][ T8862] loop1: detected capacity change from 0 to 4096
[  184.558785][ T8863] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  184.594322][   T33] kauditd_printk_skb: 13 callbacks suppressed
[  184.594340][   T33] audit: type=1800 audit(1755690010.139:37): pid=8862 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.961" name="file1" dev="loop1" ino=15 res=0 errno=0
[  184.746747][ T8860] loop4: detected capacity change from 0 to 32768
[  184.768176][ T8860] (syz.4.976,8860,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  184.777190][ T8860] (syz.4.976,8860,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  184.795026][ T8860] JBD2: Ignoring recovery information on journal
[  184.831359][ T8860] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  184.932511][ T6720] ocfs2: Unmounting device (7,4) on (node local)
[  185.096150][ T8868] overlayfs: failed to create directory ./bus/work (errno: 17); mounting read-only
[  185.100411][ T8868] overlayfs: fs on '.' does not support file handles, falling back to index=off,nfs_export=off.
[  185.592026][ T8877] netlink: 4 bytes leftover after parsing attributes in process `syz.3.981'.
[  186.826339][ T8910] netlink: 8 bytes leftover after parsing attributes in process `syz.4.992'.
[  186.828839][ T8891] loop3: detected capacity change from 0 to 32768
[  186.896769][   T33] audit: type=1326 audit(1755690012.439:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8913 comm="syz.1.994" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d6538ebe9 code=0x7ffc0000
[  186.950612][   T33] audit: type=1326 audit(1755690012.439:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8913 comm="syz.1.994" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d6538ebe9 code=0x7ffc0000
[  187.003930][ T8891] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  187.007411][   T33] audit: type=1326 audit(1755690012.459:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8913 comm="syz.1.994" exe="/syz-executor" sig=0 arch=c000003e syscall=93 compat=0 ip=0x7f2d6538ebe9 code=0x7ffc0000
[  187.017746][   T33] audit: type=1326 audit(1755690012.459:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8913 comm="syz.1.994" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d6538ebe9 code=0x7ffc0000
[  187.326448][   T33] audit: type=1326 audit(1755690012.459:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8913 comm="syz.1.994" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d6538ebe9 code=0x7ffc0000
[  187.332818][ T8891] XFS (loop3): Ending clean mount
[  187.338307][ T8891] XFS (loop3): Quotacheck needed: Please wait.
[  187.364728][ T8891] XFS (loop3): Quotacheck: Done.
[  187.387130][ T6540] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  187.427307][ T8932] netlink: 'syz.1.999': attribute type 1 has an invalid length.
[  187.433793][ T8932] netlink: 216 bytes leftover after parsing attributes in process `syz.1.999'.
[  187.599664][ T8940] loop1: detected capacity change from 0 to 512
[  187.640047][ T8940] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  187.645347][ T8940] ext4 filesystem being mounted at /346/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  187.810194][ T8946] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  187.818451][ T8946] CIFS mount error: No usable UNC path provided in device string!
[  187.818451][ T8946] 
[  187.822115][ T8946] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  188.014528][ T5855] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  188.142623][ T8948] loop4: detected capacity change from 0 to 32768
[  188.146584][ T8948] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1003 (8948)
[  188.160556][ T8948] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  188.168443][ T8948] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm
[  188.177668][ T8948] BTRFS info (device loop4): disk space caching is enabled
[  188.185476][ T8952] Set syz1 is full, maxelem 65536 reached
[  188.188012][ T8948] BTRFS warning (device loop4): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  188.266473][ T8948] BTRFS info (device loop4): rebuilding free space tree
[  188.282588][ T8948] BTRFS info (device loop4): disabling free space tree
[  188.285965][ T8948] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  188.294122][ T8948] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  188.445222][ T6720] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  188.688396][ T8990] loop3: detected capacity change from 0 to 764
[  188.726897][ T8990] rock: directory entry would overflow storage
[  188.728833][ T8990] rock: sig=0x5245, size=8, remaining=5
[  188.821693][ T8996] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1018'.
[  188.826934][ T8996] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1018'.
[  188.831767][ T8996] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1018'.
[  188.834643][ T8996] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1018'.
[  188.941077][ T6030] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  189.019319][ T8999] loop3: detected capacity change from 0 to 32768
[  189.028346][ T8999] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1019 (8999)
[  189.039238][ T8999] BTRFS info (device loop3): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  189.042578][ T8999] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm
[  189.045675][ T8999] BTRFS info (device loop3): using free-space-tree
[  189.050779][ T5879] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  189.090586][ T6030] usb 2-1: Using ep0 maxpacket: 8
[  189.102775][ T6030] usb 2-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00
[  189.109389][ T6030] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  189.114429][ T6030] usb 2-1: Product: syz
[  189.116332][ T6030] usb 2-1: Manufacturer: syz
[  189.118909][ T6030] usb 2-1: SerialNumber: syz
[  189.125819][ T6030] usb 2-1: config 0 descriptor??
[  189.140542][ T6030] radio-usb-si4713 2-1:0.0: Si4713 development board discovered: (10C4:8244)
[  189.191285][ T6540] BTRFS info (device loop3): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  189.202082][ T5879] usb 5-1: Using ep0 maxpacket: 8
[  189.218786][ T5879] usb 5-1: unable to get BOS descriptor or descriptor too short
[  189.233446][ T5879] usb 5-1: config 6 has an invalid interface number: 70 but max is 0
[  189.237711][ T5879] usb 5-1: config 6 has no interface number 0
[  189.240205][ T5879] usb 5-1: config 6 interface 70 altsetting 118 has an endpoint descriptor with address 0x29, changing to 0x9
[  189.255874][ T5879] usb 5-1: config 6 interface 70 altsetting 118 endpoint 0x9 has invalid wMaxPacketSize 0
[  189.260301][ T5879] usb 5-1: config 6 interface 70 has no altsetting 0
[  189.278379][ T5879] usb 5-1: New USB device found, idVendor=1ae7, idProduct=0525, bcdDevice=63.7b
[  189.287835][ T5879] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  189.290412][ T5879] usb 5-1: Product: syz
[  189.293197][ T5879] usb 5-1: Manufacturer: syz
[  189.294852][ T5879] usb 5-1: SerialNumber: syz
[  189.521347][ T5879] HFC-S_USB 5-1:6.70: probe with driver HFC-S_USB failed with error -5
[  189.537466][ T5879] usb 5-1: USB disconnect, device number 8
[  189.689463][ T9018] loop3: detected capacity change from 0 to 32768
[  189.695658][ T9018] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1020 (9018)
[  189.706631][ T9018] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  189.712854][ T9018] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  189.716515][ T9018] BTRFS info (device loop3): using free-space-tree
[  189.750727][ T6030] radio-usb-si4713 2-1:0.0: probe with driver radio-usb-si4713 failed with error -71
[  189.755103][ T6030] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  189.768770][ T6030] usb 2-1: USB disconnect, device number 12
[  189.816378][ T9018] BTRFS info (device loop3): rebuilding free space tree
[  189.828146][ T9018] BTRFS info (device loop3): checking UUID tree
[  189.861162][   T33] audit: type=1804 audit(1755690015.409:43): pid=9018 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1020" name="/newroot/205/bus/bus" dev="loop3" ino=263 res=1 errno=0
[  190.083130][ T6540] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  190.297815][ T9040] loop3: detected capacity change from 0 to 128
[  190.403960][ T9044] loop1: detected capacity change from 0 to 1764
[  190.542585][ T9051] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1028'.
[  190.598062][ T9054] loop1: detected capacity change from 0 to 8
[  190.647338][ T9054] SQUASHFS error: xz decompression failed, data probably corrupt
[  190.673747][ T9054] SQUASHFS error: Failed to read block 0x108: -5
[  190.676368][ T9054] SQUASHFS error: Unable to read metadata cache entry [106]
[  190.679275][ T9054] SQUASHFS error: Unable to read inode 0x11f
[  190.848343][ T9064] veth3: entered promiscuous mode
[  191.251727][ T9084] loop4: detected capacity change from 0 to 16
[  191.396206][  T793] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  191.570573][  T793] usb 2-1: Using ep0 maxpacket: 16
[  191.589242][  T793] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  191.594029][  T793] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  191.597105][  T793] usb 2-1: Product: syz
[  191.599463][  T793] usb 2-1: Manufacturer: syz
[  191.606231][  T793] usb 2-1: SerialNumber: syz
[  191.617473][  T793] r8152-cfgselector 2-1: Unknown version 0x0000
[  191.620061][  T793] r8152-cfgselector 2-1: config 0 descriptor??
[  192.103212][  T793] r8152-cfgselector 2-1: USB disconnect, device number 13
[  192.828545][ T9117] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  192.920671][  T793] usb 2-1: new low-speed USB device number 14 using dummy_hcd
[  193.096344][  T793] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  193.099825][  T793] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  193.106733][  T793] usb 2-1: string descriptor 0 read error: -22
[  193.109239][  T793] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  193.115044][  T793] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  193.122744][  T793] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  193.124951][  T793] usb 2-1: MIDIStreaming interface descriptor not found
[  193.271835][ T9125] loop4: detected capacity change from 0 to 32768
[  193.286038][ T9125] 
[  193.286038][ T9125]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  193.286038][ T9125] 
[  193.342328][ T6030] usb 2-1: USB disconnect, device number 14
[  193.390803][ T9125] blkno = 0, nblocks = 40
[  193.392806][ T9125] ERROR: (device loop4): dbFree: block to be freed is outside the map
[  193.392806][ T9125] 
[  193.423159][ T6720] 
[  193.423159][ T6720]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  193.423159][ T6720] 
[  193.427965][ T6720] 
[  193.427965][ T6720]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  193.427965][ T6720] 
[  193.723942][ T9128] loop4: detected capacity change from 0 to 32768
[  193.739415][ T9128] JBD2: Ignoring recovery information on journal
[  193.774577][ T9128] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  193.829511][ T6720] ocfs2: Unmounting device (7,4) on (node local)
[  193.882825][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[  193.885297][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[  193.940210][ T9139] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  194.838063][ T9159] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1075'.
[  194.844725][ T9159] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  194.922416][ T9159] batman_adv: batadv0: Removing interface: batadv_slave_1
[  195.170793][  T793] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  195.342495][  T793] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  195.350720][  T793] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  195.363123][  T793] usb 5-1: too many endpoints for config 1 interface 1 altsetting 145: 217, using maximum allowed: 30
[  195.370121][  T793] usb 5-1: config 1 interface 1 altsetting 145 has 0 endpoint descriptors, different from the interface descriptor's value: 217
[  195.378297][  T793] usb 5-1: config 1 interface 1 has no altsetting 0
[  195.391120][  T793] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  195.394839][  T793] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  195.398031][  T793] usb 5-1: Product: syz
[  195.400786][  T793] usb 5-1: Manufacturer: syz
[  195.402627][  T793] usb 5-1: SerialNumber: syz
[  195.501781][  T793] cdc_acm 5-1:1.0: probe with driver cdc_acm failed with error -22
[  195.720611][  T793] usb 5-1: USB disconnect, device number 9
[  195.745489][ T9190] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1090'.
[  196.051924][ T9192] loop1: detected capacity change from 0 to 32768
[  196.059557][ T9192] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1091 (9192)
[  196.071189][ T9192] BTRFS info (device loop1): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  196.075263][ T9192] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm
[  196.079187][ T9192] BTRFS info (device loop1): using free-space-tree
[  196.130245][ T9192] BTRFS error (device loop1 state M): ignoresuperflags must be used with ro mount option
[  196.156820][ T5855] BTRFS info (device loop1 state M): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  196.265461][ T9212] netlink: 'syz.1.1093': attribute type 21 has an invalid length.
[  196.268737][ T9212] netlink: 'syz.1.1093': attribute type 4 has an invalid length.
[  196.644639][ T9230] netlink: 'syz.1.1102': attribute type 29 has an invalid length.
[  196.668685][ T9230] netlink: 'syz.1.1102': attribute type 29 has an invalid length.
[  196.862940][ T9244] loop3: detected capacity change from 0 to 256
[  196.866368][ T9244] exfat: Deprecated parameter 'namecase'
[  196.912446][ T9244] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[  197.379347][ T9256] loop4: detected capacity change from 0 to 32768
[  197.394693][ T9256] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  197.412704][ T9256] 
[  197.413566][ T9256] ======================================================
[  197.416018][ T9256] WARNING: possible circular locking dependency detected
[  197.418450][ T9256] syzkaller #0 Not tainted
[  197.420254][ T9256] ------------------------------------------------------
[  197.423511][ T9256] syz.4.1115/9256 is trying to acquire lock:
[  197.425377][ T9256] ffff888029a9c3c0 (&ocfs2_sysfile_lock_key[EXTENT_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_reserve_suballoc_bits+0x15e/0x4640
[  197.429729][ T9256] 
[  197.429729][ T9256] but task is already holding lock:
[  197.432014][ T9256] ffff888029a9ddf8 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_xattr_set+0x40f/0x11f0
[  197.435155][ T9256] 
[  197.435155][ T9256] which lock already depends on the new lock.
[  197.435155][ T9256] 
[  197.438293][ T9256] 
[  197.438293][ T9256] the existing dependency chain (in reverse order) is:
[  197.441044][ T9256] 
[  197.441044][ T9256] -> #5 (&oi->ip_xattr_sem){++++}-{4:4}:
[  197.443471][ T9256]        lock_acquire+0x120/0x360
[  197.445020][ T9256]        down_read+0x46/0x2e0
[  197.446683][ T9256]        ocfs2_init_acl+0x2f9/0x720
[  197.448446][ T9256]        ocfs2_mknod+0x1321/0x2050
[  197.450267][ T9256]        ocfs2_mkdir+0x191/0x440
[  197.451776][ T9256]        vfs_mkdir+0x306/0x510
[  197.453265][ T9256]        do_mkdirat+0x247/0x590
[  197.454946][ T9256]        __x64_sys_mkdirat+0x87/0xa0
[  197.456869][ T9256]        do_syscall_64+0xfa/0x3b0
[  197.458590][ T9256]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  197.461006][ T9256] 
[  197.461006][ T9256] -> #4 (jbd2_handle){++++}-{0:0}:
[  197.463470][ T9256]        lock_acquire+0x120/0x360
[  197.465048][ T9256]        start_this_handle+0x1fa7/0x21c0
[  197.466821][ T9256]        jbd2__journal_start+0x2c1/0x5b0
[  197.469300][ T9256]        jbd2_journal_start+0x2a/0x40
[  197.471582][ T9256]        ocfs2_start_trans+0x376/0x6d0
[  197.473811][ T9256]        ocfs2_mknod+0xe93/0x2050
[  197.475545][ T9256]        ocfs2_mkdir+0x191/0x440
[  197.477424][ T9256]        vfs_mkdir+0x306/0x510
[  197.479223][ T9256]        do_mkdirat+0x247/0x590
[  197.481009][ T9256]        __x64_sys_mkdirat+0x87/0xa0
[  197.482620][ T9256]        do_syscall_64+0xfa/0x3b0
[  197.484661][ T9256]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  197.487404][ T9256] 
[  197.487404][ T9256] -> #3 (&journal->j_trans_barrier){.+.+}-{4:4}:
[  197.491021][ T9256]        lock_acquire+0x120/0x360
[  197.493221][ T9256]        down_read+0x46/0x2e0
[  197.495244][ T9256]        ocfs2_start_trans+0x36a/0x6d0
[  197.497594][ T9256]        ocfs2_mknod+0xe93/0x2050
[  197.499704][ T9256]        ocfs2_mkdir+0x191/0x440
[  197.501831][ T9256]        vfs_mkdir+0x306/0x510
[  197.503889][ T9256]        do_mkdirat+0x247/0x590
[  197.506012][ T9256]        __x64_sys_mkdirat+0x87/0xa0
[  197.508299][ T9256]        do_syscall_64+0xfa/0x3b0
[  197.510428][ T9256]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  197.513038][ T9256] 
[  197.513038][ T9256] -> #2 (sb_internal#2){.+.+}-{0:0}:
[  197.516237][ T9256]        lock_acquire+0x120/0x360
[  197.518227][ T9256]        ocfs2_start_trans+0x26b/0x6d0
[  197.520405][ T9256]        ocfs2_mknod+0xe93/0x2050
[  197.522447][ T9256]        ocfs2_mkdir+0x191/0x440
[  197.524413][ T9256]        vfs_mkdir+0x306/0x510
[  197.526352][ T9256]        do_mkdirat+0x247/0x590
[  197.528327][ T9256]        __x64_sys_mkdirat+0x87/0xa0
[  197.530521][ T9256]        do_syscall_64+0xfa/0x3b0
[  197.532584][ T9256]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  197.535126][ T9256] 
[  197.535126][ T9256] -> #1 (&ocfs2_sysfile_lock_key[LOCAL_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}:
[  197.539266][ T9256]        lock_acquire+0x120/0x360
[  197.540824][ T9256]        down_write+0x96/0x1f0
[  197.542448][ T9256]        ocfs2_reserve_local_alloc_bits+0x125/0x24e0
[  197.544764][ T9256]        ocfs2_reserve_clusters_with_limit+0x1be/0xba0
[  197.546987][ T9256]        ocfs2_mknod+0xe32/0x2050
[  197.548555][ T9256]        ocfs2_mkdir+0x191/0x440
[  197.549980][ T9256]        vfs_mkdir+0x306/0x510
[  197.551463][ T9256]        do_mkdirat+0x247/0x590
[  197.552964][ T9256]        __x64_sys_mkdirat+0x87/0xa0
[  197.554612][ T9256]        do_syscall_64+0xfa/0x3b0
[  197.556205][ T9256]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  197.558103][ T9256] 
[  197.558103][ T9256] -> #0 (&ocfs2_sysfile_lock_key[EXTENT_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}:
[  197.561478][ T9256]        validate_chain+0xb9b/0x2140
[  197.563146][ T9256]        __lock_acquire+0xab9/0xd20
[  197.564962][ T9256]        lock_acquire+0x120/0x360
[  197.566899][ T9256]        down_write+0x96/0x1f0
[  197.568753][ T9256]        ocfs2_reserve_suballoc_bits+0x15e/0x4640
[  197.571133][ T9256]        ocfs2_reserve_new_metadata_blocks+0x403/0x940
[  197.573718][ T9256]        ocfs2_init_xattr_set_ctxt+0x307/0x700
[  197.576124][ T9256]        ocfs2_xattr_set+0xb70/0x11f0
[  197.578283][ T9256]        __vfs_setxattr+0x43c/0x480
[  197.580297][ T9256]        __vfs_setxattr_noperm+0x12d/0x660
[  197.582535][ T9256]        vfs_setxattr+0x16b/0x2f0
[  197.584522][ T9256]        filename_setxattr+0x274/0x600
[  197.586616][ T9256]        path_setxattrat+0x364/0x3a0
[  197.588656][ T9256]        __x64_sys_setxattr+0xbc/0xe0
[  197.590703][ T9256]        do_syscall_64+0xfa/0x3b0
[  197.592435][ T9256]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  197.594398][ T9256] 
[  197.594398][ T9256] other info that might help us debug this:
[  197.594398][ T9256] 
[  197.597958][ T9256] Chain exists of:
[  197.597958][ T9256]   &ocfs2_sysfile_lock_key[EXTENT_ALLOC_SYSTEM_INODE] --> jbd2_handle --> &oi->ip_xattr_sem
[  197.597958][ T9256] 
[  197.604027][ T9256]  Possible unsafe locking scenario:
[  197.604027][ T9256] 
[  197.606952][ T9256]        CPU0                    CPU1
[  197.609015][ T9256]        ----                    ----
[  197.611135][ T9256]   lock(&oi->ip_xattr_sem);
[  197.612962][ T9256]                                lock(jbd2_handle);
[  197.615588][ T9256]                                lock(&oi->ip_xattr_sem);
[  197.618343][ T9256]   lock(&ocfs2_sysfile_lock_key[EXTENT_ALLOC_SYSTEM_INODE]);
[  197.621280][ T9256] 
[  197.621280][ T9256]  *** DEADLOCK ***
[  197.621280][ T9256] 
[  197.624572][ T9256] 3 locks held by syz.4.1115/9256:
[  197.626626][ T9256]  #0: ffff888037c40428 (sb_writers#14){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[  197.630306][ T9256]  #1: ffff888029a9e0c0 (&type->i_mutex_dir_key#18){+.+.}-{4:4}, at: vfs_setxattr+0x144/0x2f0
[  197.634348][ T9256]  #2: ffff888029a9ddf8 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_xattr_set+0x40f/0x11f0
[  197.638205][ T9256] 
[  197.638205][ T9256] stack backtrace:
[  197.640520][ T9256] CPU: 1 UID: 0 PID: 9256 Comm: syz.4.1115 Not tainted syzkaller #0 PREEMPT(full) 
[  197.640546][ T9256] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  197.640556][ T9256] Call Trace:
[  197.640565][ T9256]  <TASK>
[  197.640573][ T9256]  dump_stack_lvl+0x189/0x250
[  197.640594][ T9256]  ? __pfx_dump_stack_lvl+0x10/0x10
[  197.640613][ T9256]  ? __pfx__printk+0x10/0x10
[  197.640634][ T9256]  ? print_lock_name+0xde/0x100
[  197.640655][ T9256]  print_circular_bug+0x2ee/0x310
[  197.640672][ T9256]  check_noncircular+0x134/0x160
[  197.640690][ T9256]  validate_chain+0xb9b/0x2140
[  197.640706][ T9256]  ? __mutex_unlock_slowpath+0x1a1/0x760
[  197.640728][ T9256]  ? look_up_lock_class+0x74/0x170
[  197.640748][ T9256]  ? register_lock_class+0x51/0x320
[  197.640770][ T9256]  __lock_acquire+0xab9/0xd20
[  197.640791][ T9256]  ? ocfs2_reserve_suballoc_bits+0x15e/0x4640
[  197.640807][ T9256]  lock_acquire+0x120/0x360
[  197.640827][ T9256]  ? ocfs2_reserve_suballoc_bits+0x15e/0x4640
[  197.640847][ T9256]  down_write+0x96/0x1f0
[  197.640868][ T9256]  ? ocfs2_reserve_suballoc_bits+0x15e/0x4640
[  197.640883][ T9256]  ? __pfx_down_write+0x10/0x10
[  197.640907][ T9256]  ocfs2_reserve_suballoc_bits+0x15e/0x4640
[  197.640929][ T9256]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  197.640947][ T9256]  ? lockdep_hardirqs_on+0x9c/0x150
[  197.640965][ T9256]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  197.640982][ T9256]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  197.641000][ T9256]  ? __pfx_ocfs2_reserve_suballoc_bits+0x10/0x10
[  197.641017][ T9256]  ? stack_depot_save_flags+0x41b/0x860
[  197.641038][ T9256]  ? kasan_save_track+0x4f/0x80
[  197.641053][ T9256]  ? kasan_save_track+0x3e/0x80
[  197.641068][ T9256]  ? __kasan_kmalloc+0x93/0xb0
[  197.641084][ T9256]  ? __kmalloc_cache_noprof+0x230/0x3d0
[  197.641102][ T9256]  ? ocfs2_reserve_new_metadata_blocks+0x113/0x940
[  197.641118][ T9256]  ? ocfs2_init_xattr_set_ctxt+0x307/0x700
[  197.641134][ T9256]  ? ocfs2_xattr_set+0xb70/0x11f0
[  197.641150][ T9256]  ? __vfs_setxattr+0x43c/0x480
[  197.641167][ T9256]  ? __vfs_setxattr_noperm+0x12d/0x660
[  197.641220][ T9256]  ? vfs_setxattr+0x16b/0x2f0
[  197.641240][ T9256]  ? filename_setxattr+0x274/0x600
[  197.641260][ T9256]  ? path_setxattrat+0x364/0x3a0
[  197.641275][ T9256]  ? __x64_sys_setxattr+0xbc/0xe0
[  197.641286][ T9256]  ? do_syscall_64+0xfa/0x3b0
[  197.641305][ T9256]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  197.641332][ T9256]  ? __kasan_kmalloc+0x93/0xb0
[  197.641350][ T9256]  ? ocfs2_reserve_new_metadata_blocks+0x113/0x940
[  197.641368][ T9256]  ocfs2_reserve_new_metadata_blocks+0x403/0x940
[  197.641387][ T9256]  ? __pfx_ocfs2_reserve_new_metadata_blocks+0x10/0x10
[  197.641404][ T9256]  ? __pfx_ocfs2_calc_xattr_set_need+0x10/0x10
[  197.641425][ T9256]  ? __lock_acquire+0xab9/0xd20
[  197.641448][ T9256]  ocfs2_init_xattr_set_ctxt+0x307/0x700
[  197.641469][ T9256]  ? __pfx_ocfs2_init_xattr_set_ctxt+0x10/0x10
[  197.641489][ T9256]  ? ocfs2_xattr_set+0xb36/0x11f0
[  197.641508][ T9256]  ? up_write+0x1c4/0x420
[  197.641522][ T9256]  ? ocfs2_xattr_set+0x334/0x11f0
[  197.641546][ T9256]  ocfs2_xattr_set+0xb70/0x11f0
[  197.641571][ T9256]  ? __pfx_ocfs2_xattr_set+0x10/0x10
[  197.641587][ T9256]  ? ocfs2_permission+0x107/0x1b0
[  197.641610][ T9256]  ? __pfx_ocfs2_permission+0x10/0x10
[  197.641638][ T9256]  ? inode_permission+0x149/0x470
[  197.641651][ T9256]  ? __pfx_ocfs2_permission+0x10/0x10
[  197.641672][ T9256]  ? look_up_lock_class+0x74/0x170
[  197.641691][ T9256]  ? register_lock_class+0x51/0x320
[  197.641713][ T9256]  ? posix_xattr_acl+0x93/0xc0
[  197.641731][ T9256]  ? evm_protect_xattr+0x4d4/0xa90
[  197.641750][ T9256]  ? __pfx_evm_protect_xattr+0x10/0x10
[  197.641766][ T9256]  ? __pfx_ocfs2_xattr_trusted_set+0x10/0x10
[  197.641784][ T9256]  __vfs_setxattr+0x43c/0x480
[  197.641808][ T9256]  __vfs_setxattr_noperm+0x12d/0x660
[  197.641831][ T9256]  vfs_setxattr+0x16b/0x2f0
[  197.641853][ T9256]  ? __pfx_vfs_setxattr+0x10/0x10
[  197.641872][ T9256]  ? mnt_get_write_access+0x223/0x2a0
[  197.641890][ T9256]  filename_setxattr+0x274/0x600
[  197.641914][ T9256]  ? __pfx_filename_setxattr+0x10/0x10
[  197.641936][ T9256]  ? getname_flags+0x1e5/0x540
[  197.641951][ T9256]  path_setxattrat+0x364/0x3a0
[  197.641969][ T9256]  ? __pfx_path_setxattrat+0x10/0x10
[  197.641984][ T9256]  ? do_futex+0x333/0x420
[  197.642012][ T9256]  ? rcu_is_watching+0x15/0xb0
[  197.642027][ T9256]  __x64_sys_setxattr+0xbc/0xe0
[  197.642041][ T9256]  do_syscall_64+0xfa/0x3b0
[  197.642061][ T9256]  ? lockdep_hardirqs_on+0x9c/0x150
[  197.642078][ T9256]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  197.642092][ T9256]  ? exc_page_fault+0x9f/0xf0
[  197.642110][ T9256]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  197.642124][ T9256] RIP: 0033:0x7f24f678ebe9
[  197.642139][ T9256] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  197.642152][ T9256] RSP: 002b:00007f24f49f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
[  197.642168][ T9256] RAX: ffffffffffffffda RBX: 00007f24f69b5fa0 RCX: 00007f24f678ebe9
[  197.642208][ T9256] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000200000000240
[  197.642219][ T9256] RBP: 00007f24f6811e19 R08: 0000000000000000 R09: 0000000000000000
[  197.642230][ T9256] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  197.642239][ T9256] R13: 00007f24f69b6038 R14: 00007f24f69b5fa0 R15: 00007ffcf5384378
[  197.642256][ T9256]  </TASK>
[  197.841887][    C1] vkms_vblank_simulate: vblank timer overrun
[  197.876433][ T6720] ocfs2: Unmounting device (7,4) on (node local)
[  198.000587][ T6030] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  198.160552][ T6030] usb 4-1: Using ep0 maxpacket: 8
[  198.168398][ T6030] usb 4-1: unable to get BOS descriptor or descriptor too short
[  198.172778][ T6030] usb 4-1: unable to read config index 0 descriptor/start: -71
[  198.175929][ T6030] usb 4-1: can't read configurations, error -71

VM DIAGNOSIS:
11:36:07  Registers:
info registers vcpu 0

CPU#0
RAX=c2a3250090b87500 RBX=ffffffff819683a8 RCX=c2a3250090b87500 RDX=0000000000000001
RSI=ffffffff8be332e0 RDI=ffffffff819683a8 RBP=ffffffff8de07eb8 RSP=ffffffff8de07d80
R8 =ffff88804b032f9b R9 =1ffff110096065f3 R10=dffffc0000000000 R11=ffffed10096065f4
R12=ffffffff8fa37e30 R13=0000000000000000 R14=0000000000000000 R15=1ffffffff1bd2a20
RIP=ffffffff8b7943f3 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b861c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b32721ff8 CR3=000000010f2ec000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=6161616161616161 6161616161616161
XMM06=6161616161616161 6161616161616161 XMM07=6161616161616161 6161616161616161
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007f24f6812fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=000000000000002d RBX=000000000000002d RCX=0000000000000000 RDX=00000000000003f8
RSI=00000000000013b5 RDI=00000000000013b6 RBP=00000000000003f8 RSP=ffffc900083d64b0
R8 =ffff888107018237 R9 =1ffff11020e03046 R10=dffffc0000000000 R11=ffffffff854eff70
R12=dffffc0000000000 R13=ffffffff99af9909 R14=ffffffff99dee3a0 R15=0000000000000000
RIP=ffffffff854effec RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f24f49f66c0 ffffffff 00c00000
GS =0000 ffff8881a3c1c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b30623ffc CR3=0000000109964000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=6161616161616161 6161616161616161
XMM06=6161616161616161 6161616161616161 XMM07=6161616161616161 6161616161616161
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007f2d65412fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
