last executing test programs:

5m8.376401063s ago: executing program 1 (id=126):
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r0, &(0x7f0000000bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0, {0xa, 0x4e24, 0x9, @mcast2, 0x9}}}, 0x3a)

5m8.258147605s ago: executing program 1 (id=128):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x1, 0x7fff0000}]})
ioctl$FIONREAD(r0, 0x541b, 0x0)

5m8.148142928s ago: executing program 1 (id=130):
futex_waitv(&(0x7f00000000c0)=[{0x7, &(0x7f0000000940)=0x100000000ffff, 0x6}], 0x1, 0x0, 0x0, 0x1)

5m8.088458327s ago: executing program 1 (id=132):
syz_mount_image$udf(&(0x7f00000004c0), &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='shortad,partition=00000000000000000005,noadinicb,uid=', @ANYRESOCT=0x0, @ANYBLOB='\x00\x00\x00\x00=', @ANYRESDEC=0x0, @ANYBLOB=',nostrict,\x00'], 0x1, 0x489, &(0x7f0000000580)="$eJzs29trHOUfx/HPd7K72Wz7+3XbpmmVgquCSsWaQ4/Gix5iqNCkOTQiRYWYbOLSnMimkhTR4o233ngjIgoKUkULIt54pb3zD1AQBL3wQgT3wgMIgszszM5ks2nS7iHd9v2CdifPfGfmOewzz7M7zwoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEinnjrZ2WVbnQsAANBIg6Mjnd2M/wAA3FXO8/kfAADgbmJy9L1MfSMFG/D+Lkqezc1dWh7r6698WJt5R7Z48e6/ZFd3z6HDR44eC15vfHyt3aNzo+dPZk7Pzy4sZvP57GRmbC43MT+Z3fQZqj2+3AGvAjKzFy9NTk3lM90He1btXk7/0rqtI917tOOEE8SO9fX3j0ZiYvFbvvoa683wE3K0T6bfHvrUBiU5qr4uNnjv1FubV4gDXiHG+vq9gszkxueW3J1DQUU4fll9iaCOGtAWVWmX3HxZojaf2eJydEKmjp8Ldk5SS1APj3pfDK9/YKwml79lbj6fl/SAmqDNbmOtcvSjTLM7khra+mZFg8XkaFmmP3oLNuzdD9z+5N42zz6TeXpuaj4SO2R+j2r28aGRbvN7U1KOBr07fsFGtjozaDh3svSWTHs+ftmbV8ibl+7oPfrEcE90hrF3g/O4sQf9+eNmxuS4HztkQ2ZO7csFAAAAAAAAQGo1R9/JVPgqEyamTU7kkXFSxQdDma3JIoB6MUdvyzQ8UvC+ho+uS2mJrO8pafZnf/XNf1vy9PzCymJu+qWlivtTyZMv5pcWxycq71abe59tiaZstI6lSnFzlJDpuT8/stJ1i/d/fylAmJsPnwzXzCTLr++9b/5fXM8UPEM6fmFvdLtilm/i+ah7TTNHSzKd2rXPX6uS0po6UzHuc5l+f2+/H+ck3MwHp00XzziVm8l2urFfy/T+v0GstyxK2/zY3WFslxtrMr05sDp2ux/bHsZ2u7H9Ml1/oXLsnjC2x419XaaFXzNBbMqNvc+P7QhjD07Mz0xWqkrgZrn9/yeZ3m3PWNA3YsX339r+/0o4FlwpP9E6fb7a/p+OpF3x+/UFt///tc/ry17/dyr3/zdk+uSL/X5cse8l/P07vf/D/v+sTNPfro5N+bG7wtiuTVdsk3Dbf79MZ/ZcK9WN3/5+C4StFm3/e8vfHXVq/52RtLR/3dbaFB2S8iuXL47PzGQX2WCDDTZKG1t9Z0IjuOP/Z+4s6ssfSvMdf/z3P6aEM6u/Xw3H/97yE9Vp/N8VSev1ZyPxmJRcml2I75WS+ZXLj+Vmx6ez09m5Q51HOg8fOt51/Fg8EUzuwq2q6+pO5Lb/NzL9s+1q6fPu6vlf5fl/qvxEdWr/3ZG01Kr5StVFh9/+V2W6//q10vcSN5r/B9//PPJg8bXUP+vU/u2RtLR/3f/VpugAAAAAAAAAAAAAAAAA0NTi5ugDmc48HrPgt2abWf+35gdodVr/1RFJm2zQ7xWqrlQAaAKOHL0j08Mq2GtuwnZpIPqKO9p/AQAA//9HASOO")
socket$inet(0x2, 0x2, 0x1)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x1480, 0x0)
mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1edc01, 0x0)
mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000080)='./file0/file0\x00', 0x0, 0x887008, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r0, &(0x7f0000002f40)={0x2020}, 0x2020)

5m7.918386916s ago: executing program 1 (id=134):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r0, 0xc01864b0, &(0x7f0000000200)={0x0, 0x0, 0xa, 0xffff, 0x6})

5m7.610038141s ago: executing program 1 (id=141):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
set_mempolicy(0x2, &(0x7f0000000380)=0x4717, 0x2)
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000})

5m7.492744711s ago: executing program 32 (id=141):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
set_mempolicy(0x2, &(0x7f0000000380)=0x4717, 0x2)
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000})

4m44.865046675s ago: executing program 0 (id=434):
connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xff, 0x3}, 0x48)
syz_mount_image$ext4(&(0x7f00000000c0)='ext2\x00', &(0x7f0000000080)='./file0\x00', 0x808080, &(0x7f0000000000), 0x2c, 0x516, &(0x7f0000000740)="$eJzs3c9vG1kdAPCvnV9umm6ysIcFAVuWhYKq2om7G632wnJBQqvVIi2cEGqjxI2i2HEUO6UJkUjPXJGoxAn+BA5IHJB64s4NblzKAalABWqQEPJq7HGbOHFiNXHcxp+PNPJ7MxN/v8/SvBc/2/MCGFpXI2I3IsYj4nZETKf7M+kWH7a25LynT3YW957sLGai0fj0n6PpmTuL7fPbLqfPmYv4JKlPHBG3trW9ulAulzbSeqFeWS/UtrZvrFQWlkvLpbVicX5ufvb9m+8Vz6ytb1V++/i7Kx/98A+///KjP+1+66dJzt9OjyVtO7NA+7Rel7GY2rcveeU+6kewARhJ2zM+6ER4IdmI+FxEvJ2Wn8kNLicAoL8ajeloTO+vd5fp4RwA4OWXvOefikw2n77/n4psNp9vzuHl3ojJbLlaq1+/U91cW4rmHNZMjGXvrJRLs+lc4UyMZZL6XLP8vF7sqN+MiNcj4hcTl5r1/GK1vDSof3oAYMhd7hj//zPRGv974BMCAHiVGckBYPgcHv/HBpIHAHB+vP8HgOGzb/w/6re6AMAFlOv47T8AcPGdOP//Zvzsx+eTCgBwTnz+DwBD5fsff5xsjb30/tdLd7c2V6t3byyVaqv5yuZifrG6sZ5frlaXm/fsqZz0fOVqdX3u3di8V6iXavVCbWv7VqW6uVa/1byv962SHxYAwOC9/tbDv2QiYveDS80t2ms5+EIAXHgucxheI4NOABiY0UEnAAyM+Xggc8Lxrl8RetD9by6dIh+g/659ocv8//H/G/y/cT7pAX1k/h+G1+nm/80ewKvM/D8Mr0YjYz1/ABgyPbyD9xVBuOBe+PN/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGGJTzS2TzadrgU9FNpvPR1yJiJkYy9xZKZdmI+K1iPjzxNhEUp8bdNIAwCll/55J1/+6Nv3OVOfR8cx/J5qPEfGTX336y3sL9frGXLL/X8/21x+k+4tHBpjofxsAgH1GO3e0x+n2ON5e3/fpk53F9naeCT7+Tmtx0STuXrq1U28ln4uxiJj8d+ZAYzJntDDx7v2IeLOz/dlnx2fSlU874yexr/QtfjRbOHUgfvZA/GzzWOsxeS0+fwa5wLB5mPQ/Hx51/WXjavMxvf4yBzvTXPz8cOf6Atr9316js/9rXe+fXMk1+5qj+r+rvcZ494/f63rs/kjji6MRe4f63/aK0Llm6aj47/QY/69f+srb3Y41fh1xLY6L3yoV6pX1Qm1r+8ZKZWG5tFxaKxbn5+Zn37/5XrHQnKMutGeqD/vHB9df697+iMku8XMntP/rPbb/N/+7/aOvHhP/m187Kn423jgmfjImfqPH+AuTv+u6fHcSf6lL+0cPxB8/8HfJvus9xn/0t+2lHk8FAM5BbWt7daFcLm0onLaQ69czX35JGqhwTGEkyu35qJcin1MXBtwxAX33/KIfdCYAAAAAAAAAAAAAAEA3tR+kt/zr44/hBt1GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALq7PAgAA//+iDcmp")
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='mounts\x00')
pread64(r0, &(0x7f0000001b80)=""/4084, 0xff4, 0x0)

4m44.772200619s ago: executing program 0 (id=436):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000240)='./file1\x00', 0x8c0, &(0x7f0000000100)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6572726f72733d72656d6f756e742d726f2c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c6c6f63616c666c6f636b732c696e74722c6e6f61636c2c001967b9b8a6cdd636d75428f2c5e8054d01858eef552755576e749526b36860cf2511040d1ce5a743ffd83d29d1ba3a54a59d8c7aa249f08d3c8c6d04ac105d67934db6190d59f2323b55a5a4"], 0x1, 0x444f, &(0x7f0000008900)="$eJzs3b1PHGcaAPB3BnwGfx32XeGTTrqVztJ9CoGru8PSYYyNwSaOnNhFmvUCa5tkYS1YohQuSGcpVaQUUQorkdJRWUhp0jh/QpqUTm0pKdJEimRlo92dxcywazaYhWD9fsXOzvv5wLMzvGNp/caJyt355dz8cq6wmCvP3l4+m3u3XFpZKIZ4j7Sc/9DezU9nuvE5edGYX+xa5LRy7cKlN26eDeGruW+eVqvVaqjpDS0Nb3r/4w/3Zzcfm+JMn9q4LYY6VOtabWg9WcfeCiH8cUtcNT0hhL4QQhRCOJ+UjSXH/hDC8aTu5v0PbuVeMoqmR0+K5/LPph+sj5yZWnu43upnb4hC+KT0p3/fWfjurz0j3/6z/YhfHt2l0AAAAAAAAAAAAAAAAAAAOAAmrl+78frQcHgchd61aOv3dSeSY5vvx/ZWd81fXhTmP07s3o8MAAAAAAAAAAAAAAAAAAAAvznPv/+fi061+P7/eHIcbdO/+v/ux0j3TL52bfzi0HCy/3u0pf4/SdH353vCyRb7vmf3fz+f6d96//et8+xUM77mvAMhigdT53E8OBjCZ8nG76ejI3GpvFz51+3yyuLcroVxYKXz39i9P5WdZEP/DvMfj2XGb7P//y76w5ZPU+381u59xF5p6fz3tG33+ftRR9f/hUy/vcg/O5fOf2+9rH9zg9HGDaCW/w97t8//eGb8buX/RAghF9VizaXuALU1TK283XqFtHT+D9XLUrfO5BfZ7vr/KZP/i5nx9+v+v5r9Q0RL6fz/rl7Wl2pxuP5az3+8/fV/KTP+fuS/Fv9qo7Da3bkPvnT+G7kOvakm9d9kp/f/icz4bfN/+OXivhEncZ6IUp+AtahR3ub/qyMjnf++LfXPn//ijtZ/lzP99+r5rzlv8/mvefv/e9R4/qO1dP7727br9PqfzPTr9v1/tL7+Y6fS+T9SL0uvnQfqr53mfyozfrfyX38q6Wvm//n95OfDjfJPrf86ks7/0UZhvLnFav21vv6Ltl//X8mMvx/rv1r8q3F3Z31VpPN/rG27Wv6/7uDv/9VMv+7nP4Qh/9a3Y+n8H2/brn79922f/+mNd42xup3/v3VzcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIADYCw5DoQoHkydx/HgYAgXkvPT4Ug0U5jLz5TKs+8shzCelOfCqehOqTxTKOXnF8tzxXyhVCrPhnAxqe8LfdFyqVzJLxTuXdoYqz+6WywsVWaKhUoIYSIp/3M43hxrZr6yULgXQri8Uff7uLx0725hMT83v/S/oaGhoTC5EcPJqPhepbhYaczeqA1haqPvQLQpuHr1lY1YjkVvl1eWFgulevnVTX1K5dlCaVOf6aTuo3AyqiytLM4WKsV8qXynOd9+Gk2O45PX37x+dXhL/a2ocRzb27AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+JUej/z34xBCb+MsDiGMNt9Erdo/elI8l382/WB95MzU2sP1p+3aAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPzCDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbpGDWBIAoD8JtJkaTLMVItSZd2QyAkRTYInkCP4WH0KF7CO1hY2FqIILuo6y5so9X3NQ/mZ+Y9mAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAw36Nq/P/2HpHiaf8YsZyu1uf5b13nn933H+4wI7fz81d9nf4wXeUf9dGmzMd0t51NoqM2Fq09ae/TZZ/n3rn69q1vvqbvS6RcRERZ568p56IY9hYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABzYgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCwAAAAAI87eOom8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB+BQAA//821CU5")

4m44.31098593s ago: executing program 0 (id=446):
r0 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @dev={0xac, 0x14, 0x14, 0x32}}, 0xc)
r1 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r1, &(0x7f0000001b80)=[{&(0x7f0000000040)=""/96, 0x60}], 0x1, 0x5e, 0xfffffffd)

4m44.266189936s ago: executing program 0 (id=448):
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x800, &(0x7f0000000200)={[{@iocharset={'iocharset', 0x3d, 'macinuit'}}, {@umask={'umask', 0x3d, 0x9}}, {@namecase}, {@discard}, {@allow_utime={'allow_utime', 0x3d, 0x5275}}, {@errors_remount}, {@gid}, {@errors_remount}, {@discard}, {@errors_continue}]}, 0x3, 0x1510, &(0x7f0000003640)="$eJzs3Am4TlX7MPD7Xmvt45D0dJLhsNa6N08yLCdJMiTJkCRJkmRKSDrJKwmJQ6akQxKS4ZAMh5AMJ0465nkekyTpJEmmTMn6rlN83t7qe//v/+17/a//uX/Xta9n3c/a99prP/czrL0N33UZWrNxrWoNiQj+LfjrQxIAxALAQAC4DgACACgXVy4uqz+nxKR/7yDsr/VI6tWeAbuauP7ZG9c/e+P6Z29c/+yN65+9cf2zN65/9sb1Zyw72zy94PW8Zd+N7/9nZ/z7/79IZumxX60tfWPXfyGF65+9cf3/1wr+Kztx/bM3rn/2xvXP3rj+2UGOP+3h+mdvXH/GsrOrff+Zt6u7Xe33H2OMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4yx7OGsv0IBwOX21Z4XY4wxxhhjjDHG/jo+x9WeAWOMMcYYY4wxxv7/QxAgQUEAMZADYiEn5AIBANdCHrgOInA9xMENkBduhHyQHwpAQYiHQlAYNBiwQBBCESgKUbgJisHNUBxKQEkoBQ5KQwLcAmXgVigLt0E5uB3Kwx1QASpCJagMd0IVuAuqwt1QDe6B6lADakItuBdqw31QB+6HuvAA1IMHoT48BA3gYWgIj0AjeBQaw2PQBB6HptAMmkMLaPnfyn8JesDL0BN6QRL0hj7wCvSFftAfBsBAeBUGwWswGF6HZBgCQ+ENGAZvwnB4C0bASBgFb8NoeAfGwFgYB+MhBSbARHgXJsF7MBmmwFSYBqkwHWbA+zATZsFs+ADmwIcwF+bBfFgAafARLIRFkA4fw2L4BDJgCSyFZbAcVsBKWAWrYQ2shXWwHjbARtgEm2ELbIVtsB12wE7YBbvhU9gDn8Fe+Bz2wRf/Yv6Zf8jvioCAAgUqVBiDMRiLsZgLc2FuzI15MA9GMIJxGId5MS/mw3xYAAtgPMZjYSyMBg0SEhbBIhjFKBbDYlgci2NJLIkOHSZgApbBW7EslsVyWA7LY3msgBWxIlbGylgFq2BVrIrVsBpWx+pYE2vivXgv9sY6WAfrYl2sh/Uu357ChtgQG2EjbIyNsQk2wabYFJtjc2yJLbEVtsLW2BrbYltsh+2wPbbHREzEDtgBO2JH7ISdsDN2xi7YBbtiN+yGL+UAfBlfxl5YXfTGPtgH+2Jyjv44AAfgqzgIX8PX8HVMxiE4FN/AN/BNHI6ncQSOxFE4CquId3AMjkUS4zEFU3AiTsRJOAkn4xScgtMwFafjDJyBM3EWzsIPcA5+iB/iPJyHCzAN03AhLsJ0TMfFeAYzcAkuxWW4HFfgclyFq3EVrsV1uBY34AbchJtwC27BbbgNd+AO3IUKAD/Fz/AzTMZ9uA/34348gAfwIB7ETMzEQ3gID+NhPIJH8CgexWN4HE/gcTyFp/A0nsGzeBbP43m8gC/Ef9NoV4k1ySCyKKFEjIgRsSJW5BK5RG6RW+QReURERESciBN5RV6RT+QTBUQBES/iRWFRWBhhBIkwBgBEVERFMVFMFBfFRUlRUjjhRIJIEGVEGVFWlBXlxO2ivLhDVBAVRRtXWVQWVURbV1XcLaqJaqK6qCFqilqilqgtaos6oo6oK+qKeqKeqC8eEg1Eb+yPj4isyjQWQ7CJGIpNRTMhL32DtRLDsbVoI9qKp8RIHIHtRSuXKJ4VHcQY7Cj+Jsbi86KzGI9dxIuiq+gmuouXRA/R2vUUvcRk7C36iGnYV/QT/cUAMRNriA9wTs6a4nWRLIaIoeINsQDfFMPFW2KEGClGibfFaPGOGCPGinFivEgRE8RE8a6YJN4Tk8UUMVVME6liupgh3hczxSwxW3wg5ogPxVwxT8wXC0Sa+EgsFItEuvhYLBafiAyxRCwVy8RysUKsFKvEarFGrBXrxHqxQWwUm8RmsUVsFdvEdrFD7BS7xG7xqdgjPhN7xedin/hC7BdfigPiK3FQfC0yxTfikPhWHBbfiSPie3FU/CCOiePihDgpTokfxWlxRpwV58R58ZO4IH4WF4UXIFEKKaWSgYyROWSszClzyWtkbhlcenWvl3HyBplX3ijzyfyygCwo42UhWVhqaaSVJENZRBaVUXmTLCZvlsVlCVlSlpJOlpYJ8hZZRt4qy8rbZDl5uywv75AVZEVZSVaWd8oq8i4JkV+PUV3WkDVlLXmvrC3vk3Xk/bKufEDWkw/K+vIh2UA+LBvKR2Qj+ahsLB+TTeTjsqlsJpvLFrKlfEK2kk/K1rKNbCufku3k07K9fEYmymdlB+kvvUWel53lC7KLfFF2ld1kd/mzvCi97Cl7SYDeso98RfaV/WR/OUAOlK/KQfI1OVi+LpPlEDlUviGHyTflcPmWHCFHylHybTlaviPHyLFynBwvU+QEOVG+KyfJ9+RkOUVOldNkqpwu+18aabaU/zT/3T/IH/zL0TfJzXKL3Cq3ye1yh9wpd8ndcrfcI/fIvXKv3Cf3yf1yvzwgD8iD8qDMlJnykDwkD8vD8og8Io/Ko/KYPC7PyZPylPxRnpZn5Bl5Tp6X5+WFS68BKFRCSaVUoGJUDhWrcqpc6hqVW12r8qjrVERdr+LUDSqvulHlU/lVAVVQxatCqrDSyiirSIWqiCqqouomvPSGUSVVKeVUaZWgbvlX8lUxdbMqrkr8Jv/y/JL+ZH4tVUvVSrVSrVVr1Va1Ve1UO9VetVeJKlF1UB1UR9VRdVKdVGfVWXVRXVRX1VV1V91VD9VD9VQ9VZJKUn3UK6qv6qf6qwFqoHpVDVKD1GA1WCWrZDVUDVXD1DA1XA1XI9QINUqNUqPVaDVGjVHj1DiVolLURDVRTVKT1GQ1WU1VU1WqSlUz1Aw1U81Us9VsNUfNUXPVXDVfzVdpKk0tVAtVukpXi9VilaGWqCVqmVqmVqgVapVapdaoNWqdWqc2qA0qQ21Wm9VWtVVtV9vVTrVT7Va71R61R+1Ve9U+tU/tV/vVAXVAHVQHVabKVIfUIXVYHVZH1BF1VB1Vx9QxdUKdUKfUKXVanVZn1Vl1Xp1XF9QFdVFdzFr2BSIQgQpUEBPEBLFBbJAryBXkDnIHeYI8QSSIBHFBXJA3uDHIF+QPCgQFg/igUFA40IEJbCAuFT0a3BQUC24OigclgpJBqcAFpYOE4JagTHBrUDa4LSgX3B6UD+4IKgQVg0pB5eDOoEpwV1A1uDuoFtwTVA9qBDWDWsG9Qe3gvqBOcH9QN3ggqBc8GNQPHgoaBA8HDYNHgkbBo0Hj4LGgSfB40DRoFjQPWgQt/9LxvT+d/0nXU/fSSbq37qNf0X11P91fD9AD9at6kH5ND9av62Q9RA/Vb+hh+k09XL+lR+iRepR+W4/W7+gxeqwep8frFD1BT9Tv6kn6PT1ZT9FT9TSdqqfrGfp9PVPP0rP1B3qO/lDP1fP0fL1Ap+mP9EK9SKfrj/Vi/YnO0Ev0Ur1ML9cr9Eq9Sq/Wa/RavU6v1xv0Rr1Jb9Zb9Fa9TW/XO/ROvUvv1p/qPfozvVd/rvfpL/R+/aU+oL/SB/XXOlN/ow/pb/Vh/Z0+or/XR/UP+pg+rk/ok/qU/lGf1mf0WX1On9c/6Qv6Z31R+6zFfdbPu1FGmRgTY2JNrMllcpncJrfJY/KYiImYOBNn8pq8Jp/JZwqYAibexJvCprDJQoZMEVPERE3UFDPFTHFT3JQ0JY0zziSYBFPGlDFlTVlTzpQz5U15U8FUMJVMJXOnudPcZe4yd5u7zT3mHlPD1DC1TC1T29Q2dUwdU9fUNfVMPVPf1DcNTAPT0DQ0jUwj09g0Nk1ME9PUNDXNTXPT0rQ0rUwr09q0Nm1NW9POtDPtTXuTaBJNB9PBdDQdTSfTyXQ2nU0X08V0NV1Nd9Pd9DA9TE/T0ySZJNPH9DF9TV/T3/Q3A81AM8gMMoPNYJNsks1QM9QMM8PMcDPcjDAjzaishap5x4wxY804M96kmBQz0Uw0k8wkM9lMNlPNVJNqUs0MM8PMNDPNbDPbzDFzzFwz18w3802aSTMLzUKTbtLNYrPYZJgMs9QsNcvNcrPSrDSrzWqz1qw162G92Wg2ms1ms9lqtprtZrvZaXaa3Wa32WP2mL1mr9ln9pn9Zr85YA6Yg+agyTSZ5pA5ZA6bw+aIOWKOmqPmmDlmTpgT5pQ5ZU6b0+asOWvOm/yXfi+9ibU5bS57jc1tr7V57HX2H+MCtqCNt4VsYattPpv/N7Gx1ha3JWxJW8o6W9om2Ft+F1ewFW0lW9neaavYu2zV38W17X22jr3f1rUP2Fr23t/E9eyDtr59zDZABLDNbCPbwja2j9km9nHb1DazzW0L284+bdvbZ2yifdZ2sM/9Ll5oF9nVdo1da9fZPfYze9aes4ftd/a8/cn2tL3sQPuqHWRfs4Pt6zbZDvldPMq+bUfbd+wYO9aOs+N/F0+102yqnW5n2PftTDvrd3Ga/cjOsel2rp1n59sFv8RZc0q3H9vF9hObYZfYpXaZXW5X2JV21f+d6zK7wW60m+xu+6ndarfZ7XaH3Wl3/RJnncde+7ndZ7+wh+y39oD9yh60R2ym/eaXOOv8jtjv7VH7gz1mj9sT9qQ9ZX+0p+2ZX84/69xP2p/tRestEBKQJEUBxVAOiqWclIuuodx0LeWh6yhC11Mc3UB56UbKR/mpABWkeCpEhUmTIUtEIRWhohSlm+jyOr0klSJHpSmBbqEydCuVpduoHN1O5ekOqkAVqRJVpjupCt1FVeluqkb3UHWqQTWpFt1Ltek+qkP3U116gOrRg1SfHqIG9DA1pEeoET1KjekxakKPU1NqRs2pBbWkJ6gVPUmtqQ21paeoHT1N7ekZSqRnqQM9Rx3pb9SJnqfO9AJ1oRepK3Wj7vQS9aCXqSf1oiTqTX3oFepL/ag/DaCB9CoNotdoML1OyTSEhtIbNIzepOH0Fo2gkTSK3qbR9A6NobE0jsZTCk2gifQuTaL3aDJNoak0jVJpOs2g92kmzaLZ9AHNoQ9pLs2j+bSA0ugjWkiLKJ0+psX0CWXQElpKy2g5raCVtIpW0xpaS+toPW2gjbSJNtMW2krbaDvtoJ20i3bTp7SHPqO99Dntoy9oP31JB+grOkhfUyZ9Q4foWzpM39ER+t73oh/oGB2nE3SSTtGPdJrO0Fk6R+fpJ7pAP9NF8gQhhiKUoQqDMCbMEcaGOcNc4TVh7vDaME94XRgJrw/jwhvCvOGNYb4wf1ggLBjGh4XCwqEOTWhDCsOwSFg0jIY3hcXCm8PiYYmwZFgqdGHpMCG8JSwT3hqWDW8Ly4W3h+XDO8IKYcXwsQcqh3eGVcK7wqrh3WG18J6welgjrBnWCu8Na4f3hXXC+8O64QNh2fDBsH74UNggfDhsGD4SNgofDRuHj4VNwsfDpmGzsHnYImwZPhG2Cp8MW4dtwrbhU2G78OmwffhMmBg+G3YIn/ul/8FFf96fFPYO+4SvhK+E3t8v50cXRNOiH0UXRhdF06MfRxdHP4lmRJdEl0aXRZdHV0RXRldFV0fXRNdG10XXRzdEN0Y3Rb2vlQMcOuGkUy5wMS6Hi3U5XS53jcvtrnV53HUu4q53ce4Gl9fd6PK5/K6AK+jiXSFX2GlnnHXkQlfEFXVRd5Mr5m52xV0JV9KVcs6VdgmuhWvpWrpW7knX2rVxbd1T7in3tHvaPeOecc+6Du4519H9zXVyz7vO7gX3gnvRdXXdXHf3kuvhJuT59TOZ5Pq4Pq6v6+v6u/5uoBvoBrlBbrAb7JJdshvqhrphbpgb7oa7EW6EG+VGudFutBvjxrhxbpxLcSluopvoJrlJbrKb7Ka6qS7VpboZboab6Wa6KrN+PcpcN9fNd/NdmktzC13WmjHdLXaLXYbLcEvdUrfcLXcr3Uq32q12a91at96tdxvdRrfZbXZb3Va33W13O91Ot9vtdnv8db8O6va5/W6/O+AOuIPua5fpvnGH3LfusPvOHXHfu6PuB3fMHXcn3El3yv3oTrsz7qw75867n9wF97O76LxLiUyITIy8G5kUeS8yOTIlMjUyLZIamR6ZEXk/MjMyKzI78kFkTuTDyNzIvMj8yIJIWuSjyMLIokh65OPI4sgnkYzIksjSyLLI8siKiPeFtoa+iC/qo/4mX8zf7Iv7Er6kL+WdL+0T/C2+jL/Vl/W3+XL+dl/e3+Er+Iq+kn/cN/XNfHPfwrf0T/hW/knf2rfxbf1Tvp1/2rf3z/hE/6zv4J/zHf3ffCf/vO/sX/Bd/Iu+q+/mu/uXfA//su/pe/kk39v38a/4vr6f7+8H+IH+VT/Iv+YH+9d9sh/ih/o3/DD/ph/u3/Ij/Eg/KuZtP/ryJTKM9yl+gp/o3/WT/Ht+sp/ip/ppPtVP9zP8+36mn+Vn+w/8HP+hn+vn+fl+gU/zH/mFfpFP9x/7xf4Tn+GXXL6p7Ff6VX61X+PX+nV+vd/gN/pNfrPf4rf6bX673+F3+l1+t//U7/Gf+b3+c7/Pf+H3+y/9Af+VP+i/9pn+G3/If+sP++/8Ef+9P+p/8Mf8cX/Cn/Sn/I/+tD/jz/pz/rz/yV/wP/uL/G/WGGOMMcb+SyZcaYo/6u/9B8+Jv9u5DwBcu61g5t/3Z60o1+f7td1PxLeLAMCzvbo8cnmrXj0pKenSvhkSgqLzAC7/SVCWGLgSL4G28DQkQhso84fz7ye6nad/Mn70doBcf5cTC1fiK+N/+SfjP/HUqIXlw7Nx/4/x5wEUL3olJydciZdAW5X12AbK/sn4+Vv9k/nn/CoFoPXf5eSGK/GV+SfAk/AcJP5mT8YYY4wxxhhj7Ff9RKVOl68/L/+Nzz+6Po9XV3JywJX4n12fM8YYY4wxxhhj7Op7vlv3Z55ITGzT6V9vVP1vZXHjf2rDe4DLzygA+DcHBPiPn8WW/8ixki99dP6xa/k5H8D/jFL+FY2r/MXEGGOMMcYY+8tdWfT/9nl1tSbEGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4xlQ/+J/07sap8jY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxdrX9nwAAAP//geYOMQ==")
chdir(&(0x7f0000000080)='./file0\x00')
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000001659ec0889419429aa5db97288b0f8a87ea8e66d9a8b"], 0xb0)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="10"], 0x10)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f0000000200)={0x30, 0x5, 0x0, {0x0, 0x1, 0x5, 0xfffffffb}}, 0x30)
write$FUSE_DIRENTPLUS(r2, &(0x7f00000002c0)=ANY=[@ANYBLOB="b0"], 0xb0)
mount$9p_fd(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000})
truncate(&(0x7f0000000240)='./file0\x00', 0x206b12)

4m44.086903221s ago: executing program 0 (id=452):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r0, &(0x7f0000004980)={0x0, 0x0, &(0x7f0000004940)={&(0x7f0000004900)={0x18, 0x140f, 0x1, 0x70bd2b, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_CHARDEV_TYPE={0x8, 0x45, 'mad\x00'}]}, 0x18}, 0x1, 0x0, 0x0, 0x884}, 0x0)

4m43.737073881s ago: executing program 0 (id=458):
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
io_setup(0x3ff, &(0x7f0000000500)=<r1=>0x0)
io_getevents(r1, 0x4, 0x4, &(0x7f00000019c0)=[{}, {}, {}, {}], 0x0)
io_submit(r1, 0x1, &(0x7f0000000300)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, r0, 0x0}])
io_destroy(r1)

4m43.611004502s ago: executing program 33 (id=458):
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
io_setup(0x3ff, &(0x7f0000000500)=<r1=>0x0)
io_getevents(r1, 0x4, 0x4, &(0x7f00000019c0)=[{}, {}, {}, {}], 0x0)
io_submit(r1, 0x1, &(0x7f0000000300)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, r0, 0x0}])
io_destroy(r1)

4m3.385109001s ago: executing program 3 (id=1067):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$netlink(r0, 0x10e, 0x3, &(0x7f0000001100)=""/43, &(0x7f0000001140)=0x2b)

4m2.931701984s ago: executing program 3 (id=1069):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'bond0\x00', <r1=>0x0})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'wlan1\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xd40}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r2}, @IFLA_HSR_SLAVE1={0x8, 0x1, r1}, @IFLA_HSR_VERSION={0x5, 0x6, 0x4}, @IFLA_HSR_PROTOCOL={0x5, 0x7, 0x1}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x8000)

4m2.885120247s ago: executing program 3 (id=1070):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_int(r0, 0x6, 0x4, 0x0, &(0x7f0000000ac0))

4m2.884938271s ago: executing program 3 (id=1071):
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x22000b0, 0x0, 0x0, 0x0, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x80000, 0x0)
pivot_root(&(0x7f0000000080)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00')

4m2.826670393s ago: executing program 3 (id=1072):
r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r1, 0x402, 0x6)
close(r0)

4m2.563821502s ago: executing program 3 (id=1079):
r0 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$nl_crypto(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@del={0xe0, 0x11, 0x1, 0x70bd27, 0x25dfdbfb, {{'lrw-camellia-asm\x00'}, '\x00', '\x00', 0x2000, 0x200}}, 0xe0}, 0x1, 0x0, 0x0, 0x20040810}, 0x850)

4m2.401966847s ago: executing program 34 (id=1079):
r0 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$nl_crypto(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@del={0xe0, 0x11, 0x1, 0x70bd27, 0x25dfdbfb, {{'lrw-camellia-asm\x00'}, '\x00', '\x00', 0x2000, 0x200}}, 0xe0}, 0x1, 0x0, 0x0, 0x20040810}, 0x850)

2m55.330104649s ago: executing program 4 (id=2083):
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000080), 0x0, &(0x7f0000000600)={[{}]})

2m55.280269018s ago: executing program 4 (id=2086):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
clock_gettime(0x1, &(0x7f0000000000)={<r0=>0x0, <r1=>0x0})
clock_settime(0x0, &(0x7f0000000040)={r0, r1+10000000})

2m55.173009239s ago: executing program 4 (id=2087):
sendmsg$NL80211_CMD_VENDOR(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x4004060)
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0)
pidfd_send_signal(r0, 0x2d, &(0x7f0000000040)={0x4, 0x8783, 0x5bc}, 0x0)

2m55.15266162s ago: executing program 4 (id=2089):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x12f451, 0x0)
mount$bind(&(0x7f00000000c0)='.\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x80700a, 0x0)
umount2(&(0x7f0000000280)='./file0/file0/file0\x00', 0xa)

2m55.040328535s ago: executing program 4 (id=2090):
r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
write$cgroup_subtree(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="2b68756765603ac4", @ANYRES32=r1], 0x9)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], 0x0, 0x0, 0x1}}, 0x40)

2m54.699518979s ago: executing program 4 (id=2095):
r0 = inotify_init1(0x0)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
ioctl$SNDCTL_SEQ_TESTMIDI(r1, 0x40045108, &(0x7f0000000200))
close_range(r0, 0xffffffffffffffff, 0x0)

2m54.585512258s ago: executing program 35 (id=2095):
r0 = inotify_init1(0x0)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
ioctl$SNDCTL_SEQ_TESTMIDI(r1, 0x40045108, &(0x7f0000000200))
close_range(r0, 0xffffffffffffffff, 0x0)

2m35.399050027s ago: executing program 6 (id=2358):
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/rt_cache\x00')
pread64(r0, &(0x7f0000000200)=""/158, 0xc4, 0x80)

2m35.276598128s ago: executing program 6 (id=2359):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={<r1=>0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000240)=0x10)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000640)={r1, 0x1c, "c3f251b3a0886141986edc7989aea38e8ba91916f69438dd73eccf20"}, &(0x7f00000006c0)=0x24)

2m34.988171248s ago: executing program 6 (id=2361):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x267542, 0x0)
unshare(0x20000400)
pwritev(r0, 0x0, 0x0, 0x0, 0x0)

2m34.858075829s ago: executing program 6 (id=2363):
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000300)='./file0\x00', 0x48, &(0x7f00000003c0), 0x20, 0x51c, &(0x7f0000001e40)="$eJzs3d9vW1cdAPDvva2b9MeWDCYNELAyBgVVtRt3q6a9MF5AaJqEmHjioQuJG0W16yh2xhIqLf0fkJjEA4InnnlA4mHSnnhE8AZvexkPSAUq0DKJB6NrX6duY8ehcezV/nykW9/jc+LvOde650TftvcEMLMuRsRuRJyJiLciYiF/P8mPeK1zZO0+vn9nZe/+nZUkWq03/5m067P3oudnMufzz5yPiB98N+LHycG4je2dW8vVamUzL5eatY1SY3vnynptea2yVrldLl9fun71lWsvl0c21udrv733nfXXf/j+77/00Z93v/nTrFsX8rreccTZkYXMr0lhP07mdES8ProQE3UqH8+ZSXeEx5JGxGci4oX2/b8Qp9rf5tH0ua0BgCdAq7UQrYXeMgAw7dJ2DixJi3ku4EKkabHYyeE9G+fSar3RvHyzvnV7tZMrW4xCenO9Wrma5woXo5Bk5aV3s/MH5XI8XL4WEc9ExM/mzrbLxZWj5xkAgNE6/8j6/5+5zvoPAEy5+WENboynHwDA+Axd/wGAqWP9B4DZY/0HgNlj/QeA2WP9B4BZ82F3/T91oOr8+HsDAJy477/xRna09vLnX6++vb11q/72ldVK41axtrVSXKlvbhTX6vW1aqW4Uq8N+7xqvb6x9FJsvVNqVhrNUmN750atvnW7eaP9XO8blcJYRgUAHOaZ5z/4axIRu6+ebR/Rs5dDIX+GHzCd0kl3AJiYgzl/YFZ4CjfMLvl4YNhengP/ifB7jxGs9e5j/BAwapc+f3j+H5hew/P/l8bSD2D85P9hdsn/w+xqtZJBe/6n+00AgKkixw+M9e//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYEpcaB+LPeU0LRYjnoqIxSgkN9erlasR8XRE/GWuMJeVlybaYwDg+NK/J/n+X5cWXrzwaO2Z5JO52Iw4ExE/+cWbP39nudncXMre/9dcuz4imu/l75cnMgAAYIjuOt1dx7s+vn9npXuMsz/3vt3ZXDSLu5cfnZrTcTp7+dN8FCLi3L+TTjmX/b5yagTxd+9GxOf6jT9p50YW851PH42fxX5qrPHTh+Kn7brOa3YtPnvgk+cGxhy21yvMig+y+ee1fvdfGhfbr/N9Nz+eb89Qx9ed//YOzH/d+32+Pdf0m/8uHjXGS3/4Xk/x7EN1dyO+cLpf/GQ/fjIg/ovDQ38r++PDL375hUENWr+KuBT94/fGKjVrG6XG9s6V9dryWmWtcrtcvr50/eor114ul9o56lI3U33QP169/PSg+Pd+E3FuQPz5IeP/2qFDb+1PwL/+71s/+kq/JoXO9f/GV/t//88eEj9bE79+aPwHls/9buD23Vn81c747/6/3//lI8b/6G87q0dsCgCMQWN759ZytVrZHOlJIUb8gT0nyQn12cmTevJJq2NI4+z38ePGei5PmfVt88dfvv9cVvkpuSzHPJnwxAScuAc3/aR7AgAAAAAAAAAAAAAADHLi/50onfQIAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmGb/CwAA//8/uNC1")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f0000000400)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0xa0)
ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000000)=ANY=[])

2m34.724290174s ago: executing program 6 (id=2368):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000940)={0x0, 0x3e1, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000180081064e81f782db44b904021d080006007c09e8fe55a10a0015400100142603600e1208001e0000000401040008004000014003000000036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0)

2m34.059071809s ago: executing program 6 (id=2379):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r0, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], 0x0, 0x0, 0x1}}, 0x40)

2m34.00170077s ago: executing program 36 (id=2379):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r0, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], 0x0, 0x0, 0x1}}, 0x40)

5.589882167s ago: executing program 5 (id=4326):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000a40)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000fddbdf250100000008000100", @ANYRES32=r1, @ANYBLOB="400002"], 0x5c}, 0x1, 0xf000}, 0x4000800)

5.539562902s ago: executing program 5 (id=4328):
r0 = socket$unix(0x1, 0x5, 0x0)
bind$unix(r0, &(0x7f0000000000)=@abs={0x1}, 0x6e)
bind$unix(r0, &(0x7f0000000200)=@file={0x1, './file0\x00'}, 0x2)

5.489970827s ago: executing program 5 (id=4330):
syz_usb_connect(0x0, 0x3f, &(0x7f0000000500)=ANY=[@ANYBLOB="12011001d31ad240f0031d5842bb0102030109022d0001000000000904c50003ff01070009050100000000030109050c"], 0x0)

4.026440436s ago: executing program 5 (id=4344):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r1, &(0x7f00000000c0), 0x12)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f00000000c0)={[{@noinit_itable}, {@dax_inode}, {@nolazytime}, {@abort}, {@dax_inode}, {@nouid32}, {@noload}, {}, {@noauto_da_alloc}]}, 0xfe, 0x558, &(0x7f0000000c00)="$eJzs3U1rG0cfAPD/ynbenOeJAyG0PRRDDk1JI8d2X1LoIT2WNjTQ3lNhb0ywHAVLDrEbaHJoLr2UUCilgdIP0HuPoV+gnyLQBkIJpj30orLyylFsyZZtpVaq3w82mdldaXY0+x/PaCQUwMAaz/4pRLwcEV8nEcdajg1HfnB87bzVJ7dmsi2Jev2TP5JI8n3N85P8/9E881JE/PJlxJnC5nKryyvzpXI5XczzE7WF6xPV5ZWzVxdKc+lcem1qevr8W9NT777zds/q+vqlv777+MEH5786tfrtT4+O30viQhzNj7XWYw9ut2bGYzx/TUbiwoYTJ3tQWD9J9vsC2JWhPM5HIusDjsVQHvXAf98XEVEHBlQi/mFANccBzbl9j+bBL4zH769NgDbXf3jtvZE41JgbHVlNnpkZZfPdsR6Un5Xx8+/372Vb9O59CIBt3b4TEeeGhzf3f0ne/+3euS7O2VjGDvu/+g4vCWjxIBv/vNFu/FNYH/9Em/HPaJvY3Y3t47/wqAfFdJSN/95rO/5dX7QaG8pz/2uM+UaSK1fLada3/T8iTsfIwSy/1XrO+dWHHfup1vFftmXlN8eC+XU8Gj747GNmS7XSXurc6vGdiFfajn+T9fZP2rR/9npc6rKMk+n9Vzsd277+z1f9x4jX2rb/0xWtZOv1yYnG/TDRvCs2+/PuyV87lb/f9c/a/8jW9R9LWtdrqzsv44dDf6edju32/j+QfNpIH8j33SzVaouTEQeSjzbvn3r62Ga+eX5W/9Ontu7/2t3/hyPisy7rf/fE3Y6n9kP7z+6o/XeeePjh5993Kr+79n+zkTqd7+mm/+v2Avfy2gEAAAAAAEC/KUTE0UgKxfV0oVAsrn2+40QcKZQr1dqZK5Wla7PR+K7sWIwUmivdoy2fh5jMPw/bzE9tyE9HxPGI+GbocCNfnKmUZ/e78gAAAAAAAAAAAAAAAAAAANAnRjt8/z/z29B+Xx3w3PnJbxhc28Z/L37pCehL/v7D4BL/MLjEPwwu8Q+DS/zD4BL/MLjEPwwu8Q8AAAAAAAAAAAAAAAAAAAAAAAAAAAA9denixWyrrz65NZPlZ28sL81XbpydTavzxYWlmeJMZfF6ca5SmSunxZnKwnbPV65Urk9OxdLNiVparU1Ul1cuL1SWrtUuX10ozaWX05F/pVYAAAAAAAAAAAAAAAAAAADwYqkur8yXyuV0UUJiV4nh/rgMibVEM7D3/IT72y8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQKt/AgAA//+jgjYy")
mount(&(0x7f0000000080)=@nullb, &(0x7f0000000140)='./file0/../file0\x00', &(0x7f0000000240)='rpc_pipefs\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000002c0)={[{@workdir={'workdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}], [], 0x2c})

3.954517989s ago: executing program 5 (id=4348):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="b4050000200080006110600000000000c60000000000000095000000000000009f33ef60916e6e893f1eeb0be20000d072f5b89c3043c47c896ce0bc8731fa595b6b4d45ef26dcca5582054d54d53cd2b6db714e4b94bdae214fa68a0557eb3c5ca683a4b6fc89398f2b9000f224891060017c4700de60beac671e8e8fdecb03588aa6007e71f871ab5c2ff88afc6002084e5b52710aeee835cf0d78e45f70983826fb8579c1fb47d2c5553d2ccb5fc5b51fe6b174ebd9907dcff414ed55b0d18a93ee341ab59016f81860324b800c00000000000092d9c5fe34ccb80a61ffcb3363073fd8962823ee45f5d7394e9510f4a801efdf008499d7aca1afac6c702cfabe8a9c55c8dafcdb110036e14c1035cafdfef6a358cbfadb3579a285580a3c080d4e0a48d7bdc38a0437c8c1b3aa408a"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x4, 0x4, 0x12}, 0x50)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@map=r2, r1, 0x26}, 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000a80)={r2, &(0x7f0000000940), &(0x7f0000000a40)=@tcp6=r0}, 0x20)
shutdown(r0, 0x0)
shutdown(r0, 0x0)
recvmmsg(r0, &(0x7f0000000280)=[{{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000b80)=""/4119, 0xf72}], 0x1}}], 0x1, 0x140, 0x0)

3.768194643s ago: executing program 5 (id=4351):
r0 = socket$inet6(0xa, 0x3, 0x5)
setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000000)=0xffffffc3, 0x4)
sendmmsg(r0, &(0x7f0000000500)=[{{&(0x7f0000000040)=@l2tp6={0xa, 0x0, 0x7080000, @empty, 0x4, 0x1}, 0x80, 0x0, 0x0, &(0x7f0000000600)=ANY=[], 0xc}}], 0x1, 0x4000000)

3.641188939s ago: executing program 37 (id=4351):
r0 = socket$inet6(0xa, 0x3, 0x5)
setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000000)=0xffffffc3, 0x4)
sendmmsg(r0, &(0x7f0000000500)=[{{&(0x7f0000000040)=@l2tp6={0xa, 0x0, 0x7080000, @empty, 0x4, 0x1}, 0x80, 0x0, 0x0, &(0x7f0000000600)=ANY=[], 0xc}}], 0x1, 0x4000000)

1.456191765s ago: executing program 7 (id=4374):
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x200000b, &(0x7f0000000380)=ANY=[@ANYRES8=0x0, @ANYRESOCT=0x0, @ANYRES64, @ANYRES64=0x0], 0x0, 0x257, &(0x7f00000000c0)="$eJzs3c9qG0ccB/DfSrIttwf50FMpdKE99GRsP4FMcaHUpxYd2h5aU9tQJGGwQWC3VPjUJ8hr5JLnyCVvkAcI5JaADRPWkiwryIkV609wPp+Lhp357m9md5FOO/rzq3Zz/+jk8Pzf51GtZlGqRz27eBwDKwEAPDSvU4qXqWeyZKU0qzkBALN1x9//1TlOCQCYsV9+/e2n7d3dnZ/zvBrR/r/TyKL32evfPoy/oxUHsRG1uIxI13rtH37c3YlKXliLb9vdTqNItv942j//9ouIq/xm1GJtfH4z77mR73YaS/FZv369yG9FLb4Yn98ak4/Gcnz3zY35r0ctnv0VR9GK/Siyw/x/m3n+fXr06p/fixkX+azbaaxcjRtK5bnfHAAAAAAAAAAAAAAAAAAAAAAAHqz1PM/zlJ6klFJ3ZP+d8uVV/3o+sDa6P08vf9v+QN0b++tsFCWy3vhhvhJfVqKyyLUDAAAAAAAAAAAAAAAAAADAx+Lk9Ky512odHN+vkcXIkcFr/SNjVvsHP6jEIHzfqUZ5cKIsYjprv3+jWNycan0dE9aqT1giSqdnzcHT1dzL3ne7qzGblaa3H7/jk9PyranlKRS9SCktfz7dVWQRsXR9Md81uBRL072Gc/sKAgAAAAAAAAAAAAAAAAAA+oYv/Y7pPF/AhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgAYb//z9Bo9sP3zG14CUCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwCXgTAAD//zbXdlQ=")

1.308644401s ago: executing program 7 (id=4375):
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000700)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x38, 0x38, 0xc, [@struct={0x4, 0x1, 0x0, 0x4, 0x1, 0x1, [{0xa, 0x3}]}, @int={0x0, 0x0, 0x0, 0x1, 0x5, 0x20}, @decl_tag={0x5, 0x0, 0x0, 0x11, 0x5, 0x6}]}, {0x0, [0x61, 0x0, 0x30, 0x2e, 0x61, 0x61, 0x61, 0x61, 0x0, 0x61]}}, 0x0, 0x5c}, 0x28)

1.308457359s ago: executing program 7 (id=4376):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000180)=[@in={0x2, 0x4e21, @local}], 0x10)
sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000000)='N', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0x0)
sendmsg$inet_sctp(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000040)="05", 0x1}], 0x1, &(0x7f00000001c0)=[@sndrcv={0x30, 0x84, 0x1, {0x2, 0x0, 0x41, 0x8, 0xfffffffb, 0xffffffff, 0x9, 0x7fffffff}}, @prinfo={0x18, 0x84, 0x5, {0x30, 0x7}}], 0x48, 0x31}, 0x0)

1.188669758s ago: executing program 7 (id=4377):
r0 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$nl_crypto(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="e80000001300e9406ac70098c0ddca7cc30304b7956ae1e3e16a31f0101851359a7c5703fc74fc67eebb02e249974c775483c8c90fdf0737e305e3456fde5c4168848ec690e11bc031e1cdab73043da9"], 0xe8}, 0x1, 0x0, 0x0, 0x8411}, 0x0)

1.120623503s ago: executing program 7 (id=4378):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), r0)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000300)={'wpan0\x00', <r2=>0x0})
sendmsg$NL802154_CMD_NEW_SEC_LEVEL(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)={0x28, r1, 0x1, 0x2, 0x25dfdbfc, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_SEC_LEVEL={0xc, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x4}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x4085}, 0x4000)

328.562551ms ago: executing program 7 (id=4379):
syz_usb_connect(0x0, 0x5e, &(0x7f0000000140)=ANY=[@ANYBLOB="120100006b36a2207b06a1279bb00102030109024c0001000010000904e7000229feac000b2402010302057ff49bfd052406000105240002000d240f0105000000090007000806241a7f000109050602ff030000000905820208"], 0x0)

328.413297ms ago: executing program 2 (id=4380):
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xd, 0x6, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000007111d900000000008510000002000000850000000000000095000000000000009500b0059d350000f8eb70c3d9330b16491e095815635bf7490c180e3be703966bd8fdc277008531ccb9d9ae8dc9e78d9dc5311486fd1d2bfab99b08b4d46852f103d4ed539d04b034d645e2ea69674b1749efdc6a03ab8d5c3d2a2ed722271db8f4b166d4a579abbfc27974"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x6}, 0x70)

265.180337ms ago: executing program 2 (id=4381):
r0 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f0000000400), r0)
getsockname$packet(r0, &(0x7f0000000280)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="4800000010000305ff810000fddbdf2500000000", @ANYRES32=r1, @ANYBLOB="1748000040000200280012800a000100767863616e0000001800028014000100000000", @ANYRES32=r1], 0x48}, 0x1, 0x0, 0x0, 0x40}, 0x0)

160.238578ms ago: executing program 2 (id=4382):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000140)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)={0x4c, r2, 0x1, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x19}, @NL80211_ATTR_IE={0x4}, @NL80211_ATTR_TDLS_DIALOG_TOKEN={0x5, 0x89, 0xfe}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_TDLS_ACTION={0x5, 0x88, 0x4}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x4}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8000}, 0x4010)

43.739335ms ago: executing program 2 (id=4383):
r0 = socket(0x22, 0x2, 0x4)
getsockopt$SO_TIMESTAMP(r0, 0x1, 0x1c, 0x0, &(0x7f00000000c0))

43.584223ms ago: executing program 2 (id=4384):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$sock_int(r0, 0x1, 0xe, 0x0, 0x0)

0s ago: executing program 2 (id=4385):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)={0x50, r0, 0x801, 0x0, 0x3, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_KEY={0x28, 0x50, 0x0, 0x1, [@NL80211_KEY_IDX={0x5}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac01}, @NL80211_KEY_DATA_WEP40={0x9}, @NL80211_KEY_MODE={0x5, 0x9, 0x1}]}]}, 0x50}}, 0x0)

kernel console output (not intermixed with test programs):

r 0 read error: -22
[  285.867617][   T47] usb 8-1: New USB device found, idVendor=0681, idProduct=0005, bcdDevice=56.c0
[  285.880862][   T47] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  285.920116][   T24] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[  286.071676][   T24] usb 6-1: Using ep0 maxpacket: 16
[  286.075102][   T24] usb 6-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  286.078003][   T24] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  286.088843][   T24] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  286.099790][    T9] usb 8-1: USB disconnect, device number 10
[  286.099817][   T24] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  286.108914][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  286.116158][   T24] usb 6-1: Product: syz
[  286.117620][   T24] usb 6-1: Manufacturer: syz
[  286.119122][   T24] usb 6-1: SerialNumber: syz
[  286.539349][   T24] usb 6-1: 0:2 : does not exist
[  286.920187][ T5852] usb 8-1: new high-speed USB device number 11 using dummy_hcd
[  286.948571][   T24] usb 6-1: 1:0: cannot get min/max values for control 4 (id 1)
[  286.964273][   T24] usb 6-1: USB disconnect, device number 28
[  286.971089][T13873] tipc: Enabling of bearer <h:s> rejected, media not registered
[  287.016523][T13877] netlink: 120 bytes leftover after parsing attributes in process `syz.2.3071'.
[  287.019374][T13877] netlink: 120 bytes leftover after parsing attributes in process `syz.2.3071'.
[  287.082310][ T5852] usb 8-1: Using ep0 maxpacket: 8
[  287.091138][ T5852] usb 8-1: config 0 has an invalid interface number: 229 but max is 0
[  287.094179][ T5852] usb 8-1: config 0 has no interface number 0
[  287.098752][ T5852] usb 8-1: New USB device found, idVendor=0830, idProduct=0003, bcdDevice=9a.68
[  287.104533][ T5852] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  287.107621][ T5852] usb 8-1: Product: syz
[  287.109301][ T5852] usb 8-1: Manufacturer: syz
[  287.111325][ T5852] usb 8-1: SerialNumber: syz
[  287.116231][ T5852] usb 8-1: config 0 descriptor??
[  287.120576][ T5852] usb 8-1: active config #0 != 1 ??
[  287.325391][    T9] usb 8-1: USB disconnect, device number 11
[  287.557747][T13889] loop5: detected capacity change from 0 to 16
[  287.562694][T13889] erofs (device loop5): mounted with root inode @ nid 36.
[  287.568222][T13889] erofs (device loop5): read error -22 @ 43 of nid 36
[  287.850404][T13891] loop5: detected capacity change from 0 to 40427
[  287.857580][T13891] F2FS-fs (loop5): invalid crc value
[  287.929517][T13891] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  287.932792][T13891] F2FS-fs (loop5): Start checkpoint disabled!
[  287.940388][T13891] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  287.978685][T13891] syz.5.3078: attempt to access beyond end of device
[  287.978685][T13891] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  288.318741][   T36] kworker/u10:1: attempt to access beyond end of device
[  288.318741][   T36] loop5: rw=1, sector=45104, nr_sectors = 8 limit=40427
[  288.337512][   T36] kworker/u10:1: attempt to access beyond end of device
[  288.337512][   T36] loop5: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  288.346011][   T36] CPU: 1 UID: 0 PID: 36 Comm: kworker/u10:1 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  288.346025][   T36] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  288.346032][   T36] Workqueue: writeback wb_workfn (flush-7:5)
[  288.346047][   T36] Call Trace:
[  288.346051][   T36]  <TASK>
[  288.346056][   T36]  dump_stack_lvl+0x189/0x250
[  288.346069][   T36]  ? __pfx_dump_stack_lvl+0x10/0x10
[  288.346079][   T36]  ? __pfx_queue_work_on+0x10/0x10
[  288.346087][   T36]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  288.346098][   T36]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  288.346113][   T36]  f2fs_handle_critical_error+0x37c/0x540
[  288.346129][   T36]  f2fs_write_end_io+0x886/0xb60
[  288.346146][   T36]  __submit_merged_bio+0x27a/0x6a0
[  288.346160][   T36]  __submit_merged_write_cond+0x255/0x530
[  288.346174][   T36]  f2fs_write_data_pages+0x261d/0x3000
[  288.346203][   T36]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  288.346222][   T36]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  288.346248][   T36]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  288.346265][   T36]  ? trace_f2fs_writepages+0x7f/0x200
[  288.346277][   T36]  ? f2fs_write_node_pages+0x478/0x6e0
[  288.346299][   T36]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  288.346310][   T36]  do_writepages+0x32e/0x550
[  288.346324][   T36]  ? reacquire_held_locks+0x127/0x1d0
[  288.346333][   T36]  ? writeback_sb_inodes+0x384/0x1010
[  288.346347][   T36]  __writeback_single_inode+0x145/0xff0
[  288.346357][   T36]  ? do_raw_spin_unlock+0x4d/0x240
[  288.346369][   T36]  writeback_sb_inodes+0x6c7/0x1010
[  288.346378][   T36]  ? lockdep_hardirqs_on+0x9c/0x150
[  288.346401][   T36]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  288.346433][   T36]  ? rcu_is_watching+0x15/0xb0
[  288.346446][   T36]  wb_writeback+0x43b/0xaf0
[  288.346460][   T36]  ? queue_io+0x3c1/0x590
[  288.346471][   T36]  ? __pfx_wb_writeback+0x10/0x10
[  288.346486][   T36]  ? _raw_spin_unlock_irq+0x23/0x50
[  288.346497][   T36]  wb_workfn+0x409/0xef0
[  288.346514][   T36]  ? __pfx_wb_workfn+0x10/0x10
[  288.346525][   T36]  ? __lock_acquire+0xab9/0xd20
[  288.346541][   T36]  ? process_scheduled_works+0x9ef/0x17b0
[  288.346552][   T36]  ? _raw_spin_unlock_irq+0x23/0x50
[  288.346561][   T36]  ? process_scheduled_works+0x9ef/0x17b0
[  288.346606][   T36]  ? process_scheduled_works+0x9ef/0x17b0
[  288.346615][   T36]  process_scheduled_works+0xae1/0x17b0
[  288.346639][   T36]  ? __pfx_process_scheduled_works+0x10/0x10
[  288.346656][   T36]  worker_thread+0x8a0/0xda0
[  288.346679][   T36]  kthread+0x711/0x8a0
[  288.346691][   T36]  ? __pfx_worker_thread+0x10/0x10
[  288.346699][   T36]  ? __pfx_kthread+0x10/0x10
[  288.346709][   T36]  ? _raw_spin_unlock_irq+0x23/0x50
[  288.346717][   T36]  ? lockdep_hardirqs_on+0x9c/0x150
[  288.346726][   T36]  ? __pfx_kthread+0x10/0x10
[  288.346736][   T36]  ret_from_fork+0x3fc/0x770
[  288.346746][   T36]  ? __pfx_ret_from_fork+0x10/0x10
[  288.346758][   T36]  ? __switch_to_asm+0x39/0x70
[  288.346767][   T36]  ? __switch_to_asm+0x33/0x70
[  288.346775][   T36]  ? __pfx_kthread+0x10/0x10
[  288.346785][   T36]  ret_from_fork_asm+0x1a/0x30
[  288.346808][   T36]  </TASK>
[  288.347423][   T36] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  288.549682][T13922] loop7: detected capacity change from 0 to 128
[  288.552856][T13922] EXT4-fs (loop7): Test dummy encryption mode enabled
[  288.558031][T13922] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  288.639074][T13922] fscrypt: AES-256-CBC-CTS using implementation "cts(cbc(ecb(aes-fixed-time)))"
[  288.699065][T12108] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  288.930208][ T5852] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[  288.967133][T13953] netlink: 'syz.7.3104': attribute type 6 has an invalid length.
[  288.973480][T13953] netlink: 'syz.7.3104': attribute type 6 has an invalid length.
[  289.080187][ T5852] usb 6-1: Using ep0 maxpacket: 32
[  289.084069][ T5852] usb 6-1: config 0 has an invalid interface number: 51 but max is 0
[  289.086912][ T5852] usb 6-1: config 0 has no interface number 0
[  289.088960][ T5852] usb 6-1: config 0 interface 51 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  289.109920][ T5852] usb 6-1: config 0 interface 51 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  289.121428][ T5852] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  289.124684][ T5852] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  289.127125][ T5852] usb 6-1: Product: syz
[  289.128586][ T5852] usb 6-1: Manufacturer: syz
[  289.130682][ T5852] usb 6-1: SerialNumber: syz
[  289.136192][ T5852] usb 6-1: config 0 descriptor??
[  289.139494][ T5852] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  289.344747][ T5852] usb 6-1: qt2_setup_urbs - submit read urb failed -90
[  289.347136][ T5852] quatech2 6-1:0.51: probe with driver quatech2 failed with error -90
[  289.440339][   T24] usb 8-1: new low-speed USB device number 12 using dummy_hcd
[  289.551026][ T5893] usb 6-1: USB disconnect, device number 29
[  289.594488][   T24] usb 8-1: No LPM exit latency info found, disabling LPM.
[  289.598847][   T24] usb 8-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  289.602606][   T24] usb 8-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  289.606143][   T24] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3
[  289.613022][   T24] usb 8-1: string descriptor 0 read error: -22
[  289.615630][   T24] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  289.619226][   T24] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  289.628601][   T24] usb 8-1: 0:2 : does not exist
[  289.832300][   T24] usb 8-1: USB disconnect, device number 12
[  290.203495][T13991] loop5: detected capacity change from 0 to 512
[  290.206585][T13991] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  290.213433][T13991] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a843c018, mo2=0002]
[  290.216698][T13991] System zones: 0-2, 18-18, 34-34
[  290.222405][T13991] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  290.309061][ T8764] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  290.415536][T14004] loop5: detected capacity change from 0 to 256
[  290.434210][T14004] FAT-fs (loop5): Directory bread(block 64) failed
[  290.437041][T14004] FAT-fs (loop5): Directory bread(block 65) failed
[  290.439742][T14004] FAT-fs (loop5): Directory bread(block 66) failed
[  290.443303][T14004] FAT-fs (loop5): Directory bread(block 67) failed
[  290.446421][T14004] FAT-fs (loop5): Directory bread(block 68) failed
[  290.449183][T14004] FAT-fs (loop5): Directory bread(block 69) failed
[  290.452306][T14004] FAT-fs (loop5): Directory bread(block 70) failed
[  290.454937][T14004] FAT-fs (loop5): Directory bread(block 71) failed
[  290.457629][T14004] FAT-fs (loop5): Directory bread(block 72) failed
[  290.463098][T14004] FAT-fs (loop5): Directory bread(block 73) failed
[  290.742924][T14028] bridge0: port 2(bridge_slave_1) entered disabled state
[  290.779931][T14031] bridge0: port 2(bridge_slave_1) entered disabled state
[  290.880221][ T5852] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[  291.030633][T14048] Bluetooth: hci3: Frame reassembly failed (-84)
[  291.034283][   T36] Bluetooth: hci3: Frame reassembly failed (-84)
[  291.039170][ T5852] usb 6-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36
[  291.044667][ T5852] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  291.049489][ T5852] usb 6-1: config 0 descriptor??
[  291.274417][ T5852] kaweth 6-1:0.0: Firmware present in device.
[  291.466318][ T5852] kaweth 6-1:0.0: Statistics collection: 0
[  291.468751][ T5852] kaweth 6-1:0.0: Multicast filter limit: 0
[  291.472554][ T5852] kaweth 6-1:0.0: MTU: 0
[  291.474194][ T5852] kaweth 6-1:0.0: Read MAC address 00:00:00:00:00:00
[  291.868051][ T5852] kaweth 6-1:0.0: Error setting SOFS wait
[  291.870332][ T5852] kaweth 6-1:0.0: probe with driver kaweth failed with error -5
[  291.876006][ T5852] usb 6-1: USB disconnect, device number 30
[  292.750740][T14062] syz.5.3151: attempt to access beyond end of device
[  292.750740][T14062] loop5: rw=0, sector=0, nr_sectors = 1 limit=0
[  292.754877][T14062] exFAT-fs (loop5): unable to read boot sector
[  292.757328][T14062] exFAT-fs (loop5): failed to read boot sector
[  292.760101][T14062] exFAT-fs (loop5): failed to recognize exfat type
[  293.100133][ T5848] Bluetooth: hci3: Entering manufacturer mode failed (-110)
[  293.100231][ T5233] Bluetooth: hci3: command 0xfc11 tx timeout
[  293.355795][T14088] loop5: detected capacity change from 0 to 4096
[  293.374536][T14088] ntfs3(loop5): Mark volume as dirty due to NTFS errors
[  293.391671][T14088] ntfs3(loop5): Failed to load $Extend (-22).
[  293.393846][T14088] ntfs3(loop5): Failed to initialize $Extend.
[  293.578470][T14096] loop7: detected capacity change from 0 to 736
[  294.070129][   T47] usb 8-1: new high-speed USB device number 13 using dummy_hcd
[  294.094298][T14094] loop5: detected capacity change from 0 to 131072
[  294.097890][T14094] F2FS-fs (loop5): Wrong CP boundary, start(512) end(198144) blocks(1024)
[  294.100615][T14094] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock
[  294.104199][T14094] F2FS-fs (loop5): invalid crc value
[  294.141164][T14094] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  294.147700][T14094] F2FS-fs (loop5): Try to recover 2th superblock, ret: -30
[  294.151150][T14094] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4
[  294.176798][T14094] F2FS-fs (loop5): inconsistent node block, node_type:2, nid:8, node_footer[nid:8,ino:8,ofs:0,cpver:5013063228981249506,blkaddr:15366]
[  294.187810][T14094] fs-verity (loop5, inode 7): Error -117 getting verity descriptor size
[  294.240485][   T47] usb 8-1: unable to get BOS descriptor or descriptor too short
[  294.244107][   T47] usb 8-1: config 249 has an invalid interface number: 177 but max is 0
[  294.247463][   T47] usb 8-1: config 249 has no interface number 0
[  294.249846][   T47] usb 8-1: config 249 interface 177 altsetting 0 has a duplicate endpoint with address 0xE, skipping
[  294.255934][   T47] usb 8-1: config 249 interface 177 altsetting 0 has an endpoint descriptor with address 0x53, changing to 0x3
[  294.259845][   T47] usb 8-1: config 249 interface 177 altsetting 0 endpoint 0x3 has invalid maxpacket 65199, setting to 1024
[  294.265464][   T47] usb 8-1: config 249 interface 177 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024
[  294.268582][   T47] usb 8-1: config 249 interface 177 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  294.275765][   T47] usb 8-1: New USB device found, idVendor=057c, idProduct=3800, bcdDevice=5a.9d
[  294.278682][   T47] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  294.281467][   T47] usb 8-1: Product: syz
[  294.283149][   T47] usb 8-1: Manufacturer: syz
[  294.285014][   T47] usb 8-1: SerialNumber: syz
[  294.289096][T14113] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  294.350452][T14121] af_packet: tpacket_rcv: packet too big, clamped from 65075 to 3952. macoff=96
[  294.416635][T14125] geneve2: entered promiscuous mode
[  294.524637][   T47] usb 8-1: USB disconnect, device number 13
[  294.990558][   T47] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[  295.151618][   T47] usb 6-1: config 0 has an invalid interface number: 255 but max is 0
[  295.154268][   T47] usb 6-1: config 0 has no interface number 0
[  295.156134][   T47] usb 6-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30
[  295.159423][   T47] usb 6-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  295.165747][   T47] usb 6-1: config 0 interface 255 has no altsetting 0
[  295.167918][   T47] usb 6-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b
[  295.173857][   T47] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  295.178104][   T47] usb 6-1: config 0 descriptor??
[  295.181628][   T47] ums-realtek 6-1:0.255: USB Mass Storage device detected
[  295.361397][T14174] openvswitch: netlink: Multiple metadata blocks provided
[  295.385267][   T47] usb 6-1: USB disconnect, device number 31
[  295.631198][ T5991] usb 8-1: new high-speed USB device number 14 using dummy_hcd
[  295.790168][ T5991] usb 8-1: Using ep0 maxpacket: 8
[  295.794439][ T5991] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  295.798964][ T5991] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  295.804328][ T5991] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  295.808293][ T5991] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  295.813746][ T5991] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  295.817425][ T5991] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  296.030586][ T5991] usb 8-1: GET_CAPABILITIES returned 0
[  296.039271][ T5991] usbtmc 8-1:16.0: can't read capabilities
[  296.162403][T14191] loop5: detected capacity change from 0 to 4096
[  296.166228][T14191] ntfs3(loop5): Different NTFS sector size (2048) and media sector size (512).
[  296.175519][T14191] ntfs3(loop5): Failed to initialize $Bitmap (-2).
[  296.236085][ T5991] usb 8-1: USB disconnect, device number 14
[  296.471279][    C0] Dead loop on virtual device ipvlan1, fix it urgently!
[  296.623677][T14206] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3214'.
[  296.639397][T14206] veth1_macvtap: left promiscuous mode
[  297.060246][   T47] usb 6-1: new low-speed USB device number 32 using dummy_hcd
[  297.183971][T14215] loop7: detected capacity change from 0 to 32768
[  297.187755][T14215] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.3218 (14215)
[  297.195718][T14215] BTRFS info (device loop7): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  297.199803][T14215] BTRFS info (device loop7): using sha256 (sha256-lib) checksum algorithm
[  297.203425][T14215] BTRFS info (device loop7): using free-space-tree
[  297.222096][   T47] usb 6-1: config 2 has an invalid interface number: 227 but max is 0
[  297.226012][   T47] usb 6-1: config 2 has no interface number 0
[  297.228284][   T47] usb 6-1: config 2 interface 227 has no altsetting 0
[  297.231507][   T47] usb 6-1: New USB device found, idVendor=07ca, idProduct=2835, bcdDevice=b3.c2
[  297.235168][   T47] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  297.267710][T12108] BTRFS info (device loop7): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  297.456423][   T47] usb 6-1: USB disconnect, device number 32
[  297.618188][T14248] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3226'.
[  297.922842][T14270] loop7: detected capacity change from 0 to 4096
[  297.936840][T14270] ntfs3(loop7): Mark volume as dirty due to NTFS errors
[  297.948102][T14270] ntfs3(loop7): Failed to load $Extend (-22).
[  297.950526][T14270] ntfs3(loop7): Failed to initialize $Extend.
[  298.146136][T14283] vcan0: tx drop: invalid da for name 0xfffffffffffffffe
[  298.246038][T14290] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(3)
[  298.248700][T14290] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  298.253358][T14290] vhci_hcd vhci_hcd.0: Device attached
[  298.256679][T14291] vhci_hcd: connection closed
[  298.260547][ T5908] vhci_hcd: stop threads
[  298.263650][ T5908] vhci_hcd: release socket
[  298.265183][ T5908] vhci_hcd: disconnect device
[  298.455461][T14295] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  298.459006][T14295] comedi comedi3: 8255: I/O port conflict (0x2,4)
[  298.472208][T14295] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  298.479840][T14295] comedi comedi3: 8255: I/O port conflict (0x5c952399,4)
[  298.495999][T14295] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  298.498737][T14295] comedi comedi3: 8255: I/O port conflict (0x3ff,4)
[  298.505658][T14295] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  298.512399][T14295] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  298.515236][T14295] comedi comedi3: 8255: I/O port conflict (0x9,4)
[  298.518061][T14295] comedi comedi3: 8255: I/O port conflict (0x6,4)
[  298.530585][T14295] comedi comedi3: 8255: I/O port conflict (0x4,4)
[  298.533640][T14295] comedi comedi3: 8255: I/O port conflict (0x3,4)
[  298.537827][T14295] comedi comedi3: 8255: I/O port conflict (0xffffffff80000089,4)
[  298.543773][T14295] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffd,4)
[  299.813168][T14329] netlink: 'syz.7.3261': attribute type 3 has an invalid length.
[  299.817070][T14329] netlink: 'syz.7.3261': attribute type 1 has an invalid length.
[  299.821451][T14329] netlink: 192 bytes leftover after parsing attributes in process `syz.7.3261'.
[  299.827098][T14329] NCSI netlink: No device for ifindex 0
[  299.838784][T14331] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem
[  300.079918][T14345] loop5: detected capacity change from 0 to 1024
[  300.097415][T14345] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  300.406100][ T8764] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  300.844936][ T5991] usb 6-1: new high-speed USB device number 33 using dummy_hcd
[  300.865929][T14362] netlink: 40 bytes leftover after parsing attributes in process `syz.7.3274'.
[  301.000188][ T5991] usb 6-1: Using ep0 maxpacket: 32
[  301.007840][ T5991] usb 6-1: New USB device found, idVendor=04e8, idProduct=6601, bcdDevice=81.9b
[  301.012116][ T5991] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  301.015312][ T5991] usb 6-1: Product: syz
[  301.017550][ T5991] usb 6-1: Manufacturer: syz
[  301.019503][ T5991] usb 6-1: SerialNumber: syz
[  301.149638][T14368] netlink: 788 bytes leftover after parsing attributes in process `syz.2.3277'.
[  301.160279][ T5893] usb 8-1: new high-speed USB device number 15 using dummy_hcd
[  301.237159][ T5991] usb 6-1: palm_os_4_probe - error -71 getting connection info
[  301.241407][ T5991] visor 6-1:1.0: Handspring Visor / Palm OS converter detected
[  301.248534][ T5991] usb 6-1: Handspring Visor / Palm OS converter now attached to ttyUSB0
[  301.257048][ T5991] usb 6-1: Handspring Visor / Palm OS converter now attached to ttyUSB1
[  301.266021][ T5991] usb 6-1: USB disconnect, device number 33
[  301.271466][ T5991] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0
[  301.277473][ T5991] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1
[  301.283939][ T5991] visor 6-1:1.0: device disconnected
[  301.310660][ T5893] usb 8-1: Using ep0 maxpacket: 8
[  301.317340][ T5893] usb 8-1: New USB device found, idVendor=0ccd, idProduct=0038, bcdDevice=99.03
[  301.324118][ T5893] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  301.327447][ T5893] usb 8-1: Product: syz
[  301.329138][ T5893] usb 8-1: Manufacturer: syz
[  301.331548][ T5893] usb 8-1: SerialNumber: syz
[  301.334572][ T5893] usb 8-1: config 0 descriptor??
[  301.338167][ T5893] dvb-usb: found a 'TerraTec/qanu USB2.0 Highspeed DVB-T Receiver' in warm state.
[  301.347407][ T5893] dvb-usb: bulk message failed: -22 (2/0)
[  301.349478][ T5893] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  301.353144][ T5893] dvbdev: DVB: registering new adapter (TerraTec/qanu USB2.0 Highspeed DVB-T Receiver)
[  301.356630][ T5893] usb 8-1: media controller created
[  301.372297][ T5893] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  301.383849][ T5893] dvb-usb: bulk message failed: -22 (1/0)
[  301.387058][ T5893] dvb-usb: no frontend was attached by 'TerraTec/qanu USB2.0 Highspeed DVB-T Receiver'
[  301.392698][ T5893] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.7/usb8/8-1/input/input19
[  301.399049][ T5893] dvb-usb: schedule remote query interval to 50 msecs.
[  301.403483][ T5893] dvb-usb: bulk message failed: -22 (2/0)
[  301.405985][ T5893] dvb-usb: TerraTec/qanu USB2.0 Highspeed DVB-T Receiver successfully initialized and connected.
[  301.463067][ T5991] dvb-usb: bulk message failed: -22 (1/0)
[  301.465420][ T5991] dvb-usb: error while querying for an remote control event.
[  301.525847][ T5893] dvb-usb: bulk message failed: -22 (1/0)
[  301.528178][ T5893] dvb-usb: error while querying for an remote control event.
[  301.591242][ T5893] dvb-usb: bulk message failed: -22 (1/0)
[  301.593466][ T5893] dvb-usb: error while querying for an remote control event.
[  301.650592][ T5893] dvb-usb: bulk message failed: -22 (1/0)
[  301.652427][ T5893] dvb-usb: error while querying for an remote control event.
[  301.710162][ T5893] dvb-usb: bulk message failed: -22 (1/0)
[  301.715472][ T5893] dvb-usb: error while querying for an remote control event.
[  301.760940][ T5893] usb 8-1: USB disconnect, device number 15
[  301.838170][ T5893] dvb-usb: TerraTec/qanu USB2.0 Highspeed DVB-T Re successfully deinitialized and disconnected.
[  302.425719][T14380] loop7: detected capacity change from 0 to 1024
[  302.436149][T14380] EXT4-fs: Ignoring removed nobh option
[  302.438387][T14380] EXT4-fs: Ignoring removed bh option
[  302.458674][T14380] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  302.572264][T12108] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  302.611890][T14386] A link change request failed with some changes committed already. Interface 2g,{ may have been left with an inconsistent configuration, please check.
[  302.619360][T14388] netlink: 964 bytes leftover after parsing attributes in process `syz.7.3284'.
[  302.739322][T14392] loop7: detected capacity change from 0 to 8192
[  302.930438][T14401] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3288'.
[  303.294127][T14408] netlink: 'syz.7.3293': attribute type 9 has an invalid length.
[  303.297411][T14408] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3293'.
[  303.327924][T14408] netlink: 'syz.7.3293': attribute type 9 has an invalid length.
[  303.333156][T14408] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3293'.
[  304.708170][T14465] loop7: detected capacity change from 0 to 1024
[  304.759867][T14463] loop5: detected capacity change from 0 to 32768
[  304.772940][T14465] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  304.800878][T12108] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  304.906714][T14463] bcachefs (loop5): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,background_compression=gzip,str_hash=crc32c,journal_flush_disabled,recovery_pass_last=set_may_go_rw,reconstruct_alloc
[  304.906737][T14463]   allowing incompatible features above 0.0: (unknown version)
[  304.906746][T14463]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  304.924452][T14463] bcachefs (loop5): Using encoding defined by superblock: utf8-12.1.0
[  304.927899][T14463] bcachefs (loop5): recovering from clean shutdown, journal seq 10
[  304.931411][T14463] bcachefs (loop5): Version upgrade required:
[  304.931411][T14463] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[  304.931411][T14463] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive
[  304.931411][T14463]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance
[  304.947967][T14476] loop7: detected capacity change from 0 to 4096
[  304.962355][T14463] bcachefs (loop5): dropping and reconstructing all alloc info
[  304.992197][T14463] bcachefs (loop5): accounting_read... done
[  304.998012][T14463] bcachefs (loop5): alloc_read... done
[  305.001428][T14463] bcachefs (loop5): snapshots_read... done
[  305.005051][T14463] bcachefs (loop5): check_allocations... done
[  305.041716][T14463] bcachefs (loop5): going read-write
[  305.124193][T14463] bcachefs (loop5): done starting filesystem
[  305.164155][ T1090] bcachefs (loop5): bucket incorrectly unset in freespace btree
[  305.164212][ T1090]   u64s 5 type deleted 0:28:0 len 0 ver 0, , continuing
[  305.207366][T14486] loop7: detected capacity change from 0 to 512
[  305.211697][T14463] bcachefs (loop5): inode 536870912 truncated to 0 but i_blocks 8 (ondisk 8)
[  305.222845][ T1090] bcachefs (loop5): bucket incorrectly unset in freespace btree
[  305.222897][ T1090]   u64s 5 type deleted 0:26:0 len 0 ver 0, , continuing
[  305.233766][ T1090] bcachefs (loop5): bucket incorrectly unset in freespace btree
[  305.233781][ T1090]   u64s 5 type deleted 0:29:0 len 0 ver 0, , continuing
[  305.241243][ T1090] bcachefs (loop5): bucket incorrectly unset in freespace btree
[  305.241258][ T1090]   u64s 5 type deleted 0:43:0 len 0 ver 0, , continuing
[  305.262759][T14486] EXT4-fs (loop7): couldn't mount as ext3 due to feature incompatibilities
[  305.270890][ T8764] bcachefs (loop5): shutting down
[  305.273418][ T8764] bcachefs (loop5): going read-only
[  305.275584][ T8764] bcachefs (loop5): finished waiting for writes to stop
[  305.299188][ T8764] bcachefs (loop5): flushing journal and stopping allocators, journal seq 11
[  305.321252][   T36] bcachefs (loop5): bucket incorrectly unset in freespace btree
[  305.321269][   T36]   u64s 5 type deleted 0:48:0 len 0 ver 0, , continuing
[  305.357186][ T8764] bcachefs (loop5): flushing journal and stopping allocators complete, journal seq 11
[  305.365244][ T8764] bcachefs (loop5): unclean shutdown complete, journal seq 12
[  305.369839][ T8764] bcachefs (loop5): done going read-only, filesystem not clean
[  305.410714][ T8764] bcachefs (loop5): shutdown complete
[  305.705068][T14499] hugetlbfs: syz.7.3328 (14499): Using mlock ulimits for SHM_HUGETLB is obsolete
[  306.880917][   T24] usb 8-1: new high-speed USB device number 16 using dummy_hcd
[  306.979732][T14525] loop5: detected capacity change from 0 to 512
[  306.986589][T14525] ext3: Unexpected value for 'discard'
[  307.030102][   T24] usb 8-1: Using ep0 maxpacket: 16
[  307.044371][   T24] usb 8-1: config 0 has an invalid interface number: 1 but max is 0
[  307.049849][   T24] usb 8-1: config 0 has no interface number 0
[  307.062331][   T24] usb 8-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  307.065439][   T24] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  307.068282][   T24] usb 8-1: Product: syz
[  307.069691][   T24] usb 8-1: Manufacturer: syz
[  307.076102][   T24] usb 8-1: SerialNumber: syz
[  307.081160][   T24] usb 8-1: config 0 descriptor??
[  307.084788][   T24] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  307.143104][T14533] loop5: detected capacity change from 0 to 1024
[  307.146710][T14533] EXT4-fs: mb_optimize_scan should be set to 0 or 1.
[  307.479388][T14535] loop5: detected capacity change from 0 to 40427
[  307.487527][T14535] F2FS-fs (loop5): invalid crc value
[  307.489604][T14535] F2FS-fs (loop5): Ignore s_resuid=0, s_resgid=60928 w/o reserve_root
[  307.564096][T14535] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  307.568821][T14535] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  308.015034][T14549] loop5: detected capacity change from 0 to 32768
[  308.019570][T14549] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.3347 (14549)
[  308.027702][T14549] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  308.031889][T14549] BTRFS info (device loop5): using sha256 (sha256-lib) checksum algorithm
[  308.035350][T14549] BTRFS info (device loop5): using free-space-tree
[  308.101667][T14549] BTRFS info (device loop5): rebuilding free space tree
[  308.204834][ T8764] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  308.705183][   T24] gspca_spca1528: reg_r err -71
[  308.707844][   T24] spca1528 8-1:0.1: probe with driver spca1528 failed with error -71
[  308.746531][T14577] cgroup: Unknown subsys name 'uid>00000000000000000000'
[  308.757013][   T24] usb 8-1: USB disconnect, device number 16
[  309.795993][T14588] loop7: detected capacity change from 0 to 512
[  309.809655][T14588] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[  309.874772][T14588] EXT4-fs error (device loop7): ext4_free_branches:1023: inode #16: comm syz.7.3359: invalid indirect mapped block 83886080 (level 1)
[  309.882452][T14588] EXT4-fs (loop7): Remounting filesystem read-only
[  309.885283][T14588] EXT4-fs (loop7): 1 orphan inode deleted
[  309.887405][T14588] EXT4-fs (loop7): 1 truncate cleaned up
[  309.898554][T14588] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  310.153745][T12108] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  311.087716][T14618] loop7: detected capacity change from 0 to 32768
[  311.091707][T14618] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.3369 (14618)
[  311.097652][T14618] BTRFS info (device loop7): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  311.102850][T14618] BTRFS info (device loop7): using sha256 (sha256-lib) checksum algorithm
[  311.106117][T14618] BTRFS info (device loop7): using free-space-tree
[  311.115449][T14620] loop5: detected capacity change from 0 to 32768
[  311.118883][T14620] BTRFS info: device /dev/loop5 (7:5) using temp-fsid 479d9d21-6a4e-48cd-933b-47d366a98f86
[  311.123872][T14620] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.3370 (14620)
[  311.131749][T14620] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  311.135934][T14620] BTRFS info (device loop5): using sha256 (sha256-lib) checksum algorithm
[  311.139626][T14620] BTRFS info (device loop5): using free-space-tree
[  311.211657][T12108] BTRFS info (device loop7): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  311.435152][ T8764] BTRFS info (device loop5): last unmount of filesystem 479d9d21-6a4e-48cd-933b-47d366a98f86
[  312.528252][T14667] loop7: detected capacity change from 0 to 128
[  312.538287][T14667] ufs: You didn't specify the type of your ufs filesystem
[  312.538287][T14667] 
[  312.538287][T14667] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  312.538287][T14667] 
[  312.538287][T14667] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  312.559547][T14667] ufs: ufs_fill_super(): fragment size 2066844866 is not a power of 2
[  312.724198][T14677] (unnamed net_device) (uninitialized): (slave bond_slave_1): Device is not our slave
[  312.727334][T14677] (unnamed net_device) (uninitialized): option active_slave: invalid value (bond_slave_1)
[  312.769949][T14679] loop7: detected capacity change from 0 to 128
[  312.776551][T14679] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  312.801671][T12108] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  313.160919][T14689] loop5: detected capacity change from 0 to 32768
[  313.189566][T14710] loop7: detected capacity change from 0 to 512
[  313.199251][T14710] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  313.276269][T14718] cgroup: release_agent respecified
[  313.289795][T12108] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  313.291742][T14689] bcachefs (loop5): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  313.309295][T14689]   allowing incompatible features above 0.0: (unknown version)
[  313.327341][T14689]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  313.340232][T14689] bcachefs (loop5): Using encoding defined by superblock: utf8-12.1.0
[  313.347738][T14689] bcachefs (loop5): initializing new filesystem
[  313.357943][T14689] bcachefs (loop5): going read-write
[  313.377060][T14689] bcachefs (loop5): marking superblocks
[  313.414994][T14689] bcachefs (loop5): initializing freespace
[  313.446378][T14689] bcachefs (loop5): done initializing freespace
[  313.459068][T14689] bcachefs (loop5): reading snapshots table
[  313.479107][T14689] bcachefs (loop5): reading snapshots done
[  313.520880][T14689] bcachefs (loop5): done starting filesystem
[  313.887621][ T8764] bcachefs (loop5): shutting down
[  313.889266][ T8764] bcachefs (loop5): going read-only
[  313.892009][ T8764] bcachefs (loop5): finished waiting for writes to stop
[  313.895101][ T8764] bcachefs (loop5): flushing journal and stopping allocators, journal seq 3
[  313.939184][ T8764] bcachefs (loop5): flushing journal and stopping allocators complete, journal seq 4
[  313.944185][ T8764] bcachefs (loop5): clean shutdown complete, journal seq 5
[  313.946847][ T8764] bcachefs (loop5): marking filesystem clean
[  313.958971][ T8764] bcachefs (loop5): shutdown complete
[  314.680146][   T47] usb 8-1: new high-speed USB device number 17 using dummy_hcd
[  314.830239][   T47] usb 8-1: Using ep0 maxpacket: 16
[  314.844118][   T47] usb 8-1: config 0 interface 0 altsetting 7 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  314.848416][   T47] usb 8-1: config 0 interface 0 has no altsetting 0
[  314.851543][   T47] usb 8-1: New USB device found, idVendor=046d, idProduct=c295, bcdDevice= 0.00
[  314.854936][   T47] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  314.860785][   T47] usb 8-1: config 0 descriptor??
[  314.906109][T14753] netlink: 'syz.5.3404': attribute type 2 has an invalid length.
[  314.909293][T14753] netlink: 'syz.5.3404': attribute type 8 has an invalid length.
[  314.912298][T14753] netlink: 1148 bytes leftover after parsing attributes in process `syz.5.3404'.
[  314.958369][T14755] loop5: detected capacity change from 0 to 256
[  314.972651][T14755] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[  315.254625][T14765] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3416'.
[  315.276712][   T47] hid_parser_main: 73 callbacks suppressed
[  315.276726][   T47] logitech 0003:046D:C295.000E: unknown main item tag 0x0
[  315.289658][   T47] logitech 0003:046D:C295.000E: unknown main item tag 0x0
[  315.294078][   T47] logitech 0003:046D:C295.000E: unknown main item tag 0x0
[  315.296321][   T47] logitech 0003:046D:C295.000E: unknown main item tag 0x0
[  315.298783][   T47] logitech 0003:046D:C295.000E: unknown main item tag 0x0
[  315.318240][   T47] logitech 0003:046D:C295.000E: hidraw0: USB HID v0.05 Device [HID 046d:c295] on usb-dummy_hcd.7-1/input0
[  315.323905][   T47] logitech 0003:046D:C295.000E: no inputs found
[  315.355870][T14759] loop5: detected capacity change from 0 to 32768
[  315.361653][T14759] XFS (loop5): invalid logbufsize: 4 [not 16k,32k,64k,128k or 256k]
[  315.492047][    T9] usb 8-1: USB disconnect, device number 17
[  316.065919][T14792] loop7: detected capacity change from 0 to 47
[  316.433061][T14802] loop5: detected capacity change from 0 to 2048
[  316.437186][T14802] UDF-fs: error (device loop5): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  316.442763][T14802] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  316.464670][T14800] loop7: detected capacity change from 0 to 32768
[  316.468568][T14800] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.3431 (14800)
[  316.478162][T14800] BTRFS info (device loop7): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  316.487098][T14800] BTRFS info (device loop7): using crc32c (crc32c-lib) checksum algorithm
[  316.500259][T14800] BTRFS info (device loop7): using free-space-tree
[  316.621072][T12108] BTRFS info (device loop7): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  316.945803][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[  316.948081][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[  317.165846][T14847] fuse: root generation should be zero
[  317.193313][T14853] loop7: detected capacity change from 0 to 128
[  317.196241][T14853] ext4: Unknown parameter 'fsname'
[  317.205223][T14853] Invalid option length (1047378) for dns_resolver key
[  317.246838][T14857] 9pnet: p9_errstr2errno: server reported unknown error 
[  317.669352][T14871] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  317.867307][ T5909] usb 8-1: new full-speed USB device number 18 using dummy_hcd
[  317.920320][   T47] usb 6-1: new high-speed USB device number 34 using dummy_hcd
[  318.022504][ T5909] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xC6, changing to 0x86
[  318.026937][ T5909] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[  318.030713][ T5909] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  318.036699][ T5909] usb 8-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=c2.87
[  318.040313][ T5909] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  318.043496][ T5909] usb 8-1: Product: syz
[  318.045119][ T5909] usb 8-1: Manufacturer: syz
[  318.046952][ T5909] usb 8-1: SerialNumber: syz
[  318.051328][ T5909] usb 8-1: config 0 descriptor??
[  318.055638][ T5909] port100 8-1:0.0: NFC: Could not find bulk-in or bulk-out endpoint
[  318.070125][   T47] usb 6-1: Using ep0 maxpacket: 8
[  318.074208][   T47] usb 6-1: config 0 has an invalid interface number: 122 but max is 0
[  318.077894][   T47] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  318.081992][   T47] usb 6-1: config 0 has no interface number 0
[  318.084399][   T47] usb 6-1: config 0 interface 122 altsetting 0 endpoint 0xA has invalid maxpacket 512, setting to 64
[  318.088675][   T47] usb 6-1: config 0 interface 122 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 8
[  318.092711][   T47] usb 6-1: config 0 interface 122 altsetting 0 bulk endpoint 0x88 has invalid maxpacket 1023
[  318.096526][   T47] usb 6-1: config 0 interface 122 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 8
[  318.105205][   T47] usb 6-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice= 5.b7
[  318.108597][   T47] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  318.111705][   T47] usb 6-1: Product: syz
[  318.113290][   T47] usb 6-1: Manufacturer: syz
[  318.115117][   T47] usb 6-1: SerialNumber: syz
[  318.119145][   T47] usb 6-1: config 0 descriptor??
[  318.122235][T14869] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  318.125134][T14869] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  318.304686][ T5909] usb 8-1: USB disconnect, device number 18
[  318.357829][   T47] usb 6-1: NFC: intf ffff8881099bf000 id ffffffff8eb53ba0
[  318.422524][T14884] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3461'.
[  318.426162][T14884] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3461'.
[  318.436178][   T47] nfcmrvl 6-1:0.122: NFC: registered with nci successfully
[  318.451458][   T47] usb 6-1: USB disconnect, device number 34
[  318.464889][   T47] usb 6-1: NFC: intf ffff8881099bf000
[  319.639107][T14917] /dev/nullb0: Can't lookup blockdev
[  319.642125][   T47] usb 8-1: new high-speed USB device number 19 using dummy_hcd
[  319.798125][   T47] usb 8-1: Using ep0 maxpacket: 16
[  319.814270][   T47] usb 8-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice=10.00
[  319.824333][   T47] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  319.833114][   T47] usb 8-1: Product: syz
[  319.837278][   T47] usb 8-1: Manufacturer: syz
[  319.845469][   T47] usb 8-1: SerialNumber: syz
[  319.855126][   T47] usb 8-1: config 0 descriptor??
[  319.866101][   T47] ftdi_sio 8-1:0.0: FTDI USB Serial Device converter detected
[  319.874811][   T47] usb 8-1: Detected FT-X
[  320.074827][   T47] ftdi_sio ttyUSB0: Unable to read latency timer: -71
[  320.077169][   T47] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  320.085122][   T47] ftdi_sio 8-1:0.0: GPIO initialisation failed: -71
[  320.092134][   T47] usb 8-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  320.102344][   T47] usb 8-1: USB disconnect, device number 19
[  320.111557][   T47] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  320.115456][   T47] ftdi_sio 8-1:0.0: device disconnected
[  320.144803][T14935] loop5: detected capacity change from 0 to 4096
[  320.148969][T14935] ntfs3(loop5): Different NTFS sector size (1024) and media sector size (512).
[  320.164300][T14935] ntfs3(loop5): Failed to initialize $Extend/$Reparse.
[  320.225204][T14938] loop5: detected capacity change from 0 to 512
[  320.228508][T14938] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1)
[  320.633643][T14948] dns_resolver: Unsupported content type (218)
[  320.655790][T14950] netlink: 'syz.2.3491': attribute type 10 has an invalid length.
[  320.668205][T14950] team0: Device netdevsim0 failed to register rx_handler
[  320.796177][T14958] loop7: detected capacity change from 0 to 4096
[  320.799067][T14958] ntfs3(loop7): Different NTFS sector size (2048) and media sector size (512).
[  321.286959][T14969] loop7: detected capacity change from 0 to 32768
[  321.291598][T14969] (syz.7.3500,14969,0):ocfs2_verify_volume:2303 ERROR: found superblock with bad version: found 9.0, should be 0.90
[  321.298682][T14969] (syz.7.3500,14969,0):ocfs2_verify_volume:2331 ERROR: status = -22
[  321.301418][T14969] (syz.7.3500,14969,0):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  321.304087][T14969] (syz.7.3500,14969,0):ocfs2_fill_super:1177 ERROR: status = -22
[  321.530193][ T5909] usb 6-1: new full-speed USB device number 35 using dummy_hcd
[  321.683047][ T5909] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  321.688228][ T5909] usb 6-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  321.692864][ T5909] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  321.703105][ T5909] usb 6-1: config 0 descriptor??
[  321.705983][T14977] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  321.750094][ T5991] usb 8-1: new high-speed USB device number 20 using dummy_hcd
[  322.080106][ T5991] usb 8-1: Using ep0 maxpacket: 32
[  322.084170][ T5991] usb 8-1: config 0 has an invalid interface number: 151 but max is 0
[  322.087375][ T5991] usb 8-1: config 0 has no interface number 0
[  322.094094][ T5991] usb 8-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f
[  322.097660][ T5991] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  322.101738][ T5991] usb 8-1: Product: syz
[  322.103464][ T5991] usb 8-1: Manufacturer: syz
[  322.105317][ T5991] usb 8-1: SerialNumber: syz
[  322.109481][ T5991] usb 8-1: config 0 descriptor??
[  322.155245][ T5909] elan 0003:04F3:0755.000F: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.5-1/input0
[  322.327294][ T5991] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[  322.357735][ T5991] usb 8-1: USB disconnect, device number 20
[  322.711173][   T47] usb 6-1: USB disconnect, device number 35
[  323.600178][   T47] usb 6-1: new full-speed USB device number 36 using dummy_hcd
[  323.751860][   T47] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  323.756108][   T47] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[  323.770759][   T47] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  323.774837][   T47] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  323.803450][   T47] usb 6-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9
[  323.820207][   T47] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  323.825704][   T47] usb 6-1: config 0 descriptor??
[  323.829573][   T47] gspca_main: spca561-2.14.0 probing abcd:cdee
[  323.877831][T15028] loop7: detected capacity change from 0 to 4096
[  323.884326][T15028] ntfs3(loop7): Different NTFS sector size (1024) and media sector size (512).
[  323.890226][T15028] ntfs3(loop7): MFT: r=0, expect seq=1 instead of 0!
[  323.892627][T15028] ntfs3(loop7): Mark volume as dirty due to NTFS errors
[  323.895349][T15028] ntfs3(loop7): Failed to load $MFT (-22).
[  324.314700][   T47] spca561 6-1:0.0: probe with driver spca561 failed with error -22
[  324.322499][   T47] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  324.325663][   T47] usb 6-1: MIDIStreaming interface descriptor not found
[  324.359396][   T47] usb 6-1: USB disconnect, device number 36
[  324.955598][T15046] loop5: detected capacity change from 0 to 4096
[  324.971808][T15046] ntfs3(loop5): Different NTFS sector size (4096) and media sector size (512).
[  324.998282][T15046] ntfs3(loop5): Mark volume as dirty due to NTFS errors
[  325.005331][T15046] ntfs3(loop5): ino=1a, mi_enum_attr
[  325.007573][T15046] ntfs3(loop5): Failed to initialize $Extend/$ObjId.
[  325.117339][T15061] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3542'.
[  325.395476][T15081] netlink: 'syz.5.3551': attribute type 5 has an invalid length.
[  325.425910][T15081] ip6erspan0: entered promiscuous mode
[  325.850206][ T6326] usb 8-1: new high-speed USB device number 21 using dummy_hcd
[  326.000198][ T6326] usb 8-1: Using ep0 maxpacket: 8
[  326.007161][ T6326] usb 8-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  326.012132][ T6326] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  326.015327][ T6326] usb 8-1: Product: syz
[  326.017001][ T6326] usb 8-1: Manufacturer: syz
[  326.018765][ T6326] usb 8-1: SerialNumber: syz
[  326.024282][ T6326] usb 8-1: config 0 descriptor??
[  326.218313][T15087] loop5: detected capacity change from 0 to 131072
[  326.221869][T15095] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate.
[  326.224269][T15087] F2FS-fs (loop5): invalid crc value
[  326.237989][ T6326] usb 8-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  326.290957][T15087] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  326.299072][T15087] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  327.065161][T15124] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3570'.
[  327.163569][T15128] loop5: detected capacity change from 0 to 1024
[  327.242898][T15132] sd 0:0:0:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x24 ascq=0x0
[  327.369828][T15138] loop5: detected capacity change from 0 to 1024
[  327.373881][T15138] EXT4-fs: Ignoring removed nomblk_io_submit option
[  327.377212][T15138] EXT4-fs (loop5): unsupported descriptor size 0
[  327.453079][ T6326] dvb_usb_rtl28xxu 8-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  327.459374][ T6326] usb 8-1: USB disconnect, device number 21
[  327.999100][T15164] openvswitch: netlink: ERSPAN option length err (len 256, max 255).
[  328.161396][T15176] loop7: detected capacity change from 0 to 1024
[  328.188191][T15176] hfsplus: xattr searching failed
[  328.191596][T15176] hfsplus: xattr searching failed
[  328.491175][ T5991] usb 6-1: new high-speed USB device number 37 using dummy_hcd
[  328.503783][T15200] netlink: 27 bytes leftover after parsing attributes in process `syz.2.3605'.
[  328.558075][T15205] netlink: 'syz.2.3608': attribute type 3 has an invalid length.
[  328.653033][ T5991] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  328.656099][ T5991] usb 6-1: config 0 has no interface number 0
[  328.658420][ T5991] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  328.674016][ T5991] usb 6-1: config 0 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  328.679392][ T5991] usb 6-1: New USB device found, idVendor=28bd, idProduct=0042, bcdDevice= 0.00
[  328.694602][ T5991] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  328.703859][ T5991] usb 6-1: config 0 descriptor??
[  328.872756][T15210] loop7: detected capacity change from 0 to 32768
[  328.889744][T15210] XFS (loop7): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  328.955388][T15210] XFS (loop7): Ending clean mount
[  328.999096][T15210] XFS (loop7): User initiated shutdown received.
[  329.004611][T15210] XFS (loop7): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x71/0x150 (fs/xfs/xfs_fsops.c:472).  Shutting down filesystem.
[  329.010239][T15210] XFS (loop7): Please unmount the filesystem and rectify the problem(s)
[  329.015489][T15210] XFS (loop7): Error -5 reserving per-AG metadata reserve pool.
[  329.044437][T12108] XFS (loop7): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  329.114803][ T5991] hid (null): report_id 35660 is invalid
[  329.315478][ T5991] uclogic 0003:28BD:0042.0010: failed retrieving string descriptor #100: -71
[  329.319809][ T5991] uclogic 0003:28BD:0042.0010: failed retrieving pen parameters: -71
[  329.323961][ T5991] uclogic 0003:28BD:0042.0010: pen probing failed: -71
[  329.327207][ T5991] uclogic 0003:28BD:0042.0010: failed probing parameters: -71
[  329.331380][ T5991] uclogic 0003:28BD:0042.0010: probe with driver uclogic failed with error -71
[  329.336597][ T5991] usb 6-1: USB disconnect, device number 37
[  329.560178][ T6326] usb 8-1: new high-speed USB device number 22 using dummy_hcd
[  329.711870][ T6326] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF4, changing to 0x84
[  329.715533][ T6326] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x84 has invalid maxpacket 1023
[  329.718534][ T6326] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  329.722434][ T6326] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  329.727595][ T6326] usb 8-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  329.731255][ T6326] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  329.734330][ T6326] usb 8-1: Product: syz
[  329.735825][ T6326] usb 8-1: Manufacturer: syz
[  329.737500][ T6326] usb 8-1: SerialNumber: syz
[  329.744714][ T6326] usb 8-1: config 0 descriptor??
[  329.747066][T15239] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  329.751269][ T6326] usb 8-1: ucan: probing device on interface #0
[  329.753412][ T6326] usb 8-1: ucan: invalid endpoint configuration
[  329.755456][ T6326] usb 8-1: ucan: probe failed; try to update the device firmware
[  329.955441][ T5991] usb 8-1: USB disconnect, device number 22
[  330.637424][T15263] loop7: detected capacity change from 0 to 4096
[  330.666415][   T33] audit: type=1800 audit(330.553:116): pid=15263 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.3630" name="file1" dev="loop7" ino=30 res=0 errno=0
[  330.774547][T15265] loop7: detected capacity change from 0 to 4096
[  330.777598][T15265] ntfs3(loop7): Different NTFS sector size (4096) and media sector size (512).
[  330.797841][T15265] ntfs3(loop7): ino=19, mi_enum_attr
[  330.799565][T15265] ntfs3(loop7): Mark volume as dirty due to NTFS errors
[  330.813932][T15265] ntfs3(loop7): failed to convert "c46c" to iso8859-13
[  330.818868][T15265] ntfs3(loop7): ino=20, mi_enum_attr
[  330.829408][T15269] IPVS: set_ctl: invalid protocol: 136 10.1.1.2:20004
[  331.110377][ T5991] usb 8-1: new high-speed USB device number 23 using dummy_hcd
[  331.271251][ T5991] usb 8-1: Using ep0 maxpacket: 16
[  331.275138][ T5991] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  331.283967][ T5991] usb 8-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice=7a.5a
[  331.288379][ T5991] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  331.292192][ T5991] usb 8-1: Product: syz
[  331.293937][ T5991] usb 8-1: Manufacturer: syz
[  331.295520][ T5991] usb 8-1: SerialNumber: syz
[  331.299160][ T5991] usb 8-1: config 0 descriptor??
[  331.305858][ T5991] pegasus_notetaker 8-1:0.0: Invalid number of endpoints
[  331.308099][ T5991] pegasus_notetaker 8-1:0.0: probe with driver pegasus_notetaker failed with error -22
[  331.446859][T15309] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma?
[  331.519231][ T5991] usb 8-1: USB disconnect, device number 23
[  332.073676][T15313] loop5: detected capacity change from 0 to 128
[  332.437381][T15326] loop5: detected capacity change from 0 to 1024
[  332.487806][T15328] fuse: Unknown parameter 'fd0xffffffffffffffff'
[  332.576507][T15332] loop5: detected capacity change from 0 to 512
[  332.581425][T15332] EXT4-fs (loop5): Test dummy encryption mode enabled
[  332.584331][T15332] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  332.597036][T15332] EXT4-fs error (device loop5): ext4_orphan_get:1418: comm syz.5.3663: bad orphan inode 131083
[  332.612911][T15332] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  333.454525][T15355] loop7: detected capacity change from 0 to 40427
[  333.499457][T15355] F2FS-fs (loop7): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  333.518725][T15355] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  333.525305][ T8764] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  333.573322][T12108] syz-executor: attempt to access beyond end of device
[  333.573322][T12108] loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  333.579450][T12108] CPU: 0 UID: 0 PID: 12108 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  333.579470][T12108] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  333.579477][T12108] Call Trace:
[  333.579482][T12108]  <TASK>
[  333.579488][T12108]  dump_stack_lvl+0x189/0x250
[  333.579509][T12108]  ? __pfx_dump_stack_lvl+0x10/0x10
[  333.579523][T12108]  ? __pfx_queue_work_on+0x10/0x10
[  333.579534][T12108]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  333.579549][T12108]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  333.579571][T12108]  f2fs_handle_critical_error+0x37c/0x540
[  333.579594][T12108]  f2fs_write_end_io+0x886/0xb60
[  333.579621][T12108]  __submit_merged_bio+0x27a/0x6a0
[  333.579643][T12108]  __submit_merged_write_cond+0x255/0x530
[  333.579666][T12108]  f2fs_write_data_pages+0x261d/0x3000
[  333.579712][T12108]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  333.579766][T12108]  ? ktime_get+0x3e/0x1f0
[  333.579780][T12108]  ? ktime_get+0x3e/0x1f0
[  333.579795][T12108]  ? rcu_is_watching+0x15/0xb0
[  333.579817][T12108]  ? __lock_acquire+0xab9/0xd20
[  333.579840][T12108]  ? do_raw_spin_lock+0x121/0x290
[  333.579863][T12108]  ? do_raw_spin_unlock+0x4d/0x240
[  333.579877][T12108]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  333.579952][T12108]  do_writepages+0x32e/0x550
[  333.579999][T12108]  ? do_raw_spin_unlock+0x4d/0x240
[  333.580018][T12108]  filemap_fdatawrite+0x199/0x240
[  333.580035][T12108]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  333.580090][T12108]  ? do_raw_spin_unlock+0x4d/0x240
[  333.580107][T12108]  f2fs_sync_dirty_inodes+0x31f/0x830
[  333.580133][T12108]  f2fs_write_checkpoint+0x95a/0x1df0
[  333.580164][T12108]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  333.580217][T12108]  ? kill_f2fs_super+0x298/0x6c0
[  333.580234][T12108]  kill_f2fs_super+0x2c3/0x6c0
[  333.580253][T12108]  ? __pfx_kill_f2fs_super+0x10/0x10
[  333.580265][T12108]  ? radix_tree_delete_item+0x2b6/0x400
[  333.580289][T12108]  ? shrinker_free+0x2ce/0x3e0
[  333.580315][T12108]  deactivate_locked_super+0xbc/0x130
[  333.580335][T12108]  cleanup_mnt+0x425/0x4c0
[  333.580351][T12108]  ? lockdep_hardirqs_on+0x9c/0x150
[  333.580367][T12108]  task_work_run+0x1d4/0x260
[  333.580384][T12108]  ? __pfx_task_work_run+0x10/0x10
[  333.580396][T12108]  ? __x64_sys_umount+0x122/0x160
[  333.580415][T12108]  ? exit_to_user_mode_loop+0x40/0x110
[  333.580433][T12108]  exit_to_user_mode_loop+0xec/0x110
[  333.580448][T12108]  do_syscall_64+0x2bd/0x3b0
[  333.580462][T12108]  ? lockdep_hardirqs_on+0x9c/0x150
[  333.580478][T12108]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  333.580489][T12108]  ? exc_page_fault+0x9f/0xf0
[  333.580506][T12108]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  333.580518][T12108] RIP: 0033:0x7f9408f8ff17
[  333.580530][T12108] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  333.580539][T12108] RSP: 002b:00007fff7ef652f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  333.580551][T12108] RAX: 0000000000000000 RBX: 00007f9409011c05 RCX: 00007f9408f8ff17
[  333.580558][T12108] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff7ef653b0
[  333.580563][T12108] RBP: 00007fff7ef653b0 R08: 0000000000000000 R09: 0000000000000000
[  333.580569][T12108] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff7ef66440
[  333.580576][T12108] R13: 00007f9409011c05 R14: 000000000005168f R15: 00007fff7ef66480
[  333.580600][T12108]  </TASK>
[  333.729562][T12108] F2FS-fs (loop7): Stopped filesystem due to reason: 3
[  333.764547][   T33] audit: type=1326 audit(333.653:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15362 comm="syz.5.3675" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f012e18ebe9 code=0x0
[  333.978750][T15366] loop7: detected capacity change from 0 to 47
[  334.395075][ T5233] Bluetooth: hci1: command 0x0406 tx timeout
[  334.950239][   T47] usb 6-1: new high-speed USB device number 38 using dummy_hcd
[  335.111881][   T47] usb 6-1: Using ep0 maxpacket: 32
[  335.115777][   T47] usb 6-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  335.119818][   T47] usb 6-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  335.126989][   T47] usb 6-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  335.132483][   T47] usb 6-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  335.135734][   T47] usb 6-1: Product: syz
[  335.137360][   T47] usb 6-1: Manufacturer: syz
[  335.144105][   T47] hub 6-1:4.0: USB hub found
[  335.234262][T15385] loop7: detected capacity change from 0 to 32768
[  335.349755][T15385] bcachefs (loop7): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  335.349807][T15385]   allowing incompatible features above 0.0: (unknown version)
[  335.349819][T15385]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  335.365479][T15385] bcachefs (loop7): Using encoding defined by superblock: utf8-12.1.0
[  335.368001][T15385] bcachefs (loop7): initializing new filesystem
[  335.376114][T15385] bcachefs (loop7): going read-write
[  335.382126][   T47] hub 6-1:4.0: config failed, hub doesn't have any ports! (err -19)
[  335.393196][T15385] bcachefs (loop7): marking superblocks
[  335.400736][T15385] bcachefs (loop7): initializing freespace
[  335.405670][T15385] bcachefs (loop7): done initializing freespace
[  335.409230][T15385] bcachefs (loop7): reading snapshots table
[  335.411535][T15385] bcachefs (loop7): reading snapshots done
[  335.442878][T15385] bcachefs (loop7): done starting filesystem
[  336.011476][    T9] usb 6-1: USB disconnect, device number 38
[  336.015215][T12108] bcachefs (loop7): shutting down
[  336.023592][T12108] bcachefs (loop7): going read-only
[  336.025777][T12108] bcachefs (loop7): finished waiting for writes to stop
[  336.028539][T12108] bcachefs (loop7): flushing journal and stopping allocators, journal seq 2
[  336.071266][T12108] bcachefs (loop7): flushing journal and stopping allocators complete, journal seq 3
[  336.076332][T12108] bcachefs (loop7): clean shutdown complete, journal seq 4
[  336.082060][T12108] bcachefs (loop7): marking filesystem clean
[  336.104054][T12108] bcachefs (loop7): shutdown complete
[  336.303833][T15424] loop5: detected capacity change from 0 to 256
[  336.308908][T15424] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  336.333009][T15424] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 196)
[  336.339380][T15424] FAT-fs (loop5): Filesystem has been set read-only
[  336.730608][    T9] usb 6-1: new high-speed USB device number 39 using dummy_hcd
[  336.890325][    T9] usb 6-1: Using ep0 maxpacket: 8
[  336.896543][    T9] usb 6-1: unable to get BOS descriptor or descriptor too short
[  336.911057][    T9] usb 6-1: config 9 has an invalid interface number: 5 but max is 0
[  336.913492][    T9] usb 6-1: config 9 has no interface number 0
[  336.915331][    T9] usb 6-1: config 9 interface 5 altsetting 9 has an endpoint descriptor with address 0xD7, changing to 0x87
[  336.919255][    T9] usb 6-1: config 9 interface 5 altsetting 9 endpoint 0x87 has invalid wMaxPacketSize 0
[  336.924554][    T9] usb 6-1: config 9 interface 5 has no altsetting 0
[  336.944662][    T9] usb 6-1: New USB device found, idVendor=06f8, idProduct=b000, bcdDevice=5d.a8
[  336.947937][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  336.950926][    T9] usb 6-1: Product: syz
[  336.952649][    T9] usb 6-1: Manufacturer: syz
[  336.954606][    T9] usb 6-1: SerialNumber: syz
[  337.187132][    T9] usb 6-1: USB disconnect, device number 39
[  338.350810][   T47] usb 8-1: new high-speed USB device number 24 using dummy_hcd
[  338.503631][   T47] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  338.508384][   T47] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3
[  338.516145][   T47] usb 8-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  338.523693][   T47] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67
[  338.526890][   T47] usb 8-1: SerialNumber: syz
[  338.742528][   T47] usb 8-1: 0:2 : does not exist
[  338.760689][   T47] usb 8-1: USB disconnect, device number 24
[  338.825345][T15498] loop5: detected capacity change from 0 to 512
[  338.836847][T15498] EXT4-fs (loop5): orphan cleanup on readonly fs
[  338.844238][T15498] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.3731: bg 0: block 248: padding at end of block bitmap is not set
[  338.851195][T15498] Quota error (device loop5): write_blk: dquota write failed
[  338.854249][T15498] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota
[  338.858132][T15498] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.3731: Failed to acquire dquot type 1
[  338.867442][T15498] EXT4-fs (loop5): 1 truncate cleaned up
[  338.874369][T15498] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  338.916965][ T8764] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  338.994524][T15505] loop5: detected capacity change from 0 to 512
[  339.004466][T15505] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  339.056754][ T8764] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  339.109729][T15516] loop5: detected capacity change from 0 to 64
[  339.117233][T15516] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing
[  339.740216][ T5848] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  339.743770][ T5848] Bluetooth: hci1: Injecting HCI hardware error event
[  339.748659][ T5848] Bluetooth: hci1: hardware error 0x00
[  339.760124][   T47] usb 8-1: new high-speed USB device number 25 using dummy_hcd
[  339.912853][   T47] usb 8-1: config index 0 descriptor too short (expected 39, got 27)
[  339.916102][   T47] usb 8-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  339.920284][   T47] usb 8-1: config 0 interface 0 has no altsetting 0
[  339.925010][   T47] usb 8-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  339.928292][   T47] usb 8-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  339.931579][   T47] usb 8-1: Product: syz
[  339.933184][   T47] usb 8-1: Manufacturer: syz
[  339.934975][   T47] usb 8-1: SerialNumber: syz
[  339.939016][   T47] usb 8-1: config 0 descriptor??
[  339.943370][   T47] hub 8-1:0.0: bad descriptor, ignoring hub
[  339.945649][   T47] hub 8-1:0.0: probe with driver hub failed with error -5
[  339.951375][   T47] usb 8-1: selecting invalid altsetting 0
[  340.250585][    T9] usb 8-1: USB disconnect, device number 25
[  340.453944][ T5233] Bluetooth: hci2: unexpected event for opcode 0x2010
[  340.933072][   T47] usb 8-1: new full-speed USB device number 26 using dummy_hcd
[  341.215421][   T47] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  341.222266][   T47] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  341.228879][   T47] usb 8-1: New USB device found, idVendor=060b, idProduct=700a, bcdDevice= 0.00
[  341.232346][   T47] usb 8-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[  341.235086][   T47] usb 8-1: Manufacturer: syz
[  341.238325][   T47] usb 8-1: config 0 descriptor??
[  341.584917][T15616] loop5: detected capacity change from 0 to 128
[  341.599776][T15616] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  341.665623][ T8764] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  341.728049][   T47] cougar 0003:060B:700A.0011: unknown main item tag 0x0
[  341.741084][   T47] cougar 0003:060B:700A.0011: unknown main item tag 0x0
[  341.743369][   T47] cougar 0003:060B:700A.0011: unknown main item tag 0x0
[  341.745552][   T47] cougar 0003:060B:700A.0011: unknown main item tag 0x0
[  341.747819][   T47] cougar 0003:060B:700A.0011: unknown main item tag 0x0
[  341.756959][   T47] cougar 0003:060B:700A.0011: hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.7-1/input0
[  341.765614][T15622] loop5: detected capacity change from 0 to 128
[  341.776314][T15622] FAT-fs (loop5): Directory bread(block 32) failed
[  341.779135][T15622] FAT-fs (loop5): Directory bread(block 33) failed
[  341.782148][T15622] FAT-fs (loop5): Directory bread(block 34) failed
[  341.784798][T15622] FAT-fs (loop5): Directory bread(block 35) failed
[  341.787560][T15622] FAT-fs (loop5): Directory bread(block 36) failed
[  341.792371][T15622] FAT-fs (loop5): Directory bread(block 37) failed
[  341.794601][T15622] FAT-fs (loop5): Directory bread(block 38) failed
[  341.797018][T15622] FAT-fs (loop5): Directory bread(block 39) failed
[  341.800699][T15622] FAT-fs (loop5): Directory bread(block 40) failed
[  341.803437][T15622] FAT-fs (loop5): Directory bread(block 41) failed
[  341.821167][ T5848] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  341.842777][T15622] FAT-fs (loop5): error, fat_free_clusters: deleting FAT entry beyond EOF
[  341.847126][T15622] FAT-fs (loop5): Filesystem has been set read-only
[  341.863904][T15622] syz.5.3783: attempt to access beyond end of device
[  341.863904][T15622] loop5: rw=2049, sector=4184, nr_sectors = 24 limit=128
[  341.869953][T15622] syz.5.3783: attempt to access beyond end of device
[  341.869953][T15622] loop5: rw=2049, sector=4216, nr_sectors = 4 limit=128
[  341.876720][T15622] Buffer I/O error on dev loop5, logical block 1054, lost async page write
[  341.880349][T15622] syz.5.3783: attempt to access beyond end of device
[  341.880349][T15622] loop5: rw=2049, sector=4224, nr_sectors = 4 limit=128
[  341.885359][T15622] Buffer I/O error on dev loop5, logical block 1056, lost async page write
[  341.889013][T15622] syz.5.3783: attempt to access beyond end of device
[  341.889013][T15622] loop5: rw=2049, sector=4228, nr_sectors = 4 limit=128
[  341.928310][ T5991] usb 8-1: USB disconnect, device number 26
[  342.044880][T15634] sch_tbf: burst 32855 is lower than device lo mtu (65550) !
[  342.108048][T15638] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3791'.
[  342.111740][T15638] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3791'.
[  342.482314][T15649] loop5: detected capacity change from 0 to 32768
[  342.561424][T15649] bcachefs (loop5): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  342.561448][T15649]   allowing incompatible features above 0.0: (unknown version)
[  342.561458][T15649]   features: 
[  342.579136][T15649] bcachefs (loop5): Using encoding defined by superblock: utf8-12.1.0
[  342.583521][T15649] bcachefs (loop5): initializing new filesystem
[  342.594722][T15649] bcachefs (loop5): going read-write
[  342.604130][T15649] bcachefs (loop5): marking superblocks
[  342.645763][T15649] bcachefs (loop5): initializing freespace
[  342.655721][T15649] bcachefs (loop5): done initializing freespace
[  342.665744][T15649] bcachefs (loop5): reading snapshots table
[  342.668260][T15649] bcachefs (loop5): reading snapshots done
[  342.696725][T15671] loop7: detected capacity change from 0 to 512
[  342.705479][T15671] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[  342.705924][T15649] bcachefs (loop5): done starting filesystem
[  342.715745][T15671] EXT4-fs error (device loop7): ext4_orphan_get:1418: comm syz.7.3802: bad orphan inode 131083
[  342.722178][T15671] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  342.755735][T12108] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  342.792893][ T8764] bcachefs (loop5): shutting down
[  342.802172][ T8764] bcachefs (loop5): going read-only
[  342.804489][ T8764] bcachefs (loop5): finished waiting for writes to stop
[  342.808115][ T8764] bcachefs (loop5): flushing journal and stopping allocators, journal seq 2
[  342.843850][ T8764] bcachefs (loop5): flushing journal and stopping allocators complete, journal seq 3
[  342.852058][ T8764] bcachefs (loop5): clean shutdown complete, journal seq 4
[  342.854800][ T8764] bcachefs (loop5): marking filesystem clean
[  342.877902][ T8764] bcachefs (loop5): shutdown complete
[  343.043780][T15681] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3807'.
[  343.047613][T15681] unsupported nlmsg_type 40
[  343.097097][T15683] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  344.667197][T15704] netlink: 68 bytes leftover after parsing attributes in process `syz.2.3815'.
[  345.669259][T15739] sctp: [Deprecated]: syz.5.3831 (pid 15739) Use of struct sctp_assoc_value in delayed_ack socket option.
[  345.669259][T15739] Use struct sctp_sack_info instead
[  345.778934][T15742] netlink: 17 bytes leftover after parsing attributes in process `syz.5.3832'.
[  345.783537][T15742] netlink: zone id is out of range
[  345.785760][T15742] netlink: zone id is out of range
[  345.787361][T15742] netlink: zone id is out of range
[  345.789117][T15742] netlink: zone id is out of range
[  345.792764][T15742] netlink: zone id is out of range
[  345.795070][T15742] netlink: zone id is out of range
[  345.797211][T15742] netlink: zone id is out of range
[  345.799431][T15742] netlink: zone id is out of range
[  345.801883][T15742] netlink: zone id is out of range
[  346.577421][T15758] loop7: detected capacity change from 0 to 512
[  346.584227][T15758] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[  346.624002][T15758] EXT4-fs (loop7): 1 truncate cleaned up
[  346.635177][T15758] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  346.713709][T12108] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  347.001218][T15770] loop5: detected capacity change from 0 to 32768
[  347.004784][T15770] bcachefs (/dev/loop5): error validating superblock: Invalid time precision: 0 (min 1, max 1000000000)
[  347.009206][T15770] bcachefs: bch2_fs_get_tree() error: invalid_sb_time_precision
[  347.118262][T15772] loop7: detected capacity change from 0 to 40427
[  347.122988][T15772] F2FS-fs (loop7): invalid crc value
[  347.163668][T15772] F2FS-fs (loop7): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  347.167007][T15772] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e4
[  347.437415][T15801] netlink: 'syz.2.3858': attribute type 1 has an invalid length.
[  347.457907][T15801] 8021q: adding VLAN 0 to HW filter on device bond3
[  347.473822][T15801] bond3: entered promiscuous mode
[  347.591714][T15814] loop5: detected capacity change from 0 to 512
[  347.616122][T15814] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  347.645604][   T33] audit: type=1800 audit(347.533:118): pid=15814 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.3864" name="file1" dev="loop5" ino=15 res=0 errno=0
[  347.656282][   T33] audit: type=1800 audit(347.543:119): pid=15814 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.3864" name="file2" dev="loop5" ino=16 res=0 errno=0
[  347.671369][ T5909] usb 8-1: new high-speed USB device number 27 using dummy_hcd
[  347.695807][ T8764] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  347.820134][ T5909] usb 8-1: Using ep0 maxpacket: 32
[  347.824866][ T5909] usb 8-1: unable to get BOS descriptor or descriptor too short
[  347.832019][ T5909] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  347.836135][ T5909] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2
[  347.850471][ T5909] usb 8-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  347.859398][ T5909] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  347.865013][ T5909] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  347.868178][ T5909] usb 8-1: Product: syz
[  347.869778][ T5909] usb 8-1: Manufacturer: syz
[  347.882850][ T5909] usb 8-1: SerialNumber: syz
[  347.889095][ T5909] cdc_ncm 8-1:1.0: CDC Union missing and no IAD found
[  347.892368][ T5909] cdc_ncm 8-1:1.0: bind() failure
[  348.009201][    C0] vxcan1: j1939_tp_rxtimer: 0xffff888118b4c800: rx timeout, send abort
[  348.093838][ T5991] usb 8-1: USB disconnect, device number 27
[  348.509272][    C0] vxcan1: j1939_tp_rxtimer: 0xffff888039a15800: rx timeout, send abort
[  348.514666][    C0] vxcan1: j1939_tp_rxtimer: 0xffff888118b4c800: abort rx timeout. Force session deactivation
[  348.731731][   T33] audit: type=1326 audit(348.623:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15844 comm="syz.7.3878" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9408f8ebe9 code=0x7ffc0000
[  348.754223][   T33] audit: type=1326 audit(348.633:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15844 comm="syz.7.3878" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9408f8ebe9 code=0x7ffc0000
[  348.762210][   T33] audit: type=1326 audit(348.633:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15844 comm="syz.7.3878" exe="/syz-executor" sig=0 arch=c000003e syscall=33 compat=0 ip=0x7f9408f8ebe9 code=0x7ffc0000
[  348.771028][   T33] audit: type=1326 audit(348.633:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15844 comm="syz.7.3878" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9408f8ebe9 code=0x7ffc0000
[  349.012280][    C0] vxcan1: j1939_tp_rxtimer: 0xffff888039a15800: abort rx timeout. Force session deactivation
[  350.029686][T15888] loop7: detected capacity change from 0 to 1024
[  350.033870][T15888] EXT4-fs: Ignoring removed nobh option
[  350.038187][T15888] EXT4-fs: Ignoring removed bh option
[  350.154454][T15888] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  351.037903][T15868] loop5: detected capacity change from 0 to 262144
[  351.092297][   T33] audit: type=1800 audit(350.983:124): pid=15888 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.7.3897" name="file2" dev="overlay" ino=16 res=0 errno=0
[  351.119354][T15868] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  351.126140][T15868] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  351.195620][T12108] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  351.268792][T15903] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3901'.
[  351.314467][T15905] netlink: 104 bytes leftover after parsing attributes in process `syz.7.3902'.
[  351.590174][    T9] usb 8-1: new high-speed USB device number 28 using dummy_hcd
[  351.740223][    T9] usb 8-1: Using ep0 maxpacket: 16
[  351.745930][    T9] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  351.752166][    T9] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  351.759258][    T9] usb 8-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  351.763301][    T9] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  351.766124][    T9] usb 8-1: Product: syz
[  351.767797][    T9] usb 8-1: Manufacturer: syz
[  351.769672][    T9] usb 8-1: SerialNumber: syz
[  351.776515][    T9] usb 8-1: config 0 descriptor??
[  351.782490][    T9] em28xx 8-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  351.786144][    T9] em28xx 8-1:0.0: Audio interface 0 found (Vendor Class)
[  352.395105][    T9] em28xx 8-1:0.0: unknown em28xx chip ID (0)
[  352.405569][    T9] em28xx 8-1:0.0: Config register raw data: 0x41
[  352.603363][    T9] usb 8-1: USB disconnect, device number 28
[  352.605905][    T9] em28xx 8-1:0.0: Disconnecting em28xx
[  352.619283][    T9] em28xx 8-1:0.0: Freeing device
[  352.930120][ T6326] usb 6-1: new high-speed USB device number 40 using dummy_hcd
[  353.080114][ T6326] usb 6-1: Using ep0 maxpacket: 16
[  353.083005][ T6326] usb 6-1: too many configurations: 97, using maximum allowed: 8
[  353.101614][ T6326] usb 6-1: string descriptor 0 read error: -71
[  353.104075][ T6326] usb 6-1: New USB device found, idVendor=2304, idProduct=023b, bcdDevice=7b.5c
[  353.107463][ T6326] usb 6-1: New USB device strings: Mfr=249, Product=204, SerialNumber=224
[  353.113594][ T6326] usb 6-1: rejected 8 configurations due to insufficient available bus power
[  353.116974][ T6326] usb 6-1: no configuration chosen from 8 choices
[  353.121123][ T6326] usb 6-1: USB disconnect, device number 40
[  353.285187][T15964] loop7: detected capacity change from 0 to 512
[  353.293396][T15964] EXT4-fs (loop7): mounting ext2 file system using the ext4 subsystem
[  353.313896][T15964] EXT4-fs error (device loop7): ext4_validate_block_bitmap:432: comm syz.7.3928: bg 0: block 104: invalid block bitmap
[  353.322638][T15964] EXT4-fs error (device loop7) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  353.326396][T15964] EXT4-fs error (device loop7): ext4_free_branches:1023: inode #11: comm syz.7.3928: invalid indirect mapped block 1 (level 1)
[  353.333814][T15964] EXT4-fs (loop7): 1 truncate cleaned up
[  353.339266][T15964] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  353.393115][T12108] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  353.687072][T15978] loop7: detected capacity change from 0 to 32768
[  353.740993][T15978] ocfs2: Mounting device (7,7) on (node local, slot 0) with writeback data mode.
[  353.772408][T15991] : renamed from bond_slave_0 (while UP)
[  353.782786][T12108] (syz-executor,12108,0):ocfs2_inode_is_valid_to_delete:948 ERROR: Skipping delete of system file 76
[  353.877163][T12108] ocfs2: Unmounting device (7,7) on (node local)
[  354.124752][T15998] netlink: 'syz.5.3943': attribute type 1 has an invalid length.
[  354.130194][T15998] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3943'.
[  354.715524][T16017] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3950'.
[  354.718884][T16017] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3950'.
[  355.236309][T16029] loop5: detected capacity change from 0 to 16
[  355.240941][T16029] erofs (device loop5): mounted with root inode @ nid 36.
[  355.546451][T16043] netlink: 51 bytes leftover after parsing attributes in process `syz.2.3962'.
[  355.699042][ T6326] usb 6-1: new full-speed USB device number 41 using dummy_hcd
[  355.885788][ T6326] usb 6-1: unable to get BOS descriptor or descriptor too short
[  355.890699][ T6326] usb 6-1: not running at top speed; connect to a high speed hub
[  355.896117][ T6326] usb 6-1: config 1 interface 0 has no altsetting 0
[  355.919199][ T6326] usb 6-1: New USB device found, idVendor=05ac, idProduct=024e, bcdDevice= 0.40
[  355.930055][ T6326] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  355.933078][ T6326] usb 6-1: Product: syz
[  355.934822][ T6326] usb 6-1: Manufacturer: syz
[  355.936681][ T6326] usb 6-1: SerialNumber: syz
[  356.157433][ T6326] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/input/input20
[  356.163233][ T5278] bcm5974 6-1:1.0: could not read from device
[  356.164128][ T6326] usb 6-1: USB disconnect, device number 41
[  356.707081][T16095] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3986'.
[  356.886985][T16106] loop7: detected capacity change from 0 to 16
[  356.897202][T16106] erofs (device loop7): rootino(nid 36) is not a directory(i_mode 120040)
[  357.051531][T16104] loop5: detected capacity change from 0 to 32768
[  357.054822][T16104] bcachefs: bch2_fs_parse_param() Error parsing option move_bytes_in_flight: option_value
[  357.230677][T16115] loop5: detected capacity change from 0 to 256
[  357.262720][T16115] FAT-fs (loop5): Directory bread(block 64) failed
[  357.265611][T16115] FAT-fs (loop5): Directory bread(block 65) failed
[  357.268187][T16115] FAT-fs (loop5): Directory bread(block 66) failed
[  357.270884][T16115] FAT-fs (loop5): Directory bread(block 67) failed
[  357.274322][T16115] FAT-fs (loop5): Directory bread(block 68) failed
[  357.277089][T16115] FAT-fs (loop5): Directory bread(block 69) failed
[  357.279809][T16115] FAT-fs (loop5): Directory bread(block 70) failed
[  357.285089][T16115] FAT-fs (loop5): Directory bread(block 71) failed
[  357.287876][T16115] FAT-fs (loop5): Directory bread(block 72) failed
[  357.290346][T16115] FAT-fs (loop5): Directory bread(block 73) failed
[  357.551556][T16142] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4008'.
[  357.563902][T16142] netdevsim netdevsim5 netdevsim0: entered promiscuous mode
[  357.574809][T16142] netdevsim netdevsim5 netdevsim0: left promiscuous mode
[  357.664820][T16146] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4010'.
[  357.668605][T16146] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4010'.
[  357.729535][T16150] net_ratelimit: 77 callbacks suppressed
[  357.729554][T16150] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  357.980095][ T6326] usb 6-1: new high-speed USB device number 42 using dummy_hcd
[  358.069584][T16156] loop7: detected capacity change from 0 to 32768
[  358.073662][T16156] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.4015 (16156)
[  358.082151][T16156] BTRFS info (device loop7): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  358.086250][T16156] BTRFS info (device loop7): using crc32c (crc32c-lib) checksum algorithm
[  358.089784][T16156] BTRFS info (device loop7): using free-space-tree
[  358.133063][ T6326] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  358.136987][ T6326] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  358.142042][T12108] BTRFS info (device loop7): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  358.153393][ T6326] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  358.157127][ T6326] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67
[  358.160562][ T6326] usb 6-1: SerialNumber: syz
[  358.351263][T16175] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4017'.
[  358.377051][ T6326] usb 6-1: 0:2 : does not exist
[  358.397353][ T6326] usb 6-1: USB disconnect, device number 42
[  358.920494][ T6326] usb 8-1: new high-speed USB device number 29 using dummy_hcd
[  359.033927][T16220] loop5: detected capacity change from 0 to 512
[  359.043281][T16220] EXT4-fs (loop5): mounted filesystem 00800000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  359.071781][ T8764] EXT4-fs (loop5): unmounting filesystem 00800000-0000-0000-0000-000000000000.
[  359.089150][ T6326] usb 8-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.05
[  359.092663][ T6326] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  359.095522][ T6326] usb 8-1: Product: syz
[  359.097112][ T6326] usb 8-1: Manufacturer: syz
[  359.099217][ T6326] usb 8-1: SerialNumber: syz
[  359.104581][ T6326] usb 8-1: config 0 descriptor??
[  359.115884][ T6326] go7007 8-1:0.0: probe with driver go7007 failed with error -12
[  359.315841][ T6326] usb 8-1: USB disconnect, device number 29
[  359.902071][T16245] loop7: detected capacity change from 0 to 128
[  359.914364][T16245] UDF-fs: error (device loop7): udf_read_tagged: read failed, block=256, location=256
[  359.921508][T16245] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  359.991643][T16247] loop7: detected capacity change from 0 to 512
[  360.013130][T16247] EXT4-fs (loop7): revision level too high, forcing read-only mode
[  360.020376][T16247] EXT4-fs (loop7): orphan cleanup on readonly fs
[  360.032159][ T6326] usb 6-1: new high-speed USB device number 43 using dummy_hcd
[  360.034561][T16247] EXT4-fs error (device loop7): ext4_do_update_inode:5653: inode #16: comm syz.7.4050: corrupted inode contents
[  360.039617][T16247] EXT4-fs (loop7): Remounting filesystem read-only
[  360.042164][T16247] EXT4-fs (loop7): 1 truncate cleaned up
[  360.045884][  T962] EXT4-fs (loop7): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  360.056185][  T962] Quota error (device loop7): write_blk: dquota write failed
[  360.059606][  T962] Quota error (device loop7): remove_free_dqentry: Can't write block (5) with free entries
[  360.065739][  T962] EXT4-fs (loop7): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  360.070579][  T962] Quota error (device loop7): write_blk: dquota write failed
[  360.073440][  T962] Quota error (device loop7): free_dqentry: Can't move quota data block (5) to free list
[  360.077474][  T962] EXT4-fs (loop7): Quota write (off=8, len=24) cancelled because transaction is not started
[  360.085250][  T962] Quota error (device loop7): v2_write_file_info: Can't write info structure
[  360.092836][  T962] Quota error (device loop7): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  360.098143][T16247] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  360.125194][T12108] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  360.180113][ T6326] usb 6-1: Using ep0 maxpacket: 8
[  360.184088][T16258] loop7: detected capacity change from 0 to 512
[  360.186775][ T6326] usb 6-1: config 4 has an invalid interface number: 244 but max is 0
[  360.188158][T16258] EXT4-fs: Ignoring removed bh option
[  360.198212][T16258] EXT4-fs (loop7): mounting ext3 file system using the ext4 subsystem
[  360.200142][ T6326] usb 6-1: config 4 has no interface number 0
[  360.203622][ T6326] usb 6-1: config 4 interface 244 altsetting 1 endpoint 0x1 has an invalid bInterval 41, changing to 7
[  360.207822][ T6326] usb 6-1: config 4 interface 244 altsetting 1 endpoint 0x2 has invalid wMaxPacketSize 0
[  360.215819][ T6326] usb 6-1: config 4 interface 244 has no altsetting 0
[  360.217265][T16258] EXT4-fs (loop7): 1 truncate cleaned up
[  360.225146][T16258] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  360.225495][ T6326] usb 6-1: New USB device found, idVendor=05ac, idProduct=fa33, bcdDevice=cb.aa
[  360.234799][ T6326] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  360.237804][ T6326] usb 6-1: Product: syz
[  360.239454][ T6326] usb 6-1: Manufacturer: syz
[  360.241860][ T6326] usb 6-1: SerialNumber: syz
[  360.841754][ T6326] ipheth 6-1:4.244: Unable to find endpoints
[  360.850483][ T6326] usb 6-1: USB disconnect, device number 43
[  361.129337][T12108] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  361.270451][ T5848] Bluetooth: hci2: unexpected event 0x01 length: 13 > 1
[  361.451748][ T6326] usb 6-1: new high-speed USB device number 44 using dummy_hcd
[  361.458809][T16295] loop7: detected capacity change from 0 to 32768
[  361.466867][T16295] ocfs2: Slot 0 on device (7,7) was already allocated to this node!
[  361.475635][T16295] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode.
[  361.566796][T12108] ocfs2: Unmounting device (7,7) on (node local)
[  361.613942][ T6326] usb 6-1: config 220 has an invalid interface number: 76 but max is 2
[  361.617030][ T6326] usb 6-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  361.630095][ T6326] usb 6-1: config 220 has an invalid descriptor of length 184, skipping remainder of the config
[  361.633897][ T6326] usb 6-1: config 220 has no interface number 2
[  361.636203][ T6326] usb 6-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  361.642052][ T6326] usb 6-1: config 220 interface 0 has no altsetting 0
[  361.644467][ T6326] usb 6-1: config 220 interface 76 has no altsetting 0
[  361.646906][ T6326] usb 6-1: config 220 interface 1 has no altsetting 0
[  361.663101][ T6326] usb 6-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  361.666383][ T6326] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  361.669277][ T6326] usb 6-1: Product: syz
[  361.678763][ T6326] usb 6-1: Manufacturer: syz
[  361.682273][ T6326] usb 6-1: SerialNumber: syz
[  361.901502][ T6326] usb 6-1: selecting invalid altsetting 0
[  361.919280][ T6326] usb 6-1: Found UVC 7.01 device syz (8086:0b07)
[  361.921742][ T6326] usb 6-1: No valid video chain found.
[  361.928496][ T6326] usb 6-1: selecting invalid altsetting 0
[  361.931125][ T6326] usbtest 6-1:220.1: probe with driver usbtest failed with error -22
[  361.935825][ T6326] usb 6-1: USB disconnect, device number 44
[  362.871269][T16323] loop5: detected capacity change from 0 to 32768
[  362.886022][T16323] ERROR: (device loop5): xtTruncate_pmap: xt_getpage: xtree page corrupt
[  362.886022][T16323] 
[  362.892700][T16323] ERROR: (device loop5): remounting filesystem as read-only
[  362.895711][T16323] ERROR: (device loop5): jfs_rename: 
[  362.895711][T16323] 
[  362.920768][ T8764] ERROR: (device loop5): xtTruncate: xt_getpage: xtree page corrupt
[  362.920768][ T8764] 
[  363.177193][T16334] overlayfs: failed to clone upperpath
[  363.353591][T16344] bond2: entered promiscuous mode
[  363.355419][T16344] bond2: entered allmulticast mode
[  363.360339][T16344] 8021q: adding VLAN 0 to HW filter on device bond2
[  363.593628][T16357] sctp: [Deprecated]: syz.5.4095 (pid 16357) Use of struct sctp_assoc_value in delayed_ack socket option.
[  363.593628][T16357] Use struct sctp_sack_info instead
[  364.544203][   T33] audit: type=1326 audit(364.433:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16371 comm="syz.2.4101" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f22f498ebe9 code=0x0
[  364.576739][T16377] netdevsim netdevsim5 netdevsim0: entered allmulticast mode
[  364.581441][T16377] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  364.949543][  T791] usb 8-1: new high-speed USB device number 30 using dummy_hcd
[  365.140248][  T791] usb 8-1: Using ep0 maxpacket: 16
[  365.150523][  T791] usb 8-1: config 0 has an invalid interface number: 1 but max is 0
[  365.153534][  T791] usb 8-1: config 0 has no interface number 0
[  365.155370][  T791] usb 8-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  365.162009][  T791] usb 8-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  365.165973][  T791] usb 8-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[  365.169315][  T791] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  365.177597][  T791] usb 8-1: config 0 descriptor??
[  365.450392][    T9] usb 6-1: new high-speed USB device number 45 using dummy_hcd
[  365.690967][    T9] usb 6-1: Using ep0 maxpacket: 8
[  365.696551][    T9] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  365.700933][    T9] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  365.705378][    T9] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 49526, setting to 1024
[  365.709372][    T9] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  365.713966][    T9] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  365.718365][    T9] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  365.722302][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  365.787688][  T791] uclogic 0003:28BD:0071.0012: pen parameters not found
[  365.789872][  T791] uclogic 0003:28BD:0071.0012: interface is invalid, ignoring
[  365.931917][    T9] usb 6-1: GET_CAPABILITIES returned 0
[  365.934302][    T9] usbtmc 6-1:16.0: can't read capabilities
[  365.991108][   T47] usb 8-1: USB disconnect, device number 30
[  366.134341][ T6326] usb 6-1: USB disconnect, device number 45
[  366.562719][T16427] netlink: 12 bytes leftover after parsing attributes in process `syz.7.4126'.
[  366.963135][    T9] usb 8-1: new high-speed USB device number 31 using dummy_hcd
[  367.081959][T16463] loop5: detected capacity change from 0 to 64
[  367.140076][    T9] usb 8-1: Using ep0 maxpacket: 16
[  367.143207][    T9] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  367.145549][T16465] random: crng reseeded on system resumption
[  367.146766][    T9] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  367.148690][    T9] usb 8-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  367.160052][    T9] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  367.162973][    T9] usb 8-1: Product: syz
[  367.164651][    T9] usb 8-1: Manufacturer: syz
[  367.164665][    T9] usb 8-1: SerialNumber: syz
[  367.181969][    T9] usb 8-1: config 0 descriptor??
[  367.187641][    T9] em28xx 8-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  367.200066][    T9] em28xx 8-1:0.0: Audio interface 0 found (Vendor Class)
[  367.859578][    T9] em28xx 8-1:0.0: chip ID is em2882/3
[  368.060566][    T9] em28xx 8-1:0.0: Config register raw data: 0xfffffffb
[  368.063497][    T9] em28xx 8-1:0.0: AC97 chip type couldn't be determined
[  368.066041][    T9] em28xx 8-1:0.0: No AC97 audio processor
[  368.076256][    T9] usb 8-1: USB disconnect, device number 31
[  368.079715][    T9] em28xx 8-1:0.0: Disconnecting em28xx
[  368.087217][    T9] em28xx 8-1:0.0: Freeing device
[  368.584161][T16514] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4163'.
[  368.620959][ T6326] usb 6-1: new high-speed USB device number 46 using dummy_hcd
[  368.770185][ T6326] usb 6-1: Using ep0 maxpacket: 16
[  368.774239][ T6326] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  368.777384][ T6326] usb 6-1: config 0 has no interface number 0
[  368.781763][ T6326] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  368.786792][ T6326] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  368.791563][ T6326] usb 6-1: config 0 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  368.795942][ T6326] usb 6-1: New USB device found, idVendor=04d9, idProduct=a072, bcdDevice= 0.00
[  368.799547][ T6326] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  368.805335][ T6326] usb 6-1: config 0 descriptor??
[  368.961239][   T47] usb 8-1: new high-speed USB device number 32 using dummy_hcd
[  369.113185][   T47] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  369.116250][   T47] usb 8-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  369.119308][   T47] usb 8-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  369.126185][   T47] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[  369.129029][   T47] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  369.132266][   T47] usb 8-1: Product: syz
[  369.133634][   T47] usb 8-1: Manufacturer: syz
[  369.135132][   T47] usb 8-1: SerialNumber: syz
[  369.218959][ T6326] holtek_mouse 0003:04D9:A072.0013: unknown main item tag 0x0
[  369.221476][ T6326] holtek_mouse 0003:04D9:A072.0013: unknown main item tag 0x0
[  369.223722][ T6326] holtek_mouse 0003:04D9:A072.0013: unknown main item tag 0x0
[  369.226204][ T6326] holtek_mouse 0003:04D9:A072.0013: unknown main item tag 0x0
[  369.230470][ T6326] holtek_mouse 0003:04D9:A072.0013: hidraw0: USB HID v0.00 Device [HID 04d9:a072] on usb-dummy_hcd.5-1/input1
[  369.344333][   T47] usblp 8-1:1.0: usblp0: USB Unidirectional printer dev 32 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  369.424124][    T9] usb 6-1: USB disconnect, device number 46
[  369.545636][  T791] usb 8-1: USB disconnect, device number 32
[  369.550628][  T791] usblp0: removed
[  369.699080][T16552] netlink: 'syz.2.4181': attribute type 4 has an invalid length.
[  369.702709][T16552] netlink: 17 bytes leftover after parsing attributes in process `syz.2.4181'.
[  370.197074][   T33] audit: type=1326 audit(370.083:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16569 comm="syz.7.4190" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9408f8ebe9 code=0x7ffc0000
[  370.209109][   T33] audit: type=1326 audit(370.083:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16569 comm="syz.7.4190" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9408f8ebe9 code=0x7ffc0000
[  370.218042][   T33] audit: type=1326 audit(370.093:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16569 comm="syz.7.4190" exe="/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7f9408f8ebe9 code=0x7ffc0000
[  370.226795][   T33] audit: type=1326 audit(370.093:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16569 comm="syz.7.4190" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9408f8ebe9 code=0x7ffc0000
[  370.236763][   T33] audit: type=1326 audit(370.093:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16569 comm="syz.7.4190" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9408f8ebe9 code=0x7ffc0000
[  370.249284][   T33] audit: type=1326 audit(370.093:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16569 comm="syz.7.4190" exe="/syz-executor" sig=0 arch=c000003e syscall=333 compat=0 ip=0x7f9408f8ebe9 code=0x7ffc0000
[  370.269321][   T33] audit: type=1326 audit(370.153:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16569 comm="syz.7.4190" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9408f8ebe9 code=0x7ffc0000
[  370.278407][   T33] audit: type=1326 audit(370.153:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16569 comm="syz.7.4190" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9408f8ebe9 code=0x7ffc0000
[  370.537424][T16577] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4191'.
[  371.034915][T16581] loop7: detected capacity change from 0 to 40427
[  371.037789][T16581] F2FS-fs (loop7): Invalid log_blocksize (268), supports only 12
[  371.040451][T16581] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[  371.045458][T16581] F2FS-fs (loop7): invalid crc value
[  371.089564][T16581] F2FS-fs (loop7): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  371.093896][T16581] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0
[  371.096545][T16581] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  372.124557][T16596] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4200'.
[  372.334075][T16607] loop5: detected capacity change from 0 to 16
[  372.339247][T16607] erofs (device loop5): mounted with root inode @ nid 36.
[  372.349246][T16607] erofs (device loop5): bogus lookback distance 1388 @ lcn 42 of nid 36
[  372.357096][T16607] erofs (device loop5): failed to decompress -29 in[58, 4038] out[1851]
[  372.362803][T16607] erofs (device loop5): read error -117 @ 43 of nid 36
[  372.462681][T16610] erofs (device loop5): bogus lookback distance 1388 @ lcn 42 of nid 36
[  372.465396][T16610] erofs (device loop5): bogus lookback distance 1388 @ lcn 42 of nid 36
[  372.467921][T16610] erofs (device loop5): readahead error at folio 42 @ nid 36
[  372.476452][T16610] erofs (device loop5): bogus lookback distance 774 @ lcn 40 of nid 36
[  372.479045][T16610] erofs (device loop5): readahead error at folio 41 @ nid 36
[  372.499637][T16610] erofs (device loop5): bogus lookback distance 774 @ lcn 40 of nid 36
[  372.512059][T16610] erofs (device loop5): readahead error at folio 40 @ nid 36
[  372.516722][T16610] erofs (device loop5): readahead error at folio 39 @ nid 36
[  372.524639][T16610] erofs (device loop5): readahead error at folio 38 @ nid 36
[  372.531668][T16610] erofs (device loop5): readahead error at folio 36 @ nid 36
[  372.539817][T16610] erofs (device loop5): bogus lookback distance 1468 @ lcn 31 of nid 36
[  372.554133][T16610] erofs (device loop5): readahead error at folio 31 @ nid 36
[  372.567079][T16610] erofs (device loop5): readahead error at folio 25 @ nid 36
[  372.575890][T16610] erofs (device loop5): readahead error at folio 24 @ nid 36
[  372.594027][T16610] erofs (device loop5): readahead error at folio 19 @ nid 36
[  372.599242][T16610] syz.5.4204: attempt to access beyond end of device
[  372.599242][T16610] loop5: rw=524288, sector=784, nr_sectors = 64 limit=16
[  372.612514][T16610] syz.5.4204: attempt to access beyond end of device
[  372.612514][T16610] loop5: rw=524288, sector=13478624080, nr_sectors = 24 limit=16
[  372.637422][T16610] syz.5.4204: attempt to access beyond end of device
[  372.637422][T16610] loop5: rw=524288, sector=13478624032, nr_sectors = 48 limit=16
[  372.661617][T16610] erofs (device loop5): failed to decompress -29 in[58, 4038] out[2639]
[  372.667188][T16610] erofs (device loop5): bogus lookback distance 1586 @ lcn 46 of nid 36
[  372.682364][T16610] erofs (device loop5): readahead error at folio 47 @ nid 36
[  372.687068][T16610] erofs (device loop5): bogus lookback distance 1586 @ lcn 46 of nid 36
[  372.691095][T16610] erofs (device loop5): readahead error at folio 46 @ nid 36
[  372.706386][T16610] erofs (device loop5): readahead error at folio 45 @ nid 36
[  372.711318][T16610] syz.5.4204: attempt to access beyond end of device
[  372.711318][T16610] loop5: rw=524288, sector=16, nr_sectors = 16 limit=16
[  372.727892][T16610] erofs (device loop5): failed to decompress -29 in[58, 4038] out[3537]
[  372.813377][T16609] loop7: detected capacity change from 0 to 32768
[  372.828865][T16609] bcachefs (/dev/loop7): error validating superblock: Invalid superblock section clean: entry type btree_keys overruns end of section
[  372.828865][T16609] clean (size 2912):
[  372.828865][T16609] flags:          0
[  372.828865][T16609] journal_seq:    196618
[  372.828865][T16609] usage: type=inodes v=8
[  372.828865][T16609] usage: type=key_version v=0
[  372.828865][T16609] usage: type=reserved v=0
[  372.828865][T16609] usage: type=reserved v=0
[  372.828865][T16609] usage: type=reserved v=0
[  372.828865][T16609] usage: type=reserved v=0
[  372.828865][T16609] data_usage: btree: 1/1 [0]=2816
[  372.828865][T16609] data_usage: journal: 1/1 [0]=0
[  372.828865][T16609] data_usage: user: 1/1 [0]=16
[  372.828865][T16609] dev_usage: dev=0  
[  372.828865][T16609]   free: buckets=83 sectors=0 fragmented=0
[  372.828865][T16609]   sb: buckets=25 sectors=6152 fragmented=248
[  372.828865][T16609]   journal: buckets=8 sectors=2048 fragmented=0
[  372.828865][T16609]   btree: buckets=11 sectors=2816 fragmented=0
[  372.828865][T16609]   user: buckets=1 sectors=16 fragmented=240
[  372.828865][T16609]   cached: buckets=0 sectors=0 fragmented=0
[  372.828865][T16609]   parity: buckets=0 sectors=0 fragmented=0
[  372.828865][T16609]   stripe: buckets=0 sectors=0 fragmented=0
[  372.828865][T16609]   need_gc_gens: buckets=0 sectors=0 fragmented=0
[  372.828865][T16609]   need_discard: buckets=0 sectors=0 fragmented=0
[  372.828865][T16609] clock: read=0
[  372.828865][T16609] clock: write=1280
[  372.828865][T16609] btree_root: btree=extents level=0 u64s 11 type btree_ptr_v2 POS_MAX len 511 ver 0: s
[  372.829040][T16609] bcachefs: bch2_fs_get_tree() error: invalid_sb_clean
[  373.148797][T16616] IPv6: NLM_F_CREATE should be specified when creating new route
[  373.483210][T16633] netlink: zone id is out of range
[  373.485132][T16633] netlink: set zone limit has 4 unknown bytes
[  373.536701][T16637] loop5: detected capacity change from 0 to 2048
[  373.548627][T16637] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  374.317147][T16672] overlayfs: failed to resolve './file0': -2
[  374.566211][T16688] netlink: 'syz.2.4240': attribute type 21 has an invalid length.
[  374.569432][T16688] netlink: 'syz.2.4240': attribute type 15 has an invalid length.
[  374.573012][T16688] netlink: 156 bytes leftover after parsing attributes in process `syz.2.4240'.
[  374.576577][T16688] IPv6: NLM_F_CREATE should be specified when creating new route
[  374.583143][T16688] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  374.586032][T16688] IPv6: NLM_F_CREATE should be set when creating new route
[  374.588901][T16688] IPv6: NLM_F_CREATE should be set when creating new route
[  374.591869][T16688] IPv6: NLM_F_CREATE should be set when creating new route
[  374.712596][  T791] usb 6-1: new high-speed USB device number 47 using dummy_hcd
[  374.885663][   T47] kernel write not supported for file [eventfd] (pid: 47 comm: kworker/1:1)
[  375.020185][  T791] usb 6-1: Using ep0 maxpacket: 16
[  375.023260][  T791] usb 6-1: config 0 has an invalid interface number: 41 but max is 0
[  375.025924][  T791] usb 6-1: config 0 has no interface number 0
[  375.028186][  T791] usb 6-1: config 0 interface 41 has no altsetting 0
[  375.034208][  T791] usb 6-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  375.037595][  T791] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  375.037608][  T791] usb 6-1: Product: syz
[  375.042042][  T791] usb 6-1: Manufacturer: syz
[  375.043551][  T791] usb 6-1: SerialNumber: syz
[  375.051933][  T791] usb 6-1: config 0 descriptor??
[  375.055128][  T791] CoreChips 6-1:0.41: probe with driver CoreChips failed with error -22
[  375.262297][  T791] usb 6-1: USB disconnect, device number 47
[  375.284308][T16708] Dead loop on virtual device ipvlan1, fix it urgently!
[  375.465774][T16711] loop7: detected capacity change from 0 to 2048
[  375.469247][T16711] EXT4-fs: Ignoring removed mblk_io_submit option
[  375.496655][T16711] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  375.534836][T12108] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  375.870717][   T47] usb 8-1: new high-speed USB device number 33 using dummy_hcd
[  376.016898][T16730] bond0: entered promiscuous mode
[  376.018931][T16730] : entered promiscuous mode
[  376.021020][T16730] bond_slave_1: entered promiscuous mode
[  376.030164][   T47] usb 8-1: Using ep0 maxpacket: 8
[  376.034743][   T47] usb 8-1: config index 0 descriptor too short (expected 1821, got 853)
[  376.038302][   T47] usb 8-1: config 0 has an invalid interface number: 103 but max is 2
[  376.041967][   T47] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  376.047073][   T47] usb 8-1: config 0 has 2 interfaces, different from the descriptor's value: 3
[  376.056225][   T47] usb 8-1: config 0 has no interface number 1
[  376.058636][   T47] usb 8-1: config 0 interface 103 altsetting 9 endpoint 0x7 has an invalid bInterval 0, changing to 7
[  376.063748][   T47] usb 8-1: config 0 interface 103 altsetting 9 endpoint 0xE has invalid maxpacket 1024, setting to 64
[  376.068096][   T47] usb 8-1: config 0 interface 103 altsetting 9 has a duplicate endpoint with address 0x8, skipping
[  376.078635][   T47] usb 8-1: config 0 interface 103 altsetting 9 has a duplicate endpoint with address 0x4, skipping
[  376.085480][   T47] usb 8-1: config 0 interface 103 has no altsetting 0
[  376.091739][   T47] usb 8-1: New USB device found, idVendor=04b4, idProduct=1002, bcdDevice=cd.b4
[  376.095301][   T47] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  376.106789][   T47] usb 8-1: Product: syz
[  376.108623][   T47] usb 8-1: Manufacturer: syz
[  376.110796][   T47] usb 8-1: SerialNumber: syz
[  376.115866][   T47] usb 8-1: config 0 descriptor??
[  376.427069][   T47] videodev: could not get a free minor
[  376.434781][   T47] dsbr100 8-1:0.0: couldn't register video device
[  376.446308][   T47] dsbr100 8-1:0.0: probe with driver dsbr100 failed with error -23
[  376.452258][T16741] netlink: 44 bytes leftover after parsing attributes in process `syz.2.4262'.
[  376.459712][T16741] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4262'.
[  376.470324][   T47] usb 8-1: USB disconnect, device number 33
[  376.632160][T16745] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4264'.
[  377.066908][T16762] loop7: detected capacity change from 0 to 256
[  377.070797][T16762] vfat: Unknown parameter 'utf	'
[  377.304103][T16774] loop5: detected capacity change from 0 to 4096
[  377.331546][T16774] ntfs3(loop5): ino=19, mi_enum_attr
[  377.340250][T16774] ntfs3(loop5): Mark volume as dirty due to NTFS errors
[  377.371536][T16774] ntfs3(loop5): try to read out of volume at offset 0x3fffffc7000
[  377.374650][T16774] ntfs3(loop5): ino=21, The size of extended attributes must not exceed 64KiB
[  377.406433][T16762] loop7: detected capacity change from 0 to 32768
[  377.411607][T16762] bcachefs (/dev/loop7): error validating superblock: Invalid superblock layout: superblocks overlap
[  377.411607][T16762]   (sb 1 ends at 36028797018970112 next starts at 30720
[  377.417408][T16762] bcachefs: bch2_fs_get_tree() error: invalid_sb_layout_superblocks_overlap
[  377.844590][T16787] loop7: detected capacity change from 0 to 32768
[  377.878015][T16787] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode.
[  377.926853][T12108] ocfs2: Unmounting device (7,7) on (node local)
[  378.340113][ T5893] usb 6-1: new full-speed USB device number 48 using dummy_hcd
[  378.385586][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[  378.389053][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[  378.462575][T16821] loop7: detected capacity change from 0 to 32768
[  378.472277][T16821] XFS (loop7): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  378.501498][ T5893] usb 6-1: config index 0 descriptor too short (expected 69, got 36)
[  378.504455][ T5893] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  378.521668][ T5893] usb 6-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=b7.89
[  378.522769][T16821] XFS (loop7): Ending clean mount
[  378.525028][ T5893] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  378.530504][ T5893] usb 6-1: Product: syz
[  378.532172][ T5893] usb 6-1: Manufacturer: syz
[  378.534032][ T5893] usb 6-1: SerialNumber: syz
[  378.536175][T16821] XFS (loop7): Quotacheck needed: Please wait.
[  378.550632][ T5893] usb 6-1: config 0 descriptor??
[  378.554025][ T5893] gspca_main: gspca_pac7302-2.14.0 probing 093a:2622
[  378.580984][T16821] XFS (loop7): Quotacheck: Done.
[  378.623015][T12108] XFS (loop7): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  379.486623][ T5893] gspca_pac7302: reg_w() failed i: ff v: 01 error -71
[  379.489367][ T5893] gspca_pac7302 6-1:0.0: probe with driver gspca_pac7302 failed with error -71
[  379.494888][ T5893] usb 6-1: USB disconnect, device number 48
[  380.083187][T16863] loop7: detected capacity change from 0 to 512
[  380.380144][T16880] loop7: detected capacity change from 0 to 8
[  380.417487][T16880] SQUASHFS error: Failed to read block 0x4de: -5
[  380.420477][T16880] SQUASHFS error: Failed to read block 0x4de: -5
[  380.483719][   T33] audit: type=1800 audit(380.313:134): pid=16880 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.7.4316" name="file1" dev="loop7" ino=5 res=0 errno=0
[  380.634055][T16889] netlink: 60 bytes leftover after parsing attributes in process `syz.5.4326'.
[  380.983684][ T5893] usb 6-1: new high-speed USB device number 49 using dummy_hcd
[  381.222170][ T5893] usb 6-1: config 0 has an invalid interface number: 197 but max is 0
[  381.230125][ T5893] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  381.238143][ T5893] usb 6-1: config 0 has no interface number 0
[  381.241328][ T5893] usb 6-1: config 0 interface 197 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  381.246726][ T5893] usb 6-1: config 0 interface 197 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0
[  381.251121][ T5893] usb 6-1: config 0 interface 197 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  381.264312][ T5893] usb 6-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=bb.42
[  381.268221][ T5893] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  381.272579][ T5893] usb 6-1: Product: syz
[  381.274456][ T5893] usb 6-1: Manufacturer: syz
[  381.276441][ T5893] usb 6-1: SerialNumber: syz
[  381.287458][ T5893] usb 6-1: config 0 descriptor??
[  381.512661][   T47] usb 6-1: USB disconnect, device number 49
[  382.214600][T16930] loop5: detected capacity change from 0 to 1024
[  382.237390][T16930] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  382.264091][T16930] overlayfs: workdir and upperdir must reside under the same mount
[  382.311118][ T8764] EXT4-fs error (device loop5): ext4_lookup:1791: inode #2: comm syz-executor: deleted inode referenced: 11
[  382.315306][ T8764] EXT4-fs error (device loop5): ext4_lookup:1791: inode #2: comm syz-executor: deleted inode referenced: 11
[  382.379149][T13591] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  382.465853][T16943] netlink: 'syz.2.4352': attribute type 2 has an invalid length.
[  382.545375][ T5908] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  382.699641][T16951] tmpfs: Bad value for 'mpol'
[  382.704606][ T5908] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  382.794796][ T5908] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  382.883033][ T5908] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  382.940775][ T5909] usb 8-1: new high-speed USB device number 34 using dummy_hcd
[  382.951683][ T5233] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  382.959821][ T5233] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  382.963758][ T5233] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  382.968056][ T5233] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  382.975122][ T5233] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  383.084605][ T5908] bridge_slave_1: left allmulticast mode
[  383.086894][ T5908] bridge_slave_1: left promiscuous mode
[  383.089272][ T5908] bridge0: port 2(bridge_slave_1) entered disabled state
[  383.102794][ T5908] bridge_slave_0: left allmulticast mode
[  383.105179][ T5908] bridge_slave_0: left promiscuous mode
[  383.107447][ T5908] bridge0: port 1(bridge_slave_0) entered disabled state
[  383.115592][ T5909] usb 8-1: too many endpoints for config 0 interface 0 altsetting 0: 196, using maximum allowed: 30
[  383.119682][ T5909] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  383.125299][ T5909] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 196
[  383.132249][ T5909] usb 8-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.00
[  383.135623][ T5909] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  383.141232][ T5909] usb 8-1: config 0 descriptor??
[  383.438100][ T5908] bond1 (unregistering): (slave gretap1): Releasing active interface
[  383.841656][ T5908] bond0 (unregistering): (slave 30): Releasing backup interface
[  383.845106][ T5908] : left promiscuous mode
[  383.849312][ T5908] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  383.855263][ T5908] bond_slave_1: left promiscuous mode
[  383.857811][ T5908] bond0 (unregistering): Released all slaves
[  384.013133][ T5908] bond1 (unregistering): Released all slaves
[  384.042709][ T5909] holtek_kbd 0003:04D9:A055.0014: unknown main item tag 0x0
[  384.045431][ T5909] holtek_kbd 0003:04D9:A055.0014: unknown main item tag 0x0
[  384.048064][ T5909] holtek_kbd 0003:04D9:A055.0014: unknown main item tag 0x0
[  384.050882][ T5909] holtek_kbd 0003:04D9:A055.0014: unknown main item tag 0x0
[  384.053397][ T5909] holtek_kbd 0003:04D9:A055.0014: unknown main item tag 0x0
[  384.055940][ T5909] holtek_kbd 0003:04D9:A055.0014: unknown main item tag 0x0
[  384.058123][ T5909] holtek_kbd 0003:04D9:A055.0014: unknown main item tag 0x0
[  384.062330][ T5909] holtek_kbd 0003:04D9:A055.0014: hidraw0: USB HID v10.00 Device [HID 04d9:a055] on usb-dummy_hcd.7-1/input0
[  384.193838][ T5908] bond2 (unregistering): Released all slaves
[  384.254303][ T5909] usb 8-1: USB disconnect, device number 34
[  384.325140][ T5908] tipc: Left network mode
[  384.492155][T16963] chnl_net:caif_netlink_parms(): no params data found
[  384.546573][T16994] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4373'.
[  384.557434][ T5908] hsr_slave_0: left promiscuous mode
[  384.559636][ T5908] hsr_slave_1: left promiscuous mode
[  384.564198][ T5908] batman_adv: batadv0: Removing interface: batadv_slave_0
[  384.567544][ T5908] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  384.570170][ T5908] batman_adv: batadv0: Removing interface: batadv_slave_1
[  384.585944][ T5908] veth0_macvtap: left promiscuous mode
[  384.588097][ T5908] veth1_vlan: left promiscuous mode
[  384.590806][ T5908] veth0_vlan: left promiscuous mode
[  384.815390][T16998] loop7: detected capacity change from 0 to 256
[  384.844189][T16998] FAT-fs (loop7): count of clusters too big (178174)
[  384.846958][T16998] FAT-fs (loop7): Can't find a valid FAT filesystem
[  385.030566][ T5233] Bluetooth: hci0: command tx timeout
[  385.031408][T17004] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4377'.
[  385.220339][ T5908] team0 (unregistering): Port device team_slave_1 removed
[  385.284028][ T5908] team0 (unregistering): Port device team_slave_0 removed
[  385.887415][T16963] bridge0: port 1(bridge_slave_0) entered blocking state
[  385.889621][T16963] bridge0: port 1(bridge_slave_0) entered disabled state
[  385.892357][T16963] bridge_slave_0: entered allmulticast mode
[  385.896501][T16963] bridge_slave_0: entered promiscuous mode
[  385.906976][T16963] bridge0: port 2(bridge_slave_1) entered blocking state
[  385.909379][T16963] bridge0: port 2(bridge_slave_1) entered disabled state
[  385.912974][T16963] bridge_slave_1: entered allmulticast mode
[  385.917630][T16963] bridge_slave_1: entered promiscuous mode
[  385.978983][T16963] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  385.994375][T16963] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  386.039322][T16963] team0: Port device team_slave_0 added
[  386.045518][T16963] team0: Port device team_slave_1 added
[  386.101486][T16963] batman_adv: batadv0: Adding interface: batadv_slave_0
[  386.104671][T16963] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  386.117073][T16963] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  386.122342][   T47] usb 8-1: new high-speed USB device number 35 using dummy_hcd
[  386.149550][T16963] batman_adv: batadv0: Adding interface: batadv_slave_1
[  386.152531][T16963] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  386.162642][T16963] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  386.249341][T16963] hsr_slave_0: entered promiscuous mode
[  386.261549][T16963] hsr_slave_1: entered promiscuous mode
[  386.272344][   T47] usb 8-1: Using ep0 maxpacket: 32
[  386.276409][   T47] usb 8-1: config 0 has an invalid interface number: 231 but max is 0
[  386.279270][   T47] usb 8-1: config 0 has no interface number 0
[  386.283746][ T5908] ==================================================================
[  386.286958][ T5908] BUG: KASAN: slab-use-after-free in __xfrm_state_delete+0x666/0xca0
[  386.290052][ T5908] Write of size 8 at addr ffff888118c504a8 by task kworker/u8:4/5908
[  386.294571][ T5908] 
[  386.295505][ T5908] CPU: 1 UID: 0 PID: 5908 Comm: kworker/u8:4 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  386.295522][ T5908] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  386.295531][ T5908] Workqueue: netns cleanup_net
[  386.295553][ T5908] Call Trace:
[  386.295559][ T5908]  <TASK>
[  386.295565][ T5908]  dump_stack_lvl+0x189/0x250
[  386.295581][ T5908]  ? __virt_addr_valid+0x1c8/0x5c0
[  386.295596][ T5908]  ? rcu_is_watching+0x15/0xb0
[  386.295607][ T5908]  ? __kasan_check_byte+0x12/0x40
[  386.295623][ T5908]  ? __pfx_dump_stack_lvl+0x10/0x10
[  386.295636][ T5908]  ? rcu_is_watching+0x15/0xb0
[  386.295647][ T5908]  ? lock_release+0x4b/0x3e0
[  386.295665][ T5908]  ? __virt_addr_valid+0x1c8/0x5c0
[  386.295679][ T5908]  ? __virt_addr_valid+0x4a5/0x5c0
[  386.295694][ T5908]  print_report+0xca/0x240
[  386.295705][ T5908]  ? __xfrm_state_delete+0x666/0xca0
[  386.295721][ T5908]  kasan_report+0x118/0x150
[  386.295738][ T5908]  ? __xfrm_state_delete+0x666/0xca0
[  386.295756][ T5908]  __xfrm_state_delete+0x666/0xca0
[  386.295804][ T5908]  xfrm_state_flush+0x45f/0x770
[  386.295824][ T5908]  xfrm6_tunnel_net_exit+0x3f/0x100
[  386.295837][ T5908]  ops_undo_list+0x49a/0x990
[  386.295856][ T5908]  ? __pfx_ops_undo_list+0x10/0x10
[  386.295873][ T5908]  ? do_raw_spin_unlock+0x4d/0x240
[  386.295888][ T5908]  cleanup_net+0x4c5/0x800
[  386.295905][ T5908]  ? __pfx_cleanup_net+0x10/0x10
[  386.295922][ T5908]  ? process_scheduled_works+0x9ef/0x17b0
[  386.295933][ T5908]  ? process_scheduled_works+0x9ef/0x17b0
[  386.295945][ T5908]  process_scheduled_works+0xae1/0x17b0
[  386.295966][ T5908]  ? __pfx_process_scheduled_works+0x10/0x10
[  386.295982][ T5908]  worker_thread+0x8a0/0xda0
[  386.295996][ T5908]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  386.296014][ T5908]  ? __kthread_parkme+0x7b/0x200
[  386.296029][ T5908]  kthread+0x711/0x8a0
[  386.296044][ T5908]  ? __pfx_worker_thread+0x10/0x10
[  386.296055][ T5908]  ? __pfx_kthread+0x10/0x10
[  386.296069][ T5908]  ? _raw_spin_unlock_irq+0x23/0x50
[  386.296082][ T5908]  ? lockdep_hardirqs_on+0x9c/0x150
[  386.296097][ T5908]  ? __pfx_kthread+0x10/0x10
[  386.296111][ T5908]  ret_from_fork+0x3fc/0x770
[  386.296124][ T5908]  ? __pfx_ret_from_fork+0x10/0x10
[  386.296137][ T5908]  ? __switch_to_asm+0x39/0x70
[  386.296152][ T5908]  ? __switch_to_asm+0x33/0x70
[  386.296166][ T5908]  ? __pfx_kthread+0x10/0x10
[  386.296179][ T5908]  ret_from_fork_asm+0x1a/0x30
[  386.296199][ T5908]  </TASK>
[  386.296204][ T5908] 
[  386.384706][ T5908] Allocated by task 14439:
[  386.386406][ T5908]  kasan_save_track+0x3e/0x80
[  386.388199][ T5908]  __kasan_slab_alloc+0x6c/0x80
[  386.390078][ T5908]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  386.392124][ T5908]  xfrm_state_alloc+0x24/0x2f0
[  386.393962][ T5908]  xfrm_add_sa+0x17d1/0x4070
[  386.395696][ T5908]  xfrm_user_rcv_msg+0x7a3/0xab0
[  386.397582][ T5908]  netlink_rcv_skb+0x208/0x470
[  386.399397][ T5908]  xfrm_netlink_rcv+0x79/0x90
[  386.401179][ T5908]  netlink_unicast+0x82f/0x9e0
[  386.403025][ T5908]  netlink_sendmsg+0x805/0xb30
[  386.404847][ T5908]  __sock_sendmsg+0x21c/0x270
[  386.406634][ T5908]  ____sys_sendmsg+0x505/0x830
[  386.408436][ T5908]  ___sys_sendmsg+0x21f/0x2a0
[  386.410242][ T5908]  __x64_sys_sendmsg+0x19b/0x260
[  386.412118][ T5908]  do_syscall_64+0xfa/0x3b0
[  386.413863][ T5908]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  386.416073][ T5908] 
[  386.416976][ T5908] Freed by task 24:
[  386.418401][ T5908]  kasan_save_track+0x3e/0x80
[  386.420194][ T5908]  kasan_save_free_info+0x46/0x50
[  386.422082][ T5908]  __kasan_slab_free+0x5b/0x80
[  386.423881][ T5908]  kmem_cache_free+0x18f/0x400
[  386.425652][ T5908]  xfrm_state_gc_task+0x52d/0x6b0
[  386.427480][ T5908]  process_scheduled_works+0xae1/0x17b0
[  386.429547][ T5908]  worker_thread+0x8a0/0xda0
[  386.431309][ T5908]  kthread+0x711/0x8a0
[  386.432861][ T5908]  ret_from_fork+0x3fc/0x770
[  386.434600][ T5908]  ret_from_fork_asm+0x1a/0x30
[  386.436415][ T5908] 
[  386.437309][ T5908] The buggy address belongs to the object at ffff888118c50480
[  386.437309][ T5908]  which belongs to the cache xfrm_state of size 928
[  386.442365][ T5908] The buggy address is located 40 bytes inside of
[  386.442365][ T5908]  freed 928-byte region [ffff888118c50480, ffff888118c50820)
[  386.447381][ T5908] 
[  386.448285][ T5908] The buggy address belongs to the physical page:
[  386.450659][ T5908] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888118c50000 pfn:0x118c50
[  386.454437][ T5908] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  386.457615][ T5908] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff)
[  386.460472][ T5908] page_type: f5(slab)
[  386.462016][ T5908] raw: 057ff00000000040 ffff88801cf653c0 dead000000000122 0000000000000000
[  386.465193][ T5908] raw: ffff888118c50000 00000000800e000c 00000000f5000000 0000000000000000
[  386.468314][ T5908] head: 057ff00000000040 ffff88801cf653c0 dead000000000122 0000000000000000
[  386.471548][ T5908] head: ffff888118c50000 00000000800e000c 00000000f5000000 0000000000000000
[  386.474792][ T5908] head: 057ff00000000002 ffffea0004631401 00000000ffffffff 00000000ffffffff
[  386.477961][ T5908] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  386.481192][ T5908] page dumped because: kasan: bad access detected
[  386.483619][ T5908] page_owner tracks the page as allocated
[  386.485777][ T5908] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6462, tgid 6461 (syz.3.189), ts 83059780547, free_ts 83041253589
[  386.492740][ T5908]  post_alloc_hook+0x240/0x2a0
[  386.494582][ T5908]  get_page_from_freelist+0x21e4/0x22c0
[  386.496682][ T5908]  __alloc_frozen_pages_noprof+0x181/0x370
[  386.498846][ T5908]  alloc_pages_mpol+0x232/0x4a0
[  386.500648][ T5908]  allocate_slab+0x8a/0x370
[  386.502360][ T5908]  ___slab_alloc+0xbeb/0x1410
[  386.504145][ T5908]  kmem_cache_alloc_noprof+0x283/0x3c0
[  386.506231][ T5908]  xfrm_state_alloc+0x24/0x2f0
[  386.507986][ T5908]  xfrm_add_sa+0x17d1/0x4070
[  386.509681][ T5908]  xfrm_user_rcv_msg+0x7a3/0xab0
[  386.511536][ T5908]  netlink_rcv_skb+0x208/0x470
[  386.513354][ T5908]  xfrm_netlink_rcv+0x79/0x90
[  386.515164][ T5908]  netlink_unicast+0x82f/0x9e0
[  386.516872][ T5908]  netlink_sendmsg+0x805/0xb30
[  386.518685][ T5908]  __sock_sendmsg+0x21c/0x270
[  386.520489][ T5908]  ____sys_sendmsg+0x505/0x830
[  386.522323][ T5908] page last free pid 5814 tgid 5814 stack trace:
[  386.524731][ T5908]  __free_frozen_pages+0xbc4/0xd30
[  386.526684][ T5908]  __slab_free+0x303/0x3c0
[  386.528375][ T5908]  qlist_free_all+0x97/0x140
[  386.530162][ T5908]  kasan_quarantine_reduce+0x148/0x160
[  386.532227][ T5908]  __kasan_slab_alloc+0x22/0x80
[  386.534054][ T5908]  kmem_cache_alloc_node_noprof+0x1bb/0x3c0
[  386.536280][ T5908]  __alloc_skb+0x112/0x2d0
[  386.537956][ T5908]  tcp_stream_alloc_skb+0x3d/0x340
[  386.539869][ T5908]  tcp_sendmsg_locked+0xf38/0x5620
[  386.541692][ T5908]  tcp_sendmsg+0x2f/0x50
[  386.543218][ T5908]  __sock_sendmsg+0x19c/0x270
[  386.545006][ T5908]  sock_write_iter+0x258/0x330
[  386.546836][ T5908]  vfs_write+0x5c9/0xb30
[  386.548441][ T5908]  ksys_write+0x145/0x250
[  386.550088][ T5908]  do_syscall_64+0xfa/0x3b0
[  386.551775][ T5908]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  386.554000][ T5908] 
[  386.554931][ T5908] Memory state around the buggy address:
[  386.557047][ T5908]  ffff888118c50380: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[  386.560008][ T5908]  ffff888118c50400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  386.562994][ T5908] >ffff888118c50480: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  386.566019][ T5908]                                   ^
[  386.568052][ T5908]  ffff888118c50500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  386.571016][ T5908]  ffff888118c50580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  386.573936][ T5908] ==================================================================
[  386.577262][ T5908] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  386.580009][ T5908] CPU: 1 UID: 0 PID: 5908 Comm: kworker/u8:4 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  386.584677][ T5908] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  386.588417][ T5908] Workqueue: netns cleanup_net
[  386.590279][ T5908] Call Trace:
[  386.591551][ T5908]  <TASK>
[  386.592692][ T5908]  dump_stack_lvl+0x99/0x250
[  386.594471][ T5908]  ? __asan_memcpy+0x40/0x70
[  386.596248][ T5908]  ? __pfx_dump_stack_lvl+0x10/0x10
[  386.598158][ T5908]  ? __pfx__printk+0x10/0x10
[  386.599903][ T5908]  vpanic+0x281/0x750
[  386.601443][ T5908]  ? __pfx_print_hex_dump+0x10/0x10
[  386.603438][ T5908]  ? __pfx_vpanic+0x10/0x10
[  386.605145][ T5908]  ? irqentry_exit+0x74/0x90
[  386.606794][ T5908]  ? lockdep_hardirqs_on+0x9c/0x150
[  386.608670][ T5908]  panic+0xb9/0xc0
[  386.610066][ T5908]  ? __pfx_panic+0x10/0x10
[  386.611774][ T5908]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  386.614023][ T5908]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  386.616394][ T5908]  ? __xfrm_state_delete+0x666/0xca0
[  386.618393][ T5908]  check_panic_on_warn+0x89/0xb0
[  386.620281][ T5908]  ? __xfrm_state_delete+0x666/0xca0
[  386.622233][ T5908]  end_report+0x78/0x160
[  386.623821][ T5908]  kasan_report+0x129/0x150
[  386.625528][ T5908]  ? __xfrm_state_delete+0x666/0xca0
[  386.627522][ T5908]  __xfrm_state_delete+0x666/0xca0
[  386.629471][ T5908]  xfrm_state_flush+0x45f/0x770
[  386.631327][ T5908]  xfrm6_tunnel_net_exit+0x3f/0x100
[  386.633255][ T5908]  ops_undo_list+0x49a/0x990
[  386.634971][ T5908]  ? __pfx_ops_undo_list+0x10/0x10
[  386.636815][ T5908]  ? do_raw_spin_unlock+0x4d/0x240
[  386.638644][ T5908]  cleanup_net+0x4c5/0x800
[  386.640273][ T5908]  ? __pfx_cleanup_net+0x10/0x10
[  386.642091][ T5908]  ? process_scheduled_works+0x9ef/0x17b0
[  386.644180][ T5908]  ? process_scheduled_works+0x9ef/0x17b0
[  386.646248][ T5908]  process_scheduled_works+0xae1/0x17b0
[  386.648360][ T5908]  ? __pfx_process_scheduled_works+0x10/0x10
[  386.650543][ T5908]  worker_thread+0x8a0/0xda0
[  386.652202][ T5908]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  386.654504][ T5908]  ? __kthread_parkme+0x7b/0x200
[  386.656301][ T5908]  kthread+0x711/0x8a0
[  386.657777][ T5908]  ? __pfx_worker_thread+0x10/0x10
[  386.659622][ T5908]  ? __pfx_kthread+0x10/0x10
[  386.661345][ T5908]  ? _raw_spin_unlock_irq+0x23/0x50
[  386.663320][ T5908]  ? lockdep_hardirqs_on+0x9c/0x150
[  386.665304][ T5908]  ? __pfx_kthread+0x10/0x10
[  386.667074][ T5908]  ret_from_fork+0x3fc/0x770
[  386.668843][ T5908]  ? __pfx_ret_from_fork+0x10/0x10
[  386.670795][ T5908]  ? __switch_to_asm+0x39/0x70
[  386.672602][ T5908]  ? __switch_to_asm+0x33/0x70
[  386.674432][ T5908]  ? __pfx_kthread+0x10/0x10
[  386.676186][ T5908]  ret_from_fork_asm+0x1a/0x30
[  386.678019][ T5908]  </TASK>
[  386.679884][ T5908] Kernel Offset: disabled
[  386.681471][ T5908] Rebooting in 86400 seconds..

VM DIAGNOSIS:
09:31:11  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000001 RBX=0000000000000000 RCX=1d87e9c7655ee800 RDX=0000000000000000
RSI=ffffffff8dba6026 RDI=ffffffff8be33400 RBP=ffffffff822e4087 RSP=ffffc90002c0f4f0
R8 =0000000000000000 R9 =ffffffff822e4087 R10=dffffc0000000000 R11=fffff940008a0f49
R12=0000000000000002 R13=ffffffff8e139ee0 R14=0000000000000000 R15=0000000000000246
RIP=ffffffff819d5bfd RFL=00000057 [---ZAPC] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00005555590c9500 ffffffff 00c00000
GS =0000 ffff8880b861c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b32322ff8 CR3=0000000117b10000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=6161616161616161 6161616161616161
XMM06=6161616161616161 6161616161616161 XMM07=6161616161616161 6161616161616161
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007f22f4a12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=1ffffffff33bdc60 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd
RSI=0000000000000000 RDI=0000000000000020 RBP=ffffffff99dee630 RSP=ffffc9000476f030
R8 =ffff888106dd8237 R9 =1ffff11020dbb046 R10=dffffc0000000000 R11=ffffffff854efde0
R12=dffffc0000000000 R13=0000000000000000 R14=ffffffff99dee3a0 R15=0000000000000000
RIP=ffffffff854efe57 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c1c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b3231dff8 CR3=0000000128268000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000100000001 0000002e00000000
XMM02=310063657363616d 00315f6576616c73 XMM03=0000000000000000 0000000000000000
XMM04=00000000ff000000 0000000000000000 XMM05=0000000000000000 00007fb536812e53
XMM06=0000000000000000 00007fb536812e4d XMM07=0000000000000000 00007fb536812e61
XMM08=0000000000000000 00007fb536812ee7 XMM09=0000000000000000 00007fb536812fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
