last executing test programs:

54.80968573s ago: executing program 1 (id=2034):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x40, r1, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_OURS={0x14, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x4}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x9}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}]}, 0x40}}, 0x0)

54.760633562s ago: executing program 1 (id=2036):
r0 = socket$kcm(0x2, 0x3, 0x2)
sendmsg$inet(r0, &(0x7f0000003a80)={&(0x7f00000004c0)={0x2, 0x0, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000003a00)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x11}, @multicast1}}}], 0x20}, 0x4008804)
sendmsg$kcm(r0, &(0x7f0000000480)={&(0x7f00000002c0)=@l2tp={0x2, 0x0, @remote}, 0x80, &(0x7f0000000180)=[{&(0x7f0000002800)="3282db78", 0x4}], 0x1}, 0x8400)

54.760508771s ago: executing program 1 (id=2037):
r0 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000180)="580000001400192340834b80040d8c561e067f0202ff000000020000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd000000100001000c0c100000000000000003a0", 0x58}], 0x1)

54.690801678s ago: executing program 1 (id=2038):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xb, 0x5, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x9}, [@call={0x85, 0x0, 0x0, 0x11}, @call={0x85, 0x0, 0x0, 0x7}]}, &(0x7f0000000000)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)

54.690395236s ago: executing program 1 (id=2039):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdir(&(0x7f0000000300)='./file0\x00', 0xfffffffffffffffe)
mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000004c0)='cgroup2\x00', 0x0, 0x0)
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, 0x0)

54.621219255s ago: executing program 1 (id=2040):
r0 = fsopen(&(0x7f0000000100)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, 0x0, 0x0, 0x0)

39.428749545s ago: executing program 32 (id=2040):
r0 = fsopen(&(0x7f0000000100)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, 0x0, 0x0, 0x0)

4.066078178s ago: executing program 2 (id=2720):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x8923, &(0x7f00000000c0)={'bond_slave_0\x00', @random="0137013710ff"})

3.819798768s ago: executing program 2 (id=2721):
r0 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000380)='/proc/asound/card1/oss_mixer\x00', 0x1, 0x0)
writev(r0, &(0x7f00000028c0)=[{&(0x7f0000002600)='u', 0x4000}, {0x0, 0x2}], 0x2)

3.6888788s ago: executing program 2 (id=2722):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
openat$dir(0xffffffffffffff9c, 0x0, 0xea, 0x0)
prlimit64(0x0, 0x7, &(0x7f0000000000), 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f0000000480)={<r3=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r2, 0x40182103, &(0x7f0000000240)={r3, 0x2, r2})
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000280)='./file0\x00', 0x1058e58, &(0x7f0000000680)={[{@barrier}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x10000}}, {@bh}, {@data_err_ignore}, {@stripe={'stripe', 0x3d, 0x6}}, {@inlinecrypt}], [{@fsuuid={'fsuuid', 0x3d, {[0x36, 0x38, 0x0, 0x64, 0x8, 0x31, 0x67, 0x62], 0x2d, [0x64, 0x66, 0x39, 0x39], 0x2d, [0x62, 0x30, 0x30, 0x38], 0x2d, [0x32, 0x33, 0x3f, 0x37], 0x2d, [0x30, 0x66, 0x0, 0x0, 0x39, 0x30, 0x67, 0x32]}}}]}, 0x6, 0x615, &(0x7f0000000c00)="$eJzs3c9rHGUfAPDvzCZp0uZ90768ii2KAQ8tSNOkFqtebOvBHgoW7EHEQ0OT1NDtD5oUbC2YggcFBRGvIr34D3iX4tWbCOrNs1BFKgoqXZnd2XST7CZrmt1NMp8PbHaeZ2b3eb47efI8M5NnJ4DCGs1+pBF7I+6fTSJGGtYNR23laL7dvV8r+ZpK5dVfkkiqeTfP1bdP8uddeWIwIr45EfG/0spy567fuDBZrtS8E3Fo/uKVQ3PXbxycvTh5fvr89KWJw88dOTr+/MSRiQ2Jc1f+fPLUK49/+O6bz858Wz6YxLE40//2VCyLY6OMxmjcz0NszO+LiKPZQpPPZavZBiEUWin/feyPiEdjJErVVM1IzH7Q08oBHVUpZb15Wwbb3RDYKpJ1NusdG10RoMvq44Ds+Lf+WHvUcKbDo5LuuXu8dgC0Mv6+2rmRGKweG+28lzQcGdXObezegPKzMv6+ue/T7BFLzkP8sbh3+jagnFYWbkXEY83iT6p1212NNIs/XVKPJCLGI2Igr99LD1GHpGG5E+dhVrPe+NOIOJY/Z/kn1ln+6LJ0t+MHoJjuHM878oUstdj/fRWLfVO9/1s6/hlu0netR6/7v9bjv3p/P1g9R54uG4dlY5bTzd+yf3nGj++f/LhV+Y3jv+yRlV8fC3bD3VsR+5bF/14WbD7+yeJPmuz/bJOzx9or4+Xvfj7Zal2v46/cjtjf9Pjnwag0W1rl+uShmdny9HjtZ9Myvvz6jc9bld/r+LP9v7NF/A37P13+uuwzudJmGV+cvn2x1brhNeNPfxpIasebA3nOW5Pz81cnIgaSU/kmDfmHV69LfZv6e2TxH3iqeftf8vt/a+n7DNX/ZLbhymsX7rVat57933Ax+X6lzTq0ksU/tfb+X9H+s7yP2izj99evPdFq3WrxDz1MYAAAAAAAAFBAafUabJKOLS6n6dhYbb7s/2NnWr48N//0zOVrl6YiDlT/H7I/rV/pHqmlkyw9kf8/bD19eFn6mYjYExGflIaq6bFzl8tTvQ4eAAAAAAAAAAAAAAAAAAAANold+fz/+n2qfyvV5v8DBdHJG8wBm5v2D8VVbf8rbvEEFIH+H4pL+4fi0v6huLR/KC7tH4pL+4fi0v6huLR/AAAAANiW9jx554ckIhZeGKo+MgP5OjOCYHvr73UFgJ4p9boCQM8sXvo32IfCaWv8/2f+5YCdrw7QA0mzzOrgoLJ647/T9JUAAAAAAAAAAAAAQAfs39t6/r+5wbC9mfYHxfUQ8/99dQBscb76H4rLMT6w1iz+wVYrzP8HAAAAAAAAAAAAgK4Zrj6SdCyfCzwcaTo2FvGfiNgd/cnMbHl6PCL+GxHfl/p3ZOmJXlcaAAAAAAAAAAAAAAAAAAAAtpm56zcuTJbL01cbF/5akbP5FkprbfNItP2G9bugdqHyL8a/fFUk3f94hyJic+zlTiz0NeQkEQvZnt8UFbs6F5ujGtWFHv9hAgAAAAAAAAAAAAAAAACAAmqYe9zcvs+6XCMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6L4H9//v3EKvYwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtqZ/AgAA//9ffTgl")
socket(0x2a, 0x800000003, 0x1)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000002d00)={0x1, {{0xa, 0x4e22, 0x1000, @mcast2, 0x3}}, {{0xa, 0x4e22, 0x5, @private0={0xfc, 0x0, '\x00', 0x1}, 0xb0}}}, 0x108)

2.129787854s ago: executing program 2 (id=2727):
openat(0xffffffffffffff9c, 0x0, 0x141042, 0x0)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000003c0)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r0}, 0x10)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000c00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000200)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010029bd7000000000002100000008000300", @ANYRES32=r3], 0x1c}}, 0x0)
sendmsg$NL80211_CMD_ABORT_SCAN(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x1c, r2, 0xd9b2794f6a139537, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0)

2.129247954s ago: executing program 2 (id=2728):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = syz_mount_image$bcachefs(&(0x7f00000000c0), &(0x7f0000000180)='./bus\x00', 0x10, &(0x7f0000000040)=ANY=[], 0xff, 0x5a82, &(0x7f0000001080)="$eJzs3X+QHNV9IPDXM7Pa2V39WAkcZDCrRUYJwbG14lf5RyqWc4mdAoeSyynH4mTDglZE9kqo9COATGKRA591YJedci7ByR/EhX1nW3FxZV+MQpmAOYnzLxUXH3VlU2ffYf/hK8KhMqCjXD42tTP9Zmd6p7dnZ2elBT6fkran37z59rdfv+np92Z2JwAAAPCqcPzOfaeuPvd3v/1nEy989Pf+YdftYahcK6/GCsPp8pYzlSGnU39lbW2Z7Re/9pEv/XT0ht/+1v2Dn3/x2PYLdvzwd8664cEPXXn0nr9+5PkVX3vpqaK4sT9dPLOePJOEUP3Gyb/42LHvnDNdlqyc/lk6FMLqZM0jq5NMiLFfhBC2T+cYQlibufOrL1y6Y3p5+139LeWrMvX091e36eM83bEOnrr5DeFH79h6x/fWfeXv+o48fWimSlJt6k8hrLyu+fF9IYSB9H9I+2Jo6o+x024JIQw2Pe7NBXm9vsP8N+asn5cul6XLoYI48f71mfVSpl52PerLLAcLtrdQeXl0U6/cQZ3lmfXsyWih8vKM5avT5dfT5cXzjF9O96GchFISKo30J5OZPhKajlsSktqxrDbWS41jG9L9z6wnmfVSZr3cl9mv2nbTjlZOktbyWC9THk/HlbT8guZzdRvvzSl/bbqspk/UF+N6yN6oG5p1o7FfNTGvk3PkcjqUms5B7cobBz49GENp2VCyZtZjptqI9x3beveG8rZvHh/OySO5P0njJ13FP/jd1cs/+OXDB7Kv643415XS+KWu4v/4qhPPXnP4c5/Njf+pGL/cVfxLHhp85qpH71yf2z4nY/tUuoo//tRjn1h39vVHcvO/N8avdhV/89ET/StOPfRwbv5jsX0Guor/5Nve+ZMvPvHA07nxQ4w/2FX8bUf3fLJ/5NRFufEfju0z1F3/ee7IFT8YGfnZaF78x2P8FV3F/8Khe95636q7rsw9vlti+wx3Ff/dFz54x/JTD5yfd+5M7u30FRaAds5Kr7E+nq53Nc6cys5azF/TeOGvRiv1a77l6f8VC47eJHPxOb2dlb2MDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhhNe84b++63+/b/iZSrren954slRfxvJlISQDIYR9+8f37t+5+8bRD910YO/u8cnR8f2jE7v377119LLfGN07sWdy/Nbpe8feeGn9cWtCUl8m58/a9kCYmioNt5bF7f2rC4/8aMOb/88/hzD2mu+PVHLz33jPrvvObvMzI9k89fZdB67+/uV/m+7XcJrXcJu8pqampkJOXv/3/b+8789P/vSiEMZ+Za68Hnvyt/6xJaFawUycVKk/1BPqTwbb5tHIOs0ntldlx87JibG523f68eWc/fjXH3n6Fztu+fQv6+1bzd2PDtt3YPPUZOkvt777///lbfWCorzO1HEvau+4FzG/2H7VtL1Xpvu1Mme/Kjn7def3Hn7iG+cezm/ogv3qSztAX/LajrYb924wWd1SXk3rx0Ti4zbu37Vn475bD75x567xGydunNj9lk2Xbbpi7PIrLt9Y2/ONvdn/5w+Fscpz6wZD3P6vdrj/vehPA9ln36ztrvrjQ1+PPzvrT615LZt3e0znVdwezRnlPf8G3/uxz7zlnkevrhcU9fNYu3E+SZeD08d5U2jqb7Pbqt1+FR2fEMJou3Z49vkrwzn/Y+cdReeh5iPT/DMj2Tz1nfU//9s3/83a36wXnJbzfHNCXZ7nG1nP5FNrr+qOnbc3111q7dsfyul+DbXNa9N3Hu27+/g//0kjv2XLwi3j+/fv3VT/uTzNdHlyXtu8sqVxv9bVfpZDenhDo5u26a/T+kI9v+z5M1bPtupQet9QsqbtfmXF+45tvXtDeds3j+e1dHJ/fYsDYUV9mbwup+Zk5oHlRsLttr9Un39F/WPkXX/ztfd97e8vm9U/Lqn/LNqvJGe/vvLEFz7z+U//27/v3X6967dODP/8f/7RhnrBkj+vlOuJNLJO80lmziuTE5eEUPT8Wxfa70fj+ffvyzFumlH7/Sl6/mW3M1O/fbzRzPpQKHf1fL3kocFnrnr0zvW5z9eTcz1fm3f2tpbHlQuer0ul/2SfX0mlNY/Fe361dJRk89S3Pn7WoUc+uuXcekHR62Wjdrt+fWkH44+c/frHa34wctPov/nvvTtvfOk3vnrtD8c3/2m9oPvjHnPpzXGvpu1bzWnfRtZx3Nncvm+64abJ7fXyonY+c9e/6bJg/BNPJftuPfjh8cnJib37OtuvTl9P43ayrdzt62k8u60p2K/SrP1avBudtFenz7eY//au26v1+TYUkq5eFw5+d/XyD3758IHhWY9KN3RdKY1f6ir+j6868ew1hz/32dz4n4rxK13FH3/qsU+sO/v6I7nx703S+NWu4m8+eqJ/xamHHs6NPxbzH+gq/pNve+dPvvjEA0/nxg8x/lBX8VM/y43/eJJuZ/oaKYSvvnDpjvp6EvrS51vMo68lr5BdTzLrpcx6uXm9FGcR0g2Uk6S1PNZLyy9oyqWdP8wpj1dh1bX15YtxPWRvzF2+1JSazv3tyouuUwEAXuni+//xGjS+/z+RXijlzzTAjG7HYT9+7sgVPxgZ+dnanLhxHDYzn9P6HuvaNH58fJwHHHlTGJte3j5av9Cf7/sI8fmQneeM27no9a0xCuc5p2rbnzXPWTT/vj6zHvOqz5dXmsahqdnjmkroYP59fSZM0fx7ZveL388a/fistEab5q2yx68vnTFr93mH0NoulekIef0jOy8WP88xsjJsqW2vw/6R/RxNPA7Zz9HE7ZybOXF2+zmavP4xPLsdWvKK/SPWm6N/1FIufj9y9vELc7TvzPFrHy17/OZxvKsh/KfPxZXFen+2B/OGbU9pncwb9rfZQryv83nDxX0/zLxkTvz0CdbBvOFLq1oed3rnDWN53I9Kh/OJ78sp79V8YjxdxLxOzpHL6WA+EXiliuP/+BoxPf6fvgD/f5l6ReOU7FVjjJf7Ob1y+3yKxh2zP6c32NXr+Lajez7ZP3LqotzrnIc7/Zzenpa1wYLP/RS144bMemE75kzQFI33stspavfs5zKGwoqu2v0Lh+55632r7royt9231F9Ii9v9My1rKwrafbE/z/ny/5yB8ULb+Ev8cwydzp+dsc8xpB98WqzxyB/klM93PDI460Zjv2qW7nhk5oW0v3UCDwCgrTj+b7x/lo7//1eskF5HFI1bL86sx3i549ac65O8cevvp8tbMvWH0t+omO9187svfPCO5aceOD933HJvp+PQ/9iyNlw4Dl3YuDl3HLGlN58Xzx1HNMZZCxsn5ubfGCcubJye8zZt0zh9YePo3PZpjKNb5wE+c6Kz+HEeIDd+Yx6gh+Pcl2Yqnb5xbsF8XWZjcbXT+bozMo5e2bqfizKOTn99drHG0e/NKZ/vOHpo1o3GftUs3XF0a7lxNADwShXH//EyLo7/H83UW+j77Lnjgh5dt2f/Hkgj/uOLMq6cid+j93+Lx32LPW7NG9cnh9ptJd7b+bh+seclXu7v/y72vNBw7Q94pvE3rewwfqfzZGfs/eWlMi5ON2pcDADAUhbH/wPpev74f2Hjk1njt776JeTM+OTlNz5vrnfmxue9et/d+Lxt/E7ft86Jv3Tmvxb3czKv+vF/XE9Xp4z/AQBYguL4P/7aY/z7f/8lXc/+3fqlN06fSi9JF+l99LQ9jNON08Mc4/S35/y+R7y/83F6j+fZYvzmzwGYBzi9n48fmKlvHgAAgDOhrzZSmv179h9Il9nfs8/7vfxrcurXdPA3USvp5fH1+/dOTFx7YM/28f0T1+6+afvEvmtv3rtz//6J3fV6Cx035o5b0iT7QiVtj/b1suO2VenEwKqcv4eQrR/Dnle7MfvvIWQ3O1DwdwRmjl9n+eYdv9Ic9dv1j7zjnRf/D3PqR43jf8MfXXLtjn3X7ty9c//O8cmdBydao083xOA8vjczSf/P6/tSH3vy3x0PoX6r9q2ZGaX5f39nPDzzzKPlx6wnUmm6RZLc4z+dR5LJY3Wayeq87z/Iyfvb/+3P//jCqV9+MYSx15RfN9+8W0NunvrP75/4/f3Hv79nOv/SnPk3aqZ5FX1fabZ+3J/K5E379r9hx00Hdme/UbI7cT6j1FhfpPmM9Olf7nB+YltO+Xx/f78868bS1PH8xLR3XH/6EgMAWOLi+//xeja+f/jp9AIqlnc+Tq9fOHb7/nHuOH2ss3F69nvJisbp2fpxfzsdp1cXOE7Pbj9/nD6QW7/dOD1v3J0X/w9y6s9X5/2ki9/HiMPPLx8+kNtPrsv2k4G29bLfZ1DUT7L159tPkgX2k+z2i+Zz2tVv10/yjnte/Pfk1M9T1B8qjf6wsN+fye0Pn+rsvPHrmfWi/pCtP9/+UFpgf8huv6g/tKvfrj/kHd+8+Ffn1O9Ua/+Y7hi1fjFx7c037f1wU73F/v6LMPsjGZ3kt2zmsYv7/R/d6rx9F/dzXwvPP4TNtZK8/Bf3c2ULz7+o/efx+18rw6zPleXm/3jOCaTn+S/u97tk5FWf/fjTNV+bngmKPn9WNI+7Nad8vvO4y2bdWJrmNY8L9FQc/8e3e+L4/6502eu3gV7+35Pme8zaxu/R95gVXce86l7Ps2+5ez0HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAePnrD6G/srZ28/id+05dfe7vfvvPJl746O/9w67bf+0jX/rp6A2//a37Bz//4rHtF+z44e+cdcODH7ry6D1//cjzK7720lOFsYdrPysXp6vVEJJnkhCq3zj5Fx879p1zpsuSEEI5GT4UwupkzSOrk0yEsV+EELbHVCutd371hUt3TC9vv6u/pXxVJkh2v8JQOebTnGcItxTuES9D1bSfHTx18xvCj96x9Y7vrfvK3/UdefrQTJWk2tSfQlh5XfPj+0IIA+n/UH/K1KyND06XW0IIg02Pe3NBXq/vMP+NOevnpctl6XKoIE68f31mvZSpl12P+jLLwYLtLVReHt3WK7I8s549GS1UXp6xfHW6/Hq6vHie8cvxfxJKSag00p9MZvpIaDpuSUhqx7LaWC81jm1I9z+znmTWS5n1cl9mv2rbTTtaOUlay2O9THk8HVfS8guaz9VtvDen/LXpspo+UV+M6yF7o25o1o3GftXEvE7OkUvqPxRX6V6p6RzUrrxx4NODMZSWDSVrZj1mqo1437Gtd28ob/vm8eGcPJL7kzR+0lX8g99dvfyDXz58YG1e/OtKafxSV/F/fNWJZ685/LnP5sb/VIxf7ir+JQ8NPnPVo3euz22fk7F9Kl3FH3/qsU+sO/v6I7n53xvjV7uKv/noif4Vpx56ODf/sdg+A13Ff/Jt7/zJF5944Onc+CHGH+wq/rajez7ZP3Lqotz4D8f2Gequ/zx35IofjIz8bDQv/uMx/oqu4n/h0D1vvW/VXVfmHt8tsX2Gu4r/7gsfvGP5qQfOzzt3Jvf26pUT4NXprPQa6+PperfjzIVqGi/81Wilfs23PP2/opcbypjezspFjA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwCvTP9122Qfe//b3bK0kISQ5dabaiPeVl23ePNrFdsefeuwT686+/khz2dou4gAAAADF4ji81CiphrXh5mQgnNe2fpwjOC+uJa3l2WWMk50j6DROyMQptYlT6iJOuUf5VHoUp69HcZb1KE5/j+JUC+JUQ2dxBuaIU5nuAR3mMzhnPp3HGepRnOU9irOiR3FW9ijOqh7FGZ4zTuf9cHWP4qzpUZyzehTn7B7FeU2P4vxKj+Kc06M42Tnl+fbDFWnNc/Pi1G6UC+NUknLjjnbz6eek2zl/gdsZmnM71akVRa/HHW5noGB/4nZen3lcqXg7h5rrVzvczq/Ofzut+9/hdn59gdspFWwn9ttbsvnF7cS1Dvv/rT2Kc7BHcT7Sozi39SjOn8wnTpv3yGKcP+1RPh9dYByATsXx/8x4bzj0V34zDKZnnOwsQBzvrqv9nP16l3dCivFelylfVhQvO1DPxFs33/yyEwiZeOsz0fpa4lUa45E54lWb423I3DnX/r5tc/vcmuNdnCnvnyNeTXZiAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAW0T/ddtkH3v/292wNSZj+19ZUG/G+8rLNm0e72O6xrXdvKG/75vHmsv5KF4EAAACAQnEc3tcoqYb+yqbQnyxrqVdN5wGq6Xp5uL4cWRm2TC+T0VJtfTBZPefjKunjNu7ftWfjvlsPvnHnrvEbJ26c2P2WTZdtumLs8isu37hj5+TEWP1nCP0F8UIItemHfbce/PD45OTE3n31wmz+a9PHra0lW/tXe9zIm8LY9PL2NP81Bdsrzdre4t3o6AACAAAAAAAAAADAv7Brt6GSluUDwK9nZs7MeHT/zh/fxsU9DusqVlZqx9ASzwNBgi+LByHmWCdZciXp6C66K2aTLqSmFIGysGz4oQ2TNOmLLymRLywYZgmdTUKl/FAfCi1DxQ+hTJwz88yZmTPjnAZx1+33+/C8XPd139dzPx8OXM8ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAP0WJjer4+Mzs3mUQkQ3KaA2Rj+WKa1sao+5Untv+gNPXO6d2xUmGMhQAAAICRsj58ohMpR6mQj3ycuHy3MboGYqXvBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/vcsNqbn6zOzc0cmEcmQnOYA2Vi+mKa1Meq++tZDn31paupv3bHqGOsAAAAAo2V9eK4TKUc1TomJ5MSlzr8Tzb4NrO+b38pbka2zYY15/d8OhuWdssa809aY97EReZvb55sCAAAAPvqy/r/QiVSiVFi3qh/O+v9RfX2Wd3JfXr59XvtvBYprzgQAAADeX9b/lzqRapQK1U6/vtZ+f2NfXjZ/1P/ts/mnDpk/6v/5l7bP/k8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8di43p+frM7Fw+iUiG5DQHyMbyxTStjVH37Ccn/3Hx/ts3dsdKhTEWAgAAAEbK+vCV1rscpcJkTMSRy33/1IX3PvKlRx6bjohWm18sxk1bduy4/uzWMcs76/n9E99/9vVvr8o7q3U8aBsEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+MIuN6fn6zOzcEUlEMiSnOUA2li+maW2Muq98/ot/eeDFx1/rjlXHWAcAAAAYLevDV3r/clSjGMU4fvmuu9dfkuubP+ybAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHD4uOGbN39jy8LC1utdHJyLZj7iEHgMFy56Lw72XyYAAOCDdnIk0fwvnXDZwX5qAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgULDYmJ6vz8zOlZOIZEhOs9nctXTolo3li2laG6Nu+sQLpXXvPPl0d6w6xjoAAADAaFkfvtL7l6MaEzERxy3fDfomsNz/Vz7EhwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOKYuN6fn6zOzcuiQiGZLTHCAbyxfTtDZG3ft37f3cfUd/76LuWKkwxkIAAADASFkfXuxEylEqfDxKcVL7fqF3QpJvnwd/F1iZt71n2uSa5zW6ZhUjv+Z5d/btrNDeTWteuR3NV1rnzrzayrxce16ta141OuVrnXnLL2t3T7V1I55z0LsHAACAD0vW/5c6kUqUCqWu/v+nPfkVfS4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMMRiY3q+PjM7lyQRyZCc5gDZWL6YprUx6t782/8/6qs/u2tnd6w6xjoAAADAaFkfvtL7l6MaG+L/YsNy3x+V3vws75/1d++7519/PT3izOMPTBX6l/1RdvHrVy54qv8QkevNzkUc3a6XDKn3m9/fc+Om5rsPRJx5XP6kVfXi/ev1Lpk2H61vvXTHswe2j3g5AAAAcJjI+v+JTqQSpcJ1Q/v/rPMe0f93LDfgR9+46xfHto/tjrxvRq7SrpcbUu8Lmx7686nn/v31pf5/db1Pdq4+vffa+47tKdiK9EnS5sy1OzcfOGdfLtt1q36+r372Xr78rdf+ffVNd7/bql+Ocju+vu9RWtVWH/vKR9pcyO2Zu+S9PY3e+oUh+7/9d0+/+Kv1d729VP+tkyc79U+LQfVbOy8MrR9HpM3Jy+/Yfd7e/Zt760dELfKr67/x9kVxwh+vua1//5N9C3e/+e5j/wtIm89vfHPfufdWz++tnyzV75K9/5+/eP/un9z93cey+tlvRU4/Za31c331n7vzmF3P3HrZ+t76ub762f6fuuKlqW217/yhf/9X9axaGPoUq/f/4BkPX/nylvSW/iEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDDy2Jjer4+MzuXSyKSITnNAbKxfDFNa2PUffXiF9644q4f/7A7Vh1jHQAAAGC0rA9f6f3LUY1iFGNyue9/tL710h3PHtgeldZo0j4XFrbdsOMTV2/bed1VB+nJAQAAgLV69eJkuf8vdCKVKBU2xUS7/5+5dufmA+fsy2X9f27pnETE1dcsbD0zOnnP3XnMrmduvWx95ztBxPLPAspLeZ9Zybvwghcqb/7p66cOzDt7Je/5jW/uO/fe6vlZXnTnnRWd7xMPnvHwlS9vSW/pPF933qe+tm2h/XkiW3fy8jt2n7d3/+Zc9h2jfZ5sr5vlLeT2zF3y3p5GrhKlpfF8O6/c3jcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsNpiY3q+PjM7F/mIZEhOs1s7kI3li2laG6PuJZt+edtR7zy+oTtWKoyxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAfduBAAAAAAADI/7URqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrBffyFSlX0cwJ9nZvbd2Z1d3dUX2orW1YrCLpSCiLqpqAiNELoyJCzNiygIIgq7aA2NxIpugqwbiQqqLQSD3CTRYo3+STddVFBgXQQiLdQu0kXGzjxnnD3OaXS2AunzgeHZ5znnfM/vnOeZM3sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4LzSWxmpt0d2PDJ750W3fvbU/TNP3v7BQ9uueOKtn8Y23fzp3v7XT05tXr7l21uWbjrwwJrJ3a8c/m3wvT+OdQx+vNGsTN1qCPFEDKH64fSLT099fsHcWAwhlOPQeAjDccnh4ZhLWP17CGFzs875G/fNXLNlrt22q3fe+OJcSP66Qq2c1dMwNL/eVqfyYZx3qmmdbZ197Krw/U3rt3+57N13eiaOj5/eJc7tU07rKYRFG1uP7wkh9KXPnGy1jWQHp3ZdCKG/5bjrOtR16VnWv6qgf3Fq/5faWoecbPuKXL+U2y/fz/Tk2v4O51uoojq63a+TgVw//zBaqGadq9qPD6f2/dSuPMf8cvaJoRRDpVn+g/H0Ggkt8xZDrM9ltdkvZXNbCen6e1qOiyHEXL+U65d7ctdVP29aaOUY549n++XGs8dxJY0vb31Wt3FXwfiFqa2mL+rJrB/yfzTUzvijeV11WV3Tf1HLv6HU8gxqN96c+DQZtTRWi0vOOOZUG9m2qfXPXl7e8NGRoYI64t6Y8mNX+Vu/GB645+2dj44U5W8spfxSV/k/rD36y907X325MP+FLL/cVf7VB/tPrP14x4rC+zOd3Z/KWeXH1M+23Xvsk+eW/f++iXZzXc/fk+VXu6r/xsmjvYOzBw8V1r86uz99XeV/d8NtP7759f7jhfkhy+/vKn/D5MPP947OXlmYf6jxVajVV2gX6+fXiWu/GR39eawo/6vs/g+2yY8d898Y3339a4t3rSlcn+uy+zOU8vvOqf47LjuwfWB2/yVFz8645+/65QT4b1qa/sd6JvU7vWfumym1fc9cqJb3hZfGKo1foIH06fRuuBBz51n0D+YDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwJztwQAIAAAAg6P/rdgQKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwVAAAAP//y70YrQ==")
r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x0, 0x0, 0x35314258, 0x0, 0x0, [{}, {}, {}, {0x0, 0x3}]}})
r2 = openat(r0, &(0x7f0000000200)='./file0\x00', 0x84002, 0x1fe)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x48241, 0x141)
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000100)='./bus\x00', 0x20008c0, &(0x7f0000006b40)=ANY=[@ANYBLOB="696f636861727365743d6575632d6a702c73686f72746e616d653d6d697865642c73686f72746e616d653d6c6f7765722c636f6465706167653d3836342c636865636b3d7374726963742c73686f72746e616d653d6c6f7765722c757466383d302c73686f72746e616d653d77696e6e742c73686f72746e616d653d6c6f7765722c757466383d312c646d61736b3d30303030303030303030303030303030303030303030342c756e695f786c6174653d312c757466383d312c756e695f786c6174653d312c004e1e20125d59ec36e0519a0a8247f9820d1fad34e950a42a1789b676b61a2c818492e16fbc6537b2f268f995f6f74ce1d814cbf008b02e59bf913d7bde067e959af40de60b43"], 0x80, 0x350, &(0x7f0000000580)="$eJzs3U9oW3UcAPBv9tKkHcz2IAwF4elN0LJWPOipZXQwzEUl+OcgBtepNHXQYLA7NKsX8Sh41JM3D3rwsLMIinjz4NUJMhUPutvA4ZMkL81Lk3adkM3i53MI331/329+v7c8mtfX5tdXV2LjwkxcvHHjeszOlqK8cnYlbpZiIZIYuBLjKhNyAMDxcDPL4s+s74gtpSkvCQCYst77/+unCpl3vz6sPvPuDwDHXv79/9xhNbMHDVyaypIAgCkbu///yMhwZfRH/eXCbwUAAMfV8y+9/MxqLeK5NJ2N2HyvXW/X4+nh+OrFeDOasR5nYj5uRfQvFLoPpd7jufO1tTNpmnbil4Wodzva9YjNTrvev1JYTXr91ViK+VjI+/OrjSzLknNf1NaW0p6IuNLpzR+bpXZ9Jk7m8/94MtZjOdK4f6w/4nxtbTnNn6C+OejvROwO71t0178Y8/H9a3EpmnEhur2Dy5ra2s5Smp7NaiP97Xq1V9d34B0QAAAAAAAAAAAAAAAAAAAAAAD4VxbTPQt7+99kw/17FhcnjPf2x+n35/sD7fb3B8qqWWTZH+88Xn8/iZH9gfbvz9Oul+PEvT10AAAAAAAAAAAAAAAAAAAA+M9obVei0Wyub7W2L28Ug85Wa/tERHQzb3372VdzMV5zm6Ccz1EYSvPU5Y1GlgyKs2SkJg+S7uSDzKdX91ZcrKnuHcXEZVQPHmo2Tz3880fDzEPJ4Jn/HtYkMfkAk33LKAab9/WXdCf/UXvB8m1qrmVZdlD7zivjXVGKKN/5C3d4kHWDb66/8cATrdNP9jJfZn2PPjb/wrUPP/lto9Hszhy9V7Cy1bqVbTTyf08+2Q4OksL5U4p+UCqeCeXD2ndHM43kh99ffPCD7442e1bMvD2hJukfzuf7hyr9oLvMfUNzk+aamXDyTyE4/fFK4+rOT78etavwRcJGHQAAAAAAAAAAAAAAAAAAcFcUPiueyz/sO3NY11PPTn9lAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHD3DP/+fyHYHcscJfirE+ND1fWtVkTlXh8mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/c/8EAAD//9HQbnk=")
mount(0x0, 0x0, 0x0, 0x2200020, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x48241, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000001c0)=0x8)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r7, 0x0, 0x0, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback, 0x5}, 0x1c)
setsockopt$inet_sctp6_SCTP_EVENTS(r7, 0x84, 0xb, &(0x7f0000000580)={0x41, 0x80}, 0xe)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x804, &(0x7f0000000300)=ANY=[@ANYBLOB="73686f72746e616d653d77696e39352c73686f72746e616d653d6c6f7765722c756e695f786c6174653d312c73686f72746e616d653d77696e6e742c636865636b3d72656c617865642c73686f72746e616d653d77696e6e742c636865636b3d7374726963742c73686f72746e616d653d77696e39352c726f6469722c666c7573682c6e6f6e756d7461696c3d302c696f636861727365743d6d6163637972696c6c69632c73686f72746e616d653d77696e39352c73686f72746e616d653d6d697865642c726f6469722c00b0656c3c3526a738b4f0d33eacb913c926ee0068ade81c35318da4b3c81c2198855f1ebc124afa1049d049428b9f59bd9b7d48e072d3271a4c5071dc0b39916cce078af0a70fe0deed8417265414c1b47c2e2e963a723c6329b04992da9fd9393538aaa751d4bb0ff01b072a1324bea08d1e725c609161b7fcc6ba9ed06e116283be0fb77556b3444ad6ca927b3af85f3c2c6c690c3865af7cfa8784352beb3a3875270fc02e2a1bc119b9b8cdd3c62d80ff1fb94655bb5ddf6330e3f22c6c05b44759027bd1f476154a25af91"], 0xfd, 0x276, &(0x7f0000000a40)="$eJzs3UFqG1cYB/BvLMmW2oW06KoUPNAuujJ2T2BTXCg1FFq0aLtoTS1DsYTBBkGTEMWrnCAnyHmyCblADpCQXbwwmSDPSFbCyEaJbJnk99vo8d77z/vezCCtZvTPN72DvcPj/ZN7z6NeT2JpMzbjNIlWLMXIgyj17GV5PwBwy51mWbzKciulM2pTktWlay0MALg2k7//i64FALgZv//x5y9bOzvbv6VpPaL3sN9OIv/Mx7f247/oRifWoxlnEdlY3v7p553tqKZDrfiuN+i3h8ne30+K42+9iDjPb0QzWuX5jTQ3kR/027X4olh/sxudXx9HM74qz/9Qko/2cnz/7UT9a9GMp//GYXRjr6htlL+/kaY/Zo9e3/1r2DvMJ4N+e2U8r5hdudELAwAAAAAAAAAAAAAAAAAAAADAJ20tHWu9+/6dytn5+Nq08Tw/7f1Ag4n386ynaZol+fyLfDW+rkZ1kXsHAAAAAAAAAAAAAAAAAACA2+L4/zsHu91u52iujdFj/SVD8Waea63OmopKUVo3iZhtrVqRvHpyZcZdNIb1dI6SaszvEiTjnsbk0Grkaw17GnljouejV6/HeWN0dx3sJnFFql52k8yhkZXcfpWpqeX3exrFDkomNy5ZffnLD6o5a04ZSiKiNj6Zlx+nNt9zeFPfQAAAAAAAAAAAAAAAAAAAwMjFQ78lgycLKAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFuDi//9naAyK8LQ5WWXYqEbRs+AtAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8Bl4GwAA//95LWni")
r8 = open(&(0x7f00000001c0)='.\x00', 0x0, 0x0)
getdents(r8, &(0x7f0000000900)=""/4105, 0x1009)
pwrite64(r3, &(0x7f0000000140)="f6", 0xffffff07, 0x8001000)
fallocate(r2, 0x0, 0x7, 0x711e)

849.369553ms ago: executing program 3 (id=2737):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
pipe2$watch_queue(0x0, 0x80)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r4 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r5 = open(&(0x7f0000000280)='.\x00', 0x800, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r4, 0xc018937d, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r5, {0x1000}}, './file0\x00'})

704.420624ms ago: executing program 2 (id=2740):
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x10, 0xe, &(0x7f0000000400)=ANY=[@ANYBLOB="b702000003460200bfa30000000000001702000000feffff7a0af0ff14ffffff79a4f0ff00000000b7060000ff0800007e640200000000005502faff037202000404000001007d60a6040000001000006a0a58fe39000f00850000003f000000bc600000000000009500000000000000a81bbfa32d51a7d0679fd43041097666ab982de7b0efc5733ed236e4add6de094e0832aaa6912a8b2ce571c4580034fb000000e3a94bd24d2eb3860d808922433e3e0f242a46b3009a54f4077db0d4968a384b0559c7919b893d3b72cd6c832e986440ff0a7e8620cb231ccd00000000000000000000007777e2704653f620b2272c3c7fea60491073847c4b7bbaed91f33fb382d91ae8e18c9b6c9f0322ec5f1c7cc5869ff455896712198c4e2ddf8b86e714229527ca40b24cfd6a1f00e891728807982d90e116bba29bb70900000000000000c63ad2e7402f9cb424ac416e66af9ebbfea905d37cf226312cb81ec8439cea06e7fa5e5b3596301460142f83b464d9e57dfdb06dcf9101000100130033d649d2110cf2e1f4682c24a314447c5e0807f0b1766ebdecbd061772daa52a38539295d3fea7a7e669441e1ff04114dfa904fb43897f8d9c3c287acba716973eadf1bf9cd0a38edc345415c42d3d2dd3339d32a5796cbe8925efd0c81af69a3e97588878d7ce18b68bc37e061d33357d6a39d33c702576cc2a8891663e3776c7a37c5c962e12102f237bbf60c0a3bf07d55b3888418de2b2ad23d25395dd4ccddf247dd2c712e2e2eaf7d432e968122cc5dcaa7ba330963b7093a58a02dba114f75e1ffd5c2912b506bfb93122fc776aadec51a367658100000000000000b148a90000000000a2a283801ff218538cb12c72b56ffb6b7a062581ec749f5700000000009f1f5ab2e02739ccd50523d3360300005cbeaf95c7d797d6e094c4a3aee025bf43cebde7e7cdbae9b1698e19eb0e6d5244c1ffb0e97628a88a5e37032f1e8f6c893e514f2b3e1028cd404a1d8fe6569da0385e65e4d523166c4213abb8dae5b1409317f29572e788af92aedb0287f2816e301fc8a24dba6fca8b270d44fe65e7bd90a5fc16387bcb5e3df18d7d2a33c72cfda827b8926a6dc6bc19ce398cb8fe48b11b7f93e6fdfb040283c9627bd40909ee4307c4197b15797af17845fbc02846d2f8543f65594cb535a9598eb067b21111dbaa58b19a52f3f12880128d08eb477ad349ca214bc7f80000000000ffb52da89cff41552996e20a585c7d265bd749eeba040fa7111c84142757709d7c475fac2839beb833327db41c6b647c7ee9ad419a6c68dd5c2ce4fa23c280518fc6e54d1b055cae5492e8c4cdd314a49631a15de2bffc920dd74e670794acec7a9da17d809bf956f1af51cf3c0711792d3071dfdaec3c66053cdb00028f6fba8da8f53de39a5999e56fc26ae866674627c8a53d3fd245050060ed40782d1d98bf1e1f5dfd4d1fb399624c12732e300818b222ce029ce01055f941721226e3e5f05d2837240f8f6831b6ef2a02ec64aae1eea9cfac06d8b7042e8ebdc6cb0d4a140e1e631d06afc99d397c5b67b290344e347c953806b298f288884335f624378b3748a4a86bbd0a62127b2c28ce3737661b98bd45965b537ece7bd4e365ffd5567df4d02034c8d488a49c6fb1a0a02eaab2f271d3a14e44211e4ff602d146f72355972860bdd14719d65301964d022819b75696ce47534c9d989d69a445095ff8fbebd2c84635acc333f2aca4623cfe9f9e6c3f9fbb4374c08e1be5eec12c329a87d335fd7a52a4e4e7c2e57fa2f0df9500347b300f84230783cb665f3fa44f5d6fa987aa93c2619ef4977f9e4d38adec323778f3bc987533ffd85fe5417398a3001b394fccbd2faee83b5e2b8a2dd18cf067b619a82c4706531b3ef336a84e825c63b9bc7b98b4ad6a471692224adef86f4c9930169dfa133e22929d5a27e10bfbcfe7c02ca451afd74d26f489e0e09cf1b596ae0c959cf26cb0c8114a9311b7f2fe2ad977074ff5f62f6777a20700414ed03ba3d7404eadd43a62ad1173491a5c099290393e1f85aeb3886fbb7f6646212054a850d58a71c6d6027cd3a5ff22e98672349f9bddb23622e2f19b39e51ced84524567ec1fcb233a2fb85371e9b08b6fd4adcd4db148ed26757123a0e604bcf6ffdcc303956e1805f1746361bd3eeb55d3fefe6ac274c2e6c78963430118942d62a465698e600dadd81a53ffd29358746e8db2499e3fca62b0ff660b0aaeedadeb194a9217e9fed2ce04cc24451871d5bcd76173ab7123cc27eef33dbb4d3c3bf1fc2df68a98345c15667388c5000000000000000000000015000000c0459f900702908d4979288d06c7159ef2663dc7ea9302b10bf2da21e3990ddf20a38adc1fd15124310daf2461224cfbfd5e6265d012d60fc9e39209ce3209720f8d7bf39bf71d0d46ed6d51eede797da70cf0b7463cffc80a7a56eeb25ed0adfb146a3221c20d51f172cf2eefe1e6b28cffc1e40a789d5513626f5c4fbf65a2b5a093634b806b7ee570f70f624ce8c02d4c1ec7a9370f42a807f1d46fe77be0637a8007343b7771788f64b36cab94a99243bc780702f98f34a80f81aeb853f97c3e9586805d1a240d7e870b15defbc6b21fdc98a79759c9b8375313deea0000000009e38e9539d6b9507b6f3f8d29992d080a13aed8879a1f2cf352fb5a376427f89d432f7fe7c0cad2ce38427fc773cef47e00000000000000000000000000000000000d09b8ee6321377ffcb6cc386f8704ae9ce6c11b4bb91d0097ef2b77e0cd28af1222e68c2745eca64fa40db07f6e5925224069d14395f7170ab9c2d396f7510f65ce5b0405d8951a70a37117d13c5b2f684c52bff2dc895f5e06e497adee9de0012dd140c592137c90319f8a578007b57aaba3fb93d29a6584313e5b58f8a71cebf77a0891f3633dba69588ec728e785e6e4431fce5a143451c7a51c22b1b605347db811eb9a461f4ef2612181aa8cafc33a2047b7ba57a5"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000040), 0x2a, 0x0, 0xffffffffffffffff, 0x37}, 0x24)

596.949824ms ago: executing program 3 (id=2743):
r0 = socket$inet6(0xa, 0x2, 0x0)
sendmmsg$inet6(r0, &(0x7f0000000200)=[{{&(0x7f0000000080)={0xa, 0x4e21, 0x9, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4}, 0x1c, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="14000000000000002900000043000000090000000000000014000000000000002900000004000000ffffff7f00000000580000000000000029000000040000003c080000000000000105000000000005020003c910fe88000000000000ceaf8e0222eb8610c20400000002c910fe8000000000000000000000000000400401090106000120000000140000000000000029000000430000000500000000000000180000000000000029000000390000002e0002070000000014"], 0xd0}}], 0x1, 0xc8000)

527.516683ms ago: executing program 3 (id=2744):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000740)=@acquire={0x134, 0x17, 0x1, 0x70bd25, 0x25dfdbfe, {{@in6=@mcast2, 0x4d5, 0x33}, @in=@multicast2, {@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in6=@private1, 0x4e20, 0x1fe, 0x4e21, 0x9, 0x2, 0x0, 0x80, 0x21}, {{@in=@loopback, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x4e21, 0x9, 0x4e20, 0xc6a, 0xa, 0x80, 0xa0, 0x5e}, {0x5, 0x7, 0x4, 0x800, 0x874, 0xe, 0x1ff, 0x6}, {0xf, 0xffffffff, 0x851f, 0xd3}, 0x6, 0x6e6bba, 0x2, 0x0, 0x1, 0x3}, 0x81, 0x0, 0xe, 0x70bd2d}, [@mark={0xc, 0x15, {0x35075b, 0x3}}]}, 0x134}, 0x1, 0x0, 0x0, 0x10}, 0x40080c0)

527.208709ms ago: executing program 3 (id=2746):
mount_setattr(0xffffffffffffffff, 0x0, 0x800, &(0x7f0000000180)={0x7d, 0x3}, 0x20)

469.141028ms ago: executing program 3 (id=2748):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
select(0x0, 0x0, 0x0, 0x0, &(0x7f0000000740)={0x0, 0xea60})

361.63996ms ago: executing program 3 (id=2752):
syz_usb_connect$uac1(0x7, 0x71, 0x0, 0x0)
r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902"], 0x0)
syz_usb_connect$uac1(0x0, 0xb1, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000106b1d010140010102030109029f0003010000000904000000010100000a24010000000201020d24060000030800000031ce21c798329740594c137d0000000c24020201010608000010000c2402000000030000000000092406000601000000092403000000000500092406050001"], 0x0)
syz_usb_disconnect(r0)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000001000)=ANY=[], 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0)

361.34237ms ago: executing program 0 (id=2753):
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)=[{0x0}], 0x1}, 0x24000000)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001740)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbf9, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5, 0x8}}}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x44814)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b30, &(0x7f0000000040)={'wlan0\x00'})
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b30, &(0x7f00000000c0)={'wlan0\x00'})

299.618368ms ago: executing program 0 (id=2754):
r0 = openat$pidfd(0xffffff9c, &(0x7f0000000000), 0x0, 0x0)
pidfd_send_signal(r0, 0x0, &(0x7f0000000080)={0x0, 0x3, 0xfffffffd}, 0x0)

299.375938ms ago: executing program 0 (id=2755):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="fc00000019000100000000000000000000000000000000000000000000000000fc01000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000b93760000000000000000000000000000000000000000000200000000000000010000000000000044000500ac141400000000000000000000000000000000003c"], 0xfc}, 0x1, 0x0, 0x0, 0x24008040}, 0x20040000)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@updpolicy={0xb8, 0x19, 0x1, 0xfffffffc, 0x0, {{@in=@dev={0xac, 0x14, 0x14, 0x2c}, @in6=@local, 0x4e22, 0x0, 0x4e24, 0x0, 0xa, 0x0, 0x60}, {0x0, 0x1000000000000401, 0xfffffffffffffffe, 0x40000000, 0x0, 0x1a, 0x1, 0xfffffffffffffffe}, {0x7a, 0x5, 0x0, 0x7fff}, 0x8, 0x0, 0x1, 0x0, 0x3}}, 0xb8}}, 0x8044)
sendto$inet6(r0, &(0x7f0000000240)="8a", 0x1, 0x51, &(0x7f0000000080)={0xa, 0x3, 0x1, @local, 0x9}, 0x1c)

240.161095ms ago: executing program 0 (id=2756):
r0 = syz_clone(0x20300000, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000300)='task\x00')
fchdir(r1)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r2 = syz_open_procfs(r0, &(0x7f00000000c0)='maps\x00')
syz_read_part_table(0x1054, &(0x7f0000000000)="$eJzsz8GpwkAABNBJ8slPWTlYgvZgDZ5iH1Yg2IVHm7ABwaOnlYirHUgO7x2GZYcd2LAU/Ry7S4aSqc+9+TZtkv+x67okw+e+L+Vaz4/TnNPqvVLKmNLWt+ftYZ0mf+OrvGWfurE5/ux3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALBgzwAAAP//mPwRkw==")
readv(r2, &(0x7f00000001c0)=[{&(0x7f0000000140)=""/95, 0x5f}], 0x1)

163.239938ms ago: executing program 0 (id=2757):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000001000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r1}, 0x10)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x2, 0x0, 0x0, 0x4, 0x0)
r3 = syz_pidfd_open(r2, 0x0)
pidfd_send_signal(r3, 0x2, 0x0, 0x0)

0s ago: executing program 0 (id=2758):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x40000103, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10138, 0x2, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f00000002c0)={0x8040000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000940)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1a00000007"], 0x50)
r4 = socket$inet6(0xa, 0x1, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="020300090a0000000000000004000000030006000000000002000000ac1414000000000000000000020001000000000000000002fffffffb030005000000000002"], 0x50}}, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {}, 0x0, 0x0, 0x1}, {{@in=@local, 0x0, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x4}}, 0xe8)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)={0x2, 0x9, 0x0, 0x0, 0x2}, 0x10}}, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)

kernel console output (not intermixed with test programs):

ounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  152.454140][ T8805] ext4 filesystem being mounted at /359/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  152.612809][ T5854] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  154.181342][ T8856] loop2: detected capacity change from 0 to 4096
[  154.194425][ T8856] ntfs3(loop2): ino=1a, mi_enum_attr
[  154.196298][ T8856] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[  154.366549][ T8864] sctp: [Deprecated]: syz.0.1218 (pid 8864) Use of int in max_burst socket option deprecated.
[  154.366549][ T8864] Use struct sctp_assoc_value instead
[  154.502933][ T8860] loop1: detected capacity change from 0 to 32768
[  154.519027][ T8860] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1216 (8860)
[  154.535773][ T8860] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  154.544535][ T8860] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm
[  154.548397][ T8860] BTRFS info (device loop1): disk space caching is enabled
[  154.553590][ T8860] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  154.605872][ T8860] BTRFS info (device loop1): rebuilding free space tree
[  154.655510][ T8860] BTRFS info (device loop1): disabling free space tree
[  154.660909][ T8860] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  154.665957][ T8860] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  154.810625][ T5854] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  155.271114][ T8892] loop1: detected capacity change from 0 to 1024
[  155.276172][ T8892] EXT4-fs: inline encryption not supported
[  155.310860][ T8892] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  155.542152][ T5854] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  155.665528][ T8903] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1227'.
[  155.668553][ T8903] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1227'.
[  155.674137][ T8903] netlink: 38 bytes leftover after parsing attributes in process `syz.1.1227'.
[  155.841036][ T8916] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1232'.
[  155.845544][ T8916] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1232'.
[  155.888341][ T8920] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1236'.
[  155.892904][ T8920] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1236'.
[  156.211788][ T8945] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1247'.
[  156.359122][ T8942] loop1: detected capacity change from 0 to 32768
[  156.369210][ T8942] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  156.471658][ T5854] ocfs2: Unmounting device (7,1) on (node local)
[  156.713701][ T8958] loop1: detected capacity change from 0 to 2048
[  156.724670][ T8958] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024)
[  156.777759][ T8961] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  156.864938][ T8952] loop2: detected capacity change from 0 to 65536
[  156.886916][ T8966] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1256'.
[  156.909254][ T8952] XFS (loop2): Mounting V5 Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[  156.941477][ T8952] XFS (loop2): Ending clean mount
[  156.948438][ T8952] XFS (loop2): Quotacheck needed: Please wait.
[  156.985528][ T8952] XFS (loop2): Quotacheck: Done.
[  157.036500][ T5850] XFS (loop2): Unmounting Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[  158.252423][ T9008] loop1: detected capacity change from 0 to 32768
[  158.257147][ T9008] XFS: attr2 mount option is deprecated.
[  158.282514][ T9008] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  158.308341][ T9008] XFS (loop1): Ending clean mount
[  158.313531][ T9008] XFS (loop1): Quotacheck needed: Please wait.
[  158.358545][ T9008] XFS (loop1): Quotacheck: Done.
[  158.371835][   T33] audit: type=1800 audit(1755257189.990:67): pid=9008 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1270" name="file1" dev="loop1" ino=9286 res=0 errno=0
[  159.005759][ T5854] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  159.202040][ T9044] loop2: detected capacity change from 0 to 32768
[  159.235749][ T9046] loop1: detected capacity change from 0 to 1024
[  159.283083][   T33] audit: type=1800 audit(1755257190.890:68): pid=9046 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1281" name="file1" dev="loop1" ino=20 res=0 errno=0
[  159.319610][   T33] audit: type=1800 audit(1755257190.890:69): pid=9046 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1281" name="file1" dev="loop1" ino=20 res=0 errno=0
[  159.401532][ T9050] loop1: detected capacity change from 0 to 256
[  159.406953][ T9050] exfat: Deprecated parameter 'namecase'
[  159.411350][ T9050] exfat: Deprecated parameter 'utf8'
[  159.418774][ T9050] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d)
[  159.725708][ T9063] loop2: detected capacity change from 0 to 4096
[  159.728947][ T5898] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  159.742134][ T9063] ntfs3(loop2): Primary boot: start of MFT 0x4 (0xff) is out of volume 0x1ff.
[  159.751501][ T9063] ntfs3(loop2): try to read out of volume at offset 0x1ffe00
[  159.883848][ T5898] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  159.887875][ T5898] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  159.902762][ T5898] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  159.906154][ T5898] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  159.913586][ T5898] usb 2-1: New USB device found, idVendor=0bfd, idProduct=010c, bcdDevice=2d.16
[  159.917399][ T5898] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  159.921298][ T5898] usb 2-1: Product: syz
[  159.923008][ T5898] usb 2-1: Manufacturer: syz
[  159.924600][ T5898] usb 2-1: SerialNumber: syz
[  159.927435][ T5898] usb 2-1: config 0 descriptor??
[  159.936176][ T5898] kvaser_usb 2-1:0.0: CMD_MAP_CHANNEL_REQ failed for CAN0
[  159.938680][ T5898] kvaser_usb 2-1:0.0: error -EMSGSIZE: Failed to initialize card
[  159.943372][ T5898] kvaser_usb 2-1:0.0: probe with driver kvaser_usb failed with error -90
[  160.099876][ T9077] nbd0: detected capacity change from 0 to 7
[  160.105115][   T56] block nbd0: Receive control failed (result -32)
[  160.106916][ T6171] block nbd0: Send control failed (result -32)
[  160.112609][ T6171] block nbd0: Request send failed, requeueing
[  160.119215][   T25] block nbd0: Dead connection, failed to find a fallback
[  160.122346][   T25] block nbd0: shutting down sockets
[  160.125727][   T25] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  160.130691][   T25] buffer_io_error: 310 callbacks suppressed
[  160.130702][   T25] Buffer I/O error on dev nbd0, logical block 0, async page read
[  160.136695][ T6171] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  160.145352][ T6171] Buffer I/O error on dev nbd0, logical block 1, async page read
[  160.147069][    T9] usb 2-1: USB disconnect, device number 18
[  160.153299][ T6171] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  160.156834][ T6171] Buffer I/O error on dev nbd0, logical block 2, async page read
[  160.162322][ T6171] Buffer I/O error on dev nbd0, logical block 3, async page read
[  160.168391][ T6171] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  160.173027][ T6171] Buffer I/O error on dev nbd0, logical block 0, async page read
[  160.179443][ T6171] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  160.183271][ T6171] Buffer I/O error on dev nbd0, logical block 1, async page read
[  160.186902][ T6171] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  160.192911][ T6171] Buffer I/O error on dev nbd0, logical block 2, async page read
[  160.200087][ T6171] Buffer I/O error on dev nbd0, logical block 3, async page read
[  160.203641][ T6171] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  160.207589][ T6171] Buffer I/O error on dev nbd0, logical block 0, async page read
[  160.212123][ T6171] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  160.217309][ T6171] Buffer I/O error on dev nbd0, logical block 1, async page read
[  160.223133][ T6171] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  160.227308][ T6171] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  160.232952][ T6171] ldm_validate_partition_table(): Disk read failed.
[  160.239529][ T6171] Dev nbd0: unable to read RDB block 0
[  160.246401][ T6171]  nbd0: unable to read partition table
[  160.253009][ T6171] nbd0: partition table beyond EOD, truncated
[  160.263523][ T6171] ldm_validate_partition_table(): Disk read failed.
[  160.267934][ T6171] Dev nbd0: unable to read RDB block 0
[  160.272961][ T6171]  nbd0: unable to read partition table
[  160.275522][ T6171] nbd0: partition table beyond EOD, truncated
[  160.499998][ T9088] Bluetooth: MGMT ver 1.23
[  160.990997][ T9110] loop1: detected capacity change from 0 to 1764
[  161.014438][ T9110] ISOFS: Unable to identify CD-ROM format.
[  161.557243][ T9134] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 1, id = 0
[  162.541436][   T55] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection
[  162.792131][ T9161] vivid-000: disconnect
[  162.886660][ T9167] loop1: detected capacity change from 0 to 128
[  162.954630][ T9160] vivid-000: reconnect
[  163.309110][ T5897] usb 3-1: new full-speed USB device number 12 using dummy_hcd
[  163.562219][ T5897] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  163.569913][ T5897] usb 3-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8
[  163.574749][ T5897] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  163.578148][ T5897] usb 3-1: Product: syz
[  163.581132][ T5897] usb 3-1: Manufacturer: syz
[  163.583094][ T5897] usb 3-1: SerialNumber: syz
[  163.587952][ T5897] usb 3-1: config 0 descriptor??
[  163.600588][ T5897] pn533_usb 3-1:0.0: NFC: Could not find bulk-in or bulk-out endpoint
[  163.989581][   T62] usb 3-1: USB disconnect, device number 12
[  164.970482][    T9] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  164.985157][    T9] hid-generic 0000:0000:0000.0007: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  165.700628][ T9208] loop2: detected capacity change from 0 to 4096
[  165.722267][ T9208] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512).
[  165.983886][ T9211] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1356'.
[  166.143552][ T9213] usb usb8: usbfs: process 9213 (syz.2.1357) did not claim interface 0 before use
[  166.644840][   T33] audit: type=1800 audit(1755257198.260:70): pid=9221 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1361" name="nullb0" dev="tmpfs" ino=2555 res=0 errno=0
[  166.679579][   T62] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  166.844754][   T62] usb 3-1: Using ep0 maxpacket: 8
[  166.862452][   T62] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  166.874756][   T62] usb 3-1: New USB device found, idVendor=0b48, idProduct=1006, bcdDevice=c0.0a
[  166.878008][   T62] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  166.881745][   T62] usb 3-1: Product: syz
[  166.883328][   T62] usb 3-1: Manufacturer: syz
[  166.884946][   T62] usb 3-1: SerialNumber: syz
[  166.891151][   T62] usb 3-1: config 0 descriptor??
[  166.901462][   T62] ttusb_dec_send_command: command bulk message failed: error -22
[  166.904500][   T62] ttusb-dec 3-1:0.0: probe with driver ttusb-dec failed with error -22
[  167.001515][ T9228] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1364'.
[  167.115705][   T62] usb 3-1: USB disconnect, device number 13
[  167.915699][ T9239] loop2: detected capacity change from 0 to 32768
[  167.921069][ T9239] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1368 (9239)
[  167.932712][ T9239] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  167.947553][ T9239] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm
[  167.951780][ T9239] BTRFS info (device loop2): using free-space-tree
[  167.980268][ T9239] BTRFS info (device loop2): rebuilding free space tree
[  168.088326][ T9265] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1373'.
[  168.093666][ T9265] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1373'.
[  168.097457][ T9265] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1373'.
[  168.103612][ T9265] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1373'.
[  168.107188][ T9265] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1373'.
[  168.148115][ T5850] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  168.383430][ T9277] loop1: detected capacity change from 0 to 764
[  168.390204][ T9277] Symlink component flag not implemented
[  168.393660][ T9277] Symlink component flag not implemented (7)
[  168.475064][ T9283] loop1: detected capacity change from 0 to 1024
[  168.478507][ T9283] EXT4-fs: inline encryption not supported
[  168.507625][ T9283] EXT4-fs: Ignoring removed i_version option
[  168.546496][ T9283] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  168.578543][ T5854] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  168.792294][   T24] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  168.950778][   T24] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  168.954931][   T24] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  168.959847][   T24] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  168.967202][   T24] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[  168.972018][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  168.975257][   T24] usb 3-1: Product: syz
[  168.976743][   T24] usb 3-1: Manufacturer: syz
[  168.978450][   T24] usb 3-1: SerialNumber: syz
[  169.191059][   T24] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 14 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  169.393922][   T24] usb 3-1: USB disconnect, device number 14
[  169.401912][   T24] usblp0: removed
[  169.474486][ T9327] overlayfs: failed to clone upperpath
[  169.622747][ T9336] netlink: 'syz.0.1406': attribute type 1 has an invalid length.
[  169.626118][ T9336] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  169.895592][ T9338] loop1: detected capacity change from 0 to 32768
[  169.972483][ T9353] loop2: detected capacity change from 0 to 256
[  170.094477][ T9338] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  170.135680][ T9338] XFS (loop1): Ending clean mount
[  170.185064][ T9355] loop2: detected capacity change from 0 to 32768
[  170.195140][ T5854] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  170.200215][ T9355] JBD2: Ignoring recovery information on journal
[  170.223092][ T9355] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  170.300252][ T5850] ocfs2: Unmounting device (7,2) on (node local)
[  170.403805][ T9370] loop1: detected capacity change from 0 to 128
[  170.414998][ T9370] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  170.421053][ T9370] ext4 filesystem being mounted at /432/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  170.442310][ T5854] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  170.451541][   T33] audit: type=1400 audit(1755257202.070:71): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=":(%#{//(@\)//&@},['%%&\#*" pid=9372 comm="syz.2.1417"
[  170.661964][ T9393] loop2: detected capacity change from 0 to 8
[  170.686009][ T9393] SQUASHFS error: Unable to read directory block [629:26]
[  170.693746][ T9397] 9pnet_fd: Insufficient options for proto=fd
[  170.790645][   T26] Bluetooth: hci3: received HCILL_GO_TO_SLEEP_ACK in state 0
[  170.900820][ T9410] vlan0: entered promiscuous mode
[  171.168931][   T33] audit: type=1326 audit(1755257202.770:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9412 comm="syz.0.1438" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7eff5ff8ebe9 code=0x0
[  172.372246][ T9446] binder: 9445:9446 ioctl c0306201 2000000003c0 returned -22
[  172.485582][ T9459] sctp: [Deprecated]: syz.1.1458 (pid 9459) Use of int in max_burst socket option deprecated.
[  172.485582][ T9459] Use struct sctp_assoc_value instead
[  172.809093][ T5851] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  173.139011][ T5898] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  173.289322][ T5898] usb 3-1: Using ep0 maxpacket: 16
[  173.293842][ T5898] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  173.298328][ T5898] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x33, changing to 0x3
[  173.304955][ T5898] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  173.309653][ T5898] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  173.313891][ T5898] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  173.318102][ T5898] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  173.326281][ T5898] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  173.330241][ T5898] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  173.334025][ T5898] usb 3-1: Manufacturer: syz
[  173.340338][ T5898] usb 3-1: config 0 descriptor??
[  173.548715][ T3144] usb 3-1: USB disconnect, device number 15
[  174.153723][ T9491] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1472'.
[  174.157440][ T9491] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  174.160945][ T9491] batman_adv: batadv0: Removing interface: batadv_slave_0
[  174.164575][ T9491] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  174.167734][ T9491] batman_adv: batadv0: Removing interface: batadv_slave_1
[  174.289731][ T9493] tmpfs: Bad value for 'mpol'
[  174.369678][   T55] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201'
[  174.373007][   T55] CPU: 1 UID: 0 PID: 55 Comm: kworker/u11:0 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  174.373019][   T55] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  174.373024][   T55] Workqueue: hci1 hci_rx_work
[  174.373053][   T55] Call Trace:
[  174.373058][   T55]  <TASK>
[  174.373061][   T55]  dump_stack_lvl+0x189/0x250
[  174.373073][   T55]  ? __pfx_dump_stack_lvl+0x10/0x10
[  174.373083][   T55]  ? __pfx__printk+0x10/0x10
[  174.373097][   T55]  ? kernfs_path_from_node+0x250/0x290
[  174.373108][   T55]  ? kernfs_path_from_node+0x2f/0x290
[  174.373122][   T55]  sysfs_create_dir_ns+0x259/0x280
[  174.373136][   T55]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  174.373149][   T55]  ? do_raw_spin_unlock+0x4d/0x240
[  174.373167][   T55]  kobject_add_internal+0x59f/0xb40
[  174.373191][   T55]  kobject_add+0x155/0x220
[  174.373212][   T55]  ? __pfx_kobject_add+0x10/0x10
[  174.373228][   T55]  ? _raw_spin_unlock+0x28/0x50
[  174.373244][   T55]  ? get_device_parent+0x366/0x3a0
[  174.373260][   T55]  device_add+0x408/0xb50
[  174.373274][   T55]  hci_conn_add_sysfs+0xd5/0x1e0
[  174.373289][   T55]  le_conn_complete_evt+0xc3a/0x1220
[  174.373312][   T55]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  174.373328][   T55]  ? __mutex_unlock_slowpath+0x1a1/0x760
[  174.373342][   T55]  ? __asan_memcpy+0x40/0x70
[  174.373358][   T55]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  174.373373][   T55]  ? skb_pull_data+0xfb/0x200
[  174.373389][   T55]  hci_le_conn_complete_evt+0x187/0x450
[  174.373410][   T55]  hci_event_packet+0x78f/0x1200
[  174.373424][   T55]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  174.373438][   T55]  ? __pfx_hci_event_packet+0x10/0x10
[  174.373452][   T55]  ? kcov_remote_start+0x4d3/0x7f0
[  174.373467][   T55]  ? lockdep_hardirqs_on+0x90/0x150
[  174.373483][   T55]  ? hci_send_to_monitor+0xe2/0x570
[  174.373501][   T55]  hci_rx_work+0x46a/0xe80
[  174.373518][   T55]  ? process_scheduled_works+0x9ef/0x17b0
[  174.373531][   T55]  process_scheduled_works+0xae1/0x17b0
[  174.373570][   T55]  ? __pfx_process_scheduled_works+0x10/0x10
[  174.373594][   T55]  worker_thread+0x8a0/0xda0
[  174.373624][   T55]  kthread+0x711/0x8a0
[  174.373643][   T55]  ? __pfx_worker_thread+0x10/0x10
[  174.373654][   T55]  ? __pfx_kthread+0x10/0x10
[  174.373668][   T55]  ? _raw_spin_unlock_irq+0x23/0x50
[  174.373681][   T55]  ? lockdep_hardirqs_on+0x9c/0x150
[  174.373694][   T55]  ? __pfx_kthread+0x10/0x10
[  174.373707][   T55]  ret_from_fork+0x3fc/0x770
[  174.373721][   T55]  ? __pfx_ret_from_fork+0x10/0x10
[  174.373738][   T55]  ? __switch_to_asm+0x39/0x70
[  174.373752][   T55]  ? __switch_to_asm+0x33/0x70
[  174.373766][   T55]  ? __pfx_kthread+0x10/0x10
[  174.373811][   T55]  ret_from_fork_asm+0x1a/0x30
[  174.373839][   T55]  </TASK>
[  174.374016][   T55] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  174.390061][ T9498] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1474'.
[  174.391537][   T55] Bluetooth: hci1: failed to register connection device
[  174.526943][ T9503] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1477'.
[  175.528962][   T55] Bluetooth: hci2: command 0x0405 tx timeout
[  175.698726][ T9534] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1491'.
[  175.709045][ T9536] loop2: detected capacity change from 0 to 764
[  175.716098][ T9536] rock: directory entry would overflow storage
[  175.718729][ T9536] rock: sig=0x5850, size=36, remaining=22
[  175.890023][ T9549] loop1: detected capacity change from 0 to 1024
[  175.916362][ T9549] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  175.957867][ T5854] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  176.166393][ T9569] loop1: detected capacity change from 0 to 256
[  176.173186][ T9569] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  176.177185][ T9569] exFAT-fs (loop1): Medium has reported failures. Some data may be lost.
[  176.182881][ T9569] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  176.335426][ T9570] loop2: detected capacity change from 0 to 32768
[  176.374731][ T9574] loop1: detected capacity change from 0 to 4096
[  176.399381][ T9574] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512).
[  176.410126][ T5851] Bluetooth: hci1: command tx timeout
[  176.432527][ T9574] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[  176.439641][ T9574] ntfs3(loop1): Failed to initialize $Extend/$ObjId.
[  176.442071][ T9574] ntfs3(loop1): ino=5, mi_enum_attr
[  176.646625][ T9590] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1517'.
[  176.694307][ T9598] trusted_key: encrypted_key: keylen parameter is missing
[  176.813344][ T9614] netlink: 'syz.1.1527': attribute type 1 has an invalid length.
[  176.824212][ T9614] nbd: couldn't find a device at index 393224
[  177.149934][ T9622] loop2: detected capacity change from 0 to 32768
[  177.158087][ T9622] ERROR: (device loop2): dtSearch: DT_GETPAGE: dtree page corrupt
[  177.158087][ T9622] 
[  177.163780][ T9622] ERROR: (device loop2): remounting filesystem as read-only
[  177.166680][ T9622] jfs_lookup: dtSearch returned -5
[  177.382092][ T9635] loop2: detected capacity change from 0 to 1024
[  178.573116][   T26] hfsplus: b-tree write err: -5, ino 4
[  179.622049][ T9682] loop1: detected capacity change from 0 to 4096
[  179.652328][ T9682] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[  179.662435][ T9682] ntfs3(loop1): Failed to load $UpCase (-22).
[  179.866492][ T9698] loop1: detected capacity change from 0 to 16
[  179.878771][ T9698] erofs (device loop1): mounted with root inode @ nid 36.
[  180.055198][ T9713] netlink: set zone limit has 4 unknown bytes
[  180.108579][ T9717] geneve2: entered promiscuous mode
[  180.113938][ T9717] geneve2: entered allmulticast mode
[  180.263241][ T9739] loop2: detected capacity change from 0 to 1024
[  180.508357][ T9752] loop2: detected capacity change from 0 to 32768
[  180.538662][ T9752] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  180.673829][ T5850] ocfs2: Unmounting device (7,2) on (node local)
[  181.469122][    T9] usb 3-1: new full-speed USB device number 16 using dummy_hcd
[  181.545351][ T9846] loop1: detected capacity change from 0 to 128
[  181.563488][   T33] audit: type=1800 audit(1755257213.180:73): pid=9846 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1596" name="file2" dev="loop1" ino=1048651 res=0 errno=0
[  181.621312][    T9] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  181.625305][    T9] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84
[  181.629463][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  181.633111][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  181.636459][    T9] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  181.643248][    T9] usb 3-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae
[  181.646717][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  181.649640][    T9] usb 3-1: Product: syz
[  181.651080][    T9] usb 3-1: Manufacturer: syz
[  181.652615][    T9] usb 3-1: SerialNumber: syz
[  181.655410][    T9] usb 3-1: config 0 descriptor??
[  181.661560][    T9] input: KB Gear Tablet as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input11
[  181.871483][ T3144] usb 3-1: USB disconnect, device number 16
[  182.029204][    T9] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  182.189130][    T9] usb 2-1: Using ep0 maxpacket: 32
[  182.192887][    T9] usb 2-1: New USB device found, idVendor=d5ff, idProduct=0066, bcdDevice=d8.b0
[  182.196274][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  182.202575][    T9] usb 2-1: config 0 descriptor??
[  182.210356][    T9] rndis_host 2-1:0.0: probe with driver rndis_host failed with error -22
[  182.561811][ T3144] usb 2-1: USB disconnect, device number 19
[  182.784266][ T9883] mkiss: ax0: crc mode is auto.
[  183.169054][ T9887] loop2: detected capacity change from 0 to 40427
[  183.182921][ T9887] F2FS-fs (loop2): build fault injection rate: 14
[  183.198940][ T9887] F2FS-fs (loop2): build fault injection type: 0x3bfe8c
[  183.207485][ T9887] F2FS-fs (loop2): invalid crc value
[  183.216353][    C0] F2FS-fs (loop2): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  183.230240][    C0] F2FS-fs (loop2): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  183.278070][ T9887] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  183.283121][ T9887] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0
[  183.293689][ T9887] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  183.318508][ T9887] F2FS-fs (loop2): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  183.344709][ T9887] F2FS-fs (loop2): inject dquot initialize in f2fs_dquot_initialize of f2fs_new_inode+0x509/0x1050
[  183.401681][ T5850] syz-executor: attempt to access beyond end of device
[  183.401681][ T5850] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  183.428375][ T5850] CPU: 0 UID: 0 PID: 5850 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  183.428393][ T5850] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  183.428401][ T5850] Call Trace:
[  183.428406][ T5850]  <TASK>
[  183.428412][ T5850]  dump_stack_lvl+0x189/0x250
[  183.428431][ T5850]  ? __pfx_dump_stack_lvl+0x10/0x10
[  183.428443][ T5850]  ? __pfx_queue_work_on+0x10/0x10
[  183.428454][ T5850]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  183.428466][ T5850]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  183.428493][ T5850]  f2fs_handle_critical_error+0x37c/0x540
[  183.428511][ T5850]  f2fs_write_end_io+0x886/0xb60
[  183.428532][ T5850]  __submit_merged_bio+0x27a/0x6a0
[  183.428550][ T5850]  __submit_merged_write_cond+0x255/0x530
[  183.428567][ T5850]  f2fs_write_data_pages+0x261d/0x3000
[  183.428603][ T5850]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  183.428690][ T5850]  ? __lock_acquire+0xab9/0xd20
[  183.428711][ T5850]  ? do_raw_spin_lock+0x121/0x290
[  183.428730][ T5850]  ? do_raw_spin_unlock+0x4d/0x240
[  183.428742][ T5850]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  183.428757][ T5850]  do_writepages+0x32e/0x550
[  183.428778][ T5850]  ? do_raw_spin_unlock+0x4d/0x240
[  183.428792][ T5850]  filemap_fdatawrite+0x199/0x240
[  183.428824][ T5850]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  183.428867][ T5850]  ? do_raw_spin_unlock+0x4d/0x240
[  183.428881][ T5850]  f2fs_sync_dirty_inodes+0x31f/0x830
[  183.428901][ T5850]  f2fs_write_checkpoint+0x95a/0x1df0
[  183.428926][ T5850]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  183.428966][ T5850]  ? kill_f2fs_super+0x298/0x6c0
[  183.428980][ T5850]  kill_f2fs_super+0x2c3/0x6c0
[  183.428993][ T5850]  ? __pfx_kill_f2fs_super+0x10/0x10
[  183.429001][ T5850]  ? radix_tree_delete_item+0x2b6/0x400
[  183.429019][ T5850]  ? shrinker_free+0x2ce/0x3e0
[  183.429032][ T5850]  deactivate_locked_super+0xbc/0x130
[  183.429045][ T5850]  cleanup_mnt+0x425/0x4c0
[  183.429056][ T5850]  ? lockdep_hardirqs_on+0x9c/0x150
[  183.429071][ T5850]  task_work_run+0x1d4/0x260
[  183.429087][ T5850]  ? __pfx_task_work_run+0x10/0x10
[  183.429097][ T5850]  ? __x64_sys_umount+0x122/0x160
[  183.429114][ T5850]  ? exit_to_user_mode_loop+0x40/0x110
[  183.429129][ T5850]  exit_to_user_mode_loop+0xec/0x110
[  183.429143][ T5850]  do_syscall_64+0x2bd/0x3b0
[  183.429155][ T5850]  ? lockdep_hardirqs_on+0x9c/0x150
[  183.429167][ T5850]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  183.429176][ T5850]  ? exc_page_fault+0x9f/0xf0
[  183.429190][ T5850]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  183.429199][ T5850] RIP: 0033:0x7f89f358ff17
[  183.429210][ T5850] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  183.429219][ T5850] RSP: 002b:00007fffb393f6b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  183.429230][ T5850] RAX: 0000000000000000 RBX: 00007f89f3611c05 RCX: 00007f89f358ff17
[  183.429237][ T5850] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffb393f770
[  183.429243][ T5850] RBP: 00007fffb393f770 R08: 0000000000000000 R09: 0000000000000000
[  183.429249][ T5850] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fffb3940800
[  183.429255][ T5850] R13: 00007f89f3611c05 R14: 000000000002c9d0 R15: 00007fffb3940840
[  183.429273][ T5850]  </TASK>
[  183.616183][ T5850] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  184.344291][ T5897] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  184.398954][ T5898] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  184.498975][ T5897] usb 3-1: Using ep0 maxpacket: 32
[  184.503781][ T5897] usb 3-1: config 0 interface 0 altsetting 128 endpoint 0x2 has invalid wMaxPacketSize 0
[  184.518936][ T5897] usb 3-1: config 0 interface 0 has no altsetting 0
[  184.521745][ T5897] usb 3-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00
[  184.525402][ T5897] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  184.531677][ T5897] usb 3-1: config 0 descriptor??
[  184.548924][ T5898] usb 2-1: Using ep0 maxpacket: 16
[  184.560539][ T5898] usb 2-1: unable to get BOS descriptor or descriptor too short
[  184.564779][ T5898] usb 2-1: config 1 has an invalid interface number: 231 but max is 0
[  184.568035][ T5898] usb 2-1: config 1 has no interface number 0
[  184.578953][ T5898] usb 2-1: config 1 interface 231 has no altsetting 0
[  184.584059][ T5898] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice=5c.f5
[  184.587809][ T5898] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  184.592373][ T5898] usb 2-1: Product: syz
[  184.594179][ T5898] usb 2-1: Manufacturer: syz
[  184.596177][ T5898] usb 2-1: SerialNumber: syz
[  184.849763][ T5898] usbtest 2-1:1.231: couldn't get endpoints, -71
[  184.852804][ T5898] usbtest 2-1:1.231: probe with driver usbtest failed with error -71
[  184.860187][ T5898] usb 2-1: USB disconnect, device number 20
[  185.129815][ T5897] corsair-cpro 0003:1B1C:0C10.0008: unknown main item tag 0x0
[  185.132678][ T5897] corsair-cpro 0003:1B1C:0C10.0008: unknown main item tag 0x0
[  185.135248][ T5897] corsair-cpro 0003:1B1C:0C10.0008: unknown main item tag 0x0
[  185.137790][ T5897] corsair-cpro 0003:1B1C:0C10.0008: unknown main item tag 0x0
[  185.140442][ T5897] corsair-cpro 0003:1B1C:0C10.0008: unknown main item tag 0x0
[  185.144482][ T5897] corsair-cpro 0003:1B1C:0C10.0008: hidraw0: USB HID v4.06 Device [HID 1b1c:0c10] on usb-dummy_hcd.2-1/input0
[  185.212604][ T5897] corsair-cpro 0003:1B1C:0C10.0008: probe with driver corsair-cpro failed with error -38
[  185.316249][ T5898] usb 3-1: USB disconnect, device number 17
[  185.682238][ T9934] overlayfs: failed to clone upperpath
[  185.963182][ T9951] loop2: detected capacity change from 0 to 256
[  185.968311][ T9951] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  185.984594][ T9951] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  186.420372][   T55] Bluetooth: hci1: command 0x0406 tx timeout
[  186.596578][ T9957] syzkaller1: entered promiscuous mode
[  186.616001][ T9957] syzkaller1: entered allmulticast mode
[  186.675829][ T9961] loop2: detected capacity change from 0 to 1024
[  186.683271][ T9961] EXT4-fs: Ignoring removed orlov option
[  186.746188][ T9961] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  186.795207][ T5850] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  186.873224][ T9971] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1645'.
[  186.934001][ T9976] loop2: detected capacity change from 0 to 512
[  186.962884][ T9976] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  186.970647][ T9976] EXT4-fs (loop2): orphan cleanup on readonly fs
[  186.975918][ T9976] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.1648: bg 0: block 248: padding at end of block bitmap is not set
[  187.000362][ T9976] Quota error (device loop2): write_blk: dquota write failed
[  187.000950][ T9981] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  187.003396][ T9976] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[  187.011689][ T9976] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.1648: Failed to acquire dquot type 1
[  187.017140][ T9976] EXT4-fs (loop2): 1 truncate cleaned up
[  187.041519][ T9976] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  187.061222][ T9976] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  187.065912][ T9976] EXT4-fs (loop2): changing journal_checksum during remount not supported; ignoring
[  187.070147][ T9976] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended
[  187.082413][ T9976] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  187.085567][ T9976] ext4 filesystem being remounted at /523/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  187.117494][ T5850] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  187.480341][ T9996] loop1: detected capacity change from 0 to 40427
[  187.489028][ T9996] F2FS-fs (loop1): Image doesn't support compression
[  187.491617][ T9996] F2FS-fs (loop1): build fault injection rate: 690
[  187.500000][ T9996] F2FS-fs (loop1): invalid crc value
[  187.553521][ T9996] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  187.559110][ T9996] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  187.571135][   T33] audit: type=1800 audit(1755257219.190:74): pid=9996 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1657" name="file1" dev="loop1" ino=10 res=0 errno=0
[  187.593276][ T5854] syz-executor: attempt to access beyond end of device
[  187.593276][ T5854] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  187.598951][ T5854] CPU: 0 UID: 0 PID: 5854 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  187.598974][ T5854] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  187.598978][ T5854] Call Trace:
[  187.598982][ T5854]  <TASK>
[  187.598985][ T5854]  dump_stack_lvl+0x189/0x250
[  187.599000][ T5854]  ? __pfx_dump_stack_lvl+0x10/0x10
[  187.599008][ T5854]  ? __pfx_queue_work_on+0x10/0x10
[  187.599015][ T5854]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  187.599025][ T5854]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  187.599038][ T5854]  f2fs_handle_critical_error+0x37c/0x540
[  187.599051][ T5854]  f2fs_write_end_io+0x886/0xb60
[  187.599066][ T5854]  __submit_merged_bio+0x27a/0x6a0
[  187.599079][ T5854]  __submit_merged_write_cond+0x255/0x530
[  187.599091][ T5854]  f2fs_write_data_pages+0x261d/0x3000
[  187.599123][ T5854]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  187.599140][ T5854]  ? is_bpf_text_address+0x26/0x2b0
[  187.599165][ T5854]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  187.599173][ T5854]  ? lockdep_hardirqs_on+0x9c/0x150
[  187.599189][ T5854]  ? __lock_acquire+0xab9/0xd20
[  187.599203][ T5854]  ? do_raw_spin_lock+0x121/0x290
[  187.599216][ T5854]  ? do_raw_spin_unlock+0x4d/0x240
[  187.599224][ T5854]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  187.599234][ T5854]  do_writepages+0x32e/0x550
[  187.599249][ T5854]  ? do_raw_spin_unlock+0x4d/0x240
[  187.599259][ T5854]  filemap_fdatawrite+0x199/0x240
[  187.599269][ T5854]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  187.599299][ T5854]  ? do_raw_spin_unlock+0x4d/0x240
[  187.599309][ T5854]  f2fs_sync_dirty_inodes+0x31f/0x830
[  187.599323][ T5854]  f2fs_write_checkpoint+0x95a/0x1df0
[  187.599340][ T5854]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  187.599371][ T5854]  ? kill_f2fs_super+0x298/0x6c0
[  187.599381][ T5854]  kill_f2fs_super+0x2c3/0x6c0
[  187.599390][ T5854]  ? __pfx_kill_f2fs_super+0x10/0x10
[  187.599396][ T5854]  ? radix_tree_delete_item+0x2b6/0x400
[  187.599408][ T5854]  ? shrinker_free+0x2ce/0x3e0
[  187.599418][ T5854]  deactivate_locked_super+0xbc/0x130
[  187.599427][ T5854]  cleanup_mnt+0x425/0x4c0
[  187.599435][ T5854]  ? lockdep_hardirqs_on+0x9c/0x150
[  187.599445][ T5854]  task_work_run+0x1d4/0x260
[  187.599455][ T5854]  ? __pfx_task_work_run+0x10/0x10
[  187.599462][ T5854]  ? __x64_sys_umount+0x122/0x160
[  187.599474][ T5854]  ? exit_to_user_mode_loop+0x40/0x110
[  187.599485][ T5854]  exit_to_user_mode_loop+0xec/0x110
[  187.599494][ T5854]  do_syscall_64+0x2bd/0x3b0
[  187.599503][ T5854]  ? lockdep_hardirqs_on+0x9c/0x150
[  187.599511][ T5854]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  187.599518][ T5854]  ? exc_page_fault+0x9f/0xf0
[  187.599528][ T5854]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  187.599534][ T5854] RIP: 0033:0x7f0adfb8ff17
[  187.599542][ T5854] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  187.599548][ T5854] RSP: 002b:00007ffdffe77088 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  187.599556][ T5854] RAX: 0000000000000000 RBX: 00007f0adfc11c05 RCX: 00007f0adfb8ff17
[  187.599561][ T5854] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdffe77140
[  187.599565][ T5854] RBP: 00007ffdffe77140 R08: 0000000000000000 R09: 0000000000000000
[  187.599569][ T5854] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffdffe781d0
[  187.599573][ T5854] R13: 00007f0adfc11c05 R14: 000000000002da5b R15: 00007ffdffe78210
[  187.599615][ T5854]  </TASK>
[  187.599621][ T5854] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  187.679036][   T24] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  187.754443][T10009] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  187.899891][   T24] usb 3-1: Using ep0 maxpacket: 8
[  187.903887][   T24] usb 3-1: config 6 has an invalid interface number: 2 but max is 0
[  187.907114][   T24] usb 3-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config
[  187.912621][   T24] usb 3-1: config 6 has no interface number 0
[  187.915155][   T24] usb 3-1: config 6 interface 2 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  187.929090][   T24] usb 3-1: config 6 interface 2 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  187.942160][   T24] usb 3-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[  187.946028][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  187.959020][   T24] usb 3-1: Product: syz
[  187.960851][   T24] usb 3-1: Manufacturer: syz
[  187.962873][   T24] usb 3-1: SerialNumber: syz
[  187.970724][   T24] hso 3-1:6.2: Failed to find INT IN ep
[  188.184452][   T24] usb 3-1: USB disconnect, device number 18
[  188.464487][T10021] loop1: detected capacity change from 0 to 40427
[  188.544898][T10021] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  188.583433][T10021] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  188.619929][ T5854] syz-executor: attempt to access beyond end of device
[  188.619929][ T5854] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  188.624709][ T5854] CPU: 0 UID: 0 PID: 5854 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  188.624721][ T5854] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  188.624726][ T5854] Call Trace:
[  188.624729][ T5854]  <TASK>
[  188.624732][ T5854]  dump_stack_lvl+0x189/0x250
[  188.624746][ T5854]  ? __pfx_dump_stack_lvl+0x10/0x10
[  188.624754][ T5854]  ? __pfx_queue_work_on+0x10/0x10
[  188.624761][ T5854]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  188.624771][ T5854]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  188.624783][ T5854]  f2fs_handle_critical_error+0x37c/0x540
[  188.624795][ T5854]  f2fs_write_end_io+0x886/0xb60
[  188.624808][ T5854]  __submit_merged_bio+0x27a/0x6a0
[  188.624820][ T5854]  __submit_merged_write_cond+0x255/0x530
[  188.624831][ T5854]  f2fs_write_data_pages+0x261d/0x3000
[  188.624853][ T5854]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  188.624883][ T5854]  ? folios_put_refs+0x559/0x640
[  188.624895][ T5854]  ? __pfx_folios_put_refs+0x10/0x10
[  188.624901][ T5854]  ? rcu_is_watching+0x15/0xb0
[  188.624911][ T5854]  ? __lock_acquire+0xab9/0xd20
[  188.624926][ T5854]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  188.624936][ T5854]  do_writepages+0x32e/0x550
[  188.624949][ T5854]  ? do_raw_spin_unlock+0x4d/0x240
[  188.624958][ T5854]  filemap_fdatawrite+0x199/0x240
[  188.624967][ T5854]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  188.624993][ T5854]  ? do_raw_spin_unlock+0x4d/0x240
[  188.625002][ T5854]  f2fs_sync_dirty_inodes+0x31f/0x830
[  188.625015][ T5854]  f2fs_write_checkpoint+0x95a/0x1df0
[  188.625030][ T5854]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  188.625054][ T5854]  ? kill_f2fs_super+0x298/0x6c0
[  188.625063][ T5854]  kill_f2fs_super+0x2c3/0x6c0
[  188.625072][ T5854]  ? __pfx_kill_f2fs_super+0x10/0x10
[  188.625077][ T5854]  ? radix_tree_delete_item+0x2b6/0x400
[  188.625089][ T5854]  ? shrinker_free+0x2ce/0x3e0
[  188.625097][ T5854]  deactivate_locked_super+0xbc/0x130
[  188.625106][ T5854]  cleanup_mnt+0x425/0x4c0
[  188.625114][ T5854]  ? lockdep_hardirqs_on+0x9c/0x150
[  188.625123][ T5854]  task_work_run+0x1d4/0x260
[  188.625134][ T5854]  ? __pfx_task_work_run+0x10/0x10
[  188.625141][ T5854]  ? __x64_sys_umount+0x122/0x160
[  188.625151][ T5854]  ? exit_to_user_mode_loop+0x40/0x110
[  188.625161][ T5854]  exit_to_user_mode_loop+0xec/0x110
[  188.625176][ T5854]  do_syscall_64+0x2bd/0x3b0
[  188.625185][ T5854]  ? lockdep_hardirqs_on+0x9c/0x150
[  188.625193][ T5854]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  188.625200][ T5854]  ? exc_page_fault+0x9f/0xf0
[  188.625209][ T5854]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  188.625215][ T5854] RIP: 0033:0x7f0adfb8ff17
[  188.625222][ T5854] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  188.625228][ T5854] RSP: 002b:00007ffdffe77088 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  188.625237][ T5854] RAX: 0000000000000000 RBX: 00007f0adfc11c05 RCX: 00007f0adfb8ff17
[  188.625242][ T5854] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdffe77140
[  188.625246][ T5854] RBP: 00007ffdffe77140 R08: 0000000000000000 R09: 0000000000000000
[  188.625250][ T5854] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffdffe781d0
[  188.625254][ T5854] R13: 00007f0adfc11c05 R14: 000000000002de59 R15: 00007ffdffe78210
[  188.625266][ T5854]  </TASK>
[  188.625269][ T5854] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  189.046916][T10037] syzkaller0: entered promiscuous mode
[  189.049692][T10037] syzkaller0: entered allmulticast mode
[  189.409511][T10045] overlayfs: failed to clone upperpath
[  189.483935][T10049] netlink: 'syz.0.1679': attribute type 10 has an invalid length.
[  190.436695][T10049] team0: Port device dummy0 added
[  190.500264][   T33] audit: type=1804 audit(1755257222.120:75): pid=10053 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1681" name="/newroot/502/bus/file0" dev="overlay" ino=2640 res=1 errno=0
[  190.863267][T10065] loop1: detected capacity change from 0 to 32768
[  191.343667][T10082] loop1: detected capacity change from 0 to 1024
[  191.358045][T10082] hfsplus: bad catalog entry type
[  191.389922][ T8165] hfsplus: b-tree write err: -5, ino 4
[  191.452877][T10085] loop1: detected capacity change from 0 to 128
[  191.469381][T10085] EXT4-fs: Ignoring removed nomblk_io_submit option
[  191.471589][T10085] EXT4-fs: Ignoring removed nomblk_io_submit option
[  191.481340][T10085] EXT4-fs (loop1): Test dummy encryption mode enabled
[  191.505406][T10085] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  191.545045][T10085] ext4 filesystem being mounted at /509/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  191.631402][ T5854] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  191.973812][T10089] loop2: detected capacity change from 0 to 32768
[  192.032676][T10089] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  192.071756][T10089] XFS (loop2): Ending clean mount
[  192.080951][T10089] XFS (loop2): Quotacheck needed: Please wait.
[  192.110498][T10089] XFS (loop2): Quotacheck: Done.
[  192.182597][ T5850] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  192.434739][T10132] netlink: 376 bytes leftover after parsing attributes in process `syz.1.1712'.
[  192.622851][T10138] loop1: detected capacity change from 0 to 32768
[  192.653004][T10138] XFS (loop1): DAX unsupported by block device. Turning off DAX.
[  192.664910][T10138] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  192.680544][T10138] XFS (loop1): Ending clean mount
[  192.685558][T10138] XFS (loop1): Quotacheck needed: Please wait.
[  192.711040][T10138] XFS (loop1): Quotacheck: Done.
[  192.743779][ T5854] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  192.994838][T10170] syz.1.1721 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  193.451741][T10196] loop1: detected capacity change from 0 to 512
[  193.503313][T10196] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #3: comm syz.1.1737: corrupted inode contents
[  193.517446][T10196] EXT4-fs error (device loop1): ext4_dirty_inode:6538: inode #3: comm syz.1.1737: mark_inode_dirty error
[  193.538688][T10196] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #3: comm syz.1.1737: corrupted inode contents
[  193.550066][T10196] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #3: comm syz.1.1737: mark_inode_dirty error
[  193.562607][T10196] Quota error (device loop1): write_blk: dquota write failed
[  193.566050][T10196] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[  193.571609][T10196] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.1737: Failed to acquire dquot type 0
[  193.582024][T10196] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #16: comm syz.1.1737: corrupted inode contents
[  193.588540][T10196] EXT4-fs error (device loop1): ext4_dirty_inode:6538: inode #16: comm syz.1.1737: mark_inode_dirty error
[  193.607142][T10196] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #16: comm syz.1.1737: corrupted inode contents
[  193.614873][T10196] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #16: comm syz.1.1737: mark_inode_dirty error
[  193.620125][T10196] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #16: comm syz.1.1737: corrupted inode contents
[  193.625097][T10196] EXT4-fs error (device loop1) in ext4_orphan_del:305: Corrupt filesystem
[  193.631723][T10210] loop2: detected capacity change from 0 to 4096
[  193.639882][T10196] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #16: comm syz.1.1737: corrupted inode contents
[  193.647630][T10196] EXT4-fs error (device loop1): ext4_truncate:4666: inode #16: comm syz.1.1737: mark_inode_dirty error
[  193.653251][T10196] EXT4-fs error (device loop1) in ext4_process_orphan:347: Corrupt filesystem
[  193.656376][T10210] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  193.659819][T10196] EXT4-fs (loop1): 1 truncate cleaned up
[  193.667018][T10196] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  193.675976][T10196] ext4 filesystem being mounted at /524/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  193.701664][ T5850] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  193.717755][ T5854] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  193.891470][T10221] capability: warning: `syz.2.1748' uses deprecated v2 capabilities in a way that may be insecure
[  193.899879][T10219] loop1: detected capacity change from 0 to 2048
[  193.956132][T10219]  loop1: p1 < > p4
[  193.961161][T10219] loop1: p4 start 42180 is beyond EOD, truncated
[  194.429415][ T5897] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  194.577001][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[  194.580453][ T1361] ieee802154 phy1 wpan1: encryption failed: -22
[  194.608959][ T5897] usb 2-1: Using ep0 maxpacket: 32
[  194.614174][ T5897] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9
[  194.621292][ T5897] usb 2-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  194.625255][ T5897] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  194.628653][ T5897] usb 2-1: Product: syz
[  194.631769][ T5897] usb 2-1: Manufacturer: syz
[  194.633823][ T5897] usb 2-1: SerialNumber: syz
[  194.638550][ T5897] usb 2-1: config 0 descriptor??
[  194.643754][T10233] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  194.653517][ T5897] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input12
[  194.854917][ T5897] usb 2-1: USB disconnect, device number 21
[  194.857430][    C1] usbtouchscreen 2-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  196.143736][T10283] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1774'.
[  196.205796][T10289] loop2: detected capacity change from 0 to 128
[  196.221874][T10289] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  196.227398][T10289] ext4 filesystem being mounted at /568/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  196.251563][ T5850] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  196.292353][T10295] netlink: 'syz.2.1780': attribute type 1 has an invalid length.
[  196.335222][T10297] vxcan1: tx drop: invalid da for name 0xfffffffffffffffd
[  196.374545][T10299] loop2: detected capacity change from 0 to 1024
[  196.423688][T10299] hfsplus: catalog searching failed
[  196.442936][ T8160] hfsplus: b-tree write err: -5, ino 3
[  196.446982][ T5850] hfsplus: node 4:3 still has 1 user(s)!
[  196.449967][   T62] usb 2-1: new full-speed USB device number 22 using dummy_hcd
[  196.607191][   T62] usb 2-1: config 0 has an invalid interface number: 29 but max is 0
[  196.615230][   T62] usb 2-1: config 0 has no interface number 0
[  196.625921][   T62] usb 2-1: config 0 interface 29 has no altsetting 0
[  196.632342][   T62] usb 2-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=39.ac
[  196.635991][   T62] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  196.639762][   T62] usb 2-1: Product: syz
[  196.641628][   T62] usb 2-1: Manufacturer: syz
[  196.644045][   T62] usb 2-1: SerialNumber: syz
[  196.660934][   T62] usb 2-1: config 0 descriptor??
[  196.886586][   T62] peak_usb 2-1:0.29 can0: unable to request usb[type=0 value=1] err=-71
[  196.894911][   T62] peak_usb 2-1:0.29: unable to read PCAN-USB X6 firmware info (err -71)
[  197.003522][   T62] peak_usb 2-1:0.29: probe with driver peak_usb failed with error -71
[  197.018703][   T62] usb 2-1: USB disconnect, device number 22
[  197.779991][ T3144] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  197.950882][ T3144] usb 2-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  197.955901][ T3144] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  197.960730][ T3144] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  197.964895][ T3144] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  197.968172][ T3144] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  197.976472][T10325] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  198.072542][T10355] loop2: detected capacity change from 0 to 16
[  198.081941][T10355] erofs (device loop2): mounted with root inode @ nid 36.
[  198.088259][T10355] erofs (device loop2): readahead error at folio 7 @ nid 36
[  198.093909][T10355] erofs (device loop2): bogus lookback distance 26160 @ lcn 6 of nid 36
[  198.097261][T10355] erofs (device loop2): readahead error at folio 6 @ nid 36
[  198.100497][T10355] erofs (device loop2): readahead error at folio 5 @ nid 36
[  198.103503][T10355] erofs (device loop2): inconsistent algorithmtype 0 for nid 36
[  198.106782][T10355] erofs (device loop2): readahead error at folio 4 @ nid 36
[  198.111727][T10355] erofs (device loop2): inconsistent algorithmtype 0 for nid 36
[  198.114879][T10355] erofs (device loop2): readahead error at folio 3 @ nid 36
[  198.118726][T10355] erofs (device loop2): inconsistent algorithmtype 0 for nid 36
[  198.122191][T10355] erofs (device loop2): readahead error at folio 1 @ nid 36
[  198.125087][T10355] erofs (device loop2): bogus lookback distance 0 @ lcn 0 of nid 36
[  198.128208][T10355] erofs (device loop2): readahead error at folio 0 @ nid 36
[  198.132797][T10355] syz.2.1808: attempt to access beyond end of device
[  198.132797][T10355] loop2: rw=524288, sector=525136, nr_sectors = 8 limit=16
[  198.138479][T10355] erofs (device loop2): bogus lookback distance 0 @ lcn 0 of nid 36
[  198.143596][T10355] erofs (device loop2): bogus lookback distance 0 @ lcn 0 of nid 36
[  198.146909][T10355] erofs (device loop2): read error -117 @ 0 of nid 36
[  198.149867][T10355] erofs (device loop2): failed to readdir of logical block 0 of nid 36
[  198.193064][ T3144] aiptek 2-1:17.0: Aiptek using 400 ms programming speed
[  198.213062][ T3144] input: Aiptek as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:17.0/input/input13
[  198.259882][ T3144] usb 2-1: USB disconnect, device number 23
[  198.262365][    C1] aiptek 2-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  198.391943][T10365] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.1813'.
[  198.394392][T10366] sctp: [Deprecated]: syz.2.1812 (pid 10366) Use of struct sctp_assoc_value in delayed_ack socket option.
[  198.394392][T10366] Use struct sctp_sack_info instead
[  198.801141][T10384] openvswitch: netlink: IPv6 tunnel dst address is zero
[  198.977144][T10391] (syz.0.1825,10391,0):dlmfs_mkdir:421 ERROR: invalid domain name for directory.
[  199.248175][T10397] loop2: detected capacity change from 0 to 764
[  199.535719][T10415] gre1: entered promiscuous mode
[  199.979280][T10451] vcan0: tx drop: invalid da for name 0x00000000000000c7
[  200.053092][T10460] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1846'.
[  200.201976][T10464] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1842'.
[  200.639182][ T5898] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  200.793080][ T5898] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  200.797920][ T5898] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  200.828008][ T5898] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  200.841013][ T5898] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  200.857604][ T5898] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  200.865165][ T5898] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  200.871802][ T5898] usb 2-1: config 0 descriptor??
[  201.649582][ T5898] plantronics 0003:047F:FFFF.0009: ignoring exceeding usage max
[  201.667458][ T5898] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  201.680144][ T5898] usb 2-1: USB disconnect, device number 24
[  202.859001][T10568] loop1: detected capacity change from 0 to 32768
[  202.877199][   T33] audit: type=1800 audit(1755257234.490:76): pid=10568 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1881" name="file1" dev="loop1" ino=4 res=0 errno=0
[  203.336538][T10595] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  203.718969][   T33] audit: type=1326 audit(1755257235.330:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10619 comm="syz.1.1903" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0adfb8ebe9 code=0x0
[  204.368932][ T5897] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  204.524145][ T5897] usb 3-1: New USB device found, idVendor=0c45, idProduct=60a8, bcdDevice=b5.55
[  204.528081][ T5897] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  204.537046][ T5897] usb 3-1: Product: syz
[  204.539441][ T5897] usb 3-1: Manufacturer: syz
[  204.541458][ T5897] usb 3-1: SerialNumber: syz
[  204.546252][ T5897] usb 3-1: config 0 descriptor??
[  204.552081][ T5897] gspca_main: sonixb-2.14.0 probing 0c45:60a8
[  204.763587][T10641] trusted_key: encrypted_key: insufficient parameters specified
[  205.258542][ T5897] sonixb 3-1:0.0: Error writing register 01: -71
[  205.265859][ T5897] sonixb 3-1:0.0: probe with driver sonixb failed with error -71
[  205.276472][ T5897] usb 3-1: USB disconnect, device number 19
[  205.749399][T10654] loop1: detected capacity change from 0 to 32768
[  205.755315][T10654] 
[  205.755315][T10654]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  205.755315][T10654] 
[  205.766965][T10654] ERROR: (device loop1): diWrite: ixpxd invalid
[  205.766965][T10654] 
[  205.773087][T10654] ERROR: (device loop1): txCommit: 
[  205.773087][T10654] 
[  205.801354][ T5854] 
[  205.801354][ T5854]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  205.801354][ T5854] 
[  205.809193][ T5854] 
[  205.809193][ T5854]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  205.809193][ T5854] 
[  205.918881][T10658] loop2: detected capacity change from 0 to 4096
[  205.923041][T10658] ntfs3(loop2): Different NTFS sector size (2048) and media sector size (512).
[  205.941956][T10658] ntfs3(loop2): Failed to initialize $Extend/$ObjId.
[  206.141567][T10672] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1925'.
[  207.026274][T10694] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1935'.
[  207.030283][T10694] netlink: 'syz.1.1935': attribute type 21 has an invalid length.
[  207.074013][T10692] A link change request failed with some changes committed already. Interface sit0 may have been left with an inconsistent configuration, please check.
[  207.296104][T10700] block nbd1: NBD_DISCONNECT
[  207.634124][T10725] netlink: 'syz.1.1949': attribute type 11 has an invalid length.
[  207.637346][T10725] netlink: 'syz.1.1949': attribute type 4 has an invalid length.
[  207.644177][T10725] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1949'.
[  207.675263][T10728] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1952'.
[  207.708159][T10732] RDS: rds_bind could not find a transport for fe80::aa, load rds_tcp or rds_rdma?
[  208.282093][T10765] loop2: detected capacity change from 0 to 128
[  208.308533][T10765] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  208.315566][T10765] ext4 filesystem being mounted at /632/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  208.357981][ T5850] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  208.408239][T10772] netlink: 228 bytes leftover after parsing attributes in process `syz.2.1972'.
[  208.440588][T10774] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1973'.
[  208.642374][   T33] audit: type=1326 audit(1755257240.260:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10789 comm="syz.0.1981" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff5ff8ebe9 code=0x7ffc0000
[  208.660059][   T33] audit: type=1326 audit(1755257240.270:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10789 comm="syz.0.1981" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff5ff8ebe9 code=0x7ffc0000
[  208.674630][   T33] audit: type=1326 audit(1755257240.270:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10789 comm="syz.0.1981" exe="/syz-executor" sig=0 arch=c000003e syscall=68 compat=0 ip=0x7eff5ff8ebe9 code=0x7ffc0000
[  208.688077][   T33] audit: type=1326 audit(1755257240.270:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10789 comm="syz.0.1981" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff5ff8ebe9 code=0x7ffc0000
[  208.696121][   T33] audit: type=1326 audit(1755257240.270:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10789 comm="syz.0.1981" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff5ff8ebe9 code=0x7ffc0000
[  208.705762][   T33] audit: type=1326 audit(1755257240.270:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10789 comm="syz.0.1981" exe="/syz-executor" sig=0 arch=c000003e syscall=69 compat=0 ip=0x7eff5ff8ebe9 code=0x7ffc0000
[  208.716094][   T33] audit: type=1326 audit(1755257240.270:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10789 comm="syz.0.1981" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff5ff8ebe9 code=0x7ffc0000
[  208.731632][   T33] audit: type=1326 audit(1755257240.270:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10789 comm="syz.0.1981" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff5ff8ebe9 code=0x7ffc0000
[  208.732189][T10792] overlayfs: failed to clone upperpath
[  208.751187][   T33] audit: type=1326 audit(1755257240.270:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10789 comm="syz.0.1981" exe="/syz-executor" sig=0 arch=c000003e syscall=70 compat=0 ip=0x7eff5ff8ebe9 code=0x7ffc0000
[  208.762774][   T33] audit: type=1326 audit(1755257240.270:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10789 comm="syz.0.1981" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff5ff8ebe9 code=0x7ffc0000
[  208.910711][T10786] loop2: detected capacity change from 0 to 32768
[  208.929517][T10786] ocfs2: Slot 0 on device (7,2) was already allocated to this node!
[  208.941040][T10786] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  208.984453][ T5850] ocfs2: Unmounting device (7,2) on (node local)
[  209.140076][T10812] loop2: detected capacity change from 0 to 4096
[  209.146139][T10812] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512).
[  209.166105][T10812] ntfs3(loop2): $Secure::$SDH is corrupted.
[  209.168749][T10812] ntfs3(loop2): Failed to initialize $Secure (-22).
[  209.315094][T10828] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  209.499013][T10834] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem
[  209.720243][ T5851] Bluetooth: hci2: unexpected event for opcode 0x1004
[  209.837598][T10854] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2010'.
[  210.232920][T10860] netlink: 'syz.2.2013': attribute type 4 has an invalid length.
[  210.476537][T10868] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2017'.
[  210.855297][T10887] binder: 10886:10887 ioctl 400c620e 200000000000 returned -22
[  211.092174][T10847] kexec: Could not allocate control_code_buffer
[  211.319924][ T5897] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  211.468983][ T5897] usb 3-1: Using ep0 maxpacket: 16
[  211.473139][ T5897] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  211.476853][ T5897] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  211.481760][ T5897] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  211.487794][ T5897] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  211.491803][ T5897] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  211.495517][ T5897] usb 3-1: Product: syz
[  211.497303][ T5897] usb 3-1: Manufacturer: syz
[  211.499695][ T5897] usb 3-1: SerialNumber: syz
[  211.913155][ T5897] usb 3-1: 0:2 : does not exist
[  212.311056][T10929] xfrm0: entered promiscuous mode
[  212.312866][T10929] xfrm0: entered allmulticast mode
[  212.733750][ T5897] usb 3-1: USB disconnect, device number 20
[  213.344697][T10959] team0: entered promiscuous mode
[  213.346896][T10959] team_slave_0: entered promiscuous mode
[  213.349842][T10959] team_slave_1: entered promiscuous mode
[  213.352948][T10959] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  213.361719][T10959] bond0: (slave macvlan2): Enslaving as an active interface with an up link
[  213.622917][T10973] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2068'.
[  213.770038][ T5851] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  213.776127][ T5851] Bluetooth: hci2: Injecting HCI hardware error event
[  213.786640][   T55] Bluetooth: hci2: hardware error 0x00
[  213.824050][T10987] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2075'.
[  214.814680][T11003] veth1_vlan: left promiscuous mode
[  215.001782][T11019] netlink: 'syz.2.2089': attribute type 3 has an invalid length.
[  215.005425][T11019] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.2089'.
[  215.081003][T11022] netlink: 'syz.2.2090': attribute type 1 has an invalid length.
[  215.084322][T11022] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2090'.
[  215.849457][   T55] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  216.847113][T11039] tmpfs: User quota block hardlimit too large.
[  217.806036][T11060] loop2: detected capacity change from 0 to 256
[  217.826432][T11060] FAT-fs (loop2): Directory bread(block 64) failed
[  217.833300][T11060] FAT-fs (loop2): Directory bread(block 65) failed
[  217.842035][T11060] FAT-fs (loop2): Directory bread(block 66) failed
[  217.848095][T11060] FAT-fs (loop2): Directory bread(block 67) failed
[  217.850900][T11060] FAT-fs (loop2): Directory bread(block 68) failed
[  217.853068][T11060] FAT-fs (loop2): Directory bread(block 69) failed
[  217.855278][T11060] FAT-fs (loop2): Directory bread(block 70) failed
[  217.857411][T11060] FAT-fs (loop2): Directory bread(block 71) failed
[  217.861094][T11060] FAT-fs (loop2): Directory bread(block 72) failed
[  217.863923][T11060] FAT-fs (loop2): Directory bread(block 73) failed
[  218.003434][T11074] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2113'.
[  218.033055][T11077] netlink: 'syz.2.2114': attribute type 5 has an invalid length.
[  220.245698][T11128] ip6gretap2: entered promiscuous mode
[  220.247564][T11128] ip6gretap2: entered allmulticast mode
[  220.325466][   T33] kauditd_printk_skb: 7 callbacks suppressed
[  220.325476][   T33] audit: type=1326 audit(1755257251.940:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11131 comm="syz.0.2137" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff5ff8ebe9 code=0x7ffc0000
[  220.335536][   T33] audit: type=1326 audit(1755257251.940:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11131 comm="syz.0.2137" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff5ff8ebe9 code=0x7ffc0000
[  220.342911][   T33] audit: type=1326 audit(1755257251.940:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11131 comm="syz.0.2137" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7eff5ff8ebe9 code=0x7ffc0000
[  220.352193][   T33] audit: type=1326 audit(1755257251.940:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11131 comm="syz.0.2137" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff5ff8ebe9 code=0x7ffc0000
[  220.360669][   T33] audit: type=1326 audit(1755257251.940:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11131 comm="syz.0.2137" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff5ff8ebe9 code=0x7ffc0000
[  220.369627][   T33] audit: type=1326 audit(1755257251.940:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11131 comm="syz.0.2137" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7eff5ff8ebe9 code=0x7ffc0000
[  220.377161][   T33] audit: type=1326 audit(1755257251.950:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11131 comm="syz.0.2137" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff5ff8ebe9 code=0x7ffc0000
[  220.380664][T11135] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  220.384746][   T33] audit: type=1326 audit(1755257251.950:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11131 comm="syz.0.2137" exe="/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7eff5ff8ebe9 code=0x7ffc0000
[  220.397586][   T33] audit: type=1326 audit(1755257251.970:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11131 comm="syz.0.2137" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff5ff8ebe9 code=0x7ffc0000
[  220.406572][   T33] audit: type=1326 audit(1755257251.970:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11133 comm="syz.0.2137" exe="/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7eff5ffc14a5 code=0x7ffc0000
[  220.472930][T11141] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  220.591695][T11153] bridge0: port 3(syz_tun) entered blocking state
[  220.595139][T11153] bridge0: port 3(syz_tun) entered disabled state
[  220.598478][T11153] syz_tun: entered allmulticast mode
[  220.610711][T11153] syz_tun: entered promiscuous mode
[  220.614984][T11153] bridge0: port 3(syz_tun) entered blocking state
[  220.618342][T11153] bridge0: port 3(syz_tun) entered forwarding state
[  221.117313][T11162] netlink: 52 bytes leftover after parsing attributes in process `syz.0.2151'.
[  221.780923][T11175] netlink: 172 bytes leftover after parsing attributes in process `syz.0.2155'.
[  221.784860][T11175] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2155'.
[  221.792370][T11175] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2155'.
[  223.329010][    T9] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  223.485680][    T9] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 33, using maximum allowed: 30
[  223.490618][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  223.495876][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  223.502046][    T9] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 33
[  223.507533][    T9] usb 3-1: New USB device found, idVendor=172f, idProduct=0502, bcdDevice= 0.00
[  223.511925][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  223.521316][    T9] usb 3-1: config 0 descriptor??
[  223.944167][    T9] usbhid 3-1:0.0: can't add hid device: -71
[  223.946784][    T9] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  223.960866][    T9] usb 3-1: USB disconnect, device number 21
[  225.572254][T11232] loop2: detected capacity change from 0 to 512
[  225.626305][T11232] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  225.632718][T11232] ext4 filesystem being mounted at /700/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  225.701590][ T5850] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  225.755349][T11245] loop2: detected capacity change from 0 to 512
[  225.758308][T11245] EXT4-fs (loop2): Test dummy encryption mode enabled
[  225.760713][T11245] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  225.765362][T11245] EXT4-fs error (device loop2): ext4_orphan_get:1418: comm syz.2.2187: bad orphan inode 131083
[  225.770244][T11245] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  225.834584][T11247] fscrypt: AES-256-XTS using implementation "xts(ecb(aes-fixed-time))"
[  225.838757][   T33] kauditd_printk_skb: 7 callbacks suppressed
[  225.838768][   T33] audit: type=1800 audit(1755257257.450:112): pid=11247 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2187" name="file1" dev="loop2" ino=19 res=0 errno=0
[  226.789086][ T5850] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  226.895944][ T5851] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  226.910289][ T5851] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  226.914247][ T5851] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  226.921365][ T5851] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  226.924134][ T5851] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  227.103833][T11260] chnl_net:caif_netlink_parms(): no params data found
[  227.132041][T11278] binder: 11277:11278 ioctl c0306201 0 returned -14
[  227.176109][ T5911] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  227.184903][T11280] openvswitch: netlink: Missing key (keys=40, expected=2000)
[  227.227349][T11260] bridge0: port 1(bridge_slave_0) entered blocking state
[  227.230585][T11260] bridge0: port 1(bridge_slave_0) entered disabled state
[  227.233293][T11260] bridge_slave_0: entered allmulticast mode
[  227.236161][T11260] bridge_slave_0: entered promiscuous mode
[  227.258180][ T5911] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  227.265251][T11260] bridge0: port 2(bridge_slave_1) entered blocking state
[  227.267963][T11260] bridge0: port 2(bridge_slave_1) entered disabled state
[  227.271272][T11260] bridge_slave_1: entered allmulticast mode
[  227.274211][T11260] bridge_slave_1: entered promiscuous mode
[  227.316892][ T5911] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  227.325891][T11260] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  227.332701][T11260] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  227.358569][T11260] team0: Port device team_slave_0 added
[  227.364312][T11287] loop2: detected capacity change from 0 to 32768
[  227.371130][T11287] (syz.2.2202,11287,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  227.373172][ T5911] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  227.376205][T11287] (syz.2.2202,11287,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  227.386111][T11260] team0: Port device team_slave_1 added
[  227.391447][T11287] JBD2: Ignoring recovery information on journal
[  227.411603][T11260] batman_adv: batadv0: Adding interface: batadv_slave_0
[  227.414530][T11260] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  227.425551][T11260] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  227.426314][T11287] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  227.436639][T11260] batman_adv: batadv0: Adding interface: batadv_slave_1
[  227.441937][T11260] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  227.454498][T11260] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  227.521805][T11260] hsr_slave_0: entered promiscuous mode
[  227.523866][ T5850] ocfs2: Unmounting device (7,2) on (node local)
[  227.524184][T11260] hsr_slave_1: entered promiscuous mode
[  227.535941][T11260] debugfs: 'hsr0' already exists in 'hsr'
[  227.537792][T11260] Cannot create hsr debugfs directory
[  227.614191][ T5911] bridge_slave_1: left allmulticast mode
[  227.616525][ T5911] bridge_slave_1: left promiscuous mode
[  227.620495][ T5911] bridge0: port 2(bridge_slave_1) entered disabled state
[  227.627694][ T5911] bridge_slave_0: left allmulticast mode
[  227.632038][ T5911] bridge_slave_0: left promiscuous mode
[  227.633971][ T5911] bridge0: port 1(bridge_slave_0) entered disabled state
[  228.037732][ T5911] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  228.043974][ T5911] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  228.049727][ T5911] bond0 (unregistering): Released all slaves
[  228.056349][ T5911] bond1 (unregistering): Released all slaves
[  228.076735][T11297] bridge0: entered promiscuous mode
[  228.082509][T11297] bridge0: port 4(macvlan2) entered blocking state
[  228.085126][T11297] bridge0: port 4(macvlan2) entered disabled state
[  228.088248][T11297] macvlan2: entered allmulticast mode
[  228.092707][T11297] bridge0: entered allmulticast mode
[  228.096976][T11297] macvlan2: left allmulticast mode
[  228.101385][T11297] bridge0: left allmulticast mode
[  228.104851][T11297] bridge0: left promiscuous mode
[  228.210814][ T5911] IPVS: stopping backup sync thread 9134 ...
[  228.313375][T11307] overlayfs: failed to clone upperpath
[  228.330676][T11307] overlayfs: failed to clone upperpath
[  228.467455][T11319] loop2: detected capacity change from 0 to 1764
[  228.470309][ T5911] hsr_slave_0: left promiscuous mode
[  228.473043][ T5911] hsr_slave_1: left promiscuous mode
[  228.475679][ T5911] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  228.480716][ T5911] batman_adv: batadv0: Removing interface: batadv_slave_0
[  228.485042][ T5911] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  228.487925][ T5911] batman_adv: batadv0: Removing interface: batadv_slave_1
[  228.507347][ T5911] veth1_macvtap: left promiscuous mode
[  228.510069][ T5911] veth0_macvtap: left allmulticast mode
[  228.511938][ T5911] veth0_macvtap: left promiscuous mode
[  228.513827][ T5911] veth1_vlan: left promiscuous mode
[  228.516885][ T5911] veth0_vlan: left promiscuous mode
[  228.542157][   T33] audit: type=1326 audit(1755257260.160:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11322 comm="syz.2.2218" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89f358ebe9 code=0x7ffc0000
[  228.560487][   T33] audit: type=1326 audit(1755257260.170:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11322 comm="syz.2.2218" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89f358ebe9 code=0x7ffc0000
[  228.567574][   T33] audit: type=1326 audit(1755257260.180:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11322 comm="syz.2.2218" exe="/syz-executor" sig=0 arch=c000003e syscall=229 compat=0 ip=0x7f89f358ebe9 code=0x7ffc0000
[  228.608102][   T33] audit: type=1326 audit(1755257260.180:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11322 comm="syz.2.2218" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89f358ebe9 code=0x7ffc0000
[  228.629839][   T33] audit: type=1326 audit(1755257260.180:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11322 comm="syz.2.2218" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89f358ebe9 code=0x7ffc0000
[  228.639455][   T33] audit: type=1800 audit(1755257260.190:118): pid=11327 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2220" name="SYSV00000000" dev="hugetlbfs" ino=2 res=0 errno=0
[  228.943347][   T24] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  228.969655][   T55] Bluetooth: hci3: command tx timeout
[  229.048138][ T5911] team0 (unregistering): Port device team_slave_1 removed
[  229.085038][ T5911] team0 (unregistering): Port device team_slave_0 removed
[  229.112463][   T24] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  229.116249][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  229.127651][   T24] usb 3-1: Product: syz
[  229.131465][   T24] usb 3-1: Manufacturer: syz
[  229.133506][   T24] usb 3-1: SerialNumber: syz
[  229.146445][   T24] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  229.218551][   T24] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  229.511476][T11344] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2228'.
[  229.537249][T11260] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  229.554769][T11260] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  229.561053][T11260] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  229.575938][T11260] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  229.651296][ T5897] usb 3-1: USB disconnect, device number 22
[  229.715765][T11260] 8021q: adding VLAN 0 to HW filter on device bond0
[  229.728117][T11260] 8021q: adding VLAN 0 to HW filter on device team0
[  229.737891][   T32] bridge0: port 1(bridge_slave_0) entered blocking state
[  229.740314][   T32] bridge0: port 1(bridge_slave_0) entered forwarding state
[  229.748676][   T32] bridge0: port 2(bridge_slave_1) entered blocking state
[  229.751680][   T32] bridge0: port 2(bridge_slave_1) entered forwarding state
[  229.782387][ T5911] IPVS: stop unused estimator thread 0...
[  229.900893][T11260] 8021q: adding VLAN 0 to HW filter on device batadv0
[  229.934745][T11260] veth0_vlan: entered promiscuous mode
[  229.945694][T11260] veth1_vlan: entered promiscuous mode
[  229.972347][T11260] veth0_macvtap: entered promiscuous mode
[  229.978215][T11260] veth1_macvtap: entered promiscuous mode
[  229.993789][T11260] batman_adv: batadv0: Interface activated: batadv_slave_0
[  230.008660][T11260] batman_adv: batadv0: Interface activated: batadv_slave_1
[  230.022232][ T5911] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  230.026680][   T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  230.030912][   T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  230.034163][   T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  230.096222][ T9763] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  230.099760][ T9763] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  230.117059][   T32] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  230.121352][   T32] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  230.255120][   T24] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive
[  230.261521][   T24] ath9k_htc: Failed to initialize the device
[  230.273336][ T5897] usb 3-1: ath9k_htc: USB layer deinitialized
[  230.298188][T11370] loop3: detected capacity change from 0 to 4096
[  230.307240][T11370] ntfs3(loop3): Different NTFS sector size (2048) and media sector size (512).
[  230.363150][T11370] ntfs3(loop3): Failed to load $Bitmap (-22).
[  230.869185][   T62] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  231.029650][   T62] usb 4-1: Using ep0 maxpacket: 32
[  231.058384][   T55] Bluetooth: hci3: command tx timeout
[  231.096424][   T62] usb 4-1: config 0 has an invalid interface number: 247 but max is 0
[  231.112201][   T62] usb 4-1: config 0 has no interface number 0
[  231.114947][   T62] usb 4-1: config 0 interface 247 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  231.119761][   T62] usb 4-1: config 0 interface 247 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  231.128392][   T62] usb 4-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=62.9b
[  231.132275][   T62] usb 4-1: New USB device strings: Mfr=1, Product=3, SerialNumber=0
[  231.135671][   T62] usb 4-1: Product: syz
[  231.137196][   T62] usb 4-1: Manufacturer: syz
[  231.145012][   T62] usb 4-1: config 0 descriptor??
[  231.373567][   T62] usb 4-1: USB disconnect, device number 2
[  232.203656][T11405] loop2: detected capacity change from 0 to 512
[  232.207351][T11405] EXT4-fs: Ignoring removed nomblk_io_submit option
[  232.211503][T11405] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  232.218768][T11405] EXT4-fs (loop2): 1 truncate cleaned up
[  232.223749][T11405] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  232.235048][   T33] audit: type=1800 audit(1755257263.850:119): pid=11405 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2247" name="file1" dev="loop2" ino=15 res=0 errno=0
[  232.261397][ T5850] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  232.397427][T11420] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2253'.
[  232.519112][   T62] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  232.669085][   T62] usb 3-1: Using ep0 maxpacket: 8
[  232.675410][   T62] usb 3-1: unable to get BOS descriptor or descriptor too short
[  232.683317][   T62] usb 3-1: config 2 has an invalid interface number: 179 but max is 0
[  232.687170][   T62] usb 3-1: config 2 has no interface number 0
[  232.690228][   T62] usb 3-1: config 2 interface 179 has no altsetting 0
[  232.695823][   T62] usb 3-1: New USB device found, idVendor=0a2c, idProduct=0008, bcdDevice=b5.a8
[  232.701078][   T62] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  232.704727][   T62] usb 3-1: Product: syz
[  232.706709][   T62] usb 3-1: Manufacturer: syz
[  232.709595][   T62] usb 3-1: SerialNumber: syz
[  232.932639][   T62] cypress_cy7c63 3-1:2.179: Cypress CY7C63xxx device now attached
[  232.937873][   T62] usb 3-1: USB disconnect, device number 23
[  232.942795][   T62] cypress_cy7c63 3-1:2.179: Cypress CY7C63xxx device now disconnected
[  233.130310][   T55] Bluetooth: hci3: command tx timeout
[  233.614406][T11450] loop2: detected capacity change from 0 to 512
[  233.618424][T11450] EXT4-fs (loop2): Invalid log cluster size: 956301314
[  233.780462][T11464] tipc: Started in network mode
[  233.782187][T11464] tipc: Node identity 127bc7955b98, cluster identity 4711
[  233.784673][T11464] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  233.787366][T11464] syzkaller0: entered promiscuous mode
[  233.790781][T11464] syzkaller0: entered allmulticast mode
[  233.804630][T11464] tipc: Resetting bearer <eth:syzkaller0>
[  233.808972][T11463] tipc: Resetting bearer <eth:syzkaller0>
[  233.818509][T11463] tipc: Disabling bearer <eth:syzkaller0>
[  234.141105][ T3144] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  234.311010][ T3144] usb 3-1: too many endpoints for config 4 interface 0 altsetting 0: 101, using maximum allowed: 30
[  234.315479][ T3144] usb 3-1: config 4 interface 0 altsetting 0 has an endpoint descriptor with address 0xA4, changing to 0x84
[  234.320256][ T3144] usb 3-1: config 4 interface 0 altsetting 0 bulk endpoint 0x84 has invalid maxpacket 77
[  234.324280][ T3144] usb 3-1: config 4 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 101
[  234.331514][ T3144] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  234.335415][ T3144] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  234.341287][T11468] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  234.548045][ T3144] ath6kl: Failed to submit usb control message: -71
[  234.551133][ T3144] ath6kl: unable to send the bmi data to the device: -71
[  234.554085][ T3144] ath6kl: Unable to send get target info: -71
[  234.566157][ T3144] ath6kl: Failed to init ath6kl core: -71
[  234.569997][ T3144] ath6kl_usb 3-1:4.0: probe with driver ath6kl_usb failed with error -71
[  234.582531][ T3144] usb 3-1: USB disconnect, device number 24
[  235.211789][   T55] Bluetooth: hci3: command tx timeout
[  235.531563][   T24] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  235.768234][   T24] usb 3-1: Using ep0 maxpacket: 32
[  235.773389][   T24] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  235.787165][   T24] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  235.801328][   T24] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  235.804829][   T24] usb 3-1: Product: syz
[  235.806641][   T24] usb 3-1: Manufacturer: syz
[  235.808645][   T24] usb 3-1: SerialNumber: syz
[  235.824957][   T24] usb 3-1: config 0 descriptor??
[  235.827619][T11519] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  235.839721][   T24] hub 3-1:0.0: bad descriptor, ignoring hub
[  235.842295][   T24] hub 3-1:0.0: probe with driver hub failed with error -5
[  235.872242][T11546] netlink: 'syz.0.2311': attribute type 1 has an invalid length.
[  236.161105][   T24] usb 3-1: USB disconnect, device number 25
[  236.594938][T11562] netlink: 'syz.0.2318': attribute type 4 has an invalid length.
[  236.597941][T11562] netlink: 244 bytes leftover after parsing attributes in process `syz.0.2318'.
[  236.655427][T11566] vlan3: entered allmulticast mode
[  236.657235][T11566] dummy0: entered allmulticast mode
[  236.659122][   T24] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  236.839009][   T24] usb 3-1: Using ep0 maxpacket: 32
[  236.848310][   T24] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  236.854973][   T24] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  236.859562][   T24] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  236.863037][   T24] usb 3-1: Product: syz
[  236.864899][   T24] usb 3-1: Manufacturer: syz
[  236.866906][   T24] usb 3-1: SerialNumber: syz
[  236.887974][   T24] usb 3-1: config 0 descriptor??
[  236.891204][T11519] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  236.895244][   T24] hub 3-1:0.0: bad descriptor, ignoring hub
[  236.897738][   T24] hub 3-1:0.0: probe with driver hub failed with error -5
[  237.046482][T11585] overlayfs: failed to clone upperpath
[  237.082991][T11581] loop3: detected capacity change from 0 to 32768
[  237.239295][   T24] usb 3-1: USB disconnect, device number 26
[  238.439014][    T9] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  238.600646][    T9] usb 4-1: Using ep0 maxpacket: 16
[  238.605071][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  238.610900][    T9] usb 4-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  238.615455][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  238.625726][    T9] usb 4-1: config 0 descriptor??
[  239.124976][    T9] mcp2221 0003:04D8:00DD.000A: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.3-1/input0
[  239.506328][T11649] 9pnet_fd: Insufficient options for proto=fd
[  239.529802][   T24] usb 4-1: USB disconnect, device number 3
[  240.125986][T11661] loop2: detected capacity change from 0 to 2048
[  240.141559][T11664] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  240.154265][T11666] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2360'.
[  240.158273][T11666] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  240.168592][T11661] NILFS (loop2): error -2 truncating bmap (ino=16)
[  240.337171][T11678] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2365'.
[  240.573631][   T24] IPVS: starting estimator thread 0...
[  240.658978][T11693] IPVS: using max 47 ests per chain, 112800 per kthread
[  240.753879][T11703] loop2: detected capacity change from 0 to 8192
[  241.153111][   T33] audit: type=1326 audit(1755257272.770:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11727 comm="syz.2.2388" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f89f358ebe9 code=0x0
[  242.320172][T11768] loop2: detected capacity change from 0 to 512
[  242.334580][T11768] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm syz.2.2406: bg 0: block 16: invalid block bitmap
[  242.342089][T11768] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  242.346118][T11768] EXT4-fs error (device loop2): ext4_clear_blocks:876: inode #13: comm syz.2.2406: attempt to clear invalid blocks 1669132790 len 1
[  242.352644][T11768] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #13: comm syz.2.2406: invalid indirect mapped block 4294967295 (level 1)
[  242.358570][T11768] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #13: comm syz.2.2406: invalid indirect mapped block 4294967295 (level 2)
[  242.365143][T11768] EXT4-fs (loop2): 1 truncate cleaned up
[  242.368708][T11768] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  242.372875][T11772] netlink: 91 bytes leftover after parsing attributes in process `syz.0.2407'.
[  242.379162][T11772] netlink: 91 bytes leftover after parsing attributes in process `syz.0.2407'.
[  242.401314][ T5850] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  242.541417][T11784] loop2: detected capacity change from 0 to 4096
[  242.555552][T11789] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  242.880874][T11807] loop3: detected capacity change from 0 to 1024
[  242.884260][T11807] EXT4-fs: Ignoring removed nobh option
[  242.886855][T11807] EXT4-fs: Ignoring removed bh option
[  242.888944][ T3144] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  242.906469][T11807] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  242.936963][T11260] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  243.038986][ T3144] usb 3-1: Using ep0 maxpacket: 16
[  243.045977][ T3144] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  243.049895][ T3144] usb 3-1: config 0 has no interface number 0
[  243.059991][ T3144] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  243.064476][ T3144] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  243.068093][ T3144] usb 3-1: Product: syz
[  243.070178][ T3144] usb 3-1: Manufacturer: syz
[  243.072289][ T3144] usb 3-1: SerialNumber: syz
[  243.079290][ T3144] usb 3-1: config 0 descriptor??
[  243.099245][ T3144] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  243.379375][   T24] usb 4-1: new full-speed USB device number 4 using dummy_hcd
[  243.457031][T11825] wlan1: mtu greater than device maximum
[  243.551743][   T24] usb 4-1: too many configurations: 80, using maximum allowed: 8
[  243.557412][   T24] usb 4-1: unable to read config index 0 descriptor/start: -61
[  243.560255][   T24] usb 4-1: can't read configurations, error -61
[  243.698916][   T24] usb 4-1: new full-speed USB device number 5 using dummy_hcd
[  243.870162][   T24] usb 4-1: too many configurations: 80, using maximum allowed: 8
[  243.875653][   T24] usb 4-1: unable to read config index 0 descriptor/start: -61
[  243.878280][   T24] usb 4-1: can't read configurations, error -61
[  243.880909][   T24] usb usb4-port1: attempt power cycle
[  244.111973][ T3144] gspca_spca1528: reg_w err -71
[  244.113765][ T3144] spca1528 3-1:0.1: probe with driver spca1528 failed with error -71
[  244.120932][ T3144] usb 3-1: USB disconnect, device number 27
[  244.239003][   T24] usb 4-1: new full-speed USB device number 6 using dummy_hcd
[  244.260711][   T24] usb 4-1: too many configurations: 80, using maximum allowed: 8
[  244.264946][   T24] usb 4-1: unable to read config index 0 descriptor/start: -61
[  244.267482][   T24] usb 4-1: can't read configurations, error -61
[  244.398973][   T24] usb 4-1: new full-speed USB device number 7 using dummy_hcd
[  244.430021][   T24] usb 4-1: too many configurations: 80, using maximum allowed: 8
[  244.439516][   T24] usb 4-1: unable to read config index 0 descriptor/start: -61
[  244.442860][   T24] usb 4-1: can't read configurations, error -61
[  244.445818][   T24] usb usb4-port1: unable to enumerate USB device
[  244.682944][T11841] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  244.685371][T11841] IPv6: NLM_F_CREATE should be set when creating new route
[  244.687742][T11841] IPv6: NLM_F_CREATE should be set when creating new route
[  244.690234][T11841] IPv6: NLM_F_CREATE should be set when creating new route
[  245.259207][   T24] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  245.420740][   T24] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x64, changing to 0x4
[  245.425728][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x4 has an invalid bInterval 0, changing to 7
[  245.430375][   T24] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  245.434102][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  245.439656][   T24] usb 3-1: config 0 descriptor??
[  245.646533][   T24] ath6kl: Failed to submit usb control message: -71
[  245.648942][   T24] ath6kl: unable to send the bmi data to the device: -71
[  245.651318][   T24] ath6kl: Unable to send get target info: -71
[  245.663583][   T24] ath6kl: Failed to init ath6kl core: -71
[  245.666009][   T24] ath6kl_usb 3-1:0.0: probe with driver ath6kl_usb failed with error -71
[  245.671314][   T24] usb 3-1: USB disconnect, device number 28
[  246.432357][T11903] netdevsim netdevsim3 netdevsim0: entered promiscuous mode
[  246.547077][T11901] loop2: detected capacity change from 0 to 32768
[  246.564236][T11901] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  246.588609][T11901] XFS (loop2): Ending clean mount
[  246.597324][T11901] XFS (loop2): Quotacheck needed: Please wait.
[  246.623234][T11901] XFS (loop2): Quotacheck: Done.
[  246.644001][ T5850] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  247.611451][T11941] loop3: detected capacity change from 0 to 2048
[  247.622607][T11941] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024)
[  247.670905][T11941] syz.3.2478: attempt to access beyond end of device
[  247.670905][T11941] loop3: rw=524288, sector=65534, nr_sectors = 2 limit=2048
[  247.676369][T11944] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  247.801869][T11926] loop2: detected capacity change from 0 to 262144
[  247.806756][T11926] F2FS-fs (loop2): invalid crc value
[  247.865052][T11926] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  247.869591][T11926] F2FS-fs (loop2): Start checkpoint disabled!
[  247.880128][T11926] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  247.923949][   T33] audit: type=1800 audit(1755257279.540:121): pid=11926 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2470" name="file1" dev="loop2" ino=7 res=0 errno=0
[  248.348135][T11968] loop3: detected capacity change from 0 to 32768
[  248.351350][T11968] (syz.3.2491,11968,0):ocfs2_verify_volume:2308 ERROR: bad block number on superblock: found 138608642, should be 2
[  248.356120][T11968] (syz.3.2491,11968,0):ocfs2_verify_volume:2331 ERROR: status = -22
[  248.359579][T11968] (syz.3.2491,11968,0):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  248.363263][T11968] (syz.3.2491,11968,0):ocfs2_fill_super:1177 ERROR: status = -22
[  248.891199][T12003] loop2: detected capacity change from 0 to 512
[  248.895051][T12003] EXT4-fs (loop2): bad geometry: block count 1024 exceeds size of device (256 blocks)
[  248.941949][T12009] loop2: detected capacity change from 0 to 1
[  248.945615][T12009] syz.2.2510: attempt to access beyond end of device
[  248.945615][T12009] loop2: rw=2048, sector=0, nr_sectors = 8 limit=1
[  248.951413][T12009] SQUASHFS error: Failed to read block 0x0: -5
[  248.954124][T12009] unable to read squashfs_super_block
[  249.285746][T12034] loop2: detected capacity change from 0 to 512
[  249.314551][T12034] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  249.318451][T12034] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002]
[  249.322150][T12034] System zones: 0-1, 15-15, 18-18, 34-34
[  249.325680][T12034] EXT4-fs (loop2): orphan cleanup on readonly fs
[  249.330379][T12034] Quota error (device loop2): v2_read_header: Failed header read: expected=8 got=0
[  249.336551][T12034] EXT4-fs warning (device loop2): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  249.342643][T12034] EXT4-fs (loop2): Cannot turn on quotas: error -22
[  249.349162][T12034] EXT4-fs error (device loop2): ext4_orphan_get:1418: comm syz.2.2522: bad orphan inode 16
[  249.355097][T12034] ext4_test_bit(bit=15, block=18) = 1
[  249.356993][T12034] is_bad_inode(inode)=0
[  249.358483][T12034] NEXT_ORPHAN(inode)=0
[  249.360588][T12034] max_ino=32
[  249.361792][T12034] i_nlink=2
[  249.363613][T12034] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  249.374604][T12034] fscrypt (loop2, inode 16): Error -61 getting encryption context
[  249.390263][ T5850] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  249.737413][T12053] loop3: detected capacity change from 0 to 32768
[  249.743118][T12053] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.2530 (12053)
[  249.875678][T12053] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  249.879400][T12053] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  249.883248][T12053] BTRFS info (device loop3): using free-space-tree
[  249.929023][T11260] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  250.667337][T12088] loop2: detected capacity change from 0 to 32768
[  250.674157][T12088] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.2538 (12088)
[  250.686660][T12088] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  250.691919][T12088] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[  250.695228][T12088] BTRFS info (device loop2): using free-space-tree
[  250.794183][ T5850] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  251.113235][T12139] Malformed UNC in devname
[  251.113235][T12139] 
[  251.117866][T12139] CIFS: VFS: Malformed UNC in devname
[  251.225700][T12144] loop2: detected capacity change from 0 to 128
[  251.376743][T12144] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[  251.387523][T12144] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  251.572241][T12146] loop2: detected capacity change from 0 to 32768
[  251.597360][T12146] find_entry called with index = 0
[  251.604520][T12146] read_mapping_page failed!
[  251.606660][T12146] ERROR: (device loop2): txCommit: 
[  251.606660][T12146] 
[  251.611367][T12150] loop3: detected capacity change from 0 to 512
[  251.615157][T12150] EXT4-fs (loop3): Test dummy encryption mode enabled
[  251.618160][T12150] EXT4-fs (loop3): Using encoding defined by superblock: utf8-12.1.0 with flags 0x0
[  251.622779][T12150] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  251.626147][T12150] EXT4-fs (loop3): The Hurd can't support 64-bit file systems
[  251.643621][T12150] loop3: detected capacity change from 0 to 512
[  251.649869][T12150] EXT4-fs error (device loop3): ext4_orphan_get:1418: comm syz.3.2559: bad orphan inode 15
[  251.653899][T12150] ext4_test_bit(bit=14, block=5) = 0
[  251.657582][T12150] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  251.681633][T11260] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  251.714259][T12155] loop3: detected capacity change from 0 to 128
[  251.802541][T12158] loop2: detected capacity change from 0 to 4096
[  251.806430][T12158] ntfs3(loop2): Different NTFS sector size (2048) and media sector size (512).
[  251.816299][T12162] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2564'.
[  251.823916][T12162] bridge0: port 2(bridge_slave_1) entered disabled state
[  251.829239][T12162] bridge0: port 1(bridge_slave_0) entered disabled state
[  251.847908][T12158] ntfs3(loop2): Failed to initialize $Extend/$ObjId.
[  251.888721][T12158] ntfs3(loop2): ino=1e, mi_enum_attr
[  252.014445][T12170] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[  252.112414][T12164] loop3: detected capacity change from 0 to 32768
[  252.163391][T12164] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow
[  252.163402][T12164]   allowing incompatible features above 0.0: (unknown version)
[  252.163406][T12164]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  252.175930][T12164] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0
[  252.179069][T12164] bcachefs (loop3): initializing new filesystem
[  252.186231][T12164] bcachefs (loop3): going read-write
[  252.194359][T12164] bcachefs (loop3): marking superblocks
[  252.200578][T12164] bcachefs (loop3): initializing freespace
[  252.204302][T12164] bcachefs (loop3): done initializing freespace
[  252.208006][T12164] bcachefs (loop3): reading snapshots table
[  252.210404][T12164] bcachefs (loop3): reading snapshots done
[  252.237918][T12164] bcachefs (loop3): done starting filesystem
[  252.915224][T12206] netlink: 'syz.0.2578': attribute type 1 has an invalid length.
[  252.917834][T12206] netlink: 88 bytes leftover after parsing attributes in process `syz.0.2578'.
[  252.935997][T11260] bcachefs (loop3): shutting down
[  252.937959][T11260] bcachefs (loop3): going read-only
[  252.942862][T11260] bcachefs (loop3): finished waiting for writes to stop
[  252.995117][T12208] netlink: 52 bytes leftover after parsing attributes in process `syz.0.2580'.
[  252.998540][T12208] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2580'.
[  253.002262][T12208] netlink: 'syz.0.2580': attribute type 1 has an invalid length.
[  253.029054][T11260] bcachefs (loop3): flushing journal and stopping allocators, journal seq 5
[  253.069035][T11260] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 5
[  253.084159][T11260] bcachefs (loop3): clean shutdown complete, journal seq 6
[  253.091686][T11260] bcachefs (loop3): marking filesystem clean
[  253.114153][T12215] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  253.163639][T11260] bcachefs (loop3): shutdown complete
[  254.513612][T12266] ip6gre1: entered allmulticast mode
[  254.577318][T12272] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2609'.
[  254.583617][T12272] netem: unknown loss type 12
[  254.586061][T12272] netem: change failed
[  254.734531][T12280] loop2: detected capacity change from 0 to 4096
[  254.748700][T12280] ntfs3(loop2): ino=3, ntfs_set_state failed, -22.
[  254.751022][T12280] ntfs3(loop2): Failed to initialize $Extend/$ObjId.
[  254.758978][   T62] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  254.911194][   T62] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  254.914646][   T62] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xA has an invalid bInterval 0, changing to 7
[  254.932944][   T62] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  254.941889][   T62] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  254.945434][   T62] usb 4-1: Product: syz
[  254.950805][   T62] usb 4-1: Manufacturer: syz
[  254.955021][   T62] usb 4-1: SerialNumber: syz
[  255.004058][   T62] usb 4-1: config 0 descriptor??
[  255.281144][   T62] usb 4-1: USB disconnect, device number 8
[  255.444784][T12294] overlayfs: failed to resolve './file0': -2
[  255.595346][   T27] ntfs3(loop2): ino=3, ntfs3_write_inode failed, -22.
[  255.601097][ T5850] ntfs3(loop2): ino=3, ntfs_set_state failed, -22.
[  255.603502][ T5850] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[  255.605965][ T5850] ntfs3(loop2): ino=3, ntfs_set_state failed, -22.
[  255.611886][   T27] ntfs3(loop2): ino=3, ntfs3_write_inode failed, -22.
[  255.816296][T12310] netdevsim netdevsim3 netdevsim0: entered allmulticast mode
[  255.905851][T12317] loop3: detected capacity change from 0 to 512
[  256.012329][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[  256.015223][ T1361] ieee802154 phy1 wpan1: encryption failed: -22
[  256.051717][T12330] loop3: detected capacity change from 0 to 256
[  256.059704][T12330] vfat: Unknown parameter 'shhortname'
[  256.156968][T12334] loop2: detected capacity change from 0 to 4096
[  256.168389][T12334] EXT4-fs (loop2): Test dummy encryption mode enabled
[  256.189726][T12334] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  256.193140][T12334] System zones: 0-5
[  256.204894][T12334] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  256.251827][ T5850] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  256.685118][T12353] netlink: 168 bytes leftover after parsing attributes in process `syz.2.2643'.
[  257.149319][T12363] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2648'.
[  257.205292][T12364] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2647'.
[  257.321953][T12357] loop2: detected capacity change from 0 to 40427
[  257.327129][T12357] F2FS-fs (loop2): Invalid SB checksum offset: 0
[  257.329638][T12357] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock
[  257.336638][T12357] F2FS-fs (loop2): invalid crc value
[  257.441337][T12357] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  257.450940][T12357] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0
[  257.453470][T12357] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  257.498431][T12357] syz.2.2645: attempt to access beyond end of device
[  257.498431][T12357] loop2: rw=2049, sector=53248, nr_sectors = 16 limit=40427
[  257.541557][ T5850] syz-executor: attempt to access beyond end of device
[  257.541557][ T5850] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  257.549100][ T5850] CPU: 1 UID: 0 PID: 5850 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  257.549119][ T5850] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  257.549146][ T5850] Call Trace:
[  257.549151][ T5850]  <TASK>
[  257.549157][ T5850]  dump_stack_lvl+0x189/0x250
[  257.549179][ T5850]  ? __pfx_dump_stack_lvl+0x10/0x10
[  257.549193][ T5850]  ? __pfx_queue_work_on+0x10/0x10
[  257.549206][ T5850]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  257.549221][ T5850]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  257.549242][ T5850]  f2fs_handle_critical_error+0x37c/0x540
[  257.549265][ T5850]  f2fs_write_end_io+0x886/0xb60
[  257.549289][ T5850]  __submit_merged_bio+0x27a/0x6a0
[  257.549311][ T5850]  __submit_merged_write_cond+0x255/0x530
[  257.549332][ T5850]  f2fs_write_data_pages+0x261d/0x3000
[  257.549378][ T5850]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  257.549431][ T5850]  ? __pfx___bad_area_nosemaphore+0x10/0x10
[  257.549452][ T5850]  ? exc_page_fault+0x9f/0xf0
[  257.549473][ T5850]  ? __lock_acquire+0xab9/0xd20
[  257.549501][ T5850]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  257.549519][ T5850]  do_writepages+0x32e/0x550
[  257.549542][ T5850]  ? do_raw_spin_unlock+0x4d/0x240
[  257.549560][ T5850]  filemap_fdatawrite+0x199/0x240
[  257.549597][ T5850]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  257.549645][ T5850]  ? do_raw_spin_unlock+0x4d/0x240
[  257.549663][ T5850]  f2fs_sync_dirty_inodes+0x31f/0x830
[  257.549686][ T5850]  f2fs_write_checkpoint+0x95a/0x1df0
[  257.549714][ T5850]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  257.549758][ T5850]  ? kill_f2fs_super+0x298/0x6c0
[  257.549775][ T5850]  kill_f2fs_super+0x2c3/0x6c0
[  257.549791][ T5850]  ? __pfx_kill_f2fs_super+0x10/0x10
[  257.549802][ T5850]  ? radix_tree_delete_item+0x2b6/0x400
[  257.549821][ T5850]  ? shrinker_free+0x2ce/0x3e0
[  257.549837][ T5850]  deactivate_locked_super+0xbc/0x130
[  257.549852][ T5850]  cleanup_mnt+0x425/0x4c0
[  257.549866][ T5850]  ? lockdep_hardirqs_on+0x9c/0x150
[  257.549884][ T5850]  task_work_run+0x1d4/0x260
[  257.549901][ T5850]  ? __pfx_task_work_run+0x10/0x10
[  257.549916][ T5850]  ? __x64_sys_umount+0x122/0x160
[  257.549934][ T5850]  ? exit_to_user_mode_loop+0x40/0x110
[  257.549953][ T5850]  exit_to_user_mode_loop+0xec/0x110
[  257.549969][ T5850]  do_syscall_64+0x2bd/0x3b0
[  257.549984][ T5850]  ? lockdep_hardirqs_on+0x9c/0x150
[  257.549998][ T5850]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  257.550010][ T5850]  ? exc_page_fault+0x9f/0xf0
[  257.550025][ T5850]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  257.550037][ T5850] RIP: 0033:0x7f89f358ff17
[  257.550050][ T5850] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  257.550059][ T5850] RSP: 002b:00007fffb393f6b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  257.550073][ T5850] RAX: 0000000000000000 RBX: 00007f89f3611c05 RCX: 00007f89f358ff17
[  257.550081][ T5850] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffb393f770
[  257.550087][ T5850] RBP: 00007fffb393f770 R08: 0000000000000000 R09: 0000000000000000
[  257.550094][ T5850] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fffb3940800
[  257.550101][ T5850] R13: 00007f89f3611c05 R14: 000000000003eb79 R15: 00007fffb3940840
[  257.550122][ T5850]  </TASK>
[  257.551428][ T5850] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  258.157776][T12374] loop2: detected capacity change from 0 to 256
[  258.577158][T12384] block nbd2: not configured, cannot reconfigure
[  259.309695][T12381] ceph: No mds server is up or the cluster is laggy
[  259.388173][T12397] loop2: detected capacity change from 0 to 4096
[  259.399353][T12397] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512).
[  259.417633][T12397] ntfs3(loop2): ino=3, mi_enum_attr
[  259.442409][T12403] loop3: detected capacity change from 0 to 1024
[  259.445438][T12403] hfsplus: creator requires a 4 character value
[  259.683671][T12421] netlink: 'syz.0.2669': attribute type 1 has an invalid length.
[  259.739536][    T9] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  259.834809][T12431] netlink: 201392 bytes leftover after parsing attributes in process `syz.0.2674'.
[  259.838467][T12431] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[  259.849248][T12431] openvswitch: netlink: Message has 8454 unknown bytes.
[  259.909921][    T9] usb 3-1: too many configurations: 9, using maximum allowed: 8
[  259.917935][    T9] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  259.921828][    T9] usb 3-1: config 0 interface 0 altsetting 2 has an invalid descriptor for endpoint zero, skipping
[  259.926607][    T9] usb 3-1: config 0 interface 0 has no altsetting 0
[  259.932244][    T9] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  259.936008][    T9] usb 3-1: config 0 interface 0 altsetting 2 has an invalid descriptor for endpoint zero, skipping
[  259.941760][    T9] usb 3-1: config 0 interface 0 has no altsetting 0
[  259.945710][    T9] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  259.951332][    T9] usb 3-1: config 0 interface 0 altsetting 2 has an invalid descriptor for endpoint zero, skipping
[  259.955639][    T9] usb 3-1: config 0 interface 0 has no altsetting 0
[  259.960884][    T9] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  259.964691][    T9] usb 3-1: config 0 interface 0 altsetting 2 has an invalid descriptor for endpoint zero, skipping
[  259.971013][    T9] usb 3-1: config 0 interface 0 has no altsetting 0
[  259.975446][    T9] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  259.979307][    T9] usb 3-1: config 0 interface 0 altsetting 2 has an invalid descriptor for endpoint zero, skipping
[  259.983787][    T9] usb 3-1: config 0 interface 0 has no altsetting 0
[  259.987517][    T9] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  259.993345][    T9] usb 3-1: config 0 interface 0 altsetting 2 has an invalid descriptor for endpoint zero, skipping
[  259.997815][    T9] usb 3-1: config 0 interface 0 has no altsetting 0
[  260.001966][    T9] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  260.004909][    T9] usb 3-1: config 0 interface 0 altsetting 2 has an invalid descriptor for endpoint zero, skipping
[  260.008575][    T9] usb 3-1: config 0 interface 0 has no altsetting 0
[  260.011887][    T9] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  260.014898][    T9] usb 3-1: config 0 interface 0 altsetting 2 has an invalid descriptor for endpoint zero, skipping
[  260.018392][    T9] usb 3-1: config 0 interface 0 has no altsetting 0
[  260.023173][    T9] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  260.026465][    T9] usb 3-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  260.029330][    T9] usb 3-1: Product: syz
[  260.030742][    T9] usb 3-1: Manufacturer: syz
[  260.032250][    T9] usb 3-1: SerialNumber: syz
[  260.034909][    T9] usb 3-1: config 0 descriptor??
[  260.038920][    T9] yurex 3-1:0.0: Could not find endpoints
[  260.147466][T12449] overlayfs: missing 'lowerdir'
[  260.252028][    T9] usb 3-1: USB disconnect, device number 29
[  260.316583][T12463] 9pnet_fd: Insufficient options for proto=fd
[  260.437578][T12472] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2695'.
[  260.443775][T12472] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2695'.
[  260.446787][T12472] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2695'.
[  260.480587][T12475] bridge_slave_1: left allmulticast mode
[  260.482609][T12475] bridge_slave_1: left promiscuous mode
[  260.486498][T12475] bridge0: port 2(bridge_slave_1) entered disabled state
[  260.904153][T12491] binder: 12490:12491 ioctl c0306201 2000000001c0 returned -22
[  261.681348][T12520] loop2: detected capacity change from 0 to 128
[  261.921856][T12525] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2718'.
[  261.942346][T12527] : renamed from bond_slave_0 (while UP)
[  262.135511][T12529] ALSA: mixer_oss: invalid OSS volume 'u'
[  263.390460][   T33] audit: type=1326 audit(1755257295.010:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12531 comm="syz.2.2722" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89f358ebe9 code=0x7fc00000
[  263.856270][T12550] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2733'.
[  263.943545][T12554] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2730'.
[  263.947436][T12554] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2730'.
[  263.989415][T12548] loop2: detected capacity change from 0 to 32768
[  264.042021][T12562] netlink: 'syz.3.2732': attribute type 5 has an invalid length.
[  264.060437][T12562] batman_adv: batadv0: Adding interface: vxlan0
[  264.063274][T12562] batman_adv: batadv0: The MTU of interface vxlan0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  264.074064][T12562] batman_adv: batadv0: Interface activated: vxlan0
[  264.080190][   T13] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  264.094765][T12548] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow
[  264.094782][T12548]   allowing incompatible features above 0.0: (unknown version)
[  264.094787][T12548]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  264.096693][   T13] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  264.100847][T12548] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0
[  264.113148][   T13] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  264.116445][T12548] bcachefs (loop2): initializing new filesystem
[  264.123187][   T13] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  264.127174][T12548] bcachefs (loop2): going read-write
[  264.138561][T12548] bcachefs (loop2): marking superblocks
[  264.145555][T12548] bcachefs (loop2): initializing freespace
[  264.149226][T12548] bcachefs (loop2): done initializing freespace
[  264.152400][T12548] bcachefs (loop2): reading snapshots table
[  264.154709][T12548] bcachefs (loop2): reading snapshots done
[  264.189805][T12548] bcachefs (loop2): done starting filesystem
[  264.209447][T12572] loop3: detected capacity change from 0 to 3
[  265.244976][ T5850] bcachefs (loop2): shutting down
[  265.247359][ T5850] bcachefs (loop2): going read-only
[  265.250435][ T5850] bcachefs (loop2): finished waiting for writes to stop
[  265.256049][ T5850] bcachefs (loop2): flushing journal and stopping allocators, journal seq 6
[  265.267684][ T5850] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 7
[  265.272786][ T5850] bcachefs (loop2): clean shutdown complete, journal seq 8
[  265.276044][ T5850] bcachefs (loop2): marking filesystem clean
[  265.291852][ T5850] bcachefs (loop2): shutdown complete
[  265.553273][T12609] overlayfs: failed to clone lowerpath
[  265.819923][    T9] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  265.971945][    T9] usb 4-1: config 0 has no interfaces?
[  265.974284][    T9] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  265.978207][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  265.983793][    T9] usb 4-1: config 0 descriptor??
[  266.263013][T12629] ==================================================================
[  266.266547][T12629] BUG: KASAN: slab-use-after-free in __xfrm_state_delete+0x696/0xca0
[  266.270024][T12629] Write of size 8 at addr ffff888028935fb0 by task syz.0.2758/12629
[  266.274253][T12629] 
[  266.275313][T12629] CPU: 1 UID: 0 PID: 12629 Comm: syz.0.2758 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  266.275330][T12629] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  266.275337][T12629] Call Trace:
[  266.275343][T12629]  <TASK>
[  266.275350][T12629]  dump_stack_lvl+0x189/0x250
[  266.275367][T12629]  ? __virt_addr_valid+0x1c8/0x5c0
[  266.275383][T12629]  ? rcu_is_watching+0x15/0xb0
[  266.275395][T12629]  ? __kasan_check_byte+0x12/0x40
[  266.275413][T12629]  ? __pfx_dump_stack_lvl+0x10/0x10
[  266.275428][T12629]  ? rcu_is_watching+0x15/0xb0
[  266.275440][T12629]  ? lock_release+0x4b/0x3e0
[  266.275481][T12629]  ? __virt_addr_valid+0x1c8/0x5c0
[  266.275497][T12629]  ? __virt_addr_valid+0x4a5/0x5c0
[  266.275512][T12629]  print_report+0xca/0x240
[  266.275522][T12629]  ? __xfrm_state_delete+0x696/0xca0
[  266.275539][T12629]  kasan_report+0x118/0x150
[  266.275555][T12629]  ? __xfrm_state_delete+0x696/0xca0
[  266.275574][T12629]  __xfrm_state_delete+0x696/0xca0
[  266.275594][T12629]  __xfrm_state_delete+0x87b/0xca0
[  266.275614][T12629]  xfrm_state_flush+0x45f/0x770
[  266.275635][T12629]  pfkey_flush+0x13f/0x340
[  266.275647][T12629]  ? __pfx_pfkey_flush+0x10/0x10
[  266.275658][T12629]  ? kmem_cache_free+0x18f/0x400
[  266.275679][T12629]  pfkey_sendmsg+0xbfe/0x1090
[  266.275700][T12629]  ? rcu_is_watching+0x15/0xb0
[  266.275712][T12629]  ? preempt_schedule_irq+0xde/0x150
[  266.275727][T12629]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  266.275750][T12629]  ? security_socket_sendmsg+0x267/0x2b0
[  266.275765][T12629]  ? __sanitizer_cov_trace_pc+0x8/0x70
[  266.275780][T12629]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  266.275793][T12629]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  266.275810][T12629]  __sock_sendmsg+0x21c/0x270
[  266.275826][T12629]  ____sys_sendmsg+0x505/0x830
[  266.275840][T12629]  ? __pfx_____sys_sendmsg+0x10/0x10
[  266.275856][T12629]  ? import_iovec+0x74/0xa0
[  266.275871][T12629]  ___sys_sendmsg+0x21f/0x2a0
[  266.275883][T12629]  ? __pfx____sys_sendmsg+0x10/0x10
[  266.275907][T12629]  ? __fget_files+0x2a/0x420
[  266.275917][T12629]  ? __fget_files+0x3a0/0x420
[  266.275930][T12629]  __x64_sys_sendmsg+0x19b/0x260
[  266.275943][T12629]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  266.275957][T12629]  ? rcu_is_watching+0x15/0xb0
[  266.275969][T12629]  ? do_syscall_64+0xbe/0x3b0
[  266.275986][T12629]  do_syscall_64+0xfa/0x3b0
[  266.276002][T12629]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  266.276014][T12629]  ? asm_sysvec_call_function_single+0x1a/0x20
[  266.276027][T12629]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  266.276039][T12629] RIP: 0033:0x7eff5ff8ebe9
[  266.276049][T12629] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  266.276060][T12629] RSP: 002b:00007eff60e0c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  266.276073][T12629] RAX: ffffffffffffffda RBX: 00007eff601b6270 RCX: 00007eff5ff8ebe9
[  266.276081][T12629] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000008
[  266.276089][T12629] RBP: 00007eff60011e19 R08: 0000000000000000 R09: 0000000000000000
[  266.276097][T12629] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  266.276104][T12629] R13: 00007eff601b6308 R14: 00007eff601b6270 R15: 00007fff6ab45148
[  266.276118][T12629]  </TASK>
[  266.276122][T12629] 
[  266.390486][T12629] Allocated by task 10650:
[  266.392000][T12629]  kasan_save_track+0x3e/0x80
[  266.393597][T12629]  __kasan_slab_alloc+0x6c/0x80
[  266.395276][T12629]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  266.397151][T12629]  xfrm_state_alloc+0x24/0x2f0
[  266.399134][T12629]  pfkey_add+0x6e4/0x2e00
[  266.400713][T12629]  pfkey_sendmsg+0xbfe/0x1090
[  266.402332][T12629]  __sock_sendmsg+0x21c/0x270
[  266.403928][T12629]  ____sys_sendmsg+0x505/0x830
[  266.405567][T12629]  ___sys_sendmsg+0x21f/0x2a0
[  266.407178][T12629]  __x64_sys_sendmsg+0x19b/0x260
[  266.408907][T12629]  do_syscall_64+0xfa/0x3b0
[  266.410544][T12629]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  266.412590][T12629] 
[  266.413421][T12629] Freed by task 5898:
[  266.414804][T12629]  kasan_save_track+0x3e/0x80
[  266.416428][T12629]  kasan_save_free_info+0x46/0x50
[  266.418268][T12629]  __kasan_slab_free+0x5b/0x80
[  266.420289][T12629]  kmem_cache_free+0x18f/0x400
[  266.421923][T12629]  xfrm_state_gc_task+0x52d/0x6b0
[  266.423666][T12629]  process_scheduled_works+0xae1/0x17b0
[  266.425531][T12629]  worker_thread+0x8a0/0xda0
[  266.427158][T12629]  kthread+0x711/0x8a0
[  266.428596][T12629]  ret_from_fork+0x3fc/0x770
[  266.430176][T12629]  ret_from_fork_asm+0x1a/0x30
[  266.431891][T12629] 
[  266.432746][T12629] The buggy address belongs to the object at ffff888028935f80
[  266.432746][T12629]  which belongs to the cache xfrm_state of size 928
[  266.437366][T12629] The buggy address is located 48 bytes inside of
[  266.437366][T12629]  freed 928-byte region [ffff888028935f80, ffff888028936320)
[  266.442078][T12629] 
[  266.442923][T12629] The buggy address belongs to the physical page:
[  266.445089][T12629] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888028934d80 pfn:0x28934
[  266.448514][T12629] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  266.451379][T12629] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
[  266.454210][T12629] page_type: f5(slab)
[  266.455620][T12629] raw: 00fff00000000240 ffff888104f383c0 ffff88801bf68708 ffffea0000a23b10
[  266.458653][T12629] raw: ffff888028934d80 00000000000e0003 00000000f5000000 0000000000000000
[  266.461537][T12629] head: 00fff00000000240 ffff888104f383c0 ffff88801bf68708 ffffea0000a23b10
[  266.464449][T12629] head: ffff888028934d80 00000000000e0003 00000000f5000000 0000000000000000
[  266.467374][T12629] head: 00fff00000000002 ffffea0000a24d01 00000000ffffffff 00000000ffffffff
[  266.470222][T12629] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  266.473066][T12629] page dumped because: kasan: bad access detected
[  266.475175][T12629] page_owner tracks the page as allocated
[  266.477145][T12629] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6177, tgid 6176 (syz.1.119), ts 74125133648, free_ts 73905635966
[  266.483624][T12629]  post_alloc_hook+0x240/0x2a0
[  266.485444][T12629]  get_page_from_freelist+0x21e4/0x22c0
[  266.487592][T12629]  __alloc_frozen_pages_noprof+0x181/0x370
[  266.489944][T12629]  alloc_pages_mpol+0x232/0x4a0
[  266.491962][T12629]  allocate_slab+0x8a/0x370
[  266.493617][T12629]  ___slab_alloc+0xbeb/0x1410
[  266.495226][T12629]  kmem_cache_alloc_noprof+0x283/0x3c0
[  266.497142][T12629]  xfrm_state_alloc+0x24/0x2f0
[  266.499163][T12629]  xfrm_add_sa+0x17d1/0x4070
[  266.501142][T12629]  xfrm_user_rcv_msg+0x7a3/0xab0
[  266.503201][T12629]  netlink_rcv_skb+0x208/0x470
[  266.505213][T12629]  xfrm_netlink_rcv+0x79/0x90
[  266.507262][T12629]  netlink_unicast+0x82f/0x9e0
[  266.509325][T12629]  netlink_sendmsg+0x805/0xb30
[  266.511403][T12629]  __sock_sendmsg+0x21c/0x270
[  266.513473][T12629]  ____sys_sendmsg+0x505/0x830
[  266.515559][T12629] page last free pid 5845 tgid 5845 stack trace:
[  266.518235][T12629]  __free_frozen_pages+0xbc4/0xd30
[  266.520478][T12629]  __put_partials+0x156/0x1a0
[  266.522362][T12629]  put_cpu_partial+0x17c/0x250
[  266.523966][T12629]  __slab_free+0x2d5/0x3c0
[  266.525468][T12629]  qlist_free_all+0x97/0x140
[  266.526998][T12629]  kasan_quarantine_reduce+0x148/0x160
[  266.529073][T12629]  __kasan_slab_alloc+0x22/0x80
[  266.530705][T12629]  __kmalloc_noprof+0x224/0x4f0
[  266.532396][T12629]  tomoyo_encode+0x28b/0x550
[  266.534320][T12629]  tomoyo_path_perm+0x2b3/0x4b0
[  266.536322][T12629]  tomoyo_path_symlink+0xa3/0xe0
[  266.538324][T12629]  security_path_symlink+0x177/0x380
[  266.540086][T12629]  do_symlinkat+0x107/0x3f0
[  266.541611][T12629]  __x64_sys_symlink+0x7a/0x90
[  266.543394][T12629]  do_syscall_64+0xfa/0x3b0
[  266.545236][T12629]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  266.547635][T12629] 
[  266.548692][T12629] Memory state around the buggy address:
[  266.550573][T12629]  ffff888028935e80: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[  266.553213][T12629]  ffff888028935f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  266.556544][T12629] >ffff888028935f80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  266.559934][T12629]                                      ^
[  266.562307][T12629]  ffff888028936000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  266.565734][T12629]  ffff888028936080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  266.569160][T12629] ==================================================================
[  266.572689][    C1] vkms_vblank_simulate: vblank timer overrun
[  266.573945][T12611] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  266.575485][T12629] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  266.575498][T12629] CPU: 1 UID: 0 PID: 12629 Comm: syz.0.2758 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  266.575514][T12629] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  266.575524][T12629] Call Trace:
[  266.575530][T12629]  <TASK>
[  266.575536][T12629]  dump_stack_lvl+0x99/0x250
[  266.575555][T12629]  ? __asan_memcpy+0x40/0x70
[  266.575571][T12629]  ? __pfx_dump_stack_lvl+0x10/0x10
[  266.575585][T12629]  ? __pfx__printk+0x10/0x10
[  266.575606][T12629]  vpanic+0x281/0x750
[  266.575618][T12629]  ? __pfx_print_hex_dump+0x10/0x10
[  266.575635][T12629]  ? __pfx_vpanic+0x10/0x10
[  266.575648][T12629]  ? irqentry_exit+0x74/0x90
[  266.575666][T12629]  ? lockdep_hardirqs_on+0x9c/0x150
[  266.575683][T12629]  panic+0xb9/0xc0
[  266.575696][T12629]  ? __pfx_panic+0x10/0x10
[  266.575710][T12629]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  266.575726][T12629]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  266.575742][T12629]  ? __xfrm_state_delete+0x696/0xca0
[  266.575758][T12629]  check_panic_on_warn+0x89/0xb0
[  266.575772][T12629]  ? __xfrm_state_delete+0x696/0xca0
[  266.575786][T12629]  end_report+0x78/0x160
[  266.575799][T12629]  kasan_report+0x129/0x150
[  266.575811][T12629]  ? __xfrm_state_delete+0x696/0xca0
[  266.575826][T12629]  __xfrm_state_delete+0x696/0xca0
[  266.575842][T12629]  __xfrm_state_delete+0x87b/0xca0
[  266.575859][T12629]  xfrm_state_flush+0x45f/0x770
[  266.575875][T12629]  pfkey_flush+0x13f/0x340
[  266.575885][T12629]  ? __pfx_pfkey_flush+0x10/0x10
[  266.575894][T12629]  ? kmem_cache_free+0x18f/0x400
[  266.575912][T12629]  pfkey_sendmsg+0xbfe/0x1090
[  266.575931][T12629]  ? rcu_is_watching+0x15/0xb0
[  266.575943][T12629]  ? preempt_schedule_irq+0xde/0x150
[  266.575955][T12629]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  266.575977][T12629]  ? security_socket_sendmsg+0x267/0x2b0
[  266.575989][T12629]  ? __sanitizer_cov_trace_pc+0x8/0x70
[  266.576005][T12629]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  266.576020][T12629]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  266.576038][T12629]  __sock_sendmsg+0x21c/0x270
[  266.576054][T12629]  ____sys_sendmsg+0x505/0x830
[  266.576067][T12629]  ? __pfx_____sys_sendmsg+0x10/0x10
[  266.576080][T12629]  ? import_iovec+0x74/0xa0
[  266.576095][T12629]  ___sys_sendmsg+0x21f/0x2a0
[  266.576106][T12629]  ? __pfx____sys_sendmsg+0x10/0x10
[  266.576127][T12629]  ? __fget_files+0x2a/0x420
[  266.576138][T12629]  ? __fget_files+0x3a0/0x420
[  266.576151][T12629]  __x64_sys_sendmsg+0x19b/0x260
[  266.576164][T12629]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  266.576178][T12629]  ? rcu_is_watching+0x15/0xb0
[  266.576191][T12629]  ? do_syscall_64+0xbe/0x3b0
[  266.576209][T12629]  do_syscall_64+0xfa/0x3b0
[  266.576225][T12629]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  266.576247][T12629]  ? asm_sysvec_call_function_single+0x1a/0x20
[  266.576262][T12629]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  266.576275][T12629] RIP: 0033:0x7eff5ff8ebe9
[  266.576287][T12629] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  266.576299][T12629] RSP: 002b:00007eff60e0c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  266.576314][T12629] RAX: ffffffffffffffda RBX: 00007eff601b6270 RCX: 00007eff5ff8ebe9
[  266.576323][T12629] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000008
[  266.576330][T12629] RBP: 00007eff60011e19 R08: 0000000000000000 R09: 0000000000000000
[  266.576338][T12629] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  266.576345][T12629] R13: 00007eff601b6308 R14: 00007eff601b6270 R15: 00007fff6ab45148
[  266.576358][T12629]  </TASK>
[  266.579872][T12629] Kernel Offset: disabled

VM DIAGNOSIS:
11:19:44  Registers:
info registers vcpu 0

CPU#0
RAX=ffffffff8957cc23 RBX=0000000000000000 RCX=ffff8881114cb980 RDX=0000000000000002
RSI=0000000000000000 RDI=0000000000000000 RBP=ffffc900068e7c30 RSP=ffffc900068e7a38
R8 =0000000000000005 R9 =0000000000000003 R10=ffffc900068e7cf3 R11=fffff52000d1cfa0
R12=ffffc900068e7ce0 R13=dffffc0000000000 R14=0000000000000002 R15=1ffff92000d1cf50
RIP=ffffffff81bfabcc RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007eff60e4e6c0 ffffffff 00c00000
GS =0000 ffff8880b861c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=fffffffffffffffd CR3=000000003aa5e000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007eff60187498 00007eff60187470 XMM03=00007eff601874a8 00007eff601874a0
XMM04=00007eff60ced100 00007eff60187460 XMM05=00007eff60187478 00007eff601874c0
XMM06=00007eff601874b8 00007eff601874b0 XMM07=00007eff601874a8 00007eff601874a0
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007eff60012fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000031 RBX=0000000000000031 RCX=0000000000000000 RDX=00000000000003f8
RSI=000000000000159b RDI=000000000000159c RBP=00000000000003f8 RSP=ffffc90008e96e10
R8 =ffff888021248237 R9 =1ffff11004249046 R10=dffffc0000000000 R11=ffffffff854efeb0
R12=dffffc0000000000 R13=ffffffff99af9914 R14=ffffffff99dee3a0 R15=0000000000000000
RIP=ffffffff854eff2c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007eff60e0c6c0 ffffffff 00c00000
GS =0000 ffff8881a3c1c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=fffffffffffffffd CR3=000000003aa5e000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007eff60187498 00007eff60187470 XMM03=00007eff601874a8 00007eff601874a0
XMM04=00007eff60ced100 00007eff60187460 XMM05=00007eff60187478 00007eff601874c0
XMM06=00007eff601874b8 00007eff601874b0 XMM07=00007eff601874a8 00007eff601874a0
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007eff60012fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
