last executing test programs:

6m21.409443271s ago: executing program 1 (id=244):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x2010008, &(0x7f00000001c0), 0xff, 0x52e, &(0x7f0000000640)="$eJzs3cFvI1cZAPBvnDib7GabFDhApZZCi7IVrJ00tI04lCIhOFVClPsSEieK4sRR7LSbqILsX4CEECBxggsXJP4AJLQSF44IqRKcQSoCIdiCBAfoINvjJDjjxFuceNf5/aTZeW/GM9/3vHnjGc/TOIAr69mIeC0i3k/T9IWImMmWF7IpDttT83XvPXh7pTklkaZv/DWJJFvW2VeSzW9km01GxFe/HPGN5HTc+v7B5nK1WtnN6uXG1k65vn9we2Nreb2yXtleXFx4eemVpZeW5gfSzpsR8eoX//i9b//kS6/+4jNv/eHOn299s5nWdLb+ZDse0vhZK9tNL16b7Npg9wMGexQ121PsVKb62+beBeYDAEBvzXP8D0XEJyPihZiJsbNPZwEAAIDHUPr56fh3EpHmm+ixHAAAAHiMFFpjYJNCKRsLMB2FQqnUHsP7kbheqNbqjU+v1fa2V9tjZWejWFjbqFbms7HCs1FMmvWFVvm4/mJXfTEinoyI785MteqllVp1ddhffgAAAMAVcaPr+v8fM+3rfwAAAGDEzA47AQAAAODCuf4HAACA0ef6HwAAAEbaV15/vTmlnd+/Xn1zf2+z9ubt1Up9s7S1t1Jaqe3ulNZrtfXWM/u2zttftVbb+Wxs790tNyr1Rrm+f3Bnq7a33bizEZOX0iAAAADglCc/fv93SUQcfm6qNTVNDDsp4FKMH5WSbJ7T+3//RHv+7iUlBVyKsT5e8+61/OXOE+DxNt69oEdfB0ZPcdgJAEOXnLO+5+CdX2fzTww2HwAAYPDmPpZ///+864GIw8IlpAdcIJ0Yrq6u+//pzLASAS5d6/5/vwN5nCzASCn2NQIQGGX/9/3/c6XpQyUEAAAM3HRrSgql7Ou96SgUSqWIm62fBSgmaxvVynxEPBERv50pXmvWF1pbJn2MEQAAAAAAAAAAAAAAAAAAAAAAAAAAovVU7iRSAAAAYKRFFP6U/LL9LP+5meenu78fmEj+1fpJ4ImIeOuHb3z/7nKjsbvQXP63o+WNH2TLXxzGNxgAAABAt851emv+z2FnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCoee/B2yudqY+XTw0q7l++EBGzefHHY7I1n4xiRFz/exLjJ7ZLImJsAPEP70XER/PiJ820jkLmxR/Em3BO/JjN3oW8+DcGEB+usvvN489ref2vEM+25vn9bzzif+ofVO/jXxwd/8Z69P+bfcZ46p2flXvGvxfx1Hj+8acTP+kR/7k+43/9awcHvdalP4qY63z+tI54JyMcl8qNrZ1yff/g9sbW8nplvbK9uLjw8tIrSy8tzZfXNqqV7N/cGN95+ufvn9X+67mff0mWTe/2P5+zv7zPpP+8c/fBhzuVw9Pxbz2XE/9XP85ecTp+IYvzqazcXD/XKR+2yyc989PfPHNW+1eP2198mP//W7122u1UR3m63z8dAOAC1PcPNper1cruyBaaV+mPQBoKj2DhWwPdYZqmabNP5ay6HxH97CeJAbe0kJ/PcaHnEWDYRyYAAGDQjk/6h50JAAAAAAAAAAAAAAAAAAAAXF2X8ZS17pjHj0BOBvEIbQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAgfhvAAAA//89e9P5")
socket$can_bcm(0x1d, 0x2, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000bc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000884, &(0x7f0000000700)={[{@shortname_winnt}, {@iocharset={'iocharset', 0x3d, 'iso8859-7'}}, {@shortname_win95}, {@shortname_win95}, {@fat=@sys_immutable}, {@shortname_winnt}, {@shortname_winnt}, {@shortname_win95}, {@fat=@check_normal}, {@fat=@codepage={'codepage', 0x3d, '861'}}, {@iocharset={'iocharset', 0x3d, 'cp932'}}, {@numtail}, {@rodir}, {@uni_xlateno}, {@shortname_win95}, {@utf8no}]}, 0x2, 0x289, &(0x7f00000001c0)="$eJzs3c1qA1UUAOAzzaRJdJEsXInQAV24Kq1P0CIVxIKgZKEutNgUpAmFFgJVMXblE7hx6/O4EV/AB1Dc2YU4ks7kTyctkbQp+n2bHs69J/fM3KHtZm4+eWVwfnpxdXbz5c/RbCaxdRAHcZtEJ7Zi4uuo9NOv1XkA4Jm7zfP4LS80itT14oz6ksp069GbAwAexfzf/033AgA8jfc/+PCdw+Pjo/eyrBkx+GbYTaL4WYwfnsVn0Y9e7EU7/ojIp4r4rbePjyLNxjrx2mA07I4rBx//UH7+4S8Rd/X70Y5Odf1+VpirHw279XihXP+gH713v492vFRd/8as/jYv66O7Ha+/Otf/brTjx0/jIvpxGsX/OpP6r/az7M3829+/+GicHdcno2G3EacLdyqvPfXeAAAAAAAAAAAAAAAAAAAAAADw37WbTXUWz9+ZHPx/z/g95wON5s7n2cuyLE+K+bP6NF5OI93ktQMAAAAAAAAAAAAAAAAAAMBzcXX9+flJv9+7XGswea2/Yij+XMw0ImLJ56QPr7WzaodRK1vrJxGrXVc9GneVD0+urXjHWuN+epdJGuvbgmSaac0P7USx1jjTKoK5zGpLfPfPjWvGXTB5us5PkmWbOwmaVQ/JGoK84vGrLa3a/numVV5BxeTWPatvv/ives7bS4aSiKhPb2Y51KqeXF/vPXy630EAAAAAAAAAAAAAAAAAAEBh9tJvxeDNBhoCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgA2Yff//CsGoLF42J6+NgzTKzIYvEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP+BvwIAAP//XAxp4w==")

6m20.385517934s ago: executing program 1 (id=253):
r0 = fsopen(&(0x7f00000003c0)='tracefs\x00', 0x1)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000040)={'vxcan1\x00', <r3=>0x0})
connect$can_bcm(r2, &(0x7f0000000140)={0x1d, r3}, 0x10)
sendmsg$can_bcm(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000580)=ANY=[@ANYBLOB="0500000030080000", @ANYRES64=0x77359400, @ANYRES64=0x0], 0x80}, 0x1, 0x0, 0x0, 0x40084}, 0x20000000)
sendmsg$can_bcm(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000480)=ANY=[@ANYBLOB="05", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0], 0x48}, 0x1, 0x0, 0x0, 0x1}, 0x4004844)
r4 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000180)={'vxcan0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@getchain={0x24, 0x11, 0x839, 0x70bd25, 0x100003, {0x0, 0x0, 0x0, r5, {0xb, 0xfff3}, {0x3, 0xfff9}, {0xd}}}, 0x24}}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

6m20.080259637s ago: executing program 1 (id=260):
r0 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
ioctl$VIDIOC_G_CROP(r0, 0xc014563b, &(0x7f00000006c0)={0x8, {0x9, 0x3, 0x2, 0x1}})

6m19.992208079s ago: executing program 1 (id=262):
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000680)='./file0\x00', 0x2148c5, &(0x7f00000002c0)={[{@utf8no}, {@fat=@time_offset={'time_offset', 0x3d, 0x30a}}, {@rodir}, {@utf8}, {@uni_xlateno}, {@fat=@nfs_nostale_ro}, {@fat=@flush}, {@uni_xlate}, {@utf8no}, {@uni_xlateno}, {@shortname_lower}, {@shortname_mixed}, {@rodir}, {@utf8}]}, 0x0, 0x2c4, &(0x7f0000000a40)="$eJzs3UFr02AYwPFn7dZ2HVt7GIKC+KAXvYStfoIiG4gFZVvFeRAyl2ppbEZTKxVxu3n1E/gBht48Kah32cWbd/Gyi+BlB7WyNLFdF7FVttTt/4ORd++bp3nT9015Etpk+8bTe5WSa5TMusRSKjGRDdkRye6WfCP+MuaVE9JtQy5MfP14enH55pV8oTC3oDqfX7qYU9WpM28ePHp+9l194vrLqddJ2cre2v6S+7R1Yuvk9o+l4NUdEVNXHKdurtiWrpbdiqF6zbZM19Jy1bVqde1qL9nO2lpTzerqZHqtZrmumtWmVqym1h2t15pq3jHLVTUMQyfTvd0/8uIDRxS/J0TyB9IZRGE8rLJWy5vx0Mbi5mF0CgAADJeo8v+7ZVfLrladPfn9/vw/JgPk/yJh+T9+q7i5sGCS/x9xu/l/2j9+9yL/BwAAAAAAAAAAAAAAAAAAAADgf7Ajkmm1WpmdVstbBn9JEUmJSPB/1P3EwQjGnfE/nhaXR8T/4V5KxH7SKDaK7WW7PV+SsthiycyYyDdvPvja5fnLhbkZ9WTlrb3ux683inFJBvGBbHj8bDteu+PXZUzS3dvPSUamw+NzIfGNYkLOn2sl/S1bYkhGPtwWR2xZ9eZ1J/7xrOqlq4We+HFvPQAAAAAAjgJDf9l3/u61GxrcNqSnvV3ZuT4gmc71gbmw6wM959ejcmo0uv0GAAAAAOA4cZsPK6ZtW7U/FVKdmvf9Rw1VIXj+wcDh8ZCm4Bsx0e1Oqt+VR0XEr3k1LGPRTyH2D29vfIBRHts/nxMisqdm+vDn/ItnAxye/RU+3+9/0kb1iQQAAADgoARJ/7F5SCYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEOo35uHBev/zb3HujYXj2YvAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgOHwMwAA//8VhA3+")
r0 = syz_open_procfs(0x0, &(0x7f0000000540)='mounts\x00')
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000500)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1333406, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x11080, 0x0)
mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005c48, 0x0)
read$FUSE(r0, &(0x7f0000004c40)={0x2020}, 0x2020)

6m19.827062461s ago: executing program 1 (id=266):
r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x1)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
read(r1, &(0x7f0000000140)=""/116, 0x74)
r2 = syz_io_uring_complete(r0)
syz_io_uring_setup(0x131, &(0x7f0000000600)={0x0, 0x800006, 0x2, 0x3, 0x0, 0x0, r2}, &(0x7f0000ffe000), 0x0)
ioctl$UFFDIO_CONTINUE(r1, 0xc020aa08, &(0x7f00000000c0)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})

6m19.309678492s ago: executing program 1 (id=268):
r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000100)='::.:\x00', 0x0)

6m18.962985329s ago: executing program 32 (id=268):
r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000100)='::.:\x00', 0x0)

4m49.629979263s ago: executing program 2 (id=1306):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'wlan1\x00', <r1=>0x0})
setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000080)=0x97, 0x4)
sendto$packet(r0, &(0x7f00000000c0)="3f031c000302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880", 0x23, 0x0, &(0x7f0000000540)={0xc9, 0x0, r1}, 0x14)

4m49.48205334s ago: executing program 2 (id=1308):
r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$apparmor_exec(r0, &(0x7f0000000080)={'exec ', ':\x00'}, 0x7)

4m49.426115339s ago: executing program 2 (id=1309):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000100)={@my=0x0})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, 0x0)

4m49.411357172s ago: executing program 2 (id=1310):
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0/file0\x00', 0x7e5680, 0x0)
mount$bind(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x18d883, 0x0)
umount2(&(0x7f00000001c0)='./file0/file0\x00', 0x8)

4m49.321920759s ago: executing program 2 (id=1312):
ioprio_set$uid(0x3, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x180)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f00000001c0), 0x8, &(0x7f00000002c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
r0 = open(&(0x7f0000000240)='./file1\x00', 0x14d142, 0x2)
ftruncate(r0, 0x2008001)
sendfile(r0, r0, 0x0, 0x800000009)

4m48.999755027s ago: executing program 2 (id=1318):
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000001c0)=@req={0x3f8, 0x0, 0x0, 0x2000}, 0x10)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)

4m48.834768527s ago: executing program 33 (id=1318):
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000001c0)=@req={0x3f8, 0x0, 0x0, 0x2000}, 0x10)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)

4m46.032077934s ago: executing program 3 (id=1344):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0xff, 0x7, 0x7fc00002}]})
getpid()
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r1=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f00000003c0)={<r2=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40182103, &(0x7f0000000100)={r2, 0x2, r0, 0x0, 0x80000})

4m45.141111847s ago: executing program 3 (id=1358):
socket$can_j1939(0x1d, 0x2, 0x7)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, &(0x7f0000000040)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r0 = syz_io_uring_setup(0x44cd, &(0x7f00000004c0)={0x0, 0x5331, 0x10100, 0x1000006, 0xfffefffe}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000400)=<r2=>0x0)
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='8'], 0x38}}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1})
io_uring_enter(r0, 0x2d3e, 0xec84, 0x0, 0x0, 0x0)

4m44.9916287s ago: executing program 3 (id=1359):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$int_in(r1, 0x5452, &(0x7f0000000000)=0xf4e)
writev(r1, &(0x7f0000019880)=[{&(0x7f0000000400)="fb", 0xffffff5c}, {&(0x7f00000197c0)="1902eb02d5e5f29e59e1a7caec33eb76d2430da474d87e367f6598d026438b65eda8341073b6752abdcee080c8e1e876b25227c37d7dd79886ce33f13e857c8eda1cecf6ac36c03dbf54e3cb5136da5a33fee76fb3113f8b6700e9e5fc006b8eed665fed48738d59395ad07438c3610ae3976aac75caf2facafa21c25be3c2", 0x7f}], 0x2)

4m44.561634925s ago: executing program 3 (id=1361):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000740)='ext4\x00', &(0x7f0000000780)='./file0\x00', 0x0, &(0x7f0000000480)={[{@nouid32}, {@mblk_io_submit}, {@i_version}]}, 0x1, 0x746, &(0x7f0000000f40)="$eJzs3c9rHGUfAPDvbJOmb9vXpODBimCgBwulG5vWUkGkogcpVop689Bud7ehZLdbspvShIpWFMGTSPHsj5M3/wFRBL15FDx7kkKRUi+CsDLb2bjt7jabNJtV9/OBCc8zM5tnvjszz/Mkz8NMAGNrNv2Ri9gfER8lEdPZ+iQiJlupiYiTd/e7c/taMV2SaDZf/y1p7ZPmo+MzqT1Z5rGI+O79iEO57nLrK6uLhUqlvJTl5xrVy3P1ldXDF6uFhfJC+dL88WePzp+Yf+bE/JbF+sd7r54/9dVLX9x498dfXnvr1JNJnIy92bbOOLbKbMxm38lk+hXe48WtLmzEklEfAJuS3po77t7lsT+mY0crBQD8l70dEU0AYMwk2n8AGDPt/wO0x/aGMQ72T3brhYjY1Sv+iWzMbldrHHT3neSekZEkIma2oPzZiLj65gdfp0sMaRwSoJd3rkfEuZnZ7vov6ZqzsFFPD7DP7H159R9sn2/T/s+JXv2f3Fr/J3r0f6Z63Lubsf79n7u5BcX0lfb/nuvZ/12btDazI8v9v9Xnm0wuXKyU07rtkYg4GJNTaf7IA8o49vHzP/Tb1tn/S5e0/HZfMDuOmxNT936mVGgUHibmTreuRzw+0Sv+ZO38J336v2cGLKPx/ROf99u2fvzD1fws4qme5//vGW1Jx/zEqeianzjXuh7m2ldFt/yH0/v6lT/q+NPzv/vB8c8knfM16xsv46dP/ny537bNXv87kzda6Z3ZuquFRmPpSMTO5JXu9R1TSNv59v5p/AcPPLj+63X9p38Tnhsw/sVPvzy/+fiHK42/tKHzv/HEgZ+/6R1PM5ttvO75P9ZKHczWDFL/DXqAD/PdAQAAAAAAAAAAAAAAAAAAAAAAAMCgchGxN5Jcfi2dy+Xzd9/h/WjszlVq9cahC7XlS6VovSt7JiZz7SddTnc8D/VI9jz8dn7+vvzRiNgXETem/tfK54u1SmnUwQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZk+f9/+nfp0a9dEBAEOza9QHAABsO+0/AIwf7T8AjB/tPwCMH+0/AIwf7T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDdub06XRp/n77WjHNl66sLC/WrhwuleuL+epyMV+sLV3OL9RqC5Vyvlirrvf7KrXa5fnjsXx1rlGuN+bqK6tnq7XlS42zF6uFhfLZ8uS2RAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG1NfWV0sVCrlJQkJCYm1xKhrJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB/h78CAAD//6LRHug=")
open(&(0x7f0000000040)='./bus\x00', 0x14927e, 0x0)
r0 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
ftruncate(r0, 0x2007ffc)
sendfile(r0, r0, 0x0, 0x800000009)
mount(&(0x7f0000000440)=@loop={'/dev/loop', 0x0}, &(0x7f0000000200)='./bus\x00', 0x0, 0x1000, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x9567, 0x3, 0x0, 0x0, 0x1f, 0x5, "ef35af413bb901527fe4d0ce5d29c3ee5e5c3676345a41499db7aac63a01000000000000004faa2ae2c084a0ea0000000000007700000c00002000", "036c47c67808200400000000000000335263bdbcef549ba197fce47ddfdd753abd950100002a00ffffffffffffffff00000000e8f20000000200", "b7326736181c208220fffff2ff00000000000000000e00", [0x4, 0x100]})
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x1ff)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x58)

4m44.116543025s ago: executing program 3 (id=1364):
r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000), 0x2)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000140)={r1, 0x1, 0xfffffffffffff000, 0x8000})

4m43.421104123s ago: executing program 3 (id=1367):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="48000000000101040000ff0f0000000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000001000058009"], 0x48}, 0x1, 0x0, 0x0, 0x44}, 0x40004)

4m43.144089002s ago: executing program 34 (id=1367):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="48000000000101040000ff0f0000000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000001000058009"], 0x48}, 0x1, 0x0, 0x0, 0x44}, 0x40004)

4m3.159756158s ago: executing program 4 (id=1771):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000100)='smaps_rollup\x00')
read$FUSE(r2, &(0x7f0000004900)={0x2020}, 0x2020)

4m2.183479878s ago: executing program 4 (id=1772):
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0x10}, {0xffff, 0xffff}, {0x1, 0x7}}, [@qdisc_kind_options=@q_ingress={0xc}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x3ff}]}, 0x38}, 0x1, 0x0, 0x0, 0x20040800}, 0x2200c000)

4m2.08038801s ago: executing program 4 (id=1773):
r0 = syz_usb_connect(0x5, 0x4c, &(0x7f00000002c0)=ANY=[@ANYBLOB="1201100335fe6510ca1a8eb232920102030109023a00010d019002090432a70201039e08090588061000060408082387ac33afe341072501"], &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0})
syz_usb_disconnect(r0)

3m59.916490457s ago: executing program 4 (id=1795):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000000000)='./file0\x00', 0x2000898, &(0x7f00000003c0), 0x1, 0x55ae, &(0x7f000000abc0)="$eJzs3X9snHUdB/DnruvaFdeWMOuArGwDJFtEOjdNCCR2bNNpYTnphE3I+gNH0DmtY8NVCCtinIERijWMwQoLbn9MEYqucyiJBewqul8IJtNFBbPFNWOkOBExYTG9u+d299zaHhMpwuu1tM/zvc/z/d73njx/3PvW73MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEHwx+N3TL/t3roJ26+ru++8a85e+2D3kuMX3rq1avND20v2dTz31aNVq1qPLF1w0/2JpkfW93d3BkEs2S+W7t9w2fwrr69vuKI0HLDxc6ltZeVQT5nq+mKqMTbnwcF+uT9NQRAURwYoSm/npXfiOQNkdlfkDzisayf1tE4dP69x28qujc8uu3xL/ktnUOloT2C0pK+rgyeupdrk73jkiEw769KL5Vyiqf7RC+4deREAwFtSk0huMm9H029xM+22aD3Sro202yPt8B1Ce3bjVKTGHTvUPCdH66M0z9pUVCgZcp6Revr8Z9qJaP9IOxI13sI8cw9NR5rSoebZEqmP1jwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3k0uuH5m/d49D7/8ldbf/u7h17/16sePrGq8ZaC7/qJ1ix/v2PG9vx2tWtV6ZOmCm+5PND2yvr+7Mwgqk/1iqe6xZ6ri8ZkDddseu6e3puFDC9cUpccNt2OyDg72hzsXVwRBc1blYDhsf3kQJHILyWawIb/wpeTOZ8ICAAAA7yVnJn/HM+1UHCzOaceSaTKW/BdKhcVrJ/W0Th0/r3Hbyq6Nzy67fMupj5cYYrzak46XaVee+IllBeMw/kbHO1EPD12RN87woiNG8/zpx/qnNdfdUHrl7gsWzphdv+XS4CfTD3csX3TfhBfHL9nXXpOX/yuHz//hmZP/AQAA+G/I/9FxhjdS/m+uqZh0cOp3ix67rur44fkP/Lyz7/kn4w8VD3Q//dLYcbf9cnVe/p+c85R5+T+ccZj/48Gp5X8AAAB4N/tf5//avHGGN1L+/8X+zZ//98pvTDk84187Xnj69xdvnVI+/7WyGTe8+cSCVxp2tf0pL//XFJb/x2RPO3xwVzjhZRVBUFP4SQUAAAByhP/vfuKjhTCvpz45iOb1y+4qe3LXG+tvjJ/V8o8zFvfPqv7i7tVf37ApNrChc92O5XNX5OX/2sLyf/E783IBAACAAvxm+y13V395ydYtew7N2XFnYvPYS+a+uuennVf1vXwsUfT8zX15+T9RWP4vGZ2XAwAAAJzEU+MmPnfo0UNfm7177YS9q9rmPD5t3+qFD/xz9t+veOnPxzddWJ6X/xsLy/9l6W165UOq087wrxA6KoKgdHCnJVXoC9o/mSkAAAAAb5Mwpzc1revduX7MrNfOPvzDNSuW/2rvpd++a2P1zQd+XXX7ucf2996Yl/9bhr//f3ing3D9f879//LW/2cVUnf9u8SNAQAAAHg/yl/PH94eP/XNBUN9/36h6/8/euaBko7m8ysnx7dVz3rig31Xra1+fVHHRZ/YfusbH46V//VTefm/rbD8X5S9fTu//w8AAABOwf/b9/8tzhtneCPd/79v3DPnrPnsPT+o/WbZU+e+eXfzd9oPTj9v87QzPlJ0fvecmX/4fl7+by8s/4fb07JfXk94fm6vCIKJgzvpuwluDae7LFLoKs4qpE58pEd92CNd6CrJKiS1RHp8rCIIpgzutEUKp4eF9khhoDxd2BQp7A0L6eshU3g0UugJr7R7y9PTjRZ+FhbSCyy6whUUp2WWRER6HBuqx2DhpD0OZJ4cAADgfSUMz+ksW5zbDKJRtis20gFlIx0QH+mAopEOGBM5IHrgUI8HjbmF8PEfz+1e+so1D9b1Xt1w9KzZe5bc0faBnkW9O7/wo55z/nL1Cws/nZf/NxWW/8NTMTa1GWr9fxCu/09/r2Fm/X9jWKiMFLrCQiJ6x4BE+BypsHtn+ByViXSPgYmZAgAAALynhZ8LFI3yPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/sHfvcVJVd4LATzf9oJum6YgBY4ygRkR3aZomGEQcUXRXo4tNJKtjhtAIjXZoAwq4YsyKr3GV6GLUmBjZwY+jJg6r+CDqRIXoiElGJfE5Kz4HnciqS9BR45gs++m+dYqqW112IaC0+/3+0XWqfud569F17r11LgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/P/hsiX3Nrw58H9965ffW/f697409TdTD9m8y19uqHt3yDlPbT5ocN0tbw1asPCNtklnXtsyffk1G1YuDaGlq1xZUrzsoUHl5aP/cMxdt13xcNO0wVPOrcrUm4mHfp1/yjN3Loytvto/hLvLQqhIB0bUJYHKzP26WN8edSF8LmwJZEu01SYl0g2Hh2tCWBa2BLJV3VsTQl1OYMoTD666rDNxVU0I+4YQqtNtvFCdtFGTDgyrSgK16cCciiTw/uZENnBPeRKArVHV3YPxzZB90a9oyc/Q0H1lRV5/lR+3czuZ9PD6xERD8XxvHbaDO5Wj4Lls2aanrduXBttdwdtjtXdbL3i3FWznJZ623C9SmW8om7eEqkP5zLZZ0xd0zI+PlIfGxj7FatpBz/O6TefM2Jp0r3kdxg40bJfX4QO1k+ove3viwStP/uPp+85fO3Vbu/lczibNTe9o1SHzmus1z2M04dP7PNm8LYW3r539aSv4ljTUl64QwvF/+nzZM3Ne2n3jB6+eOPH2Fy6+etrCa6ZMfHbQL8b+47W73D3t8oL5f8NHz//jyznelufljq1+WJ/MzeMjdTGxsT6ZmwMAAECv0Rv2mn519KsvnfrQ3YteXH5cxXfH/eqk3eorzv5+x/G7rhz/xUuvbH98l4L5/9DSjv/HQ/51uaNdHcKErsQFA0LYrevxJPCz2J2TB4SwV1eqJT9wWCqwOoQvdCX2z1aVKtE3lhiaCvy+PhOYkAqsiYGWVODGGFiSClwYAytSgRkxsDoVODwGQnv+OA6oz4yj5EBNDLQmG3FFPAvhnfrYWmpbrctWBQAAsJ1kZoeV+XdzznXY1gxxermipqcM8QzsohmqUzWkZ7DZaVXRGip6qqG8pxqy41700cMvqLmsp5oLTsMoy8/w4ZDvlA+YuPeP7rpxxE3NL0787rtjj//Kn998d/X+//Tf7zln/nUHFMz/mz56/l/dTUfKCo7/hzC562/MXZ6JdGTjrS15GQAAAIBtcNVjS5+84YCj/s99L99355euvaF89dVf/7+vbLxg71HHDS/r+3ffXlEw/59Q2vn/cZ9In5zM4dG4G2L2gBCa8gNJtQcXBpKj3v0yAQAAAOgNssfjs8fC2zO3ySna6fl0Yf6WrcwfD/xP6Db/5Zv++tkvX/vkiQuH7bPhiv925gdlnx/7u12OXTvy8bf2HPYPDX0Lz/9vKe38/9r826QTa2IvrhwQQt+cwCOxl52BLkNj4OVD8wOZ8a+JG2BxrCpzYkK2qsWxRGsMNKUCy4qV+G22xG75gcyTlW38guw42jMlcgIAAADwiYu7A+Jx+Xj+/z2TD/jS/oNeGvPinvcufG3C0hNOrf3hPrfs+vqAjkljDpxwyBHPFMz/W7fu/P+ueXDB6f0d/UIYWRFCn/QPAx6tTRYGjIG6skzi/tqkrj7pqs6rDWF858DSVb2SWf+/Ir3G4BM1SVUxsNveP900rDNxQ00II3MDz3zz+jGdifmpQLbxb9SEMKRztOnGV/ZNGq9MN35N3xD2zAlkqzq5bwidjVWlq3qwOnMdg3RVt1WHMDAnkK3qwOoQFgYAeqn4r3Rm7oPzFp49e3pHR9sZOzAR9+HXhFntHW2NM+Z0zKwu0qeZqT7nLWN0XuGYSr3yzfOZJYqmDrl9eCnp7O8Em3LbyuzHLzhxMHM/fheq7Bpnc2Xe3dHpIQ/fp7CJkPNNqtiQy3fwkGtzK9nyJBbUH/NXhX6h74J5bWc0njV9/vwzRiV/S83enPyNh5mSbTUqva1qu+tbCS+PoqtlpXzcbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/PQx1v+6qTg118/Uljms7DnX3ipxKPolPDQkJid6WmL6k7PwJ0359/7f2WHPaWSft8fd7zBxx0l9d/pu5JzYeMvlX1//l2oL5/9yPnv/HT534yZ9Zn6HY8f+GeJg/eXzLYf7WGFhW6vH/hmJH87MnBgxNBRbFwCKH+QEAAPhsiLsj497MuFf6urp/uvvImTMOef+XJ0y5+m/Hjjv1rPX7Nlx89bFL/sP6d5asOuLtgvn/otJ+/7+d1v/PLl3/tWLL/O8fSzQVW/8/vcx/dv3/RcXW/08v859d/3/Zp7D+/4JsILVJ3rH+PwAA8Fnwya3/3+Py/ukLBBRk6HF5//QFAgoy9LiMf6kXCNjq9f/ndPxF7aDL54w7dMTcHz+yau8lA2/70vMTf73P0oNG3LvylvdG3Vow/19S2vzfwv0AAACw83jol32/ffG7w+5/6pH3jyy79Lcbbzr+r9oOOOQPA5tPmXx0zfdv+reC+f+y0ub/n/z6f6HY+f9DiwVaii0MaP0/AAAAeqli6//dPPDloavnj7jxsZ+/ectLrb+YOf61f7fkB1+ZPqzp5jXrftMwY33B/H9FafP/eNpFeV7u2JsP65M17UJ6TbuN9dmfDAAAAEDvUB4aGytLzJu3MuphH7/NdZmlQD8qnevp+watWlD+0FVl1Rt/cMm0QxrPPfbMOUdetP77tU/+pHZqY/UZBfP/1aXN//N+l/FA7aT6y96eePCHK0/+4+n7zl87dcvxfwAAAGDHKXW/BAAAAAAAAAAAAAAA8Ol7qnXpQR+MOvqNmXuN+tM3jn3hB4u/+M1H/ubaP5/588Pv26t987ApBb//D5O7yhX7/X+87l/8fcGuebljqz2v/5e5P+WYWxd2LVn4aH0I++QGZp8/+3Mhc23+/XIDq6buP7gzcX66xH0vHv5aZ2JaOnDUiF3e60yMTwVa4yKJX0gH4lUV3+ufCsTlFZ9MB+L2WJEOVGUCl/RPxlGW3lYb6pJtVZbeVs/VhTAgJ5DdVnfXJW2UpQd4VSqQHeDp6UAc4KRMoDzdq1v7Jb2KgbpY9G/6Jb0CAGCnFb8FVoZZ7R1tTfErfLzdvSL/Nspbsuy8wmrLSmz++czSZFOH3D68lHSf9HfRLdcarwzVnUMYVfB1NTdLWdcot08tPWy6XYsMuafV3sqLlEvb2k1XVXxENcmIGmfM6ZhZ2ePAR/ecpbmixyyjCiY7uVnKuzZpCbWU0JcSRlTitimhy/F+eWhs7JPKNS4GG0Kenl4Rpf5eP3edv2Kvgtw8f1tz7aV9Bvd5/9/GX/TQgwMqO06d3HbR7o/988BRM3/8wwdbr/l9wfy/obT5f3XuuN7LXAxgUbyy3sEDQmgtcUQAAADw2fc/z11+x4lz1myYtbri2d/9bnb5cSdWbj7nrnPOvui5+xcfdcm/v3lb4yvKntp04hubzvrrN37ylesePuulw2ecddekdYesb6u+8bt/sfzUIQXz/6Glzf/jHqzMoeBkb8fqeP3/CwaE0HVp/YYk8LM43JMHhLBXV6ollkguqP+1WKIpCfws7jDZP5Zobcmvqm8MrEgFfl+fCaxOBdbEQGYvxU9DZlfOFfUhjOlKTc4vMTeWaEgFjouBoalAYww0pQL9Y2BCKvBm/0ygJRX4xxgI7fnb6s7+mW0FAACwNTLzrMr8uyE9z1tR0VOGsp4y1PaUobynDNU9ZSg2inj/jpihMnXySllOpsp0rTWpWgoyxIvhb3W/CjKE3+bnTBcsaDqef5A936AsP8O4H97RetDX5v1408U/evzIAy88csmVb196dL/BVz77v9vP7dd/U23B/L+ptPl/bf5t0vqaOP/fcv2/JPBI7N6V8dTxoTHw8qH5gcyOgTVxsrs4W1VLpkRm0r44lpgQA0NTgbkxMCEVaJ2cCSwbnB/IzLSzjV+Qbbw9UyInAAAAAJ+4uIMg7qaJ8/+V48I7exz5fvPuVw6cO+7xR847YnrNrtU1/zx+7dLxl1Y/tF/fgvn/hNLm/7G9frmNXRh782r/EO4u29KbbGBEXRKI+zHq4s/j96gL4XM5OziyJdpqkxJVqYbDwzXJL9Sr0lXdW5OsMRDvT3niwVWXdSauqglh35y9L9k2XqhO2qhJB4ZVJYHadGBORRKIe36ygXvKkwBss+xewfiCypzqktXQfbkir7/PyjVB08Mr2AfaTb7ufnO1o1SnH8jsU83auqetoDp2iIK3x2rvtt74bmvwbsv9IpX5hrJ5S6g6lM9smzV9Qcf8+EjuL1kL7KDnOfdXqqWkt8PrcNHH723PqtMdaEp9fDR1X67712FZrO6B2kn1l7098eCVJ//x9H3nr51acjeKiD8UPvjWuQc8l7N5d7TqkHnN9brPkxafJ73x38BQT1sIYfkFs5584l/ef75iffN/OXDs8tvefGz5Tw56YNaIL2y45Msb33r3qIL5f0tp8/+K1G2XD+LGnDcghOE5G/fRuPknDkg+B3MCyafkwMJAcsh9fX3RT04AAADY3rK7O7L7C9ozt8kJ4el5cmH+lq3MH/dXTOg2f6n9HjjmH7536FWvf+Pr63e//NGlT637T2++csS0Qx/Y9PSKla83H/v5pwvm/60fPf/vm+qm4/+O/7ODOP7frZ19V3Tf9AOLtmlXdEF17BCO/3drZ3+3Of7fLcf/Hf/vjuP/PXD8v1s7+9NW8C1pri9dIYTWATfc/ova6cP7XXHOt2as/fnT7zSNe6Hu3KPv/B+HLw7XnLfqzwXz/7mlzf+t/9f9on3Z9f9ai63/N7fY+n+LrP8HAADsUEUWmkvP8wpW7yvIkF69ryBDjwsE9rjEoPX/tnr9v9qTzj7plfq39rpm4u3/+c7pFz5/0onP7tvn+RNuP+GmkVcPf+nLGwrm/4tKm//Hl0O/3NZ7y/p/QycXqWpJDMy1MCAAAAA7o2I7CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPh0rXhw8Rc3L97noJue/fxNh//rsjWz9v7VAZtHjzm5cfjigWVX/t2/vDVowcI32iadeW3L9OXXbFi5NIT2rnJlSfGyhwaVl4/+wzF33XbFw03TBk85tzpTb2Xm9ot5uWOrH9aHsCznkbqY2FjfeWdLYMoxty6s6Ew8Wh/CPrmB2efP/lxn4sb6EPbLDayauv/gzsT56RL3vXj4a52JaenAUSN2ea8zMT4TKEt397r+SXfL0t29rH8IA3IC2e5+u39+Vdk2/mMmUJ5u4+a6pI0YqItFf1SXtBEDHbFEe98QRlaE0Cdd1a+rk6r6pKv6++qkqj7pqv5rdQjjQwgV6aperEqqqkiPfG1VUlUM7Lb3TzcN60wsqwphZG7gmW9eP6YzcXoqkG3861UhDOl8yaQbv6Myabwy3fhVlSHsGUKoSpf414qkRFW6xCsVIQzMCWQbP7UihIWBz4T44TMz98F5C8+ePb2jo+2MHZioyrRVE2a1d7Q1zpjTMbM61adiynLSm8/7+GN/ftM5Mzpvpw65fXgp6YpMucquLjdX5t0dvbP3PvarNreSLc9HQf0xf1XoF/oumNd2RuNZ0+fPP2NU8rfU7M3J3z6ZaLKtRvWWbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/22Oo13/yQ929IqeST+IDQEJCorclyvM+3Zp29g/ygi/6WzpaGaq7PqALphW5Wcq6Rrk9Bn3Yxxzxx/me0uOIRhVMHAqyNPecZXTBZGJLlpokS9f3uoLJYW5N5V2bNN4vD42NfYpth4b8u7mb961t2LzrMpuu1DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPD/2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVduBYAAAAAECYv3UYPRsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlwIAAP//WKHPZA==")
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000400)={{{@in=@empty, @in=@empty}}, {{@in6=@ipv4={""/10, ""/2, @dev}}, 0x0, @in6=@mcast2}}, &(0x7f0000000640)=0xfffffffffffffcbd)
setrlimit(0x1, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff})
truncate(&(0x7f0000000080)='./file1\x00', 0x400000f000)
add_key$keyring(&(0x7f0000000140), 0x0, 0x0, 0x0, 0xffffffffffffffff)
keyctl$set_reqkey_keyring(0xe, 0x1)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r1)
ptrace$getregset(0x4205, r1, 0x202, 0x0)
sendmsg$IPSET_CMD_ADD(r0, 0x0, 0x0)
open(&(0x7f0000000040)='./file1\x00', 0x66842, 0x21)
syz_emit_vhci(&(0x7f0000000380)=ANY=[@ANYBLOB="043e1a0f"], 0x1d)
r2 = open(&(0x7f0000000240)='./file1\x00', 0x14d142, 0x0)
sendfile(r2, r2, 0x0, 0x800000009)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x13, 0xe, &(0x7f0000000c00)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10}, 0x94)

3m58.548190559s ago: executing program 4 (id=1800):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="280000005200010004000000000000001c"], 0x28}}, 0x0)

3m58.092701603s ago: executing program 4 (id=1808):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000008b40)=ANY=[@ANYBLOB="3800000040000100fcff0700040000000100000004004880140001801000108004000f8005000400000000000c0002"], 0x38}, 0x1, 0x0, 0x0, 0x400c801}, 0x4008094)

3m57.981013351s ago: executing program 35 (id=1808):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000008b40)=ANY=[@ANYBLOB="3800000040000100fcff0700040000000100000004004880140001801000108004000f8005000400000000000c0002"], 0x38}, 0x1, 0x0, 0x0, 0x400c801}, 0x4008094)

3m28.190311956s ago: executing program 6 (id=2111):
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x8400)

3m28.18964872s ago: executing program 6 (id=2113):
socket$inet6(0xa, 0x1, 0x8010800000000084)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000540)='./file5\x00', 0x82c0, 0x0)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000680)='./file0\x00', 0x0, &(0x7f0000000000)={[{@usrquota}, {@nojournal_checksum}]}, 0x21, 0x4bd, &(0x7f00000006c0)="$eJzs3c9vVFsdAPDvvf1JKbQoCzUqiCgawkw7QENY4UZjCImRuHIBtR2apjOdpjNFWlmU/8FEElf6J7gwcWHCyr073bnBhQkq0Udf8hbzcu9MS1+Zgb7QN0M6n09ycu+5p8z3nLm55wxf6JwABtb5iNiOiNGIuB8RU+3rSbvErVbJfu7Vy8cLOy8fLyTRbN79T5K3Z9di35/JnGy/5nhE/PRHEb9I3oxb39xama9UyuvterFRXSvWN7euLFfnl8pL5dVSaW52bubG1eulIxvrueofXvxw+fbP/vynbzz/6/b3f5V1a7Ldtn8cR6k19JG9OJnhiLj9RQTrg6H2eEYPXO9wy/kApRHxpYi4kD//UzGU300A4DhrNqeiObW/DgAcd2meA0vSQjsXMBlpWii0cnhnYyKt1OqNyw9qG6uLrVzZdIykD5Yr5Zl2rnA6RpKsPpufv66XDtSvRsSZiPj12Im8XlioVRb7+cEHAAbYyQPr///HWus/AHDMjfe7AwBAz1n/AWDwWP8BYPBY/wFg8Fj/AWDwWP8BYPBY/wFgoPzkzp2sNHfa33+9+HBzY6X28Mpiub5SqG4sFBZq62uFpVptKf/Onuq7Xq9Sq63NXouNR8VGud4o1je37lVrG6uNe/n3et8rj/RkVADA25w59+zvSURs3zyRl9i3l4O1Go63tN8dAPpmqN8dAPrGbl8wuPwdH3jXfq1d/4vQ06PvC9Abl74q/w+DSv4fBpf8Pwwu+X8YXM1mYs9/ABgwcvyAf/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAz28yL0laaO8FPhlpWihEnIqI6RhJHixXyjMRcToi/jY2MpbVZ/vdaQDgPaX/SuKj9jaAFycPto4mH4/lx4j45W/v/ubRfKOxPptd/+/e9cbT9vVSzzsPABzC7jq9u47vevXy8cJu6WV/XvygtbloFnenXVotwzGcH8cj+3Ay8b+kXW9JImLoCOJvP4mIr3Qaf5LnRqbbO58ejJ/FPtXT+Oln4qd5W+uYvRdfPoK+wKB5ls0/tzo9f2mcz4+dn//xfIZ6f7vz384b81+6N/8NdZn/zh82xrW//Hi0W9uTiK8Nd4qf7MVPusS/eMj4//j6Ny90a2v+LuJSdI6/P1axUV0r1je3rixX55fKS+XVUmludm7mxtXrpWKeoy7uZqrf9O+bl093i5+Nf6JL/PzO35nsOv7vHHL8v//k/s+/9Zb43/t25/t/Nj92fv+zNfG7h4w/P/HHrtt3Z/EXu4z/Xff/8iHjP//n1uIhfxQA6IH65tbKfKVSXnfiZO9k95Peh9Kf7ifNqVZPP5T+HJ+Tfs5KQC+8fuj73RMAAAAAAAAAAAAAAKCbXvw6Ub/HCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwPH1aQAAAP//sHnUnw==")
r1 = fanotify_init(0xf00, 0x0)
fanotify_mark(r1, 0x105, 0x5000003a, r0, 0x0)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='.\x00', 0x0, 0x124)
fanotify_mark(r1, 0x1, 0x20, r2, 0x0)

3m28.066929092s ago: executing program 6 (id=2117):
r0 = open(&(0x7f0000000280)='.\x00', 0x80, 0x122)
fcntl$notify(r0, 0x402, 0x8000003d)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
openat2$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)={0x40, 0x144, 0x5}, 0x18)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file2\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000003c0), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file1\x00', 0x20400, 0x20)

3m27.975448805s ago: executing program 6 (id=2122):
syz_mount_image$udf(&(0x7f00000000c0), &(0x7f0000000040)='./file0\x00', 0x2000002, &(0x7f0000001140)=ANY=[@ANYBLOB="766f6c756d653d3030303030303030303036332c696f636861727365743d6d6163677265656b2c696f636861727365743d6b6f69382d72752c7569643d666f726765742c756d61736b3d30303030303030303030303030303030303030303030322c6e6f7672732c6e6f7672732c66696c657365743d30303030303030303030303030303030303030342c646d6f64653d30303030303030303030303030303030303030303131362c007732be3442cd163f564b8a695afa1b16eefc0b9d590fbf9ab8391b97ea4c0cf06c797f1a493380ce6975738b912f61be3a342f9b9ee8b8bee4aa2b525fd11b2212573ec6e7f3235ad950c58d6bf8d5318071bd000000004c67990370b984f0b3bf4b8ee680536ebf6c9386b8e46872d639e0de679325aa384473cb1be572c732000000000000000020b00e44de83eb12e1addb51edd821f23ab83af360c42a3a64f4e227479c5dd61952d5fcb0bcfee33d3832a050f83cc04ac5025adbf5d9fc1d72fb565aa4734eec868691025f3a382de96d325d0f56d2859781ea76aea7305d7661f8bd5650b7e9dcc1af8c0daef9686f8a1a5637c77b000b423d659049a769bbd8ac3ec13220fb30c2cbcc5f045b71395d17d76da531a330468bfd2dd4b7f6d9991ec27e0485b36bff71689d333fd4b5b6d8dfabb206dd573227856bdd7661d970d01bf6639b3177b0fd9d80ce94358a17b72a27def19e853c337df0e8a1a8f27d44010f9399f8feae412a6c3d07f8f9e24f8948"], 0xfe, 0xc2d, &(0x7f00000001c0)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIhRzC8AVSakLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNi2KEmV9Pjb13Z19b+a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cun0mfSwWwEAPEhXRr96+qz7PwA8Vq76/38AAAAAAAAAAAAAADjoUhTxZKSYu7KWxqv3HfXL7b5bt8eGhrevdiRVNQ9V5cuf+pmz585/6YXBC9283J75gPr322fjtdGrlxovz96cm59aWJiabIzNtCdmJ6d2vYe91t/qZHUCGjdfvzV5/fpC4+zz5zZ9fHvg/f4njg9cHHz21DPdsmNDw8OjG0XqveVr99yQjp1meByOIk5Fiue+99PUiogi9n4u6g927Lc6UnXiZNWJsaHhqiPT7dbMYvnhSPdEFBGNnkrN7jnafiyi1vdA+7CzZsRS2fyywSfL7o3OteZb16anGiOt+cX2Ynt2ZiR1Wlv2pxFFXEgRyxGx2n/37vqiiFqk+M6xtXQtIg51z8MXq4nBO7ej2Mc+7kLZzkZfxHLxCIzZAdYfRbwaKX72zomYyNeZ6lrzhYhXy/xBxFtlvhSRyi/G+Yj3tvke8WiqRRF/WY7/xbU0WV0PuteVy19rfGXm+mxP2e515SPeH+66Ujyk+8ORLflgHPBrUz2KaFVX/LV077/ZAQAAAAAAAAAAAAAAAOB+OxJFfCZSvPIff1LNK45qXvqxi4N/OPCrvXPGn/6Q/ZRln4+IpWJ3c3IP54mBI2kkpYc8l/hxVo8i/jTP//vWw24MAAAAAAAAAAAAAAAAAADAY62In0SKF989kZajd03x9syNxtXWtenOqrDdtX+7a6avr6+vN1InmznHcy7lXM65knM1ZxS5fs5mzvGcSzmXc67kXM0Zh3L9nM2c4zmXci7nXMm5mjNquX7OZs7xnEs5l3Ou5FzNGQdk7V4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgI+TIor4RaT49jfWUqSIaEaMRydX+h926wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAUn8q4vuRovFHzTvbahGRqn87TpS/nI/m4TI/Gc3BMl+K5qWcrSprzW89hPazN32piB9Hiv7623cGPI9/X+fdna9BvPXNjXefrXXyUPfDgff7nzh+7OLg8G88vdPrtF0DTl5uz9y63RgbGh4e7dlcy0f/ZM+2gXzc4v50nYhYeOPN11vT01Pz9/6i/Arsofoj9CLVHpeeelG9iNqBaMbD6TuPgfL+/16k+N13/7N7w+/c/+vxK513d+7w8fM/27j/v7h1R7u8/9e21sv3//Kevt39/8mebS/m34301SLqizfn+o5H1BfeePNU+2brxtSNqZnzp09/eXDwy+dO9x2OqF9vT0/1vLovpwsAAAAAAAAAAAAAAADgwUlF/H6kaP14LTUi4nY1X2vg4uCzp545FIeq+Vab5m2/Nnr1UuPl2Ztz81MLC1OTjbGZ9sTs5NRuD1evpnuNDQ3vS2c+1JF9bv+R+suzc2/Mt2/88eK2nx+tX7q2sDjfmtj+4zgSRUSzd8vJqsFjQ8NVo6fbrZmq6si2k+k/ur5UxH9FionzjfT5vC3P/986w3/T/P+lrTvap/n/n+jZVh4zpSJ+Hil+56+ejs9X7Twad52zXO7vIsXJC5/L5eJwWa7bhs5zBTozA8uy/xcp/ukXm8t250M+uVH2zK5P7COiHP9jkeL7f/Hd+M28bfPzH7Yf/6Nbd7RP4/9Uz7ajm55XsOeuk8f/VKR46cm347fytg96/kf32RsncuE7z+fYp/H/VM+2gXzc374/XQcAAAAAAAAAAHik9aUi/j5S/HC4ll7I23bz9/8mt+5on/7+16d7tk3en/WKPvTFnk8qAAAAABwQfamIn0SKG4tv35lDvXn+d8/8z9/bmP85lLZ8Wv05369Vzw24n3/+12sgH3d8790GAAAAAAAAAAAAAAAAAACAAyWlIl7I66mPV/P5J3dcT30lUrzyP8/lcul4Wa67DvxA9Wv9yuzMqUvT07MTrcXWtempxuhca2KqrPtUpFj728/lukW1vnp3vfnOGu8ba7HPR4rhf+iW7azF3l2b/KmNsmfKsp+IFP/9j5vLdtex/tRG2bNl2b+JFF//l+3LHt8oe64s+91I8aOvN7plj5Zlu89H/fRG2ecnZot9GBUAAAAAAAAAAAAAAAAAAAAeN32piD+PFP97c/nOXP68/n9fz9vKW9/sWe9/i9vVOv8D1fr/O72+l/X/q+cKLO10VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HhKUcSbkWLuylpa6S/fd9Qvt2du3R4bGt6+2pFU1TxUlS9/6mfOnjv/pRcGL3Tzg+vfb5+J10avXmq8PHtzbn5qYWFqsjE2056YnZza9R72Wn+rk9UJaNx8/dbk9esLjbPPn9v08e2B9/ufOD5wcfDZU890y44NDQ+P9pSp9d3z0e+Sdth+OIr460jx3Pd+mn7YH1HE3s/Fh3x39tuRqhMnq06MDQ1XHZlut2YWyw9HuieiiGj0VGp2z9EDGIs9aUYslc0vG3yy7N7oXGu+dW16qjHSml9sL7ZnZ0ZSp7VlfxpRxIUUsRwRq/13764ving9Unzn2Fr61/6IQ93z8MUro189fXbndhT72MddKNvZ6ItYLh6BMTvA+qOIf44UP3vnRPxbf0QtOj/xhYhXy/xBxFvRGe9UfjHOR7y3zfeIR1Mtivj/cvwvrqV3+svrQfe6cvlrja/MXJ/tKdu9rjzy94cH6YBfm+pRxI+qK/5a+nf/XQMAAAAAAAAAAAAAAAAcIEX8eqR48d0TqZoffGdOcXvmRuNq69p0Z1pfd+5fd870+vr6eiN1splzPOdSzuWcKzlXc0aR6+dslllfXx/P75dyLudcybmaMw7l+jmbOcdzLuVczrmSczVn1HL9nM2c4zmXci7nXMm5mjMOyNw9AAAAAAAAAAAAAAAAAADg46Wo/knx7W+spfX+zvrS49HJFeuBfuz9MgAA//8hX/ir")
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x180)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x2004000, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})

3m27.763613938s ago: executing program 6 (id=2129):
syz_open_dev$vbi(&(0x7f0000000140), 0x0, 0x2)
socket$key(0xf, 0x3, 0x2)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000001900010000000000000000001c140000fe000001000000000800", @ANYRES64=r0], 0x24}}, 0x4000000)

3m27.497645604s ago: executing program 6 (id=2134):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000080), 0x0)
gettid()
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x801)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000100)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000339000/0x1000)=nil, 0x800000})

3m27.268557026s ago: executing program 36 (id=2134):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000080), 0x0)
gettid()
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x801)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000100)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000339000/0x1000)=nil, 0x800000})

1m36.736459872s ago: executing program 0 (id=3389):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0)
pwrite64(r0, &(0x7f0000000140)='2', 0xfffffffffffffe6f, 0xfecc)

1m36.692468016s ago: executing program 7 (id=3390):
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_buf(r0, 0x6, 0x1a, 0x0, &(0x7f00000002c0))

1m36.609494582s ago: executing program 0 (id=3391):
pipe(&(0x7f0000000100)={<r0=>0xffffffffffffffff})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
fallocate(r0, 0xa, 0xffffffffffffff7f, 0x3)

1m36.606670036s ago: executing program 7 (id=3393):
r0 = socket(0x2, 0x80805, 0x0)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xc, 0x2, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000040)=0x8)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0x9}]}, &(0x7f00000002c0)=0x10)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000240)={0x6, 0x101, 0x206, 0x2, 0x754d, 0x6, 0x9, 0xf, r2}, 0x20)

1m36.605164224s ago: executing program 0 (id=3394):
syz_mount_image$nilfs2(&(0x7f0000000180), &(0x7f0000000100)='./file3\x00', 0x0, &(0x7f0000001040)=ANY=[], 0x1, 0xaef, &(0x7f0000000340)="$eJzs3V2IXFcBAOBzZ3c2u2lrpjWxaxrbpNW2/nTTbNb4EzQpCYKhKepLofgS0rQGYwQrqKXQJE++2VJS9MkffOpLqSJYEAl98qVgA0XoUxX0oSFiwYcaTUZ255z5OZnJzGx25+7sfh+cPXPuOfeec2fv3Llzf84JwIZVWfq7sDBbhHD+9ZcOv3f/P2YWpxxolqgt/Z1sS1VDCEVMT2bLe3eiEV99/7nj3eIizC/9Tenw2OXmvLeEEM6EneFCqIXt5y+++Ob8o0fPHjm3661X9l9anbUHAICN5WsX9i9s++uf77r9yqt3HwybmtPT8XktTZhuHPcfjAf+6fi/EjrTRVtoN5WVm4yhMtNZbqJLufZ6qlm5yR71T2X1V3uU2xRuXP9E27Ru6w3jLG3HtVBU5kIIm5vpSmVurvGbPCz9rp8q5k6fPPXUMyU1FFhx/74nhLCzLRw615lea+HAGmjDMkN9DbRhLMPB0dV1pd5Q+jqPKNS3lL0HAmjIrxde50x+ZuHmNJc2OVj9lx+pdJ8fVsCot/+h6p8quf6g/l+ftcdh5azXrSmtV/oc3RrT+XWE/P6ll//QOV9onv/Pr3R0Li+/HlEdsJ29riOMy/WFXu2cGHE7lqtX+/PtYr36UozT+/Dljtx7Oj4/+f90XP7HQHcf5Of/BUFY2yF0pKs3s6x6yfsfYO3K75urp+ujUX5fX56/qU/+dJ/8mT75m/vk39InHzay337/J+GFonW+K/9NP+z58HSe7bYYf2jI9uTnI4etP7/vd1g3W39+PzGsZb8/9viJzz/5xMXG/f9Fc/u/Frf39HOjFj9bF2KBdL4wP6/evPe/1llPpUe5O7L23Nal/NLrrZ3liq2t5YS2/cx17ZjtnG9Lr3I7OsvVsnIzMUxn7c2PTzZn86Xjj7RfTe/XZLa+1Ww9prJ2pP3K7THO2wHLkbbHdP9/63mAxv3/afucDdXiqZOnTjwc02k7/dNEddPi9D0jbjewcnp9/tP312zofP7n1ub0aqV9v7ClNb1o7Bdei8vrnD7frKdtetuXWvqe+9bEzFL5uePfPfXkKqw3bGTP/OjZbx87derE97xY9ouvrI1mDPMi/WxZK+0p/8XUmL0bO1djyT/9emOzWJxS5l4JGIXdzzcOAh46+Z1jT594+sTpvfv27Z2f3/eFvQu7l47rd7cf3bc7U0JrgZXU+vYvuyUAAAAAAAAAAADAoH5w5PDFt9/43DuN5/9bz/+l5//Tnb/p+f8fp+f/Yz86z8f8vHfc9Bzg7V3yl8pkHaxOZeWqMXw4a2/qBqCIFW/L5vtIjJvj+MXn/1N1eb+uqT13ZtOrPZJZdwLX9ZcylfVBko8XeG+Mz8X4VwFKVMx0nxzjG/RvXXzQtq2n/inaHuGt6x94fKT/W95/UXr+u2u/Tl2e12a8jOKJxbLXEejunxuq/+9/tVa89LYIvcNk77zKKtT3s427TdR7HqUPOoINwMooe/zPv4dGven85+k/fnV6MaRilx/p3F/m/ZfCMP7ydmd6rY8/udr15+P2jbr+std/1ON/Nse/i/u/tN/rvf/LRsyrLa/e//z80jtt1Ybtg9afr3/qB3rrcPVfifWntXkgDFZ//ZdZ/fkFoQH9N6t/84D1X7f+O5ZX//9i/elte/C+QetvtLiodLZjJluPdP0vP2+cXM3WP/XteYP6v/Fst/Vf5kCN12L9sJGNyzizw8qOI5oH7f3G/x32+/9mx/9tNjbbreX3YXw2ptOOON3nkI93Mmz70/0V6XtgW7b8os/3m/F/x9sXY9zv85DG/03bYy1+5bell97LlK52eW/X674GxtW7G+r636jCpcbPoOXNP11++4UhQn1iGfM177Mquf31en11T2j1UWrllP7+l331uezfKfeWXH8/+fi/+TF8Pv5vnp+P/5vn5+P/5vkz8T/0Xo/8fPzffHvOx//N8+/MlpuPDzzbJ/+jXfKL0Mrf3n3+5s/2u/osf0ef/I/1yd/VzD/QUSLl333D+Vvlei3/jj759/XJ/3if/E/0yb+/T/6DbfntY0Cn/E9m8xdZ/nqX9j+93j9g/cqfz/P5h40jXf/p9fnf2sqfai8y2lYCq+HlV/cceuI336w1nv+fap4PSdfxDsZ0Nf42+mFM59e9Q1t6Me+NmP5bll/2+SagJe8/I//+f6BPPjC+0n1ePt+wARXT3SfHuF+/Vb2O8xkvn4rxp2P8mRg/FOO5GO+O8Z4Yz4+ofayOQ6/9bv8LRev3/pYsf9D7yfPngTr6iQoh7B2wPfn5gWHvZ8/78RvWzda/zMfBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASlNZ+ruwMFuEcP71lw4/fvTk7sUpB5olakt/J9tS1eZ8ITwc44kY/yK+uPr+c8fb42sxLsJ8KELRnB4eu9ys6ZYQwpmwM1wItbD9/MUX35x/9OjZI+d2vfXK/kur9w4AAADA+vf/AAAA//8LMQpq")
r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFSLABEL(r0, 0x41009432, 0x0)

1m36.495348345s ago: executing program 0 (id=3397):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x2, &(0x7f0000000100)=@raw=[@ldst={0x1, 0x0, 0x4, 0x0, 0x1, 0x40}, @jmp={0x5, 0x0, 0x9}], &(0x7f0000000280)='GPL\x00'}, 0x90)

1m36.434146107s ago: executing program 0 (id=3400):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000406c256d0000000200000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="002205"], 0x0}, 0x0)
syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, 0x0, &(0x7f0000000240)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x3445}}, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000380)={0x2c, 0x0, &(0x7f0000000140)={0x0, 0x3, 0xc, @string={0xc, 0x3, "8ad80eee4415ad9cba3e"}}, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r0, &(0x7f0000000b80)={0x2c, 0x0, &(0x7f0000000a80)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0, 0x0}, 0x0)

1m36.028626982s ago: executing program 5 (id=3404):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$unix(r1, &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@rights={{0x14, 0x1, 0x1, [r1]}}], 0x18, 0x400c5}, 0x10)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.swap.events\x00', 0x275a, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x2a, &(0x7f0000000100)=r2, 0x4)
recvmsg(r0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)

1m35.953844346s ago: executing program 5 (id=3405):
syz_read_part_table(0x104c, &(0x7f0000001080)="$eJzsz80JAjEUBODZ9WcDHrQkm7AJj1awHdiEJ6uwHptQdGOwAZGF7zuEZN4QeOGvupLjbZjufZJNjd/nIrspP59qnrE1q36VlPvXj6/ZMvuuPtfJ0GZjymWbPD7Vw/VHawEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADArDwDAAD//6A1B3Q=")

1m35.707445114s ago: executing program 5 (id=3406):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001400), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000300), 0x106, 0x3}}, 0x2c)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x6, &(0x7f0000000080)={<r1=>0xffffffffffffffff}, 0x111, 0x6}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e22, 0xffffffff, @empty, 0xa09b}, {0xa, 0x4e21, 0x8000009, @mcast1}, r1, 0x4040099d}}, 0x48)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000000c000200"], &(0x7f0000001f80)=""/226, 0x26, 0xe2, 0x2}, 0x28)
writev(r0, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2)
close(0x3)

1m35.707227454s ago: executing program 7 (id=3407):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000140)={0x0, @in={{0x2, 0x4e20, @empty}}, 0x17f, 0x6}, &(0x7f0000000200)=0x90)

1m35.539663521s ago: executing program 5 (id=3408):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), 0xffffffffffffffff)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
connect$pppl2tp(r2, &(0x7f0000000980)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x1, 0x0, 0x0, 0x0, {0xa, 0xfffe, 0x0, @local}}}, 0x32)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r4, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r5, 0x8, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x32)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="230900000000000000000100000005000700000000000800090000000000060002000100000008000a0000000000080017"], 0x3c}}, 0x0)

1m35.539418799s ago: executing program 7 (id=3409):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_INPUT(r0, &(0x7f0000010140)={0x8, {"7f9654d636ab18b7938a2804505c72e9994ca22404fc203334cc21ed3d6a776fd12d13f9602b2980f983c31a5d1e431db778099ce3af3fb20e1ee1f4fdb77cbb36154982a93c19825d6fd273ab1eb5bcd47adad50de8a6791486e482e29ecc94284921f33b941cfc1000c9781d9a828c5ec7a2c77b4e624a5aa0e9e39782bad733eda81ba47e1c6116e4170e6587dd6210a57abe91f1f80c4e31139d8b73fe35ac1f99ea82dd6aa9c9aa67de88ae3e141020e1a876bbc449d2d843aa7e6d90b948b7e28770e6ac71010c63f17e90fd20806a9f8d9f418ee3af74aac64b04a27c4f5e3626ca2da546c79d24acadd11e8d272a22fc54078fd5e64475993668980a9f95aff964dee674356af492b8377a759d8ccf1accb9a18ef7ad16f438dde69cd020d71552b0810688c882a26a22b23f4b35471b08b379193db1cd7934a4049ff1b00d9795cda6e73951641d5e2365c24facd5afd09ed1d096d758b4fef66fe1aa22395d67b7e1db623d4a60a7dc93893d6c4a91df79535a855868c5dc0033d5c428cd25b85c5deb6e81068553bc84cead4d1eba8aa57e2b354a6899e44acbd3834491219b3e231cd55d82f161774a689efe197cc193ac0124c67738a0a1d5f16a6768c2c2ba7386c8c95ca08c55117f344f5a2bca0d09e79ea3fc49491f2c7adc513c2779c1bf62b1a8643d23e9e8b2ae41d4a59f1b82b82e092b36eb851b8456da871b4057aec325a9d4cccafde61f2abc85e3cabeabb856f6ffbfe23d69219ec8fae6beb54abe7870dbae823d49806a967a1c7f252999804f106745f20490bb3347b59321dc69765567abcbd89de04d89622170005df5871ed0fb72345a11da074060d7d4ee2e437f71a45723fb6b02de56067e54f54c52d10f7874a13cbfb3bd65ce54f9d6719ea210e0cf79e4e2157736ec07ac5915682ab81bced665c1e72fab8d8cfe509de0f21fe374b957b379fd5918061e21c2e96985cc1354b2de859b0f1a463ab04683b1253eda671c2353b5c208aca652f5419ffc4949a7fa909b95653f42d97390c400b4a1c308b11e73e9a06d3b164d3361e75584d70e6bc61d570a7e0c7da330f643194c1893fcd6489fac605eead61b53dff18caf526ecccc9bbd9146bc3c3bb67677695e6fddaab081786e9084014e60f5c03ae5a9087726b05e17402cd2fbb80d773b8a41470b1f901a8c2b2d57450181f4fc5bc53c7cb3dc032b84567492607cb08832eca9f79da9210d197863e5db5a74a9823dc0cc8bd9f3a9b6ff5a7d15d4747a9b26e088f4fad96d81cd1214226b1c4585d418d593220fcbb9ad949266cc48163e3498b46ebcdf7b2b5ecfe67539a61ed9e39b02d5b35ac0d0e7fa830034ca2da8a7ddf04bcf2cee939994369feb77023e0e3de04b21db7a640a92c17748245005cd75a7deba4ff0e4c104a9db2d9a98ec8edb3562050a3bac5f322290e3d8b6fb21770ac436d4cb12b97fc8f76d7bb9eeed85663eb0626f1ad1719ee4b07f7de2c1d1a31c27c6879f4fa3dbdfb2bfc0898beabafbeca9f13050e6b2f6c432e423cd5cb6b8fa56fe32c3e50104e44462c0a5c69de6a7ac5ae3d9f07ceed64dbffa42e4663838bfcde92f0fcb895f3b93c59b0e48c09890dfc36436db56b708f6e7cbbd2a6305f573cee099dbcd263cb96d9fb69cbc3cb06d8f5e3789698a17e71d22b4665ff5447fcc17a31bb136c8bb4b984573bcaf1cb650198c1266e6ddfd42d44f9de02cb9d915c5334c550fac3fcee56790aeb09d81e7690a32d8b0cc477b23f15257820de227be1ffaec2f63f3266b8f5dd78947dcee355fe59bfb100e5244425532bb1d115acd211b8c16b0ec0aae00fca5d4511a05c3ff027a1cac56210a10d81c01b90e156cc7b33de0fac825dc516d398166096013e068db935483c93ba95da39b5ae4087d84479a4c4809f28f93790dc279637bd6f3dc441d315cf6bd7b0e3d92070a45baf4445ce063fd12690eb002f5ca068a256bc54100c99a02a346beca39072163c4b297d117f1ed9fef42e3dbc11d36a0a0db52e84461c6fbb4aad62cd6c8dc9ae6a3390a5e8773ac599e67436220c8d541a9039762bffaa7f490e31dddbc362fb4ff686cda905f3b02a1db76d4d570d970434921ca8a4765af6d5c8b881e1f4ffa7e2d9ef5f5511b94f88474674ec790bb5186c73446a227bf1ffd19b605733abd1bd41e421aeaf2ed4617088c7ceef85451225056435993e89e4bccd2c2e4b39af99feef11fea645eeb5cf9f77b1e19a72d3efb613100969b84302789714bca65bcbc96762b4012a5700c62aed706433b9f142b7302442b6a9958b0e28e8b1cfa9eeb4ac0d71f497b23babf9f0221dcb658d9f4db5d45bee30d2ad7c97d6a562e014a7701c15325ec5d42ab732b37714a77a95c03fb15bbfba6fade32bf50f985a1df362ca7216cc152907dd931acb58a63920f581e82b590c0d6a0033009f8e50c3263d3f58596b63d507cadbc809a6690561f74d0772bf92d04e06c47a350724b106f5e83f7e71c4b2a983bf5ad7d8684e7b8b5dc1273d0fa5879b8e61bde33d602bc8ff0913b6d32dcac366d568dc7cf82bbfc405cbe418a2644c26592b32ca1a632fc95123efb784cfb6953a94ebeccd24fba389a0e56b043df07d9a2dd38a1196e5e55576b25f85cb96f6560802a4a58b7a6857e8454faa2c880bf32d464562b2bdc5f0df22b663f2c01fc944f1cfd1908f617f8295a5440bb79ae178ea46a95baeea48322105146ac3ed2de7d3796ddddcc848a8ecf4a00dd055733b4f59211f5a40deea44e74b3bc57953b26ed61e6fd67889edfe8d0902385e37666aacec072735630ecc441c3cc6b09bb2f63aa4e332c6df728dc74078a83ce20454dfd616d116270666ddc09c5fea2e8442bc43455d0257fac92f3780061178f9420bf8e463f29896c12383dbb9a81bc5c87376e647c8a7986cb514fb9696d9c0a8d303c5c4b5b7c5f601c01fa19323e02f675c371bc44fbc1ac5704d41a89a2a4ccec6ac8440c532f07da25aa2dce6a5d2ebe694eb4017d178b221213bfe2a01d9cfe689bd190776bca6c032f446eb8862587a7826e35f3f691763212eee6af2e49bbeb0a27e07c5714b74e373798c7bebce265f7ebef3a1ea64078cf1e8a9d433af32c53090c972ffedbadafb50b9a6e540abd84f8e938583ea725954be3b236c5d8aca7d486d21902a2902f25a7c02dbe83c39bd0b81513f9ef198c49d560e930ae224ff47f92e4851e1f7ab5bb406abcf6596569261e6b0c67bb3b854e9c6de60bfb60fcf29241ff237151310ecd19f8b2cfe764c1df1a2de9d840eca47aa169ba9a415901204ec31ccdfd76e908029ae34fb12dc286758c64fd6d42bc82b14e07e421f4b42b180cd6ef40cac8062928b4a420a4577f24295f54de9048ac9d34307bf93e463cea4967cf4880166f68ed1eb965db2e4fb9f5f0b1c695d621e427ccb9a3188073ee6fde729c6698346efa1c0ba643c1efd20858965511da750060d551c44c435a5f1603fae7357e0bc78e92aad3d88790ec2aa1a42d6fe7e0ffc57f3599e406db63be7dd32692df32ce33dee0a2becdb02d6e435e09de3d356497543db23f53da25643f9c585e275297800d8beed47f0e622f86fc25d2e87036fdceebfe7257cb6de0c02412d1c0758acfcd0862e99ad17a118f46f635a87477e8b825423d94ada35bf0b5444aa7d3de4bb7eec7ae5129fcc2cba651cc972f5500fc5161149d29f452962afb102a01ae76825cb4477460be0b85d75058595c27e9b7fae3492ec3925c671bee5f4ca534d5a294f783d6cc073c992139b61d21fd98297b04c0578dafd5f7ebcaf8d4d9185aea3d76e813421f4573b38c25093c015a65e44fb297f0f6ac2d02c4237b37a3bfca2406c5c95ae5812816bacad59ba7c6f72d7c644ff25b592ed1e89b276e05866c01a4ced7fc6dd9f190c20d420d7c8a1fe908833a24c5e5bd7a95a2a6fbf147fc4b29a179718166dd0fbae2fc6b8c8aac6194fa6baf0d3edc36b2316c56c441ba53e3e7aaaf0a1405566ff584f73a637b74dde9bcb4d41da2be6c9df5d533fbac54f5fb52a8a793757cfe19aa90048c6d07e3474136ae1be2455b0d0d02eb4b5961ba883209355c0dd2af4aad98e7b971e358a7d9b55fe17cd6095f257355d9b99e5ea52848f17b35a80792d9ed0fef6fe3eef9a324902409969823be20bbe0e8dba9c747cd1a14d3642d877b86271f3f0c322a142c4ff635b37d542c3265b5fe8589a732bb1a55010b930dd0196cd43ac3634c01b4a44c517197d03a3d89c67f5c09aab409e84c0af466bfbd0c96d240101a2542c66b4b4b8ef65b41b0079995c52cc9720d2c1d7c128c6f17a65cc798c1986cfbd8888460c54438edc4f91f3580391c8b57d9aee209a59a116c1c44775437e9c30e6d87e82ce84e28532b19441e32ab9aea22177bac9daad25a6c88395e9348d6780de630cddb266c411011175bdb6255a36535180818447d43ffba3758d311539fe9f6811fa470bf3767b4c2d4cdf37854c7ee28730bb1d39d5c0dfffcdbf353cca3e13079f3ae66b839c7dd36914022a0e75bca5b622f521420b73249ef47f03c1fb03ecf7557882afcaa7cf454a68ad237d4ce860bd6b1531c1cafe2cfb76bc4188271ef6bdfb304ee0e6932463a1909f03d6e8a27b5f137d6b342841d613863dfdf37d5ec3a98d667810fb6f82d67620bdefed8b3ff98420a6c7ee577c3ba68b95a20403608a7ba6526ec9e8662c6e15ab09b1a9019d4958af04cb2e4890ee6b1077fcaa5cc0817f388461b230fe631e75f18ab392a5ca5de4a024ca16dd05fcfdf92114e43a5c4a169d462ff0dba57deeaf5eaafd892f8ccbd72ac56471162e1416bca39859b4184ba0d1b3f7ec05db4ef4cf0142867fa9be328a0be8aa74c716aad9411008607980861f4f72e9bfa60195e2f939d3f6a44a6cec07dd376d1bccaa126686f313d5f7918ecd1215026982c82ed1922ef70e36e8ed59b2d5ceab3b4aad7e53049062dd5ba0e87f7005c3f4d2b788245cdc2f35ef2572bea5ea92dfad406ade6d5ad18be8eeb4c652e5277b244645c68c0c0f5a68d42e00d59b75941917b2cdf31fdf809f2078ca97fd5beba65b34e0621138ea0e94feb87166b2dac2232ebca575e5c0a4d565d9992f733bbfbe68a63d99ee93398604065d5517c33ed0e067bdb643e73102f16137afd7d4bf21e8065ea028c392a6dcefbe642dc3fb03a239d9c8b17023eacc8e19fea11c34a10644af1b786fc0f4504038c2ee59c1b353f3d7b9313df025b4b5874ca63ec164a3fe35bf390d266f53dcda6a8e190e63a56ffdf4f7c5c02aa22d376db06d4d2b96be5b331f897d1ecfd25c13a1c194c265dd95a5724a6435bc8138224d9db28b689b9cea5132cd19601dbc4a43e70c71e27e8fd0689d09484974e8a4605f8553735fffaf5654a087e323ca14e02b681b9bbe592bd6b719ae2e86bdf918b27c79d52dd334d1aa7ebc1bff76e97572faad092010a1022f7d33089049107a89c364ae7dd022d119e8f6ab795fd71d76a90e8202339401ff9e9918ea8c8e12f7b0ba10d9ebde5d1bc5988f2d07b34579d8c282628204f2978d8b0cf95dc41f3775a4053f833267c64b42336d7c850f2918ef0dd6d62e43fcc173254eb34748efd4754609ce25afd648ee5a8fc5c64346603f8258592d67b9613e8f7ac0def0958f13436581d729e0b3e062738eb06b2116abe837529690a614fc5d3f53b4d4602e5706000", 0x1000}}, 0x1006)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r0, 0x0)
syz_open_dev$sg(&(0x7f00000000c0), 0x6f5e, 0x0)

1m35.459340546s ago: executing program 7 (id=3410):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$pppoe(0x18, 0x1, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
syz_open_procfs$namespace(0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$smc(&(0x7f0000000080), 0xffffffffffffffff)
connect$pppoe(r1, &(0x7f0000000100)={0x18, 0x0, {0x4, @local, 'ip_vti0\x00'}}, 0x1e)
r2 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r2, &(0x7f0000000000)={0x18, 0x0, {0x1, @broadcast, 'ip_vti0\x00'}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x29, &(0x7f0000000180)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x1, 0x70bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x1021, 0x3}, [@IFLA_GROUP={0x8}, @IFLA_MTU={0x8, 0x4, 0x8001}]}, 0x30}, 0x1, 0x0, 0x0, 0x801}, 0x4000000)

1m35.452970761s ago: executing program 5 (id=3411):
r0 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x34004000)
ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x894b, 0x0)

1m8.185148991s ago: executing program 7 (id=3412):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r0, 0x0, 0x2a, 0x0, @val=@uprobe_multi={0x0, 0x0}}, 0x40)

1m3.097127448s ago: executing program 0 (id=3413):
syz_mount_image$bfs(&(0x7f00000001c0), &(0x7f0000000400)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x4, &(0x7f0000000200)=ANY=[], 0x8, 0xad, &(0x7f0000000040)="$eJzs0btpA0EUBdC7H/xJ7ALcg3tw6twVbOjQkY3BjlSGOlArKmE7ULCpkhHLrkChEAhJcA7MzA3mwYW33q5e8pSUv6SUUu6SPGbKX98/nx/v490kyTJt7jPZv9y4ej4P486fp7x5y+L/4E8//HZ9la4fyuyChQEAgJPVeZ1TdfxQm6Q5VyMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA67ILAAD//1vZIlc=")
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[], 0x38}}, 0x44040)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.io_service_time\x00', 0x275a, 0x0)

1m1.635527916s ago: executing program 5 (id=3414):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r0)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000440)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0502ecfffffffddbdf25120000001800018014000200626f6e645f736c6176655f31000000000800060001000000080007000200"], 0x3c}}, 0x0)

54.482180561s ago: executing program 37 (id=3413):
syz_mount_image$bfs(&(0x7f00000001c0), &(0x7f0000000400)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x4, &(0x7f0000000200)=ANY=[], 0x8, 0xad, &(0x7f0000000040)="$eJzs0btpA0EUBdC7H/xJ7ALcg3tw6twVbOjQkY3BjlSGOlArKmE7ULCpkhHLrkChEAhJcA7MzA3mwYW33q5e8pSUv6SUUu6SPGbKX98/nx/v490kyTJt7jPZv9y4ej4P486fp7x5y+L/4E8//HZ9la4fyuyChQEAgJPVeZ1TdfxQm6Q5VyMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA67ILAAD//1vZIlc=")
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[], 0x38}}, 0x44040)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.io_service_time\x00', 0x275a, 0x0)

0s ago: executing program 38 (id=3412):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r0, 0x0, 0x2a, 0x0, @val=@uprobe_multi={0x0, 0x0}}, 0x40)

kernel console output (not intermixed with test programs):

m eth3
[  262.337791][ T2588] udl 1-1:0.0: [drm] Unrecognized vendor firmware descriptor
[  262.513562][T11603] 8021q: adding VLAN 0 to HW filter on device bond0
[  262.532097][T11603] 8021q: adding VLAN 0 to HW filter on device team0
[  262.539153][ T2588] [drm:udl_init] *ERROR* Selecting channel failed
[  262.543566][   T76] bridge0: port 1(bridge_slave_0) entered blocking state
[  262.546519][   T76] bridge0: port 1(bridge_slave_0) entered forwarding state
[  262.548813][T11700] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2159'.
[  262.565113][ T2588] [drm] Initialized udl 0.0.1 for 1-1:0.0 on minor 3
[  262.579175][ T2588] [drm] Initialized udl on minor 3
[  262.585533][ T2588] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  262.597920][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  262.600237][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  262.625713][ T2588] udl 1-1:0.0: [drm] Cannot find any crtc or sizes
[  262.640582][   T10] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  262.645742][ T2588] usb 1-1: USB disconnect, device number 19
[  262.649406][   T10] udl 1-1:0.0: [drm] Cannot find any crtc or sizes
[  262.653370][T11603] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  262.727884][T11709] loop5: detected capacity change from 0 to 2048
[  262.760617][T11709] UDF-fs: error (device loop5): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  262.764591][T11709] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  262.776936][T11603] 8021q: adding VLAN 0 to HW filter on device batadv0
[  263.069651][T11603] veth0_vlan: entered promiscuous mode
[  263.075882][T11603] veth1_vlan: entered promiscuous mode
[  263.096856][T11603] veth0_macvtap: entered promiscuous mode
[  263.113168][T11603] veth1_macvtap: entered promiscuous mode
[  263.125415][T11603] batman_adv: batadv0: Interface activated: batadv_slave_0
[  263.139419][T11603] batman_adv: batadv0: Interface activated: batadv_slave_1
[  263.166357][ T5679] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  263.173792][ T5679] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  263.186072][ T5679] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  263.234147][ T5679] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  263.277202][ T4916] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  263.284523][ T4916] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  263.329425][ T4916] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  263.336576][ T4916] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  263.464967][T11731] loop0: detected capacity change from 0 to 32768
[  263.482839][T11731] (syz.0.2167,11731,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  263.488859][T11731] (syz.0.2167,11731,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  263.511780][T11731] JBD2: Ignoring recovery information on journal
[  263.548086][T11731] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  263.641049][ T5915] ocfs2: Unmounting device (7,0) on (node local)
[  263.910866][T11776] netlink: 'syz.5.2186': attribute type 21 has an invalid length.
[  263.914265][T11776] netlink: 128 bytes leftover after parsing attributes in process `syz.5.2186'.
[  263.918771][T11776] netlink: 'syz.5.2186': attribute type 4 has an invalid length.
[  263.922094][T11776] netlink: 'syz.5.2186': attribute type 5 has an invalid length.
[  263.925469][T11776] netlink: 3 bytes leftover after parsing attributes in process `syz.5.2186'.
[  264.078555][ T5920] Bluetooth: hci0: command tx timeout
[  265.058430][T10248] usb 1-1: new full-speed USB device number 20 using dummy_hcd
[  265.213785][T10248] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x5 has an invalid bInterval 0, changing to 10
[  265.217663][T10248] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  265.224732][T10248] usb 1-1: New USB device found, idVendor=133e, idProduct=0815, bcdDevice=7e.67
[  265.230098][T10248] usb 1-1: New USB device strings: Mfr=4, Product=2, SerialNumber=3
[  265.233277][T10248] usb 1-1: Product: syz
[  265.235366][T10248] usb 1-1: Manufacturer: syz
[  265.237185][T10248] usb 1-1: SerialNumber: syz
[  265.243887][T10248] usb 1-1: config 0 descriptor??
[  265.252501][T10248] snd-usb-audio 1-1:0.0: probe with driver snd-usb-audio failed with error -90
[  265.468017][T10248] usb 1-1: USB disconnect, device number 20
[  265.696691][T11803] loop5: detected capacity change from 0 to 32768
[  265.704679][T11803] ocfs2: Slot 0 on device (7,5) was already allocated to this node!
[  265.709473][T11803] JBD2: Ignoring recovery information on journal
[  265.727326][T11803] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  265.756300][   T33] audit: type=1800 audit(1774128780.286:408): pid=11803 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2196" name="bus" dev="loop5" ino=17059 res=0 errno=0
[  265.795978][ T9448] ocfs2: Unmounting device (7,5) on (node local)
[  265.986834][T11807] loop5: detected capacity change from 0 to 32768
[  266.131421][T11811] loop0: detected capacity change from 0 to 4096
[  266.146805][T11811] ntfs3(loop0): Different NTFS sector size (2048) and media sector size (512).
[  266.159836][ T5920] Bluetooth: hci0: command tx timeout
[  266.180068][T11811] ntfs3(loop0): Failed to initialize $Extend/$ObjId.
[  266.374517][T11824] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  266.405355][T11826] netlink: 60 bytes leftover after parsing attributes in process `syz.5.2206'.
[  266.612195][T11837] netlink: 'syz.7.2209': attribute type 10 has an invalid length.
[  266.615289][T11837] netlink: 40 bytes leftover after parsing attributes in process `syz.7.2209'.
[  266.620448][T11837] batadv0: entered promiscuous mode
[  266.622193][T11837] batadv0: entered allmulticast mode
[  266.625554][T11837] bridge0: port 3(batadv0) entered blocking state
[  266.627812][T11837] bridge0: port 3(batadv0) entered disabled state
[  266.634550][T11837] bridge0: port 3(batadv0) entered blocking state
[  266.636701][T11837] bridge0: port 3(batadv0) entered forwarding state
[  266.978437][ T5679] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[  266.982745][ T5679] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[  267.009593][   T33] audit: type=1326 audit(1774128781.546:409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11843 comm="syz.5.2213" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f15bf59c799 code=0x0
[  268.087641][T11856] loop7: detected capacity change from 0 to 4096
[  268.104580][T11856] ntfs3(loop7): Different NTFS sector size (4096) and media sector size (512).
[  268.152882][T11856] ntfs3(loop7): Mark volume as dirty due to NTFS errors
[  268.158011][T11856] ntfs3(loop7): Failed to load $Extend (-22).
[  268.163331][T11856] ntfs3(loop7): Failed to initialize $Extend.
[  268.228992][ T5920] Bluetooth: hci0: command tx timeout
[  268.375606][T11867] netlink: 'syz.7.2222': attribute type 1 has an invalid length.
[  268.774639][T11895] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2236'.
[  268.918448][   T10] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  269.338370][   T10] usb 6-1: Using ep0 maxpacket: 32
[  269.342297][   T10] usb 6-1: config index 0 descriptor too short (expected 29220, got 36)
[  269.345732][   T10] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  269.349401][   T10] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81
[  269.353061][   T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  269.357004][   T10] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  269.361034][   T10] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  269.366298][   T10] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  269.370251][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  269.375576][   T10] usb 6-1: config 0 descriptor??
[  269.593740][   T10] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 14 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  269.826369][   T10] usb 6-1: USB disconnect, device number 14
[  269.846103][   T10] usblp0: removed
[  270.038742][T11918] netlink: 24 bytes leftover after parsing attributes in process `syz.7.2244'.
[  270.076490][T11920] loop7: detected capacity change from 0 to 512
[  270.080084][T11920] EXT4-fs: Ignoring removed oldalloc option
[  270.083455][T11920] EXT4-fs (loop7): bad geometry: first data block 0 is beyond end of filesystem (0)
[  270.200251][T11926] loop7: detected capacity change from 0 to 256
[  270.210351][T11926] exFAT-fs (loop7): failed to load upcase table (idx : 0x00010000, chksum : 0x23633d53, utbl_chksum : 0xe619d30d)
[  270.226610][T11926] fuse: Bad value for 'fd'
[  270.271183][T11928] netlink: 7 bytes leftover after parsing attributes in process `syz.7.2249'.
[  270.321663][T11930] tipc: Started in network mode
[  270.323916][T11930] tipc: Node identity 010000000000000001, cluster identity 4711
[  270.665124][T11950] loop7: detected capacity change from 0 to 256
[  270.687372][T11950] FAT-fs (loop7): Directory bread(block 64) failed
[  270.693377][T11950] FAT-fs (loop7): Directory bread(block 65) failed
[  270.696264][T11950] FAT-fs (loop7): Directory bread(block 66) failed
[  270.700017][T11950] FAT-fs (loop7): Directory bread(block 67) failed
[  270.702783][T11950] FAT-fs (loop7): Directory bread(block 68) failed
[  270.705449][T11950] FAT-fs (loop7): Directory bread(block 69) failed
[  270.714885][T11950] FAT-fs (loop7): Directory bread(block 70) failed
[  270.717613][T11950] FAT-fs (loop7): Directory bread(block 71) failed
[  270.721912][T11950] FAT-fs (loop7): Directory bread(block 72) failed
[  270.724555][T11950] FAT-fs (loop7): Directory bread(block 73) failed
[  270.813714][T11956] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  270.921702][T11960] loop7: detected capacity change from 0 to 1024
[  270.930951][T11960] hfsplus: write access to a journaled filesystem is not supported, use the force option at your own risk, mounting read-only.
[  270.946159][T11960] hfsplus: catalog name length corrupted
[  271.025091][T11963] kAFS: No cell specified
[  271.145416][T11972] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2270'.
[  271.439469][T11991] overlayfs: failed to verify upper root origin
[  271.655457][T12005] netlink: 'syz.0.2284': attribute type 8 has an invalid length.
[  271.856675][T12013] loop7: detected capacity change from 0 to 4096
[  271.902921][T12015] bond2: option arp_all_targets: invalid value (524289)
[  271.914947][T12015] bond2 (unregistering): Released all slaves
[  272.096664][T12028] netlink: 'syz.0.2294': attribute type 3 has an invalid length.
[  272.319070][T12044] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  272.325811][T12044] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  272.577628][ T5679] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  272.695731][ T5679] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  272.809564][ T5679] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  272.947329][ T5911] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  272.964043][ T5911] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  272.970680][ T5911] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  272.972299][ T5679] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  272.981798][ T5911] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  272.987586][ T5911] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  273.344888][ T5679] bridge0: port 3(batadv0) entered disabled state
[  273.352625][ T5679] bridge_slave_1: left allmulticast mode
[  273.357102][ T5679] bridge_slave_1: left promiscuous mode
[  273.359495][ T5679] bridge0: port 2(bridge_slave_1) entered disabled state
[  273.366795][ T5679] bridge_slave_0: left allmulticast mode
[  273.369337][ T5679] bridge_slave_0: left promiscuous mode
[  273.371498][ T5679] bridge0: port 1(bridge_slave_0) entered disabled state
[  273.723389][ T5679] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  273.744193][ T5679] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  273.758921][ T5679] bond0 (unregistering): Released all slaves
[  273.885896][ T5679] tipc: Left network mode
[  274.099975][T12053] chnl_net:caif_netlink_parms(): no params data found
[  274.192851][ T5679] hsr_slave_0: left promiscuous mode
[  274.195681][ T5679] hsr_slave_1: left promiscuous mode
[  274.208882][ T5679] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  274.211578][ T5679] batman_adv: batadv0: Removing interface: batadv_slave_0
[  274.214877][ T5679] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  274.217698][ T5679] batman_adv: batadv0: Removing interface: batadv_slave_1
[  274.232797][ T5679] veth1_macvtap: left promiscuous mode
[  274.234546][ T5679] veth0_macvtap: left promiscuous mode
[  274.236453][ T5679] veth1_vlan: left promiscuous mode
[  274.239013][ T5679] veth0_vlan: left promiscuous mode
[  274.266663][T12061] loop5: detected capacity change from 0 to 32768
[  274.274052][T12067] loop0: detected capacity change from 0 to 32768
[  274.277392][T12067] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.2312 (12067)
[  274.298400][T12067] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  274.306664][T12067] BTRFS info (device loop0): using sha256 checksum algorithm
[  274.313555][T12061] JBD2: Ignoring recovery information on journal
[  274.350801][T12061] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  274.368739][T12067] BTRFS info (device loop0): enabling ssd optimizations
[  274.371073][T12067] BTRFS info (device loop0): turning on async discard
[  274.373289][T12067] BTRFS info (device loop0): enabling free space tree
[  274.419985][ T9448] ocfs2: Unmounting device (7,5) on (node local)
[  274.450674][ T5915] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  274.675763][ T5679] team0 (unregistering): Port device team_slave_1 removed
[  274.696059][ T5679] team0 (unregistering): Port device team_slave_0 removed
[  274.794685][T12091] tipc: Started in network mode
[  274.796666][T12091] tipc: Node identity aaaaaaaaaa2a, cluster identity 4711
[  274.801122][T12091] tipc: Enabled bearer <eth:batadv0>, priority 10
[  274.865202][T12053] bridge0: port 1(bridge_slave_0) entered blocking state
[  274.881415][T12053] bridge0: port 1(bridge_slave_0) entered disabled state
[  274.885081][T12053] bridge_slave_0: entered allmulticast mode
[  274.887726][T12053] bridge_slave_0: entered promiscuous mode
[  274.898005][T12053] bridge0: port 2(bridge_slave_1) entered blocking state
[  274.918362][T12053] bridge0: port 2(bridge_slave_1) entered disabled state
[  274.922820][T12053] bridge_slave_1: entered allmulticast mode
[  274.926176][T12053] bridge_slave_1: entered promiscuous mode
[  275.012952][T12110] sch_fq: defrate 53322 ignored.
[  275.038560][ T5911] Bluetooth: hci0: command tx timeout
[  275.052365][T12053] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  275.056871][T12053] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  275.105080][T12118] loop0: detected capacity change from 0 to 16
[  275.144539][T12118] erofs (device loop0): mounted with root inode @ nid 36.
[  275.151262][T12053] team0: Port device team_slave_0 added
[  275.154214][T12053] team0: Port device team_slave_1 added
[  275.220474][T12053] batman_adv: batadv0: Adding interface: batadv_slave_0
[  275.225181][T12124] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2323'.
[  275.230221][T12053] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  275.244767][T12053] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  275.252957][T12053] batman_adv: batadv0: Adding interface: batadv_slave_1
[  275.255976][T12053] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  275.269726][T12053] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  275.310761][T12053] hsr_slave_0: entered promiscuous mode
[  275.312925][T12053] hsr_slave_1: entered promiscuous mode
[  275.314995][T12053] debugfs: 'hsr0' already exists in 'hsr'
[  275.316706][T12053] Cannot create hsr debugfs directory
[  275.488004][T12137] netlink: 112 bytes leftover after parsing attributes in process `syz.0.2327'.
[  275.493662][T12137] netlink: 112 bytes leftover after parsing attributes in process `syz.0.2327'.
[  275.773657][T12150] loop0: detected capacity change from 0 to 1024
[  275.809260][T12150] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  275.943118][   T10] tipc: Node number set to 8432298
[  276.333902][T12053] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  276.353752][T12053] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  276.373660][T12053] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  276.400026][T12053] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  276.751042][T12053] 8021q: adding VLAN 0 to HW filter on device bond0
[  276.792373][T12053] 8021q: adding VLAN 0 to HW filter on device team0
[  276.818746][ T4916] bridge0: port 1(bridge_slave_0) entered blocking state
[  276.821099][ T4916] bridge0: port 1(bridge_slave_0) entered forwarding state
[  276.843963][ T4916] bridge0: port 2(bridge_slave_1) entered blocking state
[  276.846788][ T4916] bridge0: port 2(bridge_slave_1) entered forwarding state
[  276.847329][T12185] xt_cgroup: invalid path, errno=-2
[  277.126608][ T5911] Bluetooth: hci0: command tx timeout
[  277.210048][ T5915] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  277.211188][T12197] tmpfs: Bad value for 'size'
[  277.255704][T12053] 8021q: adding VLAN 0 to HW filter on device batadv0
[  277.315599][T12207] loop0: detected capacity change from 0 to 256
[  277.327578][T12207] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d)
[  277.332812][T12207] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 1)
[  277.335692][T12207] exFAT-fs (loop0): failed to load alloc-bitmap
[  277.337794][T12207] exFAT-fs (loop0): failed to recognize exfat type
[  277.434915][T12214] netlink: 14601 bytes leftover after parsing attributes in process `syz.5.2346'.
[  277.473094][T12053] veth0_vlan: entered promiscuous mode
[  277.479890][T12053] veth1_vlan: entered promiscuous mode
[  277.504600][T12053] veth0_macvtap: entered promiscuous mode
[  277.512333][T12053] veth1_macvtap: entered promiscuous mode
[  277.546196][T12053] batman_adv: batadv0: Interface activated: batadv_slave_0
[  277.553205][T12053] batman_adv: batadv0: Interface activated: batadv_slave_1
[  277.560467][ T5679] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  277.564331][ T5679] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  277.567107][ T5679] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  277.575004][ T5679] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  277.647186][ T3521] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  277.650645][ T3521] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  277.666446][ T6275] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  277.670051][ T6275] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  277.772359][T12236] loop7: detected capacity change from 0 to 512
[  277.783006][T12236] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  277.800389][T12236] EXT4-fs (loop7): shut down requested (0)
[  277.806567][T12236] EXT4-fs warning (device loop7): dx_probe:837: inode #2: comm syz.7.2352: Unimplemented hash flags: 0x0001
[  277.810064][T12236] EXT4-fs warning (device loop7): dx_probe:934: inode #2: comm syz.7.2352: Corrupt directory, running e2fsck is recommended
[  278.006973][T12053] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  278.814795][T12266] loop5: detected capacity change from 0 to 2048
[  278.859582][T12266] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  278.863905][T12266] ext4 filesystem being mounted at /323/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  278.885662][ T9448] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  279.075283][T12273] loop7: detected capacity change from 0 to 512
[  279.142686][   T33] audit: type=1800 audit(1774128793.656:410): pid=12273 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.2367" name=3D77696E6E742C73686F72746E616D653D7769EE39352C6E6F6E756D7461696C3D302C6E6F6E756D7461696C3D302C646973636172642C6E6E6F6E756D7461696274665F686561646572206E6F7420666F756E64 dev="loop7" ino=1048739 res=0 errno=0
[  279.198380][ T5911] Bluetooth: hci0: command tx timeout
[  279.260213][T12277] loop7: detected capacity change from 0 to 256
[  279.287784][T12277] exFAT-fs (loop7): failed to load upcase table (idx : 0x00010000, chksum : 0x246f1341, utbl_chksum : 0xe619d30d)
[  279.302697][T12268] loop0: detected capacity change from 0 to 131072
[  279.305781][T12268] F2FS-fs (loop0): QUOTA feature is enabled, so ignore qf_name
[  279.308686][T12268] F2FS-fs (loop0): invalid crc value
[  279.310532][T12268] F2FS-fs (loop0): invalid crc value
[  279.316942][T12268] F2FS-fs (loop0): Failed to get valid F2FS checkpoint
[  279.454943][T12286] loop7: detected capacity change from 0 to 1024
[  279.505322][T12286] EXT4-fs (loop7): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  279.518671][T12286] ext4 filesystem being mounted at /8/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  279.546402][T12286] EXT4-fs error (device loop7): ext4_map_blocks:818: inode #15: comm syz.7.2373: lblock 0 mapped to illegal pblock 0 (length 1)
[  279.572557][T12286] EXT4-fs (loop7): Remounting filesystem read-only
[  279.642447][T12053] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  279.686465][T12295] Bluetooth: MGMT ver 1.23
[  280.801951][T12325] loop7: detected capacity change from 0 to 256
[  280.837055][T12325] FAT-fs (loop7): Directory bread(block 64) failed
[  280.844649][T12325] FAT-fs (loop7): Directory bread(block 65) failed
[  280.847285][T12325] FAT-fs (loop7): Directory bread(block 66) failed
[  280.853808][T12325] FAT-fs (loop7): Directory bread(block 67) failed
[  280.856294][T12325] FAT-fs (loop7): Directory bread(block 68) failed
[  280.859409][T12325] FAT-fs (loop7): Directory bread(block 69) failed
[  280.867217][T12325] FAT-fs (loop7): Directory bread(block 70) failed
[  280.874903][T12325] FAT-fs (loop7): Directory bread(block 71) failed
[  280.878033][T12325] FAT-fs (loop7): Directory bread(block 72) failed
[  280.882279][T12325] FAT-fs (loop7): Directory bread(block 73) failed
[  280.960888][T12316] loop5: detected capacity change from 0 to 32768
[  280.972468][T12316] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.2384 (12316)
[  280.997432][T12316] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  281.006810][T12316] BTRFS info (device loop5): using sha256 checksum algorithm
[  281.102179][T12316] BTRFS info (device loop5): enabling ssd optimizations
[  281.105038][T12316] BTRFS info (device loop5): turning on async discard
[  281.141721][T12316] BTRFS info (device loop5): enabling free space tree
[  281.252063][ T9448] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  281.269910][ T5911] Bluetooth: hci0: command tx timeout
[  281.715138][T12373] syz_tun: entered allmulticast mode
[  281.730127][T12372] syz_tun: left allmulticast mode
[  281.947543][T12364] loop7: detected capacity change from 0 to 131072
[  281.957323][T12381] trusted_key: encrypted_key: insufficient parameters specified
[  282.009709][T12364] F2FS-fs (loop7): Invalid Fs Meta Ino: node(1) meta(2048) root(3)
[  282.012961][T12364] F2FS-fs (loop7): Can't find valid F2FS filesystem in 2th superblock
[  282.015719][T12364] F2FS-fs (loop7): Test dummy encryption mode enabled
[  282.020169][T12364] F2FS-fs (loop7): invalid crc value
[  282.059465][T12364] F2FS-fs (loop7): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  282.071312][T12364] F2FS-fs (loop7): Try to recover 2th superblock, ret: 0
[  282.073706][T12364] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  282.085389][T12386] loop0: detected capacity change from 0 to 256
[  282.403503][T12398] loop0: detected capacity change from 0 to 8
[  282.420911][T12398] SQUASHFS error: Unable to read inode 0xa7
[  282.555350][T12406] xt_connbytes: Forcing CT accounting to be enabled
[  282.560686][T12406] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  282.705322][T12413] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2416'.
[  283.296170][T12438] loop5: detected capacity change from 0 to 2048
[  283.302927][T12438] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  283.579946][T12447] PKCS7: Unknown OID: [4] 0.38.107.217331280.32(bad)
[  283.582979][T12447] PKCS7: Only support pkcs7_signedData type
[  283.788680][T12096] usb 1-1: new full-speed USB device number 21 using dummy_hcd
[  283.939976][T12096] usb 1-1: config index 0 descriptor too short (expected 28277, got 36)
[  283.942744][T12096] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  283.945982][T12096] usb 1-1: config 0 has no interfaces?
[  283.947840][T12096] usb 1-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00
[  283.950924][T12096] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  283.954992][T12096] usb 1-1: config 0 descriptor??
[  284.177468][   T60] usb 1-1: USB disconnect, device number 21
[  284.668284][ T5222] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  284.828451][ T5222] usb 6-1: Using ep0 maxpacket: 8
[  284.832455][ T5222] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  284.836864][ T5222] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  284.840635][ T5222] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  284.845910][ T5222] usb 6-1: config 0 descriptor??
[  285.008321][ T2588] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  285.054206][ T5222] iowarrior 6-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  285.158279][ T2588] usb 1-1: Using ep0 maxpacket: 32
[  285.161766][ T2588] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  285.165913][ T2588] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  285.169896][ T2588] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  285.173081][ T2588] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  285.177092][ T2588] usb 1-1: config 0 descriptor??
[  285.187466][ T2588] hub 1-1:0.0: USB hub found
[  285.254112][   T60] usb 6-1: USB disconnect, device number 15
[  285.388230][ T2588] hub 1-1:0.0: 1 port detected
[  285.927324][T12462] 9pnet: p9_errstr2errno: server reported unknown error 0x00000000
[  286.238401][   T60] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  286.404754][   T60] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  286.414275][   T60] usb 6-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[  286.418283][   T60] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  286.423223][   T60] usb 6-1: Product: syz
[  286.425251][   T60] usb 6-1: Manufacturer: syz
[  286.427314][   T60] usb 6-1: SerialNumber: syz
[  286.451501][   T60] usb 6-1: config 0 descriptor??
[  286.485754][   T60] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  286.751607][   T60] snd-usb-audio 6-1:0.0: probe with driver snd-usb-audio failed with error -2
[  286.759940][   T60] usb 6-1: USB disconnect, device number 16
[  286.798526][ T6444] udevd[6444]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  286.912466][T12468] overlay: Unknown parameter 'permit_directio'
[  286.932087][ T2588] hub 1-1:0.0: hub_hub_status failed (err = -32)
[  286.935437][ T2588] hub 1-1:0.0: config failed, can't get hub status (err -32)
[  286.953549][ T2588] usbhid 1-1:0.0: can't add hid device: -32
[  286.956456][ T2588] usbhid 1-1:0.0: probe with driver usbhid failed with error -32
[  286.991954][ T2588] usb 1-1: USB disconnect, device number 22
[  287.883509][T12481] loop5: detected capacity change from 0 to 1024
[  287.901345][T12481] EXT4-fs (loop5): stripe (4) is not aligned with cluster size (4096), stripe is disabled
[  288.014596][T12481] EXT4-fs error (device loop5): ext4_map_blocks:776: inode #3: block 2: comm syz.5.2443: lblock 2 mapped to illegal pblock 2 (length 1)
[  288.019703][T12481] loop5: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117
[  288.021762][T12481] Quota error (device loop5): qtree_write_dquot: dquota write failed
[  288.028751][    C0] EXT4-fs (loop5): error count since last fsck: 1
[  288.028771][    C0] EXT4-fs (loop5): initial error at time 1774128802: ext4_map_blocks:776: inode 3: block 2
[  288.028798][    C0] EXT4-fs (loop5): last error at time 1774128802: ext4_map_blocks:776: inode 3: block 2
[  288.039247][T12481] EXT4-fs error (device loop5): ext4_map_blocks:776: inode #3: block 48: comm syz.5.2443: lblock 0 mapped to illegal pblock 48 (length 1)
[  288.044888][T12481] loop5: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117
[  288.045219][T12481] Quota error (device loop5): v2_write_file_info: Can't write info structure
[  288.052615][T12481] EXT4-fs error (device loop5): ext4_acquire_dquot:7001: comm syz.5.2443: Failed to acquire dquot type 0
[  288.056119][T12481] loop5: lost filesystem error report for type 5 error -117
[  288.056566][T12481] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6246: Corrupt filesystem
[  288.062574][T12481] loop5: lost filesystem error report for type 5 error -117
[  288.065700][T12481] EXT4-fs error (device loop5): ext4_evict_inode:255: inode #11: comm syz.5.2443: mark_inode_dirty error
[  288.071799][T12481] loop5: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117
[  288.072276][T12481] EXT4-fs warning (device loop5): ext4_evict_inode:258: couldn't mark inode dirty (err -117)
[  288.078672][T12481] EXT4-fs (loop5): 1 orphan inode deleted
[  288.081163][T12481] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  288.115288][ T1225] EXT4-fs error (device loop5): ext4_map_blocks:776: inode #3: block 1: comm kworker/u9:2: lblock 1 mapped to illegal pblock 1 (length 1)
[  288.148859][ T1225] Quota error (device loop5): remove_tree: Can't read quota data block 1
[  288.155496][ T1225] EXT4-fs error (device loop5): ext4_release_dquot:7037: comm kworker/u9:2: Failed to release dquot type 0
[  288.535721][ T9448] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  288.553198][ T9448] EXT4-fs error (device loop5): __ext4_get_inode_loc:4782: comm syz-executor: Invalid inode table block 1 in block_group 0
[  288.562544][ T9448] loop5: lost filesystem error report for type 5 error -117
[  288.565828][ T9448] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6246: Corrupt filesystem
[  288.578639][ T9448] loop5: lost filesystem error report for type 5 error -117
[  288.578876][ T9448] EXT4-fs error (device loop5): ext4_quota_off:7285: inode #3: comm syz-executor: mark_inode_dirty error
[  288.586960][ T9448] loop5: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117
[  288.645144][T12495] loop5: detected capacity change from 0 to 256
[  288.655497][T12495] exfat: Deprecated parameter 'namecase'
[  288.665231][T12495] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x36bd6320, utbl_chksum : 0xe619d30d)
[  289.754412][T12509] input: syz0 as /devices/virtual/input/input16
[  289.960146][T12522] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  289.962843][T12522] overlayfs: option "index=on" is useless in a non-upper mount, ignore
[  289.965395][T12522] overlayfs: missing 'lowerdir'
[  290.280051][T12539] lo speed is unknown, defaulting to 1000
[  290.283109][T12539] lo speed is unknown, defaulting to 1000
[  290.302943][T12539] lo speed is unknown, defaulting to 1000
[  290.346766][T12539] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  290.491163][T12539] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  290.641746][T12539] lo speed is unknown, defaulting to 1000
[  290.647115][T12539] lo speed is unknown, defaulting to 1000
[  290.655326][T12539] lo speed is unknown, defaulting to 1000
[  292.002294][T12573] netlink: 31 bytes leftover after parsing attributes in process `syz.7.2478'.
[  292.083895][T12576] netlink: 5 bytes leftover after parsing attributes in process `syz.5.2482'.
[  292.087602][T12576] 0{X: renamed from macvtap0 (while UP)
[  292.108900][T12576] 0{X: entered allmulticast mode
[  292.111293][T12576] veth0_macvtap: entered allmulticast mode
[  292.115109][T12576] A link change request failed with some changes committed already. Interface 30{X may have been left with an inconsistent configuration, please check.
[  292.167710][ T5920] Bluetooth: hci1: unexpected event 0x06 length: 4 > 3
[  292.223875][T12589] openvswitch: netlink: Missing valid actions attribute.
[  292.231921][T12589] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  292.313350][   T33] audit: type=1326 audit(1774128806.846:411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12592 comm="syz.0.2487" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f569359c799 code=0x7ffc0000
[  292.332535][   T33] audit: type=1326 audit(1774128806.846:412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12592 comm="syz.0.2487" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f569359c799 code=0x7ffc0000
[  292.342400][T12595] loop7: detected capacity change from 0 to 256
[  292.345535][T12597] loop5: detected capacity change from 0 to 512
[  292.347743][   T33] audit: type=1326 audit(1774128806.846:413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12592 comm="syz.0.2487" exe="/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f569359c799 code=0x7ffc0000
[  292.374726][   T33] audit: type=1326 audit(1774128806.846:414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12592 comm="syz.0.2487" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f569359c799 code=0x7ffc0000
[  292.386403][T12595] FAT-fs (loop7): Directory bread(block 64) failed
[  292.398836][T12595] FAT-fs (loop7): Directory bread(block 65) failed
[  292.402462][   T33] audit: type=1326 audit(1774128806.846:415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12592 comm="syz.0.2487" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f569359c799 code=0x7ffc0000
[  292.408291][T12595] FAT-fs (loop7): Directory bread(block 66) failed
[  292.413947][T12595] FAT-fs (loop7): Directory bread(block 67) failed
[  292.416175][T12595] FAT-fs (loop7): Directory bread(block 68) failed
[  292.422540][T12595] FAT-fs (loop7): Directory bread(block 69) failed
[  292.423216][   T33] audit: type=1326 audit(1774128806.846:416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12592 comm="syz.0.2487" exe="/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7f569359c799 code=0x7ffc0000
[  292.427820][T12595] FAT-fs (loop7): Directory bread(block 70) failed
[  292.435787][T12597] EXT4-fs error (device loop5): ext4_orphan_get:1417: comm syz.5.2490: bad orphan inode 15
[  292.435881][T12595] FAT-fs (loop7): Directory bread(block 71) failed
[  292.444683][T12595] FAT-fs (loop7): Directory bread(block 72) failed
[  292.447403][T12595] FAT-fs (loop7): Directory bread(block 73) failed
[  292.458335][   T33] audit: type=1326 audit(1774128806.846:417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12592 comm="syz.0.2487" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f569359c799 code=0x7ffc0000
[  292.467140][T12597] loop5: lost filesystem error report for type 5 error -117
[  292.468208][    C1] EXT4-fs (loop5): error count since last fsck: 1
[  292.473896][    C1] EXT4-fs (loop5): initial error at time 1774128806: ext4_orphan_get:1417
[  292.477350][    C1] EXT4-fs (loop5): last error at time 1774128806: ext4_orphan_get:1417
[  292.485844][T12597] ext4_test_bit(bit=14, block=5) = 0
[  292.489634][T12597] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  292.506320][T12597] EXT4-fs error (device loop5): __ext4_new_inode:1073: comm syz.5.2490: reserved inode found cleared - inode=1
[  292.581016][ T9448] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  292.805037][T12622] syz_tun: entered promiscuous mode
[  292.807430][T12622] batadv0: entered promiscuous mode
[  292.996915][T12640] netdevsim netdevsim0 netdevsim0: left promiscuous mode
[  293.007303][T12640] netdevsim netdevsim0 netdevsim0: entered allmulticast mode
[  293.164305][T12649] loop7: detected capacity change from 0 to 128
[  293.201119][T12653] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2516'.
[  293.204245][T12653] netlink: 60 bytes leftover after parsing attributes in process `syz.5.2516'.
[  293.553993][T12657] loop5: detected capacity change from 0 to 2048
[  293.570943][T12657] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found
[  293.574041][T12657] UDF-fs: warning (device loop5): udf_fill_super: No partition found (1)
[  293.602785][T12660] loop7: detected capacity change from 0 to 2048
[  293.611587][T12660] NILFS (loop7): too small inode size: 0 bytes
[  293.687282][T12662] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2520'.
[  293.692418][T12662] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2520'.
[  294.232621][ T5920] Bluetooth: hci1: command 0x2016 tx timeout
[  294.367113][T12698] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2537'.
[  294.373151][T12698] netlink: 31 bytes leftover after parsing attributes in process `syz.5.2537'.
[  294.376190][T12698] netlink: 'syz.5.2537': attribute type 3 has an invalid length.
[  294.379290][T12698] netlink: 'syz.5.2537': attribute type 2 has an invalid length.
[  294.382116][T12698] netlink: 31 bytes leftover after parsing attributes in process `syz.5.2537'.
[  294.607880][T12703] sctp: [Deprecated]: syz.5.2539 (pid 12703) Use of struct sctp_assoc_value in delayed_ack socket option.
[  294.607880][T12703] Use struct sctp_sack_info instead
[  295.224327][T12711] netlink: 'syz.0.2543': attribute type 2 has an invalid length.
[  295.303635][T12715] loop0: detected capacity change from 0 to 512
[  295.307642][T12715] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  295.319141][T12715] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.2545: invalid indirect mapped block 4294967295 (level 1)
[  295.324967][T12715] loop0: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117
[  295.325317][T12715] EXT4-fs (loop0): Remounting filesystem read-only
[  295.329195][    C0] EXT4-fs (loop0): error count since last fsck: 1
[  295.329211][    C0] EXT4-fs (loop0): initial error at time 1774128809: ext4_free_branches:1023: inode 11
[  295.329231][    C0] EXT4-fs (loop0): last error at time 1774128809: ext4_free_branches:1023: inode 11
[  295.343355][T12715] EXT4-fs (loop0): 2 truncates cleaned up
[  295.346353][T12715] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  295.378741][ T5915] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  296.003354][T12722] loop0: detected capacity change from 0 to 32768
[  296.022707][T12722] XFS (loop0): DAX unsupported by block device. Turning off DAX.
[  296.026671][T12722] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  296.037859][T12722] XFS (loop0): Ending clean mount
[  296.046743][T12722] XFS (loop0): Quotacheck needed: Please wait.
[  296.083148][T12722] XFS (loop0): Quotacheck: Done.
[  296.095067][   T33] kauditd_printk_skb: 8 callbacks suppressed
[  296.095206][   T33] audit: type=1800 audit(1774128810.626:426): pid=12722 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2548" name="file2" dev="loop0" ino=4423 res=0 errno=0
[  296.117778][ T5915] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  296.324380][ T5911] Bluetooth: hci1: command 0x2016 tx timeout
[  296.741527][T12760] netlink: 'syz.7.2558': attribute type 3 has an invalid length.
[  296.955396][T12765] netdevsim netdevsim7 netdevsim0: entered promiscuous mode
[  297.488631][T12755] Process accounting resumed
[  297.600853][T12778] loop5: detected capacity change from 0 to 512
[  297.626590][T12778] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  297.636730][T12778] EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  297.646005][T12778] EXT4-fs (loop5): group descriptors corrupted!
[  297.727000][T12784] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2569'.
[  297.839868][T12789] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2572'.
[  297.847467][T12789] netdevsim netdevsim5 netdevsim0: entered allmulticast mode
[  298.027124][T12801] loop5: detected capacity change from 0 to 256
[  298.094583][T12803] team0: left promiscuous mode
[  298.102274][T12803] team_slave_0: left promiscuous mode
[  298.109004][T12803] team_slave_1: left promiscuous mode
[  298.130120][T12803] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  298.212849][T12811] batadv1: entered promiscuous mode
[  298.233170][T12809] loop5: detected capacity change from 0 to 8192
[  298.304116][T12814] nfs: Unknown parameter 'ntext'
[  298.640265][T12838] input: syz1 as /devices/virtual/input/input17
[  298.686987][T12840] netdevsim netdevsim7 netdevsim0: entered allmulticast mode
[  298.759962][T12829] loop0: detected capacity change from 0 to 40427
[  298.763844][T12829] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504)
[  298.766201][T12829] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  298.777551][T12829] F2FS-fs (loop0): build fault injection rate: 3
[  298.780799][T12829] F2FS-fs (loop0): build fault injection type: 0x1fa
[  298.791224][T12829] F2FS-fs (loop0): invalid crc value
[  298.795411][T12829] F2FS-fs (loop0): inject kvmalloc in f2fs_kvmalloc of f2fs_fill_super+0x491a/0x7740
[  298.801233][T12829] F2FS-fs (loop0): Failed to initialize F2FS segment manager (-12)
[  300.577680][T12915] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2628'.
[  300.581034][T12915] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2628'.
[  300.688321][   T10] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  300.990612][T12924] loop7: detected capacity change from 0 to 512
[  300.993409][T12924] EXT4-fs: Ignoring removed bh option
[  300.995361][T12924] EXT4-fs: inline encryption not supported
[  300.997867][T12924] EXT4-fs (loop7): feature flags set on rev 0 fs, running e2fsck is recommended
[  301.010355][   T10] usb 6-1: config 1 has an invalid interface number: 7 but max is 0
[  301.013453][   T10] usb 6-1: config 1 has no interface number 0
[  301.015504][   T10] usb 6-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[  301.019252][   T10] usb 6-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1023
[  301.023852][   T10] usb 6-1: config 1 interface 7 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 8
[  301.027267][T12924] EXT4-fs warning (device loop7): ext4_update_dynamic_rev:1142: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  301.027842][   T10] usb 6-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  301.036117][T12924] EXT4-fs error (device loop7): ext4_validate_block_bitmap:441: comm syz.7.2631: bg 0: block 248: padding at end of block bitmap is not set
[  301.037803][   T10] usb 6-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[  301.041173][T12924] loop7: lost filesystem error report for type 5 error -117
[  301.044279][T12924] Quota error (device loop7): write_blk: dquota write failed
[  301.044978][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  301.047297][T12924] Quota error (device loop7): qtree_write_dquot: Error -117 occurred while creating quota
[  301.049506][    C1] EXT4-fs (loop7): error count since last fsck: 1
[  301.049517][    C1] EXT4-fs (loop7): last error at time 1774128815: ext4_validate_block_bitmap:441
[  301.049778][   T10] usb 6-1: Product: syz
[  301.049788][   T10] usb 6-1: Manufacturer: syz
[  301.049794][   T10] usb 6-1: SerialNumber: syz
[  301.052351][T12908] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  301.052595][T12924] EXT4-fs error (device loop7): ext4_acquire_dquot:7001: comm syz.7.2631: Failed to acquire dquot type 1
[  301.055820][T12908] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  301.060205][T12924] loop7: lost filesystem error report for type 5 error -117
[  301.079654][T12924] EXT4-fs (loop7): 1 truncate cleaned up
[  301.084326][T12924] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0008-000000000000 r/w without journal. Quota mode: writeback.
[  301.113807][T12053] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0008-000000000000.
[  301.117143][ T1225] Quota error (device loop7): do_check_range: Getting block 0 out of range 1-5
[  301.120164][ T1225] EXT4-fs error (device loop7): ext4_release_dquot:7037: comm kworker/u9:2: Failed to release dquot type 1
[  301.123819][ T1225] loop7: lost filesystem error report for type 5 error -117
[  301.173563][T12930] delete_channel: no stack
[  301.265272][T12908] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  301.267636][T12908] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  301.574251][   T10] usb 6-1: Incompatible driver and firmware versions
[  301.595552][   T10] usb 6-1: USB disconnect, device number 17
[  301.931728][T12958] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2645'.
[  301.972707][T12960] netlink: 'syz.0.2646': attribute type 3 has an invalid length.
[  302.415320][T12974] syz_tun: entered allmulticast mode
[  302.418723][T12971] syz_tun: left allmulticast mode
[  302.473617][T12977] netlink: 32 bytes leftover after parsing attributes in process `syz.7.2655'.
[  302.527722][T12982] loop5: detected capacity change from 0 to 4096
[  302.541989][T12982] ntfs3(loop5): Different NTFS sector size (1024) and media sector size (512).
[  302.557184][T12982] ntfs3(loop5): Failed to initialize $Extend/$Reparse.
[  302.647521][T12990] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2660'.
[  302.671921][T12992] loop7: detected capacity change from 0 to 1024
[  302.682159][T12992] EXT4-fs: Ignoring removed orlov option
[  302.691538][T12992] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  302.712424][T12053] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  302.750929][T13000] overlayfs: missing 'lowerdir'
[  302.842637][ T5679] bond0: (slave bond_slave_0): interface is now down
[  302.844917][ T5679] bond0: (slave bond_slave_1): interface is now down
[  302.851454][ T5679] bond0: (slave wlan1): interface is now down
[  302.865952][ T5679] bond0: now running without any active interface!
[  302.910612][T13014] loop5: detected capacity change from 0 to 8
[  302.929989][T13014] SQUASHFS error: zlib decompression failed, data probably corrupt
[  302.932653][T13014] SQUASHFS error: Failed to read block 0x4de: -5
[  302.951765][T13014] SQUASHFS error: zlib decompression failed, data probably corrupt
[  302.954286][T13014] SQUASHFS error: Failed to read block 0x4df: -5
[  302.956434][T13014] SQUASHFS error: zlib decompression failed, data probably corrupt
[  302.965782][T13014] SQUASHFS error: Failed to read block 0x4e0: -5
[  302.971779][T13014] SQUASHFS error: zlib decompression failed, data probably corrupt
[  302.974500][T13014] SQUASHFS error: Failed to read block 0x4de: -5
[  302.978778][   T33] audit: type=1800 audit(1774128817.506:427): pid=13014 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.2671" name="file1" dev="loop5" ino=5 res=0 errno=0
[  303.454051][T13037] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  303.460463][T13037] bridge0: port 2(bridge_slave_1) entered disabled state
[  303.465231][T13037] bridge0: port 1(bridge_slave_0) entered disabled state
[  304.202570][T13053] loop0: detected capacity change from 0 to 1024
[  304.225743][T13053] hfsplus: invalid length 32517 has been corrected to 255
[  304.269131][ T6273] hfsplus: b-tree write err: -5, ino 20
[  304.538968][   T60] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  304.689932][   T60] usb 1-1: Using ep0 maxpacket: 8
[  304.693889][   T60] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  304.696524][   T60] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  304.702007][   T60] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  304.706069][   T60] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  304.710763][   T60] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  304.716048][   T60] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  304.720405][   T60] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  305.151449][   T60] usb 1-1: GET_CAPABILITIES returned 0
[  305.153221][   T60] usbtmc 1-1:16.0: can't read capabilities
[  305.176025][   T10] usb 1-1: USB disconnect, device number 23
[  307.110278][ T2588] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  307.261755][ T2588] usb 6-1: Using ep0 maxpacket: 32
[  307.265095][ T2588] usb 6-1: config 0 has an invalid interface number: 86 but max is 0
[  307.267610][ T2588] usb 6-1: config 0 has no interface number 0
[  307.271264][ T2588] usb 6-1: config 0 interface 86 altsetting 16 bulk endpoint 0x6 has invalid maxpacket 1023
[  307.275283][ T2588] usb 6-1: config 0 interface 86 altsetting 16 endpoint 0x82 has invalid wMaxPacketSize 0
[  307.778657][T13098] loop0: detected capacity change from 0 to 131072
[  307.788991][T13098] F2FS-fs (loop0): invalid crc value
[  307.793203][ T2588] usb 6-1: config 0 interface 86 altsetting 16 bulk endpoint 0x82 has invalid maxpacket 0
[  307.797588][ T2588] usb 6-1: config 0 interface 86 has no altsetting 0
[  307.845991][T13098] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  307.852645][T13098] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
[  307.859742][ T2588] usb 6-1: New USB device found, idVendor=8086, idProduct=0b63, bcdDevice=6a.32
[  307.863311][ T2588] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  307.866525][ T2588] usb 6-1: Product: syz
[  307.869205][ T2588] usb 6-1: Manufacturer: syz
[  307.871067][ T2588] usb 6-1: SerialNumber: syz
[  307.875305][ T2588] usb 6-1: config 0 descriptor??
[  307.885004][T13092] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  308.106341][ T2588] ljca 6-1:0.86: submit rx urb failed: -90
[  308.111440][ T2588] ljca 6-1:0.86: probe with driver ljca failed with error -90
[  308.116750][ T2588] usb 6-1: USB disconnect, device number 18
[  308.121829][ T6444] udevd[6444]: setting owner of /dev/bus/usb/006/018 to uid=0, gid=0 failed: No such file or directory
[  309.139110][ T2588] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  309.235541][T13122] loop7: detected capacity change from 0 to 32768
[  309.240708][T13122] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.2717 (13122)
[  309.246663][T13122] BTRFS info (device loop7): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  309.250710][T13122] BTRFS info (device loop7): using crc32c checksum algorithm
[  309.308310][ T2588] usb 6-1: Using ep0 maxpacket: 16
[  309.313083][ T2588] usb 6-1: config 251 has an invalid interface number: 202 but max is 0
[  309.316509][ T2588] usb 6-1: config 251 has no interface number 0
[  309.328511][ T2588] usb 6-1: config 251 interface 202 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  309.338558][ T2588] usb 6-1: config 251 interface 202 altsetting 1 bulk endpoint 0x1 has invalid maxpacket 0
[  309.342677][ T2588] usb 6-1: config 251 interface 202 altsetting 1 has an invalid descriptor for endpoint zero, skipping
[  309.357432][ T2588] usb 6-1: config 251 interface 202 altsetting 1 endpoint 0x6 has invalid maxpacket 1024, setting to 64
[  309.362597][ T2588] usb 6-1: config 251 interface 202 altsetting 1 has an endpoint descriptor with address 0xC1, changing to 0x81
[  309.367394][ T2588] usb 6-1: config 251 interface 202 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  309.389481][T13122] BTRFS info (device loop7): enabling ssd optimizations
[  309.392015][T13122] BTRFS info (device loop7): turning on flush-on-commit
[  309.394296][T13122] BTRFS info (device loop7): enabling free space tree
[  309.396484][T13122] BTRFS info (device loop7): enabling auto defrag
[  309.402709][ T2588] usb 6-1: config 251 interface 202 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0
[  309.406445][ T2588] usb 6-1: config 251 interface 202 altsetting 1 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  309.422911][T13122] BTRFS info (device loop7): use lzo compression, level 1
[  309.425429][ T2588] usb 6-1: config 251 interface 202 has no altsetting 0
[  309.431676][ T5920] Bluetooth: hci1: command 0x2016 tx timeout
[  309.434912][T13122] BTRFS info (device loop7): max_inline set to 4096
[  309.440605][ T2588] usb 6-1: New USB device found, idVendor=0572, idProduct=cb00, bcdDevice=bb.c9
[  309.444021][ T2588] usb 6-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[  309.456409][ T2588] usb 6-1: Product: syz
[  309.465199][ T2588] usb 6-1: SerialNumber: syz
[  309.467481][T13131] loop0: detected capacity change from 0 to 32768
[  309.491290][   T33] audit: type=1804 audit(1774128824.016:428): pid=13122 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.7.2717" name="/newroot/95/file1/file2" dev="loop7" ino=261 res=1 errno=0
[  309.522691][T13131] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  309.552460][T13131] XFS (loop0): Internal error !uuid_equal(&mp->m_sb.sb_uuid, &head->h_fs_uuid) at line 254 of file fs/xfs/xfs_log_recover.c.  Caller xlog_header_check_mount+0x93/0xe0
[  309.557831][T13131] CPU: 1 UID: 0 PID: 13131 Comm: syz.0.2718 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  309.557852][T13131] Tainted: [L]=SOFTLOCKUP
[  309.557857][T13131] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  309.557863][T13131] Call Trace:
[  309.557868][T13131]  <TASK>
[  309.557872][T13131]  dump_stack_lvl+0xe8/0x150
[  309.557887][T13131]  xfs_corruption_error+0x122/0x170
[  309.557898][T13131]  ? xlog_header_check_mount+0x93/0xe0
[  309.557907][T13131]  xlog_header_check_mount+0xc6/0xe0
[  309.557914][T13131]  ? xlog_header_check_mount+0x93/0xe0
[  309.557921][T13131]  xlog_find_verify_log_record+0x32e/0x500
[  309.557930][T13131]  xlog_find_zeroed+0x327/0x410
[  309.557939][T13131]  xlog_find_head+0x5f/0x700
[  309.557952][T13131]  xlog_find_tail+0x3d/0x840
[  309.557961][T13131]  ? lockdep_hardirqs_on+0x7a/0x110
[  309.557971][T13131]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  309.557980][T13131]  ? try_to_wake_up+0x7fc/0x1390
[  309.557989][T13131]  xlog_recover+0x4b/0x3e0
[  309.558002][T13131]  xfs_log_mount+0x253/0x3e0
[  309.558012][T13131]  xfs_mountfs+0xe70/0x22e0
[  309.558027][T13131]  ? __pfx_xfs_mountfs+0x10/0x10
[  309.558040][T13131]  ? trace_xfs_inode_timestamp_range+0x84/0x230
[  309.558052][T13131]  xfs_fs_fill_super+0x11b5/0x1600
[  309.558064][T13131]  get_tree_bdev_flags+0x431/0x4f0
[  309.558073][T13131]  ? __pfx_xfs_fs_fill_super+0x10/0x10
[  309.558081][T13131]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[  309.558093][T13131]  vfs_get_tree+0x92/0x2a0
[  309.558105][T13131]  do_new_mount+0x341/0xd30
[  309.558112][T13131]  ? apparmor_capable+0x126/0x170
[  309.558122][T13131]  ? __pfx_do_new_mount+0x10/0x10
[  309.558146][T13131]  ? ns_capable+0x89/0xe0
[  309.558161][T13131]  ? user_path_at+0xd4/0x160
[  309.558171][T13131]  __se_sys_mount+0x31d/0x420
[  309.558181][T13131]  ? __pfx___se_sys_mount+0x10/0x10
[  309.558191][T13131]  ? __x64_sys_mount+0x20/0xc0
[  309.558199][T13131]  do_syscall_64+0x14d/0xf80
[  309.558210][T13131]  ? trace_irq_disable+0x3b/0x150
[  309.558217][T13131]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  309.558226][T13131]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  309.558234][T13131] RIP: 0033:0x7f569359da0a
[  309.558242][T13131] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  309.558248][T13131] RSP: 002b:00007f5694434e58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  309.558256][T13131] RAX: ffffffffffffffda RBX: 00007f5694434ee0 RCX: 00007f569359da0a
[  309.558261][T13131] RDX: 00002000000002c0 RSI: 0000200000000300 RDI: 00007f5694434ea0
[  309.558265][T13131] RBP: 00002000000002c0 R08: 00007f5694434ee0 R09: 0000000004000012
[  309.558269][T13131] R10: 0000000004000012 R11: 0000000000000246 R12: 0000200000000300
[  309.558274][T13131] R13: 00007f5694434ea0 R14: 0000000000009827 R15: 0000200000000380
[  309.558285][T13131]  </TASK>
[  309.565676][T12053] BTRFS info (device loop7): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  309.566779][T13131] XFS (loop0): Corruption detected. Unmount and run xfs_repair
[  309.660263][T13131] XFS (loop0): log has mismatched uuid - can't recover
[  309.662486][T13131] XFS (loop0): empty log check failed
[  309.664204][T13131] XFS (loop0): log mount/recovery failed: error -117
[  309.678311][T13131] XFS (loop0): log mount failed
[  309.698507][ T2588] cxacru 6-1:251.202: cxacru_bind: interface has incorrect endpoints
[  309.701124][ T2588] cxacru 6-1:251.202: usbatm_usb_probe: bind failed: -19!
[  309.720898][ T2588] usb 6-1: USB disconnect, device number 19
[  310.138740][T13158] loop0: detected capacity change from 0 to 1024
[  310.142818][T13158] hfsplus: invalid length 32517 has been corrected to 255
[  310.185874][ T6269] hfsplus: b-tree write err: -5, ino 20
[  310.279895][T13162] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2723'.
[  310.522740][T13175] loop0: detected capacity change from 0 to 4096
[  310.539324][T13175] ntfs3(loop0): Different NTFS sector size (2048) and media sector size (512).
[  310.573424][   T33] audit: type=1800 audit(1774128825.106:429): pid=13175 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2730" name="file1" dev="loop0" ino=30 res=0 errno=0
[  310.577330][T13175] Invalid ELF header len 10
[  310.797447][T13190] loop0: detected capacity change from 0 to 4096
[  310.809478][T13190] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512).
[  310.814025][T13190] ntfs3(loop0): ino=3, mi_enum_attr
[  311.179526][T13197] loop0: detected capacity change from 0 to 1024
[  311.219760][T13197] hfsplus: bad catalog file entry
[  311.259406][ T3521] hfsplus: b-tree write err: -5, ino 3
[  311.261716][ T3521] hfsplus: bad catalog file entry
[  311.294427][T13199] Bluetooth: MGMT ver 1.23
[  311.601026][T13205] netlink: 48 bytes leftover after parsing attributes in process `syz.5.2744'.
[  312.085341][T13222] loop5: detected capacity change from 0 to 32768
[  312.100557][T13222] XFS (loop5): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  312.121048][T13222] XFS (loop5): Ending clean mount
[  312.196970][ T9448] XFS (loop5): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  312.438334][ T2588] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  312.561634][T13240] loop5: detected capacity change from 0 to 8192
[  312.579882][T13240] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000e1b1)
[  312.583179][T13240] FAT-fs (loop5): Filesystem has been set read-only
[  312.589591][ T2588] usb 1-1: Using ep0 maxpacket: 16
[  312.592710][ T2588] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  312.598693][ T2588] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 17408, setting to 1024
[  312.602358][ T2588] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1024
[  312.605423][ T2588] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  312.613713][ T2588] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  312.616884][ T2588] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  312.629467][ T2588] usb 1-1: SerialNumber: syz
[  312.642711][T13232] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  312.821873][T13248] loop7: detected capacity change from 0 to 256
[  312.853251][T13248] FAT-fs (loop7): Directory bread(block 64) failed
[  312.856210][T13248] FAT-fs (loop7): Directory bread(block 65) failed
[  312.867204][T13248] FAT-fs (loop7): Directory bread(block 66) failed
[  312.871700][ T2588] usb 1-1: USB disconnect, device number 24
[  312.874241][T13248] FAT-fs (loop7): Directory bread(block 67) failed
[  312.877880][T13248] FAT-fs (loop7): Directory bread(block 68) failed
[  312.883007][T13248] FAT-fs (loop7): Directory bread(block 69) failed
[  312.886057][T13248] FAT-fs (loop7): Directory bread(block 70) failed
[  312.889542][T13248] FAT-fs (loop7): Directory bread(block 71) failed
[  312.893458][T13248] FAT-fs (loop7): Directory bread(block 72) failed
[  312.896069][T13248] FAT-fs (loop7): Directory bread(block 73) failed
[  312.972174][T13244] loop5: detected capacity change from 0 to 32768
[  313.002231][   T33] audit: type=1800 audit(1774128827.536:430): pid=13244 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2759" name="file1" dev="loop5" ino=4 res=0 errno=0
[  313.205427][T13244] ERROR: (device loop5): dbAdjCtl: the maximum free buddy is not the old root
[  313.205427][T13244] 
[  313.213435][T13244] ERROR: (device loop5): remounting filesystem as read-only
[  313.721856][T13276] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2774'.
[  313.748472][   T10] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  313.901197][   T10] usb 1-1: config 220 has an invalid interface number: 76 but max is 2
[  313.904647][   T10] usb 1-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  313.914568][   T10] usb 1-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  313.922922][   T10] usb 1-1: config 220 has no interface number 2
[  313.925541][   T10] usb 1-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  313.931489][   T10] usb 1-1: config 220 interface 0 has no altsetting 0
[  313.938283][   T10] usb 1-1: config 220 interface 76 has no altsetting 0
[  313.941122][   T10] usb 1-1: config 220 interface 1 has no altsetting 0
[  313.950378][   T10] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  313.954066][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  313.957255][   T10] usb 1-1: Product: syz
[  313.959707][   T10] usb 1-1: Manufacturer: syz
[  313.963735][   T10] usb 1-1: SerialNumber: syz
[  314.191205][   T10] uvcvideo 1-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[  314.194222][   T10] uvcvideo 1-1:220.0: No valid video chain found.
[  314.220397][   T10] usb 1-1: selecting invalid altsetting 0
[  314.277960][   T10] usb 1-1: selecting invalid altsetting 0
[  314.285594][   T10] usbtest 1-1:220.1: probe with driver usbtest failed with error -22
[  314.301004][   T10] usb 1-1: USB disconnect, device number 25
[  314.562118][ T5920] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  314.567169][ T5920] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  314.571502][ T5920] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  314.573488][T13292] loop7: detected capacity change from 0 to 1024
[  314.574254][ T5920] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  314.583391][ T5920] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  314.584868][T13292] hfsplus: invalid catalog max_key_len 0
[  314.591537][T13292] hfsplus: failed to load catalog file
[  314.615506][T13289] lo speed is unknown, defaulting to 1000
[  314.685298][T13297] netlink: 16 bytes leftover after parsing attributes in process `syz.7.2783'.
[  314.790827][T13289] chnl_net:caif_netlink_parms(): no params data found
[  314.969915][T13289] bridge0: port 1(bridge_slave_0) entered blocking state
[  314.972859][T13289] bridge0: port 1(bridge_slave_0) entered disabled state
[  315.116544][T13289] bridge_slave_0: entered allmulticast mode
[  315.123478][T13289] bridge_slave_0: entered promiscuous mode
[  315.127940][T13289] bridge0: port 2(bridge_slave_1) entered blocking state
[  315.130888][T13289] bridge0: port 2(bridge_slave_1) entered disabled state
[  315.133706][T13289] bridge_slave_1: entered allmulticast mode
[  315.136977][T13289] bridge_slave_1: entered promiscuous mode
[  315.149451][T13311] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2786'.
[  315.202711][T13289] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  315.231197][T13289] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  315.259414][T13289] team0: Port device team_slave_0 added
[  315.265805][T13289] team0: Port device team_slave_1 added
[  315.303556][T13289] batman_adv: batadv0: Adding interface: batadv_slave_0
[  315.305812][T13289] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  315.315337][T13289] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  315.323834][T13289] batman_adv: batadv0: Adding interface: batadv_slave_1
[  315.326193][T13289] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  315.339005][T13289] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  315.381177][T13289] hsr_slave_0: entered promiscuous mode
[  315.383955][T13289] hsr_slave_1: entered promiscuous mode
[  315.386010][T13289] debugfs: 'hsr0' already exists in 'hsr'
[  315.387791][T13289] Cannot create hsr debugfs directory
[  315.492428][T13289] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  315.563005][T13289] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  315.568370][   T10] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  315.617621][T13289] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  315.678102][T13289] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  315.718409][   T10] usb 1-1: Using ep0 maxpacket: 8
[  315.729861][   T10] usb 1-1: config 2 has an invalid interface number: 1 but max is 0
[  315.733040][   T10] usb 1-1: config 2 has no interface number 0
[  315.751748][   T10] usb 1-1: New USB device found, idVendor=0644, idProduct=8021, bcdDevice=47.78
[  315.755522][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  315.770084][   T10] usb 1-1: Product: syz
[  315.771855][   T10] usb 1-1: Manufacturer: syz
[  315.785343][   T10] usb 1-1: SerialNumber: syz
[  315.890381][T13289] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  315.899817][T13289] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  315.907435][T13289] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  315.920520][T13289] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  316.012229][   T10] usb 1-1: selecting invalid altsetting 1
[  316.014536][   T10] snd-usb-us122l 1-1:2.1: usb_set_interface error
[  316.017383][   T10] snd-usb-us122l 1-1:2.1: probe with driver snd-usb-us122l failed with error -22
[  316.030485][   T10] usb 1-1: USB disconnect, device number 26
[  316.044150][T13289] 8021q: adding VLAN 0 to HW filter on device bond0
[  316.056309][T13289] 8021q: adding VLAN 0 to HW filter on device team0
[  316.063114][ T1102] bridge0: port 1(bridge_slave_0) entered blocking state
[  316.065598][ T1102] bridge0: port 1(bridge_slave_0) entered forwarding state
[  316.075575][ T1102] bridge0: port 2(bridge_slave_1) entered blocking state
[  316.078506][ T1102] bridge0: port 2(bridge_slave_1) entered forwarding state
[  316.105512][T13289] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  316.200084][T13289] 8021q: adding VLAN 0 to HW filter on device batadv0
[  316.375171][   T33] audit: type=1326 audit(1774128830.906:431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13415 comm="syz.7.2799" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9c4239c799 code=0x0
[  316.451485][T13289] veth0_vlan: entered promiscuous mode
[  316.456510][T13289] veth1_vlan: entered promiscuous mode
[  316.473393][T13289] veth0_macvtap: entered promiscuous mode
[  316.477128][T13289] veth1_macvtap: entered promiscuous mode
[  316.485529][T13289] batman_adv: batadv0: Interface activated: batadv_slave_0
[  316.491617][T13289] batman_adv: batadv0: Interface activated: batadv_slave_1
[  316.497301][ T5679] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  316.502934][ T5679] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  316.507247][ T5679] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  316.511475][ T5679] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  316.596934][   T76] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  316.612809][   T76] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  316.620015][   T33] audit: type=1326 audit(1774128831.156:432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13426 comm="syz.0.2801" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f569359c799 code=0x7ffc0000
[  316.628272][ T5920] Bluetooth: hci1: command tx timeout
[  316.635170][   T33] audit: type=1326 audit(1774128831.156:433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13426 comm="syz.0.2801" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f569359c799 code=0x7ffc0000
[  316.657073][   T33] audit: type=1326 audit(1774128831.156:434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13426 comm="syz.0.2801" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f569359c799 code=0x7ffc0000
[  316.673105][ T6273] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  316.676809][ T6273] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  316.679240][   T33] audit: type=1326 audit(1774128831.156:435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13426 comm="syz.0.2801" exe="/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f569359c799 code=0x7ffc0000
[  316.698749][   T33] audit: type=1326 audit(1774128831.156:436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13426 comm="syz.0.2801" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f569359c799 code=0x7ffc0000
[  316.717031][   T33] audit: type=1326 audit(1774128831.156:437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13426 comm="syz.0.2801" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f569359c799 code=0x7ffc0000
[  316.728387][   T33] audit: type=1326 audit(1774128831.156:438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13426 comm="syz.0.2801" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f569359c799 code=0x7ffc0000
[  316.742687][   T33] audit: type=1326 audit(1774128831.156:439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13426 comm="syz.0.2801" exe="/syz-executor" sig=0 arch=c000003e syscall=443 compat=0 ip=0x7f569359c799 code=0x7ffc0000
[  316.757027][   T33] audit: type=1326 audit(1774128831.166:440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13426 comm="syz.0.2801" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f569359c799 code=0x7ffc0000
[  316.803317][T13429] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  316.807614][T13429] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  316.814855][T13429] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  316.819938][T13429] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  316.823957][T13429] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  316.828740][T13429] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  316.832580][T13429] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  316.836766][T13429] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  316.841281][T13429] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  316.845356][T13429] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  317.420223][T13440] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2806'.
[  317.738066][T13454] loop0: detected capacity change from 0 to 512
[  317.758855][T13454] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[  317.778958][T13454] EXT4-fs (loop0): warning: mounting unchecked fs, running e2fsck is recommended
[  317.789057][T13454] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006]
[  317.792296][T13454] System zones: 0-2, 18-18, 34-35
[  317.794352][T13457] netlink: 41 bytes leftover after parsing attributes in process `syz.5.2813'.
[  317.797059][T13457] netlink: 140 bytes leftover after parsing attributes in process `syz.5.2813'.
[  317.802277][T13454] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  317.806305][T13457] netlink: 41 bytes leftover after parsing attributes in process `syz.5.2813'.
[  318.193109][ T1270] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  318.199854][ T5915] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  318.351342][ T1270] usb 6-1: Using ep0 maxpacket: 16
[  318.358331][ T1270] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  318.362818][ T1270] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  318.366248][ T1270] usb 6-1: New USB device found, idVendor=1b96, idProduct=0008, bcdDevice= 0.00
[  318.370206][ T1270] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  318.374114][ T1270] usb 6-1: config 0 descriptor??
[  318.708326][ T5920] Bluetooth: hci1: command tx timeout
[  318.784389][ T1270] ntrig 0003:1B96:0008.0009: hidraw0: USB HID v0.00 Device [HID 1b96:0008] on usb-dummy_hcd.5-1/input0
[  318.988334][ T1270] usb 6-1: USB disconnect, device number 20
[  320.238373][ T1270] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  320.392073][ T1270] usb 6-1: Using ep0 maxpacket: 32
[  320.396138][ T1270] usb 6-1: config index 0 descriptor too short (expected 156, got 27)
[  320.400053][ T1270] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  320.413235][ T1270] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  320.422136][ T1270] usb 6-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  320.426425][ T1270] usb 6-1: config 0 interface 0 has no altsetting 0
[  320.439753][ T1270] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  320.443437][ T1270] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  320.446740][ T1270] usb 6-1: Product: syz
[  320.450015][ T1270] usb 6-1: Manufacturer: syz
[  320.451913][ T1270] usb 6-1: SerialNumber: syz
[  320.455928][ T1270] usb 6-1: config 0 descriptor??
[  320.467429][T13500] loop0: detected capacity change from 0 to 512
[  320.470820][ T1270] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  320.476363][ T1270] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  320.501367][T13500] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  320.517869][T13500] ext4 filesystem being mounted at /941/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  320.538509][T13500] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000.
[  320.545838][T13494] loop7: detected capacity change from 0 to 32768
[  320.568503][T13494] XFS (loop7): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  320.585653][ T5915] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  320.619155][T13494] XFS (loop7): Ending clean mount
[  320.624722][T13512] lo speed is unknown, defaulting to 1000
[  320.670456][T12053] XFS (loop7): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  320.713965][ T5945] usb 6-1: USB disconnect, device number 21
[  320.727124][T13516] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  320.738904][ T5945] ldusb 6-1:0.0: LD USB Device #0 now disconnected
[  320.799332][ T5920] Bluetooth: hci1: command tx timeout
[  320.921350][T13521] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2837'.
[  320.934511][T13521] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2837'.
[  320.936584][T13522] genirq: Flags mismatch irq 3. 00200000 (pcl812) vs. 00200000 (pcl818)
[  321.149172][T13528] loop7: detected capacity change from 0 to 4096
[  322.148632][T13538] evm: overlay not supported
[  322.749144][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[  322.751272][ T1361] ieee802154 phy1 wpan1: encryption failed: -22
[  322.868382][ T5920] Bluetooth: hci1: command tx timeout
[  322.938861][T13547] loop0: detected capacity change from 0 to 32768
[  323.434929][T13570] netlink: 'syz.0.2859': attribute type 2 has an invalid length.
[  323.437838][T13570] netlink: 100 bytes leftover after parsing attributes in process `syz.0.2859'.
[  323.570658][T13581] netlink: 180 bytes leftover after parsing attributes in process `syz.0.2864'.
[  323.840172][T13596] loop7: detected capacity change from 0 to 16
[  323.843769][T13596] erofs (device loop7): mounted with root inode @ nid 36.
[  325.253778][T13631] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2884'.
[  325.321661][T13636] xt_bpf: check failed: parse error
[  325.831980][   T33] kauditd_printk_skb: 4 callbacks suppressed
[  325.831998][   T33] audit: type=1326 audit(1774128840.106:445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13639 comm="syz.7.2887" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9c4239c799 code=0x0
[  326.386254][T13659] loop5: detected capacity change from 0 to 32768
[  326.394046][T13659] ocfs2: Slot 0 on device (7,5) was already allocated to this node!
[  326.417247][T13659] JBD2: Ignoring recovery information on journal
[  326.438988][T13659] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  326.456235][T13659] OCFS2: ERROR (device loop5): int ocfs2_validate_gd_self(struct super_block *, struct buffer_head *, int): Group descriptor #32 has an invalid fs_generation of #1
[  326.462183][T13659] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  326.465144][T13659] OCFS2: File system is now read-only.
[  326.466831][T13659] (syz.5.2893,13659,0):ocfs2_search_chain:1888 ERROR: status = -30
[  326.470007][T13659] (syz.5.2893,13659,0):ocfs2_search_chain:2011 ERROR: status = -30
[  326.472335][T13659] (syz.5.2893,13659,0):ocfs2_claim_suballoc_bits:2098 ERROR: status = -30
[  326.474903][T13659] (syz.5.2893,13659,0):ocfs2_claim_suballoc_bits:2151 ERROR: status = -30
[  326.477024][T13657] loop7: detected capacity change from 0 to 32768
[  326.477708][T13659] (syz.5.2893,13659,0):__ocfs2_claim_clusters:2532 ERROR: status = -30
[  326.481898][T13657] xfs: Deprecated parameter 'attr2'
[  326.482284][T13659] (syz.5.2893,13659,0):__ocfs2_claim_clusters:2540 ERROR: status = -30
[  326.483844][T13657] XFS: attr2 mount option is deprecated.
[  326.488371][T13659] (syz.5.2893,13659,0):ocfs2_local_alloc_new_window:1197 ERROR: status = -30
[  326.491503][T13659] (syz.5.2893,13659,0):ocfs2_local_alloc_new_window:1222 ERROR: status = -30
[  326.494454][T13659] (syz.5.2893,13659,0):ocfs2_local_alloc_slide_window:1296 ERROR: status = -30
[  326.498022][T13659] (syz.5.2893,13659,0):ocfs2_local_alloc_slide_window:1315 ERROR: status = -30
[  326.501881][T13659] (syz.5.2893,13659,0):ocfs2_reserve_local_alloc_bits:672 ERROR: status = -30
[  326.505235][T13659] (syz.5.2893,13659,0):ocfs2_reserve_local_alloc_bits:710 ERROR: status = -30
[  326.509043][T13659] (syz.5.2893,13659,0):ocfs2_reserve_clusters_with_limit:1241 ERROR: status = -30
[  326.512637][T13659] (syz.5.2893,13659,0):ocfs2_reserve_clusters_with_limit:1290 ERROR: status = -30
[  326.516150][T13659] (syz.5.2893,13659,0):ocfs2_mknod:361 ERROR: status = -30
[  326.518695][T13659] (syz.5.2893,13659,0):ocfs2_mknod:506 ERROR: status = -30
[  326.520966][T13659] (syz.5.2893,13659,0):ocfs2_mkdir:662 ERROR: status = -30
[  326.537390][T13657] XFS (loop7): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  326.576813][T13657] XFS (loop7): Ending clean mount
[  326.590678][T13657] XFS (loop7): Quotacheck needed: Please wait.
[  326.604443][T13289] ocfs2: Unmounting device (7,5) on (node local)
[  326.655932][T13672] No source specified
[  326.664781][T13657] XFS (loop7): Quotacheck: Done.
[  326.742077][T12053] XFS (loop7): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  326.876481][T13680] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2896'.
[  327.131733][T13682] netlink: 'syz.5.2899': attribute type 23 has an invalid length.
[  327.214213][T13684] loop5: detected capacity change from 0 to 1024
[  327.217049][T13684] EXT4-fs: Ignoring removed bh option
[  327.219804][T13684] EXT4-fs: inline encryption not supported
[  327.222193][T13684] EXT4-fs (loop5): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[  327.225272][T13684] EXT4-fs (loop5): group descriptors corrupted!
[  327.406378][T13700] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2906'.
[  327.460627][T13702] loop7: detected capacity change from 0 to 2048
[  327.472330][T13702] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  327.492425][T13704] comedi comedi3: pcmmio: I/O port conflict (0x8006,32)
[  327.742026][T13718] netlink: 16 bytes leftover after parsing attributes in process `syz.7.2916'.
[  328.184036][T13723] loop0: detected capacity change from 0 to 65536
[  328.245859][T13723] XFS (loop0): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  328.277561][T13723] XFS (loop0): Ending clean mount
[  328.371084][ T5915] XFS (loop0): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  328.672517][T13743] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2925'.
[  329.274668][T13756] Error: Device magic number does not match.
[  329.314235][T13759] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2930'.
[  329.489742][T13769] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2935'.
[  329.493435][T13769] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2935'.
[  329.641170][T13775] loop5: detected capacity change from 0 to 256
[  329.675824][T13775] FAT-fs (loop5): Directory bread(block 64) failed
[  329.684192][T13775] FAT-fs (loop5): Directory bread(block 65) failed
[  329.688611][T13775] FAT-fs (loop5): Directory bread(block 66) failed
[  329.693284][T13775] FAT-fs (loop5): Directory bread(block 67) failed
[  329.695995][T13775] FAT-fs (loop5): Directory bread(block 68) failed
[  329.701166][T13775] FAT-fs (loop5): Directory bread(block 69) failed
[  329.703948][T13775] FAT-fs (loop5): Directory bread(block 70) failed
[  329.706555][T13775] FAT-fs (loop5): Directory bread(block 71) failed
[  329.716418][T13775] FAT-fs (loop5): Directory bread(block 72) failed
[  329.724824][T13775] FAT-fs (loop5): Directory bread(block 73) failed
[  329.807697][T13781] Invalid ELF header len 4
[  330.953909][T13806] netlink: 4108 bytes leftover after parsing attributes in process `syz.7.2952'.
[  330.991071][T13808] loop7: detected capacity change from 0 to 256
[  331.001818][T13808] exFAT-fs (loop7): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x395e47cf, utbl_chksum : 0xe619d30d)
[  331.059476][T13811] loop7: detected capacity change from 0 to 1024
[  331.065088][T13811] EXT4-fs (loop7): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  331.071421][T13811] EXT4-fs (loop7): required journal recovery suppressed and not mounted read-only
[  331.098259][ T5945] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[  331.103833][T13813] cgroup: name respecified
[  331.251407][ T5945] usb 6-1: Using ep0 maxpacket: 32
[  331.255925][ T5945] usb 6-1: unable to get BOS descriptor or descriptor too short
[  331.260418][ T5945] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 113, changing to 7
[  331.273795][ T5945] usb 6-1: New USB device found, idVendor=041e, idProduct=3000, bcdDevice= 0.40
[  331.276773][ T5945] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  331.282255][ T5945] usb 6-1: Product: syz
[  331.288265][ T5945] usb 6-1: Manufacturer: syz
[  331.290212][ T5945] usb 6-1: SerialNumber: syz
[  331.506770][ T5945] usb 6-1: 1:1 : UAC_AS_GENERAL descriptor not found
[  331.512339][ T5945] usb 6-1: unit 2 not found!
[  331.540987][ T5945] usb 6-1: USB disconnect, device number 22
[  331.575942][ T5916] udevd[5916]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  331.820240][T13828] sg_write: process 2215 (syz.0.2962) changed security contexts after opening file descriptor, this is not allowed.
[  332.438042][T13841] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2967'.
[  332.917712][T13862] loop0: detected capacity change from 0 to 64
[  332.945777][   T33] audit: type=1800 audit(1774128847.476:446): pid=13862 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2976" name="file1" dev="loop0" ino=5 res=0 errno=0
[  332.967821][   T33] audit: type=1800 audit(1774128847.486:447): pid=13862 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2976" name="file1" dev="loop0" ino=5 res=0 errno=0
[  333.035061][T13866] loop0: detected capacity change from 0 to 1024
[  334.373588][T13892] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2990'.
[  334.751602][T13916] loop5: detected capacity change from 0 to 512
[  334.754355][T13916] journal_path: Lookup failure for './file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[  334.803410][T13916] EXT4-fs: error: could not find journal device path
[  334.940800][T13933] netlink: 'syz.0.3010': attribute type 21 has an invalid length.
[  335.116128][T13943] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3015'.
[  335.119301][T13943] netlink: 'syz.0.3015': attribute type 2 has an invalid length.
[  335.121830][T13943] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3015'.
[  335.125682][T13931] loop5: detected capacity change from 0 to 32768
[  335.139406][T13931] JBD2: Ignoring recovery information on journal
[  335.162162][T13931] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  335.242622][T13289] ocfs2: Unmounting device (7,5) on (node local)
[  336.404413][ T5920] Bluetooth: unknown link type 128
[  336.561470][T13972] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3027'.
[  336.564738][T13972] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3027'.
[  336.981384][T13982] loop0: detected capacity change from 0 to 16
[  336.990689][T13982] erofs (device loop0): EXPERIMENTAL EROFS subpage compressed block support in use. Use at your own risk!
[  336.995547][T13982] erofs (device loop0): mounted with root inode @ nid 36.
[  337.017022][T13982] syz.0.3030: attempt to access beyond end of device
[  337.017022][T13982] loop0: rw=0, sector=131157, nr_sectors = 1 limit=16
[  337.042365][T13982] syz.0.3030: attempt to access beyond end of device
[  337.042365][T13982] loop0: rw=0, sector=46, nr_sectors = 1 limit=16
[  337.048051][T13982] erofs (device loop0): read error -5 @ 0 of nid 36
[  337.114321][T13984] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3031'.
[  337.124982][T13984] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3031'.
[  337.439357][T13995] netlink: 'syz.5.3036': attribute type 1 has an invalid length.
[  337.442414][T13995] netlink: 'syz.5.3036': attribute type 1 has an invalid length.
[  337.447890][T13996] sch_tbf: burst 330 is lower than device syzkaller0 mtu (1514) !
[  337.541288][T14002] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  337.701229][T14014] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.3045'.
[  338.216894][ T1270] kernel read not supported for file /vcs (pid: 1270 comm: kworker/1:3)
[  338.476465][ T5920] Bluetooth: hci1: command tx timeout
[  338.510606][T14053] netlink: 'syz.7.3064': attribute type 1 has an invalid length.
[  338.978227][ T5945] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  339.098302][ T1270] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[  339.148210][ T5945] usb 1-1: Using ep0 maxpacket: 16
[  339.158490][ T5945] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 251, changing to 7
[  339.161871][ T5945] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 25, changing to 7
[  339.167753][ T5945] usb 1-1: New USB device found, idVendor=200c, idProduct=1018, bcdDevice= 0.40
[  339.171324][ T5945] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  339.174130][ T5945] usb 1-1: Product: syz
[  339.175656][ T5945] usb 1-1: Manufacturer: syz
[  339.177030][ T5945] usb 1-1: SerialNumber: syz
[  339.248248][ T1270] usb 6-1: Using ep0 maxpacket: 8
[  339.252538][ T1270] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  339.256847][ T1270] usb 6-1: New USB device found, idVendor=05a9, idProduct=2630, bcdDevice=55.12
[  339.261164][ T1270] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  339.268299][ T1270] usb 6-1: config 0 descriptor??
[  339.279789][ T1270] uvcvideo 6-1:0.0: Found UVC 0.00 device <unnamed> (05a9:2630)
[  339.283007][ T1270] uvcvideo 6-1:0.0: No valid video chain found.
[  339.403877][ T5945] usb 1-1: 1:1 : UAC_AS_GENERAL descriptor not found
[  339.406389][ T5945] usb 1-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  339.450557][ T5945] usb 1-1: USB disconnect, device number 27
[  339.490160][ T1270] usb 6-1: USB disconnect, device number 23
[  339.496336][ T6444] udevd[6444]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  339.677436][T14083] bridge0: port 1(bridge_slave_0) entered disabled state
[  339.763901][T14087] netlink: 'syz.7.3081': attribute type 10 has an invalid length.
[  339.767129][T14087] netdevsim netdevsim7 netdevsim0: left promiscuous mode
[  339.773268][T14087] netdevsim netdevsim7 netdevsim0: left allmulticast mode
[  339.780244][T14087] team0: Port device netdevsim0 added
[  340.631297][T14102] loop0: detected capacity change from 0 to 256
[  340.643194][T14102] exfat: Deprecated parameter 'namecase'
[  340.651212][T14102] exFAT-fs (loop0): error, invalid access to FAT bad cluster (entry 0x00000005)
[  340.654177][T14102] exFAT-fs (loop0): failed to count the number of clusters in root
[  340.656797][T14102] exFAT-fs (loop0): failed to recognize exfat type
[  341.158675][T14126] random: crng reseeded on system resumption
[  341.501209][T14127] loop0: detected capacity change from 0 to 32768
[  341.514394][T14127] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.3099 (14127)
[  341.536050][T14127] BTRFS info (device loop0): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  341.544198][T14127] BTRFS info (device loop0): using blake2b checksum algorithm
[  341.580468][T14127] BTRFS info (device loop0): enabling ssd optimizations
[  341.582860][T14127] BTRFS info (device loop0): turning on async discard
[  341.585793][T14136] loop7: detected capacity change from 0 to 4096
[  341.589999][T14136] ntfs3(loop7): Different NTFS sector size (1024) and media sector size (512).
[  341.594300][T14127] BTRFS info (device loop0): enabling free space tree
[  341.607335][T14136] ntfs3(loop7): ino=5, mi_enum_attr
[  341.609660][T14136] ntfs3(loop7): Mark volume as dirty due to NTFS errors
[  341.716010][T14152] loop7: detected capacity change from 0 to 512
[  341.729375][T14152] EXT4-fs: Ignoring removed bh option
[  341.749266][T14152] EXT4-fs (loop7): mounting ext3 file system using the ext4 subsystem
[  341.785222][T14152] EXT4-fs (loop7): 1 truncate cleaned up
[  341.789756][ T5915] BTRFS info (device loop0): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  341.800636][T14152] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  341.854708][T14157] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3105'.
[  341.884876][T12053] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  342.620659][T14172] loop7: detected capacity change from 0 to 4096
[  343.508369][   T60] usb 1-1: new full-speed USB device number 28 using dummy_hcd
[  343.680242][   T60] usb 1-1: config 0 has an invalid interface number: 35 but max is 0
[  343.683610][   T60] usb 1-1: config 0 has no interface number 0
[  343.686257][   T60] usb 1-1: config 0 interface 35 altsetting 0 endpoint 0xE has an invalid bInterval 0, changing to 10
[  343.690901][   T60] usb 1-1: config 0 interface 35 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0
[  343.697629][   T60] usb 1-1: New USB device found, idVendor=07d0, idProduct=4101, bcdDevice=ec.5c
[  343.701384][   T60] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  343.704702][   T60] usb 1-1: Product: syz
[  343.706540][   T60] usb 1-1: Manufacturer: syz
[  343.708541][   T60] usb 1-1: SerialNumber: syz
[  343.712950][   T60] usb 1-1: config 0 descriptor??
[  343.717302][   T60] cypress_m8 1-1:0.35: Nokia CA-42 V2 Adapter converter detected
[  343.925545][   T60] usb 1-1: Nokia CA-42 V2 Adapter converter now attached to ttyUSB0
[  344.127141][ T5222] usb 1-1: USB disconnect, device number 28
[  344.136623][ T5222] nokiaca42v2 ttyUSB0: Nokia CA-42 V2 Adapter converter now disconnected from ttyUSB0
[  344.142481][ T5222] cypress_m8 1-1:0.35: device disconnected
[  344.532774][T14212] loop5: detected capacity change from 0 to 1024
[  344.536222][T14212] EXT4-fs: Ignoring removed oldalloc option
[  344.542097][T14212] EXT4-fs: Ignoring removed bh option
[  344.565006][T14212] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  344.588817][T14212] EXT4-fs error (device loop5): mb_free_blocks:2047: group 0, inode 15: block 177:freeing already freed block (bit 11); block bitmap corrupt.
[  344.625096][T13289] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  345.018314][ T5945] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[  345.172142][ T5945] usb 6-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[  345.175362][ T5945] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  345.177951][ T5945] usb 6-1: Product: syz
[  345.179707][ T5945] usb 6-1: Manufacturer: syz
[  345.181565][ T5945] usb 6-1: SerialNumber: syz
[  345.185883][ T5945] usb 6-1: config 0 descriptor??
[  345.196265][ T5945] gspca_main: sunplus-2.14.0 probing 04fc:504a
[  345.676156][T14231] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3137'.
[  345.680492][T14231] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3137'.
[  345.799480][T14237] loop0: detected capacity change from 0 to 4096
[  345.807208][ T5945] gspca_sunplus: reg_r err -71
[  345.814077][ T5945] sunplus 6-1:0.0: probe with driver sunplus failed with error -71
[  345.829583][ T5945] usb 6-1: USB disconnect, device number 24
[  346.711205][T14244] loop5: detected capacity change from 0 to 4096
[  346.715779][T14244] ntfs3: Unknown parameter 'iochar37'
[  347.466287][T14271] loop0: detected capacity change from 0 to 128
[  347.469225][T14271] EXT4-fs (loop0): Test dummy encryption mode enabled
[  347.474403][T14271] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  347.480578][T14271] ext4 filesystem being mounted at /1068/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  347.515568][ T5915] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  347.993899][T14297] netlink: 'syz.7.3165': attribute type 1 has an invalid length.
[  348.027827][T14297] 8021q: adding VLAN 0 to HW filter on device bond1
[  348.107645][T14297] bond1: (slave geneve2): making interface the new active one
[  348.113238][T14297] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  348.219545][T14300] loop7: detected capacity change from 0 to 64
[  348.226910][T14300] BFS-fs: bfs_fill_super(): loop7 is unclean, continuing
[  348.798096][T14312] netlink: 'syz.7.3172': attribute type 4 has an invalid length.
[  349.048017][ T6273] Bluetooth: hci3: Frame reassembly failed (-84)
[  349.055515][ T6273] Bluetooth: hci3: Frame reassembly failed (-84)
[  350.631199][T14361] loop0: detected capacity change from 0 to 256
[  350.637600][T14361] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x1d73664b, utbl_chksum : 0xe619d30d)
[  350.658121][T14361] exFAT-fs (loop0): valid_size(150994954) is greater than size(10)
[  350.689451][T14363] netlink: 'syz.7.3191': attribute type 2 has an invalid length.
[  350.691882][T14363] netlink: 224 bytes leftover after parsing attributes in process `syz.7.3191'.
[  350.731611][T14367] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3193'.
[  350.877513][T14379] syzkaller1: entered promiscuous mode
[  350.880444][T14379] syzkaller1: entered allmulticast mode
[  351.030427][T14386] loop0: detected capacity change from 0 to 2048
[  351.110730][ T5920] Bluetooth: hci3: Entering manufacturer mode failed (-110)
[  351.264464][T14386] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  351.274253][T14386] ext4 filesystem being mounted at /1089/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  352.907050][ T5915] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  353.136698][ T5920] Bluetooth: hci2: unexpected event for opcode 0x1004
[  353.247414][T14401] loop5: detected capacity change from 0 to 2048
[  353.284317][T14401] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024)
[  353.293270][ T6444] udevd[6444]: incorrect nilfs2 checksum on /dev/loop5
[  353.298384][T14401] NILFS (loop5): mounting unchecked fs
[  353.300865][T14401] NILFS (loop5): invalid segment: Inconsistency found
[  353.317038][T14401] NILFS (loop5): unable to fall back to spare super block
[  353.322624][T14401] NILFS (loop5): error -22 while searching super root
[  353.715143][T14414] loop5: detected capacity change from 0 to 4096
[  353.740676][T14417] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  354.225543][ T5945] libceph: connect (1)[c::]:6789 error -101
[  354.235615][ T5945] libceph: mon0 (1)[c::]:6789 connect error
[  354.492929][ T5945] libceph: connect (1)[c::]:6789 error -101
[  354.495585][ T5945] libceph: mon0 (1)[c::]:6789 connect error
[  354.543289][T14425] ceph: No mds server is up or the cluster is laggy
[  354.718569][ T5920] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  354.722635][ T5920] Bluetooth: hci2: Injecting HCI hardware error event
[  354.732027][ T5920] Bluetooth: hci2: hardware error 0x00
[  354.761993][T14437] vxcan3: entered promiscuous mode
[  354.764455][T14437] vxcan3: entered allmulticast mode
[  355.293087][T14450] loop7: detected capacity change from 0 to 8192
[  355.434872][T14458] loop7: detected capacity change from 0 to 512
[  355.441151][T14458] EXT4-fs (loop7): mounting ext3 file system using the ext4 subsystem
[  355.480980][T14458] EXT4-fs (loop7): 1 truncate cleaned up
[  355.483860][T14458] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  355.517018][T12053] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  355.894092][T14471] loop5: detected capacity change from 0 to 512
[  355.897953][T14471] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  355.906670][T14471] EXT4-fs (loop5): 1 truncate cleaned up
[  355.910713][T14471] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  355.929235][T14471] EXT4-fs warning (device loop5): ext4_group_extend:1885: will only finish group (8193 blocks, 7937 new)
[  355.934432][T14471] EXT4-fs warning (device loop5): ext4_group_extend:1890: can't read last block, resize aborted
[  355.961701][T13289] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  356.273273][T14481] loop5: detected capacity change from 0 to 512
[  356.283507][T14482] loop0: detected capacity change from 0 to 512
[  356.295980][T14481] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.3236: invalid indirect mapped block 256 (level 2)
[  356.314743][T14482] EXT4-fs (loop0): 1 truncate cleaned up
[  356.317519][T14481] loop5: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117
[  356.318210][    C1] EXT4-fs (loop5): error count since last fsck: 1
[  356.323794][    C1] EXT4-fs (loop5): initial error at time 1774128870: ext4_free_branches:1023: inode 11
[  356.326804][    C1] EXT4-fs (loop5): last error at time 1774128870: ext4_free_branches:1023: inode 11
[  356.341510][T14481] EXT4-fs (loop5): 2 truncates cleaned up
[  356.344990][T14482] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  356.350110][T14481] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  356.363941][   T33] audit: type=1800 audit(1774128870.896:448): pid=14481 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.3236" name="file2" dev="loop5" ino=16 res=0 errno=0
[  356.382722][ T5915] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  356.451929][T13289] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  356.469945][T14490] netlink: 'syz.7.3237': attribute type 16 has an invalid length.
[  356.788969][T14494] loop0: detected capacity change from 0 to 32768
[  356.792751][ T5920] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  356.887233][T14494] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  356.895816][T14494] XFS (loop0): Ending clean mount
[  356.899681][T14494] XFS (loop0): Quotacheck needed: Please wait.
[  356.929523][ T5222] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[  356.937872][T14494] XFS (loop0): Quotacheck: Done.
[  357.078357][ T5222] usb 6-1: Using ep0 maxpacket: 8
[  357.082229][ T5222] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xAD, changing to 0x8D
[  357.087225][ T5222] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid wMaxPacketSize 0
[  357.091387][ T5222] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8D has invalid maxpacket 0
[  357.095228][ T5222] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  357.099448][ T5222] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  357.132211][ T5222] usb 6-1: New USB device found, idVendor=0bfd, idProduct=0124, bcdDevice=3a.9f
[  357.136150][ T5222] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  357.139714][ T5222] usb 6-1: Product: syz
[  357.185092][T14504] netlink: 168 bytes leftover after parsing attributes in process `syz.0.3240'.
[  357.196699][T14504] fuse: Bad value for 'fd'
[  357.202122][   T33] audit: type=1800 audit(1774128871.716:449): pid=14504 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.3240" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop0" ino=4429 res=0 errno=0
[  357.219838][ T5222] usb 6-1: Manufacturer: syz
[  357.221986][ T5222] usb 6-1: SerialNumber: syz
[  357.239203][ T5222] usb 6-1: config 0 descriptor??
[  357.258340][ T5222] kvaser_usb 6-1:0.0: error -EMSGSIZE: Cannot get software info
[  357.261236][ T5222] kvaser_usb 6-1:0.0: probe with driver kvaser_usb failed with error -90
[  357.486033][ T5915] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  357.499237][T12096] usb 6-1: USB disconnect, device number 25
[  357.775787][T14506] loop0: detected capacity change from 0 to 40427
[  357.787878][T14506] F2FS-fs (loop0): invalid crc value
[  357.822263][T14506] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  357.825505][T14506] F2FS-fs (loop0): Start checkpoint disabled!
[  357.827792][T14506] F2FS-fs (loop0): f2fs_disable_checkpoint() finish, err:0
[  357.831017][T14506] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  357.862678][ T1102] kworker/u10:9: attempt to access beyond end of device
[  357.862678][ T1102] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  357.868725][ T1102] CPU: 1 UID: 0 PID: 1102 Comm: kworker/u10:9 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  357.868745][ T1102] Tainted: [L]=SOFTLOCKUP
[  357.868749][ T1102] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  357.868756][ T1102] Workqueue: writeback wb_workfn (flush-7:0)
[  357.868788][ T1102] Call Trace:
[  357.868793][ T1102]  <TASK>
[  357.868799][ T1102]  dump_stack_lvl+0xe8/0x150
[  357.868817][ T1102]  f2fs_handle_critical_error+0x37c/0x540
[  357.868837][ T1102]  f2fs_write_end_io+0x1273/0x1740
[  357.868863][ T1102]  __submit_merged_bio+0x256/0x700
[  357.868882][ T1102]  __submit_merged_write_cond+0x3c9/0x4e0
[  357.868901][ T1102]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  357.868927][ T1102]  f2fs_write_data_pages+0x287e/0x34f0
[  357.868966][ T1102]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  357.868993][ T1102]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  357.869031][ T1102]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  357.869065][ T1102]  ? __lock_acquire+0x6b5/0x2cf0
[  357.869088][ T1102]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  357.869103][ T1102]  do_writepages+0x32e/0x550
[  357.869124][ T1102]  ? reacquire_held_locks+0x104/0x190
[  357.869139][ T1102]  ? writeback_sb_inodes+0x477/0x1a20
[  357.869160][ T1102]  __writeback_single_inode+0x133/0x11a0
[  357.869172][ T1102]  ? do_raw_spin_unlock+0x4d/0x210
[  357.869186][ T1102]  writeback_sb_inodes+0x992/0x1a20
[  357.869222][ T1102]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  357.869237][ T1102]  ? do_raw_spin_lock+0x12b/0x2f0
[  357.869268][ T1102]  ? rcu_is_watching+0x15/0xb0
[  357.869318][ T1102]  wb_writeback+0x456/0xb70
[  357.869335][ T1102]  ? queue_io+0x291/0x4a0
[  357.869355][ T1102]  ? __pfx_wb_writeback+0x10/0x10
[  357.869369][ T1102]  ? do_raw_spin_lock+0x12b/0x2f0
[  357.869391][ T1102]  wb_workfn+0x414/0xf50
[  357.869406][ T1102]  ? look_up_lock_class+0x57/0x110
[  357.869432][ T1102]  ? __pfx_wb_workfn+0x10/0x10
[  357.869445][ T1102]  ? __perf_event_task_sched_in+0xf2/0x1800
[  357.869463][ T1102]  ? do_raw_spin_lock+0x12b/0x2f0
[  357.869477][ T1102]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  357.869500][ T1102]  ? process_scheduled_works+0xa8d/0x18c0
[  357.869514][ T1102]  ? process_scheduled_works+0xa8d/0x18c0
[  357.869528][ T1102]  process_scheduled_works+0xb6e/0x18c0
[  357.869563][ T1102]  ? __pfx_process_scheduled_works+0x10/0x10
[  357.869580][ T1102]  ? assign_work+0x3d5/0x5e0
[  357.869595][ T1102]  worker_thread+0xa53/0xfc0
[  357.869630][ T1102]  kthread+0x388/0x470
[  357.869642][ T1102]  ? __pfx_worker_thread+0x10/0x10
[  357.869655][ T1102]  ? __pfx_kthread+0x10/0x10
[  357.869667][ T1102]  ret_from_fork+0x51e/0xb90
[  357.869684][ T1102]  ? __pfx_ret_from_fork+0x10/0x10
[  357.869697][ T1102]  ? __switch_to+0xc7d/0x1450
[  357.869715][ T1102]  ? __pfx_kthread+0x10/0x10
[  357.869727][ T1102]  ret_from_fork_asm+0x1a/0x30
[  357.869755][ T1102]  </TASK>
[  357.869762][ T1102] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  358.413322][T14527] loop0: detected capacity change from 0 to 2048
[  358.443420][ T6444] Dev loop0: RDB in block 2 has bad checksum
[  358.451464][T14527] Dev loop0: RDB in block 2 has bad checksum
[  358.563012][T14539] loop0: detected capacity change from 0 to 64
[  358.567686][T14539] MINIX-fs: deleted inode referenced: 1
[  358.570713][T14539] MINIX-fs: get root inode failed
[  358.770593][T14552] ksmbd: Daemon and kernel module version mismatch. ksmbd: 124, kernel module: 1. User-space ksmbd should terminate.
[  359.655388][T14586] loop0: detected capacity change from 0 to 4096
[  359.667473][T14588] loop5: detected capacity change from 0 to 256
[  359.674551][T14588] exFAT-fs (loop5): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  359.691056][T14586] ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512).
[  359.741200][T14586] ntfs3(loop0): ino=19, mi_enum_attr
[  359.750082][T14586] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[  359.793759][T14586] ntfs3(loop0): failed to convert "c46c" to iso8859-13
[  359.809193][T14586] ntfs3(loop0): ino=20, mi_enum_attr
[  360.017414][T14606] loop5: detected capacity change from 0 to 32768
[  360.022413][T14606] xfs: Deprecated parameter 'attr2'
[  360.023948][T14606] XFS: attr2 mount option is deprecated.
[  360.044227][T14606] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  360.146799][T14606] XFS (loop5): Ending clean mount
[  360.156960][T14606] XFS (loop5): Quotacheck needed: Please wait.
[  360.203699][T14606] XFS (loop5): Quotacheck: Done.
[  360.255502][T13289] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  360.551798][T14634] loop0: detected capacity change from 0 to 164
[  360.582396][T14602] F2FS-fs (loop7): invalid crc value
[  360.628397][T14602] F2FS-fs (loop7): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  360.635930][T14602] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e4
[  361.058324][ T1270] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[  361.208604][ T1270] usb 6-1: Using ep0 maxpacket: 32
[  361.226494][ T1270] usb 6-1: config 0 has an invalid interface number: 188 but max is 0
[  361.240502][ T1270] usb 6-1: config 0 has no interface number 0
[  361.251088][ T1270] usb 6-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  361.277264][ T1270] usb 6-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  361.287325][ T1270] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  361.291157][ T1270] usb 6-1: Product: syz
[  361.293843][ T1270] usb 6-1: Manufacturer: syz
[  361.295755][ T1270] usb 6-1: SerialNumber: syz
[  361.311082][ T1270] usb 6-1: config 0 descriptor??
[  361.321223][T14647] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  361.544754][T14647] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  361.716486][T14649] set_capacity_and_notify: 1 callbacks suppressed
[  361.716503][T14649] loop7: detected capacity change from 0 to 65
[  361.723422][T14649] BFS-fs: bfs_fill_super(): NOTE: filesystem loop7 was created with 512 inodes, the real maximum is 511, mounting anyway
[  361.756105][ T1270] asix 6-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  361.777704][ T1270] asix 6-1:0.188: probe with driver asix failed with error -71
[  361.794609][ T1270] usb 6-1: USB disconnect, device number 26
[  362.236823][T14661] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3307'.
[  362.276538][T14663] loop0: detected capacity change from 0 to 256
[  362.283734][T14663] msdos: Bad value for 'tz'
[  362.293430][T14663] loop0: detected capacity change from 0 to 512
[  362.305867][T14663] EXT4-fs error (device loop0): ext4_orphan_get:1391: inode #15: comm syz.0.3308: inode has both inline data and extents flags
[  362.315551][T14663] loop0: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[  362.315734][T14663] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.3308: couldn't read orphan inode 15 (err -117)
[  362.318866][    C1] EXT4-fs (loop0): error count since last fsck: 1
[  362.318882][    C1] EXT4-fs (loop0): initial error at time 1774128876: ext4_orphan_get:1391: inode 15
[  362.318903][    C1] EXT4-fs (loop0): last error at time 1774128876: ext4_orphan_get:1391: inode 15
[  362.338794][T14663] loop0: lost filesystem error report for type 5 error -117
[  362.343910][T14663] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  362.567284][ T5915] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  362.751921][T14683] netlink: 12 bytes leftover after parsing attributes in process `syz.7.3314'.
[  362.806719][T14683] netlink: 52 bytes leftover after parsing attributes in process `syz.7.3314'.
[  362.819533][T14683] bridge0: port 2(bridge_slave_1) entered disabled state
[  363.576590][T14708] random: crng reseeded on system resumption
[  363.724660][ T9512] bridge_slave_1: left allmulticast mode
[  363.726682][ T9512] bridge_slave_1: left promiscuous mode
[  363.734913][ T9512] bridge0: port 2(bridge_slave_1) entered disabled state
[  363.756830][ T9512] bridge_slave_0: left allmulticast mode
[  363.759758][ T9512] bridge_slave_0: left promiscuous mode
[  363.762098][ T9512] bridge0: port 1(bridge_slave_0) entered disabled state
[  364.451415][T14722] netlink: 'syz.7.3334': attribute type 8 has an invalid length.
[  364.454267][T14722] netlink: 'syz.7.3334': attribute type 4 has an invalid length.
[  364.457129][T14722] netlink: 164 bytes leftover after parsing attributes in process `syz.7.3334'.
[  364.501257][ T9512] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  364.515460][ T9512] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  364.528944][ T9512] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  364.559309][ T9512] bond0 (unregistering): Released all slaves
[  364.643987][ T9512] tipc: Disabling bearer <eth:batadv0>
[  364.669139][ T9512] tipc: Left network mode
[  364.897478][T14731] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3338'.
[  365.007406][ T9512] hsr_slave_0: left promiscuous mode
[  365.012367][ T9512] hsr_slave_1: left promiscuous mode
[  365.031022][ T9512] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  365.033583][ T9512] batman_adv: batadv0: Removing interface: batadv_slave_0
[  365.042706][ T9512] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  365.045840][ T9512] batman_adv: batadv0: Removing interface: batadv_slave_1
[  365.081849][ T9512] veth1_macvtap: left promiscuous mode
[  365.083616][ T9512] veth0_macvtap: left allmulticast mode
[  365.085377][ T9512] veth0_macvtap: left promiscuous mode
[  365.091414][ T9512] veth1_vlan: left promiscuous mode
[  365.093347][ T9512] veth0_vlan: left promiscuous mode
[  365.197772][T14743] loop0: detected capacity change from 0 to 2048
[  365.342120][ T9512] team0 (unregistering): Port device team_slave_1 removed
[  365.351910][ T9512] team0 (unregistering): Port device team_slave_0 removed
[  365.709261][T14759] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3352'.
[  365.900551][T14769] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue
[  365.907132][T14769] syzkaller0: entered promiscuous mode
[  365.909620][T14769] syzkaller0: entered allmulticast mode
[  366.785295][T14776] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3359'.
[  368.458711][T14804] No control pipe specified
[  368.640387][T14808] netlink: 'syz.7.3374': attribute type 1 has an invalid length.
[  368.714250][T14808] bond2: entered promiscuous mode
[  368.717926][T14808] 8021q: adding VLAN 0 to HW filter on device bond2
[  368.757613][T14806] loop0: detected capacity change from 0 to 32768
[  368.784952][T14806] ocfs2: Slot 0 on device (7,0) was already allocated to this node!
[  368.802908][T14806] JBD2: Ignoring recovery information on journal
[  368.819785][T14810] 8021q: adding VLAN 0 to HW filter on device bond2
[  368.829584][T14810] bond2: (slave vcan1): The slave device specified does not support setting the MAC address
[  368.832793][T14810] bond2: (slave vcan1): Setting fail_over_mac to active for active-backup mode
[  368.856138][T14806] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  368.862444][T14810] bond2: (slave vcan1): making interface the new active one
[  368.865009][T14810] vcan1: entered promiscuous mode
[  368.872039][T14810] bond2: (slave vcan1): Enslaving as an active interface with an up link
[  369.020450][ T5915] ocfs2: Unmounting device (7,0) on (node local)
[  369.037763][T14820] xt_CT: No such helper "netbios-ns"
[  369.476752][T14834] loop0: detected capacity change from 0 to 16
[  369.512790][T14834] erofs (device loop0): mounted with root inode @ nid 36.
[  369.529480][T14834] syz.0.3378: attempt to access beyond end of device
[  369.529480][T14834] loop0: rw=524288, sector=1056, nr_sectors = 16 limit=16
[  369.547053][T14834] syz.0.3378: attempt to access beyond end of device
[  369.547053][T14834] loop0: rw=524288, sector=16, nr_sectors = 40 limit=16
[  369.557398][T14834] erofs (device loop0): failed to decompress (lz4) corrupted compressed data @ pa 4096 size 4096 => 8192
[  369.562967][T14834] erofs (device loop0): read error -117 @ 1 of nid 89
[  369.577433][T14834] erofs (device loop0): failed to decompress (lz4) corrupted compressed data @ pa 4096 size 4096 => 8192
[  369.584177][T14834] erofs (device loop0): read error -117 @ 1 of nid 89
[  369.627645][   T33] audit: type=1800 audit(1774128884.096:450): pid=14834 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.3378" name="file2" dev="loop0" ino=89 res=0 errno=0
[  369.963237][T14838] loop5: detected capacity change from 0 to 40427
[  369.976488][T14838] F2FS-fs (loop5): invalid crc value
[  369.983269][T14838] F2FS-fs (loop5): Current segment's next free block offset is inconsistent with bitmap, logtype:3, segno:0, type:0, next_blkoff:3, blkofs:6
[  370.001371][T14838] F2FS-fs (loop5): Failed to initialize F2FS segment manager (-117)
[  370.166272][T14851] loop0: detected capacity change from 0 to 2048
[  370.172369][T14850] loop7: detected capacity change from 0 to 1024
[  370.185430][T14851] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  370.218590][T14851] UDF-fs: error (device loop0): udf_fiiter_advance_blk: extent after position 232 not allocated in directory (ino 1376)
[  370.236216][T14850] EXT4-fs (loop7): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  370.240361][T14850] ext4 filesystem being mounted at /270/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  370.254689][T14850] EXT4-fs error (device loop7): ext4_map_blocks:818: inode #15: comm syz.7.3386: lblock 0 mapped to illegal pblock 0 (length 1)
[  370.282956][T14850] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117
[  370.286661][T14850] EXT4-fs (loop7): This should not happen!! Data will be lost
[  370.286661][T14850] 
[  370.307752][T14856] loop5: detected capacity change from 0 to 8192
[  370.316075][T12053] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  370.445661][T14866] loop0: detected capacity change from 0 to 2048
[  370.489010][T14873] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  370.749402][T14885] loop5: detected capacity change from 0 to 512
[  370.755089][T14885] EXT4-fs (loop5): #blocks per group too big: 268378112
[  370.828463][ T1270] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  370.901185][   T33] audit: type=1326 audit(1774128885.426:451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14889 comm="syz.5.3403" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f125279c799 code=0x7ffc0000
[  370.915753][   T33] audit: type=1326 audit(1774128885.426:452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14889 comm="syz.5.3403" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f125279c799 code=0x7ffc0000
[  370.939559][   T33] audit: type=1326 audit(1774128885.446:453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14889 comm="syz.5.3403" exe="/syz-executor" sig=0 arch=c000003e syscall=121 compat=0 ip=0x7f125279c799 code=0x7ffc0000
[  370.965831][   T33] audit: type=1326 audit(1774128885.446:454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14889 comm="syz.5.3403" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f125279c799 code=0x7ffc0000
[  370.984367][   T33] audit: type=1326 audit(1774128885.446:455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14889 comm="syz.5.3403" exe="/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7f125279c799 code=0x7ffc0000
[  371.002845][ T1270] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  371.011247][ T1270] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  371.014694][   T33] audit: type=1326 audit(1774128885.446:456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14889 comm="syz.5.3403" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f125279c799 code=0x7ffc0000
[  371.036110][ T1270] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  371.041557][ T1270] usb 1-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[  371.054538][ T1270] usb 1-1: Manufacturer: syz
[  371.056419][   T33] audit: type=1326 audit(1774128885.446:457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14889 comm="syz.5.3403" exe="/syz-executor" sig=0 arch=c000003e syscall=438 compat=0 ip=0x7f125279c799 code=0x7ffc0000
[  371.072897][ T1270] usb 1-1: config 0 descriptor??
[  371.085987][   T33] audit: type=1326 audit(1774128885.446:458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14889 comm="syz.5.3403" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f125279c799 code=0x7ffc0000
[  371.171568][T14894] loop5: detected capacity change from 0 to 8192
[  371.200405][T14894]  loop5: p4 < >
[  371.577121][T14904] bridge0: port 2(bridge_slave_1) entered blocking state
[  371.579937][T14904] bridge0: port 2(bridge_slave_1) entered forwarding state
[  371.622494][T10248] lo speed is unknown, defaulting to 1000
[  374.044704][ T1270] input: syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.000A/input/input18
[  375.298191][    C0] sched: DL replenish lagged too much
[  385.160165][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[  385.172167][ T1361] ieee802154 phy1 wpan1: encryption failed: -22
[  397.531470][ T5911] Bluetooth: hci0: command 0x0406 tx timeout
[  447.471235][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[  447.478616][ T1361] ieee802154 phy1 wpan1: encryption failed: -22
[  475.417315][ T1270] input: syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.000A/input/input19
[  508.242048][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[  508.253316][ T1361] ieee802154 phy1 wpan1: encryption failed: -22
[  535.131423][T14911] Bluetooth: hci1: command tx timeout
[  536.589142][   T34] INFO: task kworker/u8:3:5925 blocked for more than 152 seconds.
[  536.592215][   T34]       Tainted: G             L      syzkaller #0
[  536.604921][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  536.607621][   T34] task:kworker/u8:3    state:D stack:21656 pid:5925  tgid:5925  ppid:2      task_flags:0x4208060 flags:0x00080000
[  539.751891][   T34] Workqueue: ipv6_addrconf addrconf_verify_work
[  539.753861][   T34] Call Trace:
[  539.754911][   T34]  <TASK>
[  539.755834][   T34]  __schedule+0x15dd/0x52d0
[  539.757254][   T34]  ? __pfx___schedule+0x10/0x10
[  544.191427][   T34]  ? schedule+0x90/0x360
[  544.193149][   T34]  schedule+0x164/0x360
[  544.194495][   T34]  schedule_preempt_disabled+0x13/0x30
[  544.196180][   T34]  __mutex_lock+0x7fe/0x1300
[  544.198060][   T34]  ? __mutex_lock+0x5ac/0x1300
