last executing test programs:

3m8.116622155s ago: executing program 1 (id=912):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={{0x14}, [], {0x14}}, 0x28}}, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000003640), 0x2, 0x20042)
ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r0, 0x810c5701, &(0x7f0000000000))

3m8.047519912s ago: executing program 1 (id=913):
syz_emit_ethernet(0x34e, &(0x7f0000000780)={@local, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "00ed00", 0x318, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, 0x0, [{0x0, 0xa, "a78c000005dc8080a2030003004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34060600000000000000dac15084dbaf736b41e5af0502"}, {0x0, 0x1, "00000500000000de25000400"}, {0x0, 0x18, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf3915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x0, 0x1d, "06aa85616177c61bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee4df24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5ac010000000000000090aa235a670670ffc5dc49dfb58d00000000000000"}, {0x0, 0xb, "17dcea46805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f005"}, {0xe, 0x7, "b8a3e10000a3e1100000006f00ffc0ffff00000000600000ff0bc0fe000000000000000000000000d9a0274400"/55}, {0x0, 0xc, "5e14f0e74d2d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d180610027628cf9ef083611c9f68e2e1eb3d8bf9c6ab2642c4808298e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c"}]}}}}}}, 0x0)
syz_emit_ethernet(0x5e, &(0x7f0000001340)={@broadcast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d92", 0x28, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @remote, @private1}}}}}}, 0x0)

3m7.88537752s ago: executing program 1 (id=916):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f00000016c0), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001740)={&(0x7f0000000100)={0x34, r1, 0xf1aad47e89fb43b5, 0x70bd2c, 0x25dfdbff, {}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}}, 0x40)

3m7.643082444s ago: executing program 1 (id=917):
syz_mount_image$bfs(&(0x7f0000000000), &(0x7f0000000240)='./bus\x00', 0x8008, &(0x7f0000000100)=ANY=[@ANYRES64=0x0], 0xf, 0xab, &(0x7f0000010140)="$eJzs1zGKwkAYBeB/s7CbdptFsLBO4x08ilhqI1aK4A3Ei3gVj5DewiKtiCOYiIidRQT5vmLgzWPgtbM7brubIiKtIlLRme7T3Wy+GA8n9Rl8pCwifiMij4jeX50Pg7r7avqyWo7K6vv58c+69b0AAMDrsug/5nNqLk7NL/Aa/m993vI+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHe7BAAA//+dfyiL")
mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file4\x00', 0x40, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./bus\x00', 0x40942, 0x0)
mount(&(0x7f0000000440)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x400, 0x0, 0x0, 0x1, 0x0, "ef35af413bb901527fe4d0ce5d29c3ee5e5c3676345a41499db7aac63a01000000000000004faa2ae2c084a0ea0000000000000000000c00002000", "036c47c67808200400000000000000335263bdbcef549ba197fce47ddfdd753abd950100002a00ffffffffffffffff00000000e8f20000000200", "b7326736181c208220000000b9000000000000000000f0fffffffff2ff00", [0x4]})
linkat(0xffffffffffffff9c, &(0x7f0000000000)='./file4\x00', 0xffffffffffffff9c, &(0x7f00000006c0)='./file5\x00', 0x0)

3m7.417865244s ago: executing program 1 (id=921):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="38000000540001000000000000c4000007", @ANYRES32, @ANYBLOB="00000000e000030000000000000000000000000008"], 0x38}}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

3m7.102356928s ago: executing program 1 (id=927):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f00000001c0))
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000040)=0x10000)
read$dsp(r0, &(0x7f00000000c0)=""/108, 0x6c)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000000)=0x40000)

3m6.877123867s ago: executing program 32 (id=927):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f00000001c0))
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000040)=0x10000)
read$dsp(r0, &(0x7f00000000c0)=""/108, 0x6c)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000000)=0x40000)

3m5.977310655s ago: executing program 2 (id=933):
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0900000023000000dd0000000a"], 0x50)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r0 = syz_io_uring_setup(0x24f6, &(0x7f0000000b80)={0x0, 0x0, 0x10100, 0x0, 0x33a}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='8'], 0x38}}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CLOSE={0x13, 0x8})
io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0)

3m5.88815191s ago: executing program 2 (id=934):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
close(r0)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000180), 0x80, &(0x7f0000001500)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}})

3m4.996107347s ago: executing program 2 (id=936):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000280)={'bridge0\x00', &(0x7f0000000880)=@ethtool_per_queue_op={0x4b, 0x48, [0x1, 0xffffffff, 0x191f, 0x5, 0x7c, 0x1, 0x3, 0x60000000, 0xfffffffc, 0x4fa, 0x2, 0x1, 0xfffffffd, 0x9, 0x8, 0x1, 0x0, 0x4, 0x9, 0x0, 0x7, 0x7, 0x4, 0x3, 0xfffffffb, 0x2, 0x4, 0x800000, 0xf4b, 0xfb, 0x10f2, 0x200, 0x6, 0x664, 0x8, 0x6, 0x5, 0x3, 0x6, 0x3, 0xfffffffe, 0xa22, 0x4fb2, 0x5, 0x4, 0x140, 0x100, 0xdf, 0xabe, 0x1000, 0x7, 0x2, 0xd313, 0x4, 0x7, 0xfffffe32, 0xfff, 0xc, 0xf, 0x9, 0x8, 0x80000000, 0x2, 0x400000f, 0x6, 0xfffffff8, 0xee, 0x8, 0x5, 0x1, 0x7f, 0xffff7ff8, 0x9, 0x7, 0x30c6, 0x13e8, 0xc, 0xe, 0x6, 0x9e56, 0x4, 0xfffffff0, 0x4b, 0x4460, 0x7ff, 0x10, 0xe3b7, 0xd0, 0xe7, 0x9, 0x0, 0xffffa016, 0xe, 0xf, 0x8001, 0xf2, 0x2, 0x80000001, 0x1, 0x1, 0x38a, 0x1001, 0xe, 0x6, 0xff, 0x1, 0x3, 0xfffffff9, 0x200, 0x3, 0x9, 0x7, 0x2, 0x4, 0x21b50516, 0x4, 0x1, 0xe, 0x7, 0x81, 0x0, 0xfffffffe, 0xdab, 0x7, 0x8e0, 0x3, 0xf619, 0x9]}})

3m4.875916291s ago: executing program 2 (id=939):
syz_mount_image$exfat(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x800, &(0x7f0000000480)={[{@iocharset={'iocharset', 0x3d, 'iso8859-15'}}, {@umask={'umask', 0x3d, 0x3}}, {@keep_last_dots}, {}, {@umask={'umask', 0x3d, 0x7f}}, {@discard}, {@fmask={'fmask', 0x3d, 0x8}}, {@utf8}, {@iocharset={'iocharset', 0x3d, 'macinuit'}}, {@allow_utime={'allow_utime', 0x3d, 0xce38}}]}, 0x1, 0x1528, &(0x7f00000037c0)="$eJzs3AuYT9X6OPD3XWvtMSS+TXIZ1lrv5ptclkmSXJLkkiRJkuSWkDTJkYTEEJI0JCG5DEkMIblMTBr3+/2SkCRNkoTklqz/M+FxOnX+p/M7/XKe37yf59mP9X73ftd+9/f9XvbeZubbrkNrNaldvRERwX8EL/yTBACxADAQAPICQAAA5ePKx2Wtzykx6T/bCftzPZh6pStgVxL3P3vj/mdv3P/sjfufvXH/szfuf/bG/c/euP+MZWebphW6hpfsu/D9/+yMv///D8ksM/bLNWWu6wYQ80dTuP/ZG/f//6zgj2zE/c/euP/ZVeyVLoD9F+D3f3aQ45+u4f5nb9x/xrKzK33/+UovEPkvew6O5LzQmL/q+BljjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMsb/AaX+ZAoBL4ytdF2OMMcYYY4wxxv48PseVroAxxhhjjDHGGGP/+xAESFAQQAzkgFjICblAAMDVkAfyQgSugTi4FvLBdZAfCkBBKATxUBiKgAYDFghCKArFIArXQ3G4AUpASSgFpcFBGUiAG6Es3ATl4GYoD7dABbgVKkIlqAxV4DaoCrdDNbgDqsOdUANqQi2oDXdBHbgb6sI9UA/uhfpwHzSA+6EhPACN4EFoDA9BE3gYmsIj0AyaQwtoCa3+R/nPQ094AXpBb0iCPtAXXoR+0B8GwEswEF6GQfAKDIZXIRmGwFB4DYbB6zAc3oARMBJGwZswGt6CMTAWxsF4SIEJMBHehknwDkyGd2EKTIVUmAbT4T2YATNhFrwPs+EDmANzYR7MhzT4EBbAQkiHj2ARfAwZsBiWwFJYBsthBayEVbAa1sBaWAfrYQNshE2wGbbAVtgG22EHfAI74VPYBbthD3wGe+HzfzP/1D/kd0NAQIECFSqMwRiMxVjMhbkwN+bGPJgHIxjBOIzDfJgP82N+LIgFMR7jsQgWQYMGCQmLYlGMYhSLY3EsgSWwFJZChw4TMAHL4k1YDstheSyPFbACVsRKWAmrYBWsilWxGlbD6lgda2ANrIW18C68C/tgXayL9bAe1sf6l25PYSNshI2xMTbBJtgUm2IzbIYtsAW2wlbYGltjG2yD7bAdtsf22AE7YCImYkfsiJ2wE3bGztgFu2BX7IrdsDt2z3w+B+AL+AL2xhqiD/bFvtgPk3MMwJfwJXwZB+Er+Aq+isk4BIfia/gavo7D8SSOwJE4CkdhVfEWjsGxSGI8pmAKTsSJOAknYVah7+JUTMVpOB2n4wyciTPxfZyNH+AHOBfn4nxMwzRcgAsxHdNxEZ7CDFyMS3ApLsPluAxX4ipciWtwLa7B9bgeN+JG3IybcStuxe24HT9BBYCf4m7cjcm4F/fiPtyH+3E/HsADmImZeBAP4iE8hIfxMB7BI3gUj+FxPIYn8ASexFN4Gk/jWTyL5/DZ+K8bf1JydTKILEooESNiRKyIFblELpFb5BZ5RB4RERERJ+JEPpFP5Bf5RUFRUMSLeFFEFBFGGEEijAEAERVRUVwUFyVECVFKlBJOOJEgEkRZUVaUE+VEeXGLqCBuFRVFJdHWVRFVRFXRzlUTd4jqorqoIWqKWqK2qC3qiDqirqgr6ol6or6oLxqI+0VD0QcH4IMiqzNNxBBsKoZiM9FcyIufYK3FcGwj2op24nExEkdgB9HaJYqnREcxBjuJv4mx+IzoIsZjV/Gc6Ca6ix7iedFTtHG9RG8xGfuIvmIq9hP9xQDxkpiBNcX7ODtnLfGqSBZDxFDxmpiPr4vh4g0xQowUo8SbYrR4S4wRY8U4MV6kiAlionhbTBLviMniXTFFTBWpYpqYLt4TM8RMMUu8L2aLD8QcMVfME/NFmvhQLBALRbr4SCwSH4sMsVgsEUvFMrFcrBArxSqxWqwRa8U6sV5sEBvFJrFZbBFbxTaxXewQn4id4lOxS+wWe8RnYq/4XOwTX4j94ktxQHwlMsXX4qD4RhwS34rD4jtxRHwvjopj4rj4QZwQP4qT4pQ4Lc6Is+IncU78LM4LL0CiFFJKJQMZI3PIWJlT5pJXydwyuPjsXiPj5LUyn7xO5pcFZEFZSMbLwrKI1NJIK0mGsqgsJqPyellc3iBLyJKylCwtnSwjE+SNsqy8SZaTN8vy8hZZQd4qK8pKsrKsIm+TVeXtEiIX9lFD1pS1ZG15l0yCu2VdeY+sJ++V9eV9soG8XzaUD8hG8kHZWD4km8iHZVP5iGwmm8sWsqVsJR+VreVjso1sK9vJx2V7+YTsIJ+UifIp2VH6iy+RZ2QX+azsKp+T3WR32UP+LM9LL3vJ3hL6gOwrX5T9ZH85IBYA5MtykHxFDpavymQ5RA6Vr8lh8nU5XL4hR8iRcpR8U46Wb8kxcqwcJ8fLFDlBTpRvy0nyHTlZviunyKkyVU6TA+TAX2aaJeW/zH/7d/IH/7L3jXKT3Cy3yK1ym9wud8hP5E65U+6Su+QeuUfulXvlPrlP7pf75QF5QGbKTHlQHpSH5CF5WB6WR+QReVQek2fkD/KE/FGelKfkKXlGnpVn5bmLzwEoVEJJpVSgYlQOFatyqlzqKpVbXa3yqLwqoq5RcepalU9dp/KrAqqgKqTiVWFVRGlllFWkQlVUFVNRdT1efMGoUqq0cqqMSlA3/jv5qri6QZVQJX+Vf6m+pH9SXyvVSrVWrVUb1Ua1U+1Ue9VedVAdVKJKVB1VR9VJdVKdVWfVRXVRXVVX1U11Uz1UD9VT9VS9VC+VpJJUX/Wi6qf6qwHqJTVQvawGqUFqsBqsklWyGqqGqmFqmBquhqsRaoQapUap0Wq0GqPGqHFqnEpRKWqimqgmqUlqspqspqgpKlWlqulqupqhZqhZapaarWarOWqOmqfmqTSVphaoBSpdpatFapHKUIvVYrVULVXL1XK1Uq1Uq9VqtVatVevVepWhNqlNaovaorapbWqH2qF2qp1ql9ql9qg9aq/aq/apfWq/2q8OqAMqU2Wqg+qgOqQOqcPqsDqijqij6qg6ro6rE+qEOqlOqtPqtDqrzqpz6pw6r85nnfYFIhCBClQQE8QEsUFskCvIFeQOcgd5gjxBJIgEcUFckC+4LsgfFAgKBoWC+KBwUCTQgQlsIC42PRpcHxQPbghKBCWDUkHpwAVlgoTgxqBscFNQLrg5KB/cElQIbg0qBpWCykGV4LaganB7UC24I6ge3BnUCGoGtYLawV1BneDuoG5wT1AvuDeoH9wXNAjuDxoGDwSNggeDxsFDQZPg4aBp8EjQLGgetAhaBq3+1Pm9P1ngMddL99ZJuo/uq1/U/XR/PUC/pAfql/Ug/YoerF/VyXqIHqpf08P063q4fkOP0CP1KP2mHq3f0mP0WD1Oj9cpeoKeqN/Wk/Q7erJ+V0/RU3Wqnqan6/f0DD1Tz9Lv69n6Az1Hz9Xz9Hydpj/UC/RCna4/0ov0xzpDL9ZL9FK9TC/XK/RKvUqv1mv0Wr1Or9cb9Ea9SW/WW/RWvU1v1zv0J3qn/lTv0rv1Hv2Z3qs/1/v0F3q//lIf0F/pTP21Pqi/0Yf0t/qw/k4f0d/ro/qYPq5/0Cf0j/qkPqVP6zP6rP5Jn9M/6/PaZ53cZ329G2WUiTExJtbEmlwml8ltcps8Jo+JmIiJM3Emn8ln8pv8pqApaOJNvCliipgsZMgUNUVN1ERNcVPclDAlTClTyjjjTIJJMGVNWVPOlDPlTXlTwVQwFU1FU9lUNreZ28zt5nZzh7nD3GnuNDVNTVPb1DZ1TB1T19Q19Uw9U9/UNw1MA9PQNDSNTCPT2DQ2TUwT09Q0Nc1MM9PCtDCtTCvT2rQ2bUwb0860M+1Ne9PBdDCJJtF0NB1NJ9PJdDadTRfTxXQ1XU030830MD1MT9PT9DK9TJJJMn1NX9PP9DMDzAAz0Aw0g8wgM9gMNskm2Qw1Q80wM8wMN8PNCDPSjMo6UTVvmTFmrBlnxpsUk2ImmolmkplkJpvJZoqZYlJNqpluppsZZoaZZWaZ2Wa2mWPmmHlmnkkzaWaBWWDSTbpZZBaZDJNhlpglZplZZlaYFWaVWWXWmDVmHawzG8wGs8lsMlvMFrPNbDM7zA6z0+w0u8wus8fsMXvNXrPP7DP7zX5zwBwwmSbTHDQHzSFzyBw2h80Rc8QcNUfNcXPcnDAnzElz0pw2p81ZU+Di96U3sTanzWWvsrnt1TaPzWv/MS5oC9l4W9gWsdrmtwV+FRtrbQlb0paypa2zZWyCvfE3cUVbyVa2Vexttqq93Vb7TVzH3m3r2ntsPXuvrW3v+lVc395nG9iHbUNEANvcNrYtbRP7sG1qH7HNbHPbwra07e0TtoN90ibap2xH+/Rv4gV2oV1lV9s1dq3dZXfb0/aMPWS/tWftT7aX7W0H2pftIPuKHWxftcl2yG/iUfZNO9q+ZcfYsXacHf+beIqdalPtNDvdvmdn2Jm/idPsh3a2Tbdz7Fw7z87/Jc6qKd1+ZBfZj22GDWCJXWqX2eV2hV15qVaf1663G+xGu9N+arfYrXab3W53XDoRtrvtHvuZ3Ws/twftN3a//dIesIdtpv36lzjr+A7b7+wR+709ao/Z4/YHe8L+qC5lZx37D/Zne956C4QEJElRQDGUg2IpJ+Wiqyg3XU15KC9F6BqKo2spH11H+akAFaRCFE+FqQhpMmSJKKSiVIyidD1dKq8UlSZHZSiBbqSydBOVo5upPN1CFehWqkiVqDJVoduoKt1O1egOqk53Ug2qSbWoNt1Fdehuqkv3UD26l+rTfdSA7qeG9AA1ogepMT1ETehhakqPUDNqTi2oJbWiR6k1PUZtqC21o8epPT1BHehJSqSnqCM9TZ3ob9SZnqEu9Cx1peeoG3WnHvQ89aQXqBf1piTqQ33pRepH/WkAvUQD6WUaRK/QYHqVkmkIDaXXaBi9TsPpDRpBI2kUvUmj6S0aQ2NpHI2nFJpAE+ltmkTv0GR6l6bQVEqlaTSd3qMZNJNm0fs0mz6gOTSX5tF8SqMPaQEtpHT6iBbRx5RBi2kJLaVltJxW0EpaRatpDa2ldbSeNtBG2kSbaQttpW20nXbQJ7STPqVdtJv20Ge0lz6nffQF7acv6QB9RZn0NR2kb+gQfUuH6Tvfm76no3SMjtMPdIJ+pJN0ik7TGTpLP9E5+pnOkycIMRShDFUYhDFhjjA2zBnmCq8Kc4dXh3nCvGEkvCaMC68N84XXhfnDAmHBsFAYHxYOi4Q6NKENKQzDomGxMBpeHxYPbwhLhCXDUmHp0IVlwoTwxrBseFNYLrw5LB/eElYIbw0rhpXCh++tEt4WVg1vD6uFd4TVwzvDGmHNsFZYO7wrrBPeHdYN7wnrhfeG5cL7wgbh/WHD8IGwUfhg2Dh8KGwSPhw2DR8Jm4XNwxZhy7BV+GjYOnwsbBO2DduFj4ftwyfCDuGTYWL4VNgxfPqX9fct/Ofrk8I+Yd/wxfDF0Pt75Lzo/Gha9MPogujCaHr0o+ii6MfRjOji6JLo0uiy6PLoiujK6Kro6uia6Nrouuj66Iboxqj3tXOAQyecdMoFLsblcLEup8vlrnK53dUuj8vrIu4aF+eudfncdS6/K+AKukIu3hV2RZx2xllHLnRFXTEXdde74u4GV8KVdKVcaedcGZfgWrpWrpVr7R5zbVxb18497h53T7gn3JPuSfeU6+iedp3c31xn94zr4p51z7rnXDfX3fVwz7uebkKeC+/JJNfX9XX9XD83wA1wA91AN8gNcoPdYJfskt1QN9QNc8PccDfcjXAj3Cg3yo12o90YN8aNc+NciktxE91EN8lNcpPdZDfFTXGpLtVNd9PdDDfDVZ15YS9z3Bw3z81zaS7NLXBZ54zpbpFb5DJchlvilrhlbplb4Va4VW6VW+PWuHVundvgNrhNbpPb4ra4bW6b2+F2uJ1up9vl816Y1O11+9w+t9/tdwfcVy7Tfe0Oum/cIfetO+y+c0fc9+6oO+aOux/cCfejO+lOudPujDvrfnLn3M/uvPMuJTIhMjHydmRS5J3I5Mi7kSmRqZHUyLTI9Mh7kRmRmZFZkfcjsyMfROZE5kbmReZH0iIfRhZEFkbSIx9FFkU+jmREFkeWRJZGlkWWR7wvvCX0RX0xH/XX++L+Bl/Cl/SlfGnvfBmf4G/0Zf1Nvpy/2Zf3t/gK/lZf0Vfylf0jvplv7lv4lr6Vf9S39o/5Nr6tb+cf9+39E76Df9In+qd8R/+07+T/5jv7Z3wX/6zv6p/z3Xx338M/73v6F3wv39sn+T6+r3/R9/P9/QD/kh/oX/aD/Ct+sH/VJ/shfqh/zQ/zr/vh/g0/wo/0o2Le9KMvXSLDeJ/iJ/iJ/m0/yb/jJ/t3/RQ/1af6aX66f8/P8DP9LP++n+0/8HP8XD/Pz/dp/kO/wC/06f4jv8h/7DP84ks3lf0Kv9Kv8qv9Gr/Wr/Pr/Qa/0W/ym/0Wv9Vv89v9Dv+J3+k/9bv8br/Hf+b3+s/9Pv+F3++/9Af8Vz7Tf+0P+m/8If+tP+y/80f89/6oP+aP+x/8Cf+jP+lP+dP+jD/rf/Ln/M/+PP/OGmOMMcbYHzLh8lD8es2F2/l9fidH/N3GfQHg6q2FMv9+fdYZ5br8F8b9RXz7CAA81bvrg5eWGjWSkpIubpshISg2F+DS/wRliYHL8WJoB09AIrSFsr9bf3/R/Sz9i/mjtwDk+rucWLgcX57/CwBM+p35H3181IIK4em4/8/8cwFKFLuckxMux4uh3S/3V9pCuX9Sf4HW/6L+nF+mALT5u5zccDm+XH8CPAZPQ+KvtmSMMcYYY4wxxi7oLyp3vnT9eeknPn/v+jxeXc7JAZfjf3V9zhhjjDHGGGOMsSvvme49nnw0MbFt539/UO1/lPWHB03hf2tmHvzuwHuAS48oAPgPJwTIGsi/8ig2/yX7Sr741vnHVcvO+AD+O1r5Zwyu8AcTY4wxxhhj7E93+aT/14+rK1UQY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDGWDf0Vf07sSh8jY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxdqX9vwAAAP//kfb+pw==")
mkdirat(0xffffffffffffff9c, 0x0, 0x1c0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)
chroot(&(0x7f0000000100)='./file0\x00')
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a95005, 0x0)
pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f00000001c0)='./file0\x00')

3m4.69802282s ago: executing program 2 (id=941):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='veth0_to_team\x00', 0x10)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @private=0xa010102}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @multicast1}, 0x10)

3m4.017354429s ago: executing program 2 (id=944):
r0 = socket$inet6(0xa, 0x802, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback, 0x3}, 0x31)
sendmmsg$inet6(r0, &(0x7f0000002940), 0x40000000000017d, 0x811)

3m3.819035631s ago: executing program 33 (id=944):
r0 = socket$inet6(0xa, 0x802, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback, 0x3}, 0x31)
sendmmsg$inet6(r0, &(0x7f0000002940), 0x40000000000017d, 0x811)

1m40.224733071s ago: executing program 3 (id=1802):
mknodat(0xffffffffffffff9c, 0x0, 0x81c0, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
r1 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_GET(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x24004870}, 0x80)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = getpid()
io_uring_register$IORING_REGISTER_MEM_REGION(0xffffffffffffffff, 0x22, &(0x7f0000000280)={&(0x7f0000000240)={&(0x7f0000000080)="8d981ea1d21e9c323ca7d532cdec0937b316013f0f25553ba24b280ed978b136d7c5e1f61ecbc67ba0bbd43817d8692de4a30854a3bbdd34b11ba9ec35055e", 0x3f, 0x1, 0xe28, 0xfffffffffffffff2}}, 0x1)
r4 = syz_pidfd_open(r3, 0x0)
open_by_handle_at(r4, &(0x7f0000000180)=ANY=[@ANYBLOB="150000"], 0x1)
sendmsg$nl_generic(r2, 0x0, 0x4000)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000012c0)={{{@in=@private, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}}, {{@in6=@private1}, 0x0, @in=@private}}, &(0x7f0000000000)=0xe8)
r6 = socket$inet6(0xa, 0x3, 0x6)
getsockopt$sock_cred(r6, 0x1, 0x11, 0x0, &(0x7f00000005c0))
r7 = socket$inet6(0xa, 0x3, 0x5)
r8 = socket$l2tp6(0xa, 0x2, 0x73)
dup2(r8, r7)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r7, 0x29, 0x20, &(0x7f00000000c0)={@dev, 0x800, 0x0, 0x2, 0x9}, 0x20)
setsockopt$inet6_opts(r7, 0x29, 0x37, &(0x7f0000000040)=@dstopts={0x62}, 0x8)
r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r9, 0xffffffffffffffff, 0x0)
syz_mount_image$squashfs(&(0x7f0000000000), &(0x7f00000002c0)='./file0\x00', 0x0, &(0x7f0000000300), 0x1, 0x233, &(0x7f0000000340)="$eJzskt9LU2Ecxp/37LhWJJuxkoYUM8kQ0rnEHxcJWYwoIiiSOWYqzuViFDovmi1bUSzbRY25cuIkChtEkVkEQTCTSJBBlu7Ci2xwvKycRXXjqTjnvB70b+j93Dzn/b7P+7w/zrfT1+XbAEBcDrQDBkjwMGIGBDyAnUQuYZlTNEZ1nqqWzs9RPUbrIapiTa/dARBP8UI1N1HoMhMDNht/TmfRDn0z6kaOSsaBzJavoynJf+SUfxyk1KW/Pzx2uyGeL8eSJsfaHM1E0ZBOCgIQXbEvZPntMMpZjz+e8Axktur+bJu+lnxU3f8ZgzfuuEEsQzoA5W/3xust+WGOZuYBaPN6O7p9aazPj5IUZyaSLy1mThLUI9wMgh1jx3c/+LVi8j8bv9x0t9ceiIWvzo8+PY2XFeJclWkp0tn4NztZUFZ77nxupKj49/PgcC7Qt1h1oP/KroT++qz4bcl5qQaAUHizS6tvtZUFvh9ssNUJiTMXQy985ntn3Yci72IfxNapJ0B0ZnF/RSA92WJ2bjTZ/AnnJ1tLwaaHpe/7vgBvHD8iIEmS4oB446vXyr20yqOD/gxoAJQA4MDD7fF2WA6DQEMHlbxiUN0cdPJEuQFeVwhEbgF5WW6WxyCgLBOQpwZahTXp+2qDNAkhqiX0EKskqQqQzsqr7bXaNryccIuO9gQl24W2np7uSulqypdas6o1q0HdmaO7Jrj1TzHFgcFgMBgMBoPBYDD+Z/4FAAD//5Ius14=")
syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000980)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x40, &(0x7f00000004c0)=ANY=[@ANYBLOB='nobarrier,gid=', @ANYRESHEX, @ANYBLOB="2c63726561746f723dbd3d66f12c63726561746f723d64eb8ba92c6e6f6465636f6d706f73652c756d61736b3d3030303030303030303030303030303030303030303032000000003d", @ANYRESHEX, @ANYRESOCT], 0x3, 0x6a4, &(0x7f0000001b40)="$eJzs3U9sHFcdB/DvbDbrbJBS918aEFKtRqqgEYmdVUmQkBoQQjlEKIJLr1biNFY2aeW4KK0Q2QAFiRMn1AOHIhQOPSGEkMoJUc5ISFw4+R6JG4ccAKOZnV2v7Y1jJ7HXbT8faTzv7Zv33m9+nT+7s402wGfW+ddzsJci509cuFXWV+52uit3O9cH5SRTSRpJs79K0U6Kj5Nz6S/5fPliPVzxoHlevfdR0Xz/w06/1qyXavvGVv02GbtlLzk0rBxIMtMv/mfbw24ar1qqcS6tjfeIimHcZcKODxIHk7a6SW+tsfHQ7ts/b4F963b/vrnJdHI4/btr+T4g9dXh4VeGydvy2tTbuzgAAABgt4z9LD/qqfu5n1s5sjfhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKdD0f/NwKJeGoPyTIrB7/+3Rn5TvzXhcB/Te1eq1XefmnQgAAAAAAAAAPBYXryf+7mVI4P6alF95/9SVXmu+vu5vJ2bWchSTuZW5rOc5SxlLsn0yECtW/PLy0tzm3v+MmXP1dXV23XP02N7nl4fV29joOP+T4NNGwEAAAAAAADAZ9aPcn7t+38AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgPiuRAf1Utzw3K02k0kxxK0ipmhpu3JhrsE/DnSQcAAAAAu69dr48U/+sXVovqM//R6nP/obydG1nOYpbTzUIuV88C+p/6G3/vdbordzvXy2XzwN/4147iqEZM/9nD+Jlnqy2eH/Y4n2/nezmRmVzMUhbz/cxnOQuZybeq0nyKTNdPL6ZX7rYziHVzvOfW1S5ujO3FkXIZ37EqknauZLGK7WQutQahN+rtjo3M9sdWsmHGO2V2itdq28zR5Xpd7tEv6vX+MF3t+cFhRmbr3JfZeHo075tzv8PjZONMc2kMn0E9tzZLWd040yPl/HC9LnP9093N+Q4fpa3PRO/nZW1w9B3dOufJl//xl4tXGzeuXb1y88T+OYwe0cZjojOSiRe2lYlumYneY2Ti0OPE/+S06mz0r6I7u1q+VPU9ksV8J2/mchZyJrOZy9nM5ms5nU5Oj+T1+a3zWp1rjZ2da8e/VBfKe9LPRu5Ne2bqQQ1lXp8eyevolW66aht9ZS1Lz2wjS0Ur47P0z7GhNL9QF8o5fjxyx5m8jZmYG8nEs1tn4tf/XU1ys3vj2tLV+be2Od/L9bo8bd9bf23+zRPZoZ2rd7c8Xp4p/2Olf9sYPTrKtmcHbRvy1aq/cWnWg61ra6U6n/ttDztTy5GO3hk3Ur/thbGzdKq2YyNt697l5M10h+9CANjHDr9yuNW+1/5b+4P2T9pX2xcOfXPq7NQXWzn41+afDvyu8dvG14tX8kF+mCOTjhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4Nbr7z7rX5bndhaR8W0njCA94Z2zRIRf+V1v7Y909qYWqrI+r3Sbbo3ppEzO0k+yJ1ae7BXFMZ03Rh+Eo7aQzjSXJtn/zAHbAbTi1ff+vUzXfe/cri9fk3Ft5YuHH67JnXznS+Onf71JXF7sJs/++kowR2w9rbgElHAgAAAAAAAAAAAGzXXvzzhjHTFr0J7CsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwyXT+9Rzspcjc7MnZsr5yt9Mtl0F5bctmkkaS4gdJ8XFyLv0l0yPDFQ+a59V7H/3q5fc/7KyN1Rxs39jQ7w//Xl3d4V706iUzSQ7U64eb2tZ4l0bG6+0wsL5iuIdlwo4PEgeT9v8AAAD//x5LB84=")
setresuid(0xffffffffffffffff, r5, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b04, 0x0)

1m38.601437992s ago: executing program 3 (id=1811):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="2000000012008f35"], 0x20}, 0x1, 0x0, 0x0, 0x4081}, 0x4040800)
recvmmsg(r0, &(0x7f0000000d80)=[{{0x0, 0x0, &(0x7f0000002bc0)=[{&(0x7f0000000100)=""/96, 0x60}, {&(0x7f0000001800)=""/88, 0x58}, {&(0x7f0000001880)=""/172, 0xac}, {&(0x7f0000002c80)=""/4112, 0x1010}, {&(0x7f0000002980)=""/212, 0xd4}, {&(0x7f0000001740)=""/180, 0xb4}, {&(0x7f0000002ac0)=""/210, 0xd2}], 0x7}, 0x1}], 0x1, 0x40000002, 0x0)
recvmmsg(r0, &(0x7f0000001200)=[{{0x0, 0x22, 0x0}, 0xffff}, {{0x0, 0x0, 0x0}, 0x5}, {{0x0, 0x0, 0x0}, 0x6e8}, {{0x0, 0x0, 0x0}, 0x3}, {{0x0, 0x0, 0x0}, 0x8001}, {{0x0, 0x0, 0x0}, 0x80000002}], 0x5db, 0x2000, 0x0)

1m38.213610847s ago: executing program 3 (id=1812):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x1c5ed000)
r0 = userfaultfd(0x1)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2})

1m37.109149137s ago: executing program 3 (id=1818):
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x2, 0x4, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, [@call={0x85, 0x0, 0x0, 0xae}]}, &(0x7f0000000040)='syzkaller\x00', 0x4, 0x24, 0xfffffffffffffffc, 0x0, 0x0, '\x00', 0x0, 0x38}, 0x80)

1m37.020709156s ago: executing program 3 (id=1820):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2145c99, 0x0)
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, 0x0)

1m36.878876996s ago: executing program 3 (id=1824):
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='ns\x00')
fchdir(r0)
unshare(0x28000600)
unshare(0x66020000)
umount2(&(0x7f0000000100)='./cgroup\x00', 0x2)

1m21.89605688s ago: executing program 34 (id=1824):
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='ns\x00')
fchdir(r0)
unshare(0x28000600)
unshare(0x66020000)
umount2(&(0x7f0000000100)='./cgroup\x00', 0x2)

1m0.733705474s ago: executing program 5 (id=2143):
syz_emit_ethernet(0x4e, &(0x7f0000000380)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "4dd318", 0x18, 0x6, 0x0, @private1={0xfc, 0x1, '\x00', 0x2}, @local, {[], {{0x0, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x0, 0x0, 0x0, {[@generic={0x4, 0x2}, @generic={0x8, 0x2}]}}}}}}}}, 0x0)

1m0.68266779s ago: executing program 5 (id=2145):
syz_mount_image$udf(&(0x7f00000000c0), &(0x7f0000000180)='./file0\x00', 0x2000002, &(0x7f0000000200)={[{@volume={'volume', 0x3d, 0x3e}}, {@gid}, {@adinicb}, {@rootdir={'rootdir', 0x3d, 0x4}}, {@fileset}, {}, {@gid={'gid', 0x3d, 0xee01}}, {@adinicb}, {@longad}]}, 0x5, 0xc32, &(0x7f0000000e00)="$eJzs3U1sXNd9N+D/uRyKI/l9KyZ2FCeNi0lbpLJiufqKqViFO6pptgFkWQjF7AJwJI7UgSmSIKlGNtKC6aaLLgIURRdZEWiNAikaGE0RdMm0LpBsvCiy6opoYSMoumCLAFkFLO6dM9KQIm1GFCVKeh6b+s3ce86dc+4Z3ysLOvcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDxe6+dP3EyPexWAAAP0sXxr5445f4PAE+Uy/7/HwAAAAAAAAAAAAAA9rsURTwdKeYurqXJ6n1X/UJn8OatidGxrasdTFXNgap8+VM/eer0mS+9NHK2lxc6Mx9R/377bLwxfvl849XZG3Pz7YWF9lRjYqZzdXaqveMj7Lb+ZseqE9C48ebNqWvXFhqnXjy9Yfet4Q+HnjoyfG7k+ePP9cpOjI6Njd8pUu8vX7vnhnRtN8PjQBRxPFK88L2fplZEFLH7c1F/sGO/2cGqE8eqTkyMjlUdme60ZhbLnZd6J6KIaPRVavbO0dZjEbXBB9qH7TUjlsrmlw0+VnZvfK4137oy3W5cas0vdhY7szOXUre1ZX8aUcTZFLEcEatDdx9uMIqoRYrvHF5LVyJioHcevlhNDN6+HcUe9nEHynY2BiOWi0dgzPaxoSji9Ujxs/eOxtV8namuNV+IeL3MH0S8U+YrEan8YpyJ+GCL7xGPploU8efl+J9bS1PV9aB3XbnwtcZXZq7N9pXtXVd+yfvDXVeKh3R/OLgpH4x9fm2qRxGt6oq/lu79NzsAAAAAAAAAAAAAAAAA3G8Ho4jPRIrX/u2PqnnFUc1LP3xu5PeH/3//nPFnP+Y4ZdkXI2Kp2Nmc3AN5YuCldCmlhzyX+ElWjyL+OM//+9bDbgwAAAAAAAAAAAAAAAAAAMATrYifRIqX3z+alqN/TfHOzPXG5daV6e6qsL21f3trpq+vr683UjebOSdzLuVczrmSczVnFLl+zmbOyZxLOZdzruRczRkDuX7OZs7JnEs5l3Ou5FzNGbVcP2cz52TOpZzLOVdyruaMfbJ2LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA46SIIn4RKb79jbUUKSKaEZPRzZWhh906AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA0lIr4fqRo/EHz9rZaRKTq366j5S9nonmgzE9Gc6TMV6J5PmerylrzWw+h/ezOYCrix5FiqP7u7QHP4z/YfXf7axDvfPPOu8/WujnQ2zn84dBTRw6fGxn7tWe3e522asCxC52Zm7caE6NjY+N9m2v50z/Zt204f25xf7pORCy89fabrenp9vy9vyi/Aruo/gi9SLUnpadeVC+iti+a8XD6zhOgvP9/ECl++/1/793wu/f/evy/7rvbd/j4+Z/cuf+/vPlAO7z/1zbXy/f/8p6+1f3/6b5tL+ffjQzWIuqLN+YGj0TUF956+3jnRut6+3p75syJE18eGfny6RODByLq1zrT7b5X9+V0AQAAAAAAAAAAAAAAADw4qYjfjRStH6+lRkTcquZrDZ8bef74cwMxUM232jBv+43xy+cbr87emJtvLyy0pxoTM52rs1PtnX5cvZruNTE6tied+VgH97j9B+uvzs69Nd+5/oeLW+4/VD9/ZWFxvnV1691xMIqIZv+WY1WDJ0bHqkZPd1ozVdVLW06m/+UNpiL+I1JcPdNIn8/b8vz/zTP8N8z/X9p8oD2a//+Jvm3lZ6ZUxM8jxW/9xbPx+aqdh+Kuc5bL/U2kOHb2c7lcHCjL9drQfa5Ad2ZgWfZ/IsU//GJj2d58yKfvlD254xP7iCjH/3Ck+P6ffTd+PW/b+PyHrcf/0OYD7dH4P9O37dCG5xXsuuvk8T8eKV55+t34jbzto57/0Xv2xtFc+PbzOfZo/D/Vt204f+5v3p+uAwAAAAAAAAAAPNIGUxF/Gyl+OFZLL+VtO/n7f1ObD7RHf//r033bpu7PekUf+2LXJxUAAAAA9onBVMRPIsX1xXdvz6HeOP+7b/7n79yZ/zmaNu2t/pzvV6rnBtzPP//rN5w/d3L33QYAAAAAAAAAAAAAAAAAAIB9JaUiXsrrqU9W8/mntl1PfSVSvPZfL+Ry6UhZrrcO/HD1a/3i7Mzx89PTs1dbi60r0+3G+Fzrarus+0ykWPvrz+W6RbW+em+9+e4a73fWYp+PFGN/1yvbXYu9tzb5M72yS+2TZdlPRIr//PuNZXvrWH/qznFPlWX/KlJ8/Z+2LnvkTtnTZdnvRooffb3RK3uoLNt7Puqn75R98epssQejAgAAAAAAAAAAAAAAAAAAwJNmMBXxp5Hiv28s357Ln9f/H+x7W3nnm33r/W9yq1rnf7ha/3+71/ey/n/1XIGl7T4VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeTymKeDtSzF1cSytD5fuu+oXOzM1bE6NjW1c7mKqaA1X58qd+8tTpM196aeRsLz+6/v32mXhj/PL5xquzN+bm2wsL7anGxEzn6uxUe8dH2G39zY5VJ6Bx482bU9euLTROvXh6w+5bwx8OPXVk+NzI88ef65WdGB0bG+8rUxu850+/S9pm+4Eo4i8jxQvf+2n64VBEEbs/Fx/z3dlrB6tOHKs6MTE6VnVkutOaWSx3XuqdiCKi0Vep2TtHD2AsdqUZsVQ2v2zwsbJ743Ot+daV6XbjUmt+sbPYmZ25lLqtLfvTiCLOpojliFgduvtwg1HEm5HiO4fX0j8PRQz0zsMXL45/9cSp7dtR7GEfd6BsZ2MwYrn4qDHbosNsMBRF/GOk+Nl7R+NfhiJq0f2JL0S8XuYPIt6J7nin8otxJuIDp/WxUYsi/rcc/3Nr6b2h8nrQu65c+FrjKzPXZvvK9q4rj/z94UHa5/eTehTxo+qKv5b+1X/XAAAAAAAAAAAAAAAAAPtIEb8aKV5+/2iq5gffnlPcmbneuNy6Mt2d1teb+9ebM72+vr7eSN1s5pzMuZRzOedKztWcUeT6OZtl1tfXJ/P7pZzLOVdyruaMgVw/ZzPnZM6lnMs5V3Ku5oxarp+zmXMy51LO5ZwrOVdzxj6ZuwcAAAAAAAAAAAAAAAAAADxeiuqfFN/+xlpaH6rWlx7o7VuxHuhj7/8CAAD//0pa+Ck=")
lchown(&(0x7f00000001c0)='./file2\x00', 0x0, 0x0)

1m0.581945503s ago: executing program 5 (id=2146):
request_key(&(0x7f00000000c0)='.dead\x00', &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000200)='\x00', 0xfffffffffffffff9)
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x298})
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000180), 0x40000)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$rdma_cm(0xffffff9c, &(0x7f00000001c0), 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x80800)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)

59.14778181s ago: executing program 5 (id=2152):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_mount_image$squashfs(&(0x7f0000000180), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000300)=ANY=[@ANYRES16=0x0, @ANYRESOCT=0x0, @ANYBLOB="d9e2f81c20b5ab1f360c1068f219d7d16d4bfe86eebd827261ed2f1a31f74649a3567a6a0e87aa6e2a454b4b2903cdaa902ed3309c198137ed7175ad705c4a7b74ee9198f6c27ebda5c55ec63283c02ef96064a6f86f2943b6e6ab39a470dcf8d595020e1e6f36b279b34a014a08d72d90c365f7ded1fd84a93a001eea1c827778a1eae724b9120583b1d01022055a799750f46d9ea96b6d92fc394bc0323f2bab7932efd5e115612b3db68bcfae28458fb913cf093fcaa678f2810370e71c5285234b8db8e3ca8bd5ad8eac924a61", @ANYRESHEX, @ANYRES8=0x0, @ANYRESOCT, @ANYRES32=0x0, @ANYRESDEC, @ANYRES32=0x0], 0x1, 0x1f6, &(0x7f0000000680)="$eJzslU1rE0EYx3+zO2kazaFnTwWD7UXbbEH8BvYD+AEM6VqLG1+6AU0oGL304kH8EgU/hQdB7x5EBC/1oKCHiqeKrMzOM9MNicRKeyjMH5bnZZ6XeZ7ZeeZ2/iCvA78PdrosUELR5KNSaGBJWd3hnKU/hBaCL9rKbdG/FPpZaD4Yvntm2eGdTpal2/lgBqMUzLLJCiwj6Rk30lOSOcuZod8+HdcophpHwD/VcyKMyTax1I9tSZNez8c09Wk24stpb74mef7LffEY/42t1DI/m+O/xNeTrqvGaZ97pWO/mn87piJ2/fnwwrbZL0nbMcaxuDcmbspZY6JjeeXI+MqvP4n4XgrvD3a6hrkpU8zoNuznrkRpY4TXFZsLGkagYgofR5fTEpaAlX7v/ko+GF7e6nU20830bpKsXV19c15OoXgMW1m6qirbMJcaN5cAc08blXVzdT4drY+oQMnWpEDOgXK8c3HDeflixbEBUaUsR4/ivvL566KL6XGDS8wDD0dqERJst1qYaJpbprR1FLEIbV3ZJxwSMV8uXOneyzZ2USjntof2Mdr71LyQiGASpWvXfPm7QltC14XuCd0X6t4u9ybpMsI3kZZHMMejTr+/XT5elvO6xOuSBZ85kqzuNXQNb9UJCAgICAgICDgj+BMAAP//duk56A==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
chdir(&(0x7f00000001c0)='./file0\x00')
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
fstatfs(r0, &(0x7f00000030c0)=""/4094)

59.031007748s ago: executing program 5 (id=2154):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=@ipv4_newroute={0x2c, 0x1a, 0x1, 0x70bd28, 0x0, {0x2, 0x20, 0x20, 0x0, 0x0, 0x0, 0xff, 0x7}, [@RTA_IIF={0x8, 0x3, r2}, @RTA_DST={0x8, 0x1, @multicast1}]}, 0x2c}}, 0xea5bc50b6199d77e)

58.691367731s ago: executing program 5 (id=2156):
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000a40)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000cc0)="91ebffffff7f7d8625547e6fdcfb96c1d9b461ad7581ce705ad7203fb9e00e70512c27e5d5980dbbdb9d8dd381060e0f5bd279f6b8d9109f8e5b1ad6402331e7e4ba5a0300ee40f4ed347c7997c0c822b355f310b659f42003566ffc26878858a5f20373da0b75bed8465da60f840979b6b18d0cbeb297ce3e1e34d46e9e28b416e60e9f9dceb059bd608a506d563315b1a9c536f6ca7ec68acd35c32cdace2471dce1452c62550a9bf975bb6adf889077c111c77030761c0f5d6baccf58dd38bdc0889b5566", 0xc6}], 0x1}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000f00)="5604b1f93280601007f1bfc8446f785300fcfc78c557b8e530dc9f84187a0dd96c1488a0a665ec777782588791c4fd3b0443cd5bde128419bfe468e776011282e789dbfd36ffcbeddbc482d96b9f47e195afe70b764b941e9590c8cfb377d923eaffee045993ff1eb3737b9ec2", 0x6d}], 0x20}}], 0x2, 0x0)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
recvmmsg(r0, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0)

58.531040752s ago: executing program 35 (id=2156):
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000a40)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000cc0)="91ebffffff7f7d8625547e6fdcfb96c1d9b461ad7581ce705ad7203fb9e00e70512c27e5d5980dbbdb9d8dd381060e0f5bd279f6b8d9109f8e5b1ad6402331e7e4ba5a0300ee40f4ed347c7997c0c822b355f310b659f42003566ffc26878858a5f20373da0b75bed8465da60f840979b6b18d0cbeb297ce3e1e34d46e9e28b416e60e9f9dceb059bd608a506d563315b1a9c536f6ca7ec68acd35c32cdace2471dce1452c62550a9bf975bb6adf889077c111c77030761c0f5d6baccf58dd38bdc0889b5566", 0xc6}], 0x1}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000f00)="5604b1f93280601007f1bfc8446f785300fcfc78c557b8e530dc9f84187a0dd96c1488a0a665ec777782588791c4fd3b0443cd5bde128419bfe468e776011282e789dbfd36ffcbeddbc482d96b9f47e195afe70b764b941e9590c8cfb377d923eaffee045993ff1eb3737b9ec2", 0x6d}], 0x20}}], 0x2, 0x0)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
recvmmsg(r0, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0)

6.008780571s ago: executing program 0 (id=2773):
syz_usb_connect_ath9k(0x3, 0xfffffffffffffc62, 0x0, 0x0)
socket$key(0xf, 0x3, 0x2)
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)=ANY=[@ANYBLOB="9400000013004f0a000200"/20, @ANYRES32=r0, @ANYBLOB="00000000000000000800cfffecc507006c001a8054000a80140007"], 0x94}}, 0x20008841)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x8201, 0x4)

5.090187843s ago: executing program 6 (id=2782):
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x44, 0x0, 0x300, 0x70bd27, 0x25dfdbfb, {}, [@NBD_ATTR_TIMEOUT={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x6}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0xff}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8000000000000000}]}, 0x44}, 0x1, 0x0, 0x0, 0x20040001}, 0x40)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000080)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000008000000180001801400020073797a5f74756e0000000000000000001800028014000380100001800800010000000000040003"], 0x44}}, 0x0)

5.089740536s ago: executing program 6 (id=2783):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a05000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021940000000c0a01030000000000000000070000000900020073797a31000000000900010073797a30000000006800038064000080080003400000000258000b80200001800a00010071756f7461000000100002800c0001400000000000000000340001800a0001006c696d69740000002400028008000440000000010c0002400000f900000000000c0001"], 0x118}}, 0x0)

5.011690418s ago: executing program 6 (id=2784):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000480)=0x51f6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
mount$9p_unix(0x0, &(0x7f0000003600)='.\x00', 0x0, 0x2000000, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
syz_open_dev$sndctrl(0x0, 0x8002, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8)
clock_getres(0x3, 0x0)

3.668413044s ago: executing program 6 (id=2788):
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f00000001c0)={{0xf, 0x1}, 0x1, 0x5, 0x2, {0x0, 0xc}})

3.666750264s ago: executing program 4 (id=2789):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x58, 0x2, 0x6, 0x5, 0x0, 0x0, {0x0, 0x0, 0x3}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8}, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x70d5}]}]}, 0x58}}, 0x0)

3.570727732s ago: executing program 6 (id=2790):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = socket(0x25, 0x1, 0x0)
sendmsg$kcm(r1, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x41)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000800)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
read$FUSE(r2, &(0x7f00000024c0)={0x2020}, 0x2020)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1000, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r6 = fanotify_init(0xf00, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="02c90010000c0005001203080005000001ff030104"], 0x15)
syz_emit_vhci(0x0, 0x0)
ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609)
r7 = socket$inet6_udplite(0xa, 0x2, 0x88)
connect$inet6(r7, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000540), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r6}})
fanotify_mark(r6, 0x105, 0x5000003a, r5, 0x0)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)

3.55937174s ago: executing program 4 (id=2791):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, 0x0)
futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, &(0x7f000000b000)={0x77359400}, &(0x7f0000048000), 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000de0000000000000000180100002020702500000000002020207b1af8ff00000000bf"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r3}, 0x18)
r4 = socket$kcm(0x29, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef42d430f6296b72a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed40000000022278d00031e5388ee5c867ddd58211d6ece3ccb0cd2b6d3cffd962867a3a2f624f992daa94a6a556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff020000000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409e011f1264d43f153b3d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7000026a4e739c60f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf3f704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eedd9068ca1457870eb30d219e23ccc8e06dddeb61799257ab5000013c86ba99523d61a00000000c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb8629aeec90e6d1857da822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae200f279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522e8dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87995b51cb6febd5f34a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be10ba7dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2db484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b00ffffff7f000000000801f71d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cf0d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67856ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e2b8e7370baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b09000000d31df213c802d74797056fd3bca8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221fff0f0000705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f14fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab77847ce05c89411277ec69c409b7ec50a3337a78675f38a568612c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008f3a20b49fe7636806867283e35cff8d00e7b251bab3cf6377a24f8e8d4bda7503674bc94bf7f4d2fa6f25944bf0a186436d9f6831995976328a1fdc78492c65c1434855dc35c3cf7cf9610c5387794443c99b304799114132362849c3fa85d6379729ff9094933db0cfbe8887c50b87e1469fdf454cef4cbc5f7bf384000000000000a4e8c1a25f47c440144a9776be6cb40aafdb9d3cc8f6a6050974e1c4000000000000008b753f4e1bef9556efcc087a99dbf231167013a4b2eaf6338a0b100c98a331dffc09"], &(0x7f0000000140)='GPL\x00'}, 0x48)
r6 = socket$kcm(0x2, 0x1, 0x0)
sendmsg$inet(r6, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x20000811)
ioctl$sock_kcm_SIOCKCMATTACH(r4, 0x89e0, &(0x7f0000000040)={r6, r5})
sendmsg$kcm(r4, &(0x7f0000002080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f0000000880)="1a", 0x100000}], 0x1}, 0x0)
close(r4)
timer_settime(0x0, 0x1, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000003740)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20040080}, 0x4)

711.380249ms ago: executing program 0 (id=2792):
r0 = socket(0x10, 0x803, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100))
r1 = socket(0x1, 0x803, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000000)=0x14)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x40, 0x0, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @mcast1={0xff, 0x2}}, @IFA_FLAGS={0x8, 0x8, 0x702}]}, 0x34}}, 0x0)
r3 = socket(0x10, 0x803, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
sendmsg$nl_route(r3, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)

710.801635ms ago: executing program 6 (id=2793):
syz_mount_image$ocfs2(&(0x7f0000004740), &(0x7f0000004780)='./file0\x00', 0x100000a, &(0x7f00000002c0)={[{@journal_async_commit}, {@heartbeat_none}, {@usrquota}, {@barrier={'barrier', 0x3d, 0x7}}, {@heartbeat_none}, {@inode64}]}, 0x1, 0x4703, &(0x7f0000004800)="$eJzs212IXFcBB/BzJ6vZpMl2P9ImafoxSQQXLcumT9X6ENeqjabNh7bVVFlnN9vN6uzMujujBYPUIIiCoARBxQ+qQulLLYiBvtQiFPxAWoVSUbS+iBSq4INBG+jKzNybnXtntneyk7S0/f2gnb3n3nPumf3vPXfOPZNCrHZqYaW4sFIsVYrV2ftXbil+rlquL86FwqvktT4/vbkSOcn+tXPkfR/4yD23hPCHY1/70Orq6mpoGA5dHWj7+fy/T8+2vyYKmTqNdru31vLH+iMv/fwtr3REnhMhhB0d/WrYFEL42C9C2BxCGInLRuPXLSGEbSGEKITw6G/+9ePBfrrQ5uy9Lzx37MzhfWemHn/smQvzR9c9MArhu+XdN88vvrh/023Pv+MynR4AAF7RB48fufvo5IHwZBSGzg10fl7fGb8mn4/vfNun7np4YG3/Kr3Z9CqGCgAAABlr8//h6OUu63XJylqyJPjEAyfufipa229i+/p26K4jt79/8kC8/ht17L81Lvrnezc111Cz677Z9d+RTP3u679r53n4q8/+svLWjfc/6V9y3uEQFSZS24XCxEQIx6Za27uirYVydaX2zvur9crJjZ/3jSKdf3b1fm1Bv9f8RzPV89b/d3/i8z/bMtDPOxgL2b/axnax80+ZLtL5rz+W/+RLUU/5j2Xq5eV/x9Pbz/9qcz/vIHtGLkU6/9aFuK/9gGJrAGjk/82B/Px3ZNrPy//7U+cePbGB7/80xpnhqNHXwdQI8HJcvs5XmMhI598KIjV0xr/I9a7//2XyvybTfl7+d1b/8bu/9XH/X2/8H5/qp803j3T+rSCKqSPWrv+RQv71f22m/bz8f3vqz89+sq97dWf+jf6Pu//3JJ1/fCNOD57N32Sv4//OTPt5+e8au++hhQ30+8Nb4n4ORWGs7Vun5xq3sKG19ermlKaxe2kDJ3kTSOff+q2lLp2h1kvz+h/OH/93ZdrPy/+hPV9/z+m+vv/bffyfNP73JJ3/lmbZpeT/Uib/3Zn28/L/4em//+W+yzz+N7YPyr8n6fy3duxfe/5T6Gn+d12mft7zn32jTz3y1z7m/0n/kvMmz3+S5xDjUev5D92l879q3eN6vf/vydTLu/6/9Z/nn97fz/gfDXoC0Id0/ttahV0mgL3mf32m/bz8v3DPlz/+pw3M/5qf+AaT/Nvm/5tb5UeN/z1J57+9VZj6x1APNv/fvP9Hnbn/N5P/DZn28/K/cGhi4CuX+f7f6P94l0fZdErnP7TucY38f9/D/f/GTL28/L+496cv3tzX5/8QJs31Nyyd/9XrHte8/gfz878pUy8v/+9849dPPNhH/9/eR12y+bfu9anLKf5s3uv8v5hpPy//H42fP7v/Csz/bnX/70k6/9aq+aXkn53/7820n5f/9478YHngCjz/uUP+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGzIavw6HqDCR2i4UJiZCGIu3d4Wt0Uzp5PRMuTr7mZUQdsTlxTAazZerM6Xy9EKlenJuulQuV2dDuCbevyMMRivlam16sbR07cW2tkSn5krLtZm5Ui2EsDMuvz5sT9qaWagtlpaaxyZ1ropKn61Xa6WJ+srccth9sXxbUj6/XK0vXXexrasL1eWlU6XK9MmF5XdPTk5Ohj0X+zwSzT1Qm6vUWr1t7W3USeoOR21vprn7hrbzfbpaX66Uys3yG9vqlKuzpXJbnZvazldbrldmS7W56XJ1Pjlfsa1u23tr7t4b7xsPI6n3l9TNOhi/3n7o+EePHz7Qsb8YpfOu1BfnJrd3/5sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4I3rydve9e0QwkBrqxBCOJj8EMX/pZy994Xnjp05vO/M1OOPPXNh/mi3YwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4PztwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYuZ+XKro4DsBnxve+FkgpbYRcBoaI6E7Cgn4RSeU1smWb1kGtEjIoCgwjWhYEQVC7qCBoFVT+BVELl62qTS1aGERQMTqTlzvCDS90zHkeGM4Mc++ZLwzcO3M+hwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB+nN2x2JW1l3ZtXtq6+0PozM/9H0IYTZb3P+/tCD0hhK9fZk6HVdpCT1P/bybnxstXTX7v7R9/eH00WXv9xXeL63aHJB1qON6ZpOnQ0Nr736juDD6bHkxCSGMXQhQLY0/O1EIIHbELIYqfH+cvZr/v/8UuhCj6P9ztyu5/LXYhRLF196e+Wv6MR/Wcr18YbPzvb/UI3sYjOuvQ25NX3qVuauW9zN//k3zzPlgNsyeOvH8euwiimZ2bOhq7BgAA4O861yL/D1uW9+9fTkJPdzn3/9aU//c29b96/r/i3vYbYzNthRDbSmOT2fHwvnb63PhODVy9/bpmvKeq5P/VJv+vNvl/tcn/q03+X23yfzKv5P+V9PjmnsUXsYsgGvk/AABUz6HjE1P14ZHs5X/Tj85yXt+Xt/U8T39wa3rgUcO4kfzw33b42MSBg8Mj+X0vDwiurP+QLp39ns/3aG4Lk03zLlqt/9D7dGH+Wmf5E/U/nL9R1Fdc1/oPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAvdueehkEwCsPod1sRtdGqaMLCT4IPNDAiACnMaEAHEwZgIAQUMJBzlnuTZ3kBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA5/tXeV18f2mM9Foj0lR22bV/jqfZz9y3w/I+e9y4FQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZ24EAGAAAAQJi/dR7tBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4KkAAAD//8Oayzs=")
quotactl$Q_SETQUOTA(0xffffffff80000801, &(0x7f00000000c0)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000040)={0x4, 0x6, 0x10001, 0x0, 0x1, 0xfffffffffffffffd, 0x27, 0x36a, 0xffffffff})

641.350341ms ago: executing program 0 (id=2794):
r0 = socket$rxrpc(0x21, 0x2, 0x2)
r1 = syz_io_uring_setup(0x12ab, &(0x7f0000000140)={0x0, 0x7496, 0x800, 0x2, 0x1cf}, &(0x7f0000000380)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r0, 0x80, &(0x7f00000000c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e24, @private=0xa010102}}, 0x0, 0x0, 0x1})
io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0)

575.134034ms ago: executing program 4 (id=2795):
r0 = socket$inet6(0xa, 0x3, 0xff)
setsockopt$inet6_int(r0, 0x29, 0x16, &(0x7f00000001c0)=0x7f, 0x4)
close(r0)

420.996622ms ago: executing program 4 (id=2796):
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/5, 0x1c000, 0x800}, 0x20)
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f00000003c0)=0x800, 0x4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f00000000c0)=0x100, 0x4)
setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4)
bind$xdp(r0, &(0x7f00000001c0)={0x2c, 0x0, r2}, 0x10)
r3 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_TX_RING(r3, 0x11b, 0x3, &(0x7f0000000240)=0x800, 0x4)
bind$xdp(r3, &(0x7f0000000100)={0x2c, 0x1, r2, 0x0, r0}, 0x10)

310.872651ms ago: executing program 0 (id=2797):
r0 = socket(0x15, 0x5, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400), 0x0, 0x0, 0x0})
connect$unix(r0, &(0x7f0000000080)=@abs={0xa}, 0x6e)
getsockname$packet(r0, 0x0, &(0x7f0000000240))

261.82786ms ago: executing program 4 (id=2798):
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000004c0)={&(0x7f0000000280)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x6, [@enum={0x4, 0x2, 0x0, 0x6, 0x4, [{0x2}, {0x800000e}]}]}, {0x0, [0x0, 0x41, 0x2e, 0x5f]}}, 0x0, 0x3a, 0x0, 0x1}, 0x28)

199.241941ms ago: executing program 0 (id=2799):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x14, r1, 0x701, 0x0, 0x3, {0x45}}, 0x14}, 0x1, 0x0, 0x0, 0x8001}, 0x20040000)

101.641907ms ago: executing program 4 (id=2800):
mmap$IORING_OFF_SQES(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x3000005, 0xa830, 0xffffffffffffffff, 0x10000000)

0s ago: executing program 0 (id=2801):
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x4082, &(0x7f0000000380)={[{@errors_remount}]}, 0x1, 0x4c8, &(0x7f0000000a00)="$eJzs3c9rXNUeAPDvzDQ/m/f64z0er33wWuiDvh80kx88mogbV+qiIBbcKNSYTGPMJBMyk9qEgqnuunAhioK4EFeC/4Bu7EaLIK51L11IRWsEFYSRuTOTJmkmDjbJQO7nA7dz7jm38z2nw/fMnTO3cwNIrdO1PzIRAxHxRUQcqe9uPuB0/WHt7rXJ2paJavXid5nkuNp+89Dm3zscEasR0RsRTz4a8Vzm/rjl5ZXZiWKxsNjYz1fmFvLl5ZVzM3PvfVKYLswPj50fHx8bGh0Z37Wx3nj1hRsXPnq8+4OfXrlz67VPP651a6DRtnEcu6k+9K44tqHuUEQ8vBfBOiDXGE9fpzvCH1J7/f4SEWeS/D8SueTVBNKgWq1Wf632tGperQIHVjY5B85kByOiXs5mBwfr5/B/jf5ssVSu/O9yaWl+qn6ufDS6spdnioWhxmeFo9GVqe0PJ+V7+yNb9kcjknPg13N9yf7gZKk4tb9THbDF4S35/2Ounv9ASvjID+kl/yG95D+kl/yH9Gqd//372g9g/3n/h/SS/5Be8h/SS/5Desl/SC/5D6n0xIULta3a/P/vU1eWl2ZLV85NFcqzg3NLk4OTpcUYnC71fNje8xVLpYXh/8fS1XylUK7ky8srl+ZKS/OVSzNzE9PdUeja4/EA7Tt26uZXmYhYfagv2Wq6G21yFQ626kv13wAA0ifX6QkI6BhLf5BePuMD2/xE7ya9rRoWHijq74UF9lC20x0AOubsCd//QVpZ/4f0sv4P6bX5HN/ZAKRRZ9b/gU6y/g/pNbDh/j+ZZO2/fv+fP224d9dQRPw5Ir7MdfU07/UFHATZbzKN3D975F8DW1u7Mz8niwLdEfHi2xffvDpRqSwO1+q/X6+vvFWv7+5E94G2Jfk70nj0Rg4AqbZ299pkc1uvPLr3cb99pH4Rwv3xDzXWJnuT7yj71zKbrlXI7NK1C6vXI+Lv28XPNO53Xv/mo38td1/8443HTP0pkv4eSu6b/iDxb7/fbvwTG+L/c0P8kw/8rwLpcLM2/wxtl//ZJKdjPf82zz8Du3R9dOv5L7s+/+VazH+n2ozx/Dsv324Z/3rEyW3jN+P1JrG2xq/17Wyb8e8889TfWrVV302epze2id9UK+Urcwv58vLKuZm5ienCdGF+eOz8+PjY0OjIeD5Zo843V6q36o6Iz2/tNP7+bd//dh5/re4/bY7/l3989vTpHeL/+8z2r//xHeL3RcR/24z/w8jXz7Zqq8WfajH+7Nb4Gxb4anWjbcYvv/FYT5uHAgD7oLy8MjtRLBYWFRQUFNYLnZ6ZgL12L+k73RMAAAAAAAAAAACgXftxOXGnxwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcBD8FgAA//9EZNHw")
rmdir(&(0x7f0000000100)='./file0\x00')

kernel console output (not intermixed with test programs):

000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  200.514213][ T5985] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  200.520195][ T8910] netlink: 'syz.0.1179': attribute type 1 has an invalid length.
[  200.538702][ T8912] mmap: syz.4.1178 (8912) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  200.570155][ T8914] loop0: detected capacity change from 0 to 128
[  200.588511][ T8914] ufs: You didn't specify the type of your ufs filesystem
[  200.588511][ T8914] 
[  200.588511][ T8914] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  200.588511][ T8914] 
[  200.588511][ T8914] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  200.603742][ T8914] ufs: ufstype=old is supported read-only
[  200.610209][ T8914] ufs: ufs_fill_super(): bad magic number
[  200.676369][ T5985] usb 4-1: unable to get BOS descriptor or descriptor too short
[  200.680828][ T5985] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  200.688307][ T5985] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  200.701920][ T5985] usb 4-1: config 1 has no interface number 1
[  200.706432][ T5985] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  200.735436][ T5985] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  200.741856][ T5985] usb 4-1: New USB device strings: Mfr=20, Product=2, SerialNumber=3
[  200.748350][ T5985] usb 4-1: Product: syz
[  200.750121][ T5985] usb 4-1: Manufacturer: syz
[  200.754818][ T5985] usb 4-1: SerialNumber: syz
[  201.032079][ T8920] loop0: detected capacity change from 0 to 32768
[  201.135971][ T8920] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  201.178823][ T5985] usb 4-1: USB disconnect, device number 3
[  201.263698][ T8920] XFS (loop0): Ending clean mount
[  201.283678][ T5930] udevd[5930]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  201.289200][ T8920] XFS (loop0): Quotacheck needed: Please wait.
[  201.383821][ T8920] XFS (loop0): Quotacheck: Done.
[  201.571394][ T5936] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  201.719893][ T8137] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  202.180878][ T8939] loop0: detected capacity change from 0 to 1024
[  202.232045][ T8939] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  202.535276][ T5936] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  202.580141][ T8946] loop4: detected capacity change from 0 to 256
[  202.740443][ T8946] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[  202.908812][ T8946] exFAT-fs (loop4): IO charset iso8859- not found
[  203.781348][ T8970] loop4: detected capacity change from 0 to 256
[  203.794982][ T8970] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xb5f96684, utbl_chksum : 0xe619d30d)
[  203.856187][ T8971] loop0: detected capacity change from 0 to 4096
[  203.873825][ T8944] loop3: detected capacity change from 0 to 32768
[  203.885771][ T8944] bcachefs: bch2_fs_open() bch_fs_open err opening /dev/loop3: erofs_nochanges
[  203.899723][ T8944] bcachefs: bch2_fs_get_tree() error: erofs_nochanges
[  204.176459][ T8980] loop3: detected capacity change from 0 to 128
[  204.210107][ T8980] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  204.317672][ T8984] loop4: detected capacity change from 0 to 2048
[  204.333642][ T8986] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  204.484783][ T8993] loop3: detected capacity change from 0 to 128
[  204.587298][ T8997] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1214'.
[  204.904881][ T5999] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  205.003158][ T9022] loop4: detected capacity change from 0 to 1024
[  205.012166][ T9022] EXT4-fs: Ignoring removed orlov option
[  205.039310][ T9022] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  205.068345][ T5999] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  205.072702][ T5999] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  205.082265][ T5999] usb 1-1: New USB device found, idVendor=046d, idProduct=c623, bcdDevice= 0.00
[  205.091806][ T5999] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  205.102432][ T8204] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  205.114352][ T5999] usb 1-1: config 0 descriptor??
[  205.457302][ T9039] loop3: detected capacity change from 0 to 512
[  205.483405][ T9039] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  205.491631][ T9039] ext4 filesystem being mounted at /92/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  205.503255][ T9039] fs-verity (loop3, inode 15): Unrecognized descriptor size: 0 bytes
[  205.541956][ T8137] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  205.549756][ T5999] hid_parser_main: 3 callbacks suppressed
[  205.549774][ T5999] logitech 0003:046D:C623.0008: unknown main item tag 0x0
[  205.576209][ T5999] logitech 0003:046D:C623.0008: hidraw0: USB HID v0.00 Device [HID 046d:c623] on usb-dummy_hcd.0-1/input0
[  205.683410][ T9047] loop3: detected capacity change from 0 to 2048
[  205.686447][ T5998] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  205.719332][ T9047] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  205.726337][ T9047] ext4 filesystem being mounted at /94/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  205.743418][ T9047] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.1235: bg 0: block 345: padding at end of block bitmap is not set
[  205.758653][ T5985] usb 1-1: USB disconnect, device number 19
[  205.808404][ T8137] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  205.849634][ T5998] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  205.856662][ T5998] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  205.860413][ T5998] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  205.886190][ T5998] usb 5-1: config 0 descriptor??
[  205.899704][ T5998] pwc: Askey VC010 type 2 USB webcam detected.
[  205.912713][ T9051] loop3: detected capacity change from 0 to 1024
[  205.921930][ T9051] EXT4-fs: Ignoring removed bh option
[  205.937066][ T9051] EXT4-fs (loop3): invalid inodes per group: 204800
[  205.937066][ T9051] 
[  206.303067][ T5998] pwc: recv_control_msg error -32 req 02 val 2b00
[  206.325780][ T9065] loop3: detected capacity change from 0 to 256
[  206.329163][ T5998] pwc: recv_control_msg error -32 req 02 val 2700
[  206.330395][ T9065] FAT-fs (loop3): bogus logical sector size 0
[  206.336353][ T9065] FAT-fs (loop3): Can't find a valid FAT filesystem
[  206.336872][ T5998] pwc: recv_control_msg error -32 req 02 val 2c00
[  206.354852][ T5998] pwc: recv_control_msg error -32 req 04 val 1000
[  206.367603][ T5998] pwc: recv_control_msg error -32 req 04 val 1300
[  206.373015][ T5998] pwc: recv_control_msg error -32 req 04 val 1400
[  206.382625][ T5998] pwc: recv_control_msg error -32 req 02 val 2000
[  206.386330][ T5998] pwc: recv_control_msg error -32 req 02 val 2100
[  206.728608][ T9077] loop0: detected capacity change from 0 to 32768
[  206.731929][ T5998] pwc: recv_control_msg error -71 req 02 val 2500
[  206.736852][ T5998] pwc: recv_control_msg error -71 req 02 val 2400
[  206.739294][ T5998] pwc: recv_control_msg error -71 req 02 val 2600
[  206.744063][ T5998] pwc: recv_control_msg error -71 req 02 val 2900
[  206.749655][ T5998] pwc: recv_control_msg error -71 req 02 val 2800
[  206.754154][ T5998] pwc: recv_control_msg error -71 req 04 val 1100
[  206.758601][ T5998] pwc: recv_control_msg error -71 req 04 val 1200
[  206.768907][ T9077] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  206.792073][ T5998] pwc: Registered as video103.
[  206.796224][ T9077] XFS (loop0): Ending clean mount
[  206.797824][ T9075] loop3: detected capacity change from 0 to 32768
[  206.800837][ T9077] XFS (loop0): Quotacheck needed: Please wait.
[  206.807250][ T5998] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input9
[  206.819007][ T9077] XFS (loop0): Quotacheck: Done.
[  206.822619][ T5998] usb 5-1: USB disconnect, device number 5
[  206.865803][   T33] audit: type=1804 audit(1755103015.020:39): pid=9077 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1249" name="/newroot/404/file0/bus" dev="loop0" ino=9290 res=1 errno=0
[  206.917039][ T9075] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  206.954876][ T9075] XFS (loop3): Ending clean mount
[  206.967217][ T9075] XFS (loop3): Quotacheck needed: Please wait.
[  207.006909][   T33] audit: type=1804 audit(1755103015.160:40): pid=9096 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1249" name="/newroot/404/file0/bus" dev="loop0" ino=9290 res=1 errno=0
[  207.078628][ T9075] XFS (loop3): Quotacheck: Done.
[  207.107727][ T8137] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  207.431191][ T5936] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  207.702709][ T9110] netlink: 'syz.0.1255': attribute type 64 has an invalid length.
[  207.706475][ T9110] netlink: 'syz.0.1255': attribute type 4 has an invalid length.
[  207.710193][ T9110] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1255'.
[  208.188230][   T33] audit: type=1326 audit(1755103016.350:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9128 comm="syz.0.1260" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d6558ebe9 code=0x7ffc0000
[  208.204749][   T33] audit: type=1326 audit(1755103016.350:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9128 comm="syz.0.1260" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d6558ebe9 code=0x7ffc0000
[  208.213303][   T33] audit: type=1326 audit(1755103016.360:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9128 comm="syz.0.1260" exe="/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7f9d6558ebe9 code=0x7ffc0000
[  208.226222][   T33] audit: type=1326 audit(1755103016.360:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9128 comm="syz.0.1260" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d6558ebe9 code=0x7ffc0000
[  208.236255][   T33] audit: type=1326 audit(1755103016.360:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9128 comm="syz.0.1260" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d6558ebe9 code=0x7ffc0000
[  208.243496][   T33] audit: type=1326 audit(1755103016.360:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9128 comm="syz.0.1260" exe="/syz-executor" sig=0 arch=c000003e syscall=441 compat=0 ip=0x7f9d6558ebe9 code=0x7ffc0000
[  208.259865][   T33] audit: type=1326 audit(1755103016.420:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9128 comm="syz.0.1260" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d6558ebe9 code=0x7ffc0000
[  208.276186][   T33] audit: type=1326 audit(1755103016.420:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9128 comm="syz.0.1260" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d6558ebe9 code=0x7ffc0000
[  208.369957][ T9133] loop3: detected capacity change from 0 to 4096
[  208.376757][ T9133] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512).
[  208.520059][ T9140] loop3: detected capacity change from 0 to 4096
[  209.169522][ T9152] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.
[  209.173176][ T9152] overlayfs: missing 'lowerdir'
[  209.234174][ T9154] netlink: 'syz.0.1271': attribute type 4 has an invalid length.
[  209.677804][ T9166] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1277'.
[  209.681363][ T9166] netlink: 'syz.4.1277': attribute type 5 has an invalid length.
[  209.687316][ T9166] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1277'.
[  209.702963][   T13] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  209.711156][   T13] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  209.715340][   T13] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  209.718249][   T13] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  209.897652][ T5985] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  210.055822][ T5985] usb 4-1: Using ep0 maxpacket: 16
[  210.060027][ T5985] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  210.069679][ T5985] usb 4-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a
[  210.073128][ T5985] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  210.084219][ T5985] usb 4-1: Product: syz
[  210.086277][ T5985] usb 4-1: Manufacturer: syz
[  210.088074][ T5985] usb 4-1: SerialNumber: syz
[  210.092359][ T5985] usb 4-1: config 0 descriptor??
[  210.106188][ T5985] dm9601 4-1:0.0: probe with driver dm9601 failed with error -22
[  210.109935][ T5985] sr9700 4-1:0.0: probe with driver sr9700 failed with error -22
[  210.328777][ T5999] usb 4-1: USB disconnect, device number 4
[  211.001014][ T9212] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1298'.
[  211.007430][ T9212] vlan0: entered promiscuous mode
[  211.489706][ T9246] loop3: detected capacity change from 0 to 1024
[  211.534485][ T5998] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  211.539102][ T9246] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  211.593885][ T9246] EXT4-fs error (device loop3): ext4_xattr_inode_iget:437: inode #11: comm syz.3.1315: missing EA_INODE flag
[  211.609490][ T9246] EXT4-fs (loop3): Remounting filesystem read-only
[  211.642555][ T8137] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  211.735450][ T5998] usb 5-1: Using ep0 maxpacket: 8
[  211.739623][ T5998] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  211.743303][ T5998] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  211.780146][ T5998] pvrusb2: Hardware description: Terratec Grabster AV400
[  211.782891][ T5998] pvrusb2: **********
[  211.793907][ T5998] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  211.802574][ T5998] pvrusb2: Important functionality might not be entirely working.
[  211.806213][ T9257] loop3: detected capacity change from 0 to 164
[  211.810265][ T5998] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  211.816923][ T9257] rock: directory entry would overflow storage
[  211.821468][ T9257] rock: sig=0x4543, size=28, remaining=18
[  211.831527][ T5998] pvrusb2: **********
[  211.981129][ T2398] pvrusb2: Invalid write control endpoint
[  212.052480][ T2398] pvrusb2: Invalid write control endpoint
[  212.057939][ T2398] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  212.061444][ T2398] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  212.063753][ T2398] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  212.073577][ T2398] pvrusb2: Device being rendered inoperable
[  212.081598][ T2398] cx25840 3-0044: Unable to detect h/w, assuming cx23887
[  212.085728][ T2398] cx25840 3-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  212.105114][ T2398] pvrusb2: Attached sub-driver cx25840
[  212.119513][ T2398] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  212.124389][ T2398] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  212.186367][ T5998] usb 5-1: USB disconnect, device number 6
[  213.047513][ T9300] loop3: detected capacity change from 0 to 32768
[  213.072384][ T9300] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1340 (9300)
[  213.122057][ T9300] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  213.134736][ T9300] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm
[  213.138209][ T9300] BTRFS info (device loop3): disk space caching is enabled
[  213.141179][ T9300] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  213.423581][ T9300] BTRFS info (device loop3): rebuilding free space tree
[  213.770750][ T9300] BTRFS info (device loop3): disabling free space tree
[  213.773390][ T9300] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  213.777418][ T9300] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  213.817696][ T9300] BTRFS error (device loop3): unable to set label with more than 255 bytes
[  213.845493][ T8137] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  214.813017][ T9366] overlayfs: failed to clone upperpath
[  214.839235][ T5998] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  215.397724][ T5998] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  215.401598][ T5998] usb 4-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[  215.414135][ T5998] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  215.417737][ T5998] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  215.631664][ T5940] Bluetooth: hci2: Malformed LE Event: 0x0d
[  215.631994][ T6946] usb 4-1: USB disconnect, device number 5
[  215.704271][ T5998] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  215.856164][ T5998] usb 5-1: Using ep0 maxpacket: 16
[  215.861908][ T5998] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  215.866756][ T5998] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  215.873417][ T5998] usb 5-1: New USB device found, idVendor=1d6b, idProduct=1301, bcdDevice= 1.40
[  215.877329][ T5998] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  215.880519][ T5998] usb 5-1: Product: syz
[  215.882264][ T5998] usb 5-1: Manufacturer: syz
[  215.884523][ T5998] usb 5-1: SerialNumber: syz
[  216.101300][ T5998] usb 5-1: 0:2 : does not exist
[  216.107793][ T5998] usb 5-1: 5:0: failed to get current value for ch 0 (-22)
[  216.120869][ T5998] usb 5-1: 5:0: cannot get min/max values for control 2 (id 5)
[  216.128105][ T5998] usb 5-1: 5:0: failed to get current value for ch 0 (-22)
[  216.150761][ T5998] usb 5-1: 5:0: cannot get min/max values for control 8 (id 5)
[  216.164170][ T5998] usb 5-1: USB disconnect, device number 7
[  216.217362][ T5930] udevd[5930]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  216.321828][ T9383] loop3: detected capacity change from 0 to 512
[  216.329364][ T9383] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  216.356986][ T9383] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #16: comm syz.3.1370: invalid indirect mapped block 4294967295 (level 0)
[  216.363110][ T9383] EXT4-fs (loop3): Remounting filesystem read-only
[  216.367066][ T9383] EXT4-fs (loop3): 1 orphan inode deleted
[  216.369430][ T9383] EXT4-fs (loop3): 1 truncate cleaned up
[  216.376071][ T9383] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  216.404686][ T8137] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  217.723317][ T9433] loop3: detected capacity change from 0 to 128
[  217.749284][ T9433] FAT-fs (loop3): bogus number of reserved sectors
[  217.751306][ T9433] FAT-fs (loop3): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero
[  217.763380][ T9433] FAT-fs (loop3): Can't find a valid FAT filesystem
[  217.877312][ T9437] netdevsim netdevsim4 netdevsim0: entered allmulticast mode
[  217.888486][ T9437] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  218.127448][ T9455] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1402'.
[  218.130482][ T9455] openvswitch: netlink: push_nsh: missing base or metadata attributes
[  218.134259][ T9455] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  218.238014][ T9463] loop4: detected capacity change from 0 to 256
[  218.243778][ T9463] exfat: Deprecated parameter 'utf8'
[  218.281140][ T9463] exFAT-fs (loop4): error, data size is invalid(34359738378)
[  218.358586][ T9467] fuse: Bad value for 'fd'
[  218.599242][ T6946] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  218.637697][   T33] kauditd_printk_skb: 1 callbacks suppressed
[  218.637715][   T33] audit: type=1326 audit(1755103026.800:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9478 comm="syz.0.1413" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d6558ebe9 code=0x7ffc0000
[  218.652057][   T33] audit: type=1326 audit(1755103026.810:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9478 comm="syz.0.1413" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d6558ebe9 code=0x7ffc0000
[  218.667450][   T33] audit: type=1326 audit(1755103026.830:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9478 comm="syz.0.1413" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f9d6558ebe9 code=0x7ffc0000
[  218.684136][   T33] audit: type=1326 audit(1755103026.830:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9478 comm="syz.0.1413" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d6558ebe9 code=0x7ffc0000
[  218.694391][   T33] audit: type=1326 audit(1755103026.830:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9478 comm="syz.0.1413" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d6558ebe9 code=0x7ffc0000
[  218.716879][   T33] audit: type=1326 audit(1755103026.830:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9478 comm="syz.0.1413" exe="/syz-executor" sig=0 arch=c000003e syscall=52 compat=0 ip=0x7f9d6558ebe9 code=0x7ffc0000
[  218.727012][   T33] audit: type=1326 audit(1755103026.830:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9478 comm="syz.0.1413" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d6558ebe9 code=0x7ffc0000
[  218.738775][   T33] audit: type=1326 audit(1755103026.830:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9478 comm="syz.0.1413" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d6558ebe9 code=0x7ffc0000
[  218.747724][   T33] audit: type=1326 audit(1755103026.830:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9478 comm="syz.0.1413" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9d6558ebe9 code=0x7ffc0000
[  218.764298][ T6946] usb 5-1: Using ep0 maxpacket: 16
[  218.769135][   T33] audit: type=1326 audit(1755103026.830:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9478 comm="syz.0.1413" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d6558ebe9 code=0x7ffc0000
[  218.783388][ T6946] usb 5-1: config 0 has an invalid interface number: 68 but max is 0
[  218.789353][ T6946] usb 5-1: config 0 has no interface number 0
[  218.792040][ T6946] usb 5-1: config 0 interface 68 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 1023
[  218.799965][ T6946] usb 5-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=dc.c4
[  218.803772][ T6946] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  218.810059][ T6946] usb 5-1: Product: syz
[  218.811932][ T6946] usb 5-1: Manufacturer: syz
[  218.813899][ T6946] usb 5-1: SerialNumber: syz
[  218.826577][ T6946] usb 5-1: config 0 descriptor??
[  218.831845][ T9469] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  218.844606][ T6946] usb 5-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  219.062534][ T6946] usb 5-1: USB disconnect, device number 8
[  219.094136][ T6000] usb 5-1: Failed to submit usb control message: -71
[  219.101403][ T6000] usb 5-1: unable to send the bmi data to the device: -71
[  219.110755][ T6000] usb 5-1: unable to get target info from device
[  219.124187][ T6000] usb 5-1: could not get target info (-71)
[  219.126912][ T6000] usb 5-1: could not probe fw (-71)
[  220.080652][ T9509] loop3: detected capacity change from 0 to 256
[  220.149763][ T9509] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d)
[  220.157188][ T9509] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186)
[  221.205794][ T9525] loop3: detected capacity change from 0 to 4096
[  221.221364][ T9525] ntfs3(loop3): Mark volume as dirty due to NTFS errors
[  221.232375][ T9525] ntfs3(loop3): Failed to load $LogFile (-22).
[  221.332293][ T9534] loop4: detected capacity change from 0 to 512
[  221.381025][ T9534] FAT-fs (loop4): error, corrupted directory (invalid entries)
[  221.894200][ T5998] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  221.961049][ T9556] loop4: detected capacity change from 0 to 40427
[  221.979729][ T9556] F2FS-fs (loop4): invalid crc value
[  222.044123][ T5998] usb 4-1: Using ep0 maxpacket: 32
[  222.049528][ T9571] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1454'.
[  222.050078][ T5998] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  222.065692][ T5998] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  222.075644][ T5998] usb 4-1: New USB device found, idVendor=044e, idProduct=1215, bcdDevice= 0.00
[  222.079305][ T5998] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  222.082731][ T9556] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  222.089208][ T9556] F2FS-fs (loop4): Start checkpoint disabled!
[  222.095315][ T5998] usb 4-1: config 0 descriptor??
[  222.100930][ T9556] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  222.134816][ T9556] F2FS-fs (loop4): Stopped filesystem due to reason: 0
[  222.400392][ T9581] loop4: detected capacity change from 0 to 128
[  222.403683][ T9581] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[  222.410628][ T9581] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  222.508217][ T5998] hid-alps 0003:044E:1215.0009: collection stack underflow
[  222.517403][ T5998] hid-alps 0003:044E:1215.0009: item 0 2 0 12 parsing failed
[  222.521160][ T5998] hid-alps 0003:044E:1215.0009: parse failed
[  222.523303][ T5998] hid-alps 0003:044E:1215.0009: probe with driver hid-alps failed with error -22
[  222.945898][ T5999] usb 4-1: USB disconnect, device number 6
[  223.632585][ T9606] netlink: 'syz.4.1469': attribute type 3 has an invalid length.
[  223.790037][ T9616] loop4: detected capacity change from 0 to 512
[  223.820035][ T9616] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  223.839161][ T9616] ext4 filesystem being mounted at /164/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  223.897776][ T9616] EXT4-fs error (device loop4): ext4_get_inode_usage:884: inode #12: comm syz.4.1473: corrupted xattr block 6: invalid header
[  223.941198][ T8204] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  224.114275][ T5965] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  224.238722][ T9634] loop4: detected capacity change from 0 to 4096
[  224.256898][ T9634] ntfs3(loop4): ino=3, ntfs_set_state failed, -22.
[  224.260135][ T9634] ntfs3(loop4): Failed to initialize $Extend/$ObjId.
[  224.277171][ T9634] ntfs3(loop4): ino=1c, mi_enum_attr
[  224.282205][ T9634] ntfs3(loop4): ino=1b, "file0" ntfs_readdir
[  224.289523][ T5965] usb 4-1: New USB device found, idVendor=6189, idProduct=182d, bcdDevice= 1.73
[  224.293747][ T5965] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  224.297754][ T5965] usb 4-1: Product: syz
[  224.299093][ T5965] usb 4-1: Manufacturer: syz
[  224.300636][ T5965] usb 4-1: SerialNumber: syz
[  224.313664][ T5965] usb 4-1: config 0 descriptor??
[  224.315830][ T8381] ntfs3(loop4): ino=3, ntfs3_write_inode failed, -22.
[  224.318674][ T8204] ntfs3(loop4): ino=3, ntfs_set_state failed, -22.
[  224.321594][ T8204] ntfs3(loop4): Mark volume as dirty due to NTFS errors
[  224.328300][ T8204] ntfs3(loop4): ino=3, ntfs_set_state failed, -22.
[  224.330944][ T8381] ntfs3(loop4): ino=3, ntfs3_write_inode failed, -22.
[  224.575413][ T9650] loop4: detected capacity change from 0 to 8192
[  224.592122][ T9650] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  225.325497][ T5965] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  225.329575][ T5965] asix 4-1:0.0: probe with driver asix failed with error -71
[  225.340916][ T5965] usb 4-1: USB disconnect, device number 7
[  226.208491][ T9701] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1510'.
[  226.211895][ T9701] netlink: 'syz.3.1510': attribute type 5 has an invalid length.
[  226.217350][ T9701] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1510'.
[  226.234914][ T9701] geneve2: entered promiscuous mode
[  226.237036][ T9701] geneve2: entered allmulticast mode
[  226.242054][ T6000] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0
[  226.254574][ T6000] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0
[  226.258137][ T6000] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0
[  226.271712][ T6000] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0
[  226.462003][ T9711] batadv_slave_0: entered promiscuous mode
[  226.465942][ T9710] batadv_slave_0: left promiscuous mode
[  226.856667][ T9734] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.1525'.
[  227.900225][ T9754] netlink: 'syz.3.1534': attribute type 1 has an invalid length.
[  228.135615][ T9749] Invalid ELF header magic: != ELF
[  228.336879][ T9764] atomic_op ffff8880216eb998 conn xmit_atomic 0000000000000000
[  229.336281][ T5998] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  229.578258][ T5998] usb 4-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d
[  229.582969][ T5998] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  229.587385][ T5998] usb 4-1: Product: syz
[  229.589926][ T5998] usb 4-1: Manufacturer: syz
[  229.591904][ T5998] usb 4-1: SerialNumber: syz
[  229.599317][ T5998] r8152-cfgselector 4-1: Unknown version 0x0000
[  229.601848][ T5998] r8152-cfgselector 4-1: config 0 descriptor??
[  230.179369][ T5965] r8152-cfgselector 4-1: USB disconnect, device number 8
[  230.571921][ T9838] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1573'.
[  231.404138][ T9848] loop3: detected capacity change from 0 to 32768
[  231.412911][ T9848] XFS (loop3): DAX unsupported by block device. Turning off DAX.
[  231.417790][ T9848] XFS (loop3): Mounting V5 filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 in no-recovery mode. Filesystem will be inconsistent.
[  231.551250][ T8137] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  231.805551][ T9864] IPVS: sed: SCTP 172.20.20.187:0 - no destination available
[  231.892996][ T9866] loop3: detected capacity change from 0 to 256
[  231.910638][ T9866] exFAT-fs (loop3): error, The cluster chain has a loop
[  231.912905][ T9866] exFAT-fs (loop3): Filesystem has been set read-only
[  231.926842][ T9866] exFAT-fs (loop3): failed to count the number of clusters in root
[  231.929296][ T9866] exFAT-fs (loop3): failed to recognize exfat type
[  232.996405][ T9896] loop3: detected capacity change from 0 to 2048
[  233.020430][ T9896] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  233.532599][ T9895] UDF-fs: warning (device loop3): udf_truncate_tail_extent: Too long extent after EOF in inode 1367: i_size: 176128 lbcount: 180224 extent 129+144384
[  233.679239][ T9911] loop3: detected capacity change from 0 to 512
[  233.711289][ T9911] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  233.720118][ T9911] ext4 filesystem being mounted at /223/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  233.854221][ T5940] Bluetooth: hci1: command tx timeout
[  233.966736][ T8137] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  235.452106][ T9938] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1610'.
[  235.456795][ T9938] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1610'.
[  235.460801][ T9937] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1610'.
[  235.517301][ T9940] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.1611'.
[  236.079004][ T9969] netlink: 'syz.4.1624': attribute type 2 has an invalid length.
[  236.695857][ T9988] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  236.702659][ T9988] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  236.819526][ T9988] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  236.824165][ T9988] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  237.265437][ T9988] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  237.269876][ T9988] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  237.401981][ T9988] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  237.410783][ T9988] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  237.680302][ T6000] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 256 - 0
[  237.683852][ T6000] netdevsim netdevsim3 eth0: set [1, 1] type 2 family 0 port 6081 - 0
[  237.739446][ T6000] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 256 - 0
[  237.742907][ T6000] netdevsim netdevsim3 eth1: set [1, 1] type 2 family 0 port 6081 - 0
[  237.801573][   T13] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 256 - 0
[  237.806675][   T13] netdevsim netdevsim3 eth2: set [1, 1] type 2 family 0 port 6081 - 0
[  237.810166][   T13] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 256 - 0
[  237.813424][   T13] netdevsim netdevsim3 eth3: set [1, 1] type 2 family 0 port 6081 - 0
[  238.764876][T10011] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1640'.
[  238.768998][T10011] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1640'.
[  239.664181][   T51] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  239.814843][   T51] usb 5-1: Using ep0 maxpacket: 8
[  239.829884][   T51] usb 5-1: unable to get BOS descriptor or descriptor too short
[  239.842187][   T51] usb 5-1: unable to read config index 0 descriptor/start: -71
[  239.844832][   T51] usb 5-1: can't read configurations, error -71
[  240.066163][T10044] bridge_slave_0: default FDB implementation only supports local addresses
[  240.553089][T10072] vlan2: entered allmulticast mode
[  240.556378][T10072] vlan1: entered allmulticast mode
[  240.558383][T10072] veth0_vlan: entered allmulticast mode
[  240.689727][T10073] loop3: detected capacity change from 0 to 32768
[  240.702393][T10073] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1666 (10073)
[  240.719062][T10073] BTRFS info (device loop3): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  240.722767][T10073] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm
[  240.729454][T10080] netlink: 'syz.0.1669': attribute type 21 has an invalid length.
[  240.732546][T10080] IPv6: NLM_F_CREATE should be specified when creating new route
[  240.804408][T10073] BTRFS info (device loop3): rebuilding free space tree
[  240.821730][T10073] BTRFS info (device loop3): disabling free space tree
[  240.825228][T10073] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  240.828494][T10073] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  240.861612][ T8137] BTRFS info (device loop3): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  240.884774][   T51] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  241.049041][   T51] usb 5-1: Using ep0 maxpacket: 16
[  241.064584][   T51] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  241.068659][   T51] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  241.072848][   T51] usb 5-1: too many endpoints for config 1 interface 1 altsetting 48: 49, using maximum allowed: 30
[  241.100779][   T51] usb 5-1: config 1 interface 1 altsetting 48 has 0 endpoint descriptors, different from the interface descriptor's value: 49
[  241.114125][   T51] usb 5-1: config 1 interface 1 has no altsetting 0
[  241.119565][   T51] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  241.122980][   T51] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  241.132059][   T51] usb 5-1: Product: syz
[  241.140709][   T51] usb 5-1: Manufacturer: syz
[  241.142593][   T51] usb 5-1: SerialNumber: syz
[  241.195675][   T51] usb 5-1: selecting invalid altsetting 1
[  241.198060][   T51] usb 5-1: selecting invalid altsetting 0
[  241.200400][   T51] usb 5-1: selecting invalid altsetting 0
[  241.202802][   T51] cdc_ncm 5-1:1.0: bind() failure
[  241.374944][ T5998] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  241.402552][   T51] usb 5-1: selecting invalid altsetting 0
[  241.405868][   T51] usbtest 5-1:1.1: probe with driver usbtest failed with error -22
[  241.412187][   T51] usb 5-1: USB disconnect, device number 10
[  241.529253][ T5998] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  241.536150][ T5998] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  241.540079][ T5998] usb 4-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00
[  241.545355][ T5998] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  241.551581][ T5998] usb 4-1: config 0 descriptor??
[  241.604630][T10120] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1681'.
[  241.609165][T10120] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1681'.
[  241.911188][T10130] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1685'.
[  241.968983][ T5998] hid-led 0003:0FC5:B080.000A: unknown main item tag 0x0
[  242.497477][T10154] loop4: detected capacity change from 0 to 32768
[  242.515932][T10154] XFS (loop4): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  242.550512][T10154] XFS (loop4): Ending clean mount
[  242.571634][ T5998] usb 4-1: USB disconnect, device number 9
[  242.595808][ T8204] XFS (loop4): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  243.326792][T10187] loop3: detected capacity change from 0 to 1024
[  243.406872][T10188] RDS: rds_bind could not find a transport for fe80::bb, load rds_tcp or rds_rdma?
[  243.435832][   T33] kauditd_printk_skb: 9 callbacks suppressed
[  243.435920][   T33] audit: type=1800 audit(1755103051.600:69): pid=10188 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1707" name="file1" dev="loop3" ino=20 res=0 errno=0
[  245.284196][ T6946] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  245.474105][ T6946] usb 5-1: Using ep0 maxpacket: 16
[  245.498948][ T6946] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  245.510630][ T6946] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  245.521924][ T6946] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  245.546543][ T6946] usb 5-1: New USB device found, idVendor=1e7d, idProduct=31ce, bcdDevice= 0.00
[  245.552786][ T6946] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  245.560490][ T6946] usb 5-1: config 0 descriptor??
[  246.015292][T10217] loop3: detected capacity change from 0 to 32768
[  246.041882][ T6946] ryos 0003:1E7D:31CE.000B: hidraw0: USB HID v0.00 Device [HID 1e7d:31ce] on usb-dummy_hcd.4-1/input0
[  246.166716][T10217] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,journal_flush_disabled,fsck,recovery_pass_last=set_may_go_rw,reconstruct_alloc,no_data_io
[  246.166734][T10217]   allowing incompatible features above 0.0: (unknown version)
[  246.166740][T10217]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  246.183446][T10217] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0
[  246.187368][T10217] bcachefs (loop3): recovering from clean shutdown, journal seq 10
[  246.190884][T10217] bcachefs (loop3): Version upgrade required:
[  246.190884][T10217] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[  246.190884][T10217] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive
[  246.190884][T10217]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance
[  246.219295][T10217] bcachefs (loop3): dropping and reconstructing all alloc info
[  246.244065][T10217] bcachefs (loop3): accounting_read...
[  246.246586][ T6946] usb 5-1: USB disconnect, device number 11
[  246.251268][T10217]  done
[  246.252233][T10217] bcachefs (loop3): alloc_read... done
[  246.254951][T10217] bcachefs (loop3): snapshots_read... done
[  246.257685][T10217] bcachefs (loop3): check_allocations... done
[  246.279295][T10217] bcachefs (loop3): going read-write
[  246.292028][T10217] bcachefs (loop3): done starting filesystem
[  246.377863][   T33] audit: type=1800 audit(1755103054.520:70): pid=10217 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1718" name="file1" dev="loop3" ino=536870912 res=0 errno=0
[  246.406008][   T26] bcachefs (loop3): bucket incorrectly unset in freespace btree
[  246.406072][   T26]   u64s 5 type deleted 0:30:0 len 0 ver 0, , continuing
[  246.459446][   T26] bcachefs (loop3): bucket incorrectly unset in freespace btree
[  246.459467][   T26]   u64s 5 type deleted 0:29:0 len 0 ver 0, , continuing
[  246.470706][   T26] bcachefs (loop3): bucket incorrectly unset in freespace btree
[  246.470724][   T26]   u64s 5 type deleted 0:33:0 len 0 ver 0, , continuing
[  246.478678][ T8137] bcachefs (loop3): shutting down
[  246.480507][ T8137] bcachefs (loop3): going read-only
[  246.482085][ T8137] bcachefs (loop3): finished waiting for writes to stop
[  246.495786][ T8137] bcachefs (loop3): flushing journal and stopping allocators, journal seq 11
[  246.511465][   T26] bcachefs (loop3): bucket incorrectly unset in freespace btree
[  246.511484][   T26]   u64s 5 type deleted 0:43:0 len 0 ver 0, , continuing
[  246.537701][ T8137] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 11
[  246.570323][ T8137] bcachefs (loop3): unclean shutdown complete, journal seq 12
[  246.595240][ T8137] bcachefs (loop3): done going read-only, filesystem not clean
[  246.650542][ T8137] bcachefs (loop3): shutdown complete
[  248.237302][T10273] netlink: 'syz.4.1740': attribute type 9 has an invalid length.
[  248.240372][T10273] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1740'.
[  248.356368][T10279] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1743'.
[  248.359593][T10279] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1743'.
[  248.362889][T10279] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1743'.
[  248.781261][T10288] loop4: detected capacity change from 0 to 256
[  249.066145][   T33] audit: type=1326 audit(1755103057.220:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10291 comm="syz.4.1750" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcee698ebe9 code=0x7ffc0000
[  249.092635][   T33] audit: type=1326 audit(1755103057.220:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10291 comm="syz.4.1750" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcee698ebe9 code=0x7ffc0000
[  249.125035][T10294] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[  249.129049][T10294] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[  249.132595][T10294] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[  249.136129][T10294] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[  249.139799][T10294] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[  249.143434][T10294] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[  249.147437][T10294] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[  249.151256][T10294] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[  249.155312][T10294] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[  249.158974][T10294] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[  249.571538][T10301] PKCS8: Unsupported PKCS#8 version
[  249.726663][T10304] loop4: detected capacity change from 0 to 8192
[  249.745538][T10304] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  249.787816][T10307] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1755'.
[  249.933930][T10309] loop4: detected capacity change from 0 to 128
[  249.986334][T10309] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  249.999408][T10309] ext4 filesystem being mounted at /237/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  250.099043][ T8204] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  250.150905][T10313] loop3: detected capacity change from 0 to 4096
[  250.210497][T10313] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
[  250.213760][T10313] UDF-fs: Scanning with blocksize 512 failed
[  250.241327][T10313] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  250.270060][T10315] loop4: detected capacity change from 0 to 4096
[  250.278871][T10315] ntfs3(loop4): Different NTFS sector size (2048) and media sector size (512).
[  250.313690][T10313] UDF-fs: error (device loop3): udf_fiiter_advance_blk: extent after position 0 not allocated in directory (ino 1328)
[  250.877734][T10319] loop3: detected capacity change from 0 to 32768
[  250.910460][T10319] (syz.3.1761,10319,0):ocfs2_check_set_options:1259 ERROR: Group quotas were requested, but this filesystem does not have the feature enabled.
[  250.929871][T10319] (syz.3.1761,10319,1):ocfs2_fill_super:1177 ERROR: status = -22
[  251.576610][T10363] loop4: detected capacity change from 0 to 512
[  251.597221][T10363] EXT4-fs: Ignoring removed nomblk_io_submit option
[  251.599817][T10363] EXT4-fs: Ignoring removed bh option
[  251.634176][T10363] EXT4-fs error (device loop4): mb_free_blocks:2017: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt.
[  251.643273][T10346] loop3: detected capacity change from 0 to 32768
[  251.645593][T10363] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #11: comm syz.4.1779: corrupted inode contents
[  251.648324][T10346] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1772 (10346)
[  251.676592][T10363] EXT4-fs error (device loop4): ext4_dirty_inode:6538: inode #11: comm syz.4.1779: mark_inode_dirty error
[  251.691365][T10346] BTRFS info (device loop3 state S): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  251.702294][T10363] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.1779: invalid indirect mapped block 1 (level 1)
[  251.708500][T10363] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #11: comm syz.4.1779: corrupted inode contents
[  251.711538][T10346] BTRFS info (device loop3 state S): using crc32c (crc32c-lib) checksum algorithm
[  251.728007][T10363] EXT4-fs error (device loop4) in ext4_orphan_del:305: Corrupt filesystem
[  251.730924][T10346] BTRFS info (device loop3 state S): using free-space-tree
[  251.737646][T10363] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #11: comm syz.4.1779: corrupted inode contents
[  251.748050][T10363] EXT4-fs error (device loop4): ext4_truncate:4666: inode #11: comm syz.4.1779: mark_inode_dirty error
[  251.758678][T10363] EXT4-fs error (device loop4) in ext4_process_orphan:347: Corrupt filesystem
[  251.763603][T10363] EXT4-fs (loop4): 1 truncate cleaned up
[  251.774065][T10363] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  251.797672][T10363] EXT4-fs error (device loop4): ext4_find_dest_de:2052: inode #2: block 13: comm syz.4.1779: bad entry in directory: directory entry too close to block end - offset=76, inode=16, rec_len=940, size=1024 fake=0
[  251.810862][ T1091] BTRFS warning (device loop3 state S): checksum verify failed on logical 1052672 mirror 1 wanted 0x37e030f7 found 0xf6479a7e level 0, ignored
[  251.828631][  T156] BTRFS warning (device loop3 state S): checksum verify failed on logical 5332992 mirror 1 wanted 0x0a5e5d25 found 0x13388982 level 0, ignored
[  251.837287][ T1091] BTRFS warning (device loop3 state S): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0x28b693f7 level 0, ignored
[  251.854490][T10346] BTRFS error (device loop3 state S): failed to load root free space
[  251.878854][   T52] BTRFS warning (device loop3 state S): checksum verify failed on logical 5267456 mirror 1 wanted 0x22fa3277 found 0x0d9b21b0 level 0, ignored
[  251.881917][ T8204] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  251.937082][ T8137] BTRFS info (device loop3 state S): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  252.363458][T10402] macvlan2: entered promiscuous mode
[  252.387561][T10402] macvlan2: entered allmulticast mode
[  252.391639][T10402] veth1_vlan: entered allmulticast mode
[  252.397140][T10402] bond0: (slave macvlan2): Enslaving as an active interface with an up link
[  252.524233][ T5999] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  252.568504][ T5940] Bluetooth: hci0: unexpected event for opcode 0x0c03
[  252.676901][ T5999] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  252.681319][ T5999] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  252.700968][ T5999] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  252.722633][ T5999] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  252.748023][ T5999] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  252.751721][ T5999] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  252.761541][ T5999] usb 5-1: Manufacturer: syz
[  252.774649][ T5999] usb 5-1: config 0 descriptor??
[  252.781304][T10423] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1799'.
[  252.789480][T10423] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1799'.
[  253.002937][T10432] loop3: detected capacity change from 0 to 8
[  253.032875][T10432] SQUASHFS error: xz decompression failed, data probably corrupt
[  253.044225][T10432] SQUASHFS error: Failed to read block 0x108: -5
[  253.046883][T10432] SQUASHFS error: Unable to read metadata cache entry [106]
[  253.054779][T10432] SQUASHFS error: Unable to read inode 0x11f
[  253.087324][T10432] loop3: detected capacity change from 0 to 1024
[  253.091742][T10432] hfsplus: Bad value for 'gid'
[  253.218170][ T5999] appleir 0003:05AC:8243.000C: unknown main item tag 0x0
[  253.266339][ T5999] appleir 0003:05AC:8243.000C: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0
[  255.243612][T10458] misc userio: The device must be registered before sending interrupts
[  255.378635][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[  255.381240][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[  255.424251][ T5999] usb 5-1: USB disconnect, device number 12
[  255.913450][T10469] loop4: detected capacity change from 0 to 128
[  256.026184][T10473] netlink: 748 bytes leftover after parsing attributes in process `syz.4.1819'.
[  256.029837][T10473] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  256.856544][T10496] loop4: detected capacity change from 0 to 32768
[  256.943350][T10496] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  256.943367][T10496]   allowing incompatible features above 0.0: (unknown version)
[  256.943373][T10496]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  256.958299][T10496] bcachefs (loop4): Using encoding defined by superblock: utf8-12.1.0
[  256.961122][T10496] bcachefs (loop4): initializing new filesystem
[  256.970338][T10496] bcachefs (loop4): going read-write
[  256.977934][T10496] bcachefs (loop4): marking superblocks
[  256.985929][T10496] bcachefs (loop4): initializing freespace
[  256.990169][T10496] bcachefs (loop4): done initializing freespace
[  256.993586][T10496] bcachefs (loop4): reading snapshots table
[  256.995845][T10496] bcachefs (loop4): reading snapshots done
[  257.039537][T10496] bcachefs (loop4): done starting filesystem
[  257.326129][T10514] netlink: 180 bytes leftover after parsing attributes in process `syz.0.1832'.
[  257.332664][T10512] netlink: 180 bytes leftover after parsing attributes in process `syz.0.1832'.
[  257.337762][T10512] netlink: 180 bytes leftover after parsing attributes in process `syz.0.1832'.
[  258.329032][T10496] syz.4.1830 (10496) used greatest stack depth: 16056 bytes left
[  258.352008][ T8204] bcachefs (loop4): shutting down
[  258.354115][ T8204] bcachefs (loop4): going read-only
[  258.356212][ T8204] bcachefs (loop4): finished waiting for writes to stop
[  258.369303][ T8204] bcachefs (loop4): flushing journal and stopping allocators, journal seq 3
[  258.417391][ T8204] bcachefs (loop4): flushing journal and stopping allocators complete, journal seq 4
[  258.421716][ T8204] bcachefs (loop4): clean shutdown complete, journal seq 5
[  258.426142][ T8204] bcachefs (loop4): marking filesystem clean
[  258.452657][ T8204] bcachefs (loop4): shutdown complete
[  259.098432][T10562] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1855'.
[  259.101948][T10562] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1855'.
[  259.105559][T10562] netlink: 'syz.0.1855': attribute type 6 has an invalid length.
[  259.618422][   T51] IPVS: starting estimator thread 0...
[  259.706321][T10571] IPVS: using max 40 ests per chain, 96000 per kthread
[  260.460670][T10594] netlink: 'syz.0.1867': attribute type 1 has an invalid length.
[  260.800145][T10607] trusted_key: encrypted_key: insufficient parameters specified
[  260.851492][T10609] loop4: detected capacity change from 0 to 1024
[  262.454317][ T6946] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  262.604179][ T6946] usb 5-1: Using ep0 maxpacket: 8
[  262.608416][ T6946] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  262.612247][ T6946] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  262.632832][ T6946] pvrusb2: Hardware description: Terratec Grabster AV400
[  262.635987][ T6946] pvrusb2: **********
[  262.637679][ T6946] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  262.641792][ T6946] pvrusb2: Important functionality might not be entirely working.
[  262.645591][ T6946] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  262.649927][ T6946] pvrusb2: **********
[  262.838792][ T2398] pvrusb2: Invalid write control endpoint
[  262.880542][ T2398] pvrusb2: Invalid write control endpoint
[  262.883023][ T2398] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  262.887165][ T2398] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  262.890439][ T2398] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  262.894810][ T2398] pvrusb2: Device being rendered inoperable
[  262.900766][ T2398] cx25840 3-0044: Unable to detect h/w, assuming cx23887
[  262.905522][ T2398] cx25840 3-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_b)
[  262.913361][ T2398] pvrusb2: Attached sub-driver cx25840
[  262.919313][ T2398] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  262.923470][ T2398] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  263.044867][ T6946] usb 5-1: USB disconnect, device number 13
[  263.719799][T10656] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1895'.
[  263.801834][T10658] hsr0: entered promiscuous mode
[  263.806382][T10658] macsec1: entered allmulticast mode
[  263.808621][T10658] hsr0: entered allmulticast mode
[  263.810762][T10658] hsr_slave_0: entered allmulticast mode
[  263.813053][T10658] hsr_slave_1: entered allmulticast mode
[  263.824499][T10658] hsr0: left allmulticast mode
[  263.826543][T10658] hsr_slave_0: left allmulticast mode
[  263.829046][T10658] hsr_slave_1: left allmulticast mode
[  264.696791][T10690] loop4: detected capacity change from 0 to 2048
[  264.712001][T10693] netlink: 'syz.0.1913': attribute type 2 has an invalid length.
[  264.738295][T10690] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  264.817672][   T26] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 281 free clusters
[  264.828544][   T26] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  264.836419][   T26] EXT4-fs (loop4): This should not happen!! Data will be lost
[  264.836419][   T26] 
[  264.840443][   T26] EXT4-fs (loop4): Total free blocks count 0
[  264.843168][   T26] EXT4-fs (loop4): Free/Dirty block details
[  264.846329][   T26] EXT4-fs (loop4): free_blocks=4096
[  264.848505][   T26] EXT4-fs (loop4): dirty_blocks=512
[  264.850605][   T26] EXT4-fs (loop4): Block reservation details
[  264.853112][   T26] EXT4-fs (loop4): i_reserved_data_blocks=32
[  264.860841][  T156] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 18 with max blocks 480 with error 28
[  265.087081][T10708] loop4: detected capacity change from 0 to 2048
[  265.103502][T10708] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  265.111447][T10708] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4
[  265.118352][T10708] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  265.222324][T10710] loop4: detected capacity change from 0 to 4096
[  265.678878][T10714] loop4: detected capacity change from 0 to 32768
[  265.700707][T10714] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  265.738933][T10714] XFS (loop4): Ending clean mount
[  265.746097][T10714] XFS (loop4): Quotacheck needed: Please wait.
[  265.780318][T10714] XFS (loop4): Quotacheck: Done.
[  265.837952][ T8204] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  266.191342][T10732] loop4: detected capacity change from 0 to 2048
[  266.211209][T10732] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  266.223095][T10732] EXT4-fs (loop4): Online resizing not supported with bigalloc
[  266.251156][ T8204] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  266.844369][ T5999] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  267.014257][ T5999] usb 5-1: Using ep0 maxpacket: 32
[  267.020436][ T5999] usb 5-1: config index 0 descriptor too short (expected 156, got 27)
[  267.023611][ T5999] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  267.029825][ T5999] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  267.033326][ T5999] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  267.037728][ T5999] usb 5-1: config 0 interface 0 has no altsetting 0
[  267.042885][ T5999] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  267.050067][ T5999] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  267.053262][ T5999] usb 5-1: Product: syz
[  267.054901][ T5999] usb 5-1: Manufacturer: syz
[  267.056320][ T5999] usb 5-1: SerialNumber: syz
[  267.060394][ T5999] usb 5-1: config 0 descriptor??
[  267.074921][ T5999] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  267.081637][ T5999] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  267.277764][ T5999] usb 5-1: USB disconnect, device number 14
[  267.280080][    C1] ldusb 5-1:0.0: usb_submit_urb failed (-19)
[  267.283722][ T5999] ldusb 5-1:0.0: LD USB Device #0 now disconnected
[  268.035764][T10758] loop4: detected capacity change from 0 to 256
[  268.057279][T10758] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  268.061263][T10758] exFAT-fs (loop4): Medium has reported failures. Some data may be lost.
[  268.070287][T10758] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000ff98, chksum : 0xc64c1d22, utbl_chksum : 0xe619d30d)
[  268.830124][T10768] loop4: detected capacity change from 0 to 32768
[  268.835241][T10768] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1941 (10768)
[  268.842784][T10768] BTRFS info (device loop4 state S): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  268.864224][T10768] BTRFS info (device loop4 state S): using blake2b (blake2b-256-generic) checksum algorithm
[  268.868170][T10768] BTRFS info (device loop4 state S): using free-space-tree
[  268.912735][  T156] BTRFS warning (device loop4 state CS): checksum verify failed on logical 5341184 mirror 1 wanted 0xc53d3c5bb04ba5dfc01f4c277f0b81815915cb99da5074f609a3f7f617cf284a found 0x57db04402cb08b36c7d8de3bf52cd9ce10f350e17d517df49d0f07614b8ae9eb level 0, ignored
[  268.933692][T10768] BTRFS info (device loop4 state CS): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  269.246973][T10792] bridge0: entered allmulticast mode
[  269.284963][T10792] pim6reg: entered allmulticast mode
[  270.181076][T10824] net_ratelimit: 3320 callbacks suppressed
[  270.181124][T10824] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  270.266948][T10828] loop4: detected capacity change from 0 to 1024
[  270.329177][   T52] hfsplus: b-tree write err: -5, ino 4
[  270.437690][T10836] overlayfs: failed to clone upperpath
[  270.611834][T10845] loop4: detected capacity change from 0 to 16
[  270.626612][T10845] erofs (device loop4): mounted with root inode @ nid 36.
[  270.657981][T10845] erofs (device loop4): bogus lookback distance 1388 @ lcn 42 of nid 36
[  270.669165][T10845] erofs (device loop4): read error -117 @ 43 of nid 36
[  270.848247][T10851] virtiofs: Unknown parameter 'always'
[  270.989127][T10857] netlink: 204 bytes leftover after parsing attributes in process `syz.4.1977'.
[  271.544560][ T5235] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  271.549871][ T5235] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  271.553851][ T5235] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  271.563195][ T5235] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  271.567001][ T5235] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  271.647362][   T13] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  271.651295][   T13] netdevsim netdevsim3 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  271.706737][   T13] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  271.710536][   T13] netdevsim netdevsim3 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  271.749285][   T13] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  271.753173][   T13] netdevsim netdevsim3 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  271.811926][   T13] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  271.819606][   T13] netdevsim netdevsim3 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  271.836931][T10870] chnl_net:caif_netlink_parms(): no params data found
[  271.924733][T10870] bridge0: port 1(bridge_slave_0) entered blocking state
[  271.927518][T10870] bridge0: port 1(bridge_slave_0) entered disabled state
[  271.930455][T10870] bridge_slave_0: entered allmulticast mode
[  271.934726][T10870] bridge_slave_0: entered promiscuous mode
[  271.940175][T10870] bridge0: port 2(bridge_slave_1) entered blocking state
[  271.943086][T10870] bridge0: port 2(bridge_slave_1) entered disabled state
[  271.945940][T10870] bridge_slave_1: entered allmulticast mode
[  271.948793][T10870] bridge_slave_1: entered promiscuous mode
[  272.023039][T10870] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  272.025833][T10879] overlayfs: failed to clone upperpath
[  272.043909][T10870] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  272.138650][T10870] team0: Port device team_slave_0 added
[  272.142878][T10870] team0: Port device team_slave_1 added
[  272.186727][T10885] loop4: detected capacity change from 0 to 2048
[  272.193629][T10885] EXT4-fs: Ignoring removed bh option
[  272.233660][T10870] batman_adv: batadv0: Adding interface: batadv_slave_0
[  272.243257][T10870] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  272.263717][T10885] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  272.271319][T10870] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  272.278754][T10870] batman_adv: batadv0: Adding interface: batadv_slave_1
[  272.285698][T10870] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  272.298250][T10870] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  272.304751][   T13] bridge_slave_1: left allmulticast mode
[  272.306869][   T13] bridge_slave_1: left promiscuous mode
[  272.311695][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  272.320479][   T13] bridge_slave_0: left allmulticast mode
[  272.322917][   T13] bridge_slave_0: left promiscuous mode
[  272.326876][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  273.306204][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  273.329842][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  273.351589][   T13] bond0 (unregistering): (slave macvlan2): Releasing backup interface
[  273.357937][   T13] veth1_vlan: left allmulticast mode
[  273.363065][   T13] bond0 (unregistering): Released all slaves
[  273.547710][T10870] hsr_slave_0: entered promiscuous mode
[  273.551091][T10870] hsr_slave_1: entered promiscuous mode
[  273.553796][T10870] debugfs: 'hsr0' already exists in 'hsr'
[  273.555900][T10870] Cannot create hsr debugfs directory
[  273.616515][ T5235] Bluetooth: hci2: command tx timeout
[  274.027503][   T13] hsr_slave_0: left promiscuous mode
[  274.034229][   T13] hsr_slave_1: left promiscuous mode
[  274.044674][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  274.047766][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  274.068547][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  274.071668][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  274.146688][   T13] veth1_macvtap: left promiscuous mode
[  274.154592][   T13] veth0_macvtap: left promiscuous mode
[  274.157900][   T13] veth1_vlan: left promiscuous mode
[  274.327031][ T8204] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  274.554390][T10911] loop4: detected capacity change from 0 to 128
[  274.596842][T10911] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  274.607204][T10911] FAT-fs (loop4): Filesystem has been set read-only
[  274.611292][T10911] FAT-fs (loop4): error, invalid FAT chain (i_pos 548, last_block 8)
[  275.020219][T10919] loop4: detected capacity change from 0 to 32768
[  275.030844][T10919] bcachefs (/dev/loop4): error validating superblock: Invalid superblock section members_v2: section too small (63114 > 64)
[  275.030844][T10919] members_v2 (size 64):
[  275.030844][T10919] nr_devices mismatch: have 0 entries, should be 1
[  275.062387][T10919] bcachefs: bch2_fs_get_tree() error: invalid_sb_members
[  275.337712][   T13] team0 (unregistering): Port device team_slave_1 removed
[  275.439126][   T13] team0 (unregistering): Port device team_slave_0 removed
[  275.703015][ T5235] Bluetooth: hci2: command tx timeout
[  276.023373][T10940] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.2007'.
[  276.457028][T10946] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2009'.
[  276.659569][T10915] macvtap0: entered promiscuous mode
[  276.662217][T10915] macvtap0: left promiscuous mode
[  276.875934][T10870] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  276.917219][T10870] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  276.929908][T10870] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  276.936281][T10870] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  277.458795][T10870] 8021q: adding VLAN 0 to HW filter on device bond0
[  277.504808][T10870] 8021q: adding VLAN 0 to HW filter on device team0
[  277.536382][ T1091] bridge0: port 1(bridge_slave_0) entered blocking state
[  277.540461][ T1091] bridge0: port 1(bridge_slave_0) entered forwarding state
[  277.608171][ T1091] bridge0: port 2(bridge_slave_1) entered blocking state
[  277.611147][ T1091] bridge0: port 2(bridge_slave_1) entered forwarding state
[  277.794234][ T5235] Bluetooth: hci2: command tx timeout
[  278.387865][T10870] 8021q: adding VLAN 0 to HW filter on device batadv0
[  279.088183][T10870] veth0_vlan: entered promiscuous mode
[  279.116550][T10870] veth1_vlan: entered promiscuous mode
[  279.175005][T10870] veth0_macvtap: entered promiscuous mode
[  279.192820][T10870] veth1_macvtap: entered promiscuous mode
[  279.224601][T11013] overlayfs: failed to resolve './file0': -2
[  279.228003][T10870] batman_adv: batadv0: Interface activated: batadv_slave_0
[  279.242552][T10870] batman_adv: batadv0: Interface activated: batadv_slave_1
[  279.259895][ T6000] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  279.264931][ T6000] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  279.279138][ T6000] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  279.300175][ T6000] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  279.354411][   T27] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  279.357891][   T27] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  279.600290][ T3545] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  279.603536][ T3545] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  279.874334][ T5235] Bluetooth: hci2: command tx timeout
[  280.533675][T11045] loop4: detected capacity change from 0 to 4096
[  280.598135][T11045] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  280.640599][T11045] Quota error (device loop4): do_check_range: Getting block 327682 out of range 1-5
[  280.658137][T11045] Quota error (device loop4): qtree_read_dquot: Can't read quota structure for id 0
[  280.670819][T11045] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.2028: Failed to acquire dquot type 1
[  280.705872][T11060] Quota error (device loop4): do_check_range: Getting block 327682 out of range 1-5
[  280.726055][T11060] Quota error (device loop4): qtree_read_dquot: Can't read quota structure for id 0
[  280.729335][T11060] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.2028: Failed to acquire dquot type 1
[  280.816802][ T8204] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  281.544685][T11092] loop5: detected capacity change from 0 to 1024
[  281.590026][T11092] hfsplus: bad catalog entry type
[  281.632920][   T26] hfsplus: b-tree write err: -5, ino 4
[  281.904093][ T5985] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  282.055677][ T5985] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  282.058741][ T5985] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  282.070313][ T5985] usb 6-1: config 0 descriptor??
[  282.074586][ T5985] cp210x 6-1:0.0: cp210x converter detected
[  282.482092][ T5985] cp210x 6-1:0.0: failed to get vendor val 0x000e size 3: -32
[  282.707827][ T5985] cp210x 6-1:0.0: failed to get vendor val 0x370c size 15: -71
[  282.710239][ T5985] cp210x 6-1:0.0: GPIO initialisation failed: -71
[  282.715120][ T5985] usb 6-1: cp210x converter now attached to ttyUSB0
[  282.720231][ T5985] usb 6-1: USB disconnect, device number 2
[  282.725934][ T5985] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  282.729215][ T5985] cp210x 6-1:0.0: device disconnected
[  282.887862][ T5235] Bluetooth: hci0: ACL packet for unknown connection handle 201
[  283.792198][T11145] netlink: 'syz.5.2057': attribute type 1 has an invalid length.
[  284.010773][T11152] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2060'.
[  285.236404][T11194] netlink: 84 bytes leftover after parsing attributes in process `syz.4.2078'.
[  285.362780][T11198] syz_tun: entered allmulticast mode
[  285.371219][T11197] syz_tun: left allmulticast mode
[  285.590540][T11210] loop4: detected capacity change from 0 to 256
[  285.630870][T11210] FAT-fs (loop4): Directory bread(block 64) failed
[  285.633472][T11210] FAT-fs (loop4): Directory bread(block 65) failed
[  285.636237][T11210] FAT-fs (loop4): Directory bread(block 66) failed
[  285.638880][T11210] FAT-fs (loop4): Directory bread(block 67) failed
[  285.641422][T11210] FAT-fs (loop4): Directory bread(block 68) failed
[  285.643855][T11210] FAT-fs (loop4): Directory bread(block 69) failed
[  285.649144][T11210] FAT-fs (loop4): Directory bread(block 70) failed
[  285.651624][T11210] FAT-fs (loop4): Directory bread(block 71) failed
[  285.654539][T11210] FAT-fs (loop4): Directory bread(block 72) failed
[  285.656978][T11210] FAT-fs (loop4): Directory bread(block 73) failed
[  285.776456][T11214] netlink: 'syz.0.2088': attribute type 1 has an invalid length.
[  285.810251][T11214] 8021q: adding VLAN 0 to HW filter on device bond1
[  286.374817][T11235] loop5: detected capacity change from 0 to 512
[  286.389960][T11235] EXT4-fs error (device loop5): ext4_orphan_get:1392: inode #15: comm syz.5.2098: casefold flag without casefold feature
[  286.405526][T11235] EXT4-fs error (device loop5): ext4_orphan_get:1397: comm syz.5.2098: couldn't read orphan inode 15 (err -117)
[  286.412590][T11235] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  286.446914][T10870] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  286.537088][   T13] bridge_slave_1: left promiscuous mode
[  286.539746][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  286.548537][   T13] bridge_slave_0: left promiscuous mode
[  286.551103][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  287.228816][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  287.235552][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  287.239357][   T13] bond0 (unregistering): Released all slaves
[  287.250166][T11245] veth0_to_bridge: entered promiscuous mode
[  287.330423][T11244] veth0_to_bridge: left promiscuous mode
[  288.302527][   T13] hsr_slave_0: left promiscuous mode
[  288.354259][   T13] hsr_slave_1: left promiscuous mode
[  288.357466][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  288.371505][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  288.992065][T11284] loop5: detected capacity change from 0 to 32768
[  289.054171][T11284] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  289.076217][T11295] loop4: detected capacity change from 0 to 1024
[  289.095997][T11284] XFS (loop5): Ending clean mount
[  289.112239][T11295] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  289.143512][T11284] XFS (loop5): Quotacheck needed: Please wait.
[  289.207579][T11284] XFS (loop5): Quotacheck: Done.
[  289.230786][ T8204] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  289.321795][T10870] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  289.499855][   T13] team0 (unregistering): Port device team_slave_1 removed
[  289.569651][   T13] team0 (unregistering): Port device team_slave_0 removed
[  289.769751][T11308] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  290.511691][T11300] bridge1: entered promiscuous mode
[  291.066141][   T13] IPVS: stop unused estimator thread 0...
[  291.157786][T11347] netlink: 'syz.0.2134': attribute type 10 has an invalid length.
[  291.213601][T11347] team0: Port device wlan1 added
[  291.465943][T11332] loop4: detected capacity change from 0 to 32768
[  291.715611][T11332] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.2128 (11332)
[  291.741250][T11332] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  291.750181][T11332] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm
[  291.766860][T11332] BTRFS info (device loop4): using free-space-tree
[  292.004482][T11332] BTRFS info (device loop4): rebuilding free space tree
[  292.310923][ T8204] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  292.482040][T11402] loop5: detected capacity change from 0 to 2048
[  292.487051][T11402] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  293.636305][T11415] netlink: 4768 bytes leftover after parsing attributes in process `syz.0.2149'.
[  294.006632][T11424] loop5: detected capacity change from 0 to 8
[  294.030919][T10870] SQUASHFS error: Unable to read directory block [631:72]
[  294.065701][T10870] SQUASHFS error: Unable to read inode 0xe3
[  294.069210][T10870] SQUASHFS error: Unable to read inode 0xe3
[  294.249650][T11434] loop4: detected capacity change from 0 to 512
[  294.282469][T11434] EXT4-fs: Ignoring removed mblk_io_submit option
[  294.286744][T11434] EXT4-fs: Ignoring removed mblk_io_submit option
[  294.293404][T11434] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  294.321180][T11434] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c118, mo2=0002]
[  294.332611][T11434] EXT4-fs error (device loop4): ext4_iget_extra_inode:5104: inode #15: comm syz.4.2155: corrupted in-inode xattr: e_value size too large
[  294.346363][T11434] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.2155: couldn't read orphan inode 15 (err -117)
[  294.361005][T11434] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  294.372898][T11434] EXT4-fs (loop4): shut down requested (1)
[  294.429573][ T8204] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  294.596105][ T5948] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  294.641383][T11447] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2160'.
[  294.807754][ T5948] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  294.926668][ T5948] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  294.981545][ T5940] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  294.990919][ T5940] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  294.996661][ T5940] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  295.002699][ T5940] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  295.008888][ T5940] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  295.055278][ T5948] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  295.117630][T11471] netlink: 'syz.4.2168': attribute type 4 has an invalid length.
[  295.312988][T11476] loop4: detected capacity change from 0 to 4096
[  295.368890][T11483] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  295.390013][   T33] audit: type=1800 audit(1755103103.550:73): pid=11476 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2171" name="file1" dev="loop4" ino=15 res=0 errno=0
[  295.442562][T11485] 8021q: VLANs not supported on lo
[  295.456533][ T5948] bridge_slave_1: left allmulticast mode
[  295.459815][ T5948] bridge_slave_1: left promiscuous mode
[  295.462999][ T5948] bridge0: port 2(bridge_slave_1) entered disabled state
[  295.500179][ T5948] bridge_slave_0: left allmulticast mode
[  295.502471][ T5948] bridge_slave_0: left promiscuous mode
[  295.513762][ T5948] bridge0: port 1(bridge_slave_0) entered disabled state
[  296.011806][ T5948] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  296.018051][ T5948] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  296.023096][ T5948] bond0 (unregistering): Released all slaves
[  296.172439][T11464] chnl_net:caif_netlink_parms(): no params data found
[  296.173583][   T33] audit: type=1326 audit(1755103104.330:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11500 comm="syz.4.2176" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcee698ebe9 code=0x7ffc0000
[  296.197563][   T33] audit: type=1326 audit(1755103104.350:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11500 comm="syz.4.2176" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcee698ebe9 code=0x7ffc0000
[  296.469152][T11464] bridge0: port 1(bridge_slave_0) entered blocking state
[  296.472203][T11464] bridge0: port 1(bridge_slave_0) entered disabled state
[  296.482284][T11464] bridge_slave_0: entered allmulticast mode
[  296.487512][T11464] bridge_slave_0: entered promiscuous mode
[  296.494682][T11464] bridge0: port 2(bridge_slave_1) entered blocking state
[  296.499909][T11464] bridge0: port 2(bridge_slave_1) entered disabled state
[  296.504892][T11464] bridge_slave_1: entered allmulticast mode
[  296.512407][T11464] bridge_slave_1: entered promiscuous mode
[  296.680520][T11464] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  296.685195][T11464] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  296.807403][T11464] team0: Port device team_slave_0 added
[  296.812966][T11464] team0: Port device team_slave_1 added
[  296.949552][ T5948] hsr_slave_0: left promiscuous mode
[  296.957970][ T5948] hsr_slave_1: left promiscuous mode
[  296.964175][ T5948] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  296.967271][ T5948] batman_adv: batadv0: Removing interface: batadv_slave_0
[  296.977963][ T5948] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  296.984549][ T5948] batman_adv: batadv0: Removing interface: batadv_slave_1
[  297.025916][ T5948] veth1_macvtap: left promiscuous mode
[  297.031681][ T5948] veth0_macvtap: left promiscuous mode
[  297.035409][ T5948] veth1_vlan: left promiscuous mode
[  297.038645][T11529] loop4: detected capacity change from 0 to 4096
[  297.047675][ T5948] veth0_vlan: left promiscuous mode
[  297.050522][T11529] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512).
[  297.134429][ T5940] Bluetooth: hci2: command tx timeout
[  297.339278][T11533] netlink: 'syz.0.2184': attribute type 1 has an invalid length.
[  297.342471][T11533] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2184'.
[  297.796164][ T5948] team0 (unregistering): Port device team_slave_1 removed
[  297.848883][ T5948] team0 (unregistering): Port device team_slave_0 removed
[  298.328306][T11464] batman_adv: batadv0: Adding interface: batadv_slave_0
[  298.330587][T11464] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  298.375366][T11464] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  298.383758][T11464] batman_adv: batadv0: Adding interface: batadv_slave_1
[  298.402762][T11464] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  298.427065][T11464] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  298.517782][T11464] hsr_slave_0: entered promiscuous mode
[  298.521189][T11464] hsr_slave_1: entered promiscuous mode
[  298.884099][   T33] audit: type=1326 audit(1755103107.030:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11571 comm="syz.4.2196" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcee698ebe9 code=0x7ff00000
[  298.891572][   T33] audit: type=1326 audit(1755103107.030:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11571 comm="syz.4.2196" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcee698ebe9 code=0x7ff00000
[  298.934048][   T33] audit: type=1326 audit(1755103107.030:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11571 comm="syz.4.2196" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcee698ebe9 code=0x7ff00000
[  298.950066][   T33] audit: type=1326 audit(1755103107.030:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11571 comm="syz.4.2196" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcee698ebe9 code=0x7ff00000
[  298.967170][   T33] audit: type=1326 audit(1755103107.030:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11571 comm="syz.4.2196" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcee698ebe9 code=0x7ff00000
[  298.980110][   T33] audit: type=1326 audit(1755103107.030:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11571 comm="syz.4.2196" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcee698ebe9 code=0x7ff00000
[  298.989301][   T33] audit: type=1326 audit(1755103107.030:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11571 comm="syz.4.2196" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcee698ebe9 code=0x7ff00000
[  299.033841][T11464] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  299.060159][T11464] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  299.069730][T11464] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  299.086801][T11464] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  299.227675][ T5940] Bluetooth: hci2: command tx timeout
[  299.238000][T11591] loop4: detected capacity change from 0 to 256
[  299.251550][T11464] 8021q: adding VLAN 0 to HW filter on device bond0
[  299.259940][T11591] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xb5fb52fc, utbl_chksum : 0xe619d30d)
[  299.312460][T11464] 8021q: adding VLAN 0 to HW filter on device team0
[  299.340613][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  299.343481][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  299.369182][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  299.372046][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  299.549689][T11604] loop4: detected capacity change from 0 to 16
[  299.566646][T11604] erofs (device loop4): EXPERIMENTAL EROFS subpage compressed block support in use. Use at your own risk!
[  299.571352][T11604] erofs (device loop4): mounted with root inode @ nid 36.
[  299.589121][T11604] erofs (device loop4): read error -117 @ 0 of nid 36
[  299.652698][T11464] 8021q: adding VLAN 0 to HW filter on device batadv0
[  300.095918][T11464] veth0_vlan: entered promiscuous mode
[  300.117401][T11464] veth1_vlan: entered promiscuous mode
[  300.167016][T11464] veth0_macvtap: entered promiscuous mode
[  300.192630][T11464] veth1_macvtap: entered promiscuous mode
[  300.236227][T11464] batman_adv: batadv0: Interface activated: batadv_slave_0
[  300.278727][T11464] batman_adv: batadv0: Interface activated: batadv_slave_1
[  300.307831][ T6000] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  300.311373][ T6000] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  300.353220][ T6000] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  300.367645][ T6000] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  300.511011][   T26] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  300.524753][   T26] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  300.612159][ T8381] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  300.616492][ T8381] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  301.295243][ T5940] Bluetooth: hci2: command tx timeout
[  302.698363][T11726] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2239'.
[  302.748374][T11729] loop4: detected capacity change from 0 to 512
[  302.788585][T11729] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a842c11d, mo2=0002]
[  302.797715][T11729] System zones: 1-12
[  302.806536][T11729] EXT4-fs error (device loop4): ext4_iget_extra_inode:5104: inode #15: comm syz.4.2240: corrupted in-inode xattr: e_value size too large
[  302.831200][T11729] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.2240: couldn't read orphan inode 15 (err -117)
[  302.848391][T11729] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  302.910431][ T8204] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  303.104411][ T5965] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  303.266253][ T5965] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  303.274855][ T5965] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  303.278741][ T5965] usb 7-1: New USB device found, idVendor=0c70, idProduct=f00d, bcdDevice= 0.00
[  303.294271][ T5965] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  303.303617][ T5965] usb 7-1: config 0 descriptor??
[  303.377939][ T5940] Bluetooth: hci2: command tx timeout
[  303.733467][ T5965] aquacomputer_d5next 0003:0C70:F00D.000D: hidraw0: USB HID v0.00 Device [HID 0c70:f00d] on usb-dummy_hcd.6-1/input0
[  303.850524][T11801] netlink: 'syz.4.2263': attribute type 1 has an invalid length.
[  303.928179][    T9] usb 7-1: USB disconnect, device number 2
[  303.943079][T11805] loop4: detected capacity change from 0 to 4096
[  303.954553][T11805] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  303.963006][   T33] kauditd_printk_skb: 75 callbacks suppressed
[  303.963018][   T33] audit: type=1800 audit(1755103112.120:158): pid=11805 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2264" name="bus" dev="loop4" ino=18 res=0 errno=0
[  303.987037][ T8204] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  304.349154][T11829] PM: Enabling pm_trace changes system date and time during resume.
[  304.349154][T11829] PM: Correct system time has to be restored manually after resume.
[  304.685812][T11860] netlink: 'syz.4.2281': attribute type 3 has an invalid length.
[  305.005191][T11889] ieee802154 phy0 wpan0: encryption failed: -90
[  306.081733][T11928] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  306.177751][T11932] loop6: detected capacity change from 0 to 256
[  306.222354][T11932] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xf6e00961, utbl_chksum : 0xe619d30d)
[  306.252246][T11935] syzkaller1: entered promiscuous mode
[  306.264145][T11935] syzkaller1: entered allmulticast mode
[  306.595740][T11957] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2313'.
[  306.600045][T11957] (unnamed net_device) (uninitialized): option min_links: invalid value (18446744073709551614)
[  306.603362][T11957] (unnamed net_device) (uninitialized): option min_links: allowed values 0 - 2147483647
[  306.639761][T11960] loop6: detected capacity change from 0 to 512
[  306.707290][T11960] EXT4-fs warning (device loop6): dx_probe:801: inode #2: comm syz.6.2312: Unrecognised inode hash code 255
[  306.711844][T11960] EXT4-fs warning (device loop6): dx_probe:934: inode #2: comm syz.6.2312: Corrupt directory, running e2fsck is recommended
[  306.787213][T11960] EXT4-fs (loop6): Cannot turn on journaled quota: type 1: error -117
[  306.809729][T11960] EXT4-fs error (device loop6): ext4_iget_extra_inode:5104: inode #15: comm syz.6.2312: corrupted in-inode xattr: invalid ea_ino
[  306.871622][T11960] EXT4-fs (loop6): Remounting filesystem read-only
[  306.886701][T11960] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  306.953778][T11464] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  307.641332][T11976] loop6: detected capacity change from 0 to 32768
[  307.872051][T12005] tmpfs: Bad value for 'mpol'
[  308.076931][T12012] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2326'.
[  308.082729][T12012] netlink: 'syz.6.2326': attribute type 7 has an invalid length.
[  308.095255][T12012] netlink: 'syz.6.2326': attribute type 8 has an invalid length.
[  308.104544][T12012] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2326'.
[  308.954163][   T24] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  308.970488][T12048] openvswitch: netlink: Flow actions attr not present in new flow.
[  309.041035][T12054] tipc: Started in network mode
[  309.043312][T12054] tipc: Node identity -, cluster identity 4711
[  309.184099][   T24] usb 7-1: Using ep0 maxpacket: 16
[  309.188010][   T24] usb 7-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  309.191487][   T24] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  309.195866][   T24] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[  309.201610][   T24] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  309.207545][   T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  309.210660][   T24] usb 7-1: Product: syz
[  309.212269][   T24] usb 7-1: Manufacturer: syz
[  309.219986][   T24] usb 7-1: SerialNumber: syz
[  309.646636][   T24] usb 7-1: 0:2 : does not exist
[  310.263032][   T24] usb 7-1: 1:0: failed to get current value for ch 0 (-22)
[  310.278019][   T24] usb 7-1: USB disconnect, device number 3
[  310.296739][ T5930] udevd[5930]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  310.506953][T12094] tipc: Failed to remove unknown binding: 66,1,1/0:1663052847/1663052849
[  310.510610][T12094] tipc: Failed to remove unknown binding: 66,1,1/0:1663052847/1663052849
[  311.489704][T12117] loop6: detected capacity change from 0 to 32768
[  311.532702][T12117] ocfs2: Mounting device (7,6) on (node local, slot 0) with writeback data mode.
[  311.578705][   T33] audit: type=1800 audit(1755103119.740:159): pid=12117 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.2370" name="file1" dev="loop6" ino=17058 res=0 errno=0
[  311.879733][T11464] ocfs2: Unmounting device (7,6) on (node local)
[  312.279876][T12158] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2383'.
[  312.335541][ T5998] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  312.784142][ T5998] usb 5-1: Using ep0 maxpacket: 16
[  312.790435][ T5998] usb 5-1: config 8 has an invalid interface number: 206 but max is 0
[  312.793505][ T5998] usb 5-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[  312.797933][ T5998] usb 5-1: config 8 has no interface number 0
[  312.800262][ T5998] usb 5-1: config 8 interface 206 altsetting 1 has an invalid descriptor for endpoint zero, skipping
[  312.804700][ T5998] usb 5-1: config 8 interface 206 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  312.809508][ T5998] usb 5-1: config 8 interface 206 has no altsetting 0
[  312.816502][ T5998] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=35.bb
[  312.819892][ T5998] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  312.822888][ T5998] usb 5-1: Product: syz
[  312.827149][ T5998] usb 5-1: Manufacturer: syz
[  312.828883][ T5998] usb 5-1: SerialNumber: syz
[  313.059483][ T5998] garmin_gps 5-1:8.206: Garmin GPS usb/tty converter detected
[  313.075669][ T5998] garmin_gps ttyUSB0: failed to submit interrupt urb: -22
[  313.078398][ T5998] garmin_gps ttyUSB0: probe with driver garmin_gps failed with error -22
[  313.110337][ T5998] usb 5-1: USB disconnect, device number 15
[  313.117338][ T5998] garmin_gps 5-1:8.206: device disconnected
[  313.121425][T12169] loop6: detected capacity change from 0 to 256
[  313.135916][T12169] exFAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  313.143884][T12169] exFAT-fs (loop6): Medium has reported failures. Some data may be lost.
[  313.163794][T12169] exFAT-fs (loop6): failed to load upcase table (idx : 0x0000ff98, chksum : 0xc64c1d22, utbl_chksum : 0xe619d30d)
[  314.408933][   T33] audit: type=1326 audit(1755103122.570:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12205 comm="syz.0.2397" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9d6558ebe9 code=0x0
[  314.485312][    T9] IPVS: starting estimator thread 0...
[  314.586725][T12215] IPVS: using max 61 ests per chain, 146400 per kthread
[  315.765451][T12224] loop4: detected capacity change from 0 to 32768
[  315.928030][T12230] loop6: detected capacity change from 0 to 256
[  315.944486][T12230] exFAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  315.951111][T12224] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,nochanges,norecovery,nojournal_transaction_names,noexcl,read_only,nocow
[  315.951135][T12224]   allowing incompatible features above 0.0: (unknown version)
[  315.951144][T12224]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  315.954070][T12230] exFAT-fs (loop6): Medium has reported failures. Some data may be lost.
[  315.982344][T12224] bcachefs (loop4): Using encoding defined by superblock: utf8-12.1.0
[  315.987859][T12224] bcachefs (loop4): recovering from clean shutdown, journal seq 10
[  315.990518][T12224] bcachefs (loop4): Version upgrade required:
[  315.990518][T12224] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[  315.990518][T12224] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive
[  315.990518][T12224]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance
[  316.007668][T12230] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  316.084635][T12224] bcachefs (loop4): accounting_read... done
[  316.090659][T12224] bcachefs (loop4): alloc_read... done
[  316.092926][T12224] bcachefs (loop4): snapshots_read... done
[  316.102376][T12224] bcachefs (loop4): done starting filesystem
[  316.225619][ T8204] bcachefs (loop4): shutting down
[  316.265761][ T8204] bcachefs (loop4): shutdown complete
[  316.394098][  T792] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  316.553032][T12269] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2416'.
[  316.559458][  T792] usb 7-1: Using ep0 maxpacket: 8
[  316.563862][  T792] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[  316.567042][  T792] usb 7-1: config 0 has no interface number 0
[  316.569179][  T792] usb 7-1: config 0 interface 1 has no altsetting 0
[  316.575896][  T792] usb 7-1: New USB device found, idVendor=10c4, idProduct=eac1, bcdDevice=70.1d
[  316.583376][  T792] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  316.590606][  T792] usb 7-1: Product: syz
[  316.591949][  T792] usb 7-1: Manufacturer: syz
[  316.593600][  T792] usb 7-1: SerialNumber: syz
[  316.603056][  T792] usb 7-1: config 0 descriptor??
[  316.823346][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[  316.827872][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[  316.847833][  T792] i2c-cp2615 7-1:0.1: probe with driver i2c-cp2615 failed with error -71
[  317.199189][  T792] usb 7-1: USB disconnect, device number 4
[  317.603872][T12296] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2418'.
[  317.613741][T12296] unsupported nlmsg_type 40
[  317.719620][T12302] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2420'.
[  317.724164][T12302] netlink: 'syz.6.2420': attribute type 30 has an invalid length.
[  317.756500][ T5948] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  317.763676][ T5948] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  317.774978][ T5948] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  317.778831][ T5948] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  318.483834][T12316] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2423'.
[  319.950597][    T9] usb 7-1: new full-speed USB device number 5 using dummy_hcd
[  319.987871][T12347] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2432'.
[  320.435223][T12353] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2433'.
[  320.439653][T12353] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2433'.
[  320.468142][    T9] usb 7-1: config 5 has an invalid interface number: 42 but max is 0
[  320.471325][    T9] usb 7-1: config 5 has no interface number 0
[  320.473775][    T9] usb 7-1: config 5 interface 42 has no altsetting 0
[  320.481880][    T9] usb 7-1: New USB device found, idVendor=2304, idProduct=021f, bcdDevice= 0.15
[  320.494266][    T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  320.497518][    T9] usb 7-1: Product: syz
[  320.499128][    T9] usb 7-1: Manufacturer: syz
[  320.500922][    T9] usb 7-1: SerialNumber: syz
[  320.783077][    T9] dvb-usb: found a 'PCTV HDTV USB' in warm state.
[  320.794367][    T9] pctv452e: pctv452e_power_ctrl: 1
[  320.794367][    T9] 
[  320.797718][    T9] pctv452e: pctv452e_power_ctrl: Warning set interface returned: -22
[  320.797718][    T9] 
[  320.802712][    T9] dvb-usb: bulk message failed: -22 (5/0)
[  320.822750][    T9] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  320.846380][    T9] dvb-usb: PCTV HDTV USB error while loading driver (-19)
[  320.858380][    T9] usb 7-1: USB disconnect, device number 5
[  321.012621][T12381] netlink: 212296 bytes leftover after parsing attributes in process `syz.4.2439'.
[  321.332733][T12404] netlink: 2384 bytes leftover after parsing attributes in process `syz.4.2447'.
[  321.830662][T12415] loop6: detected capacity change from 0 to 2048
[  321.933859][T12420] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  322.117066][T12415] NILFS error (device loop6): nilfs_dotdot: directory #12 missing '..'
[  322.134258][T12415] Remounting filesystem read-only
[  322.279804][T11464] NILFS (loop6): disposed unprocessed dirty file(s) when detaching log writer
[  322.505382][T12435] loop6: detected capacity change from 0 to 4096
[  322.525626][T12435] EXT4-fs (loop6): Test dummy encryption mode enabled
[  322.567339][T12435] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  322.675308][T11464] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  322.949428][T12445] loop4: detected capacity change from 0 to 32768
[  323.006548][T12450] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2460'.
[  323.092961][T12445] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  323.092978][T12445]   allowing incompatible features above 0.0: (unknown version)
[  323.092984][T12445]   features: 
[  323.106201][T12445] bcachefs (loop4): Using encoding defined by superblock: utf8-12.1.0
[  323.108911][T12445] bcachefs (loop4): initializing new filesystem
[  323.116743][T12445] bcachefs (loop4): going read-write
[  323.144711][T12445] bcachefs (loop4): marking superblocks
[  323.151621][T12445] bcachefs (loop4): initializing freespace
[  323.156532][T12445] bcachefs (loop4): done initializing freespace
[  323.160165][T12445] bcachefs (loop4): reading snapshots table
[  323.162204][T12445] bcachefs (loop4): reading snapshots done
[  323.172862][T12465] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2463'.
[  323.191328][T12445] bcachefs (loop4): done starting filesystem
[  323.341153][ T8204] bcachefs (loop4): shutting down
[  323.342812][ T8204] bcachefs (loop4): going read-only
[  323.344740][ T8204] bcachefs (loop4): finished waiting for writes to stop
[  323.375654][ T8204] bcachefs (loop4): flushing journal and stopping allocators, journal seq 3
[  323.450523][ T8204] bcachefs (loop4): flushing journal and stopping allocators complete, journal seq 4
[  323.460028][ T8204] bcachefs (loop4): clean shutdown complete, journal seq 5
[  323.463703][ T8204] bcachefs (loop4): marking filesystem clean
[  323.529466][ T8204] bcachefs (loop4): shutdown complete
[  324.953611][T12519] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1340
[  325.347692][T12496] loop6: detected capacity change from 0 to 262144
[  325.356391][T12496] F2FS-fs (loop6): invalid crc value
[  325.395243][T12496] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  325.398611][T12496] F2FS-fs (loop6): Start checkpoint disabled!
[  325.421065][T12496] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  326.048675][T12542] loop4: detected capacity change from 0 to 256
[  328.470965][T12607] netlink: 60 bytes leftover after parsing attributes in process `syz.4.2524'.
[  328.502751][T12607] netlink: 60 bytes leftover after parsing attributes in process `syz.4.2524'.
[  328.544661][T12607] netlink: 60 bytes leftover after parsing attributes in process `syz.4.2524'.
[  330.029081][T12647] netlink: 'syz.0.2542': attribute type 6 has an invalid length.
[  330.094654][T12637] loop4: detected capacity change from 0 to 131072
[  330.103020][T12637] F2FS-fs (loop4): Wrong CP boundary, start(512) end(1536) blocks(0)
[  330.105809][T12637] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  330.109919][T12637] F2FS-fs (loop4): invalid crc value
[  330.175341][T12637] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  330.181098][T12637] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  330.183261][T12637] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  330.195706][T12659] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2546'.
[  330.466107][T12676] overlayfs: unescaped trailing colons in lowerdir mount option.
[  330.616867][T12680] loop6: detected capacity change from 0 to 4096
[  330.623839][T12680] ntfs3(loop6): Different NTFS sector size (4096) and media sector size (512).
[  330.678132][T12680] ntfs3(loop6): failed to convert "c46c" to macturkish
[  330.681127][T12680] ntfs3(loop6): ino=20, mi_enum_attr
[  330.683008][T12680] ntfs3(loop6): Mark volume as dirty due to NTFS errors
[  330.778427][T12694] loop6: detected capacity change from 0 to 256
[  330.787497][T12694] FAT-fs (loop6): bogus sectors per cluster 0
[  330.789405][T12694] FAT-fs (loop6): Can't find a valid FAT filesystem
[  330.985480][T12705] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2569'.
[  331.109931][T12710] IPVS: Error connecting to the multicast addr
[  331.374194][  T792] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  331.643396][  T792] usb 5-1: config index 0 descriptor too short (expected 8192, got 36)
[  331.646337][  T792] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  331.649395][  T792] usb 5-1: config 0 has no interfaces?
[  331.651100][  T792] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  331.654048][  T792] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  331.661990][  T792] usb 5-1: config 0 descriptor??
[  331.768348][T12714] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2571'.
[  331.797694][T12716] bond0: option xmit_hash_policy: invalid value (8)
[  331.885773][  T792] usb 5-1: USB disconnect, device number 16
[  332.423676][T12735] loop6: detected capacity change from 0 to 32768
[  332.428148][T12735] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.2581 (12735)
[  332.438470][T12735] BTRFS info (device loop6): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  332.442581][T12735] BTRFS info (device loop6): using crc32c (crc32c-lib) checksum algorithm
[  332.446110][T12735] BTRFS info (device loop6): disk space caching is enabled
[  332.449007][T12735] BTRFS warning (device loop6): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  332.531787][T12735] BTRFS info (device loop6): rebuilding free space tree
[  332.552771][T12735] BTRFS info (device loop6): disabling free space tree
[  332.556569][T12735] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  332.560356][T12735] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  332.830773][T12760] BTRFS info (device loop6 state M): max_inline set to 4096
[  333.188377][T11464] BTRFS info (device loop6): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  333.658418][T12787] geneve2: entered promiscuous mode
[  333.748200][   T24] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  333.910002][   T24] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  333.913840][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  333.926692][   T24] usb 5-1: config 0 descriptor??
[  333.939233][   T24] cp210x 5-1:0.0: cp210x converter detected
[  334.543744][   T24] cp210x 5-1:0.0: failed to get vendor val 0x000e size 678: -71
[  334.549749][   T24] cp210x 5-1:0.0: GPIO initialisation failed: -71
[  334.559452][   T24] usb 5-1: cp210x converter now attached to ttyUSB0
[  334.569313][   T24] usb 5-1: USB disconnect, device number 17
[  334.589376][   T24] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  334.592234][   T24] cp210x 5-1:0.0: device disconnected
[  335.130759][T12804] loop4: detected capacity change from 0 to 512
[  335.140571][T12804] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  335.160970][T12804] EXT4-fs (loop4): 1 truncate cleaned up
[  335.172595][T12804] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  335.191278][T12804] syz.4.2607 (pid 12804) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[  335.222908][ T8204] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  336.225845][T12836] unknown channel width for channel at 909000KHz?
[  336.408913][T12844] 9pnet: Could not find request transport: f
[  336.575185][T12840] loop4: detected capacity change from 0 to 40427
[  336.583539][T12840] F2FS-fs (loop4): Wrong SSA boundary, start(3584) end(4096) blocks(0)
[  336.586993][T12840] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  336.590350][T12840] F2FS-fs (loop4): build fault injection type: 0x6
[  336.594673][T12840] F2FS-fs (loop4): invalid crc value
[  336.651290][T12840] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  336.662087][T12840] F2FS-fs (loop4): Start checkpoint disabled!
[  336.667751][T12840] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  336.670388][T12840] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  338.400453][T12869] netlink: 40 bytes leftover after parsing attributes in process `syz.6.2630'.
[  338.406507][T12869] netlink: 88 bytes leftover after parsing attributes in process `syz.6.2630'.
[  339.029853][T12879] loop6: detected capacity change from 0 to 4096
[  339.037964][T12879] EXT4-fs (loop6): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  339.058538][T12879] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  339.285095][T11464] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  339.303718][T12890] vlan0: entered promiscuous mode
[  339.412914][T12896] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2640'.
[  339.760601][   T28] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  339.763080][   T28] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  339.879890][T12925] loop6: detected capacity change from 0 to 2048
[  339.892194][T12925] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  340.344055][    T9] usb 5-1: new low-speed USB device number 18 using dummy_hcd
[  340.496460][    T9] usb 5-1: config 0 has an invalid interface number: 168 but max is 0
[  340.499093][    T9] usb 5-1: config 0 has no interface number 0
[  340.501069][    T9] usb 5-1: New USB device found, idVendor=07c9, idProduct=0012, bcdDevice=dd.b8
[  340.513951][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  340.518392][    T9] usb 5-1: config 0 descriptor??
[  340.522764][    T9] lan78xx 5-1:0.168 (unnamed net_device) (uninitialized): USB bus speed not supported
[  340.530497][    T9] lan78xx 5-1:0.168: probe with driver lan78xx failed with error -5
[  340.740476][ T5965] usb 5-1: USB disconnect, device number 18
[  340.859750][T12943] loop6: detected capacity change from 0 to 512
[  340.867485][T12943] EXT4-fs: Ignoring removed orlov option
[  340.883437][T12943] EXT4-fs (loop6): mounting ext3 file system using the ext4 subsystem
[  340.893363][T12943] EXT4-fs error (device loop6): ext4_iget_extra_inode:5104: inode #15: comm syz.6.2662: corrupted in-inode xattr: e_value size too large
[  340.899934][T12943] EXT4-fs error (device loop6): ext4_orphan_get:1397: comm syz.6.2662: couldn't read orphan inode 15 (err -117)
[  340.908563][T12943] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  340.956874][T11464] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  342.248401][T13021] tipc: Can't bind to reserved service type 1
[  342.345207][   T33] audit: type=1800 audit(1755103406.496:161): pid=13023 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz.4.2700" name="/" dev="sockfs" ino=29599 res=0 errno=0
[  342.436954][   T33] audit: type=1326 audit(1755103406.596:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13028 comm="syz.4.2702" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcee698ebe9 code=0x7ffc0000
[  342.439290][    C1] vcan0: j1939_tp_rxtimer: 0xffff8881144cb400: rx timeout, send abort
[  342.454072][   T33] audit: type=1326 audit(1755103406.606:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13028 comm="syz.4.2702" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcee698ebe9 code=0x7ffc0000
[  342.470533][   T33] audit: type=1326 audit(1755103406.606:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13028 comm="syz.4.2702" exe="/syz-executor" sig=0 arch=c000003e syscall=160 compat=0 ip=0x7fcee698ebe9 code=0x7ffc0000
[  342.481155][   T33] audit: type=1326 audit(1755103406.606:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13028 comm="syz.4.2702" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcee698ebe9 code=0x7ffc0000
[  342.490607][   T33] audit: type=1326 audit(1755103406.606:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13028 comm="syz.4.2702" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcee698ebe9 code=0x7ffc0000
[  342.951667][    C1] vcan0: j1939_tp_rxtimer: 0xffff8881144cb400: abort rx timeout. Force session deactivation
[  343.334000][ T5998] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  343.453004][T13063] loop4: detected capacity change from 0 to 1024
[  343.457385][T13063] EXT4-fs: Ignoring removed orlov option
[  343.485244][T13063] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  343.485449][ T5998] usb 7-1: config 0 has an invalid interface number: 98 but max is 0
[  343.498946][ T5998] usb 7-1: config 0 has no interface number 0
[  343.515863][ T5998] usb 7-1: config 0 interface 98 has no altsetting 0
[  343.520159][ T5998] usb 7-1: New USB device found, idVendor=1110, idProduct=9024, bcdDevice=db.24
[  343.524256][ T5998] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  343.527001][ T5998] usb 7-1: Product: syz
[  343.528374][ T5998] usb 7-1: Manufacturer: syz
[  343.530034][ T5998] usb 7-1: SerialNumber: syz
[  343.544862][ T5998] usb 7-1: config 0 descriptor??
[  343.619525][ T8204] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  343.764314][ T5998] usb 7-1: [ueagle-atm] ADSL device founded vid (0X1110) pid (0X9024) Rev (0XDB24): Eagle II
[  344.239457][ T5998] usb 7-1: reset high-speed USB device number 6 using dummy_hcd
[  344.291552][T13105] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  344.647454][ T5998] usb 7-1: [ueagle-atm] pre-firmware device, uploading firmware
[  344.656600][ T5998] usb 7-1: [ueagle-atm] loading firmware ueagle-atm/eagleII.fw
[  344.683662][    T9] usb 7-1: Direct firmware load for ueagle-atm/eagleII.fw failed with error -2
[  344.687477][    T9] usb 7-1: Falling back to sysfs fallback for: ueagle-atm/eagleII.fw
[  344.860082][ T5998] usb 7-1: USB disconnect, device number 6
[  345.691338][   T33] audit: type=1804 audit(1755103409.846:167): pid=13132 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2748" name="file0" dev="tmpfs" ino=5702 res=1 errno=0
[  345.695919][T13132] ref_ctr going negative. vaddr: 0x200000ffc002, curr val: -29824, delta: 1
[  345.702868][T13132] ref_ctr increment failed for inode: 0x1646 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88802b0b5600
[  345.793621][ T5999] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  345.949152][ T5999] usb 5-1: Using ep0 maxpacket: 32
[  345.955174][ T5999] usb 5-1: config index 0 descriptor too short (expected 29220, got 36)
[  345.958502][ T5999] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  345.962001][ T5999] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81
[  345.968047][ T5999] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  345.972902][ T5999] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  345.978037][ T5999] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  345.981960][ T5999] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  345.988793][ T5999] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  345.994335][ T5999] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  345.998672][ T5999] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  346.010270][ T5999] usb 5-1: config 0 descriptor??
[  346.230010][ T5999] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 19 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  346.441269][ T5999] usb 5-1: USB disconnect, device number 19
[  346.451717][ T5999] usblp0: removed
[  346.743682][   T24] usb 7-1: new low-speed USB device number 7 using dummy_hcd
[  346.896814][   T24] usb 7-1: unable to get BOS descriptor or descriptor too short
[  346.900337][   T24] usb 7-1: config 1 interface 0 altsetting 7 endpoint 0x81 has invalid maxpacket 1024, setting to 8
[  346.904140][   T24] usb 7-1: config 1 interface 0 altsetting 7 endpoint 0x82 is Bulk; changing to Interrupt
[  346.907308][   T24] usb 7-1: config 1 interface 0 altsetting 7 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  346.911297][   T24] usb 7-1: config 1 interface 0 has no altsetting 0
[  346.920280][   T24] usb 7-1: string descriptor 0 read error: -22
[  346.922309][   T24] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  346.925471][   T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  346.930228][T13167] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  346.932686][T13167] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  346.954487][T13167] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  346.962499][   T24] cdc_ether 7-1:1.0: probe with driver cdc_ether failed with error -22
[  347.129038][T13200] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2773'.
[  347.135266][T13200] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2773'.
[  347.173916][ T5999] usb 7-1: USB disconnect, device number 7
[  347.194919][T13203] loop4: detected capacity change from 0 to 22
[  347.198356][T13203] MTD: Attempt to mount non-MTD device "/dev/loop4"
[  347.208399][T13203] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  349.248984][T13228] netlink: 'syz.4.2786': attribute type 1 has an invalid length.
[  349.252448][T13228] netlink: 216 bytes leftover after parsing attributes in process `syz.4.2786'.
[  350.822482][ T5940] Bluetooth: Wrong link type (-22)
[  352.864953][T13249] loop6: detected capacity change from 0 to 32768
[  352.886612][T13249] (syz.6.2793,13249,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  352.895646][T13249] (syz.6.2793,13249,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  352.975354][T13249] JBD2: Ignoring recovery information on journal
[  353.035504][T13249] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[  353.113257][T13249] 
[  353.114145][T13249] ======================================================
[  353.116535][T13249] WARNING: possible circular locking dependency detected
[  353.119141][T13249] 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 Not tainted
[  353.121822][T13249] ------------------------------------------------------
[  353.125168][T13249] syz.6.2793/13249 is trying to acquire lock:
[  353.127208][T13249] ffff88811f928618 (sb_internal#4){.+.+}-{0:0}, at: ocfs2_acquire_dquot+0x455/0xb30
[  353.130267][T13249] 
[  353.130267][T13249] but task is already holding lock:
[  353.132711][T13249] ffff888111736be0 (&ocfs2_quota_ip_alloc_sem_key){++++}-{4:4}, at: ocfs2_lock_global_qf+0x1e8/0x270
[  353.136287][T13249] 
[  353.136287][T13249] which lock already depends on the new lock.
[  353.136287][T13249] 
[  353.140123][T13249] 
[  353.140123][T13249] the existing dependency chain (in reverse order) is:
[  353.143051][T13249] 
[  353.143051][T13249] -> #6 (&ocfs2_quota_ip_alloc_sem_key){++++}-{4:4}:
[  353.145975][T13249]        lock_acquire+0x120/0x360
[  353.147845][T13249]        down_write+0x96/0x1f0
[  353.149408][T13249]        ocfs2_lock_global_qf+0x1e8/0x270
[  353.151342][T13249]        ocfs2_acquire_dquot+0x2b0/0xb30
[  353.153264][T13249]        dqget+0x7b1/0xf10
[  353.154667][T13249]        dquot_set_dqblk+0x2b/0xfa0
[  353.156528][T13249]        quota_setquota+0x4b7/0x540
[  353.158524][T13249]        __se_sys_quotactl+0x279/0x950
[  353.160261][T13249]        do_syscall_64+0xfa/0x3b0
[  353.162083][T13249]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  353.164484][T13249] 
[  353.164484][T13249] -> #5 (&ocfs2_sysfile_lock_key[GROUP_QUOTA_SYSTEM_INODE]){+.+.}-{4:4}:
[  353.167960][T13249]        lock_acquire+0x120/0x360
[  353.169632][T13249]        down_write+0x96/0x1f0
[  353.171225][T13249]        ocfs2_lock_global_qf+0x1ca/0x270
[  353.173148][T13249]        ocfs2_acquire_dquot+0x2b0/0xb30
[  353.175097][T13249]        dqget+0x7b1/0xf10
[  353.176586][T13249]        dquot_set_dqblk+0x2b/0xfa0
[  353.178203][T13249]        quota_setquota+0x4b7/0x540
[  353.180281][T13249]        __se_sys_quotactl+0x279/0x950
[  353.182514][T13249]        do_syscall_64+0xfa/0x3b0
[  353.184401][T13249]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  353.186673][T13249] 
[  353.186673][T13249] -> #4 (&dquot->dq_lock){+.+.}-{4:4}:
[  353.189445][T13249]        lock_acquire+0x120/0x360
[  353.191485][T13249]        __mutex_lock+0x187/0x1360
[  353.193611][T13249]        dqget+0x72a/0xf10
[  353.195293][T13249]        dquot_transfer+0x4b8/0x6d0
[  353.197140][T13249]        ext4_setattr+0x865/0x1bc0
[  353.198701][T13249]        notify_change+0xb36/0xe40
[  353.200171][T13249]        chown_common+0x40c/0x5c0
[  353.201726][T13249]        do_fchownat+0x161/0x270
[  353.203254][T13249]        __x64_sys_chown+0x82/0xa0
[  353.205086][T13249]        do_syscall_64+0xfa/0x3b0
[  353.206970][T13249]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  353.208947][T13249] 
[  353.208947][T13249] -> #3 (&ei->xattr_sem){++++}-{4:4}:
[  353.211278][T13249]        lock_acquire+0x120/0x360
[  353.212875][T13249]        down_read+0x46/0x2e0
[  353.214323][T13249]        ext4_setattr+0x855/0x1bc0
[  353.215892][T13249]        notify_change+0xb36/0xe40
[  353.217456][T13249]        chown_common+0x40c/0x5c0
[  353.218989][T13249]        do_fchownat+0x161/0x270
[  353.220482][T13249]        __x64_sys_chown+0x82/0xa0
[  353.222029][T13249]        do_syscall_64+0xfa/0x3b0
[  353.223565][T13249]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  353.225514][T13249] 
[  353.225514][T13249] -> #2 (jbd2_handle){++++}-{0:0}:
[  353.227744][T13249]        lock_acquire+0x120/0x360
[  353.229304][T13249]        start_this_handle+0x1fa7/0x21c0
[  353.231089][T13249]        jbd2__journal_start+0x2c1/0x5b0
[  353.232840][T13249]        jbd2_journal_start+0x2a/0x40
[  353.234534][T13249]        ocfs2_start_trans+0x376/0x6d0
[  353.236387][T13249]        ocfs2_update_inode_atime+0xf4/0x570
[  353.238340][T13249]        ocfs2_inode_lock_atime+0x312/0x4e0
[  353.240087][T13249]        ocfs2_readdir+0x1c6/0x4c0
[  353.241667][T13249]        wrap_directory_iterator+0x96/0xe0
[  353.243441][T13249]        iterate_dir+0x399/0x570
[  353.244928][T13249]        __se_sys_getdents+0xe4/0x250
[  353.246625][T13249]        do_syscall_64+0xfa/0x3b0
[  353.248209][T13249]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  353.250149][T13249] 
[  353.250149][T13249] -> #1 (&journal->j_trans_barrier){.+.+}-{4:4}:
[  353.252719][T13249]        lock_acquire+0x120/0x360
[  353.254251][T13249]        down_read+0x46/0x2e0
[  353.255693][T13249]        ocfs2_start_trans+0x36a/0x6d0
[  353.257357][T13249]        ocfs2_update_inode_atime+0xf4/0x570
[  353.259192][T13249]        ocfs2_inode_lock_atime+0x312/0x4e0
[  353.261215][T13249]        ocfs2_readdir+0x1c6/0x4c0
[  353.263002][T13249]        wrap_directory_iterator+0x96/0xe0
[  353.264852][T13249]        iterate_dir+0x399/0x570
[  353.266344][T13249]        __se_sys_getdents+0xe4/0x250
[  353.268002][T13249]        do_syscall_64+0xfa/0x3b0
[  353.269575][T13249]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  353.271539][T13249] 
[  353.271539][T13249] -> #0 (sb_internal#4){.+.+}-{0:0}:
[  353.274182][T13249]        validate_chain+0xb9b/0x2140
[  353.275863][T13249]        __lock_acquire+0xab9/0xd20
[  353.277462][T13249]        lock_acquire+0x120/0x360
[  353.279150][T13249]        ocfs2_start_trans+0x26b/0x6d0
[  353.281324][T13249]        ocfs2_acquire_dquot+0x455/0xb30
[  353.283119][T13249]        dqget+0x7b1/0xf10
[  353.284523][T13249]        dquot_set_dqblk+0x2b/0xfa0
[  353.286137][T13249]        quota_setquota+0x4b7/0x540
[  353.287750][T13249]        __se_sys_quotactl+0x279/0x950
[  353.289443][T13249]        do_syscall_64+0xfa/0x3b0
[  353.291484][T13249]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  353.293796][T13249] 
[  353.293796][T13249] other info that might help us debug this:
[  353.293796][T13249] 
[  353.296893][T13249] Chain exists of:
[  353.296893][T13249]   sb_internal#4 --> &ocfs2_sysfile_lock_key[GROUP_QUOTA_SYSTEM_INODE] --> &ocfs2_quota_ip_alloc_sem_key
[  353.296893][T13249] 
[  353.302151][T13249]  Possible unsafe locking scenario:
[  353.302151][T13249] 
[  353.304441][T13249]        CPU0                    CPU1
[  353.306057][T13249]        ----                    ----
[  353.307748][T13249]   lock(&ocfs2_quota_ip_alloc_sem_key);
[  353.309498][T13249]                                lock(&ocfs2_sysfile_lock_key[GROUP_QUOTA_SYSTEM_INODE]);
[  353.312533][T13249]                                lock(&ocfs2_quota_ip_alloc_sem_key);
[  353.315100][T13249]   rlock(sb_internal#4);
[  353.316438][T13249] 
[  353.316438][T13249]  *** DEADLOCK ***
[  353.316438][T13249] 
[  353.318826][T13249] 4 locks held by syz.6.2793/13249:
[  353.320513][T13249]  #0: ffff88811f9280e0 (&type->s_umount_key#87){++++}-{4:4}, at: super_lock+0x2a9/0x3b0
[  353.323385][T13249]  #1: ffff888047dd00a8 (&dquot->dq_lock){+.+.}-{4:4}, at: ocfs2_acquire_dquot+0x2a3/0xb30
[  353.326481][T13249]  #2: ffff888111736f40 (&ocfs2_sysfile_lock_key[GROUP_QUOTA_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_lock_global_qf+0x1ca/0x270
[  353.330448][T13249]  #3: ffff888111736be0 (&ocfs2_quota_ip_alloc_sem_key){++++}-{4:4}, at: ocfs2_lock_global_qf+0x1e8/0x270
[  353.333892][T13249] 
[  353.333892][T13249] stack backtrace:
[  353.335722][T13249] CPU: 0 UID: 0 PID: 13249 Comm: syz.6.2793 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  353.335745][T13249] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  353.335757][T13249] Call Trace:
[  353.335763][T13249]  <TASK>
[  353.335768][T13249]  dump_stack_lvl+0x189/0x250
[  353.335782][T13249]  ? __pfx_dump_stack_lvl+0x10/0x10
[  353.335792][T13249]  ? __pfx__printk+0x10/0x10
[  353.335804][T13249]  ? print_lock_name+0xde/0x100
[  353.335815][T13249]  print_circular_bug+0x2ee/0x310
[  353.335825][T13249]  check_noncircular+0x134/0x160
[  353.335835][T13249]  validate_chain+0xb9b/0x2140
[  353.335851][T13249]  __lock_acquire+0xab9/0xd20
[  353.335863][T13249]  ? ocfs2_acquire_dquot+0x455/0xb30
[  353.335871][T13249]  lock_acquire+0x120/0x360
[  353.335882][T13249]  ? ocfs2_acquire_dquot+0x455/0xb30
[  353.335892][T13249]  ? do_raw_spin_unlock+0x4d/0x240
[  353.335901][T13249]  ocfs2_start_trans+0x26b/0x6d0
[  353.335910][T13249]  ? ocfs2_acquire_dquot+0x455/0xb30
[  353.335918][T13249]  ? __pfx_ocfs2_start_trans+0x10/0x10
[  353.335925][T13249]  ? do_raw_spin_unlock+0x4d/0x240
[  353.335934][T13249]  ? _raw_spin_unlock+0x28/0x50
[  353.335943][T13249]  ? ocfs2_qinfo_unlock+0x121/0x150
[  353.335951][T13249]  ocfs2_acquire_dquot+0x455/0xb30
[  353.335960][T13249]  ? from_kgid+0x1b0/0x650
[  353.335972][T13249]  ? __pfx_ocfs2_acquire_dquot+0x10/0x10
[  353.335980][T13249]  ? percpu_counter_add_batch+0xea/0x1e0
[  353.335990][T13249]  dqget+0x7b1/0xf10
[  353.336001][T13249]  dquot_set_dqblk+0x2b/0xfa0
[  353.336011][T13249]  quota_setquota+0x4b7/0x540
[  353.336022][T13249]  ? __pfx_quota_setquota+0x10/0x10
[  353.336036][T13249]  ? do_quotactl+0x734/0x860
[  353.336047][T13249]  __se_sys_quotactl+0x279/0x950
[  353.336057][T13249]  ? __se_sys_futex+0x36f/0x400
[  353.336068][T13249]  ? __pfx___se_sys_quotactl+0x10/0x10
[  353.336078][T13249]  ? rcu_is_watching+0x15/0xb0
[  353.336087][T13249]  ? do_syscall_64+0xbe/0x3b0
[  353.336097][T13249]  do_syscall_64+0xfa/0x3b0
[  353.336107][T13249]  ? lockdep_hardirqs_on+0x9c/0x150
[  353.336115][T13249]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  353.336123][T13249]  ? exc_page_fault+0x9f/0xf0
[  353.336132][T13249]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  353.336141][T13249] RIP: 0033:0x7f2176f8ebe9
[  353.336151][T13249] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  353.336159][T13249] RSP: 002b:00007f2177d72038 EFLAGS: 00000246 ORIG_RAX: 00000000000000b3
[  353.336168][T13249] RAX: ffffffffffffffda RBX: 00007f21771b5fa0 RCX: 00007f2176f8ebe9
[  353.336174][T13249] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: ffffffff80000801
[  353.336180][T13249] RBP: 00007f2177011e19 R08: 0000000000000000 R09: 0000000000000000
[  353.336185][T13249] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000000
[  353.336190][T13249] R13: 00007f21771b6038 R14: 00007f21771b5fa0 R15: 00007fff9a532998
[  353.336200][T13249]  </TASK>
[  353.472023][T11464] ocfs2: Unmounting device (7,6) on (node local)
[  359.851668][ T5235] Bluetooth: hci1: command 0x0406 tx timeout

VM DIAGNOSIS:
16:39:21  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000032 RBX=0000000000000032 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000002874 RDI=0000000000002875 RBP=00000000000003f8 RSP=ffffc9000463ef90
R8 =ffff888106338237 R9 =1ffff11020c67046 R10=dffffc0000000000 R11=ffffffff854e72a0
R12=dffffc0000000000 R13=ffffffff99af18cc R14=ffffffff99de64e0 R15=0000000000000000
RIP=ffffffff854e731c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f2177d726c0 ffffffff 00c00000
GS =0000 ffff8880b8624000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f9d5b200400 CR3=00000000430a6000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=6161616161616161 6161616161616161
XMM06=6161616161616161 6161616161616161 XMM07=6161616161616161 6161616161616161
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007f2177012fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=244929a85b766100 RBX=ffffffff81aab3dd RCX=244929a85b766100 RDX=0000000000000000
RSI=ffffffff8be325e0 RDI=ffffffff8be325a0 RBP=0000000000000000 RSP=ffffc9000469f238
R8 =0000000000000000 R9 =0000000000000000 R10=ffffc9000469f318 R11=ffffffff81ac3890
R12=ffff8880218a0000 R13=1ffff920008d3edc R14=00007fcee698ebe9 R15=1ffff920008d3e62
RIP=ffffffff81a71670 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fcee4bf66c0 ffffffff 00c00000
GS =0000 ffff8881a3c24000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fcee4bf5fc8 CR3=000000000df36000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007fcee6b87498 00007fcee6b87470 XMM03=00007fcee6b874a8 00007fcee6b874a0
XMM04=00007fcee76ed100 00007fcee6b87460 XMM05=00007fcee6b87478 00007fcee6b874c0
XMM06=00007fcee6b874b8 00007fcee6b874b0 XMM07=00007fcee6b874a8 00007fcee6b874a0
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007fcee6a12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
