last executing test programs:

7m33.019723285s ago: executing program 0 (id=3601):
r0 = syz_io_uring_setup(0x237, &(0x7f0000000480)={0x0, 0x8901, 0x400, 0x0, 0x2cf}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000600)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x11, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x40000000})
io_uring_enter(r0, 0x141, 0xab23, 0x2, &(0x7f0000000140)={[0x8]}, 0x8)

7m32.800676535s ago: executing program 0 (id=3605):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x3, 0x6576, 0xd})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r0, 0x100000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)

7m32.099667927s ago: executing program 0 (id=3612):
r0 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10)
sendmmsg$inet(r0, &(0x7f0000005240), 0x4000095, 0x0)
setsockopt$inet_buf(r0, 0x0, 0x2f, 0x0, 0x0)

7m31.402065488s ago: executing program 0 (id=3617):
syz_mount_image$ext4(&(0x7f0000000740)='ext4\x00', &(0x7f0000001800)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f0000000040), 0x1, 0x751, &(0x7f0000001040)="$eJzs3M9rHGUfAPDvTJP+zPtuXngP4kmoWKF2k6ZqT0LEc6HQP6AuySSETLIhu6ndNWDrwYMgqAhae9H/wIsieCn9HxTBm4IHQWsaDwUPkdnspu12E9c26Zb4+cDsfJ9nZvb7fNvJww7sswH8az1TvCQRIxFxPiJK7f40Ig62osMRVzbPu722OrW+tjqVxMbGhVtJcVmrr/NeSXt/LFqXxFMRcXM44uTbD+atNZrzlTzPltvtsfrC0lit0Tw1t1CZzWazxYnx8TNnXp546cXxXav1vTe/+O3dr1/79tOzC3++cuuF6SQmW3VHVx27afPfZDgmu/oX9yLZACWDHgAAAH0pPucfiIih1qfUUhxoRQAAAMB+snFoAwAAANj3khj0CAAAAIC91fkewO211anO9ji/f/DrqxExendt8fpW/qHWGuKIwzEcEUfXk/tWJiSbl8EjuXI1Im5M9rj/k/b99/C6V65bI/3kuVHMP5O95r90a/6JHvPPUOe3Ex5RZ/5bf2D+u5v/wDbz3/k+cxxaPvHdtvmvRjw91Ct/spU/6eSv3Lkv/+t95v9y5Icftzu28XnEieid/95cO/w+xNjMXJ61X3vmOP7VWyd3qv/odvmTrvrvua7oW+qz/p+uT8xuN5cU+Z8/vvP/f6/8xT3xfnscaUR80N4X7Q+7cjx3c/zaTvVPb1P/TvmLvs/6rP+bd5o/93kqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtKQRMRJJWt6K07RcjjgWEf+Po2lerdVPzlRXFqeLYxGjMZzOzOXZeESUNttJ0T7diu+2J7raZyLifxHxUelIq12equbTgy4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACALcciYiSStBwRaUT8UUrTcnnQowIAAAB23eigBwAAAADsOc//AAAAsP91Pf9fqwxqIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB+dv7cuWLbWF9bnSra05caK/PVS6ems7R9RnV5qTxbrc7mWXmquvB375dXq0tnY3Hl8lg9q9XHao3mxYXqymL94txCZTa7mA3veUUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8jJHWlqTliEhbcZqWyxH/iYjRGE5m5vJsPCL+GxHfl4YPFe3Tgx40AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAu67WaM5X8jxbFggEuxwcbv+VPSnj+SfBjtPGkccyOQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8NjVGs35Sp5ny7VBjwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDBSn9JIqLYTpSeHek+ejC5U2rtI+KN6xc+vlyp15dPF/2/b/XXP2n3Twxi/AAAAEC3znN65zkeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgX7VGc76S59nyHgaDrhEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHg4fwUAAP//zWnHag==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x2)
mkdirat(r0, &(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000003e40)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@volatile}]})

7m30.676024875s ago: executing program 0 (id=3623):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @remote}, 0x6}, 0x1c)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c)
syz_emit_ethernet(0x42, &(0x7f0000000300)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x3, 0x34, 0x64, 0x0, 0x7, 0x6, 0x0, @remote, @remote}, {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x8, 0x2, 0x6071, 0x0, 0xe7, {[@timestamp={0x8, 0xa, 0x6}]}}}}}}}, 0x0)

7m30.166233861s ago: executing program 0 (id=3627):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r0, 0x0)
syz_emit_ethernet(0x4e, &(0x7f0000000380)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x18, 0x6, 0xff, @local, @local, {[], {{0x4e21, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x0, 0x0, 0x0, {[@fastopen={0x1e, 0x2}]}}}}}}}}, 0x0)

7m29.840211401s ago: executing program 32 (id=3627):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r0, 0x0)
syz_emit_ethernet(0x4e, &(0x7f0000000380)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x18, 0x6, 0xff, @local, @local, {[], {{0x4e21, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x0, 0x0, 0x0, {[@fastopen={0x1e, 0x2}]}}}}}}}}, 0x0)

3m43.45827816s ago: executing program 3 (id=5494):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r0, 0x0)
syz_emit_ethernet(0x9e, &(0x7f0000000440)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x68, 0x6, 0x0, @remote, @local, {[], {{0x4000, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x1a, 0x10, 0x0, 0x0, 0x1, {[@mptcp=@remove_addr={0x1e, 0x43, 0x8, 0x0, "61b042812dfbbfd6e97c590fb9ed282aac7ab122a8997c9fc844e87a3c20e74af7ef948430444d09e51f4b765e54d03ab53ab2bd1e322b926504b44b3ce2a669"}, @sack_perm={0x4, 0x2}, @fastopen={0x22, 0xc, "86baa82e9d76f2610300"}]}}}}}}}}, 0x0)

3m43.250200912s ago: executing program 3 (id=5497):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000340)={0x26, 'hash\x00', 0x0, 0x0, 'sha384-generic\x00'}, 0x58)
r1 = accept$alg(r0, 0x0, 0x0)
recvfrom(r1, 0x0, 0x0, 0x10020, 0x0, 0x0)

3m43.158723595s ago: executing program 3 (id=5499):
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000003940)=0x10)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000003980)={0xc44, 0x4, 0x1, 0x1, 0x4, "9fe074087de56e638074fdcf59cc000000ffef"})
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000000)={0x1, 0x8, 0x19, 0xfd, 0x18, "3ba0ce7cb942b4b2caa81bfd51882c1648bc43"})

3m43.07746238s ago: executing program 3 (id=5501):
syz_mount_image$jfs(&(0x7f0000000000), &(0x7f0000000180)='./file0\x00', 0x2, &(0x7f0000000500)={[{@noquota}, {@gid}, {@errors_continue}, {@errors_continue}, {@gid={'gid', 0x3d, 0xee00}}, {@iocharset={'iocharset', 0x3d, 'macceltic'}}, {@quota}, {@errors_continue}, {@discard_size}]}, 0x1, 0x61c0, &(0x7f0000006740)="$eJzs3c1vHGcdB/Df7JtfSlOrh6pECLlteCmleS0hUKDpAQ5cOKBcUSLXrSJSQElAaRURV75w4I8AIXFEiCMn/oAeuHLjDyBSAgL11EFjP48znq69dt3dWXs+H8mZ+e0z430m35198czsEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA/PAHP75QRMT1X6UbViI+F/2IXsRSVa9GxNLqSl5+EBHPx1ZzPBcRw4WIav2tf56JeC0iPjwV8ejx/bXq5osH7Mf3//yPP/zkqR/9/U/Dc//7y93+63std+/eb//71wdH22YAAADomrIsyyJ9zD+dPt/32u4UADAT+fW/TPLt6rmrN+asP2q1Wq0+hnVdOd6DehERG/V1qvcMDscDwDGzER+13QVaJP9OG0TEU213AphrRdsdYCoePb6/VqR8i/rrwep2ez4XZFf+G8XO9R17TSdpnmMyq8fXZvTj2T36szSjPsyTnH+vmf/17fZRWm7a+c/KXvmPti996pycf7+Zf8PJyb83Nv+uyvkPDpV/X/4AAAAAADDH8t//V1o+/rtw9E05kP2O/67OqA8AAAAAAAAA8Fk76vh/O4z/BwAAAHOr+qxe+d2pJ7ft9V1s1e3XioinG8sDHZMullluux8AAAAAAAAAAAAA0CWD7XN4rxURw4h4enm5LMvqp65ZH9ZR1z/uur790GVtP8kDAMC2D081ruUvIhYj4lr6rr/h8vJyWS4uLZfL5dJCfj87Wlgsl2qfa/O0um1hdIA3xINRWf2yxdp6dZM+L09qb/6+6r5GZf8AHZuNFgMHgIjYfjV65BXphCnLZ6LtdzkcD/b/k8f+z0G0/TgFAAAApq8sy7JIX+d9Oh3z77XdKQBgJvLrf/O4gFqtVqvV6pNX15XjPagXEbFRX6d6z2A4fgA4Zjbio7a7QIvk32mDiHi+7U4Ac61ouwNMxaPH99eKlG9Rfz1I47vnc0F25b9RbK2X1x83naR5jsmsHl+b0Y9n9+jPczPqwzzJ+fea+V/fbh+l5aad/6zslX+1nSst9KdtOf9+M/+Gk5N/b2z+XZXzHxwq/778AQAAAABgjuW//6/M1fHf0afdnIn2O/67OrV7BQAAAAAAAIDpevT4/lq+7jUf///CmOVc/3ky5fwL+XdSzr/XyP+rjeX6tfmHbz7J/9+P76/98e6/Pp+nB81/Ic8U6ZFVpEdEke6pGKTpUbbukzaH/VF1T8Oi1x+kc37K4dtxM27FepzftWwv/X88ab+wq73q6XCrvexvt1/c1T7Yac/rX9rVPkxnOpVLuf1srMXP41a8tdVetS1M2P7FCe3lhPacfz/+s9Nn+3935PwHtZ8q/+XUXjSmlYcf9D6x39en4+7n6s0v/ub89Ddnos3o72xbXbV9L7bQn63/k6dG8cs767fP3rtx9+7tC5Emu269GGnyGcv5D9PPzvP/S9vt+Xm/vr8+/GB06PznxWYM9sz/pdp8tb0vz7hvbcj5j9JPzv+t1D5+/z+W+VcP7333/1dm3ycAAAAAAAAAAAAAAADYV1mWW5eIXo2Iy+n6n7auzQQAZutq+sqNMsm3z6ruz/j+1OpjXhdz1p+Z1h+X89Uftfo41nXleG/Ui4j4W32dyxHx63G/DACYZx9HxD/b7gStkX+H5e/7q6Zn2u4MMFN33nv/pzdu3Vq/faftngAAAAAAAAAAn1Ye/3O1Nv73mbIsHzSW2zX+65uxetTxPwd5ZmeA0T0Gqu4ffpv2s9kb9Xu14cZfiL3G/x7uzO03/vegeQeNL08YTujPaEL7woT2xQntYy/0qMn5v1Ab7/xMRJxuDL9+AsZ/3bLf+K/NMe+7IOf/Yu3xXOX/lcZy9fzL3x/n/Hu78j93991fnLvz3vuv3nz3xjvr76z/7NKFC+cvXb585cqVc2/fvLV+fvvfFns8XTn/PPa180C7JeefM5d/t+T8v5Rq+XdLzv/LqZZ/t+T88/s9+XdLzj9/9pF/t+T8X061/Lsl5/+1VMu/W3L+r6Ra/t2S8/96quXfLTn/V1Mt/27J+Z9Ntfy7Jed/LtUHzH9p2v1iNnL++QiX/b9bcv75zAb5d0vO/2Kq5d8tOf9LqZZ/t+T8X0u1/Lsl5/+NVMu/W3L+l1Mt/27J+X8z1fLvlpz/lVTLv1ty/t9Ktfy7Jef/7VQfKv+V6fWL2cj5v55q+3+35Py/k2r5d0vO/7upln+35Py/l2r5d0vO/41Uy79bnnz/vxkzZszkmbafmQAAAAAAAAAAAACAplmcTtz2NgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD/2YEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUV9u4tRq67vgP42avXzs1ASJ3UwNoxxjib7PoSX2hdTICQJlyaGyUtje16186Cb/HaJUkj2VGgRMKoUUXb8NAWUNTmpcKq8kCrgPKAWlWqRNoH+oKoUHmIqoASpEptFbLVnPn//zszOzuz6x2vZ875fKT45505M+fMmTNn97vOdwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGpt+PDUl/uyLKv8l/+xNsuurvx99eja/LIPXOktBAAAAJbrl/mfr1+XLti/iBvVLPNP7/7Bi7Ozs7PZZwb+dOhrs7PpitEsG1qVZfl10cWfPNRXu0zwdDbS11/zdX+b1Q+0uX6wzfVDba4fbnP9qjbXjzS5bHXN3+ftgCZL96U725T/dW11l2bXZ0P5dZua3OrpvlX9/fF3Obm+/DazQ0ey6exYNpVN1C1fXbYvX/6lDZV13ZXFdfXXrGt95Qh548nDcRv6wj7eVLeuufuMfvahbPQXbzx5+K/PvHZjs9l2N9TdX3U7t2ysbOcXwyXVbe3LVqV9Erezv2Y71zd5TgbqtrMvv13l743b+foit3NgbjNXVONzPpL1539/Jd9Pg7W/1kv7aX247H9uzrLs/NxmNy4zb11Zf7am7pL+uednpHpEVu6jcii9PRtc0nG6YRHHaWVObqo/ThtfE/H53xBuN7jANtQ+TT97arjmeX9z9lKO06jyqBd6rTQeg51+rXTLMRiPi1fyB/1M02NwU3j8T25e+Bhseuw0OQbT4645Bje2Owb7hwfybU5PQl9+m7ljcFvd8gP5mvry+erm1sfg+Jnjp8ZnHn/i1unjh45OHZ06sWPbtokdu3bt2bNn/Mj0samJ6p+XuLe735qsP70GNoZ9F18D72tYtvZQnf3m8Lzz76W+DkdavA7XNizb6dfhYOOD61uZF+T8Y7r62nigstNHLvRnC7zG8udn6/Jfh+lx17wOB2teh02/pzR5HQ4u4nVYWebU1sX9zDJY81+zbVj4e8HyjsG1Ncdg488jjcdgp38e6ZZjcCQcFz/auvD3gvVhe58ZW+rPIwPzjsH0cMO5p3JJ+nl/ZE8+mh2XN1WuuGo4Ozszdfq2xw6dOXN6WxbGinhHzbHSeLyuqXlM2bzjtX/Jx+v+6Xc/c1OTy9eGfTVya+WPkQWfq8oyO29r/Vzl392a78+6S7dnYXTYSu/PZt/NK/tzOMu+/v2n7vvuk1//8IL7s5I3vzi+/J/FUy6tOf8OLXD+jbn/rer60l09PTA0WH39DqS9M1R3Pq5/qgbzc1dfvu7Xxxd3Ph4K/630+fj6FufjdQ3Ldvp8PNT44OL5uK/dbzuWp/H5HAnHybGJ1ufjyjLrti/1mBxseT6+Ocy+sP/fH5JCykU1x85Cx21a1+DgUHhcg3EN9cfpjrrlh0I2q6zrhe2Xdpxuubl6XwPp0c1ZqeN0tGHZTh+n6XdfCx2nfe1++3ZpGp/PkXBcXL+j9XFaWeblncs/d6bfz9WcO4fbHYNDA8OVbR5KB2F+vs9mV8dj8LbscHYyO5ZN5tcO58dTX76usdsXdwwOh/9W+ly5rsUxuKVh2U4fg+n72ELHXt/g/AffAY3P50g4Lp67vfUxWFnmI7s7+7PrlnBJWqbmZ9fG368t9Duvmxp20+U6VgbDdn5/d+vfzVaWObZnqTmz9X66JVxyVZP91Pj6Xeg1NZmtzH5aF7bztT0L76fK9lSW+dreRR5P+7MsO/foHfnve8O/r/zd2R++WPfvLs3+Tefco3f8/Joj/7iU7Qeg971VHWuq3+tq/mVqMf/+DwAAAPSEmPv7w0zkfwAAACiMmPvj/xWeyP8AAABQGDH3D4aZlCT/r/vIa9NvnctSM382iNen3XB3dbnYcZ0IX4/OzqlcfsfzU//9D+cWt+7+LMvevPsPmy6/7u64XVWjYTsvfrT+8nlevHVR6z744Lm03tr++jfC/cfHs9jDoFkFdyLLspeu+2q+ntGHLuTz5bsP5vO+8888XVnm9b3Vr+PtX31Hdfm/COXf/UcO1d3+1bAffhrmxD3N90e83bcvvH/97k/PrS/erm/jtfnDfu7h6v3G98l59unq8nE/L7T93/3KC9+uLP/Ye5tv/7n+5tv/Qrjf58P833dVl699Dipfx9t9KWx/XF+83W3f+l7T7b/45eryp+6sLncwzLj+LeHrTXe+Nl27vx7rO1T3uLKPVZeL65/44R/n18f7i/ffuP0jBy7U7Y/G4+Plf6vez3jD8vHyuJ7o7xvWX7mf2uMzrv+FPzpYt5/brf/ifa++q3K/jeu/pWG5U49uzdc/d3/179j0l1/6atP1xe3Z/7en6h7P/nvD6zis/7mHw/EYrv+/i9X7a3x3hYP31p9/4vLfWHuu7vFEd/2iuv6LHzyaz1Ujq9dcdfU1155/T2XfZdkrq6r31279R//qZN32f/OG6v6I18eOfuP6FxLXf/oLYydOzpydnkx79cnr8vfO+Xh1e+L2XhfOrY1fHzh55pGp06MToxNZNlrct9C7ZN8K8+fVcb710rPzzqBbHwzP501//tKazf/6lXj5vz9QvfzCPdXvW+8Lyz0bLl8bnr+lrX++5zbckL+++14OWzg7//2Cl2P9pv/as6gFw+Nv/LkgHu+n3vlIvh8q1+XfN+Lrepnb/+PJ6v18J+zX2fDOzBtvmFtf7fLxvREu3F99vS97/4XTXHxe/yY835/4afX+43bFx/vj8HPM99bVn+/i8fGdc/2N95+/i8f5cD7Jzlevj0vF/X3h9Ruabl58H5Ls/I3513+S7ufGJT3Mhcw8PjN+bPrE2cfGz0zNnBmfefyJA8dPnj1x5kD+Xp4HPtfu9nPnpzX5+WlyatfOLD9bnayOy+xKb/+pBw9P7p7YPDl15NDZI2cePDV1+ujhmZnDU5Mzmw8dOTL1hXa3n57ct2373h27t48dnZ7ct2fv3h17x6ZPnKxsRnWj2tg18fmxE6cP5DeZ2bdz77bbb985MXb85OTUvt0TE2Nn290+/940Vrn1H4ydnjp26Mz08amxmeknpvZt27tr1/a27wZ4/NSRmdHx02dPjJ+dmTo9Xn0so2fyiyvf+9rdnmKa+Y/qz7ON+qpvxJd96pZd6f1ZK55/asG7qi7S8Aair4X3ovnnt53as5ivY+4fCjMpSf4HAACAMoi5fzjMRP4HAACAwoi5f1WYifwPAAAAhRFz/0iYSUnyf+H6/+vOLWr9+v/6/7X7S/+/ZP3/+7ut/189X+j/d8Zy+/f6/4H+v/6//r/+v/4/HdBt/f+Y+1dn2dLyf3+b6wEAAICuEXP/mjCTkvz7PwAAAJRBzP1XhZnI/wAAAFAYMfdfHWZSkvyv/6//r/+v/6//33z9+v+9Sf+/Nf3/NvT/x7Ny9f/Pd3L79f/1/5mv2/r/MfdfE2ZSkvwPAAAAZRBz/7VhJvI/AAAAFEbM/deFmcj/AAAA0JtWz78o5v61YSYlyf/6//r/+v/6//r/zdev/9+b9P9b0/9vQ//f5//r/+v/01Hd1v+Puf9tYSYlyf8AAABQBjH3vz3MRP4HAACA7jN4aTeLuf8dYSbz8v8lrgAAAAC44mLuvz5rKIKX5N//9f/1//X/9f/1/5uvf/H9/4FM/7976P+3pv/fhv6//r/+v/4/HdVt/f8892cj2TvDTEqS/wEAAKAMYu6/IcxE/gcAAIDuNrL4RWPu/5XGG8r/AAAAUBgx968LMylJ/tf/1//X/9f/1/9vvn6f/9+b9P9b0/9vo9v6/w1HkP5/d2+//r/+P/N1W/8/5v4bw0xKkv8BAACgDGLuvynMRP4HAACAwoi5/1fDTOR/AAAAKIyY+9eHmZQk/+v/d3n/P/b+9P/1//X/9f/1/xdF/781/f82uq3/30D/v7u3X/9f/5/5uq3/H3P/u8JMSpL/AQAAoAxi7n93mIn8DwAAAIURc/97wkzkfwAAACiMmPtHw0xKkv/1/7u8/+/z//X/9f/1//X/l0T/vzX9/zb0//X/9f/1/+mobuv/x9y/IcykJPkfAAAAyiDm/o1hJvI/AAAAFEbM/TeHmcj/AAAAUBgx928KMylJ/tf/1//X/9f/1/9vvn79/96k/9/aYvr/+TlN/1//X/9f/1//nw7otv5/zP3vDTMpSf4HAACAMoi5f3OYifwPAAAAhRFz//vCTOR/AAAAKIyY+7eEmZQk/+v/6/+Xtf+/qmad+v/6/83Wr//fm/T/W/P5/23o/+v/6//r/9NR3db/j7n//WEmJcn/AAAAUAYx928NM5H/AQAAoDBi7r8lzET+BwAAgMKIuX8szKQk+f/K9P/fyP/U/9f/9/n/+v/6//r/nVaG/v9nl3qnNfT/29D/1//X/9f/p6O6rf8fc/+tYSYlyf8AAABQBjH33xZmIv8DAABAYcTcPx5mIv8DAABAYcTcPxFmUpL87/P/9f/1//X/l9T/f8/c/er/V+n/d5cy9P+XQ/+/Df1//f8r3v8f0v+nULqt/x9z/7Ywk5LkfwAAACiDmPu3h5nI/wAAAFAYMffvCDOR/wEAAKAwYu7fGWZSkvyv/6//r/+v/+/z/5uvX/+/N+n/t9b5/n98iPr/+v/6/z7/X/+f+bqt/x9z/+1hJiXJ/wAAAFAGMffvCjOR/wEAAKAwYu7fHWYi/wMAAEBhxNy/J8ykJPlf/78D/f/B5hfr/+v/R/r/4XjQ/9f/XwH6/635/P829P/1//X/9f/pqG7r/8fcvzfMpCT5HwAAAMog5v4PhJnI/wAAAFAYMff/WpiJ/A8AAACFEXP/r4eZlCT/6//7/H/9f/1//f/m69f/7036/63p/7eh/6//r/+v/09HdVv/P+b+fWEmJcn/AAAAUAYx9/9GmIn8DwAAAIURc/8Hw0zkfwAAACiMmPv3h5mUJP/r/+v/6//r/+v/N1+//n9v0v9vTf+/Df1//X/9f/1/Oqrb+v8x938ozKQk+R8AAADKIOb+O8JM5H8AAAAojJj7PxxmIv8DAABAYcTc/5Ewk5Lkf/1//X/9f/1//f/m69f/7036/63p/7eh/6//r/+v/09HdVv/P+b+j4aZlCT/AwAAQBnE3H9nmIn8DwAAAIURc//HwkzkfwAAACiMmPvvCjMpSf7X/9f/1//X/9f/b75+/f/epP/fmv5/G/r/Bev/j16j/6//z+XSLAHNd2n9/6vfXHCFy+z/x9z/m2EmJcn/AAAAUAYx998dZiL/AwAAQGHE3H9PmIn8DwAAAIURc//Hw0xKkv/1//X/9f/1//X/m69f/7836f+31mP9/19eGy7X/6/S/+/u7e/K/v9PFur/z65qvL3+P5fDpfX/m+pI/z/m/k+EmZQk/wMAAEAZxNz/yTAT+R8AAAAKI+b+T4WZyP8AAABQGDH3/1aYSUnyv/5/ZTvm2sv6//r/+QX6//r/+v89S/+/tR7r//v8/wb6/929/V3Z//f5/1xh3db/j7n/3jCTkuR/AAAAKIOY++8LM5H/AQAAoDBi7r8/zET+BwAAgMKIuf+BMJOS5H/9f5//r/+v/6//33z9+v+9Sf+/Nf3/NvT/9f+7rf//n/r/9LZu6//H3P9gmElJ8j8AAACUQcz9nw4zkf8BAACgMGLu/+0wE/kfAAAACiPm/s+EmZQk/+v/90r/f3RF+v+Z/r/+v/6//n+P0/9vTf+/Df1//f9u6//7/H96XLf1/2PufyjMZPH5f2TRSwIAAABXRMz9vxNmUpJ//wcAAIAyiLn/d8NM5H8AAAAojJj7PxtmUpL8f3n6/83a8PPp//v8f/1//X/9f/3/Tlu5/n888+j/6//r/0f6/4vr/882fqML9P8pom7r/8fc/3thJiXJ/wAAAFAGMfc/HGYi/wMAAEBPWMz/hR5z/4EwE/kfAAAACiPm/oNhJiXJ/z7/X/9f/79L+/9/tvFffvSDTx7cdmX6//nU/9f/70WXtf8fTzbx8/8rL36f/6//r/+f6P/7/H/9fxp1W/8/5v5DYSYlyf8AAABQBjH3/36YifwPAAAAhRFz/+EwE/kfAAAACiPm/skwk5Lkf/1//X/9/y7t//fw5//H/aH/X69j/f940tX/b2rlPv+/+vWz+v+X2P8fbnqp/r/+fy9vv/6//j/zXZb+/+yqdOFS+/8x90+FmZQk/wMAAEAZhNzff6Q6566Q/wEAAKAwYu4/GmYi/wMAAEBhxNz/SJhJSfK//r/+v/6//n+n+/8+/785n/+/MvT/W+ue/n9z+v/6/1dq+4fC1P/X/6ezuu3z/2Punw4zKUn+BwAAgDKIuf9zYSbyPwAAABRGzP2fDzOR/wEAAKAwYu4/FmZSkvyv/6//r/+v/6//33z9+v+9Sf+/Nf3/NvT/S9v/78T26//r/zNft/X/Y+4/HmZSkvwPAAAAZRBz//+zdx/PltdlHsdP9zQ13cUfMIvZUDXL2c+Gxcx65g+YhRs3VlmWBSrmRGOOmHPAnDGAIiZUFAOYUMxizoIBM2q1Jf08T9++99zfud2ee+/vfJ/Xa/PMtNOeo0MBH7rf9b0kbrH/AQAAYBi5+y+NW+x/AAAAGEbu/gfELU32v/5f/z9s///f+v/dPl//r/8fmf5/2uH2/7tHnUn/r//f5O+v/9f/s9Pc+v/c/Q+MW5rsfwAAAOggd/+D4hb7HwAAAIaRu/+yuMX+BwAAgGHk7n9w3NJk/2/r/48sevb/mfHq//ez/z/q/X/9v/5f/7//Drb/v+Iff+bT/3v/X/8f9P/6f/0/282t/8/d/5C4pcn+BwAAgA5y9z80brH/AQAAYBi5+x8Wt9j/AAAAMIzc/Q+PW5rsf+//e/9/2Pf/9f+7fr7+X/8/Mu//T+vU/19224WX3HXdv19/Lp+v/+/Q/9+0b99f/6//Z6e59f+5+x8RtzTZ/wAAANBB7v5Hxi32PwAAAAwjd/+j4hb7HwAAAIaRu//RcUuT/a//1//r//X/+v/ln6//30z6/2md+v/z+Xz9f4f+f/++v/5f/89Oc+v/c/c/Jm5psv8BAACgg9z9j41b7H8AAAAYRu7+y+MW+x8AAACGkbv/ZNzSZP/r//e///+b/l//H1f/r//X/+8//f80/f8K+n/9v/5f/89aza3/z91/RdzSZP8DAABAB7n7Hxe32P8AAAAwjNz9j49b7H8AAAAYRu7+J8QtTfa//t/7//p//b/+f/nn6/83k/5/2sH3/8v+Crk7/f/G9/8X6P/1//p/tjrH/v/uiT9tr6X/z93/xLilyf4HAACADnL3Pylusf8BAABgGLn7nxy32P8AAAAwjNz9T4lbmux//b/+f0/9f/z/+HL9v/5/C/3/afr/edH/T5vN+/9Hji39Yf3/xvf/3v/X/+v/Ocvc3v/P3f/UuCWG36X/dV7/MQEAAIAZyd3/tLilya//AwAAQAe5+58et9j/AAAAMIzc/c+IW5rsf/2//t/7//p//f/yz5/q/6/f8v30//Oi/582m/5/F/p//f8mf3/9v/6fnebW/+fuf2bc0mT/AwAAQAe5+6+MW+x/AAAAGEbu/mfFLfY/AAAADCN3/7Pjlib7f3n/f+Zf1//vjf7/7O+v/1/+x8e6+v/8d9T/T/b//+P9/570/9P0/yvo//X/+v/d+v8Tq36+/p9l5tb/5+5/TtzSZP8DAABAB7n7nxu32P8AAAAwjNz9z4tb7H8AAAAYRu7+58ctTfa/9//1//r/zev/vf9/2mG+/7848P7/mP5/j/T/0/T/K+j/9f/6f+//s1Zz6/9z978gbmmy/wEAAKCD3P0vjFvsfwAAANgMW3/vwPbfUBpy978obrH/AQAAYBi5+18ctzTZ//p//b/+X//fu/8/viH9v/f/90r/P03/v8Lh9v9HBu3/jw3W/1+128+fQ/9/uf6fmTmr/7/hzI8fVv+fu/8lcUuT/Q8AAAAd5O5/adxi/wMAAMAwcve/LG6x/wEAAGAYuftfHrc02f/73v+f2P2z9f/6f/2//v/w+/9Nef9f/79X+v9p+v8VvP/v/X/v/+v/Wauz+v8tDqv/z93/irj1jwCa7H8AAADoIHf/K+MW+x8AAACGkbv/qrjF/gcAAIBh5O5/VdzSZP97/1//r//X/+v/l3++/n8z6f+n6f9X0P/r//X/+n/Wam79f+7+V8ctTfY/AAAAdJC7/zVxi/0PAAAAw8jd/9q4xf4HAACAYeTuf13c0mT/6//3t//PH9f/6/8X+n/9v/7/QLTt/48s+yvRTrv0/7fc9+T/nf0j+n/9v/5f/6//Zw1m0f+fOvN3l7n7Xx+3NNn/AAAA0EHu/jfELfY/AAAADCN3/xvjFvsfAAAAhpG7/01xyz37f3uFunmOr/jX9f/e/9f/6//1/8s/X/+/mdr2/3vk/f8V9P/6f/2//p+1mkX/v+V/z93/5rjFr/8DAADAMHL3vyVusf8BAABgGLn73xq32P8AAAAwjNz9b4tbmux//b/+X/+v/9f/L/98/f9m0v9P0/+voP/X/6+l/79//Ij+X//P3Pr/3P1Xxy1N9j8AAAB0kLv/7XGL/Q8AAADDyN3/jrjF/gcAAIBh5O5/Z9zSZP/r//X/+n/9v/5/+efr/zeT/n+a/n+xWFwz8QWW9f+n/lX/r//3/r/+n/M0t/4/d/+74pYm+x8AAAA6yN1/Tdxi/wMAAMAwcvdfG7fY/wAAADCM3P3vjlua7H/9v/5f/6//b9T/H9H/j0//P03/v4L3//X/+n/9P2s1t/4/d/974pYm+x8AAAA6yN1/Xdxi/wMAAMAwcve/N26x/wEAAGAYufuvj1t23f9HD+BbHRz9v/5f/6//b9T/D/j+//HVH9zM/vX/C/2//l//v4L+X/+v/2e7ufX/ufvfF7f49X8AAAAYRu7+98ct9j8AAAAMI3f/B+IW+x8AAACGkbv/g3FLk/2v/9f/6//1//r/5Z+/Gf3/6s/txvv/0/T/K+j/9f/6f/0/azW3/j93/4filib7HwAAADrI3X9D3GL/AwAAwDBy9384brH/AQAAYBi5+z8StzTZ/4fR/x/dcvX/c+v/Fwv9v/5f/3/aAfT/xxf6/7XT/0/T/6+g/x+z/z+6GKj/P7Hrz9f/M0dz6/9z9380bmmy/wEAAKCD3P03xi32PwAAAAwjd//H4hb7HwAAAIaRu//jcUuT/e/9f/3/xr7/f0H8BP2//n9z+//6b1X/vz76/2n6/xX0//vV/9+xli94eN9/Rv3/7vT/zNHc+v/c/TfFLU32PwAAAHSQu/8TcYv9DwAAAMPI3f/JuMX+BwAAgGHk7v9U3NJk/+v/9f8b2/97/1//r//X/y+h/5+m/19B/z/m+//6f/0/h2Zu/X/u/k/HLU32PwAAAHSQu//muMX+BwAAgGHk7r8lbrH/AQAAYBi5+z8TtzTZ//p//b/+fzP7/+P6f/2//n+pufT/F1/8v7fq//X/+n/9v/5f/9/d3Pr/3P2fjVua7H8AAADoIHf/5+IW+x8AAACGkbv/83GL/Q8AAADDyN3/hbilyf7f2f9fsDhdqJ62rP+PRk3/v4X+/+zvr/9f/seH9//1//r//TeX/t/7/+f3/fX/+v9N/v7n1P9ftPPn6/8Z0dz6/9z9t8YtTfY/AAAAdJC7/4txi/0PAAAAw8jd/6W4xf4HAACAYeTuvy1uabL/vf+v/9f/6//1/8s/X/+/mdbb/5/Q/+v/9f/6/37v//+L/p/1mVv/n7v/y3FLk/0PAAAAHeTu/0rcYv8DAADAMHL3fzVusf8BAABgGLn7vxa3NNn/+n/9v/5f/6//X/75+v/N5P3/afr/FWba/+ffoer/5/39h+n/vf/PGq21/9/+F6Xz6P9z9389bmmy/wEAAKCD3P3fiFvsfwAAABhG7v5vxi32PwAAAAwjd/+34pYm+3/9/f9F+v+g/59L/39v/f+2z9f/6/9Hpv/Pv6Ivp/9f4Z4/zR2bXf+f9P/z/v76f/0/O621/1/s+NvRc+7/c/ffHrc02f8AAADQQe7+b8ct9j8AAAAMI3f/d+IW+x8AAACGkbv/u3FLk/3v/f9e/f+RRcf+3/v/+n/9fyf6/2n6/xVm+v5/0v/P+/vr//X/7DS3/j93//filib7HwAAADbV///n/W7f6/9t7v7vxy32PwAAAAwjd/8P4hb7HwAAAIaRu/+HcUuT/a//79X/93z/X/+v/9f/d6L/n6b/X0H/r//X/+v/Wau59f+5+38Ut2wZfsfO+T8lAAAAMCe5+38ctzT59X8AAADoIHf/T+KWHfv/1B5/VzsAAAAwN7n7fxq37OHX//9j377VwdH/z7z/X4zf/9+50P/r/0/T/+v/10H/P+2f7P9PHdH/6/8n6P/1//p/tptb/5+7/2dxi9//DwAAAJvsrH+ikLv/53GL/Q8AAADDyN3/i7jF/gcAAIBh5O6/I25psv/1/zPv/8/r/f8T9T9tQv/v/f997P+vPL708/X/+v+R6f+nef9/Bf2//l//r/9nrebW/+fuvzNuabL/AQAAoIPc/b+MW+x/AAAAGEbu/l/FLfY/AAAADCN3/6/jlib7X/8/Yv+/We//6/+9/3/+/f+/XXjy5nvd59qr9f+csfb+P/7WYFn/n38s6P8PpP+/cdm/n/5f/z+n76//1/+z09z6/9z9v4lbmux/AAAA6CB3/11xi/0PAAAAw8jd/9u4xf4HAACAYeTu/13c0mT/6//1/3Pp//O/60Po/09uXv+fTXH3/t/7//r/nbz/P22D+3/v/+v/Z//99f/6f3aaW/+fu//3cUuT/Q8AAAAd5O7/Q9xi/wMAAMAwcvf/MW6x/wEAAGAYufv/FLc02f/6f/3/XPr/5P3/Mz/P+/+n6f/1/+dC/z9N/7+C/l//r//X/7NWc+v/c/f/OW5psv8BAACgg9z9d8ct9j8AAAAMI3f/X+IW+x8AAACGkbv/r3FLk/2v/9f/6//1//r/5Z+v/99M+v9p+v8V9P/6f/2//p+1mlv/n7v/7wEAAP//TYN26A==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
chdir(&(0x7f0000000000)='./file0\x00')
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x3e, 0x0, 0x0)

3m41.958153404s ago: executing program 3 (id=5508):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000780)=ANY=[@ANYBLOB="12010000cf8bed20d90f25004029000000010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000580)={0x24, &(0x7f0000000700)=ANY=[@ANYBLOB="201109"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000200)={0x1, 0x6, 0x5, &(0x7f0000000040)={0x51, "cc9efc7ddb01702fa9a7f77d040b00"}})

3m39.606033472s ago: executing program 3 (id=5522):
openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0)
r0 = syz_io_uring_setup(0x234, &(0x7f0000000580)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31})
io_uring_enter(r0, 0x207a98, 0x0, 0x0, 0x0, 0x0)

3m39.132979015s ago: executing program 33 (id=5522):
openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0)
r0 = syz_io_uring_setup(0x234, &(0x7f0000000580)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31})
io_uring_enter(r0, 0x207a98, 0x0, 0x0, 0x0, 0x0)

3m11.938780406s ago: executing program 5 (id=5705):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r0)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000080)={'wpan0\x00', <r2=>0x0})
sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x40, r1, 0xb, 0x70bd2c, 0x25dfdbbb, {}, [@IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0xfffe}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT={0x8, 0x2c, 0x2}, @IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r2}]}, 0x40}, 0x1, 0x0, 0x0, 0x10}, 0xc0)

3m11.703596503s ago: executing program 5 (id=5708):
r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000007794608cd0c39007b90000000010902120001fc0000000904"], 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
read(r1, 0x0, 0x0)

3m9.66984989s ago: executing program 5 (id=5723):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00'})
mprotect(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4)
r0 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
ioctl$sock_bt_bnep_BNEPGETCONNLIST(r0, 0x800442d2, &(0x7f0000000100)={0x0, 0x0})

3m9.365749164s ago: executing program 5 (id=5725):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20)
mkdir(&(0x7f0000000000)='./control\x00', 0x0)
rmdir(&(0x7f00000003c0)='./control\x00')

3m9.12728532s ago: executing program 5 (id=5729):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x177)
write$binfmt_elf64(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="7f454c4620040000000000000000000002003e00ebffffff7c000000000000004000000000000000820000000000000000000000090038000100feff02000300030000000f000000080000000000f6fffe070000000000000000000000000000e5"], 0xed)
close(r0)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x1000)

3m8.678160547s ago: executing program 5 (id=5732):
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x14)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)

3m8.018120776s ago: executing program 34 (id=5732):
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x14)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)

1m58.470315462s ago: executing program 4 (id=6291):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="440000002000010026bd7000ffffffff0a14204003000006fffffff014000100ff020000000000000000000000000001140002"], 0x44}, 0x1, 0x0, 0x0, 0x40814}, 0x4000004)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00!'], 0x5c}}, 0x0)

1m58.287017619s ago: executing program 4 (id=6295):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000ff000040720501cb652601020301090212ffe6000000000904"], 0x0)
syz_usb_control_io$uac1(r0, &(0x7f00000000c0)={0x14, 0x0, &(0x7f0000000080)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x9b8a7a6ba499d6c0}}}, 0x0)
syz_usb_control_io(r0, &(0x7f0000000680)={0x2c, 0x0, &(0x7f0000000480)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, 0x0, &(0x7f0000000140)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0, 0x0}, 0x0)

1m56.104372018s ago: executing program 4 (id=6313):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/key-users\x00', 0x0, 0x0)
read$FUSE(r0, &(0x7f0000000400)={0x2020}, 0x2020)
preadv2(r0, &(0x7f0000000280)=[{&(0x7f0000000040)=""/70, 0x46}], 0x1, 0x101, 0x4, 0x2)
read$FUSE(r0, &(0x7f0000002440)={0x2020}, 0x2020)

1m55.948381009s ago: executing program 4 (id=6315):
syz_mount_image$hfsplus(&(0x7f00000001c0), &(0x7f0000000400)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x4040, &(0x7f0000000340)={[{@creator={'creator', 0x3d, "0448dc1a"}}, {@barrier}, {@gid}, {@uid}, {}, {@nodecompose}, {@gid}, {@type={'type', 0x3d, "0da5b329"}}, {@nobarrier}, {@nobarrier}]}, 0x20, 0x6fe, &(0x7f0000000c00)="$eJzs3U9oXHkdAPDvm5lMMl3IztZ2t4rQsMWiW22TDIsVBKuI5LBowcteY5tuQydpSbKSFrGz6qo3PUkPe1iReNiTeBBWPIj1JgiC994LHrwVD468N+9NZvJ3Js0ksfv5wJv3e+/9/nx/33nz5k9aXgCfWHNvx1grkpi79NZ6uv1ko9F8stFYKsoRMR4RpYhKZxXJckTyOOJadJb4dLoz7y7ZbZw3n378wcVHHzU6W5V8yeqX9mq3qb3HCK18iamIKOfrIVV26+/GDv09HKrrpBt3mrALReLguLW3aQ3TfIDXLXDSPYwoj+2wvx5xKiIm8s8BkV8dSkcc3qEb6ioHAAAAJ1N5vwovP4tnsR6TRxMOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvBiSzj0Dk3wpFeWpSPL7/38nr5apVo833H18cZ/j7986okAAAAAAAAAA4PCNbRbPP4tnsR6TxXY7yf7m/3q2cSZ7fCnejdVYiJW4HOsxH2uxFisxEzE22dNndX1+bW1lZnvLX0Xast1uP8xbzkZEfVvL2RHPGQAAAAAAAABebD+KuZg87iAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBXElHurLLlTFGuR6kSERMRUU3rtSL+VJRPgvoB2/35kOMAAACAE6iWryeT/3YK7ST7zv9q9r1/It6N5ViLxViLZizEzey3gM63/tI/Wo3mk43GUrps7/jr/8p6aw8YR9ZjRJTjvV1Gns5qnO22mItvxXfjUkzF9ViJxfh+zMdaLMRU1NJJxHwkUa91fr2oF3H2x1vOu7rWF8r1rbGd37J9LoukFrdiMYvtctyoFr2VshpJnOsZ7Q/ViC0Zei/NTvK13IA5utnzfP0y/10m1355wD5Go57NfKybkek093k2Xtk594XOeXLgkWai1P0N6szmKOnm1pGKnH9vmJyfytdprn/an/PDNuRPaVszMRul/OyLeLU/5/c+9+h0f+Mv/PMv12+Xlu/cvrV6aYRTOiSVHfeOFYWtmWj0ZOK1vc++PBPNNBOtwTMxtnXHxMBzGalqno3OhW2wq+U3s9J8vN5zCt5dTh+/HNMxE1djOr4Ss9HoO8PO9uW10ljqz0n2Wittv77V9gj+wud7Kv1sn8qjsPt4aV5e6clr75Wunh3L91z7RUz3ZOn03mffQd4FKp/JC+kYP+6+45wEfZnIr81FdMUb1C6Z+HX2OWG1uXxn5fb8vQHHu5iv05ft+/3X5t8892SeS3q+nO5euLKc1IrzJT32qW60/fmq5n9x6bQrbTt2tnusHpOxGN+Ou3EzFnZ4pVbzz3Dbe+oce23HY43s2LmeY32fcuJuNLNPIVtMHU1WARjYqTdOVWtPa3+vfVj7Se127a2Jb4xfHf9sNcb+Wvlj+Xel35a+mrwRH8YPY/K4IwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgBfB6v0Hd+abzYWVERaqBxwrSvvW2XhpsA6jHrH3WEleqI46G0MXfp7fr/Dwev73xJ7ZqMWIpvP7vWdRfe4hkkhaI35S0mfiUDosbpyW7WmX9231tysRnT2VaLfbD7uHtj6VlVid2O0ZHN+sHPU7883/tPvq1KLnJQO84K6sLd27snr/wZcWl+bfWXhnYXn2anF73FuLzYXpK9njMQcJjMTq/Qfl444BAAAAAAAAAAAAGE7+r//XVkppIRn+f+lU9qlTXVndeeTzRz1VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4P/U3Nsx1ookZqYvT6fbTzYazXQpyps1KxFRiojkBxHJ44hr0Vmi3tNdsts4bz79+IOLjz5qbPZVKeqX9mo3mFa+xFRElPP1/sZ36GZ7fzd6+msdKLykO8M0YReKxMFx+18AAAD//yBC8a4=")
mount$nfs4(&(0x7f0000000040)='/', &(0x7f0000000080)='./file0\x00', 0x0, 0x197841, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='mounts\x00')
read$FUSE(r0, &(0x7f0000002140)={0x2020}, 0x2100)

1m55.567786449s ago: executing program 4 (id=6319):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f00000000c0))
ppoll(&(0x7f0000000080)=[{r0, 0x5300}], 0x1, 0x0, 0x0, 0x0)
ioctl$SNDCTL_DSP_GETISPACE(r0, 0x8010500d, &(0x7f0000000600))

1m54.794003887s ago: executing program 4 (id=6327):
syz_mount_image$exfat(&(0x7f0000002000), &(0x7f0000000240)='./file1\x00', 0x8, &(0x7f0000002140)={[{@errors_continue}, {@iocharset={'iocharset', 0x3d, 'cp1255'}}, {}, {@iocharset={'iocharset', 0x3d, 'iso8859-9'}}, {@namecase}, {@namecase}, {@gid}, {@dmask={'dmask', 0x3d, 0x1}}, {@time_offset={'time_offset', 0x3d, 0x6}}, {@errors_remount}, {@namecase}]}, 0x1, 0x1533, &(0x7f00000037c0)="$eJzs3AuYTlX3APC19t5nDElvk1yGvfc6vMllmyTJJUkuSZIkSW4JSZN8kpAYcksakpBchuQyhOQyMWnc7/dLQpI0SZIkt2T/nyk+9a/v3vf5nm/W73nex17vOWufdd51zrznHMxXXYbWbFyrWkMign8J/vxHEgDEAsBAALgKAAIAKBdXLi5reU6JSf/aRtgf64HUy10Bu5y4/9kb9z974/5nb9z/7I37n71x/7M37n/2xv1nLDvbPL3g1fzKvi9+/p+d8ff//5DM0mM/W1v62q4AMX9vCvc/e+P+/88K/p6VuP/ZG/c/u4q93AWw/wJ8/v9viQ9/790cf3F97n/2xv1nLDu73M+f//0v+VeXQyQ7fAZ/Zf8ZY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjLH/gNP+EgUAF8eXuy7GGGOMMcYYY4z9cXyOy10BY4wxxhhjjDHG/v0QBEhQEEAM5IBYyAm5QADAlZAHroIIXA1xcA3khWshH+SHAlAQ4qEQFAYNBiwQhFAEikIUroNicD0UhxJQEkqBg9KQADdAGbgRysJNUA5uhvJwC1SAilAJKsOtUAVug6pwO1SDO6A61ICaUAvuhNpwF9SBu6Eu3AP14F6oD/dBA7gfGsID0AgehMbwEDSBh6EpNIPm0AJa/lP5z0EPeB56Qi9Igt7QB16AvtAP+sMAGAgvwiB4CQbDy5AMQ2AovALD4FUYDq/BFTASRsHrMBregDEwFsbBeEiBCTAR3oRJ8BZMhikwFaZBKkyHGfA2zIRZMBvegTnwLsyFeTAfFkAavAcLYRGkw/uwGD6ADFgCS2EZLIcVsBJWwWpYA2thHayHDbARNsFm2AJbYRtshx2wEz6EXfAR7IY9sPfP/ftH8k/9Iv9j2AddERBQoECFCmMwBmMxFnNhLsyNuTEP5sEIRjAO4zAv5sV8mA8LYAGMx3gsjIXRoEFCwiJYBKMYxWJYDItjcSyJJbMOIEzABCyDN2JZLIvlsByWx/JYAStiRayMlbEKVsGqWBWrYTWsjtWxJtbEO/FO7I11sA7WxbpYD+tdfDyFDbEhNsJG2BgbYxNsgk2xKTbH5tgSW2IrbIWtsTW2xbbYDtthe2yPiZiIHbADdsSO2Ak7YWfsjF2wC3bFbtgt87kcgM/j89gLq4ve2Af7YF9MztEfB+AAfBEH4Uv4Er6MyTgEh+Ir+Aq+isPxJI7AkTgKR2EV8QaOwbFIYjymYApOxIk4CSfhZJyCU3AapuJ0nIEzcCbOwln4Ds7Bd/FdnIfzcAGmYRouxEWYjum4GE9hBi7BpbgMl+MKXI6rcDWuwrW4DtfiBtyAm3ATbsEtuA234Q7cgR+iAsCPcA/uwWTch/twP+7HA3gAD+JBzMRMPISH8DAexiN4BI/iUTyG3+Jx/BZP4Ak8iafwNJ7Gs3gWz+Ez8V80+rDEmmQQWZRQIkbEiFgRK3KJXCK3yC3yiDwiIiIiTsSJvCKvyCfyiQKigIgX8aKwKCyMMIJEGAMAIiqiopgoJoqL4qKkKCmccCJBJIgyoowoK8qKcuJmUV7cIiqIiqKNqywqiyqirasqbhfVRDVRXdQQNUUtUUvUFrVFHVFH1BV1RT1RT9QX94kGojf2xwdEVmcaiyHYRAzFpqKZkBfOgFZiOLYWbURb8ZgYiSOwvWjlEsWTooMYgx3Fn8RYfFp0FuOxi3hWdBXdRHfxnOghWrueopeYjL1FHzEN+4p+or8YIGZiDfEOzslZU7wsksUQMVS8Ihbgq2K4eE2MECPFKPG6GC3eEGPEWDFOjBcpYoKYKN4Uk8RbYrKYIqaKaSJVTBczxNtippglZot3xBzxrpgr5on5YoFIE++JhWKRSBfvi8XiA5EhloilYplYLlaIlWKVWC3WiLVinVgvNoiNYpPYLLaIrWKb2C52iJ3iQ7FLfCR2iz1ir/hY7BOfiP3iU3FAfCYOis9FpvhCHBJfisPiK3FEfC2Oim/EMfGtOC6+EyfE9+KkOCVOizPirPhBnBM/ivPCC5AohZRSyUDGyBwyVuaUueQVMrcMLny6V8s4eY3MK6+V+WR+WUAWlPGykCwstTTSSpKhLCKLyqi8ThaT18visoQsKUtJJ0vLBHmDLCNvlGXlTbKcvFmWl7fICrKirCQry1tlFXmbhMjP26gua8iaspa8UybBXbKOvFvWlffIevJeWV/eJxvI+2VD+YBsJB+UjeVDsol8WDaVzWRz2UK2lI/IVvJR2Vq2kW3lY7KdfFy2l0/IRPmk7CD9hUPkadlZPiO7yGdlV9lNdpc/yvPSy56yl4TeIPvIF2Rf2U/2lwPkQPmiHCRfkoPlyzJZDpFD5StymHxVDpevyRFypBwlX5ej5RtyjBwrx8nxMkVOkBPlm3KSfEtOllPkVDlNpsrpsv+FmWZL+Tfz3/xlftZPTjldDv5p65vkZrlFbpXb5Ha5Q+6UH8pdcpfcLXfLvXKv3Cf3yf1yvzwgD8iD8qDMlJnykDwkD8vD8og8Io/Ko/KY/Faekd/JE/J7eVKekqfkGXlWnpXnLnwGoFAJJZVSgYpROVSsyqlyqStUbnWlyqOuUhF1tYpT16i86lqVT+VXBVRBFa8KqcJKK6OsIhWqIqqoiqrr8MIBo0qqUsqp0ipB3fCP5Kti6npVXJX4Vf7F+pL+Qn0tVUvVSrVSrVVr1Va1Ve1UO9VetVeJKlF1UB1UR9VRdVKdVGfVWXVRXVRX1VV1V91VD9VD9VQ9VZJKUn3UC6qv6qf6qwFqoHpRDVKD1GA1WCWrZDVUDVXD1DA1XA1XI1ROABilRqvRaowao8apcSpFpaiJaqKapCapyWqymqqmqlSVqmaoGWqmmqlmq9lqjpqj5qq5ar6ar9JUmlqoFqp0la4Wq8UqQy1RS9QytUytUCvUKrVKrVFr1Dq1Tm1QG1SG2qw2q61qq9qutqudaqfapXap3Wq32qv2qn1qn9qv9qsD6oA6qA6qTJWpDqlD6rA6rI6oI+qoOqqOqWPquDquTqgT6qQ6qU6r0+qsOqvOqXPqvDqvIBAgAhGoQAUxQUwQG8QGuYJcQe4gd5AnyBNEgkgQF8QFeYNrg3xB/qBAUDCIDwoFhQMdmMAG4kLTo8F1QbHg+qB4UCIoGZQKXFA6SAhuCMoENwZlg5uCcsHNQfnglqBCUDGoFFQObg2qBLcFVYPbg2rBHUH1oEZQM6gV3BnUDu4K6gR3B3WDe4J6wb1B/eC+oEFwf9AweCBoFDwYNA4eCpoEDwdNg2ZB86BF0PIPnd/7k/kfdT11L52ke+s++gXdV/fT/fUAPVC/qAfpl/Rg/bJO1kP0UP2KHqZf1cP1a3qEHqlH6df1aP2GHqPH6nF6vE7RE/RE/aaepN/Sk/UUPVVP06l6up6h39Yz9Sw9W7+j5+h39Vw9T8/XC3Safk8v1It0un5fL9Yf6Ay9RC/Vy/RyvUKv1Kv0ar1Gr9Xr9Hq9QW/Um/RmvUVv1dv0dr1D79Qf6l36I71b79F79cd6n/5E79ef6gP6M31Qf64z9Rf6kP5SH9Zf6SP6a31Uf6OP6W/1cf2dPqG/1yf1KX1an9Fn9Q/6nP5Rn9c+6+I+6+vdKKNMjIkxsSbW5DK5TG6T2+QxeUzEREyciTN5TV6Tz+QzBUwBE2/iTWFT2GQhQ6aIKWKiJmqKmWKmuCluSpqSxhlnEkyCKWPKmLKmrClnypnyprypYCqYSqaSudXcam4zt5nbze3mDnOHqWFqmFqmlqltaps6po6pa+qaeqaeqW/qmwamgWloGppGppFpbBqbJqaJaWqamuamuWlpWppWppVpbVqbtqataWfamfamvUk0iVknseloOppOppPpbDqbLqaL6Wq6mu6mu+lhepiepqdJMkmmj+lj+pq+pr/pbwaagWaQGWQGm8Em2SSboWaoGWaGmeFmuBlhRppRWReq5g0zxow148x4k2JSzEQz0Uwyk8xkM9lMNVNNqkk1M8wMM9PMNLPNbDPHzDFzzVwz38w3aSbNLDQLTbpJN4vNYpNhMsxSs9QsN8vNSrPSrDarzVqz1qyH9Waj2Wg2m81mq9lqtpvtZqfZaXaZXWa32W32mr1mn9ln9pv95oA5YA6agybTZJpD5pA5bA6bI+aIOWqOmmPmmDlujpsT5oQ5aU6a0+a0OWvyX/i+9CbW5rS57BU2t73S5rFX2f8fF7AFbbwtZAtbbfPZ/L+KjbW2uC1hS9pS1tnSNsHe8Ju4gq1oK9nK9lZbxd5mq/4mrm3vsnXs3bauvcfWsnf+Kq5n77X17UO2ASKAbWYb2Ra2sX3INrEP26a2mW1uW9h29nHb3j5hE+2TtoN96jfxQrvIrrZr7Fq7zu62e+xpe8Yetl/Zs/YH29P2sgPti3aQfckOti/bZDvkN/Eo+7odbd+wY+xYO86O/0081U6zqXa6nWHftjPtrN/EafY9O8em27l2np1vF/wUZ9WUbt+3i+0HNsMGsNQus8vtCrvSrvpzrcvsBrvRbrK77Ed2q91mt9sddufFC2G7x+61H9t99hN7yH5pD9jP7EF7xGbaL36Ks/bviP3aHrXf2GP2W3vcfmdP2O/Vxeysff/O/mjPW2+BkIAkKQoohnJQLOWkXHQF5aYrKQ9dRRG6muLoGspL11I+yk8FqCDFUyEqTJoMWSIKqQgVpShdRxfLK0mlyFFpSqAbqAzdSGXpJipHN1N5uoUqUEWqRJXpVqpCt1FVup2q0R1UnWpQTapFd1Jtuovq0N1Ul+6henQv1af7qAHdTw3pAWpED1Jjeoia0MPUlJpRc2pBLekRakWPUmtqQ23pMWpHj1N7eoIS6UnqQE9RR/oTdaKnqTM9Q13oWepK3ag7PUc96HnqSb0oiXpTH3qB+lI/6k8DaCC9SIPoJRpML1MyDaGh9AoNo1dpOL1GI2gkjaLXaTS9QWNoLI2j8ZRCE2givUmT6C2aTFNoKk2jVJpOM+htmkmzaDa9Q3PoXZpL82g+LaA0eo8W0iJKp/dpMX1AGbSEltIyWk4raCWtotW0htbSOlpPG2gjbaLNtIW20jbaTjtoJ31Iu+gj2k17aC99TPvoE9pPn9IB+owO0ueUSV/QIfqSDtNXdIS+vnidRsfpOzpB39NJOkWn6QydpR/oHP1I58kThBiKUIYqDMKYMEcYG+YMc4VXhLnDK8M84VVhJLw6jAuvCfOG14b5wvxhgbBgGB8WCguHOjShDSkMwyJh0TAaXhcWC68Pi4clwpJhqdCFpcOE8IawTHhjWDa8KSwX3hyWD28JK4QVw4fuqRzeGlYJbwurhreH1cI7wuphjbBmWCu8M6wd3hXWCe8O64b3hGXDe8P64X1hg/D+sGH4QNgofDBsHD4UNgkfDpuGzcLmYYuwZfhI2Cp8NGwdtgnbho+F7cLHw/bhE2Fi+GTYIXzqp+X3LvrLy5PC3mGf8IXwhdD7u+X86IJoWvS96MLoomh69P3o4ugH0YzokujS6LLo8uiK6Mroqujq6Jro2ui66ProhujG6Kao97VygEMnnHTKBS7G5XCxLqfL5a5wud2VLo+7ykXc1S7OXePyumtdPpffFXAFXbwr5Ao77YyzjlzoiriiLuquc8Xc9a64K+FKulLOudIuwbVwLV1Lt7UsQGvXxrV1j7nH3OPucfeEe8I96Tq4p1xH9yfXyT3tOrtn3DPuWdfVdXPd3XOuh5uQ5+eDIMn1cX1cX9fX9Xf93UA30A1yg9xgN9glu2Q31A11w9wwN9wNdyPcCDfKjXKj3Wg3xo1x49w4l+JS3EQ30U1yk9xkN9lNdVNdqkt1M9wMN9PNdFVm/byVuW6um+/muzSX5ha6rGvGdLfYLXYZLsMtdUvdcrfcrXQr3Wq32q11a916t95tdBvdZrfZbXVb3Xa33e10O90ut8vt9lf9PKnb5/a7/e6AO+AOus9dpvvCHXJfusPuK3fEfe2Oum/cMfetO+6+cyfc9+6kO+VOuzPurPvBnXM/uvPOu5TIhMjEyJuRSZG3IpMjUyJTI9MiqZHpkRmRtyMzI7MisyPvROZE3o3MjcyLzI8siKRF3ossjCyKpEfejyyOfBDJiCyJLI0siyyPrIh4X2hr6Iv4oj7qr/PF/PW+uC/hS/pS3vnSPsHf4Mv4G31Zf5Mv52/25f0tvoKv6Cv5h31T38w39y18S/+Ib+Uf9a19G9/WP+bb+cd9e/+ET/RP+g7+Kd/R/8l38k/7zv4Z38U/67v6br67f8738M/7nr6XT/K9fR//gu/r+/n+foAf6F/0g/xLfrB/2Sf7IX6of8UP86/64f41P8KP9KNiXvejL94iw3if4if4if5NP8m/5Sf7KX6qn+ZT/XQ/w7/tZ/pZfrZ/x8/x7/q5fp6f7xf4NP+eX+gX+XT/vl/sP/AZfsnFh5J+pV/lV/s1fq1f59f7DX6j3+Q3+y1+q9/mt/sdfqf/0O/yH/ndfo/f6z/2+/wnfr//1B/wn/mD/nOf6b/wh/yX/rD/yh/xX/uj/ht/zH/rj/vv/An/vT/pT/nT/ow/63/w5/yP/jz/nzXGGGOMsb/LhEtD8eslP98m9v6dHPGLlfsAwJXbCmb+cnnWFeX6fD+P+4n4dhEAeLJXlwcuvqpXT0pKurBuhoSg6DyAi38TlCUGLsVLoC08DonQBsr8bv39RLez9Dfmj94MkOsXObFwKb40/6cAmPQ78z/y2KiF5cPTcX9l/nkAxYteyskJl+Il0Pan5yttoOxfqD9/q79Rf87PUgBa/yInN1yKL9WfAI/CU5D4qzUZY4wxxhhjjLGf9ROVOl28/7z4Lz5/7/48Xl3KyQGX4r91f84YY4wxxhhjjLHL7+lu3Z94JDGxTad/fFD1n8r6uwdN4N818x8/yAn/FWX8awPvAS6+owDgX5wQIGsg/5N7seU/sq3kC6fO/1+0/IwP4L+jlf/8YNyf37nMP5gYY4wxxhhjf7hLV/+/fl9droIYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjLFs6D/xe8Uu9z4yxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjl9v/BQAA//+pJfYM")
r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
fchown(r0, 0xffffffffffffffff, 0x0)
getsockopt$XDP_MMAP_OFFSETS(r0, 0x11b, 0x1, 0x0, 0x0)

1m54.532593689s ago: executing program 35 (id=6327):
syz_mount_image$exfat(&(0x7f0000002000), &(0x7f0000000240)='./file1\x00', 0x8, &(0x7f0000002140)={[{@errors_continue}, {@iocharset={'iocharset', 0x3d, 'cp1255'}}, {}, {@iocharset={'iocharset', 0x3d, 'iso8859-9'}}, {@namecase}, {@namecase}, {@gid}, {@dmask={'dmask', 0x3d, 0x1}}, {@time_offset={'time_offset', 0x3d, 0x6}}, {@errors_remount}, {@namecase}]}, 0x1, 0x1533, &(0x7f00000037c0)="$eJzs3AuYTlX3APC19t5nDElvk1yGvfc6vMllmyTJJUkuSZIkSW4JSZN8kpAYcksakpBchuQyhOQyMWnc7/dLQpI0SZIkt2T/nyk+9a/v3vf5nm/W73nex17vOWufdd51zrznHMxXXYbWbFyrWkMign8J/vxHEgDEAsBAALgKAAIAKBdXLi5reU6JSf/aRtgf64HUy10Bu5y4/9kb9z974/5nb9z/7I37n71x/7M37n/2xv1nLDvbPL3g1fzKvi9+/p+d8ff//5DM0mM/W1v62q4AMX9vCvc/e+P+/88K/p6VuP/ZG/c/u4q93AWw/wJ8/v9viQ9/790cf3F97n/2xv1nLDu73M+f//0v+VeXQyQ7fAZ/Zf8ZY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjLH/gNP+EgUAF8eXuy7GGGOMMcYYY4z9cXyOy10BY4wxxhhjjDHG/v0QBEhQEEAM5IBYyAm5QADAlZAHroIIXA1xcA3khWshH+SHAlAQ4qEQFAYNBiwQhFAEikIUroNicD0UhxJQEkqBg9KQADdAGbgRysJNUA5uhvJwC1SAilAJKsOtUAVug6pwO1SDO6A61ICaUAvuhNpwF9SBu6Eu3AP14F6oD/dBA7gfGsID0AgehMbwEDSBh6EpNIPm0AJa/lP5z0EPeB56Qi9Igt7QB16AvtAP+sMAGAgvwiB4CQbDy5AMQ2AovALD4FUYDq/BFTASRsHrMBregDEwFsbBeEiBCTAR3oRJ8BZMhikwFaZBKkyHGfA2zIRZMBvegTnwLsyFeTAfFkAavAcLYRGkw/uwGD6ADFgCS2EZLIcVsBJWwWpYA2thHayHDbARNsFm2AJbYRtshx2wEz6EXfAR7IY9sPfP/ftH8k/9Iv9j2AddERBQoECFCmMwBmMxFnNhLsyNuTEP5sEIRjAO4zAv5sV8mA8LYAGMx3gsjIXRoEFCwiJYBKMYxWJYDItjcSyJJbMOIEzABCyDN2JZLIvlsByWx/JYAStiRayMlbEKVsGqWBWrYTWsjtWxJtbEO/FO7I11sA7WxbpYD+tdfDyFDbEhNsJG2BgbYxNsgk2xKTbH5tgSW2IrbIWtsTW2xbbYDtthe2yPiZiIHbADdsSO2Ak7YWfsjF2wC3bFbtgt87kcgM/j89gLq4ve2Af7YF9MztEfB+AAfBEH4Uv4Er6MyTgEh+Ir+Aq+isPxJI7AkTgKR2EV8QaOwbFIYjymYApOxIk4CSfhZJyCU3AapuJ0nIEzcCbOwln4Ds7Bd/FdnIfzcAGmYRouxEWYjum4GE9hBi7BpbgMl+MKXI6rcDWuwrW4DtfiBtyAm3ATbsEtuA234Q7cgR+iAsCPcA/uwWTch/twP+7HA3gAD+JBzMRMPISH8DAexiN4BI/iUTyG3+Jx/BZP4Ak8iafwNJ7Gs3gWz+Ez8V80+rDEmmQQWZRQIkbEiFgRK3KJXCK3yC3yiDwiIiIiTsSJvCKvyCfyiQKigIgX8aKwKCyMMIJEGAMAIiqiopgoJoqL4qKkKCmccCJBJIgyoowoK8qKcuJmUV7cIiqIiqKNqywqiyqirasqbhfVRDVRXdQQNUUtUUvUFrVFHVFH1BV1RT1RT9QX94kGojf2xwdEVmcaiyHYRAzFpqKZkBfOgFZiOLYWbURb8ZgYiSOwvWjlEsWTooMYgx3Fn8RYfFp0FuOxi3hWdBXdRHfxnOghWrueopeYjL1FHzEN+4p+or8YIGZiDfEOzslZU7wsksUQMVS8Ihbgq2K4eE2MECPFKPG6GC3eEGPEWDFOjBcpYoKYKN4Uk8RbYrKYIqaKaSJVTBczxNtippglZot3xBzxrpgr5on5YoFIE++JhWKRSBfvi8XiA5EhloilYplYLlaIlWKVWC3WiLVinVgvNoiNYpPYLLaIrWKb2C52iJ3iQ7FLfCR2iz1ir/hY7BOfiP3iU3FAfCYOis9FpvhCHBJfisPiK3FEfC2Oim/EMfGtOC6+EyfE9+KkOCVOizPirPhBnBM/ivPCC5AohZRSyUDGyBwyVuaUueQVMrcMLny6V8s4eY3MK6+V+WR+WUAWlPGykCwstTTSSpKhLCKLyqi8ThaT18visoQsKUtJJ0vLBHmDLCNvlGXlTbKcvFmWl7fICrKirCQry1tlFXmbhMjP26gua8iaspa8UybBXbKOvFvWlffIevJeWV/eJxvI+2VD+YBsJB+UjeVDsol8WDaVzWRz2UK2lI/IVvJR2Vq2kW3lY7KdfFy2l0/IRPmk7CD9hUPkadlZPiO7yGdlV9lNdpc/yvPSy56yl4TeIPvIF2Rf2U/2lwPkQPmiHCRfkoPlyzJZDpFD5StymHxVDpevyRFypBwlX5ej5RtyjBwrx8nxMkVOkBPlm3KSfEtOllPkVDlNpsrpsv+FmWZL+Tfz3/xlftZPTjldDv5p65vkZrlFbpXb5Ha5Q+6UH8pdcpfcLXfLvXKv3Cf3yf1yvzwgD8iD8qDMlJnykDwkD8vD8og8Io/Ko/KY/Faekd/JE/J7eVKekqfkGXlWnpXnLnwGoFAJJZVSgYpROVSsyqlyqStUbnWlyqOuUhF1tYpT16i86lqVT+VXBVRBFa8KqcJKK6OsIhWqIqqoiqrr8MIBo0qqUsqp0ipB3fCP5Kti6npVXJX4Vf7F+pL+Qn0tVUvVSrVSrVVr1Va1Ve1UO9VetVeJKlF1UB1UR9VRdVKdVGfVWXVRXVRX1VV1V91VD9VD9VQ9VZJKUn3UC6qv6qf6qwFqoHpRDVKD1GA1WCWrZDVUDVXD1DA1XA1XI1ROABilRqvRaowao8apcSpFpaiJaqKapCapyWqymqqmqlSVqmaoGWqmmqlmq9lqjpqj5qq5ar6ar9JUmlqoFqp0la4Wq8UqQy1RS9QytUytUCvUKrVKrVFr1Dq1Tm1QG1SG2qw2q61qq9qutqudaqfapXap3Wq32qv2qn1qn9qv9qsD6oA6qA6qTJWpDqlD6rA6rI6oI+qoOqqOqWPquDquTqgT6qQ6qU6r0+qsOqvOqXPqvDqvIBAgAhGoQAUxQUwQG8QGuYJcQe4gd5AnyBNEgkgQF8QFeYNrg3xB/qBAUDCIDwoFhQMdmMAG4kLTo8F1QbHg+qB4UCIoGZQKXFA6SAhuCMoENwZlg5uCcsHNQfnglqBCUDGoFFQObg2qBLcFVYPbg2rBHUH1oEZQM6gV3BnUDu4K6gR3B3WDe4J6wb1B/eC+oEFwf9AweCBoFDwYNA4eCpoEDwdNg2ZB86BF0PIPnd/7k/kfdT11L52ke+s++gXdV/fT/fUAPVC/qAfpl/Rg/bJO1kP0UP2KHqZf1cP1a3qEHqlH6df1aP2GHqPH6nF6vE7RE/RE/aaepN/Sk/UUPVVP06l6up6h39Yz9Sw9W7+j5+h39Vw9T8/XC3Safk8v1It0un5fL9Yf6Ay9RC/Vy/RyvUKv1Kv0ar1Gr9Xr9Hq9QW/Um/RmvUVv1dv0dr1D79Qf6l36I71b79F79cd6n/5E79ef6gP6M31Qf64z9Rf6kP5SH9Zf6SP6a31Uf6OP6W/1cf2dPqG/1yf1KX1an9Fn9Q/6nP5Rn9c+6+I+6+vdKKNMjIkxsSbW5DK5TG6T2+QxeUzEREyciTN5TV6Tz+QzBUwBE2/iTWFT2GQhQ6aIKWKiJmqKmWKmuCluSpqSxhlnEkyCKWPKmLKmrClnypnyprypYCqYSqaSudXcam4zt5nbze3mDnOHqWFqmFqmlqltaps6po6pa+qaeqaeqW/qmwamgWloGppGppFpbBqbJqaJaWqamuamuWlpWppWppVpbVqbtqataWfamfamvUk0iVknseloOppOppPpbDqbLqaL6Wq6mu6mu+lhepiepqdJMkmmj+lj+pq+pr/pbwaagWaQGWQGm8Em2SSboWaoGWaGmeFmuBlhRppRWReq5g0zxow148x4k2JSzEQz0Uwyk8xkM9lMNVNNqkk1M8wMM9PMNLPNbDPHzDFzzVwz38w3aSbNLDQLTbpJN4vNYpNhMsxSs9QsN8vNSrPSrDarzVqz1qyH9Waj2Wg2m81mq9lqtpvtZqfZaXaZXWa32W32mr1mn9ln9pv95oA5YA6agybTZJpD5pA5bA6bI+aIOWqOmmPmmDlujpsT5oQ5aU6a0+a0OWvyX/i+9CbW5rS57BU2t73S5rFX2f8fF7AFbbwtZAtbbfPZ/L+KjbW2uC1hS9pS1tnSNsHe8Ju4gq1oK9nK9lZbxd5mq/4mrm3vsnXs3bauvcfWsnf+Kq5n77X17UO2ASKAbWYb2Ra2sX3INrEP26a2mW1uW9h29nHb3j5hE+2TtoN96jfxQrvIrrZr7Fq7zu62e+xpe8Yetl/Zs/YH29P2sgPti3aQfckOti/bZDvkN/Eo+7odbd+wY+xYO86O/0081U6zqXa6nWHftjPtrN/EafY9O8em27l2np1vF/wUZ9WUbt+3i+0HNsMGsNQus8vtCrvSrvpzrcvsBrvRbrK77Ed2q91mt9sddufFC2G7x+61H9t99hN7yH5pD9jP7EF7xGbaL36Ks/bviP3aHrXf2GP2W3vcfmdP2O/Vxeysff/O/mjPW2+BkIAkKQoohnJQLOWkXHQF5aYrKQ9dRRG6muLoGspL11I+yk8FqCDFUyEqTJoMWSIKqQgVpShdRxfLK0mlyFFpSqAbqAzdSGXpJipHN1N5uoUqUEWqRJXpVqpCt1FVup2q0R1UnWpQTapFd1Jtuovq0N1Ul+6henQv1af7qAHdTw3pAWpED1Jjeoia0MPUlJpRc2pBLekRakWPUmtqQ23pMWpHj1N7eoIS6UnqQE9RR/oTdaKnqTM9Q13oWepK3ag7PUc96HnqSb0oiXpTH3qB+lI/6k8DaCC9SIPoJRpML1MyDaGh9AoNo1dpOL1GI2gkjaLXaTS9QWNoLI2j8ZRCE2givUmT6C2aTFNoKk2jVJpOM+htmkmzaDa9Q3PoXZpL82g+LaA0eo8W0iJKp/dpMX1AGbSEltIyWk4raCWtotW0htbSOlpPG2gjbaLNtIW20jbaTjtoJ31Iu+gj2k17aC99TPvoE9pPn9IB+owO0ueUSV/QIfqSDtNXdIS+vnidRsfpOzpB39NJOkWn6QydpR/oHP1I58kThBiKUIYqDMKYMEcYG+YMc4VXhLnDK8M84VVhJLw6jAuvCfOG14b5wvxhgbBgGB8WCguHOjShDSkMwyJh0TAaXhcWC68Pi4clwpJhqdCFpcOE8IawTHhjWDa8KSwX3hyWD28JK4QVw4fuqRzeGlYJbwurhreH1cI7wuphjbBmWCu8M6wd3hXWCe8O64b3hGXDe8P64X1hg/D+sGH4QNgofDBsHD4UNgkfDpuGzcLmYYuwZfhI2Cp8NGwdtgnbho+F7cLHw/bhE2Fi+GTYIXzqp+X3LvrLy5PC3mGf8IXwhdD7u+X86IJoWvS96MLoomh69P3o4ugH0YzokujS6LLo8uiK6Mroqujq6Jro2ui66ProhujG6Kao97VygEMnnHTKBS7G5XCxLqfL5a5wud2VLo+7ykXc1S7OXePyumtdPpffFXAFXbwr5Ao77YyzjlzoiriiLuquc8Xc9a64K+FKulLOudIuwbVwLV1Lt7UsQGvXxrV1j7nH3OPucfeEe8I96Tq4p1xH9yfXyT3tOrtn3DPuWdfVdXPd3XOuh5uQ5+eDIMn1cX1cX9fX9Xf93UA30A1yg9xgN9glu2Q31A11w9wwN9wNdyPcCDfKjXKj3Wg3xo1x49w4l+JS3EQ30U1yk9xkN9lNdVNdqkt1M9wMN9PNdFVm/byVuW6um+/muzSX5ha6rGvGdLfYLXYZLsMtdUvdcrfcrXQr3Wq32q11a916t95tdBvdZrfZbXVb3Xa33e10O90ut8vt9lf9PKnb5/a7/e6AO+AOus9dpvvCHXJfusPuK3fEfe2Oum/cMfetO+6+cyfc9+6kO+VOuzPurPvBnXM/uvPOu5TIhMjEyJuRSZG3IpMjUyJTI9MiqZHpkRmRtyMzI7MisyPvROZE3o3MjcyLzI8siKRF3ossjCyKpEfejyyOfBDJiCyJLI0siyyPrIh4X2hr6Iv4oj7qr/PF/PW+uC/hS/pS3vnSPsHf4Mv4G31Zf5Mv52/25f0tvoKv6Cv5h31T38w39y18S/+Ib+Uf9a19G9/WP+bb+cd9e/+ET/RP+g7+Kd/R/8l38k/7zv4Z38U/67v6br67f8738M/7nr6XT/K9fR//gu/r+/n+foAf6F/0g/xLfrB/2Sf7IX6of8UP86/64f41P8KP9KNiXvejL94iw3if4if4if5NP8m/5Sf7KX6qn+ZT/XQ/w7/tZ/pZfrZ/x8/x7/q5fp6f7xf4NP+eX+gX+XT/vl/sP/AZfsnFh5J+pV/lV/s1fq1f59f7DX6j3+Q3+y1+q9/mt/sdfqf/0O/yH/ndfo/f6z/2+/wnfr//1B/wn/mD/nOf6b/wh/yX/rD/yh/xX/uj/ht/zH/rj/vv/An/vT/pT/nT/ow/63/w5/yP/jz/nzXGGGOMsb/LhEtD8eslP98m9v6dHPGLlfsAwJXbCmb+cnnWFeX6fD+P+4n4dhEAeLJXlwcuvqpXT0pKurBuhoSg6DyAi38TlCUGLsVLoC08DonQBsr8bv39RLez9Dfmj94MkOsXObFwKb40/6cAmPQ78z/y2KiF5cPTcX9l/nkAxYteyskJl+Il0Pan5yttoOxfqD9/q79Rf87PUgBa/yInN1yKL9WfAI/CU5D4qzUZY4wxxhhjjLGf9ROVOl28/7z4Lz5/7/48Xl3KyQGX4r91f84YY4wxxhhjjLHL7+lu3Z94JDGxTad/fFD1n8r6uwdN4N818x8/yAn/FWX8awPvAS6+owDgX5wQIGsg/5N7seU/sq3kC6fO/1+0/IwP4L+jlf/8YNyf37nMP5gYY4wxxhhjf7hLV/+/fl9droIYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjLFs6D/xe8Uu9z4yxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjl9v/BQAA//+pJfYM")
r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
fchown(r0, 0xffffffffffffffff, 0x0)
getsockopt$XDP_MMAP_OFFSETS(r0, 0x11b, 0x1, 0x0, 0x0)

3.022699866s ago: executing program 6 (id=7466):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r1=>0x0})
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001800)={0x6, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000003000000000400000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r1}, 0x94)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000008c0)=@bpf_ext={0x1c, 0x2, &(0x7f0000000340)=@raw=[@map_fd={0x18, 0x1}], &(0x7f0000000380)='syzkaller\x00', 0x10000, 0x0, 0x0, 0x41100, 0x7c, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xf262, r2, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)

2.942271501s ago: executing program 6 (id=7467):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_DEL_TX_TS(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x30, r1, 0x1, 0x70bd26, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_TSID={0x5, 0xd2, 0xf}]}, 0x30}, 0x1, 0x0, 0x0, 0x8800}, 0x0)

2.846246843s ago: executing program 6 (id=7468):
r0 = socket$inet_sctp(0x2, 0x800000000000001, 0x84)
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_sock_size\x00', 0x2, 0x0)
write$cgroup_int(r1, &(0x7f0000000340)=0x4, 0x12)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, &(0x7f0000000000)={0x1, 'hsr0\x00', 0x1}, 0x18)

2.706086937s ago: executing program 6 (id=7469):
r0 = socket$key(0xf, 0x3, 0x2)
recvmmsg(r0, &(0x7f0000000440), 0x6f5, 0x2000000022, &(0x7f0000000480)={0x77359400})
recvmmsg(r0, &(0x7f0000005c00)=[{{0x0, 0x0, &(0x7f0000002d80)=[{0x0}, {&(0x7f0000000c00)=""/34, 0x22}], 0x2}, 0x8b}], 0x1, 0x2, 0x0)
sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0)

1.826181152s ago: executing program 6 (id=7482):
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x0, 0x0}, &(0x7f0000000140)=0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000140)={0x0, 0x3, 0xe124}, 0x8)

1.637920796s ago: executing program 6 (id=7486):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000980)=ANY=[@ANYBLOB="120100009080e140fc044a500243010203010902120001000000000904"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000b80)={0x84, &(0x7f0000000680)={0x0, 0xe, 0x1, "02"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)

1.247941034s ago: executing program 2 (id=7491):
socket$packet(0x11, 0x3, 0x300)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
fchdir(0xffffffffffffffff)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e04002920"], 0x7)

1.097938325s ago: executing program 2 (id=7492):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000680)={'bridge0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000009c0)=ANY=[@ANYBLOB="7800000055003d0926bd70000200000007000000", @ANYRES32=r2, @ANYBLOB="20000200", @ANYRES32=r2, @ANYBLOB="00010400000000000000000000000000000000008edd000020000100", @ANYRES32=r2, @ANYBLOB="000200006401010200000000000000000000000086dd0000", @ANYRES32=r2, @ANYBLOB="01000200e059000200000000000000000000000008"], 0x78}, 0x1, 0x0, 0x0, 0x4000000}, 0x80)

1.079753442s ago: executing program 2 (id=7493):
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
connect$can_j1939(r0, &(0x7f0000000080)={0x1d, 0x0, 0x0, {0x2, 0xf1, 0xa8fe8ad4eea2351f}, 0x2}, 0x18)

952.148098ms ago: executing program 2 (id=7495):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = dup(r0)
ioctl$TIOCL_SETSEL(r1, 0x541c, &(0x7f0000000100)={0x2, {0x2, 0x13d, 0x0, 0xd6e}})
ioctl$TIOCL_SETSEL(r1, 0x541c, &(0x7f0000001900)={0x2, {0x2, 0x300, 0xfffe, 0x101}})

872.754833ms ago: executing program 1 (id=7497):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'hsr0\x00', <r1=>0x0})
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000140)=0x8, 0x4)
sendto$packet(r0, &(0x7f0000000340)="05030006e8fe091c6202a0ffffffff0060031200100888fb143488a87f43055762cb80948864113b022543424aa608", 0xfef2, 0x0, &(0x7f0000000a80)={0x11, 0x88a8, r1, 0x1, 0x0, 0x6, @multicast}, 0x14)

778.159635ms ago: executing program 2 (id=7498):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000040c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000180)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x5c, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x30, 0x3, 0x0, 0x1, [{0x2c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPR={0x20, 0x7, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0x7}]}}}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x84}, 0x1, 0x0, 0x0, 0x24000850}, 0x4000040)

714.887303ms ago: executing program 7 (id=7499):
munmap(&(0x7f0000002000/0x800000)=nil, 0x800000)
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x68})
ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f00000002c0)={{&(0x7f000074f000/0x3000)=nil, 0x3000}, 0x1})

622.001156ms ago: executing program 1 (id=7500):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r0}, 0xc)

621.484926ms ago: executing program 2 (id=7501):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000090000082502000000000000000109025c00020100f92a0904000001020900000524060001053408fa6e0d240f0100000000000d000a0006"], 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
syz_usb_disconnect(r0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[], 0x0)

617.763725ms ago: executing program 7 (id=7502):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000007c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-512\x00'}, 0x58)
r1 = accept(r0, 0x0, 0x0)
sendmmsg$inet(r1, &(0x7f0000001740)=[{{0x0, 0x0, &(0x7f0000001100)=[{&(0x7f0000001000)='j', 0x1}], 0x1}}], 0x1, 0x40000)

539.21673ms ago: executing program 1 (id=7503):
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000100)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}})
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r0, 0x1000)
getsockopt$inet6_mptcp_buf(r0, 0x11c, 0x2, &(0x7f0000000100)=""/222, &(0x7f0000000000)=0x61637876)

517.315536ms ago: executing program 7 (id=7504):
syz_mount_image$udf(&(0x7f00000000c0), &(0x7f0000000180)='./file1\x00', 0x804000, &(0x7f0000000f00)=ANY=[@ANYBLOB="6c617374626c6f636b3d30303030303030303030303030303030303030302c756d61736b3d30303030303030303030303030303030303030303030302c756e64656c6574652c6c6f6e6761642c73686f727461642c7569643d666f726765742c756e64656c6574652c696f636861727365743d757466382c73686f727461642c696f636861727365743d64656661756c742c7569643d666f726765742c6e6f7374726963742c73657373696f6e3d30303030303030303030303030303030303030302c706172746974696f6e3d30303030303030303030303030303030303030362c00b2e01f5c0b5c8fb2623d8f888e41dfceb3ecf959d23d90b071660660b17884bd109d37086024cf83fa"], 0x2, 0xc2d, &(0x7f00000001c0)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIhRzC8AVSakLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNi2KEmV9Pjb13Z19b+a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cun0mfSwWwEAPEhXRr96+qz7PwA8Vq76/38AAAAAAAAAAAAAADjoUhTxZKSYu7KWxqv3HfXL7b5bt8eGhrevdiRVNQ9V5cuf+pmz585/6YXBC9283J75gPr322fjtdGrlxovz96cm59aWJiabIzNtCdmJ6d2vYe91t/qZHUCGjdfvzV5/fpC4+zz5zZ9fHvg/f4njg9cHHz21DPdsmNDw8OjG0XqveVr99yQjp1meByOIk5Fiue+99PUiogi9n4u6g927Lc6UnXiZNWJsaHhqiPT7dbMYvnhSPdEFBGNnkrN7jnafiyi1vdA+7CzZsRS2fyywSfL7o3OteZb16anGiOt+cX2Ynt2ZiR1Wlv2pxFFXEgRyxGx2n/37vqiiFqk+M6xtXQtIg51z8MXq4nBO7ej2Mc+7kLZzkZfxHLxCIzZAdYfRbwaKX72zomYyNeZ6lrzhYhXy/xBxFtlvhSRyi/G+Yj3tvke8WiqRRF/WY7/xbU0WV0PuteVy19rfGXm+mxP2e515SPeH+66Ujyk+8ORLflgHPBrUz2KaFVX/LV077/ZAQAAAAAAAAAAAAAAAOB+OxJFfCZSvPIff1LNK45qXvqxi4N/OPCrvXPGn/6Q/ZRln4+IpWJ3c3IP54mBI2kkpYc8l/hxVo8i/jTP//vWw24MAAAAAAAAAAAAAAAAAADAY62In0SKF989kZajd03x9syNxtXWtenOqrDdtX+7a6avr6+vN1InmznHcy7lXM65knM1ZxS5fs5mzvGcSzmXc67kXM0Zh3L9nM2c4zmXci7nXMm5mjNquX7OZs7xnEs5l3Ou5FzNGQdk7V4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgI+TIor4RaT49jfWUqSIaEaMRydX+h926wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAUn8q4vuRovFHzTvbahGRqn87TpS/nI/m4TI/Gc3BMl+K5qWcrSprzW89hPazN32piB9Hiv7623cGPI9/X+fdna9BvPXNjXefrXXyUPfDgff7nzh+7OLg8G88vdPrtF0DTl5uz9y63RgbGh4e7dlcy0f/ZM+2gXzc4v50nYhYeOPN11vT01Pz9/6i/Arsofoj9CLVHpeeelG9iNqBaMbD6TuPgfL+/16k+N13/7N7w+/c/+vxK513d+7w8fM/27j/v7h1R7u8/9e21sv3//Kevt39/8mebS/m34301SLqizfn+o5H1BfeePNU+2brxtSNqZnzp09/eXDwy+dO9x2OqF9vT0/1vLovpwsAAAAAAAAAAAAAAADgwUlF/H6kaP14LTUi4nY1X2vg4uCzp545FIeq+Vab5m2/Nnr1UuPl2Ztz81MLC1OTjbGZ9sTs5NRuD1evpnuNDQ3vS2c+1JF9bv+R+suzc2/Mt2/88eK2nx+tX7q2sDjfmtj+4zgSRUSzd8vJqsFjQ8NVo6fbrZmq6si2k+k/ur5UxH9FionzjfT5vC3P/986w3/T/P+lrTvap/n/n+jZVh4zpSJ+Hil+56+ejs9X7Twad52zXO7vIsXJC5/L5eJwWa7bhs5zBTozA8uy/xcp/ukXm8t250M+uVH2zK5P7COiHP9jkeL7f/Hd+M28bfPzH7Yf/6Nbd7RP4/9Uz7ajm55XsOeuk8f/VKR46cm347fytg96/kf32RsncuE7z+fYp/H/VM+2gXzc374/XQcAAAAAAAAAAHik9aUi/j5S/HC4ll7I23bz9/8mt+5on/7+16d7tk3en/WKPvTFnk8qAAAAABwQfamIn0SKG4tv35lDvXn+d8/8z9/bmP85lLZ8Wv05369Vzw24n3/+12sgH3d8790GAAAAAAAAAAAAAAAAAACAAyWlIl7I66mPV/P5J3dcT30lUrzyP8/lcul4Wa67DvxA9Wv9yuzMqUvT07MTrcXWtempxuhca2KqrPtUpFj728/lukW1vnp3vfnOGu8ba7HPR4rhf+iW7azF3l2b/KmNsmfKsp+IFP/9j5vLdtex/tRG2bNl2b+JFF//l+3LHt8oe64s+91I8aOvN7plj5Zlu89H/fRG2ecnZot9GBUAAAAAAAAAAAAAAAAAAAAeN32piD+PFP97c/nOXP68/n9fz9vKW9/sWe9/i9vVOv8D1fr/O72+l/X/q+cKLO10VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HhKUcSbkWLuylpa6S/fd9Qvt2du3R4bGt6+2pFU1TxUlS9/6mfOnjv/pRcGL3Tzg+vfb5+J10avXmq8PHtzbn5qYWFqsjE2056YnZza9R72Wn+rk9UJaNx8/dbk9esLjbPPn9v08e2B9/ufOD5wcfDZU890y44NDQ+P9pSp9d3z0e+Sdth+OIr460jx3Pd+mn7YH1HE3s/Fh3x39tuRqhMnq06MDQ1XHZlut2YWyw9HuieiiGj0VGp2z9EDGIs9aUYslc0vG3yy7N7oXGu+dW16qjHSml9sL7ZnZ0ZSp7VlfxpRxIUUsRwRq/13764ving9Unzn2Fr61/6IQ93z8MUro189fXbndhT72MddKNvZ6ItYLh6BMTvA+qOIf44UP3vnRPxbf0QtOj/xhYhXy/xBxFvRGe9UfjHOR7y3zfeIR1Mtivj/cvwvrqV3+svrQfe6cvlrja/MXJ/tKdu9rjzy94cH6YBfm+pRxI+qK/5a+nf/XQMAAAAAAAAAAAAAAAAcIEX8eqR48d0TqZoffGdOcXvmRuNq69p0Z1pfd+5fd870+vr6eiN1splzPOdSzuWcKzlXc0aR6+dslllfXx/P75dyLudcybmaMw7l+jmbOcdzLuVczrmSczVn1HL9nM2c4zmXci7nXMm5mjMOyNw9AAAAAAAAAAAAAAAAAADg46Wo/knx7W+spfX+zvrS49HJFeuBfuz9MgAA//8hX/ir")
openat(0xffffffffffffff9c, 0x0, 0x183042, 0x15)
setresuid(0x0, 0xee01, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x1050c2, 0xa)

430.08621ms ago: executing program 1 (id=7505):
r0 = syz_io_uring_setup(0x118d, &(0x7f0000000640)={0x0, 0x8d2d3, 0x80, 0xffffffff, 0x404003cd}, &(0x7f00000000c0)=<r1=>0x0, &(0x7f0000000040)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_CLOSE)
io_uring_enter(r0, 0x47f5, 0x0, 0x0, 0x0, 0x0)

319.78868ms ago: executing program 7 (id=7506):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3400000013000100000000000000000007000000", @ANYRES32=r1, @ANYBLOB="000000000000000014001a80100005800c000480080001"], 0x34}}, 0x0)

185.848584ms ago: executing program 7 (id=7507):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_FD_FRAMES(r0, 0x65, 0x5, &(0x7f0000000040)=0x1, 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'lo\x00', <r1=>0x0})
sendmsg$can_raw(r0, &(0x7f0000000000)={&(0x7f0000000580)={0x1d, r1}, 0x10, &(0x7f00000003c0)={&(0x7f0000000400)=@canfd={{0x4, 0x1, 0x1, 0x1}, 0xfd, 0x0, 0x0, 0x0, "cca6f1e10194fd9304e8689818861d84be21875faed70061c5322a4ca48de2c8afc31232034c834cdc4586231d4cd7fcc6c6ad00"}, 0x48}, 0x2, 0x0, 0x0, 0x4}, 0x10044009)

133.267864ms ago: executing program 1 (id=7508):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x74, r1, 0x800, 0x55007}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_DEFAULT_PVID={0x6, 0x27, 0x401}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x0)

21.985684ms ago: executing program 7 (id=7509):
bind$unix(0xffffffffffffffff, 0x0, 0x0)
fsconfig$FSCONFIG_SET_PATH(0xffffffffffffffff, 0x3, 0x0, 0x0, 0xffffffffffffffff)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
syz_usb_connect$uac1(0x0, 0xaa, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902980003010000000904000000010100000a2401000000020102132406040006030000000000000000000000000924030000010000ff0924050000f8431cfd0924030604030204001b240404020904", @ANYBLOB="064c098f20ad41a8ed91f1ee089116851be05b0527ac72c1c87cc3cd88a3db2ab33eb908da8c84eae71806c3194bcfd3885c67befddc1344a5fd8b6b38f53072d6a2ffeea45d88589856e8db979d54ee012c684c2b9fdc56e6fc051537236c28d63bd42b3faa0499902e59eeef76d6f27e36c89935198897437172d01cdad5f3d7e8fc9e"], 0x0)

0s ago: executing program 1 (id=7510):
r0 = open(&(0x7f0000000280)='.\x00', 0x80, 0x122)
fcntl$notify(r0, 0x402, 0x2d)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)

kernel console output (not intermixed with test programs):

number: 177 but max is 0
[  676.278999][   T27] usb 5-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[  676.307318][   T27] usb 5-1: config 8 has no interface number 0
[  676.324216][   T27] usb 5-1: config 8 interface 177 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  676.366604][   T27] usb 5-1: config 8 interface 177 has no altsetting 0
[  676.404463][   T27] usb 5-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1
[  676.433965][   T27] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  676.474413][   T27] ir_toy 5-1:8.177: required endpoints not found
[  676.604242][T21156] loop6: detected capacity change from 0 to 40427
[  676.657126][T21156] F2FS-fs (loop6): Invalid segment/section count (31, 24 x 1)
[  676.664658][T21156] F2FS-fs (loop6): Can't find valid F2FS filesystem in 2th superblock
[  676.693358][T21156] F2FS-fs (loop6): invalid crc value
[  676.702751][T21156] F2FS-fs (loop6): Ignore s_resuid=0, s_resgid=60928 w/o reserve_root
[  676.733232][T21156] F2FS-fs (loop6): Found nat_bits in checkpoint
[  676.738539][T12629] usb 5-1: USB disconnect, device number 26
[  676.806711][   T27] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[  676.886976][T21156] F2FS-fs (loop6): Try to recover 2th superblock, ret: 0
[  676.905644][T21156] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  677.019699][   T27] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  677.045388][   T27] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  677.072820][   T27] usb 2-1: config 0 descriptor??
[  677.110555][   T27] cp210x 2-1:0.0: cp210x converter detected
[  677.208442][T20744] syz-executor: attempt to access beyond end of device
[  677.208442][T20744] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  677.215906][T21196] overlayfs: upper fs does not support tmpfile.
[  677.275715][T20744] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  677.522681][   T27] cp210x 2-1:0.0: failed to get vendor val 0x000e size 3: -32
[  677.559356][   T27] usb 2-1: cp210x converter now attached to ttyUSB0
[  677.792918][T12629] usb 2-1: USB disconnect, device number 47
[  677.823439][T12629] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  677.862018][T12629] cp210x 2-1:0.0: device disconnected
[  678.235481][T21219] loop2: detected capacity change from 0 to 2048
[  678.347757][T21219] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  678.530891][T21219] EXT4-fs (loop2): Online defrag not supported with bigalloc
[  678.636409][T18065] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  678.836633][T14829] usb 2-1: new full-speed USB device number 48 using dummy_hcd
[  678.950154][T21217] loop6: detected capacity change from 0 to 40427
[  679.001833][T21217] F2FS-fs (loop6): Invalid SB checksum offset: 0
[  679.013127][T21217] F2FS-fs (loop6): Can't find valid F2FS filesystem in 2th superblock
[  679.028442][T14829] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  679.047356][T14829] usb 2-1: New USB device found, idVendor=0eef, idProduct=72c4, bcdDevice= 0.00
[  679.067290][T14829] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  679.076732][T21217] F2FS-fs (loop6): invalid crc value
[  679.099243][T14829] usb 2-1: config 0 descriptor??
[  679.124753][   T28] audit: type=1800 audit(1772732314.901:253): pid=21237 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz.2.5864" name="/newroot/210/bus/#1123//deleted" dev="tmpfs" ino=1123 res=0 errno=0
[  679.165127][T14829] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  679.323819][T21217] F2FS-fs (loop6): Try to recover 2th superblock, ret: 0
[  679.358200][T21217] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  679.445967][T21230] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  679.483275][T21230] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  679.547945][T14829] usb 2-1: USB disconnect, device number 48
[  679.646138][T20744] syz-executor: attempt to access beyond end of device
[  679.646138][T20744] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  679.681930][T20744] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  680.136608][T14829] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[  680.360614][T14829] usb 2-1: config index 0 descriptor too short (expected 89, got 36)
[  680.386773][T14829] usb 2-1: config 4 has an invalid interface number: 147 but max is 0
[  680.406619][T14829] usb 2-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  680.436659][T14829] usb 2-1: config 4 has no interface number 0
[  680.449077][T14829] usb 2-1: New USB device found, idVendor=08fd, idProduct=0002, bcdDevice=8e.6e
[  680.465193][T14829] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  680.500184][T14829] usb 2-1: Product: syz
[  680.504409][T14829] usb 2-1: Manufacturer: syz
[  680.543827][T14829] usb 2-1: SerialNumber: syz
[  680.682635][T21298] netlink: 48 bytes leftover after parsing attributes in process `syz.6.5880'.
[  680.789539][T14829] usbhid 2-1:4.147: couldn't find an input interrupt endpoint
[  680.820359][T14829] usb 2-1: USB disconnect, device number 49
[  681.259418][T21311] loop6: detected capacity change from 0 to 512
[  681.303170][T21311] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  681.407078][T21311] EXT4-fs (loop6): 1 orphan inode deleted
[  681.421587][T21311] EXT4-fs (loop6): 1 truncate cleaned up
[  681.455360][T21311] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  681.490768][T21311] EXT4-fs error (device loop6): ext4_search_dir:1549: inode #12: block 7: comm syz.6.5885: bad entry in directory: directory entry overrun - offset=0, inode=13, rec_len=784, size=56 fake=0
[  681.560080][T21311] EXT4-fs (loop6): Remounting filesystem read-only
[  681.648675][T20744] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  682.295737][T21339] openvswitch: netlink: Actions may not be safe on all matching packets
[  682.362763][T21337] loop6: detected capacity change from 0 to 8192
[  682.787855][T21356] netlink: 1128 bytes leftover after parsing attributes in process `syz.6.5898'.
[  682.825960][T21356] bond0: (slave macvlan2): Error -98 calling set_mac_address
[  684.233095][T21401] loop2: detected capacity change from 0 to 128
[  684.287735][T21401] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  684.325642][T21401] ext4 filesystem being mounted at /227/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  684.593246][T18065] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  684.790873][T21418] input: syz0 as /devices/virtual/input/input58
[  685.118061][T21426] loop4: detected capacity change from 0 to 1024
[  685.206620][   T28] audit: type=1800 audit(1772732320.971:254): pid=21426 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.5925" name="file1" dev="loop4" ino=2 res=0 errno=0
[  685.214231][T21411] loop6: detected capacity change from 0 to 40427
[  685.324517][T21411] F2FS-fs (loop6): heap/no_heap options were deprecated
[  685.362446][T21411] F2FS-fs (loop6): build fault injection attr: rate: 19, type: 0x7ffff
[  685.394087][T21411] F2FS-fs (loop6): build fault injection attr: rate: 0, type: 0x77e8c
[  685.439446][T21411] F2FS-fs (loop6): invalid crc value
[  685.480115][T21411] F2FS-fs (loop6): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_ra_meta_pages+0x21d/0x9b0
[  685.502972][T21411] F2FS-fs (loop6): Found nat_bits in checkpoint
[  685.553536][T21440] loop4: detected capacity change from 0 to 128
[  685.566292][T21411] F2FS-fs (loop6): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_bio+0x134/0x650
[  685.580766][T21440] VFS: Found a Xenix FS (block size = 1024) on device loop4
[  685.637412][T21440] sysv_count_free_blocks: >flc_size entries in free-list block
[  685.650620][    C1] F2FS-fs (loop6): inject read IO error in f2fs_read_end_io of blk_update_request+0x597/0xe40
[  685.660581][T21442] bond1: entered promiscuous mode
[  685.726763][T21411] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  685.805359][T21440] sysv_count_free_inodes: unable to read inode table
[  685.821518][T21440] sysv_count_free_blocks: >flc_size entries in free-list block
[  685.855926][T21440] sysv_count_free_inodes: unable to read inode table
[  685.979171][T18754] sysv_free_block: flc_count > flc_size
[  685.993882][T18754] sysv_free_block: flc_count > flc_size
[  686.037353][T18754] sysv_free_block: flc_count > flc_size
[  686.042983][T18754] sysv_free_block: flc_count > flc_size
[  686.076647][T18754] sysv_free_block: flc_count > flc_size
[  686.082251][T18754] sysv_free_block: flc_count > flc_size
[  686.095519][T18754] sysv_free_block: flc_count > flc_size
[  686.115233][T18754] sysv_free_block: flc_count > flc_size
[  686.115902][ T1282] ieee802154 phy0 wpan0: encryption failed: -22
[  686.133268][T18754] sysv_free_block: flc_count > flc_size
[  686.136575][ T1282] ieee802154 phy1 wpan1: encryption failed: -22
[  686.146000][T18754] sysv_free_block: flc_count > flc_size
[  686.153541][T18754] sysv_free_inode: inode 0,1,2 or nonexistent inode
[  686.190672][T21456] ������: renamed from vlan0 (while UP)
[  686.467513][T21465] loop4: detected capacity change from 0 to 512
[  686.503592][T21465] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  686.570106][T21465] EXT4-fs (loop4): 1 orphan inode deleted
[  686.575899][T21465] EXT4-fs (loop4): 1 truncate cleaned up
[  686.586347][T21465] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  686.627976][T21465] EXT4-fs error (device loop4): ext4_search_dir:1549: inode #12: block 7: comm syz.4.5940: bad entry in directory: directory entry overrun - offset=0, inode=13, rec_len=784, size=56 fake=0
[  686.705648][T21465] EXT4-fs (loop4): Remounting filesystem read-only
[  686.822542][T18754] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  686.854646][T21480] netlink: 1128 bytes leftover after parsing attributes in process `syz.2.5945'.
[  686.891957][T21480] bond0: (slave macvlan3): Error -98 calling set_mac_address
[  687.225946][T21489] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5949'.
[  687.354058][T21489] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5949'.
[  687.606799][T21489] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5949'.
[  687.702651][T21474] loop6: detected capacity change from 0 to 40427
[  687.744433][T21474] F2FS-fs (loop6): build fault injection attr: rate: 0, type: 0x35f7
[  687.773341][T21474] F2FS-fs (loop6): build fault injection attr: rate: 690, type: 0x7ffff
[  687.792113][T21474] F2FS-fs (loop6): Image doesn't support compression
[  687.823190][T21474] F2FS-fs (loop6): invalid crc value
[  687.830664][T21474] F2FS-fs (loop6): Found nat_bits in checkpoint
[  687.965967][T21474] F2FS-fs (loop6): Start checkpoint disabled!
[  688.007979][T21474] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6
[  688.335221][ T1144] kworker/u4:8: attempt to access beyond end of device
[  688.335221][ T1144] loop6: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  688.372174][ T1144] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  688.387946][ T1144] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  689.747593][T21553] loop6: detected capacity change from 0 to 64
[  689.822156][T21553] BFS-fs: bfs_readdir(): Bad f_pos=00000002 for loop6:00000002
[  690.077635][   T27] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  690.289441][   T27] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  690.304989][   T27] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  690.341863][   T27] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  690.356606][   T27] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  690.371129][   T27] usb 5-1: SerialNumber: syz
[  690.389297][T21571] netlink: 1128 bytes leftover after parsing attributes in process `syz.1.5979'.
[  690.425307][T21571] bond0: (slave macvlan3): Error -98 calling set_mac_address
[  690.440927][T21573] ������: renamed from vlan0 (while UP)
[  690.586829][ T5773] Bluetooth: hci0: command tx timeout
[  690.610686][   T27] usb 5-1: 0:2 : does not exist
[  690.632877][   T27] usb 5-1: USB disconnect, device number 27
[  690.677944][T21578] loop2: detected capacity change from 0 to 1024
[  690.685404][T21578] EXT4-fs: Ignoring removed i_version option
[  690.726671][T21578] EXT4-fs: inline encryption not supported
[  690.754313][T18325] udevd[18325]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  690.778292][T21578] EXT4-fs (loop2): Test dummy encryption mode enabled
[  690.838480][T21578] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  690.889293][T21586] loop6: detected capacity change from 0 to 64
[  690.913522][T21586] hfs: unable to locate alternate MDB
[  690.923033][T21586] hfs: continuing without an alternate MDB
[  690.995746][T18065] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  691.994090][T21618] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5996'.
[  692.172756][T21592] loop2: detected capacity change from 0 to 32768
[  692.288984][T21592] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  692.472302][T21614] loop4: detected capacity change from 0 to 32768
[  692.562571][T21592] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  692.683999][T21592] XFS (loop2): Starting recovery (logdev: internal)
[  692.836645][T21592] XFS (loop2): Ending recovery (logdev: internal)
[  692.903399][T21592] XFS (loop2): Quotacheck needed: Please wait.
[  692.979124][T21612] loop6: detected capacity change from 0 to 32768
[  693.037748][T21612] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop6 scanned by syz.6.5995 (21612)
[  693.070428][T21592] XFS (loop2): Quotacheck: Done.
[  693.094522][T21612] BTRFS info (device loop6): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  693.105255][T21612] BTRFS info (device loop6): using crc32c (crc32c-intel) checksum algorithm
[  693.122669][T21612] BTRFS info (device loop6): max_inline at 6
[  693.133673][T21612] BTRFS info (device loop6): enabling disk space caching
[  693.159083][T21612] BTRFS info (device loop6): turning off barriers
[  693.165573][T21612] BTRFS info (device loop6): disabling tree log
[  693.223915][T21612] BTRFS info (device loop6): force clearing of disk cache
[  693.244357][T21612] BTRFS info (device loop6): setting incompat feature flag for COMPRESS_LZO (0x8)
[  693.291281][T21612] BTRFS info (device loop6): force lzo compression, level 0
[  693.318493][T21612] BTRFS info (device loop6): enabling tree log
[  693.324763][T21612] BTRFS info (device loop6): max_inline at 0
[  693.364536][T21612] BTRFS info (device loop6): disk space caching is enabled
[  693.412030][T18065] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  693.615147][T21612] BTRFS info (device loop6): enabling ssd optimizations
[  693.641645][T21612] BTRFS info (device loop6): rebuilding free space tree
[  693.692830][T21612] BTRFS info (device loop6): disabling free space tree
[  693.738819][T21612] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  693.766624][T21612] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  694.084578][T20744] BTRFS info (device loop6): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  694.203153][T21691] loop4: detected capacity change from 0 to 512
[  694.303295][T21691] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem
[  694.380713][T21691] EXT4-fs (loop4): orphan cleanup on readonly fs
[  694.421769][T21691] EXT4-fs error (device loop4): mb_free_blocks:1952: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt.
[  694.492638][T21691] EXT4-fs (loop4): Remounting filesystem read-only
[  694.612758][T21691] EXT4-fs (loop4): 1 truncate cleaned up
[  694.646886][T21691] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  694.916666][T18754] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  695.169274][T21709] loop4: detected capacity change from 0 to 2048
[  695.284643][T21712] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  695.395490][T21709] NILFS (loop4): unrecognized mount option "��������������18446744073709551615�����@�LqE�:��� �艞�t}�0��$�"
[  695.559807][T21721] netlink: 60 bytes leftover after parsing attributes in process `syz.1.6017'.
[  695.727329][T21724] loop2: detected capacity change from 0 to 128
[  695.760167][T21724] EXT4-fs: Ignoring removed nobh option
[  695.822624][T21724] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  695.856946][T21724] ext4 filesystem being mounted at /252/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  695.997867][T21731] tap0: tun_chr_ioctl cmd 1074025677
[  696.003392][T21731] tap0: linktype set to 805
[  696.045185][T21724] EXT4-fs warning (device loop2): __ext4_ioctl:1260: Setting inode version is not supported with metadata_csum enabled.
[  696.184081][T18065] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  696.240096][T21704] loop6: detected capacity change from 0 to 40427
[  696.273802][T21704] F2FS-fs (loop6): build fault injection attr: rate: 690, type: 0x7ffff
[  696.287122][T21704] F2FS-fs (loop6): Image doesn't support compression
[  696.293994][T21704] F2FS-fs (loop6): Image doesn't support compression
[  696.327278][T21744] loop2: detected capacity change from 0 to 1024
[  696.379653][T21704] F2FS-fs (loop6): invalid crc value
[  696.411189][T21704] F2FS-fs (loop6): Found nat_bits in checkpoint
[  696.461931][T21744] hfsplus: request for non-existent node 16777216 in B*Tree
[  696.476633][   T28] audit: type=1800 audit(1772732332.241:255): pid=21744 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.6023" name="file1" dev="loop2" ino=20 res=0 errno=0
[  696.517603][T21744] hfsplus: request for non-existent node 16777216 in B*Tree
[  696.586808][T21704] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  696.677677][   T28] audit: type=1800 audit(1772732332.461:256): pid=21704 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.6015" name="file1" dev="loop6" ino=10 res=0 errno=0
[  696.898612][T20744] syz-executor: attempt to access beyond end of device
[  696.898612][T20744] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  696.957036][T20744] F2FS-fs (loop6): Remounting filesystem read-only
[  697.531635][T21773] loop2: detected capacity change from 0 to 256
[  697.681223][T21773] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x99a53fd9, utbl_chksum : 0xe619d30d)
[  697.967186][T21785] mkiss: ax0: crc mode is auto.
[  698.416720][   T51] Bluetooth: hci1: command 0x0406 tx timeout
[  698.785801][T21823] sctp: [Deprecated]: syz.4.6049 (pid 21823) Use of struct sctp_assoc_value in delayed_ack socket option.
[  698.785801][T21823] Use struct sctp_sack_info instead
[  698.978455][T21829] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6051'.
[  699.152255][T21826] loop2: detected capacity change from 0 to 8192
[  699.181961][T21836] netlink: 'syz.1.6053': attribute type 10 has an invalid length.
[  699.213108][T21826] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  699.236776][T21836] netlink: 152 bytes leftover after parsing attributes in process `syz.1.6053'.
[  699.291694][T21836] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  699.320519][T21826] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal
[  699.381738][T21826] REISERFS (device loop2): using ordered data mode
[  699.407750][T21826] reiserfs: using flush barriers
[  699.440164][T21826] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  699.533041][T21826] REISERFS (device loop2): checking transaction log (loop2)
[  699.808389][T21826] REISERFS (device loop2): Using tea hash to sort names
[  699.815786][T21826] REISERFS warning (device loop2): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 4) not found (pos 2)
[  699.872642][T21826] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
[  700.158589][T21855] REISERFS warning (device loop2): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 5) not found (pos 2)
[  700.242138][T21826] REISERFS warning (device loop2): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 4) not found (pos 2)
[  700.293180][T21831] loop4: detected capacity change from 0 to 40427
[  700.325483][T21831] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  700.343643][T21831] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  700.405542][T21831] F2FS-fs (loop4): invalid crc value
[  700.437009][T21831] F2FS-fs (loop4): Found nat_bits in checkpoint
[  700.664191][T21831] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  700.671775][ T5773] Bluetooth: hci2: ISO packet too small
[  700.681752][T21831] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  701.089084][T21882] loop6: detected capacity change from 0 to 64
[  701.271260][T20744] hfs: request for non-existent node 131072 in B*Tree
[  702.099920][T21881] loop2: detected capacity change from 0 to 32768
[  702.208878][T21881] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  702.458074][T21881] XFS (loop2): Ending clean mount
[  702.500083][T21881] XFS (loop2): Quotacheck needed: Please wait.
[  702.778513][T21881] XFS (loop2): Quotacheck: Done.
[  702.970954][T21929] loop4: detected capacity change from 0 to 128
[  703.354001][T18065] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  703.427557][T12629] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[  703.439410][T21935] loop4: detected capacity change from 0 to 4096
[  703.482833][T21935] ntfs3: loop4: Different NTFS sector size (1024) and media sector size (512).
[  703.534553][    C1] vkms_vblank_simulate: vblank timer overrun
[  703.615404][    C1] vkms_vblank_simulate: vblank timer overrun
[  703.622884][T12629] usb 2-1: Using ep0 maxpacket: 16
[  703.657209][T12629] usb 2-1: config 0 has an invalid interface number: 251 but max is 0
[  703.665493][T12629] usb 2-1: config 0 has no interface number 0
[  703.702543][T12629] usb 2-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  703.747750][T12629] usb 2-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  703.824120][T12629] usb 2-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  703.834780][T12629] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  703.874506][T12629] usb 2-1: Product: syz
[  703.878925][T12629] usb 2-1: Manufacturer: syz
[  703.883582][T12629] usb 2-1: SerialNumber: syz
[  703.903932][T12629] usb 2-1: config 0 descriptor??
[  703.917452][T21932] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  703.924787][T21932] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  703.946927][T21945] loop6: detected capacity change from 0 to 512
[  704.080332][T21947] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6080'.
[  704.091637][T21945] EXT4-fs (loop6): 1 orphan inode deleted
[  704.105275][T21945] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  704.118407][   T12] Quota error (device loop6): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  704.137735][T21945] ext4 filesystem being mounted at /56/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  704.148684][   T12] EXT4-fs error (device loop6): ext4_release_dquot:6985: comm kworker/u4:1: Failed to release dquot type 1
[  704.207547][T21932] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  704.222533][T21932] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  704.235784][T20744] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  704.863333][T12629] asix 2-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  704.877182][T12629] asix 2-1:0.251 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9
[  704.890986][T12629] asix: probe of 2-1:0.251 failed with error -71
[  704.902778][T12629] usb 2-1: USB disconnect, device number 50
[  705.454545][T21955] loop6: detected capacity change from 0 to 1024
[  705.533404][   T28] audit: type=1800 audit(1772732341.311:257): pid=21955 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.6083" name="file1" dev="loop6" ino=20 res=0 errno=0
[  705.571529][T21955] hfsplus: request for non-existent node 16777216 in B*Tree
[  705.608521][T21955] hfsplus: request for non-existent node 16777216 in B*Tree
[  705.647762][ T5773] Bluetooth: hci0: ISO packet too small
[  706.019916][T21971] loop6: detected capacity change from 0 to 1024
[  706.138969][T21971] EXT4-fs (loop6): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  706.246711][T21971] ext4 filesystem being mounted at /58/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  706.366766][    C1] vkms_vblank_simulate: vblank timer overrun
[  706.395354][T21971] EXT4-fs error (device loop6): ext4_map_blocks:718: inode #15: comm syz.6.6087: lblock 0 mapped to illegal pblock 0 (length 1)
[  706.422357][   T28] audit: type=1800 audit(1772732342.171:258): pid=21971 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.6087" name="file1" dev="loop6" ino=15 res=0 errno=0
[  706.516670][T21971] EXT4-fs (loop6): Remounting filesystem read-only
[  706.676768][T20744] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  706.676973][T21961] loop4: detected capacity change from 0 to 131072
[  706.697470][T21961] F2FS-fs (loop4): Invalid log sectorsize (67108873)
[  706.704232][T21961] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  706.716253][T21961] F2FS-fs (loop4): invalid crc value
[  706.766830][T21961] F2FS-fs (loop4): Found nat_bits in checkpoint
[  706.846246][T21961] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  706.853435][T21961] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  707.607283][T21997] loop6: detected capacity change from 0 to 64
[  707.645979][T21997] hfs: unable to locate alternate MDB
[  707.656118][T21997] hfs: continuing without an alternate MDB
[  707.666577][   T23] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[  707.889528][   T23] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  707.914192][   T23] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  707.946840][   T23] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  707.969698][   T23] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  707.986580][   T23] usb 3-1: SerialNumber: syz
[  708.067455][T22003] loop6: detected capacity change from 0 to 128
[  708.220393][   T23] usb 3-1: 0:2 : does not exist
[  708.266860][   T23] usb 3-1: USB disconnect, device number 45
[  708.350467][T22007] erspan0: entered promiscuous mode
[  708.382499][T18325] udevd[18325]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  708.585918][T22017] loop4: detected capacity change from 0 to 1764
[  709.240187][T22044] netlink: 76 bytes leftover after parsing attributes in process `syz.4.6117'.
[  709.522044][T22052] netdevsim netdevsim4 netdevsim0: entered promiscuous mode
[  709.748000][T22042] loop2: detected capacity change from 0 to 32768
[  709.805327][T22042] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  709.903673][T22042] XFS (loop2): Ending clean mount
[  710.094355][T18065] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  710.131245][T22060] loop4: detected capacity change from 0 to 32768
[  710.337142][T22060] JBD2: Ignoring recovery information on journal
[  710.414437][T22060] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  710.942777][T22083] input input59: cannot allocate more than FF_MAX_EFFECTS effects
[  710.951116][T18754] ocfs2: Unmounting device (7,4) on (node local)
[  711.091270][T22087] loop2: detected capacity change from 0 to 128
[  711.115892][T22087] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  711.157615][T22087] hpfs: filesystem error: improperly stopped
[  711.163738][T22087] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  711.174870][T22087] hpfs: You really don't want any checks? You are crazy...
[  711.184771][T22087] hpfs: hpfs_map_sector(): read error
[  711.190581][T22087] hpfs: code page support is disabled
[  711.201701][T22087] hpfs: hpfs_map_4sectors(): unaligned read
[  711.211423][T22087] hpfs: hpfs_map_4sectors(): unaligned read
[  711.218986][T22087] hpfs: filesystem error: unable to find root dir
[  711.410439][T22093] Falling back ldisc for ttyS3.
[  711.426869][T22094] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6135'.
[  711.901017][T22109] loop4: detected capacity change from 0 to 164
[  712.373260][T22125] loop4: detected capacity change from 0 to 4096
[  712.384833][T22125] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512).
[  712.437787][T22125] ntfs3: loop4: Mark volume as dirty due to NTFS errors
[  712.571171][   T28] audit: type=1800 audit(1772732349.346:259): pid=22125 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.6149" name="file1" dev="loop4" ino=29 res=0 errno=0
[  713.026743][T22152] x_tables: ip_tables: sctp match: only valid for protocol 132
[  713.180294][   T28] audit: type=1326 audit(1772732349.956:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22157 comm="syz.1.6163" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4fb219c799 code=0x0
[  713.277048][T12629] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  713.312063][T22165] loop6: detected capacity change from 0 to 64
[  713.487669][T12629] usb 5-1: Using ep0 maxpacket: 8
[  713.499221][T12629] usb 5-1: unable to get BOS descriptor or descriptor too short
[  713.509454][T12629] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7
[  713.521029][T12629] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  713.542294][T12629] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid maxpacket 65535, setting to 1024
[  713.572633][T12629] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0xC has invalid maxpacket 1024
[  713.621576][T12629] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[  713.639434][T12629] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  713.666523][T12629] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[  713.679090][T12629] usb 5-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84
[  713.696511][T12629] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  713.704537][T12629] usb 5-1: Product: syz
[  713.726638][T12629] usb 5-1: Manufacturer: syz
[  713.731275][T12629] usb 5-1: SerialNumber: syz
[  713.748045][T12629] usb 5-1: config 0 descriptor??
[  713.757388][T22151] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  713.783097][T12629] usb 5-1: Quirk or no altest; falling back to MIDI 1.0
[  713.862955][T12629] snd-usb-audio: probe of 5-1:0.0 failed with error -12
[  713.919418][T18393] udevd[18393]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  714.006189][T12629] usb 5-1: USB disconnect, device number 28
[  714.514561][T22185] tipc: Started in network mode
[  714.524511][T22185] tipc: Node identity f_get_cu, cluster identity 4711
[  714.545137][T22185] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  715.043037][    C1] vkms_vblank_simulate: vblank timer overrun
[  715.391395][T22213] netlink: 'syz.4.6186': attribute type 3 has an invalid length.
[  715.404213][T22213] netlink: 'syz.4.6186': attribute type 3 has an invalid length.
[  715.413009][ T5824] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  715.503941][ T5773] Bluetooth: hci1: ISO packet too small
[  715.581811][T22218] loop4: detected capacity change from 0 to 4096
[  715.599987][ T5824] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  715.613748][ T5824] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  715.629892][ T5824] usb 3-1: config 0 descriptor??
[  715.645048][ T5824] cp210x 3-1:0.0: cp210x converter detected
[  715.655797][T22219] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  715.705323][T22218] NILFS (loop4): nilfs_palloc_commit_free_entry (ino=6): entry number 15 already freed
[  716.057734][ T5824] cp210x 3-1:0.0: failed to get vendor val 0x000e size 3: -32
[  716.163955][T22232] loop4: detected capacity change from 0 to 256
[  716.185224][T22232] exfat: Deprecated parameter 'utf8'
[  716.196990][T22232] exfat: Deprecated parameter 'utf8'
[  716.202633][T22232] exfat: Deprecated parameter 'utf8'
[  716.225264][T22232] exFAT-fs (loop4): failed to load upcase table (idx : 0x00011f3f, chksum : 0x96b62a4c, utbl_chksum : 0xe619d30d)
[  716.271772][ T5824] cp210x 3-1:0.0: failed to get vendor val 0x370c size 15: -71
[  716.291828][ T5824] cp210x 3-1:0.0: GPIO initialisation failed: -71
[  716.317323][ T5824] usb 3-1: cp210x converter now attached to ttyUSB0
[  716.352701][ T5824] usb 3-1: USB disconnect, device number 46
[  716.372766][ T5824] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  716.397822][ T5824] cp210x 3-1:0.0: device disconnected
[  716.659141][T22244] loop4: detected capacity change from 0 to 512
[  716.689632][T22244] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  716.715204][T22244] ext4 filesystem being mounted at /283/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  716.821433][T18754] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  718.151932][T22255] loop2: detected capacity change from 0 to 131072
[  718.196332][T22255] F2FS-fs (loop2): Wrong CP boundary, start(512) end(1536) blocks(0)
[  718.204656][T22255] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  718.236960][T22255] F2FS-fs (loop2): invalid crc value
[  718.303760][T22255] F2FS-fs (loop2): Found nat_bits in checkpoint
[  718.354737][T22255] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  718.362049][T22255] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[  719.618928][T22270] loop6: detected capacity change from 0 to 40427
[  719.640251][T22270] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12
[  719.672002][T22270] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  719.706117][T22270] F2FS-fs (loop6): invalid crc value
[  719.784862][T22270] F2FS-fs (loop6): Found nat_bits in checkpoint
[  719.839757][T22289] loop4: detected capacity change from 0 to 256
[  719.956174][T22270] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[  719.985341][T22270] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  720.825957][T22311] netlink: 27 bytes leftover after parsing attributes in process `syz.4.6225'.
[  720.905179][T22313] netlink: 'syz.1.6226': attribute type 15 has an invalid length.
[  721.135409][T22323] program syz.2.6230 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  721.251623][T22325] binder: 22324:22325 ioctl c0306201 200000000080 returned -14
[  721.322437][T22329] loop2: detected capacity change from 0 to 128
[  721.957956][T22348] syz.2.6241[22348] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  721.958087][T22348] syz.2.6241[22348] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  722.055747][T22352] loop2: detected capacity change from 0 to 256
[  722.074919][T22352] exfat: Deprecated parameter 'namecase'
[  722.084777][T22352] exfat: Deprecated parameter 'namecase'
[  722.132167][T22352] exFAT-fs (loop2): failed to load upcase table (idx : 0x00000c00, chksum : 0x54b6a122, utbl_chksum : 0xe619d30d)
[  722.276628][T12629] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  722.373965][T22361] loop2: detected capacity change from 0 to 1024
[  722.457979][T22361] hfsplus: invalid extended attribute record
[  722.483978][T22361] hfsplus: catalog searching failed
[  722.507453][T12629] usb 5-1: Using ep0 maxpacket: 16
[  722.518555][T12629] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  722.531981][T12629] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  722.534809][ T1072] hfsplus: b-tree write err: -5, ino 8
[  722.552045][T12629] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  722.613306][T12629] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  722.626949][T12629] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  722.666480][T12629] usb 5-1: config 0 descriptor??
[  723.055214][T22369] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6250'.
[  723.101846][T12629] microsoft 0003:045E:07DA.0044: ignoring exceeding usage max
[  723.117571][T12629] microsoft 0003:045E:07DA.0044: unsupported Resolution Multiplier 0
[  723.126873][ T5806] usb 3-1: new high-speed USB device number 47 using dummy_hcd
[  723.128994][T12629] microsoft 0003:045E:07DA.0044: implement() called with n (152) > 32! (kworker/1:5)
[  723.312308][T12629] microsoft 0003:045E:07DA.0044: No inputs registered, leaving
[  723.320507][ T5806] usb 3-1: New USB device found, idVendor=2c42, idProduct=1602, bcdDevice=da.64
[  723.333316][T12629] microsoft 0003:045E:07DA.0044: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0
[  723.336536][ T5806] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  723.362892][T12629] microsoft 0003:045E:07DA.0044: no inputs found
[  723.369309][ T5806] usb 3-1: Product: syz
[  723.370694][ T5806] usb 3-1: Manufacturer: syz
[  723.384634][T12629] microsoft 0003:045E:07DA.0044: could not initialize ff, continuing anyway
[  723.392440][ T5806] usb 3-1: SerialNumber: syz
[  723.414140][T12629] usb 5-1: USB disconnect, device number 29
[  723.421582][ T5806] usb 3-1: config 0 descriptor??
[  723.467236][ T5806] hub 3-1:0.0: bad descriptor, ignoring hub
[  723.482713][T22372] fido_id[22372]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  723.485207][ T5806] hub: probe of 3-1:0.0 failed with error -5
[  723.533463][ T5806] f81232 3-1:0.0: f81534a converter detected
[  723.661054][ T5806] usb 3-1: f81534a converter now attached to ttyUSB0
[  723.786763][T22374] netlink: 'syz.1.6252': attribute type 3 has an invalid length.
[  723.802747][T22374] netlink: 'syz.1.6252': attribute type 3 has an invalid length.
[  724.047478][T12629] usb 3-1: USB disconnect, device number 47
[  724.069263][T12629] f81534a ttyUSB0: f81534a converter now disconnected from ttyUSB0
[  724.101497][T12629] f81232 3-1:0.0: device disconnected
[  724.565673][  T967] usb 5-1: new full-speed USB device number 30 using dummy_hcd
[  724.598999][T22396] loop2: detected capacity change from 0 to 512
[  724.637516][T22396] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  724.651545][T22396] EXT4-fs (loop2): 1 truncate cleaned up
[  724.658298][T22394] loop6: detected capacity change from 0 to 4096
[  724.663409][T22396] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  724.692084][   T28] audit: type=1800 audit(1772732361.466:261): pid=22396 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.6262" name="file1" dev="loop2" ino=15 res=0 errno=0
[  724.750092][T18065] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  724.761346][  T967] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  724.772681][  T967] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  724.775147][T22399] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  724.783430][  T967] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  724.914197][  T967] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  724.959077][  T967] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  724.996052][  T967] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  725.024778][  T967] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  725.036263][  T967] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  725.056020][  T967] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  725.074000][  T967] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  725.093453][  T967] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  725.112103][  T967] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  725.136259][  T967] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  725.156124][  T967] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  725.175538][  T967] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  725.195230][  T967] usb 5-1: New USB device found, idVendor=04b4, idProduct=0000, bcdDevice= 0.00
[  725.205770][  T967] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  725.229903][  T967] usb 5-1: config 0 descriptor??
[  725.307186][T22405] netlink: 284 bytes leftover after parsing attributes in process `syz.1.6265'.
[  725.432141][T22407] netlink: 76 bytes leftover after parsing attributes in process `syz.6.6266'.
[  725.469778][T22407] netlink: 528 bytes leftover after parsing attributes in process `syz.6.6266'.
[  725.546205][T22401] loop2: detected capacity change from 0 to 32768
[  725.651846][T22401] syz.2.6263: attempt to access beyond end of device
[  725.651846][T22401] loop2: rw=1, sector=4680032, nr_sectors = 8 limit=32768
[  725.676154][  T967] hid-generic 0003:04B4:0000.0045: unbalanced delimiter at end of report description
[  725.686208][T22401] metapage_write_end_io: I/O error
[  725.701608][  T967] hid-generic: probe of 0003:04B4:0000.0045 failed with error -22
[  725.701983][T22401] blkno = 8ed2c, nblocks = 1
[  725.718093][T22401] ERROR: (device loop2): dbUpdatePMap: blocks are outside the map
[  725.718093][T22401] 
[  725.759445][T22401] ERROR: (device loop2): remounting filesystem as read-only
[  725.868509][  T111] blkno = 8ed2c, nblocks = 4
[  725.873274][  T111] ERROR: (device loop2): dbUpdatePMap: blocks are outside the map
[  725.873274][  T111] 
[  725.892553][T18065] syz-executor: attempt to access beyond end of device
[  725.892553][T18065] loop2: rw=1, sector=4680032, nr_sectors = 8 limit=32768
[  725.915044][T18065] metapage_write_end_io: I/O error
[  725.923221][T18065] JFS: metapage_get_blocks failed
[  725.931958][T22418] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  725.935193][T18065] JFS: metapage_get_blocks failed
[  725.955876][T18065] JFS: metapage_get_blocks failed
[  725.971935][T18065] JFS: metapage_get_blocks failed
[  726.001702][  T967] usb 5-1: USB disconnect, device number 30
[  726.732958][T22430] loop4: detected capacity change from 0 to 1024
[  726.890080][T22430] hfsplus: invalid extended attribute record
[  726.937898][T22434] hfsplus: catalog searching failed
[  727.064818][   T12] hfsplus: b-tree write err: -5, ino 8
[  727.182803][T22443] loop2: detected capacity change from 0 to 256
[  727.213200][T22444] loop6: detected capacity change from 0 to 512
[  727.222622][T22443] exFAT-fs (loop2): failed to load upcase table (idx : 0x00011bf5, chksum : 0xcea91b8a, utbl_chksum : 0xe619d30d)
[  727.265883][T22443] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186)
[  727.291986][T22444] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  727.337294][   T28] audit: type=1800 audit(1772732364.116:262): pid=22443 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.6283" name="file1" dev="loop2" ino=1049047 res=0 errno=0
[  727.496090][T22452] loop2: detected capacity change from 0 to 128
[  727.536918][T22452] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  727.569561][T22452] hpfs: filesystem error: improperly stopped
[  727.575701][T22452] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  727.602086][T22452] hpfs: You really don't want any checks? You are crazy...
[  727.623100][T22452] hpfs: hpfs_map_sector(): read error
[  727.629083][T22452] hpfs: code page support is disabled
[  727.634712][T22452] hpfs: hpfs_map_4sectors(): unaligned read
[  727.649970][T20744] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  727.659282][T22452] hpfs: hpfs_map_4sectors(): unaligned read
[  727.665204][T22452] hpfs: filesystem error: unable to find root dir
[  727.745149][T22452] hpfs: hpfs_map_4sectors(): unaligned read
[  727.931921][T22464] netlink: 24 bytes leftover after parsing attributes in process `syz.4.6291'.
[  728.342090][T22481] netlink: 16 bytes leftover after parsing attributes in process `syz.6.6299'.
[  728.351228][T12629] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  728.488539][T22487] loop2: detected capacity change from 0 to 1024
[  728.513612][T22489] netlink: 28 bytes leftover after parsing attributes in process `syz.6.6303'.
[  728.516123][T22487] EXT4-fs: Ignoring removed nomblk_io_submit option
[  728.547919][T12629] usb 5-1: config index 0 descriptor too short (expected 65298, got 18)
[  728.560777][T12629] usb 5-1: config 0 has too many interfaces: 230, using maximum allowed: 32
[  728.583939][T12629] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 230
[  728.605434][T22491] Bluetooth: MGMT ver 1.22
[  728.617328][T12629] usb 5-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65
[  728.630408][T22487] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  728.653091][T12629] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  728.681078][T12629] usb 5-1: Product: syz
[  728.696930][T12629] usb 5-1: Manufacturer: syz
[  728.701606][T12629] usb 5-1: SerialNumber: syz
[  728.739955][T12629] usb 5-1: config 0 descriptor??
[  728.862894][T18065] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  728.997984][T12629] usb 5-1: ignoring: probably an ADSL modem
[  729.150512][T22504] loop2: detected capacity change from 0 to 4096
[  729.158714][T22504] ntfs3: loop2: Different NTFS sector size (2048) and media sector size (512).
[  729.296321][T22495] loop6: detected capacity change from 0 to 32768
[  729.350092][T22495] JBD2: Ignoring recovery information on journal
[  729.364169][T12629] cxacru 5-1:0.0: usbatm_usb_probe: bind failed: -19!
[  729.428738][T22495] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[  729.602360][T12629] usb 5-1: USB disconnect, device number 31
[  729.645237][T20744] ocfs2: Unmounting device (7,6) on (node local)
[  730.474798][T22526] loop4: detected capacity change from 0 to 1024
[  730.692972][T22529] netlink: 80 bytes leftover after parsing attributes in process `syz.6.6318'.
[  730.721446][T18754] hfsplus: bad catalog entry type
[  730.867998][   T42] hfsplus: b-tree write err: -5, ino 25
[  730.873793][   T42] hfsplus: b-tree write err: -5, ino 4
[  730.888994][   T42] hfsplus: b-tree write err: -5, ino 2
[  731.399004][T22541] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6324'.
[  731.431285][T22541] netlink: 'syz.1.6324': attribute type 6 has an invalid length.
[  731.644806][   T42] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  731.815534][   T42] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  732.048888][   T42] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  732.425147][   T42] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  732.440776][   T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  732.461024][   T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  732.470924][   T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  732.479373][   T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  732.489959][   T51] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  732.503113][   T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  733.082444][T22558] loop2: detected capacity change from 0 to 32768
[  733.125586][T22558] 
[  733.125586][T22558]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  733.125586][T22558] 
[  733.194124][T22560] chnl_net:caif_netlink_parms(): no params data found
[  733.252161][   T64] 
[  733.252161][   T64]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  733.252161][   T64] 
[  733.326657][   T64] 
[  733.326657][   T64]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  733.326657][   T64] 
[  733.371635][T18065] 
[  733.371635][T18065]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  733.371635][T18065] 
[  733.410377][  T112] 
[  733.410377][  T112]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  733.410377][  T112] 
[  733.442746][T18065] 
[  733.442746][T18065]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  733.442746][T18065] 
[  734.577340][ T5773] Bluetooth: hci1: command tx timeout
[  734.754202][T22560] bridge0: port 1(bridge_slave_0) entered blocking state
[  734.776715][T22560] bridge0: port 1(bridge_slave_0) entered disabled state
[  734.784012][T22560] bridge_slave_0: entered allmulticast mode
[  734.820740][T22560] bridge_slave_0: entered promiscuous mode
[  734.843231][T22560] bridge0: port 2(bridge_slave_1) entered blocking state
[  734.886534][T22560] bridge0: port 2(bridge_slave_1) entered disabled state
[  734.893828][T22560] bridge_slave_1: entered allmulticast mode
[  734.928522][T22560] bridge_slave_1: entered promiscuous mode
[  735.238305][T22560] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  735.379155][T22560] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  735.634918][T22560] team0: Port device team_slave_0 added
[  735.744343][T22560] team0: Port device team_slave_1 added
[  735.776760][  T967] usb 3-1: new high-speed USB device number 48 using dummy_hcd
[  735.941653][T22560] batman_adv: batadv0: Adding interface: batadv_slave_0
[  735.977212][  T967] usb 3-1: Using ep0 maxpacket: 8
[  735.980886][T22560] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  736.016327][  T967] usb 3-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  736.019911][T22560] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  736.030756][  T967] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  736.067198][  T967] usb 3-1: Product: syz
[  736.076923][  T967] usb 3-1: Manufacturer: syz
[  736.082320][  T967] usb 3-1: SerialNumber: syz
[  736.110138][  T967] usb 3-1: config 0 descriptor??
[  736.129769][  T967] gspca_main: se401-2.14.0 probing 047d:5003
[  736.147690][T22560] batman_adv: batadv0: Adding interface: batadv_slave_1
[  736.168093][T22560] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  736.266590][T22560] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  736.395129][   T42] hsr_slave_0: left promiscuous mode
[  736.404433][   T42] hsr_slave_1: left promiscuous mode
[  736.453048][T22623] loop6: detected capacity change from 0 to 40427
[  736.466930][   T42] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  736.475338][   T42] batman_adv: batadv0: Removing interface: batadv_slave_0
[  736.492734][   T42] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  736.503825][T22623] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12
[  736.537651][T22623] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  736.543480][   T42] batman_adv: batadv0: Removing interface: batadv_slave_1
[  736.571485][   T42] bridge_slave_1: left allmulticast mode
[  736.577749][T22623] F2FS-fs (loop6): Found nat_bits in checkpoint
[  736.584955][   T42] bridge_slave_1: left promiscuous mode
[  736.605967][   T42] bridge0: port 2(bridge_slave_1) entered disabled state
[  736.635977][   T42] bridge_slave_0: left allmulticast mode
[  736.649183][   T42] bridge_slave_0: left promiscuous mode
[  736.654986][   T42] bridge0: port 1(bridge_slave_0) entered disabled state
[  736.663188][ T5773] Bluetooth: hci1: command tx timeout
[  736.719686][   T42] veth1_macvtap: left promiscuous mode
[  736.725296][   T42] veth0_macvtap: left promiscuous mode
[  736.733056][   T42] veth1_vlan: left promiscuous mode
[  736.738941][   T42] veth0_vlan: left promiscuous mode
[  736.767856][  T967] usb 3-1: reset high-speed USB device number 48 using dummy_hcd
[  736.802589][T22623] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[  736.813011][T22623] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  737.392507][  T967] gspca_se401: write req failed req 0x57 val 0x00 error -71
[  737.474592][  T967] se401: probe of 3-1:0.0 failed with error -71
[  737.496379][  T967] usb 3-1: USB disconnect, device number 48
[  738.139450][T22655] loop6: detected capacity change from 0 to 32768
[  738.185246][T22655] XFS (loop6): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  738.308735][T22655] XFS (loop6): Ending clean mount
[  738.338681][T22657] serio: Serial port ptm0
[  738.435093][    C0] vkms_vblank_simulate: vblank timer overrun
[  738.564485][T20744] XFS (loop6): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  738.737417][ T5773] Bluetooth: hci1: command tx timeout
[  738.767797][T22672] loop2: detected capacity change from 0 to 128
[  738.801219][T22672] EXT4-fs: Ignoring removed nomblk_io_submit option
[  738.864259][    C0] vkms_vblank_simulate: vblank timer overrun
[  738.893470][T22672] EXT4-fs: Ignoring removed nomblk_io_submit option
[  738.909599][T22672] EXT4-fs: Ignoring removed nobh option
[  738.916334][T22672] EXT4-fs (loop2): Test dummy encryption mode enabled
[  739.032523][T22672] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  739.045067][T22672] ext4 filesystem being mounted at /347/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  739.149304][T22672] EXT4-fs (loop2): Online defrag not supported for encrypted files
[  739.211463][T18065] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  739.382414][    C0] vkms_vblank_simulate: vblank timer overrun
[  739.433360][T22682] loop6: detected capacity change from 0 to 512
[  739.441956][T22682] EXT4-fs: Ignoring removed i_version option
[  739.463644][T22682] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  739.498465][T22682] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  739.511490][T22682] ext4 filesystem being mounted at /112/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  739.620371][T20744] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  739.864640][   T42] team0 (unregistering): Port device team_slave_1 removed
[  739.979421][   T42] team0 (unregistering): Port device team_slave_0 removed
[  740.071637][   T42] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  740.172354][   T42] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  740.833473][ T5773] Bluetooth: hci1: command tx timeout
[  740.927700][   T42] bond0 (unregistering): Released all slaves
[  741.294942][T22560] hsr_slave_0: entered promiscuous mode
[  741.330743][T22698] loop6: detected capacity change from 0 to 512
[  741.338244][T22560] hsr_slave_1: entered promiscuous mode
[  741.356562][T22560] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  741.364172][T22560] Cannot create hsr debugfs directory
[  741.436011][T22698] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  741.461952][T22698] ext4 filesystem being mounted at /115/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  741.599790][T22698] EXT4-fs error (device loop6): ext4_do_update_inode:5248: inode #2: comm syz.6.6371: corrupted inode contents
[  741.727200][T22698] EXT4-fs error (device loop6): ext4_dirty_inode:6124: inode #2: comm syz.6.6371: mark_inode_dirty error
[  741.797742][T22698] EXT4-fs error (device loop6): ext4_do_update_inode:5248: inode #2: comm syz.6.6371: corrupted inode contents
[  741.856103][T22698] EXT4-fs error (device loop6): __ext4_ext_dirty:202: inode #2: comm syz.6.6371: mark_inode_dirty error
[  741.954588][T22698] EXT4-fs error (device loop6): ext4_lookup:1855: inode #18: comm syz.6.6371: 'file0' linked to parent dir
[  742.007479][   T42] IPVS: stop unused estimator thread 0...
[  742.115063][T20744] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  742.616133][T22560] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  743.179646][T22738] IPv6: NLM_F_CREATE should be specified when creating new route
[  743.201969][T22738] netlink: 'syz.2.6383': attribute type 1 has an invalid length.
[  743.263300][T22560] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  743.315847][T22560] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  743.355310][T22560] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  743.898239][T22560] 8021q: adding VLAN 0 to HW filter on device bond0
[  743.997825][T22560] 8021q: adding VLAN 0 to HW filter on device team0
[  744.058111][T18251] bridge0: port 1(bridge_slave_0) entered blocking state
[  744.065295][T18251] bridge0: port 1(bridge_slave_0) entered forwarding state
[  744.145991][T18251] bridge0: port 2(bridge_slave_1) entered blocking state
[  744.153274][T18251] bridge0: port 2(bridge_slave_1) entered forwarding state
[  744.341628][T22560] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  744.377752][T22560] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  744.488282][T22769] fuse: Invalid group_id
[  744.496821][ T5773] Bluetooth: hci0: command 0x0406 tx timeout
[  744.733958][T22753] loop6: detected capacity change from 0 to 32768
[  744.867435][T22753] XFS (loop6): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  745.016829][T22560] 8021q: adding VLAN 0 to HW filter on device batadv0
[  745.258883][T22753] XFS (loop6): Ending clean mount
[  745.282041][T22753] XFS (loop6): Quotacheck needed: Please wait.
[  745.453121][T22753] XFS (loop6): Quotacheck: Done.
[  745.711593][T20744] XFS (loop6): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  746.109863][T22560] veth0_vlan: entered promiscuous mode
[  746.152245][T22560] veth1_vlan: entered promiscuous mode
[  746.339930][T22560] veth0_macvtap: entered promiscuous mode
[  746.381097][T22560] veth1_macvtap: entered promiscuous mode
[  746.449516][T22560] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  746.474555][T22560] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  746.485950][T22560] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  746.497447][T22560] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  746.510637][T22560] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  746.521366][T14829] usb 2-1: new high-speed USB device number 51 using dummy_hcd
[  746.531495][T22560] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  746.548845][T22560] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  746.560237][T22560] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  746.574143][T22560] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  746.597983][T22560] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  746.614883][T22560] batman_adv: batadv0: Interface activated: batadv_slave_0
[  746.659915][T22560] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  746.696817][T22560] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  746.724738][T14829] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  746.738429][T22560] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  746.749119][T14829] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  746.759301][T14829] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  746.767493][T22560] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  746.787085][T14829] usb 2-1: config 0 descriptor??
[  746.792801][T22560] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  746.804049][T22560] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  746.823798][T22560] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  746.840128][T22560] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  746.854165][T22560] batman_adv: batadv0: Interface activated: batadv_slave_1
[  746.882012][T22560] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  746.906716][T22560] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  746.926383][T22560] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  746.937628][T22560] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  747.156932][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  747.175796][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  747.243381][T14829] keytouch 0003:0926:3333.0046: fixing up Keytouch IEC report descriptor
[  747.267048][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  747.299850][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  747.313415][T14829] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.0046/input/input61
[  747.541065][ T1282] ieee802154 phy0 wpan0: encryption failed: -22
[  747.548707][ T1282] ieee802154 phy1 wpan1: encryption failed: -22
[  747.653294][T22831] loop2: detected capacity change from 0 to 40427
[  747.680173][T22831] F2FS-fs (loop2): invalid crc value
[  747.680685][T14829] keytouch 0003:0926:3333.0046: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0
[  747.713070][T22831] F2FS-fs (loop2): Found nat_bits in checkpoint
[  747.844752][T14829] usb 2-1: USB disconnect, device number 51
[  747.921660][T22848] loop7: detected capacity change from 0 to 64
[  748.014471][T22831] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  748.049847][T22846] fido_id[22846]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  748.195002][T22831] F2FS-fs (loop2): Stopped filesystem due to reason: 0
[  748.934140][T22874] loop2: detected capacity change from 0 to 512
[  748.970780][T22874] EXT4-fs: Ignoring removed oldalloc option
[  749.093293][T22874] EXT4-fs (loop2): 1 truncate cleaned up
[  749.128490][T22874] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  749.389984][T18065] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  749.910149][T22885] loop6: detected capacity change from 0 to 32768
[  750.015944][T22885] JBD2: Ignoring recovery information on journal
[  750.181806][T22885] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[  750.787035][T20744] ocfs2: Unmounting device (7,6) on (node local)
[  750.999903][T22949] loop7: detected capacity change from 0 to 512
[  751.035170][T22949] EXT4-fs: Ignoring removed orlov option
[  751.113650][T22949] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  751.266316][   T28] audit: type=1800 audit(1772732388.016:263): pid=22949 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.6433" name="file3" dev="loop7" ino=16 res=0 errno=0
[  751.331555][T22560] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  752.513919][T23012] loop2: detected capacity change from 0 to 1024
[  752.759160][   T11] hfsplus: b-tree write err: -5, ino 25
[  752.795440][   T11] hfsplus: b-tree write err: -5, ino 4
[  752.815582][   T11] hfsplus: b-tree write err: -5, ino 2
[  753.003136][T23024] loop7: detected capacity change from 0 to 4096
[  753.056684][T23024] ntfs: (device loop7): ntfs_read_locked_inode(): $DATA attribute is missing.
[  753.089908][T23024] ntfs: (device loop7): ntfs_read_locked_inode(): Failed with error code -2.  Marking corrupt inode 0xa as bad.  Run chkdsk.
[  753.160581][T23024] ntfs: (device loop7): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default.
[  753.200976][T23024] ntfs: volume version 3.1.
[  753.684007][T22560] ntfs: (device loop7): ntfs_put_super(): Volume has errors.  Leaving volume marked dirty.  Run chkdsk.
[  754.243130][T23066] loop2: detected capacity change from 0 to 1024
[  754.311548][   T28] audit: type=1800 audit(1772732391.086:264): pid=23066 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.6474" name="file1" dev="loop2" ino=20 res=0 errno=0
[  754.324820][T23066] syz.2.6474: attempt to access beyond end of device
[  754.324820][T23066] loop2: rw=34817, sector=5778, nr_sectors = 2 limit=1024
[  754.355695][T23066] syz.2.6474: attempt to access beyond end of device
[  754.355695][T23066] loop2: rw=34817, sector=393216, nr_sectors = 126 limit=1024
[  754.479257][T23073] pim6reg: entered allmulticast mode
[  754.493269][T23072] pim6reg: left allmulticast mode
[  754.822635][T23082] input: syz1 as /devices/virtual/input/input62
[  755.335539][T23100] loop2: detected capacity change from 0 to 64
[  755.433499][   T28] audit: type=1800 audit(1772732392.206:265): pid=23100 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.6489" name="file2" dev="loop2" ino=6 res=0 errno=0
[  756.081208][T23131] ip6tnl1: entered allmulticast mode
[  756.623409][T23130] loop2: detected capacity change from 0 to 32768
[  756.687024][T23130] XFS (loop2): DAX unsupported by block device. Turning off DAX.
[  756.696337][T23130] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  756.807705][T23133] loop6: detected capacity change from 0 to 40427
[  756.839199][T23133] F2FS-fs (loop6): Invalid SB checksum offset: 0
[  756.845603][T23133] F2FS-fs (loop6): Can't find valid F2FS filesystem in 2th superblock
[  756.853326][T23130] XFS (loop2): Ending clean mount
[  756.886130][T23130] XFS (loop2): Quotacheck needed: Please wait.
[  756.907015][T23133] F2FS-fs (loop6): invalid crc value
[  756.956967][   T27] XFS (loop2): Metadata CRC error detected at xfs_allocbt_read_verify+0x42/0xd0, xfs_cntbt block 0x10 
[  757.004113][   T27] XFS (loop2): Unmount and run xfs_repair
[  757.024434][   T27] XFS (loop2): First 128 bytes of corrupted metadata buffer:
[  757.044707][   T27] 00000000: 41 42 33 43 00 00 00 02 ff ff ff ff ff ff ff ff  AB3C............
[  757.078258][   T27] 00000010: 00 00 00 00 00 00 00 10 00 00 00 01 00 00 00 10  ................
[  757.108624][   T27] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb  ...^T.Lr......N.
[  757.128770][   T27] 00000030: 00 00 00 00 20 bb 84 11 00 00 04 4e 00 00 00 02  .... ......N....
[  757.140339][   T27] 00000040: 00 00 04 60 00 00 0b a0 00 00 00 00 00 00 00 00  ...`............
[  757.158176][T23133] F2FS-fs (loop6): Try to recover 2th superblock, ret: 0
[  757.161657][   T27] 00000050: 00 00 00 00 00 00 07 00 00 00 00 00 00 00 00 00  ................
[  757.169476][T23133] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  757.207477][   T27] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  757.226719][   T27] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  757.245885][   T11] XFS (loop2): metadata I/O error in "xfs_btree_read_buf_block+0x1df/0x2e0" at daddr 0x10 len 8 error 74
[  757.329932][T23130] XFS (loop2): Quotacheck: Unsuccessful (Error -117): Disabling quotas.
[  757.423157][   T28] audit: type=1800 audit(1772732394.196:266): pid=23130 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.6503" name="file1" dev="loop2" ino=4422 res=0 errno=0
[  757.466573][   T28] audit: type=1800 audit(1772732394.216:267): pid=23130 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.6503" name="file1" dev="loop2" ino=4422 res=0 errno=0
[  757.534977][T20744] syz-executor: attempt to access beyond end of device
[  757.534977][T20744] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  757.566143][T20744] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  757.641236][T18065] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  758.529495][T23167] loop6: detected capacity change from 0 to 16
[  758.541812][T23170] loop7: detected capacity change from 0 to 64
[  758.564553][T23167] erofs: (device loop6): erofs_read_superblock: invalid sb_extslots 4208 (more than a fs block)
[  758.647734][T18325] blk_print_req_error: 9 callbacks suppressed
[  758.647751][T18325] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  758.704109][T23173] batadv_slave_0: entered promiscuous mode
[  758.751365][T23173] batman_adv: batadv0: Adding interface: macvtap1
[  758.796733][T23173] batman_adv: batadv0: The MTU of interface macvtap1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  758.905340][T23173] batman_adv: batadv0: Interface activated: macvtap1
[  759.708254][T23214] sctp: [Deprecated]: syz.2.6521 (pid 23214) Use of int in maxseg socket option.
[  759.708254][T23214] Use struct sctp_assoc_value instead
[  759.846826][T23218] UHID_CREATE from different security context by process 344 (syz.6.6525), this is not allowed.
[  761.309919][T23265] loop2: detected capacity change from 0 to 16
[  761.337962][T23265] erofs: (device loop2): mounted with root inode @ nid 36.
[  761.352388][T23253] loop6: detected capacity change from 0 to 40427
[  761.368874][T23253] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12
[  761.405861][T23253] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  761.426579][T14829] usb 2-1: new full-speed USB device number 52 using dummy_hcd
[  761.466519][T23253] F2FS-fs (loop6): Found nat_bits in checkpoint
[  761.561532][T23253] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[  761.578353][T23253] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  761.608466][T14829] usb 2-1: config index 0 descriptor too short (expected 19492, got 36)
[  761.635931][T14829] usb 2-1: config 0 has too many interfaces: 36, using maximum allowed: 32
[  761.656784][T14829] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 36
[  761.665811][T14829] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  761.723220][T14829] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  761.747011][T14829] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  761.766381][T14829] usb 2-1: New USB device found, idVendor=046d, idProduct=c225, bcdDevice= 0.00
[  761.783684][T14829] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  761.802023][T23275] netlink: 56 bytes leftover after parsing attributes in process `syz.2.6551'.
[  761.814152][T14829] usb 2-1: config 0 descriptor??
[  762.263367][T14829] lg-g15 0003:046D:C225.0047: unknown main item tag 0x0
[  762.289669][T14829] lg-g15 0003:046D:C225.0047: unknown main item tag 0x0
[  762.317443][T14829] lg-g15 0003:046D:C225.0047: hidraw0: USB HID v1.01 Device [HID 046d:c225] on usb-dummy_hcd.1-1/input0
[  762.446040][T23288] netlink: 24 bytes leftover after parsing attributes in process `syz.6.6553'.
[  762.538532][T20227] usb 2-1: USB disconnect, device number 52
[  762.640505][T23300] loop6: detected capacity change from 0 to 128
[  762.706547][T14829] usb 3-1: new high-speed USB device number 49 using dummy_hcd
[  762.899369][T14829] usb 3-1: Using ep0 maxpacket: 16
[  762.906149][T14829] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0
[  762.917678][T14829] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x89 has an invalid bInterval 166, changing to 11
[  762.928988][T14829] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x89 has invalid maxpacket 9233, setting to 1024
[  762.940627][T14829] usb 3-1: config 0 interface 0 has no altsetting 0
[  762.953449][T14829] usb 3-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb
[  762.969302][T14829] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  762.978675][T14829] usb 3-1: Product: syz
[  762.982880][T14829] usb 3-1: Manufacturer: syz
[  762.987659][T14829] usb 3-1: SerialNumber: syz
[  762.994561][T14829] usb 3-1: config 0 descriptor??
[  763.000877][T23293] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  763.212352][T23293] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  763.227836][T14829] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input63
[  763.487414][T14829] usb 3-1: USB disconnect, device number 49
[  763.941908][T23339] loop7: detected capacity change from 0 to 512
[  763.954843][T23339] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  763.989061][T23339] EXT4-fs error (device loop7): ext4_free_branches:1030: inode #11: comm syz.7.6568: invalid indirect mapped block 4294967295 (level 1)
[  764.011241][T23339] EXT4-fs error (device loop7): ext4_free_branches:1030: inode #11: comm syz.7.6568: invalid indirect mapped block 4294967295 (level 1)
[  764.051892][T23339] EXT4-fs (loop7): 2 truncates cleaned up
[  764.078051][T23339] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  764.204215][T23339] EXT4-fs error (device loop7): empty_inline_dir:1867: inode #12: block 7: comm syz.7.6568: bad entry in directory: rec_len % 4 != 0 - offset=4, inode=4278190093, rec_len=255, size=60 fake=0
[  764.265114][T23339] EXT4-fs warning (device loop7): empty_inline_dir:1874: bad inline directory (dir #12) - inode 4278190093, rec_len 255, name_len 0inline size 60
[  764.324309][T22560] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  764.544972][T23360] Cannot find set identified by id 2 to match
[  764.777363][T14829] usb 3-1: new high-speed USB device number 50 using dummy_hcd
[  764.984811][T14829] usb 3-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  765.016016][T14829] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  765.048015][T14829] usb 3-1: Product: syz
[  765.052338][T14829] usb 3-1: Manufacturer: syz
[  765.058778][T14829] usb 3-1: SerialNumber: syz
[  765.075570][T14829] usb 3-1: config 0 descriptor??
[  765.089786][T14829] i2c-tiny-usb 3-1:0.0: version 6d.cc found at bus 003 address 050
[  765.373335][T23364] loop7: detected capacity change from 0 to 40427
[  765.395920][T23364] F2FS-fs (loop7): build fault injection attr: rate: 690, type: 0x7ffff
[  765.425531][T23364] F2FS-fs (loop7): invalid crc value
[  765.461060][T23364] F2FS-fs (loop7): Found nat_bits in checkpoint
[  765.494624][T14829]  (null): failure reading functionality
[  765.547830][T14829] i2c i2c-1: connected i2c-tiny-usb device
[  765.645119][T23364] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  765.737409][T14829] usb 3-1: USB disconnect, device number 50
[  765.870069][T22560] syz-executor: attempt to access beyond end of device
[  765.870069][T22560] loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  765.914371][T22560] F2FS-fs (loop7): Stopped filesystem due to reason: 3
[  767.329439][T23446] tap0: tun_chr_ioctl cmd 1074025681
[  767.961656][T23474] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6603'.
[  769.389389][T23524] comedi comedi0: No channels found!
[  769.817978][T14829] kernel read not supported for file /dsp (pid: 14829 comm: kworker/0:0)
[  769.827458][T23539] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6625'.
[  769.878958][T23539] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6625'.
[  770.055990][T23541] loop6: detected capacity change from 0 to 8192
[  770.158642][    C0] vkms_vblank_simulate: vblank timer overrun
[  771.222930][T23567] 9pnet: p9_errstr2errno: server reported unknown error ����
[  771.471416][T23574] misc userio: Can't change port type on an already running userio instance
[  771.681584][T23580] netlink: 116 bytes leftover after parsing attributes in process `syz.7.6644'.
[  771.929839][T23592] loop6: detected capacity change from 0 to 764
[  772.927025][T23623] loop6: detected capacity change from 0 to 2048
[  773.026690][T23623] UDF-fs: error (device loop6): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  773.059633][T23623] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  773.122237][    C0] vkms_vblank_simulate: vblank timer overrun
[  773.236717][T14829] usb 3-1: new high-speed USB device number 51 using dummy_hcd
[  773.437209][T14829] usb 3-1: Using ep0 maxpacket: 8
[  773.449220][T14829] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[  773.469640][T14829] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  773.494621][T14829] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  773.509441][T23638] loop7: detected capacity change from 0 to 128
[  773.526664][T14829] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  773.538055][T23638] EXT4-fs: Ignoring removed nomblk_io_submit option
[  773.544786][T23638] EXT4-fs: Ignoring removed nomblk_io_submit option
[  773.575432][T14829] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  773.590726][T23638] EXT4-fs (loop7): Test dummy encryption mode enabled
[  773.603112][T14829] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  773.611000][T23640] loop6: detected capacity change from 0 to 64
[  773.632344][T14829] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  773.642079][T23638] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  773.657465][T23638] ext4 filesystem being mounted at /48/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  773.682949][T23640] MINIX-fs: mounting unchecked file system, running fsck is recommended
[  773.849780][T22560] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  773.880468][T14829] usb 3-1: GET_CAPABILITIES returned 0
[  773.886042][T14829] usbtmc 3-1:16.0: can't read capabilities
[  773.984746][T23649] loop6: detected capacity change from 0 to 512
[  774.029149][T23649] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  774.074567][T23652] loop7: detected capacity change from 0 to 2048
[  774.114151][T23626] usb 3-1: usbtmc_ioctl_clear_in_halt returned -32
[  774.130279][T23652] NILFS (loop7): broken superblock, retrying with spare superblock (blocksize = 1024)
[  774.143866][T12629] usb 3-1: USB disconnect, device number 51
[  774.260886][T20744] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  774.275435][T23654] NILFS (loop7): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  774.780667][T23672] loop7: detected capacity change from 0 to 512
[  774.782959][T23671] tun0: tun_chr_ioctl cmd 2147767519
[  774.826676][T23672] EXT4-fs error (device loop7): ext4_orphan_get:1398: inode #15: comm syz.7.6682: iget: bad i_size value: 38620345925642
[  774.855448][T23672] EXT4-fs error (device loop7): ext4_orphan_get:1403: comm syz.7.6682: couldn't read orphan inode 15 (err -117)
[  774.881408][T23672] EXT4-fs (loop7): mounted filesystem 00000000-0000-00a1-0000-000000000000 r/w without journal. Quota mode: writeback.
[  775.001911][ T5767] kernel read not supported for file /dsp (pid: 5767 comm: kworker/0:4)
[  775.088465][T22560] EXT4-fs (loop7): unmounting filesystem 00000000-0000-00a1-0000-000000000000.
[  775.221788][T23682] netlink: 44 bytes leftover after parsing attributes in process `syz.1.6688'.
[  775.374792][T23689] loop6: detected capacity change from 0 to 1024
[  775.386782][ T5767] kernel write not supported for file /917/net/psched (pid: 5767 comm: kworker/0:4)
[  775.674495][T23698] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  776.206775][T12629] usb 3-1: new high-speed USB device number 52 using dummy_hcd
[  776.396517][T12629] usb 3-1: Using ep0 maxpacket: 32
[  776.404141][T12629] usb 3-1: config index 0 descriptor too short (expected 35577, got 27)
[  776.413250][T12629] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  776.426725][T12629] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92
[  776.456489][T12629] usb 3-1: config 1 has no interface number 0
[  776.462764][T12629] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  776.496556][T12629] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  776.516930][T12629] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  776.535057][T12629] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  776.575781][T12629] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found
[  776.800776][T12629] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now attached
[  776.856248][T23725] loop7: detected capacity change from 0 to 64
[  777.350129][T12629] usb 3-1: USB disconnect, device number 52
[  777.357526][T12629] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected
[  777.772017][T23739] ax25_connect(): syz.1.6713 uses autobind, please contact jreuter@yaina.de
[  778.210195][T23733] loop7: detected capacity change from 0 to 131072
[  778.218283][T23733] F2FS-fs (loop7): Wrong CP boundary, start(512) end(1536) blocks(0)
[  778.226556][T23733] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[  778.238770][T23733] F2FS-fs (loop7): invalid crc value
[  778.250079][T23733] F2FS-fs (loop7): Found nat_bits in checkpoint
[  778.319114][T23733] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0
[  778.326264][T23733] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e4
[  778.436750][    C0] vkms_vblank_simulate: vblank timer overrun
[  779.167373][T23766] netdevsim netdevsim6 netdevsim0: Unsupported IPsec algorithm
[  779.390839][T23778] loop2: detected capacity change from 0 to 8192
[  779.433770][T23778] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  779.486736][   T28] audit: type=1800 audit(1772732416.256:268): pid=23778 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.6727" name="file1" dev="loop2" ino=1049053 res=0 errno=0
[  779.664473][T23782] tap0: tun_chr_ioctl cmd 2147767511
[  779.877671][T23786] netem: change failed
[  780.038203][T23788] loop6: detected capacity change from 0 to 128
[  780.077089][T23788] UDF-fs: error (device loop6): udf_read_tagged: read failed, block=256, location=256
[  780.129113][T23788] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  780.587664][T23800] tun0: tun_chr_ioctl cmd 1074025680
[  781.119719][T23821] netlink: 60 bytes leftover after parsing attributes in process `syz.7.6746'.
[  781.147438][T23821] netlink: 60 bytes leftover after parsing attributes in process `syz.7.6746'.
[  781.188081][T23823] netlink: 60 bytes leftover after parsing attributes in process `syz.7.6746'.
[  781.243034][   T28] audit: type=1326 audit(1772732418.016:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23824 comm="syz.2.6748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe413f9c799 code=0x7ffc0000
[  781.338049][   T28] audit: type=1326 audit(1772732418.016:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23824 comm="syz.2.6748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe413f9c799 code=0x7ffc0000
[  781.432642][   T28] audit: type=1326 audit(1772732418.056:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23824 comm="syz.2.6748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7fe413f9c799 code=0x7ffc0000
[  781.484715][   T28] audit: type=1326 audit(1772732418.056:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23824 comm="syz.2.6748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe413f9c799 code=0x7ffc0000
[  781.563849][   T28] audit: type=1326 audit(1772732418.056:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23824 comm="syz.2.6748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe413f9c799 code=0x7ffc0000
[  781.626246][   T28] audit: type=1326 audit(1772732418.056:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23824 comm="syz.2.6748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe413f9c799 code=0x7ffc0000
[  781.664674][   T28] audit: type=1326 audit(1772732418.056:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23824 comm="syz.2.6748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe413f9c799 code=0x7ffc0000
[  781.709451][T23838] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6754'.
[  781.722326][   T28] audit: type=1326 audit(1772732418.056:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23824 comm="syz.2.6748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe413f9c799 code=0x7ffc0000
[  781.747946][T23838] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6754'.
[  781.773963][   T28] audit: type=1326 audit(1772732418.056:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23824 comm="syz.2.6748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7fe413f9c799 code=0x7ffc0000
[  781.958925][T23847] netlink: 36 bytes leftover after parsing attributes in process `syz.2.6758'.
[  782.094271][T23853] loop2: detected capacity change from 0 to 8
[  782.310278][T23855] netlink: 16 bytes leftover after parsing attributes in process `syz.7.6762'.
[  782.479937][T23859] loop7: detected capacity change from 0 to 1024
[  782.538254][T23859] EXT4-fs (loop7): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: writeback.
[  782.566974][T23859] ext4 filesystem being mounted at /73/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  782.606588][T23868] netlink: 'syz.6.6767': attribute type 5 has an invalid length.
[  782.679670][T22560] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  783.258670][T23885] loop2: detected capacity change from 0 to 1024
[  783.278218][T23885] EXT4-fs: inline encryption not supported
[  783.299137][T23885] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  783.416662][T23889] netlink: 4 bytes leftover after parsing attributes in process `syz.7.6777'.
[  783.454847][T23885] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  783.662719][T23898] EXT4-fs error (device loop2): mb_free_blocks:1952: group 0, inode 15: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[  783.762751][T23898] EXT4-fs (loop2): Remounting filesystem read-only
[  783.831444][T18065] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  784.659521][T23928] netlink: 60 bytes leftover after parsing attributes in process `syz.2.6793'.
[  784.668876][T23928] netlink: 60 bytes leftover after parsing attributes in process `syz.2.6793'.
[  785.060670][T23939] loop6: detected capacity change from 0 to 2048
[  785.115212][T23939] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  785.456609][ T5773] Bluetooth: hci2: command 0x0406 tx timeout
[  786.159661][T23966] bond0: option miimon: invalid value (18446744073334219755)
[  786.167352][T23966] bond0: option miimon: allowed values 0 - 2147483647
[  786.305248][T23972] loop6: detected capacity change from 0 to 2048
[  786.317915][T23972] UDF-fs: bad mount option "vL��olume=000000000063" or missing value
[  786.517225][ T5806] usb 2-1: new high-speed USB device number 53 using dummy_hcd
[  786.650343][T23982] loop7: detected capacity change from 0 to 512
[  786.706623][ T5806] usb 2-1: Using ep0 maxpacket: 16
[  786.720860][ T5806] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  786.743294][ T5806] usb 2-1: config 0 has no interface number 0
[  786.761196][ T5806] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  786.796763][ T5806] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  786.830634][ T5806] usb 2-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[  786.866543][ T5806] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  786.902376][ T5806] usb 2-1: config 0 descriptor??
[  786.956182][T23984] syz_tun: entered allmulticast mode
[  786.965138][T23983] syz_tun: left allmulticast mode
[  787.235104][T23980] loop6: detected capacity change from 0 to 40427
[  787.276053][T23980] F2FS-fs (loop6): heap/no_heap options were deprecated
[  787.307000][T23980] F2FS-fs (loop6): Image doesn't support compression
[  787.331888][T23980] F2FS-fs (loop6): heap/no_heap options were deprecated
[  787.372067][T23980] F2FS-fs (loop6): invalid crc value
[  787.400558][T23980] F2FS-fs (loop6): Found nat_bits in checkpoint
[  787.516780][T23980] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  787.568407][ T5806] uclogic 0003:28BD:0071.0048: pen parameters not found
[  787.601722][ T5806] uclogic 0003:28BD:0071.0048: interface is invalid, ignoring
[  787.732592][T20744] syz-executor: attempt to access beyond end of device
[  787.732592][T20744] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  787.746017][T23995] __nla_validate_parse: 2 callbacks suppressed
[  787.746037][T23995] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6822'.
[  787.769035][T12629] usb 2-1: USB disconnect, device number 53
[  787.783998][T20744] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  788.359167][T24010] netlink: 884 bytes leftover after parsing attributes in process `syz.2.6828'.
[  789.070060][T24041] loop7: detected capacity change from 0 to 64
[  789.286826][   T28] kauditd_printk_skb: 2 callbacks suppressed
[  789.286842][   T28] audit: type=1800 audit(1772732426.046:280): pid=24041 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.6842" name="file1" dev="loop7" ino=21 res=0 errno=0
[  790.135572][T24039] loop6: detected capacity change from 0 to 131072
[  790.147449][T24039] F2FS-fs (loop6): Wrong CP boundary, start(512) end(1536) blocks(0)
[  790.155573][T24039] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  790.168840][T24039] F2FS-fs (loop6): invalid crc value
[  790.243012][T24039] F2FS-fs (loop6): Found nat_bits in checkpoint
[  790.321068][T24039] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[  790.328234][T24039] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e4
[  790.959358][T24079] loop7: detected capacity change from 0 to 4096
[  790.985889][T24079] ntfs3: loop7: Different NTFS sector size (4096) and media sector size (512).
[  791.647965][T24099] netlink: 16 bytes leftover after parsing attributes in process `syz.6.6866'.
[  793.366760][T12629] usb 2-1: new high-speed USB device number 54 using dummy_hcd
[  793.558698][T12629] usb 2-1: config index 0 descriptor too short (expected 23569, got 27)
[  793.574918][T12629] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  793.587476][T12629] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  793.604785][T12629] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  793.613576][T12629] usb 2-1: Manufacturer: syz
[  793.645807][T12629] usb 2-1: config 0 descriptor??
[  793.726960][T12629] rc_core: IR keymap rc-hauppauge not found
[  793.733378][T12629] Registered IR keymap rc-empty
[  793.740367][T12629] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[  793.753471][T12629] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input65
[  793.942801][    C1] igorplugusb 2-1:0.0: Error: urb status = -32
[  793.950319][ T5767] usb 2-1: USB disconnect, device number 54
[  794.959807][T24161] netlink: 60 bytes leftover after parsing attributes in process `syz.1.6894'.
[  794.975706][T24161] netlink: 60 bytes leftover after parsing attributes in process `syz.1.6894'.
[  794.998542][T24161] netlink: 60 bytes leftover after parsing attributes in process `syz.1.6894'.
[  795.018081][T24161] netlink: 60 bytes leftover after parsing attributes in process `syz.1.6894'.
[  795.704553][T24173] macvlan0: entered promiscuous mode
[  795.710959][T24173] netlink: 'syz.1.6899': attribute type 2 has an invalid length.
[  795.732266][T24173] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6899'.
[  796.055524][T24179] bridge0: entered promiscuous mode
[  796.079217][T24179] macvlan2: entered promiscuous mode
[  796.301042][T12629] kernel write not supported for file /1037/attr/exec (pid: 12629 comm: kworker/1:5)
[  796.804945][T24185] loop7: detected capacity change from 0 to 32768
[  796.816004][T24185] XFS: attr2 mount option is deprecated.
[  796.890585][T24185] XFS (loop7): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  796.954156][T24185] XFS (loop7): Ending clean mount
[  796.973299][T24185] XFS (loop7): Quotacheck needed: Please wait.
[  797.056102][T24185] XFS (loop7): Quotacheck: Done.
[  797.233449][T22560] XFS (loop7): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  798.112851][T24216] loop7: detected capacity change from 0 to 32768
[  798.174939][T24216] JBD2: Ignoring recovery information on journal
[  798.245518][T24216] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode.
[  798.430948][T22560] ocfs2: Unmounting device (7,7) on (node local)
[  798.780779][T24245] netlink: 8 bytes leftover after parsing attributes in process `syz.7.6928'.
[  799.898645][T24260] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6935'.
[  800.003732][   T28] audit: type=1326 audit(1772732436.776:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24263 comm="syz.1.6937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fb219c799 code=0x7ffc0000
[  800.064011][   T28] audit: type=1326 audit(1772732436.776:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24263 comm="syz.1.6937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fb219c799 code=0x7ffc0000
[  800.090855][   T28] audit: type=1326 audit(1772732436.776:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24263 comm="syz.1.6937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f4fb219c799 code=0x7ffc0000
[  800.133287][   T28] audit: type=1326 audit(1772732436.776:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24263 comm="syz.1.6937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fb219c799 code=0x7ffc0000
[  800.163638][T24271] netlink: 20 bytes leftover after parsing attributes in process `syz.1.6941'.
[  800.171345][   T28] audit: type=1326 audit(1772732436.776:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24263 comm="syz.1.6937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7f4fb219c799 code=0x7ffc0000
[  800.206729][   T28] audit: type=1326 audit(1772732436.776:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24263 comm="syz.1.6937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fb219c799 code=0x7ffc0000
[  800.232718][   T28] audit: type=1326 audit(1772732436.776:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24263 comm="syz.1.6937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=132 compat=0 ip=0x7f4fb219c799 code=0x7ffc0000
[  800.276550][   T28] audit: type=1326 audit(1772732436.776:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24263 comm="syz.1.6937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fb219c799 code=0x7ffc0000
[  800.357275][   T28] audit: type=1326 audit(1772732436.776:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24263 comm="syz.1.6937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fb219c799 code=0x7ffc0000
[  800.544857][T24284] block nbd2: Unsupported socket: should be TCP or UNIX.
[  800.686684][ T5806] usb 2-1: new full-speed USB device number 55 using dummy_hcd
[  800.870872][ T5806] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  800.881143][ T5806] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[  800.890478][ T5806] usb 2-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  800.900444][ T5806] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  800.911036][ T5806] usb 2-1: config 0 descriptor??
[  800.923007][ T5806] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  800.930210][ T5806] dvb-usb: bulk message failed: -22 (3/0)
[  800.942823][ T5806] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  800.951831][ T5806] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  800.959023][ T5806] usb 2-1: media controller created
[  800.965191][ T5806] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  800.981184][ T5806] dvb-usb: bulk message failed: -22 (6/0)
[  800.987353][ T5806] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  800.997966][ T5806] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input66
[  801.011604][ T5806] dvb-usb: schedule remote query interval to 150 msecs.
[  801.026077][ T5806] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  801.127364][T24279] dibusb: i2c wr: len=90 is too big!
[  801.127364][T24279] 
[  801.136059][T12629] usb 2-1: USB disconnect, device number 55
[  801.165317][T12629] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  801.365734][T24292] sctp: [Deprecated]: syz.7.6949 (pid 24292) Use of int in max_burst socket option deprecated.
[  801.365734][T24292] Use struct sctp_assoc_value instead
[  802.278295][T24308] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6955'.
[  802.554192][T24315] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6960'.
[  803.230775][T24333] netlink: 'syz.7.6969': attribute type 1 has an invalid length.
[  803.238908][T24333] netlink: 'syz.7.6969': attribute type 2 has an invalid length.
[  803.669923][T24349] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.6976'.
[  805.125951][T24387] netem: change failed
[  805.395500][T24393] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6996'.
[  806.105889][T24419] netlink: 24 bytes leftover after parsing attributes in process `syz.2.7008'.
[  807.157606][T24456] netlink: 24 bytes leftover after parsing attributes in process `syz.2.7025'.
[  807.902595][T24470] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7032'.
[  808.983707][ T1282] ieee802154 phy1 wpan1: encryption failed: -22
[  809.077206][T24511] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7051'.
[  810.484232][T24530] loop7: detected capacity change from 0 to 40427
[  810.530399][T24530] F2FS-fs (loop7): Found nat_bits in checkpoint
[  810.636128][T24530] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  810.735933][T22560] syz-executor: attempt to access beyond end of device
[  810.735933][T22560] loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  810.753249][T22560] F2FS-fs (loop7): Stopped filesystem due to reason: 3
[  811.218729][T24559] netlink: 'syz.1.7071': attribute type 3 has an invalid length.
[  811.230539][T24559] netlink: 'syz.1.7071': attribute type 3 has an invalid length.
[  811.253474][T24561] sctp: [Deprecated]: syz.2.7072 (pid 24561) Use of int in maxseg socket option.
[  811.253474][T24561] Use struct sctp_assoc_value instead
[  811.375713][T24567] loop7: detected capacity change from 0 to 128
[  811.472738][T24567] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  811.481768][T24573] netlink: 28 bytes leftover after parsing attributes in process `syz.2.7076'.
[  811.504084][T24567] ext4 filesystem being mounted at /129/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  811.623306][   T28] audit: type=1800 audit(1772732448.396:290): pid=24567 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.7074" name="file1" dev="loop7" ino=12 res=0 errno=0
[  811.721816][T22560] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  811.822495][T24584] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7082'.
[  812.294867][T24600] netlink: 24 bytes leftover after parsing attributes in process `syz.1.7087'.
[  812.675826][T24602] loop7: detected capacity change from 0 to 32768
[  812.725503][T24602] (syz.7.7088,24602,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  812.773420][T24602] (syz.7.7088,24602,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  812.856658][ T5806] usb 2-1: new high-speed USB device number 56 using dummy_hcd
[  812.951177][T24602] JBD2: Ignoring recovery information on journal
[  813.072269][ T5806] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  813.115111][ T5806] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  813.147443][T24602] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode.
[  813.180557][ T5806] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  813.244971][ T5806] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  813.345295][ T5806] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  813.416191][ T5806] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  813.460300][ T5806] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  813.487537][T24619] bridge0: port 2(bridge_slave_1) entered disabled state
[  813.497938][T24619] bridge0: port 1(bridge_slave_0) entered disabled state
[  813.519373][ T5806] usb 2-1: Product: syz
[  813.523585][ T5806] usb 2-1: Manufacturer: syz
[  813.591934][ T5806] cdc_wdm 2-1:1.0: skipping garbage
[  813.628716][ T5806] cdc_wdm 2-1:1.0: skipping garbage
[  813.686938][ T5806] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  813.759138][ T5806] cdc_wdm 2-1:1.0: Unknown control protocol
[  813.985931][T14829] usb 2-1: USB disconnect, device number 56
[  814.313465][T22560] ocfs2: Unmounting device (7,7) on (node local)
[  814.557306][T24629] block nbd2: server does not support multiple connections per device.
[  814.597960][T24629] block nbd2: shutting down sockets
[  814.765196][T24634] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  814.802789][T24638] loop6: detected capacity change from 0 to 512
[  814.905785][T24634] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  815.622318][T24642] loop7: detected capacity change from 0 to 32768
[  815.738419][T24642] XFS (loop7): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  815.883459][T24642] XFS (loop7): Ending clean mount
[  815.958192][   T27] XFS (loop7): Corruption warning: Metadata has LSN (2:16) ahead of current LSN (1:112). Please unmount and run xfs_repair (>= v4.3) to resolve.
[  816.012888][   T27] XFS (loop7): Metadata CRC error detected at xfs_inobt_read_verify+0x42/0xd0, xfs_finobt block 0x20 
[  816.077674][   T27] XFS (loop7): Unmount and run xfs_repair
[  816.083460][   T27] XFS (loop7): First 128 bytes of corrupted metadata buffer:
[  816.126524][   T27] 00000000: 46 49 42 33 00 00 00 01 ff ff ff ff ff ff ff ff  FIB3............
[  816.135439][   T27] 00000010: 00 00 00 00 00 00 00 20 00 00 00 02 00 00 00 10  ....... ........
[  816.183288][   T27] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb  ...^T.Lr......N.
[  816.213996][   T27] 00000030: 00 00 00 00 ca b4 20 ce 00 00 11 40 00 00 40 37  ...... ....@..@7
[  816.233191][   T27] 00000040: ff ff ff ff ff ff fe 00 00 00 00 00 00 00 00 00  ................
[  816.256936][   T27] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  816.281978][   T27] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  816.301343][   T27] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  816.317873][T24642] XFS (loop7): metadata I/O error in "xfs_btree_read_buf_block+0x1df/0x2e0" at daddr 0x20 len 8 error 74
[  816.356884][T24642] XFS (loop7): Failed to initialize disk quotas.
[  816.554923][T22560] XFS (loop7): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  816.591242][T24680] loop6: detected capacity change from 0 to 256
[  816.734492][T24680] FAT-fs (loop6): error, clusters badly computed (0 != 128)
[  816.744477][   T28] audit: type=1800 audit(1772732453.506:291): pid=24680 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.7116" name="file1" dev="loop6" ino=1049057 res=0 errno=0
[  816.786570][T24680] FAT-fs (loop6): error, fat_bmap_cluster: request beyond EOF (i_pos 196)
[  816.876102][T24684] FAT-fs (loop6): error, fat_bmap_cluster: request beyond EOF (i_pos 196)
[  816.952957][T24686] netlink: 201392 bytes leftover after parsing attributes in process `syz.1.7119'.
[  817.647243][T24708] netlink: 8 bytes leftover after parsing attributes in process `syz.6.7120'.
[  817.686564][T24708] netlink: 12 bytes leftover after parsing attributes in process `syz.6.7120'.
[  817.959150][T24719] loop6: detected capacity change from 0 to 256
[  818.097909][T24722] bridge0: port 2(bridge_slave_1) entered disabled state
[  818.105532][T24722] bridge0: port 1(bridge_slave_0) entered disabled state
[  818.604397][T24715] loop7: detected capacity change from 0 to 32768
[  818.639856][T24715] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop7 scanned by syz.7.7130 (24715)
[  818.688869][T24715] BTRFS info (device loop7): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  818.708248][T24715] BTRFS info (device loop7): using crc32c (crc32c-intel) checksum algorithm
[  818.729407][T24715] BTRFS info (device loop7): using free space tree
[  818.810165][T24748] netlink: 132 bytes leftover after parsing attributes in process `syz.1.7141'.
[  818.822807][T24748] netlink: 'syz.1.7141': attribute type 12 has an invalid length.
[  818.830773][T24748] netlink: 132 bytes leftover after parsing attributes in process `syz.1.7141'.
[  818.922396][T24715] BTRFS info (device loop7): enabling ssd optimizations
[  818.975203][T24715] BTRFS info (device loop7): auto enabling async discard
[  819.092227][T24760] fuse: Bad value for 'fd'
[  819.242331][T24726] loop6: detected capacity change from 0 to 40427
[  819.332423][T24726] F2FS-fs (loop6): build fault injection attr: rate: 14, type: 0x7ffff
[  819.366647][T24726] F2FS-fs (loop6): build fault injection attr: rate: 0, type: 0xe4
[  819.396646][T24726] F2FS-fs (loop6): invalid crc value
[  819.430575][T24726] F2FS-fs (loop6): inject page alloc in f2fs_grab_cache_page of f2fs_ra_meta_pages+0x68b/0x9b0
[  819.558898][T22560] BTRFS info (device loop7): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  819.706749][T18325] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 11 /dev/loop7 scanned by udevd (18325)
[  819.728232][T24726] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  819.921079][T24776] netlink: 'syz.1.7149': attribute type 25 has an invalid length.
[  819.966563][T24776] netlink: 'syz.1.7149': attribute type 1 has an invalid length.
[  819.975354][T24726] F2FS-fs (loop6): inject page alloc in f2fs_grab_cache_page of f2fs_new_node_page+0x13a/0x910
[  820.006894][T24776] bridge0: port 1(bridge_slave_0) entered disabled state
[  820.048932][T24779] F2FS-fs (loop6): inject no more block in inc_valid_block_count of f2fs_reserve_new_blocks+0x127/0xb50
[  820.305494][T24783] serio: Serial port ttyS3
[  821.054548][T24794] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  821.990077][T24837] loop6: detected capacity change from 0 to 128
[  822.315905][T24845] loop6: detected capacity change from 0 to 4096
[  822.338610][T24845] ntfs: (device loop6): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[  822.414814][T24845] ntfs: (device loop6): read_ntfs_boot_sector(): Primary boot sector is invalid.
[  822.444711][T24845] ntfs: (device loop6): read_ntfs_boot_sector(): Hot-fix: Recovering invalid primary boot sector from backup copy.
[  822.474779][T24845] ntfs: (device loop6): ntfs_mapping_pairs_decompress(): Corrupt attribute.
[  822.486200][T24845] ntfs: (device loop6): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5).
[  822.508486][T24845] ntfs: (device loop6): ntfs_mapping_pairs_decompress(): Corrupt attribute.
[  822.532415][T24845] ntfs: (device loop6): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x0, offset 0x200 because its location on disk could not be determined even after retrying (error code -5).
[  822.561293][T24845] ntfs: (device loop6): ntfs_mapping_pairs_decompress(): Corrupt attribute.
[  822.583333][T24845] ntfs: (device loop6): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x1, offset 0x0 because its location on disk could not be determined even after retrying (error code -5).
[  822.611391][T24845] ntfs: (device loop6): ntfs_mapping_pairs_decompress(): Corrupt attribute.
[  822.623611][T24845] ntfs: volume version 3.1.
[  822.843968][T24839] loop7: detected capacity change from 0 to 32768
[  822.929147][T24839] (syz.7.7178,24839,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  822.974403][T24839] (syz.7.7178,24839,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  823.056962][T24839] JBD2: Ignoring recovery information on journal
[  823.226816][T24839] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode.
[  823.445223][T24868] bridge0: port 2(bridge_slave_1) entered disabled state
[  823.452565][T24868] bridge0: port 1(bridge_slave_0) entered disabled state
[  823.633064][T22560] ocfs2: Unmounting device (7,7) on (node local)
[  824.459301][T24907] netlink: 36 bytes leftover after parsing attributes in process `syz.2.7208'.
[  825.603092][T24951] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  825.613504][T24951] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  825.623507][T24951] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  825.632779][T24951] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  826.216629][T24966] input: syz1 as /devices/virtual/input/input67
[  826.617450][T24977] loop6: detected capacity change from 0 to 128
[  826.713557][T24977] FAT-fs (loop6): error, corrupted directory (invalid i_start)
[  826.743101][T24977] FAT-fs (loop6): Filesystem has been set read-only
[  827.242410][T25002] fuse: Bad value for 'fd'
[  827.515209][T25010] loop7: detected capacity change from 0 to 4096
[  827.613950][T25010] ntfs3: loop7: ino=0, "file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" failed to parse mft record
[  827.738720][T25016] syz_tun: entered allmulticast mode
[  827.753402][T25015] syz_tun: left allmulticast mode
[  828.137203][T20227] usb 2-1: new high-speed USB device number 57 using dummy_hcd
[  828.336865][T20227] usb 2-1: Using ep0 maxpacket: 16
[  828.344696][T20227] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  828.355316][T20227] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  828.370474][T20227] usb 2-1: New USB device found, idVendor=0e8d, idProduct=00a7, bcdDevice=b5.31
[  828.379871][T20227] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  828.388090][T20227] usb 2-1: Product: syz
[  828.392469][T20227] usb 2-1: Manufacturer: syz
[  828.397431][T20227] usb 2-1: SerialNumber: syz
[  828.404015][T20227] usb 2-1: config 0 descriptor??
[  828.636677][T25021] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  828.649888][T25021] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  828.670562][   T27] usb 2-1: USB disconnect, device number 57
[  829.236750][   T27] usb 2-1: new full-speed USB device number 58 using dummy_hcd
[  829.462201][   T27] usb 2-1: config 0 has an invalid interface number: 229 but max is 0
[  829.471529][   T27] usb 2-1: config 0 has no interface number 0
[  829.483380][   T27] usb 2-1: config 0 interface 229 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  829.538758][   T27] usb 2-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=1f.38
[  829.548101][   T27] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  829.556097][   T27] usb 2-1: Product: syz
[  829.580449][   T27] usb 2-1: Manufacturer: syz
[  829.585323][   T27] usb 2-1: SerialNumber: syz
[  829.611968][   T27] usb 2-1: config 0 descriptor??
[  829.877707][   T27] usb 2-1: USB disconnect, device number 58
[  830.038058][T25061] loop7: detected capacity change from 0 to 64
[  830.047008][T25061] BFS-fs: bfs_fill_super(): loop7 is unclean, continuing
[  830.308585][T25064] loop6: detected capacity change from 0 to 4096
[  830.435176][T25064] ntfs3: loop6: ino=0, "file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" failed to parse mft record
[  831.098657][T25097] program syz.1.7297 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  831.502333][T25111] netdevsim netdevsim7 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  831.511364][T25111] netdevsim netdevsim7 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  831.520837][T25111] netdevsim netdevsim7 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  831.530100][T25111] netdevsim netdevsim7 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  831.547677][T25113] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7305'.
[  832.190061][T25121] loop7: detected capacity change from 0 to 32768
[  832.277202][   T28] kauditd_printk_skb: 10 callbacks suppressed
[  832.277216][   T28] audit: type=1800 audit(1772732469.056:292): pid=25121 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.7309" name="file1" dev="loop7" ino=7 res=0 errno=0
[  833.165539][T25156] fuse: Bad value for 'fd'
[  833.187278][T25156] 9pnet_fd: p9_fd_create_unix (25156): problem connecting socket: ./file0: -111
[  833.401670][T25168] netlink: 36 bytes leftover after parsing attributes in process `syz.7.7332'.
[  833.416840][T25168] netlink: 36 bytes leftover after parsing attributes in process `syz.7.7332'.
[  833.944181][T25185] nbd2: detected capacity change from 0 to 127
[  833.966260][   T51] block nbd2: Receive control failed (result -32)
[  833.989267][ T2698] block nbd2: Dead connection, failed to find a fallback
[  833.999915][ T2698] block nbd2: shutting down sockets
[  834.006078][ T2698] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  834.016641][ T2698] buffer_io_error: 9 callbacks suppressed
[  834.016654][ T2698] Buffer I/O error on dev nbd2, logical block 0, async page read
[  834.046802][ T2698] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x0 phys_seg 3 prio class 2
[  834.055944][ T2698] Buffer I/O error on dev nbd2, logical block 1, async page read
[  834.073783][ T2698] Buffer I/O error on dev nbd2, logical block 2, async page read
[  834.082507][ T2698] Buffer I/O error on dev nbd2, logical block 3, async page read
[  834.094802][ T2698] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 4 prio class 2
[  834.104315][ T2698] Buffer I/O error on dev nbd2, logical block 0, async page read
[  834.112222][ T2698] Buffer I/O error on dev nbd2, logical block 1, async page read
[  834.120148][ T2698] Buffer I/O error on dev nbd2, logical block 2, async page read
[  834.128153][ T2698] Buffer I/O error on dev nbd2, logical block 3, async page read
[  834.136760][ T2698] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 4 prio class 2
[  834.145842][ T2698] Buffer I/O error on dev nbd2, logical block 0, async page read
[  834.160539][ T2698] Buffer I/O error on dev nbd2, logical block 1, async page read
[  834.171456][T25189] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 4 prio class 2
[  834.182225][T25189] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 4 prio class 2
[  834.192405][T25189] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 4 prio class 2
[  834.202047][T25189] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  834.211846][T25189] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  834.221031][T25189] I/O error, dev nbd2, sector 4 op 0x0:(READ) flags 0x0 phys_seg 2 prio class 2
[  834.231046][T18325] ldm_validate_partition_table(): Disk read failed.
[  834.293930][T18325] Dev nbd2: unable to read RDB block 0
[  834.357476][T18325]  nbd2: unable to read partition table
[  834.409026][T18325] ldm_validate_partition_table(): Disk read failed.
[  834.429885][T18325] Dev nbd2: unable to read RDB block 0
[  834.448209][T18325]  nbd2: unable to read partition table
[  834.479244][T18325] ldm_validate_partition_table(): Disk read failed.
[  834.488345][T18325] Dev nbd2: unable to read RDB block 0
[  834.495656][T18325]  nbd2: unable to read partition table
[  834.508837][T18325] ldm_validate_partition_table(): Disk read failed.
[  834.520690][T18325] Dev nbd2: unable to read RDB block 0
[  834.528899][T18325]  nbd2: unable to read partition table
[  835.002040][T25214] loop6: detected capacity change from 0 to 256
[  835.029223][T25214] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xb5fb52fc, utbl_chksum : 0xe619d30d)
[  835.214946][T25221] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7357'.
[  835.287643][T25226] sch_tbf: peakrate 2147483647 is lower than or equals to rate 2831599472947593698 !
[  835.802919][T25250] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7370'.
[  836.411337][T25256] syz.1.7373 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  836.427198][T25271] loop7: detected capacity change from 0 to 512
[  836.451785][T25271] EXT4-fs: Ignoring removed nobh option
[  836.467354][T25271] EXT4-fs: Ignoring removed nobh option
[  836.476843][T25271] EXT4-fs: Ignoring removed i_version option
[  836.495341][T25271] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[  836.557782][T25271] EXT4-fs (loop7): 1 truncate cleaned up
[  836.564089][T25271] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  836.727358][T25271] EXT4-fs error (device loop7): ext4_nfs_get_inode:1552: inode #11: comm syz.7.7380: iget: bad extra_isize 46 (inode size 256)
[  836.870754][T22560] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  838.395045][T25323] netlink: 12 bytes leftover after parsing attributes in process `syz.7.7401'.
[  838.770770][T25335] loop7: detected capacity change from 0 to 2048
[  838.822486][T25335] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  838.901014][T25339] netlink: 'syz.6.7408': attribute type 4 has an invalid length.
[  840.019882][T25357] loop7: detected capacity change from 0 to 4096
[  840.088962][T25357] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  840.315887][T22560] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  840.568629][T25378] loop6: detected capacity change from 0 to 64
[  841.378907][T25401] loop6: detected capacity change from 0 to 64
[  841.421249][T25401] Trying to free block not in datazone
[  841.426847][T25401] Trying to free block not in datazone
[  841.434955][T25401] Trying to free block not in datazone
[  841.461134][T25401] Trying to free block not in datazone
[  841.476646][T25401] minix_free_inode: bit 5 already cleared
[  841.916906][T25417] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7445'.
[  842.643858][T25434] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  843.117560][T25454] netlink: 8 bytes leftover after parsing attributes in process `syz.6.7462'.
[  843.484249][T25467] IPVS: sync thread started: state = MASTER, mcast_ifn = hsr0, syncid = 1, id = 0
[  843.931389][T25480] loop7: detected capacity change from 0 to 512
[  843.963207][T25480] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  843.981612][T25482] option changes via remount are deprecated (pid=25481 comm=syz.2.7474)
[  844.013493][T25480] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  844.055743][T25480] ext4 filesystem being mounted at /225/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  844.203633][T22560] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  844.615426][T25507] loop7: detected capacity change from 0 to 1024
[  844.640482][T25508] input: syz0 as /devices/virtual/input/input68
[  844.732473][T25507] hfsplus: xattr search failed
[  844.859005][T25513] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7488'.
[  845.053765][   T51] Bluetooth: hci3: unexpected event for opcode 0x2029
[  845.091451][T25515] loop7: detected capacity change from 0 to 8192
[  845.160485][T25524] netlink: 16 bytes leftover after parsing attributes in process `syz.2.7492'.
[  845.475591][T25534] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  845.482152][T25534] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  845.834122][T25548] loop7: detected capacity change from 0 to 2048
[  845.865872][T25548] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  846.304209][T25560] 
[  846.306559][T25560] =====================================================
[  846.313465][T25560] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected
[  846.320919][T25560] syzkaller #0 Not tainted
[  846.325316][T25560] -----------------------------------------------------
[  846.332227][T25560] syz.1.7510/25560 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
[  846.339928][T25560] ffffffff8ce0a058 (tasklist_lock){.+.+}-{2:2}, at: send_sigio+0xf9/0x360
[  846.348449][T25560] 
[  846.348449][T25560] and this task is already holding:
[  846.355794][T25560] ffff88802e0d5a18 (&f->f_owner.lock){....}-{2:2}, at: send_sigio+0x33/0x360
[  846.364572][T25560] which would create a new lock dependency:
[  846.370449][T25560]  (&f->f_owner.lock){....}-{2:2} -> (tasklist_lock){.+.+}-{2:2}
[  846.378190][T25560] 
[  846.378190][T25560] but this new dependency connects a HARDIRQ-irq-safe lock:
[  846.387632][T25560]  (&dev->event_lock#2){-.-.}-{2:2}
[  846.387659][T25560] 
[  846.387659][T25560] ... which became HARDIRQ-irq-safe at:
[  846.400525][T25560]   lock_acquire+0x19e/0x420
[  846.405110][T25560]   _raw_spin_lock_irqsave+0xb4/0x100
[  846.410472][T25560]   input_event+0x7a/0xc0
[  846.414797][T25560]   psmouse_report_standard_packet+0x53/0x200
[  846.420888][T25560]   psmouse_process_byte+0x478/0x670
[  846.426165][T25560]   psmouse_handle_byte+0x43/0x490
[  846.431268][T25560]   ps2_interrupt+0x164/0x980
[  846.435940][T25560]   serio_interrupt+0x8b/0x130
[  846.440696][T25560]   i8042_interrupt+0x385/0x710
[  846.445532][T25560]   __handle_irq_event_percpu+0x271/0x940
[  846.451244][T25560]   handle_irq_event+0x8b/0x1e0
[  846.456087][T25560]   handle_edge_irq+0x247/0xb30
[  846.460937][T25560]   __common_interrupt+0x13b/0x230
[  846.466049][T25560]   common_interrupt+0xb4/0xd0
[  846.470809][T25560]   asm_common_interrupt+0x26/0x40
[  846.475912][T25560]   pv_native_safe_halt+0xf/0x10
[  846.480838][T25560]   default_idle+0x13/0x20
[  846.485243][T25560]   default_idle_call+0x6c/0xa0
[  846.490082][T25560]   do_idle+0x1f0/0x4e0
[  846.494230][T25560]   cpu_startup_entry+0x43/0x60
[  846.499070][T25560]   start_secondary+0xee/0xf0
[  846.503739][T25560]   secondary_startup_64_no_verify+0x179/0x17b
[  846.509886][T25560] 
[  846.509886][T25560] to a HARDIRQ-irq-unsafe lock:
[  846.516890][T25560]  (tasklist_lock){.+.+}-{2:2}
[  846.516915][T25560] 
[  846.516915][T25560] ... which became HARDIRQ-irq-unsafe at:
[  846.529519][T25560] ...
[  846.529526][T25560]   lock_acquire+0x19e/0x420
[  846.536673][T25560]   _raw_read_lock+0x36/0x50
[  846.541253][T25560]   do_wait+0x294/0xae0
[  846.545401][T25560]   kernel_wait+0xd7/0x1c0
[  846.549819][T25560]   call_usermodehelper_exec_work+0xb9/0x220
[  846.555792][T25560]   process_scheduled_works+0xa5d/0x15d0
[  846.561420][T25560]   worker_thread+0xa55/0xfc0
[  846.566093][T25560]   kthread+0x2fa/0x390
[  846.570242][T25560]   ret_from_fork+0x48/0x80
[  846.574753][T25560]   ret_from_fork_asm+0x11/0x20
[  846.579623][T25560] 
[  846.579623][T25560] other info that might help us debug this:
[  846.579623][T25560] 
[  846.589850][T25560] Chain exists of:
[  846.589850][T25560]   &dev->event_lock#2 --> &f->f_owner.lock --> tasklist_lock
[  846.589850][T25560] 
[  846.603068][T25560]  Possible interrupt unsafe locking scenario:
[  846.603068][T25560] 
[  846.611383][T25560]        CPU0                    CPU1
[  846.616736][T25560]        ----                    ----
[  846.622175][T25560]   lock(tasklist_lock);
[  846.626411][T25560]                                local_irq_disable();
[  846.633153][T25560]                                lock(&dev->event_lock#2);
[  846.640351][T25560]                                lock(&f->f_owner.lock);
[  846.647366][T25560]   <Interrupt>
[  846.650806][T25560]     lock(&dev->event_lock#2);
[  846.655654][T25560] 
[  846.655654][T25560]  *** DEADLOCK ***
[  846.655654][T25560] 
[  846.663796][T25560] 5 locks held by syz.1.7510/25560:
[  846.668984][T25560]  #0: ffff88805c868418 (sb_writers#5){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[  846.678134][T25560]  #1: ffff888064c59730 (&type->i_mutex_dir_key#5){++++}-{3:3}, at: path_openat+0x7dc/0x3230
[  846.688315][T25560]  #2: ffffffff97336a10 (&fsnotify_mark_srcu){.+.+}-{0:0}, at: fsnotify+0x513/0x17c0
[  846.697796][T25560]  #3: ffff888057f7f100 (&mark->lock){+.+.}-{2:2}, at: dnotify_handle_event+0x62/0x420
[  846.707459][T25560]  #4: ffff88802e0d5a18 (&f->f_owner.lock){....}-{2:2}, at: send_sigio+0x33/0x360
[  846.716697][T25560] 
[  846.716697][T25560] the dependencies between HARDIRQ-irq-safe lock and the holding lock:
[  846.727092][T25560]    -> (&dev->event_lock#2){-.-.}-{2:2} {
[  846.732912][T25560]       IN-HARDIRQ-W at:
[  846.737147][T25560]                           lock_acquire+0x19e/0x420
[  846.743821][T25560]                           _raw_spin_lock_irqsave+0xb4/0x100
[  846.751266][T25560]                           input_event+0x7a/0xc0
[  846.757669][T25560]                           psmouse_report_standard_packet+0x53/0x200
[  846.765826][T25560]                           psmouse_process_byte+0x478/0x670
[  846.773203][T25560]                           psmouse_handle_byte+0x43/0x490
[  846.780424][T25560]                           ps2_interrupt+0x164/0x980
[  846.787183][T25560]                           serio_interrupt+0x8b/0x130
[  846.794015][T25560]                           i8042_interrupt+0x385/0x710
[  846.800940][T25560]                           __handle_irq_event_percpu+0x271/0x940
[  846.808748][T25560]                           handle_irq_event+0x8b/0x1e0
[  846.815672][T25560]                           handle_edge_irq+0x247/0xb30
[  846.822596][T25560]                           __common_interrupt+0x13b/0x230
[  846.829783][T25560]                           common_interrupt+0xb4/0xd0
[  846.836618][T25560]                           asm_common_interrupt+0x26/0x40
[  846.843802][T25560]                           pv_native_safe_halt+0xf/0x10
[  846.850809][T25560]                           default_idle+0x13/0x20
[  846.857298][T25560]                           default_idle_call+0x6c/0xa0
[  846.864221][T25560]                           do_idle+0x1f0/0x4e0
[  846.870453][T25560]                           cpu_startup_entry+0x43/0x60
[  846.877389][T25560]                           start_secondary+0xee/0xf0
[  846.884141][T25560]                           secondary_startup_64_no_verify+0x179/0x17b
[  846.892369][T25560]       IN-SOFTIRQ-W at:
[  846.896601][T25560]                           lock_acquire+0x19e/0x420
[  846.903265][T25560]                           _raw_spin_lock_irqsave+0xb4/0x100
[  846.910718][T25560]                           input_inject_event+0xab/0x320
[  846.917818][T25560]                           led_trigger_event+0x133/0x210
[  846.924917][T25560]                           kbd_bh+0x1c0/0x2d0
[  846.931063][T25560]                           tasklet_action_common+0x302/0x4d0
[  846.938509][T25560]                           handle_softirqs+0x280/0x820
[  846.945427][T25560]                           run_ksoftirqd+0xa8/0x100
[  846.952087][T25560]                           smpboot_thread_fn+0x635/0xa00
[  846.959190][T25560]                           kthread+0x2fa/0x390
[  846.965417][T25560]                           ret_from_fork+0x48/0x80
[  846.972081][T25560]                           ret_from_fork_asm+0x11/0x20
[  846.979007][T25560]       INITIAL USE at:
[  846.983149][T25560]                          lock_acquire+0x19e/0x420
[  846.989733][T25560]                          _raw_spin_lock_irqsave+0xb4/0x100
[  846.997092][T25560]                          input_inject_event+0xab/0x320
[  847.004109][T25560]                          led_trigger_event+0x133/0x210
[  847.011121][T25560]                          kbd_led_trigger_activate+0xbd/0x100
[  847.018656][T25560]                          led_trigger_set+0x52c/0x950
[  847.025509][T25560]                          led_trigger_set_default+0x1a0/0x1e0
[  847.033039][T25560]                          led_classdev_register_ext+0x733/0x9b0
[  847.040743][T25560]                          input_leds_connect+0x4eb/0x6b0
[  847.047837][T25560]                          input_register_device+0xcdc/0x1070
[  847.055293][T25560]                          atkbd_connect+0x70a/0x9b0
[  847.061958][T25560]                          serio_driver_probe+0x7a/0xa0
[  847.068887][T25560]                          really_probe+0x25b/0xb20
[  847.075466][T25560]                          __driver_probe_device+0x18c/0x330
[  847.082821][T25560]                          driver_probe_device+0x4f/0x420
[  847.089917][T25560]                          __driver_attach+0x44e/0x6e0
[  847.096760][T25560]                          bus_for_each_dev+0x235/0x2b0
[  847.103687][T25560]                          serio_handle_event+0x1a2/0x860
[  847.110871][T25560]                          process_scheduled_works+0xa5d/0x15d0
[  847.118493][T25560]                          worker_thread+0xa55/0xfc0
[  847.125157][T25560]                          kthread+0x2fa/0x390
[  847.131299][T25560]                          ret_from_fork+0x48/0x80
[  847.137875][T25560]                          ret_from_fork_asm+0x11/0x20
[  847.144716][T25560]     }
[  847.147464][T25560]     ... key      at: [<ffffffff9762ca80>] input_allocate_device.__key.5+0x0/0x20
[  847.156740][T25560]   -> (&client->buffer_lock){....}-{2:2} {
[  847.162754][T25560]      INITIAL USE at:
[  847.166822][T25560]                        lock_acquire+0x19e/0x420
[  847.173235][T25560]                        _raw_spin_lock_irq+0xaf/0xf0
[  847.179993][T25560]                        evdev_read+0x377/0xba0
[  847.186228][T25560]                        do_iter_read+0x4fa/0xc90
[  847.192635][T25560]                        do_readv+0x264/0x460
[  847.198694][T25560]                        do_syscall_64+0x55/0xa0
[  847.205020][T25560]                        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  847.212833][T25560]    }
[  847.215496][T25560]    ... key      at: [<ffffffff9762cd20>] evdev_open.__key.28+0x0/0x20
[  847.223825][T25560]    ... acquired at:
[  847.227787][T25560]    _raw_spin_lock+0x2e/0x40
[  847.232451][T25560]    evdev_pass_values+0xcb/0xab0
[  847.237465][T25560]    evdev_events+0x1d8/0x330
[  847.242127][T25560]    input_pass_values+0x905/0x12f0
[  847.247350][T25560]    input_event_dispose+0x346/0x6c0
[  847.252627][T25560]    input_inject_event+0x1f9/0x320
[  847.257840][T25560]    evdev_write+0x35f/0x490
[  847.262419][T25560]    vfs_write+0x296/0x990
[  847.266823][T25560]    ksys_write+0x150/0x260
[  847.271401][T25560]    do_syscall_64+0x55/0xa0
[  847.275982][T25560]    entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  847.282041][T25560] 
[  847.284350][T25560]  -> (&new->fa_lock){....}-{2:2} {
[  847.289561][T25560]     INITIAL USE at:
[  847.293530][T25560]                      lock_acquire+0x19e/0x420
[  847.299851][T25560]                      _raw_write_lock_irq+0xaf/0xf0
[  847.306520][T25560]                      fasync_remove_entry+0xf4/0x1c0
[  847.313279][T25560]                      tty_fasync+0xfb/0x340
[  847.319256][T25560]                      __fput+0x7f3/0x970
[  847.324962][T25560]                      task_work_run+0x1d4/0x260
[  847.331281][T25560]                      exit_to_user_mode_loop+0xe6/0x110
[  847.338292][T25560]                      exit_to_user_mode_prepare+0xee/0x180
[  847.345564][T25560]                      syscall_exit_to_user_mode+0x1a/0x50
[  847.352758][T25560]                      do_syscall_64+0x61/0xa0
[  847.358907][T25560]                      entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  847.366530][T25560]     INITIAL READ USE at:
[  847.370939][T25560]                           lock_acquire+0x19e/0x420
[  847.377605][T25560]                           _raw_read_lock_irqsave+0xbc/0x100
[  847.385063][T25560]                           kill_fasync+0x192/0x4b0
[  847.391641][T25560]                           n_tty_receive_buf_common+0x99e/0x12d0
[  847.399441][T25560]                           tiocsti+0x221/0x2a0
[  847.405675][T25560]                           tty_ioctl+0x62e/0xdd0
[  847.412087][T25560]                           __se_sys_ioctl+0xfd/0x170
[  847.418840][T25560]                           do_syscall_64+0x55/0xa0
[  847.425419][T25560]                           entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  847.433471][T25560]   }
[  847.436041][T25560]   ... key      at: [<ffffffff97333b20>] fasync_insert_entry.__key+0x0/0x20
[  847.444797][T25560]   ... acquired at:
[  847.448670][T25560]    _raw_read_lock_irqsave+0xbc/0x100
[  847.454122][T25560]    kill_fasync+0x192/0x4b0
[  847.458705][T25560]    evdev_pass_values+0x54b/0xab0
[  847.463815][T25560]    evdev_events+0x1d8/0x330
[  847.468475][T25560]    input_pass_values+0x905/0x12f0
[  847.473660][T25560]    input_event_dispose+0x346/0x6c0
[  847.478938][T25560]    input_inject_event+0x1f9/0x320
[  847.484133][T25560]    evdev_write+0x35f/0x490
[  847.488715][T25560]    vfs_write+0x296/0x990
[  847.493122][T25560]    ksys_write+0x150/0x260
[  847.497625][T25560]    do_syscall_64+0x55/0xa0
[  847.502210][T25560]    entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  847.508267][T25560] 
[  847.510574][T25560] -> (&f->f_owner.lock){....}-{2:2} {
[  847.515949][T25560]    INITIAL USE at:
[  847.519835][T25560]                    lock_acquire+0x19e/0x420
[  847.525894][T25560]                    _raw_write_lock_irq+0xaf/0xf0
[  847.532384][T25560]                    __f_setown+0x3b/0x330
[  847.538176][T25560]                    tty_fasync+0x258/0x340
[  847.544060][T25560]                    do_vfs_ioctl+0x1284/0x1cc0
[  847.550291][T25560]                    __se_sys_ioctl+0x83/0x170
[  847.556439][T25560]                    do_syscall_64+0x55/0xa0
[  847.562418][T25560]                    entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  847.569874][T25560]    INITIAL READ USE at:
[  847.574188][T25560]                         lock_acquire+0x19e/0x420
[  847.580691][T25560]                         _raw_read_lock_irqsave+0xbc/0x100
[  847.587965][T25560]                         send_sigio+0x33/0x360
[  847.594205][T25560]                         kill_fasync+0x228/0x4b0
[  847.600608][T25560]                         n_tty_receive_buf_common+0x99e/0x12d0
[  847.608232][T25560]                         tiocsti+0x221/0x2a0
[  847.614289][T25560]                         tty_ioctl+0x62e/0xdd0
[  847.620522][T25560]                         __se_sys_ioctl+0xfd/0x170
[  847.627101][T25560]                         do_syscall_64+0x55/0xa0
[  847.633518][T25560]                         entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  847.641402][T25560]  }
[  847.643892][T25560]  ... key      at: [<ffffffff97332ea0>] init_file.__key+0x0/0x20
[  847.651695][T25560]  ... acquired at:
[  847.655485][T25560]    _raw_read_lock_irqsave+0xbc/0x100
[  847.660933][T25560]    send_sigio+0x33/0x360
[  847.665341][T25560]    kill_fasync+0x228/0x4b0
[  847.669920][T25560]    n_tty_receive_buf_common+0x99e/0x12d0
[  847.675724][T25560]    tiocsti+0x221/0x2a0
[  847.679956][T25560]    tty_ioctl+0x62e/0xdd0
[  847.684370][T25560]    __se_sys_ioctl+0xfd/0x170
[  847.689123][T25560]    do_syscall_64+0x55/0xa0
[  847.693718][T25560]    entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  847.699778][T25560] 
[  847.702089][T25560] 
[  847.702089][T25560] the dependencies between the lock to be acquired
[  847.702097][T25560]  and HARDIRQ-irq-unsafe lock:
[  847.715595][T25560] -> (tasklist_lock){.+.+}-{2:2} {
[  847.720713][T25560]    HARDIRQ-ON-R at:
[  847.724686][T25560]                     lock_acquire+0x19e/0x420
[  847.730851][T25560]                     _raw_read_lock+0x36/0x50
[  847.737805][T25560]                     do_wait+0x294/0xae0
[  847.744079][T25560]                     kernel_wait+0xd7/0x1c0
[  847.750517][T25560]                     call_usermodehelper_exec_work+0xb9/0x220
[  847.758072][T25560]                     process_scheduled_works+0xa5d/0x15d0
[  847.765260][T25560]                     worker_thread+0xa55/0xfc0
[  847.771488][T25560]                     kthread+0x2fa/0x390
[  847.777193][T25560]                     ret_from_fork+0x48/0x80
[  847.783280][T25560]                     ret_from_fork_asm+0x11/0x20
[  847.789705][T25560]    SOFTIRQ-ON-R at:
[  847.793695][T25560]                     lock_acquire+0x19e/0x420
[  847.799863][T25560]                     _raw_read_lock+0x36/0x50
[  847.806017][T25560]                     do_wait+0x294/0xae0
[  847.811820][T25560]                     kernel_wait+0xd7/0x1c0
[  847.817798][T25560]                     call_usermodehelper_exec_work+0xb9/0x220
[  847.825338][T25560]                     process_scheduled_works+0xa5d/0x15d0
[  847.832526][T25560]                     worker_thread+0xa55/0xfc0
[  847.838764][T25560]                     kthread+0x2fa/0x390
[  847.844474][T25560]                     ret_from_fork+0x48/0x80
[  847.850532][T25560]                     ret_from_fork_asm+0x11/0x20
[  847.856940][T25560]    INITIAL USE at:
[  847.860826][T25560]                    lock_acquire+0x19e/0x420
[  847.866883][T25560]                    _raw_write_lock_irq+0xaf/0xf0
[  847.873378][T25560]                    copy_process+0x2275/0x3d80
[  847.879612][T25560]                    kernel_clone+0x24b/0x8a0
[  847.885680][T25560]                    user_mode_thread+0x111/0x180
[  847.892085][T25560]                    rest_init+0x27/0x300
[  847.897798][T25560]                    arch_call_rest_init+0xe/0x10
[  847.904208][T25560]                    start_kernel+0x459/0x4e0
[  847.910272][T25560]                    x86_64_start_reservations+0x2a/0x30
[  847.917288][T25560]                    copy_bootdata+0x0/0xe0
[  847.923170][T25560]                    secondary_startup_64_no_verify+0x179/0x17b
[  847.930793][T25560]    INITIAL READ USE at:
[  847.935109][T25560]                         lock_acquire+0x19e/0x420
[  847.941602][T25560]                         _raw_read_lock+0x36/0x50
[  847.948101][T25560]                         do_wait+0x294/0xae0
[  847.954164][T25560]                         kernel_wait+0xd7/0x1c0
[  847.960482][T25560]                         call_usermodehelper_exec_work+0xb9/0x220
[  847.968369][T25560]                         process_scheduled_works+0xa5d/0x15d0
[  847.975908][T25560]                         worker_thread+0xa55/0xfc0
[  847.982488][T25560]                         kthread+0x2fa/0x390
[  847.988544][T25560]                         ret_from_fork+0x48/0x80
[  847.994949][T25560]                         ret_from_fork_asm+0x11/0x20
[  848.001708][T25560]  }
[  848.004199][T25560]  ... key      at: [<ffffffff8ce0a058>] tasklist_lock+0x18/0x40
[  848.011909][T25560]  ... acquired at:
[  848.015706][T25560]    _raw_read_lock+0x36/0x50
[  848.020377][T25560]    send_sigio+0xf9/0x360
[  848.024787][T25560]    dnotify_handle_event+0x153/0x420
[  848.030155][T25560]    fsnotify+0x148b/0x17c0
[  848.034647][T25560]    path_openat+0x149d/0x3230
[  848.039402][T25560]    do_filp_open+0x1f5/0x430
[  848.044065][T25560]    do_sys_openat2+0x134/0x1d0
[  848.048907][T25560]    __x64_sys_openat+0x139/0x160
[  848.053927][T25560]    do_syscall_64+0x55/0xa0
[  848.058513][T25560]    entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  848.064576][T25560] 
[  848.066886][T25560] 
[  848.066886][T25560] stack backtrace:
[  848.072760][T25560] CPU: 1 PID: 25560 Comm: syz.1.7510 Not tainted syzkaller #0
[  848.080203][T25560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  848.090249][T25560] Call Trace:
[  848.093521][T25560]  <TASK>
[  848.096442][T25560]  dump_stack_lvl+0x18c/0x250
[  848.101120][T25560]  ? load_image+0x400/0x400
[  848.105619][T25560]  ? show_regs_print_info+0x20/0x20
[  848.110814][T25560]  ? load_image+0x400/0x400
[  848.115316][T25560]  ? print_shortest_lock_dependencies+0xf4/0x160
[  848.121641][T25560]  __lock_acquire+0x6851/0x7d40
[  848.126495][T25560]  ? verify_lock_unused+0x140/0x140
[  848.131696][T25560]  lock_acquire+0x19e/0x420
[  848.136228][T25560]  ? send_sigio+0xf9/0x360
[  848.140641][T25560]  ? read_lock_is_recursive+0x20/0x20
[  848.146005][T25560]  ? do_raw_read_lock+0x3d/0x90
[  848.150850][T25560]  ? _raw_read_lock_irqsave+0xc8/0x100
[  848.156305][T25560]  ? _raw_read_lock+0x50/0x50
[  848.160976][T25560]  ? do_raw_spin_lock+0x11f/0x2c0
[  848.165997][T25560]  _raw_read_lock+0x36/0x50
[  848.170492][T25560]  ? send_sigio+0xf9/0x360
[  848.174899][T25560]  send_sigio+0xf9/0x360
[  848.179136][T25560]  dnotify_handle_event+0x153/0x420
[  848.184331][T25560]  fsnotify+0x148b/0x17c0
[  848.188657][T25560]  ? fsnotify+0x513/0x17c0
[  848.193063][T25560]  ? fsnotify_clear_child_dentry_flag+0xe0/0xe0
[  848.199302][T25560]  ? _raw_spin_unlock+0x28/0x40
[  848.204149][T25560]  ? shmem_mknod+0x1b3/0x1d0
[  848.208742][T25560]  path_openat+0x149d/0x3230
[  848.213339][T25560]  ? do_filp_open+0x430/0x430
[  848.218010][T25560]  ? __virt_addr_valid+0x18c/0x540
[  848.223118][T25560]  do_filp_open+0x1f5/0x430
[  848.227617][T25560]  ? vfs_tmpfile+0x490/0x490
[  848.232211][T25560]  ? _raw_spin_unlock+0x28/0x40
[  848.237055][T25560]  ? alloc_fd+0x58f/0x630
[  848.241379][T25560]  do_sys_openat2+0x134/0x1d0
[  848.246049][T25560]  ? do_sys_open+0xe0/0xe0
[  848.250461][T25560]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  848.256436][T25560]  ? lock_chain_count+0x20/0x20
[  848.261289][T25560]  __x64_sys_openat+0x139/0x160
[  848.266135][T25560]  do_syscall_64+0x55/0xa0
[  848.270546][T25560]  ? clear_bhb_loop+0x40/0x90
[  848.275217][T25560]  ? clear_bhb_loop+0x40/0x90
[  848.279885][T25560]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  848.285793][T25560] RIP: 0033:0x7f4fb219c799
[  848.290221][T25560] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  848.309829][T25560] RSP: 002b:00007f4fb304d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  848.318242][T25560] RAX: ffffffffffffffda RBX: 00007f4fb2415fa0 RCX: 00007f4fb219c799
[  848.326207][T25560] RDX: 000000000000275a RSI: 0000200000000000 RDI: ffffffffffffff9c
[  848.334169][T25560] RBP: 00007f4fb2232bd9 R08: 0000000000000000 R09: 0000000000000000
[  848.342132][T25560] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  848.350095][T25560] R13: 00007f4fb2416038 R14: 00007f4fb2415fa0 R15: 00007ffdc77468e8
[  848.358070][T25560]  </TASK>
[  849.056569][   T51] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  849.064881][   T51] Bluetooth: hci3: Injecting HCI hardware error event
[  849.072183][ T5773] Bluetooth: hci3: hardware error 0x00
[  851.146586][ T5773] Bluetooth: hci3: Opcode 0x0c03 failed: -110