last executing test programs:

11m57.93767907s ago: executing program 0 (id=275):
r0 = add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$search(0xa, r0, &(0x7f0000000140)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, r0)

11m57.791685393s ago: executing program 0 (id=278):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000280), 0x0)
socket$tipc(0x1e, 0x5, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$tipc(0x1e, 0x2, 0x0)
add_key(&(0x7f0000000040)='ceph\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd)
getsockopt$inet6_mptcp_buf(0xffffffffffffffff, 0x11c, 0x1, &(0x7f00000003c0)=""/204, &(0x7f0000000000)=0xcc)
setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x2}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000380), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x30, r7, 0x1, 0xfffffffc, 0x0, {{}, {}, {0x14, 0x19, {0x1, 0x1, 0x0, 0x6472333a}}}}, 0x1}}, 0x20000810)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000010c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x460, 0x280, 0x268, 0x300, 0x280, 0x268, 0x390, 0x460, 0x460, 0x390, 0x460, 0x9, 0x0, {[{{@uncond, 0x0, 0x240, 0x280, 0x0, {0x9401}, [@common=@inet=@hashlimit2={{0x150}, {'hsr0\x00', {0x0, 0xb, 0x0, 0x3, 0x0, 0x5, 0x9}}}, @common=@unspec=@limit={{0x48}, {0xfff, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x2}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x8, 0x21, "6bb6778f9bdec125b0fb4f26be757b1e6f2fb8e9079627dc6726c4bc85e9"}}}, {{@ipv6={@private2, @remote, [], [], 'ip6gretap0\x00', 'ip6_vti0\x00'}, 0x0, 0xa8, 0x110}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x511)
syz_open_dev$cec(&(0x7f0000000080), 0x0, 0x4802)
syz_emit_ethernet(0x56, &(0x7f0000000000)={@local, @broadcast, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "b81923", 0x20, 0x0, 0x0, @local, @local, {[@dstopts={0x0, 0x3, '\x00', [@generic={0x31, 0x16, "461e964f8380d23437be1692529d83e1698fd412231c"}]}]}}}}}, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup.cpu/cgroup.procs\x00', 0xa00, 0x1c2)
r8 = openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000000)='devices.allow\x00', 0x2, 0x0)
close(r8)

11m56.67620796s ago: executing program 0 (id=281):
r0 = socket$rxrpc(0x21, 0x2, 0xa)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r3 = syz_open_dev$media(&(0x7f0000000080), 0x10001, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r3, 0x80047c05, 0x0)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$xdp(0x2c, 0x3, 0x0)
pselect6(0x0, 0x0, 0x0, &(0x7f00000002c0)={0x3fe, 0x5, 0x3, 0x9, 0x8, 0x45ff, 0x7ffffffc, 0x40000000000}, 0x0, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x11)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bind$rxrpc(r0, &(0x7f0000000000)=@in6={0x21, 0x2, 0x2, 0x1c, {0xa, 0x4e23, 0x100, @private1={0xfc, 0x1, '\x00', 0x1}, 0xffffffff}}, 0x24)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0})
io_uring_enter(0xffffffffffffffff, 0x3516, 0x0, 0x0, 0x0, 0x0)

11m55.187480443s ago: executing program 0 (id=282):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, 0x0, 0x0)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0)=0x1, 0x4)
shutdown(r0, 0x1)

11m54.592257762s ago: executing program 0 (id=287):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000280)={0x3})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001400)=ANY=[], 0x18}}, 0x20000000)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000500)="b8010000000f01c10f22a10f20e035800000000f22e066ba610066b80a0066ef66b832000f00d0b8010000000f01c166ba4300b0beee0f793c1e2e643e2e3e650f79288fc878c15b0e3f", 0x4a}], 0x1, 0x21, 0x0, 0x0)
ioctl$KVM_GET_VCPU_EVENTS(0xffffffffffffffff, 0x8040ae9f, &(0x7f0000000100))
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

11m52.027665671s ago: executing program 0 (id=292):
sendmsg$NFT_MSG_GETFLOWTABLE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="14000000170a018859f822340177a0942cdc01000000000000000000000006ebe5d09fd9a7731ec389ac24f755126bfd514e572052dfc126613030b622d5a68e6c0f278deb71cbfd640f633ff71653eea9726e0fbe9269c138b1299a6e1a01bc8d3165bc71c0a07d26946c5e1c2cdc5f7731533856d6c56afe93f584302342b0d80c386c1b1b1bd371"], 0x14}, 0x1, 0x0, 0x0, 0x20000005}, 0x4000000)
syz_open_dev$audion(&(0x7f0000000000), 0x0, 0x230200)
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f0000000580)=ANY=[@ANYBLOB="ee61d15b176da8ea8abe33a2ac1a58bde11db6411b4864916c5ac483163a894aaee52e9e377fc5bab5055d789da66a7a70863f889aad1335f04ee4450038b9778f4d5ec530dd982feea0da048265c0ac677634f7f8a03936495e01ad2391429afd94e82dd69e1e130ee96890732fd2607f206484a26cd5fb3c25cedbf3e614e91913ecc6cb885d6634e642a4663fb173c97df34d038205965db55ba937f12ef8ec0905e1cd0aae11db41a3046e273aeecf2fe24cbdb77f0b7aaf43983b50874a6dd6bf1a1b37c155a4d520a4f14573abd041057b027c698396e651d92fa6"], &(0x7f0000000380)='syzkaller\x00', 0xfffffffd, 0x0, 0x0, 0x41100, 0x27, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r2}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x0, 0x31, 0xffffffffffffffff, 0xbe55d000)
syz_open_dev$usbfs(0x0, 0x76, 0x101b01)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x400000001, &(0x7f0000000300)={<r5=>0xffffffffffffffff}, 0x13f, 0x9}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x0, @loopback}, {0xa, 0x0, 0xfffffffe, @empty}, r5}}, 0x48)
write$RDMA_USER_CM_CMD_QUERY(r1, &(0x7f0000000040)={0x13, 0x10, 0xfa00, {&(0x7f0000000780), r5, 0x2}}, 0x18)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000002c0)=[0x0], 0x0, 0x0, 0x0, 0x1})
openat$null(0xffffffffffffff9c, &(0x7f00000000c0), 0x101001, 0x0)
syz_open_dev$cec(&(0x7f0000000200), 0x0, 0x100)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, 0x0, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a20000000000a03000000000000000000070000000900010073797a300000000050000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021140011800c000100636f756e74657200040002806c0000000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000400003803c000080080003400000000230000b802c0001800a0001006c696d69740000001c0002800c00024000000000000000000c0001400000000000000009140000001000010000000000000084000a000000"], 0x104}, 0x1, 0x0, 0x0, 0x4040054}, 0x0)

11m36.483782098s ago: executing program 32 (id=292):
sendmsg$NFT_MSG_GETFLOWTABLE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="14000000170a018859f822340177a0942cdc01000000000000000000000006ebe5d09fd9a7731ec389ac24f755126bfd514e572052dfc126613030b622d5a68e6c0f278deb71cbfd640f633ff71653eea9726e0fbe9269c138b1299a6e1a01bc8d3165bc71c0a07d26946c5e1c2cdc5f7731533856d6c56afe93f584302342b0d80c386c1b1b1bd371"], 0x14}, 0x1, 0x0, 0x0, 0x20000005}, 0x4000000)
syz_open_dev$audion(&(0x7f0000000000), 0x0, 0x230200)
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f0000000580)=ANY=[@ANYBLOB="ee61d15b176da8ea8abe33a2ac1a58bde11db6411b4864916c5ac483163a894aaee52e9e377fc5bab5055d789da66a7a70863f889aad1335f04ee4450038b9778f4d5ec530dd982feea0da048265c0ac677634f7f8a03936495e01ad2391429afd94e82dd69e1e130ee96890732fd2607f206484a26cd5fb3c25cedbf3e614e91913ecc6cb885d6634e642a4663fb173c97df34d038205965db55ba937f12ef8ec0905e1cd0aae11db41a3046e273aeecf2fe24cbdb77f0b7aaf43983b50874a6dd6bf1a1b37c155a4d520a4f14573abd041057b027c698396e651d92fa6"], &(0x7f0000000380)='syzkaller\x00', 0xfffffffd, 0x0, 0x0, 0x41100, 0x27, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r2}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x0, 0x31, 0xffffffffffffffff, 0xbe55d000)
syz_open_dev$usbfs(0x0, 0x76, 0x101b01)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x400000001, &(0x7f0000000300)={<r5=>0xffffffffffffffff}, 0x13f, 0x9}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x0, @loopback}, {0xa, 0x0, 0xfffffffe, @empty}, r5}}, 0x48)
write$RDMA_USER_CM_CMD_QUERY(r1, &(0x7f0000000040)={0x13, 0x10, 0xfa00, {&(0x7f0000000780), r5, 0x2}}, 0x18)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000002c0)=[0x0], 0x0, 0x0, 0x0, 0x1})
openat$null(0xffffffffffffff9c, &(0x7f00000000c0), 0x101001, 0x0)
syz_open_dev$cec(&(0x7f0000000200), 0x0, 0x100)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, 0x0, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a20000000000a03000000000000000000070000000900010073797a300000000050000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021140011800c000100636f756e74657200040002806c0000000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000400003803c000080080003400000000230000b802c0001800a0001006c696d69740000001c0002800c00024000000000000000000c0001400000000000000009140000001000010000000000000084000a000000"], 0x104}, 0x1, 0x0, 0x0, 0x4040054}, 0x0)

6m4.308136429s ago: executing program 3 (id=1051):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="180100"/13], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
io_uring_register$IORING_REGISTER_SYNC_CANCEL(0xffffffffffffffff, 0x18, 0x0, 0x1)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x6, 0x6, 0x5}, 0x48)
ioctl$KVM_SET_NESTED_STATE(0xffffffffffffffff, 0x4080aebf, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={0x0}, 0x18)
clock_getres(0xfffffffffffffffd, 0x0)
getdents(0xffffffffffffffff, &(0x7f0000001fc0)=""/184, 0xb8)
r4 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$search(0xa, r4, &(0x7f0000000140)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, r4)

6m3.249470535s ago: executing program 3 (id=1053):
sendmsg$NFT_MSG_GETFLOWTABLE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="14000000170a018859f822340177a0942cdc01000000000000000000000006ebe5d09fd9a7731ec389ac24f755126bfd514e572052dfc126613030b622d5a68e6c0f278deb71cbfd640f633ff71653eea9726e0fbe9269c138b1299a6e1a01bc8d3165bc71c0a07d26946c5e1c2cdc5f7731533856d6c56afe93f584302342b0d80c386c1b1b1bd371"], 0x14}, 0x1, 0x0, 0x0, 0x20000005}, 0x4000000)
syz_open_dev$audion(&(0x7f0000000000), 0x0, 0x230200)
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f0000000580)=ANY=[@ANYBLOB="ee61d15b176da8ea8abe33a2ac1a58bde11db6411b4864916c5ac483163a894aaee52e9e377fc5bab5055d789da66a7a70863f889aad1335f04ee4450038b9778f4d5ec530dd982feea0da048265c0ac677634f7f8a03936495e01ad2391429afd94e82dd69e1e130ee96890732fd2607f206484a26cd5fb3c25cedbf3e614e91913ecc6cb885d6634e642a4663fb173c97df34d038205965db55ba937f12ef8ec0905e1cd0aae11db41a3046e273aeecf2fe24cbdb77f0b7aaf43983b50874a6dd6bf1a1b37c155a4d520a4f14573abd0"], &(0x7f0000000380)='syzkaller\x00', 0xfffffffd, 0x0, 0x0, 0x41100, 0x27, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r1}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_open_dev$usbfs(0x0, 0x76, 0x101b01)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x400000001, &(0x7f0000000300)={<r5=>0xffffffffffffffff}, 0x13f, 0x9}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x0, @loopback}, {0xa, 0x0, 0xfffffffe, @empty}, r5}}, 0x48)
write$RDMA_USER_CM_CMD_QUERY(r0, &(0x7f0000000040)={0x13, 0x10, 0xfa00, {&(0x7f0000000780), r5, 0x2}}, 0x18)

6m2.076001733s ago: executing program 3 (id=1055):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000280), 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$tipc(0x1e, 0x2, 0x0)
add_key(&(0x7f0000000040)='ceph\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd)
getsockopt$inet6_mptcp_buf(0xffffffffffffffff, 0x11c, 0x1, &(0x7f00000003c0)=""/204, &(0x7f0000000000)=0xcc)
setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x2}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x30, 0x0, 0x1, 0xfffffffc, 0x0, {{}, {}, {0x14, 0x19, {0x1, 0x1, 0x0, 0x6472333a}}}}, 0x1}}, 0x20000810)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000010c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x460, 0x280, 0x268, 0x300, 0x280, 0x268, 0x390, 0x460, 0x460, 0x390, 0x460, 0x9, 0x0, {[{{@uncond, 0x0, 0x240, 0x280, 0x0, {0x9401}, [@common=@inet=@hashlimit2={{0x150}, {'hsr0\x00', {0x0, 0xb, 0x0, 0x3, 0x0, 0x5, 0x9}}}, @common=@unspec=@limit={{0x48}, {0xfff, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x2}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x8, 0x21, "6bb6778f9bdec125b0fb4f26be757b1e6f2fb8e9079627dc6726c4bc85e9"}}}, {{@ipv6={@private2, @remote, [], [], 'ip6gretap0\x00', 'ip6_vti0\x00'}, 0x0, 0xa8, 0x110}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x511)
syz_open_dev$cec(&(0x7f0000000080), 0x0, 0x4802)
syz_emit_ethernet(0x56, &(0x7f0000000000)={@local, @broadcast, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "b81923", 0x20, 0x0, 0x0, @local, @local, {[@dstopts={0x0, 0x3, '\x00', [@generic={0x31, 0x16, "461e964f8380d23437be1692529d83e1698fd412231c"}]}]}}}}}, 0x0)
r7 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup.cpu/cgroup.procs\x00', 0xa00, 0x1c2)
inotify_add_watch(r7, &(0x7f0000000000)='./file0\x00', 0x42000200)
r8 = openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000000)='devices.allow\x00', 0x2, 0x0)
close(r8)

5m59.537632782s ago: executing program 3 (id=1061):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="180100"/13], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
io_uring_register$IORING_REGISTER_SYNC_CANCEL(0xffffffffffffffff, 0x18, 0x0, 0x1)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x6, 0x6, 0x5}, 0x48)
ioctl$KVM_SET_NESTED_STATE(0xffffffffffffffff, 0x4080aebf, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={0x0}, 0x18)
clock_getres(0xfffffffffffffffd, 0x0)
getdents(0xffffffffffffffff, &(0x7f0000001fc0)=""/184, 0xb8)
r4 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$search(0xa, r4, &(0x7f0000000140)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, r4)

5m58.389720059s ago: executing program 3 (id=1064):
sendmsg$NFT_MSG_GETFLOWTABLE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="14000000170a018859f822340177a0942cdc01000000000000000000000006ebe5d09fd9a7731ec389ac24f755126bfd514e572052dfc126613030b622d5a68e6c0f278deb71cbfd640f633ff71653eea9726e0fbe9269c138b1299a6e1a01bc8d3165bc71c0a07d26946c5e1c2cdc5f7731533856d6c56afe93f584302342b0d80c386c1b1b1bd371"], 0x14}, 0x1, 0x0, 0x0, 0x20000005}, 0x4000000)
syz_open_dev$audion(&(0x7f0000000000), 0x0, 0x230200)
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f0000000580)=ANY=[@ANYBLOB="ee61d15b176da8ea8abe33a2ac1a58bde11db6411b4864916c5ac483163a894aaee52e9e377fc5bab5055d789da66a7a70863f889aad1335f04ee4450038b9778f4d5ec530dd982feea0da048265c0ac677634f7f8a03936495e01ad2391429afd94e82dd69e1e130ee96890732fd2607f206484a26cd5fb3c25cedbf3e614e91913ecc6cb885d6634e642a4663fb173c97df34d038205965db55ba937f12ef8ec0905e1cd0aae11db41a3046e273aeecf2fe24cbdb77f0b7aaf43983b50874a6dd6bf1a1b37c155a4d520a4f14573abd0"], &(0x7f0000000380)='syzkaller\x00', 0xfffffffd, 0x0, 0x0, 0x41100, 0x27, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r1}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_open_dev$usbfs(0x0, 0x76, 0x101b01)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x400000001, &(0x7f0000000300)={<r5=>0xffffffffffffffff}, 0x13f, 0x9}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x0, @loopback}, {0xa, 0x0, 0xfffffffe, @empty}, r5}}, 0x48)
write$RDMA_USER_CM_CMD_QUERY(r0, &(0x7f0000000040)={0x13, 0x10, 0xfa00, {&(0x7f0000000780), r5, 0x2}}, 0x18)

5m57.134034429s ago: executing program 3 (id=1067):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000040)=0x2)
r1 = syz_io_uring_setup(0x9ef, &(0x7f0000000140)={0x0, 0xfad6, 0x800}, &(0x7f00000000c0)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r1, 0xdb4, 0x0, 0x0, 0x0, 0x0)
readv(r0, &(0x7f00000002c0)=[{&(0x7f0000000780)=""/4096, 0x1000}], 0x1)

5m42.086778908s ago: executing program 33 (id=1067):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000040)=0x2)
r1 = syz_io_uring_setup(0x9ef, &(0x7f0000000140)={0x0, 0xfad6, 0x800}, &(0x7f00000000c0)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r1, 0xdb4, 0x0, 0x0, 0x0, 0x0)
readv(r0, &(0x7f00000002c0)=[{&(0x7f0000000780)=""/4096, 0x1000}], 0x1)

15.308134577s ago: executing program 2 (id=1853):
r0 = syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
io_submit(0x0, 0x0, &(0x7f0000000180))
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='.\x00', 0x0, 0x0)
renameat(r4, 0x0, r4, &(0x7f0000000380)='./cgroup.net/cgroup.procs\x00')
getpid()
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, 0x0)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @remote})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000480))
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @random="0106002010ff"})
unshare(0x68060200)
ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, &(0x7f0000000040)={0xa, 0x0, 0xc, {0x5, 0x4, 0x4, 0x8000}})

11.428068846s ago: executing program 2 (id=1858):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000580)='./file1\x00', 0x0, &(0x7f0000000100), 0x1, 0x57e, &(0x7f00000005c0)="$eJzs3U1oHGUfAPD/zGbffuV90xcUVHooKlQo3ST90OqpvYqFQg+CFw2bbSjZZEM20SbkkN6L2IOo9FJvevCoePAgXjx6ErwonoVig0LTg67MfqRpvtzUJlszvx/M7jzz7Oz/eXb2/+zMMMMGkFtHs4c04umIuJhEDKyq64t25dHW65aXFsr3lhbKSTQal35NIomIu0sL5c7rk/bzoYhYjIinIuKbYsTxdH3c+tz8+Ei1WplulwdnJqYG63PzJ65MjIxVxiqTp156+czZ02eGTw6vXu1eY3WpuL2+Xv/pxrvXv3v11o1PPzuyWH5/JIlz0d+uW92PR6n1mRTj3Jrlp3ciWA8lvW4AD6XQzvMslZ6MgSi0s34jjYFdbRqwwxr7IhpATiXyH3Kqsx+QHf92pt3c/7h9vnUAksVdbk+tmr7WuYnY3zw2Ofhb8sCRSXa8eXg3G8qetHgtIob6+tZ//5P29+/hDT2KBrKjvj7f2lDrt3+6Mv7EBuNPf+fc6T/UGf+W141/9+MXNhn/LnYZ4483fv5o0/jXIp7ZMH6yEj/ZIH4aEW91Gf/m61+e3ayu8XHEsdg4fkey9fnhwctXqpWh1uOGMb46duSVrfp/cJP4rXO2+5s/M2v6fyhr01SX/f/i28+fXdwi/gvPbb39N/r8D0TEe13G///dT17brO72teROthew3e2fLbvVZfwXzx39scuXAgAAAAAAAAAA25A2r2VL0tLKfJqWSq17eJ+Ig2m1Vp85frk2OznauubtcBTTzpVWA61ykpWH29fjdson15RPFdoBCwea5VK5Vh3tcd8BAAAAAAAAAAAAAAAAAADgcXFozf3/vxea9/+v/btqYK/a/C+/gb1O/kN+PZj/Sc/aAew+v/+QWw35D/kl/yG/5D/kl/yH/JL/kF/yH/JL/gMAAAAAAAAAAAAAAAAAAAAAAAAAwI64eOFCNjXuLS2Us/Jo39zseO3tE6OV+nhpYrZcKtemp0pjtdpYtVIq1yb+7v2SWm1qKCZnrw7OVOozg/W5+TcnarOTSXzfrK4Ud6FPAAAAAAAAAAAAAAAAAAAA8G/T35yStBQRaXM+TUuliP9GxOEoJpevVCtDEfG/iPihUNyXlYd73WgAAAAAAAAAAAAAAAAAAADYY+pz8+Mj1Wplek/O7I+IB5f0bWf1iFh8tA3L3nHbaxXb2+px+VTN5GGmxwMTAAAAAAAAAAAAAAAAAADk0P2bfrtd48+dbRAAAAAAAAAAAAAAAAAAAADkUvpLEhHZdGzg+f61tf9JlgvN54h45+alD66OzMxMD2fL76wsn/mwvfxkL9oPdKuTp508BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO6rz82Pj1SrlekdnOl1HwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAexl8BAAD//5aV1q4=")
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, 0xffffffffffffffff, 0x0)
ioctl$FIBMAP(0xffffffffffffffff, 0x1, &(0x7f0000000140)=0x6)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r0}, 0x18)
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000080)='./file0\x00', 0x280008a, &(0x7f00000007c0)=ANY=[@ANYBLOB="6e6f6e756d7461696c3d302c73686f72746e616d653d77696e39352c73686f72746e616d653d6c6f7765722c696f636861727365743d64656661756c742c756e695f786c6174653d302c6e6f6e756d7461696c3d302c757466383d302c616c6c6f775f7574696d653d30303030303030303030303030303030303030303030322c726f6469722c73686f72866e616d653d6d697865642c73686f72746e616d653d6d697865642c73686f72746e616d653d77696e39352c7569643d", @ANYRESHEX=0x0, @ANYBLOB=',uni_xlate=0,utf8=0,shortname=mixed,uni_xlate=0,shortname=winnt,\x00'], 0x96, 0x2a9, &(0x7f0000000500)="$eJzs3T9ra2UYAPDnpGkSdEgEJxE8oINTabu6pEgLxUxKBnXQYluQJggtFPyDsZOri6OriyC4+SVc/AaCq+BmwcKRk5xjkt40N+m9ae+f32/p2/c8z3ue9/QtpcN58vGr/ZPDNI4vvvojGo0kKu1ox2USrahE6ZuY0v4uAICn2WWWxd/ZyDJ5SUQ0VlcWALBCS//9/2XlJQEAK/be+x+8s9Pp7L6bpo3Y63973s3/s8+/jq7vHMen0Yuj2IxmXEVk/xuN97IsG1TTXCve6A/Ou3lm/6PfivV3/ooY5m9FM1rDqen8/c7uVjoykT/I63ihuH87z9+OZrw84/77nd3tGfnRrcWbr0/UvxHN+P2T+Cx6cTgsYpQflYivt9L07ez7f778MC8vz08G5936MG4sW7vjHw0AAAAAAAAAAAAAAAAAAAAAAM+wjaJ3Tj2G/XvyqaL/ztpV/s16pKXWdH+eUX5SLnStP9Agix/K/jybaZpmReA4vxqvVKN6P7sGAAAAAAAAAAAAAAAAAACAJ8vZ51+cHPR6R6ePZVB2Ayhf67/tOu2JmddifnB9fK9KMZyzcqyVMUnE3DLyTSxc879F24PbPbqXbqr5p58XXufHh++9GKwvEPOIg/J0nRwks59hPcqZRnlIfp2MqcWC96rddClb6vjVZl5qLr332ovDwWBOTCTzCnvrz9GTK2aS67uoDZ/qzPT1YjCRPh3TWPw8578pD0h06wAAAAAAAAAAAAAAAAAAgJUav/Q74+LF3NRKVl9ZWQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwp8af/7/EYFAkLxBci9Oze94iAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAz4H/AgAA///uD2MO")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0}, 0x94)
write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
io_setup(0x281, &(0x7f0000000100))
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[], 0x50)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000380), 0x4001, 0x0)

9.973143418s ago: executing program 2 (id=1863):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
syz_open_dev$sndctrl(0x0, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mlock2(&(0x7f0000627000/0x3000)=nil, 0x3000, 0x0)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002340), 0x40800)
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r4, 0xc058534f, &(0x7f0000002380)={{0x0, 0x1}, 0x0, 0x0, 0x2, {0x4, 0x1}, 0x3, 0x800})
socket(0xa, 0x3, 0x3a)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=@newtaction={0xd8, 0x30, 0xffff, 0x0, 0x0, {}, [{0xc4, 0x1, [@m_ife={0xc0, 0x1, 0x0, 0x0, {{0x8}, {0x98, 0x2, 0x0, 0x1, [@TCA_IFE_DMAC={0xa, 0x3, @link_local}, @TCA_IFE_TYPE={0x6}, @TCA_IFE_TYPE={0x6}, @TCA_IFE_DMAC={0xa, 0x3, @broadcast}, @TCA_IFE_METALST={0xc, 0x6, [@IFE_META_PRIO={0x4, 0x3, @void}, @IFE_META_PRIO={0x4, 0x3, @void}]}, @TCA_IFE_PARMS={0x1c}, @TCA_IFE_TYPE={0x6}, @TCA_IFE_SMAC={0xa, 0x4, @dev}, @TCA_IFE_METALST={0x30, 0x6, [@IFE_META_SKBMARK={0x8}, @IFE_META_TCINDEX={0x4, 0x5, @void}, @IFE_META_TCINDEX={0x6}, @IFE_META_TCINDEX={0x4, 0x5, @void}, @IFE_META_SKBMARK={0x4, 0x1, @void}, @IFE_META_TCINDEX={0x6}, @IFE_META_PRIO={0x8}]}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xd8}}, 0x0)

8.029533388s ago: executing program 5 (id=1867):
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000040)='./file0\x00', 0x1000804, &(0x7f0000000140)=ANY=[@ANYBLOB='utf8,fmask=00000000000000000000243,allow_utime=00000000000000000000006,iocharset=cp936,fmask=00000000000000000000005,dmask=00000000000000000000004,gid=', @ANYRESHEX=0x0, @ANYBLOB=',dmask=00000000000000000000001,umask=00000000000000000001042,uid=', @ANYRES8, @ANYRESOCT=0x0], 0x1, 0x1539, &(0x7f0000001f80)="$eJzs3AucTVX7OPDnWWvtMSSdJrkMa61nc5LLIklySZJLkiQhyS0hSfJKQmLILWlIQnIZkssQksvEpHG/3y8JSdIkSUhuyfp/psxfvfX+e3+/+uX3f+f5fj77Yz1nnWfttec5Z5+91xzzdddhNRrXrNqAiOBPwZ//SQCAWAAYBADXAEAAAGXjysZl9GeXmPDndsL+Wg2Tr/QM2JXE9c/auP5ZG9c/a+P6Z21c/6yN65+1cf2zNq4/Y1nZlhn5r+Ut6268/p+V8ef/f5D0kuM+X1fy+m4AMf9uCtf//3/4J3K5/v+xgt99tI/4Vcj1z9q4/llV7JWeAPtfgN//WUG2f9nD9c/auP6MZWW/XAuOhSu/Hv13bxD5q38HUuDST/bKH9u/dfyMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxtjf4Ky/TAFAZvtKz4sxxhhjjDHGGGN/HZ/tSs+AMcYYY4wxxhhj//MQBEhQEEAMZINYyA45QADEZPZfC3FwHeSG6yEP5IV8kB/ioQAUBA0GLBCEUAgKQxRugCJwIxSFYlAcSoCDklAKboLScDOUgVugLNwK5eA2KA8VoCJUgtuhMtwBVeBOqAp3QTWoDjWgJtwNteAeqA33Qh24D+rC/VAPHoD68CA0gIbQCB6CxvAwNIFHoCk0g+bQAlr+t/Kfh57wAvSC3pAAfaAvvAj9oD8MgIEwCF6CwfAyDIFXIBGGwjB4FYbDazACXoeRMApGwxswBt6EsTAOxsMESIKJMAnegsnwNkyBqTANpkMyzICZ8A7MgtkwB96FufAezIP5sAAWQgq8D4tgMaTCB7AEPoQ0WArLYDmsgJWwClbDGlgL62A9bICNsAk2wxbYCttgO+yAnbALPoLd8DHsgb2wDz6B/fDpH+U3fBbgF/ln/im/GwICChSoUGEMxmAsxmIOzIE5MSfmwlwYwQjGYRzmxtyYB/NgPsyH8RiPBbEgGjRISFgIC2EUo1gEi2BRLIrFsTg6dFgKS2FpvBnLYBksi2WxHJbD8lgBK2AlrISVsTJWwSpYFatiNayGNbAG3o13Yx+sjbWxDtbBulg3c3kKG2ADbISNsDE2xibYBJtiU2yOzbEltsRW2ApbY2tsi22xHbbD9tgeO2AH7IgdsRN2ws7YGbtgF+yKXbEbdsfu6c9nA3wBX8DeWE30wb7YF/thYrYBOBAH4ks4GF/Gl/EVTMShOAxfxVfxNRyBp3EkjsLROBorizdxLI5DEhMwCZNwEk7CyTgZp+BUnIrTMRln4EycibNwNs7Gd3Euvofv4XycjwsxBVNwES7GVEzFJXgG03ApLsPluAJX4gpcjWtwNa7D9bgON+JG3IybcStuxe24HXfiTvwIFQB+jHtxLybiftyPB/AAHsSDeAgPYTqm42E8jEfwCB7Fo3gMj+FxPIEn8QSewlN4Gs/gWTyL5/E8XsBn479s9FGxtYkgMiihRIyIEbEiVuQQOUROkVPkErlEREREnIgTuUVukUfkEflEPhEv4kVBUVAYYQSJMONMIaIiKoqIIqKoKCqKi+LCCSdKiVKitCgtyogyoqy4VZQTt4nyooJo4yqJSqKyaOuqiDtFVVFVVBPVRQ1RU9QUtUQtUVvUFnVEHVFX1BX1xAOivuiDA7ChyKhMYzEUm4hh2FQ0E/LSGaqVGIGtRRvRVjwuRuFIbC9auQ7iKdFRjMVO4h9iHD4juogJ2FU8J7qJ7qKHeF70FK1dL9FbTME+oq+Yjv1EfzFADBSzsLp4F+dmryFeEYliqBgmXhUL8TUxQrwuRopRYrR4Q4wRb4qxYpwYLyaIJDFRTBJvicnibTFFTBXTxHSRLGaImeIdMUvMFnPEu2KueE/ME/PFArFQpIj3xSKxWKSKD8QS8aFIE0vFMrFcrBArxSqxWqwRa8U6sV5sEBvFJrFZbBFbxTaxXewQO8Uu8ZHYLT4We8ResU98IvaLT8UB8Zk4KD4Xh8QXIl18KQ6Lr8QR8bU4Kr4Rx8S34rg4IU6K78Qp8b04Lc6Is+KcOC9+EBfEj+Ki8AIkSiGlVDKQMTKbjJXZZQ55lcwpg8zzv4yT18nc8nqZR+aV+WR+GS8LyIJSSyOtJBnKQrKwjMobZBF5oywqi8nisoR0sqQsJW+SpeXNsoy8RZaVt8py8jZZXlaQFWUlebusLO+QEPl5H9VkdVlD1pR3ywS4R9aW98o68j5ZV94v68kHZH35oGwgG8pG8iHZWD4sm8hHZFPZTDaXLWRL+ahsJR+TrWUb2VY+LtvJJ2R7+aTsIJ+SHaW/9BJ5RnaRz8qu8jnZTXaXPeSP8qL0spfsLaEPyL7yRdlP9pcD5EA5SL4kB8uX5RD5ikyUQ+Uw+aocLl+TI+TrcqQcJUfLN+QY+aYcK8fJ8XKCTJIT5ST5lpws35ZT5FQ5TU6XyXKGHHBppDlS/mH+W7+TP+SnvW+WW+RWuU1ulzvkTrlLfiR3y91yj9wj98l9cr/cLw/IA/KgPCgPyUMyXabLw/KwPCKPyKPyqDwmj8nj8oQ8J7+Tp+T38rQ8I8/Ic/K8PC8vXPoZgEIllFRKBSpGZVOxKrvKoa5SOdXVKpe6RkXUtSpOXadyq+tVHpVX5VP5VbwqoAoqrYyyilSoCqnCKqpuwEsvGFVclVBOlVSl1E3/lXxVRN2oiqpiv8rPnF/Cv5hfS9VStVKtVGvVWrVVbVU71U61V+1VB9VBdVQdVSfVSXVWnVUX1UV1VV1VN9VN9VA9VE/VU/VSvVSCSlB91Yuqn+qvBqiBapB6SWQcwxA1RCWqRDVMDVPD1XA1Qo1QI9VINVqNVmPUGDVWjVXj1XiVpJLUJDVJTVaT1RQ1RU1T01SySlYz1Uw1S81Sc9QcNVfNVfPUPLVALVApKkUtUotUqkpVS9QSlaaWqqVquVquVqqVarVardaqtWq9Wq82qo0qTW1RW9Q2tU3tUDvULrVL7Va71R61R+1T+9R+tV8dUAfUQXVQHVKHVLpKV4fVYXVEHVFH1VF1TB1Tx9VxdVKdVKfUKXVanVZn1Vl1Xp1XF9QFdVFdzLjsC0QgAhWoICaICWKD2CBHkCPIGeQMcgW5gkgQCeKCuCB3cH2QJ8gb5AvyB/FBgaBgoAMT2EBcKno0uCEoEtwYFA2KBcWDEoELSgalgpuC0sHNQZnglqBscGtQLrgtKB9UCCoGlYLbg8rBHUGV4M6ganBXUC2oHtQIagZ3B7WCe4Lawb1BneC+oG5wf1AveCCoHzwYNAgaBo2Ch4LGwcNBk+CRoGnQLGgetAha/qXje38672Oul+6tE3Qf3Ve/qPvp/nqAHqgH6Zf0YP2yHqJf0Yl6qM787BmhX9cj9Sg9Wr+hx+g39Vg9To/XE3SSnqgn6bf0ZP22nqKn6ml6uk7WM/RM/Y6epWfrOfpdPVe/p+fp+XqBXqhT9Pt6kV6sU/UHeon+UKfppXqZXq5X6JV6lV6t1+i1ep1erzfojXqT3qy36K16m96ud+idepf+SO/WH+s9eq/epz/R+/Wn+oD+TB/Un+tD+gudrr/Uh/VX+oj+Wh/V3+hj+lt9XJ/QJ/V3+pT+Xp/WZ/RZfU6f1z/oC/pHfVH7jIv7jI93o4wyMSbGxJpYk8PkMDlNTpPL5DIREzFxJs7kNrlNHpPH5DP5TLyJNwVNQZOBDJlCppCJmqgpYoqYoqaoKW6KG2ecKWVKmdKmtCljypiypqwpZ8qZ8qa8qWgqmtvN7eYOc4e509xp7jJ3meqmuqlpappappapbWqbOqaOqWvqmnqmnqlv6psGpoFpZBqZxqaxaWKamKamqWlumpuWpqVpZVqZ1qa1aWvamnamnWlv2psOpoPpaDqaTqaT6Ww6my6mi+lquppuppvpYXqYnqan6WV6mQSTYPqavqaf6WcGmAFmkBlkBpvBZogZYhJNohlmhpnhZrgZYUaYkWaUGZ1xoWreNGPNODPeTDBJJslMMpPMZDPZTDFTzDQzzSSbZDPTzDSzzCwzx8wxc81cM8/MMwvMApNiUswis8ikmlSzxCwxaSbNLDPLzAqzwqwyq8was8asM+vMBthgNplNZovZYraZbWaH2WF2mV1mt9lt9pg9Zp/ZZ/ab/eaAOWAOmoPmkDlk0k26OWwOmyPmiDlqjppj5pg5bo6bk+akOWVOmdPmtDlrzprzJu+ll7U3sTa7zWGvsjnt1TaXvcb+c5zP5rfxtoAtaLXNY/P+KjbW2qK2mC1uS1hnS9pS9qbfxOVtBVvRVrK328r2DlvlN3Ete4+tbe+1dex9tqa9+1dxXXu/rWcftvURAWwz28i2sI3tw7aJfcQ2tc1sc9vCtrNP2Pb2SdvBPmU72qd/Ey+yi+0au9aus+vtHrvXnrXn7BH7tT1vf7C9bG87yL5kB9uX7RD7ik20Q38Tj7Zv2DH2TTvWjrPj7YTfxNPsdJtsZ9iZ9h07y87+TZxi37dzbaqdZ+fbBXbhT3HGnFLtB3aJ/dCm2QCW2eV2hV1pV9nV/3euy+1Gu8lutrvtx3ab3W532J12V+bJyO61++wndr/91B62X9mD9nN7yB616fbLn+KM4ztqv7HH7Lf2uD1hT9rv7Cn7vcrMzjj27+yP9qL1FggJSJKigGIoG8VSdspBV1FOuppy0TUUoWspjq6j3HQ95aG8lI/yUzwVoIKkyZAlopAKUWGK0g2UOb3iVIIclaRSdBOVppupDN1CZelWKke3UXmqQBWpEt1OlekOqkJ3UlW6i6pRdapBNeluqkX3UG26l+rQfVSX7qd69ADVpwepATWkRvQQNaaHqQk9Qk2pGTWnFtSSHqVW9Bi1pjbUlh6ndvQEtacnqQM9RR3paepE/6DO9Ax1oWepKz1H3ag79aDnqSe9QL2oNyVQH+pLL1I/6k8DaCANopdoML1MQ+gVSqShNIxepeH0Go2g12kkjaLR9AaNoTdpLI2j8TSBkmgiTaK3aDK9TVNoKk2j6ZRMM2gmvUOzaDbNoXdpLr1H82g+LaCFlELv0yJaTKn0AS2hDymNltIyWk4raCWtotW0htbSOlpPG2gjbaLNtIW20jbaTjtoJ+2ij2g3fUx7aC/to09oP31KB+gzOkif0yH6gtLpSzpMX9ER+pqO0je+N31Lx+kEnaTv6BR9T6fpDJ2lc3SefqAL9CNdJE8QYihCGaowCGPCbGFsmD3MEV4V5gyvDnOF14SR8NowLrwuzB1eH+YJ84b5wvxhfFggLBjq0IQ2pDAMC4WFw2h4Q1gkvDEsGhYLi4clQheWDEuFN4Wlw5vDMuEtYdnw1rBceFtYPqwQPnxfpfD2sHJ4R1glvDOsGt4VVgurhzXCmuHdYa3wnrB2eG9YJ7wvLBPeH9YLHwjrhw+GDcKGYaPwobBx+HDYJHwkbBo2C5uHLcKW4aNhq/CxsHXYJmwbXhW2C58I24dPhh3Cp8KO4dM/9d+/OLP/8d/0J4R9wr7hi+GLoff3ygXRhdGU6PvRRdHF0dToB9El0Q+jadGl0WXR5dEV0ZXRVdHV0TXRtdF10fXRDdGN0U3RzVHva2YDh0446ZQLXIzL5mJddpfDXeVyuqtdLneNi7hrXZy7zuV217s8Lq/L5/K7eFfAFXTaGWcdudAVcoVd1N3girgbXVFXzBV3JZxzJV0p18K1dC1dK/eYa+3auLbucfe4e8I94Z50T7qnXEf3tOvk/uE6u2dcF/ese9Y957q57q6He971dBNz/fyeTHB9XV/Xz/VzA9wAN8gNcoPdYDfEDXGJLtENc8PccDfcjXAj3Eg30o12o90YN8aNdWPdeDfeJbkkN8lNcpPdZDfFTXHT3DSX7JLdTDfTzXKzXOXZP+9lnpvnFrgFLsWluEUu45ox1S1xS1yaS3PL3DK3wq1wq9wqt8atcevcOrfBbXCb3Ca3xW1x29w2t8PtcLvcLrfb7XZ7/DU/D+r2uwPugDvoDrpD7guX7r50h91X7oj72h1137hj7lt33J1wJ9137pT73p12Z9xZd86ddz+4C+5Hd9F5lxSZGJkUeSsyOfJ2ZEpkamRaZHokOTIjMjPyTmRWZHZkTuTdyNzIe5F5kfmRBZGFkZTI+5FFkcWR1MgHkSWRDyNpkaWRZZHlkRWRlRHvC2wLfSFf2Ef9Db6Iv9EX9cV8cV/CO1/Sl/I3+dL+Zl/G3+LL+lt9OX+bL+8r+Ir+Ed/UN/PNfQvf0j/qW/nHfGvfxrf1j/t2/gnf3j/pO/infEf/tO/k/+E7+2d8F/+s7+qf8918d9/DP+97+hd8L9/bJ/g+vq9/0ffz/f0AP9AP8i/5wf5lP8S/4hP9UD/Mv+qH+9f8CP+6H+lH+dExb/gxmbfIMMEn+Yl+kn/LT/Zv+yl+qp/mp/tkP8PP9O/4WX62n+Pf9XP9e36en+8X+IU+xb/vF/nFPtV/4Jf4D32aX5q5aOxX+dV+jV/r1/n1foPf6Df5zX6L3+q3+e1+h9/pd/mP/G7/sd/j9/p9/hO/33/qD/jP/EH/uT/kv/Dp/kt/2H/lj/iv/VH/jT/mv/XH/Ql/0n/nT/nv/Wl/xp/15/x5/4O/4H/0F/n/rDHGGGOM/VsmXm6KX/f8vJzf53dyxC+e3BcArt6eP/2X/RlXlBvy/NzuL+LbRQDgqd5dG2Zu1aolJCRcem6ahKDwfIDM3wRl+OmrB5fipdAWnoAO0AZK/+78+4vu5+kPxo/eCpDjFzmxcDm+PP5nAJjwO+M/+vjoReXCs3H/j/HnAxQtfDknO1yOl0Lbn9ZX2kCZfzH/vK3+YP7ZP08CaP2LnJxwOb48/1LwGDwNHX71TMYYY4wxxhhj7Gf9RcXOmfefmd/4/L3783h1OScbXI7/6P6cMcYYY4wxxhhjV94z3Xs8+WiHDm06/9cbVf5bWf92own8T43Mjd9teA+Q+YgCgD85IEBGQ/6dR7H1b9lX4qW3zj93rTjnA/jfUcq/onGFT0yMMcYYY4yxv9zli/5fP66u1IQYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjLEs6O/4c2JX+hgZY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4yxK+3/BAAA//92hPnU")
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x441, 0x14a)
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newtaction={0x130, 0x30, 0x2, 0x0, 0x0, {}, [{0x11c, 0x1, [@m_gact={0xe4, 0x3, 0x0, 0x0, {{0x9}, {0x4c, 0x2, 0x0, 0x1, [@TCA_GACT_PROB={0xc, 0x3, {0x2, 0x1482, 0x5}}, @TCA_GACT_PROB={0xc, 0x3, {0x0, 0x1fce, 0x4}}, @TCA_GACT_PROB={0xc, 0x3, {0x2, 0x17c5, 0x2}}, @TCA_GACT_PROB={0xc, 0x3, {0x0, 0x1397, 0xfffffffffffffff2}}, @TCA_GACT_PARMS={0x18, 0x2, {0x80000001, 0x5809, 0x6, 0x1}}]}, {0x70, 0x6, "b3eba4880a3c1a64212b335d3ce31faacd885aaf57e00a51e71a624d1a7e76f955e14831999c57d9345101f0d3485877c55b47f1bef23bb4f330a736eb56df447d1610a5ab230cd2518947872600b6e043f7a3b7954a0f6f65b45b9e3c13d79f748c2c9fc7f80083ea15d5a9"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x2}}}}, @m_ife={0x34, 0x1, 0x0, 0x0, {{0x8}, {0xc, 0x2, 0x0, 0x1, [@TCA_IFE_TYPE={0x6, 0x5, 0x3ff}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1}}}}]}]}, 0x130}, 0x1, 0x0, 0x0, 0x20008804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_udp_int(r3, 0x11, 0xa, &(0x7f00000000c0)=0xf773, 0x4)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fanotify_init(0x4c, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
ioctl$SOUND_OLD_MIXER_INFO(0xffffffffffffffff, 0x80304d65, &(0x7f0000000280))
shutdown(0xffffffffffffffff, 0x1)
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0xd4, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './file0'}}], [], 0x2c})
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)

6.656305029s ago: executing program 5 (id=1869):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{0x0}, {0x0}], 0x2)
syz_open_dev$radio(&(0x7f0000000100), 0x2, 0x2)
syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x101121)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)

5.776163592s ago: executing program 2 (id=1873):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x80, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$TCFLSH(r0, 0x400455c8, 0x4)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000100)=0x2)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000180)=0x2)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000140)=0x3)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000400)=0x7)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000200)=0xa)

5.085132313s ago: executing program 5 (id=1874):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWRULE={0x2c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x54}}, 0x0)

4.910806265s ago: executing program 5 (id=1875):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000380)=ANY=[@ANYBLOB, @ANYRES32=0x0], 0x44}, 0x1, 0x0, 0x0, 0x11}, 0x4040044)
syz_mount_image$fuse(0x0, &(0x7f0000000140)='./file1\x00', 0x10000, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_origin(&(0x7f0000000040)='./file0\x00', &(0x7f0000000340), &(0x7f0000000100), 0xfc21, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
r2 = dup3(r1, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_mount_image$btrfs(&(0x7f0000000000), &(0x7f0000000080)='./file1\x00', 0x800810, &(0x7f0000000480)={[{@discard_sync}, {@nodatasum}, {@compress_force}, {@metadata_ratio={'metadata_ratio', 0x3d, 0x1}}, {@ssd}, {}, {@ssd}, {@nodiscard}]}, 0xfb, 0x50f9, &(0x7f0000005140)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734d2FpAqhUbJJahw38Xptk4daqqwpVSPSNOuGBlURxcZek8ULdmxTYhQiYxPRCEFpg5R8KMIoimo+QK1ARFJAuEhxhMojoioKIFBoDVEQKSWJSBOkUM3ee2bvnLvz8GONl/5+knfOzP887zw859475wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwP8Ph75y1d82iz/82/Oefu7Cicv2rrvw5WvOO/3xECZnH+/Iwh3919868fM7z71r731rbrvnyPkf7M3L5fEwUP3Tmd+5LtZ6ZGkI93aE0J0GVg5mgZ78/mCs712DIZwW5gK1ElP9WYm04fD9vhD2h7lArarv9YUwWAhc8MRDD95YTdzSF8KyEEIlbePZStZGXxo4qzcL9KeBbd1Z4FdvZGqB73ZmAThu8c1Qe9EfnKzPMDJ/uQavv54T1rE3Vzq8rpgYaZzvZ+sWuFMFvekDk8f1tJWqY0GU3h6HvNsWwbuttJ1v9rQVv0jl31DemAtVQufmqS0br5zZFR/pDGNjXY1qWqDn+alXv7TpaNKL5nUYOzByQl6HNz227M6uFZ969J6Vy1488KF9Lx1vN39U2KTF9EKrhPw1t2iex2jC58kiePuVviWN+tIVQtjy+d/7dLN4af4/0nz+H1/O8bazLnes9fWhbG4eHxmMiVeGsrk5AAAALBqLYa/ptrEHPlYoPlxJ6ivN/0fbO/4fD/nnk/lstIdCmJhN7BsO4YzZx7PAHbG5S4ZDeO9sarI+sC4JHArhnbOJFbWqkhJLYonRJPCToTwwkQQOx8BkEvhWDNycBK6LgYNJYFMMHEoC58ZAmK4fx+8P5eNoO9AXAxuyjXgwnoXwi6HYWrKtnqlVBQAAcILks8Oe+ruFcx2ON0OcXh7sa5UhnoHdMEMlqSGdwdamVQ1r6G5VQ2erGmrj3tN8+KWaO1rVXDoNo6M+w62//JvPhCZK8//x5vP/yjwd6Sgd/w9h/ezfmLszj8zU4hsm6zIAAAAAx2Hgf5//ZrN4af4/0d75/3GfSFchc3gk7obYOhzCeH0gq/YPy4HsqPdAHgAAAIDFoHY8vnYsfDq/zU7RTufT5fyTR5k/HvifmDd/76H7NzTrb2n+P9ne+f/99bdZJw7HXnxtOIQlhcAPYi+rgVmjMfDjj9cH8vEfjhvghlhVfmJCraobYokNMTCeBPY3KvHDWokz6gP5k1VrfF9tHNN5iUIAAAAATrq4OyAel4/n/7/vN2uualauNP/fcHTn/8/Og0un988MhLCqO4Su9IcBj/RnCwPGwGBHnnigP6urK63q2v4QzqkOLK3q+Xz9/+50jcEn+rKqYuCM9x149axq4pt9IawqBp783O0friZ2JYFa43/ZF8J7qqNNG//OkqzxnrTxry8J4d2FQK2qS5aEUG2sN63qoUp+HYO0qn+uhPC2QqBW1UcqIewOACxS8b/SzcUHd+6+euvGmZmpHQuYiPvw+8KW6ZmpsU3bZjZXGvRpc9LnumWMri2Pqd0r3zyTL1H02bvXD7aTrv1OcLzYVr4fv3TiYH4/fhfqmR3nmp66u2vTIX/g/eUmQuGbVKMhdy7wkPuLlcw9iaX6Y/7eMBCWXLlzasfYFzfu2rVjdfa33exrsr/xMFO2rVan26p/vr618fJouFpW4li31fJiJat2Xb591c7dV6+cvnzjpVOXTl2x+iNrxs8eXzv+0bNXVUc1nv1tMdTl81WdDPWN29sc1wkc6pndhUpOxqeGhITEYktsG1je9P/k0vx/e/P5f/zUiZ/8+foMjY7/j8TD/Nnjc4f5N8TA/naP/480OppfOzFgNAnsiYE9DvMDAADw1hAn+XFvZtwr/dMV33mxWbnS/H9Pe7//P0Hr/9eWrj+/0TL/K2KJ8Ubr/6fL/NfW/9/TaP3/dJn/2vr/+9+E9f+vrAWSTfIL6/8DAABvBSdv/f+Wy/unFwgoZWi5vH96gYBShpbL+Ld7gYCjXv//2f/8q/8OTZTm/ze3N/+3cD8AAACcOr78Z1f9TrN4af6/v735/8lf/y80Ov9/tFFgstHCgNb/AwAAYJFqtP7fyPX9FzcrV5r/H2xv/h9Pu+isyx1rfX0oW9MupGvavTJU+8kAAAAALA6dYWysp828dSujrjv2Np/KlwJtli56/k+OHN35/4fam//X/S7jpseW3dm14lOPvn7PymUvHvjQvpfmjv8DAAAAC6fd/RIAAAAAAAAAAAAAAMCb7/n/2Lu2Wbz0+/+wfvbxRr//j9f9i78veHtd7lhr6/X/8vsXfPKu3bNLFj4yFML7i4Gte7eeFvJr8y8vBh68aMU7qom9aYn7nzv3hWri4jTwiZWnv1ZNnJMENsRFEt+ZBuJVFV9bmgTi8or/ngbi9jiYBnrzwFeXZuPoSLfVTwezbdWRbqunB0MYLgRq2+rewayNjnSAtySB2gC/kAbiAP88D3SmvbprIOtVDAzGorcNZL0CAOCUFb8F9oQt0zNT4/ErfLw9s7v+NqpbsuzacrUdbTb/TL402WfvXj/YTror/S46d63xnlCpDmF16etqMUvH7ChPTC0tNt3bGwy51WpvnQ3KpY520/U2HlFfNqKxTdtmNve0HPja1lnWdLfMsro02Slm6ZzdpG3U0kZf2hhRm9umjS7H+51hbKwryfUHMTgS6rR6RbT7e/3iOn+NXgXFPFcc2ferZvWV5v8j7c3/K8VxvZZfDGBPvLLe3w1b5h8AAAAW1lfX/fob8d9nrn/4yWZ5S/P/0fbm/3EPVn4oONvbcShe/3/fcAizl9YfyQJ3xOYuGQ7hvbOpyVgiu6D++bHEeBa4I+4wWRFLbJisr2pJDBxMAj8ZygOHksDhGMj3UhwI+a6cvx8K4cOzqfX1JbbHEiNJ4NMxMJoExmJgPAksjYGJJPDy0jwwmQT+LQbCdP22untpvq0AAACORj7P6qm/G9J53sHuVhk6WmXob5Whs1WGSqsMjUYR7387ZuhJTl7pKGTqSWvtS2opZYgXwz/qfpUyhB/W50wLlpqO5x/UzjfoqM9w38e6K6GJ0vx/vL35f3/9bdb64Tj/n7v+Xxb4Qeze1+Kp46Mx8OOP1wfyHQOH42T3hlpVk3mJfNJ+QywxEQOjSWB7DEwkgQ3r88D+d9QH8pl2rfF9tcan8xKFAAAAAJx0cQdB3E0T5/+37fzKQLNypfn/RHvz/9jeQLGx62KtR5aGcG/HXG9qgZWDWSDuxxiMP49/12AIpxV2cNRKTPVnJXqThsP3+7JfqPemVX2vL/vxQbx/wRMPPXhjNXFLXwjLCntfam08W8na6EsDZ/Vmgf40sK07C8Q9P7XAdzuzABy32l7B+ILKT3WpGZm/XIPX31vlmqDp8Er7QOfJN99vrhZKaYdrvk+15uietqb7bzlhSm+PQ95ti/HdNuLdVvwilX9DeWMuVAmdm6e2bLxyZld8pPhL1pIFep6Lv1JtJ30CXod7jr23rVXSDownHx/j85eb/3XYEau76bFld3at+NSj96xc9uKBD+17qe1uNBB/KPzQNf86+KPC5l1olZC/5hbd58mkz5NF8d9A8u4e9bSFENa//PUbmsVL8//J9ub/3cntrF/HjblzOIQPFDbuI3Hz//Fw9jlYCGSfkm8rB7JD7v811PCTEwAAAE602u6O2v6C6fw2OyE8nSeX808eZf64v2Ji3vzt9rv/ry9a1ixemv9vaD7/X5J00/F/x/9ZII7/z+tU3xW9JH1gz3Htii5Vx4Jw/H9ep/q7zfH/eTn+7/j/fBz/b8Hx/3md6k9b6VvSdl+6Qggv/tEDTzeLl+b/29ub/1v/b/5F+2rr/21otP7f9kbr/+2x/h8AALCgGiw0l87zSqv3lTKkq/eVMrRcILDlEoPW/zvq9f9eOPPZ34QmSvP/Pe3N/+PLYaDY+mJZ/290fYOqbo6B7RYGBAAA4FTUaAcBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAb677/uF/NjeLP/zb855+7sKJy/auu/Dla847/fEQpmcf78jCHf3X3zrx8zvPvWvvfWtuu+fI+R+s5OV68tvfrcsda319KIT9hUcGY+KVoeqducAFn7xrd3c18chQCO8vBrbu3XpaNfGtoRCWFwMPXrTiHdXE3rTE/c+d+0I1cXEa+MTK01+rJs7JAx1pd/9xadbdjrS7Ny4NYbgQqHX3sqX1VdXa+NM80Jm28U+DWRsxMBiLfmMwayMGZmKJ6SUhrOoOoSut6uFKVlVXWtW/VLKqutKqvlwJ4ZwQQnda1XO9WVXd6cgf782qioEz3nfg1bOqif29IawqBp783O0fria+kARqjf9Fbwjvqb5k0sa/3ZM13pM2fktPCO8OIfSmJX7ZnZXoTUs83x3C2wqBWuOf7w5hd+AtIX741H2i7dx99daNMzNTOxYw0Zu31Re2TM9MjW3aNrO5kvSpkY5C+o1rj33sz7z6pU3V28/evX6wnXR3Xq5ntstreururj3Vex/71V+sZO75KNUf8/eGgbDkyp1TO8a+uHHXrh2rs7/tZl+T/e3Ko9m2Wr1YttXyYiWrdl2+fdXO3VevnL5846VTl05dsfoja8bPHl87/tGzV1VHNZ79PRFDvf3kD/XM7kIlJ+MDQEJCYrElOus+3cZP9Q/y0hf9uY72hMrsB3RpWlHM0jE7yhMx6HXHOOJj+Z7SckSrSxOHUpY182S5tj7L2tJkYq6WvizL7Pe60uSw2Fjn7CaN9zvD2FhXo+0wUn+3uHl/dhyb96l807WbBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4P/YgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRg9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHApAAD//7IeJCA=")
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)=<r4=>0x0)
timer_settime(r4, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r5, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r5, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9)
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, 0x0)

4.157826957s ago: executing program 1 (id=1877):
r0 = syz_mount_image$vfat(&(0x7f0000000400), &(0x7f0000000280)='./file1\x00', 0x2008000, &(0x7f0000000000)=ANY=[@ANYBLOB="6e6f6e756d7461696c2c6e66732c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d697865642c757466383d312c004845160000000000"], 0x1, 0x2bc, &(0x7f0000000440)="$eJzs3EFrE08Yx/Hn37RNmtImfxBBQX3Qi16WNr4ADdKCGFBqU9SDsLUbDVmTshsiEbG5iFdfR/HoTVDfQC/ixbu3IgheehBXupttk5rWbU2a2H4/UGa2M7/OLN2WZwud9TuvHpcKrlEwqzKUUBkSaciGSHqz1/Rfsx3y+6PSqiGXxr9/PnP77r0b2VxuZk51Njt/OaOqk+fePXn2+vyH6vjCm8m3cVlL31//lvmydnLt1PrP+UdFV4uulitVNXWxUqmai7alS0W3ZKjesi3TtbRYdi2nbbxgV5aX62qWlyaSy47lumqW61qy6lqtaNWpq/nQLJbVMAydSMrxNhxhTn51bs7M7jrsxbq6I3RfvP1yrNMcx8k2Og/mV3u1LwAAMLj2rv+DWn/3+j+3ELRdrv9FqP97pNF29Yf6H0eC42TNZPPntx31PwAAAAAAAAAAAAAAAAAAAAAA/4INz0t5npcK2/AjLiIJEQmv+71P9MYBv/9X+rRddFnLP+4lROyXtXwtH7TBeLYgRbHFkilJyQ//eWgK+rPXczNT6htpfsnN/EotH/PPJvDzoXSn/Nn/p4O8yvvNXK2ZH5Fk6/oZScmJzutntvPhcQgrtfyoXLzQkjckJR8fSEVsWfKf6+3882nVazdzO9Yf8+ftJsrpGgAAAAAADApDt6Tb33+Dsx8Nf0JCfh8P8vv4+8CO9+thOc1LNAAAAAAAh8KtPy2Ztm05B+jEReQv4ke1E5OB2MaOzlUROfRFRaTRn1tOiEjwGT1I/OtWPFLKizBnWEQG4kmI2On3byYAAAAA3bZd9O8j9OlFD3cEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDxE/U8sHB+yVuRtvPtwoE94i3LxQ79BgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAB8isAAP//0KwZYw==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeea, 0x8031, r0, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000440)='./file0\x00', 0x1814700, &(0x7f0000000240)={[], [{@euid_eq}, {@func={'func', 0x3d, 'FILE_MMAP'}}]}, 0x1, 0x453, &(0x7f0000000c40)="$eJzs289vVEUcAPDve7sFBKQVEQVBq2hs/NHSgsrBi0YTD5qY6AGPtS0EWaihNRHSaDUGj4bEu/Fo4l/gyZNRTyZe9W5IiDYmoBfXvN332u6yW/pjy1b280kWZvbNvplv583b2ZndAHrWYPZPErE7In6NiP56trHAYP2/GwtzE38vzE0kUa2++UdSK3d9YW6iKFq8bleeGUoj0k+TvJJGMxcvnR2vVKYu5PmR2XPvjcxcvPTMmXPjp6dOT50fO3Hi+LHR558be7YjcWbxXT/44fShA6++feX1iZNX3vnxm6y9+w/Xjy+Po1MGs8D/rNY0H3u805V12b/VpTiTcrdbw2qVIiLrrr7a+O+PUix1Xn+88klXGwdsquyevb394fkqcAdLotstALqjeKPPPv8Wj9s09dgSrr1Y/wCUxX0jf9SPlCPNy/RtYv2DEXFy/p8vs0c0rUNUW6wbAABs1HfZ/OfpVvO/NPYvK7cn3xsaiIh7ImJvRNwbEfsi4r6IWtn7I+KBNdbfvDV08/wzvbquwFYpm/+9kO9tNc7/itlfDJTy3N21+PuSU2cqU0fzv8lQ9G3P8qOtTl6c4uVfPm9X//L5X/bI6i/mgvlJrpabFugmx2fHOzUpvfZxxMFyq/iTxZ2AJCIORMTBtZ16T5E48+TXh9oVunX8K+jAPlP1q4gn6v0/H03xF5KV9ydHdkRl6uhIcVXc7KefL7/Rrv4Nxd8BWf/vbLz+m0r0/5Us36+dWXsdl3/7rO1nyvI6r/9tyVu1Pd1t+XMfjM/OXhiN2Ja8Vss3PD+29NoiX5TP4h860nr8781fk8X/YERkF/HhiHgoIh7O++6RiHg0Io6sEP8PLz32brtjW6H/J1ve/xav/4HG/l97onT2+2/b1b+6+9/xWmoof6Z2/7uF9s3ZkZdY79UMAAAA/z9p7bvxSTq8mE7T4eH6d/j3xc60Mj0z+9Sp6ffPT9a/Qz8QfWmx0tW/bD10NJnPz1jPj+VrxcXxY/m68Relu2r54YnpymSXY4det6vN+M/8Xup264BN5/da0Luax3/apXYAt5/3f+hdxj/0LuMfeler8f9RU95eANyZvP9D7zL+oXcZ/9C7jH/oSRv5XX+7xO7Y2HnKK/x6X2KrJCLdEs2QaJEod2B0d/nGBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0CH/BQAA//8ox/E5")
r4 = inotify_init()
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
inotify_add_watch(r4, &(0x7f00000001c0)='.\x00', 0x4000423)
getsockopt(0xffffffffffffffff, 0x28, 0xe, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = open(&(0x7f0000000040)='./file1\x00', 0x80242, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
write$FUSE_CREATE_OPEN(r5, &(0x7f0000000180)={0xa0, 0xfffffffffffffff5, 0x0, {{0x3, 0x1, 0x5, 0xa, 0x3, 0x1, {0x5, 0x17d, 0x8, 0x5, 0x100, 0x7cf4, 0x9, 0x7ffffffd, 0xfffffffe, 0x8000, 0x20000000, 0xee00, 0x0, 0x3ff, 0x1}}, {0x0, 0x11}}}, 0xa0)
sendfile(r5, r5, &(0x7f0000000080)=0x2, 0x7f03)

3.29669158s ago: executing program 4 (id=1879):
creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8)
r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x1)
r1 = creat(0x0, 0x0)
r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x8)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$qrtrtun(r1, &(0x7f0000000300)="ca0e808bb35bdabb", 0x8)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r3, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], &(0x7f0000000240)=[0x2], 0x0, 0x1}}, 0x40)
mmap$xdp(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1f, 0x12, r0, 0x200000ffe000)

2.860244766s ago: executing program 1 (id=1880):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={0x0}, 0x18)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000005c00)={&(0x7f0000000000)=@newtaction={0xa0, 0x30, 0x9, 0x0, 0x0, {}, [{0x8c, 0x1, [@m_bpf={0x88, 0x1, 0x0, 0x0, {{0x8}, {0x60, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x7}, @TCA_ACT_BPF_OPS={0x3c, 0x4, [{}, {}, {0x3}, {}, {}, {}, {0x6}]}, @TCA_ACT_BPF_PARMS={0x18}]}, {}, {0xc}, {0xc}}}]}]}, 0xa0}}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x4, 0x4, &(0x7f0000000240)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000340)=@newtaction={0x64, 0x30, 0xffffffffffffffff, 0x0, 0x0, {}, [{0x50, 0x1, [@m_bpf={0x4c, 0x1, 0x0, 0x0, {{0x8}, {0x24, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x1}}, @TCA_ACT_BPF_FD={0x8, 0x5, r1}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x0)

2.672909799s ago: executing program 2 (id=1881):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
syz_open_dev$sndctrl(0x0, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mlock2(&(0x7f0000627000/0x3000)=nil, 0x3000, 0x0)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002340), 0x40800)
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r4, 0xc058534f, &(0x7f0000002380)={{0x0, 0x1}, 0x0, 0x0, 0x2, {0x4, 0x1}, 0x3, 0x800})
socket(0xa, 0x3, 0x3a)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=@newtaction={0xd8, 0x30, 0xffff, 0x0, 0x0, {}, [{0xc4, 0x1, [@m_ife={0xc0, 0x1, 0x0, 0x0, {{0x8}, {0x98, 0x2, 0x0, 0x1, [@TCA_IFE_DMAC={0xa, 0x3, @link_local}, @TCA_IFE_TYPE={0x6}, @TCA_IFE_TYPE={0x6}, @TCA_IFE_DMAC={0xa, 0x3, @broadcast}, @TCA_IFE_METALST={0xc, 0x6, [@IFE_META_PRIO={0x4, 0x3, @void}, @IFE_META_PRIO={0x4, 0x3, @void}]}, @TCA_IFE_PARMS={0x1c}, @TCA_IFE_TYPE={0x6}, @TCA_IFE_SMAC={0xa, 0x4, @dev}, @TCA_IFE_METALST={0x30, 0x6, [@IFE_META_SKBMARK={0x8}, @IFE_META_TCINDEX={0x4, 0x5, @void}, @IFE_META_TCINDEX={0x6}, @IFE_META_TCINDEX={0x4, 0x5, @void}, @IFE_META_SKBMARK={0x4, 0x1, @void}, @IFE_META_TCINDEX={0x6}, @IFE_META_PRIO={0x8}]}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xd8}}, 0x0)

2.671838399s ago: executing program 4 (id=1882):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{0x0}, {0x0}], 0x2)
syz_open_dev$radio(&(0x7f0000000100), 0x2, 0x2)
syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x101121)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)

2.60033992s ago: executing program 5 (id=1883):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000003e00)={0x0, 0x0, &(0x7f0000003dc0)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000090000000a20000000000a05140000000000000000010000000900010073797a3000000000580000001c0a09000900000000000000010000000900010073797a30000000000900020073797a32000000002c0003"], 0xa0}}, 0x0)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)

2.411111703s ago: executing program 1 (id=1884):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWRULE={0x2c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x54}}, 0x0)

2.286658896s ago: executing program 4 (id=1885):
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff})
r0 = shmget$private(0x0, 0x4000, 0x20, &(0x7f0000ffb000/0x4000)=nil)
shmat(r0, &(0x7f0000fff000/0x1000)=nil, 0x3000)

2.130181588s ago: executing program 1 (id=1886):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, 0x0, 0x0)

1.924040631s ago: executing program 4 (id=1887):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
getpid()
r0 = socket$inet(0x2, 0x3, 0x4)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='xfrm0\x00', 0x10)
sendmmsg$inet(r0, &(0x7f0000000f40)=[{{&(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10, 0x0}}], 0x68000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$kcm(0x10, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000000)={0x1f, 0xffff, 0x3}, 0x6)
write(r2, &(0x7f0000000340)="18000000010003", 0x7)

1.873815732s ago: executing program 1 (id=1888):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x2008084)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB="0000000003000000000000000000"], 0x50)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r4 = openat$dma_heap(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r4, 0xc0184800, &(0x7f0000000300)={0x6, r0})
r5 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$EBT_SO_SET_ENTRIES(r5, 0x0, 0x80, 0x0, 0x78)
r6 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r6, 0xc008561c, &(0x7f0000000040)={0xf0f024})
ioctl$vim2m_VIDIOC_S_FMT(r6, 0xc0d05605, &(0x7f0000000540)={0x2, @pix={0x3, 0x401, 0x3132564e, 0x1, 0x3, 0x3, 0xc, 0x7, 0x0, 0x0, 0x0, 0x3}})

1.633257295s ago: executing program 5 (id=1889):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000094ae94405f0520c4336a000000010902120001000000000904"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r1, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c)
socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240))
write$FUSE_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)

1.34018536s ago: executing program 4 (id=1890):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000040), 0x6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f00000021c0)='/proc/sysvipc/sem\x00', 0x0, 0x0)
preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000000)=""/191, 0xbf}], 0x1, 0x55, 0xfffffffc)
ioctl$sock_bt_hci(r0, 0x400448e7, 0x0)

606.096921ms ago: executing program 4 (id=1891):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x5, &(0x7f0000000640)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000020000000000000095", @ANYRES32, @ANYRESDEC=0x0, @ANYRES32, @ANYRESOCT, @ANYRES8, @ANYRES32], &(0x7f0000000080)='GPL\x00', 0xfffffffc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f00000003c0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000000380))
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(r0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$getownex(r3, 0x10, &(0x7f0000000180))
sendto$inet6(r4, 0x0, 0x0, 0x20000841, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @empty}, 0x1c)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x0, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0x0, 0x0, 0x0}, 0x94)
add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, 0x0, 0x0, 0xffffffffffffffff)
sendmsg$NFULNL_MSG_CONFIG(r5, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f00000006c0)=ANY=[@ANYBLOB="30000000010401010000000000000000010000050a0002000000000500000000050001000100000008000340000000047c9de2d62b0132d467f3c8f8a46d569fc836c767b0c6a4354bd70fdb61201587ff4275a2f0ed734a4653eeb9e48afa98059bbca35c63932c0983bd0f33fae7fd1ec12a26acc087857820485da4ab59a0d80a2cbd27b3a2a95e0b3d0511873cf75cf0c60cc3425a6fcc8ee4690a03fb860567b47279e2d5619db92ec6de74bbe309d2596a89ec1864049840560d8ac48959155fda655c00da3e0ccaa98b3daefbc9f1c959385edb34ce8a63d1b97f2b16d55b280bc8a016a489e83a342ebbb680fe82bbed986b00000000"], 0x30}, 0x1, 0x0, 0x0, 0x4040000}, 0x0)
write$cgroup_int(r6, &(0x7f0000000040)=0x1c9, 0x12)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r6, 0xc01864c6, &(0x7f0000000480)={&(0x7f0000000400)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5, 0x80000})
r7 = io_uring_setup(0x4577, 0x0)
r8 = io_uring_setup(0x7fd0, &(0x7f00000004c0)={0x0, 0x3edc, 0x2, 0x1, 0x2fa, 0x0, r7})
io_uring_register$IORING_REGISTER_CLONE_BUFFERS(r8, 0x1e, &(0x7f0000000000)={r8}, 0x1)

559.887072ms ago: executing program 1 (id=1892):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f0000000480)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000001200)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f00000019c0)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001a80)=ANY=[@ANYBLOB="200008000000e0001000"], 0x0, &(0x7f0000001740)={0x40, 0x9, 0x1, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001900)={0x40, 0x1c, 0x1, 0x2}, &(0x7f0000001940)={0x40, 0x1e, 0x1, 0x8}, 0x0})

0s ago: executing program 2 (id=1893):
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x6, 0x4, 0x0, 0x0, 0x5}, 0x94)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000001659ec0889419429aa5db97288b0f8a87ea8e66d9a8b"], 0xb0)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="10"], 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',posixacl'])

kernel console output (not intermixed with test programs):

 enabling ssd optimizations
[  483.719090][ T9218] BTRFS info (device loop2): auto enabling async discard
[  483.796763][   T28] audit: type=1800 audit(1752097322.247:418): pid=9218 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.929" name="file1" dev="loop2" ino=260 res=0 errno=0
[  484.548276][ T5784] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  485.413189][   T28] audit: type=1800 audit(1752097323.867:419): pid=9264 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.940" name="SYSV00000000" dev="hugetlbfs" ino=4 res=0 errno=0
[  485.485114][ T9258] loop1: detected capacity change from 0 to 8192
[  486.640950][ T9270] batman_adv: batadv: cannot create tp meter kthread
[  488.307964][ T9292] tmpfs: Unknown parameter 'eDÞR°¿t°6'
[  489.726971][ T9301] futex_wake_op: syz.2.950 tries to shift op by -1; fix this program
[  490.043711][ T9301] loop2: detected capacity change from 0 to 512
[  490.451521][ T9301] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  490.464254][ T9301] ext4 filesystem being mounted at /252/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  490.783225][ T5784] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  491.226346][ T8772] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  491.238324][ T9320] netlink: 'syz.3.957': attribute type 12 has an invalid length.
[  491.430620][ T8772] usb 2-1: unable to read config index 0 descriptor/start: -61
[  491.444639][ T8772] usb 2-1: can't read configurations, error -61
[  491.606490][ T8772] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  492.624306][ T8772] usb 2-1: unable to read config index 0 descriptor/start: -61
[  492.642836][ T9334] siw: device registration error -23
[  492.690475][ T8772] usb 2-1: can't read configurations, error -61
[  492.730741][ T8772] usb usb2-port1: attempt power cycle
[  493.186517][ T8772] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  493.241306][ T8772] usb 2-1: unable to read config index 0 descriptor/start: -61
[  493.361895][ T8772] usb 2-1: can't read configurations, error -61
[  493.527012][   T28] audit: type=1326 audit(1752097331.987:420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9335 comm="syz.4.961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6e998e929 code=0x7ffc0000
[  493.550554][   T28] audit: type=1326 audit(1752097331.987:421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9335 comm="syz.4.961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc6e998e929 code=0x7ffc0000
[  493.557851][ T8772] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  493.573053][    C0] vkms_vblank_simulate: vblank timer overrun
[  493.573624][   T28] audit: type=1326 audit(1752097331.987:422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9335 comm="syz.4.961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6e998e929 code=0x7ffc0000
[  493.672182][   T28] audit: type=1326 audit(1752097332.007:423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9335 comm="syz.4.961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6e998e929 code=0x7ffc0000
[  493.695151][   T28] audit: type=1326 audit(1752097332.007:424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9335 comm="syz.4.961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc6e998e929 code=0x7ffc0000
[  493.717908][   T28] audit: type=1326 audit(1752097332.087:425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9335 comm="syz.4.961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6e998e929 code=0x7ffc0000
[  493.749639][   T28] audit: type=1326 audit(1752097332.087:426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9335 comm="syz.4.961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fc6e998e929 code=0x7ffc0000
[  493.771901][    C0] vkms_vblank_simulate: vblank timer overrun
[  493.875589][ T8772] usb 2-1: unable to read config index 0 descriptor/start: -61
[  493.883687][ T8772] usb 2-1: can't read configurations, error -61
[  493.888932][   T28] audit: type=1326 audit(1752097332.087:427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9335 comm="syz.4.961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fc6e998e963 code=0x7ffc0000
[  493.928244][ T8772] usb usb2-port1: unable to enumerate USB device
[  494.212183][   T28] audit: type=1326 audit(1752097332.087:428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9335 comm="syz.4.961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fc6e998d3df code=0x7ffc0000
[  494.234218][    C0] vkms_vblank_simulate: vblank timer overrun
[  494.346576][   T28] audit: type=1326 audit(1752097332.087:429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9335 comm="syz.4.961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7fc6e998e9b7 code=0x7ffc0000
[  497.875022][ T9364] loop3: detected capacity change from 0 to 128
[  497.953034][ T7476] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  498.056207][ T5826] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  498.449881][ T9374] siw: device registration error -23
[  498.997758][ T5826] usb 2-1: config 8 has an invalid interface number: 220 but max is 1
[  499.009788][ T5826] usb 2-1: config 8 has an invalid interface number: 203 but max is 1
[  499.022270][ T5826] usb 2-1: config 8 has an invalid descriptor of length 36, skipping remainder of the config
[  499.037452][ T5826] usb 2-1: config 8 has no interface number 0
[  499.043549][ T5826] usb 2-1: config 8 has no interface number 1
[  499.054110][ T5826] usb 2-1: config 8 interface 203 altsetting 4 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  499.071383][ T5826] usb 2-1: config 8 interface 220 has no altsetting 0
[  499.082777][ T5826] usb 2-1: config 8 interface 203 has no altsetting 0
[  499.097899][ T5826] usb 2-1: New USB device found, idVendor=093a, idProduct=2601, bcdDevice=16.fc
[  499.110586][ T5826] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  499.119452][ T5826] usb 2-1: Product: syz
[  499.136207][ T5826] usb 2-1: Manufacturer: syz
[  499.149711][ T5826] usb 2-1: SerialNumber: syz
[  499.433570][ T9380] loop2: detected capacity change from 0 to 512
[  499.544128][ T8345] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  501.742824][ T1287] ieee802154 phy0 wpan0: encryption failed: -22
[  501.749572][ T1287] ieee802154 phy1 wpan1: encryption failed: -22
[  501.814817][ T5826] usb 2-1: USB disconnect, device number 27
[  502.180478][   T28] kauditd_printk_skb: 22 callbacks suppressed
[  502.180497][   T28] audit: type=1800 audit(1752097340.407:452): pid=9402 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.978" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0
[  503.112786][ T9412] loop1: detected capacity change from 0 to 512
[  503.133162][ T9414] loop2: detected capacity change from 0 to 512
[  503.166734][ T9412] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  503.185710][ T9412] ext4 filesystem being mounted at /222/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  503.203970][ T8345] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  503.310333][   T28] audit: type=1800 audit(1752097341.767:453): pid=9412 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.982" name="file1" dev="loop1" ino=15 res=0 errno=0
[  503.358435][ T8772] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  503.385717][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  503.618430][ T8772] usb 4-1: config 0 has no interfaces?
[  503.630925][ T8772] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  503.642216][ T8772] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  503.650410][ T8772] usb 4-1: Product: syz
[  503.654760][ T8772] usb 4-1: Manufacturer: syz
[  503.660136][ T8772] usb 4-1: SerialNumber: syz
[  503.671695][ T8772] usb 4-1: config 0 descriptor??
[  503.686200][ T5776] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  503.912920][ T5776] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  503.926250][ T5776] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  503.948249][ T5776] usb 3-1: config 0 descriptor??
[  504.383756][ T5776] ath6kl: Failed to submit usb control message: -71
[  504.396221][ T5776] ath6kl: unable to send the bmi data to the device: -71
[  504.406544][ T8772] usb 4-1: USB disconnect, device number 14
[  504.426139][ T5776] ath6kl: Unable to send get target info: -71
[  504.446212][ T5776] ath6kl: Failed to init ath6kl core: -71
[  504.475453][ T5776] ath6kl_usb: probe of 3-1:0.0 failed with error -71
[  504.514851][ T5776] usb 3-1: USB disconnect, device number 20
[  504.936658][    T8] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  505.146443][    T8] usb 4-1: config 8 has an invalid interface number: 220 but max is 1
[  505.165606][    T8] usb 4-1: config 8 has an invalid interface number: 203 but max is 1
[  505.176548][ T9436] netlink: 8 bytes leftover after parsing attributes in process `syz.1.989'.
[  505.200946][    T8] usb 4-1: config 8 has an invalid descriptor of length 36, skipping remainder of the config
[  505.238443][    T8] usb 4-1: config 8 has no interface number 0
[  505.266509][    T8] usb 4-1: config 8 has no interface number 1
[  505.449869][    T8] usb 4-1: config 8 interface 203 altsetting 4 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  505.463548][    T8] usb 4-1: config 8 interface 220 has no altsetting 0
[  505.470685][    T8] usb 4-1: config 8 interface 203 has no altsetting 0
[  505.493565][    T8] usb 4-1: New USB device found, idVendor=093a, idProduct=2601, bcdDevice=16.fc
[  505.526930][    T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  506.250363][    T8] usb 4-1: Product: syz
[  506.255007][    T8] usb 4-1: Manufacturer: syz
[  506.259814][    T8] usb 4-1: SerialNumber: syz
[  507.640193][ T9450] loop1: detected capacity change from 0 to 512
[  507.688608][    T8] usb 4-1: USB disconnect, device number 15
[  511.087865][ T9472] loop1: detected capacity change from 0 to 128
[  513.863091][ T9492] loop3: detected capacity change from 0 to 512
[  514.488440][ T5833] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  515.657688][ T5833] usb 3-1: device descriptor read/all, error -71
[  518.830140][ T9527] [U] 
[  518.833509][ T9527] [U] K{‘
[  518.838010][ T9527] [U] ät Ž1ÊàŠªFìÇÄfËŠî`GÊJç˜Ügö毹¬¡—þÈoÕñ/ümCç
[  518.845037][ T9527] [U] tžØ–/,�~ˆÄœ­‹jõÿÊ}8îÊþ'o1�Ü"™7-î‚JQœK—¤Wºïqé5c%"¬H12–¦Y“„‰ž€ÊXÍ`ˆ‚íè¼`+³û(·â¿!(éûéz'àtXln»I®gÅj– °üÝ­·på~÷7í!‘Õò"ø¨Î¾ª(È5ˆObü¤‡ÍƒJÖ
[  518.861808][ T9527] [U] ±k\&—}6£6œXîHX�¥ôµ„Ìþ.`¸a“$Û40|϶¿�9°øÞ¨„¯ÀÏU‚ò4�ôä®VbzÃð}ÌwÔM”TºŽíQŸýΦr’4”ÿ
[  518.887560][ T9527] [U] ".h6øÞ"Ökã‡[›‰¤ŒJá4çØI�n¨™[Z(•„C|Të]z{�â3Ÿc=»¨xîôžë…î4ßw‰)\T‘XJø�SH{q;ì¹¢…ötÔÇ+‹¦÷gíèÿ®d„.Ë‚³>yž�÷éwUh„fN—Ž�Çhl]SÔ2ŠÇÙ\g%ŠO¼&z)µðš'¨pul‚_<ã	¢Ø°‰ò®Ôå`Ò±TÔÁþœÐËþ;_ô"(‘u{7jœ¿2X ‘/€'ÝÙcÑÌõIº©ÀÏH¿c�Õ³žV¦=�‘AiÇ%w¼Esž RšŸjŠîœƒÚ”gÂ÷rÁ¹í¡hI
˜¢œaïì6-úD�úV¨á i"øånæ¨ þÚAsc~4Áª¹8cø*­OO5/ÿœJš~º§¡w—vK+¬®‰Œ3èÇY)Ž¹M°¸æv¶Ìyqæ½€DTr¯
Otpem%f×ÊejÍA5æÔT_-X~ ^aaÛ‚ò˜½qÖå
[  518.928893][ T9527] [U] 	+�w‰G?]£Ó'a:	»Ú)Õ
ïó™“' B>t¢ ¡f/™÷<'èUÓ'–¼h§ié.+]eŸ.½-É¿ÿ¿Ò%÷è>2`¶^Uÿ8F.Š6¤Å3ÓØ+ËA¾Â««„°g3ÓpÂó6:�^0À�téèv÷'Eõt¼€ûâYC‰n¾þrÏ©ÞnèPj×;æZ†êôñû‘8!¯È\ù…¸AØÊ–2Á£$ðµ™Â­wi.Íç#ŠÈ/Bai¼�Ä`ðá4j’ôdîy@Óz„ügW÷5Ë¿Bĵٜ Nóy"vI2ûÌ
[  518.986371][ T9527] [U] ôT¦_K5¸t¬YJÐþÎ9ðÕcÊ$brŸLúNul¶ü9wÈýÍ|žGå"ʃÆ%Çú¶êCªØ�°¶ºqîÙ
 ŸÇ3‹Æq¯ôN^HP*½Ü$	µ.Î7yÓ±œ2³
[  519.006202][ T9527] [U] ½?�©ÿhüä*ÙÁ”Î3í�7Üé�¾^#Q�"0~‡‚ð(éoïXLŒb£,'vîÓ=‹ÝëCÌS«…’G‚S¶Þ0•Ö‚‹Ù`˜›žÙ‡Ÿ†=1(÷î¾™÷p#ò2DO*Ƀ
[  519.036296][ T9527] [U] ©s¹“gžµ²¶“˜GuÐÔd-{¸™â|&“�®ŸŸñ�2µ›LÞc_©œ!`¨ÍozÖ¥¢B¶³%>êrñ¶öwï‡ýŽSsÂH"£yA4£O.šYÙÛä�„RTÔ¶ŒBÚ[+/<<R�B�Êäõ|ФeŽžÑÛ –V96#ûúÑͤê¦jºUº%
s851ƒ�þÒ©s�P±¨\£ƒ?qª|L�´QXµ0ÂKÔ1orÉ´2¡½|ÖüdÖFÌ¿»ù�ÚË2Þ”–¨×0ÌåH•}C[/¤»“Ÿpx^¼èo
[  519.093071][ T9527] [U] ÖØ›·Ü—(JÅЛ•§mÛüxz˜;œ½±ÓÿØ�_¹»µÔ*3÷3…ß5¸\ƒxm³ÚU�‰AK!aQ`ßË;Fð•�I+ÖÐVUHåðÂmÑj³´Æ·ÙÛZÄcøãz‹¼Â)_矡	ô‘¡&ÿö¡ÿáaÇxtoÈÝê_½ ú¼¦:¨â×%à²Pò×ÈCö²‚yö+_þü›ýû}Uïm˜ƒÆ«CÅ!KJò7Ðßg¯Ë=bè
[  519.094063][ T9529] loop1: detected capacity change from 0 to 1024
[  519.132067][ T9527] [U] Ù½¥Fœ%ŽXAÙÂlŸ2r*gŒòVW¬Ñ$ƒüj	ãA˜›F¶ß�·+ø¾9Í„ViºÖ—¼kÙ¾Å1}_©â
á¥%Ãr6„•(]“¦/Ÿ¶ø�Å™YܺÇÞh㤾üÑr gªÄrn/Ü«Î#!êdÙûÚ«%ÞÛËDªï-{ð$þvU‘ýT²¼ª$:mtrÔEŽC1V‰D~îÈ];[˜ËÚÐ÷sq¾¯œù(ìëe,X¦8â"Ù
æðG¥dŸúµ2@T8ž¾´òƒàðÿàt8.Rc+Ä@Ëꦇp‡uá
p”‰¼¶C±‡Ë'å„yLÓ-Ss1E?Å7ÓO‡§ì^]¦†Âóc”â½H]§Jkr]Rkq܆�øÝ£þ´OTcôÆx¶¨¾4™NË	³Ï&�á­ðÚ‹ŠÓ@¶:m7ß~�+”W*ÛÁ–xMüó>>—¡{q¢Ú×
_²Õ�LX8ÊU„ÇØî{ðZ³íø�)ÿÒ7?ËrR;ÿcßr hײڣỨè1Å>)©Măâ‰Ït§²Ú(ìÇaÏ�„}9·Ú¥ãJ*MÑœ¥Ä¡«'L¹£q	ìDWŸòø¸=ؽ|q¬	ÏÆ™W;5æÙŽª!ñdB¸x`é§ö/÷ÂE�`ƦM¢Xîâ"ä\
[  519.167133][ T9529] EXT4-fs: Ignoring removed nobh option
[  519.208410][ T9527] [U] {;Žõ¥ÂÙ˜_ˆo2«Ñ)îo®›.2ÐW2겨ðyùÃãx_  HPϱœSªD­�¦ø:]‚{Ë©ÔÝæè½
[  519.229854][ T9529] EXT4-fs: Ignoring removed bh option
[  519.236572][ T9529] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  519.248087][ T9527] [U] I,Ç>Çó¤	îÙ5�1ñ÷^1òN4¯oǶþ'0ý?Ö’iÙ9w.ï_.¶WŠa¼Š�Vˆ±`)ÑZ¬ïæc6GiÓ¹²a»¬XL[¢›½¡Fü*ÀñO‰W)+‡Ç'\nÆ
[K@ÑëÄü2çǬ–®¡p"^`Á‰í	øß
[  519.263237][ T9527] [U] 22½“Æ©Ðû©x?0;3u±
[  519.268642][ T9527] [U] ÞœÕ
æ�ósObx 8”Wˆ4á‘(ð~/§¿íKÇUžãÔ–oQËe+·G®-yµgY_
•>v¢ÜÈë—3.hÁÓ™]Í„²2‘”)™DË,	‘Ä	þD~×d©£¡+Ãw;A\˜F
PÉþȘ|$ºø)�
KØ�I³éÐÉ¿kñYT^RÍüù癵“ËA=±#–Üœ	ÝíßËae©�tå1·Îݯ4K¯.e"RÚS|ðŸÀsÖ’Á:•ù>p™…rÐ"z‰ú­ûúé#P!˜KY"›}ÃÆF¿N84ü³ƒÅhÞ±£o•Èsߙ̫%DlwÙmæ²Ç
[  519.294286][ T9527] [U] [ª['xn€'²÷á¿Ü,mr¦«/žšœâ1D=!DŽx91Bù
wç»R—lf…ƒÆKì¤Zõê# `ì‘lØ›§Ëœ»×b~åmÒÔÖ
[  519.305401][ T9527] [U] ™LÖ>�ñ�d+ˆd¯§—®Ì"5Žê��h3<ª¨ÅiR=F^”f�nõóÜÀ‰¿û­vÛ÷œDÁOIOÚ:Uö>ÖYâ
[  519.315973][ T9527] [U] 'B—6vý20³ä·çž¥·×Œï"t8Ñ{9ÆFW��]ôÊäì©�
[  519.323505][ T9527] [U] ù72þ‰ïÂÃuþC6™îüÔÏ„I]8cª£tÛ¨QSk�YÞîIÒÀâ¹ ¿|V'ÛTV/ùÅg•$[â 9kh`ú"ü‘úõ}€ñ[^=ˆú0á]½ã%ÆÌ‚T“Šž¹ØFì_vö4C¸òÅ
[  519.336541][ T9527] [U] ¹ec�
[  519.339725][ T9527] [U] �—”|‚Êì<äî:^ü3$7nK~Ø-™@÷¦?Ÿ–/mtl·�Û¾©Iˆwè¬@g~tØ{êÜPß+Æ$ªjp|µŽçIÛRió�pmð õ·YÓ ú”8ìtÉÐÞVžÙÿÆë,îlâ,Õ
[  519.373443][ T9526] [U] ˆKÌúÛõ‰)0ÄÄÝ~ü³ÊªÁiP'ífóòœzÚÞr¬™ÿ@BÓ]Â5ÝÊ{­©Ê¼ô'à8åÆ¥F‡¹UTqUd
Ç©¤K;7íª0c[„ãy–¼ÈYC¦¶»Ø°mª™Lò8’T…ÍšÎ5³ýýrx�™¶ðWí x¤²óoQhVi'8œ¥Î…Lµ
[  519.434737][ T9529] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  519.572143][ T9529] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  519.582031][ T9538] loop2: detected capacity change from 0 to 1024
[  519.642043][ T9538] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  519.685795][ T9538] ext4 filesystem being mounted at /270/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  519.698049][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  519.771164][   T28] audit: type=1326 audit(1752097358.227:454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9537 comm="syz.2.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccb0f8e929 code=0x7ffc0000
[  519.835482][   T28] audit: type=1326 audit(1752097358.227:455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9537 comm="syz.2.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccb0f8e929 code=0x7ffc0000
[  519.885539][   T28] audit: type=1326 audit(1752097358.227:456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9537 comm="syz.2.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fccb0f8e929 code=0x7ffc0000
[  520.124569][   T28] audit: type=1326 audit(1752097358.227:457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9537 comm="syz.2.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccb0f8e929 code=0x7ffc0000
[  520.196192][   T28] audit: type=1326 audit(1752097358.227:458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9537 comm="syz.2.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccb0f8e929 code=0x7ffc0000
[  520.603792][   T28] audit: type=1326 audit(1752097358.257:459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9537 comm="syz.2.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fccb0f8e929 code=0x7ffc0000
[  520.821377][   T28] audit: type=1326 audit(1752097358.257:460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9537 comm="syz.2.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccb0f8e929 code=0x7ffc0000
[  520.926386][   T28] audit: type=1326 audit(1752097358.257:461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9537 comm="syz.2.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccb0f8e929 code=0x7ffc0000
[  520.948976][   T28] audit: type=1326 audit(1752097358.267:462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9537 comm="syz.2.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fccb0f8e929 code=0x7ffc0000
[  520.971467][   T28] audit: type=1326 audit(1752097358.267:463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9537 comm="syz.2.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fccb0f8e963 code=0x7ffc0000
[  521.312515][ T9554] random: crng reseeded on system resumption
[  521.726210][ T5826] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  522.008108][ T5826] usb 4-1: config 8 has an invalid interface number: 220 but max is 1
[  522.041781][ T5826] usb 4-1: config 8 has an invalid interface number: 203 but max is 1
[  522.086314][ T5826] usb 4-1: config 8 has an invalid descriptor of length 36, skipping remainder of the config
[  522.117418][ T5826] usb 4-1: config 8 has no interface number 0
[  522.123899][ T5826] usb 4-1: config 8 has no interface number 1
[  522.151239][ T5826] usb 4-1: config 8 interface 203 altsetting 4 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  522.185454][ T5826] usb 4-1: config 8 interface 220 has no altsetting 0
[  522.595723][ T5826] usb 4-1: config 8 interface 203 has no altsetting 0
[  522.606290][ T5826] usb 4-1: New USB device found, idVendor=093a, idProduct=2601, bcdDevice=16.fc
[  522.615404][ T5826] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  522.642665][ T5826] usb 4-1: Product: syz
[  522.690617][ T5826] usb 4-1: Manufacturer: syz
[  522.711342][ T5826] usb 4-1: SerialNumber: syz
[  522.844985][ T9566] loop1: detected capacity change from 0 to 512
[  522.952978][ T8345] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  523.016324][ T9534] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  523.142606][ T5784] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  524.296795][ T5826] usb 4-1: USB disconnect, device number 16
[  524.938732][   T28] kauditd_printk_skb: 28 callbacks suppressed
[  524.938747][   T28] audit: type=1326 audit(1752097363.397:492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9576 comm="syz.3.1030" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f708198e929 code=0x0
[  526.591549][ T9594] loop1: detected capacity change from 0 to 128
[  526.935498][ T9573] loop2: detected capacity change from 0 to 40427
[  526.976621][ T9573] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  526.996625][ T9573] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  527.062367][ T9573] F2FS-fs (loop2): Found nat_bits in checkpoint
[  527.259185][ T9573] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  527.283995][ T9573] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  528.736594][ T5847] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  529.295714][ T5847] usb 3-1: config 8 has an invalid interface number: 220 but max is 1
[  529.354101][ T5847] usb 3-1: config 8 has an invalid interface number: 203 but max is 1
[  529.720952][ T5847] usb 3-1: config 8 has an invalid descriptor of length 36, skipping remainder of the config
[  529.736261][ T5847] usb 3-1: config 8 has no interface number 0
[  529.742592][ T5847] usb 3-1: config 8 has no interface number 1
[  529.748889][ T5847] usb 3-1: config 8 interface 203 altsetting 4 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  529.764141][ T5847] usb 3-1: config 8 interface 220 has no altsetting 0
[  529.772552][ T5847] usb 3-1: config 8 interface 203 has no altsetting 0
[  529.783127][ T5847] usb 3-1: New USB device found, idVendor=093a, idProduct=2601, bcdDevice=16.fc
[  529.796165][ T5847] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  529.826161][ T5847] usb 3-1: Product: syz
[  529.831503][ T5847] usb 3-1: Manufacturer: syz
[  529.851080][ T5847] usb 3-1: SerialNumber: syz
[  531.402125][ T5847] usb 3-1: USB disconnect, device number 23
[  533.227477][    T9] usb 3-1: new low-speed USB device number 24 using dummy_hcd
[  533.607386][    T9] usb 3-1: config 0 interface 0 altsetting 6 endpoint 0x81 has invalid maxpacket 1024, setting to 8
[  533.652376][    T9] usb 3-1: config 0 interface 0 altsetting 6 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  533.776364][    T9] usb 3-1: config 0 interface 0 has no altsetting 0
[  533.783062][    T9] usb 3-1: New USB device found, idVendor=056e, idProduct=00fd, bcdDevice= 0.00
[  534.274226][ T9651] loop1: detected capacity change from 0 to 512
[  534.281707][ T9651] EXT4-fs: Ignoring removed mblk_io_submit option
[  538.710267][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  538.731743][ T9651] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  538.741366][ T9651] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem
[  538.753196][ T9651] workqueue: Failed to create a rescuer kthread for wq "ext4-rsv-conversion": -EINTR
[  538.755261][ T9651] EXT4-fs: failed to create workqueue
[  538.770324][ T9651] EXT4-fs (loop1): mount failed
[  538.890721][    T9] usb 3-1: config 0 descriptor??
[  538.931596][    T9] usb 3-1: can't set config #0, error -71
[  538.947691][    T9] usb 3-1: USB disconnect, device number 24
[  540.436179][    T9] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  542.565463][    T9] usb 2-1: device descriptor read/all, error -71
[  547.076220][   T27] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  547.301826][ T9730] siw: device registration error -23
[  547.426901][   T27] usb 3-1: config 8 has an invalid interface number: 220 but max is 1
[  547.461913][   T27] usb 3-1: config 8 has an invalid interface number: 203 but max is 1
[  547.738310][   T27] usb 3-1: config 8 has an invalid descriptor of length 36, skipping remainder of the config
[  547.837024][   T27] usb 3-1: config 8 has no interface number 0
[  547.843382][   T27] usb 3-1: config 8 has no interface number 1
[  547.850181][   T27] usb 3-1: config 8 interface 203 altsetting 4 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  547.863934][   T27] usb 3-1: config 8 interface 220 has no altsetting 0
[  547.882640][   T27] usb 3-1: config 8 interface 203 has no altsetting 0
[  547.909043][   T27] usb 3-1: New USB device found, idVendor=093a, idProduct=2601, bcdDevice=16.fc
[  547.927485][   T27] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  547.967475][   T27] usb 3-1: Product: syz
[  548.179789][   T27] usb 3-1: Manufacturer: syz
[  548.246170][   T27] usb 3-1: SerialNumber: syz
[  549.653820][   T27] usb 3-1: USB disconnect, device number 25
[  554.046747][ T5826] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  554.318004][ T5826] usb 3-1: too many configurations: 9, using maximum allowed: 8
[  554.335830][ T5826] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  554.351602][ T5826] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  554.594094][ T5826] usb 3-1: config 0 interface 0 has no altsetting 0
[  554.602983][ T5826] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  554.627896][ T5826] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  555.353146][ T5826] usb 3-1: config 0 interface 0 has no altsetting 0
[  555.368316][ T5826] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  555.386174][ T5826] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  555.406469][ T5826] usb 3-1: config 0 interface 0 has no altsetting 0
[  555.414928][ T5826] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  555.446643][ T5826] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  555.471513][ T5826] usb 3-1: config 0 interface 0 has no altsetting 0
[  555.486235][ T5826] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  555.656796][ T5826] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  555.670363][ T5826] usb 3-1: config 0 interface 0 has no altsetting 0
[  555.683017][ T5826] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  555.709327][ T5826] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  555.746134][ T5826] usb 3-1: config 0 interface 0 has no altsetting 0
[  555.754640][ T5826] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  555.777306][ T5826] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  555.806431][ T5826] usb 3-1: config 0 interface 0 has no altsetting 0
[  555.815306][ T5826] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  555.826846][ T5826] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  555.838456][ T5826] usb 3-1: config 0 interface 0 has no altsetting 0
[  555.851129][ T5826] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  555.867140][ T5826] usb 3-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  556.211386][ T5826] usb 3-1: Product: syz
[  556.216412][ T5826] usb 3-1: Manufacturer: syz
[  556.228127][ T5826] usb 3-1: SerialNumber: syz
[  556.258679][ T5826] usb 3-1: config 0 descriptor??
[  556.269902][ T5826] usb 3-1: can't set config #0, error -71
[  556.308481][ T5826] usb 3-1: USB disconnect, device number 26
[  556.531231][ T9794] loop1: detected capacity change from 0 to 1024
[  556.556891][ T9794] EXT4-fs: Ignoring removed nobh option
[  556.646702][ T9794] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  557.254268][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  558.863259][ T9810] batman_adv: batadv: cannot create tp meter kthread
[  559.768846][ T9818] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1093'.
[  559.912515][ T9818] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1093'.
[  561.001281][   T28] audit: type=1800 audit(1752097399.457:493): pid=9833 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1098" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  561.489064][ T9840] loop1: detected capacity change from 0 to 1024
[  561.608962][ T9840] EXT4-fs: Ignoring removed nobh option
[  561.747173][ T9840] EXT4-fs: Ignoring removed bh option
[  561.899711][ T9840] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  562.075900][ T9840] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  562.502073][ T9851] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  562.548402][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  562.562067][ T9850] bridge0: port 1(bridge_slave_0) entered disabled state
[  562.575637][ T9850] bridge0: port 2(bridge_slave_1) entered disabled state
[  563.185275][ T1287] ieee802154 phy0 wpan0: encryption failed: -22
[  563.194735][ T1287] ieee802154 phy1 wpan1: encryption failed: -22
[  563.825370][   T50] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  563.847058][   T50] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  563.862016][   T50] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  563.871920][   T50] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  563.880356][   T50] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  563.887893][   T50] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  564.157511][ T9872] loop2: detected capacity change from 0 to 4096
[  564.221501][ T7476] I/O error, dev loop2, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  565.553741][ T9865] chnl_net:caif_netlink_parms(): no params data found
[  565.902387][ T9865] bridge0: port 1(bridge_slave_0) entered blocking state
[  565.926258][ T9865] bridge0: port 1(bridge_slave_0) entered disabled state
[  565.933603][ T9865] bridge_slave_0: entered allmulticast mode
[  565.979836][   T50] Bluetooth: hci4: command tx timeout
[  565.981568][ T9865] bridge_slave_0: entered promiscuous mode
[  566.073964][ T9865] bridge0: port 2(bridge_slave_1) entered blocking state
[  566.126341][ T9865] bridge0: port 2(bridge_slave_1) entered disabled state
[  566.154625][ T9865] bridge_slave_1: entered allmulticast mode
[  566.174791][ T9865] bridge_slave_1: entered promiscuous mode
[  566.396045][ T9865] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  566.429886][ T9865] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  567.268625][ T9865] team0: Port device team_slave_0 added
[  567.377060][ T9865] team0: Port device team_slave_1 added
[  567.587947][ T9865] batman_adv: batadv0: Adding interface: batadv_slave_0
[  567.595636][ T9865] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  567.703402][ T9865] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  567.834469][ T9865] batman_adv: batadv0: Adding interface: batadv_slave_1
[  567.868305][ T9865] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  567.966252][ T9865] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  568.086259][   T50] Bluetooth: hci4: command tx timeout
[  568.971956][ T9865] hsr_slave_0: entered promiscuous mode
[  569.000016][ T9865] hsr_slave_1: entered promiscuous mode
[  569.012123][ T9865] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  569.030737][ T9865] Cannot create hsr debugfs directory
[  570.137893][   T50] Bluetooth: hci4: command tx timeout
[  570.249487][ T9924] loop1: detected capacity change from 0 to 1024
[  570.265063][ T9865] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  570.275224][ T9924] EXT4-fs: Ignoring removed nobh option
[  570.300214][ T9924] EXT4-fs: Ignoring removed bh option
[  570.323866][ T9865] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  570.354269][ T9924] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  570.389388][ T9865] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  570.435277][ T9865] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  570.472866][ T9924] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  570.797814][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  571.812342][ T9865] 8021q: adding VLAN 0 to HW filter on device bond0
[  571.882385][ T9865] 8021q: adding VLAN 0 to HW filter on device team0
[  571.960782][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  571.968168][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  571.979899][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  571.987159][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  572.083019][ T9865] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  572.216546][   T50] Bluetooth: hci4: command tx timeout
[  572.804451][ T9865] 8021q: adding VLAN 0 to HW filter on device batadv0
[  574.276644][   T27] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  574.477074][   T27] usb 2-1: Using ep0 maxpacket: 8
[  574.494322][   T27] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  574.535312][   T27] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  574.630391][   T27] pvrusb2: Hardware description: Terratec Grabster AV400
[  574.676628][   T27] pvrusb2: **********
[  574.690975][   T27] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  574.744500][   T27] pvrusb2: Important functionality might not be entirely working.
[  574.775827][   T27] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  574.837150][   T27] pvrusb2: **********
[  574.869081][ T2318] pvrusb2: Invalid write control endpoint
[  574.892954][ T9865] veth0_vlan: entered promiscuous mode
[  574.990759][ T9865] veth1_vlan: entered promiscuous mode
[  575.146669][ T9972] pvrusb2: Invalid write control endpoint
[  575.179003][ T9865] veth0_macvtap: entered promiscuous mode
[  575.187257][   T27] usb 2-1: USB disconnect, device number 30
[  575.194299][ T2318] pvrusb2: Invalid write control endpoint
[  575.228428][ T2318] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  575.239590][ T9865] veth1_macvtap: entered promiscuous mode
[  575.261678][ T2318] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  575.285347][ T9865] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  575.292190][ T2318] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  575.308134][ T9865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  575.336441][ T2318] pvrusb2: Device being rendered inoperable
[  575.349624][ T9865] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  575.361211][ T2318] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  575.380834][ T2318] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  575.384131][ T9865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  575.400178][ T2318] pvrusb2: Attached sub-driver cx25840
[  575.412442][ T2318] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  575.417915][ T9865] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  575.441499][ T9865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  575.441504][ T2318] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  575.461937][ T9865] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  575.484791][ T9865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  575.503261][ T9865] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  575.533043][ T9865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  575.548525][ T9865] batman_adv: batadv0: Interface activated: batadv_slave_0
[  575.609714][ T9865] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  575.630173][ T9865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  575.643948][ T9865] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  575.660887][ T9865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  575.673374][ T9865] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  575.684908][ T9865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  575.716433][ T9865] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  575.800582][ T9865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  575.839063][ T9865] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  575.858094][ T9865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  575.881572][ T9865] batman_adv: batadv0: Interface activated: batadv_slave_1
[  575.909048][ T9865] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  575.922517][ T9865] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  575.936300][ T9865] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  575.950959][ T9865] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  576.138065][ T4719] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  576.145937][ T4719] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  576.241115][ T4719] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  576.253406][ T4719] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  576.438203][ T9994] loop5: detected capacity change from 0 to 1024
[  576.697834][ T9986] loop1: detected capacity change from 0 to 32768
[  576.953962][ T9986] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 scanned by syz.1.1135 (9986)
[  576.988819][ T9986] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  576.999830][ T9986] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm
[  577.013713][ T9986] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  577.039612][ T9986] BTRFS info (device loop1): use zstd compression, level 3
[  577.075555][ T9986] BTRFS info (device loop1): using free space tree
[  577.122762][T10004] syz.5.1101 (10004): /proc/9993/oom_adj is deprecated, please use /proc/9993/oom_score_adj instead.
[  577.200457][   T28] audit: type=1800 audit(1752097415.657:494): pid=10012 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1139" name="SYSV00000000" dev="hugetlbfs" ino=6 res=0 errno=0
[  577.365036][ T9986] BTRFS info (device loop1): enabling ssd optimizations
[  577.405699][ T9986] BTRFS info (device loop1): auto enabling async discard
[  577.609508][   T28] audit: type=1800 audit(1752097416.067:495): pid=9986 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1135" name="file1" dev="loop1" ino=260 res=0 errno=0
[  577.622232][T10019] loop2: detected capacity change from 0 to 1024
[  577.706245][T10019] EXT4-fs: Ignoring removed nobh option
[  577.711885][T10019] EXT4-fs: Ignoring removed bh option
[  577.726806][ T5826] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  577.742282][T10019] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  577.825358][T10019] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  577.866404][ T5785] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  577.998281][ T5784] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  578.038960][ T5826] usb 6-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  578.076855][ T5826] usb 6-1: config 1 has an invalid descriptor of length 153, skipping remainder of the config
[  578.262867][ T5826] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  578.305129][ T5826] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  579.572114][T10028] loop2: detected capacity change from 0 to 128
[  579.701992][ T7476] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  581.452449][ T5826] usb 6-1: string descriptor 0 read error: -71
[  581.464497][ T5826] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  581.478411][ T5826] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  581.499891][ T5826] usb 6-1: can't set config #1, error -71
[  581.518063][ T5826] usb 6-1: USB disconnect, device number 2
[  582.947614][   T27] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  582.968197][T10066] loop2: detected capacity change from 0 to 1024
[  583.216584][   T27] usb 2-1: Using ep0 maxpacket: 32
[  583.382889][   T27] usb 2-1: config 0 has an invalid interface number: 89 but max is 0
[  583.499814][T10066] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  583.542549][   T27] usb 2-1: config 0 has no interface number 0
[  583.575092][T10066] ext4 filesystem being mounted at /308/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  583.596387][   T27] usb 2-1: config 0 interface 89 has no altsetting 0
[  583.624379][   T27] usb 2-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  583.641186][T10074] loop5: detected capacity change from 0 to 128
[  583.657983][   T27] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  583.687364][   T28] audit: type=1326 audit(1752097422.147:496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10065 comm="syz.2.1153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccb0f8e929 code=0x7ffc0000
[  583.689179][   T27] usb 2-1: Product: syz
[  583.860437][   T28] audit: type=1326 audit(1752097422.147:497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10065 comm="syz.2.1153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccb0f8e929 code=0x7ffc0000
[  583.882824][    C0] vkms_vblank_simulate: vblank timer overrun
[  583.899236][ T7476] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  583.995768][   T27] usb 2-1: Manufacturer: syz
[  584.000722][   T27] usb 2-1: SerialNumber: syz
[  584.008199][   T28] audit: type=1326 audit(1752097422.147:498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10065 comm="syz.2.1153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fccb0f8e929 code=0x7ffc0000
[  584.031874][   T27] usb 2-1: config 0 descriptor??
[  584.170889][T10080] random: crng reseeded on system resumption
[  584.583258][   T28] audit: type=1326 audit(1752097422.147:499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10065 comm="syz.2.1153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccb0f8e929 code=0x7ffc0000
[  584.822391][   T28] audit: type=1326 audit(1752097422.177:500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10065 comm="syz.2.1153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fccb0f8e929 code=0x7ffc0000
[  584.844970][    C0] vkms_vblank_simulate: vblank timer overrun
[  584.845047][T10055] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  584.845477][T10055] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  584.910354][   T27] usb 2-1: USB disconnect, device number 31
[  585.017707][   T28] audit: type=1326 audit(1752097422.177:501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10065 comm="syz.2.1153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fccb0f8e963 code=0x7ffc0000
[  585.089248][ T5784] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  585.102670][   T28] audit: type=1326 audit(1752097422.177:502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10065 comm="syz.2.1153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fccb0f8d3df code=0x7ffc0000
[  585.126748][   T28] audit: type=1326 audit(1752097422.177:503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10065 comm="syz.2.1153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7fccb0f8e9b7 code=0x7ffc0000
[  585.151700][   T28] audit: type=1326 audit(1752097422.177:504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10065 comm="syz.2.1153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fccb0f8d290 code=0x7ffc0000
[  585.175982][   T28] audit: type=1326 audit(1752097422.177:505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10065 comm="syz.2.1153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fccb0f8e52b code=0x7ffc0000
[  588.218254][T10120] loop1: detected capacity change from 0 to 1024
[  588.404037][T10120] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  588.446317][T10120] ext4 filesystem being mounted at /275/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  588.876387][   T28] kauditd_printk_skb: 57 callbacks suppressed
[  588.876428][   T28] audit: type=1326 audit(1752097427.157:563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10117 comm="syz.1.1167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4acd78e929 code=0x7ffc0000
[  589.282895][T10137] random: crng reseeded on system resumption
[  589.902452][   T28] audit: type=1326 audit(1752097427.157:564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10117 comm="syz.1.1167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4acd78e929 code=0x7ffc0000
[  589.936184][   T28] audit: type=1326 audit(1752097427.307:565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10117 comm="syz.1.1167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f4acd78e929 code=0x7ffc0000
[  590.007392][   T28] audit: type=1326 audit(1752097427.307:566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10117 comm="syz.1.1167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4acd78e929 code=0x7ffc0000
[  590.029771][    C0] vkms_vblank_simulate: vblank timer overrun
[  590.051274][   T28] audit: type=1326 audit(1752097427.307:567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10117 comm="syz.1.1167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4acd78e929 code=0x7ffc0000
[  590.086242][   T28] audit: type=1326 audit(1752097427.307:568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10117 comm="syz.1.1167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f4acd78e929 code=0x7ffc0000
[  590.161408][   T28] audit: type=1326 audit(1752097427.307:569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10117 comm="syz.1.1167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4acd78e929 code=0x7ffc0000
[  590.212475][   T28] audit: type=1326 audit(1752097427.307:570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10117 comm="syz.1.1167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4acd78e929 code=0x7ffc0000
[  590.236257][   T28] audit: type=1326 audit(1752097427.317:571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10117 comm="syz.1.1167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f4acd78e929 code=0x7ffc0000
[  590.278676][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  592.183182][T10156] siw: device registration error -23
[  595.014086][   T28] audit: type=1800 audit(1752097433.467:572): pid=10203 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1193" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0
[  601.870513][ T5826] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  602.817288][ T5826] usb 2-1: Using ep0 maxpacket: 8
[  602.824769][ T5826] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  602.844941][ T5826] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  604.279122][ T5826] pvrusb2: Hardware description: Terratec Grabster AV400
[  604.289374][ T5826] pvrusb2: **********
[  604.293658][ T5826] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  604.304021][ T5826] pvrusb2: Important functionality might not be entirely working.
[  604.312031][ T5826] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  604.323590][ T5826] pvrusb2: **********
[  604.328487][ T2318] pvrusb2: Invalid write control endpoint
[  604.338385][ T5826] usb 2-1: USB disconnect, device number 32
[  604.398615][ T2318] pvrusb2: Invalid write control endpoint
[  604.404538][ T2318] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  604.414489][ T2318] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  604.422594][ T2318] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  604.443437][ T2318] pvrusb2: Device being rendered inoperable
[  604.464773][ T2318] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  604.485040][ T2318] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  604.497926][ T2318] pvrusb2: Attached sub-driver cx25840
[  604.513752][ T2318] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  604.546154][ T2318] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  607.861037][T10320] loop1: detected capacity change from 0 to 128
[  609.292143][T10328] loop1: detected capacity change from 0 to 128
[  611.042660][T10338] loop5: detected capacity change from 0 to 4096
[  611.100839][ T8345] I/O error, dev loop5, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  614.932010][T10369] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1249'.
[  618.367813][T10395] netlink: 'syz.1.1258': attribute type 3 has an invalid length.
[  621.018436][T10416] random: crng reseeded on system resumption
[  625.027153][ T1287] ieee802154 phy0 wpan0: encryption failed: -22
[  625.033517][ T1287] ieee802154 phy1 wpan1: encryption failed: -22
[  627.011018][T10456] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1275'.
[  627.242330][T10462] loop2: detected capacity change from 0 to 128
[  627.412490][T10466] loop1: detected capacity change from 0 to 512
[  633.328282][T10514] loop1: detected capacity change from 0 to 128
[  633.476504][T10513] loop2: detected capacity change from 0 to 4096
[  634.406750][ T7476] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  636.436128][   T28] audit: type=1800 audit(1752097474.857:573): pid=10547 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1297" name="SYSV00000000" dev="hugetlbfs" ino=7 res=0 errno=0
[  636.572386][T10551] loop2: detected capacity change from 0 to 512
[  639.945869][T10573] loop1: detected capacity change from 0 to 128
[  640.011413][T10577] trusted_key: encrypted_key: hex blob is missing
[  640.310741][ T7476] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  643.101024][T10600] netlink: 'syz.4.1307': attribute type 39 has an invalid length.
[  643.338129][T10600] bond0: (slave bond_slave_0): Releasing backup interface
[  648.657594][T10643] loop1: detected capacity change from 0 to 16
[  649.107642][ T7476] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  649.353305][T10650] siw: device registration error -23
[  652.486359][T10670] syz.4.1323 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  653.338168][T10668] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check.
[  653.657015][ T8592] null_blk: rq ffff8880225d8000 timed out
[  653.663467][ T8592] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 2
[  653.674873][ T8592] null_blk: rq ffff8880225d8180 timed out
[  653.681257][ T8592] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 2
[  653.692131][ T8592] null_blk: rq ffff8880225d8300 timed out
[  653.698644][ T8592] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 2
[  653.710418][ T8592] null_blk: rq ffff8880225d8480 timed out
[  653.716436][ T8592] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 2
[  653.727165][ T8592] null_blk: rq ffff8880225d8600 timed out
[  653.732930][ T8592] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 2
[  653.743728][ T8592] null_blk: rq ffff8880225d8780 timed out
[  653.749706][ T8592] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 2
[  653.760430][ T8592] null_blk: rq ffff8880225d8900 timed out
[  653.767980][ T8592] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 2
[  653.778574][ T8592] null_blk: rq ffff8880225d8a80 timed out
[  653.784306][ T8592] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 2
[  653.799515][ T8592] null_blk: rq ffff8880225d8c00 timed out
[  653.805340][ T8592] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 2
[  653.816355][ T8592] null_blk: rq ffff8880225d8d80 timed out
[  653.822193][ T8592] null_blk: rq ffff8880225d8f00 timed out
[  653.828042][ T8592] null_blk: rq ffff8880225d9080 timed out
[  653.833792][ T8592] null_blk: rq ffff8880225d9200 timed out
[  653.839845][ T8592] null_blk: rq ffff8880225d9380 timed out
[  653.845667][ T8592] null_blk: rq ffff8880225d9500 timed out
[  653.851612][ T8592] null_blk: rq ffff8880225d9680 timed out
[  653.857954][ T8592] null_blk: rq ffff8880225d9800 timed out
[  653.863715][ T8592] null_blk: rq ffff8880225d9980 timed out
[  653.869519][ T8592] null_blk: rq ffff8880225d9b00 timed out
[  653.875459][ T8592] null_blk: rq ffff8880225d9c80 timed out
[  653.881380][ T8592] null_blk: rq ffff8880225d9e00 timed out
[  653.887216][ T8592] null_blk: rq ffff8880225d9f80 timed out
[  653.892956][ T8592] null_blk: rq ffff8880225da100 timed out
[  653.898873][ T8592] null_blk: rq ffff8880225da280 timed out
[  653.905145][ T8592] null_blk: rq ffff8880225da400 timed out
[  653.910928][ T8592] null_blk: rq ffff8880225da580 timed out
[  653.916968][ T8592] null_blk: rq ffff8880225da700 timed out
[  653.922708][ T8592] null_blk: rq ffff8880225da880 timed out
[  653.928509][ T8592] null_blk: rq ffff8880225daa00 timed out
[  653.934245][ T8592] null_blk: rq ffff8880225dab80 timed out
[  653.940013][ T8592] null_blk: rq ffff8880225dad00 timed out
[  653.945749][ T8592] null_blk: rq ffff8880225dae80 timed out
[  653.954154][ T8592] null_blk: rq ffff8880225db000 timed out
[  653.959967][ T8592] null_blk: rq ffff8880225db180 timed out
[  653.965709][ T8592] null_blk: rq ffff8880225db300 timed out
[  653.971574][ T8592] null_blk: rq ffff8880225db480 timed out
[  653.977373][ T8592] null_blk: rq ffff8880225db600 timed out
[  653.983110][ T8592] null_blk: rq ffff8880225db780 timed out
[  653.988872][ T8592] null_blk: rq ffff8880225db900 timed out
[  653.994615][ T8592] null_blk: rq ffff8880225dba80 timed out
[  654.006076][ T8592] null_blk: rq ffff8880225dbc00 timed out
[  654.011858][ T8592] null_blk: rq ffff8880225dbd80 timed out
[  654.018030][ T8592] null_blk: rq ffff8880225dbf00 timed out
[  654.023854][ T8592] null_blk: rq ffff8880225dc080 timed out
[  654.029655][ T8592] null_blk: rq ffff8880225dc200 timed out
[  654.035391][ T8592] null_blk: rq ffff8880225dc380 timed out
[  654.041282][ T8592] null_blk: rq ffff8880225dc500 timed out
[  654.047137][ T8592] null_blk: rq ffff8880225dc680 timed out
[  654.052913][ T8592] null_blk: rq ffff8880225dc800 timed out
[  654.058903][ T8592] null_blk: rq ffff8880225dc980 timed out
[  654.064681][ T8592] null_blk: rq ffff8880225dcb00 timed out
[  654.070465][ T8592] null_blk: rq ffff8880225dcc80 timed out
[  654.076346][ T8592] null_blk: rq ffff8880225dce00 timed out
[  654.082078][ T8592] null_blk: rq ffff8880225dcf80 timed out
[  654.088029][ T8592] null_blk: rq ffff8880225dd100 timed out
[  654.093763][ T8592] null_blk: rq ffff8880225dd280 timed out
[  654.101431][ T8592] null_blk: rq ffff8880225dd400 timed out
[  654.107387][ T8592] null_blk: rq ffff8880225dd580 timed out
[  654.113158][ T8592] null_blk: rq ffff8880225dd700 timed out
[  654.119478][ T8592] blk_print_req_error: 49 callbacks suppressed
[  654.119493][ T8592] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 2
[  654.141442][ T8592] null_blk: rq ffff8880225dd880 timed out
[  654.147392][ T8592] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 2
[  654.157949][ T8592] null_blk: rq ffff8880225dda00 timed out
[  654.163685][ T8592] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 2
[  654.174203][ T8592] null_blk: rq ffff8880225ddb80 timed out
[  654.179986][ T8592] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 2
[  654.190486][ T8592] null_blk: rq ffff8880225ddd00 timed out
[  654.196300][ T8592] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 2
[  654.206808][ T8592] null_blk: rq ffff8880225dde80 timed out
[  654.212544][ T8592] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 2
[  655.200472][T10682] loop5: detected capacity change from 0 to 512
[  659.726752][    T8] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  661.243900][T10738] loop1: detected capacity change from 0 to 1024
[  661.406192][T10738] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  661.445887][T10738] ext4 filesystem being mounted at /322/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  662.015505][T10751] random: crng reseeded on system resumption
[  662.886221][    T8] usb 6-1: device descriptor read/64, error -71
[  663.123758][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  663.169758][    T8] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  663.376359][    T8] usb 6-1: Using ep0 maxpacket: 32
[  663.384984][    T8] usb 6-1: config 0 has an invalid interface number: 89 but max is 0
[  663.397703][    T8] usb 6-1: config 0 has no interface number 0
[  663.407703][T10763] loop1: detected capacity change from 0 to 2048
[  663.414678][    T8] usb 6-1: config 0 interface 89 has no altsetting 0
[  663.435919][    T8] usb 6-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  663.478996][T10765] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  663.499507][    T8] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  663.515440][    T8] usb 6-1: Product: syz
[  663.529166][    T8] usb 6-1: Manufacturer: syz
[  663.556084][    T8] usb 6-1: SerialNumber: syz
[  663.583026][    T8] usb 6-1: config 0 descriptor??
[  663.811720][ T5825] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  663.829484][T10744] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  663.840900][T10744] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  663.855376][T10744] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  663.871469][T10744] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  663.889962][    T8] usb 6-1: USB disconnect, device number 4
[  663.998454][ T5825] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  664.017008][ T5825] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8
[  664.035486][ T5825] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  664.044791][ T5825] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  664.054064][ T5825] usb 2-1: Product: syz
[  664.058461][ T5825] usb 2-1: Manufacturer: syz
[  664.063107][ T5825] usb 2-1: SerialNumber: syz
[  664.349847][T10763] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  665.134297][T10763] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  665.411576][ T5825] cdc_ncm 2-1:1.0: MAC-Address: 42:42:42:42:42:42
[  665.475395][ T5825] cdc_ncm 2-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[  665.618487][ T5825] cdc_ncm 2-1:1.0: setting rx_max = 2048
[  665.705413][   T28] audit: type=1800 audit(1752097504.157:574): pid=10763 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1349" name="file2" dev="loop1" ino=16 res=0 errno=0
[  665.823662][ T5825] cdc_ncm 2-1:1.0: setting tx_max = 184
[  665.891623][ T5825] cdc_ncm 2-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.1-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[  665.976484][ T5825] usb 2-1: USB disconnect, device number 33
[  665.983553][ T5825] cdc_ncm 2-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.1-1, CDC NCM (NO ZLP)
[  670.819349][T10818] loop2: detected capacity change from 0 to 512
[  670.827902][T10809] veth0_vlan: entered allmulticast mode
[  672.060072][T10820] batman_adv: batadv: cannot create tp meter kthread
[  672.189076][ T7476] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  674.382730][T10840] loop5: detected capacity change from 0 to 164
[  674.412589][T10841] loop2: detected capacity change from 0 to 1024
[  674.429183][T10840] Unable to read rock-ridge attributes
[  674.481377][T10841] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  674.510910][T10841] ext4 filesystem being mounted at /363/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  674.747639][T10845] Unable to read rock-ridge attributes
[  674.755730][T10845] iso9660: Corrupted directory entry in block 4 of inode 1792
[  674.900429][T10848] random: crng reseeded on system resumption
[  675.869600][ T5784] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  677.492427][T10851] loop1: detected capacity change from 0 to 32768
[  677.502018][T10851] XFS: attr2 mount option is deprecated.
[  677.555448][T10851] XFS (loop1): DAX unsupported by block device. Turning off DAX.
[  677.564767][T10851] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  678.229962][T10851] XFS (loop1): Ending clean mount
[  678.319391][T10851] XFS (loop1): Quotacheck needed: Please wait.
[  678.406134][ T5833] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  678.663262][   T28] audit: type=1800 audit(1752097517.117:575): pid=10888 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.1381" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  678.774255][T10851] XFS (loop1): Quotacheck: Done.
[  679.341067][ T5785] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  679.402065][T10891] loop5: detected capacity change from 0 to 1024
[  679.420647][ T5833] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 252, changing to 11
[  679.445800][ T5833] usb 3-1: New USB device found, idVendor=1e71, idProduct=170e, bcdDevice= 0.00
[  679.455934][ T5833] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  679.467467][ T5833] usb 3-1: config 0 descriptor??
[  679.497721][T10891] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  679.521118][T10891] ext4 filesystem being mounted at /60/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  679.733963][T10870] netlink: 128 bytes leftover after parsing attributes in process `syz.2.1377'.
[  679.891380][ T5833] usbhid 3-1:0.0: can't add hid device: -71
[  679.901762][ T5833] usbhid: probe of 3-1:0.0 failed with error -71
[  679.927754][ T5833] usb 3-1: USB disconnect, device number 27
[  680.007417][T10903] random: crng reseeded on system resumption
[  680.851195][T10901] batman_adv: batadv: cannot create tp meter kthread
[  681.102396][ T9865] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  681.245154][T10907] loop5: detected capacity change from 0 to 512
[  681.297347][ T7476] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  682.466230][   T28] audit: type=1800 audit(1752097520.927:576): pid=10920 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.1391" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0
[  686.452159][ T1287] ieee802154 phy0 wpan0: encryption failed: -22
[  686.458709][ T1287] ieee802154 phy1 wpan1: encryption failed: -22
[  687.200374][   T28] audit: type=1800 audit(1752097525.657:577): pid=10958 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1402" name="SYSV00000000" dev="hugetlbfs" ino=8 res=0 errno=0
[  689.525531][ T5798] Bluetooth: hci4: command 0x0406 tx timeout
[  690.328621][T10987] loop2: detected capacity change from 0 to 512
[  690.645840][ T7476] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  691.927113][T10996] siw: device registration error -23
[  695.045841][   T28] audit: type=1800 audit(1752097533.497:578): pid=11025 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.1422" name="SYSV00000000" dev="hugetlbfs" ino=2 res=0 errno=0
[  695.149268][T11027] loop1: detected capacity change from 0 to 512
[  695.404741][ T7476] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  696.379913][T11044] loop5: detected capacity change from 0 to 512
[  697.381875][T11039] netlink: 'syz.4.1425': attribute type 2 has an invalid length.
[  697.474290][ T8345] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  697.511222][T11044] loop5: detected capacity change from 0 to 22
[  697.511750][ T8345] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  697.549555][T11044] MTD: Attempt to mount non-MTD device "/dev/loop5"
[  697.616170][T11044] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  697.650725][   T28] audit: type=1800 audit(1752097536.107:579): pid=11052 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1431" name="SYSV00000000" dev="hugetlbfs" ino=9 res=0 errno=0
[  697.846140][ T5776] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  701.566115][ T5776] usb 2-1: Using ep0 maxpacket: 32
[  702.787808][ T5776] usb 2-1: device descriptor read/all, error -71
[  703.693961][T11072] loop2: detected capacity change from 0 to 512
[  703.899143][ T7476] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  703.954889][T11069] loop1: detected capacity change from 0 to 4096
[  704.826146][ T8345] I/O error, dev loop1, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  708.289896][T11099] batman_adv: batadv: cannot create tp meter kthread
[  708.676192][ T5847] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  709.567572][ T5847] usb 3-1: config 8 has an invalid interface number: 220 but max is 1
[  709.600704][ T5847] usb 3-1: config 8 has an invalid interface number: 203 but max is 1
[  709.620982][ T5847] usb 3-1: config 8 has an invalid descriptor of length 36, skipping remainder of the config
[  709.632011][ T5847] usb 3-1: config 8 has no interface number 0
[  709.638546][ T5847] usb 3-1: config 8 has no interface number 1
[  709.660189][ T5847] usb 3-1: config 8 interface 220 has no altsetting 0
[  709.667064][ T5847] usb 3-1: config 8 interface 203 has no altsetting 0
[  709.677341][ T5847] usb 3-1: New USB device found, idVendor=093a, idProduct=2601, bcdDevice=16.fc
[  709.723873][ T5847] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  709.911928][ T5847] usb 3-1: Product: syz
[  710.056865][ T5847] usb 3-1: Manufacturer: syz
[  710.072445][ T5847] usb 3-1: SerialNumber: syz
[  710.088750][T11096] loop1: detected capacity change from 0 to 32768
[  710.132054][T11096] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 scanned by syz.1.1443 (11096)
[  710.779308][T11096] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  710.893361][T11112] program syz.5.1448 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  710.926766][T11096] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm
[  710.945319][T11112] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  710.949083][T11096] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  710.989121][ T5847] usb 3-1: USB disconnect, device number 28
[  711.004283][T11096] BTRFS info (device loop1): use zstd compression, level 3
[  711.023981][T11096] BTRFS info (device loop1): using free space tree
[  711.037173][T11096] workqueue: Failed to create a rescuer kthread for wq "btrfs-worker": -EINTR
[  711.040806][T11096] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR
[  711.076982][T11096] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR
[  711.116681][   T28] audit: type=1800 audit(1752097549.567:580): pid=11123 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1450" name="SYSV00000000" dev="hugetlbfs" ino=2 res=0 errno=0
[  711.352677][T11096] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR
[  711.353480][T11096] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR
[  711.388327][T11096] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR
[  711.399425][T11096] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR
[  711.417546][T11096] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR
[  712.081855][T11096] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR
[  712.206376][T11096] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[  712.217150][T11096] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[  712.237699][T11096] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[  712.292545][T11096] BTRFS error (device loop1): open_ctree failed: -12
[  714.816130][ T5833] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  715.056241][ T5833] usb 2-1: Using ep0 maxpacket: 32
[  715.718728][ T5833] usb 2-1: config 0 has an invalid interface number: 89 but max is 0
[  715.733141][ T5833] usb 2-1: config 0 has no interface number 0
[  715.746161][ T5833] usb 2-1: config 0 interface 89 has no altsetting 0
[  715.767967][ T5833] usb 2-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  715.810635][ T5833] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  715.834382][ T5833] usb 2-1: Product: syz
[  715.844683][   T28] audit: type=1800 audit(1752097554.297:581): pid=11167 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1459" name="SYSV00000000" dev="hugetlbfs" ino=3 res=0 errno=0
[  715.871795][ T5833] usb 2-1: Manufacturer: syz
[  715.883304][ T5833] usb 2-1: SerialNumber: syz
[  715.903639][ T5833] usb 2-1: config 0 descriptor??
[  716.159683][T11158] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  716.178863][T11158] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  716.198658][T11158] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  716.204594][T11171] loop2: detected capacity change from 0 to 2048
[  716.214229][T11158] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  716.726804][  T787] usb 2-1: USB disconnect, device number 36
[  717.150377][T11171] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  717.178797][T11171] overlayfs: failed to resolve './file0': -2
[  717.245501][ T5784] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  717.285616][T11179] fuse: Bad value for 'group_id'
[  718.150005][T11183] loop5: detected capacity change from 0 to 32768
[  718.228059][T11183] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop5 scanned by syz.5.1464 (11183)
[  718.299701][T11183] BTRFS info (device loop5): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  718.407106][T11183] BTRFS info (device loop5): using blake2b (blake2b-256-generic) checksum algorithm
[  718.463227][T11183] BTRFS info (device loop5): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  718.481423][T11183] BTRFS info (device loop5): use zstd compression, level 3
[  718.489895][T11183] BTRFS info (device loop5): using free space tree
[  719.269992][T11183] BTRFS info (device loop5): enabling ssd optimizations
[  719.341440][T11183] BTRFS info (device loop5): auto enabling async discard
[  719.454950][   T28] audit: type=1800 audit(1752097557.907:582): pid=11183 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1464" name="file1" dev="loop5" ino=260 res=0 errno=0
[  720.638736][ T9865] BTRFS info (device loop5): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  722.195034][T11228] fuse: Bad value for 'group_id'
[  722.506205][  T787] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  722.726106][  T787] usb 2-1: Using ep0 maxpacket: 32
[  722.788263][  T787] usb 2-1: config 0 has an invalid interface number: 89 but max is 0
[  722.799788][  T787] usb 2-1: config 0 has no interface number 0
[  722.816195][  T787] usb 2-1: config 0 interface 89 has no altsetting 0
[  723.966554][  T787] usb 2-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  723.994005][  T787] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  724.767763][  T787] usb 2-1: Product: syz
[  724.772007][  T787] usb 2-1: Manufacturer: syz
[  724.819762][  T787] usb 2-1: SerialNumber: syz
[  724.838525][  T787] usb 2-1: config 0 descriptor??
[  724.900683][ T5833] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  725.151586][T11250] siw: device registration error -23
[  725.187237][T11229] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  725.214807][T11229] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  725.274500][T11229] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  725.304511][T11229] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  725.507296][    T8] usb 2-1: USB disconnect, device number 37
[  728.170486][T11260] loop1: detected capacity change from 0 to 32768
[  728.215620][T11260] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 0 transid 8 /dev/loop1 scanned by syz.1.1480 (11260)
[  728.571260][ T7476] udevd[7476]: incorrect btrfs checksum on /dev/loop1
[  729.117222][T11281] loop1: detected capacity change from 0 to 512
[  730.336386][    T8] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  733.226603][T11320] loop5: detected capacity change from 0 to 512
[  733.546258][ T7476] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  734.046788][T11332] loop2: detected capacity change from 0 to 1024
[  734.087198][T11332] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  734.150274][T11332] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4036: comm syz.2.1502: Allocating blocks 385-513 which overlap fs metadata
[  734.193808][T11332] EXT4-fs (loop2): pa ffff88807794e3a0: logic 16, phys. 129, len 24
[  734.203550][T11332] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5377: group 0, free 0, pa_free 8
[  734.296577][   T27] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  734.380587][ T5784] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  734.694510][   T27] usb 6-1: Using ep0 maxpacket: 32
[  734.705768][   T27] usb 6-1: config 0 has an invalid interface number: 89 but max is 0
[  734.715115][   T27] usb 6-1: config 0 has no interface number 0
[  734.721446][   T27] usb 6-1: config 0 interface 89 has no altsetting 0
[  734.731208][   T27] usb 6-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  734.740547][   T27] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  734.748728][   T27] usb 6-1: Product: syz
[  734.754136][   T27] usb 6-1: Manufacturer: syz
[  734.759838][   T27] usb 6-1: SerialNumber: syz
[  734.771064][   T27] usb 6-1: config 0 descriptor??
[  735.053962][T11333] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  736.517668][T11333] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  736.638187][T11333] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  736.772682][T11357] loop1: detected capacity change from 0 to 512
[  736.867987][T11333] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  736.993454][ T5833] usb 6-1: USB disconnect, device number 5
[  737.826446][T11367] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1511'.
[  738.059317][   T27] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  740.896204][ T5847] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  741.061813][T11405] loop1: detected capacity change from 0 to 128
[  741.507913][ T5847] usb 6-1: Using ep0 maxpacket: 32
[  742.615283][ T5847] usb 6-1: config 0 has an invalid interface number: 89 but max is 0
[  742.625821][ T5847] usb 6-1: config 0 has no interface number 0
[  742.632318][ T5847] usb 6-1: config 0 interface 89 has no altsetting 0
[  742.641481][ T5847] usb 6-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  742.650619][ T5847] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  742.658718][ T5847] usb 6-1: Product: syz
[  742.662920][ T5847] usb 6-1: Manufacturer: syz
[  742.667587][ T5847] usb 6-1: SerialNumber: syz
[  742.679450][ T5847] usb 6-1: config 0 descriptor??
[  742.906644][T11402] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  742.927419][T11402] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  742.969966][T11402] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  742.983931][T11402] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  743.010065][  T787] usb 6-1: USB disconnect, device number 6
[  744.632762][T11431] netlink: 'syz.5.1528': attribute type 12 has an invalid length.
[  744.641735][T11431] netlink: 132 bytes leftover after parsing attributes in process `syz.5.1528'.
[  744.960392][  T787] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  745.626136][  T787] usb 3-1: Using ep0 maxpacket: 32
[  745.818134][  T787] usb 3-1: config 0 has an invalid interface number: 74 but max is 0
[  745.826628][  T787] usb 3-1: config 0 has no interface number 0
[  745.836621][  T787] usb 3-1: New USB device found, idVendor=07fd, idProduct=0004, bcdDevice=8e.fa
[  745.845933][  T787] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  745.854318][  T787] usb 3-1: Product: syz
[  745.860430][  T787] usb 3-1: Manufacturer: syz
[  745.865099][  T787] usb 3-1: SerialNumber: syz
[  745.873904][  T787] usb 3-1: config 0 descriptor??
[  747.817261][ T1287] ieee802154 phy0 wpan0: encryption failed: -22
[  747.823808][ T1287] ieee802154 phy1 wpan1: encryption failed: -22
[  748.039065][    T8] usb 3-1: USB disconnect, device number 31
[  748.249321][T11457] loop1: detected capacity change from 0 to 4096
[  748.669717][ T5826] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  748.826848][    T9] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  748.876714][ T5826] usb 6-1: Using ep0 maxpacket: 32
[  748.926158][ T5826] usb 6-1: config 0 has an invalid interface number: 89 but max is 0
[  749.097886][ T5826] usb 6-1: config 0 has no interface number 0
[  749.104091][ T5826] usb 6-1: config 0 interface 89 has no altsetting 0
[  749.172677][ T5826] usb 6-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  749.196502][    T9] usb 3-1: Using ep0 maxpacket: 32
[  749.216165][ T5826] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  749.237273][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  749.260091][ T5826] usb 6-1: Product: syz
[  749.264338][ T5826] usb 6-1: Manufacturer: syz
[  749.278341][T11468] siw: device registration error -23
[  749.302402][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  749.326260][ T5826] usb 6-1: SerialNumber: syz
[  749.342379][ T5826] usb 6-1: config 0 descriptor??
[  749.356101][    T9] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  749.365465][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  749.388689][    T9] usb 3-1: config 0 descriptor??
[  749.408856][    T9] hub 3-1:0.0: USB hub found
[  749.602202][T11455] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  749.611873][T11455] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  749.625613][T11455] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  749.634789][T11455] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  749.815446][ T5825] usb 6-1: USB disconnect, device number 7
[  750.434974][    T9] hub 3-1:0.0: config failed, can't read hub descriptor (err -22)
[  750.741050][    T9] usbhid 3-1:0.0: can't add hid device: -71
[  750.750334][    T9] usbhid: probe of 3-1:0.0 failed with error -71
[  750.883494][    T9] usb 3-1: USB disconnect, device number 32
[  752.177473][T11478] loop5: detected capacity change from 0 to 4096
[  752.800343][T11494] autofs4:pid:11494:autofs_fill_super: called with bogus options
[  754.510634][  T787] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  754.706262][  T787] usb 2-1: Using ep0 maxpacket: 32
[  754.725527][  T787] usb 2-1: config 0 has an invalid interface number: 89 but max is 0
[  754.818812][  T787] usb 2-1: config 0 has no interface number 0
[  754.938603][  T787] usb 2-1: config 0 interface 89 has no altsetting 0
[  755.162517][  T787] usb 2-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  755.208704][  T787] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  755.246340][  T787] usb 2-1: Product: syz
[  755.264790][  T787] usb 2-1: Manufacturer: syz
[  755.365109][  T787] usb 2-1: SerialNumber: syz
[  755.495317][T11522] netlink: 72 bytes leftover after parsing attributes in process `syz.5.1559'.
[  755.496200][  T787] usb 2-1: config 0 descriptor??
[  755.505119][T11522] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1559'.
[  755.638528][T11522] vlan0: entered promiscuous mode
[  755.920226][T11508] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  755.940325][T11508] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  756.060268][T11508] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  756.082192][T11508] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  756.948891][  T787] usb 2-1: USB disconnect, device number 39
[  757.256844][T11515] loop2: detected capacity change from 0 to 32768
[  757.276196][T11515] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.1558 (11515)
[  757.349976][T11515] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  757.386125][T11515] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  757.421290][T11515] BTRFS info (device loop2): force clearing of disk cache
[  757.436809][T11515] BTRFS info (device loop2): force zlib compression, level 3
[  757.458047][T11515] BTRFS info (device loop2): enabling auto defrag
[  757.464602][T11515] BTRFS info (device loop2): max_inline at 0
[  757.486870][T11515] BTRFS info (device loop2): setting nodatacow
[  757.493863][T11515] BTRFS info (device loop2): using free space tree
[  757.514599][T11515] workqueue: Failed to create a rescuer kthread for wq "btrfs-worker": -EINTR
[  757.516418][T11515] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR
[  757.556341][T11515] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR
[  757.598527][T11515] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR
[  757.631793][T11515] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR
[  757.642292][T11515] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR
[  757.652603][T11515] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR
[  757.663047][T11515] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR
[  757.707038][T11515] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR
[  757.775805][T11515] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR
[  758.283296][T11515] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[  758.373495][T11515] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[  758.473355][T11515] BTRFS error (device loop2): open_ctree failed: -12
[  758.823377][T11561] loop5: detected capacity change from 0 to 4096
[  758.916865][T11564] loop1: detected capacity change from 0 to 2048
[  759.013107][T11564] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  759.073252][ T7476] I/O error, dev loop5, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  760.241517][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  761.812031][T11595] loop1: detected capacity change from 0 to 4096
[  763.357865][ T5825] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  763.586281][ T5825] usb 3-1: Using ep0 maxpacket: 32
[  763.601694][ T5825] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  763.614344][ T5825] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  763.627164][ T5825] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  764.138447][ T5825] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  764.219377][ T5825] usb 3-1: config 0 descriptor??
[  764.238019][ T5825] hub 3-1:0.0: USB hub found
[  764.561378][T11621] loop1: detected capacity change from 0 to 512
[  764.652873][ T5825] hub 3-1:0.0: config failed, can't read hub descriptor (err -22)
[  765.084876][ T5825] usbhid 3-1:0.0: can't add hid device: -71
[  765.253172][ T5825] usbhid: probe of 3-1:0.0 failed with error -71
[  765.338199][ T5825] usb 3-1: USB disconnect, device number 33
[  765.548748][T11626] loop5: detected capacity change from 0 to 4096
[  766.417000][ T7476] I/O error, dev loop5, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  771.506598][T11660] loop5: detected capacity change from 0 to 512
[  772.421350][ T7476] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  773.747355][T11671] netlink: 72 bytes leftover after parsing attributes in process `syz.5.1595'.
[  773.812146][T11671] loop5: detected capacity change from 0 to 128
[  774.912953][T11679] loop2: detected capacity change from 0 to 4096
[  777.059594][T11703] loop1: detected capacity change from 0 to 512
[  778.199786][  T787] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  779.895644][T11716] loop2: detected capacity change from 0 to 1024
[  779.946353][  T787] usb 6-1: Using ep0 maxpacket: 32
[  779.979454][T11716] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  780.755851][T11716] ext4 filesystem being mounted at /417/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  780.886045][  T787] usb 6-1: device descriptor read/all, error -71
[  781.358255][T11732] random: crng reseeded on system resumption
[  782.710029][ T5784] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  782.820530][T11735] loop5: detected capacity change from 0 to 4096
[  782.961396][ T8345] I/O error, dev loop5, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  785.502287][   T28] audit: type=1800 audit(1752097623.917:583): pid=11746 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.1613" name="SYSV00000000" dev="hugetlbfs" ino=3 res=0 errno=0
[  785.616821][T11748] netlink: 'syz.2.1615': attribute type 11 has an invalid length.
[  785.624723][T11748] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1615'.
[  787.551171][ T5833] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  788.153930][T11765] loop2: detected capacity change from 0 to 2048
[  788.646488][ T5833] usb 2-1: Using ep0 maxpacket: 32
[  788.995370][T11765] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  789.130169][ T5833] usb 2-1: unable to read config index 0 descriptor/all
[  789.164727][ T5833] usb 2-1: can't read configurations, error -71
[  789.169555][T11765] overlayfs: missing 'lowerdir'
[  789.196464][   T28] audit: type=1800 audit(1752097627.647:584): pid=11775 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1622" name="SYSV00000000" dev="hugetlbfs" ino=10 res=0 errno=0
[  789.557120][ T5784] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  791.546518][T11796] input: syz1 as /devices/virtual/input/input9
[  793.809580][T11804] siw: device registration error -23
[  794.662413][ T5847] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  794.818933][T11815] loop2: detected capacity change from 0 to 2048
[  794.996219][ T5847] usb 2-1: Using ep0 maxpacket: 32
[  795.003757][ T5847] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  795.018858][ T5847] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  795.019404][T11815] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  795.631272][T11815] overlayfs: missing 'lowerdir'
[  795.790956][ T5847] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  795.800426][ T5847] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  795.836565][ T5847] usb 2-1: config 0 descriptor??
[  795.858605][ T5847] hub 2-1:0.0: USB hub found
[  795.890443][ T5784] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  796.249575][ T5847] hub 2-1:0.0: config failed, hub doesn't have any ports! (err -19)
[  797.153280][ T5847] usbhid 2-1:0.0: can't add hid device: -32
[  797.284860][ T5847] usbhid: probe of 2-1:0.0 failed with error -32
[  797.357380][ T5847] usb 2-1: USB disconnect, device number 42
[  797.625430][T11839] loop5: detected capacity change from 0 to 4096
[  797.787817][ T7476] I/O error, dev loop5, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  800.872900][T11863] loop1: detected capacity change from 0 to 512
[  802.930325][T11879] loop5: detected capacity change from 0 to 256
[  803.160298][T11883] loop1: detected capacity change from 0 to 4096
[  803.258437][ T7476] I/O error, dev loop1, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  804.155813][T11895] siw: device registration error -23
[  805.653674][T11900] loop2: detected capacity change from 0 to 4096
[  805.661433][T11900] ntfs3: Unknown parameter '01777777777777777777777'
[  805.781761][T11912] loop1: detected capacity change from 0 to 512
[  807.621062][T11912] loop1: detected capacity change from 0 to 22
[  807.828359][T11912] MTD: Attempt to mount non-MTD device "/dev/loop1"
[  808.012581][T11912] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  809.106314][ T1287] ieee802154 phy0 wpan0: encryption failed: -22
[  809.112694][ T1287] ieee802154 phy1 wpan1: encryption failed: -22
[  809.553701][T11935] loop1: detected capacity change from 0 to 1024
[  810.310064][T11940] siw: device registration error -23
[  810.637378][T11935] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  810.745692][T11935] ext4 filesystem being mounted at /392/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  812.308001][T11948] veth0_vlan: entered allmulticast mode
[  812.337657][T11947] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  812.598214][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  813.017948][T11958] loop1: detected capacity change from 0 to 4096
[  813.682574][    T9] usb 6-1: new full-speed USB device number 10 using dummy_hcd
[  814.059506][    T9] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  814.091326][    T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  814.293268][    T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  814.492086][    T9] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  814.784462][    T9] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  814.816113][    T9] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  814.842078][    T9] usb 6-1: Manufacturer: syz
[  814.902515][    T9] usb 6-1: config 0 descriptor??
[  816.386232][    T9] rc_core: IR keymap rc-hauppauge not found
[  816.392207][    T9] Registered IR keymap rc-empty
[  816.443711][T11990] loop2: detected capacity change from 0 to 512
[  816.498584][    T9] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  816.553827][ T7476] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  816.606535][    T9] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  816.614438][T11990] loop2: detected capacity change from 0 to 22
[  816.614698][ T7476] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  816.636274][ T7476] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  816.645917][ T7476] Buffer I/O error on dev loop2, logical block 0, async page read
[  816.654095][T11990] MTD: Attempt to mount non-MTD device "/dev/loop2"
[  816.668232][    T9] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0
[  816.696735][T11990] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  817.226254][    T9] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input10
[  817.302241][    T9] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  817.346602][    T9] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  817.386152][    T9] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  817.432856][    T9] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  817.486114][    T9] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  817.556155][    T9] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  817.605402][    T9] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  817.756916][    T9] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  817.867953][    T9] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  818.260930][T12003] loop2: detected capacity change from 0 to 32768
[  818.365779][T12003] OCFS2: ERROR (device loop2): int ocfs2_validate_inode_block(struct super_block *, struct buffer_head *): Invalid dinode #73: i_blkno is 18444492273895866441
[  818.382831][T12003] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  818.393050][T12003] OCFS2: File system is now read-only.
[  818.398722][T12003] (syz.2.1684,12003,0):ocfs2_read_locked_inode:521 ERROR: status = -30
[  818.408194][T12003] (syz.2.1684,12003,0):_ocfs2_get_system_file_inode:144 ERROR: status = -30
[  818.417844][T12003] (syz.2.1684,12003,0):ocfs2_init_local_system_inodes:492 ERROR: status=-30, sysfile=8, slot=0
[  818.429209][T12003] (syz.2.1684,12003,0):ocfs2_init_local_system_inodes:501 ERROR: status = -30
[  818.438168][T12003] (syz.2.1684,12003,0):ocfs2_mount_volume:1816 ERROR: status = -30
[  818.454280][T12003] (syz.2.1684,12003,0):ocfs2_fill_super:1178 ERROR: status = -30
[  818.486145][    T9] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  818.534847][    T9] mceusb 6-1:0.0: Registered  with mce emulator interface version 1
[  818.544258][    T9] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  818.560229][    T9] usb 6-1: USB disconnect, device number 10
[  822.608962][T12045] loop1: detected capacity change from 0 to 16
[  822.618925][T12045] erofs: Unknown parameter '/dev/ppp'
[  826.160145][T12052] netlink: 'syz.2.1696': attribute type 39 has an invalid length.
[  827.908051][T12052] bond0: (slave bond_slave_0): Releasing backup interface
[  828.844563][T12063] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1700'.
[  828.877173][T12063] loop2: detected capacity change from 0 to 128
[  830.358379][T12074] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check.
[  835.889510][T12115] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1712'.
[  836.054105][T12115] loop1: detected capacity change from 0 to 128
[  838.261762][T12125] loop5: detected capacity change from 0 to 32768
[  838.620482][T12148] loop1: detected capacity change from 0 to 256
[  838.667427][T12148] exfat: Deprecated parameter 'utf8'
[  838.692148][T12148] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xdd33351c, utbl_chksum : 0xe619d30d)
[  839.241317][T12152] overlay: ./file1 is not a directory
[  839.351077][T12153] (null): rxe_set_mtu: Set mtu to 4096
[  839.363838][T12153] lo speed is unknown, defaulting to 1000
[  839.394325][T12153] lo speed is unknown, defaulting to 1000
[  839.408416][T12153] lo speed is unknown, defaulting to 1000
[  840.089820][T12153] infiniband s
z1: set active
[  840.094957][T12153] infiniband s
z1: added lo
[  840.101578][T12153] s
z1: rxe_create_cq: returned err = -12
[  840.108022][T12153] infiniband s
z1: Couldn't create ib_mad CQ
[  840.114198][T12153] infiniband s
z1: Couldn't open port 1
[  840.129607][ T5847] lo speed is unknown, defaulting to 1000
[  840.155472][T12153] RDS/IB: s
z1: added
[  840.160356][T12153] smc: adding ib device s
z1 with port count 1
[  840.166809][T12153] smc:    ib device s
z1 port 1 has pnetid 
[  840.177372][T12153] lo speed is unknown, defaulting to 1000
[  840.303492][T12153] lo speed is unknown, defaulting to 1000
[  840.425444][T12153] lo speed is unknown, defaulting to 1000
[  840.547134][T12153] lo speed is unknown, defaulting to 1000
[  840.666494][T12153] lo speed is unknown, defaulting to 1000
[  840.788511][T12153] lo speed is unknown, defaulting to 1000
[  840.985577][ T5833] lo speed is unknown, defaulting to 1000
[  841.254495][T12156] loop1: detected capacity change from 0 to 1024
[  841.293198][T12156] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  841.316270][T12156] ext4 filesystem being mounted at /409/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  841.781351][T12162] random: crng reseeded on system resumption
[  842.176275][T12159] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  842.562411][T12165] loop5: detected capacity change from 0 to 256
[  842.587529][T12165] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xb107716d, utbl_chksum : 0xe619d30d)
[  842.641552][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  843.098835][T12170] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1727'.
[  843.212778][T12170] loop1: detected capacity change from 0 to 128
[  843.236072][T11449] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  843.330572][ T7476] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  843.446405][T11449] usb 3-1: Using ep0 maxpacket: 32
[  843.469760][T12175] loop5: detected capacity change from 0 to 1024
[  843.475560][T11449] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  843.492221][T12175] EXT4-fs: inline encryption not supported
[  843.518229][T11449] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  843.536137][T12175] EXT4-fs: Ignoring removed i_version option
[  843.552926][T11449] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  843.583803][T12175] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  843.593903][T11449] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  843.638602][T11449] usb 3-1: config 0 descriptor??
[  843.669191][T11449] hub 3-1:0.0: USB hub found
[  843.683881][T12175] EXT4-fs error (device loop5): ext4_map_blocks:608: inode #3: block 2: comm syz.5.1729: lblock 2 mapped to illegal pblock 2 (length 1)
[  843.701915][T12175] Quota error (device loop5): qtree_write_dquot: dquota write failed
[  843.725105][T12175] EXT4-fs error (device loop5): ext4_map_blocks:608: inode #3: block 48: comm syz.5.1729: lblock 0 mapped to illegal pblock 48 (length 1)
[  843.793740][T12175] Quota error (device loop5): v2_write_file_info: Can't write info structure
[  843.866043][T12175] EXT4-fs error (device loop5): ext4_acquire_dquot:6938: comm syz.5.1729: Failed to acquire dquot type 0
[  843.909740][T12175] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5902: Corrupt filesystem
[  843.962628][T12175] EXT4-fs error (device loop5): ext4_evict_inode:252: inode #11: comm syz.5.1729: mark_inode_dirty error
[  843.979243][T12175] EXT4-fs warning (device loop5): ext4_evict_inode:255: couldn't mark inode dirty (err -117)
[  844.028892][T12175] EXT4-fs (loop5): 1 orphan inode deleted
[  844.048581][T12175] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  844.071897][ T7648] EXT4-fs error (device loop5): ext4_map_blocks:608: inode #3: block 1: comm kworker/u4:17: lblock 1 mapped to illegal pblock 1 (length 1)
[  844.124670][T11449] hub 3-1:0.0: config failed, hub doesn't have any ports! (err -19)
[  844.149845][ T7648] Quota error (device loop5): remove_tree: Can't read quota data block 1
[  844.166530][ T7648] EXT4-fs error (device loop5): ext4_release_dquot:6974: comm kworker/u4:17: Failed to release dquot type 0
[  845.147855][ T7648] EXT4-fs error (device loop5): ext4_map_blocks:608: inode #3: block 2: comm kworker/u4:17: lblock 2 mapped to illegal pblock 2 (length 1)
[  845.191528][ T7648] Quota error (device loop5): qtree_write_dquot: dquota write failed
[  845.213165][ T7648] EXT4-fs error (device loop5): ext4_write_dquot:6918: comm kworker/u4:17: Failed to commit dquot type 0
[  845.231873][T11449] usbhid 3-1:0.0: can't add hid device: -71
[  845.237950][ T7648] Quota error (device loop5): dquot_write_dquot: Can't write quota structure (error -117). Quota may get out of sync!
[  845.254327][T11449] usbhid: probe of 3-1:0.0 failed with error -71
[  845.275603][ T9865] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  845.296613][ T9865] EXT4-fs error (device loop5): __ext4_get_inode_loc:4483: comm syz-executor: Invalid inode table block 1 in block_group 0
[  845.305158][T11449] usb 3-1: USB disconnect, device number 34
[  845.340217][ T9865] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5902: Corrupt filesystem
[  845.375493][ T9865] EXT4-fs error (device loop5): ext4_quota_off:7222: inode #3: comm syz-executor: mark_inode_dirty error
[  845.393001][T12194] loop1: detected capacity change from 0 to 4096
[  845.414717][T12194] ntfs3: Unknown parameter '01777777777777777777777'
[  848.981850][T12220] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1740'.
[  849.208337][T12207] loop5: detected capacity change from 0 to 32768
[  849.248528][T12207] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 scanned by syz.5.1737 (12207)
[  849.330072][T12207] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  849.406668][T12207] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm
[  849.425750][T12207] BTRFS info (device loop5): setting nodatasum
[  849.442552][T12207] BTRFS info (device loop5): force zlib compression, level 3
[  849.465078][T12207] BTRFS info (device loop5): metadata ratio 1
[  849.492192][T12207] BTRFS info (device loop5): enabling ssd optimizations
[  849.521032][T12207] BTRFS info (device loop5): allowing degraded mounts
[  849.539257][T12207] BTRFS info (device loop5): using free space tree
[  851.007128][T12255] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1745'.
[  851.023182][T12255] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1745'.
[  851.331620][T12254] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1745'.
[  851.960738][ T9865] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  852.067732][T12265] loop1: detected capacity change from 0 to 256
[  852.132451][T12265] loop1: detected capacity change from 0 to 128
[  853.708941][ T7476] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 9 /dev/loop5 scanned by udevd (7476)
[  854.001513][T12273] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1749'.
[  854.044517][T12273] loop1: detected capacity change from 0 to 128
[  857.265476][T12303] loop5: detected capacity change from 0 to 512
[  857.390767][ T7476] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  857.407329][T12303] loop5: detected capacity change from 0 to 22
[  857.446643][T12306] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1759'.
[  857.453890][T12303] MTD: Attempt to mount non-MTD device "/dev/loop5"
[  857.511266][T12303] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  857.522115][T12307] loop1: detected capacity change from 0 to 128
[  859.278966][T12329] fuse: Unknown parameter 'use00000000000000000000'
[  859.769304][T12335] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1766'.
[  861.484654][T12352] (null): rxe_set_mtu: Set mtu to 4096
[  861.502972][T12352] rdma_rxe: rxe_newlink: failed to add lo
[  861.612928][T12358] loop1: detected capacity change from 0 to 128
[  861.866315][ T5847] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  862.064595][ T5847] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  862.292323][ T5847] usb 6-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  862.383736][ T5847] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  862.667642][ T5847] usb 6-1: config 0 descriptor??
[  862.728012][ T5847] pwc: Askey VC010 type 2 USB webcam detected.
[  862.936704][T12368] fuse: Unknown parameter 'use00000000000000000000'
[  863.098171][ T5847] pwc: recv_control_msg error -32 req 02 val 2b00
[  863.127019][ T5847] pwc: recv_control_msg error -32 req 02 val 2700
[  863.137646][ T5847] pwc: recv_control_msg error -32 req 02 val 2c00
[  863.150618][T12372] syz_tun: entered allmulticast mode
[  863.152393][ T5847] pwc: recv_control_msg error -32 req 04 val 1000
[  863.172708][ T5847] pwc: recv_control_msg error -32 req 04 val 1300
[  863.181679][T12372] dvmrp8: entered allmulticast mode
[  863.182500][ T5847] pwc: recv_control_msg error -32 req 04 val 1400
[  863.195519][ T5847] pwc: recv_control_msg error -32 req 02 val 2000
[  863.204249][ T5847] pwc: recv_control_msg error -32 req 02 val 2100
[  863.214611][ T5847] pwc: recv_control_msg error -32 req 04 val 1500
[  863.224976][ T5847] pwc: recv_control_msg error -32 req 02 val 2500
[  863.466991][ T5847] pwc: recv_control_msg error -32 req 02 val 2400
[  863.469924][T12371] syz_tun: left allmulticast mode
[  863.474306][ T5847] pwc: recv_control_msg error -32 req 02 val 2600
[  863.935736][ T5847] pwc: recv_control_msg error -71 req 02 val 2800
[  864.307741][ T5847] pwc: recv_control_msg error -71 req 04 val 1100
[  864.315141][ T5847] pwc: recv_control_msg error -71 req 04 val 1200
[  864.358406][ T5847] pwc: Registered as video103.
[  864.365226][ T5847] input: PWC snapshot button as /devices/platform/dummy_hcd.5/usb6/6-1/input/input11
[  864.402241][ T5847] usb 6-1: USB disconnect, device number 11
[  864.742871][T12390] loop2: detected capacity change from 0 to 4096
[  865.175243][T12397] fuse: Unknown parameter 'use00000000000000000000'
[  868.043054][T12423] loop2: detected capacity change from 0 to 8
[  868.100610][T12425] loop1: detected capacity change from 0 to 128
[  868.108286][T12425] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  868.366694][T12425] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  870.162783][ T7635] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  870.397453][ T1287] ieee802154 phy0 wpan0: encryption failed: -22
[  870.857790][ T1287] ieee802154 phy1 wpan1: encryption failed: -22
[  871.178895][T12435] loop2: detected capacity change from 0 to 128
[  871.768824][T12449] netlink: 200 bytes leftover after parsing attributes in process `syz.2.1803'.
[  873.910399][T12466] fuse: Unknown parameter 'user_i00000000000000000000'
[  876.071691][T12492] loop5: detected capacity change from 0 to 764
[  876.157761][T12492] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  877.191943][T12490] loop2: detected capacity change from 0 to 32768
[  877.208783][T12490] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz.2.1816 (12490)
[  877.244246][T12490] BTRFS info (device loop2): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  877.302087][T12490] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm
[  877.346941][T12490] BTRFS info (device loop2): force zlib compression, level 3
[  877.399410][T12490] BTRFS info (device loop2): force clearing of disk cache
[  877.410192][T12490] BTRFS info (device loop2): setting nodatasum
[  877.460563][T12490] BTRFS info (device loop2): use zlib compression, level 3
[  877.476420][T12490] BTRFS info (device loop2): allowing degraded mounts
[  877.496460][T12490] BTRFS info (device loop2): enabling disk space caching
[  877.511069][T12490] BTRFS info (device loop2): disk space caching is enabled
[  877.556307][ T5847] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  878.057969][ T5847] usb 6-1: Using ep0 maxpacket: 32
[  878.187242][ T5847] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  878.206164][ T5847] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  878.221525][ T5847] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  878.231918][ T5847] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  878.262637][ T5847] usb 6-1: config 0 descriptor??
[  878.295001][ T5847] hub 6-1:0.0: USB hub found
[  878.341385][T12490] BTRFS info (device loop2): enabling ssd optimizations
[  878.384743][T12490] BTRFS info (device loop2): auto enabling async discard
[  878.427890][T12490] BTRFS info (device loop2): rebuilding free space tree
[  878.479218][T12490] BTRFS info (device loop2): disabling free space tree
[  878.486303][T12490] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  878.499180][ T5847] hub 6-1:0.0: 1 port detected
[  878.534880][T12490] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  878.597422][T12521] fuse: Unknown parameter 'user_i00000000000000000000'
[  878.708982][T12490] BTRFS info (device loop2): balance: start -sprofiles=data|system|metadata|single|raid0|raid1|raid10|raid5|raid6|raid1c3|raid1c4|0xfffefffffffff800,usage=2899102924807,devid=0,drange=9223372036854776319..0,vrange=9..9
[  878.730146][    C1] vkms_vblank_simulate: vblank timer overrun
[  878.830801][T12490] BTRFS info (device loop2): balance: ended with status: 0
[  879.017256][ T5784] BTRFS info (device loop2): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  879.355360][   T23] usb 6-1: USB disconnect, device number 12
[  879.467676][    T9] hub 6-1:0.0: activate --> -19
[  880.216351][    T9] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  880.416680][    T9] usb 3-1: Using ep0 maxpacket: 8
[  880.592093][    T9] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  880.866035][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  880.917285][    T9] pvrusb2: Hardware description: Terratec Grabster AV400
[  880.925015][    T9] pvrusb2: **********
[  880.935894][    T9] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  880.966800][    T9] pvrusb2: Important functionality might not be entirely working.
[  880.989106][    T9] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  880.989523][T12546] fuse: Unknown parameter 'user_id00000000000000000000'
[  881.018713][    T9] pvrusb2: **********
[  881.133983][ T2318] pvrusb2: Invalid write control endpoint
[  881.298619][ T2318] pvrusb2: Invalid write control endpoint
[  881.304423][ T2318] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  881.336391][ T2318] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  881.361180][ T2318] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  881.395315][ T2318] pvrusb2: Device being rendered inoperable
[  881.425672][T12538] pvrusb2: Attempted to execute control transfer when device not ok
[  881.473314][ T2318] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  881.479247][ T5833] usb 3-1: USB disconnect, device number 35
[  881.506128][ T2318] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  881.552535][ T2318] pvrusb2: Attached sub-driver cx25840
[  881.576226][ T2318] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  881.621330][ T2318] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  882.591627][T12566] loop2: detected capacity change from 0 to 256
[  882.643170][T12566] FAT-fs (loop2): Directory bread(block 64) failed
[  882.650199][T12566] FAT-fs (loop2): Directory bread(block 65) failed
[  882.657063][T12566] FAT-fs (loop2): Directory bread(block 66) failed
[  882.664836][T12566] FAT-fs (loop2): Directory bread(block 67) failed
[  882.672775][T12566] FAT-fs (loop2): Directory bread(block 68) failed
[  882.679852][T12566] FAT-fs (loop2): Directory bread(block 69) failed
[  882.686721][T12566] FAT-fs (loop2): Directory bread(block 70) failed
[  882.694473][T12566] FAT-fs (loop2): Directory bread(block 71) failed
[  882.702457][T12566] FAT-fs (loop2): Directory bread(block 72) failed
[  882.710449][T12566] FAT-fs (loop2): Directory bread(block 73) failed
[  883.543304][   T28] audit: type=1800 audit(1752097721.977:585): pid=12566 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1836" name="bus" dev="loop2" ino=1048607 res=0 errno=0
[  884.583520][T12585] fuse: Unknown parameter 'user_id00000000000000000000'
[  884.806295][    T8] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  885.006276][    T8] usb 3-1: Using ep0 maxpacket: 8
[  885.034999][    T8] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[  885.077266][    T8] usb 3-1: config 179 has no interface number 0
[  885.095498][    T8] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  885.108526][    T8] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  885.120427][    T8] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  885.132579][    T8] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  885.145592][    T8] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  885.161372][    T8] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  885.170989][    T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  885.261502][T12583] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  885.673004][    T8] input: Generic X-Box pad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input12
[  885.902785][T12583] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  885.976728][T12583] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  886.328451][ T5833] usb 3-1: USB disconnect, device number 36
[  886.328501][    C0] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  886.342861][    C0] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  886.351982][ T5833] xpad 3-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  887.730115][T12611] fuse: Unknown parameter 'user_id00000000000000000000'
[  887.940158][   T27] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  889.146444][T12619] lo speed is unknown, defaulting to 1000
[  889.649606][   T27] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  889.859347][   T27] usb 6-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  890.002158][   T27] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  890.249330][   T27] usb 6-1: config 0 descriptor??
[  890.329370][   T27] pwc: Askey VC010 type 2 USB webcam detected.
[  890.542324][T12627] loop1: detected capacity change from 0 to 512
[  890.735336][   T27] pwc: recv_control_msg error -32 req 02 val 2b00
[  891.417766][   T27] pwc: recv_control_msg error -32 req 02 val 2700
[  891.425110][   T27] pwc: recv_control_msg error -32 req 02 val 2c00
[  891.432842][   T27] pwc: recv_control_msg error -32 req 04 val 1000
[  891.482901][   T27] pwc: recv_control_msg error -32 req 04 val 1300
[  891.541474][   T27] pwc: recv_control_msg error -32 req 04 val 1400
[  891.555494][   T27] pwc: recv_control_msg error -32 req 02 val 2000
[  891.602790][   T27] pwc: recv_control_msg error -32 req 02 val 2100
[  891.650270][   T27] pwc: recv_control_msg error -32 req 04 val 1500
[  891.670909][   T27] pwc: recv_control_msg error -32 req 02 val 2500
[  891.691758][   T27] pwc: recv_control_msg error -32 req 02 val 2400
[  891.713972][   T27] pwc: recv_control_msg error -32 req 02 val 2600
[  891.723367][   T27] pwc: recv_control_msg error -71 req 02 val 2900
[  891.746605][   T27] pwc: recv_control_msg error -71 req 02 val 2800
[  891.777317][   T27] pwc: recv_control_msg error -71 req 04 val 1100
[  891.803876][   T27] pwc: recv_control_msg error -71 req 04 val 1200
[  891.834939][   T27] pwc: Registered as video103.
[  891.872018][   T27] input: PWC snapshot button as /devices/platform/dummy_hcd.5/usb6/6-1/input/input13
[  891.929224][   T27] usb 6-1: USB disconnect, device number 13
[  891.943847][T12639] loop2: detected capacity change from 0 to 1024
[  892.014541][T12639] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  892.057387][T12639] ext4 filesystem being mounted at /477/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  892.451003][T12649] random: crng reseeded on system resumption
[  893.277777][T12653] fuse: Bad value for 'fd'
[  893.280154][ T5784] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  894.495218][T12666] loop1: detected capacity change from 0 to 512
[  894.596954][ T7476] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  894.629261][T12666] loop1: detected capacity change from 0 to 22
[  894.639670][T12666] MTD: Attempt to mount non-MTD device "/dev/loop1"
[  894.670071][T12666] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  895.385736][T12673] loop5: detected capacity change from 0 to 256
[  895.393204][T12673] exfat: Deprecated parameter 'utf8'
[  895.415879][T12673] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xdd33351c, utbl_chksum : 0xe619d30d)
[  895.721948][T12676] loop1: detected capacity change from 0 to 128
[  895.824290][ T8345] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  895.890534][T12679] overlay: ./file1 is not a directory
[  895.990839][T12680] (null): rxe_set_mtu: Set mtu to 4096
[  895.998063][T12680] rdma_rxe: rxe_newlink: failed to add lo
[  897.086154][ T5826] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  897.278467][ T5826] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  897.301782][ T5826] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  897.311775][ T5826] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  897.328900][ T5826] usb 2-1: config 0 descriptor??
[  897.341352][ T5826] pwc: Askey VC010 type 2 USB webcam detected.
[  898.207549][T12694] Bluetooth: hci3: Frame reassembly failed (-90)
[  898.243160][   T48] Bluetooth: hci3: Frame reassembly failed (-84)
[  898.362815][ T5826] pwc: recv_control_msg error -32 req 02 val 2b00
[  898.377144][ T5826] pwc: recv_control_msg error -32 req 02 val 2700
[  898.388738][ T5826] pwc: recv_control_msg error -32 req 02 val 2c00
[  898.398811][ T5826] pwc: recv_control_msg error -32 req 04 val 1000
[  898.406239][ T5826] pwc: recv_control_msg error -32 req 04 val 1300
[  898.414470][ T5826] pwc: recv_control_msg error -32 req 04 val 1400
[  898.422276][ T5826] pwc: recv_control_msg error -32 req 02 val 2000
[  898.430764][ T5826] pwc: recv_control_msg error -32 req 02 val 2100
[  898.440708][ T5826] pwc: recv_control_msg error -32 req 04 val 1500
[  898.456167][ T5826] pwc: recv_control_msg error -32 req 02 val 2500
[  898.469918][ T5826] pwc: recv_control_msg error -32 req 02 val 2400
[  898.488383][ T5826] pwc: recv_control_msg error -32 req 02 val 2600
[  898.501302][ T5826] pwc: recv_control_msg error -71 req 02 val 2900
[  898.509148][ T5826] pwc: recv_control_msg error -71 req 02 val 2800
[  898.516379][ T5826] pwc: recv_control_msg error -71 req 04 val 1100
[  898.526405][ T5826] pwc: recv_control_msg error -71 req 04 val 1200
[  898.549269][ T5826] pwc: Registered as video103.
[  898.557899][ T5826] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input14
[  898.585405][ T5826] usb 2-1: USB disconnect, device number 43
[  898.885746][T12699] loop5: detected capacity change from 0 to 32768
[  898.919435][T12699] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  898.931887][T12699] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm
[  898.941818][T12699] BTRFS info (device loop5): turning on sync discard
[  898.949691][T12699] BTRFS info (device loop5): setting nodatasum
[  898.959055][T12699] BTRFS info (device loop5): force zlib compression, level 3
[  898.967387][T12699] BTRFS info (device loop5): metadata ratio 1
[  898.974772][T12699] BTRFS info (device loop5): enabling ssd optimizations
[  898.983034][T12699] BTRFS info (device loop5): allowing degraded mounts
[  898.989912][T12699] BTRFS info (device loop5): turning off discard
[  899.036064][T12699] BTRFS info (device loop5): using free space tree
[  899.153243][T12718] loop1: detected capacity change from 0 to 128
[  899.182069][T12718] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  899.260817][T12718] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  899.613776][T12726] fuse: Bad value for 'fd'
[  900.216877][T12695] Bluetooth: hci3: command 0x1003 tx timeout
[  900.226057][   T50] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  900.372906][T11692] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  900.825163][ T9865] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  901.246330][T12747] netlink: 'syz.5.1883': attribute type 3 has an invalid length.
[  902.816070][ T5833] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  903.008178][ T5833] usb 6-1: New USB device found, idVendor=055f, idProduct=c420, bcdDevice=6a.33
[  903.036013][   T23] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  903.044364][ T5833] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  903.068865][ T5833] usb 6-1: config 0 descriptor??
[  903.087885][ T5833] gspca_main: sunplus-2.14.0 probing 055f:c420
[  903.247190][   T23] usb 2-1: Using ep0 maxpacket: 32
[  903.258894][   T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  903.288215][   T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  903.320656][   T23] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  903.342861][   T23] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  903.368786][   T23] usb 2-1: config 0 descriptor??
[  903.380134][   T23] hub 2-1:0.0: USB hub found
[  903.408783][T12769] ------------[ cut here ]------------
[  903.414885][T12769] WARNING: CPU: 1 PID: 12769 at mm/page_alloc.c:4433 __alloc_pages+0x2de/0x460
[  903.424022][T12769] Modules linked in:
[  903.428210][T12769] CPU: 1 PID: 12769 Comm: syz.2.1893 Not tainted 6.6.96-syzkaller #0
[  903.436443][T12769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  903.446629][T12769] RIP: 0010:__alloc_pages+0x2de/0x460
[  903.452120][T12769] Code: 0c 25 28 00 00 00 48 3b 8c 24 a0 00 00 00 0f 85 a0 00 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 c6 05 cf b8 62 0c 01 <0f> 0b eb a5 a9 00 00 08 00 8b 74 24 0c 75 3e 44 89 f1 81 e1 7f ff
[  903.473045][T12769] RSP: 0018:ffffc900052b7a80 EFLAGS: 00010246
[  903.479543][T12769] RAX: ffffc900052b7a00 RBX: 1ffff92000a56f54 RCX: 0000000000000000
[  903.487660][T12769] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc900052b7ae8
[  903.495755][T12769] RBP: ffffc900052b7b80 R08: ffffc900052b7ae7 R09: 0000000000000000
[  903.504002][T12769] R10: ffffc900052b7ac0 R11: fffff52000a56f5d R12: 0000000000000020
[  903.512137][T12769] R13: 0000000000000000 R14: 0000000000040d40 R15: dffffc0000000000
[  903.520277][T12769] FS:  00007fccb1eba6c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[  903.529698][T12769] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  903.536510][T12769] CR2: 0000200000001000 CR3: 0000000069fbe000 CR4: 00000000003506e0
[  903.544586][T12769] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  903.552752][T12769] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  903.560870][T12769] Call Trace:
[  903.564203][T12769]  <TASK>
[  903.568624][T12769]  ? zone_statistics+0x170/0x170
[  903.573744][T12769]  ? v9fs_fid_find+0x270/0x270
[  903.578941][T12769]  __kmalloc_large_node+0x8c/0x1e0
[  903.584270][T12769]  ? v9fs_fid_get_acl+0x4f/0xf0
[  903.589301][T12769]  __kmalloc+0x111/0x240
[  903.593660][T12769]  v9fs_fid_get_acl+0x4f/0xf0
[  903.598516][T12769]  v9fs_get_acl+0x9a/0x350
[  903.603173][T12769]  v9fs_mount+0x862/0xb40
[  903.607731][T12769]  ? xfs_fs_commit_blocks+0x6c0/0x6c0
[  903.613252][T12769]  legacy_get_tree+0xea/0x180
[  903.618093][T12769]  ? xfs_fs_commit_blocks+0x6c0/0x6c0
[  903.623728][T12769]  vfs_get_tree+0x8c/0x280
[  903.628333][T12769]  do_new_mount+0x24b/0xa40
[  903.632935][T12769]  __se_sys_mount+0x2da/0x3c0
[  903.637830][T12769]  ? __x64_sys_mount+0xc0/0xc0
[  903.642701][T12769]  ? lockdep_hardirqs_on+0x98/0x150
[  903.648069][T12769]  ? __x64_sys_mount+0x20/0xc0
[  903.652935][T12769]  do_syscall_64+0x55/0xb0
[  903.657646][T12769]  ? clear_bhb_loop+0x40/0x90
[  903.662391][T12769]  ? clear_bhb_loop+0x40/0x90
[  903.667228][T12769]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  903.674185][T12769] RIP: 0033:0x7fccb0f8e929
[  903.678918][T12769] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  903.698720][T12769] RSP: 002b:00007fccb1eba038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  903.707386][T12769] RAX: ffffffffffffffda RBX: 00007fccb11b5fa0 RCX: 00007fccb0f8e929
[  903.715436][T12769] RDX: 0000200000000b80 RSI: 00002000000003c0 RDI: 0000000000000000
[  903.723559][T12769] RBP: 00007fccb1010b39 R08: 0000200000000580 R09: 0000000000000000
[  903.731636][T12769] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  903.739890][T12769] R13: 0000000000000000 R14: 00007fccb11b5fa0 R15: 00007ffce26a4e48
[  903.748038][T12769]  </TASK>
[  903.751128][T12769] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  903.758420][T12769] CPU: 1 PID: 12769 Comm: syz.2.1893 Not tainted 6.6.96-syzkaller #0
[  903.766504][T12769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  903.776578][T12769] Call Trace:
[  903.779876][T12769]  <TASK>
[  903.782830][T12769]  dump_stack_lvl+0x16c/0x230
[  903.787541][T12769]  ? show_regs_print_info+0x20/0x20
[  903.792849][T12769]  ? load_image+0x3b0/0x3b0
[  903.797413][T12769]  panic+0x2c0/0x710
[  903.801341][T12769]  ? bpf_jit_dump+0xd0/0xd0
[  903.805872][T12769]  __warn+0x2e0/0x470
[  903.809883][T12769]  ? __alloc_pages+0x2de/0x460
[  903.814673][T12769]  ? __alloc_pages+0x2de/0x460
[  903.819546][T12769]  report_bug+0x2be/0x4f0
[  903.824043][T12769]  ? __alloc_pages+0x2de/0x460
[  903.828884][T12769]  ? __alloc_pages+0x2de/0x460
[  903.833702][T12769]  ? __alloc_pages+0x2e0/0x460
[  903.838548][T12769]  handle_bug+0xcf/0x120
[  903.842860][T12769]  exc_invalid_op+0x1a/0x50
[  903.847423][T12769]  asm_exc_invalid_op+0x1a/0x20
[  903.852313][T12769] RIP: 0010:__alloc_pages+0x2de/0x460
[  903.857712][T12769] Code: 0c 25 28 00 00 00 48 3b 8c 24 a0 00 00 00 0f 85 a0 00 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 c6 05 cf b8 62 0c 01 <0f> 0b eb a5 a9 00 00 08 00 8b 74 24 0c 75 3e 44 89 f1 81 e1 7f ff
[  903.877348][T12769] RSP: 0018:ffffc900052b7a80 EFLAGS: 00010246
[  903.883460][T12769] RAX: ffffc900052b7a00 RBX: 1ffff92000a56f54 RCX: 0000000000000000
[  903.891469][T12769] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc900052b7ae8
[  903.899469][T12769] RBP: ffffc900052b7b80 R08: ffffc900052b7ae7 R09: 0000000000000000
[  903.907468][T12769] R10: ffffc900052b7ac0 R11: fffff52000a56f5d R12: 0000000000000020
[  903.915452][T12769] R13: 0000000000000000 R14: 0000000000040d40 R15: dffffc0000000000
[  903.923548][T12769]  ? zone_statistics+0x170/0x170
[  903.928517][T12769]  ? v9fs_fid_find+0x270/0x270
[  903.933306][T12769]  __kmalloc_large_node+0x8c/0x1e0
[  903.938439][T12769]  ? v9fs_fid_get_acl+0x4f/0xf0
[  903.943308][T12769]  __kmalloc+0x111/0x240
[  903.947573][T12769]  v9fs_fid_get_acl+0x4f/0xf0
[  903.952264][T12769]  v9fs_get_acl+0x9a/0x350
[  903.956708][T12769]  v9fs_mount+0x862/0xb40
[  903.961082][T12769]  ? xfs_fs_commit_blocks+0x6c0/0x6c0
[  903.966481][T12769]  legacy_get_tree+0xea/0x180
[  903.971185][T12769]  ? xfs_fs_commit_blocks+0x6c0/0x6c0
[  903.976586][T12769]  vfs_get_tree+0x8c/0x280
[  903.981028][T12769]  do_new_mount+0x24b/0xa40
[  903.985557][T12769]  __se_sys_mount+0x2da/0x3c0
[  903.990255][T12769]  ? __x64_sys_mount+0xc0/0xc0
[  903.995044][T12769]  ? lockdep_hardirqs_on+0x98/0x150
[  904.000254][T12769]  ? __x64_sys_mount+0x20/0xc0
[  904.005039][T12769]  do_syscall_64+0x55/0xb0
[  904.009493][T12769]  ? clear_bhb_loop+0x40/0x90
[  904.014204][T12769]  ? clear_bhb_loop+0x40/0x90
[  904.018905][T12769]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  904.024836][T12769] RIP: 0033:0x7fccb0f8e929
[  904.029291][T12769] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  904.048933][T12769] RSP: 002b:00007fccb1eba038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  904.057389][T12769] RAX: ffffffffffffffda RBX: 00007fccb11b5fa0 RCX: 00007fccb0f8e929
[  904.065377][T12769] RDX: 0000200000000b80 RSI: 00002000000003c0 RDI: 0000000000000000
[  904.073363][T12769] RBP: 00007fccb1010b39 R08: 0000200000000580 R09: 0000000000000000
[  904.081348][T12769] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  904.089334][T12769] R13: 0000000000000000 R14: 00007fccb11b5fa0 R15: 00007ffce26a4e48
[  904.097340][T12769]  </TASK>
[  904.100693][T12769] Kernel Offset: disabled
[  904.105142][T12769] Rebooting in 86400 seconds..