last executing test programs:

3m34.699686929s ago: executing program 4 (id=232):
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x14, 0x15, 0x1, 0x70bd25, 0x0, {0x2, 0x0, 0x6e80}}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x8800)
r0 = socket$kcm(0x2b, 0x1, 0x0)
sendmsg$inet(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x2, 0x4001, @dev={0xac, 0x14, 0x14, 0x32}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x200048cc)
setsockopt$sock_attach_bpf(r0, 0x1, 0xd, &(0x7f0000000080), 0x24)
close(r0)

3m34.197797828s ago: executing program 4 (id=235):
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x800, &(0x7f00000007c0)=ANY=[@ANYBLOB="696f636861727365743d6d61636963656c616e642c756d61736b3d30303030303030303030303030303030303030303030352c757466382c6572726f72733d636f6e74696e75652c696f636861727365743d6d616363656e746575726f2c646973636172642c696f636861727365743d63703836302c6572726f72733d72656d6f756e742d726f2c6572726f72733d636f6e74696e75652c6572726f72733d636f6e74696e75652c00d40644f916f42b6b63a3ddd3e96cc13f37556b6c48e92c5489e97fc7d832bee08705079918afb2d81bad43ba444490ffc574f6efdeb56a0e7132b223a9c8d5187fa5140d22265ea35c924720bef432e5229293514046bb39bf66c18191d79d3028e0aa057fed10deae393038b6e5a9e6754a38d872927b96a057495482"], 0x1, 0x1524, &(0x7f0000002280)="$eJzs3AuYTlXbOPD7XmvtMSbpaZLDsNa6N09yWCZJckiSQ5IkSZJTQtIkryQkhpyShiQkhyE5DCE5TEwa5/P5kJAkTZKE5JSs/yX8vb31fu/7fm/f67u+uX/XtS/rfva+1773cz+HvbeZ+a7zkBqNalZtQETwb8GL/yQDQCwADACA6wAgAICy8WXjL6zPKTH539sJ+3M9kna1K2BXE/c/e+P+Z2/c/+yN+5+9cf+zN+5/9sb9z964/4xlZ5umFbiel+y78P3/7Iy///8PySo15qs1pW7sAhDzz6Zw/7M37v//WcE/sxH3P3vj/mdXsVe7APa/AL//s4Mcf3cN9z974/4zlp1d7fvPV3uBSPZ+Dq72648xxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGWPZw2l+hAODy+GrXxRhjjDHGGGOMsT+Pz3G1K2CMMcYYY4wxxtj/PAQBEhQEEAM5IBZyQhwIALgWcsN1EIHrIR5ugDxwI+SFfJAfCkACFIRCoMGABYIQCkMRiMJNUBRuhmJQHEpASXBQChLhFigNt0IZuA3Kwu1QDu6A8lABKkIluBMqw11QBe6GqnAPVIPqUANqwr1QC+6D2nA/1IEHoC48CPXgIagPD0MDeAQawqPQCB6DxvA4NIGm0AyaQ4v/Vv5L0B1ehh7QE5KhF/SGV6AP9IV+0B8GwKswEF6DQfA6pMBgGAJvwFB4E4bBWzAcRsBIeBtGwTswGsbAWBgHqTAeJsC7MBHeg0kwGabAVEiDaTAd3ocZMBNmwQcwGz6EOTAX5sF8SIePYAEshAz4GBbBJ5AJi2EJLIVlsBxWwEpYBathDayFdbAeNsBG2ASbYQtshW2wHXbAp7ATPoNdsBv2wOewF774F/NP/U1+FwQEFChQocIYjMFYjMU4jMNcmAtzY26MYATjMR7zYB7Mi3kxP+bHBEzAQlgIDRokJCyMhTGKUSyKRbEYFsMSWAIdOkzERCyNt2IZLINlsSyWw3JYHitgBayElbAyVsYqWAWrYlWshtWwBtbAe/Fe7IW1sTbWwTpYF+tevj2FDbABNsSG2AgbYWNsjE2wCTbDZtgCW2BLbImtsBW2wTbYFttiO2yHSZiE7bE9dsAO2BE7YifshJ2xM3bBrtg166UcgC/jy9gTq4le2Bt7Yx9MydEP+2N/fBUH4mv4Gr6OKTgYh+Ab+Aa+icPwJA7HETgSR2Jl8Q6OxjFIYhymYipOwAk4ESfiJJyMk3EqpuE0nI7TcQbOxJn4Ac7GD/FDnItzcT6mYzouwIWYgRm4CE9hJi7GJbgUl+FyXIYrcRWuxDW4FtfgelyPG3EjbsbNuBW34nbcjp+iAsDPcDfuxhTci3txH+7D/bgfD+ABzMIsPIgH8RAewsN4GI/gETyKx/A4HsMTeAJP4ik8jafxLJ7Fc/hCwjcNPy2+OgXEBUooESNiRKyIFXEiTuQSuURukVtERETEi3iRR+QReUVekV/kFwkiQRQShYQRRpAIYwBAREVUFBVFRTFRTJQQJYQTTiSKRFFalBZlRBlRVtwuyok7RHlRQbR2lUQlUVm0cVXE3aKqqCqqieqihqgpaopaopaoLWqLOqKOqCvqinriIVFf9MJ++Ii40JlGYjA2FkOwiWgq5KVPsJZiGLYSrUUb8ZQYgcOxnWjpksSzor0YjR3EX8QYfF50EuOws3hRdBFdRTfxkuguWrkeoqeYhL1EbzEV+4i+op/oL2ZgdfEBzs5ZQ7wuUsRgMUS8Iebjm2KYeEsMFyPESPG2GCXeEaPFGDFWjBOpYryYIN4VE8V7YpKYLKaIqSJNTBPTxftihpgpZokPxGzxoZgj5op5Yr5IFx+JBWKhyBAfi0XiE5EpFoslYqlYJpaLFWKlWCVWizVirVgn1osNYqPYJDaLLWKr2Ca2ix3iU7FTfCZ2id1ij/hc7BVfiH3iS7FffCUOiK9FlvhGHBTfikPiO3FYfC+OiB/EUXFMHBc/ihPiJ3FSnBKnxRlxVvwszolfxHnhBUiUQkqpZCBjZA4ZK3PKOHmNzCWDS8/u9TJe3iDzyBtlXplP5pcFZIIsKAtJLY20kmQoC8siMipvkkXlzbKYLC5LyJLSyVIyUd4iS8tbZRl5mywrb5fl5B2yvKwgK8pK8k5ZWd4lIXJxH9VkdVlD1pT3ymS4T9aW98s68gFZVz4o68mHZH35sGwgH5EN5aOykXxMNpaPyyayqWwmm8sW8gnZUj4pW8nWso18SraVT8t28hmZJJ+V7aW/9BJ5XnaSL8jO8kXZRXaV3eQv8rz0sofsKaEXyN7yFdlH9pX9ZH85QL4qB8rX5CD5ukyRg+UQ+YYcKt+Uw+RbcrgcIUfKt+Uo+Y4cLcfIsXKcTJXj5QT5rpwo35OT5GQ5RU6VaXKa7HdppllS/sP8d/8gf9Cve98oN8nNcovcKrfJ7XKH/FTulDvlLrlL7pF75F65V+6T++R+uV8ekAdklsySB+VBeUgekoflYXlEHpFH5TF5Rv4oT8if5El5Sp6SZ+RZeVaeu/QcgEIllFRKBSpG5VCxKqeKU9eoXOpalVtdpyLqehWvblB51I0qr8qn8qsCKkEVVIWUVkZZRSpUhVURFVU34aUXjCqhSiqnSqlEdcu/kq+KqptVMVX8N/mX60v+O/W1UC1US9VStVKtVBvVRrVVbVU71U4lqSTVXrVXHVQH1VF1VJ1UJ9VZdVZdVBfVTXVT3VV31UP1UMkqWfVWr6g+qq/qp/qrAepVNVANVIPUIJWiUtQQNUQNVUPVMDVMDVfD1Ug1Uo1So9RoNVqNVWNVqkpVE9QENVFNVJPUJDVFTVFpKk1NV9PVDDVDzVKz1Gw1W81Rc9Q8NU+lq3S1QC1QGSpDLVKLVKZarBarpWqpWq6Wq5VqpVqtVqu1aq1ar9arTLVJbVJb1Ba1TW1TO9QOtVPtVLvULrVH7VF71V61T+1T+9V+dUAdUFkqSx1UB9UhdUgdVofVEXVEHVVH1XF1XJ1QJ9RJdVKdVqfVWXVWnVPn1Hl1/sJpXyACEahABTFBTBAbxAZxQVyQK8gV5A5yB5EgEsQH8UGe4MYgb5AvyB8UCBKCgkGhQAcmsIG41PRocFNQNLg5KBYUD0oEJQMXlAoSg1uC0sGtQZngtqBscHtQLrgjKB9UCCoGlYI7g8rBXUGV4O6ganBPUC2oHtQIagb3BrWC+4Lawf1BneCBoG7wYFAveCioHzwcNAgeCRoGjwaNgseCxsHjQZOgadAsaB60+FPn9/5kviddD91TJ+teurd+RffRfXU/3V8P0K/qgfo1PUi/rlP0YD1Ev6GH6jf1MP2WHq5H6JH6bT1Kv6NH6zF6rB6nU/V4PUG/qyfq9/QkPVlP0VN1mp6mp+v39Qw9U8/SH+jZ+kM9R8/V8/R8na4/0gv0Qp2hP9aL9Cc6Uy/WS/RSvUwv1yv0Sr1Kr9Zr9Fq9Tq/XG/RGvUlv1lv0Vr1Nb9c79Kd6p/5M79K79R79ud6rv9D79Jd6v/5KH9Bf6yz9jT6ov9WH9Hf6sP5eH9E/6KP6mD6uf9Qn9E/6pD6lT+sz+qz+WZ/Tv+jz2l84ub/w9W6UUSbGxJhYE2viTJzJZXKZ3Ca3iZiIiTfxJo/JY/KavCa/yW8STIIpZAqZC8iQKWwKm6iJmqKmqClmipkSpoRxxplEk2hKm9KmjCljypqyppwpZ8qb8qaiqWjuNHeau8xd5m5zt7nH3GOqm+qmpqlpaplaprapbeqYOqauqWvqmXqmvqlvGpgGpqFpaBqZRqaxaWyamCammWlmWpgWpqVpaVqZVqaNaWPamramnWlnkkySaW/amw6mg+loOppOppPpbDqbLqaL6Wa6me6mu+lhephkk2x6m96mj+lj+pl+ZoAZYAaagWaQGWRSTIoZYoaYoWaoGWaGmeFmhBl54UTVvGNGmzFmrBlnUk2qmWAmmIlmoplkJpkpZopJM2lmupluZpgZZpaZZWab2WaOmWPmmXkm3aSbBWaByTAZZpFZZDJNpllilphlZplZYVaYVWaVWWPWmHWwzmwwG8wms8lsMVvMNrPN7DA7zE6z0+wyu8wes8fsNXvNPrPP7Df7zQFzwGSZLHPQHDSHzCFz2Bw2R8wRc9QcNcfNcXPCnDAnzUlz2pw2Z02+S9+X3sTanDbOXmNz2Wttbnud/ds4vy1gE2xBW8hqm9fm+01srLXFbHFbwpa0zpayifaW38XlbQVb0Vayd9rK9i5b5XdxLXufrW3vt3XsA7amvfc3cV37oK1nH7P1EQFsU9vQNreN7GO2sX3cNrFNbTPb3La1T9t29hmbZJ+17e1zv4sX2IV2lV1t19i1dpfdbU/bM/aQ/c6etT/bHranHWBftQPta3aQfd2m2MG/i0fat+0o+44dbcfYsXbc7+IpdqpNs9PsdPu+nWFn/i5Otx/Z2TbDzrFz7Tw7/9f4Qk0Z9mO7yH5iM20AS+xSu8wutyvsyv9f61K73m6wG+1O+5ndYrfabXa73XH5RNjutnvs53av/cIetN/a/fYre8Aetln2m1/jC8d32H5vj9gf7FF7zB63P9oT9id1OfvCsf9of7HnrbdASECSFAUUQzkolnJSHF1Duehayk3XUYSup3i6gfLQjZSX8lF+KkAJVJAKkSZDlohCKkxFKEo30eXySlBJclSKEukWKk23Uhm6jcrS7VSO7qDyVIEqUiW6kyrTXVSF7qaqdA9Vo+pUg2rSvVSL7qPadD/VoQeoLj1I9eghqk8PUwN6hBrSo9SIHqPG9Dg1oabUjJpTC3qCWtKT1IpaUxt6itrS09SOnqEkepba03PUgf5CHel56kQvUGd6kbpQV+pGL1F3epl6UE9Kpl7Um16hPtSX+lF/GkCv0kB6jQbR65RCg2kIvUFD6U0aRm/RcBpBI+ltGkXv0GgaQ2NpHKXSeJpA79JEeo8m0WSaQlMpjabRdHqfZtBMmkUf0Gz6kObQXJpH8ymdPqIFtJAy6GNaRJ9QJi2mJbSUltFyWkEraRWtpjW0ltbRetpAG2kTbaYttJW20XbaQZ/STvqMdtFu2kOf0176gvbRl7SfvqID9DVl0Td0kL6lQ/QdHabvfU/6gY7SMTpOP9IJ+olO0ik6TWfoLP1M5+gXOk+eIMRQhDJUYRDGhDnC2DBnGBdeE+YKrw1zh9eFkfD6MD68IcwT3hjmDfOF+cMCYUJYMCwU6tCENqQwDAuHRcJoeFNYNLw5LBYWD0uEJUMXlgoTw1vC0uGtYZnwtrBseHtYLrwjLB9WCB97oFJ4Z1g5vCusEt4dVg3vCauF1cMaYc3w3rBWeF9YO7w/rBM+EJYJHwzrhQ+F9cOHwwbhI2HD8NGwUfhY2Dh8PGwSNg2bhc3DFuETYcvwybBV2DpsEz4Vtg2fDtuFz4RJ4bNh+/C5X9c/uPDvr08Oe4W9w1fCV0Lv75fzovOj6dGPoguiC6MZ0Y+ji6KfRDOji6NLokujy6LLoyuiK6Oroquja6Jro+ui66Mbohuj3tfMAQ6dcNIpF7gYl8PFupwuzl3jcrlrXW53nYu46128u8HlcTe6vC6fy+8KuARX0BVy2hlnHbnQFXZFXNTd5Iq6m10xV9yVcCWdc6VcomvuWrgWrqV70rVyrV0b95R7yj3tnnbPuGfcs669e851cH9xHd3zrpN7wb3gXnRdXFfXzb3kurvxuS++J5Ndb9fb9XF9XD/Xzw1wA9xAN9ANcoNciktxQ9wQN9QNdcPcMDfcDXcj3Ug3yo1yo91oN9aNdaku1U1wE9xEN9FNcpPcFDfFpbk0N91NdzPcDFd55sW9zHFz3Dw3z6W7dLfAXThnzHCL3CKX6TLdErfELXPL3Aq3wq1yq9wat8atc+vcBrfBbXKb3Ba3xW1z29wOt8PtdDvdLn/dxUndXrfP7XP73X53wH3tstw37qD71h1y37nD7nt3xP3gjrpj7rj70Z1wP7mT7pQ77c64s+5nd8794s4771Ij4yMTIu9GJkbei0yKTI5MiUyNpEWmRaZH3o/MiMyMzIp8EJkd+TAyJzI3Mi8yP5Ie+SiyILIwkhH5OLIo8kkkM7I4siSyNLIssjzifcEtoS/si/iov8kX9Tf7Yr64L+FLeudL+UR/iy/tb/Vl/G2+rL/dl/N3+PK+gq/oH/dNfFPfzDf3LfwTvqV/0rfyrX0b/5Rv65/27fwzPsk/69v753wH/xff0T/vO/kXfGf/ou/iu/pu/iXf3b/se/iePtn38r39K76P7+v7+f5+gH/VD/Sv+UH+dZ/iB/sh/g0/1L/ph/m3/HA/wo+MeduPunyJDON8qh/vJ/h3/UT/np/kJ/spfqpP89P8dP++n+Fn+ln+Az/bf+jn+Ll+np/v0/1HfoFf6DP8x36R/8Rn+sWXbyr7FX6lX+VX+zV+rV/n1/sNfqPf5Df7LX6r3+a3+x3+U7/Tf+Z3+d1+j//c7/Vf+H3+S7/ff+UP+K99lv/GH/Tf+kP+O3/Yf++P+B/8UX/MH/c/+hP+J3/Sn/Kn/Rl/1v/sz/lf/Hn+nTXGGGOMsX/K+CtD8ds1F2/n9/qDHPFXG/cGgGu3Fsj66/UXzijX5b047isS2kYA4NmenR+5vFSrlpycfGnbTAlBkbkAl/8n6IIYuBIvhjbwNCRBayj9h/X3FV3P0j+YP3o7QNxf5cTClfjK/F8CYPIfzP/EUyMXlAtPx/8X888FKFbkSk5OuBIvhja/3l9pDWX+Tv35Wv6D+nN+lQrQ6q9ycsGV+Er9ifAkPAdJv9mSMcYYY4wxxhi7qK+o2PHy9efln/j8o+vzBHUlJwdcif/R9TljjDHGGGOMMcauvue7dnvmiaSk1h3/9UGV/1bWPz1oDP9TM/PgDwfeA1x+RAHAvzkhwIWB/E8exeb/yL5SLr11/nbVsjM+gP8drfwzBlf5g4kxxhhjjDH2p7ty0v/bx9XVKogxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGMuG/hN/TuxqHyNjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDF2tf2/AAAA//9IVQM5")
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file1\x00', 0x0, &(0x7f0000010540)=ANY=[@ANYBLOB='discard,errors=remount-ro,zero_size_dir,keep_last_dots,iocharset=macromanian,time_offset=0x0000000000000000,dmask=00000000000000000000001,allow_utime=00000000000000000002000,gid=', @ANYRESHEX=0x0, @ANYBLOB=',utf8,fmask=00000000000000000000000,iocharset=cp850,fowner>', @ANYRESDEC=0x0, @ANYBLOB="2c646566636f6e746578743d726f6f742c6d6561737572652c66756e633d4b455845435f494e495452414d46535f434845434b2c646f6e745f686173682c7063723d30303030303030303030303030303030303033382c00aadd8b396a0a938f58e79d4e28aca0a20349818dab4100b4d979c9f00fad1aa53d3ef2ab14055d2b9841b12c5d68ba44c453577ede4edfd63e92290483f4bde29ce090c27aed91ce5aab302132a2557e9796fc8f37311c7c33da760a98b7e428e8620fb666bdbadc07f00a9f90403a23c188c93a879994669389ddb10b52966815b0f80ac6e53b5836eb5155a6859c7ed79c6345661106de075557be482fa0e9db2d9c8abe8cd563040add5353ae79acf2ce42b735fef8be5cda2d99c9138fd66c535f468fb1891d3812fdf2c59b1bec20d4be132abaff7b20f6a1c4"], 0xfc, 0x1557, &(0x7f0000004a40)="$eJzs3AmYjtX7OPD7Puc8Y0h6m2QZzjn3w5sshyTJkiRLkiRJki0hSfKVhMSQLWkIIdnJHpItJo1935eEJkmTJNmyJed/DeanvtW/fr/6/VzXd+7Pdb2Xcz/Pc5/nfud+l+c9453vOgysUq9qxTpEBH8LXv4nAQBiAaAvANwAAAEAlIwrGZe2P7PEhL93EvbPemzata6AXUvc/4yN+5+xcf8zNu5/xsb9z9i4/xkb9z9j4/4zlpFtmZ77Rr5l3Buv/2dk/P7/HyS16Kiv1hW9uSNAzF9N4f5nbNz//1jBXzmI+5+xcf8zqthrXQD7J83+n6Xx8z8jyPSHe7j/GRv3n7GM7NI6cGa45uvQ1+oGkYz9O5Br/fhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMZYxnPVXKQBIH1/ruhhjjDHGGGOMMfbP8ZmudQWMMcYYY4wxxhj734cgQIKCAGIgE8RCZsgCAgCuh2xwA0TgRoiDmyA73Aw5ICfkgtwQD3kgL2gwYIEghHyQH6JwCxSAW6EgFILCUAQcFIVicBsUh9uhBNwBJeFOKAV3QWkoA2WhHNwN5eEeqAD3QkW4DypBZagCVeF+qAYPIB4BqAEPQU14GGrBI1AbHoU68BjUhcehHjwB9eFJaAANoRE0hia/zYfq8GB6fszv578CXeBV6ArdIAG6Qw94DXpCL+gNfaAvvA794A3oD29CIgyAgfAWDILBMATehqEwDIbDOzAC3oWRMApGwxgYC+NgPEyAifAeTILJMAWmwjSYDjPgfZgJs2A2fABz4EOYC/NgPiyAhfARLILFkAQfwxL4BJJhKSyD5bACVsIqWA1rYC2sg/U/9YSNsAk2wxbYCttgO+yAnbALPoXd8Bnsgb2D5wFACnzxB/niSm//Pf9Mej7sg88hBToiIKBAgQoVxmAMxmIsZsEsAWBWzIbZMIIRjMM4zI7ZMQfmwFyYC+MxHvNiXjRokJAwH+bDKEaxABbAglgQC2NhdOiwGBbD4ng7lsASWBJLYikshaWxDJbBclgOy2N5rIAVsCJWxEpYCatgFbwf78fuWB2rYw2sgTWxZvryFNbBOlgX62I9rIf1sT42wAbYCBthE2yCTbEpNsNm2AJbYEtsia2wFbbG1tgG22BbbIvtsB22x/bYATtgR+yEnVJfyQT4Kr6K3bCS6I49sAf2xMRMvbEP9sHXsR++gW/gm5iIA3AgvoVv4WAckhlwKA7D4Tg8Nq2ekTgKSYzBsTgWx+N4nIgTcRJOxsk4FafhdJyBM3AmzsJZ+AHOwQ/xQ5yH83ABLsSFuAgXYxIm4RI8g8m4FJfhclyBK3EFrsY1uBrX4XpchxtxI27GzbgVt+J23I47cSd+igoAP8O9uBcTMQVTcD/uxwN4AA/iQUzFVDyEh/AwHs4KeASP4lE8hsfxBB7HU3gKT+MZPItn8Tyexwv4Uvw3dT8ttDYRRBollIgRMSJWxIosIovIKrKKbCKbiIiIiBNxIrvILnKIHCKXyCXiRbzIK/IKI4wgEcYAgIiKqCggCoiCoqAoLAoLJ5woJoqJ4qK4KCFKiJLiTlFK3CVKizKiuSsnyonyooWrIO4VFUVFUUlUFlVEVVFVVBPVRHVRXdQQNURNUVPUEo+I2qI79sbHRFpn6okBWF8MxAaioZCXHxsKxBBsJpqLFuIZMQyHYivR1LUWz4s2YiS2Ff8So/BF0V6MwQ7iZdFRdBKdxSuii2jmuopuYhJ2Fz3EVOwpeoneoo+YiZXFBzgncxXxpkgUA8RA8ZZYgIPFEPG2GCqGieHiHTFCvCtGilFitBgjxopxYryYICaK98QkMVlMEVPFNDFdzBDvi5lilpgtPhBzxIdirpgn5osFYqH4SCwSi0WS+FgsEZ+IZLFULBPLxQqxUqwSq8UasVasE+vFBrFRbBKbxRaxVWwT28UOsVPsEp+K3eIzsUfsFfvE5yJFfCH2iy/FAfGVOCi+FqniG3FIfCsOi+/EEfG9OCp+EMfEcXFCnBSnxI/itDgjzopz4rz4SVwQP4uLwguQKIWUUslAxshMMlZmllnkdTKrDK68htwo4+RNMru8WeaQOWUumVvGyzwyr9TSSCtJhjKfzC+j8hZZQN4qC8pCsrAsIp0sKovJ22RxebssIe+QJeWdspS8S5aWZWRZWU7eLcvLeyRELp+jkqwsq8iq8n6ZAA/I6vJBWUM+JGvKh2Ut+YisLR+VdeRjsq58XNaTT8j68knZQDaUjWRj2UQ+JZvKp2Uz2Vy2kM/IlvJZ2Uo+J1vL52Ub6a88RGIB5Euyg3xZdpSdZGf5s7wovewqu0noDrKHfE32lL1kb9lH9pWvy37yDdlfvikT5QA5UL4lB8nBcoh8Ww6Vw+Rw+Y4cId+VI+UoOVqOkWPlODleTpAT5Xtykpwsp8ipcpqcLntfmWm2lH+aP+F38vtfOvtmuUVuldvkdrlD7pS7ZNpLz265R+6R++Q+mSJT5H65Xx6QB+RBeVCmylR5SB6Sh+VheUQekUflUXlMHpfn5El5Sv4oT8sz8ow8J8/L8/LClZ8BKFRCSaVUoGJUJhWrMqss6jqVVV2vsqkbVETdqOLUTSq7ulnlUDlVLpVbxas8Kq/SyiirSIUqn8qvouoWvPKAUYVVEeVUUVVM3fbfyVcF1K2qoCr0q/z0+hL+oL4mqolqqpqqZqqZaqFaqJaqpWqlWqnWqrVqo9qotqqtaqfaqfaqveqgOqiOqqPqrDqrLqqL6qq6qgSVoHqo11RP1Uv1Vn1UX/W66qf6qf6qv0pUiWqgGqgGqUFqiBqihqqhargarkaoEWqkGqlGq9FqrBqrxqvxaqKaqCapSWqKmqKmqWlqhpqhZqqZaraareaoOWqumqvmq/lqoVqoFqlFKkklqSVqiUpWS9VStVwtVyvVSrVarVZr1Vq1Xq1XG9VGlay2qC1qm9qmdqgdapfapXar3WqP2qP2qX0qRaWo/Wq/OqAOqIPqoEpVqeqQOqQOq8PqiDqijqqj6pg6pk6oE+qUOqVOq9PqrDqrzqvz6oK6oC6qi2mXfYEIRKACFcQEMUFsEBtkCbIEWYOsQbYgWxAJIkFcEBdkD24OcgQ5g1xB7iA+yBPkDXRgAhukX2lEg1uCAsGtQcGgUFA4KBK4oGhQLObKzuCOoGRwZ1AquCsoHZQJygblgruD8sE9QYXg3qBicF9QKagcVAmqBvcH1YIHgurBg0GN4KGgZvBwUCt4JKgdPBrUCR4L6gaPB/WCJ4L6wZNBg6Bh0ChoHDQJbg9K/GPze38659Ouq+6mE3R33UO/pnvqXrq37qP76td1P/2G7q/f1Il6gB6o39KD9GA9RL+th+pherh+R4/Q7+qRepQercfosXqcHq8n6In6PT1JT9ZT9FQ9TU/XM/T7eqaepWfrD/Qc/aGeq+fp+XqBXqg/0ov0Yp2kP9Zp1zzJeqleppfrFXqlXqVX6zV6rV6n1+sNeqPepDfrLXqr3qa36x16p96lP9W79Wd6j96r9+nPdYr+Qu/XX+oD+it9UH+tU/U3+pD+Vh/W3+kj+nt9VP+gj+nj+oQ+qU/pH/VpfUaf1ef0ef2TvqB/1he1T7u4T3t7N8ooE2NiTKyJNVlMFpPVZDXZTDYTMRETZ+JMdpPd5DA5TC6Ty8SbeJPX5DVpyJDJZ/KZqImaAqaAKWgKmsKmsHHGmWKmmCluipsSpoQpaUqaUqaUKW1Km7KmrLnb3G3uMfeYe8295j5zn6lsKpuqpqqpZqqZ6qa6qWFqmJqmpqllapnaprapY+qYuqauqWfqmfqmvmlgGphGppFpYpqYpqapaWaamRamhWlpWppWppVpbVqbNqaNaWvamnamnWlv2psOpoPpaDqazqaz6WK6mK6mq0kwCaaH6WF6mp6mt+lt+pq+pp/pZ/qb/ibRJJqBZqAZZAaZIWaIGWqGmeFpTTPvmpFmVPobpxlvxpuJZqKZZCaZKWaKmWammRlmhvF+ppltZps5Zo6Za+aa+Wa+WWgWmkVmkUkySWaJWWKSTbJZZpaZFWaFWWVWmTVmjVln1pkNsMFsMpvMFrPFbDPbzA6zw+wyu8xus9skmD1mn9lnUkyK2W/2mwPmgDloDppUk2oOmUPmsDlsjpgj5qg5ao6ZY+aEOWFOmVPmtDltzpqz5rzJeeX90ptYm9lmsdfZrPZ6m83eYP89zmVz23ibx+a12uawOX8VG2ttQVvIFrZFrLNFbTF722/i0raMLWvL2btteXuPrfCbuJp9wFa3D9oa9iFb1d7/q7imfdjWsk/Y2ogAtqGtaxvbevYJW98+aRvYhraRbWxb2mdtK/ucbW2ft23sC7+JF9nFdo1da9fZ9XaP3WvP2nP2sP3Onrc/2a62m+1rX7f97Bu2v33TJtoBl+IrPxxIi4fbd+wI+64daUfZ0XbMb+IpdqqdZqfbGfZ9O9PO+k280H5k59gkO9fOs/PtgktxWk1J9mO7xH5ik20Ay+xyu8KutKvs6v+qdbndaDfZzXa3/cxus9vtDrvT7kovzO61++znNsV+YQ/Zb+0B+5U9aI/YVPvNpTjt/h2x39uj9gd7zB63J+xJe8r+qNKz0+77SfuzvWi9BUICkqQooBjKRLGUmbLQdZSVrqdsdANF6EaKo5soO91MOSgn5aLcFE95KC9pMmSJKKR8lJ+idAull1eYipCjolSMbqPidDuVoDuoJN1JpeguKk1lqCyVo7upPN1DFeheqkj3USWqTFWoKt1P1egBqk4PUg16iGrSw1SLHqHa9CjVoceoLj1O9egJqk9PUgNqSI2oMTWhp6gpPU3NqDm1oGeoJT1Lreg5ak3PUxt6gdrSv6gdvUjt6SXqQC9TR+pEnekV6kKvUlfqRgnUnXrQa9STFPSmPtSXXqd+9Ab1pzcpkQbQQHqLBtFgGkJv01AaRsPpHRpB79JIGkWjaQyNpXE0nibQRHqPJtFkmkJTaRpNpxn0Ps2kWTSbPqA59CHNpXk0nxbQQvqIFtFiSqKPaQl9Qsm0lJbRclpBK2kVraY1tJbW0XraQBtpE22mLbSVttF22kE7aRd9SrvpM9pDe2kffU4p9AXtpy/pAH1FB+lrSqVv6BB9S4fpOzpC3/tu9AMdo+N0gk7SKfqRTtMZOkvn6Dz9RBfoZ7pIniDEUIQyVGEQxoSZwtgwc5glvC7MGl4fZgtvCCPhjWFceFOYPbw5zBHmDHOFucP4ME+YN9ShCW1IYRjmC/OH0fCWsEB4a1gwLBQWDouELiwaFgtvC4uHt4clwjvCkuGdYanwrrB0WCZ84qFy4d1h+fCesEJ4b1gxvC+sFFYOq4RVw/vDauEDYRA+GNYIHwpLhA+HtcJHwtrho2Gd8LGwbvh4WC98IqwfPhk2CBuGjcLGYZPwqbBp+HTYLGwetgifCVuGz4atwufC1uHzYZvwhUv7H178x/sTwu5hj/C18LXQ+wfl/OiC6MLoR9FF0cXRpOjH0SXRT6LJ0aXRZdHl0RXRldFV0dXRNdG10XXR9dEN0Y3RTdHNUe+rZgKHTjjplAtcjMvkYl1ml8Vd57K66102d4OLuBtdnLvJZXc3uxwup8vlcrt4l8flddoZZx250OVz+V3U3eIKuFtdQVfIFXZFnHNFXTHX2DVxTVxT97Rr5pq7Fu4Z94x71j3rnnPPueddG/eCa+v+5dq5F11795J7yb3sOrpOrrN7xXVx47Jdfk4muB6uh+vperrerrfr6/q6fq6f6+/6u0SX6Aa6gW6QG+SGuCFuqBvqhrvhboQb4Ua6kW60G+3GurFuvBvvJrqJbpKb5Ka4KW6am+ZmuBluppvpys+6fJa5bq6b7+a7hW6hW+TSrhmT3BK3xCW7ZLfMLXMr3Aq3yq1ya9wat86tcxvcBrfJbXJb3Ba3zW1zO9wOt8vtcrvdbrfH33B5Upfi9rv97oA74A66r12q+8Ydct+6w+47d8R97466H9wxd9ydcCfdKfejO+3OuLPunDvvfnIX3M/uovNubGRcZHxkQmRi5L3IpMjkyJTI1Mi0yPTIjMj7kZmRWZHZkQ8icyIfRuZG5kXmRxZEFkY+iiyKLI4kRT6OLIl8EkmOLI0siyyPrIisjHifZ1vo8/n8Pupv8QX8rb6gL+QL+yLe+aK+mL/NF/e3+xL+Dl/S3+lL+bt8aV/Gl/VP+ga+oW/kG/sm/inf1D/tm/nmvoV/xrf0z/pW/jnf2j/v2/gXfFv/L9/Ov+jb+5d8B/+y7+g7+c7+Fd/Fv+q7+m4+wXf3Pfxrvqfv5Xv7Pr6vf93382/4/v5Nn+gH+IH+LT/ID/ZD/Nt+qB/mh8e840ekf0SGMX6sH+fH+wl+on/PT/KT/RQ/1U/z0/0M/76f6Wf52f4DP8d/6Of6eX6+X+AX+o/8Ir/YJ/mP/RL/iU/2S9MXlf0qv9qv8Wv9Or/eb/Ab/Sa/2W/xW/02v93v8Dv9Lv+p3+0/83v8Xr/Pf+5T/Bd+v//S3zr4K3/Qf+1T/Tf+kP/WH/bf+SP+e3/U/+CP+eP+hD/pT/kf/Wl/xp/15/x5/5O/4H/2F/k7a4wxxhhjf8m4q0Px6z2Xl/O7/06O+MXBPQDg+u25U3+5P+2KckOOy+NeIr5lBACe79bhsfRbpUoJCQlXjk2WEOSfB5D+m6A0l5aNr8RLoQU8C62hORT/3fp7iU7n6U/mj94JkOUXObFwNb46/5cAmPA78z/1zPBFpcKzcf+f+ecBFMx/NSczXI2XQotL6yvNocQf1J+z6Z/Un/mrsQDNfpGTFa7GV+svBk/DC9D6V0cyxhhjjDHGGGOX9RJl26V//kz/jyu/9/k8Xl3NyQRX4z/7fM4YY4wxxhhjjLFr78VOnZ97Kv2be0+1bt283aUtf2VQ4b9z8F8aXP/LLfXhH5yZB38+yAQA6VsUAPzNCQHSBvL/8l5s/T85V+KVZ8u/71pxzgfQucCVLz3+cyeN/fu9+MuDGPivLdfqFYkxxhhjjDH2v+Xq1f+vt6trVRBjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMZYB/cU/DDYB/sbfFbvW95ExxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhi71v5fAAAA//8dC+YX")
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file2\x00', 0x1c30c2, 0x99)

3m33.430423526s ago: executing program 4 (id=241):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000180)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x100000011, @multicast2, 0x0, 0x0, 'rr\x00', 0x3d, 0xff, 0x7}, 0x2c)

3m32.682574708s ago: executing program 4 (id=247):
syz_emit_ethernet(0x7a, &(0x7f0000000000)={@local, @broadcast, @void, {@ipv6={0x86dd, @gre_packet={0x1, 0x6, "bc4a06", 0x44, 0x2f, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x88be, 0x0, 0x1}, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88a8}, {}, {0x8, 0x88be, 0x3, {{0xc, 0x1, 0x8, 0x1, 0x1, 0x0, 0x4, 0x14}, 0x1, {0x7b40}}}, {0x8, 0x22eb, 0x2, {{0x3, 0x2, 0x2, 0x3, 0x0, 0x0, 0x1, 0x9}, 0x2, {0x3, 0xeb, 0x0, 0xd, 0x1, 0x1, 0x1, 0x1, 0x1}}}, {0x8, 0x6558, 0x4}}}}}}}, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_int(r0, 0x0, 0x33, &(0x7f0000000040)=0x2, 0x4)
listen(r0, 0x0)

3m32.266478757s ago: executing program 4 (id=249):
syz_mount_image$udf(&(0x7f00000000c0), &(0x7f00000001c0)='./file1\x00', 0x800, &(0x7f0000001040)=ANY=[@ANYBLOB='\x00id=', @ANYRESHEX, @ANYRES32], 0x1, 0xc2e, &(0x7f0000001900)="$eJzs3U9sHNd9B/DfGy3Fld1WTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIhRzC8AVSakLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmTNi2SEmV9Pjb13Z19b+a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8fPnM2fSgWwEA3E9XR7965pz7PwA8Uq75/38AAAAAAAAAAAAAADjsUhTxRKSYu7qWxqv3HfUr7b7bd8aGhrevdixVNY9U5cuf+tlz5y986fnBi9280p75gPr77bPx6ui1y42XZm/NzU8tLExNNsZm2hOzk1O73sNe6291qjoBjVuv3Z68cWOhce6585s+vjPwXv/jJwYuDT5z+ulu2bGh4eHRjSL13vK1e25Ix04zPI5GEacjxbPf+2lqRUQRez8X9fs79lsdqzpxqurE2NBw1ZHpdmtmsfxwpHsiiohGT6Vm9xxtPxZR67uvfdhZM2KpbH7Z4FNl90bnWvOt69NTjZHW/GJ7sT07M5I6rS3704giLqaI5YhY7X//7vqiiFqk+M7xtXQ9Io50z8MXq4nBO7ejOMA+7kLZzkZfxHLxEIzZIdYfRbwSKX729smYyNeZ6lrzhYhXyvxBxJtlvhiRyi/GhYh3t/ke8XCqRRF/WY7/pbU0WV0PuteVK19rfGXmxmxP2e515SPeH953pXhA94djW/L+OOTXpnoU0aqu+Gvp3n+zAwAAAAAAAAAAAAAAAMB+OxZFfCZSvPwff1LNK45qXvrxS4N/OPCrvXPGn/qQ/ZRln4uIpWJ3c3KP5omBI2kkpQc8l/hRVo8i/jTP//vWg24MAAAAAAAAAAAAAAAAAADAI62In0SKF945mZajd03x9szNxrXW9enOqrDdtX+7a6avr6+vN1InmznHcy7lXM65knM1ZxS5fs5mzvGcSzmXc67kXM0ZR3L9nM2c4zmXci7nXMm5mjNquX7OZs7xnEs5l3Ou5FzNGYdk7V4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgI+TIor4RaT49jfWUqSIaEaMRydX+h906wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAUn8q4vuRovFHzbvbahGRqn87Tpa/XIjm0TI/Gc3BMl+M5uWcrSprzW89gPazN32piB9Hiv76W3cHPI9/X+fd3a9BvPnNjXefrXXySPfDgff6Hz9x/NLg8G88tdPrtF0DTl1pz9y+0xgbGh4e7dlcy0f/ZM+2gXzcYn+6TkQsvP7Ga63p6an5e39RfgX2UP0hepFqj0pPvaheRO1QNOPB9J1HQHn/fzdS/O47/9m94Xfu//X4lc67u3f4+Pmfbdz/X9i6o13e/2tb6+X7f3lP3+7+/0TPthfy70b6ahH1xVtzfSci6guvv3G6fat1c+rm1MyFM2e+PDj45fNn+o5G1G+0p6d6Xu3L6QIAAAAAAAAAAAAAAAC4f1IRvx8pWj9eS42IuFPN1xq4NPjM6aePxJFqvtWmeduvjl673Hhp9tbc/NTCwtRkY2ymPTE7ObXbw9Wr6V5jQ8MH0pkPdeyA23+s/tLs3Ovz7Zt/vLjt54/VL19fWJxvTWz/cRyLIqLZu+VU1eCxoeGq0dPt1kxVdWTbyfQfXV8q4r8ixcSFRvp83pbn/2+d4b9p/v/S1h0d0Pz/T/RsK4+ZUhE/jxS/81dPxeerdj4W7ztnudzfRYpTFz+Xy8XRsly3DZ3nCnRmBpZl/y9S/NMvNpftzod8YqPs2V2f2IdEOf7HI8X3/+K78Zt52+bnP2w//o9t3dEBjf+TPdse2/S8gj13nTz+pyPFi0+8Fb+Vt33Q8z+6z944mQvffT7HAY3/p3q2DeTj/vb+dB0AAAAAAAAAAOCh1peK+PtI8cPhWno+b9vN3/+b3LqjA/r7X5/u2Ta5P+sVfeiLPZ9UAAAAADgk+lIRP4kUNxffujuHevP87575n7+3Mf9zKG35tPpzvl+rnhuwn3/+12sgH3d8790GAAAAAAAAAAAAAAAAAACAQyWlIp7P66mPV/P5J3dcT30lUrz8P8/mculEWa67DvxA9Wv96uzM6cvT07MTrcXW9empxuhca2KqrPtkpFj728/lukW1vnp3vfnOGu8ba7HPR4rhf+iW7azF3l2b/MmNsmfLsp+IFP/9j5vLdtex/tRG2XNl2b+JFF//l+3Lntgoe74s+91I8aOvN7plHyvLdp+P+umNss9NzBYHMCoAAAAAAAAAAAAAAAAAAAA8avpSEX8eKf731vLdufx5/f++nreVN7/Zs97/Fneqdf4HqvX/d3p9L+v/V88VWNrpqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8PGUoog3IsXc1bW00l++76hfac/cvjM2NLx9tWOpqnmkKl/+1M+eO3/hS88PXuzmB9ffb5+JV0evXW68NHtrbn5qYWFqsjE2056YnZza9R72Wn+rU9UJaNx67fbkjRsLjXPPnd/08Z2B9/ofPzFwafCZ0093y44NDQ+P9pSp9d3z0d8n7bD9aBTx15Hi2e/9NP2wP6KIvZ+LD/nuHLRjVSdOVZ0YGxquOjLdbs0slh+OdE9EEdHoqdTsnqOPNhb7OEK71IxYKptfNvhU2b3RudZ86/r0VGOkNb/YXmzPzoykTmvL/jSiiIspYjkiVvu360ARr0WK7xxfS//aH3Gkex6+eHX0q2fO7dyO4gD7uAtlOxt9EcvFRx4zevRHEf8cKX729sn4t/6IWnR+4gsRr5T5g4g3ozPeqfxiXIh4d5vvEQ+nWhTx/+X4X1pLb/fnC1p1XbnytcZXZm7M9pTtXlce+vvD/XTIr031KOJH1RV/Lf27/64BAAAAAAAAAAAAAAAADpEifj1SvPDOyVTND747p7g9c7NxrXV9ujOtrzv3rztnen19fb2ROtnMOZ5zKedyzpWcqzmjyPVzNsusr6+P5/dLOZdzruRczRlHcv2czZzjOZdyLudcybmaM2q5fs5mzvGcSzmXc67kXM35AGZ9AwAAAAAAAAAAAAAAAAAAj4Ci+ifFt7+xltb7O+tLj0cnV6wH+rH3ywAAAP//kUL4sA==")
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101041, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0)
mount$bind(&(0x7f0000000280)='./file0/file0\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0xa064c8, 0x0)

3m31.525428273s ago: executing program 4 (id=254):
r0 = timerfd_create(0x8, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, <r2=>0x0}, &(0x7f0000000280)=0x5)
setuid(r2)
timerfd_settime(r0, 0x2, &(0x7f0000000100), 0x0)

3m15.736592133s ago: executing program 32 (id=254):
r0 = timerfd_create(0x8, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, <r2=>0x0}, &(0x7f0000000280)=0x5)
setuid(r2)
timerfd_settime(r0, 0x2, &(0x7f0000000100), 0x0)

1m18.446185259s ago: executing program 0 (id=1079):
write$P9_RSYMLINK(0xffffffffffffffff, &(0x7f0000000040)={0x14, 0x11, 0x1, {0x20, 0x4, 0x1}}, 0x14)
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870f500090582020002"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xa8, &(0x7f0000000040)=ANY=[@ANYBLOB="6b0ee0b3d41b1b"])

1m15.851508037s ago: executing program 0 (id=1092):
r0 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x4)
r2 = openat$cgroup_ro(r1, &(0x7f00000000c0)='cgroup.controllers\x00', 0x5000000, 0x0)
readv(r2, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/4080, 0xff0}], 0x1)

1m15.597347964s ago: executing program 0 (id=1094):
r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000000)=0xffb)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000080)={{0x1009, 0x6, 0x0, 0x80, 'syz0\x00'}, 0x5, 0x0, 0x1, 0x0, 0x0, 0x8, 'syz1\x00', 0x0})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
read(r0, &(0x7f0000000200)=""/193, 0xc1)

1m15.366926612s ago: executing program 0 (id=1096):
syz_mount_image$jfs(&(0x7f0000000100), &(0x7f0000000000)='./file1\x00', 0x1000400, &(0x7f00000001c0)={[{@quota}, {@discard_size={'discard', 0x3d, 0xaff9}}, {@iocharset={'iocharset', 0x3d, 'none'}}, {@errors_continue}, {@iocharset={'iocharset', 0x3d, 'cp865'}}, {@usrquota}, {@nodiscard}, {@uid}, {@uid={'uid', 0x3d, 0xee01}}]}, 0x21, 0x61b6, &(0x7f00000075c0)="$eJzs3cuOHFcZB/Cv+jYXE8fKIgoWQpPEXEKIr8EYAiRZwIINC+QtsjWZRBYOINsgJ7LwRLNhwUOAkFgixJIVD5AFW3Y8AJZsJFAWKIVq5pxxTaV7esb2dHW7fj9pXPX1qZo+5X9XX6aq+gQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAED/8wY/PFRFx5VfphhMRn4t+RC9iparXImJl7UR9nRdiuzmej4jhUkS1/vY/z0a8HhEfH4+4/+DOenXz+QP24/t//scffnLsR3//0/DMf/9yq//GpOVu3/7tf/5699G3FwAAALqoLMuySB/zT0bEIH22BwCefvn1v0zy7eq5qzfnrD9qtVqtXsC6rhzvbr2IiM36OtV7BofjAWDBbMYnbXeBFsm/0wYRcaztTgBzrWi7AxyJ+w/urBcp36L+erC2057PBdmT/2axe33HpOk0zXNMZvX42op+PDehPysz6sM8yfn3mvlf2WkfpeWOOv9ZmZT/aOfSp87J+feb+Tc8Pfn3xubfVTn/waHy78sfAAAAAADmWP77/4mWj/8uPf6mHMh+x3/XZtQHAAAAAAAAAHjSDjv+36Ax/t8u4/8BAADA3Ko+q1d+d/zhbZO+i626/XIR8UxjeaBj0sUyq233AwAAAAAAAAAAAAC6ZLBzDu/lImIYEc+srpZlWf3UNevDetz1F13Xtx+6rO0neQAA2PHx8ca1/EXEckRcTt/1N1xdXS3L5ZXVcrVcWcrvZ0dLy+VK7XNtnla3LY0O8IZ4MCqrX7ZcW69u2uflae3N31fd16jsH6Bjs9Fi4AAQETuvRvcnvSL9z+vVYirLZ6PlNzksiH32fxaU/Z+DaPtxCgAAABy9sizLIn2d98l0zL/XdqcAgJnIr//N4wJqtVqtVqufvrquHO9uvYiIzfo61XsGw/EDwILZjE/a7gItkn+nDSLihbY7Acy1ou0OcCTuP7izXqR8i/rrQRrfPZ8Lsif/zWJ7vbz+uOk0zXNMZvX42op+PDehP8/PqA/zJOffa+Z/Zad9lJZ7/PzLPX8mbOsco0n5V9t5ooX+tC3n32/m33DU+/+sbEVvbP5dlfMfHCr/vvwBAAAAAGCO5b//n5ir47+jR92cqfY7/rs2do2j6wsAAAAAAAAAPCn3H9xZz9e95uP/XxiznOs/n045/0L+nZTz7zXy/2pjuX5t/t7bD/P/94M763+89a/P5+lB81/KM0V6ZBXpEVGkeyoGafo4W/dZW8P+qLqnYdHrD9I5P+Xw3bgW12Mjzu5Ztpf+Px62n9vTXvV0uN1e9nfaz+9pH+y25/Uv7GkfprOLypXcfjrW4+dxPd7Zbq/alqZs//KU9nJKe86/b//vpJz/oPZT5b+a2ovGtHLvo95n9vv6dNz9vHXti785e/SbM9VW9He3ra7avpda6M/2/8mxUfzy5saN07ev3rp141ykyZ5bz0eaPGE5/2H62X3+f3mnPT/v1/fXex+NDp3/vNiKwcT8X67NV9v7yoz71oac/yj95PzfSe3j9/9Fzn/y/v9qC/0BAAAAAAAAAAAAAACA/ZRluX2J6FsRcTFd/9PWtZkAwGzl1/8yybfPqu7P+P7U6gWviznrz0zrT8v56o9avYh1XTnem/UiIv5WX6d6z/Drcb8MAJhnn0bEP9vuBK2Rf4fl7/urpqfa7gwwUzc/+PCnV69f37hxs+2eAAAAAAAAAACPKo//uVYb//lUWZZ3G8vtGf/17Vh73PE/B3lmd4DRCQNV9w+/TfvZ6o36vdpw4y/GpPG/h7tz+43/PZhyf8Mp7aMp7UtT2pentI+90KMm5/9ibbzzUxFxsjH8ehfGf22Oed8FOf+Xao/nKv+vNJar51/+fpHz7+3J/8yt939x5uYHH7527f2r7228t/GzC+fOnb1w8eKlS5fOvHvt+sbZnX9b7PHRyvnnsa+dB9otOf+cufy7Jef/pVTLv1ty/l9Otfy7Jeef3+/Jv1ty/vmzj/y7Jef/Sqrl3y05/6+lWv7dkvN/NdXy75ac/9dTLf9uyfm/lmr5d0vO/3Sq5d8tOf8zqT5g/itH3S9mI+efj3DZ/7sl55/PbJB/t+T8z6da/t2S87+Qavl3S87/9VTLv1ty/t9Itfy7Jed/MdXy75ac/zdTLf9uyflfSrX8uyXn/61Uy79bcv7fTrX8uyXn/0aq5d8tOf/vpFr+3ZLz/26q5d8tOf/vpVr+3ZLzfzPV8u+Wh9//b8aMGTN5pu1nJgAAAAAAAAAAAACgaRanE7e9jQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/9mBAwEAAAAAIP/XRqiqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrCDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFfbuLkaus74f+Jl989qBxEDI38nfwMYxISSb7NpO/EKbYsJrw1sJhEJfsF3v2iz4Da9dAo1k00CJhFFRRdtw0RYQanNTkQsuaAUoF6gVUiVoL+gNokLlIqoCCkiVaAXZas55nmdnZmdndu3x+sw5n4+U/LIzZ+acOXPm7H53850BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoNWtr5//dCPLsuY/+b+2ZtkLmv+9eWprftlrrvUWAgAAAFfqV/m/n7shXXBwDTdqWeafX/7dry0tLS1l7xv98/HPLy2lK6aybHxTluXXRU/96P2N1mWCx7LJxkjL1yN9Vj/a5/qxPteP97l+os/1m/pcP9nn+hU7YIXNxe9j8jvbmf/n1mKXZjdm4/l1O7vc6rHGppGR+LucXCO/zdL4sWwhO5HNZ7NtyxfLNvLlv3Frc11vyeK6RlrWtb15hPzs0aNxGxphH+9sW9fyfUY/eV029fOfPXr0b889e3O32Xc3tN1fsZ137Ghu5yfDJcW2NrJNaZ/E7Rxp2c7tXZ6T0bbtbOS3a/5353Y+t8btHF3ezA3V+ZxPZiP5f38v309jrb/WS/tpe7jsF7dlWXZxebM7l1mxrmwk29J2ycjy8zNZHJHN+2geSi/OxtZ1nN66huO0Oed2th+nna+J+PzfGm43tso2tD5NP/nERMvz/sulyzlOo+ajXu210nkMDvq1UpZjMB4X38sf9ONdj8Gd4fE/evvqx2DXY6fLMZged8sxuKPfMTgyMZpvc3oSGvltlo/BXW3Lj+ZrauTzmdt7H4Mz506emVn82MfvXjh55Pj88flTe3btmt2zd+/+/ftnji2cmJ8t/n2Ze7v8tmQj6TWwI+y7+Bp4VceyrYfq0pcmVpx/L/d1ONnjdbi1Y9lBvw7HOh9cY2NekCuP6eK18Z7mTp+8NJKt8hrLn587r/x1mB53y+twrOV12PV7SpfX4dgaXofNZc7cubafWcZa/um2Dat/L7iyY3BryzHY+fNI5zE46J9HynIMTobj4gd3rv69YHvY3sen1/vzyOiKYzA93HDuaV6Sft6f3J+PbsflLc0rrpvIzi/On73nkSPnzp3dlYWxIV7Scqx0Hq9bWh5TtuJ4HVn38Xpw4eWP39Ll8q1hX03e3fzX5KrPVXOZe+/p/Vzl392678+2S3dnYQzYRu/Pbt/Nm/tzIsu+8O1PPPTNR7/w+lX3ZzNvfnLmyn8WT7m05fw7vsr5N+b+54v1pbt6bHR8rHj9jqa9M952Pm5/qsbyc1cjX/dzM2s7H4+Hfzb6fHxjj/Pxto5lB30+Hu98cPF83Oj3244r0/l8Tobj5MRs7/Nxc5ltu9d7TI71PB/fFmYj7P9Xh6SQclHLsbPacZvWNTY2Hh7XWFxD+3G6p2358ZDNmut6cnf4oTBt5dqO0ztuK5YfbbldtFHH6VTHsoM+TtPvvlY7Thv9fvt2eTqfz8lwXNy4p/dx2lzm6Xuv/Ny5Of5ny7lzot8xOD460dzm8XQQ5uf7bGlzPAbvyY5mp7MT2Vx+7UR+PDXydU3ft7Zz5UT4Z6PPldt6HIN3dCw76GMwfR9b7dhrjK188APQ+XxOhuPiift6H4PNZd6wb7A/u94RLknLtPzs2vn7tdV+53VLx266WsfKWNjOb+/r/bvZ5jIn9q83Z/beT3eFS67rsp86X7+rvabmso3ZT9vCdj67f/X91Nye5jKfP7DG4+lglmUXPvJA/vve8PeVC+e//7W2v7t0+5vOhY888NMXHvun9Ww/AMPv+WJsKb7Xtfxlai1//wcAAACGQsz9I2Em8j8AAABURsz98f8KT+R/AAAAqIyY+8fCTKqQ//+4/yLb3vDswvMXstTMXwri9Wk3PFgsFzuus+HrqaVlzcsf+Mr8f//jhbVt3kiWZb988I+6Lr/twbhdhamwnU+9sf3yFb5295rWffjhC2m9rf31L4b7j49nrYdBtwrubJZl37jhs/l6pt5/KZ9PP3g4nw9dfPyx5jLPHSi+jrd/5iXF8n8Vyr8Hjx1pu/0zYT/8OMzZt3bfH/F2X7306u373ru8vni7xo7r84f9xAeK+43vk/O5x4rl435ebfu/+Zknv9pc/pFXdt/+CyPdt//JcL9fCfN/XlYs3/ocNL+Ot/tU2P64vni7e778ra7b/9Sni+XPvKlY7nCYcf13hK93vunZhdb99UjjSNvjyt5cLBfXP/v9P82vj/cX779z+ycPXWrbH53Hx9P/VtzPTMfy8fK4nugfOtbfvJ/W4zOu/8k/Ody2n/ut/6mHnnlZ8347139Xx3JnPnJnvv7l+2t/x6a//tRnu64vbs/Bvz/T9ngOviu8jsP6n/hAOB7D9f/7VHF/ne+ucPhd7eefuPwXt15oezzRW35erP+p1x7P56bJzVuue8ELr7/4iua+y7LvbSrur9/6j//N6bbt/9JNxf6I18eOfuf6VxPXf/aj06dOL55fmEt79dEb8vfOeVuxPXF7bwjn1s6vD50+98H5s1OzU7NZNlXdt9C7bF8O86fFuNh76aUVZ9A7Hw7P5y1/+Y0tt//rZ+Ll//6e4vJLby2+b70qLPe5cPnW8Pytb/0rPXHrTfnru/F02MKlle8XfCW27/yv/WtaMDz+zp8L4vF+5qUfzPdD87r8+0Z8XV/h9v9wrrifr4f9uhTemXnHTcvra10+vjfCpXcXr/cr3n/hNBef178Lz/fbf1zcf9yu+Hh/GH6O+da29vNdPD6+fmGk8/7zd/G4GM4n2cXi+rhU3N+Xnrup6+bF9yHJLt6cf/1n6X5uXtfDXM3ixxZnTiycOv/IzLn5xXMzix/7+KGTp8+fOncofy/PQx/qd/vl89OW/Pw0N7/33iw/W50uxlV2rbf/zMNH5/bN3j43f+zI+WPnHj4zf/b40cXFo/Nzi7cfOXZs/qP9br8wd/+u3Qf27Ns9fXxh7v79Bw7sOTC9cOp0czOKjepj7+yHp0+dPZTfZPH+ew/suu++e2enT56em79/3+zs9Pl+t8+/N003b/2H02fnTxw5t3Byfnpx4ePz9+86sHfv7r7vBnjyzLHFqZmz50/NnF+cPztTPJapc/nFze99/W5PNS3+R/HzbKdG8UZ82Tvv2pven7XpK59Y9a6KRTreQPTZ8F4033nRmf1r+Trm/vEwkyrkfwAAACAXc/9EmIn8DwAAAJURc/+mMBP5HwAAACoj5v7JMNP/ElCT/F+5/v+2C2tav/6//n/r/tL/r1n//91l6/8X5wv9/8G40v69/n+g/6//r/+v/6//zwCUrf8fc//mLPP3fwAAAKiomPu3hJnI/wAAAFAZMfdfF2Yi/wMAAEBlxNz/gjCTmuR//X/9f/1//X/9/+7r1/8fTvr/ven/96H/P5PVq/9/cZDbfw36/5tbv9D/p4zK1v+Puf+FYSY1yf8AAABQBzH3Xx9mIv8DAABAZcTcf0OYifwPAAAAlRFz/9Ywk5rkf/3/K+r/p86V/n/79uv/t9P/D8eD/r/+/wbQ/+9N/78P/X+f/z9c/f82+v+UUdn6/zH3vyjMpCb5HwAAAOog5v4Xh5nI/wAAAFA+Y5d3s5j7XxJmsiL/X+YKAAAAgGsu5v4bs44ieE3+/q//7/P/9f/1//X/u69/7f3/0Uz/vzz0/3vT/+9D/1//X/9f/5+BKlv/P8/92WT20jCTmuR/AAAAqIOY+28KM5H/AQAAoDJi7v9/YSbyPwAAAFRGzP3bwkxqkv/1/yvT//9F61On/6//32v9+v8+/7/K9P970//vQ/9f/1//X/+fgSpb/z/m/pvDTGqS/wEAAKAOYu6/JcxE/gcAAIDKiLn//4eZyP8AAABQGTH3bw8zqUn+1/8vef8/Nkd9/r/+v/5/Kfv/k/r/paP/35v+fx/6//r/+v/6/wxU2fr/Mfe/LMykJvkfAAAA6iDm/peHmcj/AAAAUBkx978izET+BwAAgMqIuX8qzKQm+X89/f/GRf3/1Vzlz/+fWMPn/7fR/9f/77V+/X+f/19l+v+96f/3of+v/6//r//PQJWt/x9z/61hJjXJ/wAAAFAHMffvCDOR/wEAAKAyYu6/LcxE/gcAAIDKiLl/Z5hJTfK/z/8fiv5/pv+v/6//r/+v/782+v+96f/3of+v/6//r//PQJWt/x9z/yvDTGqS/wEAAKAOYu6/PcxE/gcAAIDKiLn/VWEm8j8AAABURsz9d4SZ1CT/6//r/+v/6//r/3dfv/7/cNL/703/vw/9f/1//X/9fwaqbP3/mPtfHWZSk/wPAAAAdRBz/51hJvI/AAAAVEbM/XeFmcj/AAAAUBkx90+HmdQk/+v/6//r/+v/6/93X7/+/3DS/+9N/78P/X/9f/1//X8Gqmz9/5j77w4zqUn+BwAAgDqIuf+eMBP5HwAAACoj5v6ZMBP5HwAAACoj5v7ZMJOa5H/9f/1//X/9/3X1/1+xfL/6/wX9/3LR/+9N/78P/X/9/2ve/x/X/6dSytb/j7l/V5hJTfI/AAAA1EHM/bvDTOR/AAAAqIyY+/eEmcj/AAAAUBkx998bZlKT/K//r/+v/6//7/P/u69f/3846f/3Nvj+f3yI+v/6//r/Pv9f/5+Vytb/j7n/vjCTmuR/AAAAqIOY+/eGmcj/AAAAUBkx9+8LM5H/AQAAoDJi7t8fZlKT/K//r/+v/6//r//fff36/8NJ/783n//fh/6//v8Q9/+bx5b+P2VTtv5/zP0Hwkxqkv8BAACgDmLuf02YifwPAAAAlRFz/6+Fmcj/AAAAUBkx9/96mElN8r/+v/6//r/+f9n7/xP6//r/66D/35v+fx/6//r/Q9z/9/n/lFHZ+v8x998fZlKT/A8AAAB1EHP/b4SZyP8AAABQGTH3vzbMRP4HAACAyoi5/2CYSU3yv/7/BvX/44X6//r/+v8+/1///6rS/+9N/78P/X/9f/1//X8Gqmz9/5j7XxdmUpP8DwAAAHUQc/8DYSbyPwAAAFRGzP2vDzOR/wEAAKAyYu5/Q5hJTfK//r/P/7/2/f/xtm3X/1++nf5/Qf9f/3899P970//vQ/9f/1//X/+fgSpb/z/m/jeGmdQk/wMAAEAdxNz/pjAT+R8AAAAqI+b+N4eZyP8AAABQGTH3vyXMpCb5X/9f///a9/99/r/+f0H/X/9/EPT/e9P/70P/X/9f/1//n4EqW/8/5v7fDDOpSf4HAACAOoi5/8EwE/kfAAAAKiPm/reGmcj/AAAAUBkx978tzKQm+V//X/9f/1//X/+/+/r1/4eT/n9vQ9b//9X14XL9/4L+f7m3f739/7GOr69K//9Hq/X/lzZ13l7/n6uhbP3/mPvfHmZSk/wPAAAAdRBz/zvCTOR/AAAAqIyY+98ZZiL/AwAAQGXE3P9bYSY1yf/6/83tWG4v6//r/+cX6P/r/+v/Dy39/96GrP/v8/876P+Xe/t9/r/+PyuVrf8fc/+7wkxqkv8BAACgDmLufyjMRP4HAACAyoi5/91hJvI/AAAAVEbM/e8JM6lJ/tf/9/n/+v/6//r/3dev/z+c9P970//vQ/9f/79s/f//1P9nuJWt/x9z/8NhJjXJ/wAAAFAHMfe/N8xE/gcAAIDKiLn/t8NM5H8AAACojJj73xdmUpP8r/8/LP3/Kf3/dfb/J8Jl+v/6//r/9aL/35v+fx/6//r/Zev/+/x/hlzZ+v8x978/zGTt+X9yzUsCAAAA10TM/b8TZlKTv/8DAABAHcTc/7thJvI/AAAAVEbM/b8XZlKT/K//Pyz9f5//n/n8f/3/jsej/6//383G9f/jmUf/X/9f/z/S/9f/1/+nU9n6/zH3/36YSU3yPwAAANRBzP0fCDOR/wEAAGAodPt/sjvF3H8ozET+BwAAgMqIuf9wmElN8r/+v/6//n9J+/9/seNffvDddxzepf+v/6//vy4b+vn/zRe/z//X/9f/T/T/9f/1/+lUtv5/zP1HwkyWg9/bfMA/AAAADLeY+/8gzKQmf/8HAACAOoi5/2iYifwPAAAAlRFz/1yYSU3yv/6//r/+f0n7/0P8+f9xfwxT/3960xD1/+NJV/+/qw3t/793uSeu/7/e/v9E10s7+/8N/f82+v/r3v7vZFmm/6//zzVUtv5/zP3zYSY1yf8AAABQByH3jxwr5vIV8j8AAABURsz9x8NM5H8AAACojJj7PxhmUpP8r/+v/6//r//v8/+7r7+0/X+f/9+T/n9v5en/d+fz//X/h3n79f/1/1mpbP3/mPsXwkxqkv8BAACgDmLu/1CYifwPAAAAlRFz/4fDTOR/AAAAqIyY+0+EmdQk/+v/6//r/+v/6/93X7/+/3DS/+9N/78P/X/9f/1//X8Gqmz9/5j7T4aZ1CT/AwAAQB3E3H8qzOT/2LuPJsvq847jt3FTzBQb77zwwt77JbAwa/sFeMHGC7vK5YWxjXNicI4454BtJRRQAAmhhHICJSSUhSSUc0AZSTUqmOd5Znr69LndM7e7z/0/n89CDzSMzkU1BfrRfDn2PwAAAAwjd//NcYv9DwAAAMPI3f/LcUuT/a//1/8P2///pP7/oOfr//X/I9P/z9P/r6H/1//r//X/bNTS+v/c/b8StzTZ/wAAANBB7v5fjVvsfwAAABhG7v5b4hb7HwAAAIaRu//X4pYm+/+y/n9n1bP/z4xX/z9S/+/9/wc+X/+v/x/Zyfb/tz3xZz79v/5f/x/0//p//T+XW1r/n7v/1+OWJvsfAAAAOsjd/xtxi/0PAAAAw8jd/5txi/0PAAAAw8jd/1txS5P97/3/3v+v/9f/6/+nn6//307e/z+vU/9/y8PX/9Jj9/7ofUd5vv5f/6//1/+zWUvr/3P3/3bc0mT/AwAAQAe5+38nbrH/AQAAYBi5+383brH/AQAAYAudnfxq7v7fi1ua7H/9v/5f/x/9/xn9v/5f/z8C/f+8Tv3/lTxf/6//1//r/9mspfX/uft/P25psv8BAACgg9z9fxC32P8AAACwXFP/IPaM3P23xi32PwAAAAwjd/+5uKXJ/tf/H3///339/3b0/97/r//X/w9B/z9P/7+G/l//r//X/7NRS+v/c/ffFrc02f8AAADQQe7+P4xb7H8AAAAYRu7+P4pb7H8AAAAYRu7+P45bmux//b/3/+v/9f/6/+nn6/+3k/5/nv5/Df3/1fbz1+r/9f/6fy51xP7/8Zk/bW+k/8/d/ydxS5P9DwAAAB3k7v/TuMX+BwAAgGHk7v+zuMX+BwAAgGHk7v/zuKXJ/tf/6//1//r/K+7/9//Ue5L+f5r+/2To/+ctpv/f2Z38sv5/6/t/7//X/+v/2WNp7//P3f8XcUuT/Q8AAAAd5O7/y7hlZv8f+W/mAwAAAKcqd/9fxS2+/w8AAABbL6uz3P1/Hbc02f/6f/2//l//7/3/08+f6//vu+Tz6f+XRf8/bzH9/wH0//r/bf78+n/9P/strf/P3f83cUuT/Q8AAAAd5O6/PW6x/wEAAGAYufv/Nm6x/wEAAGAYufv/Lm5psv+n+/+Lv13/fzj6/72fX/8//fNjU/1//jfq/2f7/xu9/78n/f88/f8a+n/9v/7/oP7/7Lofr/9nytL6/9z9fx+3NNn/AAAA0EHu/n+IW+x/AAAAGEbu/n+MW+x/AAAAGEbu/n+KW5rsf+//1//r/7ev//f+/wtO8/3/qxPv/3f1/4ek/5+n/19D/6//1//Pv/9/5t8CoP9nytL6/9z9/xy3NNn/AAAA0EHu/n+JW+x/AAAA2A6X/rMDl/8DpSF3/7/GLfY/AAAADCN3/7/FLePs/9l3der/9f/6f/2//n/6+cvq/73//7D0//P0/2vo/4+jn98drP+/46Afv4T+/9bj7v9n6P+Zsqf/v//i10+r/8/d/+9xyzj7HwAAANrL3f8fcYv9DwAAAMPI3f+fcYv9DwAAAMPI3f9fcUuT/X/s/f/Mv31A/6//1//r//X/+v9N0//P0/+vof/3/n/v/9f/s1F7+v9LnFb/n7v/v+OWJvsfAAAAOsjd/z9xi/0PAAAAw8jdf0fcYv8DAADAMHL3/2/c0mT/e/+//l//r//X/08/X/+/na6qv79G/1/0//p//b/+X//PBiyt/8/d/39xS5P9DwAAAB3k7v//uMX+BwAAgGHk7n9K3GL/AwAAwDBy9z81bmmy//X/x9v/59f1//r/lf5f/6//PxFt3/+/M/VXov0O6P8f/IVzP733K/p//b/+X/+v/+eQfnjmty2i/z9/8f9d5u5/WtzSZP8DAABAB7n7nx632P8AAAAwjNz9z4hb7H8AAAAYRu7+O+OWI+7/ueZhyfT/3v+v/9f/6/+nn6//305t+/9D8v7/NfT/+n/9v/6fjVpE/3/Jr+fuf2bc4vv/AAAAMIzc/c+KW+x/AAAAGEbu/mfHLfY/AAAADCN3/3Pilib7X/+v/9f/6//1/9PP1/9vJ/3/PP3/GtvU/995Ff3/7vSXT7ufv1qn/fn1//p/9lta/5+7/664pcn+BwAAgA5y9z83brH/AQAAYBi5+58Xt9j/AAAAMIzc/c+PW5rsf/2//l//r//X/08/X/+/nfT/8/T/q9Xq7pkPMNX/n79umf2/9/8v7vPr//X/7Le0/j93/wvilib7HwAAADrI3X933GL/AwAAwDBy998Tt9j/AAAAMIzc/S+MW5rsf/2//l//r//X/08/X/+/nfT/8/T/a2zT+//1/4v7/Pp//T/7La3/z93/orilyf4HAACADnL33xu32P8AAAAwjNz9L45b7H8AAAAYRu7+++KWJvtf/6//1//r//X/08/X/2+n4+v/V/p//b/+fw39v/5f/8/lltb/5+5/SdzSZP8DAABAB7n7Xxq32P8AAAAwjNz9L4tb7H8AAAAYRu7+l8ctTfa//l//r//X/+v/p5+v/99O3v8/T/+/hv5f/6//1/+zUdP9/62n1v/n7n9F3NJk/wMAAEAHufvvj1vsfwAAABhG7v5Xxi32PwAAAAwjd/+r4pYm+1//r//f2/+vVvp//b/+/4IT6P/PrPT/G6f/n6f/X0P/P2b/f81qoP7/7IE/Xv/PEi3t/f+5+18dtzTZ/wAAANBB7v7XxC32PwAAAAwjd/9r4xb7HwAAAIaRu/91cUuT/a//1/97/7/+X/8//Xzv/99O+v95+v819P9j9v/e/6//59Qsrf/P3f/6uKXJ/gcAAIAOcve/IW6x/wEAAGAYufvfGLfY/wAAADCM3P1vilua7H/9v/5f/6//1/9PP1//v530//P0/2vo//X/+n/9Pxu1tP4/d/+b45Ym+x8AAAA6yN3/QNxi/wMAAMAwcvc/GLfY/wAAADCM3P1viVua7H/9v/5f/7+d/f8Z/b/+X/8/aSn9/w03/NRD+n/9v/5f/6//1/93t7T+P3f/W+OWJvsfAAAAOsjd/7a4xf4HAACAYeTuf3vcYv8DAADAMHL3vyNuabL/9/f/164uFKoXTPX/0ajp/y+h/9/7+fX/0z8/vP9f/6//P35L6f+9///KPr/+X/+/zZ//SP3/j+//8fp/RrS0/j93/0NxS5P9DwAAAB3k7n9n3GL/AwAAwDBy978rbrH/AQAAYBi5+x+OW5rsf+//1//r//X/+v/p5+v/t5P+f57+fw39v/7f+/9v/rkf0v+zOUvr/3P3vztuabL/AQAAoIPc/e+JW+x/AAAAGEbu/vfGLfY/AAAADCN3//vilib7X/+v/9f/6//1/9PP1/9vJ/3/PP1/ufwP7YI+/f+ZqS+edj9/tU778w/T/3v/Pxu0tP4/d//745Ym+x8AAAA6yN3/gbjF/gcAAIBh5O7/YNxi/wMAAMAwcvd/KG5psv/1//r/8fv/n9X/X/Z8/b/+f2T6//wr+jT9/xp9+v9Jp93Pb/vn1//r/9lvaf1/7v5H4pYm+x8AAAA6yN3/4bjF/gcAAIBh5O7/SNxi/wMAAMAwcvd/NG5psv/1/736/51Vx/7f+//1//r/TvT/8/T/a+j/9f/6f/0/G7W0/j93/6M7uy33PwAAAGyrn/mJX3zksL/vo0/+55nVx+KWG1fnD/ltbAAAAGDhntj9O7ur1cef/DXf/wcAAIAR5e7/RNzSZP/r/3v1/z3f/6//1//r/zvR/8/T/6+h/9f/6//1/2zU0vr/3P2fjFsuGX67R/6jBAAAAJYkd/+n4pYm3/8HAACADnL3fzpu2bf//esAAQAAYFvl7v9M3NLk+//6/4X3/6tj6v/j99P/X6D/1/9PPV//v530//Ousv8/v6P/1//P0P/r//X/XG5p/X/u/s/GLU32PwAAAAxqz99RyN3/ubjF/gcAAIBh5O7/fNxi/wMAAMAwcvd/IW5psv/1/yfe/2eqfozv/z9bv+T9/837/9vPTD5f/6//H5n+f573/6+h/x+l/79O/6//ZxmW1v/n7v9i3NJk/wMAAEAHufu/FLfY/wAAADCM3P1fjlvsfwAAABhG7v6vxC1N9r/+f+Hv/7+i/v8Q7//X//fo/w94/jj9/49cf+6Bm37+nrv0/1x0kv1//lzQ/+v/9f8XLKj/9/5//T8Lsfn+f3fPF4/a/+fu/2rc0mT/AwAAQAe5+x+LW+x/AAAAGEbu/q/FLfY/AAAADCN3/9fjlib7X/+v/19K/5//W59C/3/uivv/s6vV6lT6/2yKu/f/3v+v/9/P+//n6f/X0P/r//X/+n82avP9/94vHrX/z93/jbilyf4HAACADnL3fzNuyf2/c+S/dQ8AAAAsTO7+b8Utvv8PAAAAw8jd/+24pcn+1//r/5fS/yfv/7/448Z6//9NFaf27P9/rH5J/3+89P/z9P9r6P/1//p//T8btbT+P3f/d+KWJvsfAAAAOsjd/3jcYv8DAADAMHL3fzdusf8BAABgGLn7vxe3NNn/+v9R+/8s4vX/+v+l9P/e/+/9/ydD/z9P/7+G/l//r//X/7NRS+v/c/f/IAAA//9GqnSo")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x9c)
lseek(r0, 0x12, 0x0)
getdents64(r0, 0x0, 0x22)

1m13.466125982s ago: executing program 0 (id=1111):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
r0 = landlock_create_ruleset(&(0x7f0000000180)={0x100}, 0x18, 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x200000, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r0, 0x1, &(0x7f0000000200)={0x100, r1}, 0x0)
close(r0)

1m12.653839445s ago: executing program 0 (id=1115):
r0 = socket$kcm(0x2b, 0x1, 0x0)
sendmsg$inet(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x2, 0x4001, @empty}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x200048cc)
r1 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000280))
shutdown(r0, 0x1)

1m11.917948641s ago: executing program 33 (id=1115):
r0 = socket$kcm(0x2b, 0x1, 0x0)
sendmsg$inet(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x2, 0x4001, @empty}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x200048cc)
r1 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000280))
shutdown(r0, 0x1)

54.029199043s ago: executing program 2 (id=1219):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x88f, &(0x7f00000010c0)={0x0, 0xc941, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r0, 0x0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=""/73, 0x49}, 0x0, 0x2, 0x1, {0x1}})
io_uring_enter(r1, 0x47f6, 0x0, 0x4, 0x0, 0x0)

52.599268745s ago: executing program 2 (id=1222):
r0 = syz_io_uring_setup(0x79ba, &(0x7f0000000540)={0x0, 0x3bd1, 0x10100, 0x0, 0x313}, &(0x7f00000005c0)=<r1=>0x0, &(0x7f0000000400)=<r2=>0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$inet(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f00000008c0)="6c422b92fda2e218060658068f68a900bd13fc5988614fd759f0b279c5bf7b09d5890bbf91f792c41b57ddd3f18777957967c192c4f9ad9335b02dd450fa25ff1fffc7f9c7ce62c56821afd6e17fd914561d130860495346af7583cd1180c5b1d4443e0dfe39e9320c7b5af0eb0a1819b1994a49ca12b4a65161509d3dc842d383d1da40f250a28b84203c2c5bfd704d2ce5d5d53f7588a9dff09510559e8b46d1a1a2df45466a2f5980182d8031bd84e3c644950d30b799a34b07d3de7289", 0xbf}], 0x1}, 0x4004000)
syz_io_uring_submit(r1, r2, &(0x7f0000000600)=@IORING_OP_RECVMSG={0xa, 0x40, 0x0, r4, 0x0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000800)=""/189, 0xbd}], 0x1}, 0x0, 0x40000103})
io_uring_enter(r0, 0x46f3, 0x0, 0x0, 0x0, 0x0)

52.112588381s ago: executing program 2 (id=1223):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000013c0)={'wpan0\x00', <r1=>0x0})
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000640), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_MAX_CSMA_BACKOFFS(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, r3, 0x1, 0x70bd26, 0x25dfdbff, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000080}, 0x8c000)

51.702143043s ago: executing program 2 (id=1226):
syz_mount_image$erofs(&(0x7f0000000080), &(0x7f0000000580)='./file1\x00', 0x2000000, &(0x7f00000004c0)=ANY=[], 0x2, 0x238, &(0x7f0000000800)="$eJzsmL9rFEEUx78zu7feiUhsUthYGDCiucvtoaQ5NIJgJULir0oPs4aYTU4uK5iAJMHGRjsLIY2F/4BFCisLO/8BQQsVBAuvsLCxGZkfeze3w+ZySzrfpxi+M/Nm3743b1+xIAjiv+X7tz9fn1+amT8L4AgmcMis//QAxrRmW337L68enXnZvLzz9vObD6tHn7zLPk8eEWJwobyHfx/A+1kPiZpx+/RfKSbMZB68p6+D47TRN8FQNfouOG4YHYHhttEPLN2W9tXq/aU4qt5rxwtSTMuhLodQDo3s+3W3GRbMXAghmLW/tr6x3IrjqGMJ3+xZW5vI2Iwies6Wx538lRCgO8vRtN5PZvHWs6fbcp7mZtrKXx0cdRNEAwxzZn0GO2ludEqs+I/7qKQuvIH4MdaKM9FKwUwxAMOCLGvR/F0gNXuLY1PFjk/KcC66W2OFbhGDp0rob8lM5h7PK6/RSkcJP3s7rrhgLrSAr6vZKMSm8wEo8UKW0IHfsisKRZGK8S776G790ILn1rNgw12w/ddPeb/vnH6IZsUfvUQrkHH1VnzvYO4C+LSr+4d4zXDK6k++1T9qycrD2tr6xtTSSmsxWoxWw7BxngFb58KaakR6dPpevz9XVH86bNqTfH4pxzbgAR63kqRT12PAAlSQJJ1QzUPrs5nbbf+6Y44luALgpJ7Ilhb0nug5PligbbiylWrSNSIIgiAIgiAIgiAIgiAIgijECTD1F3QI4TVl/S8AAP//CkpUTQ==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000580)='.\x00', 0x0, 0x1aa)
getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000)

51.163102191s ago: executing program 2 (id=1229):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x10}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0xe, 0x3, 0x1, 0x1}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x51}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000880)=@newqdisc={0x170, 0x24, 0xd0f, 0x200000, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x140, 0x2, [@TCA_GRED_STAB={0x104, 0x2, "abcc61b4e508c02286f1bafc7a22c407a52b0e13291c865d493f15736245f220cd4e40006df455836aa3bd3aaa2c9b95578719c46f89e0179832927deecf7465ea95bd97b018b7afaccdcb28bb42d677b73c44e790f0875fb4b795ca95b7dd712d2c5d69945535f92f74a71236749b077cc85e96554beb53c986a216051bd5979a8cfcfe9f98be58ff7944f6cfda8579dbaedceee578bfd1fb554b6e185e9315425ef0a3fc69d17ede93fc7c46357990604b9f12033688caa0b04adecfc926b3f6ca25bcb5432905e3f30ccbf10cf0f2d00858ba2bbd2702b8d4a7a7c744fbaa2fa35b1c586020d600"}, @TCA_GRED_PARMS={0x38, 0x1, {0x1ff, 0x1, 0x6, 0x3, 0x2, 0x0, 0xcb, 0xf, 0x5, 0xb, 0x1f, 0x1a, 0x8, 0xf, 0xf, 0x9}}]}}]}, 0x170}}, 0x24008004)

50.546363484s ago: executing program 2 (id=1231):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000880)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x50, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_DESC={0xc, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x3}]}, @NFTA_SET_POLICY={0x8, 0x8, 0x1, 0x0, 0x1}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x78}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x2c, 0xd, 0xa, 0x301, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000)

49.834917769s ago: executing program 34 (id=1231):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000880)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x50, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_DESC={0xc, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x3}]}, @NFTA_SET_POLICY={0x8, 0x8, 0x1, 0x0, 0x1}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x78}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x2c, 0xd, 0xa, 0x301, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000)

5.20666879s ago: executing program 6 (id=1528):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @multicast2}, 0x10)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10)
sendto(r0, &(0x7f00000002c0)='%', 0x300000, 0x0, 0x0, 0x0)
write(r0, &(0x7f00000000c0)="d397eb", 0x3)

4.125164217s ago: executing program 6 (id=1535):
r0 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}, @NFT_MSG_NEWSETELEM={0x6c, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x40, 0x3, 0x0, 0x1, [{0x3c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPRESSIONS={0x30, 0xb, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x3}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x10000}]}}}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0xd0}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

3.717788118s ago: executing program 6 (id=1540):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
connect$unix(r1, &(0x7f0000000200)=@file={0x0, './file0\x00'}, 0x6e)
close(0x3)

3.607237622s ago: executing program 7 (id=1541):
r0 = fanotify_init(0x0, 0x0)
r1 = epoll_create1(0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
fanotify_mark(r2, 0x21, 0x8000000, r2, 0x0)
fanotify_mark(r2, 0x80, 0x4000003b, r2, 0x0)

3.34571789s ago: executing program 6 (id=1543):
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
r1 = syz_io_uring_setup(0x10e, &(0x7f00000000c0)={0x0, 0x8d2dc, 0x0, 0xffffffff}, &(0x7f00000003c0)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x5, r0, 0x0, 0x0, 0x0, 0x80000})
io_uring_enter(r1, 0x47f5, 0x0, 0x0, 0x0, 0x0)

3.144179757s ago: executing program 1 (id=1544):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x2})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000002500)=[@increfs], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x10, 0x0, &(0x7f0000000140)=[@request_death={0x400c6313}], 0x5d, 0x1000000, 0x0})

3.127572617s ago: executing program 7 (id=1545):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000400)=ANY=[], 0x8)
connect$inet6(r0, &(0x7f00000003c0)={0xa, 0x0, 0x2, @mcast2, 0x7}, 0x1c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000240)='bridge0\x00', 0x10)
write(r0, &(0x7f00000000c0)="842a3065bd8c001d0304000e0580a7b6070d63e286a5cefe", 0x5ac)

2.897742864s ago: executing program 1 (id=1546):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000680)={r1}, 0xc)

2.889264469s ago: executing program 3 (id=1547):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000300)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000380)="6ca08888a2a9f7fe8f6ecf4471760712bb1c", 0x12}, {&(0x7f00000001c0)="88", 0x1}], 0x2, &(0x7f0000000b80)=[{0xc, 0x6, 0x4}, {0x48, 0x10e, 0x10, "4a8a67d1a2853dccef61a4a75868044df0fc9bc38511a2358bd8f81fe0e6aaf36f4ece6fd46836dbdfc3e7d137a7ad0300ca274c3209cac617"}], 0x54}, 0x0, 0x4000001})
io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0xfffffdcf)

2.678004787s ago: executing program 7 (id=1548):
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000000040)=ANY=[], 0x11, 0x6e4, &(0x7f0000000d00)="$eJzs3U9oJXcdAPDvvLwk720xm7bb7QqFxhaquLibP6QaLxtFJEKRsoKeQzfbDfv2j0kqaQ9uqoJXD16FeogXPSkiCMJCPeuteAueCoKXnnZ7cGT+vUzie8nLpslL7edTfju/md/Mb77znZnfvPdomAA+s5YuR/NhtGPp8mub2fzO9lxnZ3vuTlFvdCJiPCIaEc3aVsn7EYtRlPh8tqBq6LefX64uXP/go50Pi7lmWRpR/NPuH2BzkKPYKktMRcRIOT2GPf298WT9je9Wk25msoS9XCUOhm00ItI9fnhxt6WXdKQ20/d+Bz49kuK5WVPc/5MR5yKiVT3QtorGxulHeKgjjUVbJxcHAAAAnBnnHz2I2IyJYccBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnybl+/+Tsjyu6lORVO//H6u9Y39syOH2d3BkrarysHEawQAAAAAAAADAyXrxUfz2eppOVPNpEo3vj5Qz7XL6VqzHSjPiSmzGcmzERqzFTERM1joa21ze2FibiZfyuQsfp2kaTxVbxtqeLWd7bjk7YMDt4x4xAAAAAAAAAPxfuTY/nk9/EksxMexgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgLokYKSZ5uVDVJ6PRjIhWRIxl621F/L2qnyHNo27w8GTiAAAAgDPl/KN4FJsxUc2nSf6d/2L+vb8Vb8Xd2IjV2IhOrMSN/LeA4lt/Y2d7rrOzPXcnKxExurffb/x7t/6HiUPDyHuM4reH3nu+lK/Rjpuxmi+5Em/EvejEjWjkW2YuVfHU4qp5N4spuVZI0xgfJEE3yml25L8op6eifdgKk3lGRrsZmc5iS4o8Pn1wJupnZwD79zQTje4vPxf676n7Y0yV82sH7iX5T5oWtXPVkoinvnNgzvPrZfRIB3Ms+zMxW7v6Lh6c84gv/vF3P7jVuXv7VrJ1+dQuoyfyYu/F4/+szlCVicJWrMRcLRPPD5yJm+tnPBN97f2lsRHPdetL8e34XlyOqXg91mI1fhTLsRErMRXfymvL5fWc/Tt5cKYW98y9flhMY+V5GdkX0xfOF9ODYnop33YiVuO7cS9uxEq8mv83GzPx1ZiP+VioneHnBhhpGz3u+j/1D/7lL5WVbOD7+e4AeIp3dz9ZXp+u5bU+5k7mbfUljUjLJ8szR3geHTw2VnYfWdmZ+GntHhy+biZa0X1KVNE9W2VgtGcmfp0PK+udu7fXbi3f39dvstV7f6/E3sM/OwNJdr080x0j9l4dWduzPdtm8rYL3bbG/rbftLtth92pY+VnuP/taTZvez4iflVGm7VlsjE8a7tU2y77vNXK2z5O07T4vAXAmXfuy+fG2v9q/639Xvtn7Vvt11rfHP/a+AtjMfrX0a83p0deabyQ/D7eix/H4d/QAQAAAAAAAAAAAAAAAAAAAAAAAAAAAACAQ62//c7t5U5nZW1fJU3TB32aTqQSzYg9S/7y59o6+bvGImLwDrO1FxsR+ZJmlJWjBfbgyQ7n3SdNwj/Kc3IqCT+gkgy8cqvv9VNW7n2uPJzHaZqe+uFU72o78uZpaWin4BOuVK/IOspWQxmOgFN0dePO/avrb7/zldU7y2+uvLlyd2F+fmF6Yf7Vuas3VzutYYcHnKD8WZ9/zhl2JAAAAAAAAAAAAMCgBvvjnOT2chRLmkf8KwL/ZyEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwXEuXo/kwkpiZvjKdze9sz3WyUtWz6Ui+5uOIaEREMhWRvB+xGEWJyVp3Sb/9bEVc/+CjnQ+LuWZZ8vUbxz+KrbLEVBnuVO/1Wr0Wpg/69Zfk/dzv39+AkrKMdJcsHqs/+IT8NwAA///gUwsO")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x27ffff7, 0x4012011, r0, 0x7000000)
syz_open_dev$usbmon(&(0x7f0000000080), 0x75fe6a2f, 0x24800)
truncate(&(0x7f0000000080)='./file1\x00', 0x4)

2.676477145s ago: executing program 6 (id=1549):
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000340)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
sendmsg$inet(r1, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000780)="75c1cc54649640be1983f79c5bfe88cd6a6a000070ab59578db363f4892559f334d436138406b699de69db13fd737428808940bcd0840dc930c81a8bd8b665cd232c5831977dd63ce2c88d43b17760a6e0df533940a702485bb198e47be60c4fe6987e", 0x63}, {&(0x7f0000000800)="b0fef28adda62f55a0000000000000001abe0a88f67472c3cd975c9884ae01084df2b71b56e2a043b74efe85a30267fae395e8a051934cefd1a1f19f89180ab1fe20a7e4088d8a3f4304feafe592c403cb5d1991683fcbda9a1404998bc92cb28946223165c906e2bed23adce7939d37148e79c6b485db91083de9905e7de49fd8837cf3792d697bf8b29b9c6e8daee80e86778a4a2426e6459d4a30ad36b138b31570d8342f7094ca640633ba7e0793a6e21acbc4749413f629ba4de97b84ed9acc06a3d29ef68cd6d32fc4398429c472891f8e244d27a4b6241083efd4ecd2c92d91399de6ddcafbcd07000000000000009d1b7d60c898340102268c474bf8b7db27c8787b34cae8a9c676907ec017733c1ece82e11b99a4bdc74c8d9d1871be6af0fef62b529af9ab1f37d60a2f967d715b301856b033a7e7dac74416447a090f7b6693bbd2deaf5eebbfc9adff299bafcf57774d0cd93f5524409672b4f35409a8720dc2b78f09198096c60126f911fd42c29cd6fa311e2c8daef3927ccdc90436b2b6ee4c79ff80f6938e0560d9d8e925bdc4fffffffffffffff8d9b7977fff6c4293065de2ff26a041e67954f68871d010d377f9bad3711b3ea5c6361a97d4d46b8b406091be9433f950613083805aa4ae31e3aef57eb8d299548df54dffa5c4af7f00a869c6bdbc6c2bd1a83262981638ae365b2611d2b50c5f000000d620e2a52db4283dc90000000000000000e01b1adb6ff1fc162a3db2825aad14c25b657c12f4", 0x226}, {&(0x7f0000000f00)="1b3b351333f3a3b13679144b7cd8a483d6dbc75ded58ba6875841285b877fac97b183e950017761d4433127df4ffeab47d3545970ac2571b8775e05a2ec30dbc2154f17ddb1de3000000000000000000", 0x50}], 0x3}, 0x0)
recvmsg(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/233, 0xe9}], 0x1, &(0x7f0000001d00)=""/4080, 0xff0}, 0x0)
close(r0)

2.487427141s ago: executing program 1 (id=1550):
syz_mount_image$vfat(&(0x7f0000001200), &(0x7f0000001240)='./bus\x00', 0x0, &(0x7f0000002480)=ANY=[], 0x1, 0x121c, &(0x7f0000008440)="$eJzs201rXFUYB/AnL30xNZlRa7WC9KAb3VyaLNwoSJAUpANK2witINyaGx1ynQm5Q2BETF259Su4FZfuBHGnm2z8DO6ycZmFeKUzaZ2UREhpOtH+fpt5mHP/3OfMmRk4w5ydt775bG21ylbzXkxOvB2T6xFpN0WKybjnTrz+5i+/vnz95q2ri63W0rWUrizemH8jpTR36acPv/j+lZ975z74Ye7HM7Hd/Gjnj4Xfty9sX9z568an7Sq1q9Tp9lKebne7vfx2WaSVdrWWpfR+WeRVkdqdqtjYN75adtfX+ynvrMzOrG8UVZXyTj+tFf3U66beRj/ln+TtTsqyLM3OBCOmjhpY/m63rutm1PWpOB11XddPxUyci6djNuaiEc14Jp6N5+J8PB8X4oV4MS4Orjqe9gEAAAAAAAAAAAAAAAAAAOBJtTs4zf+Q5/8vjbl5AAAAAAAAAAAAAAAAAAAA+J+4fvPW1cVWa+laSmcjyq83lzeXh4/D8cXVaEcZRVyORvwZg9P/Q8P6yrutpctpoBlflVt7+a3N5an9+flGRPPg/Pwwn/bnz8TMaH4hGnH+fn5ir/1BfuHA/Nl47dWRfBaN+O3j6EYZK3eDI/f/cj6ld95rjeSnxrcgAAAAcAyydN+B+/csO2x8mD/C7wMP7M+n46Xp8c6diKr/+VpelsXGA8XdpTlk6JiKex0Nn9mKiMd59/9scXrvZXuo+KmTMotHWUzteyONv5+TXXw7fcgHbTzfRzxe/yz6uDsBAAAAAAAAAADgKB7Rvwgn7vzLNeOeIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDf7MCxAAAAAIAwf+s0OjYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvgoAAP//zsu+ig==")
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x70)
lseek(r0, 0x2, 0x1)
ioctl$VFAT_IOCTL_READDIR_BOTH(r0, 0x82307201, &(0x7f0000000400)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])

2.306101663s ago: executing program 3 (id=1552):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)={'#! ', './file0/file0'}, 0x11)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x28011, r0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
lseek(r0, 0x0, 0x3)

2.285716186s ago: executing program 6 (id=1553):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x40980, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
syz_usb_connect$uac1(0x0, 0xa4, 0x0, 0x0)
ioctl$TCFLSH(r0, 0x400455c8, 0x4)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x0)

2.058291551s ago: executing program 5 (id=1555):
r0 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$inet_int(r0, 0x0, 0xf, &(0x7f0000d10ffc)=0xfffffffffffffff9, 0x4)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x1, 0x5, @rand_addr=' \x01\x00', 0x8}, 0x1c)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f00000004c0)=[@in6={0xa, 0x0, 0x0, @local, 0x1}], 0x1c)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r0, 0x84, 0x65, &(0x7f0000000080)=[@in6={0xa, 0x1, 0xfffffffd, @local}], 0x1c)

1.953281387s ago: executing program 3 (id=1556):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r0}, 0x4)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xa, 0x5, 0x2, 0x7, 0x0, 0x1, 0x10000}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x19, &(0x7f0000002280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4000}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x466}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}]}, &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000003c0)={r2, r1}, 0xc)

1.930173125s ago: executing program 5 (id=1557):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4, 0x0, @dev={0xfe, 0x80, '\x00', 0x1d}, 0xf}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000340), 0x3)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000300)=@gcm_128={{0x303}, "fc674d000000f8f7", "c5991ee20139b401046a89606ffcf92e", "2c5be7c6", "a0ca05c0707e52f4"}, 0x28)

1.658160013s ago: executing program 8 (id=1558):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="380000006c0015000000d9fece23b82004000000", @ANYRES32=r0, @ANYBLOB="000080000000000018003480050035"], 0x38}, 0x1, 0x300}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB='8\x00\x00\x00m'], 0x38}, 0x1, 0x300}, 0x0)
r1 = socket(0x10, 0x3, 0x0)
sendmmsg$alg(r1, &(0x7f0000000140), 0x4924b68, 0x0)

1.657914542s ago: executing program 5 (id=1559):
openat$ipvs(0xffffffffffffff9c, &(0x7f0000002380)='/proc/sys/net/ipv4/vs/sync_version\x00', 0x2, 0x0)
r0 = syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x100, 0x8000, 0x40024e}, &(0x7f0000000340)=<r1=>0x0, &(0x7f0000000040)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x4007, @fd_index=0x3, 0xffffffffffffffff, &(0x7f0000002280)=""/211, 0xd3, 0x2, 0x1})
io_uring_enter(r0, 0x627, 0x4c1, 0x43, 0x0, 0x30)

1.593888132s ago: executing program 3 (id=1560):
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1, 0x0, {0x0, 0xfe, 0x4}, 0x2}, 0x18)
connect$can_j1939(r0, &(0x7f0000000740)={0x1d, r1, 0x0, {0x0, 0xf0}}, 0x18)
sendmmsg(r0, &(0x7f0000004580), 0x654, 0x0)

1.561637633s ago: executing program 1 (id=1561):
r0 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x749})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
madvise(&(0x7f0000c0c000/0x1000)=nil, 0x1000, 0x4)
ioctl$UFFDIO_CONTINUE(r0, 0xc020aa07, 0x0)

1.305948826s ago: executing program 8 (id=1562):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4)
sendmmsg$inet(r0, &(0x7f0000000700)=[{{&(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10, 0x0}}, {{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000100)="1b", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000001c0)="ba", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000200)="80", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000a80)="3532e45a2a47b082daed2070cfb7486d610cbf2c61047b598bfe9cd45d4f49e6dc94c3258897ce5d1c79245647804c273df7b1f3a090a6db8597d29d858b3192fe623f600cb431634f4182a8b945a95d3c65a8a15745fac45de5b1988172b0e1e7b06a4f3127d260c9dd68402b1c9fbc5f8f1642170dbad52b1c5c43c486a4a957b356916878cd74336ee8f570470acfc47c4fecf1dc4fa15e34231cd2416c365555ac8d16494170df8159af76b077cdea7582961b8b53c94f63f69b2cd2ddd0e70342cb024c085d413f58279cd1f023f6a70bba2764028cd6bd76b24c0cf74de2deb2d78ba54e70e6510c9829ad154fe7b664167f69328b471490a5c0d2b89e1db10f4037369650b57d71894ac4b336cf720de94040d1099bf5a7fdaf560345372f0d896c786fbd34f0257f18b6c8106d21acd12ab2db03dd15fef1d25da97788cd180c6b6d58b33822bf9839ff2ada5f6e2c8a2d1038292cc05b4a5e63fcbde50a915cd851d1c370b3c9be47ce4dc6e5fed05781c3c921c840738783256f861d1ccb710dc593a98a3e416c89abf2cc2eb19c99d5c3ae3341f7c8c14de7c7e997f008ac487c79c3ea2296eba6d94c828938685ca421ae4e90a9b45a4e5f1b4ace27816746826627b1829208efdd2c46f82b8259a8a3dbf412e5006cff9cf9778c337a0aabae215edbfb6d1d0b1f9bac9c995a199074abd14f44fd9039983c703335e2451a8d0662655529ccdbf9b0773868c7686817ef845d611704feec78f492b8e55b4d5a2f58629a0a414d91592a68b9e976e563e390a3abada2a39d882059c4d81b67389561a98cf15eceb764642d42a64bfbda38c336ce45d0c2250c5f0c43c956d1dd9313174d312b02a6d15ecaa436f26153ab5dc10c88270e91b4295aa92458ee4f21e59aed97bb07d04cad7ecf0f6c02b3a118415ddcc7f7bb3df02f6e12a94e0626fd75c3a08206f745034f409260f14340d6a89bba185d56ba3333f4889a847681782bf9e9df76ed1c7adae4699875005792430ec5578f948683f94fbcebd275180f63fadb70b3096bbdf3db1f6ce7fa507f93ff18405e7755f10249277063d2e48a52a9f37440b06627e6b5ccfed16e5655c65cf1569fb8c9987a7a34c9b4717531c3b589b3d5ef0f6e9b9d730dbf4fe70615d94d564d45df3c081b91741b33d3c9e2af43d750b8ed6fd6bddb588499c4dc763a31b230865581153d82de81922bed41a7579094755cdbd2192c0a97a3e62f09bf4ae08105ec098dd72ea36ad011df4de68ca0ded6a2224a077a4e0aca53fffb99de6918b048d57a96db7bd95a66da3b00f515c621959d5f5bf840b9873052bed10efee602b52a0ee09d6bb1c207b08a715a02e6ab1d9f32034c0a5e4d974ab89f816d05e6733997a656775e08aae1d0857b4e028160b53596e891ae80a959062cbb29587af303aefc8868e860bd3aa229eabe19abfadf2a6aa5cb9212207434070341d35bfb354f671d1280379508d85865e133cbfec1c3fcd4dd6d90668717c422884fcf669ba116a81ebbe1aec20283f65876e9f27bd6633521e8c604230de03f7d708d2920a5b903f5e58bfc2932a0060cabe0fe8eeadda5eaf67116884e58ac557c0c6aee94b7747964c7fc49ca13009871db3055c3774d13064e61b48afa892f3e66f6fbe72322e2879f2cfd8bedf7ad217d15751721e2d755111e9da881d0b83bd381a1e028b2ca1d4d9a479feffc11a5b7617fcf44d2febf5c1fc8bc139968949bd47748565b3b5a80333237505a883d5193f108a712582aff21eb3fad4c730940728f23483f3798d47e1f1da6aec2219e7e4244415c79ac293766d55c414815d4de2dd4b2052a41138a4b6e1ee67a2ef0d6d61ab8009213d8c9d9169db0f475ba4ff7107fe7a753859fc982f235d592bb8d5977c1828f190b6041c11ac355d0cbdbf4c5fdd498f3cc5157cc0154802ed6b410d671b7d4633ce1c28623f6a6c5757978091ea75a5c6ba3da3ed70b81448c7b058c07c534c94cce1222176a4ede5017397054ec6946da184464ced2dae82bd6cdb9c27ca77b4b7ca237bd9f2734", 0x5bd}], 0x1}}], 0x5, 0x2400c0a2)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000a40)="b0", 0x1}], 0x1)

1.293229552s ago: executing program 7 (id=1563):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000040)=0x46c, 0x4)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000280)={'bridge0\x00', <r2=>0x0})
sendto$packet(r0, &(0x7f0000000240)="09000000e70014000000d97bfbf788a83baa88a80000000000008100000088a8", 0x20, 0x200000c4, &(0x7f00000001c0)={0x11, 0x88a8, r2, 0x1, 0x10, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x44}}, 0x14)

1.068009262s ago: executing program 8 (id=1564):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000100)=0x80000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000140)={@host})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f00000001c0)={{@host}, @host, 0x4, 0xabc, 0x2449, 0x2, 0x0, 0x8})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f0000000080)={{@hyper, 0x10400000}, @hyper, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x1})

957.741257ms ago: executing program 7 (id=1565):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000004000/0x4000)=nil)
r2 = dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

894.735033ms ago: executing program 5 (id=1566):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000180)=0x7ff, 0x4)
setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0xb, 0x0, 0x2}, 0x1c)
syz_emit_ethernet(0x82, &(0x7f0000001140)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @multicast, @val={@val={0x88a8, 0x0, 0x0, 0x2}}, {@ipv6={0x86dd, @gre_packet={0x1, 0x6, "827503", 0x44, 0x2f, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x38}}, {[], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x880b, 0x0, 0x2}, {0x1, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x1}, {0x8, 0x88be, 0x0, {{0x6, 0x1, 0x2, 0x0, 0x1, 0x2, 0x3, 0x9}, 0x1, {0xcd9a}}}, {0x8, 0x22eb, 0x2, {{0x9, 0x2, 0x6, 0x1, 0x1, 0x3, 0x2, 0x6}, 0x2, {0x4, 0xceaa, 0x0, 0x9, 0x0, 0x1, 0x1, 0x1}}}, {0x8, 0x6558, 0x3}}}}}}}, 0x0)

850.231273ms ago: executing program 7 (id=1567):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000280)='./file0\x00', 0x20000406, &(0x7f0000001d40)={[{@dioread_lock}, {@noblock_validity}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x4}}, {@jqfmt_vfsold}, {@nolazytime}, {@grpjquota, 0x2e}, {@journal_async_commit}, {@resuid}, {@barrier_val={'barrier', 0x3d, 0x1000}}, {@grpid}], [], 0x2c}, 0x84, 0x4ed, &(0x7f0000001e00)="$eJzs3M1vFOUfAPDvTOkLUGjhR37Ki1JFYyPa0oLKwYMaTbhoTPSAx1oqQQoYWhMhRIoxeDT+BerRxMSTF71ooka9qPGqd2NCDBdQE7Nmdmfa3XZ3u91CK+znk0z7PDPPvHyfmWd2Zp/ZCaBjDWV/koj+iPglIgYq2doCQ5V/169emPzz6oXJJEqlF/5IyuWuXb0wWRQt5tucZ4bTiPTtJHbXWe/MufMnJ6anp87m+dHZU6+Nzpw7//CJUxPHp45PnR4/fPjQwbHHHh1/pKU4Li4zPYvr2q43z+zZeeSl956dLMXL332cbW9/Pr06jorBltbbzFAMRSm3MLan/Pf+VS/9v2VLRPTm6WTDOm8MLeuKiGx3dZfb/0B0xcLOG4hn3prPfLVOGwjcNNln07YlY7vy/+n85xdwO0q0cehQxSd+dv9bDGt5/bHerjyZ/Z0qx389H354rlI3aXYvO1i5Y+9qMP//64zrW0iWBpZZf39EHJ376/1siLrfQzSRtFwSAGDeF9n1z0P1rv/SmmubrXkfymBE7I+I7RHxv4jYEel8mTsi4s4Vrn9oUX7p9c9PG1e4yBXJrv8ez/u2iqEypYgrmc9tKcffnbxyYnrqQF4nw9Hdm+XHmqzjy6d/frfRtKGq679syNZfXAvm2/H7ht7aeY5NzE6sIuQaVy5FEhvqxZ/M9wRkNbAzIna1sfyszk48+NGeLL1189Lpy8ffxA3oZyp9GPFAZf/PxaL4C0llTY36J0f7YnrqwGhxVCz1/Y+Xn6/Od1ela+Lvay2mvnaDrePKpYhNdY//PP6iGRT9tTN5/uv+ltdx+dd3Gt7TLN3/SRydqy6RH/8bF6otO/57khfL6Z583BsTs7NnxyI+z0fUjB9fWFqRL8pn8Q/vq42/cl+cZue4fz7I59sdEdlBfFdE3B0Re/Ntvyci7o2IfU3i//ap+15tXkNtHv83QBb/sWb7P2Iwqe6vbyPRdfKbzxqtv7Xz36FyajgfU33+62mw3FY3cLX1BwAAALeCtNwHnaQjVc9vF3bEpnT6zMzs/qF4/fSxSl/1YHSnxTddA1Xfh47l3w0X+fFF+YMRsa38pNHGcn5k8sz0lnWKGajYXNX+K+eCNB0ZqUz7rdFDL8DtY0X9aNUPnX3y6Y3fGGBN+b0mdC7tHzqX9g+dS/uHzlWv/V+MuL4OmwKssXY//xc/MADccko176cEOor7f+hc2j90pKU/ic9ft5KdE9r/yf/09iOreWPAzU+UBtqfPRpPmlv5ArtaK1y8/aLlJbdWOIkowkmbxFUnEenCmL/zt0mWx3RXyvS0vqlrn0iXLfPEcrXRvaJ3YvTVqY29eaI3IlpdzsU1q9XiDJF4yyQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHBL+zcAAP//Flvq9A==")
mkdir(&(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x24)
unlinkat(0xffffffffffffff9c, &(0x7f0000000240)='./file0/file0\x00', 0x0)
creat(&(0x7f0000000000)='./bus\x00', 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x103042, 0x0)

717.928304ms ago: executing program 8 (id=1568):
recvmsg(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)=[{0x0}], 0x1}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="740000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="2b030040000000004c0012800b00010067656e65766500003c0002800800010001000000140007000000000000000005000000000000000108000f"], 0x74}}, 0x24005000)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001040)=@newqdisc={0x24, 0x24, 0x8, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x5}, {0xffff, 0xffff}, {0xfff3, 0x6}}}, 0x24}}, 0x4c085)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

660.935595ms ago: executing program 3 (id=1569):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r1 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000140), 0x256f16877c9c3f29, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000040))
writev(r1, &(0x7f00000004c0)=[{&(0x7f00000000c0)="943a1fcb24676066260d837c8a6bf0b9beecfdc4658c963ec2657e821760538c4816fa2c38ae206755a9fa86d7a322d0f6acde1d651d13bd821b76d0a9bdf18aa3", 0x41}], 0x1)
close_range(r0, 0xffffffffffffffff, 0x0)

475.745625ms ago: executing program 1 (id=1570):
r0 = fsopen(&(0x7f00000000c0)='rpc_pipefs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsopen(&(0x7f0000000080)='rpc_pipefs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
fsmount(r1, 0x0, 0xf)

422.488735ms ago: executing program 5 (id=1571):
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@nfs_export_on}]})
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0, 0xe3)
open_by_handle_at(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="19000000fb"], 0x98300)

315.155832ms ago: executing program 3 (id=1572):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x30000c6, &(0x7f0000000200)={[{@nombcache}, {@journal_dev={'journal_dev', 0x3d, 0xff}}, {@nombcache}, {@nobarrier}, {@init_itable}, {@errors_remount}]}, 0x1, 0x569, &(0x7f00000002c0)="$eJzs3U1rXFUfAPD/nWT6/jxNoRQVkYALK7WTJvGlgou61mJB93VIbkPJpFMyk9LEgu3CrqW4EQviXly7LH4BF36GghaKlKALN5E7uTOdJDPJtJ0mU+f3g1vOuS8598y5/9NzcmYyAQyt8eyfQsTLEfF1EnE0IpL82GjkB8fXz1t9dGMm25JYW/v0z6RxXpZv/qzmdYfzzEsR8ctXEacKW8utLa/MlyuVdDHPT9QXrk7UlldOX14oz6Vz6ZWp6emz70xPvf/eu32r65sX/v72k3sjee7YnSTOxZE8116PZ3CzPTMe4/lrUoxzm06c7ENhgyTpuPenXb8PnsxIHufFyPqAozGSRz3w3/dlRKwBQyp54vj/rfh87gTYXc1xQHNu36d58Avj4YfrE6Ct9R9d/91IHGjMjQ6tJhtmRtl8d6wP5Wdl/PzH3TvZFv37PQTAjm7eiogzo6Nb+78k7/+e3pkeztlchv4Pds+9bPzzVqfxT6E1/okO45/DHWL3aewc/4UHfSimq2z890HH8W9r0WpsJM/9rzHmKyaXLlfSrG/7f0ScjOL+LL/des7Z1ftr3Y61j/+yLSu/ORbM7+PB6P6N18yW6+VnqXO7h7ciXuk4/k1a7Z90aP/s9bjQYxkn0ruvdTu2c/2fr7UfIt7o2P6PV7SS7dcnJxrPw0Tzqdjqr9snfu1W/l7XP2v/Q9vXfyxpX6+ttV890lMZ3x/4J43WevJGG+ofvT//+5LPGul9+b7r5Xp9cTJiX/Jxa3+huX/q8bXNfPP8rP4nX9++/+v0/B+MiM97qn3E7eM/vtrt2CC0/2zH9m/Nbje1/5Mn7n/0xXfdyu+t/3u7kTqZ7+ml/+v1Bp/ltQMAAAAAAIBBU4iII5EUSq10oVAqrb+/43gcKlSqtfqpS9WlK7PR+KzsWBQLzZXuo23vh5jMVwyb+alN+emIOBYR34wcbORLM9XK7F5XHgAAAAAAAAAAAAAAAAAAAAbE4S6f/8/8vvXPux/Y/TsEnitf+Q3Da8f478c3PQEDyf//MLzEPwwv8Q/DS/zD8BL/MLzEPwwv8Q/DS/wDAAAAAAAAAAAAAAAAAAAAAAAAAABAX104fz7b1lYf3ZjJ8rPXlpfmq9dOz6a1+dLC0kxpprp4tTRXrc5V0tJMdWGnn1epVq9OTsXS9Yl6WqtP1JZXLi5Ul67UL15eKM+lF9PirtQKAAAAAAAAAAAAAAAAAAAAXiy15ZX5cqWSLkpIPFVidDBuQ6LPib3umQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgsX8DAAD//welMww=")
lsetxattr$trusted_overlay_upper(&(0x7f0000000080)='./file1\x00', &(0x7f0000000840), &(0x7f0000000940)=ANY=[], 0x361, 0x1)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f1, &(0x7f0000010640)={'sit0\x00', &(0x7f00000001c0)=@ethtool_cmd={0x20, 0x5, 0xffffffff, 0x0, 0x4, 0x0, 0xff, 0x28, 0x4, 0x5, 0x0, 0x0, 0x0, 0x0, 0xfc, 0x45}})
setxattr$security_ima(&(0x7f0000000100)='./file1\x00', &(0x7f0000000140), &(0x7f00000013c0)=ANY=[], 0x700, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f0000000280)='./file1\x00', &(0x7f00000000c0), &(0x7f00000001c0)=ANY=[], 0xfe37, 0x0)

264.247256ms ago: executing program 8 (id=1573):
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x2000, 0x1)
r0 = syz_io_uring_setup(0x95, &(0x7f0000000140)={0x0, 0x204, 0x0, 0x0, 0x4}, &(0x7f0000000240)=<r1=>0x0, &(0x7f0000000000)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0)={0x20102, 0x0, 0x28}, &(0x7f0000000500)='./file0\x00', 0x18})
io_uring_enter(r0, 0x4536, 0x6aaf, 0x0, 0x0, 0x0)

78.202119ms ago: executing program 1 (id=1574):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000740)={0x48, 0x2, r1, 0x0, <r2=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000200)={0x28, 0x4, r1, 0x0, &(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4})
ioctl$IOMMU_DESTROY$stdev(r0, 0x3b80, &(0x7f0000000940)={0x8, r2})

6.537993ms ago: executing program 8 (id=1575):
syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x2a0471a, &(0x7f0000000280)={[{@max_batch_time={'max_batch_time', 0x3d, 0x3}}]}, 0x82, 0x48f, &(0x7f0000000840)="$eJzs3M1vVFUfAODfvf3gffmsigpItEqMjR8tLags3Gg0cYHRRBeoq9oWQijU0JpYQqAagxsTQ6JrdWniX+DOjVFXJiaudG9IiLIBjYsx9869Mp12mKFOZwrzPMnQc+acO+ecnnvuPfccpgH0rOHsnyRia0T8EhE7qtHlGYarP65dOTv155WzU0lUKq/+nuT5rl45O1VmLY/bUkRG0oj0g6QoZLn5xTMnJmdnZ04X8bGFk2+PzS+eeeL4ycljM8dmTk0cOnTwwPjTT0082ZZ2Zu26uufc3N7dL75+8aWpIxff+v6rrL5bi/TadqzJ4Mq3hrOG/1HJ1ac9HP//T8VtNNtqwkl/FyvCTemLiKy7BrLxX6lUztek7YgX3m9y+JZ1rh6wjrJ706ZV3i/ui0uVhpIbpgK3giS6XQOgO8r7ffb8W746OP3ousvPVh+AsnZfK17VlP5IizwDdc+37TQcEUeW/vose0U71iEAAJr4aOrTw/H4avO/NO6pybe92EMZiog7IuLOiLgrInZGxN0Red57I2JXK4XWbBDUbw2tnP+kl9beuuay+d8zxd7W8vlfOfuLob4iti1v/0By9PjszP7idzISA5uy+PgNyvjm+Z8+bpRWO//LXln55VywqMel/roFuunJhcl8UtoGl9+L2NMff1cqlbr2J1H2UhIRuyNiz8199PYycPzRL/c2ytS8/Ss+7ro27DNVvoh4pNr/S1HX/lKycn9ycNv1/cmx/8XszP6x8qxY6YcfL7zSqPzW278+sv7fvPz8L1I+XywCQ2/W7tfOR4Ody60Ny7jw64cNn2nWev4PJq/l16Ny2/XdyYWF0+MRg8nhPL7s/Ynrx5bxMn/W/pF9WUrZ/vLINL/GRdH/90XE3mK/7P6IeKCo+4MR8VBE7GvY+ojvnmucthH6f7qm/5OoP/93nav+LPt/8aYDfSe+/bpR+a31/8E8NFK8k1//mmi1gmv/zQEAAMCtI81XbpJ09N9wmo6OVv9j787YnM7OzS88dnTunVPT1RWeoRhIy5WuHTXroePJUvGJ1fhEsVZcph8o1o0/6Ys8Pjo1Nzvd5bZDr9vSYPxnfuvrdu2AdbfaPtrEKl9oA24/9eM/XR49/3InKwN0lO9rQ+9qMv7TTtUD6Dz3f+hdq43/83VxewFwe3L/h95l/EPvMv6hd9WN/774uVs1ATpoDV/nFxCYXzwT6YaoRkuB1v8exHoH3tgY1Wgh0O0rEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQHv8EwAA//9gP+wr")
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0xc0406618, &(0x7f0000000040)={@id={0x2, 0x0, @a}})

0s ago: executing program 5 (id=1576):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff}, 0x13f, 0x1}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r1, 0x0, 0x0, 0x30, 0x0, @in6={0xa, 0x4e20, 0x1000, @loopback, 0xb1cd}, @ib={0x1b, 0x0, 0xc, {"7d73a331001016095e000303ff010001"}, 0x400000004, 0x0, 0x5}}}, 0x118)
write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f0000000180)={0x7, 0x8, 0xfa00, {r1, 0xc}}, 0x4c)
write$RDMA_USER_CM_CMD_DESTROY_ID(r0, &(0x7f00000001c0)={0x1, 0x10, 0xfa00, {&(0x7f0000000140), r1}}, 0x18)

kernel console output (not intermixed with test programs):

1024
[  258.377754][ T8825] program syz.3.916 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  258.392234][   T88] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  258.420554][ T8823] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  258.539793][ T5806] usb 3-1: Using ep0 maxpacket: 32
[  258.562456][   T88] usb 2-1: Using ep0 maxpacket: 32
[  258.582290][ T5806] usb 3-1: config 0 has an invalid interface number: 51 but max is 0
[  258.601381][   T88] usb 2-1: config 0 interface 0 has no altsetting 0
[  258.621339][ T5806] usb 3-1: config 0 has no interface number 0
[  258.643619][   T88] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  258.659366][ T5806] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  258.669203][   T88] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  258.680224][ T5806] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  258.698078][   T88] usb 2-1: Product: syz
[  258.704762][ T5806] usb 3-1: Product: syz
[  258.711239][   T88] usb 2-1: Manufacturer: syz
[  258.720647][ T5806] usb 3-1: Manufacturer: syz
[  258.728577][   T88] usb 2-1: SerialNumber: syz
[  258.738709][ T5806] usb 3-1: SerialNumber: syz
[  258.752211][   T88] usb 2-1: config 0 descriptor??
[  258.791876][ T5806] usb 3-1: config 0 descriptor??
[  258.818221][ T5806] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  259.073054][ T5806] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  259.170946][ T5806] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  259.209738][   T88] gs_usb 2-1:0.0: Configuring for 2 interfaces
[  259.250294][ T8832] loop6: detected capacity change from 0 to 32768
[  259.324759][ T8832] 
[  259.324759][ T8832]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  259.324759][ T8832] 
[  259.358942][ T5821] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  259.399512][ T8832] 
[  259.399512][ T8832]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  259.399512][ T8832] 
[  259.412526][ T8832] 
[  259.412526][ T8832]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  259.412526][ T8832] 
[  259.424162][ T8832] 
[  259.424162][ T8832]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  259.424162][ T8832] 
[  259.462413][  T111] 
[  259.462413][  T111]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  259.462413][  T111] 
[  259.515652][ T8832] 
[  259.515652][ T8832]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  259.515652][ T8832] 
[  259.526280][ T8832] 
[  259.526280][ T8832]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  259.526280][ T8832] 
[  259.536995][ T8832] 
[  259.536995][ T8832]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  259.536995][ T8832] 
[  259.547254][    C0] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71
[  259.547526][ T8832] 
[  259.547526][ T8832]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  259.547526][ T8832] 
[  259.572642][  T112] 
[  259.572642][  T112]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  259.572642][  T112] 
[  259.599550][ T5806] usb 3-1: USB disconnect, device number 7
[  259.659336][ T5806] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  259.700053][ T5806] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  259.957142][ T7030] 
[  259.957142][ T7030]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  259.957142][ T7030] 
[  260.066939][ T7030] 
[  260.066939][ T7030]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  260.066939][ T7030] 
[  260.238386][ T8838] loop0: detected capacity change from 0 to 4096
[  260.395768][ T8840] netlink: 64 bytes leftover after parsing attributes in process `syz.6.922'.
[  260.456335][ T8841] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  260.664029][   T88] gs_usb 2-1:0.0: Couldn't get extended bit timing const for channel 0 (-EPROTO)
[  260.677242][   T88] gs_usb 2-1:0.0: probe with driver gs_usb failed with error -71
[  260.686047][ T5806] quatech2 3-1:0.51: device disconnected
[  260.707053][   T88] usb 2-1: USB disconnect, device number 11
[  260.928037][ T8836] loop3: detected capacity change from 0 to 131072
[  260.947482][ T8836] F2FS-fs (loop3): invalid crc value
[  261.154220][ T8836] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  261.170181][ T8836] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[  261.172491][ T8844] loop2: detected capacity change from 0 to 4096
[  261.283394][ T8844] EXT4-fs: Ignoring removed nomblk_io_submit option
[  261.475836][ T8844] EXT4-fs (loop2): Test dummy encryption mode enabled
[  261.544224][ T8844] EXT4-fs (loop2): stripe (97) is not aligned with cluster size (16), stripe is disabled
[  261.664221][ T8844] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0002]
[  261.747797][ T8844] System zones: 0-5
[  261.824763][  T793] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  261.844382][ T8844] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  261.921406][ T8836] F2FS-fs (loop3): project quota file already specified
[  262.042247][  T793] usb 2-1: Using ep0 maxpacket: 16
[  262.102888][  T793] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  262.114940][ T5997] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  262.155369][  T793] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  262.196096][  T793] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  262.223577][  T793] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  262.251989][  T793] usb 2-1: Product: syz
[  262.270906][  T793] usb 2-1: Manufacturer: syz
[  262.279629][  T793] usb 2-1: SerialNumber: syz
[  262.314045][ T5997] usb 7-1: Using ep0 maxpacket: 16
[  262.321817][  T793] usb 2-1: config 0 descriptor??
[  262.323857][ T5825] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  262.344530][ T5997] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  262.374932][  T793] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  262.388474][ T5997] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  262.411743][  T793] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class)
[  262.423895][ T5997] usb 7-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  262.483939][ T5997] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  262.545492][ T5997] usb 7-1: config 0 descriptor??
[  262.630933][ T8868] loop3: detected capacity change from 0 to 128
[  262.974923][  T793] em28xx 2-1:0.0: unknown em28xx chip ID (0)
[  262.993474][  T793] em28xx 2-1:0.0: Config register raw data: 0x41
[  263.001267][ T8857] raw-gadget.1 gadget.6: fail, usb_ep_set_halt returned -11
[  263.028244][ T5997] usbhid 7-1:0.0: can't add hid device: -71
[  263.052974][ T5997] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  263.102193][   T88] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  263.115422][ T5997] usb 7-1: USB disconnect, device number 4
[  263.234950][  T979] usb 2-1: USB disconnect, device number 12
[  263.263747][  T979] em28xx 2-1:0.0: Disconnecting em28xx
[  263.291574][ T8880] netlink: 4 bytes leftover after parsing attributes in process `syz.3.936'.
[  263.302921][   T88] usb 3-1: Using ep0 maxpacket: 8
[  263.313139][  T979] em28xx 2-1:0.0: Freeing device
[  263.317282][   T88] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[  263.333701][   T88] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  263.382188][   T88] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  263.402358][   T88] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  263.422166][   T88] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  263.452527][   T88] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  263.455126][ T8880] bond1: Invalid ad_actor_system MAC address.
[  263.461619][   T88] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  263.562480][ T8880] bond1: option ad_actor_system: invalid value (1)
[  263.575597][ T8880] bond1 (unregistering): Released all slaves
[  263.591175][ T8883] netlink: 12 bytes leftover after parsing attributes in process `syz.0.937'.
[  263.684572][   T88] usb 3-1: usb_control_msg returned -32
[  263.690226][   T88] usbtmc 3-1:16.0: can't read capabilities
[  264.063172][ T8889] usbtmc 3-1:16.0: INDICATOR_PULSE returned 0
[  264.171394][ T8886] loop0: detected capacity change from 0 to 4096
[  264.291963][ T5806] usb 3-1: USB disconnect, device number 8
[  264.369781][ T8892] loop3: detected capacity change from 0 to 4096
[  264.424288][ T8892] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512).
[  264.458775][   T31] audit: type=1800 audit(1769841771.827:39): pid=8886 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.939" name="file1" dev="loop0" ino=33 res=0 errno=0
[  264.634263][ T8892] ntfs3(loop3): Mark volume as dirty due to NTFS errors
[  264.692788][ T8892] ntfs3(loop3): ino=1a, mi_enum_attr
[  264.698329][ T8892] ntfs3(loop3): Failed to initialize $Extend/$ObjId.
[  264.801399][ T8892] ntfs3(loop3): ino=5, "/" ntfs_readdir
[  264.978762][ T8902] loop1: detected capacity change from 0 to 256
[  265.197210][ T8908] loop0: detected capacity change from 0 to 1024
[  265.264908][ T8908] EXT4-fs: Ignoring removed nomblk_io_submit option
[  265.306582][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  265.312986][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  265.358579][ T8908] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  265.402375][ T8908] System zones: 0-1, 3-36
[  265.494955][ T8908] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  265.639734][   T31] audit: type=1800 audit(1769841773.027:40): pid=8908 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.946" name="bus" dev="loop0" ino=18 res=0 errno=0
[  265.781071][ T5821] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  265.902174][ T5806] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  266.063361][ T8927] netlink: 'syz.0.955': attribute type 1 has an invalid length.
[  266.082336][ T5806] usb 2-1: Using ep0 maxpacket: 8
[  266.112888][ T5806] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[  266.173307][ T5806] usb 2-1: config 179 has no interface number 0
[  266.173659][ T8929] loop6: detected capacity change from 0 to 2048
[  266.179638][ T5806] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  266.195779][ T8929] EXT4-fs: Ignoring removed i_version option
[  266.207164][ T8927] bond2: entered promiscuous mode
[  266.241000][ T8927] 8021q: adding VLAN 0 to HW filter on device bond2
[  266.305515][ T8929] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  266.319982][ T5806] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  266.347078][ T5806] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  266.370024][ T8929] ext4 filesystem being mounted at /96/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  266.392004][ T5806] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  266.394386][ T8932] 8021q: adding VLAN 0 to HW filter on device bond2
[  266.428742][ T5806] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  266.437897][ T8932] bond2: (slave gre1): The slave device specified does not support setting the MAC address
[  266.460756][ T8929] EXT4-fs error (device loop6): ext4_validate_block_bitmap:440: comm syz.6.956: bg 0: block 321: padding at end of block bitmap is not set
[  266.472008][ T8932] bond2: (slave gre1): Setting fail_over_mac to active for active-backup mode
[  266.486613][ T5806] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  266.512654][ T8932] bond2: (slave gre1): Opening slave failed
[  266.513592][ T5806] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  266.530413][ T8929] fs-verity (loop6, inode 13): Error -117 writing Merkle tree block 1
[  266.549547][ T8929] fs-verity (loop6, inode 13): Error -117 building Merkle tree
[  266.569420][ T8918] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  266.754844][ T7030] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  267.077095][ T8944] loop0: detected capacity change from 0 to 512
[  267.100191][ T5806] input: Generic X-Box pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:179.65/input/input18
[  267.211279][ T8944] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  267.347924][ T8944] ext4 filesystem being mounted at /165/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  267.460387][ T8944] Quota error (device loop0): do_check_range: Getting dqdh_next_free 4294967294 out of range 0-8
[  267.472426][ T8944] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  267.516523][ T5997] usb 2-1: USB disconnect, device number 13
[  267.516567][    C0] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  267.531771][    C0] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  267.545925][ T8944] EXT4-fs error (device loop0): ext4_acquire_dquot:6984: comm syz.0.962: Failed to acquire dquot type 0
[  267.699060][ T5821] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  267.862337][  T979] usb 3-1: new full-speed USB device number 9 using dummy_hcd
[  267.874540][  T793] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  268.018550][  T979] usb 3-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  268.029183][  T979] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  268.041576][  T979] usb 3-1: config 0 descriptor??
[  268.046850][  T793] usb 4-1: Using ep0 maxpacket: 16
[  268.059311][  T793] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  268.103257][  T793] usb 4-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  268.137803][  T793] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  268.140844][ T8967] loop5: detected capacity change from 0 to 512
[  268.208984][ T8967] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  268.270686][ T8967] EXT4-fs (loop5): DAX unsupported by block device.
[  268.301576][  T793] usb 4-1: config 0 descriptor??
[  268.659438][ T8967] netlink: 8 bytes leftover after parsing attributes in process `syz.5.970'.
[  268.671721][ T8972] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  268.750997][ T8974] loop1: detected capacity change from 0 to 2364
[  268.788419][  T793] mcp2221 0003:04D8:00DD.0011: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.3-1/input0
[  269.027229][ T5806] usb 4-1: USB disconnect, device number 8
[  269.074518][  T979] pegasus 3-1:0.0: probe with driver pegasus failed with error -71
[  269.140743][  T979] usb 3-1: USB disconnect, device number 9
[  269.516447][ T8991] tun0: tun_chr_ioctl cmd 1074025675
[  269.521887][ T8991] tun0: persist enabled
[  269.530041][ T8991] tun0: tun_chr_ioctl cmd 1074025675
[  269.538187][ T8991] tun0: persist enabled
[  269.822820][ T8997] sit0: entered promiscuous mode
[  269.850121][ T8997] netlink: 'syz.6.982': attribute type 1 has an invalid length.
[  269.882527][ T8997] netlink: 1 bytes leftover after parsing attributes in process `syz.6.982'.
[  270.143142][ T9005] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  270.316241][ T9005] batman_adv: batadv0: Removing interface: batadv_slave_1
[  270.682800][ T9019] loop3: detected capacity change from 0 to 4096
[  270.739532][ T9023] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  271.252881][ T9032] syzkaller1: entered promiscuous mode
[  271.258407][ T9032] syzkaller1: entered allmulticast mode
[  272.173113][   T10] usb 4-1: new full-speed USB device number 9 using dummy_hcd
[  272.331504][ T9056] syz_tun: entered allmulticast mode
[  272.354745][ T9054] loop2: detected capacity change from 0 to 32768
[  272.422200][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  272.444179][ T9054] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  272.452466][ T9054] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  272.479026][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  272.499000][ T9056] dvmrp8: entered allmulticast mode
[  272.523874][ T9054] gfs2: fsid=syz:syz.s: journal 0 mapped with 5 extents in 0ms
[  272.528051][   T10] usb 4-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  272.556290][ T9055] syz_tun: left allmulticast mode
[  272.585593][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  272.605646][ T9054] gfs2: fsid=syz:syz.s: first mount done, others may mount
[  272.685443][   T10] usb 4-1: config 0 descriptor??
[  272.922709][ T9062] loop6: detected capacity change from 0 to 4096
[  273.180878][   T10] elan 0003:04F3:0755.0012: failed to start in urb: -90
[  273.234892][   T10] elan 0003:04F3:0755.0012: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.3-1/input0
[  273.286211][   T31] audit: type=1800 audit(1769841780.667:41): pid=9062 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1008" name="file1" dev="loop6" ino=0 res=0 errno=0
[  273.488170][ T5806] usb 4-1: USB disconnect, device number 9
[  273.633010][ T9073] fido_id[9073]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory
[  273.929438][ T9083] loop0: detected capacity change from 0 to 128
[  273.960372][ T9083] EXT4-fs: Ignoring removed nobh option
[  273.998923][ T9085] loop2: detected capacity change from 0 to 128
[  274.020807][ T9083] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  274.093898][ T9083] ext4 filesystem being mounted at /173/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  274.389267][ T5821] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  274.597501][ T9094] loop2: detected capacity change from 0 to 512
[  274.700215][ T9070] loop5: detected capacity change from 0 to 32768
[  274.712951][ T9094] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  274.735941][ T9094] ext4 filesystem being mounted at /192/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  274.834592][ T9102] netlink: 212328 bytes leftover after parsing attributes in process `syz.0.1021'.
[  274.867836][ T9070] XFS (loop5): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  274.889204][ T9102] netlink: ct family unspecified
[  275.018282][ T9094] Quota error (device loop2): do_check_range: Getting dqdh_next_free 4294967294 out of range 0-8
[  275.035510][ T9070] XFS (loop5): Ending clean mount
[  275.073235][ T9094] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[  275.096001][ T9094] EXT4-fs error (device loop2): ext4_acquire_dquot:6984: comm syz.2.1022: Failed to acquire dquot type 0
[  275.124603][ T9070] XFS (loop5): Quotacheck needed: Please wait.
[  275.352430][ T9070] XFS (loop5): Quotacheck: Done.
[  275.361652][ T9115] bond_slave_1: entered promiscuous mode
[  275.391408][ T5825] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  275.394333][ T9115] bond_slave_1: left promiscuous mode
[  275.573195][ T9125] netlink: 6032 bytes leftover after parsing attributes in process `syz.1.1030'.
[  275.688522][ T5818] XFS (loop5): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  275.758953][ T9127] netlink: 'syz.2.1031': attribute type 12 has an invalid length.
[  276.032295][ T5806] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  276.199726][ T9133] loop6: detected capacity change from 0 to 4096
[  276.289025][ T9140] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  276.402815][ T9142] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1050'.
[  276.449250][ T9142] bond0: ARP target 170.170.170.170 is already present
[  276.486518][ T9142] bond0: option arp_ip_target: invalid value (2863311530)
[  276.589865][ T9146] loop5: detected capacity change from 0 to 128
[  276.673570][   T31] audit: type=1800 audit(1769841784.057:42): pid=9146 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1039" name="file1" dev="loop5" ino=1048668 res=0 errno=0
[  276.781996][ T9147] syz.5.1039: attempt to access beyond end of device
[  276.781996][ T9147] loop5: rw=2049, sector=138, nr_sectors = 112 limit=128
[  276.994114][ T5806] usb 4-1: config 1 has an invalid descriptor of length 105, skipping remainder of the config
[  277.012149][ T5806] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  277.033408][ T5806] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  277.051396][ T5806] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67
[  277.070355][ T5806] usb 4-1: SerialNumber: syz
[  277.310047][ T5806] usb 4-1: 0:2 : does not exist
[  277.399778][ T5806] usb 4-1: USB disconnect, device number 10
[  277.517447][ T9155] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  277.838108][ T9163] loop0: detected capacity change from 0 to 512
[  278.911433][ T9183] loop6: detected capacity change from 0 to 512
[  279.046557][ T9183] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  279.072524][ T9183] ext4 filesystem being mounted at /113/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  279.343508][ T9183] Quota error (device loop6): do_check_range: Getting dqdh_next_free 4294967294 out of range 0-8
[  279.374310][ T9183] Quota error (device loop6): qtree_write_dquot: Error -117 occurred while creating quota
[  279.447031][ T9183] EXT4-fs error (device loop6): ext4_acquire_dquot:6984: comm syz.6.1057: Failed to acquire dquot type 0
[  279.701487][ T7030] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  279.852694][ T9200] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1063'.
[  280.303243][ T9211] loop6: detected capacity change from 0 to 1024
[  280.352024][ T9211] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  280.422271][   T88] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  280.625349][ T7030] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  280.642264][   T88] usb 2-1: Using ep0 maxpacket: 32
[  280.649733][   T88] usb 2-1: config 0 has an invalid interface number: 126 but max is 0
[  280.672243][   T88] usb 2-1: config 0 has no interface number 0
[  280.694233][   T88] usb 2-1: config 0 interface 126 altsetting 16 bulk endpoint 0x6 has invalid maxpacket 1023
[  280.729363][   T88] usb 2-1: config 0 interface 126 altsetting 16 bulk endpoint 0x82 has invalid maxpacket 8
[  280.740806][ T9223] loop2: detected capacity change from 0 to 1024
[  280.762429][   T10] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  280.772554][   T88] usb 2-1: config 0 interface 126 has no altsetting 0
[  280.793807][   T88] usb 2-1: New USB device found, idVendor=09c4, idProduct=0011, bcdDevice=b0.1c
[  280.812151][   T88] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  280.840580][   T88] usb 2-1: Product: syz
[  280.860807][   T88] usb 2-1: Manufacturer: syz
[  280.887961][   T88] usb 2-1: SerialNumber: syz
[  280.925436][   T10] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  280.943422][ T9223] hfsplus: bad catalog entry type
[  280.945089][ T9227] loop6: detected capacity change from 0 to 256
[  280.951699][   T88] usb 2-1: config 0 descriptor??
[  280.966163][ T9207] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  280.992403][ T9207] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  281.007937][   T10] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  281.042051][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  281.060575][ T9227] exFAT-fs (loop6): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  281.115785][   T10] usb 4-1: SerialNumber: syz
[  281.178213][ T1004] hfsplus: b-tree write err: -5, ino 4
[  281.184951][ T9227] exFAT-fs (loop6): valid_size(150994954) is greater than size(10)
[  281.199644][   T31] audit: type=1800 audit(1769841788.587:43): pid=9227 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1072" name="file1" dev="loop6" ino=1048669 res=0 errno=0
[  281.446667][   T88] ir_usb 2-1:0.126: IR Dongle converter detected
[  281.521589][ T9231] loop2: detected capacity change from 0 to 128
[  281.596266][ T9231] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1)
[  281.672618][   T88] usb 2-1: IR Dongle converter now attached to ttyUSB0
[  282.101479][ T9236] loop5: detected capacity change from 0 to 32768
[  282.122527][ T9231] syz.2.1074: attempt to access beyond end of device
[  282.122527][ T9231] loop2: rw=8388611, sector=6950, nr_sectors = 2 limit=128
[  282.163061][ T9237] loop6: detected capacity change from 0 to 32768
[  282.165350][ T5959] usb 2-1: USB disconnect, device number 14
[  282.180227][ T9237] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.1077 (9237)
[  282.197062][ T9231] syz.2.1074: attempt to access beyond end of device
[  282.197062][ T9231] loop2: rw=8390659, sector=6952, nr_sectors = 942 limit=128
[  282.215760][ T9237] BTRFS info (device loop6): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  282.226522][ T9237] BTRFS info (device loop6): using sha256 (sha256-lib) checksum algorithm
[  282.233977][   T10] cdc_ether 4-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.3-1, CDC Ethernet Device, 42:42:42:42:42:42
[  282.252592][ T9236] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  282.298326][ T5959] ir-usb ttyUSB0: IR Dongle converter now disconnected from ttyUSB0
[  282.368619][ T9236] XFS (loop5): Ending clean mount
[  282.379029][ T9236] XFS (loop5): Quotacheck needed: Please wait.
[  282.399429][   T10] usb 4-1: USB disconnect, device number 11
[  282.406987][ T5959] ir_usb 2-1:0.126: device disconnected
[  282.446876][   T10] cdc_ether 4-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.3-1, CDC Ethernet Device
[  282.523862][  T793] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  282.535064][ T9236] XFS (loop5): Quotacheck: Done.
[  282.555641][ T9237] BTRFS info (device loop6): enabling ssd optimizations
[  282.562885][ T9237] BTRFS info (device loop6): turning on async discard
[  282.569671][ T9237] BTRFS info (device loop6): enabling free space tree
[  282.594011][ T9238] FAT-fs (loop2): FAT read failed (blocknr 128)
[  282.655525][ T9237] BTRFS info (device loop6): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  282.782373][  T793] usb 1-1: Using ep0 maxpacket: 32
[  282.804002][ T5818] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  282.808121][  T793] usb 1-1: config 0 has an invalid interface number: 51 but max is 0
[  282.835699][  T793] usb 1-1: config 0 has no interface number 0
[  282.887300][  T793] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  282.923238][  T793] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  282.947775][  T793] usb 1-1: Product: syz
[  282.955954][ T7030] BTRFS info (device loop6): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  282.980005][  T793] usb 1-1: Manufacturer: syz
[  283.000850][  T793] usb 1-1: SerialNumber: syz
[  283.047307][  T793] usb 1-1: config 0 descriptor??
[  283.091695][  T793] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  283.323723][  T793] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  283.404571][  T793] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  283.834864][    C1] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71
[  283.853003][  T793] usb 1-1: USB disconnect, device number 13
[  283.882734][  T793] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  283.923509][  T793] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  283.946521][  T793] quatech2 1-1:0.51: device disconnected
[  284.098779][ T9278] loop5: detected capacity change from 0 to 4096
[  284.182823][ T9282] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  284.433008][   T10] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  284.624922][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  284.656673][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  284.687149][   T10] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  284.730677][   T10] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  284.752549][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  284.801408][   T10] usb 4-1: config 0 descriptor??
[  285.104878][ T9303] netlink: 212368 bytes leftover after parsing attributes in process `syz.5.1097'.
[  285.220015][ T9280] loop6: detected capacity change from 0 to 32768
[  285.261377][   T10] plantronics 0003:047F:FFFF.0013: reserved main item tag 0xd
[  285.297399][ T9280] ocfs2: Slot 0 on device (7,6) was already allocated to this node!
[  285.336406][ T9280] JBD2: Ignoring recovery information on journal
[  285.415751][   T10] plantronics 0003:047F:FFFF.0013: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  285.462580][ T9280] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[  285.536350][ T9311] vlan0: entered allmulticast mode
[  285.571044][ T9313] netlink: 14 bytes leftover after parsing attributes in process `syz.5.1099'.
[  285.634910][ T5806] usb 4-1: USB disconnect, device number 12
[  285.640969][ T9311] bond0: entered allmulticast mode
[  285.687584][ T9311] bond_slave_0: entered allmulticast mode
[  285.688979][   T31] audit: type=1800 audit(1769841793.077:44): pid=9280 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1082" name="file1" dev="loop6" ino=17058 res=0 errno=0
[  285.762253][ T9311] bond_slave_1: entered allmulticast mode
[  285.899293][ T9312] fido_id[9312]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  286.053080][ T9313] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  286.073311][ T9313] bond_slave_0: left allmulticast mode
[  286.095407][ T7030] ocfs2: Unmounting device (7,6) on (node local)
[  286.103411][ T9313] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  286.121288][ T9313] bond_slave_1: left allmulticast mode
[  286.139765][ T9313] bond0 (unregistering): Released all slaves
[  286.265506][ T9321] netlink: 212368 bytes leftover after parsing attributes in process `syz.6.1103'.
[  286.535553][ T9300] loop0: detected capacity change from 0 to 32768
[  286.625968][ T9326] loop2: detected capacity change from 0 to 4096
[  286.655898][ T9332] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  286.764391][ T9333] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  286.879080][ T5821] read_mapping_page failed!
[  286.905340][ T5821] ERROR: (device loop0): txAbort: 
[  286.905340][ T5821] 
[  286.934169][ T5821] read_mapping_page failed!
[  286.962257][ T5821] ERROR: (device loop0): txAbort: 
[  286.962257][ T5821] 
[  288.103542][   T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  288.345718][   T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  288.465455][ T9350] loop3: detected capacity change from 0 to 128
[  288.532248][ T5997] Process accounting resumed
[  288.545202][ T5997] FAT-fs (loop3): error, corrupted file size (i_pos 548, 512)
[  288.565176][   T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  288.583885][ T5997] FAT-fs (loop3): Filesystem has been set read-only
[  288.780353][ T5839] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  288.794965][ T5839] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  288.799748][   T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  288.802551][ T5997] usb 6-1: new full-speed USB device number 12 using dummy_hcd
[  288.828292][ T5839] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  288.842310][ T5839] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  288.851211][ T5839] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  288.979812][ T5997] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  289.004807][   T10] usb 2-1: new full-speed USB device number 15 using dummy_hcd
[  289.007438][ T5997] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  289.049353][ T5997] usb 6-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  289.059381][ T5997] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  289.084420][ T5997] usb 6-1: config 0 descriptor??
[  289.192620][   T10] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  289.214182][ T9369] loop2: detected capacity change from 0 to 512
[  289.229816][   T10] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  289.280290][   T10] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  289.309606][ T9369] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  289.337535][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  289.555881][   T13] bridge_slave_1: left allmulticast mode
[  289.561786][   T13] bridge_slave_1: left promiscuous mode
[  289.586334][   T10] usb 2-1: usb_control_msg returned -32
[  289.587679][ T5997] elan 0003:04F3:0755.0014: failed to start in urb: -90
[  289.591962][   T10] usbtmc 2-1:16.0: can't read capabilities
[  289.626957][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  289.647810][ T5997] elan 0003:04F3:0755.0014: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.5-1/input0
[  289.683902][ T9369] EXT4-fs (loop2): shut down requested (0)
[  289.771973][   T13] bridge_slave_0: left allmulticast mode
[  289.798380][   T13] bridge_slave_0: left promiscuous mode
[  289.822564][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  289.903898][ T5997] usb 6-1: USB disconnect, device number 12
[  289.932999][ T9382] loop3: detected capacity change from 0 to 128
[  289.945223][ T5825] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  289.967677][ T9378] fido_id[9378]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/6-1/report_descriptor': No such file or directory
[  290.015372][ T9382] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  290.139037][ T9382] ext4 filesystem being mounted at /171/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  290.401325][ T9395] netlink: 207952 bytes leftover after parsing attributes in process `syz.2.1131'.
[  290.479634][ T5822] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  290.771285][ T9406] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:17 to non-existent VLAN 1280
[  290.914699][ T5824] Bluetooth: hci2: command tx timeout
[  290.919010][ T9399] loop6: detected capacity change from 0 to 8192
[  291.372254][   T10] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  291.421619][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  291.456080][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  291.493849][   T13] bond0 (unregistering): Released all slaves
[  291.556736][   T10] usb 4-1: config 0 interface 0 has no altsetting 0
[  291.575307][   T10] usb 4-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  291.624318][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  291.662669][ T9418] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1138'.
[  291.677668][   T10] usb 4-1: config 0 descriptor??
[  291.805721][ T5806] usb 2-1: USB disconnect, device number 15
[  292.081128][   T13] bond1 (unregistering): (slave veth3): Releasing backup interface
[  292.106829][   T13] veth3: left promiscuous mode
[  292.134216][   T13] bond1 (unregistering): Released all slaves
[  292.539627][   T13] bond2 (unregistering): Released all slaves
[  292.581065][ T9359] chnl_net:caif_netlink_parms(): no params data found
[  292.604549][ T9418] chnl_net:caif_netlink_parms(): no params data found
[  292.765910][   T10] video4linux radio48: keene_cmd_set failed (-71)
[  292.792884][   T10] radio-keene 4-1:0.0: V4L2 device registered as radio48
[  292.827046][   T10] usb 4-1: USB disconnect, device number 13
[  292.982885][ T5824] Bluetooth: hci2: command tx timeout
[  293.192769][ T9440] can0: slcan on ptm0.
[  293.194909][ T9447] loop6: detected capacity change from 0 to 128
[  293.227685][ T9443] netlink: 703 bytes leftover after parsing attributes in process `syz.5.1148'.
[  293.274731][ T9359] bridge0: port 1(bridge_slave_0) entered blocking state
[  293.285993][ T9359] bridge0: port 1(bridge_slave_0) entered disabled state
[  293.293598][ T9359] bridge_slave_0: entered allmulticast mode
[  293.304624][ T9359] bridge_slave_0: entered promiscuous mode
[  293.352395][ T9359] bridge0: port 2(bridge_slave_1) entered blocking state
[  293.359580][ T9359] bridge0: port 2(bridge_slave_1) entered disabled state
[  293.398025][ T9359] bridge_slave_1: entered allmulticast mode
[  293.431089][ T9359] bridge_slave_1: entered promiscuous mode
[  293.576070][ T9438] can0 (unregistered): slcan off ptm0.
[  293.812186][ T5997] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  293.834796][   T13] hsr_slave_0: left promiscuous mode
[  293.860610][   T13] hsr_slave_1: left promiscuous mode
[  293.873925][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  293.904837][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  293.949880][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  293.992215][ T5997] usb 7-1: Using ep0 maxpacket: 32
[  294.017550][ T5997] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  294.032859][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  294.052155][ T5997] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  294.102339][ T5997] usb 7-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  294.120061][   T13] veth1_macvtap: left promiscuous mode
[  294.147163][   T13] veth0_macvtap: left promiscuous mode
[  294.152940][ T5997] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  294.163678][   T13] veth1_vlan: left promiscuous mode
[  294.169052][   T13] veth0_vlan: left promiscuous mode
[  294.203330][ T5997] usb 7-1: config 0 descriptor??
[  294.653565][ T5997] ft260 0003:0403:6030.0015: unknown main item tag 0x0
[  294.682253][ T5997] ft260 0003:0403:6030.0015: unknown main item tag 0x0
[  294.741849][ T9455] loop3: detected capacity change from 0 to 32768
[  294.821526][ T9478] loop2: detected capacity change from 0 to 1024
[  294.850813][ T5997] ft260 0003:0403:6030.0015: chip code: 0000 0000
[  294.878198][ T9455] XFS (loop3): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  294.980445][ T9478] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  295.062487][ T5824] Bluetooth: hci2: command tx timeout
[  295.107881][ T9455] XFS (loop3): Ending clean mount
[  295.260022][ T5997] usb 7-1: USB disconnect, device number 5
[  295.441085][ T9466] loop5: detected capacity change from 0 to 32768
[  295.476183][ T5825] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  295.487616][ T5822] XFS (loop3): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  295.612411][ T9466] JBD2: Ignoring recovery information on journal
[  295.783626][ T9466] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  295.838850][ T9499] loop2: detected capacity change from 0 to 128
[  296.109508][ T9466] (syz.5.1155,9466,1):ocfs2_rename:1703 ERROR: status = -39
[  296.319280][ T5818] ocfs2: Unmounting device (7,5) on (node local)
[  296.432309][  T793] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  296.613500][  T793] usb 3-1: Using ep0 maxpacket: 32
[  296.620844][  T793] usb 3-1: config 0 has an invalid interface number: 85 but max is 0
[  296.639165][  T793] usb 3-1: config 0 has no interface number 0
[  296.657900][  T793] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  296.671726][  T793] usb 3-1: config 0 interface 85 has no altsetting 0
[  296.700824][  T793] usb 3-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  296.723566][  T793] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  296.749477][  T793] usb 3-1: Product: syz
[  296.754815][  T793] usb 3-1: Manufacturer: syz
[  296.760962][  T793] usb 3-1: SerialNumber: syz
[  296.781480][  T793] usb 3-1: config 0 descriptor??
[  296.993949][   T13] team0 (unregistering): Port device team_slave_1 removed
[  297.050584][   T13] team0 (unregistering): Port device team_slave_0 removed
[  297.145112][ T5824] Bluetooth: hci2: command tx timeout
[  297.315066][ T9519] loop5: detected capacity change from 0 to 4096
[  297.353634][ T9522] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  297.407121][  T793] appletouch 3-1:0.85: Geyser mode initialized.
[  297.435849][  T793] input: appletouch as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.85/input/input20
[  297.608430][ T5806] usb 3-1: USB disconnect, device number 10
[  297.726984][ T5806] appletouch 3-1:0.85: input: appletouch disconnected
[  297.927678][ T9521] loop3: detected capacity change from 0 to 32768
[  297.981581][ T9521] ocfs2: Slot 0 on device (7,3) was already allocated to this node!
[  297.995377][ T9521] JBD2: Ignoring recovery information on journal
[  298.076326][ T9521] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  298.299235][   T31] audit: type=1800 audit(1769841805.687:45): pid=9521 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1170" name="file1" dev="loop3" ino=17058 res=0 errno=0
[  298.353179][ T9528] netlink: 212368 bytes leftover after parsing attributes in process `syz.5.1171'.
[  298.495690][ T5806] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  298.537172][ T5822] ocfs2: Unmounting device (7,3) on (node local)
[  298.667201][ T5806] usb 3-1: Using ep0 maxpacket: 8
[  298.701596][ T5806] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  298.722160][ T5806] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  298.743547][ T5806] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  298.746299][ T9359] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  298.764205][ T9532] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1175'.
[  298.765046][ T5806] usb 3-1: config 0 descriptor??
[  298.789177][ T9532] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1175'.
[  298.875283][ T9359] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  299.008789][ T9534] netlink: 'syz.3.1173': attribute type 29 has an invalid length.
[  299.022547][ T5806] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  299.071330][ T9537] netlink: 596 bytes leftover after parsing attributes in process `syz.3.1173'.
[  299.088880][ T9359] team0: Port device team_slave_0 added
[  299.120837][ T9359] team0: Port device team_slave_1 added
[  299.146275][ T9535] netlink: 'syz.3.1173': attribute type 29 has an invalid length.
[  299.415311][ T9359] batman_adv: batadv0: Adding interface: batadv_slave_0
[  299.441579][ T9359] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  299.446118][ T9550] loop6: detected capacity change from 0 to 256
[  299.491362][  T793] usb 3-1: USB disconnect, device number 11
[  299.522199][ T9359] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  299.555320][ T9359] batman_adv: batadv0: Adding interface: batadv_slave_1
[  299.583788][ T9359] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  299.675252][ T9359] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  299.962624][ T9359] hsr_slave_0: entered promiscuous mode
[  299.981443][ T9359] hsr_slave_1: entered promiscuous mode
[  300.003951][ T9359] debugfs: 'hsr0' already exists in 'hsr'
[  300.032201][ T9359] Cannot create hsr debugfs directory
[  300.911826][ T9551] loop3: detected capacity change from 0 to 40427
[  300.961633][ T9551] F2FS-fs (loop3): invalid crc value
[  301.052453][ T9359] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  301.136779][ T9359] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  301.237428][ T9359] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  301.323769][ T9359] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  301.424761][ T9551] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  301.473992][ T9551] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  301.797577][ T5822] syz-executor: attempt to access beyond end of device
[  301.797577][ T5822] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  301.831804][ T5822] CPU: 1 UID: 0 PID: 5822 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  301.831865][ T5822] Tainted: [L]=SOFTLOCKUP
[  301.831879][ T5822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  301.831901][ T5822] Call Trace:
[  301.831913][ T5822]  <TASK>
[  301.831927][ T5822]  dump_stack_lvl+0x100/0x190
[  301.831980][ T5822]  f2fs_handle_critical_error+0x5d7/0x970
[  301.832044][ T5822]  ? srso_alias_return_thunk+0x5/0xfbef5
[  301.832094][ T5822]  ? f2fs_build_fault_attr+0x53/0x1f0
[  301.832163][ T5822]  f2fs_write_end_io+0xc24/0xf00
[  301.832229][ T5822]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  301.832297][ T5822]  ? srso_alias_return_thunk+0x5/0xfbef5
[  301.832354][ T5822]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  301.832414][ T5822]  bio_endio+0x755/0x8b0
[  301.832476][ T5822]  submit_bio_noacct+0x1b7/0x1e80
[  301.832530][ T5822]  __submit_merged_bio+0x331/0x6f0
[  301.832598][ T5822]  __submit_merged_write_cond+0x31a/0x3f0
[  301.832673][ T5822]  f2fs_write_cache_pages+0x21c8/0x2720
[  301.832740][ T5822]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  301.832780][ T5822]  ? srso_alias_return_thunk+0x5/0xfbef5
[  301.832827][ T5822]  ? srso_alias_return_thunk+0x5/0xfbef5
[  301.832875][ T5822]  ? srso_alias_return_thunk+0x5/0xfbef5
[  301.832920][ T5822]  ? arch_stack_walk+0x88/0xf0
[  301.832981][ T5822]  ? srso_alias_return_thunk+0x5/0xfbef5
[  301.833026][ T5822]  ? __lock_acquire+0x4a5/0x2630
[  301.833125][ T5822]  ? srso_alias_return_thunk+0x5/0xfbef5
[  301.833176][ T5822]  ? check_irq_usage+0xe5/0x810
[  301.833272][ T5822]  ? srso_alias_return_thunk+0x5/0xfbef5
[  301.833317][ T5822]  ? __mod_zone_page_state+0xe2/0x190
[  301.833375][ T5822]  ? srso_alias_return_thunk+0x5/0xfbef5
[  301.833428][ T5822]  f2fs_write_data_pages+0x5a7/0x1060
[  301.833483][ T5822]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  301.833533][ T5822]  ? do_writepages+0x4b5/0x600
[  301.833582][ T5822]  ? do_writepages+0x4b5/0x600
[  301.833629][ T5822]  ? srso_alias_return_thunk+0x5/0xfbef5
[  301.833679][ T5822]  ? srso_alias_return_thunk+0x5/0xfbef5
[  301.833724][ T5822]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  301.833771][ T5822]  do_writepages+0x278/0x600
[  301.833825][ T5822]  ? __pfx_do_writepages+0x10/0x10
[  301.833872][ T5822]  ? do_raw_spin_unlock+0x145/0x1e0
[  301.833912][ T5822]  ? srso_alias_return_thunk+0x5/0xfbef5
[  301.833958][ T5822]  ? _raw_spin_unlock+0x28/0x50
[  301.834004][ T5822]  filemap_writeback+0x22d/0x2e0
[  301.834059][ T5822]  ? __pfx_filemap_writeback+0x10/0x10
[  301.834170][ T5822]  ? srso_alias_return_thunk+0x5/0xfbef5
[  301.834216][ T5822]  ? find_held_lock+0x2b/0x80
[  301.834262][ T5822]  ? f2fs_sync_dirty_inodes+0x3a7/0x940
[  301.834308][ T5822]  ? f2fs_sync_dirty_inodes+0x3a7/0x940
[  301.834351][ T5822]  ? srso_alias_return_thunk+0x5/0xfbef5
[  301.834408][ T5822]  f2fs_sync_dirty_inodes+0x46a/0x940
[  301.834473][ T5822]  block_operations+0x2a6/0xfc0
[  301.834529][ T5822]  ? __pfx_block_operations+0x10/0x10
[  301.834627][ T5822]  ? srso_alias_return_thunk+0x5/0xfbef5
[  301.834676][ T5822]  ? ktime_get+0x200/0x300
[  301.834729][ T5822]  ? srso_alias_return_thunk+0x5/0xfbef5
[  301.834775][ T5822]  ? lockdep_hardirqs_on+0x78/0x100
[  301.834822][ T5822]  ? srso_alias_return_thunk+0x5/0xfbef5
[  301.834867][ T5822]  ? rcu_is_watching+0x12/0xc0
[  301.834921][ T5822]  f2fs_write_checkpoint+0x47d/0x5240
[  301.834976][ T5822]  ? kfree+0x1c7/0x690
[  301.835023][ T5822]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  301.835065][ T5822]  ? srso_alias_return_thunk+0x5/0xfbef5
[  301.835116][ T5822]  ? srso_alias_return_thunk+0x5/0xfbef5
[  301.835168][ T5822]  ? rcu_is_watching+0x12/0xc0
[  301.835214][ T5822]  ? srso_alias_return_thunk+0x5/0xfbef5
[  301.835260][ T5822]  ? kthread_stop+0x280/0x5c0
[  301.835327][ T5822]  kill_f2fs_super+0x3d0/0x480
[  301.835376][ T5822]  ? __pfx_kill_f2fs_super+0x10/0x10
[  301.835439][ T5822]  ? srso_alias_return_thunk+0x5/0xfbef5
[  301.835500][ T5822]  deactivate_locked_super+0xc1/0x1b0
[  301.835558][ T5822]  deactivate_super+0xe7/0x110
[  301.835616][ T5822]  cleanup_mnt+0x21f/0x450
[  301.835680][ T5822]  task_work_run+0x150/0x240
[  301.835724][ T5822]  ? __pfx_task_work_run+0x10/0x10
[  301.835766][ T5822]  ? srso_alias_return_thunk+0x5/0xfbef5
[  301.835811][ T5822]  ? __x64_sys_umount+0x124/0x1a0
[  301.835858][ T5822]  exit_to_user_mode_loop+0x100/0x4b0
[  301.835896][ T5822]  ? rcu_is_watching+0x12/0xc0
[  301.835946][ T5822]  do_syscall_64+0x4fe/0xf80
[  301.835999][ T5822]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  301.836038][ T5822] RIP: 0033:0x7f244819c117
[  301.836066][ T5822] Code: a2 c7 05 7c 94 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  301.836105][ T5822] RSP: 002b:00007ffd123a9af8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  301.836148][ T5822] RAX: 0000000000000000 RBX: 00007f244820471f RCX: 00007f244819c117
[  301.836173][ T5822] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd123a9bb0
[  301.836197][ T5822] RBP: 00007ffd123a9bb0 R08: 00007ffd123aabb0 R09: 00000000ffffffff
[  301.836222][ T5822] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd123aac40
[  301.836246][ T5822] R13: 00007f244820471f R14: 0000000000049a34 R15: 00007ffd123aac80
[  301.836297][ T5822]  </TASK>
[  302.363841][ T9359] 8021q: adding VLAN 0 to HW filter on device bond0
[  302.382310][ T5822] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  302.458503][ T9359] 8021q: adding VLAN 0 to HW filter on device team0
[  302.536632][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  302.543855][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  302.656182][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  302.663434][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  302.878605][ T9628] 9pnet: p9_errstr2errno: server reported unknown error 
[  302.996674][ T9359] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  303.366520][ T9639] loop2: detected capacity change from 0 to 4096
[  303.423191][ T5806] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  303.622469][ T5806] usb 4-1: Using ep0 maxpacket: 16
[  303.656548][ T5806] usb 4-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  303.686162][ T5806] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  303.734196][ T5806] usb 4-1: config 0 descriptor??
[  303.770499][ T9621] loop6: detected capacity change from 0 to 32768
[  303.812488][ T5806] gspca_main: sonixj-2.14.0 probing 0471:0327
[  303.925724][ T9621] JBD2: Ignoring recovery information on journal
[  303.959726][ T9359] 8021q: adding VLAN 0 to HW filter on device batadv0
[  303.990356][ T9654] ICMPv6: RA: ndisc_router_discovery failed to add default route
[  303.998571][ T9654] ICMPv6: RA: ndisc_router_discovery failed to add default route
[  304.006516][ T9654] ICMPv6: RA: ndisc_router_discovery failed to add default route
[  304.014453][ T9654] ICMPv6: RA: ndisc_router_discovery failed to add default route
[  304.022382][ T9654] ICMPv6: RA: ndisc_router_discovery failed to add default route
[  304.030290][ T9654] ICMPv6: RA: ndisc_router_discovery failed to add default route
[  304.038228][ T9654] ICMPv6: RA: ndisc_router_discovery failed to add default route
[  304.046342][ T9654] ICMPv6: RA: ndisc_router_discovery failed to add default route
[  304.054385][ T9654] ICMPv6: RA: ndisc_router_discovery failed to add default route
[  304.062370][ T9654] ICMPv6: RA: ndisc_router_discovery failed to add default route
[  304.133468][ T9621] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[  304.384855][  T979] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  304.507102][ T9621] (syz.6.1202,9621,1):ocfs2_rename:1703 ERROR: status = -39
[  304.570594][  T979] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  304.602134][  T979] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  304.632636][  T979] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  304.684720][  T979] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  304.722724][  T979] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  304.766307][  T979] usb 6-1: config 0 descriptor??
[  304.784912][ T7030] ocfs2: Unmounting device (7,6) on (node local)
[  304.950932][ T5806] usb 4-1: USB disconnect, device number 14
[  305.247964][  T979] plantronics 0003:047F:FFFF.0016: reserved main item tag 0xd
[  305.320533][  T979] plantronics 0003:047F:FFFF.0016: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  305.356054][ T9359] veth0_vlan: entered promiscuous mode
[  305.390720][ T9359] veth1_vlan: entered promiscuous mode
[  305.575268][ T9359] veth0_macvtap: entered promiscuous mode
[  305.587729][ T5806] usb 6-1: USB disconnect, device number 13
[  305.613314][ T9359] veth1_macvtap: entered promiscuous mode
[  305.689450][ T9679] fido_id[9679]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/6-1/report_descriptor': No such file or directory
[  305.728132][ T9359] batman_adv: batadv0: Interface activated: batadv_slave_0
[  305.761896][ T9359] batman_adv: batadv0: Interface activated: batadv_slave_1
[  305.821883][   T12] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  305.841095][   T12] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  305.877249][   T12] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  305.919581][   T12] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  306.247368][ T1004] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  306.312171][ T1004] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  306.441928][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  306.473641][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  306.847617][ T9680] loop6: detected capacity change from 0 to 32768
[  306.863675][ T9692] loop5: detected capacity change from 0 to 32768
[  306.880787][ T9692] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  306.889057][ T9692] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  306.978012][   T31] audit: type=1800 audit(1769841814.367:46): pid=9680 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1214" name="file1" dev="loop6" ino=7 res=0 errno=0
[  306.997152][ T9692] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 1ms
[  307.023607][ T5806] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  307.092196][ T5806] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  307.460192][ T5806] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 367ms
[  307.523840][ T5806] gfs2: fsid=syz:syz.0: jid=0: Done
[  307.529118][ T9692] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  308.041026][ T9687] loop3: detected capacity change from 0 to 32768
[  308.165849][ T9712] loop6: detected capacity change from 0 to 8192
[  308.166343][ T9687] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  308.329436][ T9712] FAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  308.655771][ T9687] XFS (loop3): Ending clean mount
[  308.757821][ T9687] XFS (loop3): Quotacheck needed: Please wait.
[  308.815966][ T9726] loop2: detected capacity change from 0 to 16
[  308.896570][ T9726] erofs (device loop2): mounted with root inode @ nid 36.
[  309.002274][ T9687] XFS (loop3): Quotacheck: Done.
[  309.206602][ T9728] loop7: detected capacity change from 0 to 1024
[  309.275803][ T9728] EXT4-fs (loop7): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  309.313371][ T5822] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  309.348838][ T9728] ext4 filesystem being mounted at /2/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  309.440175][   T31] audit: type=1800 audit(1769841816.827:47): pid=9728 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.1227" name="file1" dev="loop7" ino=15 res=0 errno=0
[  309.473208][ T9728] EXT4-fs error (device loop7): ext4_validate_block_bitmap:440: comm syz.7.1227: bg 0: block 112: padding at end of block bitmap is not set
[  309.566956][ T9727] EXT4-fs error (device loop7): ext4_map_blocks:825: inode #15: comm syz.7.1227: lblock 0 mapped to illegal pblock 0 (length 1)
[  309.597710][ T9727] EXT4-fs error (device loop7): ext4_map_blocks:783: inode #15: comm syz.7.1227: lblock 0 mapped to illegal pblock 0 (length 1)
[  309.672861][ T9727] EXT4-fs error (device loop7): ext4_map_blocks:783: inode #15: comm syz.7.1227: lblock 0 mapped to illegal pblock 0 (length 1)
[  309.757595][ T9727] EXT4-fs error (device loop7): ext4_map_blocks:783: inode #15: comm syz.7.1227: lblock 0 mapped to illegal pblock 0 (length 1)
[  309.792600][ T5959] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  309.800502][ T9727] EXT4-fs error (device loop7): ext4_map_blocks:783: inode #15: comm syz.7.1227: lblock 0 mapped to illegal pblock 0 (length 1)
[  309.828458][ T9727] EXT4-fs error (device loop7): ext4_map_blocks:783: inode #15: comm syz.7.1227: lblock 0 mapped to illegal pblock 0 (length 1)
[  309.887287][ T9727] EXT4-fs error (device loop7): ext4_map_blocks:783: inode #15: comm syz.7.1227: lblock 0 mapped to illegal pblock 0 (length 1)
[  309.936535][ T9727] EXT4-fs error (device loop7): ext4_map_blocks:783: inode #15: comm syz.7.1227: lblock 0 mapped to illegal pblock 0 (length 1)
[  310.009420][ T5959] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  310.024798][ T5959] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  310.035702][ T9728] EXT4-fs error (device loop7): ext4_map_blocks:783: inode #15: comm syz.7.1227: lblock 0 mapped to illegal pblock 0 (length 1)
[  310.078476][ T5959] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  310.111882][ T5959] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  310.147205][ T5959] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  310.304171][ T5959] usb 7-1: config 0 descriptor??
[  310.435211][ T9359] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  310.519132][   T50] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  310.764518][ T5959] plantronics 0003:047F:FFFF.0017: reserved main item tag 0xd
[  310.767750][ T9747] loop7: detected capacity change from 0 to 2048
[  310.848229][ T5959] plantronics 0003:047F:FFFF.0017: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0
[  310.865435][ T6039]  loop7: p1 < > p4
[  310.893851][ T6039] loop7: partition table partially beyond EOD, truncated
[  310.934220][ T6039] loop7: p4 start 268435456 is beyond EOD, truncated
[  310.996931][ T9747]  loop7: p1 < > p4
[  311.000836][ T9747] loop7: partition table partially beyond EOD, truncated
[  311.012553][   T50] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  311.084710][ T9747] loop7: p4 start 268435456 is beyond EOD, truncated
[  311.131062][ T5997] usb 7-1: USB disconnect, device number 6
[  311.152863][ T5839] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  311.164532][ T5839] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  311.180687][ T5839] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  311.196049][ T5839] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  311.207848][ T5839] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  311.304659][   T50] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  311.367204][ T9749] fido_id[9749]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory
[  311.577549][   T50] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  311.721815][ T9766] vlan2: entered allmulticast mode
[  311.768674][ T9766] bond0: entered allmulticast mode
[  311.772531][ T9768] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1241'.
[  311.851303][ T9766] bond_slave_0: entered allmulticast mode
[  311.894268][ T9766] bond_slave_1: entered allmulticast mode
[  312.265379][ T9768] bond0 (unregistering): left promiscuous mode
[  312.295341][ T9768] bond_slave_0: left promiscuous mode
[  312.315275][ T9768] bond_slave_1: left promiscuous mode
[  312.334722][ T9768] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  312.357702][ T9768] bond_slave_0: left allmulticast mode
[  312.373256][ T9768] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  312.398605][ T9768] bond_slave_1: left allmulticast mode
[  312.406853][ T9768] bond0 (unregistering): Released all slaves
[  312.955001][   T50] bridge_slave_1: left allmulticast mode
[  312.961159][   T50] bridge_slave_1: left promiscuous mode
[  312.977778][   T50] bridge0: port 2(bridge_slave_1) entered disabled state
[  313.002223][ T5806] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  313.024012][   T50] bridge_slave_0: left allmulticast mode
[  313.034900][   T50] bridge_slave_0: left promiscuous mode
[  313.040926][   T50] bridge0: port 1(bridge_slave_0) entered disabled state
[  313.241423][ T5806] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  313.292614][ T5824] Bluetooth: hci4: command tx timeout
[  313.295835][ T5806] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  313.354067][ T5806] usb 7-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00
[  313.429833][ T5806] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  313.493249][ T5806] usb 7-1: config 0 descriptor??
[  313.949363][ T9795] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  314.007088][ T9795] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  314.077525][ T5806] sony 0003:054C:024B.0018: unexpected long global item
[  314.113286][ T5806] sony 0003:054C:024B.0018: parse failed
[  314.119090][ T5806] sony 0003:054C:024B.0018: probe with driver sony failed with error -22
[  314.328338][  T793] usb 7-1: USB disconnect, device number 7
[  314.529030][ T9809] loop7: detected capacity change from 0 to 32768
[  314.628834][ T9809] XFS (loop7): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  314.743876][ T9809] XFS (loop7): Ending clean mount
[  314.846017][ T9816] loop3: detected capacity change from 0 to 32768
[  314.849163][ T9846] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1265'.
[  314.917457][ T9816] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1259 (9816)
[  314.954555][   T50] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  315.047149][   T50] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  315.068099][ T9816] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  315.069775][ T9359] XFS (loop7): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  315.098240][ T9816] BTRFS info (device loop3): using blake2b (blake2b-256-lib) checksum algorithm
[  315.110569][   T50] bond0 (unregistering): Released all slaves
[  315.189733][ T9845] vlan2: entered allmulticast mode
[  315.195101][ T9845] bond0: entered allmulticast mode
[  315.201250][ T9845] bond_slave_0: entered allmulticast mode
[  315.208545][ T9821] loop5: detected capacity change from 0 to 40427
[  315.240886][ T9845] bond_slave_1: entered allmulticast mode
[  315.275789][ T9821] F2FS-fs (loop5): invalid crc value
[  315.372277][ T5824] Bluetooth: hci4: command tx timeout
[  315.444753][ T9816] BTRFS info (device loop3): enabling ssd optimizations
[  315.472748][ T9816] BTRFS info (device loop3): turning on async discard
[  315.479571][ T9816] BTRFS info (device loop3): enabling free space tree
[  315.565936][ T9816] BTRFS info (device loop3): use lzo compression, level 1
[  315.596492][ T9816] BTRFS info (device loop3): max_inline set to 0
[  315.741400][ T9846] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  315.751139][ T9821] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  315.795672][ T9846] bond_slave_0: left allmulticast mode
[  315.797734][ T9821] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  315.864217][ T9846] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  315.919817][ T9846] bond_slave_1: left allmulticast mode
[  315.953202][ T9846] bond0 (unregistering): Released all slaves
[  316.014278][ T5806] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  316.034331][ T9756] chnl_net:caif_netlink_parms(): no params data found
[  316.099007][ T5818] syz-executor: attempt to access beyond end of device
[  316.099007][ T5818] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  316.141545][ T5818] CPU: 1 UID: 0 PID: 5818 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  316.141605][ T5818] Tainted: [L]=SOFTLOCKUP
[  316.141619][ T5818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  316.141642][ T5818] Call Trace:
[  316.141653][ T5818]  <TASK>
[  316.141668][ T5818]  dump_stack_lvl+0x100/0x190
[  316.141721][ T5818]  f2fs_handle_critical_error+0x5d7/0x970
[  316.141785][ T5818]  ? srso_alias_return_thunk+0x5/0xfbef5
[  316.141833][ T5818]  ? f2fs_build_fault_attr+0x53/0x1f0
[  316.141895][ T5818]  f2fs_write_end_io+0xc24/0xf00
[  316.141961][ T5818]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  316.142030][ T5818]  ? srso_alias_return_thunk+0x5/0xfbef5
[  316.142091][ T5818]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  316.142152][ T5818]  bio_endio+0x755/0x8b0
[  316.142213][ T5818]  submit_bio_noacct+0x1b7/0x1e80
[  316.142274][ T5818]  __submit_merged_bio+0x331/0x6f0
[  316.142342][ T5818]  __submit_merged_write_cond+0x31a/0x3f0
[  316.142423][ T5818]  f2fs_write_cache_pages+0x21c8/0x2720
[  316.142490][ T5818]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  316.142544][ T5818]  ? srso_alias_return_thunk+0x5/0xfbef5
[  316.142589][ T5818]  ? __lock_acquire+0xd73/0x2630
[  316.142676][ T5818]  ? srso_alias_return_thunk+0x5/0xfbef5
[  316.142743][ T5818]  ? debug_check_no_obj_freed+0x31f/0x630
[  316.142832][ T5818]  ? srso_alias_return_thunk+0x5/0xfbef5
[  316.142878][ T5818]  ? _raw_spin_unlock+0x28/0x50
[  316.142917][ T5818]  ? srso_alias_return_thunk+0x5/0xfbef5
[  316.142963][ T5818]  ? free_unref_folios+0xd20/0x1760
[  316.143025][ T5818]  ? srso_alias_return_thunk+0x5/0xfbef5
[  316.143079][ T5818]  f2fs_write_data_pages+0x5a7/0x1060
[  316.143132][ T5818]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  316.143182][ T5818]  ? do_writepages+0x4b5/0x600
[  316.143231][ T5818]  ? do_writepages+0x4b5/0x600
[  316.143278][ T5818]  ? srso_alias_return_thunk+0x5/0xfbef5
[  316.143328][ T5818]  ? srso_alias_return_thunk+0x5/0xfbef5
[  316.143374][ T5818]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  316.143425][ T5818]  do_writepages+0x278/0x600
[  316.143480][ T5818]  ? __pfx_do_writepages+0x10/0x10
[  316.143528][ T5818]  ? do_raw_spin_unlock+0x145/0x1e0
[  316.143571][ T5818]  ? srso_alias_return_thunk+0x5/0xfbef5
[  316.143616][ T5818]  ? _raw_spin_unlock+0x28/0x50
[  316.143661][ T5818]  filemap_writeback+0x22d/0x2e0
[  316.143716][ T5818]  ? __pfx_filemap_writeback+0x10/0x10
[  316.143821][ T5818]  ? srso_alias_return_thunk+0x5/0xfbef5
[  316.143866][ T5818]  ? find_held_lock+0x2b/0x80
[  316.143913][ T5818]  ? f2fs_sync_dirty_inodes+0x3a7/0x940
[  316.143959][ T5818]  ? f2fs_sync_dirty_inodes+0x3a7/0x940
[  316.144003][ T5818]  ? srso_alias_return_thunk+0x5/0xfbef5
[  316.144061][ T5818]  f2fs_sync_dirty_inodes+0x46a/0x940
[  316.144125][ T5818]  block_operations+0x2a6/0xfc0
[  316.144180][ T5818]  ? __pfx_block_operations+0x10/0x10
[  316.144278][ T5818]  ? srso_alias_return_thunk+0x5/0xfbef5
[  316.144328][ T5818]  ? ktime_get+0x200/0x300
[  316.144381][ T5818]  ? srso_alias_return_thunk+0x5/0xfbef5
[  316.144431][ T5818]  ? lockdep_hardirqs_on+0x78/0x100
[  316.144479][ T5818]  ? srso_alias_return_thunk+0x5/0xfbef5
[  316.144524][ T5818]  ? rcu_is_watching+0x12/0xc0
[  316.144578][ T5818]  f2fs_write_checkpoint+0x47d/0x5240
[  316.144632][ T5818]  ? kfree+0x1c7/0x690
[  316.144680][ T5818]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  316.144722][ T5818]  ? srso_alias_return_thunk+0x5/0xfbef5
[  316.144772][ T5818]  ? srso_alias_return_thunk+0x5/0xfbef5
[  316.144818][ T5818]  ? rcu_is_watching+0x12/0xc0
[  316.144864][ T5818]  ? srso_alias_return_thunk+0x5/0xfbef5
[  316.144910][ T5818]  ? kthread_stop+0x280/0x5c0
[  316.144977][ T5818]  kill_f2fs_super+0x3d0/0x480
[  316.145025][ T5818]  ? __pfx_kill_f2fs_super+0x10/0x10
[  316.145089][ T5818]  ? srso_alias_return_thunk+0x5/0xfbef5
[  316.145150][ T5818]  deactivate_locked_super+0xc1/0x1b0
[  316.145207][ T5818]  deactivate_super+0xe7/0x110
[  316.145264][ T5818]  cleanup_mnt+0x21f/0x450
[  316.145328][ T5818]  task_work_run+0x150/0x240
[  316.145371][ T5818]  ? __pfx_task_work_run+0x10/0x10
[  316.145426][ T5818]  ? srso_alias_return_thunk+0x5/0xfbef5
[  316.145474][ T5818]  ? __x64_sys_umount+0x124/0x1a0
[  316.145521][ T5818]  exit_to_user_mode_loop+0x100/0x4b0
[  316.145558][ T5818]  ? rcu_is_watching+0x12/0xc0
[  316.145609][ T5818]  do_syscall_64+0x4fe/0xf80
[  316.145662][ T5818]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  316.145701][ T5818] RIP: 0033:0x7fe94af9c117
[  316.145731][ T5818] Code: a2 c7 05 7c 94 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  316.145768][ T5818] RSP: 002b:00007ffebbc3fb58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  316.145804][ T5818] RAX: 0000000000000000 RBX: 00007fe94b00471f RCX: 00007fe94af9c117
[  316.145829][ T5818] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffebbc3fc10
[  316.145853][ T5818] RBP: 00007ffebbc3fc10 R08: 00007ffebbc40c10 R09: 00000000ffffffff
[  316.145878][ T5818] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffebbc40ca0
[  316.145902][ T5818] R13: 00007fe94b00471f R14: 000000000004d244 R15: 00007ffebbc40ce0
[  316.145953][ T5818]  </TASK>
[  316.669494][ T5806] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  316.728868][ T5818] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  316.743444][ T5806] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  316.786150][ T5822] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  316.803191][ T5806] usb 7-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  316.848042][ T5806] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  316.971432][ T5806] usb 7-1: config 0 descriptor??
[  317.356751][ T9895] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  317.379312][ T9895] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  317.440380][ T5806] cp2112 0003:10C4:EA90.0019: unknown main item tag 0x0
[  317.452394][ T5824] Bluetooth: hci4: command tx timeout
[  317.502757][ T5806] cp2112 0003:10C4:EA90.0019: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.6-1/input0
[  317.644500][ T5806] cp2112 0003:10C4:EA90.0019: Part Number: 0x82 Device Version: 0xFE
[  317.997994][ T9908] netlink: 6 bytes leftover after parsing attributes in process `syz.3.1278'.
[  318.048888][ T5806] cp2112 0003:10C4:EA90.0019: error setting SMBus config
[  318.062888][ T5806] cp2112 0003:10C4:EA90.0019: probe with driver cp2112 failed with error -71
[  318.078513][ T5806] usb 7-1: USB disconnect, device number 8
[  318.118100][ T9908] net_ratelimit: 44 callbacks suppressed
[  318.118125][ T9908] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  318.419338][   T50] hsr_slave_0: left promiscuous mode
[  318.462509][   T50] hsr_slave_1: left promiscuous mode
[  318.482550][   T50] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  318.498676][   T50] batman_adv: batadv0: Removing interface: batadv_slave_0
[  318.516226][ T9915] loop5: detected capacity change from 0 to 8192
[  318.526201][   T50] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  318.549261][   T50] batman_adv: batadv0: Removing interface: batadv_slave_1
[  318.592937][ T9915] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  318.605073][ T9927] vcan0: tx drop: invalid da for name 0x0000000000000010
[  318.712976][   T50] veth1_macvtap: left promiscuous mode
[  318.752240][   T50] veth0_macvtap: left promiscuous mode
[  318.775832][   T50] veth1_vlan: left promiscuous mode
[  318.798885][   T50] veth0_vlan: left promiscuous mode
[  319.532581][ T5824] Bluetooth: hci4: command tx timeout
[  320.207654][ T9943] loop6: detected capacity change from 0 to 32768
[  320.278829][ T9943] XFS (loop6): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  320.377247][ T9943] XFS (loop6): Ending clean mount
[  320.523500][  T793] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  320.546409][ T7030] XFS (loop6): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  320.708533][  T793] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  320.718174][ T9961] loop5: detected capacity change from 0 to 32768
[  320.738374][  T793] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  320.767591][  T793] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  320.780149][  T793] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  320.817109][ T9961] XFS (loop5): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  320.817426][  T793] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  320.862590][  T793] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  320.880835][  T793] usb 2-1: Product: syz
[  320.887646][  T793] usb 2-1: Manufacturer: syz
[  320.932840][  T793] cdc_wdm 2-1:1.0: skipping garbage
[  320.946878][  T793] cdc_wdm 2-1:1.0: skipping garbage
[  320.966748][ T9961] XFS (loop5): Ending clean mount
[  320.973412][  T793] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  320.977165][ T9961] XFS (loop5): Quotacheck needed: Please wait.
[  320.999941][  T793] cdc_wdm 2-1:1.0: Unknown control protocol
[  321.042408][   T50] team0 (unregistering): Port device team_slave_1 removed
[  321.112883][ T9961] XFS (loop5): Quotacheck: Done.
[  321.197130][   T50] team0 (unregistering): Port device team_slave_0 removed
[  321.317363][ T5818] XFS (loop5): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  321.771762][ T5959] usb 2-1: USB disconnect, device number 16
[  321.860585][ T9756] bridge0: port 1(bridge_slave_0) entered blocking state
[  321.868459][ T9756] bridge0: port 1(bridge_slave_0) entered disabled state
[  321.876442][ T9756] bridge_slave_0: entered allmulticast mode
[  321.884914][ T9756] bridge_slave_0: entered promiscuous mode
[  321.899879][ T9981] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1298'.
[  321.912533][ T9756] bridge0: port 2(bridge_slave_1) entered blocking state
[  321.950711][ T9756] bridge0: port 2(bridge_slave_1) entered disabled state
[  321.970672][ T9756] bridge_slave_1: entered allmulticast mode
[  322.005067][ T9756] bridge_slave_1: entered promiscuous mode
[  322.155948][ T9756] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  322.170986][ T9756] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  322.263345][ T9756] team0: Port device team_slave_0 added
[  322.295405][ T9756] team0: Port device team_slave_1 added
[  322.302255][  T979] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  322.404740][ T9756] batman_adv: batadv0: Adding interface: batadv_slave_0
[  322.420187][ T9756] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  322.484599][  T979] usb 8-1: config index 0 descriptor too short (expected 45, got 36)
[  322.484634][ T9756] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  322.487921][ T9756] batman_adv: batadv0: Adding interface: batadv_slave_1
[  322.503825][  T979] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  322.524196][ T9756] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  322.595434][ T9756] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  322.596528][  T979] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  322.643330][  T979] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  322.669496][  T979] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  322.776671][  T979] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  322.813125][  T979] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  322.824828][ T9756] hsr_slave_0: entered promiscuous mode
[  322.861921][ T9756] hsr_slave_1: entered promiscuous mode
[  322.883452][  T979] usb 8-1: config 0 descriptor??
[  322.888414][ T9756] debugfs: 'hsr0' already exists in 'hsr'
[  322.890211][ T9988] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  322.939609][ T9756] Cannot create hsr debugfs directory
[  323.176754][T10015] loop6: detected capacity change from 0 to 64
[  323.262952][T10015] hfs: unable to locate alternate MDB
[  323.296586][T10015] hfs: continuing without an alternate MDB
[  323.401212][  T979] plantronics 0003:047F:FFFF.001A: reserved main item tag 0xd
[  323.485974][  T979] plantronics 0003:047F:FFFF.001A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.7-1/input0
[  323.862833][  T979] usb 8-1: USB disconnect, device number 2
[  323.966581][T10034] Bluetooth: hci0: invalid length 0, exp 2 for type 0
[  324.234840][ T9756] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  324.277308][ T9756] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  324.292813][  T979] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  324.301796][ T9756] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  324.312221][ T5806] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  324.357896][ T9756] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  324.462182][  T979] usb 6-1: Using ep0 maxpacket: 8
[  324.474510][ T5806] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  324.491032][  T979] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  324.499754][ T5806] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  324.535261][ T5806] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[  324.540937][  T979] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  324.582331][ T5806] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  324.615870][  T979] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  324.628026][ T5806] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  324.636017][  T979] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  324.686977][ T5806] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  324.706615][ T5806] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  324.714683][  T979] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  324.714759][  T979] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  324.714803][  T979] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  324.802105][ T5806] usb 7-1: Product: syz
[  324.806528][ T5806] usb 7-1: Manufacturer: syz
[  324.837505][ T9756] 8021q: adding VLAN 0 to HW filter on device bond0
[  324.865356][ T5806] cdc_wdm 7-1:1.0: skipping garbage
[  324.870615][ T5806] cdc_wdm 7-1:1.0: skipping garbage
[  324.886020][ T5806] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device
[  324.915334][ T5806] cdc_wdm 7-1:1.0: Unknown control protocol
[  324.932826][ T5832] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  324.947662][ T9756] 8021q: adding VLAN 0 to HW filter on device team0
[  324.968107][  T979] usb 6-1: usb_control_msg returned -32
[  325.009985][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  325.012365][  T979] usbtmc 6-1:16.0: can't read capabilities
[  325.017258][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  325.121391][   T78] bridge0: port 2(bridge_slave_1) entered blocking state
[  325.128608][   T78] bridge0: port 2(bridge_slave_1) entered forwarding state
[  325.154045][ T5832] usb 8-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  325.173544][ T5832] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  325.186062][ T5832] usb 8-1: config 0 descriptor??
[  325.218637][ T5832] gspca_main: cpia1-2.14.0 probing 0813:0001
[  325.605083][ T5832] cpia1 8-1:0.0: unexpected state after lo power cmd: 00
[  325.709280][T10087] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  325.783164][    C1] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  325.785011][ T5959] usb 7-1: USB disconnect, device number 9
[  325.790000][    C1] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  325.801805][    C1] cdc_wdm 7-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  325.881593][ T5806] usb 4-1: new full-speed USB device number 15 using dummy_hcd
[  325.943149][ T9756] 8021q: adding VLAN 0 to HW filter on device batadv0
[  325.964135][T10093] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1329'.
[  325.995386][T10093] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1329'.
[  326.013134][ T5832] gspca_cpia1: usb_control_msg 02, error -71
[  326.034423][ T5832] gspca_cpia1: usb_control_msg 05, error -71
[  326.046416][ T5832] cpia1 8-1:0.0: unexpected systemstate: 00
[  326.073392][ T5806] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  326.089554][ T5832] usb 8-1: USB disconnect, device number 3
[  326.103425][ T5806] usb 4-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  326.134824][ T5806] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  326.168584][ T5806] usb 4-1: config 0 descriptor??
[  326.184684][T10085] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22
[  326.723361][ T5806] elan 0003:04F3:0755.001B: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.3-1/input0
[  326.752377][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  326.758742][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  326.849325][T10116] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1333'.
[  326.887593][ T5832] usb 4-1: USB disconnect, device number 15
[  326.910605][T10116] netlink: 'syz.6.1333': attribute type 4 has an invalid length.
[  326.961465][T10116] netlink: 'syz.6.1333': attribute type 1 has an invalid length.
[  327.010398][T10118] fido_id[10118]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  327.141136][  T793] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  327.155331][  T979] usb 6-1: USB disconnect, device number 14
[  327.284888][ T9756] veth0_vlan: entered promiscuous mode
[  327.350988][ T9756] veth1_vlan: entered promiscuous mode
[  327.505226][ T9756] veth0_macvtap: entered promiscuous mode
[  327.541109][ T9756] veth1_macvtap: entered promiscuous mode
[  327.611773][ T9756] batman_adv: batadv0: Interface activated: batadv_slave_0
[  327.688523][ T9756] batman_adv: batadv0: Interface activated: batadv_slave_1
[  327.760397][   T13] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  327.792595][   T13] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  327.820293][   T37] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  327.840152][T10140] loop3: detected capacity change from 0 to 2048
[  327.844406][   T37] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  328.020804][  T793] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  328.172910][  T793] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  328.365520][   T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  328.404915][   T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  328.418488][T10156] loop6: detected capacity change from 0 to 2048
[  328.500673][T10156] UDF-fs: warning (device loop6): udf_load_vrs: No anchor found
[  328.548146][T10156] UDF-fs: Scanning with blocksize 512 failed
[  328.556005][   T78] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  328.611137][   T78] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  328.652502][ T5959] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  328.702358][T10156] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  329.212817][  T979] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  329.383155][   T50] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  329.423242][   T50] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  330.046609][T10200] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  330.122380][T10200] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  330.130901][T10200] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  330.386267][   T31] audit: type=1326 audit(1769841837.777:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10212 comm="syz.1.1364" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7efd5d39aeb9 code=0x0
[  330.595698][T10179] loop6: detected capacity change from 0 to 32768
[  330.689930][T10179] XFS (loop6): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  330.851855][T10179] XFS (loop6): Ending clean mount
[  330.882323][  T979] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  330.918961][T10179] XFS (loop6): Quotacheck needed: Please wait.
[  331.057682][T10179] XFS (loop6): Quotacheck: Done.
[  331.062311][  T979] usb 4-1: Using ep0 maxpacket: 8
[  331.101657][  T979] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  331.122585][  T979] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  331.158215][  T979] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  331.198956][  T979] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  331.240534][  T979] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  331.289056][  T979] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  331.328503][ T7030] XFS (loop6): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  331.568493][  T979] usb 4-1: GET_CAPABILITIES returned 0
[  331.593322][  T979] usbtmc 4-1:16.0: can't read capabilities
[  331.731431][T10253] syzkaller1: entered promiscuous mode
[  331.782268][T10253] syzkaller1: entered allmulticast mode
[  331.891535][  T979] usb 4-1: USB disconnect, device number 16
[  332.176289][ T5832] net_ratelimit: 88 callbacks suppressed
[  332.176315][ T5832] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  332.252605][  T979] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  332.332437][  T979] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  332.534662][ T5832] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  332.709171][T10276] loop7: detected capacity change from 0 to 4096
[  332.854348][T10282] NILFS (loop7): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  333.295095][  T979] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  333.372620][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  333.384807][  T979] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  333.533199][   T10] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  333.714807][   T10] usb 2-1: Using ep0 maxpacket: 8
[  333.746901][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  333.800408][   T10] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  333.865615][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  333.903424][   T10] usb 2-1: config 0 descriptor??
[  333.964614][  T979] IPVS: starting estimator thread 0...
[  334.012532][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  334.021619][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  334.093826][T10312] IPVS: using max 22 ests per chain, 52800 per kthread
[  334.185341][   T10] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  334.309752][T10316] loop3: detected capacity change from 0 to 512
[  334.356934][  T979] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  334.558953][T10316] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  334.662830][  T793] usb 2-1: USB disconnect, device number 17
[  334.714133][T10316] ext4 filesystem being mounted at /217/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  334.884837][T10316] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1303: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  335.144446][ T5822] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  335.765092][T10334] loop7: detected capacity change from 0 to 4096
[  335.872675][T10348] loop3: detected capacity change from 0 to 16
[  335.899581][T10348] erofs (device loop3): mounted with root inode @ nid 36.
[  336.454293][T10361] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1401'.
[  336.552766][T10361] hsr_slave_0: left promiscuous mode
[  336.608362][T10361] hsr_slave_1: left promiscuous mode
[  337.452317][ T5997] net_ratelimit: 10 callbacks suppressed
[  337.452344][ T5997] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  337.698159][T10382] loop7: detected capacity change from 0 to 64
[  337.773095][ T5806] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  337.875453][  T979] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  338.253589][ T5997] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  338.492328][ T5997] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  338.620889][T10403] loop6: detected capacity change from 0 to 256
[  338.664281][T10403] FAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  338.897876][ T5832] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  338.908954][ T5806] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  339.089258][T10377] loop8: detected capacity change from 0 to 32768
[  339.195909][T10377] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop8 (7:8) scanned by syz.8.1410 (10377)
[  339.215807][T10404] loop5: detected capacity change from 0 to 65536
[  339.230037][ T5997] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  339.290053][T10404] XFS (loop5): Mounting V5 Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[  339.351024][T10377] BTRFS info (device loop8): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  339.393322][T10404] XFS (loop5): Ending clean mount
[  339.402247][T10377] BTRFS info (device loop8): using sha256 (sha256-lib) checksum algorithm
[  339.410805][T10377] BTRFS warning (device loop8): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  339.446979][T10404] XFS (loop5): Metadata CRC error detected at xfs_agfl_read_verify+0x12d/0x1d0, xfs_agfl block 0x3 
[  339.457931][T10404] XFS (loop5): Unmount and run xfs_repair
[  339.463852][T10404] XFS (loop5): First 128 bytes of corrupted metadata buffer:
[  339.471258][T10404] 00000000: 58 41 46 4c 00 00 00 00 d6 f6 9d bd 8c 5d 46 be  XAFL.........]F.
[  339.480785][T10404] 00000010: b8 8e 92 c0 ae 88 ce b2 00 00 00 00 00 00 00 00  ................
[  339.490620][T10404] 00000020: 35 fc 5c 25 ff 00 ff ff 00 00 00 05 00 00 00 06  5.\%............
[  339.499726][T10404] 00000030: 00 00 00 07 00 00 00 08 ff ff ff ff ff ff ff ff  ................
[  339.508656][T10404] 00000040: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  339.517594][T10404] 00000050: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  339.526557][T10404] 00000060: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  339.537963][T10404] 00000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  339.547190][T10404] XFS (loop5): metadata I/O error in "xfs_alloc_read_agfl+0x23b/0x390" at daddr 0x3 len 1 error 74
[  339.572291][ T5997] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  339.580436][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  339.580562][T10404] XFS (loop5): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x3fc/0x910 (fs/xfs/xfs_trans_buf.c:311).  Shutting down filesystem.
[  339.605484][T10404] XFS (loop5): Please unmount the filesystem and rectify the problem(s)
[  339.842600][ T5818] XFS (loop5): Unmounting Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[  339.863609][T10377] BTRFS info (device loop8): rebuilding free space tree
[  339.942323][T10377] BTRFS info (device loop8): disabling free space tree
[  339.972259][T10377] BTRFS info (device loop8): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  340.050608][T10377] BTRFS info (device loop8): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  340.132207][ T5997] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  340.191822][T10377] BTRFS info (device loop8): checking UUID tree
[  340.297668][T10377] BTRFS warning (device loop8): failed to start uuid_rescan task
[  340.321898][ T5997] usb 2-1: Using ep0 maxpacket: 32
[  340.355790][ T5997] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 16
[  340.361917][T10377] BTRFS warning (device loop8): failed to check the UUID tree: -4
[  340.402213][ T5997] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 64
[  340.463147][ T5997] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  340.506489][ T5997] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  340.542707][ T5997] usb 2-1: Product: syz
[  340.550286][ T5997] usb 2-1: Manufacturer: syz
[  340.592571][ T5997] usb 2-1: SerialNumber: syz
[  340.672007][T10377] BTRFS error (device loop8): open_ctree failed: -4
[  340.698843][T10448] loop5: detected capacity change from 0 to 512
[  340.786713][T10448] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  340.873794][ T5997] cdc_ncm 2-1:1.0: bind() failure
[  340.898849][ T5997] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[  340.913218][ T5997] cdc_ncm 2-1:1.1: bind() failure
[  340.929309][ T5997] usb 2-1: USB disconnect, device number 18
[  340.963551][T10448] EXT4-fs (loop5): 1 truncate cleaned up
[  341.020268][T10448] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  341.190911][   T31] audit: type=1800 audit(1769841848.567:49): pid=10448 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1432" name="file1" dev="loop5" ino=15 res=0 errno=0
[  341.497932][ T5818] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  341.777309][T10473] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1442'.
[  341.812260][   T10] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  341.854678][T10473] hsr_slave_0: left promiscuous mode
[  341.992174][   T10] usb 4-1: Using ep0 maxpacket: 32
[  342.001012][   T10] usb 4-1: config 0 has an invalid interface number: 108 but max is 0
[  342.011288][   T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  342.022312][   T10] usb 4-1: config 0 has no interface number 0
[  342.029751][   T10] usb 4-1: config 0 interface 108 has no altsetting 0
[  342.037219][T10473] hsr_slave_1: left promiscuous mode
[  342.075056][   T10] usb 4-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11
[  342.086948][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=7
[  342.139414][   T10] usb 4-1: Product: syz
[  342.153951][   T10] usb 4-1: Manufacturer: syz
[  342.174817][   T10] usb 4-1: SerialNumber: syz
[  342.218443][   T10] usb 4-1: config 0 descriptor??
[  342.546310][ T5997] usb 4-1: USB disconnect, device number 17
[  342.734281][  T793] net_ratelimit: 9 callbacks suppressed
[  342.734303][  T793] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  342.779291][ T5997] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  342.903286][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  342.932364][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  342.949679][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  342.968699][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  342.992766][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  342.995999][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  342.997658][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  343.012947][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  343.027964][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  343.065071][T10492] loop8: detected capacity change from 0 to 512
[  343.069202][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  343.070815][T10492] EXT4-fs: Ignoring removed orlov option
[  343.089259][T10492] EXT4-fs (loop8): mounting ext3 file system using the ext4 subsystem
[  343.132507][T10492] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c119, mo2=0002]
[  343.147102][T10492] EXT4-fs error (device loop8): ext4_iget_extra_inode:5072: inode #15: comm syz.8.1450: corrupted in-inode xattr: e_value size too large
[  343.152813][T10492] EXT4-fs error (device loop8): ext4_orphan_get:1394: comm syz.8.1450: couldn't read orphan inode 15 (err -117)
[  343.155180][T10492] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  343.179502][T10495] ip6gre1: entered promiscuous mode
[  343.379342][ T5997] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  343.411193][ T9756] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  343.780987][ T5997] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  344.232388][ T5832] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  344.791201][  T979] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  344.821085][  T793] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  344.821646][ T5839] Bluetooth: hci5: command 0x0406 tx timeout
[  345.233317][ T5806] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  345.292508][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  345.322575][ T5832] usb 4-1: Using ep0 maxpacket: 32
[  345.330086][ T5832] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  345.343492][ T5832] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  345.357621][ T5832] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  345.368781][ T5832] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  345.393212][ T5832] usb 4-1: config 0 descriptor??
[  345.405008][ T5832] hub 4-1:0.0: USB hub found
[  345.626105][ T5832] hub 4-1:0.0: config failed, can't read hub descriptor (err -90)
[  345.862606][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  345.883874][  T979] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  345.960413][T10525] netlink: 'syz.5.1464': attribute type 6 has an invalid length.
[  346.034981][ T5832] hid (null): bogus close delimiter
[  346.076283][T10502] loop8: detected capacity change from 0 to 32768
[  346.094300][ T5832] hid-generic 0003:046D:C31C.001C: bogus close delimiter
[  346.117952][T10530] loop7: detected capacity change from 0 to 512
[  346.144503][ T5832] hid-generic 0003:046D:C31C.001C: item 0 0 2 10 parsing failed
[  346.178585][ T5832] hid-generic 0003:046D:C31C.001C: probe with driver hid-generic failed with error -22
[  346.185054][T10530] EXT4-fs: Ignoring removed oldalloc option
[  346.254496][T10502] JFS: Invalid stbl[2] = -55 for inode 2, block = 0
[  346.276135][T10530] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[  346.343023][ T5832] usb 4-1: USB disconnect, device number 18
[  346.355596][T10530] EXT4-fs (loop7): 1 truncate cleaned up
[  346.420574][T10530] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  346.629731][T10530] syz.7.1465 (pid 10530) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[  346.887939][ T9359] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  347.956816][  T793] net_ratelimit: 3 callbacks suppressed
[  347.956842][  T793] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  348.012746][  T979] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  348.078830][T10570] loop3: detected capacity change from 0 to 128
[  348.302244][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  348.652453][  T793] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  348.881421][  T793] usb 6-1: Using ep0 maxpacket: 8
[  348.923628][T10580] loop3: detected capacity change from 0 to 32768
[  348.931690][T10580] btrfs: Deprecated parameter 'usebackuproot'
[  348.937838][T10580] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  348.948227][ T5959] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  348.957064][  T793] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  348.993180][T10580] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1482 (10580)
[  349.083857][  T793] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  349.101053][ T5997] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  349.105244][T10580] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  349.110052][  T979] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  349.121188][T10580] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm
[  349.167867][  T793] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  349.251145][  T793] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  349.340313][   T12] BTRFS warning (device loop3): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0
[  349.345019][  T793] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  349.432606][  T793] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  349.441714][  T793] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  349.449465][T10580] BTRFS error (device loop3): failed to load root extent
[  349.461574][T10580] BTRFS warning (device loop3): try to load backup roots slot 1
[  349.469688][   T50] BTRFS warning (device loop3): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0
[  349.515383][T10580] BTRFS warning (device loop3): couldn't read tree root
[  349.524029][T10580] BTRFS warning (device loop3): try to load backup roots slot 2
[  349.542446][   T50] BTRFS error (device loop3): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  349.583280][T10580] BTRFS warning (device loop3): couldn't read tree root
[  349.591714][T10580] BTRFS warning (device loop3): try to load backup roots slot 3
[  349.643892][T10580] BTRFS info (device loop3): rebuilding free space tree
[  349.703246][T10580] BTRFS info (device loop3): checking UUID tree
[  349.710139][T10580] BTRFS info (device loop3): enabling ssd optimizations
[  349.718248][T10580] BTRFS info (device loop3): turning off barriers
[  349.725885][T10580] BTRFS info (device loop3): turning on sync discard
[  349.732665][T10580] BTRFS info (device loop3): enabling free space tree
[  349.739458][T10580] BTRFS info (device loop3): force clearing of disk cache
[  349.746638][T10580] BTRFS info (device loop3): enabling auto defrag
[  349.753102][T10580] BTRFS info (device loop3): trying to use backup root at mount time
[  349.761364][T10580] BTRFS info (device loop3): use zstd compression, level 3
[  349.776609][  T979] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  350.104303][ T5822] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  350.174021][  T793] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  350.193528][ T5997] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  350.204802][  T979] usb 8-1: new full-speed USB device number 4 using dummy_hcd
[  350.416902][  T979] usb 8-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  350.419450][ T5959] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  350.445777][T10621] usbtmc 6-1:16.0: simple control status returned 73
[  350.477565][  T979] usb 8-1: config 0 interface 0 has no altsetting 0
[  350.514520][  T979] usb 8-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  350.555912][  T979] usb 8-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  350.592315][  T979] usb 8-1: Product: syz
[  350.609607][  T979] usb 8-1: Manufacturer: syz
[  350.644073][  T979] usb 8-1: SerialNumber: syz
[  350.681624][  T979] usb 8-1: config 0 descriptor??
[  350.705979][ T5959] usb 6-1: USB disconnect, device number 15
[  350.754841][  T979] usb 8-1: selecting invalid altsetting 0
[  350.953027][T10596] loop8: detected capacity change from 0 to 32768
[  351.049177][T10596] JBD2: Ignoring recovery information on journal
[  351.153297][  T979] usb 8-1: USB disconnect, device number 4
[  351.339540][T10596] ocfs2: Mounting device (7,8) on (node local, slot 0) with ordered data mode.
[  351.760087][T10648] loop6: detected capacity change from 0 to 512
[  351.815193][T10648] EXT4-fs: Ignoring removed nobh option
[  351.862672][T10648] EXT4-fs: inline encryption not supported
[  351.936754][T10648] EXT4-fs (loop6): Test dummy encryption mode enabled
[  351.976427][T10648] EXT4-fs (loop6): Cannot turn on journaled quota: type 0: error -2
[  351.996067][ T9756] ocfs2: Unmounting device (7,8) on (node local)
[  352.067780][T10648] EXT4-fs error (device loop6): ext4_free_branches:1020: inode #13: comm syz.6.1495: invalid indirect mapped block 2683928664 (level 1)
[  352.122944][T10648] EXT4-fs (loop6): Remounting filesystem read-only
[  352.131157][T10648] EXT4-fs (loop6): 1 truncate cleaned up
[  352.139259][T10648] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  352.420639][ T7030] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  352.563861][T10659] loop7: detected capacity change from 0 to 4096
[  352.601688][T10659] ntfs3(loop7): Different NTFS sector size (4096) and media sector size (512).
[  352.631727][T10666] loop3: detected capacity change from 0 to 512
[  352.786158][T10666] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  352.863342][T10666] ext4 filesystem being mounted at /237/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  352.991480][   T30] kernel read not supported for file /snd/midiC2D0 (pid: 30 comm: kworker/1:1)
[  353.038940][T10677] loop5: detected capacity change from 0 to 1024
[  353.072579][T10666] EXT4-fs (loop3): shut down requested (0)
[  353.088198][T10677] EXT4-fs: Ignoring removed oldalloc option
[  353.118270][T10677] EXT4-fs: Ignoring removed nobh option
[  353.148772][T10677] ext4: Unknown parameter 'noacl'
[  353.381528][ T5997] net_ratelimit: 6 callbacks suppressed
[  353.381556][ T5997] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  353.400010][   T30] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  353.466474][ T5822] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  353.887775][T10705] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1515'.
[  354.052208][ T5997] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  354.134369][T10714] loop3: detected capacity change from 0 to 128
[  354.244857][ T5997] usb 8-1: Using ep0 maxpacket: 16
[  354.281930][ T5997] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  354.316849][T10714] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  354.404608][ T5997] usb 8-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  354.414610][   T30] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  354.436255][T10714] ext4 filesystem being mounted at /239/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  354.470063][ T5997] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  354.506366][ T5997] usb 8-1: Product: syz
[  354.510694][ T5997] usb 8-1: Manufacturer: syz
[  354.528038][ T5997] usb 8-1: SerialNumber: syz
[  354.559880][ T5997] usb 8-1: config 0 descriptor??
[  354.603743][ T5997] em28xx 8-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  354.650972][ T5997] em28xx 8-1:0.0: DVB interface 0 found: bulk
[  354.850628][ T5822] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  354.900471][ T5959] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  354.909181][ T5832] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  355.065264][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  355.232190][ T5997] em28xx 8-1:0.0: chip ID is em2765
[  355.398951][T10745] netlink: 'syz.3.1525': attribute type 7 has an invalid length.
[  355.478249][ T5909] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  355.478414][ T5909] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  355.532408][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  355.719487][ T5997] em28xx 8-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  355.751385][T10755] loop8: detected capacity change from 0 to 512
[  355.765529][ T5997] em28xx 8-1:0.0: board has no eeprom
[  355.786984][T10755] EXT4-fs (loop8): Test dummy encryption mode enabled
[  355.818087][T10755] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[  355.863689][ T5959] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  355.872785][ T5997] em28xx 8-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  355.875880][T10755] EXT4-fs error (device loop8): ext4_orphan_get:1417: comm syz.8.1531: bad orphan inode 131083
[  355.908137][ T5997] em28xx 8-1:0.0: dvb set to bulk mode.
[  355.930658][   T30] em28xx 8-1:0.0: Binding DVB extension
[  355.933963][T10755] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  355.954964][ T5997] usb 8-1: USB disconnect, device number 5
[  355.971850][ T5997] em28xx 8-1:0.0: Disconnecting em28xx
[  355.982310][   T10] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  356.020426][   T30] em28xx 8-1:0.0: Registering input extension
[  356.026969][ T5997] em28xx 8-1:0.0: Closing input extension
[  356.097512][ T5997] em28xx 8-1:0.0: Freeing device
[  356.137460][ T5889] udevd[5889]: setting mode of /dev/bus/usb/008/005 to 020664 failed: No such file or directory
[  356.173144][   T10] usb 6-1: Using ep0 maxpacket: 8
[  356.190106][ T5889] udevd[5889]: setting owner of /dev/bus/usb/008/005 to uid=0, gid=0 failed: No such file or directory
[  356.230738][   T10] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  356.262341][   T10] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  356.305996][   T10] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  356.308479][ T9756] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  356.334316][   T10] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  356.411175][   T10] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  356.458263][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  356.718024][   T10] usb 6-1: GET_CAPABILITIES returned 0
[  356.745071][   T10] usbtmc 6-1:16.0: can't read capabilities
[  356.905760][T10781] loop8: detected capacity change from 0 to 512
[  356.931193][    C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  356.940708][    C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  356.949826][    C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  356.973999][    C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  356.983148][    C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  356.992259][    C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  357.001380][    C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  357.012107][    C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  357.021245][    C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  357.030376][    C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  357.039501][    C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  357.049322][    C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  357.058450][    C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  357.067568][    C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  357.076671][    C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  357.086233][    C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -2
[  357.115322][   T30] usb 6-1: USB disconnect, device number 16
[  357.150059][T10781] EXT4-fs warning (device loop8): dx_probe:843: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  357.169574][T10781] EXT4-fs warning (device loop8): dx_probe:848: Enable large directory feature to access it
[  357.189475][T10781] EXT4-fs warning (device loop8): dx_probe:933: inode #2: comm syz.8.1542: Corrupt directory, running e2fsck is recommended
[  357.267744][T10781] EXT4-fs (loop8): Cannot turn on journaled quota: type 1: error -117
[  357.300988][T10787] binder: 10785:10787 ioctl c0306201 200000000540 returned -14
[  357.322349][T10781] EXT4-fs error (device loop8): ext4_iget_extra_inode:5072: inode #15: comm syz.8.1542: corrupted in-inode xattr: e_name out of bounds
[  357.343668][T10781] EXT4-fs error (device loop8): ext4_orphan_get:1394: comm syz.8.1542: couldn't read orphan inode 15 (err -117)
[  357.375433][T10781] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  357.509023][T10781] EXT4-fs warning (device loop8): dx_probe:843: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  357.542112][T10781] EXT4-fs warning (device loop8): dx_probe:848: Enable large directory feature to access it
[  357.578219][T10781] EXT4-fs warning (device loop8): dx_probe:933: inode #2: comm syz.8.1542: Corrupt directory, running e2fsck is recommended
[  357.619065][T10791] EXT4-fs warning (device loop8): dx_probe:843: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  357.752246][T10791] EXT4-fs warning (device loop8): dx_probe:848: Enable large directory feature to access it
[  357.767459][T10791] EXT4-fs warning (device loop8): dx_probe:933: inode #2: comm syz.8.1542: Corrupt directory, running e2fsck is recommended
[  357.808412][T10794] EXT4-fs warning (device loop8): dx_probe:843: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  357.847003][T10797] loop7: detected capacity change from 0 to 1024
[  357.853745][T10794] EXT4-fs warning (device loop8): dx_probe:848: Enable large directory feature to access it
[  357.882595][T10794] EXT4-fs warning (device loop8): dx_probe:933: inode #2: comm syz.8.1542: Corrupt directory, running e2fsck is recommended
[  357.958369][T10781] EXT4-fs warning (device loop8): dx_probe:843: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  358.114918][T10804] syz.7.1548: attempt to access beyond end of device
[  358.114918][T10804] loop7: rw=8388608, sector=5778, nr_sectors = 2 limit=1024
[  358.230591][ T9756] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  358.261884][   T12] Bluetooth: hci6: Frame reassembly failed (-84)
[  358.572827][   T30] net_ratelimit: 6 callbacks suppressed
[  358.572855][   T30] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  358.593066][ T5909] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  358.894099][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  359.415478][T10833] binder: 10832:10833 ioctl c0306201 2000000001c0 returned -14
[  359.509092][T10835] loop7: detected capacity change from 0 to 512
[  359.571287][T10835] EXT4-fs warning (device loop7): dx_probe:843: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  359.616614][   T30] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  359.631401][ T5909] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  359.702180][T10835] EXT4-fs warning (device loop7): dx_probe:848: Enable large directory feature to access it
[  359.721670][T10835] EXT4-fs warning (device loop7): dx_probe:933: inode #2: comm syz.7.1567: Corrupt directory, running e2fsck is recommended
[  359.749103][T10835] EXT4-fs (loop7): Cannot turn on journaled quota: type 1: error -117
[  359.805026][T10835] EXT4-fs error (device loop7): ext4_iget_extra_inode:5072: inode #15: comm syz.7.1567: corrupted in-inode xattr: e_name out of bounds
[  359.843324][T10835] EXT4-fs error (device loop7): ext4_orphan_get:1394: comm syz.7.1567: couldn't read orphan inode 15 (err -117)
[  359.855999][T10842] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1568'.
[  359.878106][T10842] netlink: 20 bytes leftover after parsing attributes in process `syz.8.1568'.
[  359.915541][T10835] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  359.929744][T10842] geneve2: entered promiscuous mode
[  359.935254][T10842] geneve2: entered allmulticast mode
[  360.002917][T10835] EXT4-fs warning (device loop7): dx_probe:843: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  360.059769][T10849] loop3: detected capacity change from 0 to 1024
[  360.087550][T10846] overlayfs: failed to decode file handle (len=6, type=251, flags=0, err=-22)
[  360.094363][T10835] EXT4-fs warning (device loop7): dx_probe:848: Enable large directory feature to access it
[  360.141703][T10849] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  360.167315][T10835] EXT4-fs warning (device loop7): dx_probe:933: inode #2: comm syz.7.1567: Corrupt directory, running e2fsck is recommended
[  360.333142][ T5824] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  360.337039][T10850] EXT4-fs warning (device loop7): dx_probe:843: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  360.339661][ T5839] Bluetooth: hci6: command 0x1003 tx timeout
[  360.364805][T10849] ==================================================================
[  360.372980][T10849] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x1195/0x20b0
[  360.380841][T10849] Read of size 18446744073709551588 at addr ffff888030ba3040 by task syz.3.1572/10849
[  360.390404][T10849] 
[  360.392733][T10849] CPU: 1 UID: 0 PID: 10849 Comm: syz.3.1572 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  360.392776][T10849] Tainted: [L]=SOFTLOCKUP
[  360.392786][T10849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  360.392804][T10849] Call Trace:
[  360.392815][T10849]  <TASK>
[  360.392826][T10849]  dump_stack_lvl+0x100/0x190
[  360.392865][T10849]  print_report+0x156/0x4c9
[  360.392904][T10849]  ? srso_alias_return_thunk+0x5/0xfbef5
[  360.392939][T10849]  ? srso_alias_return_thunk+0x5/0xfbef5
[  360.392973][T10849]  ? __phys_addr+0xe8/0x180
[  360.393020][T10849]  ? ext4_xattr_set_entry+0x1195/0x20b0
[  360.393066][T10849]  kasan_report+0xdf/0x1a0
[  360.393097][T10849]  ? ext4_xattr_set_entry+0x1195/0x20b0
[  360.393148][T10849]  kasan_check_range+0x10f/0x1e0
[  360.393190][T10849]  __asan_memmove+0x23/0x60
[  360.393231][T10849]  ext4_xattr_set_entry+0x1195/0x20b0
[  360.393285][T10849]  ? __pfx_ext4_xattr_set_entry+0x10/0x10
[  360.393344][T10849]  ? srso_alias_return_thunk+0x5/0xfbef5
[  360.393391][T10849]  ? __asan_memcpy+0x3c/0x60
[  360.393438][T10849]  ext4_xattr_block_set+0x991/0x3660
[  360.393484][T10849]  ? srso_alias_return_thunk+0x5/0xfbef5
[  360.393518][T10849]  ? evict+0x599/0xad0
[  360.393550][T10849]  ? srso_alias_return_thunk+0x5/0xfbef5
[  360.393588][T10849]  ? srso_alias_return_thunk+0x5/0xfbef5
[  360.393627][T10849]  ? __pfx_ext4_xattr_block_set+0x10/0x10
[  360.393679][T10849]  ? srso_alias_return_thunk+0x5/0xfbef5
[  360.393717][T10849]  ? srso_alias_return_thunk+0x5/0xfbef5
[  360.393751][T10849]  ? iput+0x3a/0x40
[  360.393782][T10849]  ? srso_alias_return_thunk+0x5/0xfbef5
[  360.393816][T10849]  ? ext4_xattr_ibody_set+0x39f/0x5d0
[  360.393846][T10849]  ext4_xattr_set_handle+0xd36/0x1490
[  360.393880][T10849]  ? __pfx_ext4_xattr_set_handle+0x10/0x10
[  360.393915][T10849]  ? __pfx___might_resched+0x10/0x10
[  360.393948][T10849]  ? __pfx___dquot_initialize+0x10/0x10
[  360.393988][T10849]  ? ext4_journal_check_start+0x224/0x340
[  360.394022][T10849]  ? srso_alias_return_thunk+0x5/0xfbef5
[  360.394057][T10849]  ? __ext4_journal_start_sb+0x1ce/0x5c0
[  360.394089][T10849]  ? ext4_xattr_set_credits+0x196/0x210
[  360.394120][T10849]  ext4_xattr_set+0x14b/0x360
[  360.394150][T10849]  ? srso_alias_return_thunk+0x5/0xfbef5
[  360.394192][T10849]  ? __pfx_ext4_xattr_set+0x10/0x10
[  360.394220][T10849]  ? try_to_unlazy+0x296/0x910
[  360.394260][T10849]  ? srso_alias_return_thunk+0x5/0xfbef5
[  360.394294][T10849]  ? srso_alias_return_thunk+0x5/0xfbef5
[  360.394328][T10849]  ? xattr_resolve_name+0x27d/0x3f0
[  360.394383][T10849]  ? __pfx_ext4_xattr_security_set+0x10/0x10
[  360.394434][T10849]  __vfs_setxattr+0x175/0x1e0
[  360.394501][T10849]  ? __pfx___vfs_setxattr+0x10/0x10
[  360.394551][T10849]  ? srso_alias_return_thunk+0x5/0xfbef5
[  360.394593][T10849]  ? security_capable+0x80/0x260
[  360.394645][T10849]  __vfs_setxattr_noperm+0x127/0x660
[  360.394688][T10849]  __vfs_setxattr_locked+0x17d/0x250
[  360.394719][T10849]  vfs_setxattr+0x140/0x330
[  360.394746][T10849]  ? srso_alias_return_thunk+0x5/0xfbef5
[  360.394783][T10849]  ? __pfx_vfs_setxattr+0x10/0x10
[  360.394810][T10849]  ? mnt_get_write_access+0x52/0x2f0
[  360.394845][T10849]  ? srso_alias_return_thunk+0x5/0xfbef5
[  360.394882][T10849]  ? mnt_get_write_access+0x52/0x2f0
[  360.394921][T10849]  do_setxattr+0x145/0x180
[  360.394946][T10849]  ? srso_alias_return_thunk+0x5/0xfbef5
[  360.394983][T10849]  filename_setxattr+0x16e/0x1d0
[  360.395013][T10849]  ? __pfx_filename_setxattr+0x10/0x10
[  360.395042][T10849]  ? getname_flags.part.0+0x1c5/0x540
[  360.395082][T10849]  path_setxattrat+0x1ff/0x3a0
[  360.395111][T10849]  ? __pfx_path_setxattrat+0x10/0x10
[  360.395161][T10849]  ? __fget_files+0x21f/0x3d0
[  360.395192][T10849]  ? srso_alias_return_thunk+0x5/0xfbef5
[  360.395227][T10849]  ? xfd_validate_state+0x129/0x190
[  360.395259][T10849]  __x64_sys_setxattr+0xc6/0x140
[  360.395288][T10849]  ? do_syscall_64+0x94/0xf80
[  360.395324][T10849]  ? srso_alias_return_thunk+0x5/0xfbef5
[  360.395358][T10849]  ? lockdep_hardirqs_on+0x78/0x100
[  360.395393][T10849]  do_syscall_64+0xc9/0xf80
[  360.395432][T10849]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  360.395461][T10849] RIP: 0033:0x7f244819aeb9
[  360.395484][T10849] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  360.395513][T10849] RSP: 002b:00007f2449009028 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
[  360.395544][T10849] RAX: ffffffffffffffda RBX: 00007f2448415fa0 RCX: 00007f244819aeb9
[  360.395573][T10849] RDX: 00002000000013c0 RSI: 0000200000000140 RDI: 0000200000000100
[  360.395599][T10849] RBP: 00007f2448208c1f R08: 0000000000000000 R09: 0000000000000000
[  360.395623][T10849] R10: 0000000000000700 R11: 0000000000000246 R12: 0000000000000000
[  360.395642][T10849] R13: 00007f2448416038 R14: 00007f2448415fa0 R15: 00007ffd123aa888
[  360.395672][T10849]  </TASK>
[  360.395682][T10849] 
[  360.488054][T10850] EXT4-fs warning (device loop7): dx_probe:848: Enable large directory feature to access it
[  360.493378][T10849] Allocated by task 10849:
[  360.493400][T10849]  kasan_save_stack+0x30/0x50
[  360.883411][T10849]  kasan_save_track+0x14/0x30
[  360.888132][T10849]  __kasan_kmalloc+0xaa/0xb0
[  360.892774][T10849]  __kmalloc_node_track_caller_noprof+0x357/0x9d0
[  360.899256][T10849]  kmemdup_noprof+0x29/0x60
[  360.903762][T10849]  ext4_xattr_block_set+0x18d9/0x3660
[  360.909164][T10849]  ext4_xattr_set_handle+0xd36/0x1490
[  360.914547][T10849]  ext4_xattr_set+0x14b/0x360
[  360.919241][T10849]  __vfs_setxattr+0x175/0x1e0
[  360.923944][T10849]  __vfs_setxattr_noperm+0x127/0x660
[  360.929230][T10849]  __vfs_setxattr_locked+0x17d/0x250
[  360.934690][T10849]  vfs_setxattr+0x140/0x330
[  360.939193][T10849]  do_setxattr+0x145/0x180
[  360.943615][T10849]  filename_setxattr+0x16e/0x1d0
[  360.948562][T10849]  path_setxattrat+0x1ff/0x3a0
[  360.953333][T10849]  __x64_sys_setxattr+0xc6/0x140
[  360.958276][T10849]  do_syscall_64+0xc9/0xf80
[  360.962797][T10849]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  360.968701][T10849] 
[  360.971013][T10849] The buggy address belongs to the object at ffff888030ba3000
[  360.971013][T10849]  which belongs to the cache kmalloc-1k of size 1024
[  360.985070][T10849] The buggy address is located 64 bytes inside of
[  360.985070][T10849]  1024-byte region [ffff888030ba3000, ffff888030ba3400)
[  360.998360][T10849] 
[  361.000678][T10849] The buggy address belongs to the physical page:
[  361.007084][T10849] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x30ba0
[  361.015850][T10849] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  361.024354][T10849] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  361.032337][T10849] page_type: f5(slab)
[  361.036323][T10849] raw: 00fff00000000040 ffff88813ff26dc0 0000000000000000 dead000000000001
[  361.044913][T10849] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[  361.053939][T10849] head: 00fff00000000040 ffff88813ff26dc0 0000000000000000 dead000000000001
[  361.062616][T10849] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[  361.071296][T10849] head: 00fff00000000003 ffffea0000c2e801 00000000ffffffff 00000000ffffffff
[  361.079978][T10849] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  361.088648][T10849] page dumped because: kasan: bad access detected
[  361.095063][T10849] page_owner tracks the page as allocated
[  361.100777][T10849] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 5832, tgid 5832 (kworker/0:4), ts 111791930810, free_ts 111790640600
[  361.121583][T10849]  post_alloc_hook+0x1e1/0x250
[  361.126381][T10849]  get_page_from_freelist+0xe3d/0x2e10
[  361.131869][T10849]  __alloc_frozen_pages_noprof+0x26c/0x2410
[  361.137793][T10849]  alloc_pages_mpol+0x1fb/0x550
[  361.142661][T10849]  new_slab+0x2c4/0x440
[  361.146834][T10849]  ___slab_alloc+0xda3/0x1ca0
[  361.151529][T10849]  __slab_alloc.isra.0+0x63/0x110
[  361.156572][T10849]  __kmalloc_noprof+0x618/0x9c0
[  361.161443][T10849]  ___neigh_create+0x150d/0x2910
[  361.166396][T10849]  ip6_finish_output2+0x11aa/0x1cd0
[  361.171622][T10849]  __ip6_finish_output+0x3cd/0x10d0
[  361.176827][T10849]  ip6_output+0x2aa/0xa60
[  361.181164][T10849]  NF_HOOK.constprop.0+0x114/0x8b0
[  361.186300][T10849]  mld_sendpack+0x8f7/0xec0
[  361.190816][T10849]  mld_ifc_work+0x75a/0xc10
[  361.195336][T10849]  process_one_work+0x9c2/0x1840
[  361.200286][T10849] page last free pid 3463 tgid 3463 stack trace:
[  361.206603][T10849]  __free_frozen_pages+0x822/0x1130
[  361.211823][T10849]  __put_partials+0x127/0x160
[  361.216519][T10849]  qlist_free_all+0x47/0xe0
[  361.221048][T10849]  kasan_quarantine_reduce+0x1a0/0x1f0
[  361.226533][T10849]  __kasan_slab_alloc+0x69/0x90
[  361.231474][T10849]  kmem_cache_alloc_node_noprof+0x303/0x880
[  361.237400][T10849]  __alloc_skb+0x156/0x410
[  361.241835][T10849]  mld_newpack.isra.0+0x18e/0xa20
[  361.246874][T10849]  add_grhead+0x299/0x340
[  361.251235][T10849]  add_grec+0x1380/0x1920
[  361.255577][T10849]  mld_send_initial_cr+0x156/0x320
[  361.260702][T10849]  ipv6_mc_dad_complete+0xa7/0x1d0
[  361.265836][T10849]  addrconf_dad_completed+0xd91/0xff0
[  361.271214][T10849]  addrconf_dad_work+0x83c/0x1360
[  361.276245][T10849]  process_one_work+0x9c2/0x1840
[  361.281193][T10849]  worker_thread+0x5da/0xe40
[  361.286226][T10849] 
[  361.288543][T10849] Memory state around the buggy address:
[  361.294165][T10849]  ffff888030ba2f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  361.302245][T10849]  ffff888030ba2f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  361.310323][T10849] >ffff888030ba3000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  361.318480][T10849]                                            ^
[  361.324638][T10849]  ffff888030ba3080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  361.332703][T10849]  ffff888030ba3100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  361.340843][T10849] ==================================================================
[  361.349267][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  361.357801][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  361.365544][T10850] EXT4-fs warning (device loop7): dx_probe:933: inode #2: comm syz.7.1567: Corrupt directory, running e2fsck is recommended
[  361.386660][T10857] loop8: detected capacity change from 0 to 512
[  361.395578][T10859] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  361.395652][   T30] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  361.413551][   T30] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  361.456926][T10849] Disabling lock debugging due to kernel taint
[  361.474914][T10855] EXT4-fs warning (device loop7): dx_probe:843: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  361.523148][T10857] EXT4-fs (loop8): 1 truncate cleaned up
[  361.537230][T10857] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  361.562197][T10855] EXT4-fs warning (device loop7): dx_probe:848: Enable large directory feature to access it
[  361.639937][T10855] EXT4-fs warning (device loop7): dx_probe:933: inode #2: comm syz.7.1567: Corrupt directory, running e2fsck is recommended
[  361.673679][T10860] EXT4-fs warning (device loop7): dx_probe:843: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  361.696626][ T9756] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  361.726801][ T5822] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  361.748163][ T9359] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  361.932847][ T5832] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  364.422511][   T10] net_ratelimit: 4 callbacks suppressed
[  364.422539][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  364.496206][ T5909] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  364.504458][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  364.572808][  T979] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  364.984564][ T5832] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  365.534468][ T5909] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  365.616283][  T979] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  365.772599][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  366.574565][  T979] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  366.653622][ T5909] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  369.695717][  T979] net_ratelimit: 8 callbacks suppressed
[  369.695739][  T979] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  369.773423][  T979] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  370.254346][ T5832] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog