last executing test programs:

9m39.461024812s ago: executing program 1 (id=159):
r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r0, 0x402, 0x80000034)
fcntl$setsig(r0, 0xa, 0x21)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x1c5100, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x0, @empty}, 0x20)
bind$l2tp6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xfffffffb, 0x1}, 0x20)
ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000300)=@urb_type_iso={0x0, {0x6, 0x1}, 0x8, 0x0, &(0x7f0000000000), 0x0, 0x10000, 0x1, 0x46, 0x8000, 0x32f9400, &(0x7f0000000040)="05fe007e62e49d074679e72be55981b8f8c899ec44d467da06c869a95f988512a639009dae261b14737bac06c650b0546da825", [{0x1000, 0x0, 0x5}, {0x2, 0x10001, 0x2}, {0x1, 0x7, 0x2}, {0x9, 0x3, 0x3}, {0x400, 0x5, 0x2}, {0x2, 0x9, 0x6b}, {0x1000, 0x7, 0xaa6}, {0x0, 0x1, 0x4}, {0xc20, 0x4, 0x80000000}, {0x1cd, 0x5, 0x2}, {0x38c7, 0x69}, {0x0, 0x5a, 0x2}, {0x80000000, 0x101, 0x10000}, {0x400, 0xfffffffe, 0x8001}, {0x2, 0x4, 0x1000}, {0x43, 0x3d1, 0x8}, {0x80000000, 0x9, 0x3}, {0xfffffff9, 0x10000000, 0x3}, {0xa, 0x200, 0xffff}, {0x23, 0x4, 0x1}, {0x6, 0x8, 0x37}, {0x9, 0x0, 0x2}, {0x8, 0x3, 0x3731}, {0x4, 0x1ff, 0x1}, {0x3, 0x48000000}, {0xc885, 0xa, 0xc}, {0x2, 0x9, 0x2}, {0x7, 0x4, 0x23e}, {0x7, 0x7c3, 0x7}, {0x3, 0x3, 0x1}, {0x6, 0x2, 0x7}, {0x9, 0x7fff, 0x6}, {0xd00, 0x6, 0xa6d}, {0x155, 0x7, 0xfffffffb}, {0xff, 0x3aa2, 0x4}, {0x5, 0x1e, 0x893b}, {0xa, 0xe713, 0x3}, {0x0, 0xffffff7f, 0x4}, {0x9, 0x8c, 0x1}, {0x3, 0x4, 0x32c}, {0x6, 0x7, 0x75}, {0xd, 0x9, 0x2}, {0x400, 0x7ff, 0x3}, {0x0, 0x2, 0x4}, {0x9, 0x8, 0x77}, {0x0, 0x4, 0x800}, {0x8, 0x742, 0x6}, {0x1, 0x8000, 0x6}, {0xb3, 0x1, 0x3}, {0x1, 0xfa9, 0x1}, {0x3, 0x1, 0x3}, {0x5, 0x2, 0x8}, {0x1, 0x4, 0xffff}, {0x101, 0x32a, 0x261b}, {0x7, 0x4, 0x6}, {0x44d, 0x5, 0x8}, {0x401, 0x413, 0xffff}, {0x2, 0x4, 0x7}, {0x3e, 0x800, 0xc490}, {0x80000001, 0x1000, 0x9}, {0x1, 0x8}, {0xfffffc00, 0x3, 0x7}, {0x0, 0xa0f9, 0xc371}, {0x800, 0xf14b, 0x4}, {0x8, 0x8, 0x9}, {0x36f, 0x7, 0x7}, {0x4, 0x4, 0x72}, {0x9, 0xf6, 0x2}, {0xf3b6, 0x4, 0x78c}, {0x3, 0x8, 0x8}]})
creat(&(0x7f0000000180)='./file1\x00', 0x80)
r5 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r6 = fcntl$dupfd(r5, 0x0, r5)
futex(&(0x7f00000001c0), 0x5, 0x0, &(0x7f0000000240), &(0x7f00000006c0)=0x1, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000004240), 0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f00000000c0))
write$cgroup_subtree(r6, &(0x7f0000000080)=ANY=[], 0x10448)

9m32.647498556s ago: executing program 1 (id=170):
r0 = syz_usb_connect$uac1(0x0, 0xac, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029a0003010000000904000000010100000a24010000000201020c24020000000000000800000524050000082407000000009e0c240700000000a3e82f07070d240701060000fd80000000e80924030000000001"], 0x0)
syz_usb_control_io(r0, &(0x7f0000000140)={0x2c, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x407}}, 0x0, 0x0, 0x0}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x10)
syz_usb_connect$hid(0x3, 0x0, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r1}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff)
keyctl$invalidate(0x15, r5)
keyctl$get_security(0x11, r5, 0x0, 0x0)
unshare(0x2c020400)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB], 0xbc}}, 0x0)
msgget$private(0x0, 0x0)
msgsnd(0x0, 0x0, 0x2000, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000000c0)={0x44, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x20, 0x82, 0x2, "c9a7"}, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)

9m28.380104285s ago: executing program 1 (id=178):
r0 = fanotify_init(0x1, 0x2)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
fanotify_mark(r0, 0x455, 0x40000008, r1, 0x0)
fanotify_mark(r0, 0x41, 0x8000038, r1, 0x0)
socket$inet(0x10, 0x3, 0xc)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
ioctl$TIOCL_PASTESEL(0xffffffffffffffff, 0x541c, &(0x7f0000000240))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r3 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
r4 = socket(0xa, 0x2, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r4, 0x0, 0x80, &(0x7f0000000080)=@broute={'broute\x00', 0x20, 0x2, 0x230, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200004c0], 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB]}, 0x78)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x15d74000)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
pread64(r5, 0x0, 0x0, 0x7ff)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r6, 0x5423, 0x0)
ioctl$TCFLSH(r6, 0x400455c8, 0x20000000008)
fsconfig$FSCONFIG_SET_PATH_EMPTY(0xffffffffffffffff, 0x4, &(0x7f0000000080)='+%\x00', &(0x7f00000000c0)='./bus\x00', 0xffffffffffffff9c)
open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)

9m25.642692128s ago: executing program 1 (id=181):
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0)
add_key$user(&(0x7f0000000200), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
getresgid(&(0x7f0000000140), &(0x7f0000000000), &(0x7f0000000240)=<r0=>0x0)
syz_mount_image$msdos(&(0x7f00000000c0), &(0x7f0000000200)='./file0\x00', 0x10814, &(0x7f0000000340)=ANY=[@ANYBLOB='umask=00000000000000000000000,flush,nodots,dots,gid=', @ANYRESHEX=r0, @ANYBLOB="00006b746769643d0092", @ANYRES16, @ANYBLOB="1500bba7d41fabba4332de3ca642acf6f8de847e3f21783608008708a887d30aaf0a14b0691d48445fe3b4d1ddde1b81337b2c3b5f88535d7f6fa931b84783704494cebe49ca9f6269b05edde0246c360d0566b4056f0f02ccab035d3d0a5cde0b31bd424949fe23c0a0a25691738006c5c6acdf101fecdb4f79abdfb95c6afaea03dd5903b5240565f31504c207a9a2aa6c8108fb973081e90412a3c6cfa3b2513693727fad9acd8108acb8b90fab033c9dac0dc3e5a61c513e7b5edc5d76320f0e54045ea2b7b8fb1f78d3d346e26ee5ed6926cea1ffe0a1"], 0x1, 0x1fa, &(0x7f0000000500)="$eJzs2zFrE2EYB/Dn2rRe7GAHJ1E4cHEK6icwSAUxIEQy6GSgurQipEsUxH4eZz+EX8alg2SLXO5om2sLjWdyEn8/ON6H/O/guSF53uHN27sfDvY/Hr3f+nISaZLFRsSTmETs5lUpKdd0Vm/HnCTq+FXraQDgj/T7w27TPbBco1F3eDsidi4kg2+NNAQAAAAAAAAAAEBti5z/34j4Wj3/f7zifgGA+pz/X1/tch2NusN7xf6twvl/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoDmT6fTWNL/Sci2vGxGRRkQ7Im5GRCsi8s+b7hcAqG8ynZ/7V83/iEgiwvwHgDXw6vWbF91eb6+fZWnEz+PxYDwo1iJ/9ry39zCb2T176mQ8Hmye5o+KPJvPt2b7hjx/fGm+HQ/uF3mePX3Zq+Q7sb/81weA/1InO3Vuvm+WV0Snc1mez+eiOrc/qMzvVtxprew1AIAFHH36fDA8PHw3+utFsthT7bKhq+/53lpWq4prFT+Sf6INRd0ivc7NDf8wAUt39qWvJmkzDQEAAAAAAAAAAAAAABes4i9HTb8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADr53cAAAD//8h6UUs=")
socket(0x10, 0x400000000080803, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0)
creat(&(0x7f0000000340)='./bus\x00', 0x1c)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r2 = open(&(0x7f0000000500)='./bus\x00', 0x0, 0x42)
ioctl$LOOP_SET_STATUS64(r2, 0x4c04, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x13, 0x0, "ef359f41a4ae6dddfbd1ce5d29c2ee5e5c9d000ff8ee09e737ff0edf110ff4eb4b78c66ee677df701905b9aafab4ffffffff00", "cba3d625780820d1cbf7db71038259ca171ce1a311ef97e4298d1e14ef01060000e9009600fdff00000000000000000000000000000000000400", "d300e6d6ae9ef30bea2a004000"})
pwritev2(r1, &(0x7f00000001c0)=[{&(0x7f0000000300)="ff", 0xfffd}], 0x1, 0xe7b, 0x0, 0x0)

9m22.821174631s ago: executing program 1 (id=187):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'ip6tnl0\x00'})
r2 = socket$netlink(0x10, 0x3, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$inet6(0xa, 0x2, 0x3a)
r6 = socket$isdn(0x22, 0x2, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r6)
recvmmsg(r5, &(0x7f0000006280)=[{{0x0, 0x0, 0x0}}], 0x400000000000094, 0x42, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000340)=ANY=[@ANYBLOB="1c0000005e00250e000000000300000008007700", @ANYBLOB="0c00ea800800020004000000ea9036a79905b882b040166e917d3d482e7d64b170422dd283ff5e658292e8704d85a30bb8a3c5a037676dd11b56eb0248e03caedaa6ee43de68bf7fdbcda598a196aad6b8c0faefe1ed5d4c0e8af532e481b3bba77532090325a99e19877935c4e53e7a6e57b2bd51da5a1e622413b551b380ced60c83a31df57e5b96c68212d4420fa295ad61e1d70afce6fe3fca"], 0x24}], 0x1}, 0x0)
mknod$loop(&(0x7f0000000280)='./file0\x00', 0x0, 0x1)
syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0)

9m20.264213665s ago: executing program 1 (id=191):
r0 = epoll_create1(0x0)
r1 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000040))
syz_usb_connect(0x0, 0x2d, &(0x7f0000000580)=ANY=[@ANYBLOB="12010000459bb2405804035000000000000109021b00"], 0x0)

9m17.501175809s ago: executing program 32 (id=191):
r0 = epoll_create1(0x0)
r1 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000040))
syz_usb_connect(0x0, 0x2d, &(0x7f0000000580)=ANY=[@ANYBLOB="12010000459bb2405804035000000000000109021b00"], 0x0)

14.961555607s ago: executing program 0 (id=1283):
socket$nl_route(0x10, 0x3, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x2000, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r1, &(0x7f0000001fc0)=""/184, 0x20002078)

14.065813694s ago: executing program 0 (id=1284):
syz_init_net_socket$rose(0xb, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$sock_int(r0, 0x1, 0x2d, 0x0, &(0x7f0000000100))
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x100008b}, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000980)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x3200004, &(0x7f0000000a80)=ANY=[@ANYBLOB="63726561746f723da8fa40b32c6465636f6d706f73652c63726561746f723dbd1c66f52c6e6c733d63703836392c6769643d", @ANYRESHEX=0x0, @ANYBLOB="2c666f7263652c00f2d2d783dca321ca066f379066a92598376c0a6fb6ebb186b9be7a1d0debd4c2ce3408ded03a80e9839d59c9e7ee798f53e0387168295df851a241c8ce5a7094002fc55c1a66f9e609ea2409393aeb7f8902fcfb60db30dde50ac8f677ad022ab20fcf35644f0090f1861caf534652a239e63533b1a1d4251af75bb0ab1e3bffcf118f464e5f296a5e488bc804019abdcd6deed70d74ab439ff1b9839c7a8666aefe533565f6c6146cfd6ee47347c7dd230d2bfddd5b171026823367db7821b2c9b936b83cd77a9374bfba82530c6b3267130c"], 0x3, 0x6b4, &(0x7f0000000180)="$eJzs3U9sHFcdB/DvbJx1Nkip+y8NCKlWI1XQiMTOqiRISA0IoRwiFMGlVytxGiubtHJclFaIbICCxIkT6oFDURUOPSGEkMoJUc5ISFw45R6pNw45AEYzO7te2xvH29het/18pPF7s2/ee7/5Zf54Z2NtgM+t86/mYDdFzp+4cKtcv3e33bl3t329X08ynaSRTPWKFK2k+Cg5l96SL5Yv1sMVD5vn5fsfFlPvftDurZVjvX+w3r6xVb9NRm7ZTQ4NVg4kme1V/7PtYTeNVy3VOJfWxnu46a0ai0HcZcKO9xMHk7a6SXetsfHI7ts/b4F963bvvrnJTHI4vbtrdYurrw6PvjJM3pbXpu7exQEAAAC7ZeR7+WFPPMiD3MqRvQkHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPhuK3ncGFvXS6NdnU/S//7859J36zQmH+5jeuVIV339i0oEAAAAAAAAAwGN5/kEe5FaO9NdXi+oz/xeqlWeqn1/Im7mZxSznZG5lIStZyXLmk8wMDdS8tbCysjy/ueevU/ZcXV29Xfc8PbLn6fVxdTcGOup/GmzaCAAAAAAAAAA+t36S82uf/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwH5QJAd6RbU806/PpDGV5FCSZjE72Lw50WB3wF8mHQAAAADsvlZdHin+16usFtV7/qPV+/5DeTM3spKlrKSTxVyungX03vU3/tFtd+7dbV8vl80Df+vjseKoRkzv2cPomeeqLZ4d9Dif7+YHOZHZXMxylvLDLGQli5nNd6raQorM1E8vZu7dbaUf6+Z4z61bu7gxtueH6mV8x6pIWrmSpSq2k7nU7IfeqLc7NjTbn5rJhhnvlNkpXqltM0eX67Lco1/V5Y478Ek6zVR7fnCQkbk692U2nhzO++bcj3mcbJxpPo3BM6hn1mYpVzfOdOfj5vg5P1yXZa5/vls57xnzUdr6THR/Wa71j76jW+c8+eo//3rxauPGtatXbp7YxV3aGxuPifZQJp7bViY6ZSa6j5GJQ48T/85p1tnoncTjXS1fqPoeyVK+l9dzOYs5k7nM52zm8o2cTjunh/L67NZ5ra5vjfHOteNfqSvlPekXQ/emPTP9sIYyr08O5XX4SjdTtQ2/spalp7aRpaKZ0Vn618hQpr5UV8o5fjp0x5m8jZmYH8rE01tn4rf/XU1ys3Pj2vLVhTe2Od+LdVmetu+svza/vyM7NL56d8vj5anyHyu928bw0VG2Pd1v25CvZv2Jy1Q92Lq2Zqrzudf2qDO1HOnonVEj9dqeGzlLu2o7NtS27recvJ7O4LcQAPaxwy8dbrbut/7eeq/1s9bV1oVD354+O/3lZg7+berPB37f+F3jm8VLeS8/zpFJRwoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ8FN996+9pCp7O4vA8raezwgHdGNvVT0XuluT/2/dNamd7qiPpDki26NycRcyvJvkhdpvZgrumMaLoweKWVNAbxJLm2T77gDtgNp1auv3Hq5ltvf23p+sJri68t3jh99swrZ9pfn7996spSZ3Gu93PSUQK7Ye3XgElHAgAAAAAAAAAAAGzXWH9F0Mwn+tuDEdMW3QnsKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDpdP7VHOymyPzcybly/d7ddqdc+vW1LaeSNJIUP0qKj5Jz6S2ZGRqueNg8L9//8DcvvvtBe22sqf72jQ39/vjv1dUx96JbL5lNcqAuH216W+NdqsrmoGF8xWAPy4Qd7ycOJu3/AQAA//9Hgwei")
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, 0x1e, 0x305, 0x0, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @typed={0x8, 0x9, 0x0, 0x0, @uid}]}, 0x24}, 0x1, 0x0, 0x0, 0x4a841}, 0x0)

13.748183364s ago: executing program 3 (id=1287):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000400)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3007010000000000000000017c0000040000000c00018006000600800a0400090002808d437a57710000000000000000"], 0x30}}, 0xc000)
r3 = socket$igmp(0x2, 0x3, 0x2)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8b15, &(0x7f0000000000)={'wlan1\x00'})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000680), r4)
r6 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$UI_DEV_CREATE(r6, 0x5501)
preadv(0xffffffffffffffff, &(0x7f0000003780)=[{&(0x7f0000001300)=""/170, 0xaa}], 0x1, 0xffff, 0x0)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000300)={0x3c, r5, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @remote}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x4000)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)

12.015717219s ago: executing program 3 (id=1289):
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = socket(0x10, 0x2, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000180)={0xffffff}, 0x10)
write(r4, &(0x7f0000000000)="240000001a005f0214f9f407000904001f00000000000020000000000800040001000000", 0x24)

10.314927825s ago: executing program 3 (id=1290):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x22, {[@global=@item_012={0x2, 0x1, 0x9, "2313"}, @global=@item_012={0x2, 0x1, 0x0, "e53f"}, @main=@item_4={0x3, 0x0, 0x9, "b2938f8d"}, @local=@item_012={0x2, 0x2, 0x2, "9000"}, @global=@item_4={0x3, 0x1, 0x0, "0900be00"}, @main=@item_4={0x3, 0x0, 0x8}, @global=@item_4={0x3, 0x1, 0x5, "a90da1f6"}, @local=@item_4={0x3, 0x2, 0x0, "00000400"}]}}, 0x0}, 0x0)
syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f00000001c0)='./file1\x00', 0x1000, 0x0, 0x4, 0x0, &(0x7f0000000080))
r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
sendmmsg$inet(r1, 0x0, 0x0, 0x0)
mount$overlay(0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './file0'}}], [], 0x2c})
r2 = syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0)
ioctl$EVIOCGKEYCODE_V2(r2, 0x80284504, &(0x7f0000000100)=""/95)
bind$alg(0xffffffffffffffff, 0x0, 0x0)

10.296907935s ago: executing program 4 (id=1291):
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000ec0)={0x1c, 0x0, 0xb7a006d1969b963b, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x14)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000008000000180001801400020073797a5f74756e00000000000000000018000280080002002000000004000100080004"], 0x44}}, 0x0)

9.694031553s ago: executing program 0 (id=1292):
r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r0, 0x402, 0x80000034)
fcntl$setsig(r0, 0xa, 0x21)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x1c5100, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x0, @empty}, 0x20)
ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000300)=@urb_type_iso={0x0, {0x6, 0x1}, 0x8, 0x0, &(0x7f0000000000), 0x0, 0x10000, 0x1, 0x46, 0x8000, 0x32f9400, &(0x7f0000000040)="05fe007e62e49d074679e72be55981b8f8c899ec44d467da06c869a95f988512a639009dae261b14737bac06c650b0546da825", [{0x1000, 0x0, 0x5}, {0x2, 0x10001, 0x2}, {0x1, 0x7, 0x2}, {0x9, 0x3, 0x3}, {0x400, 0x5, 0x2}, {0x2, 0x9, 0x6b}, {0x1000, 0x7, 0xaa6}, {0x0, 0x1, 0x4}, {0xc20, 0x4, 0x80000000}, {0x1cd, 0x5, 0x2}, {0x38c7, 0x69}, {0x0, 0x5a, 0x2}, {0x80000000, 0x101, 0x10000}, {0x400, 0xfffffffe, 0x8001}, {0x2, 0x4, 0x1000}, {0x43, 0x3d1, 0x8}, {0x80000000, 0x9, 0x3}, {0xfffffff9, 0x10000000, 0x3}, {0xa, 0x200, 0xffff}, {0x23, 0x4, 0x1}, {0x6, 0x8, 0x37}, {0x9, 0x0, 0x2}, {0x8, 0x3, 0x3731}, {0x4, 0x1ff, 0x1}, {0x3, 0x48000000}, {0xc885, 0xa, 0xc}, {0x2, 0x9, 0x2}, {0x7, 0x4, 0x23e}, {0x7, 0x7c3, 0x7}, {0x3, 0x3, 0x1}, {0x6, 0x2, 0x7}, {0x9, 0x7fff, 0x6}, {0xd00, 0x6, 0xa6d}, {0x155, 0x7, 0xfffffffb}, {0xff, 0x3aa2, 0x4}, {0x5, 0x1e, 0x893b}, {0xa, 0xe713, 0x3}, {0x0, 0xffffff7f, 0x4}, {0x9, 0x8c, 0x1}, {0x3, 0x4, 0x32c}, {0x6, 0x7, 0x75}, {0xd, 0x9, 0x2}, {0x400, 0x7ff, 0x3}, {0x0, 0x2, 0x4}, {0x9, 0x8, 0x77}, {0x0, 0x4, 0x800}, {0x8, 0x742, 0x6}, {0x1, 0x8000, 0x6}, {0xb3, 0x1, 0x3}, {0x1, 0xfa9, 0x1}, {0x3, 0x1, 0x3}, {0x5, 0x2, 0x8}, {0x1, 0x4, 0xffff}, {0x101, 0x32a, 0x261b}, {0x7, 0x4, 0x6}, {0x44d, 0x5, 0x8}, {0x401, 0x413, 0xffff}, {0x2, 0x4, 0x7}, {0x3e, 0x800, 0xc490}, {0x80000001, 0x1000, 0x9}, {0x1, 0x8}, {0xfffffc00, 0x3, 0x7}, {0x0, 0xa0f9, 0xc371}, {0x800, 0xf14b, 0x4}, {0x8, 0x8, 0x9}, {0x36f, 0x7, 0x7}, {0x4, 0x4, 0x72}, {0x9, 0xf6, 0x2}, {0xf3b6, 0x4, 0x78c}, {0x3, 0x8, 0x8}]})
creat(&(0x7f0000000180)='./file1\x00', 0x80)
r5 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r6 = fcntl$dupfd(r5, 0x0, r5)
futex(&(0x7f00000001c0), 0x5, 0x0, &(0x7f0000000240), &(0x7f00000006c0)=0x1, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000004240), 0x0, 0x0)
r7 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f00000000c0)={'trans=fd,', {'rfdno', 0x3d, r7}, 0x2c, {'wfdno', 0x3d, r7}})
write$cgroup_subtree(r6, &(0x7f0000000080)=ANY=[], 0x10448)

9.509545173s ago: executing program 4 (id=1295):
socket$nl_route(0x10, 0x3, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x2000, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r1, &(0x7f0000001fc0)=""/184, 0x20002078)

8.874063681s ago: executing program 4 (id=1297):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_G_FMT(r3, 0xc0d05604, &(0x7f0000000380)={0x2, @vbi={0x97, 0x3, 0x101, 0x56544943, [0x6, 0x3], [0x2, 0x10000], 0x1}})
ioctl$VIDIOC_EXPBUF(r3, 0xc0405610, &(0x7f0000000040)={0x7, 0x7, 0xff, 0x80000})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_xfrm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000740)=ANY=[@ANYBLOB="540100001a001307000000000000001cac141400"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ffffffff0000000000000000000000000000000032000000ac141417000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c001c"], 0x154}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYRES64=r3], 0x38}}, 0x0)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYRESDEC=r5], 0x7)

7.332231858s ago: executing program 2 (id=1298):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x2)
ioctl$SNDRV_TIMER_IOCTL_GINFO(r0, 0xc0f85403, &(0x7f0000000180)={{0x2, 0x1, 0x8f14, 0x1, 0x3}, 0x3186, 0x2, 'id1\x00', 'timer1\x00', 0x0, 0xffff, 0xf5, 0x5, 0x7fff})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@ipv4_newrule={0x1c, 0x20, 0x301, 0x0, 0x0, {0x2, 0x0, 0x14, 0xc}}, 0x1c}, 0x1, 0x0, 0x0, 0x240480d4}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
r3 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
sendmsg$802154_raw(r3, 0x0, 0x400c001)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r6, 0x1, 0x25, 0x0, 0x0)
bind$inet(r6, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
recvmmsg(r6, 0x0, 0x0, 0x45833af92e4b39ff, 0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="2800000021000100"], 0x28}}, 0x0)

7.288984317s ago: executing program 4 (id=1299):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$kvm(0x0, 0x0, 0x4001c0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, 0x0)
openat$cgroup_type(0xffffffffffffffff, 0x0, 0x2, 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000540)=ANY=[@ANYBLOB="12010000000000404e040b1200000000000109022400010000000009040000020300000009210000000122050009058103"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000d0918108ac051582588f0000000109022d00010000000009"], 0x0)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000c80)={r2, 0x2000012, 0x0, 0x0, 0x0, 0x0, 0x7ffe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x0}, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
socket$alg(0x26, 0x5, 0x0)
syz_usb_control_io(r1, &(0x7f0000000580)={0x2c, &(0x7f0000000240)={0x40, 0xd, 0xfe, {0xfe, 0x5, "716f82aeb5729ad0dd5597fe25e112598a8362cf0843b44cac10ccf31d607b5bdf2704ae780ae8319ba26937f043c37b8ae1e5f88844f3d6f3aa5ced7d6cf2d2455c9af1cdfffd10a090b0f04131d0875cbe81aa3693b3e55eec3582483c704eb1cceba8dd5e7fc8a0bcbcdf30011ead4ee73acc3befbce48cff58319dca270602142112c96a51b1a82d8ab97b962743d956111c70c417978841b74e2f00503aeaf0efb083e2ba046c9039b601a760f3f999021711918464b670802a56650ba021a41dbb33415534f3c53d43df11471285bf52ca70edb08b972b5abb7e3dd0e4e17220d06d417e7a43516cfdbc6c788b2f6fdc20b5457624542fd430"}}, &(0x7f00000003c0)={0x0, 0x3, 0x67, @string={0x67, 0x3, "8efcdf2b3f9367fbdb40ffc87e8f57de94a8ed5e21f5ea60190fb506844698d9c94644fd68e6c5e4830526669c15d25a132bdc22aa9dad8260b3df3ca2cc2f8bf33d2e71df84225a617e27e06bf8b318efb18edabab063689fb8ab92a603095111b3a6333b"}}, &(0x7f0000000480)={0x0, 0xf, 0x5, {0x5, 0xf, 0x5}}, &(0x7f0000000040)={0x20, 0x29, 0xf, {0xf, 0x29, 0x6, 0x2, 0xa, 0x4, "3258017a", "29958196"}}, &(0x7f0000000500)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0xf, 0x4, 0xf9, 0x6, 0x80, 0x4, 0x1}}}, &(0x7f0000000a40)={0x84, &(0x7f00000005c0)={0x20, 0x15, 0x91, "a16d99c4471ddb771b60a62828eede6f2bf351faba1ae0c03430f1c98c98e32a54a549e2281ce9a78dda398d3ef924aab5e618adf7e9461968d97b2720f7742785bbf06c4dabe85b6dacb01caaf9ee892e3786f84d6a0ab949e18b13fe203c2c15e8bfd1d802c7d345df7f5cb862e7458e45579e33344cbdf70c8cf52b7efa4e005227ad58601393aca8f341846f3d333b"}, &(0x7f0000000680)={0x0, 0xa, 0x1, 0xfd}, 0x0, &(0x7f0000000700)={0x20, 0x0, 0x4, {0x5, 0x1}}, &(0x7f0000000740)={0x20, 0x0, 0x4, {0x200}}, &(0x7f0000000780)={0x40, 0x7, 0x2, 0x4}, &(0x7f00000007c0)={0x40, 0x9, 0x1, 0x3}, &(0x7f0000000800)={0x40, 0xb, 0x2, "9c7d"}, &(0x7f0000000840)={0x40, 0xf, 0x2, 0x7}, 0x0, &(0x7f00000008c0)={0x40, 0x17, 0x6, @random="0afe9d33213c"}, &(0x7f0000000900)={0x40, 0x19, 0x2, "89f6"}, 0x0, &(0x7f0000000980)={0x40, 0x1c, 0x1, 0x9}, 0x0, &(0x7f0000000a00)={0x40, 0x21, 0x1, 0x4}})
r4 = socket(0x2, 0x80805, 0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
r5 = shmget$private(0x0, 0x4000, 0x54001800, &(0x7f0000000000/0x4000)=nil)
shmat(r5, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, 0x0, &(0x7f0000000180))

6.020170594s ago: executing program 2 (id=1302):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000300), 0x4)
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100))
bind$packet(r0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
getsockopt$bt_hci(r1, 0x0, 0x1, 0x0, &(0x7f0000000340))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f0000000080)=0x7f)
ioctl$SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f00000000c0))
read$dsp(r2, &(0x7f00000011c0)=""/4117, 0x200021d5)
getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f00000003c0))
openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)

5.944829004s ago: executing program 0 (id=1303):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x46d, 0xc20e, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x4, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xb}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0xb, {[@main=@item_012={0x0, 0x0, 0xa}, @global=@item_4={0x3, 0x1, 0x1, "d0591e99"}, @global=@item_4={0x3, 0x1, 0x2, "bf0a5982"}]}}, 0x0}, 0x0)

5.751520824s ago: executing program 3 (id=1304):
syz_init_net_socket$rose(0xb, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$sock_int(r0, 0x1, 0x2d, 0x0, &(0x7f0000000100))
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x100008b}, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000980)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x3200004, &(0x7f0000000a80)=ANY=[@ANYBLOB="63726561746f723da8fa40b32c6465636f6d706f73652c63726561746f723dbd1c66f52c6e6c733d63703836392c6769643d", @ANYRESHEX=0x0, @ANYBLOB="2c666f7263652c00f2d2d783dca321ca066f379066a92598376c0a6fb6ebb186b9be7a1d0debd4c2ce3408ded03a80e9839d59c9e7ee798f53e0387168295df851a241c8ce5a7094002fc55c1a66f9e609ea2409393aeb7f8902fcfb60db30dde50ac8f677ad022ab20fcf35644f0090f1861caf534652a239e63533b1a1d4251af75bb0ab1e3bffcf118f464e5f296a5e488bc804019abdcd6deed70d74ab439ff1b9839c7a8666aefe533565f6c6146cfd6ee47347c7dd230d2bfddd5b171026823367db7821b2c9b936b83cd77a9374bfba82530c6b3267130c"], 0x3, 0x6b4, &(0x7f0000000180)="$eJzs3U9sHFcdB/DvbJx1Nkip+y8NCKlWI1XQiMTOqiRISA0IoRwiFMGlVytxGiubtHJclFaIbICCxIkT6oFDURUOPSGEkMoJUc5ISFw45R6pNw45AEYzO7te2xvH29het/18pPF7s2/ee7/5Zf54Z2NtgM+t86/mYDdFzp+4cKtcv3e33bl3t329X08ynaSRTPWKFK2k+Cg5l96SL5Yv1sMVD5vn5fsfFlPvftDurZVjvX+w3r6xVb9NRm7ZTQ4NVg4kme1V/7PtYTeNVy3VOJfWxnu46a0ai0HcZcKO9xMHk7a6SXetsfHI7ts/b4F963bvvrnJTHI4vbtrdYurrw6PvjJM3pbXpu7exQEAAAC7ZeR7+WFPPMiD3MqRvQkHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPhuK3ncGFvXS6NdnU/S//7859J36zQmH+5jeuVIV339i0oEAAAAAAAAAwGN5/kEe5FaO9NdXi+oz/xeqlWeqn1/Im7mZxSznZG5lIStZyXLmk8wMDdS8tbCysjy/ueevU/ZcXV29Xfc8PbLn6fVxdTcGOup/GmzaCAAAAAAAAAA+t36S82uf/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwH5QJAd6RbU806/PpDGV5FCSZjE72Lw50WB3wF8mHQAAAADsvlZdHin+16usFtV7/qPV+/5DeTM3spKlrKSTxVyungX03vU3/tFtd+7dbV8vl80Df+vjseKoRkzv2cPomeeqLZ4d9Dif7+YHOZHZXMxylvLDLGQli5nNd6raQorM1E8vZu7dbaUf6+Z4z61bu7gxtueH6mV8x6pIWrmSpSq2k7nU7IfeqLc7NjTbn5rJhhnvlNkpXqltM0eX67Lco1/V5Y478Ek6zVR7fnCQkbk692U2nhzO++bcj3mcbJxpPo3BM6hn1mYpVzfOdOfj5vg5P1yXZa5/vls57xnzUdr6THR/Wa71j76jW+c8+eo//3rxauPGtatXbp7YxV3aGxuPifZQJp7bViY6ZSa6j5GJQ48T/85p1tnoncTjXS1fqPoeyVK+l9dzOYs5k7nM52zm8o2cTjunh/L67NZ5ra5vjfHOteNfqSvlPekXQ/emPTP9sIYyr08O5XX4SjdTtQ2/spalp7aRpaKZ0Vn618hQpr5UV8o5fjp0x5m8jZmYH8rE01tn4rf/XU1ys3Pj2vLVhTe2Od+LdVmetu+svza/vyM7NL56d8vj5anyHyu928bw0VG2Pd1v25CvZv2Jy1Q92Lq2Zqrzudf2qDO1HOnonVEj9dqeGzlLu2o7NtS27recvJ7O4LcQAPaxwy8dbrbut/7eeq/1s9bV1oVD354+O/3lZg7+berPB37f+F3jm8VLeS8/zpFJRwoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ8FN996+9pCp7O4vA8raezwgHdGNvVT0XuluT/2/dNamd7qiPpDki26NycRcyvJvkhdpvZgrumMaLoweKWVNAbxJLm2T77gDtgNp1auv3Hq5ltvf23p+sJri68t3jh99swrZ9pfn7996spSZ3Gu93PSUQK7Ye3XgElHAgAAAAAAAAAAAGzXWH9F0Mwn+tuDEdMW3QnsKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDpdP7VHOymyPzcybly/d7ddqdc+vW1LaeSNJIUP0qKj5Jz6S2ZGRqueNg8L9//8DcvvvtBe22sqf72jQ39/vjv1dUx96JbL5lNcqAuH216W+NdqsrmoGF8xWAPy4Qd7ycOJu3/AQAA//9Hgwei")
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, 0x1e, 0x305, 0x0, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @typed={0x8, 0x9, 0x0, 0x0, @uid}]}, 0x24}, 0x1, 0x0, 0x0, 0x4a841}, 0x0)

4.998207162s ago: executing program 2 (id=1306):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="2400000070000100000000000000000007"], 0x24}}, 0x0)

3.771707009s ago: executing program 2 (id=1307):
socket$nl_route(0x10, 0x3, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x2000, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r1, &(0x7f0000001fc0)=""/184, 0x20002078)

3.770848289s ago: executing program 5 (id=1308):
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
preadv(r0, &(0x7f0000001340)=[{&(0x7f0000000100)=""/4096, 0x1000}], 0x1, 0x0, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="020d000014000000000000000000000005000600000000000a00000000f1ff00fc010000000000000000000000000000000000000000000005000500000000000a00000000000000ff01000000000000000000000000000100000000000000000800"], 0xa0}}, 0x0)

3.712743739s ago: executing program 3 (id=1309):
syz_mount_image$ext4(&(0x7f0000000740)='ext4\x00', &(0x7f0000000780)='./file0\x00', 0x0, &(0x7f00000000c0)={[{@data_err_ignore}, {@mblk_io_submit}, {@i_version}]}, 0x1, 0x746, &(0x7f0000000f40)="$eJzs3c9rHGUfAPDvbJOmb9vXpODBimCgBwulG5vWUkGkogcpVop689Bud7ehZLdbspvShIpWFMGTSPHsj5M3/wFRBL15FDx7kkKRUi+CsDLb2bjt7jabNJtV9/OBCc8zM5tnvjszz/Mkz8NMAGNrNv2Ri9gfER8lEdPZ+iQiJlupiYiTd/e7c/taMV2SaDZf/y1p7ZPmo+MzqT1Z5rGI+O79iEO57nLrK6uLhUqlvJTl5xrVy3P1ldXDF6uFhfJC+dL88WePzp+Yf+bE/JbF+sd7r54/9dVLX9x498dfXnvr1JNJnIy92bbOOLbKbMxm38lk+hXe48WtLmzEklEfAJuS3po77t7lsT+mY0crBQD8l70dEU0AYMwk2n8AGDPt/wO0x/aGMQ72T3brhYjY1Sv+iWzMbldrHHT3neSekZEkIma2oPzZiLj65gdfp0sMaRwSoJd3rkfEuZnZ7vov6ZqzsFFPD7DP7H159R9sn2/T/s+JXv2f3Fr/J3r0f6Z63Lubsf79n7u5BcX0lfb/nuvZ/12btDazI8v9v9Xnm0wuXKyU07rtkYg4GJNTaf7IA8o49vHzP/Tb1tn/S5e0/HZfMDuOmxNT936mVGgUHibmTreuRzw+0Sv+ZO38J336v2cGLKPx/ROf99u2fvzD1fws4qme5//vGW1Jx/zEqeianzjXuh7m2ldFt/yH0/v6lT/q+NPzv/vB8c8knfM16xsv46dP/ny537bNXv87kzda6Z3ZuquFRmPpSMTO5JXu9R1TSNv59v5p/AcPPLj+63X9p38Tnhsw/sVPvzy/+fiHK42/tKHzv/HEgZ+/6R1PM5ttvO75P9ZKHczWDFL/DXqAD/PdAQAAAAAAAAAAAAAAAAAAAAAAAMCgchGxN5Jcfi2dy+Xzd9/h/WjszlVq9cahC7XlS6VovSt7JiZz7SddTnc8D/VI9jz8dn7+vvzRiNgXETem/tfK54u1SmnUwQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZk+f9/+nfp0a9dEBAEOza9QHAABsO+0/AIwf7T8AjB/tPwCMH+0/AIwf7T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDdub06XRp/n77WjHNl66sLC/WrhwuleuL+epyMV+sLV3OL9RqC5Vyvlirrvf7KrXa5fnjsXx1rlGuN+bqK6tnq7XlS42zF6uFhfLZ8uS2RAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG1NfWV0sVCrlJQkJCYm1xKhrJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB/h78CAAD//6LRHug=")
r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r0, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000f4)
read$FUSE(r0, 0x0, 0x0)
open(0x0, 0x440, 0x24)
open(0x0, 0x60142, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0)
open(0x0, 0x101000, 0x0)
r1 = open(&(0x7f0000000100)='./bus\x00', 0x141042, 0x0)
fallocate(r1, 0x20, 0x0, 0x10000)

3.630906989s ago: executing program 2 (id=1310):
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x18, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$packet(0x11, 0x2, 0x300)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r1 = gettid()
timer_create(0x0, 0x0, &(0x7f0000bbdffc)=<r2=>0x0)
timer_settime(r2, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$int_in(r0, 0x5452, &(0x7f0000000c80)=0xf4e)
readv(r0, &(0x7f0000000300)=[{&(0x7f0000000080)=""/107, 0x6b}], 0x1)
ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0)
prlimit64(r1, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)

3.472053938s ago: executing program 5 (id=1311):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, 0x0, 0x0, &(0x7f0000000540)=""/240)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000004980)=@newsa={0x144, 0x10, 0x1, 0x0, 0x0, {{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in6=@mcast2, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@remote, 0x0, 0x6c}, @in=@dev={0xac, 0x14, 0x14, 0x1c}, {0x0, 0x0, 0x0, 0xfffffff800000003, 0x0, 0x0, 0xffffffffffffffd}, {0x0, 0x4}, {}, 0x0, 0x0, 0xa, 0x1, 0x6}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @mark={0xc, 0x15, {0x35075a, 0x1}}]}, 0x144}, 0x1, 0x0, 0x0, 0x4004050}, 0x8000)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(r4)
clock_gettime(0x0, &(0x7f0000001a80))
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
r6 = fcntl$dupfd(r5, 0x0, r5)
setsockopt$IPT_SO_SET_REPLACE(r6, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0xc08, 0x3, 0x440, 0xc, 0x5002004a, 0xb, 0x310, 0xea13, 0x3d0, 0x3c8, 0x3c8, 0x3d0, 0x3c8, 0x3, 0x0, {[{{@ip={@rand_addr, @local, 0x0, 0x0, 'erspan0\x00', 'ip6tnl0\x00', {}, {}, 0x6}, 0x0, 0x2c8, 0x310, 0x0, {}, [@common=@unspec=@bpf1={{0x230}, @bytecode={0x0, 0x2, 0x0, [{}, {0x16}]}}, @common=@ttl={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'pptp\x00'}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE2={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x4a0)

2.500218066s ago: executing program 5 (id=1312):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x2)
ioctl$SNDRV_TIMER_IOCTL_GINFO(r0, 0xc0f85403, &(0x7f0000000180)={{0x2, 0x1, 0x8f14, 0x1, 0x3}, 0x3186, 0x2, 'id1\x00', 'timer1\x00', 0x0, 0xffff, 0xf5, 0x5, 0x7fff})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@ipv4_newrule={0x1c, 0x20, 0x301, 0x0, 0x0, {0x2, 0x0, 0x14, 0xc}}, 0x1c}, 0x1, 0x0, 0x0, 0x240480d4}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
r3 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
sendmsg$802154_raw(r3, 0x0, 0x400c001)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r6, 0x1, 0x25, 0x0, 0x0)
bind$inet(r6, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
recvmmsg(r6, 0x0, 0x0, 0x45833af92e4b39ff, 0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="2800000021000100"], 0x28}}, 0x0)

2.349004586s ago: executing program 3 (id=1313):
r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r0, 0x402, 0x80000034)
fcntl$setsig(r0, 0xa, 0x21)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x1c5100, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x0, @empty}, 0x20)
ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000300)=@urb_type_iso={0x0, {0x6, 0x1}, 0x8, 0x0, &(0x7f0000000000), 0x0, 0x10000, 0x1, 0x46, 0x8000, 0x32f9400, &(0x7f0000000040)="05fe007e62e49d074679e72be55981b8f8c899ec44d467da06c869a95f988512a639009dae261b14737bac06c650b0546da825", [{0x1000, 0x0, 0x5}, {0x2, 0x10001, 0x2}, {0x1, 0x7, 0x2}, {0x9, 0x3, 0x3}, {0x400, 0x5, 0x2}, {0x2, 0x9, 0x6b}, {0x1000, 0x7, 0xaa6}, {0x0, 0x1, 0x4}, {0xc20, 0x4, 0x80000000}, {0x1cd, 0x5, 0x2}, {0x38c7, 0x69}, {0x0, 0x5a, 0x2}, {0x80000000, 0x101, 0x10000}, {0x400, 0xfffffffe, 0x8001}, {0x2, 0x4, 0x1000}, {0x43, 0x3d1, 0x8}, {0x80000000, 0x9, 0x3}, {0xfffffff9, 0x10000000, 0x3}, {0xa, 0x200, 0xffff}, {0x23, 0x4, 0x1}, {0x6, 0x8, 0x37}, {0x9, 0x0, 0x2}, {0x8, 0x3, 0x3731}, {0x4, 0x1ff, 0x1}, {0x3, 0x48000000}, {0xc885, 0xa, 0xc}, {0x2, 0x9, 0x2}, {0x7, 0x4, 0x23e}, {0x7, 0x7c3, 0x7}, {0x3, 0x3, 0x1}, {0x6, 0x2, 0x7}, {0x9, 0x7fff, 0x6}, {0xd00, 0x6, 0xa6d}, {0x155, 0x7, 0xfffffffb}, {0xff, 0x3aa2, 0x4}, {0x5, 0x1e, 0x893b}, {0xa, 0xe713, 0x3}, {0x0, 0xffffff7f, 0x4}, {0x9, 0x8c, 0x1}, {0x3, 0x4, 0x32c}, {0x6, 0x7, 0x75}, {0xd, 0x9, 0x2}, {0x400, 0x7ff, 0x3}, {0x0, 0x2, 0x4}, {0x9, 0x8, 0x77}, {0x0, 0x4, 0x800}, {0x8, 0x742, 0x6}, {0x1, 0x8000, 0x6}, {0xb3, 0x1, 0x3}, {0x1, 0xfa9, 0x1}, {0x3, 0x1, 0x3}, {0x5, 0x2, 0x8}, {0x1, 0x4, 0xffff}, {0x101, 0x32a, 0x261b}, {0x7, 0x4, 0x6}, {0x44d, 0x5, 0x8}, {0x401, 0x413, 0xffff}, {0x2, 0x4, 0x7}, {0x3e, 0x800, 0xc490}, {0x80000001, 0x1000, 0x9}, {0x1, 0x8}, {0xfffffc00, 0x3, 0x7}, {0x0, 0xa0f9, 0xc371}, {0x800, 0xf14b, 0x4}, {0x8, 0x8, 0x9}, {0x36f, 0x7, 0x7}, {0x4, 0x4, 0x72}, {0x9, 0xf6, 0x2}, {0xf3b6, 0x4, 0x78c}, {0x3, 0x8, 0x8}]})
creat(&(0x7f0000000180)='./file1\x00', 0x80)
r5 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r6 = fcntl$dupfd(r5, 0x0, r5)
futex(&(0x7f00000001c0), 0x5, 0x0, &(0x7f0000000240), &(0x7f00000006c0)=0x1, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000004240), 0x0, 0x0)
r7 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f00000000c0)={'trans=fd,', {'rfdno', 0x3d, r7}, 0x2c, {'wfdno', 0x3d, r7}})
write$cgroup_subtree(r6, &(0x7f0000000080)=ANY=[], 0x10448)

2.347307706s ago: executing program 4 (id=1314):
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
syz_mount_image$hfs(&(0x7f0000000100), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="696f636861727365743d63703835302c006f6465706167653d63703836312c747970653ddde6f83f2c00"], 0x1, 0x2e5, &(0x7f0000000140)="$eJzs3U1PE0Ecx/HfbFsoD8EVMCZeNCiJXoioB+OlxvTq3ZNR25IQG4iAiXoRjUfjC/DuW/BFeNH4BvTkybucHDPTadnCdkvFshS/n4RmOzuz+5/OPsx/Y60A/LfuVL99uP7D/RmpoIKkW1IkqSwVJZ3R2fLTta3VrWajnrWhgm/h/oxaLc2+OrW1RlpT1863CGL3rqjpZBmGw1p7+3veQSB3/uxPEUnj4Tz068tHHNewbEvn847hqCUH2OxoR880k2M4AIBjINz/o3CbmPZFRlEkLYbb/om6/++cnK44N5r7imxmg8T938/urHHje8qv2s33fArn1kftLPEgwZT2vB9T68jqmmCaflmljyWaWFktaqn2SvVIr1UJEtXm/Wu9dei29Yl2ISU3zdB7ayXdnWz1xs8o92qHtLLabIy7hZT45wbb4+GZT+aLuW9ivVe9M/8rWuOGyY9UvGekopKL/2rvLU75Vq6WQtpfqVSiriqn/U7OhT0EfXpZTs9IkttsPyDY7kSQFaff96y6Hyu0erfcp9VcWqu4865Hq/muVoVwJCzV1puZj1KGo91F887cMwv6qY+qJub/kYtvUYkzM+v6aHzNcGTU1vXb2rH0mkVfM953ud09XS50IgjGB+4bpAGflr3VI93UzObzF48LzWZjwy08TFl4Mr1hQknpjZRaZ/gLBWXU0fZuiXVeWnvQLdtDBGb6fRpX+m/n18F36q4fnRJ3+qRVdmdZpyT6B5+8NTkM93FfqH5W1gE5OgvWSj1WDe06hWNk07QHPRRM5BwQjpqbd5lW/udn8mFW51Mk9xJnzNOzk0x1bXG5k8F1TwVn/evkQBncVO8MLrHHaz1yRp9zXbwsXUoUGmXuMQ5xnhCmqq96wPN/AAAAAAAAAAAAAAAAAACAURP+0X/7K5tD+aZBzl0EAAAAAAAAAAAAAAAAAAAAAGDk/dXv/6b9H/H+939jfv8XGCF/AgAA///7WndM")
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x38011, r0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r5, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
setsockopt$sock_int(r5, 0x1, 0x8, 0x0, 0x0)
bind$inet(r5, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000580)=[{0x0}, {0x0}], 0x2}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='2', 0x1, 0x4fed0)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r6, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r6, &(0x7f0000000000), 0xd)

2.329783606s ago: executing program 2 (id=1315):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000001800)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000440)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

2.321136235s ago: executing program 0 (id=1316):
r0 = socket(0x10, 0x3, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
r2 = openat$yama_ptrace_scope(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
lseek(r2, 0x5, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)=ANY=[], 0x48)
r6 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_ADDFB(r6, 0xc01c64ae, &(0x7f00000002c0)={0x0, 0x400, 0x0, 0x7, 0x8, 0x8, 0xfffffffc})
r7 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$UI_SET_EVBIT(r7, 0x40045564, 0x11)
ioctl$UI_SET_LEDBIT(r7, 0x40045569, 0x3)
ioctl$UI_DEV_SETUP(r7, 0x405c5503, &(0x7f0000000100)={{}, 'syz0\x00'})
prctl$PR_SET_IO_FLUSHER(0x39, 0x1)
ioctl$UI_DEV_CREATE(r7, 0x5501)
sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000880)={0x18, 0x19, 0x1, 0x0, 0x25dfdbfb, {0x1d, 0xd601, 0x9}, [@nested={0x4, 0x6}]}, 0x18}, 0x1, 0x0, 0x0, 0x5}, 0x0)

1.432309753s ago: executing program 5 (id=1317):
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
r0 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, &(0x7f0000000880)={[], 0xf000}, 0x0)

934.626892ms ago: executing program 4 (id=1318):
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40012000, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b34, 0x0)
syz_mount_image$jfs(&(0x7f00000011c0), &(0x7f0000000040)='./bus\x00', 0x0, &(0x7f0000001000)=ANY=[@ANYRES8=0x0], 0xfa, 0x6221, &(0x7f000000d5c0)="$eJzs3c1vHGcdB/DfvvolNLV6qEqEkJuWl1KaxEkJgQJtD3Dg0gPKFSVy3SoiBZQElFYWceULB078BSAkjghxRBz4A3rgyo0TJyLZSKCeGDT288Szk93aqe2dtefzkZyZ3z6z9jP73dmXzMsTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEB8/3s/WOlExI2fpxuWIj4TvYhuxEJZL0fEwvJSXr4fEc/FTnM8GxGDuYjy/jv/PB3xakR8dDZia3t9tbz58gH78d0//v13Pzzz1t/+MLj43z/d6702abn793/1nz8/ONw6AwAAQNsURVF00tf8c+n7fbfpTgEAU5Hf/4uk0jRS19tPfP3rf771l1nqj1qtVqvVU6irivEeVIuI2Kjep/zMYHc8AJwwG/Fx012gQfJvtX5EnGm6E8BM6zTdAY7F1vb6aifl26m+HyzvtudjQUby3+g8Or9j0nQ/9WNMpvX82oxePDOhPwtT6sMsyfl36/nf2G0fpuWOO/9pmZT/cPfUp9bJ+ffq+decnvy7Y/Nvq5x//4ny78kfAAAAAABmWP7//6WG9//OHX5VDuST9v8uT6kPAAAAAAAAAHDUDjv+3yPG/wMAAICZVX5XL/3m7N5tk67FVt5+vRPxVG15oGXSyTKLTfcDAAAAAAAAAAAAANqkv3sM7/VOxCAinlpcLIqi/Kmq10/qsPc/6dq+/tBmTb/IAwDAro/O1s7l70TMR8T1dK2/weLiYlHMLywWi8XCXP48O5ybLxYq32vztLxtbniAD8T9YVH+svnK/ar2+768X3v995V/a1j0DtCxIzJIj+aE5obCBoBk991oyzvSKVMUT0/68AEjbP+n0FIsNf28YvY1/TQFAAAAjl9RFEUnXc77XNrn3226UwDAVOT3//p+gUPV3QntEUfz+9VqtVqtVn+quqoY70G1iIiN6n3KzwyG4weAE2YjPm66CzRI/q3Wj4jnmu4EMNM6TXeAY7G1vb7aSfl2qu8HaXz3fCzISP4bnZ375fuPm+6nfozJtJ5fm9GLZyb059kp9WGW5Py79fxv7LYP03LHnf+0TMp/uHPKXPvk/Hv1/GtOT/7dsfm3Vc6//0T59+QPAAAAAAAzLP///5L9v3mVAQAAAAAAAODE2dpeX83nveb9/58bs5zzP0+nnH/nSfNfSPPyP9Fy/t1a/l+uLderzD98c2/7//f2+urv7/3rs3l60Pzn8kwnPbM66RnRSX+p00/Tw6zd4zYHvWH5lwadbq+fjvkpBu/Erbgda3FpZNluejz22ldG2sueDkbaL4+09x9rvzLSPkjXHSgWcvuFWI2fxO14e6d9OPqwjzW/z+NT7NOe8+95/W+lnH+/8lPmv5jaO7Vp6eGH3ce2++p03N9549bnf3np+FdnX5vRe7RuVeX6nW+gPzuPyZlh/Ozu2p0L92/eu3dnJdJk5NbLkSZHLOc/2PmZ23v9f2G3Pb8AVbfXhx8Onzj/WbEZ/Yn5v1CZL9f3pSn3rQk5/2H6yfm/ndrHb/8nOf/J2//LDfQHAAAAAAAAAAAAAAAAPklRFDuniL4REVfT+T9NnZsJAExXfv8vkny7+uTX87FnFvqjVqtnpK5dH6jx/sxg3YvZ6s9R1lXFeK9Xi4j4a/U+5WeGX4z7ZQDALPtfRPyj6U7QGPm3WL7eXzl9senOAFN19/0PfnTz9u21O3eb7gkAAAAAAAAA8Gnl8T+XK+M/vxgRS7XlRsZ/fTOWDzv+Zz/PPBpg9IgH+p5gszvsdSvDjT8fO+NzX5g0/vf5eHz87zwmbq+6HhMM9mkf7tM+t0/7/Nhb99Iae6JHRc7/+cp452X+52rDr7dh/Nf6mPdtkPM/X3k+l/l/qbZcNf/itzOX/8ZBF9yM7kj+F++999OLd9//4JVb7918d+3dtR9fWVm5dOXq1WvXrl1859bttUu7/x5Pr2dAzj+Pfe040HbJ+efM5d8uOf8vpFr+7ZLz/2Kq5d8uOf/8eU/+7ZLzz9995N8uOf+XUi3/dsn5fyXV8m+Xre31uTL/l1Mt/3bJ2/9XUy3/dsn5v5Jq+bdLzv9CquXfLjn/i6k+QP4uD3+K5PzzHi7bf7vk/FdSLf92yflfTrX82yXnfyXV8m+XnP+rqZZ/u+T8v5Zq+bdLzv9qquXfLjn/r6da/u2S87+Wavm3S87/G6mWf7vk/L+Zavm3S87/tVTLv11y/t9KtfzbJef/7VTLv11y/t9JtfzbJef/eqrl3y571/83Y8aMmTzT9CsTAAAAAAAAAAAAAFA3jcOJm15HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4PztwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwt69xsh11vcDP7M3rx1MDITg5G9g7RhjnCW7vsQX/nUx4doApUBCoRds17t2FnyL1y5JGsmmISUSjkAVVdMXbQFFbaSqwqp4AVVK86Lq5VXTvqBvKqpKSI2qEAVUJFrRbDXnPM/jmdnZmV3veD17zucj2b/dmXPmPHPmOWfnt/Z3DgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADTa/O7pL9ayLKv/yf/akGWvqn+9dmxDfts7bvQIAQAAgOX63/zvl29ONxxaxEoNy/zdm/7xW3Nzc3PZJwd/b/irc3PpjrEsG16TZfl90ZV//1StcZngsWy0NtDw/UCXzQ92uX+oy/3DXe4f6XL/mi73j3a5f94OmGdt8fuY/MG25l9uKHZpdks2nN+3tc1aj9XWDAzE3+Xkavk6c8PHs5nsZDadTTYtXyxby5d/dnN9Wx/I4rYGGra1qT5DfvTosTiGWtjHW5u2dfUxox++Kxv78Y8ePfYn51+8rV3tuhuaHq8Y5/Yt9XF+IdxSjLWWrUn7JI5zoGGcm9q8JoNN46zl69W/bh3ny4sc5+DVYa6o1td8NBvIv34+309Djb/WS/tpU7jtp3dkWXbp6rBbl5m3rWwgW9d0y8DV12e0mJH1x6hPpddmQ0uap5sXMU/rdWpr8zxtPSbi6785rDe0wBgaX6Yffn5k3uu+1Hka1Z/1QsdK6xzs9bHSL3Mwzovn8yf9RNs5uDU8/0e3LTwH286dNnMwPe+GObil2xwcGBnMx5xehFq+ztU5uLNp+cF8S7W8vrCt8xycOH/q7MTsw4+8febU0RPTJ6ZP7965c3L33r379++fOD5zcnqy+Psa93b/W5cNpGNgS9h38Rh4a8uyjVN17uu9Ow5HOxyHG1qW7fVxONT65Gorc0DOn9PFsXFffaePXh7IFjjG8tdnx/KPw/S8G47DoYbjsO3PlDbH4dAijsP6Mmd3LO49y1DDn3ZjuF4/CzY0zMHW9yOtc7DX70f6ZQ6OhnnxrzsW/lmwKYz3ifGlvh8ZnDcH09MN5576Len9/uj+vLSbl7fX77hpJLswO33uroeOnj9/bmcWyop4XcNcaZ2v6xqeUzZvvg4seb4emnnTE7e3uX1D2Fejb6//Nbrga1VfZs9dnV+r/Kdb+/3ZdOuuLJQeW+n92e6neX1/pl6yw/6sL/OFieW/F099acP5d3iB82/s+18ptpce6rHB4aHi+B1Me2e46Xzc/FIN5eeuWr7tlycWdz4eDn9W+nx8S4fz8caWZXt9Ph5ufXLxfFzr9tuO5Wl9PUfDPDk52fl8XF9m466lzsmhjufjO0Kthf3/ttAppL6oYe4sNG/TtoaGhsPzGopbaJ6nu5uWHw69WX1bz+y6tnm6/Y7isQbTs7tqpebpWMuyvZ6n6Xy10Dytdfvt27VpfT1Hw7y4ZXfneVpf5rk9yz93ro1fNpw7R7rNweHBkfqYh9MkLM73c2vjHLwrO5adyU5mU/m9I/l8quXbGr97cXNwJPxZ6XPlxg5zcHvLsr2eg+nn2EJzrzY0/8n3QOvrORrmxVN3d56D9WXes6+37123h1vSMg3vXVt/v7bQ77xub9lN1/N3XvVx/s2+zr+brS9zcv9S+8zO++nOcMtNbfZT6/G70DE1la3MftoYxvni/oX3U3089WW+emCR8+lQlmUXH7wn/31v+PeVv7jwvW81/btLu3/TufjgPS+tP/63Sxk/AKvfK0VZV/ysa/iXqcX8+z8AAACwKsS+fyDURP8PAAAApRH7/vi/whP9PwAAAJRG7PuHQk0q0v9vfM+LM69czFIyfy6I96fdcG+xXMy4Tobvx+auqt9+z9PTP/nLi4vb9kCWZT+797faLr/x3jiuwlgY55X3Nt8+f8WLi9r+kfuvLteYX/9aePz4fBY7DdpFcCezLHv25ifz7Yx96nJen7v3SF4/dumJx+rLvHyg+D6u/8LriuX/MIR/Dx0/2rT+C2E//CDUyQ+23x9xvW9eftumfZ+4ur24Xm3Lq/On/dSni8eNn5PzlceK5eN+Xmj8f/WlZ75ZX/6ht7Qf/8WB9uN/Jjzu06H+9xuL5Rtfg/r3cb3Hw/jj9uJ6d33ju23Hf+WLxfJn31csdyTUuP3t4fut73txpnF/PVQ72vS8svcXy8XtT37vy/n98fHi47eOf/Tw5ab90To/nvvn4nEmWpaPt8ftRN9p2X79cRrnZ9z+M79zpGk/d9v+lY+98Mb647Zu/86W5QZb1m/9xKY/evzJttuL4zn052ebns+hj4bjOGz/qU+H+Rju/58rTzZtNzry0ebzT1z+axsuNj2f6AM/LrZ/5Z0n8vofYz/5g5tetf7Vl95c33dZ9vzHi8frtv0Tf3ymafxfv3VH/nrE+2NGv3X7C4nbP/e58dNnZi/MTDXs1fyzcz5UjGfN6Np19fHeHM6trd8fPnP+gelzY5Njk1k2Vt6P0Ltm3wj1paJcWur6O+4Pr+ftv//sum3/9KV4+7/cV9x++YPFz623huW+Em7fULx+c7Vlbv+pzbfmx3ftueL7phx7D2za+p/7F7VgeP6t7wvifD/7+gfy/VC/L/+5EY/rZY7/+1PF43w77Ne58MnMW269ur3G5eNnI1z+eHG8L3v/hdNcfF3/NLzeH/5B8fhxXPH5fj+8j/nuxubzXZwf37440Pr4+ad4XArnk+xScX9cKu7vyy/f2nZ48XNIsku35d//bnqc25b0NBcy+/DsxMmZ0xcemjg/PXt+YvbhRw6fOnPh9PnD+Wd5Hv5Mt/Wvnp/W5eenqem9e7LJtVmWnckmV+CEdX3GX/9qceM/e/+xqX2T26amjx+9cPz8/Wenz504Njt7bHpqdtvR48enP9dt/Zmpgzt3Hdi9b9f4iZmpg/sPHNh9YHzm9Jn6MIpBdbF38rPjp88dzleZPbjnwM67794zOX7qzNT0wX2Tk+MXuq2f/2war6/9m+Pnpk8ePT9zanp8duaR6YM7D+zdu6vrpwGeOnt8dmzi3IXTExdmp89NFM9l7Hx+c/1nX7f1KafZfyvez7aqFR/El33kzr3p81nrnv78gg9VLNLyAaIvhs+i+YfXnN2/mO9j3z8calKR/h8AAACqIPb9I6Em+n8AAAAojdj3rwk10f8DAABAacS+fzTUpCL9v/y//P/i8v/F/fL/1cr/n32wyJWu9vx/zM/L/1fDDc7/L3v7lc3/hz0l/1/G/P/i8/Orffzy//L/zNdv+f/Y96/Nskr2/wAAAFAFse9fF2qi/wcAAIDSiH3/TaEm+n8AAAAojdj3vyrUpCL9v/z/ovL/u7oFrsqf/3f9f/n/bHXm/+OLI/9fGUvO33/ivqZv5f8D1/+X/5f/l/+X/2fZhhe850bl/2Pfv77hUwBzFen/AQAAoArW53+PZq8ONdH/AwAAQGnEvv/mUBP9PwAAAJRG7Ps3hJpUpP+X/3f9f/l/+f9S5/+Xe/3/hsHI/68Orv/f2ZLz/2vk/xeX/x+V/1+N+f/h3o6/v/P/XYcv/8910W/X/499/2tCTSrS/wMAAEAVxL7/taEm+n8AAAAojdj3vy7URP8PAAAApRH7/ltCTSrS/8v/y//L/8v/y/+333736/8XX13v/P8jX5b/Xwr5/85c/78L1/+vVv6/x+Pv7/x/r6//P/ze1vXl/2mn3/L/se9/fahJRfp/AAAAqILY998aaqL/BwAAgNKIff8bQk30/wAAAFAase/fGGpSkf5f/l/+X/5f/l/+v/32u+f/C67/31/k/zuT/+9C/l/+X/5/cfn/Nm9+5f9pp9/y/7Hvvy3UpCL9PwAAAFRB7PtvDzXR/wMAAEBpxL7//4Wa6P8BAACgNGLfvynUpCL9v/y//L/8f7Xy/3eOyP/L/5eb/H9n8v9d9F/+f33j6vL//T3+SuX/21hK/n9NtwejNPot/x/7/jeGmlSk/wcAAIAqiH3/m0JN9P8AAABQGrHvf3Ooif4fAAAASiP2/WOhJhXp/+X/y5X//7O/furNmfy//H+X7Zc0/x+ngfx/xcn/dyb/30X/5f+byP/39/jl/13/n/n6Lf8f+/7NoSYV6f8BAACgCmLfvyXURP8PAAAApRH7/jtCTfT/AAAAUBqx798aalKR/l/+v1z5/0j+X/6/0/ZLmv9P5P+rTf6/jYaDVP6/C/n/8ub/v9M1Pi//n+f/47tf+X96o9/y/7Hvf0uoSUX6fwAAAKiC2PdvCzXR/wMAAEBpxL7/raEm+n8AAAAojdj3bw81qUj/L/8v/y//L/8v/99++/L/q5P8f2dLzf+PyP/L/5cl/+/6/67/zw3Rb/n/2Pe/LdSkIv0/AAAAVEHs+3eEmuj/AQAAoDTi/98s/t+r/h8AAADKKPb946EmFen/5f/l/6uU/6/J/1/H/P9Yul3+vz35/5Uh/9+Z6/93If8v/y//L/9PT/Vb/j/2/W8PNalI/w8AAABVEPv+u0JN9P8AAABQGrHvnwg10f8DAABAacS+fzLUpCL9v/y//H+V8v+u/+/6//L/5Sf/35n8fxfy//L/Zcv/Z5n8PzdUv+X/Y9+/M9SkIv0/AAAAVEHs+3eFmuj/AQAAoDRi37871ET/DwAAAKUR+/49oSYV6f/l/8ua/5/L5P+Xnv/PMvn/TP5f/n+Vk//vTP6/C/l/+f+y5f9d/58brN/y/7HvvzvUpCL9PwAAAFRB7Pv3hpro/wEAAKA0Yt+/L9Qk9P/t/l83AAAAsLrEvn9/qElF/v1f/r8k+f/f/vumbbv+v+v/d9p+b/L/a+X/Q5X/7y8lzf+3HhbXTP6/C/l/+X/5f/l/eqrf8v+x7z8QalKR/h8AAACqIPb97wg10f8DAABAacS+//+Hmuj/AQAAoDRi3/9zoSYV6f/l/0uS/28h/y//32n7rv8v/19mJc3/90yp8v8D8v/y//01fvl/+X/mu/75//jV4vL/se8/GGpSkf4fAAAAqiD2/T8faqL/BwAAgNKIff87Q030/wAAAFAase8/FGpSkf5f/l/+X/5f/v/65P/fmbXqx/x/ffLI/5eL/H9npcr/u/6//H+fjV/+X/6f+a5D/v+njTcu9fr/se9/V6hJRfp/AAAAqILY998TaqL/BwAAgNKIff+7Q030/wAAAFAase9/T6hJRfp/+X/5f/l/+X/X/2+/ffn/1Un+vzP5/y7k/+X/5f/l/+mp65D/b7LU/H/s+98balKR/h8AAACqIPb97ws10f8DAABAacS+//2hJvp/AAAAKI3Y938g1KQi/b/8v/y//L/8/7Xk/0fk/+X/+5T8f2erKf8/1HC7/H9B/r+/xy//L//PfP2W/499/y+EmlSk/wcAAIAqiH3/vaEm+n8AAAAojdj3fzDURP8PAAAApRH7/g+FmlSk/5f/l/+X/5f/d/3/9tuX/1+d5P87W035/3Jc/3+49fHl/6+jGz1++X/5f+brt/x/7Ps/HGpSkf4fAAAAqiD2/b8YaqL/BwAAgNKIff9HQk30/wAAAFAase//pVCTivT/8v/y//2V/5+72Lie/L/8f9ar/H99Jfn/SpD/70z+v4s2+f81rv8v/y//L//PNeu3/H/s+z8aalKR/h8AAACqIPb9Hws10f8DAABAacS+/+OhJvp/AAAAKI3Y998XalKR/l/+v5L5//SU+y//7/r/8v+u/y//vzzy/53J/3fR8+v/lyD/P5rJ/8v/y/9zzfot/x/7/vtDTSrS/wMAAEAVxL7/E6Em+n8AAAAojdj3/3Koif4fAAAASiP2/Z8MNalI/y//X8n8fx9f/79s+f+hpvlRpfz/aMPrmeal/L/8/wqQ/+9M/r8L+X/X/+/n/H+YzWsXWF/+n37Ub/n/2Pd/KtSkIv0/AAAAVEHs+38l1ET/DwAAAKUR+/5fDTXR/wMAAEBpxL7/10JNKtL/y//HzN3jeZRX/l/+P7/B9f9d/1/+f9WS/+9M/r8L+X/5/37O/3ch/08/6rf8f+z7fz3UZMHG76X/WsTTBAAAAPpI7Ps/HWpSkX//BwAAgCqIff/hUBP9PwAAAJRG7PuPhJpUpP+X/2+9/n+8oqr8v/y//L/8v/z/atS7/P8b1meZ/L/8v/y//P9K5v8H5P8pnX7L/8e+/2ioSUX6fwAAAKiC2Pf/RqiJ/h8AAABKI/b9x0JN9P8AAABQGrHvnwo1KWP/3xqqvbH5/+H+zP+7/v+15v9/Jv8v/x/I/7cn/78yXP+/M/n/LuT/5f9d/1/+n57qt/x/7PunQ03K2P8DAABAtaRfB8e+/3ioif4fAAAASiP2/SdCTfT/AAAAUBqx738g1KQi/b/r/8v/u/7/jcj/DzUtL/9fkP+X/+8F+f/O5P+7kP+X/5f/l/+np/ot/x/7/plQk4r0/wAAAFAFse//TKiJ/h8AAABKI/b9nw010f8DAABAacS+/2SoSUX6f/l/+f+q5/9rWXbJ9f/l/9ttX/5/dZL/70z+vwv5f/l/+f//Y+8+muw6qz0On+trpcm9t+6YAWNGDGFkPgIjqphRxdhEk4NtcgaTowGTc87JmGByztHkHE00VIlS91pL6u6jvdXqrXP2ft/nmSykkjinpZZcf3f9vPX/TGpu/X/u/ivjlk72PwAAAPQgd/+94hb7HwAAAJqRu//ecYv9DwAAAM3I3X+fuKWT/a//1//33v+vtvL8/70/Xv+/S/+v/5/Cgf7+8vU/7nxR+Hn7/zve6ap76P/1//r/Qfp//b/+n/3m1v/n7r9v3NLJ/gcAAIAe5O6/X9xi/wMAAEAzcvffP26x/wEAAKAZufuvils62f/6f/2//l//v6f/v1H/r/9fNs//H6b/H6H/1//r//X/TGpu/X/u/gfELZ3sfwAAAOhB7v4Hxi32PwAAADQjd/+D4hb7HwAAAJqRu//BcUsn+1//r//X/19s/3+7Y6vVJvv/457/v+/j0f/r/9fR/w/T/4/Q/+v/9f/6fyY1t/4/d/9D4pZO9j8AAAD0IHf/Q+MW+x8AAACakbv/YXGL/Q8AAADNyN3/8Lilk/2v/9f/6/89/1//v/719f/LdMPq7N8Jm+7/j0/w3x/Q/8+7/1+t9P9DLrifX//hLef9n4f+X//PQXPr/3P3PyJuuctqdfxiP0gAAABgVnL3PzJu6eTr/wAAANCD3P1Xxy32PwAAADQjd/81cUsn+1//r//X/+v/9f/rX1//v0ye/z/s6P3/Hf7vynv22/97/v8wz/+fuv8/85mh/2fZ5tb/5+6/Nm7pZP8DAABAD3L3Pypusf8BAACgGbn7Hx232P8AAADQjNz9j4lbOtn/+v/W+v//3vPzzun/d2oX/b/+X/+v/2+d/n+Y5/+P2Plr7lR983D9f75b/b/+3/P/9f+kufX/ufsfG7d0sv8BAACgB7n7Hxe32P8AAADQjNz9j49b7H8AAABoRu7+J8Qth9r/h877ZkP/31r/v/fnef6//n/d6+v/9f8t0/8P0/+PaOX5/xf5WbPtfv6otv3+9f/6fw6aW/+fu/+JcYuv/wMAAEAzcvc/KW6x/wEAAKAZufufHLfY/wAAANCM3P1PiVs62f/6f/3/Mvr/fAX9v/7/0vf/Sf+/TPr/Yfr/Ea30/xdp2/380t+//l//z0Fz6/9z9z81bulk/wMAAEAPcvc/LW6x/wEAAKAZufufHrfY/wAAANCM3P3PiFs62f/6f/3/Mvp/z//X/3v+v/7/wuj/h+n/R+j/9f/6f/0/k5pb/5+7/7q4pZP9DwAAAD3I3f/MuMX+BwAAgGbk7n9W3GL/AwAAQDNy9z87bulk/+v/9f/6f/2//n/96+v/l0n/P0z/P0L/r//X/+v/mdSM+v9zftbJ1XPilk72PwAAAPQgd/9z4xb7HwAAAJqRu/95cYv9DwAAAM3I3f/8uKWT/a//n03/v5PztdX/n1qtVvr/Vaf9/6lzfj/r81L/r//fAP3/MP3/CP2//l//r/9nUpvt/8/8nT/83wPI3f+CuKWT/Q8AAABLcv2h/w37rtz9L4xb7H8AAABoRu7+F8Ut9j8AAAA0I3f/i+OWTva//n82/f+Otvp/z//f//nRU//v+f8H6f83Q/8/TP8/Qv+v/2+j////1Wql/2cWNtv/j387d/9L4qbjxy76QwQAAABmJnf/9XFLJ1//BwAAgB7k7n9p3GL/AwAAwEJdd+B7cve/LG7pZP/r/6ft/4+f8336f/3//s8P/X/D/f/+N72G/n8z9P/D9P8j9P/6/zb6f8//Zzbm1v/n7n953NLJ/gcAAIAe5O6/IW6x/wEAAKAZuftfEbfY/wAAANCM3P2vjFs62f/6f8//1//r//X/61/f8/+XSf8/TP8/Qv+v/99u/3/i7P/U/9OGQ/T/p0+fvvqS9/+5+18Vt3Sy/wEAAKAHuftfHbfY/wAAANCM3P2viVvsfwAAAGhG7v7Xxi2d7H/9f6f9f36qL6v/v2a10v/r//X/+v9h+v9h+v8R+n/9v+f/6/+Z1Nye/5+7/3VxSyf7HwAAAHqQu//1cYv9DwAAAM3I3f+GuMX+BwAAgGbk7n9j3NLJ/tf/d9r/e/6//l//v+n+/7aV/n8jFtH/nzr/68+9/79W/6//H9Bd/3/XO+/5pv5f/89Bc+v/c/e/KW7pZP8DAABAD3L3vzlusf8BAACgGbn73xK32P8AAADQjNz9b42bLu9k/+v/9f8b7v93PtH0/3t/vP5/V+P9/9jz/4+vViv9/wQW0f8PmHv/P83z//f/KT9L/6//X/L71//r/zlobv1/7v63xS2d7H8AAADoQe7+t8ct9j8AAAA0I3f/O+IW+x8AAACakbv/nXFLJ/tf/6//9/x//X/z/f+1i+j/Pf9/Ivr/YZvr/2++28W8f/2//n/J71//r//nwm2r/8/d/664pZP9DwAAAD3I3f/uuMX+BwAAgGbk7n9P3GL/AwAAQDNy9783bulk/+v/9f+H6f/zfer/2+r/T8yu/z+55/+vk+f/6/8nov8fNo/n/5+f/l//v+T330j/f53+nynN7fn/ufvfF7d0sv8BAACgB7n73x+3/tWt/Q8AAADNyN3/gbjF/gcAAIBm5O7/YNzSyf7X/+v/Pf9f/9/88//1/13R/w/T/4/Q/+v/9f+e/8+k5tb/5+7/UNzSyf4HAACAHuTu/3DcYv8DAABAM3L3fyRusf8BAACgGbn7b4xbOtn/+n/9v/5f/6//3/091P+3Qf8/bDP9/yn9v/6/+vn/ij8F+n/9/9jPp01z6/9z9380bulk/wMAAEAPcvffFLfY/wAAANCM3P0fi1vsfwAAAFiky9d8X+7+j8ctnex//b/+X/+v/9f/r399/f8ybaX/z08K/b/n/4d++v/b7/nW0p7/v/+fX/p//T/Tm1v/n7v/E3FLJ/sfAAAAepC7/5Nxi/0PAAAAzcjdf3PcYv8DAABAM3L3fypu6WT/6//1//p//b/+f/3r6/+XyfP/h+n/R+j/t/r8/KW/f/2//p+D5tb/5+7/dNzSyf4HAACAHuTu/0zcYv8DAABAM3L3fzZusf8BAACgGTu7P+OyDve//l//r//X/+v/17++/n+Z9P/D9P8j9P/6f/2//p9Jza3//9zOzzq5+nzc0sn+BwAAgB7k7v9C3GL/AwAAQDNy938xbrH/AQAAoBm5+78Ut3Sy//X/+v9l9P+nT5++Wv+v/9/78Zzt/2/R/1P0/8P0/yP0//p//b/+n0nNrf/P3f/luKWT/Q8AAAA9yN3/lbjF/gcAAIBm5O7/atxi/wMAAEAzcvd/LW7pZP/r/2fQ/5/U/3v+v/5/5fn/+v+J6P+H6f9HtNj/n7zwD3/b/fxRbfv96//1/xw0t/4/d//X45ZO9j8AAAD0IHf/N+IW+x8AAACakbv/m3GL/Q8AAADNyN3/rbilk/2v/99c/3/m166X5/+fWq1///p//b/+X/9/qen/h+n/R7TY/x/Ctvv5pb9//b/+n4Pm1v/n7v923LJ3+B073EcJAAAAzEnu/u/ELZ18/R8AAAB6kLv/u3GL/Q8AAADNyN3/vbilk/2v/5/B8/8b7P89/3/954f+f9b9/2X6/zbo/4fp/0fo//X/+v+J+v/8bNb/925u/X/u/u/HLZ3sfwAAAOhB7v4fxC32PwAAADQjd/8P4xb7HwAAAJqRu/+WuOWc/b+u7W6F/l//r//X/+v/17++/n+Z9P/DLrT/P7E6Wv+f9P+b7f9v+p9DfbQHbLufP6ptv3/9v+f/c9Dc+v/c/T+KW3z9HwAAABbn2Hm+P3f/j+MW+x8AAACakbv/J3GL/Q8AAADNyN3/07jl1su29ZY2Sv+v/9f/6//1/+tfX/+/TPr/YZ7/P2Lh/f9RTdTPX6H/b6P/X630/xzd3Pr/3P0/i1t8/R8AAACakbv/53GL/Q8AAADNyN3/i7jF/gcAAIBm5O7/ZdzSyf7X/+v/j9j/76SZ+v9d+v9d+v/19P+bof8fpv8fof/3/H/9v+f/M6m59f+5+38Vt3Sy/wEAAKAHuft/HbfY/wAAANCM3P2/iVvsfwAAAGhG7v7fxi2d7P+t9f/xS63/X3z/v+fXW/9/Kfr/Mx+d/l//r/+/UPr/Yfr/Efp//b/+X//PpObW/+fu/13c0sn+BwAAgB7k7v993GL/AwAAQDNy9/8hbrH/AQAAoBm5+/8Yt3Sy/z3/X/8/Rf/v+f+7PP9/Vy/9f/4TQ/8/L/r/Yfr/9eo3Sv+v/9f/6/+Z1Nz6/9z9f4pbOtn/AAAA0IPc/X+OW+x/AAAAaEbu/lvjFvsfAAAAmpG7/y9xSyf7X/+v/9f/6//1/+tf3/P/l0n/P2yb/f/d/3f8ZT3/f+v9f74F/b/+X//PJObW/+fu/2vc0sn+BwAAgB7k7v9b3GL/AwAAQDNy9/89brH/AQAAoBm5+/8Rt3Sy/0f6/xP1A/X/g/T/e9+//n/954f+X/+v/7/09P/Dhvv/c/40d/b8/6L/9/x//b/+n0nNrf/P3f/PuKWT/Q8AAAA9yN1/W9xi/wMAAEAzcvf/K26x/wEAAKAZufv/Hbd0sv89/39J/f8V+n/9v/5f/6//H6H/H3bRz/+PPyj6f/3/EP2//l//z35z6/9z9/8nAAD//xWAQTo=")
r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000740)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8)

780.531302ms ago: executing program 0 (id=1319):
syz_init_net_socket$rose(0xb, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$sock_int(r0, 0x1, 0x2d, 0x0, &(0x7f0000000100))
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x100008b}, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000980)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x3200004, &(0x7f0000000a80)=ANY=[@ANYBLOB="63726561746f723da8fa40b32c6465636f6d706f73652c63726561746f723dbd1c66f52c6e6c733d63703836392c6769643d", @ANYRESHEX=0x0, @ANYBLOB="2c666f7263652c00f2d2d783dca321ca066f379066a92598376c0a6fb6ebb186b9be7a1d0debd4c2ce3408ded03a80e9839d59c9e7ee798f53e0387168295df851a241c8ce5a7094002fc55c1a66f9e609ea2409393aeb7f8902fcfb60db30dde50ac8f677ad022ab20fcf35644f0090f1861caf534652a239e63533b1a1d4251af75bb0ab1e3bffcf118f464e5f296a5e488bc804019abdcd6deed70d74ab439ff1b9839c7a8666aefe533565f6c6146cfd6ee47347c7dd230d2bfddd5b171026823367db7821b2c9b936b83cd77a9374bfba82530c6b3267130c"], 0x3, 0x6b4, &(0x7f0000000180)="$eJzs3U9sHFcdB/DvbJx1Nkip+y8NCKlWI1XQiMTOqiRISA0IoRwiFMGlVytxGiubtHJclFaIbICCxIkT6oFDURUOPSGEkMoJUc5ISFw45R6pNw45AEYzO7te2xvH29het/18pPF7s2/ee7/5Zf54Z2NtgM+t86/mYDdFzp+4cKtcv3e33bl3t329X08ynaSRTPWKFK2k+Cg5l96SL5Yv1sMVD5vn5fsfFlPvftDurZVjvX+w3r6xVb9NRm7ZTQ4NVg4kme1V/7PtYTeNVy3VOJfWxnu46a0ai0HcZcKO9xMHk7a6SXetsfHI7ts/b4F963bvvrnJTHI4vbtrdYurrw6PvjJM3pbXpu7exQEAAAC7ZeR7+WFPPMiD3MqRvQkHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPhuK3ncGFvXS6NdnU/S//7859J36zQmH+5jeuVIV339i0oEAAAAAAAAAwGN5/kEe5FaO9NdXi+oz/xeqlWeqn1/Im7mZxSznZG5lIStZyXLmk8wMDdS8tbCysjy/ueevU/ZcXV29Xfc8PbLn6fVxdTcGOup/GmzaCAAAAAAAAAA+t36S82uf/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwH5QJAd6RbU806/PpDGV5FCSZjE72Lw50WB3wF8mHQAAAADsvlZdHin+16usFtV7/qPV+/5DeTM3spKlrKSTxVyungX03vU3/tFtd+7dbV8vl80Df+vjseKoRkzv2cPomeeqLZ4d9Dif7+YHOZHZXMxylvLDLGQli5nNd6raQorM1E8vZu7dbaUf6+Z4z61bu7gxtueH6mV8x6pIWrmSpSq2k7nU7IfeqLc7NjTbn5rJhhnvlNkpXqltM0eX67Lco1/V5Y478Ek6zVR7fnCQkbk692U2nhzO++bcj3mcbJxpPo3BM6hn1mYpVzfOdOfj5vg5P1yXZa5/vls57xnzUdr6THR/Wa71j76jW+c8+eo//3rxauPGtatXbp7YxV3aGxuPifZQJp7bViY6ZSa6j5GJQ48T/85p1tnoncTjXS1fqPoeyVK+l9dzOYs5k7nM52zm8o2cTjunh/L67NZ5ra5vjfHOteNfqSvlPekXQ/emPTP9sIYyr08O5XX4SjdTtQ2/spalp7aRpaKZ0Vn618hQpr5UV8o5fjp0x5m8jZmYH8rE01tn4rf/XU1ys3Pj2vLVhTe2Od+LdVmetu+svza/vyM7NL56d8vj5anyHyu928bw0VG2Pd1v25CvZv2Jy1Q92Lq2Zqrzudf2qDO1HOnonVEj9dqeGzlLu2o7NtS27recvJ7O4LcQAPaxwy8dbrbut/7eeq/1s9bV1oVD354+O/3lZg7+berPB37f+F3jm8VLeS8/zpFJRwoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ8FN996+9pCp7O4vA8raezwgHdGNvVT0XuluT/2/dNamd7qiPpDki26NycRcyvJvkhdpvZgrumMaLoweKWVNAbxJLm2T77gDtgNp1auv3Hq5ltvf23p+sJri68t3jh99swrZ9pfn7996spSZ3Gu93PSUQK7Ye3XgElHAgAAAAAAAAAAAGzXWH9F0Mwn+tuDEdMW3QnsKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDpdP7VHOymyPzcybly/d7ddqdc+vW1LaeSNJIUP0qKj5Jz6S2ZGRqueNg8L9//8DcvvvtBe22sqf72jQ39/vjv1dUx96JbL5lNcqAuH216W+NdqsrmoGF8xWAPy4Qd7ycOJu3/AQAA//9Hgwei")
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0x2)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, 0x1e, 0x305, 0x0, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @typed={0x8, 0x9, 0x0, 0x0, @uid}]}, 0x24}, 0x1, 0x0, 0x0, 0x4a841}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_SB_GET(r3, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)
sendmsg$DEVLINK_CMD_PORT_UNSPLIT(r2, &(0x7f0000000900)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000140)={&(0x7f0000000840)={0xb4, 0x0, 0x311, 0x70bd2c, 0x25dfdbfe, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}}]}, 0xb4}, 0x1, 0x0, 0x0, 0x800}, 0x8092)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002280)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
read$FUSE(r4, &(0x7f0000006340)={0x2020}, 0x2058)
write$FUSE_LSEEK(r4, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x555801, 0x5e9)
openat$vsock(0xffffffffffffff9c, 0x0, 0x80102, 0x0)
setsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, &(0x7f0000001640)=0xc, 0x45)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}], 0x1, 0x1)

141.29063ms ago: executing program 5 (id=1320):
socket$nl_route(0x10, 0x3, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x2000, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r1, &(0x7f0000001fc0)=""/184, 0x20002078)

0s ago: executing program 5 (id=1321):
syz_init_net_socket$rose(0xb, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$sock_int(r0, 0x1, 0x2d, 0x0, &(0x7f0000000100))
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x100008b}, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000980)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x3200004, &(0x7f0000000a80)=ANY=[@ANYBLOB="63726561746f723da8fa40b32c6465636f6d706f73652c63726561746f723dbd1c66f52c6e6c733d63703836392c6769643d", @ANYRESHEX=0x0, @ANYBLOB="2c666f7263652c00f2d2d783dca321ca066f379066a92598376c0a6fb6ebb186b9be7a1d0debd4c2ce3408ded03a80e9839d59c9e7ee798f53e0387168295df851a241c8ce5a7094002fc55c1a66f9e609ea2409393aeb7f8902fcfb60db30dde50ac8f677ad022ab20fcf35644f0090f1861caf534652a239e63533b1a1d4251af75bb0ab1e3bffcf118f464e5f296a5e488bc804019abdcd6deed70d74ab439ff1b9839c7a8666aefe533565f6c6146cfd6ee47347c7dd230d2bfddd5b171026823367db7821b2c9b936b83cd77a9374bfba82530c6b3267130c"], 0x3, 0x6b4, &(0x7f0000000180)="$eJzs3U9sHFcdB/DvbJx1Nkip+y8NCKlWI1XQiMTOqiRISA0IoRwiFMGlVytxGiubtHJclFaIbICCxIkT6oFDURUOPSGEkMoJUc5ISFw45R6pNw45AEYzO7te2xvH29het/18pPF7s2/ee7/5Zf54Z2NtgM+t86/mYDdFzp+4cKtcv3e33bl3t329X08ynaSRTPWKFK2k+Cg5l96SL5Yv1sMVD5vn5fsfFlPvftDurZVjvX+w3r6xVb9NRm7ZTQ4NVg4kme1V/7PtYTeNVy3VOJfWxnu46a0ai0HcZcKO9xMHk7a6SXetsfHI7ts/b4F963bvvrnJTHI4vbtrdYurrw6PvjJM3pbXpu7exQEAAAC7ZeR7+WFPPMiD3MqRvQkHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPhuK3ncGFvXS6NdnU/S//7859J36zQmH+5jeuVIV339i0oEAAAAAAAAAwGN5/kEe5FaO9NdXi+oz/xeqlWeqn1/Im7mZxSznZG5lIStZyXLmk8wMDdS8tbCysjy/ueevU/ZcXV29Xfc8PbLn6fVxdTcGOup/GmzaCAAAAAAAAAA+t36S82uf/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwH5QJAd6RbU806/PpDGV5FCSZjE72Lw50WB3wF8mHQAAAADsvlZdHin+16usFtV7/qPV+/5DeTM3spKlrKSTxVyungX03vU3/tFtd+7dbV8vl80Df+vjseKoRkzv2cPomeeqLZ4d9Dif7+YHOZHZXMxylvLDLGQli5nNd6raQorM1E8vZu7dbaUf6+Z4z61bu7gxtueH6mV8x6pIWrmSpSq2k7nU7IfeqLc7NjTbn5rJhhnvlNkpXqltM0eX67Lco1/V5Y478Ek6zVR7fnCQkbk692U2nhzO++bcj3mcbJxpPo3BM6hn1mYpVzfOdOfj5vg5P1yXZa5/vls57xnzUdr6THR/Wa71j76jW+c8+eo//3rxauPGtatXbp7YxV3aGxuPifZQJp7bViY6ZSa6j5GJQ48T/85p1tnoncTjXS1fqPoeyVK+l9dzOYs5k7nM52zm8o2cTjunh/L67NZ5ra5vjfHOteNfqSvlPekXQ/emPTP9sIYyr08O5XX4SjdTtQ2/spalp7aRpaKZ0Vn618hQpr5UV8o5fjp0x5m8jZmYH8rE01tn4rf/XU1ys3Pj2vLVhTe2Od+LdVmetu+svza/vyM7NL56d8vj5anyHyu928bw0VG2Pd1v25CvZv2Jy1Q92Lq2Zqrzudf2qDO1HOnonVEj9dqeGzlLu2o7NtS27recvJ7O4LcQAPaxwy8dbrbut/7eeq/1s9bV1oVD354+O/3lZg7+berPB37f+F3jm8VLeS8/zpFJRwoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ8FN996+9pCp7O4vA8raezwgHdGNvVT0XuluT/2/dNamd7qiPpDki26NycRcyvJvkhdpvZgrumMaLoweKWVNAbxJLm2T77gDtgNp1auv3Hq5ltvf23p+sJri68t3jh99swrZ9pfn7996spSZ3Gu93PSUQK7Ye3XgElHAgAAAAAAAAAAAGzXWH9F0Mwn+tuDEdMW3QnsKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDpdP7VHOymyPzcybly/d7ddqdc+vW1LaeSNJIUP0qKj5Jz6S2ZGRqueNg8L9//8DcvvvtBe22sqf72jQ39/vjv1dUx96JbL5lNcqAuH216W+NdqsrmoGF8xWAPy4Qd7ycOJu3/AQAA//9Hgwei")
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, 0x1e, 0x305, 0x0, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @typed={0x8, 0x9, 0x0, 0x0, @uid}]}, 0x24}, 0x1, 0x0, 0x0, 0x4a841}, 0x0)

kernel console output (not intermixed with test programs):

 change from 0 to 512
[  416.517220][ T7369] loop3: detected capacity change from 0 to 2048
[  416.529119][ T7369] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=18576, location=18576
[  420.213817][ T7371] loop4: detected capacity change from 0 to 128
[  420.228025][ T4257] Bluetooth: hci2: command 0x0c1a tx timeout
[  420.234841][ T4257] Bluetooth: hci3: command 0x0c1a tx timeout
[  420.241197][ T4257] Bluetooth: hci4: command 0x0c1a tx timeout
[  420.247579][ T4257] Bluetooth: hci1: command 0x0406 tx timeout
[  420.253793][ T4257] Bluetooth: hci0: command 0x0c1a tx timeout
[  420.388384][ T7371] VFS: Found a Xenix FS (block size = 512) on device loop4
[  420.397550][ T7371] sysv_free_block: trying to free block not in datazone
[  420.407213][ T7371] sysv_free_block: trying to free block not in datazone
[  420.415558][ T7371] sysv_free_block: getblk() failed
[  420.420811][ T7371] sysv_free_block: getblk() failed
[  420.426881][ T7371] sysv_free_block: getblk() failed
[  420.432158][ T7371] sysv_free_block: getblk() failed
[  420.437446][ T7371] sysv_free_block: getblk() failed
[  420.442675][ T7371] sysv_free_block: getblk() failed
[  420.447955][ T7371] sysv_free_block: getblk() failed
[  420.453213][ T7371] sysv_free_block: getblk() failed
[  420.458451][ T7371] sysv_free_block: getblk() failed
[  420.463726][ T7371] sysv_free_block: getblk() failed
[  420.469740][ T7371] sysv_free_block: getblk() failed
[  420.475016][ T7371] sysv_free_block: getblk() failed
[  420.480258][ T7371] sysv_free_block: getblk() failed
[  420.486300][ T7371] sysv_free_block: getblk() failed
[  420.491536][ T7371] sysv_free_block: getblk() failed
[  420.496823][ T7371] sysv_free_block: getblk() failed
[  420.502063][ T7371] sysv_free_block: getblk() failed
[  420.507330][ T7371] sysv_free_block: getblk() failed
[  420.514765][ T7371] sysv_free_block: getblk() failed
[  420.520050][ T7371] sysv_free_block: getblk() failed
[  420.525346][ T7371] sysv_free_block: getblk() failed
[  420.530608][ T7371] sysv_free_block: getblk() failed
[  420.535864][ T7371] sysv_free_block: getblk() failed
[  420.541119][ T7371] sysv_free_block: getblk() failed
[  420.546405][ T7371] sysv_free_block: getblk() failed
[  420.551632][ T7371] sysv_free_block: getblk() failed
[  420.557690][ T7371] sysv_free_block: getblk() failed
[  420.562971][ T7371] sysv_free_block: getblk() failed
[  420.568177][ T7371] sysv_free_block: getblk() failed
[  420.573431][ T7371] sysv_free_block: getblk() failed
[  420.578674][ T7371] sysv_free_block: getblk() failed
[  420.583909][ T7371] sysv_free_block: getblk() failed
[  420.589135][ T7371] sysv_free_block: getblk() failed
[  420.594422][ T7371] sysv_free_block: getblk() failed
[  420.600655][ T7371] sysv_free_block: getblk() failed
[  420.605953][ T7371] sysv_free_block: getblk() failed
[  420.611199][ T7371] sysv_free_block: getblk() failed
[  420.617332][ T7371] sysv_free_block: getblk() failed
[  420.622486][ T7371] sysv_free_block: trying to free block not in datazone
[  420.629503][ T7371] sysv_free_block: trying to free block not in datazone
[  420.638865][ T7371] sysv_free_block: trying to free block not in datazone
[  420.663430][ T7371] sysv_free_inode: inode 0,1,2 or nonexistent inode
[  420.744729][ T7369] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  421.315854][ T4449] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  422.273322][ T4260] Bluetooth: hci0: command 0x0406 tx timeout
[  422.279404][ T4260] Bluetooth: hci4: command 0x0406 tx timeout
[  422.504668][ T4253] Bluetooth: hci2: command 0x0406 tx timeout
[  422.556063][ T7380] loop5: detected capacity change from 0 to 128
[  423.715422][ T4257] Bluetooth: hci3: command 0x0406 tx timeout
[  423.845877][   T26] audit: type=1800 audit(1738738710.058:33): pid=7379 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.698" name="bus" dev="loop5" ino=1048617 res=0 errno=0
[  424.941451][ T7396] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  425.274092][   T26] audit: type=1326 audit(1738738711.518:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7400 comm="syz.5.703" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f40a558cde9 code=0x0
[  427.383926][ T7423] loop4: detected capacity change from 0 to 512
[  427.447598][ T4449] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  427.970883][ T7427] loop4: detected capacity change from 0 to 128
[  427.981247][    C1] vcan0: j1939_tp_rxtimer: 0xffff88807df4e400: rx timeout, send abort
[  428.161186][ T7427] VFS: Found a Xenix FS (block size = 512) on device loop4
[  428.171822][ T7427] sysv_free_block: trying to free block not in datazone
[  428.180375][ T7427] sysv_free_block: trying to free block not in datazone
[  428.189788][ T7427] sysv_free_block: getblk() failed
[  428.195115][ T7427] sysv_free_block: getblk() failed
[  428.201168][ T7427] sysv_free_block: getblk() failed
[  428.206479][ T7427] sysv_free_block: getblk() failed
[  428.211710][ T7427] sysv_free_block: getblk() failed
[  428.217037][ T7427] sysv_free_block: getblk() failed
[  428.222251][ T7427] sysv_free_block: getblk() failed
[  428.227565][ T7427] sysv_free_block: getblk() failed
[  428.232799][ T7427] sysv_free_block: getblk() failed
[  428.238128][ T7427] sysv_free_block: getblk() failed
[  428.244228][ T7427] sysv_free_block: getblk() failed
[  428.249492][ T7427] sysv_free_block: getblk() failed
[  428.254741][ T7427] sysv_free_block: getblk() failed
[  428.260816][ T7427] sysv_free_block: getblk() failed
[  428.266265][ T7427] sysv_free_block: getblk() failed
[  428.271527][ T7427] sysv_free_block: getblk() failed
[  428.276792][ T7427] sysv_free_block: getblk() failed
[  428.282026][ T7427] sysv_free_block: getblk() failed
[  428.288199][ T7427] sysv_free_block: getblk() failed
[  428.293511][ T7427] sysv_free_block: getblk() failed
[  428.298744][ T7427] sysv_free_block: getblk() failed
[  428.304001][ T7427] sysv_free_block: getblk() failed
[  428.309223][ T7427] sysv_free_block: getblk() failed
[  428.314479][ T7427] sysv_free_block: getblk() failed
[  428.319735][ T7427] sysv_free_block: getblk() failed
[  428.324978][ T7427] sysv_free_block: getblk() failed
[  428.331067][ T7427] sysv_free_block: getblk() failed
[  428.336356][ T7427] sysv_free_block: getblk() failed
[  428.341613][ T7427] sysv_free_block: getblk() failed
[  428.346896][ T7427] sysv_free_block: getblk() failed
[  428.352100][ T7427] sysv_free_block: getblk() failed
[  428.357356][ T7427] sysv_free_block: getblk() failed
[  428.362587][ T7427] sysv_free_block: getblk() failed
[  428.367858][ T7427] sysv_free_block: getblk() failed
[  428.373954][ T7427] sysv_free_block: getblk() failed
[  428.379216][ T7427] sysv_free_block: getblk() failed
[  428.384505][ T7427] sysv_free_block: getblk() failed
[  428.390551][ T7427] sysv_free_block: getblk() failed
[  428.395778][ T7427] sysv_free_block: trying to free block not in datazone
[  428.402822][ T7427] sysv_free_block: trying to free block not in datazone
[  428.410747][ T7427] sysv_free_block: trying to free block not in datazone
[  428.451807][ T7427] sysv_free_inode: inode 0,1,2 or nonexistent inode
[  428.489550][    C1] vcan0: j1939_tp_rxtimer: 0xffff88807df4e400: abort rx timeout. Force session deactivation
[  428.748818][ T7431] netlink: 12 bytes leftover after parsing attributes in process `syz.3.712'.
[  429.315651][ T7440] loop2: detected capacity change from 0 to 128
[  431.177245][   T26] audit: type=1800 audit(1738738717.398:35): pid=7439 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.714" name="bus" dev="loop2" ino=1048618 res=0 errno=0
[  431.490959][ T7445] loop4: detected capacity change from 0 to 512
[  431.628905][ T7445] EXT4-fs error (device loop4): ext4_orphan_get:1400: inode #15: comm syz.4.717: casefold flag without casefold feature
[  431.703149][ T7445] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.717: couldn't read orphan inode 15 (err -117)
[  431.806970][ T7445] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  433.326967][ T7465] input: syz0 as /devices/virtual/input/input14
[  433.848717][ T4252] EXT4-fs (loop4): unmounting filesystem.
[  434.328399][ T7476] loop0: detected capacity change from 0 to 2048
[  434.339857][ T7476] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=18576, location=18576
[  434.472421][ T7476] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  436.014673][    C0] vcan0: j1939_tp_rxtimer: 0xffff888078bc5000: rx timeout, send abort
[  437.502048][ T7483] loop2: detected capacity change from 0 to 512
[  437.543115][ T7480] loop0: detected capacity change from 0 to 512
[  437.583882][ T7480] EXT4-fs: Ignoring removed mblk_io_submit option
[  438.403172][ T7480] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[  438.478647][ T7480] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b002c118, mo2=0002]
[  438.493025][ T7483] EXT4-fs (loop2): 1 orphan inode deleted
[  438.503399][ T4345] Quota error (device loop2): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  438.523316][ T7480] System zones: 1-12
[  438.530495][ T7483] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  438.534006][ T4345] EXT4-fs error (device loop2): ext4_release_dquot:6818: comm kworker/u4:10: Failed to release dquot type 1
[  438.540336][ T7480] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2186: inode #15: comm syz.0.727: corrupted in-inode xattr
[  438.552111][ T7483] ext4 filesystem being mounted at /147/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  438.565154][ T7480] EXT4-fs error (device loop0): ext4_orphan_get:1405: comm syz.0.727: couldn't read orphan inode 15 (err -117)
[  438.586027][ T7480] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  438.718860][ T4250] EXT4-fs (loop0): unmounting filesystem.
[  438.747449][ T7495] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  438.754872][ T7495] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  438.770922][ T7495] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  438.821017][ T7495] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  438.834843][ T7495] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  438.840861][ T7495] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  438.882518][ T7495] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  439.019026][ T7495] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  439.037807][ T7495] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  439.056703][   T26] audit: type=1800 audit(1738738725.308:36): pid=7483 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.726" name="file1" dev="loop2" ino=15 res=0 errno=0
[  439.073487][ T7495] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  439.803071][ T7495] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  439.809079][ T7495] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  439.955521][ T1274] ieee802154 phy0 wpan0: encryption failed: -22
[  439.961940][ T1274] ieee802154 phy1 wpan1: encryption failed: -22
[  440.002984][ T7495] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  440.008998][ T7495] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  440.031565][ T7495] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  440.722649][ T4258] EXT4-fs (loop2): unmounting filesystem.
[  440.763046][ T4260] Bluetooth: hci1: command 0x0c1a tx timeout
[  440.832914][ T4260] Bluetooth: hci2: command 0x0c1a tx timeout
[  440.912889][ T4260] Bluetooth: hci3: command 0x0c1a tx timeout
[  441.248165][ T4260] Bluetooth: hci4: command 0x0c1a tx timeout
[  441.758521][ T7579] loop3: detected capacity change from 0 to 512
[  441.787801][ T7579] EXT4-fs error (device loop3): ext4_orphan_get:1400: inode #15: comm syz.3.733: casefold flag without casefold feature
[  441.831181][ T7579] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.733: couldn't read orphan inode 15 (err -117)
[  441.850080][ T7579] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  442.053009][ T4260] Bluetooth: hci0: command 0x0c1a tx timeout
[  442.833705][ T4253] Bluetooth: hci1: command 0x0406 tx timeout
[  442.912891][ T4253] Bluetooth: hci2: command 0x0406 tx timeout
[  443.033465][ T4253] Bluetooth: hci3: command 0x0406 tx timeout
[  443.063907][ T4244] EXT4-fs (loop3): unmounting filesystem.
[  443.312949][ T4260] Bluetooth: hci4: command 0x0406 tx timeout
[  444.192913][ T4253] Bluetooth: hci0: command 0x0406 tx timeout
[  444.303946][    C0] vcan0: j1939_tp_rxtimer: 0xffff888056915400: rx timeout, send abort
[  445.030037][    C0] vcan0: j1939_tp_rxtimer: 0xffff888056915400: abort rx timeout. Force session deactivation
[  445.165651][ T4291] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  445.264100][ T7607] loop2: detected capacity change from 0 to 512
[  445.380619][ T4291] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  447.225491][ T7613] loop2: detected capacity change from 0 to 128
[  448.028342][ T4291] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  448.039301][ T4291] usb 5-1: config 1 has no interface number 1
[  448.046991][ T4291] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  449.052263][ T4291] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  449.287327][ T7613] VFS: Found a Xenix FS (block size = 512) on device loop2
[  449.295219][ T7613] sysv_free_block: trying to free block not in datazone
[  449.302426][ T7613] sysv_free_block: trying to free block not in datazone
[  449.309770][ T7613] sysv_free_block: getblk() failed
[  449.314986][ T7613] sysv_free_block: getblk() failed
[  449.320231][ T7613] sysv_free_block: getblk() failed
[  449.325403][ T7613] sysv_free_block: getblk() failed
[  449.330613][ T7613] sysv_free_block: getblk() failed
[  449.335782][ T7613] sysv_free_block: getblk() failed
[  449.340907][ T7613] sysv_free_block: getblk() failed
[  449.346125][ T7613] sysv_free_block: getblk() failed
[  449.351247][ T7613] sysv_free_block: getblk() failed
[  449.356463][ T7613] sysv_free_block: getblk() failed
[  449.362045][ T7613] sysv_free_block: getblk() failed
[  449.367242][ T7613] sysv_free_block: getblk() failed
[  449.372385][ T7613] sysv_free_block: getblk() failed
[  449.377777][ T7613] sysv_free_block: getblk() failed
[  449.383018][ T7613] sysv_free_block: getblk() failed
[  449.388120][ T7613] sysv_free_block: getblk() failed
[  449.393303][ T7613] sysv_free_block: getblk() failed
[  449.398402][ T7613] sysv_free_block: getblk() failed
[  449.403651][ T7613] sysv_free_block: getblk() failed
[  449.408782][ T7613] sysv_free_block: getblk() failed
[  449.413926][ T7613] sysv_free_block: getblk() failed
[  449.419027][ T7613] sysv_free_block: getblk() failed
[  449.424201][ T7613] sysv_free_block: getblk() failed
[  449.429336][ T7613] sysv_free_block: getblk() failed
[  449.434602][ T7613] sysv_free_block: getblk() failed
[  449.439723][ T7613] sysv_free_block: getblk() failed
[  449.445029][ T7613] sysv_free_block: getblk() failed
[  449.450226][ T7613] sysv_free_block: getblk() failed
[  449.455390][ T7613] sysv_free_block: getblk() failed
[  449.460497][ T7613] sysv_free_block: getblk() failed
[  449.465974][ T7613] sysv_free_block: getblk() failed
[  449.471076][ T7613] sysv_free_block: getblk() failed
[  449.476239][ T7613] sysv_free_block: getblk() failed
[  449.481339][ T7613] sysv_free_block: getblk() failed
[  449.486616][ T7613] sysv_free_block: getblk() failed
[  449.491736][ T7613] sysv_free_block: getblk() failed
[  449.496896][ T7613] sysv_free_block: getblk() failed
[  449.502147][ T7613] sysv_free_block: getblk() failed
[  449.507265][ T7613] sysv_free_block: trying to free block not in datazone
[  449.514295][ T7613] sysv_free_block: trying to free block not in datazone
[  449.521361][ T7613] sysv_free_block: trying to free block not in datazone
[  449.541436][ T7613] sysv_free_inode: inode 0,1,2 or nonexistent inode
[  449.803025][ T4291] usb 5-1: string descriptor 0 read error: -71
[  449.809303][ T4291] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  449.819269][ T4291] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  449.856036][ T4291] usb 5-1: can't set config #1, error -71
[  449.895570][ T4291] usb 5-1: USB disconnect, device number 5
[  453.017643][ T7652] loop0: detected capacity change from 0 to 512
[  454.104330][    C1] vcan0: j1939_tp_rxtimer: 0xffff888057bf4400: rx timeout, send abort
[  454.547196][ T7663] loop0: detected capacity change from 0 to 128
[  456.015899][    C1] vcan0: j1939_tp_rxtimer: 0xffff888057bf4400: abort rx timeout. Force session deactivation
[  456.212806][ T7663] VFS: Found a Xenix FS (block size = 512) on device loop0
[  456.221572][ T7663] sysv_free_block: trying to free block not in datazone
[  456.229020][ T7663] sysv_free_block: trying to free block not in datazone
[  456.237009][ T7663] sysv_free_block: getblk() failed
[  456.242270][ T7663] sysv_free_block: getblk() failed
[  456.247696][ T7663] sysv_free_block: getblk() failed
[  456.252906][ T7663] sysv_free_block: getblk() failed
[  456.258049][ T7663] sysv_free_block: getblk() failed
[  456.315213][ T7663] sysv_free_block: getblk() failed
[  456.320424][ T7663] sysv_free_block: getblk() failed
[  456.326269][ T7663] sysv_free_block: getblk() failed
[  456.331404][ T7663] sysv_free_block: getblk() failed
[  456.336596][ T7663] sysv_free_block: getblk() failed
[  456.341941][ T7663] sysv_free_block: getblk() failed
[  456.347141][ T7663] sysv_free_block: getblk() failed
[  456.352273][ T7663] sysv_free_block: getblk() failed
[  456.357712][ T7663] sysv_free_block: getblk() failed
[  456.363061][ T7663] sysv_free_block: getblk() failed
[  456.368246][ T7663] sysv_free_block: getblk() failed
[  456.373525][ T7663] sysv_free_block: getblk() failed
[  456.378666][ T7663] sysv_free_block: getblk() failed
[  456.384023][ T7663] sysv_free_block: getblk() failed
[  456.389208][ T7663] sysv_free_block: getblk() failed
[  456.394416][ T7663] sysv_free_block: getblk() failed
[  456.399635][ T7663] sysv_free_block: getblk() failed
[  456.404830][ T7663] sysv_free_block: getblk() failed
[  456.409959][ T7663] sysv_free_block: getblk() failed
[  456.415146][ T7663] sysv_free_block: getblk() failed
[  456.420274][ T7663] sysv_free_block: getblk() failed
[  456.426138][ T7663] sysv_free_block: getblk() failed
[  456.431298][ T7663] sysv_free_block: getblk() failed
[  456.436489][ T7663] sysv_free_block: getblk() failed
[  456.441624][ T7663] sysv_free_block: getblk() failed
[  456.446790][ T7663] sysv_free_block: getblk() failed
[  456.451917][ T7663] sysv_free_block: getblk() failed
[  456.457083][ T7663] sysv_free_block: getblk() failed
[  456.462211][ T7663] sysv_free_block: getblk() failed
[  456.467550][ T7663] sysv_free_block: getblk() failed
[  456.472683][ T7663] sysv_free_block: getblk() failed
[  456.477891][ T7663] sysv_free_block: getblk() failed
[  456.483394][ T7663] sysv_free_block: getblk() failed
[  456.488511][ T7663] sysv_free_block: trying to free block not in datazone
[  456.495491][ T7663] sysv_free_block: trying to free block not in datazone
[  456.502807][ T7663] sysv_free_block: trying to free block not in datazone
[  456.519358][ T7663] sysv_free_inode: inode 0,1,2 or nonexistent inode
[  460.088811][ T7683] loop2: detected capacity change from 0 to 128
[  460.326318][   T26] audit: type=1800 audit(1738738746.448:37): pid=7683 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.768" name="bus" dev="loop2" ino=1048619 res=0 errno=0
[  462.922493][ T7705] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  463.878233][ T7703] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  463.889476][ T7703] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  464.573003][   T26] audit: type=1400 audit(1738738750.548:38): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=7707 comm="syz.2.772"
[  465.052202][ T7718] loop2: detected capacity change from 0 to 512
[  465.359988][ T7725] input: syz0 as /devices/virtual/input/input15
[  465.981092][ T7727] loop2: detected capacity change from 0 to 128
[  466.030970][ T7727] VFS: Found a Xenix FS (block size = 512) on device loop2
[  466.040353][ T7727] sysv_free_block: trying to free block not in datazone
[  466.048992][ T7727] sysv_free_block: trying to free block not in datazone
[  466.057791][ T7727] sysv_free_block: getblk() failed
[  466.063185][ T7727] sysv_free_block: getblk() failed
[  466.069288][ T7727] sysv_free_block: getblk() failed
[  466.074579][ T7727] sysv_free_block: getblk() failed
[  466.079839][ T7727] sysv_free_block: getblk() failed
[  466.085244][ T7727] sysv_free_block: getblk() failed
[  466.090568][ T7727] sysv_free_block: getblk() failed
[  466.095882][ T7727] sysv_free_block: getblk() failed
[  466.101168][ T7727] sysv_free_block: getblk() failed
[  466.106484][ T7727] sysv_free_block: getblk() failed
[  466.112627][ T7727] sysv_free_block: getblk() failed
[  466.117952][ T7727] sysv_free_block: getblk() failed
[  466.123255][ T7727] sysv_free_block: getblk() failed
[  466.129331][ T7727] sysv_free_block: getblk() failed
[  466.134663][ T7727] sysv_free_block: getblk() failed
[  466.139912][ T7727] sysv_free_block: getblk() failed
[  466.145213][ T7727] sysv_free_block: getblk() failed
[  466.150429][ T7727] sysv_free_block: getblk() failed
[  466.157214][ T7727] sysv_free_block: getblk() failed
[  466.162423][ T7727] sysv_free_block: getblk() failed
[  466.167721][ T7727] sysv_free_block: getblk() failed
[  466.173001][ T7727] sysv_free_block: getblk() failed
[  466.178255][ T7727] sysv_free_block: getblk() failed
[  466.183536][ T7727] sysv_free_block: getblk() failed
[  466.188739][ T7727] sysv_free_block: getblk() failed
[  466.193997][ T7727] sysv_free_block: getblk() failed
[  466.200370][ T7727] sysv_free_block: getblk() failed
[  466.205658][ T7727] sysv_free_block: getblk() failed
[  466.210911][ T7727] sysv_free_block: getblk() failed
[  466.216283][ T7727] sysv_free_block: getblk() failed
[  466.221571][ T7727] sysv_free_block: getblk() failed
[  466.226824][ T7727] sysv_free_block: getblk() failed
[  466.232080][ T7727] sysv_free_block: getblk() failed
[  466.237400][ T7727] sysv_free_block: getblk() failed
[  466.243642][ T7727] sysv_free_block: getblk() failed
[  466.248891][ T7727] sysv_free_block: getblk() failed
[  466.254203][ T7727] sysv_free_block: getblk() failed
[  466.260279][ T7727] sysv_free_block: getblk() failed
[  466.265455][ T7727] sysv_free_block: trying to free block not in datazone
[  466.272469][ T7727] sysv_free_block: trying to free block not in datazone
[  466.280420][ T7727] sysv_free_block: trying to free block not in datazone
[  466.315845][ T7727] sysv_free_inode: inode 0,1,2 or nonexistent inode
[  467.037949][ T4449] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  468.601212][ T7741] input: syz0 as /devices/virtual/input/input16
[  470.578109][ T7756] loop3: detected capacity change from 0 to 256
[  471.624119][   T26] audit: type=1400 audit(1738738757.068:39): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=7757 comm="syz.4.788"
[  471.653855][ T7756] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  471.822116][ T7756] exFAT-fs (loop3): Medium has reported failures. Some data may be lost.
[  471.954900][ T7760] loop2: detected capacity change from 0 to 128
[  472.029319][ T7756] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  472.053713][ T7760] VFS: Found a Xenix FS (block size = 512) on device loop2
[  472.141465][   T26] audit: type=1800 audit(1738738758.388:40): pid=7756 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.787" name="file1" dev="loop3" ino=1048620 res=0 errno=0
[  472.564422][ T7767] cifs: Unknown parameter 'mode'
[  472.668144][ T7771] loop2: detected capacity change from 0 to 4096
[  474.393431][ T7795] input: syz0 as /devices/virtual/input/input17
[  475.647191][ T7792] loop5: detected capacity change from 0 to 128
[  476.485716][   T26] audit: type=1800 audit(1738738762.508:41): pid=7792 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.797" name="bus" dev="loop5" ino=1048621 res=0 errno=0
[  477.686212][ T7805] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  477.697475][ T7805] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  477.781176][ T7801] 8021q: adding VLAN 0 to HW filter on device bond1
[  477.791556][ T7801] bond0: (slave bond1): Enslaving as an active interface with an up link
[  477.998313][ T7810] mkiss: ax0: crc mode is auto.
[  478.482724][ T7825] input: syz0 as /devices/virtual/input/input18
[  479.643798][ T7834] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  479.701313][ T7834] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  479.880435][ T7842] loop4: detected capacity change from 0 to 64
[  480.004321][ T7834] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  480.058097][ T7834] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  480.089270][ T7848] loop2: detected capacity change from 0 to 4096
[  480.111865][ T7834] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  480.259360][ T7834] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  480.309806][ T7834] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  480.671136][ T7834] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  480.703238][ T7834] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  480.723122][ T7834] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  480.800633][ T7834] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  480.813808][ T7834] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  480.877776][ T7834] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  480.907332][ T7834] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  480.963133][ T7834] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  481.451104][ T7859] loop4: detected capacity change from 0 to 128
[  481.774575][ T4253] Bluetooth: hci1: command 0x0c1a tx timeout
[  481.833578][   T26] audit: type=1800 audit(1738738767.768:42): pid=7858 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.815" name="bus" dev="loop4" ino=1048622 res=0 errno=0
[  482.113105][ T4260] Bluetooth: hci2: command 0x0c1a tx timeout
[  482.353175][ T4260] Bluetooth: hci3: command 0x0c1a tx timeout
[  482.757056][ T4260] Bluetooth: hci4: command 0x0c1a tx timeout
[  482.913080][ T4260] Bluetooth: hci0: command 0x0c1a tx timeout
[  482.928885][ T7862] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  482.940158][ T7862] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  483.802988][ T4260] Bluetooth: hci1: command 0x0406 tx timeout
[  484.670292][ T4260] Bluetooth: hci2: command 0x0406 tx timeout
[  484.676524][ T4260] Bluetooth: hci3: command 0x0406 tx timeout
[  484.832969][ T4253] Bluetooth: hci4: command 0x0406 tx timeout
[  485.023711][ T7883] input: syz0 as /devices/virtual/input/input19
[  485.083059][ T4253] Bluetooth: hci0: command 0x0406 tx timeout
[  485.793762][ T7886] loop2: detected capacity change from 0 to 512
[  486.178560][ T7895] input: syz0 as /devices/virtual/input/input20
[  486.652559][ T4449] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  486.697749][ T7889] loop5: detected capacity change from 0 to 4096
[  486.989283][ T7900] loop2: detected capacity change from 0 to 128
[  487.808660][ T7900] VFS: Found a Xenix FS (block size = 512) on device loop2
[  487.819178][ T7900] sysv_free_block: trying to free block not in datazone
[  487.828767][ T7900] sysv_free_block: trying to free block not in datazone
[  487.838362][ T7900] sysv_free_block: getblk() failed
[  487.843937][ T7900] sysv_free_block: getblk() failed
[  487.851062][ T7900] sysv_free_block: getblk() failed
[  487.856559][ T7900] sysv_free_block: getblk() failed
[  487.862891][ T7900] sysv_free_block: getblk() failed
[  487.868316][ T7900] sysv_free_block: getblk() failed
[  487.873848][ T7900] sysv_free_block: getblk() failed
[  487.879270][ T7900] sysv_free_block: getblk() failed
[  487.884714][ T7900] sysv_free_block: getblk() failed
[  487.890089][ T7900] sysv_free_block: getblk() failed
[  487.897392][ T7900] sysv_free_block: getblk() failed
[  487.902824][ T7900] sysv_free_block: getblk() failed
[  487.908215][ T7900] sysv_free_block: getblk() failed
[  487.915393][ T7900] sysv_free_block: getblk() failed
[  487.920785][ T7900] sysv_free_block: getblk() failed
[  487.926135][ T7900] sysv_free_block: getblk() failed
[  487.931597][ T7900] sysv_free_block: getblk() failed
[  487.937064][ T7900] sysv_free_block: getblk() failed
[  487.944378][ T7900] sysv_free_block: getblk() failed
[  487.949827][ T7900] sysv_free_block: getblk() failed
[  487.955259][ T7900] sysv_free_block: getblk() failed
[  487.960698][ T7900] sysv_free_block: getblk() failed
[  487.966290][ T7900] sysv_free_block: getblk() failed
[  487.971685][ T7900] sysv_free_block: getblk() failed
[  487.977140][ T7900] sysv_free_block: getblk() failed
[  487.982508][ T7900] sysv_free_block: getblk() failed
[  487.989487][ T7900] sysv_free_block: getblk() failed
[  487.994982][ T7900] sysv_free_block: getblk() failed
[  488.000370][ T7900] sysv_free_block: getblk() failed
[  488.005780][ T7900] sysv_free_block: getblk() failed
[  488.011182][ T7900] sysv_free_block: getblk() failed
[  488.016607][ T7900] sysv_free_block: getblk() failed
[  488.022026][ T7900] sysv_free_block: getblk() failed
[  488.027307][ T7900] sysv_free_block: getblk() failed
[  488.032557][ T7900] sysv_free_block: getblk() failed
[  488.037735][ T7900] sysv_free_block: getblk() failed
[  488.042901][ T7900] sysv_free_block: getblk() failed
[  488.048308][ T7900] sysv_free_block: getblk() failed
[  488.053482][ T7900] sysv_free_block: trying to free block not in datazone
[  488.060469][ T7900] sysv_free_block: trying to free block not in datazone
[  488.067699][ T7900] sysv_free_block: trying to free block not in datazone
[  488.217161][ T7900] sysv_free_inode: inode 0,1,2 or nonexistent inode
[  489.056266][ T7903] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  489.098891][ T7903] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  489.170439][ T7903] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  489.298512][ T7903] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  489.392582][ T7910] loop3: detected capacity change from 0 to 64
[  489.411066][ T7903] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  489.493008][ T7903] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  489.500795][ T7903] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  489.516791][ T7903] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  489.559906][ T7903] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  489.577780][ T7903] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  489.597992][ T7903] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  489.819687][ T7915] loop2: detected capacity change from 0 to 128
[  490.722970][   T26] audit: type=1800 audit(1738738776.688:43): pid=7915 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.831" name="bus" dev="loop2" ino=1048623 res=0 errno=0
[  490.903002][ T7903] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  491.040502][ T4260] Bluetooth: hci0: Opcode 0x1407 failed: -112
[  491.048777][ T7903] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  491.074463][ T4260] Bluetooth: hci1: command 0x0c1a tx timeout
[  491.126376][ T7903] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  491.132556][ T7903] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  491.370458][ T4260] Bluetooth: hci2: command 0x0c1a tx timeout
[  492.023011][ T4260] Bluetooth: hci3: command 0x0c1a tx timeout
[  492.029084][ T4260] Bluetooth: hci4: command 0x0c1a tx timeout
[  493.092937][ T4260] Bluetooth: hci0: command 0x0c1a tx timeout
[  493.152904][ T4260] Bluetooth: hci1: command 0x0406 tx timeout
[  493.392883][ T4260] Bluetooth: hci2: command 0x0406 tx timeout
[  494.112864][ T4260] Bluetooth: hci4: command 0x0406 tx timeout
[  494.119182][ T4253] Bluetooth: hci3: command 0x0406 tx timeout
[  495.163642][ T4260] Bluetooth: hci0: command 0x0406 tx timeout
[  497.613899][ T5881] libceph: connect (1)[c::]:6789 error -101
[  497.620929][ T5881] libceph: mon0 (1)[c::]:6789 connect error
[  497.872927][ T7974] loop0: detected capacity change from 0 to 128
[  498.206477][   T26] audit: type=1800 audit(1738738784.178:44): pid=7974 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.845" name="bus" dev="loop0" ino=1048624 res=0 errno=0
[  499.045263][  T952] libceph: connect (1)[c::]:6789 error -101
[  499.051321][  T952] libceph: mon0 (1)[c::]:6789 connect error
[  499.442406][ T7961] ceph: No mds server is up or the cluster is laggy
[  500.422725][  T952] libceph: connect (1)[c::]:6789 error -101
[  500.534243][  T952] libceph: mon0 (1)[c::]:6789 connect error
[  501.226606][  T952] libceph: connect (1)[c::]:6789 error -101
[  501.232586][  T952] libceph: mon0 (1)[c::]:6789 connect error
[  501.395897][ T1274] ieee802154 phy0 wpan0: encryption failed: -22
[  501.402693][ T1274] ieee802154 phy1 wpan1: encryption failed: -22
[  503.696318][ T8010] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  503.707567][ T8010] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  504.614807][ T8018] input: syz0 as /devices/virtual/input/input21
[  505.196914][ T8025] loop5: detected capacity change from 0 to 128
[  505.357992][   T26] audit: type=1800 audit(1738738791.468:45): pid=8025 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.861" name="bus" dev="loop5" ino=1048625 res=0 errno=0
[  506.502388][ T8031] loop4: detected capacity change from 0 to 256
[  506.556608][ T8031] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  506.878615][ T8035] loop2: detected capacity change from 0 to 4096
[  511.193471][  T952] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  512.018798][ T8060] loop4: detected capacity change from 0 to 128
[  512.050107][ T8063] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  512.061447][ T8063] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  512.506436][ T8073] blktrace: Concurrent blktraces are not allowed on sg0
[  512.515002][   T26] audit: type=1400 audit(1738738798.748:46): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=8067 comm="syz.5.873"
[  513.407290][ T8081] loop5: detected capacity change from 0 to 128
[  513.926184][   T26] audit: type=1800 audit(1738738800.038:47): pid=8080 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.877" name="bus" dev="loop5" ino=1048627 res=0 errno=0
[  515.857164][  T952] libceph: connect (1)[c::]:6789 error -101
[  515.895874][  T952] libceph: mon0 (1)[c::]:6789 connect error
[  516.286424][ T8093] ceph: No mds server is up or the cluster is laggy
[  516.822810][ T8106] input: syz0 as /devices/virtual/input/input22
[  520.282091][ T8114] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  520.397596][ T8116] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  520.409377][ T8116] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  520.951596][ T8127] blktrace: Concurrent blktraces are not allowed on sg0
[  521.686462][ T8130] netlink: 16 bytes leftover after parsing attributes in process `syz.0.886'.
[  521.757300][ T8130] bond0: (slave bond_slave_0): Slave does not support ipsec offload
[  523.431626][ T8141] loop2: detected capacity change from 0 to 128
[  523.477208][   T26] audit: type=1800 audit(1738738809.708:48): pid=8141 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.891" name="bus" dev="loop2" ino=1048628 res=0 errno=0
[  524.061104][ T8149] loop4: detected capacity change from 0 to 512
[  524.769899][ T8158] input: syz0 as /devices/virtual/input/input23
[  526.094381][ T8161] loop4: detected capacity change from 0 to 128
[  527.825964][ T8161] VFS: Found a Xenix FS (block size = 512) on device loop4
[  527.833893][ T8161] sysv_free_block: trying to free block not in datazone
[  527.841328][ T8161] sysv_free_block: trying to free block not in datazone
[  527.848707][ T8161] sysv_free_block: getblk() failed
[  527.853894][ T8161] sysv_free_block: getblk() failed
[  527.859194][ T8161] sysv_free_block: getblk() failed
[  527.864407][ T8161] sysv_free_block: getblk() failed
[  527.869540][ T8161] sysv_free_block: getblk() failed
[  527.874813][ T8161] sysv_free_block: getblk() failed
[  527.879938][ T8161] sysv_free_block: getblk() failed
[  527.885179][ T8161] sysv_free_block: getblk() failed
[  527.890332][ T8161] sysv_free_block: getblk() failed
[  527.895480][ T8161] sysv_free_block: getblk() failed
[  527.900805][ T8161] sysv_free_block: getblk() failed
[  527.905980][ T8161] sysv_free_block: getblk() failed
[  527.911113][ T8161] sysv_free_block: getblk() failed
[  527.916448][ T8161] sysv_free_block: getblk() failed
[  527.921606][ T8161] sysv_free_block: getblk() failed
[  527.926770][ T8161] sysv_free_block: getblk() failed
[  527.931900][ T8161] sysv_free_block: getblk() failed
[  527.937084][ T8161] sysv_free_block: getblk() failed
[  527.942398][ T8161] sysv_free_block: getblk() failed
[  527.947906][ T8161] sysv_free_block: getblk() failed
[  527.953058][ T8161] sysv_free_block: getblk() failed
[  527.958210][ T8161] sysv_free_block: getblk() failed
[  527.963366][ T8161] sysv_free_block: getblk() failed
[  527.968490][ T8161] sysv_free_block: getblk() failed
[  527.973655][ T8161] sysv_free_block: getblk() failed
[  527.978792][ T8161] sysv_free_block: getblk() failed
[  527.984306][ T8161] sysv_free_block: getblk() failed
[  527.989464][ T8161] sysv_free_block: getblk() failed
[  527.994619][ T8161] sysv_free_block: getblk() failed
[  527.999749][ T8161] sysv_free_block: getblk() failed
[  528.004920][ T8161] sysv_free_block: getblk() failed
[  528.010046][ T8161] sysv_free_block: getblk() failed
[  528.015217][ T8161] sysv_free_block: getblk() failed
[  528.020394][ T8161] sysv_free_block: getblk() failed
[  528.062222][ T8161] sysv_free_block: getblk() failed
[  528.067484][ T8161] sysv_free_block: getblk() failed
[  528.072647][ T8161] sysv_free_block: getblk() failed
[  528.078128][ T8161] sysv_free_block: getblk() failed
[  528.083275][ T8161] sysv_free_block: trying to free block not in datazone
[  528.090237][ T8161] sysv_free_block: trying to free block not in datazone
[  528.097459][ T8161] sysv_free_block: trying to free block not in datazone
[  528.107015][ T8161] sysv_free_inode: inode 0,1,2 or nonexistent inode
[  528.303736][ T8167] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  528.315663][ T8167] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  529.069992][ T8165] loop2: detected capacity change from 0 to 32768
[  529.135535][ T8165] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  529.147376][ T8165] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  529.279639][ T8165] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms
[  529.313914][  T127] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  529.327877][ T8176] netlink: 16 bytes leftover after parsing attributes in process `syz.5.903'.
[  529.337631][ T8176] bond0: (slave bond_slave_0): Slave does not support ipsec offload
[  529.364290][  T127] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  529.654388][ T8180] blktrace: Concurrent blktraces are not allowed on sg0
[  529.668351][   T26] audit: type=1400 audit(1738738815.898:49): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=8174 comm="syz.0.902"
[  529.706978][ T8173] loop4: detected capacity change from 0 to 4096
[  529.927606][  T127] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 563ms
[  529.958822][  T127] gfs2: fsid=syz:syz.0: jid=0: Done
[  529.980809][ T8165] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  531.583059][   T41] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  531.702070][ T8205] loop4: detected capacity change from 0 to 2048
[  531.714799][ T8205] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=18576, location=18576
[  531.775637][ T8205] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  532.043303][   T41] usb 4-1: Using ep0 maxpacket: 16
[  532.136730][   T41] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  532.437621][   T41] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  532.689672][   T41] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  532.956689][   T41] usb 4-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00
[  533.048837][   T41] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  533.278700][   T41] usb 4-1: config 0 descriptor??
[  533.989483][   T41] logitech 0003:046D:C20E.0003: rdesc size test failed for formula gp
[  534.037023][   T41] logitech 0003:046D:C20E.0003: unbalanced collection at end of report description
[  534.264658][   T41] logitech 0003:046D:C20E.0003: parse failed
[  534.304674][   T41] logitech: probe of 0003:046D:C20E.0003 failed with error -22
[  534.359802][   T41] usb 4-1: USB disconnect, device number 3
[  534.754641][ T8218] input: syz0 as /devices/virtual/input/input24
[  535.485902][ T8222] loop0: detected capacity change from 0 to 512
[  535.799633][ T8228] loop0: detected capacity change from 0 to 128
[  535.802816][ T8225] loop5: detected capacity change from 0 to 512
[  535.813289][ T8225] EXT4-fs: Ignoring removed oldalloc option
[  535.819239][ T8225] EXT4-fs: inline encryption not supported
[  535.861567][ T8228] VFS: Found a Xenix FS (block size = 512) on device loop0
[  535.870562][ T8228] sysv_free_block: trying to free block not in datazone
[  535.880500][ T8228] sysv_free_block: trying to free block not in datazone
[  535.889323][ T8228] sysv_free_block: getblk() failed
[  535.894835][ T8228] sysv_free_block: getblk() failed
[  535.901375][ T8228] sysv_free_block: getblk() failed
[  535.906692][ T8228] sysv_free_block: getblk() failed
[  535.911943][ T8228] sysv_free_block: getblk() failed
[  535.917218][ T8228] sysv_free_block: getblk() failed
[  535.922471][ T8228] sysv_free_block: getblk() failed
[  535.927764][ T8228] sysv_free_block: getblk() failed
[  535.933062][ T8228] sysv_free_block: getblk() failed
[  535.938324][ T8228] sysv_free_block: getblk() failed
[  535.944396][ T8228] sysv_free_block: getblk() failed
[  535.949642][ T8228] sysv_free_block: getblk() failed
[  535.954932][ T8228] sysv_free_block: getblk() failed
[  535.961025][ T8228] sysv_free_block: getblk() failed
[  535.966317][ T8228] sysv_free_block: getblk() failed
[  535.971552][ T8228] sysv_free_block: getblk() failed
[  535.976844][ T8228] sysv_free_block: getblk() failed
[  535.982201][ T8228] sysv_free_block: getblk() failed
[  535.988318][ T8228] sysv_free_block: getblk() failed
[  535.993646][ T8228] sysv_free_block: getblk() failed
[  535.998986][ T8228] sysv_free_block: getblk() failed
[  536.004284][ T8228] sysv_free_block: getblk() failed
[  536.009514][ T8228] sysv_free_block: getblk() failed
[  536.014785][ T8228] sysv_free_block: getblk() failed
[  536.020017][ T8228] sysv_free_block: getblk() failed
[  536.025301][ T8228] sysv_free_block: getblk() failed
[  536.031484][ T8228] sysv_free_block: getblk() failed
[  536.036799][ T8228] sysv_free_block: getblk() failed
[  536.042105][ T8228] sysv_free_block: getblk() failed
[  536.047536][ T8228] sysv_free_block: getblk() failed
[  536.052815][ T8228] sysv_free_block: getblk() failed
[  536.058063][ T8228] sysv_free_block: getblk() failed
[  536.063364][ T8228] sysv_free_block: getblk() failed
[  536.068628][ T8228] sysv_free_block: getblk() failed
[  536.074841][ T8228] sysv_free_block: getblk() failed
[  536.080095][ T8228] sysv_free_block: getblk() failed
[  536.085401][ T8228] sysv_free_block: getblk() failed
[  536.091203][ T8228] sysv_free_block: getblk() failed
[  536.096400][ T8228] sysv_free_block: trying to free block not in datazone
[  536.103435][ T8228] sysv_free_block: trying to free block not in datazone
[  536.111362][ T8228] sysv_free_block: trying to free block not in datazone
[  536.126176][ T8228] sysv_free_inode: inode 0,1,2 or nonexistent inode
[  536.163009][ T8225] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  536.694986][ T8232] netlink: 16 bytes leftover after parsing attributes in process `syz.2.916'.
[  536.704259][ T8232] bond0: (slave bond_slave_0): Slave does not support ipsec offload
[  536.730810][ T8225] EXT4-fs error (device loop5): ext4_validate_block_bitmap:438: comm syz.5.913: bg 0: block 64: padding at end of block bitmap is not set
[  536.828803][ T8225] Quota error (device loop5): write_blk: dquota write failed
[  536.836635][ T8225] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota
[  536.846692][ T8225] EXT4-fs error (device loop5): ext4_acquire_dquot:6795: comm syz.5.913: Failed to acquire dquot type 0
[  536.859231][ T8225] EXT4-fs (loop5): 1 truncate cleaned up
[  536.864991][ T8225] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  537.213028][ T8235] loop4: detected capacity change from 0 to 4096
[  541.582993][ T8264] blktrace: Concurrent blktraces are not allowed on sg0
[  542.492916][   T26] audit: type=1400 audit(1738738827.238:50): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=8255 comm="syz.0.924"
[  542.742048][ T5156] EXT4-fs (loop5): unmounting filesystem.
[  543.106334][ T8275] loop2: detected capacity change from 0 to 2048
[  543.114250][ T8275] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=18576, location=18576
[  548.118007][ T8275] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  548.632708][ T8289] loop3: detected capacity change from 0 to 128
[  550.037600][   T26] audit: type=1800 audit(1738738836.288:51): pid=8289 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.934" name="bus" dev="loop3" ino=1048629 res=0 errno=0
[  551.820952][ T8304] loop0: detected capacity change from 0 to 512
[  551.831260][ T8304] EXT4-fs: Ignoring removed oldalloc option
[  551.837377][ T8304] EXT4-fs: inline encryption not supported
[  552.045248][   T26] audit: type=1400 audit(1738738837.988:52): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=8302 comm="syz.3.939"
[  552.074407][ T8304] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[  552.204974][ T8304] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.938: bg 0: block 64: padding at end of block bitmap is not set
[  552.219675][ T8304] Quota error (device loop0): write_blk: dquota write failed
[  552.227543][ T8304] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  552.237700][ T8304] EXT4-fs error (device loop0): ext4_acquire_dquot:6795: comm syz.0.938: Failed to acquire dquot type 0
[  552.257747][ T8304] EXT4-fs (loop0): 1 truncate cleaned up
[  552.264037][ T8304] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  552.535662][ T4250] EXT4-fs (loop0): unmounting filesystem.
[  552.833051][ T8314] kAFS: No cell specified
[  553.544818][ T8322] loop0: detected capacity change from 0 to 4096
[  554.195562][ T8328] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  554.213766][ T8328] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  554.227100][ T8328] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  554.300843][ T8328] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  554.313051][ T8328] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  554.333871][ T8328] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  554.386349][ T8328] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  554.429059][ T8328] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  554.467608][ T8328] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  554.501012][ T8328] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  554.527620][ T8328] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  554.547217][ T8328] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  554.590821][ T8328] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  554.622433][ T8328] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  554.666608][ T8328] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  555.029254][ T8342] loop5: detected capacity change from 0 to 128
[  556.030768][   T26] audit: type=1800 audit(1738738842.278:53): pid=8342 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.948" name="bus" dev="loop5" ino=1048630 res=0 errno=0
[  556.071844][ T4260] Bluetooth: hci1: command 0x0c1a tx timeout
[  556.864801][ T4253] Bluetooth: hci3: command 0x0c1a tx timeout
[  556.870828][ T4253] Bluetooth: hci4: command 0x0c1a tx timeout
[  556.876910][ T4257] Bluetooth: hci0: command 0x0c1a tx timeout
[  556.883309][ T4260] Bluetooth: hci2: command 0x0c1a tx timeout
[  557.633128][   T26] audit: type=1400 audit(1738738843.798:54): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=8349 comm="syz.5.951"
[  558.113995][ T4260] Bluetooth: hci1: command 0x0406 tx timeout
[  558.241054][ T8357] netlink: 8 bytes leftover after parsing attributes in process `syz.4.953'.
[  558.253811][ T8357] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready
[  558.425984][ T8357] netlink: 28 bytes leftover after parsing attributes in process `syz.4.953'.
[  558.461984][ T4250] ntfs3: loop0: ntfs_evict_inode r=5 failed, -22.
[  558.552887][ T8362] loop2: detected capacity change from 0 to 512
[  558.562051][ T8362] EXT4-fs: Ignoring removed oldalloc option
[  558.568213][ T8362] EXT4-fs: inline encryption not supported
[  558.595430][ T8362] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  558.923123][ T4260] Bluetooth: hci4: command 0x0406 tx timeout
[  558.930779][ T4260] Bluetooth: hci2: command 0x0406 tx timeout
[  558.937417][ T4260] Bluetooth: hci0: command 0x0406 tx timeout
[  558.944082][ T4260] Bluetooth: hci3: command 0x0406 tx timeout
[  558.958030][ T4250] ntfs3: loop0: Mark volume as dirty due to NTFS errors
[  559.214981][ T8362] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.952: bg 0: block 64: padding at end of block bitmap is not set
[  559.229763][ T8362] Quota error (device loop2): write_blk: dquota write failed
[  559.237323][ T8362] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[  559.247367][ T8362] EXT4-fs error (device loop2): ext4_acquire_dquot:6795: comm syz.2.952: Failed to acquire dquot type 0
[  559.263797][ T8362] EXT4-fs (loop2): 1 truncate cleaned up
[  559.269535][ T8362] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  559.309298][ T8370] loop0: detected capacity change from 0 to 1024
[  559.354771][ T8370] EXT4-fs: Ignoring removed bh option
[  559.361883][ T8370] EXT4-fs: Ignoring removed nobh option
[  559.464486][ T4258] EXT4-fs (loop2): unmounting filesystem.
[  559.477926][ T8371] loop5: detected capacity change from 0 to 128
[  559.485948][ T8370] EXT4-fs: Ignoring removed bh option
[  559.604035][ T8370] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  560.299093][ T4250] EXT4-fs (loop0): unmounting filesystem.
[  560.715635][ T8394] loop4: detected capacity change from 0 to 128
[  560.810819][ T8387] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  562.015251][ T8387] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  562.034071][   T26] audit: type=1800 audit(1738738848.288:55): pid=8394 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.961" name="bus" dev="loop4" ino=1048631 res=0 errno=0
[  562.223534][ T8387] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  562.230786][ T8387] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  562.782450][ T8387] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  562.789608][ T8387] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  562.806175][ T8387] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  562.812342][ T8387] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  562.819275][ T8387] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  562.826728][ T8387] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  562.835705][ T8387] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  562.836449][ T1274] ieee802154 phy0 wpan0: encryption failed: -22
[  562.841847][ T8387] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  562.848003][ T1274] ieee802154 phy1 wpan1: encryption failed: -22
[  562.864989][ T8387] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  562.871036][ T8387] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  562.895580][ T8387] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  564.028440][   T26] audit: type=1400 audit(1738738849.658:56): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=8398 comm="syz.2.964"
[  564.077513][ T4253] Bluetooth: hci1: command 0x0c1a tx timeout
[  564.103317][ T8408] netlink: 5 bytes leftover after parsing attributes in process `syz.5.966'.
[  564.625250][ T8402] loop3: detected capacity change from 0 to 4096
[  564.775074][ T8418] loop4: detected capacity change from 0 to 64
[  564.833094][ T4253] Bluetooth: hci4: command 0x0c1a tx timeout
[  564.833167][ T4260] Bluetooth: hci3: command 0x0c1a tx timeout
[  564.839122][ T4253] Bluetooth: hci2: command 0x0c1a tx timeout
[  564.912970][ T4260] Bluetooth: hci0: command 0x0c1a tx timeout
[  565.762868][ T5881] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  565.964612][ T5881] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  566.001001][ T5881] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  566.045122][ T5881] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  566.062215][ T8430] loop4: detected capacity change from 0 to 4096
[  566.122937][ T4257] Bluetooth: hci1: command 0x0406 tx timeout
[  566.141230][ T5881] usb 6-1: New USB device found, idVendor=044e, idProduct=120b, bcdDevice= 0.00
[  566.151276][ T5881] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  566.161987][ T5881] usb 6-1: config 0 descriptor??
[  566.178670][ T8430] NILFS (loop4): invalid segment: Checksum error in segment payload
[  566.235693][ T8430] NILFS (loop4): trying rollback from an earlier position
[  566.328251][ T8430] NILFS (loop4): recovery complete
[  566.354981][ T8439] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  566.571375][ T8421] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  566.580611][ T8421] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  566.671469][   T26] audit: type=1800 audit(1738738852.918:57): pid=8424 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.970" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  566.928810][ T4253] Bluetooth: hci4: command 0x0406 tx timeout
[  566.928824][ T4260] Bluetooth: hci3: command 0x0406 tx timeout
[  566.928885][ T4257] Bluetooth: hci2: command 0x0406 tx timeout
[  566.995147][ T4257] Bluetooth: hci0: command 0x0406 tx timeout
[  567.839862][ T5881] usbhid 6-1:0.0: can't add hid device: -71
[  567.848839][ T5881] usbhid: probe of 6-1:0.0 failed with error -71
[  567.889773][ T5881] usb 6-1: USB disconnect, device number 4
[  568.267185][ T8445] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  568.441342][ T8445] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  568.469843][ T8445] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  568.488749][ T8445] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  568.502966][ T8445] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  568.550006][ T8445] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  568.590870][ T8443] syz.4.975 (8443): drop_caches: 2
[  568.658070][ T8445] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  568.700118][ T8445] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  568.732330][ T4244] ntfs3: loop3: ntfs_evict_inode r=5 failed, -22.
[  568.742902][ T4244] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[  568.761966][ T8445] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  569.502943][ T8445] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  569.509017][ T8445] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  569.533125][ T8445] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  569.561506][ T8445] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  569.577495][ T8445] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  569.618796][ T8456] loop2: detected capacity change from 0 to 1024
[  569.626878][ T8445] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  569.956091][   T26] audit: type=1400 audit(1738738856.198:58): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=8455 comm="syz.3.978"
[  570.197151][ T4257] Bluetooth: hci1: command 0x0c1a tx timeout
[  570.513034][ T4253] Bluetooth: hci2: command 0x0c1a tx timeout
[  570.673046][ T4253] Bluetooth: hci3: command 0x0c1a tx timeout
[  570.934899][ T4440] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  570.988678][ T8471] loop2: detected capacity change from 0 to 64
[  571.222977][ T4440] usb 1-1: Using ep0 maxpacket: 8
[  571.289696][ T4440] usb 1-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[  571.593030][ T4253] Bluetooth: hci4: command 0x0c1a tx timeout
[  571.633033][ T4253] Bluetooth: hci0: command 0x0c1a tx timeout
[  571.693004][ T4440] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  571.701668][ T4440] usb 1-1: Product: syz
[  571.708908][ T4440] usb 1-1: Manufacturer: syz
[  572.129709][ T4440] usb 1-1: SerialNumber: syz
[  572.154556][ T4440] usb 1-1: config 0 descriptor??
[  572.177359][ T4440] gspca_main: sonixj-2.14.0 probing 0c45:613a
[  572.272847][ T4257] Bluetooth: hci1: command 0x0406 tx timeout
[  572.422454][ T8480] loop2: detected capacity change from 0 to 4096
[  572.430370][ T8480] ntfs3: Unknown parameter 'windows_names'
[  572.485163][ T4449] I/O error, dev loop2, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  572.497705][ T8484] overlayfs: failed to resolve './file1': -2
[  572.528552][ T8462] loop5: detected capacity change from 0 to 32768
[  572.594455][ T4257] Bluetooth: hci2: command 0x0406 tx timeout
[  572.599427][ T8482] loop3: detected capacity change from 0 to 4096
[  572.745120][ T8486] loop4: detected capacity change from 0 to 4096
[  572.754549][ T4253] Bluetooth: hci3: command 0x0406 tx timeout
[  572.866505][ T8462] JBD2: Ignoring recovery information on journal
[  573.434447][ T4440] gspca_sonixj: reg_r err -110
[  573.439458][ T4440] sonixj: probe of 1-1:0.0 failed with error -110
[  573.484769][ T8462] JBD2: recovery failed
[  573.489071][ T8462] (syz.5.981,8462,0):ocfs2_journal_load:1112 ERROR: Failed to load journal!
[  573.508264][ T8462] (syz.5.981,8462,0):ocfs2_check_volume:2430 ERROR: ocfs2 journal load failed! -5
[  573.517693][ T8462] (syz.5.981,8462,0):ocfs2_check_volume:2486 ERROR: status = -5
[  573.553129][ T8462] (syz.5.981,8462,0):ocfs2_mount_volume:1821 ERROR: status = -5
[  573.596720][ T8462] (syz.5.981,8462,0):ocfs2_fill_super:1176 ERROR: status = -5
[  573.632937][ T4253] Bluetooth: hci4: command 0x0406 tx timeout
[  573.712892][ T4253] Bluetooth: hci0: command 0x0406 tx timeout
[  574.193077][   T26] audit: type=1400 audit(1738738860.358:59): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=8496 comm="syz.2.994"
[  574.908867][ T4439] usb 1-1: USB disconnect, device number 4
[  575.641950][ T8516] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  575.730792][ T8516] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  576.037413][ T8516] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  576.071016][ T8516] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  576.112993][ T8516] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  576.119030][ T8516] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  576.127639][ T8525] overlayfs: failed to resolve './file1': -2
[  576.213037][ T8516] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  576.219114][ T8516] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  576.328978][ T8516] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  577.147772][ T8516] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  577.162909][ T8516] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  577.286229][ T8516] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  577.313172][ T4253] Bluetooth: hci1: command 0x0c1a tx timeout
[  577.501613][ T8516] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  577.545562][ T8516] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  577.622993][ T8516] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  577.683554][ T8536] loop5: detected capacity change from 0 to 64
[  578.331988][ T4253] Bluetooth: hci2: command 0x0c1a tx timeout
[  578.339125][ T4253] Bluetooth: hci3: command 0x0c1a tx timeout
[  578.355228][   T26] audit: type=1400 audit(1738738864.578:60): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=8539 comm="syz.2.1005"
[  578.845213][ T4244] ntfs3: loop3: ntfs_evict_inode r=5 failed, -22.
[  578.852138][ T4244] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[  579.054942][ T8547] loop0: detected capacity change from 0 to 4096
[  579.173924][ T4257] Bluetooth: hci4: command 0x0c1a tx timeout
[  579.471797][ T8558] loop2: detected capacity change from 0 to 512
[  580.108978][ T4253] Bluetooth: hci0: command 0x0c1a tx timeout
[  581.022887][ T4253] Bluetooth: hci3: command 0x0406 tx timeout
[  581.024067][ T4257] Bluetooth: hci2: command 0x0406 tx timeout
[  581.028919][ T4253] Bluetooth: hci1: command 0x0406 tx timeout
[  582.026851][ T8558] fscrypt: Error allocating hmac(sha512): -2
[  582.392697][ T4253] Bluetooth: hci0: command 0x0406 tx timeout
[  582.392711][ T4257] Bluetooth: hci4: command 0x0406 tx timeout
[  583.056883][ T4449] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  585.459637][ T8590] blktrace: Concurrent blktraces are not allowed on sg0
[  585.503182][   T26] audit: type=1400 audit(1738738871.698:61): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=8584 comm="syz.0.1018"
[  585.742404][ T8593] loop5: detected capacity change from 0 to 64
[  587.806914][ T8599] 9pnet_fd: Insufficient options for proto=fd
[  588.040069][ T8602] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  588.048550][ T8602] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  588.055092][ T8602] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  588.062863][ T8602] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  588.069126][ T8602] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  588.075589][ T8602] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  588.083414][ T8602] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  588.089644][ T8602] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  588.377203][ T8602] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  588.393288][ T8602] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  588.400120][ T8602] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  588.414286][ T8602] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  588.424879][ T8611] loop5: detected capacity change from 0 to 1024
[  588.431790][ T8602] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  588.513057][ T8602] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  588.519034][ T8602] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  589.229200][ T8616] loop2: detected capacity change from 0 to 4096
[  590.044676][ T6543] hfsplus: b-tree write err: -5, ino 4
[  590.113106][ T4253] Bluetooth: hci3: command 0x0c1a tx timeout
[  590.119160][ T4253] Bluetooth: hci2: command 0x0c1a tx timeout
[  590.125233][ T4262] Bluetooth: hci1: command 0x0c1a tx timeout
[  590.603055][ T4262] Bluetooth: hci4: command 0x0c1a tx timeout
[  590.603101][ T4253] Bluetooth: hci0: command 0x0c1a tx timeout
[  591.990377][ T8643] loop4: detected capacity change from 0 to 64
[  592.167351][ T8647] loop3: detected capacity change from 0 to 512
[  592.193160][ T4262] Bluetooth: hci2: command 0x0406 tx timeout
[  592.199270][ T4262] Bluetooth: hci1: command 0x0406 tx timeout
[  592.222850][ T4262] Bluetooth: hci3: command 0x0406 tx timeout
[  592.905605][ T4257] Bluetooth: hci0: command 0x0406 tx timeout
[  592.911688][ T4262] Bluetooth: hci4: command 0x0406 tx timeout
[  593.369836][ T8666] loop3: detected capacity change from 0 to 128
[  595.052810][ T8666] VFS: Found a Xenix FS (block size = 512) on device loop3
[  595.060356][ T8666] sysv_free_block: trying to free block not in datazone
[  595.068792][ T8666] sysv_free_block: trying to free block not in datazone
[  595.076625][ T8666] sysv_free_block: getblk() failed
[  595.081778][ T8666] sysv_free_block: getblk() failed
[  595.087166][ T8666] sysv_free_block: getblk() failed
[  595.092303][ T8666] sysv_free_block: getblk() failed
[  595.097499][ T8666] sysv_free_block: getblk() failed
[  595.102651][ T8666] sysv_free_block: getblk() failed
[  595.107879][ T8666] sysv_free_block: getblk() failed
[  595.113060][ T8666] sysv_free_block: getblk() failed
[  595.118190][ T8666] sysv_free_block: getblk() failed
[  595.123488][ T8666] sysv_free_block: getblk() failed
[  595.128797][ T8666] sysv_free_block: getblk() failed
[  595.133987][ T8666] sysv_free_block: getblk() failed
[  595.139114][ T8666] sysv_free_block: getblk() failed
[  595.144458][ T8666] sysv_free_block: getblk() failed
[  595.149589][ T8666] sysv_free_block: getblk() failed
[  595.154866][ T8666] sysv_free_block: getblk() failed
[  595.159994][ T8666] sysv_free_block: getblk() failed
[  595.165200][ T8666] sysv_free_block: getblk() failed
[  595.170510][ T8666] sysv_free_block: getblk() failed
[  595.175709][ T8666] sysv_free_block: getblk() failed
[  595.181283][ T8666] sysv_free_block: getblk() failed
[  595.186475][ T8666] sysv_free_block: getblk() failed
[  595.191601][ T8666] sysv_free_block: getblk() failed
[  595.196788][ T8666] sysv_free_block: getblk() failed
[  595.201916][ T8666] sysv_free_block: getblk() failed
[  595.207090][ T8666] sysv_free_block: getblk() failed
[  595.212874][ T8666] sysv_free_block: getblk() failed
[  595.218035][ T8666] sysv_free_block: getblk() failed
[  595.223232][ T8666] sysv_free_block: getblk() failed
[  595.228368][ T8666] sysv_free_block: getblk() failed
[  595.233546][ T8666] sysv_free_block: getblk() failed
[  595.238672][ T8666] sysv_free_block: getblk() failed
[  595.243854][ T8666] sysv_free_block: getblk() failed
[  595.248982][ T8666] sysv_free_block: getblk() failed
[  595.254351][ T8666] sysv_free_block: getblk() failed
[  595.259480][ T8666] sysv_free_block: getblk() failed
[  595.264667][ T8666] sysv_free_block: getblk() failed
[  595.270030][ T8666] sysv_free_block: getblk() failed
[  595.275183][ T8666] sysv_free_block: trying to free block not in datazone
[  595.282534][ T8666] sysv_free_block: trying to free block not in datazone
[  595.289740][ T8666] sysv_free_block: trying to free block not in datazone
[  595.553115][ T4253] Bluetooth: hci1: command 0x0c1a tx timeout
[  595.666663][ T8666] sysv_free_inode: inode 0,1,2 or nonexistent inode
[  595.753201][ T8659] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[  596.160862][ T8659] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  596.178480][ T8659] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  596.218423][ T8659] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  596.229839][ T8659] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  596.249205][ T8659] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  596.298632][ T8659] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  596.313676][ T8659] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  596.326185][ T8659] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  596.336320][ T8659] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  596.342405][ T8659] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  596.349002][ T8659] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  596.356394][ T8659] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  596.362574][ T8659] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  596.370933][ T8659] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  597.590347][ T8687] loop0: detected capacity change from 0 to 64
[  597.872866][ T4262] Bluetooth: hci1: command 0x0406 tx timeout
[  598.772254][ T4253] Bluetooth: hci2: command 0x0c1a tx timeout
[  598.780979][ T4262] Bluetooth: hci4: command 0x0c1a tx timeout
[  598.787468][ T4257] Bluetooth: hci3: command 0x0c1a tx timeout
[  598.793585][ T4260] Bluetooth: hci0: command 0x0c1a tx timeout
[  598.851741][ T6866] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  599.922867][ T6866] usb 3-1: Using ep0 maxpacket: 32
[  599.929666][ T6866] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  599.947786][ T6866] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  599.968918][ T6866] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  599.982838][ T6866] usb 3-1: Product: syz
[  599.987084][ T6866] usb 3-1: Manufacturer: syz
[  599.992585][ T6866] usb 3-1: SerialNumber: syz
[  600.020716][ T6866] usb 3-1: config 0 descriptor??
[  600.026655][ T8708] loop5: detected capacity change from 0 to 64
[  600.046630][ T6866] hub 3-1:0.0: bad descriptor, ignoring hub
[  600.052577][ T6866] hub: probe of 3-1:0.0 failed with error -5
[  600.211685][ T8702] loop3: detected capacity change from 0 to 4096
[  600.493453][ T6866] usb 3-1: USB disconnect, device number 2
[  600.857200][ T4260] Bluetooth: hci4: command 0x0406 tx timeout
[  600.863387][ T4260] Bluetooth: hci2: command 0x0406 tx timeout
[  600.869406][ T4260] Bluetooth: hci3: command 0x0406 tx timeout
[  600.912713][ T4262] Bluetooth: hci0: command 0x0406 tx timeout
[  602.185967][ T8720] loop2: detected capacity change from 0 to 4096
[  603.980185][ T4258] ntfs3: loop2: ntfs_evict_inode r=5 failed, -22.
[  604.012886][ T4258] ntfs3: loop2: Mark volume as dirty due to NTFS errors
[  604.203300][ T8731] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  604.209364][ T8731] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  604.216576][ T8731] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  604.224871][ T8731] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  604.233133][ T8731] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  604.468994][ T8731] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  604.531602][ T8731] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  604.587096][ T8731] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  604.626024][ T8731] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  604.667164][ T8731] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  604.673638][ T8731] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  604.679830][ T8731] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  604.687201][ T8731] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  604.694631][ T8731] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  604.701183][ T8731] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  606.272926][ T4253] Bluetooth: hci2: command 0x0c1a tx timeout
[  606.278990][ T4253] Bluetooth: hci1: command 0x0c1a tx timeout
[  607.176032][ T4262] Bluetooth: hci0: command 0x0c1a tx timeout
[  607.176122][ T4260] Bluetooth: hci4: command 0x0c1a tx timeout
[  607.188489][ T4253] Bluetooth: hci3: command 0x0c1a tx timeout
[  607.601679][ T8757] loop2: detected capacity change from 0 to 128
[  608.536982][ T4262] Bluetooth: hci1: command 0x0406 tx timeout
[  608.543062][ T4253] Bluetooth: hci2: command 0x0406 tx timeout
[  608.774349][ T8775] loop3: detected capacity change from 0 to 4096
[  608.826973][ T8777] loop4: detected capacity change from 0 to 4096
[  609.293701][ T4262] Bluetooth: hci0: command 0x0406 tx timeout
[  609.299764][ T4262] Bluetooth: hci3: command 0x0406 tx timeout
[  609.302990][ T4260] Bluetooth: hci4: command 0x0406 tx timeout
[  611.963051][ T4244] ntfs3: loop3: ntfs_evict_inode r=5 failed, -22.
[  612.132867][ T4244] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[  612.874407][ T8807] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  612.893128][ T8807] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  612.914263][ T8807] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  612.932510][ T8807] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  612.941246][ T8807] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  612.948397][ T8807] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  612.955997][ T8807] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  612.962113][ T8807] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  612.968944][ T8807] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  612.976531][ T8807] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  612.984859][ T8807] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  612.990947][ T8807] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  613.190638][ T8807] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  613.223154][ T8807] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  613.230934][ T8807] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  613.268775][ T8823] loop0: detected capacity change from 0 to 128
[  614.896265][ T8832] loop5: detected capacity change from 0 to 4096
[  614.912924][ T4262] Bluetooth: hci1: command 0x0c1a tx timeout
[  614.969961][ T8841] loop4: detected capacity change from 0 to 1024
[  614.992861][ T4262] Bluetooth: hci4: command 0x0c1a tx timeout
[  614.998902][ T4253] Bluetooth: hci3: command 0x0c1a tx timeout
[  615.004942][ T4260] Bluetooth: hci2: command 0x0c1a tx timeout
[  616.352415][ T4253] Bluetooth: hci0: command 0x0c1a tx timeout
[  616.596635][ T5156] ntfs3: loop5: ntfs_evict_inode r=5 failed, -22.
[  616.798123][ T5156] ntfs3: loop5: Mark volume as dirty due to NTFS errors
[  617.075340][ T4253] Bluetooth: hci1: command 0x0406 tx timeout
[  617.076454][ T4262] Bluetooth: hci4: command 0x0406 tx timeout
[  617.081500][ T4253] Bluetooth: hci3: command 0x0406 tx timeout
[  617.090040][ T4260] Bluetooth: hci2: command 0x0406 tx timeout
[  618.262230][ T8866] loop2: detected capacity change from 0 to 128
[  618.333826][ T6815] hfsplus: b-tree write err: -5, ino 4
[  618.384969][ T4238] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  618.432990][ T4253] Bluetooth: hci0: command 0x0406 tx timeout
[  618.958166][ T8869] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  619.082606][ T8869] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  619.090533][ T8869] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  619.098224][ T8869] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  619.119518][ T8869] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  619.131393][ T8869] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  619.146027][ T8869] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  619.160354][ T8869] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  619.168718][ T8869] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  619.182082][ T8869] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  619.189292][ T8869] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  619.199421][ T8869] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  619.224957][ T8869] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  619.230958][ T8869] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  619.266507][ T8869] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  619.595532][ T4342] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  620.351424][ T4342] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  620.363308][ T4342] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  620.373850][ T4342] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  620.386787][ T4342] usb 1-1: New USB device found, idVendor=044e, idProduct=120b, bcdDevice= 0.00
[  620.396263][ T4342] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  620.462304][ T4342] usb 1-1: config 0 descriptor??
[  621.372828][ T4253] Bluetooth: hci1: command 0x0c1a tx timeout
[  621.372854][ T4262] Bluetooth: hci2: command 0x0c1a tx timeout
[  621.378892][ T4262] Bluetooth: hci3: command 0x0c1a tx timeout
[  621.384957][ T4253] Bluetooth: hci0: command 0x0c1a tx timeout
[  621.384992][ T4253] Bluetooth: hci4: command 0x0c1a tx timeout
[  621.420901][ T4342] usbhid 1-1:0.0: can't add hid device: -71
[  621.427091][ T4342] usbhid: probe of 1-1:0.0 failed with error -71
[  621.441121][ T4342] usb 1-1: USB disconnect, device number 5
[  621.584563][ T8906] loop4: detected capacity change from 0 to 2048
[  623.366645][ T8926] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  623.391576][ T8926] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  623.397703][ T4262] Bluetooth: hci3: command 0x0406 tx timeout
[  623.397742][ T4262] Bluetooth: hci0: command 0x0406 tx timeout
[  623.397827][ T4253] Bluetooth: hci2: command 0x0406 tx timeout
[  623.472920][ T4257] Bluetooth: hci4: command 0x0406 tx timeout
[  623.488636][ T8931] loop5: detected capacity change from 0 to 64
[  623.543014][ T8926] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  623.557789][ T8926] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  623.566505][ T8926] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  623.578944][ T8926] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  623.586635][ T8926] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  623.623005][ T8926] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  623.630655][ T8926] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  623.639427][ T8926] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  623.647894][ T8926] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  623.662624][ T8926] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  623.670094][ T8926] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  623.677662][ T8926] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  623.683942][ T8926] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  624.192890][ T5881] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  624.233073][ T4256] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  624.276939][ T1274] ieee802154 phy0 wpan0: encryption failed: -22
[  624.283720][ T1274] ieee802154 phy1 wpan1: encryption failed: -22
[  624.404617][ T5881] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  624.423925][ T4256] usb 1-1: Using ep0 maxpacket: 32
[  624.431454][ T4256] usb 1-1: config 0 has an invalid interface number: 94 but max is 0
[  624.450505][ T5881] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  624.460512][ T4256] usb 1-1: config 0 has no interface number 0
[  624.505249][ T5881] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  624.508251][ T4256] usb 1-1: New USB device found, idVendor=0b48, idProduct=3009, bcdDevice=38.62
[  624.539070][ T5881] usb 4-1: New USB device found, idVendor=044e, idProduct=120b, bcdDevice= 0.00
[  624.579243][ T4256] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  624.589432][ T5881] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  624.589771][ T4256] usb 1-1: Product: syz
[  624.609625][ T4256] usb 1-1: Manufacturer: syz
[  624.614838][ T4256] usb 1-1: SerialNumber: syz
[  624.620796][ T5881] usb 4-1: config 0 descriptor??
[  624.629467][ T4256] usb 1-1: config 0 descriptor??
[  624.829964][ T4256] dvb-usb: found a 'Technotrend TT-connect S-2400 (8kB EEPROM)' in warm state.
[  624.850346][ T4256] dvb-usb: bulk message failed: -22 (4/0)
[  624.874390][ T4256] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  624.889447][ T4256] dvb-usb: bulk message failed: -22 (5/0)
[  624.896956][ T4256] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  624.965333][ T4256] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  624.994042][ T4256] dvbdev: DVB: registering new adapter (Technotrend TT-connect S-2400 (8kB EEPROM))
[  625.093210][ T4256] usb 1-1: media controller created
[  625.602035][ T8961] ceph: No mds server is up or the cluster is laggy
[  625.611261][ T6866] libceph: connect (1)[c::]:6789 error -101
[  625.617794][ T6866] libceph: mon0 (1)[c::]:6789 connect error
[  625.632917][ T4257] Bluetooth: hci3: command 0x0c1a tx timeout
[  625.639088][ T4257] Bluetooth: hci2: command 0x0c1a tx timeout
[  625.669958][ T4256] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  625.713040][ T4257] Bluetooth: hci0: command 0x0c1a tx timeout
[  625.719111][ T4257] Bluetooth: hci4: command 0x0c1a tx timeout
[  625.754319][ T4256] ttusb2: set interface to alts=3 failed
[  625.953806][ T8951] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  625.961131][ T8951] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  626.362665][ T8951] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  626.433003][ T4257] Bluetooth: hci1: command 0x0406 tx timeout
[  626.510037][ T4256] DVB: Unable to find symbol tda10086_attach()
[  626.517053][ T4256] dvb-usb: no frontend was attached by 'Technotrend TT-connect S-2400 (8kB EEPROM)'
[  626.518166][ T8951] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  626.533415][ T4256] dvb-usb: bulk message failed: -22 (4/0)
[  626.543073][ T4256] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  626.545952][ T8951] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  626.565158][ T4256] dvb-usb: bulk message failed: -22 (5/0)
[  626.566835][ T8951] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  626.570948][ T4256] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  626.571022][ T4256] dvb-usb: Technotrend TT-connect S-2400 (8kB EEPROM) successfully initialized and connected.
[  626.577623][ T4256] usb 1-1: USB disconnect, device number 6
[  626.622611][ T8951] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  626.639892][ T8951] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  626.671250][ T8951] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  626.684049][ T4256] dvb-usb: Technotrend TT-connect S-2400 (8kB EEPR successfully deinitialized and disconnected.
[  626.693255][ T8951] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  626.700944][ T8951] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  626.708244][ T8951] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  626.717024][ T8951] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  626.723334][ T8951] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  626.729761][ T8951] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  626.935993][ T5881] usbhid 4-1:0.0: can't add hid device: -71
[  626.942111][ T5881] usbhid: probe of 4-1:0.0 failed with error -71
[  626.983086][ T5881] usb 4-1: USB disconnect, device number 4
[  627.106114][ T8981] loop3: detected capacity change from 0 to 64
[  627.527500][ T8976] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  627.543190][ T8976] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  627.684956][ T8976] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  627.759378][ T8976] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  628.037318][ T8976] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  628.105825][ T8976] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  628.136300][ T8976] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  628.165062][ T8976] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  628.171082][ T8976] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  628.221062][ T8976] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  628.228643][ T8976] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  628.250807][ T8976] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  628.267907][ T8976] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  628.275959][ T8976] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  628.282094][ T8976] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  628.630576][ T9005] loop0: detected capacity change from 0 to 512
[  628.926787][ T9005] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  629.102642][ T9005] ext4 filesystem being mounted at /250/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  629.243113][ T4253] Bluetooth: hci1: command 0x0406 tx timeout
[  629.659685][ T9005] EXT4-fs (loop0): shut down requested (0)
[  629.873148][ T4253] Bluetooth: hci2: command 0x0406 tx timeout
[  629.996511][ T4250] EXT4-fs (loop0): unmounting filesystem.
[  630.011688][    T9] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started
[  630.192921][ T4253] Bluetooth: hci3: command 0x0406 tx timeout
[  630.250573][    T9] Quota error (device loop0): v2_write_file_info: Can't write info structure
[  630.273051][ T4253] Bluetooth: hci0: command 0x0406 tx timeout
[  630.279127][ T4253] Bluetooth: hci4: command 0x0406 tx timeout
[  630.378531][ T9022] loop5: detected capacity change from 0 to 128
[  630.394506][   T26] audit: type=1800 audit(1738738916.648:62): pid=9022 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1136" name="bus" dev="loop5" ino=1048632 res=0 errno=0
[  631.323314][ T4253] Bluetooth: hci1: command 0x0c1a tx timeout
[  631.953005][ T4253] Bluetooth: hci2: command 0x0c1a tx timeout
[  632.828401][ T4253] Bluetooth: hci3: command 0x0c1a tx timeout
[  632.834956][ T4262] Bluetooth: hci0: command 0x0c1a tx timeout
[  632.838861][ T4257] Bluetooth: hci4: command 0x0c1a tx timeout
[  632.888246][ T9041] overlayfs: missing 'lowerdir'
[  632.934990][ T9045] loop5: detected capacity change from 0 to 64
[  633.290689][ T9054] loop4: detected capacity change from 0 to 1024
[  633.471285][ T4257] Bluetooth: hci1: command 0x0406 tx timeout
[  634.033047][ T4262] Bluetooth: hci2: command 0x0406 tx timeout
[  634.922922][ T4262] Bluetooth: hci0: command 0x0406 tx timeout
[  634.929030][ T4262] Bluetooth: hci4: command 0x0406 tx timeout
[  634.932977][ T4257] Bluetooth: hci3: command 0x0406 tx timeout
[  634.991993][ T4598] hfsplus: b-tree write err: -5, ino 4
[  635.334027][ T9061] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  635.374508][ T9061] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  635.380749][ T9061] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  635.449601][ T9061] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  635.464189][ T9075] loop0: detected capacity change from 0 to 128
[  635.573038][   T26] audit: type=1800 audit(1738738921.738:63): pid=9075 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1150" name="bus" dev="loop0" ino=1048633 res=0 errno=0
[  635.653826][ T9076] loop4: detected capacity change from 0 to 32768
[  635.663379][ T9061] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  635.680287][ T9061] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  635.731084][ T9061] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  635.755752][ T9061] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  635.769473][ T9061] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  635.798012][ T9061] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  635.818316][ T9061] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  635.839752][ T9061] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  635.873062][ T9061] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  635.879271][ T4449] I/O error, dev loop4, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  635.899946][ T9061] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  635.918677][ T9061] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  637.319272][ T4253] Bluetooth: hci1: command 0x0c1a tx timeout
[  637.473041][ T4253] Bluetooth: hci2: command 0x0c1a tx timeout
[  637.480483][ T9094] loop3: detected capacity change from 0 to 64
[  637.604341][ T9096] overlayfs: missing 'lowerdir'
[  637.833069][ T4253] Bluetooth: hci3: command 0x0c1a tx timeout
[  637.882972][ T4253] Bluetooth: hci4: command 0x0c1a tx timeout
[  637.952866][ T4253] Bluetooth: hci0: command 0x0c1a tx timeout
[  638.909880][ T9103] loop0: detected capacity change from 0 to 1024
[  639.393288][ T4253] Bluetooth: hci1: command 0x0406 tx timeout
[  639.553060][ T4253] Bluetooth: hci2: command 0x0406 tx timeout
[  639.627926][ T4345] hfsplus: b-tree write err: -5, ino 4
[  639.868802][ T9119] loop4: detected capacity change from 0 to 128
[  639.883013][ T4253] Bluetooth: hci3: command 0x0406 tx timeout
[  639.905755][   T26] audit: type=1800 audit(1738738926.158:64): pid=9119 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1163" name="bus" dev="loop4" ino=1048634 res=0 errno=0
[  640.004552][ T4253] Bluetooth: hci4: command 0x0406 tx timeout
[  640.069563][ T4253] Bluetooth: hci0: command 0x0406 tx timeout
[  641.316772][ T9137] loop4: detected capacity change from 0 to 64
[  641.351212][ T9142] overlayfs: missing 'lowerdir'
[  642.174233][ T9144] loop2: detected capacity change from 0 to 32792
[  642.416335][ T9154] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  642.424254][ T9154] IPv6: NLM_F_CREATE should be set when creating new route
[  642.533325][ T9156] loop5: detected capacity change from 0 to 1024
[  643.247490][ T9159] loop4: detected capacity change from 0 to 1024
[  643.300212][ T9148] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  643.494589][ T9148] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  643.587544][ T9148] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  643.823938][ T4412] hfsplus: b-tree write err: -5, ino 4
[  643.934232][ T9148] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  643.935652][ T9168] loop5: detected capacity change from 0 to 4096
[  643.981245][ T9148] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  643.998182][ T9148] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  644.079848][ T9148] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  644.713204][ T4253] Bluetooth: hci1: command 0x0c1a tx timeout
[  644.739498][ T9148] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  644.755536][ T9148] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  644.774162][ T9148] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  644.793817][ T9148] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  644.811016][ T9148] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  644.831545][ T9148] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  644.838438][ T9148] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  644.846019][ T9148] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  644.940476][ T6815] hfsplus: b-tree write err: -5, ino 4
[  645.218367][ T9182] loop4: detected capacity change from 0 to 128
[  645.270482][ T9178] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1181'.
[  645.279838][ T9178] bond0: (slave bond_slave_0): Slave does not support ipsec offload
[  645.319295][   T26] audit: type=1800 audit(1738738931.488:65): pid=9182 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1180" name="bus" dev="loop4" ino=1048635 res=0 errno=0
[  645.574596][ T9189] overlayfs: missing 'lowerdir'
[  645.657392][ T9191] loop5: detected capacity change from 0 to 64
[  646.382930][ T4257] Bluetooth: hci2: command 0x0c1a tx timeout
[  646.383059][ T4262] Bluetooth: hci3: command 0x0c1a tx timeout
[  646.753024][ T4260] Bluetooth: hci1: command 0x0406 tx timeout
[  646.832916][ T4262] Bluetooth: hci4: command 0x0c1a tx timeout
[  646.838963][ T4260] Bluetooth: hci0: command 0x0c1a tx timeout
[  646.847136][ T4253] Bluetooth: hci0: Opcode 0x1407 failed: -110
[  647.000339][ T9198] loop5: detected capacity change from 0 to 1024
[  647.131890][ T7560] hfsplus: b-tree write err: -5, ino 4
[  648.041625][ T9208] loop5: detected capacity change from 0 to 1024
[  648.240440][ T9212] loop4: detected capacity change from 0 to 32768
[  648.432882][ T4260] Bluetooth: hci3: command 0x0406 tx timeout
[  648.433015][ T4253] Bluetooth: hci2: command 0x0406 tx timeout
[  648.900472][ T9219] overlayfs: missing 'lowerdir'
[  648.931387][ T9220] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1192'.
[  648.941117][ T9220] bond0: (slave bond_slave_0): Slave does not support ipsec offload
[  648.950788][ T4260] Bluetooth: hci0: command 0x0406 tx timeout
[  648.956933][ T4260] Bluetooth: hci4: command 0x0406 tx timeout
[  649.011417][ T9217] loop2: detected capacity change from 0 to 4096
[  649.402275][ T4336] hfsplus: b-tree write err: -5, ino 4
[  649.516131][ T9230] loop0: detected capacity change from 0 to 128
[  649.530390][   T26] audit: type=1800 audit(1738738935.778:66): pid=9230 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1196" name="bus" dev="loop0" ino=1048636 res=0 errno=0
[  649.555842][ T9229] loop5: detected capacity change from 0 to 64
[  650.497944][ T9238] loop4: detected capacity change from 0 to 2048
[  650.641400][ T9245] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  651.546878][ T4260] Bluetooth: hci0: command 0x1407 tx timeout
[  651.558885][ T4262] Bluetooth: hci0: Opcode 0x1407 failed: -110
[  651.759846][ T9245] NILFS (loop4): vblocknr = 18 has abnormal lifetime: start cno (= 504403158265495554) > current cno (= 3)
[  651.812852][ T9245] NILFS error (device loop4): nilfs_bmap_propagate: broken bmap (inode number=2)
[  651.928417][ T9245] Remounting filesystem read-only
[  651.942975][ T4379] NILFS (loop4): discard dirty page: offset=4096, ino=6
[  652.005994][ T9260] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1206'.
[  652.015700][ T9260] bond0: (slave bond_slave_0): Slave does not support ipsec offload
[  652.245779][ T4379] NILFS (loop4): discard dirty block: blocknr=39, size=1024
[  652.293772][ T4379] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024
[  652.319979][ T4379] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024
[  652.341224][ T9265] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1207'.
[  652.359158][ T4379] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024
[  652.359220][ T9265] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1207'.
[  652.368340][ T4379] NILFS (loop4): discard dirty page: offset=0, ino=2
[  652.384719][ T4379] NILFS (loop4): discard dirty block: blocknr=18, size=1024
[  652.392815][ T4379] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024
[  652.401863][ T4379] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024
[  652.411232][ T4379] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024
[  652.420784][ T4379] NILFS (loop4): discard dirty page: offset=0, ino=5
[  652.427832][ T4379] NILFS (loop4): discard dirty block: blocknr=41, size=1024
[  652.435438][ T4379] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024
[  652.444552][ T4379] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024
[  652.513156][ T4379] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024
[  652.528954][ T4252] NILFS (loop4): disposed unprocessed dirty file(s) when stopping log writer
[  652.563247][ T4252] NILFS (loop4): discard dirty page: offset=0, ino=6
[  652.570165][ T4252] NILFS (loop4): discard dirty block: blocknr=35, size=1024
[  652.597473][ T9256] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  652.606062][ T4252] NILFS (loop4): discard dirty block: blocknr=36, size=1024
[  652.615074][ T9256] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  652.626542][ T9256] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  652.637474][ T4252] NILFS (loop4): discard dirty block: blocknr=37, size=1024
[  652.645748][ T4252] NILFS (loop4): discard dirty block: blocknr=38, size=1024
[  652.723165][ T9256] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  652.861844][ T9269] loop0: detected capacity change from 0 to 32768
[  653.037726][ T9256] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  653.095699][ T9256] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  653.134627][ T9273] overlayfs: missing 'lowerdir'
[  653.163868][ T9256] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  653.232891][ T9256] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  653.278953][ T9256] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  653.433818][ T9256] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  653.614083][ T9256] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  653.642881][ T4262] Bluetooth: hci0: command 0x1407 tx timeout
[  653.866668][ T9256] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  653.952995][ T4262] Bluetooth: hci1: command 0x0c1a tx timeout
[  654.104895][ T9256] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  654.110930][ T9256] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  654.145130][ T9280] loop3: detected capacity change from 0 to 64
[  654.170149][ T9256] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  654.751111][ T9271] loop2: detected capacity change from 0 to 32768
[  654.979807][ T9271] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 scanned by syz.2.1209 (9271)
[  655.045257][ T9285] loop4: detected capacity change from 0 to 128
[  655.106926][ T4260] Bluetooth: hci2: command 0x0c1a tx timeout
[  655.113790][   T26] audit: type=1800 audit(1738738941.308:67): pid=9285 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1212" name="bus" dev="loop4" ino=1048637 res=0 errno=0
[  655.207779][ T9271] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  655.232864][ T4253] Bluetooth: hci3: command 0x0c1a tx timeout
[  655.259571][ T9271] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  655.324208][ T9271] BTRFS info (device loop2): enabling disk space caching
[  655.361229][ T9271] BTRFS info (device loop2): turning off barriers
[  655.380557][ T9271] BTRFS info (device loop2): doing ref verification
[  655.402925][ T9271] BTRFS info (device loop2): enabling ssd optimizations
[  655.420112][ T9271] BTRFS info (device loop2): force clearing of disk cache
[  655.437706][ T9271] BTRFS info (device loop2): setting nodatacow, compression disabled
[  655.457135][ T9271] BTRFS info (device loop2): turning on barriers
[  655.478656][ T9271] BTRFS info (device loop2): doing ref verification
[  655.495226][ T9271] BTRFS info (device loop2): disk space caching is enabled
[  655.503665][ T4253] Bluetooth: hci4: command 0x0c1a tx timeout
[  656.036617][ T4253] Bluetooth: hci1: command 0x0406 tx timeout
[  656.112957][ T4260] Bluetooth: hci0: command 0x0c1a tx timeout
[  656.119313][ T4262] Bluetooth: hci0: Opcode 0x1407 failed: -110
[  657.009189][ T9271] BTRFS error (device loop2): open_ctree failed
[  657.163110][ T4262] Bluetooth: hci2: command 0x0406 tx timeout
[  657.312949][ T4262] Bluetooth: hci3: command 0x0406 tx timeout
[  657.503509][ T9332] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1219'.
[  657.526714][ T9334] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1219'.
[  657.755105][ T4262] Bluetooth: hci4: command 0x0406 tx timeout
[  657.763068][ T9335] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1218'.
[  657.773189][ T9335] bond0: (slave bond_slave_0): Slave does not support ipsec offload
[  657.995073][ T9339] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  658.004386][ T9339] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  658.193005][ T4262] Bluetooth: hci0: command 0x0406 tx timeout
[  658.222129][ T9348] loop0: detected capacity change from 0 to 64
[  659.197102][ T9346] loop2: detected capacity change from 0 to 4096
[  660.211670][ T9363] device lo entered promiscuous mode
[  660.273357][ T4253] Bluetooth: hci0: command 0x1407 tx timeout
[  660.279553][ T4262] Bluetooth: hci0: Opcode 0x1407 failed: -110
[  662.194455][ T9391] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  662.203674][ T9391] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  662.259961][ T9393] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1230'.
[  662.348872][ T9378] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  662.364014][ T4262] Bluetooth: hci0: command 0x1407 tx timeout
[  662.537876][ T9398] loop4: detected capacity change from 0 to 2048
[  662.549121][ T9398] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=18576, location=18576
[  662.577892][ T9398] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  662.740725][ T9378] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  662.877040][ T9399] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1232'.
[  663.195010][ T9401] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1232'.
[  663.212649][ T9393] bond0: (slave bond_slave_0): Slave does not support ipsec offload
[  663.312187][ T9378] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  663.886160][ T9378] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  664.022035][ T9378] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  664.028883][ T9378] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  664.036219][ T9378] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  664.042638][ T9378] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  664.043097][ T4262] Bluetooth: hci1: command 0x0c1a tx timeout
[  664.048745][ T9378] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  664.171154][ T9378] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  664.502365][ T9378] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  664.867333][ T9378] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  665.024801][ T9378] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  665.087570][ T9378] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  665.115355][ T9408] loop2: detected capacity change from 0 to 4096
[  665.143490][ T9378] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  665.601534][ T4258] ntfs3: loop2: ntfs_evict_inode r=5 failed, -22.
[  665.608942][ T4258] ntfs3: loop2: Mark volume as dirty due to NTFS errors
[  665.642932][ T9319] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  666.183240][ T4262] Bluetooth: hci2: command 0x0c1a tx timeout
[  666.191771][ T4262] Bluetooth: hci1: command 0x0406 tx timeout
[  666.199349][ T4262] Bluetooth: hci3: command 0x0c1a tx timeout
[  666.211921][ T4262] Bluetooth: hci4: command 0x0c1a tx timeout
[  666.220518][ T9319] usb 6-1: Using ep0 maxpacket: 16
[  666.434620][ T9319] usb 6-1: unable to read config index 0 descriptor/start: -71
[  666.465483][ T9319] usb 6-1: can't read configurations, error -71
[  667.073004][ T4262] Bluetooth: hci0: command 0x0c1a tx timeout
[  667.977693][ T9445] loop5: detected capacity change from 0 to 4096
[  668.323521][ T4262] Bluetooth: hci4: command 0x0406 tx timeout
[  668.329956][ T4262] Bluetooth: hci3: command 0x0406 tx timeout
[  668.336303][ T4262] Bluetooth: hci2: command 0x0406 tx timeout
[  669.153028][ T4253] Bluetooth: hci0: command 0x0406 tx timeout
[  669.210354][ T9442] loop4: detected capacity change from 0 to 32768
[  669.233095][ T9442] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.1241 (9442)
[  669.261854][ T9442] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  669.286083][ T9442] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  669.318427][ T9442] BTRFS info (device loop4): using free space tree
[  669.815013][ T9512] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  669.824790][ T9512] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  669.953964][ T9442] BTRFS info (device loop4): enabling ssd optimizations
[  670.158497][ T9527] loop3: detected capacity change from 0 to 512
[  670.246042][ T4867] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  670.509617][ T4252] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  670.882203][ T9533] loop3: detected capacity change from 0 to 128
[  670.892536][ T9533] VFS: Found a Xenix FS (block size = 512) on device loop3
[  670.900735][ T9533] sysv_free_block: trying to free block not in datazone
[  670.908217][ T9533] sysv_free_block: trying to free block not in datazone
[  670.915715][ T9533] sysv_free_block: getblk() failed
[  670.921204][ T9533] sysv_free_block: getblk() failed
[  670.926827][ T9533] sysv_free_block: getblk() failed
[  670.931996][ T9533] sysv_free_block: getblk() failed
[  670.939416][ T9533] sysv_free_block: getblk() failed
[  670.944664][ T9533] sysv_free_block: getblk() failed
[  670.949816][ T9533] sysv_free_block: getblk() failed
[  670.955051][ T9533] sysv_free_block: getblk() failed
[  670.960179][ T9533] sysv_free_block: getblk() failed
[  670.965469][ T9533] sysv_free_block: getblk() failed
[  670.970777][ T9533] sysv_free_block: getblk() failed
[  670.976023][ T9533] sysv_free_block: getblk() failed
[  670.981263][ T9533] sysv_free_block: getblk() failed
[  670.987186][ T9533] sysv_free_block: getblk() failed
[  670.992661][ T9533] sysv_free_block: getblk() failed
[  670.998770][ T9533] sysv_free_block: getblk() failed
[  671.004647][ T9533] sysv_free_block: getblk() failed
[  671.010356][ T9533] sysv_free_block: getblk() failed
[  671.015818][ T9533] sysv_free_block: getblk() failed
[  671.021104][ T9533] sysv_free_block: getblk() failed
[  671.026724][ T9533] sysv_free_block: getblk() failed
[  671.031879][ T9533] sysv_free_block: getblk() failed
[  671.037120][ T9533] sysv_free_block: getblk() failed
[  671.042275][ T9533] sysv_free_block: getblk() failed
[  671.047575][ T9533] sysv_free_block: getblk() failed
[  671.052878][ T9533] sysv_free_block: getblk() failed
[  671.058184][ T9533] sysv_free_block: getblk() failed
[  671.063417][ T9533] sysv_free_block: getblk() failed
[  671.068590][ T9533] sysv_free_block: getblk() failed
[  671.073848][ T9533] sysv_free_block: getblk() failed
[  671.078993][ T9533] sysv_free_block: getblk() failed
[  671.084240][ T9533] sysv_free_block: getblk() failed
[  671.089394][ T9533] sysv_free_block: getblk() failed
[  671.094638][ T9533] sysv_free_block: getblk() failed
[  671.099963][ T9533] sysv_free_block: getblk() failed
[  671.105197][ T9533] sysv_free_block: getblk() failed
[  671.110367][ T9533] sysv_free_block: getblk() failed
[  671.115835][ T9533] sysv_free_block: getblk() failed
[  671.121062][ T9533] sysv_free_block: trying to free block not in datazone
[  671.128262][ T9533] sysv_free_block: trying to free block not in datazone
[  671.135626][ T9533] sysv_free_block: trying to free block not in datazone
[  671.155841][ T9533] sysv_free_inode: inode 0,1,2 or nonexistent inode
[  671.657036][ T9319] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  671.893089][ T9319] usb 6-1: Using ep0 maxpacket: 16
[  671.907081][ T9319] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  672.692834][ T9319] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  672.712327][ T9319] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  673.447477][ T9319] usb 6-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00
[  673.466139][ T9319] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  673.485946][ T9557] loop4: detected capacity change from 0 to 4096
[  673.581255][ T9319] usb 6-1: config 0 descriptor??
[  674.804073][ T9319] logitech 0003:046D:C20E.0004: rdesc size test failed for formula gp
[  674.827122][ T9319] logitech 0003:046D:C20E.0004: unbalanced collection at end of report description
[  674.847041][ T9564] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  674.862201][ T9564] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  674.878354][ T9319] logitech 0003:046D:C20E.0004: parse failed
[  674.906281][ T9564] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  674.932295][ T9319] logitech: probe of 0003:046D:C20E.0004 failed with error -22
[  674.942996][ T9564] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  675.083247][ T9319] usb 6-1: USB disconnect, device number 7
[  675.099067][ T9564] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  675.324109][ T9564] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  675.332592][ T9564] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  675.750604][ T9564] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  675.771970][ T9624] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1255'.
[  675.794322][ T4252] ntfs3: loop4: ntfs_evict_inode r=5 failed, -22.
[  675.801195][ T4252] ntfs3: loop4: Mark volume as dirty due to NTFS errors
[  675.817660][ T9564] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  675.836125][ T9564] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  675.842170][ T9564] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  675.849259][ T9564] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  675.856948][ T9564] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  675.863299][ T9564] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  675.869392][ T9564] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  675.883299][ T4253] Bluetooth: hci1: command 0x0c1a tx timeout
[  675.933104][ T9624] bond0: (slave bond_slave_0): Slave does not support ipsec offload
[  676.003998][ T9625] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  676.085291][ T4262] Bluetooth: hci5: sending frame failed (-49)
[  676.094047][ T4253] Bluetooth: hci5: Opcode 0x1003 failed: -49
[  676.246269][ T9633] loop4: detected capacity change from 0 to 4096
[  676.462866][ T5662] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  676.673624][ T5662] usb 4-1: Using ep0 maxpacket: 32
[  676.741128][ T5662] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  676.937035][ T5662] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  677.003238][ T4253] Bluetooth: hci2: command 0x0c1a tx timeout
[  677.106949][ T5662] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  677.259705][ T5662] usb 4-1: Product: syz
[  677.297830][ T5662] usb 4-1: Manufacturer: syz
[  677.345847][ T5662] usb 4-1: SerialNumber: syz
[  677.383726][ T5662] usb 4-1: config 0 descriptor??
[  677.392906][ T4253] Bluetooth: hci3: command 0x0c1a tx timeout
[  677.430273][ T9636] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  677.785331][ T4440] usb 4-1: USB disconnect, device number 5
[  677.872912][ T4253] Bluetooth: hci0: command 0x0c1a tx timeout
[  677.913131][ T4262] Bluetooth: hci4: command 0x0c1a tx timeout
[  677.963148][ T4262] Bluetooth: hci1: command 0x0406 tx timeout
[  679.763408][ T4262] Bluetooth: hci2: command 0x0406 tx timeout
[  679.763432][ T4253] Bluetooth: hci3: command 0x0406 tx timeout
[  679.901094][ T9664] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  679.920374][ T9664] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  679.940604][ T9664] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  679.958310][ T4253] Bluetooth: hci4: command 0x0406 tx timeout
[  679.964447][ T4253] Bluetooth: hci0: command 0x0406 tx timeout
[  679.990950][ T9664] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  680.018072][ T9664] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  680.037853][ T9664] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  680.057355][ T9664] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  680.068094][ T9664] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  680.079124][ T9664] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  680.088378][ T9664] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  680.099536][ T9664] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  680.107342][ T9664] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  680.154490][ T9664] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  680.165781][ T9664] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  680.172186][ T9664] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  680.376739][ T9685] loop2: detected capacity change from 0 to 1024
[  680.877190][ T4260] Bluetooth: hci1: command 0x0c1a tx timeout
[  680.952989][ T4288] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  681.035090][ T7560] hfsplus: b-tree write err: -5, ino 4
[  681.056737][ T9690] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  681.142897][ T4288] usb 5-1: Using ep0 maxpacket: 16
[  681.159064][ T4288] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  681.202158][ T4288] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  681.228134][ T4288] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  681.435557][ T4288] usb 5-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00
[  681.444836][ T4288] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  681.899027][ T4288] usb 5-1: config 0 descriptor??
[  682.001872][ T4288] usbhid 5-1:0.0: can't add hid device: -71
[  682.011195][ T4288] usbhid: probe of 5-1:0.0 failed with error -71
[  682.024196][ T4288] usb 5-1: USB disconnect, device number 6
[  682.034341][ T4260] Bluetooth: hci2: command 0x0c1a tx timeout
[  682.114117][ T9707] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1269'.
[  682.139025][ T9707] bond0: (slave bond_slave_0): Slave does not support ipsec offload
[  682.151248][ T4260] Bluetooth: hci4: command 0x0c1a tx timeout
[  682.159129][ T4253] Bluetooth: hci3: command 0x0c1a tx timeout
[  682.192857][ T4253] Bluetooth: hci0: command 0x0c1a tx timeout
[  682.232827][ T5662] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  682.435314][ T5662] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  682.443820][ T9715] loop5: detected capacity change from 0 to 1024
[  682.453144][ T5662] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  682.463091][ T5662] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  682.476110][ T5662] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  682.497646][ T5662] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  682.525490][ T5662] usb 3-1: config 0 descriptor??
[  682.536522][ T9717] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1277'.
[  682.717990][ T9717] bond0: (slave bond_slave_0): Slave does not support ipsec offload
[  683.043438][ T5662] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0
[  683.051967][ T5662] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0
[  683.060054][ T5662] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0
[  683.068326][ T5662] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0
[  683.076335][ T5662] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0
[  683.085218][ T5662] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0
[  683.103065][ T5662] plantronics 0003:047F:FFFF.0005: No inputs registered, leaving
[  683.191782][ T5662] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  683.520020][ T5662] usb 3-1: USB disconnect, device number 3
[  683.776643][ T9709] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  683.782685][ T9709] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  683.819014][ T9709] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  683.848556][ T9709] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  683.867327][ T9709] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  683.887623][ T9709] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  683.918517][ T9709] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  683.935148][ T9709] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  683.972064][ T9709] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  683.980837][ T9709] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  683.997419][ T9709] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  684.010832][ T9709] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  684.028759][ T9709] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  684.048610][ T9709] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  684.063499][ T9709] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  684.119750][ T4708] hfsplus: b-tree write err: -5, ino 4
[  684.432864][ T4253] Bluetooth: hci1: command 0x0c1a tx timeout
[  685.540352][ T9740] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  685.925868][ T4253] Bluetooth: hci2: command 0x0c1a tx timeout
[  685.932736][ T1274] ieee802154 phy0 wpan0: encryption failed: -22
[  685.940913][ T1274] ieee802154 phy1 wpan1: encryption failed: -22
[  685.952900][ T4253] Bluetooth: hci3: command 0x0c1a tx timeout
[  686.032909][ T4260] Bluetooth: hci4: command 0x0c1a tx timeout
[  686.039513][ T4253] Bluetooth: hci0: command 0x0c1a tx timeout
[  686.175757][ T9735] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  686.188728][ T9735] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  686.213099][ T9735] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  686.236955][ T9735] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  686.274704][ T9735] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  686.280837][ T9735] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  686.338339][ T9735] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  686.355102][ T9745] loop0: detected capacity change from 0 to 1024
[  686.365470][ T9735] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  686.371601][ T9735] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  686.498160][ T9735] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  686.505361][ T9735] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  686.512031][ T9735] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  686.522113][ T9735] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  686.533891][ T9735] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  686.540253][ T9735] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  687.332866][ T5662] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  687.522977][ T5662] usb 6-1: Using ep0 maxpacket: 16
[  687.552955][ T4253] Bluetooth: hci1: command 0x0c1a tx timeout
[  688.170077][ T5662] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  688.192148][ T5662] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  688.202472][ T5662] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  688.266620][ T5662] usb 6-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00
[  688.276477][ T4253] Bluetooth: hci2: command 0x0c1a tx timeout
[  688.295788][ T9757] loop2: detected capacity change from 0 to 1024
[  688.308201][ T5662] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  688.325237][ T5662] usb 6-1: config 0 descriptor??
[  688.352889][ T4253] Bluetooth: hci3: command 0x0c1a tx timeout
[  688.512965][ T4253] Bluetooth: hci4: command 0x0c1a tx timeout
[  688.607958][ T4253] Bluetooth: hci0: command 0x0c1a tx timeout
[  689.904995][ T4253] Bluetooth: hci1: command 0x0406 tx timeout
[  690.352941][ T4253] Bluetooth: hci2: command 0x0406 tx timeout
[  690.432928][ T4253] Bluetooth: hci3: command 0x0406 tx timeout
[  690.440274][ T5662] usbhid 6-1:0.0: can't add hid device: -71
[  690.446968][ T5662] usbhid: probe of 6-1:0.0 failed with error -71
[  690.491470][ T5662] usb 6-1: USB disconnect, device number 8
[  690.592878][ T4253] Bluetooth: hci4: command 0x0406 tx timeout
[  690.630171][ T9773] loop5: detected capacity change from 0 to 1024
[  690.646743][ T6543] hfsplus: b-tree write err: -5, ino 4
[  690.652553][    T9] hfsplus: b-tree write err: -5, ino 4
[  690.672858][ T4253] Bluetooth: hci0: command 0x0406 tx timeout
[  690.893059][ T9322] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  691.102867][ T9322] usb 4-1: Using ep0 maxpacket: 16
[  691.119003][ T9322] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  691.133112][ T9322] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  691.231397][ T9322] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  691.248399][ T9780] overlayfs: missing 'lowerdir'
[  691.254698][ T9322] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  691.282863][ T9322] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  691.289145][    T9] hfsplus: b-tree write err: -5, ino 4
[  691.305211][ T9322] usb 4-1: config 0 descriptor??
[  692.758076][ T9790] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1297'.
[  692.767540][ T9790] bond0: (slave bond_slave_0): Slave does not support ipsec offload
[  693.068783][ T9322] HID 045e:07da: Invalid code 65791 type 1
[  693.075100][ T4253] Bluetooth: hci1: command 0x0c1a tx timeout
[  693.082916][ T9778] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[  693.096328][ T9322] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.0006/input/input35
[  693.126297][ T9322] microsoft 0003:045E:07DA.0006: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0
[  693.723964][  T952] usb 4-1: USB disconnect, device number 6
[  693.732456][ T9778] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  693.874774][ T9778] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  693.976090][ T9778] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  693.984375][ T9778] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  694.001376][ T9778] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  694.025758][ T9778] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  694.038936][ T9778] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  694.055940][ T9778] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  694.072193][ T9778] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  694.092275][ T9778] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  694.097642][ T9801] loop5: detected capacity change from 0 to 4096
[  694.106145][ T9778] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  694.113708][ T9778] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  694.119979][ T9778] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  694.126228][ T9778] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  694.736713][ T9810] loop3: detected capacity change from 0 to 1024
[  694.753036][ T9322] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  694.844192][  T127] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  694.947508][ T5156] ntfs3: loop5: ntfs_evict_inode r=5 failed, -22.
[  694.957253][ T5156] ntfs3: loop5: Mark volume as dirty due to NTFS errors
[  694.966710][ T9322] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  694.990539][ T9322] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  695.001118][ T9322] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  695.014644][ T9322] usb 5-1: New USB device found, idVendor=044e, idProduct=120b, bcdDevice= 0.00
[  695.024227][ T9322] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  695.042960][  T127] usb 1-1: Using ep0 maxpacket: 16
[  695.050256][  T127] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  695.066882][ T9322] usb 5-1: config 0 descriptor??
[  695.090564][  T127] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  695.117821][  T127] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  695.150292][  T127] usb 1-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00
[  695.159900][ T4253] Bluetooth: hci1: command 0x0406 tx timeout
[  695.178967][ T9813] loop5: detected capacity change from 0 to 1024
[  695.187080][  T127] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  695.207319][  T127] usb 1-1: config 0 descriptor??
[  695.787105][ T9792] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  695.795798][ T9792] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  695.863740][   T26] audit: type=1800 audit(1738738982.118:68): pid=9815 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1299" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  696.033010][ T4260] Bluetooth: hci3: command 0x0c1a tx timeout
[  696.033120][ T4253] Bluetooth: hci2: command 0x0c1a tx timeout
[  696.361421][ T4253] Bluetooth: hci4: command 0x0c1a tx timeout
[  696.361445][ T4262] Bluetooth: hci0: command 0x0c1a tx timeout
[  696.368750][  T127] logitech 0003:046D:C20E.0007: rdesc size test failed for formula gp
[  696.391521][ T9818] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1306'.
[  696.427959][  T127] logitech 0003:046D:C20E.0007: unbalanced collection at end of report description
[  696.445542][ T9322] usbhid 5-1:0.0: can't add hid device: -71
[  696.457475][  T127] logitech 0003:046D:C20E.0007: parse failed
[  696.462914][ T9322] usbhid: probe of 5-1:0.0 failed with error -71
[  696.485434][  T127] logitech: probe of 0003:046D:C20E.0007 failed with error -22
[  696.497672][ T9322] usb 5-1: USB disconnect, device number 7
[  696.554727][ T4818] hfsplus: b-tree write err: -5, ino 4
[  696.562406][ T9820] overlayfs: missing 'lowerdir'
[  696.570474][  T127] usb 1-1: USB disconnect, device number 7
[  696.576783][ T4708] hfsplus: b-tree write err: -5, ino 4
[  696.712410][ T9822] loop3: detected capacity change from 0 to 2048
[  696.737565][ T9822] EXT4-fs: Ignoring removed mblk_io_submit option
[  696.801151][ T9822] EXT4-fs: Ignoring removed i_version option
[  696.935694][ T9822] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  697.923070][ T4244] EXT4-fs (loop3): unmounting filesystem.
[  698.193198][ T4262] Bluetooth: hci3: command 0x0406 tx timeout
[  698.200049][ T4262] Bluetooth: hci2: command 0x0406 tx timeout
[  698.326482][ T9839] loop4: detected capacity change from 0 to 64
[  698.432939][ T4260] Bluetooth: hci4: command 0x0406 tx timeout
[  698.439234][ T4262] Bluetooth: hci0: command 0x0406 tx timeout
[  698.665456][ T9846] input: syz0 as /devices/virtual/input/input36
[  699.562472][ T9860] loop0: detected capacity change from 0 to 1024
[  700.218827][ T9864] overlayfs: missing 'lowerdir'
[  700.389505][ T9867] loop5: detected capacity change from 0 to 1024
[  700.405313][ T9855] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  700.412026][ T9855] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  700.457435][ T9855] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  700.501052][ T9855] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  700.538849][ T9855] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  700.542993][ T9858] loop4: detected capacity change from 0 to 32768
[  700.553816][ T9855] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  700.594963][ T9858] ==================================================================
[  700.603061][ T9858] BUG: KASAN: use-after-free in dtReadFirst+0x512/0xc40
[  700.610040][ T9858] Read of size 4 at addr ffff88805d1d8110 by task syz.4.1318/9858
[  700.617854][ T9858] 
[  700.620197][ T9858] CPU: 1 PID: 9858 Comm: syz.4.1318 Not tainted 6.1.128-syzkaller #0
[  700.628279][ T9858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  700.638430][ T9858] Call Trace:
[  700.641720][ T9858]  <TASK>
[  700.644663][ T9858]  dump_stack_lvl+0x1e3/0x2cb
[  700.649346][ T9858]  ? nf_tcp_handle_invalid+0x642/0x642
[  700.654804][ T9858]  ? panic+0x764/0x764
[  700.658896][ T9858]  ? _printk+0xd1/0x111
[  700.663075][ T9858]  ? __virt_addr_valid+0x17f/0x530
[  700.668221][ T9858]  ? __virt_addr_valid+0x17f/0x530
[  700.673433][ T9858]  print_report+0x15f/0x4f0
[  700.677943][ T9858]  ? __virt_addr_valid+0x17f/0x530
[  700.683132][ T9858]  ? __virt_addr_valid+0x17f/0x530
[  700.688248][ T9858]  ? __virt_addr_valid+0x45b/0x530
[  700.693361][ T9858]  ? __phys_addr+0xb6/0x170
[  700.697845][ T9858]  ? dtReadFirst+0x512/0xc40
[  700.702420][ T9858]  kasan_report+0x136/0x160
[  700.706911][ T9858]  ? dtReadFirst+0x512/0xc40
[  700.711488][ T9858]  dtReadFirst+0x512/0xc40
[  700.715888][ T9858]  jfs_readdir+0x7da/0x3c30
[  700.720369][ T9858]  ? aa_file_perm+0x12c/0xf60
[  700.725029][ T9858]  ? mark_lock+0x9a/0x340
[  700.729342][ T9858]  ? __lock_acquire+0x125b/0x1f80
[  700.734357][ T9858]  ? dtInitRoot+0x690/0x690
[  700.739029][ T9858]  ? end_current_label_crit_section+0x147/0x170
[  700.745276][ T9858]  ? common_file_perm+0x17d/0x1d0
[  700.750285][ T9858]  ? iterate_dir+0x131/0x560
[  700.754884][ T9858]  iterate_dir+0x224/0x560
[  700.759291][ T9858]  __se_sys_getdents+0x1eb/0x4c0
[  700.764299][ T9858]  ? __x64_sys_getdents+0x80/0x80
[  700.769304][ T9858]  ? fillonedir+0x4c0/0x4c0
[  700.773789][ T9858]  ? syscall_enter_from_user_mode+0x2e/0x230
[  700.779748][ T9858]  ? lockdep_hardirqs_on+0x94/0x130
[  700.784923][ T9858]  ? syscall_enter_from_user_mode+0x2e/0x230
[  700.791146][ T9858]  do_syscall_64+0x3b/0xb0
[  700.795557][ T9858]  ? clear_bhb_loop+0x45/0xa0
[  700.800236][ T9858]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  700.806120][ T9858] RIP: 0033:0x7f18eab8cde9
[  700.810531][ T9858] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  700.830129][ T9858] RSP: 002b:00007f18eb9f0038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[  700.838539][ T9858] RAX: ffffffffffffffda RBX: 00007f18eada5fa0 RCX: 00007f18eab8cde9
[  700.846509][ T9858] RDX: 00000000000000b8 RSI: 0000200000001fc0 RDI: 0000000000000004
[  700.854466][ T9858] RBP: 00007f18eac0e2a0 R08: 0000000000000000 R09: 0000000000000000
[  700.862428][ T9858] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  700.870378][ T9858] R13: 0000000000000000 R14: 00007f18eada5fa0 R15: 00007ffc017e8508
[  700.878347][ T9858]  </TASK>
[  700.881435][ T9858] 
[  700.883737][ T9858] Allocated by task 7371:
[  700.888055][ T9858]  kasan_set_track+0x4b/0x70
[  700.892631][ T9858]  __kasan_slab_alloc+0x65/0x70
[  700.897465][ T9858]  slab_post_alloc_hook+0x52/0x3a0
[  700.902577][ T9858]  kmem_cache_alloc_lru+0x10c/0x2d0
[  700.907777][ T9858]  sysv_alloc_inode+0x24/0x40
[  700.912434][ T9858]  iget_locked+0x1c8/0x830
[  700.916834][ T9858]  sysv_iget+0x118/0x15a0
[  700.921227][ T9858]  complete_read_super+0x45d/0x7e0
[  700.926345][ T9858]  sysv_fill_super+0x63e/0x790
[  700.931099][ T9858]  mount_bdev+0x2c9/0x3f0
[  700.935408][ T9858]  legacy_get_tree+0xeb/0x180
[  700.940064][ T9858]  vfs_get_tree+0x88/0x270
[  700.944546][ T9858]  do_new_mount+0x2ba/0xb40
[  700.949027][ T9858]  __se_sys_mount+0x2d5/0x3c0
[  700.953691][ T9858]  do_syscall_64+0x3b/0xb0
[  700.958113][ T9858]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  700.964005][ T9858] 
[  700.966307][ T9858] Last potentially related work creation:
[  700.972027][ T9858]  kasan_save_stack+0x3b/0x60
[  700.976737][ T9858]  __kasan_record_aux_stack+0xb0/0xc0
[  700.982125][ T9858]  call_rcu+0x163/0xa10
[  700.986266][ T9858]  evict+0x87d/0x930
[  700.990157][ T9858]  __dentry_kill+0x436/0x650
[  700.994741][ T9858]  dentry_kill+0xbb/0x290
[  700.999064][ T9858]  dput+0xfb/0x1d0
[  701.002781][ T9858]  shrink_dcache_for_umount+0x79/0x120
[  701.008258][ T9858]  generic_shutdown_super+0x63/0x340
[  701.013603][ T9858]  kill_block_super+0x7a/0xe0
[  701.018289][ T9858]  deactivate_locked_super+0xa0/0x110
[  701.023657][ T9858]  cleanup_mnt+0x490/0x520
[  701.028063][ T9858]  task_work_run+0x246/0x300
[  701.032637][ T9858]  exit_to_user_mode_loop+0xde/0x100
[  701.037903][ T9858]  exit_to_user_mode_prepare+0xb1/0x140
[  701.044145][ T9858]  syscall_exit_to_user_mode+0x60/0x270
[  701.049689][ T9858]  do_syscall_64+0x47/0xb0
[  701.054091][ T9858]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  701.059973][ T9858] 
[  701.062277][ T9858] The buggy address belongs to the object at ffff88805d1d8000
[  701.062277][ T9858]  which belongs to the cache sysv_inode_cache of size 1224
[  701.076951][ T9858] The buggy address is located 272 bytes inside of
[  701.076951][ T9858]  1224-byte region [ffff88805d1d8000, ffff88805d1d84c8)
[  701.090309][ T9858] 
[  701.092618][ T9858] The buggy address belongs to the physical page:
[  701.099026][ T9858] page:ffffea0001747600 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88805d1d8fd8 pfn:0x5d1d8
[  701.110489][ T9858] head:ffffea0001747600 order:2 compound_mapcount:0 compound_pincount:0
[  701.118810][ T9858] memcg:ffff8880570a9c01
[  701.123031][ T9858] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  701.131011][ T9858] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff8881472a88c0
[  701.139730][ T9858] raw: ffff88805d1d8fd8 00000000800c0008 00000001ffffffff ffff8880570a9c01
[  701.148304][ T9858] page dumped because: kasan: bad access detected
[  701.154736][ T9858] page_owner tracks the page as allocated
[  701.160428][ T9858] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0x1d20d0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 7371, tgid 7363 (syz.4.694), ts 420396133086, free_ts 411671940414
[  701.184807][ T9858]  post_alloc_hook+0x18d/0x1b0
[  701.189558][ T9858]  get_page_from_freelist+0x3731/0x38d0
[  701.195085][ T9858]  __alloc_pages+0x28d/0x770
[  701.199653][ T9858]  alloc_slab_page+0x6a/0x150
[  701.204321][ T9858]  new_slab+0x84/0x2d0
[  701.208392][ T9858]  ___slab_alloc+0xc20/0x1270
[  701.213149][ T9858]  kmem_cache_alloc_lru+0x1a5/0x2d0
[  701.218343][ T9858]  sysv_alloc_inode+0x24/0x40
[  701.223001][ T9858]  iget_locked+0x1c8/0x830
[  701.227398][ T9858]  sysv_iget+0x118/0x15a0
[  701.231807][ T9858]  complete_read_super+0x45d/0x7e0
[  701.236906][ T9858]  sysv_fill_super+0x63e/0x790
[  701.241652][ T9858]  mount_bdev+0x2c9/0x3f0
[  701.245961][ T9858]  legacy_get_tree+0xeb/0x180
[  701.250622][ T9858]  vfs_get_tree+0x88/0x270
[  701.255040][ T9858]  do_new_mount+0x2ba/0xb40
[  701.259634][ T9858] page last free stack trace:
[  701.264330][ T9858]  free_unref_page_prepare+0x12a6/0x15b0
[  701.270055][ T9858]  free_unref_page+0x33/0x3e0
[  701.274733][ T9858]  qlist_free_all+0x76/0xe0
[  701.279326][ T9858]  kasan_quarantine_reduce+0x156/0x170
[  701.284787][ T9858]  __kasan_slab_alloc+0x1f/0x70
[  701.289729][ T9858]  slab_post_alloc_hook+0x52/0x3a0
[  701.294899][ T9858]  __kmem_cache_alloc_node+0x137/0x260
[  701.300346][ T9858]  __kmalloc+0xa1/0x230
[  701.304489][ T9858]  tomoyo_realpath_from_path+0xcb/0x5d0
[  701.310028][ T9858]  tomoyo_path_number_perm+0x21f/0x7f0
[  701.315468][ T9858]  security_file_ioctl+0x6d/0xa0
[  701.320410][ T9858]  __se_sys_ioctl+0x47/0x160
[  701.324983][ T9858]  do_syscall_64+0x3b/0xb0
[  701.329380][ T9858]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  701.335277][ T9858] 
[  701.337593][ T9858] Memory state around the buggy address:
[  701.343286][ T9858]  ffff88805d1d8000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  701.351435][ T9858]  ffff88805d1d8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  701.359843][ T9858] >ffff88805d1d8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  701.368096][ T9858]                          ^
[  701.372668][ T9858]  ffff88805d1d8180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  701.380708][ T9858]  ffff88805d1d8200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  701.388753][ T9858] ==================================================================
[  701.396976][    C1] vkms_vblank_simulate: vblank timer overrun
[  701.403945][ T4262] Bluetooth: hci0: command 0x1407 tx timeout
[  701.410157][ T4260] Bluetooth: hci0: Opcode 0x1407 failed: -110
[  701.418737][ T4253] Bluetooth: hci1: command 0x0c1a tx timeout
[  701.433100][ T9858] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  701.440325][ T9858] CPU: 0 PID: 9858 Comm: syz.4.1318 Not tainted 6.1.128-syzkaller #0
[  701.448401][ T9858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  701.458482][ T9858] Call Trace:
[  701.461777][ T9858]  <TASK>
[  701.464720][ T9858]  dump_stack_lvl+0x1e3/0x2cb
[  701.469495][ T9858]  ? nf_tcp_handle_invalid+0x642/0x642
[  701.474963][ T9858]  ? panic+0x764/0x764
[  701.479047][ T9858]  ? vscnprintf+0x59/0x80
[  701.483390][ T9858]  panic+0x318/0x764
[  701.487288][ T9858]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[  701.493538][ T9858]  ? check_panic_on_warn+0x1d/0xa0
[  701.498660][ T9858]  ? memcpy_page_flushcache+0xfc/0xfc
[  701.504046][ T9858]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[  701.510038][ T9858]  ? _raw_spin_unlock+0x40/0x40
[  701.514901][ T9858]  check_panic_on_warn+0x7e/0xa0
[  701.519857][ T9858]  ? dtReadFirst+0x512/0xc40
[  701.524456][ T9858]  end_report+0x66/0x110
[  701.528789][ T9858]  kasan_report+0x143/0x160
[  701.533294][ T9858]  ? dtReadFirst+0x512/0xc40
[  701.537899][ T9858]  dtReadFirst+0x512/0xc40
[  701.542352][ T9858]  jfs_readdir+0x7da/0x3c30
[  701.546861][ T9858]  ? aa_file_perm+0x12c/0xf60
[  701.551551][ T9858]  ? mark_lock+0x9a/0x340
[  701.555892][ T9858]  ? __lock_acquire+0x125b/0x1f80
[  701.560943][ T9858]  ? dtInitRoot+0x690/0x690
[  701.565461][ T9858]  ? end_current_label_crit_section+0x147/0x170
[  701.571714][ T9858]  ? common_file_perm+0x17d/0x1d0
[  701.576751][ T9858]  ? iterate_dir+0x131/0x560
[  701.581346][ T9858]  iterate_dir+0x224/0x560
[  701.585770][ T9858]  __se_sys_getdents+0x1eb/0x4c0
[  701.590714][ T9858]  ? __x64_sys_getdents+0x80/0x80
[  701.595759][ T9858]  ? fillonedir+0x4c0/0x4c0
[  701.600272][ T9858]  ? syscall_enter_from_user_mode+0x2e/0x230
[  701.606258][ T9858]  ? lockdep_hardirqs_on+0x94/0x130
[  701.611481][ T9858]  ? syscall_enter_from_user_mode+0x2e/0x230
[  701.617474][ T9858]  do_syscall_64+0x3b/0xb0
[  701.621888][ T9858]  ? clear_bhb_loop+0x45/0xa0
[  701.626699][ T9858]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  701.632588][ T9858] RIP: 0033:0x7f18eab8cde9
[  701.636993][ T9858] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  701.656601][ T9858] RSP: 002b:00007f18eb9f0038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[  701.665225][ T9858] RAX: ffffffffffffffda RBX: 00007f18eada5fa0 RCX: 00007f18eab8cde9
[  701.673293][ T9858] RDX: 00000000000000b8 RSI: 0000200000001fc0 RDI: 0000000000000004
[  701.681342][ T9858] RBP: 00007f18eac0e2a0 R08: 0000000000000000 R09: 0000000000000000
[  701.689389][ T9858] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  701.697381][ T9858] R13: 0000000000000000 R14: 00007f18eada5fa0 R15: 00007ffc017e8508
[  701.705366][ T9858]  </TASK>
[  701.708700][ T9858] Kernel Offset: disabled
[  701.713017][ T9858] Rebooting in 86400 seconds..