last executing test programs:

4m49.138502118s ago: executing program 32 (id=442):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x378b5ec3}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @queue={{0xa}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_QUEUE_NUM={0x6, 0x1, 0x1, 0x0, 0x17}]}}}]}]}], {0x14}}, 0xd0}}, 0x0)
r1 = socket$inet6(0xa, 0x1, 0x0)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)

2m27.543153396s ago: executing program 0 (id=1896):
umount2(&(0x7f0000000080)='./file0\x00', 0x4)
mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x4000000)
mbind(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1, 0x0, 0x1ff, 0x3)
r0 = syz_clone(0x0, 0x0, 0x43, 0x0, 0x0, 0x0)
process_vm_writev(r0, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0x0)

2m27.277322319s ago: executing program 0 (id=1897):
r0 = socket$l2tp(0x2, 0x2, 0x73)
bind$l2tp(r0, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10)
r1 = socket$l2tp(0x2, 0x2, 0x73)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10)
connect$l2tp(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback, 0x3}, 0x10)

2m27.136379381s ago: executing program 0 (id=1902):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x0, 0x1}, 0xe)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r1, r0, 0xc00, 0x0, 0x0, 0xff, 0x48, 0x0, 0x5886, 0x881, 0x1, 0xa8, 'syz1\x00'})

2m26.902673625s ago: executing program 0 (id=1906):
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x0, &(0x7f0000000280)={[{@noload}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1}}, {@bh}, {@noload}, {@data_err_ignore}, {@usrjquota}]}, 0xfe, 0x44d, &(0x7f0000000900)="$eJzs3MtvG8UfAPDvrp30/Ut+UB4tLQQKouKRNOnzwKUIJA4gIcGhiFNI0qrUbaAJEq0qKBzKEVXijjgi8RdwggsCTkhc4Y4qVaiXFiQko13vpsa107hx6rb+fKRNZrzjzHx3d+zZGTsBDKyx7EcSsTkifouIkUb2vwXGGr+uXTk389eVczNJ1Otv/Jnk5a5eOTdTFi2ft6mRqdeL/Lo29V54O2K6Vps7XeQnFk++N7Fw5uzzx09OH5s7Nndq6tChfXt3Dh+Y2t+TOLO4rm7/aH7HtlfeuvjazJGL7/z0TdbezcX+5jh6ZaxxdNt6qteV9dmWpnRS7WND6EolIrLTNZT3/5GoxIalfSPx8qd9bRywpur1er3d+3PhfB24hyXR7xYA/VG+0Wf3v+V2m4Yed4TLhyPeP9iI/1qxNfZUIy3KDLXc3/bSWEQcOf/3l9kWazQPAQDQ7LvDEfFcu/FfGg82lftfsYYyGhH/j4j7IuL+iNgaEQ9E5GUfioiHu6y/dYXkxvFPeumWAluhbPz3QrG2tTT++6eex18YrRS5LXn8Q8nR47W5PcUx2R1D67L85DJ1fP/Sr5932tc8/su2rP5yLNiQXqq2TNDNTi9OrzLsJZc/idhebYk/l0S5jJNExLaI2N7VX75+h3H8ma93dCp18/iX0YN1pvpXEU83zv/5aIm/lHRcn5w8eGBq/8T6qM3tmSivihv9/MuF1zvVv6r4eyA7/xtbr//cUvyjyfqIhTNnT+TrtQvd13Hh98863tPc6vU/nLyZp4eLxz6cXlw8PRkxnLx64+NT159b5svyWfy7d7WLP81f48oj8UhEZBfxzoh4NCIeK9r+eEQ8ERG7lon/xxeffLf7+JeZle+hLP7Zm53/aD7/3ScqJ374tvv4S9n535endhePrOT1b6UNXM2xAwAAgLtFmn8GPknHl9JpOj7e+Az/1tiY1uYXFp89Ov/BqdnGZ+VHYygtZ7pGmuZDJ4u54TI/1ZLfW8wbf1HZkOfHZ+Zrs/0OHgbcpg79P/NHpd+tA9ac72vB4NL/YXDp/zC49H8YXPo/DK52/f/jPrQDuP28/8Pg0v9hcOn/MLj0fxhIHb8bn67qK/8S93wi0u6fVY07pPF3U6K64n9mcYuJdW139fuVCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoDf+DQAA//9X4u4v")
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x40000, 0x120)
getdents64(r0, &(0x7f0000000480)=""/240, 0xffb3)

2m26.048066904s ago: executing program 0 (id=1914):
r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x46d, 0xc71f, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x90, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0xc4, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x1000, 0x7, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0xd, 0x10, 0x40}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000500)={0x24, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x22, 0x7, {[@main=@item_012={0x0, 0x0, 0x9}, @global, @global=@item_4={0x3, 0x1, 0xa, "b0efbc16"}]}}, 0x0}, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x80, 0x0)
ioctl$KVM_CAP_DISABLE_QUIRKS2(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000000)={0xd5, 0x0, 0xbf})

2m24.243465142s ago: executing program 0 (id=1937):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000100)=0x10)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000000)={0x1, [<r2=>0x0]}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f00000011c0)={r2}, &(0x7f0000002200)=0x8)

2m23.80540311s ago: executing program 33 (id=1937):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000100)=0x10)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000000)={0x1, [<r2=>0x0]}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f00000011c0)={r2}, &(0x7f0000002200)=0x8)

2m19.057066691s ago: executing program 3 (id=1965):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f00000005c0), 0x10)
ioctl$SIOCGSTAMPNS(r0, 0x8907, 0x0)
recvmmsg(r0, &(0x7f0000000440)=[{{0x0, 0x0, &(0x7f0000000980)=[{0x0}, {&(0x7f0000000700)=""/9, 0x9}], 0x2}, 0x7}], 0x1, 0x2, 0x0)
sendmsg$can_bcm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="050000007f0000000000010000000000", @ANYRES64=0x0, @ANYRES64=0x2710], 0x48}}, 0x0)

2m18.756362234s ago: executing program 3 (id=1969):
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0)
openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x81)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000100)={0x2c, &(0x7f0000000440)=ANY=[@ANYBLOB="00000100000004"], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000900)={0x34, &(0x7f0000000000)=ANY=[@ANYBLOB="40140d000000"], 0x0, 0x0, 0x0, 0x0, 0x0})

2m16.979519858s ago: executing program 3 (id=1982):
syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000000)='./file1\x00', 0x10, &(0x7f0000000200)=ANY=[], 0x5, 0x62c, &(0x7f0000000640)="$eJzs3ctvXFcdB/DvHT/iCVLqtklbEAgrWYAakdieNvUCiYAQ8qJCldh004WVOI3VSYpsF7kVQglPseM/oCA5a1YsEItIZc2elaUuukBix8IbZHTv3GuP40dsF2fG5fORjs85c+4993d/M/fMwx45wP+t+bcz9jhF5q++uVb2N9Y73Y31zr2mneRcklYy2qtS3E+KT5Kb6ZV8ubyxnq446DjvjL4x99nMo4e93mhdqu1be/f79N/HO4sHdclUkpG6/hx2zXerf77WSaYrts+wTNiVJnEwaFt7PDjO7gde78DZUfSeN/eYTM4nmahfB6ReHU70NDhMjrXKAQAAwBn13GY2s5YLg44DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzpIiIyNV1Sutpj2Vovn//+P1banbw27isMHHzy4OAAAAAAAAADg1X9/MZtZyoelvFdXv/C9XnYvVzy/lg6xkMcu5lrUsZDWrWc5Mksm+icbXFlZXl2eOsOfsvnvOPi3Ss/CnBgAAAAAAAAAwMD/P/M7v/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYBgUyUivqsrFpj2Z1miSiSTj5XYPkr827bPs8aADAAAAgFMy0dd+bjObWcuFpr9VVO/5X6re90/kg9zPapaymm4Wc7v6LKD3rr+1sd7pbqx37pVl7zG++69jhVTNmN5nD/sfebra4tL2HvP5QX6Uq5nKW1nOUn6ShaxmMVP5ftVaSJHJ+tOLySbO/eO9uav31tNifaWKpJ07Wapiu5ZbeT/d3E6rOodqm8OP+LDMTvGd2hFzdLuuyzP6XV0/U+cOGpisMjK2nZHpOvdlNp4/PBPbj5OHRwrhySPNpLX9GdTFU8j5+V5V3a2/HkTOD/RkJmb7Hn0vHZSJsbq+/OnX/ny3e/+9u3dWrg7PKZ3Qk5no9GXi5Wajg1aqL1Qmxuts9FbR462Wl6t9L2QpP8z7uZ3FvJ65vJ7ZvJbXMp253OjL66UjXGut411rV75ZN9pJflPXw6HM6/N9ee1f6Sarsf5bdrL0wnFXpDutp4Uy+pW6UW75i2ZpGgo7mSjvud7a3ET34uGZ+MNW0zrGNfiNvl1+NVRrc/l4eaG8s6re7kdHOfbivmMz1djF7bHWnrFL22NPu1LH69dwe2earcZe3nesU4290je236scAIbe+VfPj7f/2f57++P2L9t3229OfO/c3Lmvjmfsb6N/GflT61Hr28Wr+Tg/23n/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnNzKhx+9t9DtLi5rDHuj+T9HwxLPF6Yxtrzyn62e/+XM5wd9Xp+vMeCFCTh111fv/fj6yocffWvp3sK7i+8u3u90Zm7Mzt2Ym71x/c5Sd3G693PQYQKnYOdJf/ftv/3Hru4fn21UAAAAAAAAAAAAwGGO8H2A1F88OfHXCXYfcXwg5wkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcXfNvZ+xxisxMX5su+xvrnW5ZmvbOlqNJWkmKnybFJ8nN9Eom+6YrDjrOO79/Y+6zmUcPd+YabbZvHbbf0TyoS6aSjNT14UaOPN+tI813mCJp91plwq40iYNB+28AAAD//6yLBy0=")
r0 = socket$unix(0x1, 0x2, 0x0)
creat(&(0x7f0000000640)='./bus\x00', 0x1a8)
bind$unix(r0, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
getdents64(0xffffffffffffffff, &(0x7f0000001f80)=""/4102, 0x1006)

2m16.765809456s ago: executing program 3 (id=1983):
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x4000, &(0x7f0000000740)={[{@test_dummy_encryption}, {@i_version}, {@noblock_validity}, {@commit={'commit', 0x3d, 0x5}}, {@inlinecrypt}, {@max_batch_time}, {@abort}, {@auto_da_alloc}, {@lazytime}, {@noauto_da_alloc}, {@block_validity}]}, 0xd, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000680)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
umount2(&(0x7f00000002c0)='./file0\x00', 0x9)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})

2m16.365285588s ago: executing program 3 (id=1986):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0xffffff98, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000000000b703000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r0}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

2m15.894481683s ago: executing program 3 (id=1990):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='contention_end\x00', r0}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_GET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)={0x2c, r2, 0x1, 0x70bd28, 0x25dfdbff, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20008800}, 0x200488c0)

2m15.561492072s ago: executing program 34 (id=1990):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='contention_end\x00', r0}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_GET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)={0x2c, r2, 0x1, 0x70bd28, 0x25dfdbff, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20008800}, 0x200488c0)

2m7.656376613s ago: executing program 4 (id=2076):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x18)
r2 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x5, 0xf, &(0x7f0000000740)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0xfffffff7}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

2m7.489706643s ago: executing program 4 (id=2078):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000003540)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000000c0)={0x38, r1, 0x1, 0x70bd27, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_BSS_BASIC_RATES={0x5, 0x24, [{0xc}]}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x16c1}], @NL80211_ATTR_MESH_ID={0xa}]}, 0x38}, 0x1, 0x0, 0x0, 0xc044014}, 0x8004)

2m7.351547742s ago: executing program 4 (id=2080):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000100)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
socket$igmp6(0xa, 0x3, 0x2)
pipe2$9p(&(0x7f00000000c0)={<r1=>0xffffffffffffffff}, 0x80000)
creat(&(0x7f0000000000)='./file0\x00', 0x4b)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x94, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}})

2m6.337151274s ago: executing program 4 (id=2086):
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x4000, &(0x7f0000000740)={[{@test_dummy_encryption}, {@i_version}, {@noblock_validity}, {@commit={'commit', 0x3d, 0x5}}, {@inlinecrypt}, {@max_batch_time}, {@abort}, {@auto_da_alloc}, {@lazytime}, {@noauto_da_alloc}, {@block_validity}]}, 0xd, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000680)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
umount2(&(0x7f00000002c0)='./file0\x00', 0x9)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})

2m5.795002024s ago: executing program 4 (id=2091):
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
r0 = open(&(0x7f00000000c0)='.\x00', 0x8000, 0x50)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8)
getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8)

2m5.123946787s ago: executing program 4 (id=2095):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket(0x1, 0x803, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r1}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_FLAGS={0x8, 0x8, 0x610}]}, 0x34}}, 0x0)

2m4.670363566s ago: executing program 35 (id=2095):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket(0x1, 0x803, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r1}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_FLAGS={0x8, 0x8, 0x610}]}, 0x34}}, 0x0)

1m38.859170889s ago: executing program 8 (id=2330):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r1 = openat$cgroup_devices(r0, &(0x7f0000000140)='devices.deny\x00', 0x2, 0x0)
write$cgroup_devices(r1, &(0x7f0000000000)={'a', ' *:* ', 'r\x00'}, 0x8)
write$cgroup_devices(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB='b 75:*\tmwr'], 0xa)

1m38.764478263s ago: executing program 8 (id=2331):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000000)='inet_sock_set_state\x00', r0, 0x0, 0x3}, 0x18)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r1, 0x6, 0x22, &(0x7f0000000000)=0x1, 0x4)
sendmmsg(r1, &(0x7f00000007c0)=[{{&(0x7f0000000380)=@in={0x2, 0x4e24, @local}, 0x80, &(0x7f0000000140)=[{&(0x7f00000004c0)='&', 0x1}], 0x1}}], 0xf00, 0x2c000011)

1m38.621446709s ago: executing program 8 (id=2334):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
close(r0)
syz_open_dev$evdev(&(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000380)='gid_map\x00')
mount$9p_fd(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480), 0x84, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

1m38.413329548s ago: executing program 8 (id=2337):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262)
move_mount(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', r0, &(0x7f0000000100)='./file0\x00', 0x204)

1m38.292957584s ago: executing program 8 (id=2339):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r2=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x8d33864195c5c22f}, 0x60400c0)
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="090d2000000000f0ff000700000008000300", @ANYRES32=r2, @ANYBLOB="0800051d000000001400060076657468115f746f5f7465616d0000000400cc000800050006000000140004"], 0x58}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

1m38.048797166s ago: executing program 8 (id=2345):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x80e02, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r2, 0x4068aea3, &(0x7f00000000c0)={0xbe, 0x0, 0x1})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000000000000024d564b"])

1m37.830184111s ago: executing program 36 (id=2345):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x80e02, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r2, 0x4068aea3, &(0x7f00000000c0)={0xbe, 0x0, 0x1})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000000000000024d564b"])

12.861329834s ago: executing program 7 (id=3432):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r0, 0x8983, &(0x7f0000000080)={0x0, 'team0\x00', {0x3}, 0x8})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000000)={'team0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=@newlink={0x38, 0x10, 0x1, 0x70bd23, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, 0x1, 0x3}, [@IFLA_TXQLEN={0x8, 0xd, 0x8}, @IFLA_CARRIER={0x5}, @IFLA_LINKMODE={0x5, 0x11, 0x7}]}, 0x38}, 0x1, 0x0, 0x0, 0x1}, 0x4000000)

12.733963609s ago: executing program 7 (id=3434):
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000cad000/0x3000)=nil, 0x3000})

12.549440194s ago: executing program 7 (id=3439):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000000)=0x100000b3, 0x4)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @multicast1}, 0x10)
r1 = socket$inet6(0xa, 0x80002, 0x0)
bind$inet6(r1, &(0x7f0000000200)={0xa, 0x4e20, 0x4000b, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x80ad}, 0x1c)

12.481939433s ago: executing program 7 (id=3442):
syz_mount_image$minix(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x200000, &(0x7f00000000c0)=ANY=[], 0xbe, 0x1e7, &(0x7f0000000200)="$eJzs201u00AYxvHHcZyUUiifG1ZILGBDAoUNO3oALsCuak1V4QIibFohIa7Bjpv0JlyglWDHCqOZuJEdJs7YwflQ/j+pzavYj99JlLE9CwvA2rph/wcKFNkqTdMv9yW9fiWp/e/+V+c9QACNSfUnBbCuwp+LHgGAxbjYDe19wFkg/fj1ef88+4s87x8udlvDYkNSLt/xzX8N7Ou9tnSey3ezQ069f/k+zD9UMX+lYv/NsfzmlFwwyg8//6MHxbxZJ21JuibpuqRtSeabvinplqP/wVj/u57jB2Zhfn0910K/Sr5Xv7+ZPW+OkviJa2M4PR9l+afuzblTyJlzh06W3/Ec76T8s5r5bpbv7b9PDhzbWzWPC/ho2flf36zzP5R+p+Pz/6V/vl0+/wGUGJycvt1LkvjjwFxsbTF6Z1IR2aKbHaFsZ3N1zL2jkhZmMeLVnaL5YsOxKSr8WpouOv/tgCrbx1y+luEL9ywuZ23zvbaThZ2SAMxJ/9Pxh/7g5PTx0fHeYXwYv9t5/uJy2W3X5f2Jq3MAK654c+4jaHZAAAAAAAAAAAAAAACgstuS7tQJ+j7gBwAAAGBplD8G9K3iw0OR5HjcqqT91hw/KgAAAAAAAAAAAAAAAAAAALDy/gYAAP//R4hAiA==")
unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

12.19339293s ago: executing program 7 (id=3446):
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x4000)=nil, 0x4000, &(0x7f0000000780)='\x00\xff\xff\x00\x02@qGP\xc5\x94\xa6\x8fB\xc3\x93\xe5\xc1a\x05!\x9a\x8b\xeb\xcew\xd8\x1e\xda\xc1\x9f\xe9\xc4c\xdd\xf6^\xcb\xec\x9b\x82\xcf\x14\xde\xa5\xef\x162bP\x95/\xefMs\xe0%}\xe4\xf1=\x05\xf6l\xb7\xc1\xe9c\xc3\x7f\tg\xf56\xeasl\xbd\x02\xc1\x8a\xa9\x83\xaf\xfa\x95W+N$\x06R\x92\xe5Z\x97\xfb\xb6e}fW\x8bm\x04\'{\xaf\xe2zd\x91+-\xb1\xd8\ftK|\xb8\xd2\xb6\x7f\xf4\x84\v\x1e\x00R\xfc\xbcg\x81\xbb\xc4\xcd\xe9\xe5.\x9b\x7f\xeb\x04\xe6,N\x00\x9a\x9d\xf8\xd1\x8aR4;\x7f\x8a\x86\xb7\xd7o\x90\xfd\xa9dJ\xd5.\x18F2\x00\x00\x00\xf2y\x99\xfd\xca\xff*\xd3;\x84F\x8f !N\x1c\xfaI\xa5\x85:\xc1\x9ed\x13\xaf\xd0/\x00\x9b\x0e\xb6\xca\xa5X\xb9]<\n\x04\x00\x00\x00\x00\x00\x00\x00\xc2\xf6\x1bw\n6^\xfa\xea\r\xf1\xc1\xd0\xd821\x9e\v4Q\xc6{\xa0\xf7\xcd\x82 6zL\xeeqG\t~\xafQ(\xc3\xd8\x05\xcb\xbfB\xb0\xe1b\x0f\xa8f\xe6\xb1\xe8\x9aB\x90\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xcd\xefx\x0f\xf5\x85M\x14\xbb\xab1)\x8e%\xb7\x89\x17/')
timer_create(0xb, 0x0, &(0x7f0000bbdffc))
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000d4c000/0x2000)=nil, 0x2000, &(0x7f0000000040)='%pK    \x00')
mremap(&(0x7f0000d4d000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil)

11.86920844s ago: executing program 7 (id=3450):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r0, &(0x7f0000000140)={0x28, 0x0, 0x2710, @hyper}, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000008c0)={&(0x7f0000001040)='virtio_transport_alloc_pkt\x00', r1, 0x0, 0x6}, 0x18)
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r0, 0x28, 0x1, &(0x7f0000000100)=0xfffffffffffffffe, 0x112)

11.706381473s ago: executing program 37 (id=3450):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r0, &(0x7f0000000140)={0x28, 0x0, 0x2710, @hyper}, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000008c0)={&(0x7f0000001040)='virtio_transport_alloc_pkt\x00', r1, 0x0, 0x6}, 0x18)
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r0, 0x28, 0x1, &(0x7f0000000100)=0xfffffffffffffffe, 0x112)

1.125140376s ago: executing program 9 (id=3577):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000200)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f0000000140)={0x48, 0x2, r1})
ioctl$IOMMU_VFIO_IOAS$SET(r0, 0x3b88, &(0x7f0000000300)={0xc, r1})
ioctl$IOMMU_VFIO_CHECK_EXTENSION(r0, 0x3b65, 0x4)

1.040680858s ago: executing program 1 (id=3580):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_freezer_state(r0, &(0x7f0000000140), 0x2, 0x0)
write$cgroup_freezer_state(r1, &(0x7f0000000040)='FROZEN\x00', 0x7)
write$cgroup_freezer_state(r1, &(0x7f0000000200)='THAWED\x00', 0x7)

933.793234ms ago: executing program 2 (id=3581):
r0 = syz_open_dev$dri(&(0x7f0000000240), 0x1, 0x101040)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f0000000040)=[<r1=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f00000002c0)={0x0, 0x0, r1, <r2=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r0, 0xc06864ce, &(0x7f0000000440)={r2, 0x0, 0x7f, 0x0, 0x3, [], [0x0, 0xfffffffc, 0x9], [0x0, 0x9, 0x2], [0xffffffffffffffff, 0x0, 0x7fff, 0xfffffffffffffffd]})
ioctl$DRM_IOCTL_MODE_GETFB(r0, 0xc01c64ad, &(0x7f0000000140)={r2})

932.807067ms ago: executing program 9 (id=3582):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001600), 0x0, 0x0)
ioctl$TCSBRKP(r0, 0x5425, 0x0)
ioctl$TCSETSW2(r0, 0x5425, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x3, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}}, &(0x7f0000000080)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10)

910.449362ms ago: executing program 6 (id=3583):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000400)={@val={0x1c, 0x800}, @val={0x1, 0x3, 0x0, 0x14, 0x14, 0x1}, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0x34, 0x67, 0x0, 0x0, 0x84, 0x0, @rand_addr=0x640100fd, @local}, {{0x200, 0x0, 0x41424344, 0x41424344, 0x0, 0x2, 0x8, 0x40, 0x1, 0x0, 0x1c, {[@mptcp=@generic={0xa3, 0x9, "0fe0e8cb896776"}]}}}}}}, 0x42)

874.26253ms ago: executing program 1 (id=3584):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$FUSE_IOCTL(r0, &(0x7f0000000000)={0x20, 0x0, 0x0, {0x8, 0x4, 0x1, 0x6}}, 0x20)

809.629057ms ago: executing program 2 (id=3586):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000080)={0x7, 0x1, 0xd7})

761.20054ms ago: executing program 5 (id=3587):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x2080, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)=0x3)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
ioctl$PPPIOCATTCHAN(r1, 0x40047438, &(0x7f0000000300)=0x1)
ioctl$BTRFS_IOC_WAIT_SYNC(r1, 0x80047458, &(0x7f0000000080))

702.775732ms ago: executing program 5 (id=3588):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x6)
getpeername$packet(r1, 0x0, 0x0)

700.398506ms ago: executing program 6 (id=3589):
syz_genetlink_get_family_id$wireguard(0x0, 0xffffffffffffffff)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
ioctl$sock_SIOCBRDELBR(r0, 0x89a2, &(0x7f0000000000)='bridge0\x00')
syz_emit_ethernet(0x2a, &(0x7f0000000000)={@link_local, @random="0000fc00", @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x16, 0x7c, 0x0, @dev={0xac, 0x14, 0x14, 0x30}}}}}}, 0x0)

626.68028ms ago: executing program 1 (id=3590):
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x80001, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000000)={0x5, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf501922de974a27", <r1=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, &(0x7f0000000180)={"2486910284ed923431d4c5d5fbf514fd00", r1})
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
close(r1)

599.305247ms ago: executing program 5 (id=3591):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x5, 0x6, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x18)
quotactl$Q_SYNC(0xffffffff80000100, 0x0, 0x0, 0x0)

599.012333ms ago: executing program 6 (id=3592):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x6}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000040)={r2}, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x0, 0x1, 0xaf}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80)

598.309606ms ago: executing program 2 (id=3593):
sigaltstack(&(0x7f0000000480)={&(0x7f0000004000)=""/4126, 0x80000001, 0x101e}, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)

504.112706ms ago: executing program 5 (id=3594):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="2c0000000a0a050000000000000000000a0000090900010073797a31000000000900020096797a31"], 0x2c}, 0x1, 0x0, 0x0, 0x24048014}, 0x4000)

445.339418ms ago: executing program 6 (id=3595):
r0 = landlock_create_ruleset(&(0x7f0000000000)={0x10, 0x0, 0x3}, 0x18, 0x0)
landlock_restrict_self(r0, 0x0)
r1 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0)
landlock_restrict_self(r1, 0x0)
rename(&(0x7f0000000240)='./cgroup\x00', &(0x7f0000000280)='./cgroup\x00')

445.070199ms ago: executing program 1 (id=3596):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0xb)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbff, 0x2fffffffd}, 0xc)
close(r0)

407.763617ms ago: executing program 1 (id=3597):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x80002, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000000)={0x2000})
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000000c0))
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000040)={0xeeee0000})

396.9879ms ago: executing program 2 (id=3598):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00'}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r0}, 0x10)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x101842, 0x0)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000040)=0xfffffffa)
ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r1, 0x80047456, 0x0)

373.722302ms ago: executing program 6 (id=3599):
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
sendmsg$inet(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x40)
getsockopt(r0, 0x200000000114, 0x2715, &(0x7f0000000580)=""/102393, &(0x7f0000000400)=0x18ff9)

316.017224ms ago: executing program 5 (id=3600):
signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x2]}, 0x8, 0x0)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f00000001c0)=0x8)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000040)=@assoc_value={r2}, 0x8)

315.773689ms ago: executing program 9 (id=3601):
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000001300)={0xa, 0x0, 0x0, @dev, 0x6}, 0x1c)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x100, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xb}}, 0x10001}, 0x1c)

253.244761ms ago: executing program 6 (id=3602):
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x6, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
ioprio_set$pid(0x2, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000940)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
splice(r0, 0x0, r1, 0x0, 0xf3a, 0x0)

200.669314ms ago: executing program 9 (id=3603):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r1 = fanotify_init(0x200, 0x40000)
fanotify_mark(r1, 0x1, 0x8000018, r0, 0x0)
vmsplice(r0, &(0x7f0000001240)=[{&(0x7f0000000100)='p', 0x1}], 0x1, 0x4)

173.837786ms ago: executing program 2 (id=3604):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x18)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="1400000010000100000000000000000000fc000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000001c08000640ffffff000800034000000028580000000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000002c0003802800008008000340000000021c00028018000280080001"], 0xec}}, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)

168.62632ms ago: executing program 5 (id=3605):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local})
writev(r0, &(0x7f0000000180)=[{&(0x7f0000000040)="2e9b3d0007e03dd65193dfb6c575963f86ddf06712e90021118db0049d90491ceaebfd26d4eef23248000000f858dbb8a19052", 0x33}, {&(0x7f0000000280)="edce35b4db1b4d", 0x28}], 0x2)

102.354534ms ago: executing program 1 (id=3606):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x6}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001e40)=ANY=[@ANYBLOB="b702000026000000bfa300000000000005000000000000007a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065060400010000050404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000496cf27fb6d2c643db7e2d5fb4b0936cdf827fb43a431ca711fcd0cdfa146ed3d09a6175037958e27106e225b7937f02008b5e5a076d83923dd29c034055b67d5b310efcfa89147a09000000f110026e6d2ef831ab7ea0c34f17e3ad6eecbb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b0a341a2d7cbdb9cd38bdb2ca8e050000003a14817ac61e4dd11183a13477bf7e060e3670ef0e6a9f65f1328d6704902cbe7bc04b82d2789cb132b8667c214733a18c8b6619f28d9961b626c57c2691208173656d60a17e3c184b751c51160fbcbbdb5b1e7be6148ba532e60a0ac346dfebd31a08060000000200000000000000334d83239dd27080e71113610e10d858e8327ef01fb6c86acac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e957bc73ddc4eabba08ab1e1ad828267d4eadd3964663e88535c133f7130856f756436303767d2e24f29e5dad9796edb697a6ea0183babc190ae2ebf8aad34732181feb215139f15ea7e8cb0bae7c34d5ac5e7c805210600000000000000c3dec04b25dfc17975238345d4f71ab158c36657b7218baa0700f781c0a99bd50499ccc421ace5e845885efb5b9964e4beba3da8223fe5308e4e65ee93e107000000f8ddebf70132a4d0175b989b8eccf707882042e716df9b57b290c661d4e85031086197bcc5cb0e221a0c34323c129102b6ff0100002e88a1940b3c02ed9c92d6f64b1282dc51bb0015982730711c599e1c72ffa11ed8be1a6830d7507005154c46bd3ca96318c570f0721fc7aa2a5836ba99fe1f86468694f22cdf550ef091a78098534f0d973059594119d06d5ea9a8d0857382ec6e2a071474cfc12346e47ad97f4ead7cf70a9d1cdac944779dc08a705414888700a30e2366c6a06b3367a389ca39059787790017b0689a173db9c24db65c1e00015c1d093dab18fd0699fe3304020000323e9c7080397bc49d70c060d57bc88fbe3bbaa058b040362ab926150363fb099408885afc2bf9a46a076b7babfcddeff8c35030669ea69f5e4be1b8e0d6697e97186f9ae97d5670dba6623279f73db9dec75070cd9ab0fda6b069ef6d2857ca3e4effcf7462710d133d541da86e0477e4a6cc999dc21c3ef408e6b178e7c9f274d7fafc8d757d33dfa35aa2000034837d365e63845f3c1092f8dde8af3904ea0f4b82649b83ed4fa0f873339c4cadecc13219ba7518aa4f7db34ead13484742067ab743c1d82a5687f2ed69000000000000000000000000009a6d1852cfe790362ca800000000000000000099d4fa0000000000003f0ecdc7c82e72919c91d2039afe17e95edeeeba72205beff7771bcb293747b88486cacee403000000a2919a4bff2ed893f2c814679fa69fc7e0cf761f918725704a01c56009a9f748e5aaf30a10bd8c409b1870c1f75e26b45264e3d3f8e0048e55ae289ce2ad779ce71d4dc30cbb2cc4289d2f884d66cddc76eb7f601110ff39053c262279f4ef00fbdb8c328615a9ec84f27a9f3938ae736138b8c1ec220c1540bf3d162dc1c27fa30f0dc60b9f257db5d1c7ed2e152cb2cf06f8edb30177fead735a952ffce676a93110904d5ee2abdab2ef3ff84c4d61443f73552195c7ccfbf9f03c44432eaa3b7501d4239354da8de21eada75d3a3afb2c76ff0700007976699b6c0f0e946766f57544ff52cef0dd811bec4e3c0a30f2d7d19d26d2503a3ea376721b8eded3bc475958dd498ee2b2d6146e33fc0de1dc2e0516ac565ddb1d4ae89e671282a2d3066ac968c7d7d7db195f255b1b4a85eb9ee0a3b68c9e209756623adf685dd715d68ed11e4b4d5502f512493af8f98c615cac3666c58f785c3f758be352a71871d5c081197d37980e4f4e26b5476fb20407ff7098b7174bef66fa03a99b5c0c20b378065fac4ef9ac2d0d804b9400000060e5d3f1749f6aecf69ba83a71caa9bdddc679f1b826f74b6563a4be1fd82b73c8c2bc65f63982b951fb058fd3c7b6341c4580376b6c16bd94d2da66059de81abfa15eeeae3b0ba38d8bb1bf032c73f1285e21fff5a1d138e061b1dc7bbda199b5fab8e0719e9cd69b47dcb52b0be6a3a73afdf328132e1d4f21065716be0c53a23940d07188b015fa341dbc92231c8b5e5717eac184f46c9f61b69f55cd2231bcf821052429a1f250e8b734be0605a15f25923d599544b319319ff0a32621019347df460a098119a6f47eb1bac47946d7a009cbc6ec74c19a93cc7c7138b28c95270116181fd5f553573c48104d2ad0e10d3663488e664401453f22f0d76d2162635365258af61ae1f46f4a7862f302d91e3f7c2781f602220522e84602a939a8d5e4137ae31ccd397404dc72e06715a6503d4d865182803ee6725da7293b23daeebefd6fce7411c9624a7e8d5ba5a13e1c32adc4f3274497c6882a72475e4280a4d9a47c003c6ed3071330c58145be813a10788a720a6b5a498ca2b42496c479a0a71e2f6f9bad8c84bc6be20281bde0b348cf2c60538a505ad4a0510eebb023e4954c9eb6cd70627f5c03d867dbf3ad5d1f1dc852064dd0efafc3df20ec8faf3d194db76127f88f284fa1b71ab964fdd2474471da76373e65e9a8bf844bdfdd348bc7d00c4c7e7afe8a1f8cde79b7a6c5aafe954b8ba37818e40c14b37c23f9f614576b689436fef2f27f8b1e756e00262e22bca49c43fd73e7e99b2fa44a8c1db99c2cf2735ad6c5fabf082e0df0f8ba7e24272165f2f5b28230c095162b3b5fb3832ee68e2b53d44bd84bf6770157e96bbb96b5e1f165c87e7a9a7d53c281d88ebb175a4dbb82130e6870982947913110f091d21760d985afd3163f2e6880682432f9b3b97d57a9f980edfa1116a3d04d58872a07d6a7e12db673acd2f7b8988d833e71943fe2c1c65a3cf36b955c56b55bfd3ecf0af694c71a03f2996c15b1ba971de1cb9c7e6a0000000000000014783ef54c51199317413f98dca8ff3df3572a7d9ef5f6103997f1f9e4b0c3970bda50f6c0af58dbd6c031b1a5a7512c5896514adfa17d31429c68db50a93d88199defd3b4625fea426ff9293a28a544a6a9e2a79b55daa1b3c6b14c4ec6d164e902ce4913843d65d841973468729ea12bf6d3499036dbb66718f3497855c3baa6cc07c0fa388ec9df0617c1a28ef5a595ee267a76175b8a057e6efaf4fefe46def451f2858fe71a53e77b1a44e98843bb3a40102da3703dfb9f61bdcea2fb810b32d52e2157a150a63ea6135d1cf6f864c2e68884d7245bc5d61dc5a114d10ffb22e76678bbfc1e3865d17d128306d1b81884a934cb00000000000000000098a4526e6468987dbc63bff7590eb388afaba43d811996333eef7e9f472bee293f0c40d434b8be07cbd52325296e22802493edb5c590ad208bac683a8b2d4c9d2d57ff846ae8c422e0b28546671f11d8157bb762c91f3fbcca8e21589c92446ae65d408c0637ffcc2d44d715ce003dd1e12b085e186d069a55c2e96efbe5024d61a56a36d988c0f51a973a6c238e545b28211a92000000001501aed8d72af0fcd540a9d4e293690c5e697b3a1480e46df5371bca1cfb28a57c1b3c9534229d6133fa814a0a67385fea04220423"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffd61, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000900)={r2, 0x18000000000002a0, 0xf, 0x0, &(0x7f0000000040)="76389e147583ddd0569ba56a88a855", 0x0, 0x1c00, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)

97.917238ms ago: executing program 9 (id=3607):
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000800)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x60000000, 0x0, 0x34, 0x0, 0x0}, 0x50)
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000200)=0x6bb2, 0x4)
sendmmsg$inet6(r0, &(0x7f00000002c0)=[{{&(0x7f0000000400)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c, 0x0}}], 0x1, 0x0)
recvmmsg(r0, &(0x7f0000000800), 0x62, 0x12141, 0x0)

803.026µs ago: executing program 9 (id=3608):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file3\x00', 0xcc0, &(0x7f00000001c0)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6865617274626561743d6e6f6e652c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c636f686572656e63793d62756666657265642c6572726f72733d636f6e74696e75652c757365725f78617474722c626172726965723d30303030303030303030303030303032363131352c6469725f726573765f6c6576656c3d30303030303030303030303030303030303030362c696e74722c6a6f75726e616c5f6173796e635f636f6d6d69742c00535d4e036013ec9e6e7ecdee3849b40884b95e94f35cec9600cd19beb0"], 0x1, 0x442a, &(0x7f0000004480)="$eJzs3c9PHGUfAPBnBvoW+rZ9oW8PfZM3cRObaNQQ6EmliZTSUmixptrGeNkusG3RhW1gMR56wFsTTyYejIdGE2+cGg5e65/gxWM9N9GDFxOTRszuzgIz7IaVsGDr53NgmOc3+5159pnD8MSJyp25pdzcUq6wkCvP3Fo6k/u4XFqeL4Z4nzTt/9D+9U97OnGdHPS190929fzFd2+cCeH72R+frK+vr4eq7tDU0Jbff/v13szWY0OcqVNtt3lre+WDEMLJbeOq6gohvP9dCFEI4VySNpoce0MIx0I978a9z27m9mg0Dx8Xz+afTt1fGz49ufpgrfXfHoXwVel/r92e//nFruGfXtmj7gEAAAAAAAAAAAAAAAAAeMaNX7t6/Z3BofAoCt2r0fb3dceTY6v3Y9f3zAud/2MBAAAAAAAAAAAAAAAAAADgb2rz/f9cdKLJ+/9jyXGkRf31tzo/Rjpn4u2rYxcGh5L936Nt+a8nSb+c6wr9TfZ9z+7/fi5Tv/n+79v72a3G+Br99oUoHkidx/HAQAjfJBu/n4qOxKXyUuXVW+Xlhdk9G8YzKx3/+u79qegkG/q3G//RTPud3///v9uupur5zb27xJ5r6fh3tSz37adRW/E/n6m3H/Fn99Lx766l9W4tMFKfAKrx/7x75/iPZdrvVPyPhxByUXWsudQMUF3DVNNbrVdIS8f/UC0tNXUmH2Sr+//3TPwvZNo/qPl/JftFRFPp+P+rltaTKrF5//fHO9//FzPtH0T8q+Nf8f3flnT8D9cTu1NFap9ku/P/eKb9TsX/epyM83iUugJWo3p6q/9XR1o6/j3b8jef/+K21n+XMvX36/mv0W/j+a8x/b8c1Z//aC4d/96W5dq9/ycy9To9/4/U1n/sVjr+R2pp6bVzX+1nu/GfzLTfqfjXViU9jfhvzid/HK6nf23915Z0/P9dT4y3llip/ayt/6Kd1/+XM+0fxPqvOv6VuLO9Pi/S8T/aslw1/j+08f1/JVOv8/EPYdBaf9fS8T/Wslzt/u/ZOf5TmXqdjv9LnWwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Bkwmhz7QhQPpM7jeGAghPPJ+alwJJouzOanS+WZj5ZCGEvSc+FEdLtUni6U8nML5dlivlAqlWdCuJDknww90VKpXMnPF+5e3GirN7pTLCxWpouFSghhPEn/fzjWaGt6rjJfuBtCuLSR95+4vHj3TmEhPzu3+Obg4OBgmNgYQ39U/KRSXKjUe6/nhjC5Ubcv2jK4WvbljbEcjT4sLy8uFEq19Ctb6pTKM4XSljpTSd4XoT+qLC4vzBQqxXypfLvR30EaSY5jE9feu3ZlaFv+zah+HN3fYQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwFz0afuPLEEJ3/SwOIYw0fomalX/4uHg2/3Tq/trw6cnVB2tPWpUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+JMdOBAAAAAAAPJ/bYSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoq7NIxSgNBFAbgN2Ohdh7DatntbFcU0cIVwRPoMTyMHsVLeIcUKdKmCIFkFsJmF7ZJqu9rHszPzHswDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHme3ruPt7qJSHG1uYz4+/pfHOYvpf7cj9+/OMOMnM7za/fwWDfl39NRfleOlm3epevV92eM1N7vYE+G+7TX97menGtq36bm6/veRMpVRLQlv005V9W8twAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyw4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRR9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPArAAD///4CHxA=")
openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file6\x00', 0x0)
unlinkat(0xffffffffffffff9c, &(0x7f00000001c0)='./file6\x00', 0x200)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)

0s ago: executing program 2 (id=3609):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000000)={0x1, 0x0, 0xd})

kernel console output (not intermixed with test programs):

  311.070328][ T5932] razer 0003:1532:010E.001C: hidraw0: USB HID v0.00 Device [HID 1532:010e] on usb-dummy_hcd.6-1/input0
[  311.114298][ T5187] Bluetooth: hci2: command tx timeout
[  311.288391][ T5940] usb 7-1: USB disconnect, device number 4
[  311.401960][T12012] loop8: detected capacity change from 0 to 32768
[  311.425356][T12012] XFS (loop8): DAX unsupported by block device. Turning off DAX.
[  311.446245][T12012] XFS (loop8): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a
[  311.527562][T12033] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  311.544120][T12012] XFS (loop8): Ending clean mount
[  311.556772][ T5940] usb 6-1: USB disconnect, device number 15
[  311.586410][T12012] XFS (loop8): Quotacheck needed: Please wait.
[  311.643338][T12012] XFS (loop8): Quotacheck: Done.
[  311.726818][T11630] XFS (loop8): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a
[  311.809764][T12037] loop5: detected capacity change from 0 to 4096
[  311.837812][T12037] ntfs3: Bad value for 'uid'
[  311.842468][T12037] ntfs3: Bad value for 'uid'
[  311.991727][T12042] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  312.258090][T12031] loop2: detected capacity change from 0 to 32768
[  312.313268][T12031] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  312.388759][T12031] XFS (loop2): Ending clean mount
[  312.516361][T12066] loop8: detected capacity change from 0 to 4096
[  312.570358][T11628] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  312.592946][T12067] NILFS (loop8): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  312.674112][   T30] audit: type=1800 audit(1758729929.579:461): pid=12066 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.2242" name="file1" dev="loop8" ino=15 res=0 errno=0
[  312.694668][    C0] vkms_vblank_simulate: vblank timer overrun
[  313.337663][T12081] netlink: 'syz.6.2251': attribute type 1 has an invalid length.
[  313.340046][T12083] loop7: detected capacity change from 0 to 1024
[  313.378998][T12081] netlink: 'syz.6.2251': attribute type 2 has an invalid length.
[  313.662554][T12099] netlink: 164 bytes leftover after parsing attributes in process `syz.5.2256'.
[  313.924055][T12116] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2264'.
[  313.969067][T12120] netlink: 'syz.5.2263': attribute type 1 has an invalid length.
[  313.978943][T12120] netlink: 172 bytes leftover after parsing attributes in process `syz.5.2263'.
[  313.991036][T12120] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2263'.
[  314.014227][ T5978] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  314.161181][T12128] netlink: 14528 bytes leftover after parsing attributes in process `syz.5.2270'.
[  314.174185][ T5978] usb 7-1: Using ep0 maxpacket: 16
[  314.189743][ T5978] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  314.209610][ T5978] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  314.229051][ T5978] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  314.242717][ T5978] usb 7-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  314.251928][ T5978] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  314.283304][ T5978] usb 7-1: config 0 descriptor??
[  314.348879][T12136] bridge_slave_0: left allmulticast mode
[  314.354758][T12136] bridge_slave_0: left promiscuous mode
[  314.360750][T12136] bridge0: port 1(bridge_slave_0) entered disabled state
[  314.379650][T12136] bridge_slave_1: left allmulticast mode
[  314.391265][T12136] bridge_slave_1: left promiscuous mode
[  314.397866][T12136] bridge0: port 2(bridge_slave_1) entered disabled state
[  314.419112][T12136] bond0: (slave bond_slave_0): Releasing backup interface
[  314.482828][T12136] bond0: (slave bond_slave_1): Releasing backup interface
[  314.508935][T12136] team0: Port device team_slave_0 removed
[  314.522726][T12136] team0: Port device team_slave_1 removed
[  314.532110][T12136] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  314.550576][T12136] batman_adv: batadv0: Removing interface: batadv_slave_0
[  314.561663][T12136] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  314.577639][T12136] batman_adv: batadv0: Removing interface: batadv_slave_1
[  314.589155][T12136] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  314.721016][ T5978] microsoft 0003:045E:07DA.001D: unknown main item tag 0x2
[  314.735612][ T5978] microsoft 0003:045E:07DA.001D: unknown main item tag 0x0
[  314.744858][ T5978] microsoft 0003:045E:07DA.001D: unknown main item tag 0x0
[  314.752130][ T5978] microsoft 0003:045E:07DA.001D: unknown main item tag 0x0
[  314.766567][ T5978] microsoft 0003:045E:07DA.001D: unknown main item tag 0x0
[  314.774251][ T5978] microsoft 0003:045E:07DA.001D: unknown main item tag 0x0
[  314.781513][ T5978] microsoft 0003:045E:07DA.001D: unknown main item tag 0x0
[  314.791389][ T5978] microsoft 0003:045E:07DA.001D: unknown main item tag 0x0
[  314.810884][ T5978] microsoft 0003:045E:07DA.001D: unknown main item tag 0x0
[  314.838040][ T5978] input: HID 045e:07da as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:045E:07DA.001D/input/input39
[  314.889482][ T5978] microsoft 0003:045E:07DA.001D: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.6-1/input0
[  314.920325][ T5978] usb 7-1: USB disconnect, device number 5
[  315.043955][  T982] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  315.188863][T12174] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  315.234017][  T982] usb 6-1: Using ep0 maxpacket: 16
[  315.241603][  T982] usb 6-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  315.255819][  T982] usb 6-1: config 0 interface 0 has no altsetting 0
[  315.262521][  T982] usb 6-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[  315.273681][  T982] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  315.284794][  T982] usb 6-1: config 0 descriptor??
[  315.293917][ T5932] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  315.449808][ T5932] usb 9-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  315.461976][ T5932] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  315.477512][ T5932] usb 9-1: config 0 descriptor??
[  315.486108][ T5932] gspca_main: cpia1-2.14.0 probing 0813:0001
[  315.729183][  T982] nzxt-smart2 0003:1E71:2009.001E: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.5-1/input0
[  315.772959][T12192] kvm: apic: phys broadcast and lowest prio
[  315.896619][ T5932] cpia1 9-1:0.0: unexpected state after lo power cmd: 00
[  316.142858][ T6011] usb 6-1: USB disconnect, device number 16
[  316.307345][ T5932] gspca_cpia1: usb_control_msg 02, error -32
[  316.313674][ T5932] gspca_cpia1: usb_control_msg 02, error -71
[  316.320426][ T5932] cpia1 9-1:0.0: only firmware version 1 is supported (got: 0)
[  316.330237][ T5932] usb 9-1: USB disconnect, device number 4
[  316.474884][T12204] loop6: detected capacity change from 0 to 4096
[  316.510748][T12208] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  316.534150][   T30] audit: type=1800 audit(1758729933.459:462): pid=12204 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.2300" name="file1" dev="loop6" ino=15 res=0 errno=0
[  316.535804][T12209] netlink: 112 bytes leftover after parsing attributes in process `syz.7.2304'.
[  316.554744][    C0] vkms_vblank_simulate: vblank timer overrun
[  316.853343][T12213] netlink: 'syz.5.2306': attribute type 1 has an invalid length.
[  316.871526][T12213] netlink: 'syz.5.2306': attribute type 2 has an invalid length.
[  317.276242][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  317.282694][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  317.294386][ T5932] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[  317.357338][T12211] loop7: detected capacity change from 0 to 32768
[  317.392137][T12233] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2314'.
[  317.417943][T12211] XFS (loop7): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  317.473990][ T5932] usb 9-1: Using ep0 maxpacket: 16
[  317.486566][T12211] XFS (loop7): Ending clean mount
[  317.491455][ T5932] usb 9-1: config 0 has an invalid interface number: 145 but max is 0
[  317.504500][ T5932] usb 9-1: config 0 has no interface number 0
[  317.515504][ T5932] usb 9-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  317.525302][ T5932] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  317.539014][ T5932] usb 9-1: Product: syz
[  317.543222][ T5932] usb 9-1: Manufacturer: syz
[  317.549714][T12211] XFS (loop7): Quotacheck needed: Please wait.
[  317.559734][ T5932] usb 9-1: SerialNumber: syz
[  317.578386][ T5932] usb 9-1: config 0 descriptor??
[  317.596703][ T5932] hub 9-1:0.145: bad descriptor, ignoring hub
[  317.604623][ T5932] hub 9-1:0.145: probe with driver hub failed with error -5
[  317.630003][ T5932] input: bcm5974 as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.145/input/input40
[  317.644215][T12211] XFS (loop7): Quotacheck: Done.
[  317.811855][T11326] XFS (loop7): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  318.027459][T12236] loop6: detected capacity change from 0 to 32768
[  318.194235][T12236] ERROR: (device loop6): dbAlloc: the hint is outside the map
[  318.194235][T12236] 
[  318.217491][T12236] ERROR: (device loop6): remounting filesystem as read-only
[  318.236974][T12236] ialloc: diAlloc returned -5!
[  318.270659][T12244] loop2: detected capacity change from 0 to 32768
[  318.374064][T12244] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,metadata_target=invalid label 246,noinodes_use_key_cache,journal_flush_delay=3,journal_reclaim_delay=1000,nocow
[  318.374096][T12244]   allowing incompatible features above 0.0: (unknown version)
[  318.374109][T12244]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  318.420767][T12244] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0
[  318.430580][T12244] bcachefs (loop2): initializing new filesystem
[  318.446018][T12244] bcachefs (loop2): going read-write
[  318.458839][T12244] bcachefs (loop2): marking superblocks
[  318.498117][T12244] bcachefs (loop2): initializing freespace
[  318.512047][T12244] bcachefs (loop2): done initializing freespace
[  318.531253][T12244] bcachefs (loop2): reading snapshots table
[  318.538363][T12244] bcachefs (loop2): reading snapshots done
[  318.574399][T12244] bcachefs (loop2): done starting filesystem
[  318.756644][   T30] audit: type=1800 audit(1758729935.679:463): pid=12244 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2317" name="file1" dev="loop2" ino=4098 res=0 errno=0
[  318.855602][T11628] bcachefs (loop2): shutting down
[  318.860692][T11628] bcachefs (loop2): going read-only
[  318.897142][T11628] bcachefs (loop2): finished waiting for writes to stop
[  318.917612][T11628] bcachefs (loop2): flushing journal and stopping allocators, journal seq 8
[  318.990852][T12277] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  319.013240][T11628] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 11
[  319.072571][T11628] bcachefs (loop2): clean shutdown complete, journal seq 12
[  319.087968][T11628] bcachefs (loop2): marking filesystem clean
[  319.176816][T12268] loop5: detected capacity change from 0 to 40427
[  319.218203][T11628] bcachefs (loop2): shutdown complete
[  319.226464][T12268] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  319.241157][T12268] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  319.311966][T12268] F2FS-fs (loop5): invalid crc value
[  319.401125][ T5978] kernel write not supported for file /102/gid_map (pid: 5978 comm: kworker/1:6)
[  319.596052][T12268] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  319.654687][T12268] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  319.661783][T12268] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  319.802616][T12304] netlink: 36 bytes leftover after parsing attributes in process `syz.6.2341'.
[  319.968025][ T3007] bridge_slave_1: left allmulticast mode
[  319.973729][ T3007] bridge_slave_1: left promiscuous mode
[  319.989821][ T3007] bridge0: port 2(bridge_slave_1) entered disabled state
[  320.006277][ T3007] bridge_slave_0: left allmulticast mode
[  320.012837][ T3007] bridge_slave_0: left promiscuous mode
[  320.032587][ T3007] bridge0: port 1(bridge_slave_0) entered disabled state
[  320.539209][ T5871] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  320.551275][ T5871] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  320.562260][ T5871] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  320.571508][ T5871] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  320.580197][ T5871] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  320.838917][ T3007] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  320.850898][ T3007] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  320.861086][ T3007] bond0 (unregistering): Released all slaves
[  320.882306][T12313] bridge_slave_0: left allmulticast mode
[  320.889917][T12313] bridge_slave_0: left promiscuous mode
[  320.896291][T12313] bridge0: port 1(bridge_slave_0) entered disabled state
[  320.912447][T12313] bridge_slave_1: left allmulticast mode
[  320.918345][T12313] bridge_slave_1: left promiscuous mode
[  320.924756][T12313] bridge0: port 2(bridge_slave_1) entered disabled state
[  320.970882][T12313] bond0: (slave bond_slave_0): Releasing backup interface
[  321.006014][T12313] bond0: (slave bond_slave_1): Releasing backup interface
[  321.024822][T12313] team0: Port device team_slave_0 removed
[  321.037040][T12313] team0: Port device team_slave_1 removed
[  321.043605][T12313] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  321.051215][T12313] batman_adv: batadv0: Removing interface: batadv_slave_0
[  321.060787][T12313] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  321.069566][T12313] batman_adv: batadv0: Removing interface: batadv_slave_1
[  321.079336][T12313] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  321.268523][  T982] usb 9-1: USB disconnect, device number 5
[  321.469042][ T3007] hsr_slave_0: left promiscuous mode
[  321.517657][ T3007] hsr_slave_1: left promiscuous mode
[  321.524647][ T6011] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  321.536463][ T3007] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  321.557346][ T3007] batman_adv: batadv0: Removing interface: batadv_slave_0
[  321.573116][ T3007] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  321.584947][ T3007] batman_adv: batadv0: Removing interface: batadv_slave_1
[  321.627152][ T3007] veth1_macvtap: left promiscuous mode
[  321.632824][ T3007] veth0_macvtap: left promiscuous mode
[  321.639279][ T3007] veth1_vlan: left promiscuous mode
[  321.644773][ T3007] veth0_vlan: left promiscuous mode
[  321.703552][ T6011] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  321.723932][ T6011] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[  321.748123][ T6011] usb 7-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  321.758658][T12336] loop5: detected capacity change from 0 to 1024
[  321.766531][T12336] EXT4-fs: Ignoring removed bh option
[  321.772133][T12336] EXT4-fs: Ignoring removed orlov option
[  321.772144][ T6011] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  321.778194][T12336] EXT4-fs: Ignoring removed nomblk_io_submit option
[  321.796571][ T6011] usb 7-1: SerialNumber: syz
[  321.823120][T12336] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  321.959564][T11767] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  322.019952][ T6011] usb 7-1: 0:2 : does not exist
[  322.055304][ T6011] usb 7-1: USB disconnect, device number 6
[  322.407687][ T3007] team0 (unregistering): Port device team_slave_1 removed
[  322.457247][ T3007] team0 (unregistering): Port device team_slave_0 removed
[  322.624197][ T5871] Bluetooth: hci4: command tx timeout
[  323.052468][   T30] audit: type=1326 audit(1758729939.969:464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12349 comm="syz.7.2357" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fef03f8eec9 code=0x0
[  323.416431][T12338] gretap0: entered promiscuous mode
[  323.442317][T12315] chnl_net:caif_netlink_parms(): no params data found
[  323.607814][  T982] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  323.775791][T12315] bridge0: port 1(bridge_slave_0) entered blocking state
[  323.786249][  T982] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  323.807733][  T982] usb 7-1: config 0 interface 0 has no altsetting 0
[  323.826140][T12315] bridge0: port 1(bridge_slave_0) entered disabled state
[  323.839273][  T982] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  323.853628][T12315] bridge_slave_0: entered allmulticast mode
[  323.858671][  T982] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  323.874758][  T982] usb 7-1: Product: syz
[  323.887744][T12315] bridge_slave_0: entered promiscuous mode
[  323.902256][  T982] usb 7-1: Manufacturer: syz
[  323.907016][T12315] bridge0: port 2(bridge_slave_1) entered blocking state
[  323.916642][  T982] usb 7-1: SerialNumber: syz
[  323.924166][T12315] bridge0: port 2(bridge_slave_1) entered disabled state
[  323.931925][T12315] bridge_slave_1: entered allmulticast mode
[  323.939951][T12315] bridge_slave_1: entered promiscuous mode
[  323.941044][  T982] usb 7-1: config 0 descriptor??
[  323.972248][  T982] usb 7-1: selecting invalid altsetting 0
[  323.998725][T12375] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  324.212307][   T10] usb 7-1: USB disconnect, device number 7
[  324.355043][T12315] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  324.372147][T12315] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  324.448052][T12315] team0: Port device team_slave_0 added
[  324.463280][T12315] team0: Port device team_slave_1 added
[  324.561002][T12315] batman_adv: batadv0: Adding interface: batadv_slave_0
[  324.571956][T12396] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2376'.
[  324.578712][T12315] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  324.607454][T12315] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  324.621631][T12315] batman_adv: batadv0: Adding interface: batadv_slave_1
[  324.629629][T12315] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  324.656001][T12315] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  324.703979][ T5871] Bluetooth: hci4: command tx timeout
[  324.760020][T12315] hsr_slave_0: entered promiscuous mode
[  324.779339][T12400] overlayfs: failed to decode file handle (len=4, type=248, flags=0, err=-22)
[  324.788984][T12315] hsr_slave_1: entered promiscuous mode
[  324.811074][T12315] debugfs: 'hsr0' already exists in 'hsr'
[  324.817088][T12315] Cannot create hsr debugfs directory
[  325.407801][T12315] 8021q: adding VLAN 0 to HW filter on device bond0
[  325.478950][T12315] 8021q: adding VLAN 0 to HW filter on device team0
[  325.512589][ T1146] bridge0: port 1(bridge_slave_0) entered blocking state
[  325.519853][ T1146] bridge0: port 1(bridge_slave_0) entered forwarding state
[  325.573157][ T1146] bridge0: port 2(bridge_slave_1) entered blocking state
[  325.580437][ T1146] bridge0: port 2(bridge_slave_1) entered forwarding state
[  326.169259][T12315] 8021q: adding VLAN 0 to HW filter on device batadv0
[  326.393281][T12449] loop5: detected capacity change from 0 to 4096
[  326.475981][T12453] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2395'.
[  326.494555][T12453] netlink: 'syz.7.2395': attribute type 30 has an invalid length.
[  326.505069][T12454] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  326.578584][   T30] audit: type=1800 audit(1758729943.499:465): pid=12449 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2393" name="file1" dev="loop5" ino=15 res=0 errno=0
[  326.793093][ T5871] Bluetooth: hci4: command tx timeout
[  327.100303][T12462] loop6: detected capacity change from 0 to 2048
[  327.112921][T12462] NILFS (loop6): broken superblock, retrying with spare superblock (blocksize = 1024)
[  327.161949][T12463] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  327.179896][T12315] veth0_vlan: entered promiscuous mode
[  327.221615][T12315] veth1_vlan: entered promiscuous mode
[  327.227317][   T30] audit: type=1800 audit(1758729944.139:466): pid=12462 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.2396" name="file2" dev="loop6" ino=16 res=0 errno=0
[  327.252883][T12462] NILFS error (device loop6): nilfs_lookup: deleted inode referenced: 12
[  327.268057][T12440] loop2: detected capacity change from 0 to 40427
[  327.282992][T12440] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  327.291223][T12440] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  327.292331][T12462] Remounting filesystem read-only
[  327.317278][T12440] F2FS-fs (loop2): invalid crc value
[  327.341361][T12315] veth0_macvtap: entered promiscuous mode
[  327.366705][T12315] veth1_macvtap: entered promiscuous mode
[  327.368220][T11142] NILFS (loop6): disposed unprocessed dirty file(s) when detaching log writer
[  327.425823][T12315] batman_adv: batadv0: Interface activated: batadv_slave_0
[  327.466161][T12315] batman_adv: batadv0: Interface activated: batadv_slave_1
[  327.482744][T12440] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  327.492859][T12473] loop6: detected capacity change from 0 to 2048
[  327.507841][T12473] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  327.523245][T12440] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  327.542594][T12440] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  327.632674][   T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  327.647186][   T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  327.695665][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  327.711913][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  328.651822][T12489] loop6: detected capacity change from 0 to 40427
[  328.697282][T12489] F2FS-fs (loop6): invalid crc value
[  328.792662][T12511] use of bytesused == 0 is deprecated and will be removed in the future,
[  328.814005][T12511] use the actual size instead.
[  328.868809][T12489] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  328.884061][ T5187] Bluetooth: hci4: command tx timeout
[  328.895492][T12489] F2FS-fs (loop6): Start checkpoint disabled!
[  328.940436][T12489] F2FS-fs (loop6): f2fs_disable_checkpoint() finish, err:0
[  328.974298][T12489] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6
[  329.007705][T12520] loop2: detected capacity change from 0 to 1024
[  329.024033][ T5187] Bluetooth: hci5: command 0x1003 tx timeout
[  329.024335][ T5871] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  329.039337][T12520] EXT4-fs: Ignoring removed bh option
[  329.049377][T12520] EXT4-fs: Ignoring removed orlov option
[  329.064690][T12520] EXT4-fs: Ignoring removed nomblk_io_submit option
[  329.125749][   T13] kworker/u8:1: attempt to access beyond end of device
[  329.125749][   T13] loop6: rw=1, sector=45096, nr_sectors = 8 limit=40427
[  329.144422][   T13] kworker/u8:1: attempt to access beyond end of device
[  329.144422][   T13] loop6: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  329.160211][   T13] CPU: 0 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted syzkaller #0 PREEMPT(full) 
[  329.160240][   T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  329.160262][   T13] Workqueue: writeback wb_workfn (flush-7:6)
[  329.160312][   T13] Call Trace:
[  329.160321][   T13]  <TASK>
[  329.160330][   T13]  dump_stack_lvl+0x189/0x250
[  329.160363][   T13]  ? __pfx_dump_stack_lvl+0x10/0x10
[  329.160388][   T13]  ? __pfx_queue_work_on+0x10/0x10
[  329.160406][   T13]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  329.160436][   T13]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  329.160473][   T13]  f2fs_handle_critical_error+0x37c/0x540
[  329.160516][   T13]  f2fs_write_end_io+0x886/0xb60
[  329.160566][   T13]  __submit_merged_bio+0x27a/0x6a0
[  329.160614][   T13]  __submit_merged_write_cond+0x255/0x530
[  329.160657][   T13]  f2fs_write_data_pages+0x261d/0x3000
[  329.160729][   T13]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  329.160777][   T13]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  329.160853][   T13]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  329.160893][   T13]  ? trace_f2fs_writepages+0x7f/0x200
[  329.160925][   T13]  ? f2fs_write_node_pages+0x478/0x6e0
[  329.161002][   T13]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  329.161026][   T13]  do_writepages+0x32e/0x550
[  329.161065][   T13]  ? reacquire_held_locks+0x127/0x1d0
[  329.161084][   T13]  ? writeback_sb_inodes+0x384/0x1010
[  329.161119][   T13]  __writeback_single_inode+0x145/0xff0
[  329.161142][   T13]  ? do_raw_spin_unlock+0x122/0x240
[  329.161172][   T13]  writeback_sb_inodes+0x6c7/0x1010
[  329.161193][   T13]  ? lockdep_hardirqs_on+0x9c/0x150
[  329.161247][   T13]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  329.161325][   T13]  ? rcu_is_watching+0x15/0xb0
[  329.161358][   T13]  wb_writeback+0x43b/0xaf0
[  329.161391][   T13]  ? queue_io+0x351/0x590
[  329.161418][   T13]  ? __pfx_wb_writeback+0x10/0x10
[  329.161451][   T13]  ? _raw_spin_unlock_irq+0x23/0x50
[  329.161478][   T13]  wb_workfn+0x409/0xef0
[  329.161529][   T13]  ? __pfx_wb_workfn+0x10/0x10
[  329.161566][   T13]  ? __lock_acquire+0xab9/0xd20
[  329.161608][   T13]  ? process_scheduled_works+0x9ef/0x17b0
[  329.161645][   T13]  ? _raw_spin_unlock_irq+0x23/0x50
[  329.161663][   T13]  ? process_scheduled_works+0x9ef/0x17b0
[  329.161691][   T13]  ? process_scheduled_works+0x9ef/0x17b0
[  329.161723][   T13]  process_scheduled_works+0xae1/0x17b0
[  329.161799][   T13]  ? __pfx_process_scheduled_works+0x10/0x10
[  329.161850][   T13]  worker_thread+0x8a0/0xda0
[  329.161915][   T13]  kthread+0x711/0x8a0
[  329.161949][   T13]  ? __pfx_worker_thread+0x10/0x10
[  329.161979][   T13]  ? __pfx_kthread+0x10/0x10
[  329.162004][   T13]  ? _raw_spin_unlock_irq+0x23/0x50
[  329.162023][   T13]  ? lockdep_hardirqs_on+0x9c/0x150
[  329.162041][   T13]  ? __pfx_kthread+0x10/0x10
[  329.162064][   T13]  ret_from_fork+0x4bc/0x870
[  329.162098][   T13]  ? __pfx_ret_from_fork+0x10/0x10
[  329.162138][   T13]  ? __switch_to_asm+0x39/0x70
[  329.162161][   T13]  ? __switch_to_asm+0x33/0x70
[  329.162183][   T13]  ? __pfx_kthread+0x10/0x10
[  329.162207][   T13]  ret_from_fork_asm+0x1a/0x30
[  329.162256][   T13]  </TASK>
[  329.162265][   T13] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  329.164441][T12520] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  329.494318][ T5932] usb 10-1: new full-speed USB device number 2 using dummy_hcd
[  329.570640][T11628] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  329.666488][ T5932] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  329.696114][ T5932] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  329.708275][ T5932] usb 10-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  329.718505][ T5932] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  329.730264][ T5932] usb 10-1: config 0 descriptor??
[  330.123920][   T10] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  330.149786][ T5932] savu 0003:1E7D:2D5A.001F: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.9-1/input0
[  330.285599][   T10] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  330.297222][   T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  330.308446][   T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  330.318338][   T10] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  330.331364][   T10] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  330.340451][   T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  330.352184][   T10] usb 7-1: config 0 descriptor??
[  330.415633][ T5955] usb 10-1: USB disconnect, device number 2
[  330.770099][   T10] plantronics 0003:047F:FFFF.0020: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0
[  331.032474][T12547] loop9: detected capacity change from 0 to 4096
[  331.041025][   T10] usb 7-1: USB disconnect, device number 8
[  331.080935][T12553] NILFS (loop9): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  331.137512][   T30] audit: type=1800 audit(1758729948.059:467): pid=12547 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.2429" name="file1" dev="loop9" ino=15 res=0 errno=0
[  331.410489][T12565] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  331.727743][T12575] loop9: detected capacity change from 0 to 2048
[  331.749546][T12575] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  331.804564][T12315] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  331.923924][ T6011] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  332.084049][ T6011] usb 7-1: Using ep0 maxpacket: 8
[  332.099369][ T6011] usb 7-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2
[  332.121905][ T6011] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  332.130237][ T6011] usb 7-1: Product: syz
[  332.134629][ T6011] usb 7-1: Manufacturer: syz
[  332.139962][ T6011] usb 7-1: SerialNumber: syz
[  332.152804][ T6011] usb 7-1: config 0 descriptor??
[  332.312835][T12599] dummy0: entered allmulticast mode
[  332.320546][T12599] dummy0: left allmulticast mode
[  332.371275][ T6011] usb 7-1: dvb_usb_v2: found a 'Terratec H7' in warm state
[  332.462701][T12603] netlink: 24 bytes leftover after parsing attributes in process `syz.9.2454'.
[  332.594842][T12607] loop9: detected capacity change from 0 to 4096
[  332.634218][T12607] ntfs3(loop9): Different NTFS sector size (1024) and media sector size (512).
[  332.787247][T12607] ntfs3(loop9): $Secure::$SDH is corrupted.
[  332.793881][T12607] ntfs3(loop9): Failed to initialize $Secure (-22).
[  332.815608][T12612] loop7: detected capacity change from 0 to 4096
[  333.202764][ T6011] usb write operation failed. (-71)
[  333.222067][ T6011] usb 7-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  333.250712][ T6011] dvbdev: DVB: registering new adapter (Terratec H7)
[  333.267047][ T6011] usb 7-1: media controller created
[  333.288519][ T6011] usb read operation failed. (-71)
[  333.327946][ T6011] usb write operation failed. (-71)
[  333.362251][ T6011] dvb_usb_az6007 7-1:0.0: probe with driver dvb_usb_az6007 failed with error -5
[  333.395434][ T6011] usb 7-1: USB disconnect, device number 9
[  333.994565][T12665] delete_channel: no stack
[  334.387731][T12691] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2494'.
[  334.534091][   T10] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  334.707173][   T10] usb 10-1: Using ep0 maxpacket: 8
[  334.728262][   T10] usb 10-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2
[  334.737819][   T10] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  334.746441][   T10] usb 10-1: Product: syz
[  334.750861][   T10] usb 10-1: Manufacturer: syz
[  334.756775][   T10] usb 10-1: SerialNumber: syz
[  334.767544][   T10] usb 10-1: config 0 descriptor??
[  334.807121][T12713] netlink: 92 bytes leftover after parsing attributes in process `syz.5.2504'.
[  334.985676][   T10] usb 10-1: dvb_usb_v2: found a 'Terratec H7' in warm state
[  335.000099][T12725] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2509'.
[  335.000368][   T30] audit: type=1326 audit(1758729951.919:468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12720 comm="syz.6.2508" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ffbdd78eec9 code=0x0
[  335.362267][ T6011] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  335.381977][ T6011] hid-generic 0000:0000:0000.0021: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  335.792594][   T10] usb write operation failed. (-71)
[  335.801252][   T10] usb 10-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  335.837358][   T10] dvbdev: DVB: registering new adapter (Terratec H7)
[  335.849265][   T10] usb 10-1: media controller created
[  335.858197][   T10] usb read operation failed. (-71)
[  335.867696][T12756] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2521'.
[  335.876172][   T10] usb write operation failed. (-71)
[  335.896266][   T10] dvb_usb_az6007 10-1:0.0: probe with driver dvb_usb_az6007 failed with error -5
[  335.934305][   T10] usb 10-1: USB disconnect, device number 3
[  336.288508][T12770] loop2: detected capacity change from 0 to 1024
[  336.339168][T12752] loop5: detected capacity change from 0 to 32768
[  336.502625][T12780] netlink: 7 bytes leftover after parsing attributes in process `syz.9.2533'.
[  336.515299][T12781] find_entry called with index = 0
[  336.521649][T12781] read_mapping_page failed!
[  336.564063][T12781] ERROR: (device loop5): txCommit: 
[  336.564063][T12781] 
[  336.688800][T12777] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  336.704948][T12777] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  336.719057][T12777] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  336.734975][T12777] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  336.745666][T12777] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  336.763581][T12777] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  336.786095][T12777] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  336.797894][T12777] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  336.815602][T12777] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  336.833074][T12777] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  336.844361][T12777] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  336.861502][T12777] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  336.880753][T12777] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  336.896969][T12777] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  336.915874][T12777] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  336.917096][T12793] netlink: 168864 bytes leftover after parsing attributes in process `syz.5.2536'.
[  336.931578][T12793] openvswitch: netlink: Message has 44053 unknown bytes.
[  337.056736][T12785] loop9: detected capacity change from 0 to 32768
[  337.092565][T12785] XFS (loop9): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  337.152713][T12785] XFS (loop9): Ending clean mount
[  337.229192][T12315] XFS (loop9): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  338.132516][T12850] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2560'.
[  338.575813][T12848] loop5: detected capacity change from 0 to 32768
[  338.602662][T12848] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  338.631902][T12848] XFS (loop5): Ending clean mount
[  338.642198][T12848] XFS (loop5): Quotacheck needed: Please wait.
[  338.682833][T12848] XFS (loop5): Quotacheck: Done.
[  338.704598][ T5187] Bluetooth: hci3: command 0x0c1a tx timeout
[  338.736188][T11767] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  338.791775][ T5187] Bluetooth: hci1: command 0x0c1a tx timeout
[  338.864146][ T5187] Bluetooth: hci2: command 0x0c1a tx timeout
[  338.864309][ T5871] Bluetooth: hci0: command 0x0c1a tx timeout
[  338.941107][T12866] loop9: detected capacity change from 0 to 40427
[  338.948774][T12866] F2FS-fs: heap/no_heap options were deprecated
[  338.953977][ T5871] Bluetooth: hci4: command 0x0405 tx timeout
[  338.956637][T12866] F2FS-fs (loop9): build fault injection rate: 19
[  338.968741][T12866] F2FS-fs (loop9): build fault injection type: 0x3bfe8c
[  338.978448][T12866] F2FS-fs (loop9): invalid crc value
[  338.993618][T12866] F2FS-fs (loop9): inject page alloc in f2fs_grab_cache_folio of f2fs_ra_meta_pages+0x615/0x970
[  339.069874][T12866] F2FS-fs (loop9): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x20a/0x3f0
[  339.087012][T12866] F2FS-fs (loop9): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  339.097524][T12866] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5
[  339.140381][T12866] F2FS-fs (loop9): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  339.155107][T12866] F2FS-fs (loop9): inject dquot initialize in f2fs_dquot_initialize of f2fs_evict_inode+0x7b4/0x1b60
[  339.217073][    C1] F2FS-fs (loop9): inject write IO error in f2fs_write_end_io of blk_update_request+0x57e/0xe60
[  339.227978][    C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted syzkaller #0 PREEMPT(full) 
[  339.227999][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  339.228009][    C1] Call Trace:
[  339.228015][    C1]  <TASK>
[  339.228021][    C1]  dump_stack_lvl+0x189/0x250
[  339.228045][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[  339.228063][    C1]  ? __pfx_queue_work_on+0x10/0x10
[  339.228078][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  339.228096][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  339.228120][    C1]  ? f2fs_hw_is_readonly+0x39b/0x470
[  339.228169][    C1]  f2fs_handle_critical_error+0x37c/0x540
[  339.228209][    C1]  f2fs_write_end_io+0x886/0xb60
[  339.228239][    C1]  blk_update_request+0x57e/0xe60
[  339.228264][    C1]  blk_mq_end_request+0x3e/0x70
[  339.228279][    C1]  blk_flush_complete_seq+0x678/0xcc0
[  339.228302][    C1]  flush_end_io+0xbaf/0xe60
[  339.228326][    C1]  __blk_mq_end_request+0x46a/0x630
[  339.228345][    C1]  blk_done_softirq+0x10a/0x160
[  339.228369][    C1]  handle_softirqs+0x286/0x870
[  339.228395][    C1]  ? run_ksoftirqd+0x9b/0x100
[  339.228414][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  339.228439][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  339.228465][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  339.228487][    C1]  run_ksoftirqd+0x9b/0x100
[  339.228501][    C1]  ? __pfx_run_ksoftirqd+0x10/0x10
[  339.228522][    C1]  smpboot_thread_fn+0x542/0xa60
[  339.228546][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  339.228576][    C1]  kthread+0x711/0x8a0
[  339.228595][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  339.228618][    C1]  ? __pfx_kthread+0x10/0x10
[  339.228637][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  339.228651][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  339.228666][    C1]  ? __pfx_kthread+0x10/0x10
[  339.228683][    C1]  ret_from_fork+0x4bc/0x870
[  339.228707][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  339.228734][    C1]  ? __switch_to_asm+0x39/0x70
[  339.228752][    C1]  ? __switch_to_asm+0x33/0x70
[  339.228770][    C1]  ? __pfx_kthread+0x10/0x10
[  339.228787][    C1]  ret_from_fork_asm+0x1a/0x30
[  339.228819][    C1]  </TASK>
[  339.228825][    C1] F2FS-fs (loop9): Stopped filesystem due to reason: 3
[  339.446635][T12315] F2FS-fs (loop9): do_checkpoint failed err:-5, stop checkpoint
[  339.600854][   T30] audit: type=1326 audit(1758729956.519:469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12892 comm="syz.5.2575" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f14cc78eec9 code=0x0
[  339.705302][ T5955] IPVS: starting estimator thread 0...
[  339.804235][T12898] IPVS: using max 28 ests per chain, 67200 per kthread
[  339.883182][T12906] loop9: detected capacity change from 0 to 1024
[  339.942080][   T13] hfsplus: b-tree write err: -5, ino 4
[  340.176369][T12911] netlink: 8 bytes leftover after parsing attributes in process `syz.9.2581'.
[  340.325395][T12921] loop9: detected capacity change from 0 to 2048
[  340.341130][T12921] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  340.793930][ T5871] Bluetooth: hci3: command 0x0c1a tx timeout
[  340.854015][T12930] loop5: detected capacity change from 0 to 32768
[  340.874286][ T5871] Bluetooth: hci1: command 0x0c1a tx timeout
[  340.912769][T12930] bcachefs (loop5): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,metadata_target=invalid label 246,noinodes_use_key_cache,journal_flush_delay=3,journal_reclaim_delay=1000,nocow
[  340.912791][T12930]   allowing incompatible features above 0.0: (unknown version)
[  340.912799][T12930]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  340.936741][  T982] usb 10-1: new full-speed USB device number 4 using dummy_hcd
[  340.945435][ T5871] Bluetooth: hci0: command 0x0c1a tx timeout
[  340.945644][ T5187] Bluetooth: hci2: command 0x0c1a tx timeout
[  340.981831][T12930] bcachefs (loop5): Using encoding defined by superblock: utf8-12.1.0
[  340.990330][T12930] bcachefs (loop5): initializing new filesystem
[  341.003397][T12930] bcachefs (loop5): going read-write
[  341.011684][T12930] bcachefs (loop5): marking superblocks
[  341.023909][ T5871] Bluetooth: hci4: command 0x0405 tx timeout
[  341.039872][T12930] bcachefs (loop5): initializing freespace
[  341.049903][T12930] bcachefs (loop5): done initializing freespace
[  341.060629][T12930] bcachefs (loop5): reading snapshots table
[  341.066678][T12930] bcachefs (loop5): reading snapshots done
[  341.086843][T12930] bcachefs (loop5): done starting filesystem
[  341.127907][  T982] usb 10-1: config 0 has an invalid interface number: 41 but max is 0
[  341.145227][  T982] usb 10-1: config 0 has no interface number 0
[  341.157158][   T30] audit: type=1800 audit(1758729958.079:470): pid=12930 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2588" name="file1" dev="loop5" ino=4098 res=0 errno=0
[  341.180370][  T982] usb 10-1: config 0 interface 41 has no altsetting 0
[  341.191215][  T982] usb 10-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  341.200722][  T982] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  341.219324][  T982] usb 10-1: Product: syz
[  341.232172][  T982] usb 10-1: Manufacturer: syz
[  341.238457][T11767] bcachefs (loop5): shutting down
[  341.244182][  T982] usb 10-1: SerialNumber: syz
[  341.249736][T11767] bcachefs (loop5): going read-only
[  341.257866][  T982] usb 10-1: config 0 descriptor??
[  341.270244][T11767] bcachefs (loop5): finished waiting for writes to stop
[  341.281885][T11767] bcachefs (loop5): flushing journal and stopping allocators, journal seq 6
[  341.322523][T11767] bcachefs (loop5): flushing journal and stopping allocators complete, journal seq 7
[  341.334077][T11767] bcachefs (loop5): clean shutdown complete, journal seq 8
[  341.342149][T11767] bcachefs (loop5): marking filesystem clean
[  341.382189][T11767] bcachefs (loop5): shutdown complete
[  341.895164][T12961] loop7: detected capacity change from 0 to 32768
[  342.302049][  T982] CoreChips 10-1:0.41: probe with driver CoreChips failed with error -71
[  342.333529][  T982] usb 10-1: USB disconnect, device number 4
[  342.758906][T12983] loop6: detected capacity change from 0 to 32768
[  342.811517][T12983] find_entry called with index = 0
[  342.817338][T12983] read_mapping_page failed!
[  342.821962][T12983] ERROR: (device loop6): txCommit: 
[  342.821962][T12983] 
[  342.864188][ T5871] Bluetooth: hci3: command 0x0c1a tx timeout
[  342.944041][ T5871] Bluetooth: hci1: command 0x0c1a tx timeout
[  343.024589][ T5871] Bluetooth: hci2: command 0x0c1a tx timeout
[  343.030667][ T5871] Bluetooth: hci0: command 0x0c1a tx timeout
[  343.098748][T12992] netlink: 36 bytes leftover after parsing attributes in process `syz.6.2613'.
[  343.123902][ T5871] Bluetooth: hci4: command 0x0405 tx timeout
[  343.503681][T13006] netlink: 20 bytes leftover after parsing attributes in process `syz.9.2620'.
[  344.026933][T13023] loop9: detected capacity change from 0 to 2048
[  344.734182][ T5955] usb 10-1: new high-speed USB device number 5 using dummy_hcd
[  344.922398][ T5955] usb 10-1: config 1 has an invalid interface number: 7 but max is 0
[  344.941596][ T5955] usb 10-1: config 1 has no interface number 0
[  344.951729][ T5955] usb 10-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[  344.984384][ T5955] usb 10-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  345.013898][ T5955] usb 10-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  345.052531][ T5955] usb 10-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[  345.062154][ T5955] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  345.079949][ T5955] usb 10-1: Product: syz
[  345.088721][T13051] loop6: detected capacity change from 0 to 32768
[  345.095518][ T5955] usb 10-1: Manufacturer: syz
[  345.100318][ T5955] usb 10-1: SerialNumber: syz
[  345.117666][T13042] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[  345.346580][T13042] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[  345.592357][T13072] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  345.614745][ T5955] sierra_net 10-1:1.7 wwan0: register 'sierra_net' at usb-dummy_hcd.9-1, Sierra Wireless USB-to-WWAN Modem, 00:00:00:00:01:07
[  345.636873][T13075] loop7: detected capacity change from 0 to 512
[  345.697160][T13075] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  345.811574][T13075] ext4 filesystem being mounted at /130/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  346.003153][T11326] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  346.049420][T13086] input: syz1 as /devices/virtual/input/input43
[  346.187943][ T5955] usb 10-1: USB disconnect, device number 5
[  346.197382][ T5955] sierra_net 10-1:1.7 wwan0: unregister 'sierra_net' usb-dummy_hcd.9-1, Sierra Wireless USB-to-WWAN Modem
[  346.246931][T13089] loop2: detected capacity change from 0 to 4096
[  346.292791][T13089] EXT4-fs (loop2): Test dummy encryption mode enabled
[  346.321535][T13089] EXT4-fs (loop2): stripe (97) is not aligned with cluster size (16), stripe is disabled
[  346.355813][T13089] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0002]
[  346.364465][ T5955] sierra_net 10-1:1.7 wwan0 (unregistered): usb_control_msg failed, status -19
[  346.374185][T13089] System zones: 0-5
[  346.386217][T13089] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  346.445855][T11628] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  346.637569][   T30] audit: type=1326 audit(1758729963.559:471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13109 comm="syz.2.2661" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f799658eec9 code=0x0
[  347.060321][T13129] netlink: 14560 bytes leftover after parsing attributes in process `syz.9.2669'.
[  347.129481][T13133] loop9: detected capacity change from 0 to 16
[  347.349605][T13142] sctp: [Deprecated]: syz.9.2674 (pid 13142) Use of int in maxseg socket option.
[  347.349605][T13142] Use struct sctp_assoc_value instead
[  347.543503][T13144] netlink: 56 bytes leftover after parsing attributes in process `syz.9.2676'.
[  347.675448][    C1] vxcan1: j1939_tp_rxtimer: 0xffff888059a0fc00: rx timeout, send abort
[  347.885658][T13161] netlink: 128 bytes leftover after parsing attributes in process `syz.9.2683'.
[  347.913060][T13161] netlink: 72 bytes leftover after parsing attributes in process `syz.9.2683'.
[  348.186065][    C1] vxcan1: j1939_tp_rxtimer: 0xffff888059a0fc00: abort rx timeout. Force session deactivation
[  348.384039][ T5187] Bluetooth: hci5: command 0x1003 tx timeout
[  348.391272][ T5871] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  348.469603][T13180] bridge0: port 3(syz_tun) entered blocking state
[  348.492570][T13180] bridge0: port 3(syz_tun) entered disabled state
[  348.508425][T13180] syz_tun: entered allmulticast mode
[  348.516151][T13180] syz_tun: entered promiscuous mode
[  348.522838][T13182] netlink: 'syz.7.2692': attribute type 10 has an invalid length.
[  348.533414][T13180] bridge0: port 3(syz_tun) entered blocking state
[  348.540701][T13180] bridge0: port 3(syz_tun) entered forwarding state
[  348.554347][T13182] bridge0: port 3(syz_tun) entered disabled state
[  348.561220][T13182] bridge0: port 2(bridge_slave_1) entered disabled state
[  348.569028][T13182] bridge0: port 1(bridge_slave_0) entered disabled state
[  348.599177][T13182] bridge0: port 3(syz_tun) entered blocking state
[  348.605970][T13182] bridge0: port 3(syz_tun) entered forwarding state
[  348.612941][T13182] bridge0: port 2(bridge_slave_1) entered blocking state
[  348.620201][T13182] bridge0: port 2(bridge_slave_1) entered forwarding state
[  348.627871][T13182] bridge0: port 1(bridge_slave_0) entered blocking state
[  348.635152][T13182] bridge0: port 1(bridge_slave_0) entered forwarding state
[  348.652963][T13182] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  348.678143][T13169] loop9: detected capacity change from 0 to 32768
[  348.949258][T13193] loop6: detected capacity change from 0 to 4096
[  348.965232][T13193] ntfs3(loop6): Different NTFS sector size (1024) and media sector size (512).
[  348.992113][T13193] ntfs3(loop6): $Secure::$SDH is corrupted.
[  348.992192][T13193] ntfs3(loop6): Failed to initialize $Secure (-22).
[  349.465227][T13213] loop9: detected capacity change from 0 to 2048
[  349.482575][T13213] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  349.794048][ T5932] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  349.956350][ T5932] usb 6-1: config index 0 descriptor too short (expected 39, got 27)
[  349.987291][ T5932] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  349.997579][ T5932] usb 6-1: config 0 interface 0 has no altsetting 0
[  350.006763][ T5932] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  350.023600][ T5932] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  350.046105][ T5932] usb 6-1: Product: syz
[  350.050313][ T5932] usb 6-1: Manufacturer: syz
[  350.141797][T13250] tipc: Started in network mode
[  350.157494][T13250] tipc: Node identity ac141413, cluster identity 4711
[  350.197278][T13250] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  350.259329][T13252] loop7: detected capacity change from 0 to 1024
[  350.289187][T13252] EXT4-fs: Ignoring removed oldalloc option
[  350.313846][T13252] EXT4-fs: Ignoring removed bh option
[  350.380859][ T5932] usb 6-1: SerialNumber: syz
[  350.386162][T13252] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  350.430171][T13252] EXT4-fs error (device loop7): mb_free_blocks:2017: group 0, inode 15: block 225:freeing already freed block (bit 14); block bitmap corrupt.
[  350.465656][ T5932] usb 6-1: config 0 descriptor??
[  350.482603][ T5932] hub 6-1:0.0: bad descriptor, ignoring hub
[  350.501851][ T5932] hub 6-1:0.0: probe with driver hub failed with error -5
[  350.549601][ T5932] usb 6-1: selecting invalid altsetting 0
[  350.720374][T11326] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  350.789508][T13273] input: syz0 as /devices/virtual/input/input44
[  351.426953][T13220] usb 6-1: reset high-speed USB device number 17 using dummy_hcd
[  351.793037][T13220] usb 6-1: failed to restore interface 0 altsetting 251 (error=-71)
[  351.806360][ T5932] usb 6-1: USB disconnect, device number 17
[  351.992373][T13313] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2749'.
[  352.277146][T13324] hsr0: entered promiscuous mode
[  352.296313][T13324] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2753'.
[  352.321501][T13324] hsr_slave_0: left promiscuous mode
[  352.341990][T13324] hsr_slave_1: left promiscuous mode
[  352.446525][T13324] hsr0 (unregistering): left promiscuous mode
[  352.581747][T13318] loop2: detected capacity change from 0 to 32768
[  352.605519][T13318] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.2751 (13318)
[  352.643989][T13318] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  352.644064][T13318] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[  352.764383][T13318] BTRFS info (device loop2): enabling ssd optimizations
[  352.772596][T13318] BTRFS info (device loop2): enabling free space tree
[  352.850993][T13354] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  352.891518][T11628] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  353.074474][T13360] syzkaller1: entered promiscuous mode
[  353.095200][T13360] syzkaller1: entered allmulticast mode
[  353.124105][ T5932] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  353.187608][T13332] loop7: detected capacity change from 0 to 32768
[  353.212392][T13332] ocfs2: Slot 0 on device (7,7) was already allocated to this node!
[  353.227665][T13332] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode.
[  353.286085][ T5932] usb 7-1: Using ep0 maxpacket: 16
[  353.297330][ T5932] usb 7-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00
[  353.313207][T13332] overlayfs: upper fs does not support tmpfile.
[  353.315928][ T5932] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  353.327197][T13332] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  353.334927][T13332] overlayfs: failed to set xattr on upper
[  353.337142][ T5932] usb 7-1: Product: syz
[  353.340675][T13332] overlayfs: ...falling back to redirect_dir=nofollow.
[  353.340691][T13332] overlayfs: ...falling back to index=off.
[  353.340701][T13332] overlayfs: ...falling back to uuid=null.
[  353.340711][T13332] overlayfs: upper fs missing required features.
[  353.417920][ T5932] usb 7-1: Manufacturer: syz
[  353.422593][ T5932] usb 7-1: SerialNumber: syz
[  353.452761][ T5932] usb 7-1: config 0 descriptor??
[  353.469615][ T5932] ftdi_sio 7-1:0.0: FTDI USB Serial Device converter detected
[  353.485029][ T5932] usb 7-1: Detected FT232H
[  353.519599][T11326] ocfs2: Unmounting device (7,7) on (node local)
[  353.679237][ T5932] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[  353.764299][  T982] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  353.974050][  T982] usb 6-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[  353.982841][  T982] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  354.020783][  T982] usb 6-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice= 0.9c
[  354.052848][  T982] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  354.074411][  T982] usb 6-1: Product: syz
[  354.078659][  T982] usb 6-1: Manufacturer: syz
[  354.103928][  T982] usb 6-1: SerialNumber: syz
[  354.125199][  T982] usb 6-1: config 0 descriptor??
[  354.125199][ T5932] usb 7-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  354.171766][  T982] ims_pcu 6-1:0.0: Missing CDC union descriptor
[  354.189061][  T982] ims_pcu 6-1:0.0: probe with driver ims_pcu failed with error -22
[  354.220166][T13396] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  354.359897][  T982] usb 7-1: USB disconnect, device number 10
[  354.374081][  T982] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  354.409174][  T982] ftdi_sio 7-1:0.0: device disconnected
[  354.486005][T13402] loop9: detected capacity change from 0 to 1024
[  354.522850][ T6011] usb 6-1: USB disconnect, device number 18
[  354.680065][T13408] netlink: 56 bytes leftover after parsing attributes in process `syz.9.2784'.
[  354.696298][T13408] netlink: 56 bytes leftover after parsing attributes in process `syz.9.2784'.
[  355.214085][ T5955] usb 10-1: new high-speed USB device number 6 using dummy_hcd
[  355.276186][T13421] loop5: detected capacity change from 0 to 1024
[  355.324359][T13421] EXT4-fs: Ignoring removed oldalloc option
[  355.330352][T13421] EXT4-fs: Ignoring removed bh option
[  355.366136][ T5955] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  355.383075][ T5955] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  355.406432][ T5955] usb 10-1: New USB device found, idVendor=0079, idProduct=1846, bcdDevice= 0.00
[  355.424024][ T5955] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  355.446693][ T5955] usb 10-1: config 0 descriptor??
[  355.449723][T13421] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  355.603063][T13421] EXT4-fs error (device loop5): mb_free_blocks:2017: group 0, inode 15: block 225:freeing already freed block (bit 14); block bitmap corrupt.
[  355.889593][ T5955] hid_mf 0003:0079:1846.0022: invalid report_count 1106850242
[  355.911604][ T5955] hid_mf 0003:0079:1846.0022: item 0 4 1 9 parsing failed
[  355.928011][ T5955] hid_mf 0003:0079:1846.0022: HID parse failed.
[  355.949842][T11767] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  355.961344][ T5955] hid_mf 0003:0079:1846.0022: probe with driver hid_mf failed with error -22
[  356.096954][ T6011] usb 10-1: USB disconnect, device number 6
[  356.381334][T13450] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2801'.
[  357.174694][T13468] A link change request failed with some changes committed already. Interface ip_vti0 may have been left with an inconsistent configuration, please check.
[  357.818202][T13482] sctp: [Deprecated]: syz.7.2814 (pid 13482) Use of int in maxseg socket option.
[  357.818202][T13482] Use struct sctp_assoc_value instead
[  358.679870][T13507] loop5: detected capacity change from 0 to 128
[  358.745606][T13509] loop5: detected capacity change from 0 to 65
[  358.759843][T13509] BFS-fs: bfs_fill_super(): NOTE: filesystem loop5 was created with 512 inodes, the real maximum is 511, mounting anyway
[  359.131700][T13519] pim6reg1: entered promiscuous mode
[  359.152253][T13519] pim6reg1: entered allmulticast mode
[  359.701152][T13545] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  359.765482][T13545] infiniband sLò2: RDMA CMA: cma_listen_on_dev, error -98
[  360.410929][T13568] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2854'.
[  361.383663][ T5955] kernel read not supported for file /binder/failed_transaction_log (pid: 5955 comm: kworker/0:6)
[  361.745509][   T30] audit: type=1326 audit(1758729978.659:472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13615 comm="syz.9.2875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2324d8eec9 code=0x7ffc0000
[  361.794614][   T30] audit: type=1326 audit(1758729978.659:473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13615 comm="syz.9.2875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2324d2af79 code=0x7ffc0000
[  361.828582][   T30] audit: type=1326 audit(1758729978.659:474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13615 comm="syz.9.2875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2324d8eec9 code=0x7ffc0000
[  361.859043][   T30] audit: type=1326 audit(1758729978.669:475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13615 comm="syz.9.2875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2324d2af79 code=0x7ffc0000
[  361.923901][   T30] audit: type=1326 audit(1758729978.669:476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13615 comm="syz.9.2875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2324d2af79 code=0x7ffc0000
[  361.960733][   T30] audit: type=1326 audit(1758729978.669:477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13615 comm="syz.9.2875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2324d2af79 code=0x7ffc0000
[  362.023890][   T30] audit: type=1326 audit(1758729978.669:478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13615 comm="syz.9.2875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2324d2af79 code=0x7ffc0000
[  362.069384][   T30] audit: type=1326 audit(1758729978.669:479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13615 comm="syz.9.2875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2324d2af79 code=0x7ffc0000
[  362.125637][   T30] audit: type=1326 audit(1758729978.669:480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13615 comm="syz.9.2875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2324d2af79 code=0x7ffc0000
[  362.176756][   T30] audit: type=1326 audit(1758729978.669:481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13615 comm="syz.9.2875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2324d2af79 code=0x7ffc0000
[  362.838571][T13626] loop5: detected capacity change from 0 to 32768
[  362.888542][T13638] syzkaller1: entered promiscuous mode
[  362.906567][T13638] syzkaller1: entered allmulticast mode
[  363.007694][T13626] bcachefs (loop5): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,checksum_err_retry_nr=12,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,degraded=yes,nojournal_transaction_names
[  363.007727][T13626]   allowing incompatible features above 0.0: (unknown version)
[  363.007750][T13626]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  363.104717][T13626] bcachefs (loop5): Using encoding defined by superblock: utf8-12.1.0
[  363.112977][T13626] bcachefs (loop5): initializing new filesystem
[  363.204667][T13626] bcachefs (loop5): going read-write
[  363.228228][T13626] bcachefs (loop5): marking superblocks
[  363.295600][T13626] bcachefs (loop5): initializing freespace
[  363.330860][T13626] bcachefs (loop5): done initializing freespace
[  363.383919][T13626] bcachefs (loop5): reading snapshots table
[  363.400400][T13626] bcachefs (loop5): reading snapshots done
[  363.465167][T13626] bcachefs (loop5): done starting filesystem
[  363.635245][T11767] bcachefs (loop5): shutting down
[  363.640919][T11767] bcachefs (loop5): going read-only
[  363.651059][T11767] bcachefs (loop5): finished waiting for writes to stop
[  363.706223][T11767] bcachefs (loop5): flushing journal and stopping allocators, journal seq 3
[  363.806927][T11767] bcachefs (loop5): flushing journal and stopping allocators complete, journal seq 3
[  363.825871][T11767] bcachefs (loop5): clean shutdown complete, journal seq 4
[  363.852305][T11767] bcachefs (loop5): marking filesystem clean
[  363.941762][T11767] bcachefs (loop5): shutdown complete
[  366.769137][T13736] loop6: detected capacity change from 0 to 512
[  366.795159][T13736] FAT-fs (loop6): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  367.233992][T13727] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  367.240202][T13727] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  367.244772][T13746] loop5: detected capacity change from 0 to 2048
[  367.256970][T13727] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  367.259599][T13746] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  367.263092][T13727] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  367.286153][T13727] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  367.606743][T13758] loop6: detected capacity change from 0 to 8
[  367.639345][T13758] SQUASHFS error: xz decompression failed, data probably corrupt
[  367.663960][T13758] SQUASHFS error: Failed to read block 0x108: -5
[  367.681363][T13758] SQUASHFS error: Unable to read metadata cache entry [106]
[  367.694276][T13758] SQUASHFS error: Unable to read inode 0x11f
[  367.933920][   T43] usb 10-1: new high-speed USB device number 7 using dummy_hcd
[  368.085767][   T43] usb 10-1: config index 0 descriptor too short (expected 39, got 27)
[  368.098292][   T43] usb 10-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  368.111663][   T43] usb 10-1: config 0 interface 0 has no altsetting 0
[  368.129617][   T43] usb 10-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  368.139167][   T43] usb 10-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  368.153014][   T43] usb 10-1: Product: syz
[  368.168435][   T43] usb 10-1: Manufacturer: syz
[  368.186119][   T43] usb 10-1: SerialNumber: syz
[  368.200557][T13776] netlink: 'syz.7.2942': attribute type 1 has an invalid length.
[  368.209979][   T43] usb 10-1: config 0 descriptor??
[  368.215984][T13762] loop2: detected capacity change from 0 to 32768
[  368.218617][T13776] netlink: 144 bytes leftover after parsing attributes in process `syz.7.2942'.
[  368.225371][   T43] hub 10-1:0.0: bad descriptor, ignoring hub
[  368.238738][   T43] hub 10-1:0.0: probe with driver hub failed with error -5
[  368.241882][T13776] netlink: 20 bytes leftover after parsing attributes in process `syz.7.2942'.
[  368.255458][T13762] ocfs2: Slot 0 on device (7,2) was already allocated to this node!
[  368.264838][   T43] usb 10-1: selecting invalid altsetting 0
[  368.277997][T13762] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  368.352895][T13762] overlayfs: upper fs does not support tmpfile.
[  368.361648][T13762] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  368.368764][T13762] overlayfs: failed to set xattr on upper
[  368.375012][T13762] overlayfs: ...falling back to redirect_dir=nofollow.
[  368.384863][T13762] overlayfs: ...falling back to index=off.
[  368.390821][T13762] overlayfs: ...falling back to uuid=null.
[  368.398517][T13762] overlayfs: upper fs missing required features.
[  368.447811][T11628] ocfs2: Unmounting device (7,2) on (node local)
[  368.543890][ T5187] Bluetooth: hci3: command 0x0c1a tx timeout
[  368.883951][T13764] usb 10-1: reset high-speed USB device number 7 using dummy_hcd
[  369.259475][T13764] usb 10-1: failed to restore interface 0 altsetting 251 (error=-71)
[  369.268224][ T5187] Bluetooth: hci0: command 0x0c1a tx timeout
[  369.268274][ T5187] Bluetooth: hci1: command 0x0c1a tx timeout
[  369.288419][  T982] usb 10-1: USB disconnect, device number 7
[  369.357852][ T5871] Bluetooth: hci4: command 0x0405 tx timeout
[  369.372444][ T5187] Bluetooth: hci2: command 0x0c1a tx timeout
[  369.833995][ T5955] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  369.993909][ T5955] usb 6-1: Using ep0 maxpacket: 16
[  370.013741][ T5955] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  370.030381][ T5955] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  370.041741][ T5955] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  370.056014][ T5955] usb 6-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  370.065425][ T5955] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  370.081305][ T5955] usb 6-1: config 0 descriptor??
[  370.404948][ T5932] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  370.511467][ T5955] input: HID 05ac:8241 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:05AC:8241.0023/input/input45
[  370.525390][   T30] kauditd_printk_skb: 451 callbacks suppressed
[  370.525408][   T30] audit: type=1326 audit(1758729987.449:933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13837 comm="syz.9.2967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2324d8eec9 code=0x7ffc0000
[  370.564714][   T30] audit: type=1326 audit(1758729987.449:934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13837 comm="syz.9.2967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=225 compat=0 ip=0x7f2324d8eec9 code=0x7ffc0000
[  370.587300][   T30] audit: type=1326 audit(1758729987.449:935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13837 comm="syz.9.2967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2324d8eec9 code=0x7ffc0000
[  370.610127][   T30] audit: type=1326 audit(1758729987.449:936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13837 comm="syz.9.2967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2324d8eec9 code=0x7ffc0000
[  370.636362][ T5932] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  370.670488][ T5932] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  370.680841][ T5932] usb 7-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  370.680982][ T5955] appleir 0003:05AC:8241.0023: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.5-1/input0
[  370.703653][ T5932] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  370.750348][ T5955] usb 6-1: USB disconnect, device number 19
[  370.767816][ T5932] usb 7-1: config 0 descriptor??
[  371.182629][ T5932] cm6533_jd 0003:0D8C:0022.0024: unknown main item tag 0x0
[  371.190685][ T5932] cm6533_jd 0003:0D8C:0022.0024: unknown main item tag 0x0
[  371.202127][ T5932] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:0D8C:0022.0024/input/input46
[  371.221999][ T5932] cm6533_jd 0003:0D8C:0022.0024: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.6-1/input0
[  371.411686][   T43] usb 7-1: USB disconnect, device number 11
[  372.113850][T13860] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2976'.
[  372.699081][T13876] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2984'.
[  372.863868][ T5932] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  373.024383][ T5932] usb 6-1: Using ep0 maxpacket: 32
[  373.033698][ T5932] usb 6-1: config 0 interface 0 has no altsetting 0
[  373.040686][ T5932] usb 6-1: New USB device found, idVendor=1b1c, idProduct=1c09, bcdDevice= 0.00
[  373.064640][ T5932] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  373.094113][ T5932] usb 6-1: config 0 descriptor??
[  373.749228][T13907] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2996'.
[  373.774352][T13900] loop2: detected capacity change from 0 to 32768
[  373.812645][T13900] ocfs2: Mounting device (7,2) on (node local, slot 0) with writeback data mode.
[  373.900856][ T5932] corsair-psu 0003:1B1C:1C09.0025: hidraw0: USB HID v4.08 Device [HID 1b1c:1c09] on usb-dummy_hcd.5-1/input0
[  373.994835][T11628] ocfs2: Unmounting device (7,2) on (node local)
[  374.077948][ T5932] corsair-psu 0003:1B1C:1C09.0025: unable to initialize device (-95)
[  374.096850][ T5932] corsair-psu 0003:1B1C:1C09.0025: probe with driver corsair-psu failed with error -95
[  374.290133][   T10] usb 6-1: USB disconnect, device number 20
[  374.824469][T13918] loop9: detected capacity change from 0 to 32768
[  374.876921][T13918] ocfs2: Slot 0 on device (7,9) was already allocated to this node!
[  374.921461][T13918] ocfs2: Mounting device (7,9) on (node local, slot 0) with ordered data mode.
[  374.987118][T13918] overlayfs: upper fs does not support tmpfile.
[  375.026086][T13918] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  375.033175][T13918] overlayfs: failed to set xattr on upper
[  375.067238][T13918] overlayfs: ...falling back to redirect_dir=nofollow.
[  375.081035][T13918] overlayfs: ...falling back to index=off.
[  375.108493][T13918] overlayfs: ...falling back to uuid=null.
[  375.124101][T13918] overlayfs: upper fs missing required features.
[  375.248330][T12315] ocfs2: Unmounting device (7,9) on (node local)
[  375.299681][T13949] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3011'.
[  375.993898][ T5955] usb 10-1: new high-speed USB device number 8 using dummy_hcd
[  376.062042][T13976] loop6: detected capacity change from 0 to 256
[  376.121960][T13978] loop2: detected capacity change from 0 to 128
[  376.158446][ T5955] usb 10-1: Using ep0 maxpacket: 16
[  376.169314][ T5955] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  376.189627][ T5955] usb 10-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  376.213088][ T5955] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  376.224875][ T5955] usb 10-1: config 0 descriptor??
[  376.231765][T11628] FAT-fs (loop2): error, invalid access to FAT (entry 0x266f0005)
[  376.243103][T11628] FAT-fs (loop2): Filesystem has been set read-only
[  376.649051][ T5955] mcp2221 0003:04D8:00DD.0026: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.9-1/input0
[  376.975648][T13992] loop2: detected capacity change from 0 to 32768
[  376.997513][   T30] audit: type=1800 audit(1758729993.919:937): pid=13992 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.3033" name="file1" dev="loop2" ino=4 res=0 errno=0
[  377.047451][ T5955] usb 10-1: USB disconnect, device number 8
[  377.193291][T14002] netlink: 104 bytes leftover after parsing attributes in process `syz.5.3036'.
[  378.719636][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  378.727997][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  378.841702][T14068] loop5: detected capacity change from 0 to 256
[  379.153890][   T10] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  379.326251][   T10] usb 6-1: config 220 has an invalid interface number: 76 but max is 2
[  379.340478][   T10] usb 6-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  379.362931][   T10] usb 6-1: config 220 has an invalid descriptor of length 97, skipping remainder of the config
[  379.384978][   T10] usb 6-1: config 220 has no interface number 2
[  379.392668][   T10] usb 6-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  379.421154][   T10] usb 6-1: config 220 interface 0 has no altsetting 0
[  379.436314][   T10] usb 6-1: config 220 interface 76 has no altsetting 0
[  379.451160][   T10] usb 6-1: config 220 interface 1 has no altsetting 0
[  379.469140][   T10] usb 6-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  379.480467][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  379.497487][   T10] usb 6-1: Product: syz
[  379.523268][   T10] usb 6-1: Manufacturer: syz
[  379.532179][   T10] usb 6-1: SerialNumber: syz
[  379.593953][ T5955] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  379.757214][ T5955] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  379.799704][   T10] uvcvideo 6-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[  379.813826][ T5955] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  379.823978][   T10] uvcvideo 6-1:220.0: No valid video chain found.
[  379.830483][   T10] usb 6-1: selecting invalid altsetting 0
[  379.844574][ T5955] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  379.871797][ T5955] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  379.887194][   T10] usb 6-1: selecting invalid altsetting 0
[  379.906224][   T10] usbtest 6-1:220.1: probe with driver usbtest failed with error -22
[  379.915650][T14097] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  379.946508][ T5955] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  379.971184][   T10] usb 6-1: USB disconnect, device number 21
[  380.333329][ T5932] usb 7-1: USB disconnect, device number 12
[  381.058207][T14128] netlink: 'syz.6.3090': attribute type 11 has an invalid length.
[  381.082138][T14128] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3090'.
[  381.300178][T14136] syzkaller1: entered promiscuous mode
[  381.444032][T14136] syzkaller1: entered allmulticast mode
[  382.194215][ T5932] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  382.343857][ T5932] usb 7-1: Using ep0 maxpacket: 32
[  382.355357][ T5932] usb 7-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  382.364621][ T5932] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  382.387059][ T5932] usb 7-1: config 0 descriptor??
[  382.603347][ T5932] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  382.626112][ T5932] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  382.633947][   T10] usb 10-1: new high-speed USB device number 9 using dummy_hcd
[  382.638745][ T5932] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  382.664018][ T5932] usb 7-1: media controller created
[  382.717886][ T5932] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  382.805600][ T5932] az6027: usb out operation failed. (-71)
[  382.814131][ T5932] az6027: usb out operation failed. (-71)
[  382.819997][ T5932] stb0899_attach: Driver disabled by Kconfig
[  382.834390][ T5932] az6027: no front-end attached
[  382.834390][ T5932] 
[  382.864130][ T5932] az6027: usb out operation failed. (-71)
[  382.870435][ T5932] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  382.890043][ T5932] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.6/usb7/7-1/input/input48
[  382.903894][   T10] usb 10-1: Using ep0 maxpacket: 8
[  382.916161][   T10] usb 10-1: config index 0 descriptor too short (expected 30768, got 18)
[  382.922559][ T5932] dvb-usb: schedule remote query interval to 400 msecs.
[  382.932734][   T10] usb 10-1: config 102 has too many interfaces: 102, using maximum allowed: 32
[  382.933865][ T5932] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  382.954694][   T10] usb 10-1: config 102 has an invalid descriptor of length 102, skipping remainder of the config
[  382.974486][   T10] usb 10-1: config 102 has 0 interfaces, different from the descriptor's value: 102
[  382.978353][ T5932] usb 7-1: USB disconnect, device number 13
[  383.001715][   T10] usb 10-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  383.021200][   T10] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  383.085328][ T5932] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  383.263208][   T10] usb 10-1: string descriptor 0 read error: -22
[  383.493436][   T10] usb 10-1: USB disconnect, device number 9
[  383.713881][ T5955] usb 7-1: new full-speed USB device number 14 using dummy_hcd
[  383.827171][T14189] loop5: detected capacity change from 0 to 32768
[  383.869810][   T30] audit: type=1800 audit(1758730256.798:938): pid=14189 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.3114" name="file1" dev="loop5" ino=4 res=0 errno=0
[  383.909017][ T5955] usb 7-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  383.920805][ T5955] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  383.939478][ T5955] usb 7-1: config 0 descriptor??
[  384.691239][T14205] loop2: detected capacity change from 0 to 32768
[  384.722836][T14211] loop9: detected capacity change from 0 to 8192
[  384.724778][T14205] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  384.739811][T14218] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3124'.
[  384.753260][T14205] XFS (loop2): Ending clean mount
[  384.876698][T14225] syzkaller1: entered promiscuous mode
[  384.882417][T14225] syzkaller1: entered allmulticast mode
[  384.952689][T11628] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  384.978591][ T5955] pegasus 7-1:0.0: probe with driver pegasus failed with error -71
[  385.001097][ T5955] usb 7-1: USB disconnect, device number 14
[  386.358242][T14289] syzkaller1: entered promiscuous mode
[  386.365310][T14293] ALSA: mixer_oss: invalid OSS volume ''
[  386.385005][T14289] syzkaller1: entered allmulticast mode
[  386.742325][T14312] loop8: detected capacity change from 0 to 8
[  386.762194][T14312]  loop8: [CUMANA/ADFS] p1 [ADFS] p1
[  386.773907][T14312] loop8: partition table partially beyond EOD, truncated
[  386.801442][T14312] loop8: p1 size 3004527350 extends beyond EOD, truncated
[  387.121319][T14327] loop9: detected capacity change from 0 to 1024
[  387.336023][   T60] hfsplus: b-tree write err: -5, ino 4
[  387.544531][   T43] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[  387.642374][T14351] loop7: detected capacity change from 0 to 1024
[  387.650946][T14351] ext4: Unknown parameter 'func'
[  387.876965][T14357] loop2: detected capacity change from 0 to 128
[  388.173821][   T43] usb 7-1: Using ep0 maxpacket: 8
[  388.180619][   T43] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  388.203817][   T43] usb 7-1: config 0 has no interfaces?
[  388.211379][   T43] usb 7-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d
[  388.220629][   T43] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  388.243821][   T43] usb 7-1: Product: syz
[  388.248016][   T43] usb 7-1: Manufacturer: syz
[  388.252645][   T43] usb 7-1: SerialNumber: syz
[  388.266619][   T43] usb 7-1: config 0 descriptor??
[  388.488508][   T43] usb 7-1: USB disconnect, device number 15
[  388.762804][T14388] loop9: detected capacity change from 0 to 8192
[  388.930062][T14399] netlink: 8 bytes leftover after parsing attributes in process `syz.9.3208'.
[  389.718335][T14427] pim6reg: entered allmulticast mode
[  389.720655][T14427] pim6reg: left allmulticast mode
[  390.132684][T14440] loop5: detected capacity change from 0 to 128
[  390.168431][ T5955] IPVS: starting estimator thread 0...
[  390.263864][T14443] IPVS: using max 29 ests per chain, 69600 per kthread
[  390.632004][T14468] netlink: 68 bytes leftover after parsing attributes in process `syz.9.3237'.
[  390.641707][T14468] netlink: 8 bytes leftover after parsing attributes in process `syz.9.3237'.
[  390.708652][T14471] loop9: detected capacity change from 0 to 512
[  390.717318][T14471] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  390.742167][T14471] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  390.755019][T14471] ext4 filesystem being mounted at /168/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  390.819424][T12315] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  390.894181][T14482] ALSA: mixer_oss: invalid OSS volume ''
[  390.958357][T14486] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3244'.
[  391.085969][T14494] netlink: 428 bytes leftover after parsing attributes in process `syz.9.3248'.
[  391.095273][T14494] netlink: 32 bytes leftover after parsing attributes in process `syz.9.3248'.
[  391.331452][T14492] loop6: detected capacity change from 0 to 32768
[  391.380061][T14492] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[  391.457274][T11142] (syz-executor,11142,1):ocfs2_inode_is_valid_to_delete:948 ERROR: Skipping delete of system file 72
[  391.473630][T11142] ocfs2: Unmounting device (7,6) on (node local)
[  391.780183][T14522] loop2: detected capacity change from 0 to 1024
[  391.809006][T14522] EXT4-fs: Ignoring removed nomblk_io_submit option
[  391.839755][T14522] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  391.858505][T14522] System zones: 0-1, 3-36
[  391.874630][T14522] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  391.926547][T14533] loop9: detected capacity change from 0 to 1024
[  391.933957][T14533] EXT4-fs: Ignoring removed mblk_io_submit option
[  391.940474][T14533] EXT4-fs: Ignoring removed bh option
[  391.964966][   T43] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  391.969390][T14533] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  391.974681][T11628] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  392.032594][T12315] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  392.083268][T14539] loop2: detected capacity change from 0 to 1024
[  392.091438][T14539] EXT4-fs: Ignoring removed mblk_io_submit option
[  392.098189][T14539] EXT4-fs: Ignoring removed bh option
[  392.134919][T14539] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  392.135368][   T43] usb 7-1: config index 0 descriptor too short (expected 23569, got 27)
[  392.160196][   T43] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  392.178568][   T43] usb 7-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  392.188041][   T43] usb 7-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  392.198915][   T43] usb 7-1: Manufacturer: syz
[  392.214458][   T43] usb 7-1: config 0 descriptor??
[  392.283583][T11628] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  392.323956][   T43] rc_core: IR keymap rc-hauppauge not found
[  392.329918][   T43] Registered IR keymap rc-empty
[  392.337773][   T43] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0
[  392.350314][   T43] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0/input50
[  392.393993][ T6011] usb 10-1: new high-speed USB device number 10 using dummy_hcd
[  392.448239][    C1] igorplugusb 7-1:0.0: Error: urb status = -32
[  392.456508][ T5947] usb 7-1: USB disconnect, device number 16
[  392.558439][ T6011] usb 10-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00
[  392.574710][ T6011] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  392.593149][ T6011] usb 10-1: Product: syz
[  392.597779][ T6011] usb 10-1: Manufacturer: syz
[  392.602577][ T6011] usb 10-1: SerialNumber: syz
[  392.611662][ T6011] usb 10-1: config 0 descriptor??
[  392.830790][ T6011] hso 10-1:0.0: Failed to find BULK IN ep
[  392.840142][ T6011] usb-storage 10-1:0.0: USB Mass Storage device detected
[  393.045454][T14545] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  393.061554][ T5955] usb 10-1: USB disconnect, device number 10
[  393.161373][ T5947] kernel read not supported for file /input/event1 (pid: 5947 comm: kworker/0:5)
[  393.360828][T14574] loop5: detected capacity change from 0 to 40427
[  393.368996][T14574] F2FS-fs (loop5): build fault injection rate: 690
[  393.377671][T14574] F2FS-fs (loop5): invalid crc value
[  393.430695][T14574] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  393.441082][T14574] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  393.463134][   T30] audit: type=1800 audit(1758730266.388:939): pid=14574 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.3279" name="file1" dev="loop5" ino=10 res=0 errno=0
[  393.992413][T14574] syz.5.3279: attempt to access beyond end of device
[  393.992413][T14574] loop5: rw=2049, sector=77824, nr_sectors = 12864 limit=40427
[  394.023880][ T6011] usb 10-1: new high-speed USB device number 11 using dummy_hcd
[  394.080122][T14574] syz.5.3279: attempt to access beyond end of device
[  394.080122][T14574] loop5: rw=2049, sector=90688, nr_sectors = 8584 limit=40427
[  394.134377][T11767] syz-executor: attempt to access beyond end of device
[  394.134377][T11767] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  394.157730][T11767] CPU: 1 UID: 0 PID: 11767 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  394.157760][T11767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  394.157773][T11767] Call Trace:
[  394.157781][T11767]  <TASK>
[  394.157791][T11767]  dump_stack_lvl+0x189/0x250
[  394.157825][T11767]  ? __pfx_dump_stack_lvl+0x10/0x10
[  394.157850][T11767]  ? __pfx_queue_work_on+0x10/0x10
[  394.157867][T11767]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  394.157888][T11767]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  394.157925][T11767]  f2fs_handle_critical_error+0x37c/0x540
[  394.157967][T11767]  f2fs_write_end_io+0x886/0xb60
[  394.158015][T11767]  __submit_merged_bio+0x27a/0x6a0
[  394.158055][T11767]  __submit_merged_write_cond+0x255/0x530
[  394.158116][T11767]  f2fs_write_data_pages+0x261d/0x3000
[  394.158188][T11767]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  394.158230][T11767]  ? kernel_text_address+0xa5/0xe0
[  394.158312][T11767]  ? stack_depot_save_flags+0x40/0x860
[  394.158384][T11767]  ? __lock_acquire+0xab9/0xd20
[  394.158437][T11767]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  394.158462][T11767]  do_writepages+0x32e/0x550
[  394.158511][T11767]  ? do_raw_spin_unlock+0x122/0x240
[  394.158550][T11767]  filemap_fdatawrite+0x199/0x240
[  394.158571][T11767]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  394.158658][T11767]  ? do_raw_spin_unlock+0x122/0x240
[  394.158688][T11767]  f2fs_sync_dirty_inodes+0x31f/0x830
[  394.158735][T11767]  f2fs_write_checkpoint+0x93e/0x2440
[  394.158759][T11767]  ? stack_depot_save_flags+0x40/0x860
[  394.158825][T11767]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  394.158905][T11767]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  394.158931][T11767]  ? kfree+0x19a/0x6d0
[  394.158967][T11767]  kill_f2fs_super+0x2cc/0x6d0
[  394.159001][T11767]  ? __pfx_kill_f2fs_super+0x10/0x10
[  394.159052][T11767]  ? shrinker_free+0x2ce/0x3e0
[  394.159086][T11767]  deactivate_locked_super+0xbc/0x130
[  394.159122][T11767]  cleanup_mnt+0x425/0x4c0
[  394.159153][T11767]  ? lockdep_hardirqs_on+0x9c/0x150
[  394.159180][T11767]  task_work_run+0x1d4/0x260
[  394.159210][T11767]  ? __pfx_task_work_run+0x10/0x10
[  394.159233][T11767]  ? __x64_sys_umount+0x122/0x160
[  394.159261][T11767]  ? exit_to_user_mode_loop+0x40/0x130
[  394.159310][T11767]  exit_to_user_mode_loop+0xe9/0x130
[  394.159339][T11767]  do_syscall_64+0x2bd/0xfa0
[  394.159360][T11767]  ? lockdep_hardirqs_on+0x9c/0x150
[  394.159382][T11767]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  394.159406][T11767]  ? clear_bhb_loop+0x60/0xb0
[  394.159433][T11767]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  394.159454][T11767] RIP: 0033:0x7f14cc7901f7
[  394.159484][T11767] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  394.159502][T11767] RSP: 002b:00007ffd29febcf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  394.159524][T11767] RAX: 0000000000000000 RBX: 00007f14cc811d7d RCX: 00007f14cc7901f7
[  394.159537][T11767] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd29febdb0
[  394.159550][T11767] RBP: 00007ffd29febdb0 R08: 0000000000000000 R09: 0000000000000000
[  394.159563][T11767] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd29fece40
[  394.159576][T11767] R13: 00007f14cc811d7d R14: 000000000006029b R15: 00007ffd29fece80
[  394.159618][T11767]  </TASK>
[  394.159626][T11767] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  394.443296][T14601] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3289'.
[  394.463854][ T6011] usb 10-1: Using ep0 maxpacket: 32
[  394.582563][ T6011] usb 10-1: config 0 has an invalid interface number: 51 but max is 0
[  394.591024][ T6011] usb 10-1: config 0 has no interface number 0
[  394.613650][ T6011] usb 10-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  394.623019][ T6011] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  394.631400][ T6011] usb 10-1: Product: syz
[  394.635712][ T6011] usb 10-1: Manufacturer: syz
[  394.640466][ T6011] usb 10-1: SerialNumber: syz
[  394.648253][ T6011] usb 10-1: config 0 descriptor??
[  394.656452][ T6011] quatech2 10-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  394.866157][ T6011] usb 10-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  394.882648][ T6011] usb 10-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  395.013044][T14603] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  395.025227][T14603] overlayfs: maximum fs stacking depth exceeded
[  395.281033][    C1] usb 10-1: qt2_read_bulk_callback - non-zero urb status: -71
[  395.282296][ T5955] usb 10-1: USB disconnect, device number 11
[  395.299664][ T5955] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  395.319858][ T5955] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  395.331040][T14611] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3293'.
[  395.343509][ T5955] quatech2 10-1:0.51: device disconnected
[  395.352361][T14611] bond0: entered promiscuous mode
[  395.358623][T14611] bond_slave_0: entered promiscuous mode
[  395.363909][   T10] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[  395.365764][T14611] bond_slave_1: entered promiscuous mode
[  395.377829][T14611] bridge0: entered promiscuous mode
[  395.385468][T14611] bond0: left promiscuous mode
[  395.390267][T14611] bond_slave_0: left promiscuous mode
[  395.396100][T14611] bond_slave_1: left promiscuous mode
[  395.401661][T14611] bridge0: left promiscuous mode
[  395.492650][T14613] loop7: detected capacity change from 0 to 512
[  395.499126][ T6011] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  395.500404][T14613] EXT4-fs: Ignoring removed mblk_io_submit option
[  395.514684][T14613] EXT4-fs: Ignoring removed mblk_io_submit option
[  395.521668][T14613] EXT4-fs (loop7): Test dummy encryption mode enabled
[  395.528668][T14613] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[  395.542830][T14613] EXT4-fs (loop7): 1 truncate cleaned up
[  395.546744][   T10] usb 6-1: config index 0 descriptor too short (expected 23569, got 27)
[  395.550748][T14613] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  395.557499][   T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  395.584093][   T10] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  395.593255][   T10] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  395.614383][   T10] usb 6-1: Manufacturer: syz
[  395.618870][T11326] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  395.625127][   T10] usb 6-1: config 0 descriptor??
[  395.654012][ T6011] usb 7-1: Using ep0 maxpacket: 32
[  395.661217][ T6011] usb 7-1: config 0 has an invalid interface number: 184 but max is 0
[  395.675330][ T6011] usb 7-1: config 0 has no interface number 0
[  395.688913][ T6011] usb 7-1: config 0 interface 184 has no altsetting 0
[  395.698937][ T6011] usb 7-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  395.708281][ T6011] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  395.716844][ T6011] usb 7-1: Product: syz
[  395.721193][ T6011] usb 7-1: Manufacturer: syz
[  395.723929][   T10] rc_core: IR keymap rc-hauppauge not found
[  395.725858][ T6011] usb 7-1: SerialNumber: syz
[  395.731789][   T10] Registered IR keymap rc-empty
[  395.743063][ T6011] usb 7-1: config 0 descriptor??
[  395.751513][ T6011] smsc75xx v1.0.0
[  395.774074][   T10] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0
[  395.790197][   T10] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input51
[  395.914269][    C0] igorplugusb 6-1:0.0: Error: urb status = -32
[  395.933604][   T43] usb 6-1: USB disconnect, device number 22
[  396.136693][T14618] loop7: detected capacity change from 0 to 32768
[  396.154807][T14618] XFS (loop7): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  396.181568][T14618] XFS (loop7): Ending clean mount
[  396.239839][T11326] XFS (loop7): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  396.376251][ T6011] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  396.423879][ T6011] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  396.657898][ T6011] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -71
[  396.674007][ T6011] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -71
[  396.696580][ T6011] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  396.713441][ T6011] smsc75xx 7-1:0.184: probe with driver smsc75xx failed with error -71
[  396.726232][ T6011] usb 7-1: USB disconnect, device number 17
[  397.164669][T14647] loop5: detected capacity change from 0 to 40427
[  397.177414][T14647] F2FS-fs (loop5): invalid crc value
[  397.266992][T14660] overlay: filesystem on ./file0 is read-only
[  397.290025][T14647] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  397.304496][T14647] F2FS-fs (loop5): Start checkpoint disabled!
[  397.321545][T14647] F2FS-fs (loop5): f2fs_disable_checkpoint() finish, err:0
[  397.334361][T14647] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  397.426951][T14647] syz.5.3304: attempt to access beyond end of device
[  397.426951][T14647] loop5: rw=2049, sector=77824, nr_sectors = 136 limit=40427
[  397.525963][   T12] kworker/u8:0: attempt to access beyond end of device
[  397.525963][   T12] loop5: rw=1, sector=77896, nr_sectors = 8 limit=40427
[  397.555518][   T12] kworker/u8:0: attempt to access beyond end of device
[  397.555518][   T12] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  397.558361][T14669] netlink: 16 bytes leftover after parsing attributes in process `syz.7.3314'.
[  397.615290][   T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted syzkaller #0 PREEMPT(full) 
[  397.615317][   T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  397.615331][   T12] Workqueue: writeback wb_workfn (flush-7:5)
[  397.615367][   T12] Call Trace:
[  397.615375][   T12]  <TASK>
[  397.615384][   T12]  dump_stack_lvl+0x189/0x250
[  397.615433][   T12]  ? __pfx_dump_stack_lvl+0x10/0x10
[  397.615457][   T12]  ? __pfx_queue_work_on+0x10/0x10
[  397.615486][   T12]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  397.615519][   T12]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  397.615572][   T12]  f2fs_handle_critical_error+0x37c/0x540
[  397.615622][   T12]  f2fs_write_end_io+0x886/0xb60
[  397.615687][   T12]  __submit_merged_bio+0x27a/0x6a0
[  397.615746][   T12]  __submit_merged_write_cond+0x255/0x530
[  397.615821][   T12]  f2fs_write_data_pages+0x261d/0x3000
[  397.615905][   T12]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  397.615949][   T12]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  397.616018][   T12]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  397.616059][   T12]  ? trace_f2fs_writepages+0x7f/0x200
[  397.616090][   T12]  ? f2fs_write_node_pages+0x478/0x6e0
[  397.616153][   T12]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  397.616177][   T12]  do_writepages+0x32e/0x550
[  397.616214][   T12]  ? reacquire_held_locks+0x127/0x1d0
[  397.616232][   T12]  ? writeback_sb_inodes+0x384/0x1010
[  397.616264][   T12]  __writeback_single_inode+0x145/0xff0
[  397.616287][   T12]  ? do_raw_spin_unlock+0x122/0x240
[  397.616315][   T12]  writeback_sb_inodes+0x6c7/0x1010
[  397.616335][   T12]  ? lockdep_hardirqs_on+0x9c/0x150
[  397.616387][   T12]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  397.616481][   T12]  ? rcu_is_watching+0x15/0xb0
[  397.616513][   T12]  wb_writeback+0x43b/0xaf0
[  397.616546][   T12]  ? queue_io+0x351/0x590
[  397.616572][   T12]  ? __pfx_wb_writeback+0x10/0x10
[  397.616605][   T12]  ? _raw_spin_unlock_irq+0x23/0x50
[  397.616632][   T12]  wb_workfn+0x409/0xef0
[  397.616681][   T12]  ? __pfx_wb_workfn+0x10/0x10
[  397.616718][   T12]  ? __lock_acquire+0xab9/0xd20
[  397.616768][   T12]  ? process_scheduled_works+0x9ef/0x17b0
[  397.616807][   T12]  ? _raw_spin_unlock_irq+0x23/0x50
[  397.616825][   T12]  ? process_scheduled_works+0x9ef/0x17b0
[  397.616858][   T12]  ? process_scheduled_works+0x9ef/0x17b0
[  397.616890][   T12]  process_scheduled_works+0xae1/0x17b0
[  397.616959][   T12]  ? __pfx_process_scheduled_works+0x10/0x10
[  397.617013][   T12]  worker_thread+0x8a0/0xda0
[  397.617080][   T12]  kthread+0x711/0x8a0
[  397.617107][   T12]  ? __pfx_worker_thread+0x10/0x10
[  397.617136][   T12]  ? __pfx_kthread+0x10/0x10
[  397.617162][   T12]  ? _raw_spin_unlock_irq+0x23/0x50
[  397.617180][   T12]  ? lockdep_hardirqs_on+0x9c/0x150
[  397.617198][   T12]  ? __pfx_kthread+0x10/0x10
[  397.617222][   T12]  ret_from_fork+0x4bc/0x870
[  397.617256][   T12]  ? __pfx_ret_from_fork+0x10/0x10
[  397.617295][   T12]  ? __switch_to_asm+0x39/0x70
[  397.617319][   T12]  ? __switch_to_asm+0x33/0x70
[  397.617342][   T12]  ? __pfx_kthread+0x10/0x10
[  397.617366][   T12]  ret_from_fork_asm+0x1a/0x30
[  397.617415][   T12]  </TASK>
[  397.625196][T14669] netlink: 20 bytes leftover after parsing attributes in process `syz.7.3314'.
[  397.655058][   T12] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  398.212512][T14683] loop6: detected capacity change from 0 to 256
[  399.671221][T14731] loop5: detected capacity change from 0 to 32768
[  400.058344][T14754] dummy0: entered promiscuous mode
[  400.071880][T14754] macsec1: entered promiscuous mode
[  400.085756][T14754] macsec1: entered allmulticast mode
[  400.096732][T14758] netlink: 'syz.9.3354': attribute type 1 has an invalid length.
[  400.101493][T14754] dummy0: entered allmulticast mode
[  400.104712][T14758] netlink: 132 bytes leftover after parsing attributes in process `syz.9.3354'.
[  400.119915][T14758] netlink: 'syz.9.3354': attribute type 2 has an invalid length.
[  400.128206][T14758] netlink: 'syz.9.3354': attribute type 1 has an invalid length.
[  400.128937][T14754] dummy0: left allmulticast mode
[  400.136223][T14758] netlink: 2 bytes leftover after parsing attributes in process `syz.9.3354'.
[  400.164370][T14754] dummy0: left promiscuous mode
[  400.444505][   T43] usb 7-1: new high-speed USB device number 18 using dummy_hcd
[  400.625847][   T43] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  400.643855][   T43] usb 7-1: config 0 interface 0 has no altsetting 0
[  400.656403][   T43] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  400.672159][   T43] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  400.681397][   T43] usb 7-1: Product: syz
[  400.685700][   T43] usb 7-1: Manufacturer: syz
[  400.690333][   T43] usb 7-1: SerialNumber: syz
[  400.697227][   T43] usb 7-1: config 0 descriptor??
[  400.706005][   T43] usb 7-1: selecting invalid altsetting 0
[  400.908013][   T10] usb 7-1: USB disconnect, device number 18
[  400.914104][ T5955] usb 10-1: new high-speed USB device number 12 using dummy_hcd
[  401.075603][ T5955] usb 10-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  401.084598][ T5955] usb 10-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  401.095026][ T5955] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 66
[  401.104751][ T5955] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  401.116622][ T5955] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  401.129507][ T5955] usb 10-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  401.138789][ T5955] usb 10-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  401.146914][ T5955] usb 10-1: Product: syz
[  401.151176][ T5955] usb 10-1: Manufacturer: syz
[  401.160056][ T5955] cdc_wdm 10-1:1.0: skipping garbage
[  401.165862][ T5955] cdc_wdm 10-1:1.0: skipping garbage
[  401.172476][ T5955] cdc_wdm 10-1:1.0: cdc-wdm0: USB WDM device
[  401.178778][ T5955] cdc_wdm 10-1:1.0: Unknown control protocol
[  401.448369][T14790] netlink: 72 bytes leftover after parsing attributes in process `syz.6.3369'.
[  401.505602][   T30] audit: type=1326 audit(1758730274.438:940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14784 comm="syz.5.3368" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14cc78eec9 code=0x7fc00000
[  401.528063][    C0] vkms_vblank_simulate: vblank timer overrun
[  401.842581][T14807] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3376'.
[  401.980217][T14796] loop5: detected capacity change from 0 to 32768
[  402.020165][T14796] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  402.035692][T14796] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  402.073530][T14796] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  402.086144][   T10] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  402.093269][   T10] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  402.174385][   T10] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 81ms
[  402.181991][   T10] gfs2: fsid=syz:syz.0: jid=0: Done
[  402.189830][T14796] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  402.557275][T14827] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3383'.
[  402.655804][T14829] team0: Port device gre1 added
[  402.990436][T14838] input: syz1 as /devices/virtual/input/input52
[  402.998053][T14839] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3389'.
[  403.021554][T14841] input: syz0 as /devices/virtual/input/input53
[  403.332534][T14861] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  403.696439][T14882] loop7: detected capacity change from 0 to 128
[  403.703956][T14882] EXT4-fs: Ignoring removed nomblk_io_submit option
[  403.705451][   T10] usb 10-1: USB disconnect, device number 12
[  403.710767][T14882] EXT4-fs: Ignoring removed nomblk_io_submit option
[  403.730598][T14882] EXT4-fs (loop7): Test dummy encryption mode enabled
[  403.748749][T14882] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  403.761047][   T43] usb 7-1: new full-speed USB device number 19 using dummy_hcd
[  403.764582][T14882] ext4 filesystem being mounted at /261/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  403.856971][T11326] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  403.927735][   T43] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  403.934158][T14893] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3414'.
[  403.949390][   T43] usb 7-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  403.965452][   T43] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  403.976422][   T43] usb 7-1: config 0 descriptor??
[  403.981756][T14893] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3414'.
[  403.982126][T14874] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  404.443695][ T5978] hid-generic 0000:0000:0000.0028: unknown main item tag 0x0
[  404.465309][   T43] elan 0003:04F3:0755.0027: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.6-1/input0
[  404.478302][ T5978] hid-generic 0000:0000:0000.0028: hidraw1: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  404.651049][   T43] usb 7-1: USB disconnect, device number 19
[  405.475027][T14957] loop7: detected capacity change from 0 to 64
[  405.510182][T14958] netlink: 80 bytes leftover after parsing attributes in process `syz.9.3441'.
[  405.536658][T14957] Trying to free block not in datazone
[  405.572158][T14961] syzkaller1: entered promiscuous mode
[  405.580522][T14957] overlayfs: upper fs needs to support d_type.
[  405.589388][T14961] syzkaller1: entered allmulticast mode
[  405.603670][T14957] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  405.614452][T14957] overlayfs: failed to set xattr on upper
[  405.622502][T14957] overlayfs: ...falling back to redirect_dir=nofollow.
[  405.634619][T14957] overlayfs: ...falling back to index=off.
[  405.640465][T14957] overlayfs: ...falling back to uuid=null.
[  405.701612][T11326] Bad inode number on dev loop7: 4160749571 is out of range
[  405.710307][T11326] Bad inode number on dev loop7: 4160749571 is out of range
[  405.744890][T14968] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3445'.
[  405.882762][T12352] bridge0: port 3(syz_tun) entered disabled state
[  405.929972][T12352] syz_tun (unregistering): left allmulticast mode
[  405.938199][T12352] syz_tun (unregistering): left promiscuous mode
[  405.946994][T12352] bridge0: port 3(syz_tun) entered disabled state
[  406.126235][ T3007] bridge_slave_1: left allmulticast mode
[  406.132559][ T3007] bridge_slave_1: left promiscuous mode
[  406.139505][   T10] usb 7-1: new high-speed USB device number 20 using dummy_hcd
[  406.153074][ T3007] bridge0: port 2(bridge_slave_1) entered disabled state
[  406.169867][ T3007] bridge_slave_0: left allmulticast mode
[  406.179585][ T3007] bridge_slave_0: left promiscuous mode
[  406.186335][ T3007] bridge0: port 1(bridge_slave_0) entered disabled state
[  406.314568][   T10] usb 7-1: Using ep0 maxpacket: 16
[  406.322001][   T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  406.338009][   T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  406.359610][   T10] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  406.387160][   T10] usb 7-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  406.405002][   T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  406.426696][   T10] usb 7-1: config 0 descriptor??
[  406.830329][ T5871] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  406.842761][   T10] microsoft 0003:045E:07DA.0029: unknown main item tag 0x0
[  406.858401][ T5871] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  406.868954][ T5871] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  406.879790][ T5871] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  406.889897][   T10] microsoft 0003:045E:07DA.0029: unknown main item tag 0x0
[  406.897772][ T5871] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  406.905303][   T10] microsoft 0003:045E:07DA.0029: unknown main item tag 0x0
[  406.912586][   T10] microsoft 0003:045E:07DA.0029: unknown main item tag 0x0
[  406.920463][   T10] microsoft 0003:045E:07DA.0029: unknown main item tag 0x0
[  406.928117][   T10] microsoft 0003:045E:07DA.0029: unknown main item tag 0x0
[  406.936314][   T10] microsoft 0003:045E:07DA.0029: unknown main item tag 0x0
[  406.943582][   T10] microsoft 0003:045E:07DA.0029: unknown main item tag 0x0
[  406.952210][   T10] microsoft 0003:045E:07DA.0029: unknown main item tag 0x0
[  406.983260][   T10] input: HID 045e:07da as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:045E:07DA.0029/input/input54
[  406.996627][ T3007] bond0 (unregistering): (slave bridge0): Releasing backup interface
[  407.009330][   T10] microsoft 0003:045E:07DA.0029: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.6-1/input0
[  407.225140][ T3007] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  407.236227][ T3007] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  407.246359][ T3007] bond0 (unregistering): Released all slaves
[  407.580395][ T6011] usb 7-1: USB disconnect, device number 20
[  407.594043][T15018] loop9: detected capacity change from 0 to 256
[  407.637845][T15018] FAT-fs (loop9): Directory bread(block 64) failed
[  407.648568][T15018] FAT-fs (loop9): Directory bread(block 65) failed
[  407.659517][T15018] FAT-fs (loop9): Directory bread(block 66) failed
[  407.688320][T15018] FAT-fs (loop9): Directory bread(block 67) failed
[  407.695157][T15018] FAT-fs (loop9): Directory bread(block 68) failed
[  407.701772][T15018] FAT-fs (loop9): Directory bread(block 69) failed
[  407.708720][T15018] FAT-fs (loop9): Directory bread(block 70) failed
[  407.716934][T15018] FAT-fs (loop9): Directory bread(block 71) failed
[  407.724124][T15018] FAT-fs (loop9): Directory bread(block 72) failed
[  407.730699][T15018] FAT-fs (loop9): Directory bread(block 73) failed
[  407.814030][  T982] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[  407.937987][ T3007] hsr_slave_0: left promiscuous mode
[  407.956651][ T3007] hsr_slave_1: left promiscuous mode
[  407.966766][ T3007] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  407.974853][ T3007] batman_adv: batadv0: Removing interface: batadv_slave_0
[  407.985947][ T3007] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  407.997843][ T3007] batman_adv: batadv0: Removing interface: batadv_slave_1
[  408.013855][  T982] usb 6-1: Using ep0 maxpacket: 32
[  408.025308][  T982] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  408.036018][ T3007] veth1_macvtap: left promiscuous mode
[  408.041865][ T3007] veth0_macvtap: left promiscuous mode
[  408.043892][  T982] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  408.047857][ T3007] veth1_vlan: left promiscuous mode
[  408.073931][  T982] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  408.076807][ T3007] veth0_vlan: left promiscuous mode
[  408.093220][  T982] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  408.116605][  T982] usb 6-1: config 0 descriptor??
[  408.151478][T15034] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  408.565952][  T982] savu 0003:1E7D:2D5A.002A: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.5-1/input0
[  408.851183][  T982] usb 6-1: USB disconnect, device number 23
[  408.910779][ T3007] team0 (unregistering): Port device team_slave_1 removed
[  408.961265][ T3007] team0 (unregistering): Port device team_slave_0 removed
[  409.027292][ T5871] Bluetooth: hci1: command tx timeout
[  409.626973][T14993] chnl_net:caif_netlink_parms(): no params data found
[  409.823572][T15061] loop9: detected capacity change from 0 to 1024
[  409.852001][T15061] EXT4-fs: Ignoring removed orlov option
[  409.857920][T15061] EXT4-fs: Ignoring removed i_version option
[  409.903253][T15061] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  409.956925][T14993] bridge0: port 1(bridge_slave_0) entered blocking state
[  409.975944][T14993] bridge0: port 1(bridge_slave_0) entered disabled state
[  409.986264][T14993] bridge_slave_0: entered allmulticast mode
[  409.994047][T14993] bridge_slave_0: entered promiscuous mode
[  410.005099][T12315] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  410.021185][T15073] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3491'.
[  410.031538][T14993] bridge0: port 2(bridge_slave_1) entered blocking state
[  410.040862][T14993] bridge0: port 2(bridge_slave_1) entered disabled state
[  410.048283][T14993] bridge_slave_1: entered allmulticast mode
[  410.056440][T14993] bridge_slave_1: entered promiscuous mode
[  410.070320][T15073] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3491'.
[  410.138767][T14993] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  410.148878][   T10] usb 7-1: new high-speed USB device number 21 using dummy_hcd
[  410.162365][T14993] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  410.196343][T14993] team0: Port device team_slave_0 added
[  410.199051][T14993] team0: Port device team_slave_1 added
[  410.250578][T14993] batman_adv: batadv0: Adding interface: batadv_slave_0
[  410.250596][T14993] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  410.250622][T14993] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  410.253244][T14993] batman_adv: batadv0: Adding interface: batadv_slave_1
[  410.284007][    C1] vkms_vblank_simulate: vblank timer overrun
[  410.308433][T14993] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  410.308463][T14993] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  410.342578][   T10] usb 7-1: Using ep0 maxpacket: 8
[  410.356017][   T10] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 17
[  410.359392][   T10] usb 7-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=c8.07
[  410.359418][   T10] usb 7-1: New USB device strings: Mfr=209, Product=185, SerialNumber=60
[  410.359437][   T10] usb 7-1: Product: syz
[  410.359451][   T10] usb 7-1: Manufacturer: syz
[  410.359464][   T10] usb 7-1: SerialNumber: syz
[  410.362520][   T10] usb 7-1: config 0 descriptor??
[  410.385959][T14993] hsr_slave_0: entered promiscuous mode
[  410.422944][T14993] hsr_slave_1: entered promiscuous mode
[  410.590219][   T10] gspca_main: sunplus-2.14.0 probing 04a5:3003
[  410.697766][T14993] 8021q: adding VLAN 0 to HW filter on device bond0
[  410.721111][T14993] 8021q: adding VLAN 0 to HW filter on device team0
[  410.735174][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  410.742415][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  410.758527][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  410.765727][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  411.002844][T14993] 8021q: adding VLAN 0 to HW filter on device batadv0
[  411.104124][ T5871] Bluetooth: hci1: command tx timeout
[  411.263332][T14993] veth0_vlan: entered promiscuous mode
[  411.269473][ T5955] usb 10-1: new high-speed USB device number 13 using dummy_hcd
[  411.280801][T14993] veth1_vlan: entered promiscuous mode
[  411.315694][T14993] veth0_macvtap: entered promiscuous mode
[  411.329194][T14993] veth1_macvtap: entered promiscuous mode
[  411.357345][T14993] batman_adv: batadv0: Interface activated: batadv_slave_0
[  411.372856][T14993] batman_adv: batadv0: Interface activated: batadv_slave_1
[  411.392961][   T10] gspca_sunplus: reg_w_riv err -71
[  411.399490][   T10] sunplus 7-1:0.0: probe with driver sunplus failed with error -71
[  411.417441][   T10] usb 7-1: USB disconnect, device number 21
[  411.426399][ T5955] usb 10-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36
[  411.468761][ T5955] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  411.489616][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  411.508133][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  411.508553][ T5955] usb 10-1: config 0 descriptor??
[  411.541278][   T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  411.555120][   T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  411.724461][T15111] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3500'.
[  411.736148][T15111] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3500'.
[  411.746977][T15111] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check.
[  411.775114][ T5955] kaweth 10-1:0.0: Firmware present in device.
[  411.878857][T15120] netlink: 27 bytes leftover after parsing attributes in process `syz.5.3504'.
[  411.965703][ T5955] kaweth 10-1:0.0: Statistics collection: 0
[  411.974564][ T5955] kaweth 10-1:0.0: Multicast filter limit: 0
[  411.980595][ T5955] kaweth 10-1:0.0: MTU: 0
[  412.006101][ T5955] kaweth 10-1:0.0: Read MAC address 00:00:00:00:00:00
[  412.272951][T15143] overlayfs: upper fs does not support file handles, falling back to index=off.
[  412.285039][T15143] overlayfs: NFS export requires "index=on", falling back to nfs_export=off.
[  412.294037][T15143] overlayfs: fs on './file0' does not support file handles, falling back to xino=off.
[  412.429194][T15147] loop6: detected capacity change from 0 to 8192
[  412.438965][T15147] FAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  412.574403][ T5955] kaweth 10-1:0.0: Error setting receive filter
[  412.582516][ T5955] kaweth 10-1:0.0: probe with driver kaweth failed with error -5
[  412.595995][ T5955] usb 10-1: USB disconnect, device number 13
[  413.187355][ T5871] Bluetooth: hci1: command tx timeout
[  413.548762][T15182] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3534'.
[  413.665551][T15187] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3536'.
[  413.687685][T15187] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3536'.
[  413.904390][   T10] usb 10-1: new high-speed USB device number 14 using dummy_hcd
[  414.063921][   T10] usb 10-1: Using ep0 maxpacket: 16
[  414.082301][   T10] usb 10-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  414.120734][   T10] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  414.156557][   T10] usb 10-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  414.173947][   T10] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  414.202953][   T10] usb 10-1: Product: syz
[  414.213114][   T10] usb 10-1: Manufacturer: syz
[  414.233386][   T10] usb 10-1: SerialNumber: syz
[  414.280514][   T10] usb 10-1: config 0 descriptor??
[  414.307212][   T10] em28xx 10-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  414.337195][   T10] em28xx 10-1:0.0: Audio interface 0 found (Vendor Class)
[  414.731301][T15210] loop1: detected capacity change from 0 to 32768
[  414.761171][T15210] XFS (loop1): DAX unsupported by block device. Turning off DAX.
[  414.783547][T15210] XFS (loop1): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a
[  414.851019][T15210] XFS (loop1): Ending clean mount
[  414.881612][T15210] XFS (loop1): Quotacheck needed: Please wait.
[  414.886852][T15233] loop5: detected capacity change from 0 to 512
[  414.917122][   T10] em28xx 10-1:0.0: unknown em28xx chip ID (0)
[  414.926780][T15233] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  414.928089][   T10] em28xx 10-1:0.0: Config register raw data: 0x41
[  414.942925][T15210] XFS (loop1): Quotacheck: Done.
[  414.944488][T15233] EXT4-fs (loop5): mounting ext2 file system using the ext4 subsystem
[  414.971605][T15233] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006]
[  415.013956][T15233] System zones: 0-2, 18-18, 34-35
[  415.020775][T14993] XFS (loop1): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a
[  415.033407][T15233] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  415.108546][T11767] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  415.149465][ T6011] usb 10-1: USB disconnect, device number 14
[  415.160774][ T6011] em28xx 10-1:0.0: Disconnecting em28xx
[  415.195637][ T6011] em28xx 10-1:0.0: Freeing device
[  415.267897][ T5871] Bluetooth: hci1: command tx timeout
[  416.100623][T15262] batadv_slave_1: entered promiscuous mode
[  416.108011][T15263] netlink: 64 bytes leftover after parsing attributes in process `syz.6.3567'.
[  416.128467][T15260] batadv_slave_1: left promiscuous mode
[  416.463508][T15274] loop6: detected capacity change from 0 to 512
[  416.485768][T15274] EXT4-fs: Ignoring removed nobh option
[  416.501486][T15274] EXT4-fs error (device loop6): ext4_orphan_get:1392: inode #15: comm syz.6.3570: iget: bad i_size value: 38620345925642
[  416.517758][T15274] EXT4-fs error (device loop6): ext4_orphan_get:1397: comm syz.6.3570: couldn't read orphan inode 15 (err -117)
[  416.533451][T15274] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  416.588889][T15274] EXT4-fs error (device loop6): ext4_lookup:1787: inode #15: comm syz.6.3570: iget: bad i_size value: 38620345925642
[  416.660198][T15281] input: syz1 as /devices/virtual/input/input55
[  416.679932][T15274] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  416.734379][T15274] EXT4-fs (loop6): re-mounted 00000000-0000-0000-0000-000000000000.
[  416.842027][T11142] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  416.867373][T15289] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  416.961683][T15285] syz.5.3575 (15285): drop_caches: 2
[  417.685349][T15339] sctp: [Deprecated]: syz.5.3600 (pid 15339) Use of struct sctp_assoc_value in delayed_ack socket option.
[  417.685349][T15339] Use struct sctp_sack_info instead
[  417.852775][T15347] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3604'.
[  418.251272][T15353] loop9: detected capacity change from 0 to 32768
[  418.281231][T15353] ocfs2: Mounting device (7,9) on (node local, slot 0) with ordered data mode.
[  418.303210][T15353] 
[  418.305670][T15353] ======================================================
[  418.312698][T15353] WARNING: possible circular locking dependency detected
[  418.319743][T15353] syzkaller #0 Not tainted
[  418.324171][T15353] ------------------------------------------------------
[  418.331205][T15353] syz.9.3608/15353 is trying to acquire lock:
[  418.337270][T15353] ffff88807a4cb1b8 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_calc_xattr_init+0x20a/0xd80
[  418.347242][T15353] 
[  418.347242][T15353] but task is already holding lock:
[  418.354623][T15353] ffff888051251800 (&ocfs2_sysfile_lock_key[INODE_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_reserve_suballoc_bits+0x15e/0x4640
[  418.367945][T15353] 
[  418.367945][T15353] which lock already depends on the new lock.
[  418.367945][T15353] 
[  418.378359][T15353] 
[  418.378359][T15353] the existing dependency chain (in reverse order) is:
[  418.387385][T15353] 
[  418.387385][T15353] -> #3 (&ocfs2_sysfile_lock_key[INODE_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}:
[  418.397993][T15353]        lock_acquire+0x120/0x360
[  418.403027][T15353]        down_write+0x96/0x1f0
[  418.407791][T15353]        ocfs2_evict_inode+0x153d/0x4100
[  418.413425][T15353]        evict+0x504/0x9c0
[  418.417928][T15353]        ocfs2_dentry_iput+0x247/0x370
[  418.423401][T15353]        __dentry_kill+0x209/0x660
[  418.428521][T15353]        dput+0x19f/0x2b0
[  418.433216][T15353]        __fput+0x68e/0xa70
[  418.437730][T15353]        task_work_run+0x1d4/0x260
[  418.442847][T15353]        exit_to_user_mode_loop+0xe9/0x130
[  418.448650][T15353]        do_syscall_64+0x2bd/0xfa0
[  418.453781][T15353]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  418.460198][T15353] 
[  418.460198][T15353] -> #2 (&ocfs2_sysfile_lock_key[ORPHAN_DIR_SYSTEM_INODE]){+.+.}-{4:4}:
[  418.470723][T15353]        lock_acquire+0x120/0x360
[  418.475777][T15353]        down_write+0x96/0x1f0
[  418.480567][T15353]        ocfs2_del_inode_from_orphan+0x134/0x740
[  418.486911][T15353]        ocfs2_dio_end_io+0x479/0x10f0
[  418.492382][T15353]        dio_complete+0x25b/0x790
[  418.497409][T15353]        __blockdev_direct_IO+0x2e63/0x3490
[  418.503318][T15353]        ocfs2_direct_IO+0x25f/0x2d0
[  418.508607][T15353]        generic_file_direct_write+0x1db/0x3e0
[  418.514781][T15353]        __generic_file_write_iter+0x11d/0x230
[  418.521127][T15353]        ocfs2_file_write_iter+0x157a/0x1d10
[  418.527119][T15353]        iter_file_splice_write+0x975/0x10e0
[  418.533103][T15353]        direct_splice_actor+0x101/0x160
[  418.538822][T15353]        splice_direct_to_actor+0x5a8/0xcc0
[  418.544717][T15353]        do_splice_direct+0x181/0x270
[  418.550089][T15353]        do_sendfile+0x4da/0x7e0
[  418.555039][T15353]        __se_sys_sendfile64+0x13e/0x190
[  418.560674][T15353]        do_syscall_64+0xfa/0xfa0
[  418.565699][T15353]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  418.572118][T15353] 
[  418.572118][T15353] -> #1 (&ocfs2_file_ip_alloc_sem_key){++++}-{4:4}:
[  418.580914][T15353]        lock_acquire+0x120/0x360
[  418.585946][T15353]        down_write+0x96/0x1f0
[  418.590737][T15353]        ocfs2_try_remove_refcount_tree+0xb6/0x320
[  418.597247][T15353]        ocfs2_truncate_file+0xda0/0x1420
[  418.602971][T15353]        ocfs2_setattr+0x1520/0x1b40
[  418.608266][T15353]        notify_change+0xc1a/0xf40
[  418.613370][T15353]        do_truncate+0x1a4/0x220
[  418.618304][T15353]        do_ftruncate+0x489/0x540
[  418.623619][T15353]        __x64_sys_ftruncate+0x92/0xf0
[  418.629082][T15353]        do_syscall_64+0xfa/0xfa0
[  418.634105][T15353]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  418.640520][T15353] 
[  418.640520][T15353] -> #0 (&oi->ip_xattr_sem){++++}-{4:4}:
[  418.648340][T15353]        validate_chain+0xb9b/0x2140
[  418.653621][T15353]        __lock_acquire+0xab9/0xd20
[  418.658818][T15353]        lock_acquire+0x120/0x360
[  418.663861][T15353]        down_read+0x46/0x2e0
[  418.668543][T15353]        ocfs2_calc_xattr_init+0x20a/0xd80
[  418.674369][T15353]        ocfs2_mknod+0xc92/0x2050
[  418.679391][T15353]        ocfs2_mkdir+0x191/0x440
[  418.684333][T15353]        vfs_mkdir+0x306/0x510
[  418.689092][T15353]        do_mkdirat+0x247/0x590
[  418.693959][T15353]        __x64_sys_mkdirat+0x87/0xa0
[  418.699265][T15353]        do_syscall_64+0xfa/0xfa0
[  418.704295][T15353]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  418.710712][T15353] 
[  418.710712][T15353] other info that might help us debug this:
[  418.710712][T15353] 
[  418.720937][T15353] Chain exists of:
[  418.720937][T15353]   &oi->ip_xattr_sem --> &ocfs2_sysfile_lock_key[ORPHAN_DIR_SYSTEM_INODE] --> &ocfs2_sysfile_lock_key[INODE_ALLOC_SYSTEM_INODE]
[  418.720937][T15353] 
[  418.739980][T15353]  Possible unsafe locking scenario:
[  418.739980][T15353] 
[  418.747516][T15353]        CPU0                    CPU1
[  418.752879][T15353]        ----                    ----
[  418.758242][T15353]   lock(&ocfs2_sysfile_lock_key[INODE_ALLOC_SYSTEM_INODE]);
[  418.765615][T15353]                                lock(&ocfs2_sysfile_lock_key[ORPHAN_DIR_SYSTEM_INODE]);
[  418.775416][T15353]                                lock(&ocfs2_sysfile_lock_key[INODE_ALLOC_SYSTEM_INODE]);
[  418.785330][T15353]   rlock(&oi->ip_xattr_sem);
[  418.790013][T15353] 
[  418.790013][T15353]  *** DEADLOCK ***
[  418.790013][T15353] 
[  418.798151][T15353] 3 locks held by syz.9.3608/15353:
[  418.803360][T15353]  #0: ffff888064650420 (sb_writers#13){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[  418.812599][T15353]  #1: ffff88807a4cb480 (&type->i_mutex_dir_key#8/1){+.+.}-{4:4}, at: filename_create+0x1f8/0x3c0
[  418.823223][T15353]  #2: ffff888051251800 (&ocfs2_sysfile_lock_key[INODE_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_reserve_suballoc_bits+0x15e/0x4640
[  418.836971][T15353] 
[  418.836971][T15353] stack backtrace:
[  418.842861][T15353] CPU: 0 UID: 0 PID: 15353 Comm: syz.9.3608 Not tainted syzkaller #0 PREEMPT(full) 
[  418.842882][T15353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  418.842893][T15353] Call Trace:
[  418.842903][T15353]  <TASK>
[  418.842912][T15353]  dump_stack_lvl+0x189/0x250
[  418.842935][T15353]  ? __pfx_dump_stack_lvl+0x10/0x10
[  418.842959][T15353]  ? __pfx__printk+0x10/0x10
[  418.842980][T15353]  ? stack_trace_save+0x9c/0xe0
[  418.843005][T15353]  print_circular_bug+0x2ee/0x310
[  418.843025][T15353]  check_noncircular+0x134/0x160
[  418.843045][T15353]  validate_chain+0xb9b/0x2140
[  418.843066][T15353]  ? look_up_lock_class+0x74/0x170
[  418.843086][T15353]  ? register_lock_class+0x51/0x320
[  418.843112][T15353]  __lock_acquire+0xab9/0xd20
[  418.843138][T15353]  ? ocfs2_calc_xattr_init+0x20a/0xd80
[  418.843162][T15353]  lock_acquire+0x120/0x360
[  418.843184][T15353]  ? ocfs2_calc_xattr_init+0x20a/0xd80
[  418.843211][T15353]  ? security_inode_init_security+0x35e/0x3f0
[  418.843233][T15353]  ? kfree+0x19a/0x6d0
[  418.843250][T15353]  down_read+0x46/0x2e0
[  418.843270][T15353]  ? ocfs2_calc_xattr_init+0x20a/0xd80
[  418.843295][T15353]  ocfs2_calc_xattr_init+0x20a/0xd80
[  418.843323][T15353]  ? __pfx_ocfs2_calc_xattr_init+0x10/0x10
[  418.843348][T15353]  ? ocfs2_init_security_get+0x139/0x1a0
[  418.843375][T15353]  ocfs2_mknod+0xc92/0x2050
[  418.843401][T15353]  ? __pfx_ocfs2_mknod+0x10/0x10
[  418.843420][T15353]  ? do_raw_spin_unlock+0x122/0x240
[  418.843442][T15353]  ? ocfs2_inode_lock_full_nested+0xabe/0x1b40
[  418.843473][T15353]  ? __lock_acquire+0xab9/0xd20
[  418.843506][T15353]  ? __lock_acquire+0xab9/0xd20
[  418.843533][T15353]  ? do_raw_spin_lock+0x121/0x290
[  418.843556][T15353]  ? do_raw_spin_unlock+0x122/0x240
[  418.843578][T15353]  ? put_pid+0xe9/0x130
[  418.843597][T15353]  ocfs2_mkdir+0x191/0x440
[  418.843616][T15353]  ? __pfx_from_kgid+0x10/0x10
[  418.843637][T15353]  ? apparmor_path_mkdir+0x1a7/0x220
[  418.843664][T15353]  ? __pfx_ocfs2_mkdir+0x10/0x10
[  418.843682][T15353]  ? HAS_UNMAPPED_ID+0x11a/0x180
[  418.843706][T15353]  ? inode_permission+0x149/0x470
[  418.843727][T15353]  ? __pfx_ocfs2_permission+0x10/0x10
[  418.843744][T15353]  ? bpf_lsm_inode_mkdir+0x9/0x20
[  418.843772][T15353]  vfs_mkdir+0x306/0x510
[  418.843791][T15353]  do_mkdirat+0x247/0x590
[  418.843809][T15353]  ? __pfx_do_mkdirat+0x10/0x10
[  418.843826][T15353]  ? getname_flags+0x1e5/0x540
[  418.843850][T15353]  __x64_sys_mkdirat+0x87/0xa0
[  418.843867][T15353]  do_syscall_64+0xfa/0xfa0
[  418.843886][T15353]  ? lockdep_hardirqs_on+0x9c/0x150
[  418.843904][T15353]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  418.843921][T15353]  ? clear_bhb_loop+0x60/0xb0
[  418.843941][T15353]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  418.843964][T15353] RIP: 0033:0x7f2324d8eec9
[  418.843981][T15353] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  418.843997][T15353] RSP: 002b:00007f2325bb6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[  418.844015][T15353] RAX: ffffffffffffffda RBX: 00007f2324fe5fa0 RCX: 00007f2324d8eec9
[  418.844029][T15353] RDX: 0000000000000000 RSI: 0000200000000040 RDI: ffffffffffffff9c
[  418.844042][T15353] RBP: 00007f2324e11f91 R08: 0000000000000000 R09: 0000000000000000
[  418.844053][T15353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  418.844064][T15353] R13: 00007f2324fe6038 R14: 00007f2324fe5fa0 R15: 00007ffd4b1767f8
[  418.844085][T15353]  </TASK>
[  419.244052][T12315] ocfs2: Unmounting device (7,9) on (node local)