last executing test programs:

1m13.024968112s ago: executing program 4 (id=696):
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000180))
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x1000007, 0x2172, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000002000/0x2000)=nil, 0x2000)
move_pages(0x0, 0x1efe, &(0x7f0000000080), 0x0, &(0x7f0000000040), 0x0)

1m10.831442395s ago: executing program 4 (id=700):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000013000500000000000000000007000000", @ANYRES32, @ANYBLOB="00000000000000000c001a8008000480040005"], 0x2c}}, 0x0)
r0 = socket$nl_generic(0x11, 0x3, 0x10)
syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x2b, 0x0, 0x0, 0x0, 0x2, 0x0, @rand_addr, @multicast1}, @address_request}}}}, 0x0)
sendmsg(r0, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x2c, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f0800", 0x3e}], 0x2, 0x0, 0x0, 0x11000000}, 0x0)

1m10.359725011s ago: executing program 4 (id=702):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
syz_mount_image$bcachefs(&(0x7f0000000200), &(0x7f0000000000)='./file1\x00', 0x1800402, &(0x7f0000000840)=ANY=[@ANYBLOB="6a6f75726e616c5f7472616e73616374696f6e5f6e616d65732c6d657461646174615f636865636b73756d3d63726336342c7f6174615f636865636b73756d3d6372633332632c6673636b2c6a6f75726e616c5f666c7573685f64697361626c65642c726174656cd6ee984c5f6572726f72732c7265636f766572795f706173735f6c6173743d7365745f6d61795f676f5f72772c7265636f6e7374727563745f616c6c6f632c6e6f5f646174615f696f2c7374725f686173683d736970686173682c000f456c33737c01c96a485301f57184319607791e0389515818ee65b05741a83e2d3412b274e683f19cb37b6975e95e26fbf8", @ANYRES16=0x0, @ANYRESDEC, @ANYRESHEX=0x0, @ANYRES32], 0x1, 0x5962, &(0x7f0000001400)="$eJzs3W2QXFXdIPB7u3syPTOZZBJAIshkCEQR1Ex4K3wpja5vBUjFwlLCRmEgE4xOQioZBAJKcMGFAiy0tBT1A7pILRotqmCFSIm8bMIqSrG61BZSq/ugH7SQh5RAHsrycZ6a6Xs63Xf6zu3p7skL/H6VzO17+vT/nnvu6dv3f7pnOgIAAOA1Yff1W/eec9QHfvnF0Zev+fBPN14b9RWnysuhwkCyvOJAtZD9qbu0ZGqZHhdvuuoHfxq6+H2/uLv3+6/sWnfs+t+9/7CLH/jMmTtv+/bDL/Xf+89n8+KG8XTivvX4+TiKyj/b8/Uv7Xr8yMmyOIqiYjywPYoWxYsfXhSnQgz/PYqidcnKktSd97x8yvrJ5bU3ddeVL0zVM95f28rJONu29/KTot+/d811v1764x917Xhu+74qcblmPEXRggtrH98VRVFP8n9SGG1hPIZBuzqKot6ax52R067jmmz/ioz1o5PlvGTZlxMn3L8stV5I1UuvB12pZW/O9tqV1Y5W6+WZn1pPn4zaldXOUL4oWd6XLE+cZfxi8r8cR4U4KlWbPxbvGyNRzXGLo3jqWJar64XqsY2S/U+tx6n1Qmq92JXar6ntJgOtGMf15aFeqjycjktJ+bG15+oGzs0of32yLCdP1FfCepS+UdE37UZ1v6aEdu2ZoS37Q6HmHNSovHrgk4PRl5T1xYunPWaigXDfrjU3Ly+ufWT3QEY74rvjJH7cUvxtv1o0/1M/vPGy9Ot6Nf6FhSR+oaX4fzjriRfOv/F738qMf2uIX2wp/skP9j5/1qPXL8vsnz2hf0otxR959rFblh5+0Y7M9t8e4pdbir9q5xPd/XsffCiz/cOhf3paiv/MOz/4x7ueuv+5zPhRiN/bUvy1Ozd/uXtw7wmZ8R8K/dPX2vh5ccfpTw8O/nkoK/6TIX5/S/Hv3H7bO+5YeNOZmcd3deifgZbin338A9fN33v/MVnnzvj2Tr1yArw2HZZcY92QrLeaZ7arJl/45lCpcs03P/nf38kNpS4+J7ezoJPxAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACCKoiNO+l8f+pePDzxfSta7kxvPFCrLUD4viuKeKIq2jo9sGd+w6ZKhz1x62ZZNI2NDI+NDo5vGt1w5dOpbhraMbh4buXLy3uG3nlJ53OIorizjY6Ztu3tiYqIwUF8Wtvefjt/x++Vn/OWvUTR8xG8HS5ntX3HbxjsOb/AzJV418Z6Nl53z29O+m+zXQNKugQbtmpiYmIgy2vWv5/3jjq/u+dMJUTT8upna9dgz7/55XYOmCvbFSRS6o0qDuuPehu2otjppT+iv0voNY6PDM/fv5OOLGfvxn6967u/rr/jKPyr9W87cjyb7t2fVxFjhG2vO/vdvXF0pyGvXgTruef0d9iK0L/RfOenvBcl+LcjYr1LGfl3/64ee+tlRN760PRouvbh0+rbz9qsrGQBd8eub2m7YQm+8qK68nNQPRzw8bsX4xs0rtl657a0bNo5cMnrJ6Ka3rzx15enDp51+2oqpPV/R4f0P239jk/u/f8bTws9tvy/8bG485bUrrz8m25XfH7Utynr+9Z77pa+9/bZHz6kU5I3zULt6PkmWvZPHeWVUM96m91Wj/crrhyiKhhr1wwsvnRkd+X83XJd3Hqo9MrU/U+JVE48v+9t3z/jOkndVCvbLeb62QbXn+e5qtdzzfLXV+9oz1V/l5HhMHOj+LU79nNa/3ckd3XFfw3atfPzRrpt3//Xz1fbNmxddMTI+vmVl5ef8pKXz46MbtitdGvZraWhUMj6rw7TBeJ3UFVXalz5/hurpXu1L7uuLFzfcr7Rw3641Ny8vrn1kd1ZPx3dXttgT9VeW8Rsyao6lHlisNrjR9g/W51/e+Bj80Hfu/fi9Pzm1bnz0JBXGt5yct19xxn79+Kk7v/b9r/zXn3Ruvz707icG/vb/Pr28UnBAzyv75J5Xqq1O2hPXnldOjqK859/SqPF+ZD7/Co33J+/5l97OvvqN4w2l1vuiYkvP15Mf7H3+rEevX5b5fN3T7PP16rq1Ys7z9WAZP+nnV1yqb8fcPb/qBkq8auIXNxy2/eFrVh9VKcgb19Xajcb1KU3kHxn79fPznx68dOi//J/OnTd+8JZ7LvjdyKovVApaP+6hLZ057uWkf8sZ/Vttdcg7a/v3bRdfOrauUn4Arn8b7XyD699kmZP/hFPJ1iu3fXZkbGx0y9bm9qvZ19OwnXQvt/p6Gs5ui3P2qzBtv+buRjP91ezzLbR/Xcv9Vf9864vill4Xtv1q0fxP/fDGywamPSrZ0IWFJH6hpfh/OOuJF86/8Xvfyox/a4hfain+yLOP3bL08It2ZMa/PU7il1uKv2rnE939ex98KDP+cGh/T0vxn3nnB/9411P3P5cZPwrx+1rr/xd3nP704OCfM+M/GSfbmbxGiqJ7Xj5lfWU9jrqS51toR1ddu6L0epxaL6TWi7XxCpW51mpBMY7ry0O9pPzYmsc28omM8nAVVl5SWb4S1qP0jZnLDzaFurR7ennedSoAwKtdeP8/XJOG9/9Hkwul7JkG2KfdPGxJRtyQh+2bz5lXd/+SJH54fJgHHHxbNDy5vHaocqE/2/cRwvMhPc8ZtnPCcfUxWp3nzJt/X5ZaD+2qzJeXavLQxPS8phQ1Mf8+fTszz7+ndj9/fnzohmnNGqqZt0ofv65kxqzR5x1S7S1NRsgaH+l5sfB5jsEF0eqp7TU5PtKfownHIf05mrCdo1InzlY/R9Pu+AjNnmF8TDU5//2N6ccvmqF/9x2/xtHSx28Wx7s8WX+u35/twLxhw1Pa/ps3nNv3w8xLZsRPnmD7a94wmO28YSgP+1Fqcj7x4xnlnZpPDKeL0K49M7RlfzCfCLxahfw/vEZM5v+TF+D/lqqXdx2avmoM8TI/J1Rs3J68vGP65/R6W3odX7tz85e7B/eekHmd81Czn/vZXLfWm/O5n7x+XJ5az+3HjAmavHwvvZ28fk9/LqMv6m+p3+/cfts77lh405mZ/b668kKa3+9fq1vrz+n3QyBfaBxfvnDA8oXSIfQ5hrz5swOWjyQffJqrfORjGeWzzUd6p92o7teUQy4f6dq/7QIADh0h/6++f5bk//8/VEiuI/Ly1hNT6yFew7z1vv+W2Z6svPUjyfKKVP2+5DcqZnvdfPbxD1w3f+/9x2TmLbc3m4f+97q1gdw8tL28OTOPWN2Zz4tn5hHVPKu9PDGz/dU8sb08PTN+NU9vL4/O7J9qHt3ePEBm/Oo8wKH9vljufF1qY2G12fm6V20enfz67Fzl0edmlM82j+6bdqO6X1MOxjy6p0G5PBoAeLUK+X+4jAv5/6Opeu2+z56ZF3Touj3990Cq8Z/cX3nlXOd9c523znVeP9fzEod6XjzX80JzO0/2ms+Lk42+mvLiRuXyYgCAQ1vI/8N7INn5f3v5SaP8rasuP+l8fj5ZS34uP58pfsfet86If/DMf8n/vS+eT/4PAPDqFvL/8GuP4e///c9kPf13672PnhFfni5Pn2n8NJ2nd36eLfI5gAM7D1DzAXPzAAAAHAhdU5nS9N+z/2SyTP+efdbv5Z+fUb9ZpeTy+KLxLaOjF1y2ed3I+OgFmy5dN7r1gsu3bBgfH91Uqddu3piZtyR5Y1dUSvqjcb103rYw+XsICzP+HkK6fgh79NSN6X/HL73Znpy/I7Dv+DXX3qzjV5ihfqPxkXW8s+J/IqN+UD3+F3/65AvWb71gw6YN4xtGxjZsG62vN5m19s7iezNDt8zq+1JTP6YpzP77O2fTjr9ktqMwrR1dSX9kfT97nGrHoqQli7K+/yCj3b/831/93PET/7grioaPKL6hrf6LV038j/NGPzK++7ebJ9tfmLH91ZpJu/K+rzRdP+xPaezSreMnrb/0sk3pb5RsTZjPKFTX52g+I3n6F5ucn1ibUT7bzykUp904ODU9PwEAQJ3w/n+4ng3vH34luYAK5c3n6e29f5yZpw83l6env5csL09P1w/722yeXm4zT09vPy9Pb1S/UZ6elXdnxf9YRv3Zan6ctPc5j8xxcmFz4yT9fQZ54yRdf7bjJG5znKS3nzdOGtVvNE6yjntW/I9m1M/S/Hho73M5mePh1ubGw5tT63njIV1/tuOh0OZ4SG8/bzw0qt9oPGQd36z452TUb1b9+JgcGFPjYvSCyy/d8tmaenP9/Rftty8+/qKMGM2cz/K+/6NVzbd/bj/3Nfftn9vPlXW8/amp1HY/V5bZ/ifbmwlrvv/n9vtdWrXf5muTD5vlff4sbx53TUb5bOdx5027cXAyjwsHTsj/w9s9If+/KVl2+m2glvO+yRehg+J70g697zGL9uvn7+f2Osbr+QwbOwh4PQcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABoTndpydRy9/Vb955z1Ad++cXRl6/58E83Xvumq37wp6GL3/eLu3u//8qudceu/937D7v4gc+cufO2bz/8Uv+9/3w2N/DA1M/SiclqOYri5+MoKv9sz9e/tOvxIyfL4iiKivHA9ihaFC9+eFGcijD89yiK1lXbWX/nPS+fsn5yee1N3XXlC1NB0vsV9RVDe2rbGUVXhIKu3F3j0FFOxtm2vZefFP3+vWuu+/XSH/+oa8dz2/dVics14ymKFlxY+/jJ0dCT/J8URtuS8OBkuTqKot6ax52R067jmmz/ioz1o5PlvGTZlxMn3L8stV5I1UuvB12pZW/O9tqV1Y5W6+WZn1pPn4zaldXOUL4oWd6XLE+cZfxi+B9HhTgqVZs/Fu8bI1HNcYujeOpYlqvrhbozX5w6E8ZRFKfWC6n1Yldqv6a2mwy0YhzXl4d6qfJwOi4l5cfWnqsbODej/PXJspw8UV8J61H6RkXftBvV/ZoS2rVnhrbsD4Wac1Cj8uqBTw5GX1LWFy+e9piJBsJ9u9bcvLy49pHdAxntiO+Ok/hxS/G3/WrR/E/98MbLlmTFv7CQxC+0FP8PZz3xwvk3fu9bmfFvDfGLLcU/+cHe58969Pplmf2zJ/RPqaX4I88+dsvSwy/akdn+20P8ckvxV+18ort/74MPZbZ/OPRPT0vxn3nnB/9411P3P5cZPwrxe1uKv3bn5i93D+49ITP+Q6F/+lobPy/uOP3pwcE/D2XFfzLE728p/p3bb3vHHQtvOjPz+K4O/TPQUvyzj3/guvl77z8m69wZ396pV06A16bDkmusG5L1VvPMdtXkC98cKlWu+eYn//s7uaGUye0smMP4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8Ov3m6lM/ed57PrqmFEdRnFFnooFwX3HeqlVDLWx35NnHbll6+EU7asuWtBAHAAAAyBfy8EK1pBwtiS6Pe6KjG9YPcwRHh7W4vjw9hxDipOcIWo1T6FCcYofilDoUp6tDceZ1KE53h+KUc+KUo+bi9MwQpzQ5KppsT++M7Wk+Tl+H4szvUJz+DsVZ0KE4CzsUZ2DGOM2Pw0UdirO4Q3EO61CcwzsU54gOxXldh+Ic2aE46TnleKK7Jk7+OOxPah6V1Z6pG8XcOKW4WL2j0Xz6kcl2jmlzO3052+nPez1ucjs9TW7nuNTjCrPcTrnJ7byxze3ETW7nzW1up5CznTBur0i3L2wnrDU5/q/sUJxtHYpzVYfiXN2hOJ/vUJwvdCjONW3GAWhWyP/35XsDUXfpXVFvcsZJzwKEfHfp1M/pr3dZJ6QQ7w2p8nl58dKJeire0tm2Lz2BkIq3LFXeVRevVM1HZohXro23PHVn7v6mJxRS7TsxVd6dFy89sQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAc+g3V5/6yfPe89E1URxN/mtoooFwX3HeqlVDLWx315qblxfXPrK7tqy71EIgAAAAIFfIw7uqJeWou7Qy6o7n1dUrJ/MA5WS9OFBZDi6IVk8u46HC1HpvvGjGx5WSx60Y37h5xdYrt711w8aRS0YvGd309pWnrjx9+LTTT1uxfsPY6HDlZxR1N4g3L1kmpqYftl657bMjY2OjW7ZWCtPtX5K0Y0nUU/e4wbdFw5PLa5P2L85pf2Ha9ubuRu7BAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/oNd+wt186zjAP68SU6Sna0usn9ZWU9D/4yqw7X1TDodywuCha0tPQwkmR5HcS0OT9eytaPOuBXcZosibBRKpRdW6nBzeLM/boj7Q6EyqwXPscg2dBd6oWw66UYvpCPSc/LmJDlJc4yj3ernc5E3eZ7f8/zeJxcHvu8JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwjk3WRscr5bHqcBRC1KOm3kUyl87GcWmAvl95YfsPciOnVrSO5TIDbAQAAAD0leTwoeZIPuQy6ZAOV09/WhJaJsJs7gcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP7/TNZGxyvlserFUQhRj5p6F8lcOhvHpQH6vvnuU599bWTkb61jxQH2AQAAAPpLcniqOZIPxbA0DEVXt9UlzwYWdqzvrEv2WTTPus5nB73qls6z7tp51n2iT92GxnVXAAAAgI++JP9nmiOFkMss6Jb/14Z55PrkOcHijrp04zrIbwUAAACA/02S/3PNkWLIZYrNvD7fvL+koy5Z3+//9sn65T3W9/t//vrG1f/pAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCjY7I2Ol4pj1XTUQhRj5p6F8lcOhvHpQH6rn5x+B+3Hnl4SetYLjPARgAAAEBfSQ6fjd75kMsMh6Fw8XTuH1l78JkvPfPcaAhhJuZns2HXph077lk985rUrTp2ZOj7R9/+9py6VTOv5+2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAB2ayNjpeKY9VL4pCiHrU1LtI5tLZOC4N0PeNz3/xL0+ceP6t1rHiAPsAAAAA/SU5fDb750MxZEM2XDn9qTXrn5HqWN/rmQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABw4bj3m/d/Y9PExOZ7vPHGG2+ab873XyYAAOCDtjhEof5fumrj+b5rAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgw2CyNjpeKY9V81EIUY+aehfJXDobx6UB+sYvHM8tOPXiy61jxQH2AQAAAPpLcvhs9s+HYhgKQ+GK6U/dnglM5//CObxJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4ENlsjY6XimPVRdEIUQ9aupdJHPpbByXBuj7+O4Dnzt86fduaR3LZQbYCAAAAOgryeHZ5kg+5DKfDLlwTePzRPuCKN24dn8uMLtue9uy4Xmvq7WtS8973Z6Ok2Uap5lZl0/2K8xcm+tKc9eVWtYVQ7N9qW1d2Ne2akGf+wwAAABwHiX5P9ccKYRcJteSc3/aVl+QcwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAHiZro+OV8lg1ikKIetTUu0jm0tk4Lg3Q9/7ffvySr/5s787WseIA+wAAAAD9JTl8NvvnQzEsCh8Li6Zzfyi01yd1/6ycPvzYv/66IoSVV06NZDq3/VHy5tdv3PxS50sIqfbqVAiXNvpFPfr95veP3besfvqJEFZekb5mTr9w9n7tW8b1Zyub1+84OrW9z5cDAAAAF4gk/w81Rwohl7m7Z/5Pknef/N80HcAvvW/3Ly5vvDYSeceKVKHRL9Wj3xeWPfXn5Wv+/vaZ/H+2ftcf2Hr48raGMyMdorhe3rpzw9QNh1LJqWf6pzv6J9/Ll7/11r+37Hr09Ez/fMg3xhdmuvWf+9rhorg+kdpfXff+/lp7/0yP8z/8u5dP/Grh3vfO9H938XCz/7VnOf/Z+w/f9si+Gw8c2dDeP4RQ6tb/nfduCVf98a6HOs8/3LFx6zff+tohiuvHlpw8tOZg8ab2/lFH/+T7//mJx/f95NHvPpf0T34rsmLpfPunOvq/uuey3a88uHFhe/9Uj/O/dPtrI9tK3/lD5/nvbNs10/Mu5p7/yeuevuP1TfEDnVMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXlsna6HilPFZNRSFEPWrqXSRz6Wwclwbo++atx9+5fe+Pf9g6VhxgHwAAAKC/JIfPZv98KIZsyIbh6dz/bGXz+h1Hp7aHwsxs1LhmJrbdu+NTW7btvPvO9g2vT53L2wcAAADmIcn/meZIIeQyy8JQI/+Xt+7cMHXDoVSS/1NJ/t9y18TmlaFZ9+qey3a/8uDGhc3nBCFM/ywgf6buM7N1a28+Xjj5p68v71q3erbu2JKTh9YcLN6U1IXWulWh+XziyeuevuP1TfEDzftrrfv017ZNNB5PJPsO3/bIvhsPHNnQPEfjOtzYN6mbSO2vrnt/fy2pSzeu+ca5AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC5Jmuj45XyWDWkQ4h61NS7SObS2TguDdB33bJfPnTJqecXtY7lMgNsBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPyHHTgQAAAAAADyf22EqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqKuzXX4hUVRwH8HNmdttxZ1d3NciK1tWKwh6Sgoh6qagIjRB6MiQszYcoCCIKe2gNjcSKXoKsF4kKqi2Egtwk0WKN/kkvPVRQYD0EIi2Ug/RQsTPnjrPXuU3etaD6fOBy9px77/f+7r1nzuwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwL/KQN/SZnto+4ON28676ZPH7zn+2C3v3b/1kkdf/2F84w0f7xl85cT0puWbv75xycZ9966e2vXiwV+G3/ntSM/gR1rNytSthRCPxRBq788898T0p+fMjsUQQjWOTIQwGhcfHI25hFW/hhA2teucu/Pt41dunm237hyYM74oF5K/r1CvZvW0jMytl/+WWppnWxoPXxa+vX7dts+XvfVm/+TRiZOHxFrHfAph4YbO8/tDCAvSNiubbUuzk1O7NoQw2HHe1T3quvAv1n95Qf/81J6V2nqPnGz/ily/kjsu38/059rBHtebr6I6yh7Xy1Cun1+M5quozmx8NLXvpnblaeZXsy2GSgx97fLviyfnSAihvYrGEJvvstbuV9rvNqT7z/Vjrl/J9av9uftqXjdNtGqMc8ez43Lj2XLcl8aXd67VXdxeMH5uamvpg3oi64f8Hy31U/5o31dTVtfMn9TyT6h0rEHdxtsvPr2Mehqrx+op5/zeRbZvet1TF1fXf3BopKCOuCem/JjyF59W/pbPRofufGPHQ0uL8jdUUn6lVP53aw7/dMeOl14ozH82y6+Wyr9i/+CxNR9uX1H4fGay59NXKv+uIx89vezsuye7vetm/u4sv1Yq/7qpwwPDjf0HCutflT2fBaXyv7n25u9f+3Lv0cL8kOUPlspfP/XAMwNjjUsL8w+0Pgr15gwtMX9+nrzqq7GxH8eL8r/Inv9wl/zYM//ViV3XvLxo5+rC+bk2ez4jpeq/9aJ924Yaey8oWjvj7jP1zQnw/7Qk/Y/1ZOqX/Z05Xx2/F54f72t9Aw2lbfhMXihn9joL/8Z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4A924IAEAAAAQND/1+0IFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAngoAAP//V8UipA==")
rename(&(0x7f0000000100)='./file0\x00', &(0x7f0000000240)='.\x02\x00')

1m7.230844036s ago: executing program 4 (id=709):
syz_mount_image$vfat(&(0x7f0000000ec0), &(0x7f0000000180)='./file2\x00', 0x420c, &(0x7f0000003240)=ANY=[], 0x6, 0x360, &(0x7f0000000b00)="$eJzs3c1rO0UYwPEnaZImKW1yEEVBOtiLXpY2ehaDtCAELG0jtoKwbTcasiYlG6oRse3Jq3j3JHgovVnwUND+A71404sI3noRPFhBXdm3ZPPWl5g0/trvB0omM/PszmQn5dm0m718+/MPKiVLK+kNiSaVRERErkSyEpVAxH+MuuWEhB3KSzO///j8+mYx6VWolfzGyzml1Nz8dx9+kvK7nU3LRfbdy99yv148ffHs5T8b75ctVbZUtdZQutqu/dzQt01D7ZatiqbUqmnolqHKVcuoe+3f+Nsxa3t7TaVXd2fTe3XDspRebaqK0VSNmmrUm0p/Ty9XlaZpajYtuEnxeG1Nzw8ZvDPiwWBM6vW8PiUiqZ6W4vFEBgQAACaqO/+POin9MPn/lswVCstryunczv9PXjhvzLx1Oufn/2eJfvn/Kz952+rI/53TiXb+X/POD0o35/9fyh3y/96M6HEZOv/PjmEwGM58oqcq0vHMyf/T/vvXdfTOyaJbIP8HAAAAAAAAAAAAAAAAAAAAAOBJcGXbGdu2M8Fj8NO+hMB/jgdp0PGfFpGkc/Rtjv9Dtr65JUn3wj3nGJuf7Rf3i96j3+FcREwx/ra7OWsjuPJIObLyvXngxx/sF6fclnxJyk68LElGsu56CsXb9sobheUl5fHjW5cppcPxOcnIU+H4b93V6cTnOuP9/SfkxYVQvCYZ+WFHamLKrhvZ3v+nS0q9/mahKz7l9hORX+79oAAAAAAAMGKaaul7/q5pg9q9bxnJl9yPiQxZlIz81f/8frHv+Xks81xs0rMHAAAAAOBxsJofV3SJGnW3YJr9CikZ2DSCQqyjJi4ifTsnumri1215KjTD244nId4dTP7rvL4KXtW7RAX/SOEMvNXk31FFhhtPMH+3JhJrNf1513lFDsVdAIfhpqjcIjzWPfh5p0L17bwwcDtH/kRaNcHHRokBr7Os9m4nes1KiPfU2JHhFsAzX3z9x+jeIK+e+ivgo5s7H5mGfSC3OShdBWcXvU3xsf/iAQAAAHDv2kl/UPNauDl8I5HwzXL4yz0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAACM0lq/06ypMeo4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/8W/AQAA//9/d/Qh")
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x401, 0x985201)
r1 = open(&(0x7f0000000200)='./file2\x00', 0x1c587f, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000000c0)={r1, 0x0, {0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1b, 0x0, "8db7a645ed46d5335dfa1ab0a34a10622e64ee4edb80cc9bd36b93b23733e6180aa539ec68114b5aba1c98911df5d030b49f32393a93ea4d0436aa3592a47913", "fc0177a6f3bb16d5d5568693e0e50bbf206c9d8db97cd01095e7ea15b0ba5f8a654e14dc7c4cc6b50488873b3acc6e02cd3eac8be657b534bfa1142100696b29", "c921095856cdf9fd81992394e3c7a178fb1c16c99189819ef400", [0x80, 0x87]}})

1m2.324529538s ago: executing program 4 (id=733):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000400)={'wlan0\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f00000001c0)={0x2c, r2, 0x1, 0x70bd2a, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_SCAN_FREQUENCIES={0xc, 0x2c, 0x0, 0x1, [{0x8, 0x0, 0x1}]}, @NL80211_ATTR_SCAN_SSIDS={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x2c040050}, 0x4044084)

1m1.507258327s ago: executing program 4 (id=738):
syz_mount_image$udf(&(0x7f0000000540), &(0x7f0000000580)='./file0\x00', 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="0038cecbad8dce0a24359e05a65a4ab28df7afe07fb47d7e2b67b9a0ea16c9d97278ebd7fec38ad0526fba402ecf"], 0x1, 0x516, &(0x7f0000000600)="$eJzs289vHGcZB/Dn9azd9Raom4bUrSpkVImmTRMldtJEMofmBwmRqoBIwz2N7WDVsUPsVE2FSiWQ+g9whQMoBw4gcS2iNyQOSFSAUKAceuKChHxA4gia2Znd2a0Tb0jsjevPJ4pndvbZ9Tuj/e7M+77jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAiTn3t5OEjaditAAC204WL3zo84/wPALvK6/r/AACwW6TIYjxSPPOn9fRC8bit+dri8s23L505u/HLxlOkGImsqM//N49Mzxw99srxE9Xy3q9/2J6Jb1x8/eTU6ZVr12/Mr67Oz01dWl68sjI3P/A7POjr+71UHICpa2/enFtYWJ2aPjTT8/TbE/947PF9E7MnDh74UlV76czZsxdrNY3R//u3f4oeHhsZiyx+HylO/fyXaX9EjMSDZ2GT746tNh6NPH/FTlw6c7bYkaXFy8tr+ZNppKxq9GZirMrINmTxgTQiDuZtHZNoHtxoZPFxpDj33fX0YkRkVQ4OFBODm79BYxsaeZdfeygivhk7ILPwiHossjgWKS78dCJeKnNV5L8R8e6wGwdsqUZk8aNIsZLW04HieiA/n+aXza99e+r88sJKrTaNlGfUnd4/2E6uTXiENSOLF4sz/np6ediNAbbVeGSxFik++vdbxbhSFOPST8yeuHCqUR9henqT90llf3x2wD75aDnWmEbyfw9/v4DNNVMW70eKP/ysWTzOs9sq1j75b9uQGwhsnZTFSKT43en1lPrmpbPa/H7HTu/7b237x5unV67furF49TtrGz7fap58Y3XtxuUrGz/dnrvM6ls2m8fs1yjncGEArZTFTyLFbz5Zj9rUeJ75z7cfdT+Nt7/X/S7Y37es1L8/BlkfeBb7PsbR8jallMWrkWLhg8l2PyO/qpEN6JHn/weR4vjiR6lKepn/cma/lv+vdvPTTL3LjiLbX2jf11aNJZxvPX+37VuR/7xNef5vRopTeybLexra+c/6avO6c5Hi3MfPlXUjY3lddVvDRPsdFxaX5g/ntX+NFH+/U9VGUVtNKDzVrT2S1zYixZc/7K1tlbV7u7XTVRtu/mLj2i92a2fy2tuRYnJuqqpt5bV7y9p93dpDV1aW5gY9vOxOef4/jBQ//u3XU/WZv2v+a+f/9/qWHZ/K/L3XH1b+J2rb3itz/VaZ/8Ym+T8YKd64/Vy130X2qq+VJ4uf3fwfihTP/qu3tlnW7unWHhl0t2CY8vz/LVL8euZO5zNffrbLh92E1vP/bKN32bmuHlL+n6xtmyjbNXafxwJ2m9Vb77x5eWlp/oYVK1asdFaG/c0EbLX8+v9XkeL9J7JU9WPL6//PtR91e8z/ebd7/T/bt+wY0vX/ntq22bLXMpr3zdeuXR99OqK5euudg4vXLl+dvzq/PPPK0elj08dPHD08OlZ17rtrAx872Ony/P8lUvx58o+dceze/v/G43+tvmXHkPL/VH2fevo1Ax8K2HWq+b+vLN3pZPle43/VON/+53uXnT+qGVL+99a2TZTtevw+jwUAAAAAAAAAAADsFK2UxQ8jxfl/vpyqe+gGuf93rm/ZMaT7//bVts1t0981DnyQAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdrCRyOJ6pPjg1fX0/XzDZMQL9SXwmfW/AAAA///+zUk1")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
getdents64(r0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)

59.998102597s ago: executing program 32 (id=738):
syz_mount_image$udf(&(0x7f0000000540), &(0x7f0000000580)='./file0\x00', 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="0038cecbad8dce0a24359e05a65a4ab28df7afe07fb47d7e2b67b9a0ea16c9d97278ebd7fec38ad0526fba402ecf"], 0x1, 0x516, &(0x7f0000000600)="$eJzs289vHGcZB/Dn9azd9Raom4bUrSpkVImmTRMldtJEMofmBwmRqoBIwz2N7WDVsUPsVE2FSiWQ+g9whQMoBw4gcS2iNyQOSFSAUKAceuKChHxA4gia2Znd2a0Tb0jsjevPJ4pndvbZ9Tuj/e7M+77jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAiTn3t5OEjaditAAC204WL3zo84/wPALvK6/r/AACwW6TIYjxSPPOn9fRC8bit+dri8s23L505u/HLxlOkGImsqM//N49Mzxw99srxE9Xy3q9/2J6Jb1x8/eTU6ZVr12/Mr67Oz01dWl68sjI3P/A7POjr+71UHICpa2/enFtYWJ2aPjTT8/TbE/947PF9E7MnDh74UlV76czZsxdrNY3R//u3f4oeHhsZiyx+HylO/fyXaX9EjMSDZ2GT746tNh6NPH/FTlw6c7bYkaXFy8tr+ZNppKxq9GZirMrINmTxgTQiDuZtHZNoHtxoZPFxpDj33fX0YkRkVQ4OFBODm79BYxsaeZdfeygivhk7ILPwiHossjgWKS78dCJeKnNV5L8R8e6wGwdsqUZk8aNIsZLW04HieiA/n+aXza99e+r88sJKrTaNlGfUnd4/2E6uTXiENSOLF4sz/np6ediNAbbVeGSxFik++vdbxbhSFOPST8yeuHCqUR9henqT90llf3x2wD75aDnWmEbyfw9/v4DNNVMW70eKP/ysWTzOs9sq1j75b9uQGwhsnZTFSKT43en1lPrmpbPa/H7HTu/7b237x5unV67furF49TtrGz7fap58Y3XtxuUrGz/dnrvM6ls2m8fs1yjncGEArZTFTyLFbz5Zj9rUeJ75z7cfdT+Nt7/X/S7Y37es1L8/BlkfeBb7PsbR8jallMWrkWLhg8l2PyO/qpEN6JHn/weR4vjiR6lKepn/cma/lv+vdvPTTL3LjiLbX2jf11aNJZxvPX+37VuR/7xNef5vRopTeybLexra+c/6avO6c5Hi3MfPlXUjY3lddVvDRPsdFxaX5g/ntX+NFH+/U9VGUVtNKDzVrT2S1zYixZc/7K1tlbV7u7XTVRtu/mLj2i92a2fy2tuRYnJuqqpt5bV7y9p93dpDV1aW5gY9vOxOef4/jBQ//u3XU/WZv2v+a+f/9/qWHZ/K/L3XH1b+J2rb3itz/VaZ/8Ym+T8YKd64/Vy130X2qq+VJ4uf3fwfihTP/qu3tlnW7unWHhl0t2CY8vz/LVL8euZO5zNffrbLh92E1vP/bKN32bmuHlL+n6xtmyjbNXafxwJ2m9Vb77x5eWlp/oYVK1asdFaG/c0EbLX8+v9XkeL9J7JU9WPL6//PtR91e8z/ebd7/T/bt+wY0vX/ntq22bLXMpr3zdeuXR99OqK5euudg4vXLl+dvzq/PPPK0elj08dPHD08OlZ17rtrAx872Ony/P8lUvx58o+dceze/v/G43+tvmXHkPL/VH2fevo1Ax8K2HWq+b+vLN3pZPle43/VON/+53uXnT+qGVL+99a2TZTtevw+jwUAAAAAAAAAAADsFK2UxQ8jxfl/vpyqe+gGuf93rm/ZMaT7//bVts1t0981DnyQAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdrCRyOJ6pPjg1fX0/XzDZMQL9SXwmfW/AAAA///+zUk1")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
getdents64(r0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)

13.292832274s ago: executing program 0 (id=965):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f0000000080)='blkio.bfq.time_recursive\x00', 0x0, 0x0)
preadv2(r1, &(0x7f0000000280)=[{&(0x7f00000008c0)=""/211, 0xd3}], 0x1, 0x0, 0x0, 0x0)

12.857299857s ago: executing program 0 (id=967):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
write$FUSE_NOTIFY_INVAL_ENTRY(r0, &(0x7f0000000040)={0x21, 0x3, 0x0, {0x1}}, 0x21)

12.403758847s ago: executing program 0 (id=970):
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x40, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_pfifo_head_drop={{0x14}, {0xa}}]}, 0x40}}, 0x0)

11.999921932s ago: executing program 0 (id=972):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000003c0)='./bus\x00', 0xe, &(0x7f0000000540)={[{@resuid}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1ff}}, {@stripe}, {@noblock_validity}]}, 0x3, 0x451, &(0x7f0000000f80)="$eJzs3M2PU1UbAPDn3k6HlxdwRsQPPtRRNE78mGEAlYULNZq4wMREF7qczAwEKYxhxkQIUTAGV8aYuDcu/Rdc6cYYVyZudW9IiGEDuKq57b1MW9rCdFqq098vuXDOvedyztNzT3vuPS0BjKyp7I8kYntE/B4RE/Vsc4Gp+l/Xr55fuHH1/EIS1erbfyW1cteunl8oihbnbcsz02lE+lkSe9vUu3L23Mn5SmXpTJ6fXT31wezK2XPPnTg1f3zp+NLpg0eOHD409+ILB5/vS5xZm67t+Xh53+433vvqzaNfNMXfEkefTHU7+GS12ufqhmtHQzoZG2JDWJdSRGTdVa6N/4koxVrnTcTrnw61ccBAVavV6rbOhy9UgU0siea8IQ+jovigz+5/i611EvDy4KYfQ3fllfoNUBb39XyrHxmLNC9Tbrm/7aepiHj3wt/fZFsM5jkEAECTH7L5z7Pt5n9pPNBQ7p58bWgyIu6NiJ0RcV9E7IqI+yNqZR+MiIfWWX/rIsmt85/0ck+B3aFs/vdSvrbVPP8rZn8xWcpzO2rxl5NjJypLB/LXZDrKW7L8XJc6fnztty87HWuc/2VbVn8xF8zbcXlsS/M5i/Or8xuJudGVixF7xtrFn9xcCUgiYndE7OmxjhNPf7ev07Hbx99FH9aZqt9GPFXv/wvREn8h6b4+Ofu/qCwdmC2uilv98uultzrVv6H4+yDr//+3vf5vxj+ZNK7Xrqy/jkt/fN7xnqbX6388eaeWHs/3fTS/unpmLmI8OVpvdOP+g2vnFvmifBb/9P72439nrL0SeyMiu4gfjohHIuLRvO2PRcTjEbG/S/w/v/rE+73HP1hZ/Ivr6v+1xHi07mmfKJ386fumSidvif9G9/4/XEtN53vu5P3vTtrV29UMAAAA/z1pRGyPJJ25mU7TmZn69+V3RaSV5ZXVZ44tf3h6sf4bgckop8WTromG56Fz+W19PX8xIupfLSiOH8qfG39d2lrLzywsVxaHHTyMuG0dxn/mz9KwWwcMnN9rwegy/mF0Gf8wuox/GF1txv/WYbQDuPvaff5/MoR2AHdfy/i37AcjxP0/jK6O438z/88/QI3PfxhJK1vj9j+S75oo/qUeT9+0iSj/K5qx8UQ1adu5kQ67YRKDTAz3fQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBf/gkAAP//qmHgTw==")
mkdir(&(0x7f0000000080)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file1\x00', 0x20400, 0x20)

11.116004873s ago: executing program 0 (id=978):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'rmd160\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f0000003e80)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000009c0)="18acf8b1ed479de320cdbff21bc648a4423880b9fb95564f48c38e3fdaea755288c2a91a1ef344702de01af77d599320e22a0ea41b13aa09f1b359b0e2d2e8b6074bb4119ea219d2055df8bab18280f3c3ea8e45510d60a28f7af2a9c471dbe0a88f57ae4580b0b420f5f90b70efb6805d81812d5d64c87c99f9c75e9f656dfd6e0cb005b1abd4d879a097dd9d3e6e12f85505cd45c840f9503b2fff6c33e6a675512ab99729da82acc41b65a398d515700ba76224267cdabfb9576027eb82a82c337e379c488d47691d7fe2c55bbe29a7a37633648559a31b90f145d0f5a2d8d9499f100ba95da30ce9df964d2af22e6551f8a35878071d2b5477c0f1c0ab067a8bd9368c04ed9b6e1547f04d022d726bb32daf66bded05624baa409848f50d96df5d0a86c6ce2b9b0767e85c5233c1e30aaad953301d7294b375db43804290971c857070e9d2c8b6397ab8d56358476fc0359ee79b7956f0ef1ce2edefc6bd340037706a57aa98105019c21be58ce8c868c90db57bfe8304416b3e7e02837ea3ce01ce463321f2ea429ee0c42b27d28c2b6063eb5cd746e26ade0c9ae3049ebb8c5038b01281f26c9777fb1263a5ba1262fa783e07ef5ded966eb85a4a811f5aab0d9575551239e9b0f76e5217744b0a8edcb1504774e36818033e3ab03ca6164df64fdf4352b9c88bfa91add131e13bee44e7eb4e38e613f3bab3c6c8a5038e446d57c9058b975f05f36e0e49171b426b99aa82a0656d7ffc46169ee20456aab06ee429bff9408fb1961e3976e288bee69e9ec6dc72862e1cfcc6c4804457285efcb056b0d834666748129994a3fc172c4c9c622a0c4ddd84bce972d56c70f3687222e5857f9a24b0e138a8359409f5b4ba3206c1a7f35c9e90f3ad903715ab7283e700f9ec2c641f38e998122266a8b1731ce1f03d12a643f281b3ace22f1e403dfe05052fdca3da258f8f1bd7c88949d2a14510b4116c5e403b6cee434d4969113ff8eebc1052e6a1dfa710cadfa0dbd96afa3dd1ab32b10e97d4c015e357bb938d5c2420ed83fff6a17ca9c334fc1b1a3b171f3ca2f4f88a66c59477a73265a8dc10c6d0e5ab2f595e4b9bdd160f35a7917d46df4a50b7651a5991f2444fc0a235f210e8ce8afede0b725d0cabfa20e4d36a836314d180f66614db4fbbd15ef7a947247f7f6f0eb34af0b7aeaaa9210154285dcd0389de273ad3459a1d87f062d9a050c57b6325750aeb9f47d7242117d8e0d38ae1e6cef179809d422ae852bf41f8d5ec42fac487ed46e0511a1f554cd6181e6c81dfdafa7c69daa2ba822e22e305b4b8f34c20fcc8e50cf451f053df249a7f5b20cbc0bc127f55d80bc9c0ba3cf9f0a9c56286215c20f9d60cb61276c6bbf772c151be2520e22b8f6daea2aa1f9e1b30bbeed092d3c2fb92a10fb71e7fea336a0258620c918581487ec04c54ca4e9811a83a6bf39dca6a4e89092cdee6e40024bd7c1ae7b3a8cdbb38c21ccb1de68f7fc9fa4726b832cedcfdd22b71f37d66f350e78e3c19bcae0322f8f070c316bc3c2ba0cb12a43746bd8aaa1645e3f8800b93722ac1791396bb3def1678cb5ab3f42c097c4c3684ea61dc89209ae57906bd4577a93b14eceff6f18893064198d9141a927ced2af06226011187f1851d6a5c1b5ff78a4c6d8b387a781c06a286f052d2e828ed94110cd7b9e6cfcb840e12019678080a6e9e517ce8ba6276c5a919197fd0adf86547135fcec083f2c1fea0e40564f279ceec580e827e39fa77bfa823d6e08aa7bd320491381f21be8b10dc2ed7fee1524680a52bb1e14cb6248519100edd7df29bac5c4ad1c893ee99db03aa7e077ba6608b0db797f31a6cd6d5a01077a41df98fc373ac5c149b87c55bb73bb17b09dffa7847b134b866b9ce179d547750dd2fb9c280e2003d132c87e2535f31232a32d738aeedeff052f256a9c866b6c2cb880d15f1acca7396a8f6113afe45e46e96a6c7762eb09d2c568df561d5484356b4ae71f89bf0126c6670c4fbeee59a89e20206401ef85f083039aa9ceacc2912427b031c35e29c7a702e0054f4dbb01062c0daab2a5faa49a86cd5d48d64bbee12f60ee529a00ad13a579934faff4ec12778038a3e48217fc4eb97ebe3dec9ecdfc0af3e722ed7ca0f12952c2902b0db061098d4bf14664104c440c9d07af7fbaa375274f61b04c17050a3e139dcce999071f18468139182cfe78a84c90c0428d7c75a621a6eaa69e028ce47626235ca3edbbb53e15afe", 0x641}], 0x1}}], 0x1, 0x0)

10.428574818s ago: executing program 0 (id=982):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x4, <r2=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x0, 0x0})

9.053762272s ago: executing program 33 (id=982):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x4, <r2=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x0, 0x0})

6.044405522s ago: executing program 3 (id=999):
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x8108551b, &(0x7f0000000380)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a0000000086d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f6853772b21a100efb76cba37ff3111d6847e8b9398a646717af75fc008daefba68e6222103472bc55704cdb72b4b996ed831f3b802549db3a8ffff7d34171113d806726615380fe65a6a0a72e1ac2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13f4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe363590d1f600"})
writev(0xffffffffffffffff, &(0x7f00000004c0)=[{&(0x7f0000000300)="4800000014001d0d09074beafd0d8c560284606080ffe0064e204e20590000a2bc5603ca00000f7f8907000020008d42188fedc22e47ad8f75edc6d100000101ff0000000309ff", 0x47}], 0x1)
ioctl$USBDEVFS_CLEAR_HALT(r0, 0xc0105502, &(0x7f0000000340)={0x1, 0x1})

5.131692411s ago: executing program 3 (id=1005):
syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000440)='./file0\x00', 0x0, &(0x7f0000000480), 0x1, 0x3da, &(0x7f00000004c0)="$eJzs3F1rHNUbAPBnJm//pn/dqNULLRgpYvAlL02JDRZU8NIr6xdYk7REt41tVrAlFwpiP4D6AcTL+hG8EO8EwZvitXdKoUiSa1mZzexm3OzGvC2j3d8PDpxnZoczz8zsnpMzhwQwsCYj4pOIGI2I9yOikm9P8hJv7JTsc9ubG0tZSaLRuPxH0ty/tbmxFIVjMqfzYCqNSD9L4pku7a7fuv1BtVZbuZnHM/VrH86s37r9yuq16tWVqyvX52cXF2fnLy4sLpxYrr/FnV8v3Xur8sVP53754b13FpJCvsU8TspkTLavSafpk26sZP8r1JPhEk+EQ0kjYigihpvf/0oMxe7Nq8R3lVJPDgDoi0bj9Y4YAHj4Jfp8ABgwrb/7tzY3llqljHmIsjx4c+fl1Vb+bnO7nf9w+03ISMf7rZM0GRHffvXqs1mJPr2HBAAo+j4b/1zsNv5L42zhc6ciYjxf2/X/iHgkIh4trJ86qsmOeO/4J71/zCb2lY3/LhXWtm0X8s9NDOVRlvNEjCRXVmsrs3n+UzEylsVz+7Rx9vJTf/baVxz/ZSVrvzUWzM/j/vDY349Zrtarx8m56MGnEU8Pd8s/aY9/k2beR/fajbtP9tr3z/n3V+PriBe63v/dlXvJ/usTZ5rPw0zrqdjrzovP3+jVftn5Z/d/fP/8J5Lies31w7fx44XVn3vtO+rzP5q826yP5ts+rtbrN+ciRpO3924/v3tsK259Pst/6lz37/+Z2L0Sj0XE4xHxRERze88HuouXa988d/T8+yvLf/lQ9//wlfHP797r1f7B7v+FZm0q33KQ37+DnuBxrh0AAAD8V6TN+dwknW7X03R6emee90yMp7W19fpLV9Y+ur68M+87ESNpa6arUpgPncvnCFvx+Y54Pp9D+XLsVDOeXlqrLZedPAAMqNM9+v/M72Nlnx0A0Df9WtwOAPx76f8BYPDo/wFg8Oj/AWDw6P8BYPDo/wFgoBzn//qpqKg8rJWyf5kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMr1VwAAAP//Y/TVQg==")
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x4008, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@userxattr}]})
linkat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file1\x00', 0xffffffffffffff9c, 0x0, 0x0)

4.881734425s ago: executing program 2 (id=1008):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000002c0), 0x3)

4.615437385s ago: executing program 2 (id=1009):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000004c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="30003300c03ed51360fb28b0f3dab4"], 0x4c}}, 0x0)

4.265510423s ago: executing program 3 (id=1012):
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000500)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000100)={0x30, 0x5, 0x0, {0x0, 0x1, 0x0, 0x5}}, 0x30)

4.016753833s ago: executing program 1 (id=1013):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1801000000000000000000004b84ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000400)='tlb_flush\x00', r0}, 0x10)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2800001, 0xc3072, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)

3.920460025s ago: executing program 2 (id=1014):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_usb_connect$hid(0x1, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000000000008b40461de0000000000010902"], 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000580)=ANY=[@ANYBLOB="3c0000001000390427bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="3c45070000000000140012800900010076657468000000006800028008001300", @ANYRES32=r1], 0x3c}, 0x1, 0x0, 0x0, 0x24004805}, 0xc080)

3.69205679s ago: executing program 5 (id=1015):
syz_usb_connect(0x1, 0x36, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e04000418"], 0x7)

3.468076118s ago: executing program 1 (id=1016):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000001f090003007379"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x2c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x54}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)={{0x14}, [@NFT_MSG_DELCHAIN={0x2c, 0x5, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}], {0x14}}, 0x54}}, 0x0)

3.003554474s ago: executing program 1 (id=1017):
r0 = socket(0x10, 0x3, 0x6)
r1 = socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0xfffffffe, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x0, 0xfff2}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x22, [0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc], 0x1, [0x4, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}}}}]}, 0x88}}, 0x20000000)

2.697194468s ago: executing program 1 (id=1018):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r1=>0x0})
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001800)={0x6, 0x3, &(0x7f00000006c0)=@framed, &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r1}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000340)={r2, r1, 0x25, 0x0, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x700000000000}}, 0x40)

2.624639207s ago: executing program 3 (id=1019):
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000140)='./file1\x00', 0x1408400, &(0x7f0000000080)=ANY=[], 0x85, 0x68b, &(0x7f0000000800)="$eJzs3c1vHGcdB/DvbDabbCipmyZtgiolaiRARE3sWCmYSwNCKIcKVeXA2UqcxMomDY6L3ApBeClce8gfUA6+cUBI3CPKhQvcevWxEoJLLzWnRTM7u16/22nqtcPnU43nmXnmeeb3/HbedrfRBvi/de1Cmo9T5NqFNxfK5aXFyc7S4uTdfjnJkSSNpNmbpfi82+1+nFxNb8qZcmXdXbG69/vP90uPZqfe/uSzpU97S816qrZvrG+3Ww/rKeeSHKrnT6u/69v1d3S77orBCMuEne8nDkbtcJJu5d+Pemt++vfnBjVD2hu13vbIBw6AonffXGcsOVaf6OVzQO+u2LtnH2gPRx0AAAAA7IHnl7OchRwfdRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwkNS//1/UU6NfPpei//v/rXpd6vL+cnZ3mz/+suIAAAAAAAAAgD10djnLWcjx/nK3qL7zf7VaOFn9/UrezYPMZC4Xs5DpzGc+c5lIMjbUUWthen5+bmLQsv9/BqxveXnDlpe3CfRIPW8/jVEDAAAAAAAAwEHzebfb3XKDX+fayvf/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwHxTJod6smk72y2NpNJMcTdIqt3uY/LNfPqjOvJY8HnUQAAAA8AV0d7jd88tZzkKOD9oV1Xv+l6r3/Ufzbu5lPrOZTyczuVF9FtB7199YWpzsLC1O3i2n9f1+7z+7CrfqMb3PHjbe8+lqi3ZuZrZaczHX806K4kYaVcvS6X48G8f1qzKm4o2ewzuM7EY9L0f+YT1fq7mrsW5qlx+mjFUZOTzIyHgdW5mNF7bOxC5fnbV7mkhjEOzJNXtaM4hVOX9jh/s7Vs/L8fxuk5yPxtpMXB46+l7aOufJN/7yx5/c7ty7c/vmgwv7Z0g7c6ie964r7fWZmBzKxMvPcibWGa8ycWqwfC0/zI9zIefyVuYym59lOvOZybn8oCpN18dzMXTKD2WqMdT11VU7emu7SFr1Edp7sVbHlG1ierVqezyz+VHeyY3M5PXqv8uZyLdzJVcyNfQKn9rBlbaxyVnf/eqGwZ//Zl1oJ/l9Pa/cekrX1ydW5vWFobwOX3PHqrrhNStZOrGL+1E/S3/aOpTm1+pCuY/fZPXhMlprMzExlIkXt87EH6rLyoPOvTtzt6fv72x3Jz6sC+V59MG+ukuUx8uJwXPB6qOjrHuxV1c9gwznq1V/49Jr11hXd2pQ1ztTH256prbqZ7j1PV2u6l7esG6yqjs9VLf2easzeB466F/+ADyzPmglx751rNX+V/sf7Y/av23fbr959PtHvnPklVYO/+3wd5vjh77eeKX4cz7KL1be/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE/uwXvv35nudGbm1hS63e4vN6k6yIX+z5nt4U7PPJeMasitJPsj8//tdrv1mmI/xLN1oVs6ku4TNv9rkp1t3EyyUdXZ0Sdhi4uGH4CCZ8Kl+bv3Lz147/3XZu9O35q5NXNv6sqVqfGpK69PXro525kZ7/0ddZTAl2Hlpj/qSAAAAAAAAAAAAICd2ot/TrD53o/u5VABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAA+rahTQfp8jE+MXxcnlpcbJTTv3yypbNJI0kxc+T4uPkanpTxoa6Kzbbz6PZqbc/+Wzp05W+mv3tG1u125mH9ZRzSQ7V86fV3/Uv3F8xGGGZsPP9xMGo/S8AAP//fgkLLw==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143041, 0x0)
unlink(&(0x7f00000015c0)='./file1\x00')
write$binfmt_elf64(r0, &(0x7f00000001c0)=ANY=[], 0xff86)

2.561457909s ago: executing program 5 (id=1020):
r0 = timerfd_create(0x0, 0x0)
timerfd_settime(r0, 0x3, &(0x7f0000000200)={{}, {0x77359400}}, 0x0)
clock_adjtime(0x0, &(0x7f0000000040)={0xd54, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x732})
ioctl$TFD_IOC_SET_TICKS(r0, 0x40085400, &(0x7f0000000000)=0x10001)

2.254202243s ago: executing program 1 (id=1021):
signalfd(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$squashfs(&(0x7f00000006c0), &(0x7f0000000000)='./file1\x00', 0x2, &(0x7f00000005c0)=ANY=[@ANYRES16=0x0, @ANYRESDEC, @ANYRESOCT, @ANYRESDEC, @ANYRES32, @ANYRES64, @ANYRES8=0x0, @ANYRESDEC, @ANYRES32], 0x1, 0x1f4, &(0x7f00000003c0)="$eJzslc1qE1EUx3935qZpahZduypYbDfaZgri0p19AB/AkI61OPGjE9CEgtFNNy7Elyj4FC4E3bsQEdzUhYIuKq4qErlzz1xvSCRWEqFw/xDOxz3nf87J3I+b+b28Cvw82muxSAFFnfdKoYEVZX3Hc1Z+EzkQfNLWboj/uciPIvNu780Tq/ZuNbMs3c27ExSlYFJMNsAqUp7hID2mWBk5kfr142GPYmxwBPzVPFNRTLWRpU5sRxrNejrkqY6LkVz+Q/P/riydYN/YSa3yvT68JT5Pu7EKs54dnOdH/U+fqebaePfMfs6xhLGk10ZOyoyV7rQJoxNl5cj1lV99FPG1MN4e7bWMcl1uMePbsr/ySBQxxnjpxZzV0AcVM3A8Gq4YYwVY67TvruXd3oWddnM73U5vJ8nGpfVXZ+SIDh7CTpauK68Nc6gp7yXAnNOat14BPvxe7+NBea0ZLJhUbG9lSnk5r57zEmsQebk+h+V94epXxRfT5hrnmQfu99USJNh/axnDprlhRttEEYvR0F6fcEzEfLFwsXUn29pHocq0A7TjaBxScUaCNUyhdOOyG39f5LLITZEHIg9FmrdrwXuTdMHwRazVPszxoNnp7BaPl9WcL3G+ZNFVjqRq+RqqspMqAQEBAQEBAQGnBL8CAAD///yHQTQ=")
r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x1b0)
getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8)

1.926266131s ago: executing program 2 (id=1022):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)={0x38, r1, 0x5, 0x0, 0x1, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}, @mon_options=[@NL80211_ATTR_MNTR_FLAGS={0x14, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}]}]]}, 0x38}}, 0x44810)

1.872257852s ago: executing program 5 (id=1023):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0x19, &(0x7f0000000400)=0xa4, 0x4)
syz_emit_ethernet(0x6e, &(0x7f0000000440)={@multicast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x38, 0x3a, 0x1, @private0={0xfc, 0x0, '\x00', 0x1}, @mcast2, {[], @time_exceed={0x2, 0x1, 0x0, 0x0, '\x00', {0x0, 0x6, "fd9003", 0x0, 0x3a, 0x0, @remote, @private0={0xfc, 0x0, '\x00', 0x1}, [], "5467e8296fe849e5"}}}}}}}, 0x0)
recvmmsg(r0, &(0x7f0000002780)=[{{0x0, 0xfffffffffffffde1, 0x0}}], 0x1, 0x2140, 0x0)

1.829985279s ago: executing program 3 (id=1024):
r0 = socket$kcm(0x2b, 0x1, 0x0)
setsockopt$sock_attach_bpf(r0, 0x6, 0xd, &(0x7f0000000040), 0x3)
sendmsg$inet(r0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x20000014)
recvmsg(r0, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x3)

1.508445647s ago: executing program 2 (id=1025):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
listen(r0, 0xffffff13)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x2000001, &(0x7f0000000500)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r0}})

1.466496757s ago: executing program 1 (id=1026):
memfd_create(&(0x7f00000003c0)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8b\x00\x00\x00\x00\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: -mh\xc7\xf5?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xd2\xd0\xb5b\xd8\xc3\xa3\x97\xeaY\xe6\xdb\xc2\xa5h\'\xdfn8(\x99\x19In\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x977\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\xb3#\x8b\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xb8\xec\xc3\x904Lqm\x90\x06\xf6@\xa9\xd1\xc7\xe7x\xd8.X\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xa6\x95<\xd5\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92\xdbX\xb4\xa4\'\b\xb4FK\x85\x92E\x98voR\xa9\xdb\xf2\x95\x9e\x00\x86\xae\\\xc6W2\xc9\x95\xe6\']\xedijA\xef\x90d\xd5\xaf\x99\x87\xf4o\xcc\x7f\x1d\n\x96iu5J\ab\xbe\x01\x04\x00\x00\xc7\x8cU)\xab\xaa\x81\xeb\xdc\x8b\x15\xe1\xaf\xea\xcf>\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00Zy\xa2\xd5w \x80\xa9C$&\xe7\xc4\x88M\xda\xcf\xae\xc8\xa5\xc3%\x81\xa3\t\xd5\xfbk\n4\x9c\a\x98\xe9>T\xde Zj\xb0\xdc1\xb1\x13#\xd5Cg\xc5A]\xce\xb2T\xc9}wir\xa0Gn9\xfc\x82\x98\"\xbe\xa5p\x02\xe5\x92\x18\'\xf0\xc1~\x1a\rK\r\\d\xb4\x16\x03&l\x96\x957\xb7G~\xdb>R\x98s`Jn\xc4%q\x12\x80\xc7+Z\xecM\xfa\x06\xef\xdb9+\xfc\x96\x00\xb5\x15\x14\fr\xea^V\" iT\xbd\xa4\x92\xbd\x8f\x17\x7f\xebM\x9a#\x16\xeb\x93\xdc\x80\xae\xaf\x88\xfb\xfb\x1fnmP\xff\r\xc8z\xec\xeb\xbf5q\x0f\xb1\xb3\xaa>\xdaE_\x06\xa4\xa0\x12op\xeeI\x7f>*\xf1T\x9b\xeb;M\xaf\'B\n1B\xacT\xf2\x80:Ag]\xb8Wg.\xf5\xb5,zE\xbdUm@s\xb2;\xdeJ\xd8P\x85;\x15\xa1M]\x00'/728, 0x1)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000000106a053103000000000001090224000100008000090400101c0300010009210000000122f80409058103"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0)

1.396360018s ago: executing program 5 (id=1027):
r0 = landlock_create_ruleset(&(0x7f0000000040)={0x1000, 0x3, 0x1}, 0x18, 0x0)
landlock_restrict_self(r0, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r1, 0x0, 0x0)

1.04048419s ago: executing program 5 (id=1028):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
bind$inet(r0, &(0x7f00000002c0)={0x2, 0x4e22, @empty}, 0x10)
sendto$inet(r0, &(0x7f0000000300)="ab", 0x1, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10)
sendmsg$inet_sctp(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000280)='\x00', 0x1}], 0x1, &(0x7f00000006c0)=ANY=[@ANYBLOB="20000000000000008400000002000000040041000000000000000000", @ANYRES32=0x0, @ANYBLOB="18"], 0x38, 0x4048800}, 0x10)

758.288012ms ago: executing program 3 (id=1029):
syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000000080)='./file1\x00', 0x80, &(0x7f0000000240)={[{@barrier}, {@gid}, {@nobarrier}, {@creator={'creator', 0x3d, "ff60f383"}}, {@uid}, {@nls={'nls', 0x3d, 'macinuit'}}, {@force}]}, 0x1, 0x6e8, &(0x7f0000001f80)="$eJzs3U1sHGcZAOB31uu1N5XcbZq0BSHFakQEDSS2l5IgIREQQj5UKBKXXk3iNFbWbmRvkRMhsgUKRzihHHooQubQE+oBqYgDopyRkLii3CNxjziwaGZn1rtr79qb+CcJzyPNzjcz3887r2dmZ2cTbQD/txbfjslWJLF4/q3NdPnBVr3xYKu+WpQjYioiShHlziyStYjks4gr0Znic+nKvLtk2DhvPvz0w3P3P653lsr5lNUvjWq3rT1ihFY+xWxETOTzMZWH9Xdtl/7ujdV10o07TdjZInFw3No7tMZpvo/zFnja3YuYmNxlfS3iRERM5/cBkV8dSkcc3oEb6yoHAAAAT6eJvSq8+CgexWbMHE04AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8HxIOr8ZmORTqSjPRlL8/n8lX5eqVI453tG+ssf2D24cUSAAAAAAAAAAcCg+yb+4P/MoHsVmzBTr20n2nf/r2cKp7PWFeC82YjnW40JsxlI0oxnrMR8xOdPTYWVzqdlcn9/Z8jeRtmy32/fylgsRUdvRcuEIdhoAAAAAAAAAnl8/jcWYOe4gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgVxIx0Zll06miXItSOSKmI6KS1mtF/LkoP8v+ctwBAAAAwOGr5vOZ5L+dQjvJPvO/kn3un473Yi2asRLNaMRyXM+eBXQ+9Zf+0ao3HmzVV9NpZ8ff/vdYcWQ9RsREvD9k5Lmsxului8X4XvwgzsdsXI31WIkfxVI0Yzlmo5ruRCxFErVq5+lFrYhz93iv9C1dHYztzMDya1kk1bgRK1lsF+JaJTqPTbJ9SMd8rWe0P1YiBkZ8P81O8q3cPnN0vefv9ev8uUyu/eI++xiu/ARta9meT3YzMpfmPs/GS6NzP+ZxMjjSfJS6z6BObY+SLg6OVOT8h+Pk/EQ+T3P9i/6cH7QxH6UNZmIhSvnRF/FKf85vf/H+yf7GX/7nX6/eLK3dunlj4/wh7tKhmiwKg5mo92Ti1dFHX56JRpqJ1v4zMTm4YvoJ9uMAVfJsZJeifV4tv5uVluL1nkPw3bgey3Ep5mI+LsdcfCMWot53hJ3uy2u5vtqfk+xcK+28vlVHBH/2Sz2VfrlH5aOV5uWlnrz2Xulq2bZ8zZVfxVxPlk6OPvrGfhdIx/98Xk7H+Fn3Hedp0JeJ/NpcRPfy6Ez8tp2+bjTWbq3fXLo9pP/Bd6hz+Tw9bT/ovzb/7qD26fGkx8vJbsRZTqrF8ZJue7kbbX++Kvk3Lp12pR3bTne31WImVuL7Q8/USn4Pt7OnzrZXe7f9a/vKWcnvb4ptfXc58W40sruQAbNHk1UA9u3EGycq1YfVv1c/qv68erP61vR3pi5PfaESk38r/2niD6Xfl76ZvBEfxU9i5rgjBQAAAAAAAAAAAAAAAAAAAAAAAAAAAACA58HGnbu3lhqN5fVuIaYH1zxpoTJ0rNGFKO1ZZ+uF/XUYtYjRYyV5oXKw+/4sFqpxSD1/EhEj6lSeeIhk7GNs7EJ6IB9Ih8UPp2Vr2hNjNC8XrXavU46N6WF/wantsyBqt5Ya/2n31alGzykDPOcuNldvX9y4c/erK6tL7yy/s7y2cPnS5Uv1r89/7eKNlcbyXOf1uKMEDsPGnbsTxx0DAAAAAAAAAAAAMJ78X/83H/s/M5T3qFNZ39h95DNHvasAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAM2rx7ZhsRRLzcxfm0uUHW/VGOhXl7ZrliChFRPLjiOSziCvRmaLW010ybJw3H3764bn7H9e3+yoX9Uuj2u1PK59iNiIm8vnepnbpZmd/13r6az1WeEl3D9OEnS0SB8ftfwEAAP//p+75lw==")
unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x802053, 0x0, 0xfd, 0x0, &(0x7f00000000c0))
rename(&(0x7f0000000000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f0000000080)='./file1\x00')

133.351576ms ago: executing program 2 (id=1030):
syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000000180)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000010, &(0x7f0000000000)=ANY=[], 0x1, 0x6eb, &(0x7f0000001240)="$eJzs3c1vHGcdB/DvrNeON1Sp0yY0QkGYRCpIEYkTK4VwwSCEcqhQVQ49W4nTWNkkVeKitELgAoITEof+AQXJNw4IiXtQuHApt159rITEJeIQ9bJoZmft3fX6LfFLAp9PNJ5n5nnmmd/+5pkZ7zqrCfB/6+q5NB+myNVzbz4ol1dXZturK7NH6up2krLcSJrdWYo7SfEomSvri74pffMNPl688vZnj1c/7y4166lqP7bVdiOMaLtcT5mu+5seueX4TnexXIeXl5Jcq+eDJnba10DDMmln6zkcus6gRjrLu9l8N+ct8Jzp3Z2K7n1zg6nkaJLJ+veA1FeHxsFFuKe+3ivs6ioHAAAAL6hP7x52BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDiqZ7/31pbbHRXJdMpes//n+itq8vPobkdt3y4r3EAAAAAAAAAwMH42pM8yYMcK8vjSTpF9Tf/M1XliXzRSb6U93M/C7mX83mQ+SxlKfdyMclUX0cTD+aXlu5dXNuyNHrLSyO3vHSQrxoAAAAAAAAA/uf8Mq3u3/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOB5USRj3Vk1najnmUqjmfW6LCf/TDJx2PHuQjFq5cODjwMAAACeyeRTbPPykzzJgxzrLXeK6j3/l6v3y5N5P3eylMUspZ2FXK/fQ5fv+hurK7Pt1ZXZ2+VULg/2+/1/7yqMibqHsWpp1J5PVS1auZHFas35XKuCuZ5Gd99nk1O9ePri6vNRGVPxvdoOI2vWaS139vvNPkXYE4MfRTS2aNlaDy5Zy8hMHVu55fFuBorqg5pkOBPDR2fDzpoDS1NVk/G1PV1MY+2TnxP7kPOj9bx8Pb/Z15zvRH8u1jLRSJWJS73RV54zW2ci+cZf//TOzfadWzdv3D93uC9pF8Y2WT88Jmb7MvHaC52J5i7bz1SZOLm2fDU/yk9yLtN5K/eymJ9mPktZSKeun6/Hc/lzautMzQ0svbVdJBP1cekes53ENJ0fVqX5nKm2PZbFFLmb61nIG9W/S7mYb+dyLudK3xE+uWnc1WurzvrG8FnfO9J/Gxn82W/WhfLq9tv1q9zcVq94s9G5V7rX/jKvx/vy2h31j9daHe87D2b6svRKLzvjIzt/mmtj8yt1odzHr7a5TxysqToT5QnUu0v0onu1m4lmdS/aOM7/0Cm3S/tOp3Nz/r1N+l8eWn69npfDauWr27XuGX0o9lY5Xl7JZH0lGRwdZd2ra1eZvrrO+lju1g3eccvtTlZ1RdE7U3+cu9UA2HimTtS/w23s6VJV99pQ3en6Gl7WneqrG/h9K3fTzvUDyB8AT+Mf76wVp3J0ovWv1qetT1q/bt1svTn5gyPfOXJ6IuN/H/9uc2bs9cbp4i/5JD9ff/8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8vfsffHhrvt1euDe60Ni8aqDQyvCa7XoeKhT1A31GtblVP6VgVx0ecmEyycCa6jlHBx5GaziMDYXOL5IDz0/vIYKj2/yuLDR3dLjnBtb8eWOHH20fz1iGxuEOzot9LDSyLz13Xt5kJIxl9AA4rCsScFAuLN1+78L9Dz781uLt+XcX3l24M3758pWZK5ffmL1wY7G9MNP9edhRAvth/aZ/2JEAAAAAAAAAAAAAOzXqqwJnXtruSyMbCo0kw9/x8D8LAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgD1x9VyaD1Pk4sz5mXJ5dWW2XU698nrLZpJGIyl+lhSPkrl0p0z1dVfkj4/SGbGfjxevvP3Z49XP1/tqdtsnjXq+ua1rkyzXU6aTjNXzZzDQ37Vn7q/4T+81lAn7otPpzD1bfLA3/hsAAP//ShfsxA==")
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x8042, 0x1fe)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$FUSE_LK(r0, &(0x7f0000000000)={0x28, 0x0, 0x0, {{0x5, 0x10, 0x1}}}, 0x28)

0s ago: executing program 5 (id=1031):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="9f01000083667d1040206402d14e0102030109021b000100000000090400000190f19c000905f3ed"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f00000003c0)={0x34, &(0x7f0000000140)={0x0, 0x5, 0x1, '6'}, 0x0, 0x0, 0x0, 0x0, 0x0})

kernel console output (not intermixed with test programs):

 error -22
[  234.131917][    T9] usb 3-1: USB disconnect, device number 3
[  234.347799][ T6463] loop3: detected capacity change from 0 to 256
[  234.400193][ T6463] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  234.411854][ T6463] exFAT-fs (loop3): Medium has reported failures. Some data may be lost.
[  234.585785][ T6463] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d)
[  234.609992][ T6469] loop1: detected capacity change from 0 to 512
[  234.698805][ T6469] EXT4-fs (loop1): orphan cleanup on readonly fs
[  234.707392][   T30] audit: type=1800 audit(1754536399.931:5): pid=6463 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.185" name="file1" dev="loop3" ino=1048603 res=0 errno=0
[  234.709380][ T6469] Quota error (device loop1): find_tree_dqentry: Cycle in quota tree detected: block 2 index 0
[  234.728278][    C1] vkms_vblank_simulate: vblank timer overrun
[  234.757562][ T6469] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0
[  234.767798][ T6469] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.189: Failed to acquire dquot type 1
[  234.885759][ T6469] EXT4-fs (loop1): 1 truncate cleaned up
[  234.916048][ T6469] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  235.058716][ T6469] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended
[  235.094044][ T6469] EXT4-fs warning (device loop1): read_mmp_block:115: Error -117 while reading MMP block 8
[  235.581888][ T5810] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  235.616103][ T6479] loop3: detected capacity change from 0 to 1024
[  235.728253][ T6479] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  235.728661][ T6479] ext4 filesystem being mounted at /42/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  235.737902][ T6476] loop4: detected capacity change from 0 to 32768
[  235.742259][ T5874] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  235.822276][ T6479] EXT4-fs error (device loop3): ext4_map_blocks:814: inode #15: block 4: comm syz.3.193: lblock 4 mapped to illegal pblock 4 (length 1)
[  235.836553][ T6476] JBD2: Ignoring recovery information on journal
[  235.893197][ T5874] usb 3-1: Using ep0 maxpacket: 32
[  235.937792][ T5874] usb 3-1: config 0 has an invalid interface number: 35 but max is 0
[  235.937923][ T5874] usb 3-1: config 0 has no interface number 0
[  235.950423][ T5874] usb 3-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.8f
[  235.950569][ T5874] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  235.950686][ T5874] usb 3-1: Product: syz
[  235.950780][ T5874] usb 3-1: Manufacturer: syz
[  235.950875][ T5874] usb 3-1: SerialNumber: syz
[  235.951787][ T6479] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 1 with error 117
[  235.951925][ T6479] EXT4-fs (loop3): This should not happen!! Data will be lost
[  235.951925][ T6479] 
[  235.958126][ T5874] usb 3-1: config 0 descriptor??
[  235.961140][ T6476] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  236.018652][ T6479] EXT4-fs error (device loop3): ext4_map_blocks:814: inode #15: block 3: comm syz.3.193: lblock 3 mapped to illegal pblock 3 (length 1)
[  236.020181][ T6479] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 1 with error 117
[  236.020332][ T6479] EXT4-fs (loop3): This should not happen!! Data will be lost
[  236.020332][ T6479] 
[  236.201680][ T5874] radio-si470x 3-1:0.35: this is not a si470x device.
[  236.339124][ T5815] ocfs2: Unmounting device (7,4) on (node local)
[  236.347219][ T5874] radio-raremono 3-1:0.35: this is not Thanko's Raremono.
[  236.355034][ T3778] EXT4-fs error (device loop3): ext4_map_blocks:814: inode #15: block 8: comm kworker/u8:16: lblock 8 mapped to illegal pblock 8 (length 8)
[  236.356932][ T5874] usb 3-1: USB disconnect, device number 4
[  236.413838][ T3778] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  236.413987][ T3778] EXT4-fs (loop3): This should not happen!! Data will be lost
[  236.413987][ T3778] 
[  236.434193][ T5823] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  236.758839][ T5874] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  236.797573][ T6489] loop3: detected capacity change from 0 to 8
[  236.967348][ T5874] usb 3-1: Using ep0 maxpacket: 32
[  237.002106][ T5874] usb 3-1: config 0 has an invalid interface number: 35 but max is 0
[  237.010806][ T5874] usb 3-1: config 0 has no interface number 0
[  237.067052][ T5874] usb 3-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.8f
[  237.076682][ T5874] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  237.087078][ T5874] usb 3-1: Product: syz
[  237.092390][ T5874] usb 3-1: Manufacturer: syz
[  237.097383][ T5874] usb 3-1: SerialNumber: syz
[  237.114071][ T5874] usb 3-1: config 0 descriptor??
[  237.237950][ T6491] loop0: detected capacity change from 0 to 2048
[  237.334423][ T5874] radio-si470x 3-1:0.35: this is not a si470x device.
[  237.361520][ T6491] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  237.365693][ T6497] loop3: detected capacity change from 0 to 512
[  237.462591][ T6497] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  237.467052][ T6491] EXT4-fs (loop0): shut down requested (2)
[  237.477014][ T6497] ext4 filesystem being mounted at /44/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  237.541027][ T5874] radio-raremono 3-1:0.35: this is not Thanko's Raremono.
[  237.586286][ T5874] usb 3-1: USB disconnect, device number 5
[  237.673232][ T5809] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  237.724467][ T6504] loop4: detected capacity change from 0 to 1024
[  237.787609][ T6504] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  237.880145][ T5823] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  237.918590][ T6504] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 49 with max blocks 1 with error 28
[  237.931595][ T6504] EXT4-fs (loop4): This should not happen!! Data will be lost
[  237.931595][ T6504] 
[  237.942304][ T6504] EXT4-fs (loop4): Total free blocks count 0
[  237.948918][ T6504] EXT4-fs (loop4): Free/Dirty block details
[  237.955187][ T6504] EXT4-fs (loop4): free_blocks=0
[  237.960789][ T6504] EXT4-fs (loop4): dirty_blocks=0
[  237.966100][ T6504] EXT4-fs (loop4): Block reservation details
[  237.972515][ T6504] EXT4-fs (loop4): i_reserved_data_blocks=0
[  238.274623][ T6515] loop0: detected capacity change from 0 to 64
[  238.443204][ T5815] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  238.484459][ T6517] netlink: 632 bytes leftover after parsing attributes in process `syz.2.206'.
[  238.688477][ T6521] netlink: 16 bytes leftover after parsing attributes in process `syz.1.208'.
[  238.748132][ T6524] netlink: 2 bytes leftover after parsing attributes in process `syz.4.207'.
[  239.033215][ T6527] netlink: 4 bytes leftover after parsing attributes in process `syz.2.211'.
[  239.065129][ T6527] batman_adv: batadv0: Adding interface: ipvlan2
[  239.071959][ T6527] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  239.098033][ T6527] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  239.108907][ T6527] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  239.119077][ T6527] batman_adv: batadv0: Not using interface ipvlan2 (retrying later): interface not active
[  239.204350][ T6531] loop1: detected capacity change from 0 to 256
[  239.421548][ T6535] serio: Serial port ttyS3
[  240.445083][ T6559] loop0: detected capacity change from 0 to 8
[  240.922281][ T6568] netlink: 4 bytes leftover after parsing attributes in process `syz.3.229'.
[  240.944635][ T6568] xfrm1: entered promiscuous mode
[  240.950000][ T6568] xfrm1: entered allmulticast mode
[  241.345252][ T6575] netlink: 64 bytes leftover after parsing attributes in process `syz.3.232'.
[  241.482434][ T6577] loop1: detected capacity change from 0 to 512
[  241.545769][ T6577] EXT4-fs: Ignoring removed nomblk_io_submit option
[  241.553908][ T6577] EXT4-fs: Ignoring removed i_version option
[  241.632274][ T6577] EXT4-fs (loop1): 1 orphan inode deleted
[  241.640302][ T6577] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  241.749624][ T6585] loop4: detected capacity change from 0 to 2048
[  241.805036][ T6585] NILFS (loop4): invalid segment: Inconsistency found
[  241.813539][ T6585] NILFS (loop4): trying rollback from an earlier position
[  241.864076][ T6590] mkiss: ax0: crc mode is auto.
[  241.940807][ T6585] NILFS (loop4): recovery complete
[  241.971908][ T6592] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  242.009131][ T5810] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  243.441311][ T6617] loop4: detected capacity change from 0 to 512
[  243.499912][ T6609] loop1: detected capacity change from 0 to 32768
[  243.566626][ T6617] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  243.573738][ T6609] (syz.1.246,6609,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  243.609713][ T6609] (syz.1.246,6609,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  243.679267][ T6609] JBD2: Ignoring recovery information on journal
[  243.724133][ T6617] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  243.834015][ T6617] EXT4-fs (loop4): 1 truncate cleaned up
[  243.852348][ T6617] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  243.921452][ T6609] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  244.093266][   T30] audit: type=1800 audit(1754536409.311:6): pid=6630 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.250" name="file2" dev="loop4" ino=16 res=0 errno=0
[  244.124189][ T6630] EXT4-fs error (device loop4): mb_free_blocks:2017: group 0, inode 15: block 33:freeing already freed block (bit 32); block bitmap corrupt.
[  244.279167][ T5810] ocfs2: Unmounting device (7,1) on (node local)
[  244.593157][ T5815] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  244.900476][ T6642] netlink: 'syz.4.260': attribute type 11 has an invalid length.
[  244.909383][ T6642] netlink: 36 bytes leftover after parsing attributes in process `syz.4.260'.
[  245.108319][ T6646] Zero length message leads to an empty skb
[  246.089133][ T6648] loop3: detected capacity change from 0 to 4096
[  246.219437][ T6652] loop4: detected capacity change from 0 to 32768
[  246.238060][ T6648] ntfs3(loop3): try to read out of volume at offset 0x3fffffc0c00
[  246.247108][ T6648] ntfs3(loop3): try to read out of volume at offset 0x3fffffc0c00
[  246.255685][ T6648] ntfs3(loop3): try to read out of volume at offset 0x3fffffc0c00
[  246.264285][ T6648] ntfs3(loop3): try to read out of volume at offset 0x3fffffc0c00
[  246.272769][ T6648] ntfs3(loop3): try to read out of volume at offset 0x3fffffc1c00
[  246.281510][ T6648] ntfs3(loop3): try to read out of volume at offset 0x3fffffc2c00
[  246.294539][ T6648] ntfs3(loop3): try to read out of volume at offset 0x3fffffc4c00
[  246.306065][ T6648] ntfs3(loop3): try to read out of volume at offset 0x3fffffc8c00
[  246.315348][ T6648] ntfs3(loop3): try to read out of volume at offset 0x3fffffd0c00
[  246.323843][ T6648] ntfs3(loop3): try to read out of volume at offset 0x3fffffe0c00
[  246.550095][ T6662] input: syz0 as /devices/virtual/input/input8
[  247.771521][ T6666] loop2: detected capacity change from 0 to 32768
[  247.891418][ T6668] loop0: detected capacity change from 0 to 32768
[  247.951909][ T6668] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.273 (6668)
[  247.989376][ T6668] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  248.002368][ T6668] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[  248.011602][ T6668] BTRFS info (device loop0): using free-space-tree
[  248.171763][ T6666] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=crc64,data_checksum=none,compression=lz4,journal_flush_disabled,fsck,recovery_pass_last=set_may_go_rw,reconstruct_alloc,no_data_io
[  248.171896][ T6666]   allowing incompatible features above 0.0: (unknown version)
[  248.171978][ T6666]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  248.219787][ T6666] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0
[  248.232368][ T6666] bcachefs (loop2): recovering from clean shutdown, journal seq 10
[  248.242252][ T6666] bcachefs (loop2): Version upgrade required:
[  248.242252][ T6666] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[  248.242252][ T6666] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive
[  248.242252][ T6666]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance
[  248.325298][ T6666] bcachefs (loop2): dropping and reconstructing all alloc info
[  248.425251][ T5809] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  248.532899][ T6666] bcachefs (loop2): accounting_read... done
[  248.560429][ T6666] bcachefs (loop2): alloc_read... done
[  248.581460][ T6666] bcachefs (loop2): snapshots_read... done
[  248.594307][ T6666] bcachefs (loop2): check_allocations... done
[  248.750426][ T6666] bcachefs (loop2): going read-write
[  248.840069][ T6666] bcachefs (loop2): done starting filesystem
[  248.911685][ T6703] capability: warning: `syz.3.278' uses deprecated v2 capabilities in a way that may be insecure
[  248.989844][ T5813] bcachefs (loop2): shutting down
[  248.995303][ T5813] bcachefs (loop2): going read-only
[  249.001304][ T5813] bcachefs (loop2): finished waiting for writes to stop
[  249.112558][ T5813] bcachefs (loop2): flushing journal and stopping allocators, journal seq 11
[  249.161116][ T5813] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 11
[  249.327697][ T5813] bcachefs (loop2): unclean shutdown complete, journal seq 12
[  249.369217][ T5813] bcachefs (loop2): done going read-only, filesystem not clean
[  249.471769][ T5813] bcachefs (loop2): shutdown complete
[  250.323659][ T5865] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  250.521209][ T5865] usb 1-1: config 0 has no interfaces?
[  250.547727][ T5865] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  250.558572][ T5865] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  250.567155][ T5865] usb 1-1: Product: syz
[  250.571501][ T5865] usb 1-1: Manufacturer: syz
[  250.593978][ T5865] usb 1-1: config 0 descriptor??
[  250.695412][ T6730] ipvlan2: entered allmulticast mode
[  250.702786][ T6730] syz_tun: entered allmulticast mode
[  250.822445][ T6722] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  250.832204][ T6722] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  250.861000][ T5105] Bluetooth: hci0: unknown advertising packet type: 0x40
[  250.861152][ T5105] Bluetooth: hci0: Malformed LE Event: 0x02
[  250.862337][ T5874] usb 1-1: USB disconnect, device number 4
[  251.244429][ T6737] netlink: 40 bytes leftover after parsing attributes in process `syz.4.291'.
[  251.295861][ T6738] loop3: detected capacity change from 0 to 512
[  251.372463][ T6738] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  252.177881][ T6740] loop1: detected capacity change from 0 to 40427
[  252.193784][ T6740] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  252.202117][ T6740] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  252.285410][ T6740] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  252.568509][ T6740] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  252.597491][ T6740] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  252.604758][ T6740] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  252.836600][ T6755] loop0: detected capacity change from 0 to 512
[  253.027458][ T6755] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[  253.152591][ T6755] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c118, mo2=0002]
[  253.180858][ T6759] netlink: 40 bytes leftover after parsing attributes in process `syz.4.301'.
[  253.205085][ T6755] EXT4-fs error (device loop0): ext4_iget_extra_inode:5104: inode #15: comm syz.0.298: corrupted in-inode xattr: e_value size too large
[  253.257393][ T6755] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.298: couldn't read orphan inode 15 (err -117)
[  253.316436][ T6755] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  254.088794][ T5809] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  254.191812][ T6768] loop4: detected capacity change from 0 to 32768
[  254.204421][ T6768] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.303 (6768)
[  254.228539][ T6768] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  254.239341][ T6768] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm
[  254.249512][ T6768] BTRFS info (device loop4): using free-space-tree
[  254.259367][ T6772] loop3: detected capacity change from 0 to 512
[  254.359633][ T6772] EXT4-fs error (device loop3): ext4_orphan_get:1392: inode #15: comm syz.3.305: iget: bad extended attribute block 1
[  254.427810][ T6772] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.305: couldn't read orphan inode 15 (err -117)
[  254.456390][ T6772] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  254.558413][ T5815] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  254.614473][ T6772] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 7969 vs 220 free clusters
[  254.727468][ T6772] EXT4-fs error (device loop3): htree_dirblock_to_tree:1080: inode #2: block 13: comm syz.3.305: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=2, rec_len=8, size=1024 fake=1
[  254.746463][ T6793] loop2: detected capacity change from 0 to 256
[  255.141731][ T5823] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  255.365755][   T30] audit: type=1326 audit(1754536420.591:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6796 comm="syz.3.311" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc289d8ebe9 code=0x0
[  256.093171][ T6814] loop2: detected capacity change from 0 to 128
[  256.520844][ T6825] netlink: 12 bytes leftover after parsing attributes in process `syz.1.320'.
[  256.532511][ T6825] netlink: 36 bytes leftover after parsing attributes in process `syz.1.320'.
[  256.568421][ T6825] vlan2: entered allmulticast mode
[  256.573806][ T6825] macvtap0: entered allmulticast mode
[  256.579516][ T6825] veth0_macvtap: entered allmulticast mode
[  256.633336][ T6824] loop3: detected capacity change from 0 to 2048
[  256.937175][ T6831] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  257.287505][ T6824] syz.3.319 (6824) used greatest stack depth: 4200 bytes left
[  257.464475][ T6836] loop1: detected capacity change from 0 to 1024
[  257.518028][ T6841] loop0: detected capacity change from 0 to 64
[  257.588482][ T6836] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  259.548489][ T6878] unknown channel width for channel at 909000KHz?
[  260.209292][ T5865] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  260.387027][ T5865] usb 4-1: Using ep0 maxpacket: 8
[  260.412201][ T5865] usb 4-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2
[  260.422286][ T5865] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  260.437952][ T5865] usb 4-1: Product: syz
[  260.444439][ T5865] usb 4-1: Manufacturer: syz
[  260.449644][ T5865] usb 4-1: SerialNumber: syz
[  260.495399][ T5865] usb 4-1: config 0 descriptor??
[  260.764129][ T5865] usb 4-1: dvb_usb_v2: found a 'Terratec H7' in warm state
[  261.688500][ T6914] netlink: 4 bytes leftover after parsing attributes in process `syz.0.357'.
[  262.292732][ T6909] loop4: detected capacity change from 0 to 40427
[  262.303057][ T5865] usb write operation failed. (-71)
[  262.309226][ T5865] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  262.310615][ T5865] dvbdev: DVB: registering new adapter (Terratec H7)
[  262.310750][ T5865] usb 4-1: media controller created
[  262.311844][ T5865] usb read operation failed. (-71)
[  262.320085][ T5865] usb write operation failed. (-71)
[  262.325715][ T5865] dvb_usb_az6007 4-1:0.0: probe with driver dvb_usb_az6007 failed with error -5
[  262.332477][ T5865] usb 4-1: USB disconnect, device number 3
[  262.355177][ T6909] F2FS-fs (loop4): Image doesn't support compression
[  262.355285][ T6909] F2FS-fs (loop4): build fault injection rate: 690
[  262.355379][ T6909] F2FS-fs (loop4): build fault injection type: 0x4
[  262.392803][ T6909] F2FS-fs (loop4): invalid crc value
[  262.728783][ T6909] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  262.751898][ T6909] F2FS-fs (loop4): Start checkpoint disabled!
[  262.807311][ T6909] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  262.823941][ T6909] F2FS-fs (loop4): disabling checkpoint not compatible with read-only
[  263.648123][ T5874] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  263.819409][ T5874] usb 2-1: Using ep0 maxpacket: 16
[  263.841363][ T5874] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  263.854079][ T5874] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  263.863659][ T5874] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  263.899727][ T5874] usb 2-1: config 0 descriptor??
[  264.357187][ T5874] mcp2221 0003:04D8:00DD.0003: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0
[  264.450721][ T6945] netlink: 8 bytes leftover after parsing attributes in process `syz.4.362'.
[  264.801966][ T5874] usb 2-1: USB disconnect, device number 2
[  266.039827][ T6973] loop3: detected capacity change from 0 to 2048
[  266.097159][ T6973] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  266.462939][ T6983] mkiss: ax0: crc mode is auto.
[  266.786249][ T6988] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  267.103374][ T6994] loop0: detected capacity change from 0 to 64
[  267.163294][ T6994] BFS-fs: bfs_fill_super(): loop0 is unclean, continuing
[  267.800534][ T7006] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[  267.922378][ T7008] loop0: detected capacity change from 0 to 1024
[  268.609894][ T7019] process 'syz.4.405' launched './file0' with NULL argv: empty string added
[  268.614651][ T7020] loop3: detected capacity change from 0 to 256
[  268.650309][ T7020] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[  268.684393][ T7020] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512
[  268.694700][ T7020] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
[  268.702959][ T7020] UDF-fs: Scanning with blocksize 512 failed
[  268.746054][ T7020] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[  268.813119][ T7020] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  269.356446][ T7024] loop2: detected capacity change from 0 to 32768
[  269.379745][ T7024] 
[  269.379745][ T7024]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  269.379745][ T7024] 
[  269.406539][ T7024] read_mapping_page failed!
[  269.411749][ T7024] ERROR: (device loop2): txAbort: 
[  269.411749][ T7024] 
[  269.420509][ T7024] ERROR: (device loop2): remounting filesystem as read-only
[  269.547319][   T42] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  270.364770][ T7030] loop3: detected capacity change from 0 to 32768
[  270.378237][ T7030] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.409 (7030)
[  270.392395][   T42] usb 1-1: Using ep0 maxpacket: 8
[  270.414870][ T7030] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  270.424700][ T7037] netlink: 20 bytes leftover after parsing attributes in process `syz.4.414'.
[  270.425776][ T7030] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm
[  270.443429][ T7030] BTRFS info (device loop3): using free-space-tree
[  270.454039][   T42] usb 1-1: config index 0 descriptor too short (expected 30, got 18)
[  270.487260][   T42] usb 1-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  270.496724][   T42] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  270.505415][   T42] usb 1-1: Product: syz
[  270.510379][   T42] usb 1-1: Manufacturer: syz
[  270.515331][   T42] usb 1-1: SerialNumber: syz
[  270.551470][   T42] usb 1-1: config 0 descriptor??
[  270.570504][   T42] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  270.579682][   T42] usb 1-1: setting power ON
[  270.584398][   T42] dvb-usb: bulk message failed: -22 (2/0)
[  270.643011][   T42] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  270.659364][   T42] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  270.668360][   T42] usb 1-1: media controller created
[  270.725985][   T42] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  270.843723][   T42] usb 1-1: selecting invalid altsetting 6
[  270.848188][ T5823] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  270.850273][   T42] usb 1-1: digital interface selection failed (-22)
[  270.867107][   T42] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  270.882996][ T7022] dvb-usb: bulk message failed: -22 (3/0)
[  270.891467][ T7022] dvb-usb: bulk message failed: -22 (5/0)
[  270.902292][   T42] usb 1-1: setting power OFF
[  270.912830][   T42] dvb-usb: bulk message failed: -22 (2/0)
[  270.919020][   T42] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  270.928653][   T42] (NULL device *): no alternate interface
[  271.005887][ T7022] dvb-usb: bulk message failed: -22 (3/0)
[  271.170314][   T42] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  271.223132][   T42] usb 1-1: USB disconnect, device number 5
[  271.506004][ T7059] loop1: detected capacity change from 0 to 1024
[  272.217162][   T42] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  272.301557][ T7074] loop4: detected capacity change from 0 to 1024
[  272.374319][ T7074] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  272.389055][ T5865] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  272.389966][   T42] usb 1-1: Using ep0 maxpacket: 32
[  272.413434][   T42] usb 1-1: config 0 has an invalid interface number: 85 but max is 0
[  272.422317][   T42] usb 1-1: config 0 has no interface number 0
[  272.428856][   T42] usb 1-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  272.440443][   T42] usb 1-1: config 0 interface 85 has no altsetting 0
[  272.456383][   T42] usb 1-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  272.466127][   T42] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  272.474470][   T42] usb 1-1: Product: syz
[  272.479069][   T42] usb 1-1: Manufacturer: syz
[  272.483834][   T42] usb 1-1: SerialNumber: syz
[  272.493603][   T42] usb 1-1: config 0 descriptor??
[  272.639422][ T5865] usb 3-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  272.649853][ T5865] usb 3-1: config 0 interface 0 has no altsetting 0
[  272.698095][ T5865] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  272.707662][ T5865] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  272.716065][ T5865] usb 3-1: Product: syz
[  272.728862][ T5865] usb 3-1: Manufacturer: syz
[  272.734033][ T5865] usb 3-1: SerialNumber: syz
[  272.809315][ T5815] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  272.830877][ T5865] usb 3-1: config 0 descriptor??
[  272.861431][ T5865] usb 3-1: selecting invalid altsetting 0
[  272.907242][ T5874] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  273.087248][ T5874] usb 2-1: Using ep0 maxpacket: 16
[  273.112331][ T5865] usb 3-1: USB disconnect, device number 6
[  273.119106][ T5874] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  273.129816][ T5874] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  273.140970][ T5874] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  273.187383][   T42] appletouch 1-1:0.85: Geyser mode initialized.
[  273.196702][   T42] input: appletouch as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.85/input/input9
[  273.240702][ T5874] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  273.251311][ T5874] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  273.259846][ T5874] usb 2-1: Product: syz
[  273.264285][ T5874] usb 2-1: Manufacturer: syz
[  273.269278][ T5874] usb 2-1: SerialNumber: syz
[  273.375669][   T42] usb 1-1: USB disconnect, device number 6
[  273.424842][   T42] appletouch 1-1:0.85: input: appletouch disconnected
[  273.556392][ T7088] loop4: detected capacity change from 0 to 4096
[  273.744047][ T5874] usb 2-1: 0:2 : does not exist
[  274.205726][ T5874] usb 2-1: 1:0: cannot get min/max values for control 2 (id 1)
[  274.346715][ T5874] usb 2-1: USB disconnect, device number 3
[  274.981635][ T7107] loop2: detected capacity change from 0 to 512
[  275.239944][ T7098] loop3: detected capacity change from 0 to 40427
[  275.288966][ T7098] F2FS-fs (loop3): Corrupted extension count (64 + 1 > 64)
[  275.296565][ T7098] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  275.472989][ T7107] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  275.492324][ T7107] ext4 filesystem being mounted at /81/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  275.618780][ T7098] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  275.675038][ T7098] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  275.685220][ T7098] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  275.716646][ T7107] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 3: comm syz.2.437: path /81/file1: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=514, rec_len=0, size=2048 fake=0
[  275.769453][ T7107] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 4: comm syz.2.437: path /81/file1: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=11, rec_len=10454, size=2048 fake=1
[  275.808705][ T7120] loop0: detected capacity change from 0 to 1024
[  275.870963][ T7107] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 12: comm syz.2.437: path /81/file1: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0
[  276.090584][ T7128] loop1: detected capacity change from 0 to 2048
[  276.153405][ T7128] UDF-fs: error (device loop1): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  276.205783][ T7128] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found
[  276.214035][ T7128] UDF-fs: Scanning with blocksize 512 failed
[  276.299304][ T7128] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  276.344198][ T3778] hfsplus: b-tree write err: -5, ino 4
[  276.397151][ T5813] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  276.850679][ T7135] loop1: detected capacity change from 0 to 22
[  276.898592][ T7135] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  277.172652][ T3724] wlan1: BSS 50:50:50:50:50:50 switches to unsupported channel (0 MHz), disconnecting
[  277.245128][ T3724] wlan1: Selected IBSS BSSID 50:50:50:50:50:50 based on configured SSID
[  277.657178][ T5865] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  277.658466][ T7148] loop0: detected capacity change from 0 to 64
[  277.721597][ T7148] BFS-fs: bfs_fill_super(): loop0 is unclean, continuing
[  277.797596][ T7150] loop4: detected capacity change from 0 to 2048
[  277.842899][ T5865] usb 3-1: Using ep0 maxpacket: 8
[  277.928472][ T5865] usb 3-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  277.936113][ T7150] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  277.938465][ T5865] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  277.952487][ T7150] ext4 filesystem being mounted at /88/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  277.978731][ T5865] usb 3-1: Product: syz
[  277.983404][ T5865] usb 3-1: Manufacturer: syz
[  277.988471][ T5865] usb 3-1: SerialNumber: syz
[  278.105779][ T7158] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.454: bg 0: block 345: padding at end of block bitmap is not set
[  278.173879][ T5865] usb 3-1: config 0 descriptor??
[  278.208137][ T7158] EXT4-fs (loop4): Remounting filesystem read-only
[  278.211897][ T5865] gspca_main: se401-2.14.0 probing 047d:5003
[  278.228238][ T3984] EXT4-fs warning (device loop4): ext4_convert_unwritten_extents:4984: inode #15: block 1: len 15: ext4_ext_map_blocks returned -30
[  278.639258][ T5815] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  278.811958][ T5865] input: se401 as /devices/platform/dummy_hcd.2/usb3/3-1/input/input10
[  278.867866][ T7165] loop3: detected capacity change from 0 to 2048
[  278.876974][ T7169] loop1: detected capacity change from 0 to 2048
[  278.899367][ T7168] loop0: detected capacity change from 0 to 2048
[  278.929900][ T7165] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  278.962313][ T7171] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  279.088379][ T5865] usb 3-1: USB disconnect, device number 7
[  279.326569][ T7174] binder: 7173:7174 ioctl c018620c 2000000000c0 returned -22
[  279.427401][ T7176] loop0: detected capacity change from 0 to 512
[  279.569286][ T7176] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  279.584514][ T7176] ext4 filesystem being mounted at /90/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  279.736532][ T7182] loop3: detected capacity change from 0 to 1024
[  279.757388][ T7176] EXT4-fs error (device loop0): ext4_lookup:1787: inode #12: comm syz.0.464: iget: bad i_size value: 2533274857506816
[  279.797004][   T30] audit: type=1800 audit(1754536445.021:8): pid=7184 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.466" name="bus" dev="tmpfs" ino=492 res=0 errno=0
[  279.847735][ T7176] EXT4-fs (loop0): Remounting filesystem read-only
[  279.901722][ T7182] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  279.915091][ T7182] ext4 filesystem being mounted at /94/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  279.942800][ T7189] loop1: detected capacity change from 0 to 256
[  280.330627][ T5809] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  280.780744][ T5823] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  281.328750][ T7188] loop2: detected capacity change from 0 to 65536
[  281.371631][ T7188] XFS (loop2): Mounting V5 Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[  281.659545][ T7188] XFS (loop2): Ending clean mount
[  281.674988][ T7188] XFS (loop2): Quotacheck needed: Please wait.
[  281.792786][ T7188] XFS (loop2): Quotacheck: Done.
[  281.948789][ T5813] XFS (loop2): Unmounting Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[  282.163942][ T7218] loop1: detected capacity change from 0 to 64
[  283.455872][ T7234] netlink: 2 bytes leftover after parsing attributes in process `syz.1.485'.
[  284.366952][ T7245] netlink: 4 bytes leftover after parsing attributes in process `syz.1.489'.
[  285.089973][ T7257] loop2: detected capacity change from 0 to 128
[  285.178462][ T7253] loop0: detected capacity change from 0 to 4096
[  285.237132][ T7253] ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512).
[  285.310723][ T7259] loop1: detected capacity change from 0 to 1024
[  285.390713][ T7261] syzkaller0: tun_chr_ioctl cmd 1074025677
[  285.397307][ T7261] syzkaller0: linktype set to 0
[  285.469990][ T7259] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  285.860400][ T5810] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  286.010193][ T1288] ieee802154 phy0 wpan0: encryption failed: -22
[  286.017092][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[  286.688737][ T7286] loop3: detected capacity change from 0 to 256
[  286.703930][ T7284] loop0: detected capacity change from 0 to 256
[  287.143824][ T7293] loop4: detected capacity change from 0 to 1024
[  287.458593][ T7301] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[  288.001082][ T7312] netlink: 'syz.0.518': attribute type 10 has an invalid length.
[  288.024857][ T7312] 8021q: adding VLAN 0 to HW filter on device batadv0
[  288.039846][ T7312] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  288.178228][ T7312] netlink: 'syz.0.518': attribute type 10 has an invalid length.
[  288.188379][ T7312] netlink: 40 bytes leftover after parsing attributes in process `syz.0.518'.
[  288.198603][ T7312] batadv0: entered promiscuous mode
[  288.204493][ T7312] batadv0: entered allmulticast mode
[  288.268934][ T7312] bond0: (slave batadv0): Releasing backup interface
[  288.343549][ T7312] bridge0: port 3(batadv0) entered blocking state
[  288.351732][ T7312] bridge0: port 3(batadv0) entered disabled state
[  288.368192][ T7319] netlink: 732 bytes leftover after parsing attributes in process `syz.2.520'.
[  288.865768][ T3724] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[  288.876288][ T3724] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[  289.260393][ T7339] netlink: 12 bytes leftover after parsing attributes in process `syz.2.530'.
[  289.757064][ T7343] Process accounting resumed
[  289.995097][ T7352] loop4: detected capacity change from 0 to 512
[  290.022530][ T7352] EXT4-fs: Ignoring removed nobh option
[  290.057699][ T7352] EXT4-fs (loop4): Test dummy encryption mode enabled
[  290.109849][ T7352] EXT4-fs error (device loop4): __ext4_iget:5464: inode #11: block 1: comm syz.4.536: invalid block
[  290.146457][ T7352] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.536: couldn't read orphan inode 11 (err -117)
[  290.178442][ T7352] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  290.257225][ T5859] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  290.293308][ T5815] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  290.337520][   T42] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  290.446072][ T5859] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  290.496238][ T5859] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  290.506066][ T5859] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  290.514559][ T5859] usb 1-1: SerialNumber: syz
[  290.522611][   T42] usb 3-1: Using ep0 maxpacket: 32
[  290.557467][   T42] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  290.569119][   T42] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  290.617613][   T42] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  290.627297][   T42] usb 3-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  290.635988][   T42] usb 3-1: Product: syz
[  290.642904][   T42] usb 3-1: Manufacturer: syz
[  290.703564][   T42] hub 3-1:4.0: USB hub found
[  290.947582][   T42] hub 3-1:4.0: config failed, hub has too many ports! (err -19)
[  291.318904][ T5865] usb 3-1: USB disconnect, device number 8
[  291.483018][ T5859] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -71
[  291.521474][ T5859] usb 1-1: USB disconnect, device number 7
[  291.591030][ T7376] loop3: detected capacity change from 0 to 1024
[  291.847755][   T42] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  292.022690][ T7382] Bluetooth: MGMT ver 1.23
[  292.027559][   T42] usb 5-1: Using ep0 maxpacket: 16
[  292.039872][   T42] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  292.055538][   T42] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  292.065130][ T7384] program syz.3.551 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  292.065840][   T42] usb 5-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00
[  292.086539][   T42] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  292.230393][   T42] usb 5-1: config 0 descriptor??
[  292.573733][ T7392] netlink: 68 bytes leftover after parsing attributes in process `syz.2.554'.
[  292.711694][   T42] playstation 0003:054C:05C4.0004: hidraw0: USB HID v0.00 Device [HID 054c:05c4] on usb-dummy_hcd.4-1/input0
[  292.910692][   T42] playstation 0003:054C:05C4.0004: Invalid byte count transferred, expected 16 got 0
[  292.921066][   T42] playstation 0003:054C:05C4.0004: Failed to retrieve DualShock4 pairing info: -22
[  292.932202][   T42] playstation 0003:054C:05C4.0004: Failed to get MAC address from DualShock4
[  292.937339][ T7396] loop0: detected capacity change from 0 to 512
[  292.941413][   T42] playstation 0003:054C:05C4.0004: Failed to create dualshock4.
[  293.059992][   T42] playstation 0003:054C:05C4.0004: probe with driver playstation failed with error -22
[  293.111880][ T7396] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  293.125627][ T7396] ext4 filesystem being mounted at /106/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  293.208175][   T42] usb 5-1: USB disconnect, device number 5
[  293.267258][   T30] audit: type=1800 audit(1754536458.501:9): pid=7396 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.557" name="file1" dev="loop0" ino=15 res=0 errno=0
[  293.289494][   T30] audit: type=1800 audit(1754536458.511:10): pid=7396 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.557" name="file2" dev="loop0" ino=16 res=0 errno=0
[  293.431462][ T7406] loop1: detected capacity change from 0 to 1024
[  293.492435][ T7406] hfsplus: bad catalog entry type
[  293.578817][ T5809] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  293.648183][ T3672] hfsplus: b-tree write err: -5, ino 4
[  294.592205][ T7412] loop0: detected capacity change from 0 to 32768
[  295.226056][ T7425] loop3: detected capacity change from 0 to 128
[  295.711439][ T7422] loop2: detected capacity change from 0 to 32768
[  295.836082][ T7422] JBD2: Ignoring recovery information on journal
[  295.958850][ T7422] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  296.339250][ T5813] ocfs2: Unmounting device (7,2) on (node local)
[  297.127642][    T9] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  297.330034][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  297.341392][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  297.353868][    T9] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  297.368507][    T9] usb 1-1: New USB device found, idVendor=16c0, idProduct=75e1, bcdDevice= 0.00
[  297.379387][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  297.496557][    T9] usb 1-1: config 0 descriptor??
[  297.545355][    T9] usbhid 1-1:0.0: can't add hid device: -22
[  297.545996][    T9] usbhid 1-1:0.0: probe with driver usbhid failed with error -22
[  297.738490][   T42] usb 1-1: USB disconnect, device number 8
[  298.304594][ T5812] Bluetooth: hci3: command 0x0406 tx timeout
[  298.304729][ T5812] Bluetooth: hci4: command 0x0406 tx timeout
[  298.304827][ T5812] Bluetooth: hci0: command 0x0406 tx timeout
[  298.304929][ T5812] Bluetooth: hci1: command 0x0406 tx timeout
[  298.305022][ T5812] Bluetooth: hci2: command 0x0406 tx timeout
[  298.848944][ T7468] loop0: detected capacity change from 0 to 512
[  298.849621][ T7467] loop2: detected capacity change from 0 to 1024
[  298.955558][ T7468] EXT4-fs error (device loop0): ext4_orphan_get:1392: inode #15: comm syz.0.586: casefold flag without casefold feature
[  299.048816][ T7468] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.586: couldn't read orphan inode 15 (err -117)
[  299.109483][ T7468] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  299.334941][ T3672] hfsplus: b-tree write err: -5, ino 4
[  299.497268][ T5809] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  299.966380][ T7493] netlink: 'syz.1.597': attribute type 10 has an invalid length.
[  299.977900][    T9] usb 1-1: new full-speed USB device number 9 using dummy_hcd
[  300.035685][ T7493] bond0: (slave netdevsim3): Enslaving as an active interface with an up link
[  300.087484][ T7496] netlink: 'syz.1.597': attribute type 10 has an invalid length.
[  300.207488][    T9] usb 1-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[  300.217960][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  300.226235][    T9] usb 1-1: Product: syz
[  300.231286][    T9] usb 1-1: Manufacturer: syz
[  300.236298][    T9] usb 1-1: SerialNumber: syz
[  300.289075][    T9] usb 1-1: config 0 descriptor??
[  300.342777][    T9] gspca_main: sq930x-2.14.0 probing 2770:930c
[  300.654001][ T7505] netlink: 40 bytes leftover after parsing attributes in process `syz.1.601'.
[  301.162968][    T9] gspca_sq930x: ucbus_write failed -71
[  301.163413][    T9] sq930x 1-1:0.0: probe with driver sq930x failed with error -71
[  301.168347][    T9] usb 1-1: USB disconnect, device number 9
[  301.302432][ T7511] loop1: detected capacity change from 0 to 2048
[  301.381758][ T7511] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  303.786586][ T7543] loop1: detected capacity change from 0 to 32768
[  303.894323][ T7543] JBD2: Ignoring recovery information on journal
[  303.987192][ T7543] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  304.012154][ T7551] loop3: detected capacity change from 0 to 2048
[  304.063316][ T7551] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  304.285574][ T5810] ocfs2: Unmounting device (7,1) on (node local)
[  304.327913][ T7558] netlink: 180 bytes leftover after parsing attributes in process `syz.4.626'.
[  304.419436][ T7561] netlink: 180 bytes leftover after parsing attributes in process `syz.4.626'.
[  304.459588][ T7560] netlink: 32 bytes leftover after parsing attributes in process `syz.2.629'.
[  304.480997][ T7558] netlink: 180 bytes leftover after parsing attributes in process `syz.4.626'.
[  305.129727][    T9] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  305.351954][    T9] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  305.433058][    T9] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  305.442812][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  305.451364][    T9] usb 3-1: SerialNumber: syz
[  305.621793][ T7569] loop4: detected capacity change from 0 to 32768
[  305.632050][ T7569] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.632 (7569)
[  305.668338][ T7569] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  305.679116][ T7569] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm
[  305.688198][ T7569] BTRFS info (device loop4): using free-space-tree
[  305.932558][ T5815] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  305.979260][ T7588] netlink: 20 bytes leftover after parsing attributes in process `syz.1.627'.
[  306.506704][    T9] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -71
[  306.569401][    T9] usb 3-1: USB disconnect, device number 9
[  307.243754][   T42] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  307.428573][   T42] usb 1-1: Using ep0 maxpacket: 8
[  307.478229][   T42] usb 1-1: unable to get BOS descriptor or descriptor too short
[  307.504930][   T42] usb 1-1: config 4 interface 0 has no altsetting 0
[  307.550743][   T42] usb 1-1: string descriptor 0 read error: -22
[  307.561054][   T42] usb 1-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  307.570919][   T42] usb 1-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3
[  307.681814][   T42] usb 1-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  307.731163][   T42] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  307.746117][   T42] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  307.754585][   T42] usb 1-1: media controller created
[  307.838963][   T42] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  308.080586][ T7622] netlink: 4 bytes leftover after parsing attributes in process `syz.4.647'.
[  308.203356][   T42] zl10353_read_register: readreg error (reg=127, ret==0)
[  308.604582][   T42] usb 1-1: USB disconnect, device number 10
[  308.924976][ T7635] loop4: detected capacity change from 0 to 256
[  309.120472][ T7635] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xf6e0d861, utbl_chksum : 0xe619d30d)
[  310.275831][ T7656] loop3: detected capacity change from 0 to 64
[  310.532316][ T7656] hfs: request for non-existent node 24 in B*Tree
[  310.539317][ T7656] hfs: request for non-existent node 24 in B*Tree
[  311.018631][ T7663] loop1: detected capacity change from 0 to 4096
[  311.045745][   T42] hid-generic 0000:0005:0009.0005: unknown main item tag 0x0
[  311.054337][   T42] hid-generic 0000:0005:0009.0005: unknown main item tag 0x0
[  311.062340][   T42] hid-generic 0000:0005:0009.0005: unknown main item tag 0x0
[  311.148641][ T7673] netlink: 8 bytes leftover after parsing attributes in process `syz.4.672'.
[  311.197274][   T42] hid-generic 0000:0005:0009.0005: hidraw0: <UNKNOWN> HID v0.02 Device [syz0] on syz1
[  311.935971][ T7681] loop2: detected capacity change from 0 to 1024
[  312.233455][ T3724] hfsplus: b-tree write err: -5, ino 4
[  312.409112][ T7693] loop0: detected capacity change from 0 to 64
[  312.770439][ T7701] loop3: detected capacity change from 0 to 512
[  312.915945][ T7701] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  312.930051][ T7701] ext4 filesystem being mounted at /145/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  313.083990][ T7701] overlayfs: workdir and upperdir must reside under the same mount
[  313.364555][ T3724] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  313.489684][ T5823] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  313.567068][ T3724] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  313.709757][ T7718] capability: warning: `syz.4.696' uses 32-bit capabilities (legacy support in use)
[  313.831365][ T3724] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  314.098861][ T3724] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  314.325145][ T7716] loop1: detected capacity change from 0 to 32768
[  314.505754][ T7716] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,fix_errors=yes,norecovery,nojournal_transaction_names,read_only
[  314.505892][ T7716]   allowing incompatible features above 0.0: (unknown version)
[  314.505980][ T7716]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  314.549172][ T7716] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0
[  314.558339][ T7716] bcachefs (loop1): recovering from clean shutdown, journal seq 10
[  314.567205][ T7716] bcachefs (loop1): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.28: inode_has_case_insensitive
[  314.567205][ T7716]   running recovery passes: check_allocations,check_extents_to_backpointers,check_inodes
[  314.612142][ T3724] bridge_slave_1: left allmulticast mode
[  314.618258][ T3724] bridge_slave_1: left promiscuous mode
[  314.624945][ T3724] bridge0: port 2(bridge_slave_1) entered disabled state
[  314.646575][ T3724] bridge_slave_0: left allmulticast mode
[  314.652975][ T3724] bridge_slave_0: left promiscuous mode
[  314.661113][ T3724] bridge0: port 1(bridge_slave_0) entered disabled state
[  314.689818][ T7716] bcachefs (loop1): btree node read error at btree alloc level 0/0
[  314.689907][ T7716]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0
[  314.690002][ T7716]   loop1 node offset 0/24: got wrong btree node: got
[  314.690071][ T7716]   btree=alloc level=0 seq 98dc7e261 1
[  314.690153][ T7716]   min: POS_MIN
[  314.690210][ T7716]   max: SPOS_MAX
[  314.690267][ T7716]   loop1 btree validate error
[  314.690328][ T7716]   flagging btree alloc lost data
[  314.690395][ T7716]   running recovery pass check_topology (2), currently at recovery_pass_empty (0)
[  314.690476][ T7716]   running recovery pass check_lrus (14), currently at recovery_pass_empty (0)
[  314.690557][ T7716]   running recovery pass check_backpointers_to_extents (16), currently at recovery_pass_empty (0)
[  314.690642][ T7716]   running recovery pass check_alloc_info (13), currently at recovery_pass_empty (0)
[  314.690718][ T7716]   ret btree_node_read_err_bad_node
[  314.811076][ T7716] bcachefs (loop1): error reading btree root btree=alloc level=0: btree_node_read_error, fixing
[  314.999695][ T7716] bcachefs (loop1): btree node read error at btree lru level 0/0
[  314.999787][ T7716]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 28f61e078e70b95c written 16 min_key 0:196608:0 durability: 1 ptr: 0:28:0 gen 0
[  314.999886][ T7716]   loop1 node offset 0/16: incorrect min_key: got POS_MIN should be 0:196608:0
[  314.999963][ T7716]   loop1 btree validate error
[  315.000025][ T7716]   flagging btree lru lost data
[  315.000088][ T7716]   ret btree_node_read_err_bad_node
[  315.063526][ T7716] bcachefs (loop1): error reading btree root btree=lru level=0: btree_node_read_error, fixing
[  315.250155][ T7716] bcachefs (loop1): btree node read error at btree freespace level 0/0
[  315.250253][ T7716]   u64s 11 type btree_ptr_v2 36591746972385279:U64_MAX:U32_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0
[  315.250357][ T7716]   loop1 node offset 0/32 bset u64s 0: incorrect max key SPOS_MAX
[  315.250430][ T7716]   loop1 btree validate error
[  315.250499][ T7716]   flagging btree freespace lost data
[  315.250563][ T7716]   ret btree_node_read_err_bad_node
[  315.329026][ T7716] bcachefs (loop1): error reading btree root btree=freespace level=0: btree_node_read_error, fixing
[  315.374840][ T7716] bcachefs (loop1): check_topology... done
[  315.387488][ T7716] bcachefs (loop1): accounting_read... done
[  315.398011][ T7716] bcachefs (loop1): alloc_read... done
[  315.405934][ T7716] bcachefs (loop1): snapshots_read... done
[  315.415002][ T7716] bcachefs (loop1): Fixed errors, running fsck a second time to verify fs is clean
[  315.432922][ T7716] bcachefs (loop1): done starting filesystem
[  315.488315][ T3724] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  315.505454][ T7716] bcachefs (loop1): error going rw: -2267
[  315.538714][ T3724] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  315.560218][ T3724] bond0 (unregistering): Released all slaves
[  315.595939][ T5810] bcachefs (loop1): shutting down
[  315.670592][ T5810] bcachefs (loop1): shutdown complete
[  316.320490][ T3724] hsr_slave_0: left promiscuous mode
[  316.338453][ T3724] hsr_slave_1: left promiscuous mode
[  316.349234][ T3724] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  316.357122][ T3724] batman_adv: batadv0: Removing interface: batadv_slave_0
[  316.414889][ T3724] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  316.422767][ T3724] batman_adv: batadv0: Removing interface: batadv_slave_1
[  316.549629][ T3724] batman_adv: batadv0: Removing interface: ipvlan2
[  316.675138][ T7734] loop0: detected capacity change from 0 to 512
[  316.728583][ T3724] veth1_macvtap: left promiscuous mode
[  316.734522][ T3724] veth0_macvtap: left promiscuous mode
[  316.740694][ T3724] veth1_vlan: left promiscuous mode
[  316.746466][ T3724] veth0_vlan: left promiscuous mode
[  316.864705][ T7734] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  317.178232][ T7733] loop4: detected capacity change from 0 to 32768
[  317.197184][ T5817] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  317.256282][ T5817] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  317.271269][ T5817] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  317.318663][ T5817] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  317.378825][ T5817] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  317.454598][ T5809] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  317.758473][ T3724] team0 (unregistering): Port device team_slave_1 removed
[  317.815837][ T7733] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=crc64,data_checksum=none,compression=lz4,journal_flush_disabled,fsck,recovery_pass_last=set_may_go_rw,reconstruct_alloc,no_data_io
[  317.815963][ T7733]   allowing incompatible features above 0.0: (unknown version)
[  317.816040][ T7733]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  317.859773][ T7733] bcachefs (loop4): Using encoding defined by superblock: utf8-12.1.0
[  317.869070][ T7733] bcachefs (loop4): recovering from clean shutdown, journal seq 10
[  317.884737][ T7733] bcachefs (loop4): Version upgrade required:
[  317.884737][ T7733] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[  317.884737][ T7733] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive
[  317.884737][ T7733]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance
[  317.891909][ T3724] team0 (unregistering): Port device team_slave_0 removed
[  317.971942][ T7733] bcachefs (loop4): dropping and reconstructing all alloc info
[  318.216591][ T7733] bcachefs (loop4): accounting_read... done
[  318.275751][ T7733] bcachefs (loop4): alloc_read... done
[  318.316052][ T7733] bcachefs (loop4): snapshots_read... done
[  318.354413][ T7733] bcachefs (loop4): check_allocations...
[  318.740904][   T42] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  318.834741][ T7733]  done
[  318.858781][ T7733] bcachefs (loop4): going read-write
[  318.945362][   T42] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  318.947149][ T7733] bcachefs (loop4): done starting filesystem
[  318.955970][   T42] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  318.991321][   T42] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  319.000978][   T42] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  319.010847][   T42] usb 1-1: SerialNumber: syz
[  319.251654][ T5815] bcachefs (loop4): shutting down
[  319.257158][ T5815] bcachefs (loop4): going read-only
[  319.262570][ T5815] bcachefs (loop4): finished waiting for writes to stop
[  319.289390][ T7735] chnl_net:caif_netlink_parms(): no params data found
[  319.331738][   T42] usb 1-1: 0:2 : does not exist
[  319.335084][ T5815] bcachefs (loop4): flushing journal and stopping allocators, journal seq 11
[  319.404413][ T5815] bcachefs (loop4): flushing journal and stopping allocators complete, journal seq 11
[  319.458127][   T42] usb 1-1: USB disconnect, device number 11
[  319.488069][ T5817] Bluetooth: hci3: command tx timeout
[  319.560547][ T5815] bcachefs (loop4): unclean shutdown complete, journal seq 12
[  319.587192][ T5815] bcachefs (loop4): done going read-only, filesystem not clean
[  319.628596][ T5815] bcachefs (loop4): shutdown complete
[  319.730090][ T7766] tap0: tun_chr_ioctl cmd 1074025677
[  319.736445][ T7766] tap0: linktype set to 780
[  320.663392][ T7781] loop3: detected capacity change from 0 to 512
[  320.682060][ T7781] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  320.682151][ T7779] bond1: entered promiscuous mode
[  320.698011][ T7779] bond1: entered allmulticast mode
[  320.704913][ T7779] 8021q: adding VLAN 0 to HW filter on device bond1
[  320.727334][ T7779] bond1 (unregistering): Released all slaves
[  320.754173][ T7784] netlink: 'syz.0.716': attribute type 4 has an invalid length.
[  320.773285][ T7735] bridge0: port 1(bridge_slave_0) entered blocking state
[  320.781250][ T7735] bridge0: port 1(bridge_slave_0) entered disabled state
[  320.789247][ T7735] bridge_slave_0: entered allmulticast mode
[  320.798687][ T7735] bridge_slave_0: entered promiscuous mode
[  320.825424][ T7735] bridge0: port 2(bridge_slave_1) entered blocking state
[  320.833257][ T7735] bridge0: port 2(bridge_slave_1) entered disabled state
[  320.844051][ T7735] bridge_slave_1: entered allmulticast mode
[  320.860697][ T7735] bridge_slave_1: entered promiscuous mode
[  320.906378][ T7781] EXT4-fs (loop3): 1 orphan inode deleted
[  320.912440][ T7781] EXT4-fs (loop3): 1 truncate cleaned up
[  320.920521][ T7781] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  321.017133][ T7781] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[  321.054710][ T7735] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  321.096626][ T7735] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  321.121839][ T7781] EXT4-fs (loop3): Remounting filesystem read-only
[  321.161590][ T7781] EXT4-fs (loop3): error restoring inline_data for inode -- potential data loss! (inode 12, error -30)
[  321.275662][ T7735] team0: Port device team_slave_0 added
[  321.333130][ T7735] team0: Port device team_slave_1 added
[  321.544306][ T5823] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  321.567390][ T5105] Bluetooth: hci3: command tx timeout
[  321.586647][ T7735] batman_adv: batadv0: Adding interface: batadv_slave_0
[  321.594142][ T7735] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  321.621909][ T7735] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  321.639806][ T7735] batman_adv: batadv0: Adding interface: batadv_slave_1
[  321.647671][ T7735] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  321.676163][ T7735] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  322.017021][ T7735] hsr_slave_0: entered promiscuous mode
[  322.026942][ T7735] hsr_slave_1: entered promiscuous mode
[  322.035478][ T7735] debugfs: 'hsr0' already exists in 'hsr'
[  322.041499][ T7735] Cannot create hsr debugfs directory
[  322.406270][ T7804] program syz.1.723 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  323.423023][ T7735] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  323.657416][ T5105] Bluetooth: hci3: command tx timeout
[  323.737309][ T7822] loop4: detected capacity change from 0 to 128
[  323.978438][   T30] audit: type=1800 audit(1754536489.111:11): pid=7822 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.709" name="file2" dev="loop4" ino=1048621 res=0 errno=0
[  324.108340][ T7817] loop0: detected capacity change from 0 to 32768
[  324.138579][ T7735] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  324.210626][ T7735] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  324.254163][ T7817] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,fix_errors=yes,norecovery,nojournal_transaction_names,read_only
[  324.254289][ T7817]   allowing incompatible features above 0.0: (unknown version)
[  324.254371][ T7817]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  324.296495][ T7817] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0
[  324.306269][ T7817] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[  324.315122][ T7817] bcachefs (loop0): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.28: inode_has_case_insensitive
[  324.315122][ T7817]   running recovery passes: check_allocations,check_extents_to_backpointers,check_inodes
[  324.351629][ T7735] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  324.392888][ T7817] bcachefs (loop0): btree node read error at btree alloc level 0/0
[  324.392982][ T7817]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0
[  324.393077][ T7817]   loop0 node offset 0/24: got wrong btree node: got
[  324.393147][ T7817]   btree=alloc level=0 seq 98dc7e261 1
[  324.393209][ T7817]   min: POS_MIN
[  324.393264][ T7817]   max: SPOS_MAX
[  324.393322][ T7817]   loop0 btree validate error
[  324.393384][ T7817]   flagging btree alloc lost data
[  324.393451][ T7817]   running recovery pass check_topology (2), currently at recovery_pass_empty (0)
[  324.393531][ T7817]   running recovery pass check_lrus (14), currently at recovery_pass_empty (0)
[  324.393611][ T7817]   running recovery pass check_backpointers_to_extents (16), currently at recovery_pass_empty (0)
[  324.393694][ T7817]   running recovery pass check_alloc_info (13), currently at recovery_pass_empty (0)
[  324.393772][ T7817]   ret btree_node_read_err_bad_node
[  324.495974][ T7817] bcachefs (loop0): error reading btree root btree=alloc level=0: btree_node_read_error, fixing
[  324.522536][ T7817] bcachefs (loop0): btree node read error at btree lru level 0/0
[  324.522632][ T7817]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 28f61e078e70b95c written 16 min_key 0:196608:0 durability: 1 ptr: 0:28:0 gen 0
[  324.522727][ T7817]   loop0 node offset 0/16: incorrect min_key: got POS_MIN should be 0:196608:0
[  324.522809][ T7817]   loop0 btree validate error
[  324.522871][ T7817]   flagging btree lru lost data
[  324.522932][ T7817]   ret btree_node_read_err_bad_node
[  324.573465][ T7817] bcachefs (loop0): error reading btree root btree=lru level=0: btree_node_read_error, fixing
[  324.590087][ T7817] bcachefs (loop0): btree node read error at btree freespace level 0/0
[  324.590181][ T7817]   u64s 11 type btree_ptr_v2 36591746972385279:U64_MAX:U32_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0
[  324.590283][ T7817]   loop0 node offset 0/32 bset u64s 0: incorrect max key SPOS_MAX
[  324.590354][ T7817]   loop0 btree validate error
[  324.590413][ T7817]   flagging btree freespace lost data
[  324.590475][ T7817]   ret btree_node_read_err_bad_node
[  324.642629][ T7817] bcachefs (loop0): error reading btree root btree=freespace level=0: btree_node_read_error, fixing
[  324.666609][ T7817] bcachefs (loop0): check_topology... done
[  324.678830][ T7817] bcachefs (loop0): accounting_read... done
[  324.687966][ T7817] bcachefs (loop0): alloc_read... done
[  324.695954][ T7817] bcachefs (loop0): snapshots_read... done
[  324.705468][ T7817] bcachefs (loop0): Fixed errors, running fsck a second time to verify fs is clean
[  324.717460][ T7817] bcachefs (loop0): done starting filesystem
[  324.782902][ T7830] loop3: detected capacity change from 0 to 256
[  324.826624][ T7817] bcachefs (loop0): error going rw: -2267
[  324.918241][ T5809] bcachefs (loop0): shutting down
[  324.971237][ T3672] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  325.086075][ T5809] bcachefs (loop0): shutdown complete
[  325.162047][ T3672] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  325.312487][ T3672] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  325.471993][ T3672] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  325.727224][ T5105] Bluetooth: hci3: command tx timeout
[  325.818073][ T3672] bridge_slave_1: left allmulticast mode
[  325.824010][ T3672] bridge_slave_1: left promiscuous mode
[  325.831190][ T3672] bridge0: port 2(bridge_slave_1) entered disabled state
[  325.846316][ T3672] bridge_slave_0: left allmulticast mode
[  325.852624][ T3672] bridge_slave_0: left promiscuous mode
[  325.859327][ T3672] bridge0: port 1(bridge_slave_0) entered disabled state
[  326.300580][ T3672] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  326.318218][ T3672] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  326.334385][ T3672] bond0 (unregistering): (slave bond1): Releasing backup interface
[  326.361589][ T3672] bond0 (unregistering): Released all slaves
[  326.390545][ T3672] bond1 (unregistering): Released all slaves
[  326.476165][ T7735] 8021q: adding VLAN 0 to HW filter on device bond0
[  326.598337][ T7735] 8021q: adding VLAN 0 to HW filter on device team0
[  326.760348][ T3557] bridge0: port 1(bridge_slave_0) entered blocking state
[  326.768208][ T3557] bridge0: port 1(bridge_slave_0) entered forwarding state
[  327.009701][ T3557] bridge0: port 2(bridge_slave_1) entered blocking state
[  327.017375][ T3557] bridge0: port 2(bridge_slave_1) entered forwarding state
[  327.141460][ T3672] hsr_slave_0: left promiscuous mode
[  327.177965][ T3672] hsr_slave_1: left promiscuous mode
[  327.185688][ T3672] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  327.193664][ T3672] batman_adv: batadv0: Removing interface: batadv_slave_0
[  327.294747][ T3672] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  327.306584][ T3672] batman_adv: batadv0: Removing interface: batadv_slave_1
[  327.419249][ T3672] veth1_macvtap: left promiscuous mode
[  327.425080][ T3672] veth0_macvtap: left promiscuous mode
[  327.432885][ T3672] veth1_vlan: left promiscuous mode
[  327.438603][ T3672] veth0_vlan: left promiscuous mode
[  327.485082][ T7844] loop1: detected capacity change from 0 to 512
[  327.674440][ T7844] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  327.688084][ T7844] ext4 filesystem being mounted at /161/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  327.858637][ T5817] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  327.869599][ T5817] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  327.905861][ T5817] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  327.977569][ T5817] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  328.019071][ T5817] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  328.031792][ T7844] grow_buffers: requested out-of-range block 18446744073709551615 for device loop1
[  328.041841][ T7844] EXT4-fs warning (device loop1): ext4_resize_fs:2019: can't read last block, resize aborted
[  328.227347][ T3672] team0 (unregistering): Port device team_slave_1 removed
[  328.269394][ T3672] team0 (unregistering): Port device team_slave_0 removed
[  328.405757][ T5810] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  329.630191][ T7859] loop3: detected capacity change from 0 to 32768
[  329.905661][ T7859] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,fix_errors=yes,norecovery,nojournal_transaction_names,read_only
[  329.905795][ T7859]   allowing incompatible features above 0.0: (unknown version)
[  329.905881][ T7859]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  329.948058][ T7859] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0
[  329.957232][ T7859] bcachefs (loop3): recovering from clean shutdown, journal seq 10
[  329.969079][ T7859] bcachefs (loop3): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.28: inode_has_case_insensitive
[  329.969079][ T7859]   running recovery passes: check_allocations,check_extents_to_backpointers,check_inodes
[  330.114886][ T7859] bcachefs (loop3): btree node read error at btree alloc level 0/0
[  330.114986][ T7859]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0
[  330.115087][ T7859]   loop3 node offset 0/24: got wrong btree node: got
[  330.115160][ T7859]   btree=alloc level=0 seq 98dc7e261 1
[  330.115232][ T7859]   min: POS_MIN
[  330.115290][ T7859]   max: SPOS_MAX
[  330.115351][ T7859]   loop3 btree validate error
[  330.115415][ T7859]   flagging btree alloc lost data
[  330.115482][ T7859]   running recovery pass check_topology (2), currently at recovery_pass_empty (0)
[  330.115571][ T7859]   running recovery pass check_lrus (14), currently at recovery_pass_empty (0)
[  330.115655][ T7859]   running recovery pass check_backpointers_to_extents (16), currently at recovery_pass_empty (0)
[  330.115745][ T7859]   running recovery pass check_alloc_info (13), currently at recovery_pass_empty (0)
[  330.115827][ T7859]   ret btree_node_read_err_bad_node
[  330.224758][ T7859] bcachefs (loop3): error reading btree root btree=alloc level=0: btree_node_read_error, fixing
[  330.240394][ T5817] Bluetooth: hci2: command tx timeout
[  330.323859][ T7859] bcachefs (loop3): btree node read error at btree lru level 0/0
[  330.323966][ T7859]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 28f61e078e70b95c written 16 min_key 0:196608:0 durability: 1 ptr: 0:28:0 gen 0
[  330.324070][ T7859]   loop3 node offset 0/16: incorrect min_key: got POS_MIN should be 0:196608:0
[  330.324149][ T7859]   loop3 btree validate error
[  330.324213][ T7859]   flagging btree lru lost data
[  330.324277][ T7859]   ret btree_node_read_err_bad_node
[  330.367443][ T7865] loop1: detected capacity change from 0 to 32768
[  330.376337][ T7859] bcachefs (loop3): error reading btree root btree=lru level=0: btree_node_read_error, fixing
[  330.382117][ T7865] XFS: ikeep mount option is deprecated.
[  330.405337][ T7859] bcachefs (loop3): btree node read error at btree freespace level 0/0
[  330.405435][ T7859]   u64s 11 type btree_ptr_v2 36591746972385279:U64_MAX:U32_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0
[  330.405542][ T7859]   loop3 node offset 0/32 bset u64s 0: incorrect max key SPOS_MAX
[  330.405617][ T7859]   loop3 btree validate error
[  330.405681][ T7859]   flagging btree freespace lost data
[  330.405742][ T7859]   ret btree_node_read_err_bad_node
[  330.454814][ T7859] bcachefs (loop3): error reading btree root btree=freespace level=0: btree_node_read_error, fixing
[  330.488644][ T7859] bcachefs (loop3): check_topology... done
[  330.500098][ T7865] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  330.501755][ T7859] bcachefs (loop3): accounting_read... done
[  330.518144][ T7859] bcachefs (loop3): alloc_read... done
[  330.525917][ T7859] bcachefs (loop3): snapshots_read... done
[  330.534357][ T7859] bcachefs (loop3): Fixed errors, running fsck a second time to verify fs is clean
[  330.545901][ T7859] bcachefs (loop3): done starting filesystem
[  330.754596][ T7859] bcachefs (loop3): error going rw: -2267
[  330.835212][ T5823] bcachefs (loop3): shutting down
[  330.933589][ T5823] bcachefs (loop3): shutdown complete
[  330.992813][ T7880] pim6reg0: tun_chr_ioctl cmd 1074025677
[  330.999274][ T7880] pim6reg0: linktype set to 778
[  331.061718][ T7865] XFS (loop1): Ending clean mount
[  331.073086][ T7865] XFS (loop1): Quotacheck needed: Please wait.
[  331.169565][ T7865] XFS (loop1): Quotacheck: Done.
[  331.207865][ T7848] chnl_net:caif_netlink_parms(): no params data found
[  331.355412][ T5810] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  331.504947][ T7735] 8021q: adding VLAN 0 to HW filter on device batadv0
[  331.903945][ T7735] veth0_vlan: entered promiscuous mode
[  332.003502][ T7735] veth1_vlan: entered promiscuous mode
[  332.298784][ T5105] Bluetooth: hci2: command tx timeout
[  332.354085][ T7735] veth0_macvtap: entered promiscuous mode
[  332.485217][ T7848] bridge0: port 1(bridge_slave_0) entered blocking state
[  332.493082][ T7848] bridge0: port 1(bridge_slave_0) entered disabled state
[  332.501033][ T7848] bridge_slave_0: entered allmulticast mode
[  332.510361][ T7848] bridge_slave_0: entered promiscuous mode
[  332.540880][ T7735] veth1_macvtap: entered promiscuous mode
[  332.589250][ T7848] bridge0: port 2(bridge_slave_1) entered blocking state
[  332.597108][ T7848] bridge0: port 2(bridge_slave_1) entered disabled state
[  332.604849][ T7848] bridge_slave_1: entered allmulticast mode
[  332.614236][ T7848] bridge_slave_1: entered promiscuous mode
[  332.701802][ T7735] batman_adv: batadv0: Interface activated: batadv_slave_0
[  332.912641][ T7735] batman_adv: batadv0: Interface activated: batadv_slave_1
[  332.961503][ T7848] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  333.001779][ T3557] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  333.044071][ T3557] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  333.082482][ T7848] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  333.104510][ T3557] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  333.156883][ T3557] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  333.208179][ T7894] input: syz1 as /devices/virtual/input/input11
[  333.394649][ T7848] team0: Port device team_slave_0 added
[  333.479469][ T7848] team0: Port device team_slave_1 added
[  333.774621][ T7848] batman_adv: batadv0: Adding interface: batadv_slave_0
[  333.782634][ T7848] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  333.809191][ T7848] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  333.872347][ T7848] batman_adv: batadv0: Adding interface: batadv_slave_1
[  333.879748][ T7848] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  333.906614][ T7848] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  333.996546][ T7904] vivid-000: disconnect
[  334.020267][ T7902] vivid-000: reconnect
[  334.222524][ T7848] hsr_slave_0: entered promiscuous mode
[  334.232434][ T7848] hsr_slave_1: entered promiscuous mode
[  334.241209][ T7848] debugfs: 'hsr0' already exists in 'hsr'
[  334.247595][ T7848] Cannot create hsr debugfs directory
[  334.368089][ T5105] Bluetooth: hci2: command tx timeout
[  334.892962][ T7848] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  334.920002][ T7848] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  334.944808][ T7848] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  334.992747][ T7848] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  335.484255][ T7848] 8021q: adding VLAN 0 to HW filter on device bond0
[  335.584369][ T7848] 8021q: adding VLAN 0 to HW filter on device team0
[  335.630188][ T3672] bridge0: port 1(bridge_slave_0) entered blocking state
[  335.637781][ T3672] bridge0: port 1(bridge_slave_0) entered forwarding state
[  335.685493][ T3672] bridge0: port 2(bridge_slave_1) entered blocking state
[  335.693106][ T3672] bridge0: port 2(bridge_slave_1) entered forwarding state
[  336.447380][ T5105] Bluetooth: hci2: command tx timeout
[  336.505511][ T3724] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  336.515593][ T3724] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  336.582463][ T7848] 8021q: adding VLAN 0 to HW filter on device batadv0
[  336.650074][ T3984] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  336.659387][ T3984] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  336.895376][ T7931] loop2: detected capacity change from 0 to 256
[  337.165509][ T7936] loop0: detected capacity change from 0 to 128
[  337.282295][ T7936] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 548, start 00000401)
[  337.293158][ T7936] FAT-fs (loop0): Filesystem has been set read-only
[  337.338923][ T7941] loop6: detected capacity change from 0 to 524287487
[  337.347551][ T7941] Buffer I/O error on dev loop6, logical block 0, async page read
[  337.356007][ T7941] Buffer I/O error on dev loop6, logical block 0, async page read
[  337.364373][ T7941] Buffer I/O error on dev loop6, logical block 0, async page read
[  337.372574][ T7941] Buffer I/O error on dev loop6, logical block 0, async page read
[  337.381293][ T7941] Buffer I/O error on dev loop6, logical block 0, async page read
[  337.389586][ T7941] Buffer I/O error on dev loop6, logical block 0, async page read
[  337.398016][ T7941] Buffer I/O error on dev loop6, logical block 0, async page read
[  337.406163][ T7941] Buffer I/O error on dev loop6, logical block 0, async page read
[  337.414802][ T7941] ldm_validate_partition_table(): Disk read failed.
[  337.421839][ T7941] Buffer I/O error on dev loop6, logical block 0, async page read
[  337.430064][ T7941] Buffer I/O error on dev loop6, logical block 0, async page read
[  337.442511][ T7941] Dev loop6: unable to read RDB block 0
[  337.450020][ T7941]  loop6: unable to read partition table
[  337.489346][ T7936] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 548, start 00000401)
[  337.530447][ T7943] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 548, start 00000401)
[  337.779243][ T7941] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[  337.994262][ T7942] loop2: detected capacity change from 0 to 32768
[  338.098432][ T7942] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,fix_errors=yes,norecovery,nojournal_transaction_names,read_only
[  338.098562][ T7942]   allowing incompatible features above 0.0: (unknown version)
[  338.098651][ T7942]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  338.140549][ T7942] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0
[  338.149951][ T7942] bcachefs (loop2): recovering from clean shutdown, journal seq 10
[  338.162909][ T7942] bcachefs (loop2): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.28: inode_has_case_insensitive
[  338.162909][ T7942]   running recovery passes: check_allocations,check_extents_to_backpointers,check_inodes
[  338.258944][ T7942] bcachefs (loop2): btree node read error at btree alloc level 0/0
[  338.259044][ T7942]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0
[  338.259140][ T7942]   loop2 node offset 0/24: got wrong btree node: got
[  338.259210][ T7942]   btree=alloc level=0 seq 98dc7e261 1
[  338.259272][ T7942]   min: POS_MIN
[  338.259327][ T7942]   max: SPOS_MAX
[  338.259384][ T7942]   loop2 btree validate error
[  338.259453][ T7942]   flagging btree alloc lost data
[  338.259516][ T7942]   running recovery pass check_topology (2), currently at recovery_pass_empty (0)
[  338.259596][ T7942]   running recovery pass check_lrus (14), currently at recovery_pass_empty (0)
[  338.259680][ T7942]   running recovery pass check_backpointers_to_extents (16), currently at recovery_pass_empty (0)
[  338.259768][ T7942]   running recovery pass check_alloc_info (13), currently at recovery_pass_empty (0)
[  338.259849][ T7942]   ret btree_node_read_err_bad_node
[  338.364604][ T7942] bcachefs (loop2): error reading btree root btree=alloc level=0: btree_node_read_error, fixing
[  338.400559][ T7942] bcachefs (loop2): btree node read error at btree lru level 0/0
[  338.400651][ T7942]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 28f61e078e70b95c written 16 min_key 0:196608:0 durability: 1 ptr: 0:28:0 gen 0
[  338.400753][ T7942]   loop2 node offset 0/16: incorrect min_key: got POS_MIN should be 0:196608:0
[  338.400829][ T7942]   loop2 btree validate error
[  338.400887][ T7942]   flagging btree lru lost data
[  338.400950][ T7942]   ret btree_node_read_err_bad_node
[  338.450324][ T7950] loop0: detected capacity change from 0 to 1024
[  338.463046][ T7942] bcachefs (loop2): error reading btree root btree=lru level=0: btree_node_read_error, fixing
[  338.481134][ T7942] bcachefs (loop2): btree node read error at btree freespace level 0/0
[  338.481232][ T7942]   u64s 11 type btree_ptr_v2 36591746972385279:U64_MAX:U32_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0
[  338.481341][ T7942]   loop2 node offset 0/32 bset u64s 0: incorrect max key SPOS_MAX
[  338.481413][ T7942]   loop2 btree validate error
[  338.481480][ T7942]   flagging btree freespace lost data
[  338.481547][ T7942]   ret btree_node_read_err_bad_node
[  338.531913][ T7942] bcachefs (loop2): error reading btree root btree=freespace level=0: btree_node_read_error, fixing
[  338.554572][ T7942] bcachefs (loop2): check_topology... done
[  338.571172][ T7942] bcachefs (loop2): accounting_read... done
[  338.579215][ T7950] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  338.580572][ T7942] bcachefs (loop2): alloc_read... done
[  338.597509][ T7942] bcachefs (loop2): snapshots_read... done
[  338.605904][ T7942] bcachefs (loop2): Fixed errors, running fsck a second time to verify fs is clean
[  338.618016][ T7942] bcachefs (loop2): done starting filesystem
[  338.758486][ T7848] veth0_vlan: entered promiscuous mode
[  338.782308][ T7942] bcachefs (loop2): error going rw: -2267
[  338.858442][ T7735] bcachefs (loop2): shutting down
[  338.942439][ T7848] veth1_vlan: entered promiscuous mode
[  339.010673][ T7735] bcachefs (loop2): shutdown complete
[  339.186638][ T7848] veth0_macvtap: entered promiscuous mode
[  339.299755][ T7848] veth1_macvtap: entered promiscuous mode
[  339.441633][ T7848] batman_adv: batadv0: Interface activated: batadv_slave_0
[  339.469253][ T7958] netlink: 40 bytes leftover after parsing attributes in process `syz.3.771'.
[  339.534355][ T7848] batman_adv: batadv0: Interface activated: batadv_slave_1
[  339.637234][ T3724] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  339.694454][ T3984] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  339.723844][ T3984] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  339.748891][ T3984] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  340.038433][ T7968] netlink: 8 bytes leftover after parsing attributes in process `syz.0.774'.
[  340.416187][ T7974] loop3: detected capacity change from 0 to 128
[  341.902022][ T7989] loop2: detected capacity change from 0 to 64
[  342.117296][ T7990] loop3: detected capacity change from 0 to 1024
[  342.216931][ T7985] loop0: detected capacity change from 0 to 32768
[  342.271869][ T7985] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  342.324978][ T7990] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  342.635522][ T5823] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  342.850765][ T7985] XFS (loop0): Ending clean mount
[  342.875720][ T7985] XFS (loop0): Quotacheck needed: Please wait.
[  342.944751][ T7985] XFS (loop0): Quotacheck: Done.
[  343.047635][ T8010] loop3: detected capacity change from 0 to 512
[  343.078965][ T5809] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  343.088845][ T8010] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  343.177923][ T8010] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  343.192068][ T8010] ext4 filesystem being mounted at /174/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  343.520788][ T5823] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  345.112538][ T3630] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  345.123750][ T3630] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  345.235219][   T30] audit: type=1326 audit(1754536510.461:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8043 comm="syz.2.797" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f1758ebe9 code=0x7ffc0000
[  345.308834][   T30] audit: type=1326 audit(1754536510.531:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8043 comm="syz.2.797" exe="/root/syz-executor" sig=0 arch=c000003e syscall=150 compat=0 ip=0x7f8f1758ebe9 code=0x7ffc0000
[  345.334499][   T30] audit: type=1326 audit(1754536510.531:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8043 comm="syz.2.797" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f1758ebe9 code=0x7ffc0000
[  345.358164][   T30] audit: type=1326 audit(1754536510.531:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8043 comm="syz.2.797" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f1758ebe9 code=0x7ffc0000
[  345.381158][   T30] audit: type=1326 audit(1754536510.541:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8043 comm="syz.2.797" exe="/root/syz-executor" sig=0 arch=c000003e syscall=213 compat=0 ip=0x7f8f1758ebe9 code=0x7ffc0000
[  345.403981][   T30] audit: type=1326 audit(1754536510.551:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8043 comm="syz.2.797" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f1758ebe9 code=0x7ffc0000
[  345.429631][   T30] audit: type=1326 audit(1754536510.551:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8043 comm="syz.2.797" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f1758ebe9 code=0x7ffc0000
[  345.472981][ T3724] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  345.481336][ T3724] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  345.484413][   T30] audit: type=1326 audit(1754536510.701:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8043 comm="syz.2.797" exe="/root/syz-executor" sig=0 arch=c000003e syscall=35 compat=0 ip=0x7f8f1758ebe9 code=0x7ffc0000
[  345.513728][   T30] audit: type=1326 audit(1754536510.711:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8043 comm="syz.2.797" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f1758ebe9 code=0x7ffc0000
[  345.539109][   T30] audit: type=1326 audit(1754536510.711:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8043 comm="syz.2.797" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f1758ebe9 code=0x7ffc0000
[  345.711849][ T7848] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  345.720180][ T7848] FAT-fs (loop4): Filesystem has been set read-only
[  346.106636][ T8062] loop3: detected capacity change from 0 to 512
[  346.208114][ T8062] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  346.221545][ T8062] ext4 filesystem being mounted at /180/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  346.292902][ T8064] loop1: detected capacity change from 0 to 2048
[  346.435020][ T8069] Illegal XDP return value 2156428066 on prog  (id 79) dev N/A, expect packet loss!
[  346.636537][ T5823] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  347.000908][ T8082] loop2: detected capacity change from 0 to 256
[  347.291755][ T8082] FAT-fs (loop2): Directory bread(block 64) failed
[  347.299493][ T8082] FAT-fs (loop2): Directory bread(block 65) failed
[  347.306410][ T8082] FAT-fs (loop2): Directory bread(block 66) failed
[  347.313532][ T8082] FAT-fs (loop2): Directory bread(block 67) failed
[  347.320736][ T8082] FAT-fs (loop2): Directory bread(block 68) failed
[  347.327794][ T8082] FAT-fs (loop2): Directory bread(block 69) failed
[  347.334645][ T8082] FAT-fs (loop2): Directory bread(block 70) failed
[  347.341632][ T8082] FAT-fs (loop2): Directory bread(block 71) failed
[  347.348817][ T8082] FAT-fs (loop2): Directory bread(block 72) failed
[  347.355616][ T8082] FAT-fs (loop2): Directory bread(block 73) failed
[  347.438711][    T9] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  347.440994][ T1288] ieee802154 phy0 wpan0: encryption failed: -22
[  347.453346][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[  347.627158][ T8087] loop5: detected capacity change from 0 to 2048
[  347.655708][    T9] usb 4-1: Using ep0 maxpacket: 32
[  347.685648][    T9] usb 4-1: config 0 has no interfaces?
[  347.691767][    T9] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  347.702504][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  347.746323][ T8087] UDF-fs: error (device loop5): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  347.774745][ T8087] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  347.796518][    T9] usb 4-1: config 0 descriptor??
[  347.939246][ T8096] loop0: detected capacity change from 0 to 64
[  348.070652][   T42] usb 4-1: USB disconnect, device number 4
[  348.818135][   T42] IPVS: starting estimator thread 0...
[  348.917902][ T8113] IPVS: using max 240 ests per chain, 12000 per kthread
[  349.448552][ T8124] netlink: 40 bytes leftover after parsing attributes in process `syz.3.830'.
[  350.081683][ T8135] 9pnet_fd: p9_fd_create_unix (8135): problem connecting socket: ./file0: -111
[  351.038570][ T8150] netlink: 4 bytes leftover after parsing attributes in process `syz.2.842'.
[  351.457910][   T30] audit: type=1326 audit(1754536516.681:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8158 comm="syz.2.846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f1758ebe9 code=0x7ffc0000
[  351.484532][   T30] audit: type=1326 audit(1754536516.691:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8158 comm="syz.2.846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=208 compat=0 ip=0x7f8f1758ebe9 code=0x7ffc0000
[  351.509173][   T30] audit: type=1326 audit(1754536516.691:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8158 comm="syz.2.846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f1758ebe9 code=0x7ffc0000
[  351.532424][   T30] audit: type=1326 audit(1754536516.691:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8158 comm="syz.2.846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f1758ebe9 code=0x7ffc0000
[  351.769586][ T8163] loop1: detected capacity change from 0 to 16
[  351.794037][ T8163] erofs (device loop1): mounted with root inode @ nid 36.
[  351.947281][ T8167] loop0: detected capacity change from 0 to 256
[  352.302387][ T8170] netlink: 8 bytes leftover after parsing attributes in process `syz.1.851'.
[  352.327803][ T8170] bond0: entered promiscuous mode
[  352.333027][ T8170] bond_slave_0: entered promiscuous mode
[  352.340030][ T8170] bond_slave_1: entered promiscuous mode
[  352.351404][ T8170] netdevsim netdevsim1 netdevsim3: entered promiscuous mode
[  352.475507][ T8170] bond0: left promiscuous mode
[  352.480905][ T8170] bond_slave_0: left promiscuous mode
[  352.494934][ T8170] bond_slave_1: left promiscuous mode
[  352.501906][ T8170] netdevsim netdevsim1 netdevsim3: left promiscuous mode
[  352.681999][ T8175] macsec1: entered allmulticast mode
[  352.687792][ T8175] veth1_macvtap: entered allmulticast mode
[  352.710129][ T8175] veth1_macvtap: left allmulticast mode
[  354.198457][ T8189] loop0: detected capacity change from 0 to 32768
[  354.235844][ T8189] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  354.246100][ T8189] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  354.271355][ T8189] gfs2: fsid=syz:syz.s: journal 0 mapped with 5 extents in 0ms
[  354.430974][ T8189] gfs2: fsid=syz:syz.s: first mount done, others may mount
[  355.690717][ T8202] loop1: detected capacity change from 0 to 4096
[  355.774786][ T8202] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512).
[  355.847528][ T8202] ntfs3(loop1): It is recommened to use chkdsk.
[  355.912098][ T8192] loop2: detected capacity change from 0 to 32768
[  355.958171][ T8192] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.859 (8192)
[  356.013319][ T8192] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  356.024394][ T8192] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[  356.033688][ T8192] BTRFS info (device loop2): using free-space-tree
[  356.419670][ T8192] BTRFS error (device loop2): open_ctree failed: -4
[  356.598480][ T8230] loop3: detected capacity change from 0 to 256
[  358.089551][ T8255] netlink: 8 bytes leftover after parsing attributes in process `syz.0.883'.
[  358.696361][ T8262] netlink: 84 bytes leftover after parsing attributes in process `syz.0.887'.
[  358.708253][ T8260] loop3: detected capacity change from 0 to 4096
[  358.762353][ T8260] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512).
[  358.899007][ T8256] loop1: detected capacity change from 0 to 8192
[  358.993636][   T30] audit: type=1800 audit(1754536524.221:26): pid=8256 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.884" name="file1" dev="loop1" ino=1048645 res=0 errno=0
[  359.018274][   T30] audit: type=1800 audit(1754536524.231:27): pid=8256 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.884" name="file1" dev="loop1" ino=1048645 res=0 errno=0
[  359.039784][    C0] vkms_vblank_simulate: vblank timer overrun
[  359.084605][ T8268] ntfs3(loop3): ino=1b, "file0" indx_read
[  359.133000][ T8270] loop0: detected capacity change from 0 to 1024
[  359.278051][ T8272] ------------[ cut here ]------------
[  359.283826][ T8272] WARNING: CPU: 1 PID: 8272 at fs/exec.c:119 path_noexec+0x2ac/0x310
[  359.292809][ T8272] Modules linked in:
[  359.297347][ T8272] CPU: 1 UID: 0 PID: 8272 Comm: syz.5.891 Tainted: G        W           6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(none) 
[  359.311026][ T8272] Tainted: [W]=WARN
[  359.315003][ T8272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  359.325647][ T8272] RIP: 0010:path_noexec+0x2ac/0x310
[  359.331360][ T8272] Code: 49 89 ff 8b 7d d4 e8 63 6c e1 ff 4c 89 ff e9 c8 fe ff ff 44 89 e7 e8 53 6c e1 ff 4d 85 ed 0f 85 a3 fe ff ff e8 f5 9c 3e ff 90 <0f> 0b 90 48 8b 7d c0 4c 8b 37 e8 15 61 e1 ff 48 8b 00 48 89 45 c8
[  359.356944][ T8272] RSP: 0018:ffff88803ca83bc0 EFLAGS: 00010287
[  359.363289][ T8272] RAX: ffffffff82b6579b RBX: ffff888056fb8b60 RCX: 0000000000080000
[  359.373554][ T8272] RDX: ffffc90009004000 RSI: 0000000000000064 RDI: 0000000000000065
[  359.382537][ T8272] RBP: ffff88803ca83c00 R08: ffffea000000000f R09: 0000000000000003
[  359.391023][ T8272] R10: 0000000000000003 R11: 0000000000000002 R12: 0000000000000000
[  359.399589][ T8272] R13: 0000000000000000 R14: ffff88814092a620 R15: 0000000000000000
[  359.408220][ T8272] FS:  00007fdb6b8906c0(0000) GS:ffff8881aa79a000(0000) knlGS:0000000000000000
[  359.417554][ T8272] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  359.424695][ T8272] CR2: 0000001b2eb21ff8 CR3: 000000001e854000 CR4: 00000000003526f0
[  359.433249][ T8272] Call Trace:
[  359.437343][ T8272]  <TASK>
[  359.440557][ T8272]  do_mmap+0x1570/0x1d70
[  359.445152][ T8272]  vm_mmap_pgoff+0x40d/0x770
[  359.455278][ T8272]  ksys_mmap_pgoff+0x51b/0x7c0
[  359.462233][ T8272]  __x64_sys_mmap+0x19c/0x260
[  359.467554][ T8272]  x64_sys_call+0x18a7/0x3e20
[  359.472571][ T8272]  do_syscall_64+0xd9/0x210
[  359.477622][ T8272]  ? irqentry_exit+0x16/0x60
[  359.482541][ T8272]  ? clear_bhb_loop+0x40/0x90
[  359.487800][ T8272]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  359.494040][ T8272] RIP: 0033:0x7fdb6a98ebe9
[  359.499049][ T8272] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  359.519575][ T8272] RSP: 002b:00007fdb6b890038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  359.528947][ T8272] RAX: ffffffffffffffda RBX: 00007fdb6abb5fa0 RCX: 00007fdb6a98ebe9
[  359.537638][ T8272] RDX: 0000000000000000 RSI: 0000000000003000 RDI: 0000200000ffd000
[  359.545835][ T8272] RBP: 00007fdb6aa11e19 R08: 0000000000000004 R09: 0000000000002000
[  359.559455][ T8272] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000000000
[  359.573285][ T8272] R13: 00007fdb6abb6038 R14: 00007fdb6abb5fa0 R15: 00007ffe61695f78
[  359.582579][ T8272]  </TASK>
[  359.585756][ T8272] ---[ end trace 0000000000000000 ]---
[  359.629197][ T3984] hfsplus: b-tree write err: -5, ino 4
[  360.085228][ T8278] netlink: 'syz.3.894': attribute type 1 has an invalid length.
[  360.093526][ T8278] netlink: 36 bytes leftover after parsing attributes in process `syz.3.894'.
[  360.765231][ T8292] loop3: detected capacity change from 0 to 1024
[  360.810415][ T8292] EXT4-fs: Ignoring removed nomblk_io_submit option
[  361.463900][ T8296] loop0: detected capacity change from 0 to 32768
[  361.529035][ T8296] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.901 (8296)
[  361.575379][ T8296] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  361.586109][ T8296] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm
[  361.597103][ T8296] BTRFS info (device loop0): using free-space-tree
[  361.622663][ T8292] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  361.890292][ T8296] BTRFS error (device loop0): balance: invalid convert metadata profile raid0
[  362.020820][ T5809] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  362.284304][ T5823] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  362.372178][ T8328] can0: slcan on ttyS3.
[  362.598120][ T8329] can0 (unregistered): slcan off ttyS3.
[  362.651871][ T8328] can0: slcan on ttyS3.
[  362.808457][ T8327] can0 (unregistered): slcan off ttyS3.
[  362.901957][ T8325] loop5: detected capacity change from 0 to 32768
[  362.960539][ T8325] XFS (loop5): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a
[  363.457695][ T8325] XFS (loop5): Ending clean mount
[  363.483319][ T8325] XFS (loop5): Metadata CRC error detected at xfs_inobt_read_verify+0xaf/0x2d0, xfs_finobt block 0x20 
[  363.501689][ T8325] XFS (loop5): Unmount and run xfs_repair
[  363.512762][ T8325] XFS (loop5): First 128 bytes of corrupted metadata buffer:
[  363.520908][ T8325] 00000000: 46 49 42 33 00 00 00 01 ff ff ff ff ff ff ff ff  FIB3............
[  363.530491][ T8325] 00000010: 00 00 00 00 00 00 00 20 00 00 00 01 00 00 00 40  ....... .......@
[  363.543147][ T8325] 00000020: 9f 1c ad 42 11 bd 4e 12 8f 0b f0 78 76 b8 1d 9a  ...B..N....xv...
[  363.557515][ T8325] 00000030: 00 00 00 00 8a d2 18 46 00 00 16 80 00 00 40 37  .......F......@7
[  363.566672][ T8325] 00000040: ff ff ff ff ff ff fe 00 00 00 00 00 00 00 00 00  ................
[  363.579731][ T8325] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 09 00 00  ................
[  363.589634][ T8325] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  363.601558][ T8325] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  363.610804][ T8325] XFS (loop5): metadata I/O error in "xfs_btree_read_buf_block+0x33d/0x5f0" at daddr 0x20 len 8 error 74
[  363.623124][ T8325] XFS (loop5): Failed to initialize disk quotas, err -117.
[  363.640933][ T8331] loop2: detected capacity change from 0 to 4096
[  363.807401][ T7848] XFS (loop5): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a
[  363.816651][ T7848] XFS (loop5): Uncorrected metadata errors detected; please run xfs_repair.
[  364.328070][ T8348] netlink: 'syz.1.914': attribute type 53 has an invalid length.
[  364.336000][ T8348] netlink: 8 bytes leftover after parsing attributes in process `syz.1.914'.
[  365.318446][ T8353] loop3: detected capacity change from 0 to 4096
[  365.353907][ T8353] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512).
[  365.868009][ T8366] af_packet: tpacket_rcv: packet too big, clamped from 64989 to 3952. macoff=96
[  366.370076][ T8377] loop5: detected capacity change from 0 to 128
[  366.418519][ T8381] loop1: detected capacity change from 0 to 64
[  366.496136][ T8377] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  366.523612][ T8384] sctp: [Deprecated]: syz.2.929 (pid 8384) Use of int in max_burst socket option.
[  366.523612][ T8384] Use struct sctp_assoc_value instead
[  366.595631][ T8377] ext4 filesystem being mounted at /24/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  366.977244][ T5859] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  367.129747][ T3557] kworker/u8:11: attempt to access beyond end of device
[  367.129747][ T3557] loop1: rw=1, sector=161, nr_sectors = 1 limit=64
[  367.151814][ T3557] buffer_io_error: 6 callbacks suppressed
[  367.151887][ T3557] Buffer I/O error on dev loop1, logical block 161, lost async page write
[  367.167541][ T3557] kworker/u8:11: attempt to access beyond end of device
[  367.167541][ T3557] loop1: rw=1, sector=162, nr_sectors = 1 limit=64
[  367.181254][ T3557] Buffer I/O error on dev loop1, logical block 162, lost async page write
[  367.190230][ T3557] kworker/u8:11: attempt to access beyond end of device
[  367.190230][ T3557] loop1: rw=1, sector=163, nr_sectors = 1 limit=64
[  367.204483][ T3557] Buffer I/O error on dev loop1, logical block 163, lost async page write
[  367.213887][ T3557] kworker/u8:11: attempt to access beyond end of device
[  367.213887][ T3557] loop1: rw=1, sector=167, nr_sectors = 1 limit=64
[  367.227992][ T3557] Buffer I/O error on dev loop1, logical block 167, lost async page write
[  367.242872][ T3557] kworker/u8:11: attempt to access beyond end of device
[  367.242872][ T3557] loop1: rw=1, sector=169, nr_sectors = 1 limit=64
[  367.260356][ T3557] Buffer I/O error on dev loop1, logical block 169, lost async page write
[  367.270787][ T3557] kworker/u8:11: attempt to access beyond end of device
[  367.270787][ T3557] loop1: rw=1, sector=171, nr_sectors = 1 limit=64
[  367.285188][ T3557] Buffer I/O error on dev loop1, logical block 171, lost async page write
[  367.294273][ T3557] kworker/u8:11: attempt to access beyond end of device
[  367.294273][ T3557] loop1: rw=1, sector=172, nr_sectors = 1 limit=64
[  367.308142][ T3557] Buffer I/O error on dev loop1, logical block 172, lost async page write
[  367.317145][ T3557] kworker/u8:11: attempt to access beyond end of device
[  367.317145][ T3557] loop1: rw=1, sector=173, nr_sectors = 1 limit=64
[  367.331181][ T3557] Buffer I/O error on dev loop1, logical block 173, lost async page write
[  367.345610][ T3557] kworker/u8:11: attempt to access beyond end of device
[  367.345610][ T3557] loop1: rw=1, sector=174, nr_sectors = 1 limit=64
[  367.360918][ T3557] Buffer I/O error on dev loop1, logical block 174, lost async page write
[  367.369807][ T3557] kworker/u8:11: attempt to access beyond end of device
[  367.369807][ T3557] loop1: rw=1, sector=175, nr_sectors = 1 limit=64
[  367.383825][ T3557] Buffer I/O error on dev loop1, logical block 175, lost async page write
[  367.506274][ T5859] usb 6-1: Using ep0 maxpacket: 8
[  367.602788][ T5859] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30
[  367.614844][ T5859] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  367.626995][ T5859] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  367.641046][ T5859] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255
[  367.659822][ T5859] usb 6-1: New USB device found, idVendor=0c45, idProduct=760b, bcdDevice= 0.00
[  367.671332][ T5859] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  367.884944][ T8395] loop0: detected capacity change from 0 to 8
[  368.033980][ T5859] usb 6-1: config 0 descriptor??
[  368.511228][ T5859] hid (null): unknown global tag 0xe
[  368.517405][ T5859] hid (null): invalid report_size 23577
[  368.524633][ T5859] hid (null): invalid report_size 64626
[  368.589141][ T5859] redragon 0003:0C45:760B.0006: unknown main item tag 0x6
[  368.597892][ T5859] redragon 0003:0C45:760B.0006: unknown global tag 0xe
[  368.604953][ T5859] redragon 0003:0C45:760B.0006: item 0 0 1 14 parsing failed
[  368.619705][ T5859] redragon 0003:0C45:760B.0006: probe with driver redragon failed with error -22
[  368.722399][ T5859] usb 6-1: USB disconnect, device number 2
[  368.857993][ T8403] mmap: syz.2.937 (8403) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  369.428042][ T7848] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  370.227730][   T30] audit: type=1326 audit(1754536535.441:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8407 comm="syz.3.940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc289d8ebe9 code=0x7fc00000
[  370.553707][ T8422] loop5: detected capacity change from 0 to 512
[  370.603126][ T8422] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  370.662779][ T8422] EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  370.674086][ T8422] EXT4-fs (loop5): group descriptors corrupted!
[  371.208387][ T8434] loop2: detected capacity change from 0 to 8
[  371.582341][ T8434] SQUASHFS error: Unable to read directory block [249:c]
[  372.127573][ T8447] loop3: detected capacity change from 0 to 512
[  372.212710][ T8447] EXT4-fs warning (device loop3): read_mmp_block:115: Error -117 while reading MMP block 24
[  372.470297][ T8447] loop3: detected capacity change from 0 to 629
[  372.552766][ T8447] EXT4-fs (loop3): failed to parse options in superblock: üüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüü
[  372.572175][ T8447] EXT4-fs (loop3): Invalid default hash set in the superblock
[  373.657137][    T9] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  373.877135][    T9] usb 3-1: Using ep0 maxpacket: 16
[  373.940536][    T9] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 11
[  373.949893][    T9] usb 3-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0
[  373.962620][    T9] usb 3-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0
[  373.972758][    T9] usb 3-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0
[  373.982972][    T9] usb 3-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0
[  373.998693][    T9] usb 3-1: config 1 interface 0 has no altsetting 0
[  374.005649][    T9] usb 3-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77
[  374.015989][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  374.016676][ T8464] loop5: detected capacity change from 0 to 8192
[  374.123341][ T8464] FAT-fs (loop5): bogus number of FAT structure
[  374.130127][ T8464] FAT-fs (loop5): Can't find a valid FAT filesystem
[  374.139242][    T9] ums-sddr09 3-1:1.0: USB Mass Storage device detected
[  374.309905][ T5859] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  374.323038][ T8479] netlink: 8 bytes leftover after parsing attributes in process `syz.0.970'.
[  374.379193][    T9] scsi host1: usb-storage 3-1:1.0
[  374.497796][ T5859] usb 2-1: Using ep0 maxpacket: 16
[  374.530415][ T5859] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  374.542421][ T5859] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  374.575355][   T42] usb 3-1: USB disconnect, device number 10
[  374.593843][ T8482] overlayfs: failed to clone lowerpath
[  374.657264][ T5859] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  374.668500][ T5859] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  374.678376][ T5859] usb 2-1: Product: syz
[  374.682815][ T5859] usb 2-1: Manufacturer: syz
[  374.688693][ T5859] usb 2-1: SerialNumber: syz
[  374.725025][ T5859] usb 2-1: config 0 descriptor??
[  374.752725][ T5859] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  374.762898][ T5859] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class)
[  374.827895][ T8484] loop0: detected capacity change from 0 to 512
[  374.862658][ T8484] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  375.011428][ T8484] EXT4-fs (loop0): 1 truncate cleaned up
[  375.024862][ T8484] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  375.158640][ T8484] EXT4-fs error (device loop0): ext4_lookup:1787: inode #14: comm syz.0.972: invalid fast symlink length 39
[  375.414076][ T5859] em28xx 2-1:0.0: chip ID is em2765
[  375.455432][ T5809] EXT4-fs error (device loop0): htree_dirblock_to_tree:1080: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[  375.657506][ T5859] em28xx 2-1:0.0: Config register raw data: 0xfffffffb
[  375.677959][ T5859] em28xx 2-1:0.0: AC97 chip type couldn't be determined
[  375.685221][ T5859] em28xx 2-1:0.0: No AC97 audio processor
[  375.713989][ T5859] usb 2-1: USB disconnect, device number 4
[  375.721820][ T5859] em28xx 2-1:0.0: Disconnecting em28xx
[  375.722545][ T8497] loop5: detected capacity change from 0 to 2364
[  375.789577][ T5859] em28xx 2-1:0.0: Freeing device
[  376.004118][ T5809] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  376.029330][ T3778] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  376.178221][ T3778] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  376.308934][ T3778] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  376.484082][ T3778] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  376.751525][ T3778] bridge0: port 3(batadv0) entered disabled state
[  376.776061][ T3778] bridge_slave_1: left allmulticast mode
[  376.785223][ T3778] bridge_slave_1: left promiscuous mode
[  376.792045][ T3778] bridge0: port 2(bridge_slave_1) entered disabled state
[  376.817869][ T3778] bridge_slave_0: left allmulticast mode
[  376.823825][ T3778] bridge_slave_0: left promiscuous mode
[  376.830958][ T3778] bridge0: port 1(bridge_slave_0) entered disabled state
[  377.298928][ T3778] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  377.336556][ T3778] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  377.352367][ T3778] bond0 (unregistering): Released all slaves
[  377.941477][ T3778] hsr_slave_0: left promiscuous mode
[  377.966009][ T3778] hsr_slave_1: left promiscuous mode
[  377.974546][ T3778] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  377.982745][ T3778] batman_adv: batadv0: Removing interface: batadv_slave_0
[  378.059398][ T3778] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  378.067190][ T3778] batman_adv: batadv0: Removing interface: batadv_slave_1
[  378.157599][ T3778] veth1_macvtap: left promiscuous mode
[  378.163446][ T3778] veth0_macvtap: left promiscuous mode
[  378.169629][ T3778] veth1_vlan: left promiscuous mode
[  378.175188][ T3778] veth0_vlan: left promiscuous mode
[  378.834817][ T5817] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  378.854915][ T5817] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  378.881556][ T5817] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  378.988196][ T5817] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  379.172140][ T5817] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  379.339488][ T3778] team0 (unregistering): Port device team_slave_1 removed
[  379.368402][ T3778] team0 (unregistering): Port device team_slave_0 removed
[  379.882360][ T8535] loop3: detected capacity change from 0 to 512
[  379.934371][ T8535] EXT4-fs: Ignoring removed oldalloc option
[  380.102874][ T8535] EXT4-fs (loop3): 1 truncate cleaned up
[  380.113527][ T8535] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  380.358814][ T8538] loop1: detected capacity change from 0 to 4096
[  380.528888][ T5823] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  380.673877][ T8538] ntfs3(loop1): ino=0, "file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ni_find_attr
[  381.083325][ T8525] chnl_net:caif_netlink_parms(): no params data found
[  381.348735][ T5817] Bluetooth: hci0: command tx timeout
[  381.721612][ T8563] loop3: detected capacity change from 0 to 512
[  381.814000][ T8563] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c01c, mo2=0002]
[  381.838258][ T8563] System zones: 0-7
[  381.859850][ T8563] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  382.334257][ T8525] bridge0: port 1(bridge_slave_0) entered blocking state
[  382.342752][ T8525] bridge0: port 1(bridge_slave_0) entered disabled state
[  382.350816][ T8525] bridge_slave_0: entered allmulticast mode
[  382.360199][ T8525] bridge_slave_0: entered promiscuous mode
[  382.394886][ T8525] bridge0: port 2(bridge_slave_1) entered blocking state
[  382.403606][ T8525] bridge0: port 2(bridge_slave_1) entered disabled state
[  382.411589][ T8525] bridge_slave_1: entered allmulticast mode
[  382.421111][ T8525] bridge_slave_1: entered promiscuous mode
[  382.536136][ T5823] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  382.589766][ T8525] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  382.724051][ T8525] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  382.916671][ T8525] team0: Port device team_slave_0 added
[  382.972016][ T8525] team0: Port device team_slave_1 added
[  383.182236][ T8525] batman_adv: batadv0: Adding interface: batadv_slave_0
[  383.190251][ T8525] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  383.227117][ T8525] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  383.242762][ T5859] usb 3-1: new low-speed USB device number 11 using dummy_hcd
[  383.261346][ T8525] batman_adv: batadv0: Adding interface: batadv_slave_1
[  383.269513][ T8525] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  383.316132][ T8525] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  383.410144][ T5105] Bluetooth: hci0: command tx timeout
[  383.425794][ T5859] usb 3-1: config 0 has no interfaces?
[  383.432363][ T5859] usb 3-1: New USB device found, idVendor=04b4, idProduct=de61, bcdDevice= 0.00
[  383.442969][ T5859] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  383.460840][ T5859] usb 3-1: config 0 descriptor??
[  383.544798][ T8525] hsr_slave_0: entered promiscuous mode
[  383.555057][ T8525] hsr_slave_1: entered promiscuous mode
[  383.564373][ T8525] debugfs: 'hsr0' already exists in 'hsr'
[  383.571825][ T8525] Cannot create hsr debugfs directory
[  383.726407][ T8585] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1014'.
[  383.800886][ T5859] usb 3-1: USB disconnect, device number 11
[  384.176019][ T8599] loop3: detected capacity change from 0 to 1024
[  384.591076][ T8525] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  384.676071][ T8525] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  384.698041][ T8605] loop1: detected capacity change from 0 to 8
[  384.761550][ T8525] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  384.797336][ T8525] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  384.854216][ T8605] SQUASHFS error: Unable to read directory block [631:72]
[  385.488342][ T5105] Bluetooth: hci0: command tx timeout
[  385.697994][ T5865] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  385.779456][ T8525] 8021q: adding VLAN 0 to HW filter on device bond0
[  385.887354][ T5865] usb 2-1: Using ep0 maxpacket: 16
[  385.915494][ T8525] 8021q: adding VLAN 0 to HW filter on device team0
[  385.952358][ T5865] usb 2-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  385.965325][ T5865] usb 2-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0
[  385.979239][ T5865] usb 2-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28
[  385.997601][ T5865] usb 2-1: config 0 interface 0 has no altsetting 0
[  386.004670][ T5865] usb 2-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  386.015606][ T5865] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  386.033183][ T3630] bridge0: port 1(bridge_slave_0) entered blocking state
[  386.041066][ T3630] bridge0: port 1(bridge_slave_0) entered forwarding state
[  386.133302][ T5865] usb 2-1: config 0 descriptor??
[  386.152294][ T3630] bridge0: port 2(bridge_slave_1) entered blocking state
[  386.160339][ T3630] bridge0: port 2(bridge_slave_1) entered forwarding state
[  386.243879][ T8628] loop3: detected capacity change from 0 to 1024
[  386.468390][ T8628] hfsplus: invalid extended attribute record
[  386.623623][ T5865] hid (null): report_id 53977 is invalid
[  386.630047][ T5865] hid (null): unknown global tag 0xc3
[  386.635862][ T5865] hid (null): unknown global tag 0xd
[  386.644451][ T5865] hid (null): unknown global tag 0xc
[  386.651055][ T5865] hid (null): global environment stack underflow
[  386.658070][ T5865] hid (null): invalid report_count 14229
[  386.664004][ T5865] hid (null): global environment stack underflow
[  386.709935][ T8628] =====================================================
[  386.718287][ T8628] BUG: KMSAN: uninit-value in hfsplus_rename_cat+0x1173/0x17e0
[  386.728220][ T8628]  hfsplus_rename_cat+0x1173/0x17e0
[  386.733840][ T8628]  hfsplus_rename+0x1fc/0x2f0
[  386.739062][ T8628]  vfs_rename+0x1f51/0x2530
[  386.743844][ T8628]  do_renameat2+0x1484/0x1a50
[  386.749294][ T8628]  __x64_sys_rename+0xd7/0x140
[  386.754352][ T8628]  x64_sys_call+0x269/0x3e20
[  386.759791][ T8628]  do_syscall_64+0xd9/0x210
[  386.764652][ T8628]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  386.767658][ T8632] loop2: detected capacity change from 0 to 1024
[  386.771421][ T8628] 
[  386.780709][ T8628] Uninit was stored to memory at:
[  386.786276][ T8628]  hfsplus_rename_cat+0x10a9/0x17e0
[  386.796490][ T8628]  hfsplus_rename+0x1fc/0x2f0
[  386.802995][ T8628]  vfs_rename+0x1f51/0x2530
[  386.808059][ T8628]  do_renameat2+0x1484/0x1a50
[  386.813122][ T8628]  __x64_sys_rename+0xd7/0x140
[  386.818752][ T8628]  x64_sys_call+0x269/0x3e20
[  386.823999][ T8628]  do_syscall_64+0xd9/0x210
[  386.829023][ T8628]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  386.835091][ T8628] 
[  386.837731][ T8628] Uninit was stored to memory at:
[  386.842970][ T8628]  hfsplus_create_cat+0x18fb/0x1910
[  386.849902][ T8628]  hfsplus_mknod+0x208/0x560
[  386.854773][ T8628]  hfsplus_mkdir+0x5a/0x80
[  386.859538][ T8628]  vfs_mkdir+0x4ea/0x850
[  386.864718][ T8628]  do_mkdirat+0x41a/0xf30
[  386.869951][ T8628]  __x64_sys_mkdirat+0xc1/0x140
[  386.875076][ T8628]  x64_sys_call+0x338/0x3e20
[  386.880019][ T8628]  do_syscall_64+0xd9/0x210
[  386.884922][ T8628]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  386.891773][ T8628] 
[  386.898820][ T8628] Uninit was stored to memory at:
[  386.904251][ T8628]  hfsplus_create_cat+0x18fb/0x1910
[  386.912523][ T8628]  hfsplus_fill_super+0x211d/0x2730
[  386.918063][ T8628]  get_tree_bdev_flags+0x6e3/0x920
[  386.923548][ T8628]  get_tree_bdev+0x38/0x50
[  386.928919][ T8628]  hfsplus_get_tree+0x35/0x40
[  386.933780][ T8628]  vfs_get_tree+0xb0/0x5c0
[  386.934381][ T5865] usb 2-1: USB disconnect, device number 5
[  386.938624][ T8628]  do_new_mount+0x733/0x1420
[  386.938753][ T8628]  path_mount+0x6db/0x1e90
[  386.938865][ T8628]  __se_sys_mount+0x6eb/0x7d0
[  386.938989][ T8628]  __x64_sys_mount+0xe4/0x150
[  386.939109][ T8628]  x64_sys_call+0x3604/0x3e20
[  386.939250][ T8628]  do_syscall_64+0xd9/0x210
[  386.939367][ T8628]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  386.939488][ T8628] 
[  386.939512][ T8628] Uninit was stored to memory at:
[  386.939657][ T8628]  hfsplus_create_cat+0x18fb/0x1910
[  386.939781][ T8628]  hfsplus_fill_super+0x211d/0x2730
[  386.939885][ T8628]  get_tree_bdev_flags+0x6e3/0x920
[  386.940013][ T8628]  get_tree_bdev+0x38/0x50
[  386.940129][ T8628]  hfsplus_get_tree+0x35/0x40
[  386.940224][ T8628]  vfs_get_tree+0xb0/0x5c0
[  386.940344][ T8628]  do_new_mount+0x733/0x1420
[  386.940466][ T8628]  path_mount+0x6db/0x1e90
[  386.940580][ T8628]  __se_sys_mount+0x6eb/0x7d0
[  386.940703][ T8628]  __x64_sys_mount+0xe4/0x150
[  386.940823][ T8628]  x64_sys_call+0x3604/0x3e20
[  386.940961][ T8628]  do_syscall_64+0xd9/0x210
[  386.941066][ T8628]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  386.941177][ T8628] 
[  386.941198][ T8628] Uninit was stored to memory at:
[  386.941325][ T8628]  hfsplus_create_cat+0x18fb/0x1910
[  386.941451][ T8628]  hfsplus_fill_super+0x211d/0x2730
[  386.941547][ T8628]  get_tree_bdev_flags+0x6e3/0x920
[  386.941670][ T8628]  get_tree_bdev+0x38/0x50
[  386.941783][ T8628]  hfsplus_get_tree+0x35/0x40
[  386.941873][ T8628]  vfs_get_tree+0xb0/0x5c0
[  387.092561][ T8632] hfsplus: b-tree write err: -5, ino 3
[  387.093866][ T8628]  do_new_mount+0x733/0x1420
[  387.093998][ T8628]  path_mount+0x6db/0x1e90
[  387.123547][ T8628]  __se_sys_mount+0x6eb/0x7d0
[  387.129110][ T8628]  __x64_sys_mount+0xe4/0x150
[  387.133990][ T8628]  x64_sys_call+0x3604/0x3e20
[  387.139519][ T8628]  do_syscall_64+0xd9/0x210
[  387.144289][ T8628]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  387.151987][ T8628] 
[  387.154428][ T8628] Uninit was created at:
[  387.159548][ T8628]  __alloc_frozen_pages_noprof+0x689/0xf00
[  387.165784][ T8628]  alloc_pages_mpol+0x328/0x860
[  387.171101][ T8628]  alloc_frozen_pages_noprof+0xf7/0x200
[  387.177463][ T8628]  allocate_slab+0x24d/0x1220
[  387.182392][ T8628]  ___slab_alloc+0x1024/0x34e0
[  387.187780][ T8628]  kmem_cache_alloc_lru_noprof+0x922/0xed0
[  387.193803][ T8628]  hfsplus_alloc_inode+0x5a/0xd0
[  387.199151][ T8628]  alloc_inode+0x8a/0x4a0
[  387.207732][ T8628]  iget_locked+0x239/0x12d0
[  387.212628][ T8628]  hfsplus_iget+0x5c/0xb80
[  387.219255][ T8628]  hfsplus_btree_open+0x128/0x1cf0
[  387.224602][ T8628]  hfsplus_fill_super+0x1161/0x2730
[  387.230145][ T8628]  get_tree_bdev_flags+0x6e3/0x920
[  387.235620][ T8628]  get_tree_bdev+0x38/0x50
[  387.240582][ T8628]  hfsplus_get_tree+0x35/0x40
[  387.245432][ T8628]  vfs_get_tree+0xb0/0x5c0
[  387.250530][ T5105] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  387.250717][ T5105] Bluetooth: hci2: Injecting HCI hardware error event
[  387.251270][ T5105] Bluetooth: hci2: hardware error 0x00
[  387.259866][ T8628]  do_new_mount+0x733/0x1420
[  387.259995][ T8628]  path_mount+0x6db/0x1e90
[  387.260108][ T8628]  __se_sys_mount+0x6eb/0x7d0
[  387.260231][ T8628]  __x64_sys_mount+0xe4/0x150
[  387.260351][ T8628]  x64_sys_call+0x3604/0x3e20
[  387.260495][ T8628]  do_syscall_64+0xd9/0x210
[  387.260603][ T8628]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  387.260719][ T8628] 
[  387.260774][ T8628] CPU: 1 UID: 0 PID: 8628 Comm: syz.3.1029 Tainted: G        W           6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(none) 
[  387.260923][ T8628] Tainted: [W]=WARN
[  387.260963][ T8628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  387.261026][ T8628] =====================================================
[  387.261063][ T8628] Disabling lock debugging due to kernel taint
[  387.261121][ T8628] Kernel panic - not syncing: kmsan.panic set ...
[  387.261193][ T8628] CPU: 1 UID: 0 PID: 8628 Comm: syz.3.1029 Tainted: G    B   W           6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(none) 
[  387.261355][ T8628] Tainted: [B]=BAD_PAGE, [W]=WARN
[  387.261399][ T8628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  387.261470][ T8628] Call Trace:
[  387.261509][ T8628]  <TASK>
[  387.261549][ T8628]  __dump_stack+0x26/0x30
[  387.261680][ T8628]  dump_stack_lvl+0x53/0x270
[  387.261811][ T8628]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  387.261950][ T8628]  dump_stack+0x1e/0x25
[  387.262075][ T8628]  vpanic+0x361/0xc50
[  387.262220][ T8628]  panic+0x15d/0x160
[  387.262394][ T8628]  kmsan_report+0x31c/0x320
[  387.262524][ T8628]  ? __msan_warning+0x1b/0x30
[  387.262623][ T8628]  ? hfsplus_rename_cat+0x1173/0x17e0
[  387.262751][ T8628]  ? hfsplus_rename+0x1fc/0x2f0
[  387.262875][ T8628]  ? vfs_rename+0x1f51/0x2530
[  387.263005][ T8628]  ? do_renameat2+0x1484/0x1a50
[  387.263136][ T8628]  ? __x64_sys_rename+0xd7/0x140
[  387.263271][ T8628]  ? x64_sys_call+0x269/0x3e20
[  387.263411][ T8628]  ? do_syscall_64+0xd9/0x210
[  387.263530][ T8628]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  387.263652][ T8628]  ? kmsan_get_metadata+0xfb/0x160
[  387.263773][ T8628]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  387.263911][ T8628]  ? hfsplus_bnode_dump+0x50a/0x560
[  387.264062][ T8628]  ? kmsan_get_metadata+0xfb/0x160
[  387.264185][ T8628]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  387.264324][ T8628]  ? hfsplus_brec_remove+0x92f/0xa60
[  387.264496][ T8628]  ? kmsan_get_metadata+0xfb/0x160
[  387.264628][ T8628]  __msan_warning+0x1b/0x30
[  387.264729][ T8628]  hfsplus_rename_cat+0x1173/0x17e0
[  387.264886][ T8628]  ? kfree+0x141/0xec0
[  387.265006][ T8628]  ? filter_irq_stacks+0x49/0x190
[  387.265174][ T8628]  ? stack_depot_save_flags+0x35/0x7b0
[  387.265305][ T8628]  ? kmsan_get_metadata+0xfb/0x160
[  387.265432][ T8628]  ? kmsan_get_metadata+0xfb/0x160
[  387.265557][ T8628]  ? kmsan_internal_set_shadow_origin+0x79/0x110
[  387.265733][ T8628]  ? kmsan_get_metadata+0xfb/0x160
[  387.265864][ T8628]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  387.265992][ T8628]  ? kmsan_get_metadata+0xfb/0x160
[  387.266116][ T8628]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  387.266281][ T8628]  ? kmsan_internal_set_shadow_origin+0x79/0x110
[  387.266477][ T8628]  hfsplus_rename+0x1fc/0x2f0
[  387.266612][ T8628]  ? __pfx_hfsplus_rename+0x10/0x10
[  387.266749][ T8628]  vfs_rename+0x1f51/0x2530
[  387.266884][ T8628]  ? end_current_label_crit_section+0x112/0x290
[  387.267120][ T8628]  do_renameat2+0x1484/0x1a50
[  387.267318][ T8628]  __x64_sys_rename+0xd7/0x140
[  387.267468][ T8628]  x64_sys_call+0x269/0x3e20
[  387.267613][ T8628]  do_syscall_64+0xd9/0x210
[  387.267723][ T8628]  ? irqentry_exit+0x16/0x60
[  387.267819][ T8628]  ? clear_bhb_loop+0x40/0x90
[  387.267940][ T8628]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  387.268054][ T8628] RIP: 0033:0x7fc289d8ebe9
[  387.268130][ T8628] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  387.268231][ T8628] RSP: 002b:00007fc28ac44038 EFLAGS: 00000246 ORIG_RAX: 0000000000000052
[  387.268331][ T8628] RAX: ffffffffffffffda RBX: 00007fc289fb5fa0 RCX: 00007fc289d8ebe9
[  387.268410][ T8628] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000200000000000
[  387.268571][ T8628] RBP: 00007fc289e11e19 R08: 0000000000000000 R09: 0000000000000000
[  387.268638][ T8628] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  387.268700][ T8628] R13: 00007fc289fb6038 R14: 00007fc289fb5fa0 R15: 00007fff02896638
[  387.268810][ T8628]  </TASK>
[  387.270578][ T8628] Kernel Offset: disabled