last executing test programs:

2m29.310413784s ago: executing program 2 (id=192):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000a80)=@base={0x11, 0x4, 0x4, 0x2}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x6, 0x10, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {0x4}, {0x6, 0x0, 0xa}, {}, {}, {0x85, 0x0, 0x0, 0x33}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r2, 0x2000012, 0xe, 0x0, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50)

2m28.039774047s ago: executing program 2 (id=202):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000000), 0xe)
setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0xf, &(0x7f0000000080), 0x4)
recvmsg(r0, &(0x7f0000000b80)={0x0, 0x0, 0x0}, 0x40000040)

2m27.892978086s ago: executing program 2 (id=203):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x8, &(0x7f0000000180)=0xffff7b6e, 0x4)
setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f00000001c0)=0x7, 0x4)
getsockopt$inet6_buf(r0, 0x29, 0x6, 0x0, &(0x7f0000000640))

2m27.807710771s ago: executing program 2 (id=205):
syz_mount_image$erofs(&(0x7f0000000040), &(0x7f0000000140)='./file2\x00', 0x0, &(0x7f00000003c0)=ANY=[], 0x1, 0x1f3, &(0x7f0000001880)="$eJzslc+q00AUxr+ZxKT3Ij6AGxde8LowbXJB3Fy4d+PKheCfiwvBYtNSTa20XdiCaJ/AvTsXPoaiWxf6BlIF0U3dqOuRyUwmQ0mrMS0Knh90+k3m5MyZM5MzIAjiv+Xjhx8z8X3/cw3AcezA18+/OLkNt+zf174+fH3p4tGTm8/f+LNgq8inEL8/vwvg1aGDd+ZdIWynO/r/KrjR18BxVusjMARa3wLHda1jMNzQ+o6l+9I+CNrdJA5u95OWFA3ZhLKJ2t2EuYvxzacMLSs+Zo0Px5O7zSSJBxsUv8rf/JBj38SHmj1+ASrahpW/EByh1ntguGJs/Sw3KiXW+k+6+fqdlev3UHHZnwDkT9oFNrzqFJnw5FTLbbKFFgwBbF17H52o7ifb87KvO0iFU/p1rtIiT8XmP4AKAu7aHAq/4CT4q85PdfH2pRZ8pfGLA7V/JtRHql9u0oMlQ15JPzrzpj6JZwxnrPqpSsnT9Kqpj3r368Px5Fy31+zEnfheFO2db2wDiOppIVLtsvLnA1tpfdrO/RfeSRKPeXjQHI0GoWpNP1JtUcXlcDGfcuyexjHZl9XUW/D7zdIs/cmvgz1WvV27XConBEEQ/wCnwNKanNblTOjbxAwIEV3+y3ESBEEQBEEQBEEQBPHn/AwAAP//W8NQxQ==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@xino_auto}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents64(r0, &(0x7f0000000580)=""/174, 0xff56)

2m27.448549812s ago: executing program 2 (id=208):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000005c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r0}, 0x4)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x11, &(0x7f0000000140)=ANY=[@ANYBLOB="180200000100000000000000000000008500000087000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f0000000080)='GPL\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r1, 0x0, 0xe, 0x0, &(0x7f0000000940)="e0b9547e9f17dbe9abc89b6e0704", 0x0, 0x40000003, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

2m27.039577176s ago: executing program 2 (id=209):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a090400000000000000000200000040000480100001800c0001006e6f747261636b002c0001800e000100696d6d656469617465000000180002800c00028005000100c402000008000140000000080900010073797a30000000000900020073797a320000000014000000110001"], 0x94}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000300000a20000000080a01010000000000000000020000090900010073797a30"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x8084)

2m26.593625142s ago: executing program 32 (id=209):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a090400000000000000000200000040000480100001800c0001006e6f747261636b002c0001800e000100696d6d656469617465000000180002800c00028005000100c402000008000140000000080900010073797a30000000000900020073797a320000000014000000110001"], 0x94}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000300000a20000000080a01010000000000000000020000090900010073797a30"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x8084)

1m39.857985994s ago: executing program 0 (id=468):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0})
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, &(0x7f0000000180)={{@my=0x0}, 0x0, 0x1})

1m39.57717684s ago: executing program 0 (id=477):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x70bd2d, 0x0, {{@in6=@empty, @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xc, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x407ffffffffffe, 0x800000000000002}, 0x0, 0x0, 0x1, 0x0, 0x6}, [@tmpl={0x44, 0x5, [{{@in=@rand_addr=0x64010102, 0x0, 0x3c}, 0x2, @in=@local, 0x6, 0x4, 0x3}]}]}, 0xfc}}, 0x0)
r1 = socket$inet6(0xa, 0x80002, 0x0)
sendto$inet6(r1, 0x0, 0x11, 0x200c8814, &(0x7f0000000280)={0xa, 0xe20, 0x0, @dev={0xfe, 0x80, '\x00', 0x36}}, 0x1c)

1m39.426299869s ago: executing program 0 (id=471):
r0 = creat(&(0x7f0000000040)='./file0\x00', 0x81)
close(r0)
r1 = socket$caif_stream(0x25, 0x1, 0x1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

1m37.85656951s ago: executing program 0 (id=484):
syz_mount_image$erofs(&(0x7f0000000040), &(0x7f0000000140)='./file2\x00', 0x0, &(0x7f00000003c0)=ANY=[], 0x1, 0x1f3, &(0x7f0000001880)="$eJzslc+q00AUxr+ZxKT3Ij6AGxde8LowbXJB3Fy4d+PKheCfiwvBYtNSTa20XdiCaJ/AvTsXPoaiWxf6BlIF0U3dqOuRyUwmQ0mrMS0Knh90+k3m5MyZM5MzIAjiv+Xjhx8z8X3/cw3AcezA18+/OLkNt+zf174+fH3p4tGTm8/f+LNgq8inEL8/vwvg1aGDd+ZdIWynO/r/KrjR18BxVusjMARa3wLHda1jMNzQ+o6l+9I+CNrdJA5u95OWFA3ZhLKJ2t2EuYvxzacMLSs+Zo0Px5O7zSSJBxsUv8rf/JBj38SHmj1+ASrahpW/EByh1ntguGJs/Sw3KiXW+k+6+fqdlev3UHHZnwDkT9oFNrzqFJnw5FTLbbKFFgwBbF17H52o7ifb87KvO0iFU/p1rtIiT8XmP4AKAu7aHAq/4CT4q85PdfH2pRZ8pfGLA7V/JtRHql9u0oMlQ15JPzrzpj6JZwxnrPqpSsnT9Kqpj3r368Px5Fy31+zEnfheFO2db2wDiOppIVLtsvLnA1tpfdrO/RfeSRKPeXjQHI0GoWpNP1JtUcXlcDGfcuyexjHZl9XUW/D7zdIs/cmvgz1WvV27XConBEEQ/wCnwNKanNblTOjbxAwIEV3+y3ESBEEQBEEQBEEQBPHn/AwAAP//W8NQxQ==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@xino_auto}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents64(r0, &(0x7f0000000580)=""/174, 0xff56)

1m37.632624224s ago: executing program 4 (id=478):
syz_mount_image$msdos(&(0x7f0000000200), &(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='nodots,dmask=00000000000000000000003,usefree,nodots,flush,dots,dots,gid=', @ANYRESHEX=0x0, @ANYBLOB], 0x1, 0x214, &(0x7f0000000840)="$eJzs3D1rW1cYB/AjWa6tlhZPhXbpoV3a5bb10qVDS3GhVNCSRCEv0zWWEyFFAl8NksmgOVM+RwhkCWQL+QL+DFmymYDx5Ck3OJKs2NixE0dy4vx+ix6e/z1X5+jARVy9bP5+91ZjNUtW004ozRdC8Y/QDzuFsBCKYaQffnpwZfvOxavX/v2zUlm6MDvsx/jVd4+v377//ZPOF5cf7nYKIYStxWcbX298s/ni0s16FutZbLU7MY3L7XYnXW7W4ko9ayQx/t+spVkt1ltZbW1fvtpsj5861LIspq1ebNR6sdOOnbVeTG+k9VZMkiTOB06lem8nz8NWnuf5XD/kef62JyhMZl5Myyn3n4/c3kU97l5Nn/e71W518DjI//6nsvRLfGVhPGq7263O7OW/DvK4P58Nnw/zxUPzz8KPPwzy3eyv/yoH8nJYmfzyAQAAAADgXErinkPv7yfJUfmgeu3zgQP370vh29K4MzP5pQAAAABHyHrrjbS5Mrs2KJq1Myvmwv7Ob4+GUzxu+M9Pjz9mQsWXwyK843nKIYSjjymGM9+U6RSj75EPO6PfF5xseOl9TaP8gbwao2I+HBaVw3pjbjqbAgAAnC/jN/0nHlKc6IQAAAAAAAAAAAAAAAAAAADgEzSNPzM76zUCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALzJywAAAP//ixdW4w==")
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0xffffffffffffff08, [@ptr, @type_tag={0xc, 0x0, 0x0, 0x12, 0x3}, @func_proto]}, {0x0, [0x2e, 0x30, 0x5f, 0x2e, 0x2e, 0x2e]}}, 0x0, 0x44, 0x0, 0x8000001}, 0x28)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)

1m37.482951492s ago: executing program 0 (id=479):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000300)={0x58, 0x2, 0x6, 0x801, 0x0, 0x0, {0x5, 0x0, 0x3}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x14, 0x3, 'hash:ip,port,ip\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x90}, 0x40c0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000000000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0)

1m37.287925234s ago: executing program 4 (id=480):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
open(0x0, 0x64842, 0x86)

1m36.955491953s ago: executing program 0 (id=481):
r0 = memfd_create(&(0x7f0000000400)='\x01\x00\x00\x00\x00\x00\x00\x00\xd64\xf9 \x00\x00\x00\x00\x00\x12\x1a\'<\xf5\xbeV\x12\xaal\xfa\xf0o\xd8\xb1,\xbd>M\xe3\x98?Y\x96\xab\xc7\x06F\x8e\xab\xc8\x1e\x89]\x13bZ\x8d \x19\x00k\x95\x9eLV(\x8a\x0e\x93\x93Vc]mP?\x1b]\xff\x9d\x14}\xd5\xca\xdf\xf3;\xce\xbativ\xce\xa4K\xfb\xf2\xe0\xfe\xe0\xbf\x9d\x82\xa2\xcd\xb39\xb4\x17a9\x1c\x82\x1aLT\xd0\xb9\x1a\xafB\x95\xcf\x91X\x02\x00\xc2\xa1\x1b\xfe\xe7\xbc\xf7\xeb\xc0L\x1d\x98Zq\xce\xd3\xefB\xd4\xee\xb5\xee\xe0\xaa\xdd\x00\xb1j$S\xfc\xb1[N\x8d\xcfI\xc8\x91\x87\x1fuYG7}%)\xb9\x00\x00\x00\x00\x00\x00\x00\x80W\xe0I\x0e\xa4\x1e}\x06\vK\xed\x11\x880\x0e\x9c\xaeVU\x88\xb0\x842kgA]Z\x88\xecIf\xee\xba\x8b\xc6\"\xcej\x84\x06\x8a\x99\x80\xd7\xcf\x96\xed\x89\x1e6\x93+\xec#\x1f2\xee\xce\x17\x89vr\xc5j\xec\x1b\xaa\x996\x14e\xcf\x8axQ\x9e\x035\x8a@\xd4\x1c\xe0\xa2\xc8\xb3c\x02\xe8\x1a\x89\xecL\xcf\xd8\xb5\xfb\xbc\t\x01\x88\xbe\xf4@[\xb2\xd5\x8c\xb9\x0e\x17\x8b\xce\xd09\xd2\xfb\x9e\xef\xabR\x88\x17\x9et\xf7\x9c\x01\x91\x00\x00\xdb\xf9\xcb\xb5Z\x05:\xa0 b\xcc\\\x99O\x7fh\x83>\x8e\xe1=\xedR\xc9\xe68h\x19\xafLD\x8d\x93\xebT\x15\x817\x9d\xf5s\x03\x1a=\xcc\xd1\xa7\'\xa0\xaf\xf7\xec\xaf]\x0e\a\x00\x91T\x1b\xee\x10\x92\x80m\xc7\x90\x9fU\xf9\x8e_f\x8f\x00\xc3r*\xc7\xaf\xe2\'\xe0f9\xde\n,\x8c8Y26\xa6u<\xca@H\xdc\xf1\xb0\xb8Zz\xf1oL \x97\x1c\x04|\xed\x1b\x9f\xc2o\x0f\x02I\xb6\xc3xH\xc3\x88(\xb6\x97~\xea\b\x00\xa3:\x8d\xebc>z\xae*\xc2\x14\xe9\x89#\xe2)\x9a\xb0hR\xffa\xf8\xde\xf7q4\xcfV\xbb\xc3t\xfa\xa9\x05>\xaea\x12\xce\x1cY\a\xb16\xb9\x12v\x1dN\xe1,_3\xa9\xa36\xaa.Cj\xd4\a\x84\xb2j\x86\xe1\x1f\xec1\xb9!lI\xc7\xbf\x85\xdd\x03\xbd\xdc\xc0\xf9\xf3\xaf\xe02AzX\x9aO\x93y;\xa7,\xbb\x11\xe6\x8fn\xa0m\xf8\xcf\x92\x19\xba,\x0e\x04\xbe\xbb\xdd\x00\xb1\xb6Enr\x17\xa4\xc5)\xce}\xb7\xb4\xdbn\xc3\xcc5:\xe0<uc\xbc\xec\xe5\xc79\x9c\xcf\xa4m\x06\x12\xd0I(\x96\xef[Y\x18\x15\x8d\x01P\x12/\xfcd\xfe\xa0\xc7-\x9a+\xf3\xf9R\x85\xa5~\x90\xbeC\xee\xe9\'\x9fW\xa5\xfa\xb9\xc8\x85\x16\xb2\xe2\x8f\xfa)?6\x0e\xac-\x82\xe3\xc1\xf7\xd3\x04\xf7\x0e\xe7v\xb2{\xaa\xfc)\xcb\xd4D\xf6#%I\xad\xaap\xddX\x14e\x11\xd8\xb3\xe9\xf2@\x97\xfa\x16\xe9\xb4l\x0e9\xf4\x9e\xefT\x9d\x18\x02\x00\x00\x00\x00\x00\x00\x00X\xc1\x9c\xd7\xed\xadC\xc6\xc9\xd6\xe6\xfe*t\x06\xeb]\vr-\x04{\x86\xcb\xbb4?\xa1\xb5S\xb8\x10pg\xbd\xce\x84\xe9\xfdZ\f\xeb\xd0c\x02\xdc\x90\t\x9fR\x01C8\xa8\xd9\x93\x1a\x97y\xf5\x88\v\x8b=\x14x\xe4l[$\xfa\x8d\xd0\"-\x82\xad\x1c\f\x9c\xc6$@7\x98c\'\x13rSqy\xca\x02\xb0\xc4c\xdc\xba\xca\xec#\xe4:d\x12\xc9 @\xa8\xd9\xd5\x14\x06\xf9r\xcd\xb9n\x03\xfa\x06\x85\x0f\xed03\xef\x01\xe3\x86\x91\xe6\xbc\xcb\x86d\xbei@&\xf8B|nNQ\xe3\'\xb3\x9b\xae\"\xd3\xf0\xa5\x8bT-\x83\xf4\xec\xbf\xba\xa3\xad\xa6\x15\xe2\x91=)p\xa3I;R\xb7v\xf9\x14\x96z\x8d\xbd6\x87\x99\x1f]\x9fMDK\xea\xd1\xdf@\xc1\xb2z\xd6S\xed\xf0mT\xd1\x84V\'\x95\f\x16\xf5I\xb5b\xb5\x1e=\xd8\x13\x92z\f}\x05:[\b\x1a\x03\x04?wx#\x81}\xff\xfb\x99\xe6J\x1d\xf8?sB\xc8)<&\xfc\x91\xe50\xac\xbb\tR\xf2&\xad\xd8#]\x8e\x7fo\xde\xc4\x16\xa6\x05\xdf\x8c\x99]<\xc0\"\x80|\x19\x8fr\x97\xc4\xc6\xc5\xe6 (T\x8f\xf1\x11\xbdT\x1b\xf2\xd4\xa4}\xcd\xa6D\xcb\xe0Y\xf0\x150\x89\"\x96\xf7\xae^\x1b\xb0\xcd\xe1N\xbc-p\x04\x06_Nt\xce\x93\xca\xd8+\xeb\xb6\x9e\xdaD8\xaa9\xe2\xf1\x18BqN\xe2\xc1\xb4,\xcf4\xcc\xa9H8\xacQ\xfe\xac\xa1\xd5\xe7\x87\x93\xee\x1aD\xc0$eR\xdc\xa1\xe5%C*VFH\fN\xa6DX\xaf\x7fj\x00\x00\x00\x00\x00\x00U\xbf8\xf2\x1b\xc1\xd9\a\xf4\xe4*\xb6;\xb9YomDAN\x10)%\xab=\xac\x9d/\xe3\xb0ybns%\xa7e\xcf\xfd\xe8r*\n\xe0\xc19#\xc7\xe2\xbeX\xcb\xc9\xb9\xd3&\x84S-\xfc\xc2\xd6\xa1\x15F\x19\xa7\x93y\xf1]\xd3\x93\xa9m\x00\x00\x00\x00\x00\x00\x94\x00\x00\x00\x99\xe6\xf5\b(N\x06@\xb3\x05U\xd5\xc9\xca\x85\x1c\x9e\x1d\x9aB\xc0\xd2I\x9f\xf6\xb3\n\x17\xc5\xf3\xae\xea\'\x8f\xa5\a\xf0\xd7\xa9:,e\xdb=\xcb\x81\x8f\xaaE\xfa\x0eM\xabX.\x05\xba\xae6\xe1\nM\xbd\x80\xf3u\xf0\xc2\xc1\xd1\r\xb6\x11\xfd\xb1\xc4\xbc\x15v\xc0\xa8\x1c\a\xdd\x0f\xa3 B\x8b\x10\x15\xee\xe6\xbd\xd7A\x9d\x9a\xc9\x8bc(\xc9\x92\x02\x01\xa953\xbbx\x86;\xd8\aQ0\x1dw\xa8z8\xe77`!\xf7\xce\xd1\x9c\x18\xfcP\r\xf4\xddxr*P\x8a\x1f \x90\xff\x8c\x96{\n\xd7\xfb\xb4\xb7\xdb\x11\xbd\xc2\x05\x12\x87\xbd\xd8\x8b\xd3\\\xea3\xddsYP.\xa6\x9d+\x94]\x19\xd0Q<\xea\xb7j\xc0<|I\xcb-ZZ\x1aC<\x1eB\xd3\xee\xd1\x0e\xf6\\\xb70a\xcd\xb8H\x8a\x8e\xbc\xe4\x91\xcc\xe1\x19s0\xd6', 0xd)
fallocate(r0, 0x0, 0x6, 0x8)
fcntl$addseals(r0, 0x409, 0xe)
ftruncate(r0, 0x0)

1m36.308820651s ago: executing program 33 (id=481):
r0 = memfd_create(&(0x7f0000000400)='\x01\x00\x00\x00\x00\x00\x00\x00\xd64\xf9 \x00\x00\x00\x00\x00\x12\x1a\'<\xf5\xbeV\x12\xaal\xfa\xf0o\xd8\xb1,\xbd>M\xe3\x98?Y\x96\xab\xc7\x06F\x8e\xab\xc8\x1e\x89]\x13bZ\x8d \x19\x00k\x95\x9eLV(\x8a\x0e\x93\x93Vc]mP?\x1b]\xff\x9d\x14}\xd5\xca\xdf\xf3;\xce\xbativ\xce\xa4K\xfb\xf2\xe0\xfe\xe0\xbf\x9d\x82\xa2\xcd\xb39\xb4\x17a9\x1c\x82\x1aLT\xd0\xb9\x1a\xafB\x95\xcf\x91X\x02\x00\xc2\xa1\x1b\xfe\xe7\xbc\xf7\xeb\xc0L\x1d\x98Zq\xce\xd3\xefB\xd4\xee\xb5\xee\xe0\xaa\xdd\x00\xb1j$S\xfc\xb1[N\x8d\xcfI\xc8\x91\x87\x1fuYG7}%)\xb9\x00\x00\x00\x00\x00\x00\x00\x80W\xe0I\x0e\xa4\x1e}\x06\vK\xed\x11\x880\x0e\x9c\xaeVU\x88\xb0\x842kgA]Z\x88\xecIf\xee\xba\x8b\xc6\"\xcej\x84\x06\x8a\x99\x80\xd7\xcf\x96\xed\x89\x1e6\x93+\xec#\x1f2\xee\xce\x17\x89vr\xc5j\xec\x1b\xaa\x996\x14e\xcf\x8axQ\x9e\x035\x8a@\xd4\x1c\xe0\xa2\xc8\xb3c\x02\xe8\x1a\x89\xecL\xcf\xd8\xb5\xfb\xbc\t\x01\x88\xbe\xf4@[\xb2\xd5\x8c\xb9\x0e\x17\x8b\xce\xd09\xd2\xfb\x9e\xef\xabR\x88\x17\x9et\xf7\x9c\x01\x91\x00\x00\xdb\xf9\xcb\xb5Z\x05:\xa0 b\xcc\\\x99O\x7fh\x83>\x8e\xe1=\xedR\xc9\xe68h\x19\xafLD\x8d\x93\xebT\x15\x817\x9d\xf5s\x03\x1a=\xcc\xd1\xa7\'\xa0\xaf\xf7\xec\xaf]\x0e\a\x00\x91T\x1b\xee\x10\x92\x80m\xc7\x90\x9fU\xf9\x8e_f\x8f\x00\xc3r*\xc7\xaf\xe2\'\xe0f9\xde\n,\x8c8Y26\xa6u<\xca@H\xdc\xf1\xb0\xb8Zz\xf1oL \x97\x1c\x04|\xed\x1b\x9f\xc2o\x0f\x02I\xb6\xc3xH\xc3\x88(\xb6\x97~\xea\b\x00\xa3:\x8d\xebc>z\xae*\xc2\x14\xe9\x89#\xe2)\x9a\xb0hR\xffa\xf8\xde\xf7q4\xcfV\xbb\xc3t\xfa\xa9\x05>\xaea\x12\xce\x1cY\a\xb16\xb9\x12v\x1dN\xe1,_3\xa9\xa36\xaa.Cj\xd4\a\x84\xb2j\x86\xe1\x1f\xec1\xb9!lI\xc7\xbf\x85\xdd\x03\xbd\xdc\xc0\xf9\xf3\xaf\xe02AzX\x9aO\x93y;\xa7,\xbb\x11\xe6\x8fn\xa0m\xf8\xcf\x92\x19\xba,\x0e\x04\xbe\xbb\xdd\x00\xb1\xb6Enr\x17\xa4\xc5)\xce}\xb7\xb4\xdbn\xc3\xcc5:\xe0<uc\xbc\xec\xe5\xc79\x9c\xcf\xa4m\x06\x12\xd0I(\x96\xef[Y\x18\x15\x8d\x01P\x12/\xfcd\xfe\xa0\xc7-\x9a+\xf3\xf9R\x85\xa5~\x90\xbeC\xee\xe9\'\x9fW\xa5\xfa\xb9\xc8\x85\x16\xb2\xe2\x8f\xfa)?6\x0e\xac-\x82\xe3\xc1\xf7\xd3\x04\xf7\x0e\xe7v\xb2{\xaa\xfc)\xcb\xd4D\xf6#%I\xad\xaap\xddX\x14e\x11\xd8\xb3\xe9\xf2@\x97\xfa\x16\xe9\xb4l\x0e9\xf4\x9e\xefT\x9d\x18\x02\x00\x00\x00\x00\x00\x00\x00X\xc1\x9c\xd7\xed\xadC\xc6\xc9\xd6\xe6\xfe*t\x06\xeb]\vr-\x04{\x86\xcb\xbb4?\xa1\xb5S\xb8\x10pg\xbd\xce\x84\xe9\xfdZ\f\xeb\xd0c\x02\xdc\x90\t\x9fR\x01C8\xa8\xd9\x93\x1a\x97y\xf5\x88\v\x8b=\x14x\xe4l[$\xfa\x8d\xd0\"-\x82\xad\x1c\f\x9c\xc6$@7\x98c\'\x13rSqy\xca\x02\xb0\xc4c\xdc\xba\xca\xec#\xe4:d\x12\xc9 @\xa8\xd9\xd5\x14\x06\xf9r\xcd\xb9n\x03\xfa\x06\x85\x0f\xed03\xef\x01\xe3\x86\x91\xe6\xbc\xcb\x86d\xbei@&\xf8B|nNQ\xe3\'\xb3\x9b\xae\"\xd3\xf0\xa5\x8bT-\x83\xf4\xec\xbf\xba\xa3\xad\xa6\x15\xe2\x91=)p\xa3I;R\xb7v\xf9\x14\x96z\x8d\xbd6\x87\x99\x1f]\x9fMDK\xea\xd1\xdf@\xc1\xb2z\xd6S\xed\xf0mT\xd1\x84V\'\x95\f\x16\xf5I\xb5b\xb5\x1e=\xd8\x13\x92z\f}\x05:[\b\x1a\x03\x04?wx#\x81}\xff\xfb\x99\xe6J\x1d\xf8?sB\xc8)<&\xfc\x91\xe50\xac\xbb\tR\xf2&\xad\xd8#]\x8e\x7fo\xde\xc4\x16\xa6\x05\xdf\x8c\x99]<\xc0\"\x80|\x19\x8fr\x97\xc4\xc6\xc5\xe6 (T\x8f\xf1\x11\xbdT\x1b\xf2\xd4\xa4}\xcd\xa6D\xcb\xe0Y\xf0\x150\x89\"\x96\xf7\xae^\x1b\xb0\xcd\xe1N\xbc-p\x04\x06_Nt\xce\x93\xca\xd8+\xeb\xb6\x9e\xdaD8\xaa9\xe2\xf1\x18BqN\xe2\xc1\xb4,\xcf4\xcc\xa9H8\xacQ\xfe\xac\xa1\xd5\xe7\x87\x93\xee\x1aD\xc0$eR\xdc\xa1\xe5%C*VFH\fN\xa6DX\xaf\x7fj\x00\x00\x00\x00\x00\x00U\xbf8\xf2\x1b\xc1\xd9\a\xf4\xe4*\xb6;\xb9YomDAN\x10)%\xab=\xac\x9d/\xe3\xb0ybns%\xa7e\xcf\xfd\xe8r*\n\xe0\xc19#\xc7\xe2\xbeX\xcb\xc9\xb9\xd3&\x84S-\xfc\xc2\xd6\xa1\x15F\x19\xa7\x93y\xf1]\xd3\x93\xa9m\x00\x00\x00\x00\x00\x00\x94\x00\x00\x00\x99\xe6\xf5\b(N\x06@\xb3\x05U\xd5\xc9\xca\x85\x1c\x9e\x1d\x9aB\xc0\xd2I\x9f\xf6\xb3\n\x17\xc5\xf3\xae\xea\'\x8f\xa5\a\xf0\xd7\xa9:,e\xdb=\xcb\x81\x8f\xaaE\xfa\x0eM\xabX.\x05\xba\xae6\xe1\nM\xbd\x80\xf3u\xf0\xc2\xc1\xd1\r\xb6\x11\xfd\xb1\xc4\xbc\x15v\xc0\xa8\x1c\a\xdd\x0f\xa3 B\x8b\x10\x15\xee\xe6\xbd\xd7A\x9d\x9a\xc9\x8bc(\xc9\x92\x02\x01\xa953\xbbx\x86;\xd8\aQ0\x1dw\xa8z8\xe77`!\xf7\xce\xd1\x9c\x18\xfcP\r\xf4\xddxr*P\x8a\x1f \x90\xff\x8c\x96{\n\xd7\xfb\xb4\xb7\xdb\x11\xbd\xc2\x05\x12\x87\xbd\xd8\x8b\xd3\\\xea3\xddsYP.\xa6\x9d+\x94]\x19\xd0Q<\xea\xb7j\xc0<|I\xcb-ZZ\x1aC<\x1eB\xd3\xee\xd1\x0e\xf6\\\xb70a\xcd\xb8H\x8a\x8e\xbc\xe4\x91\xcc\xe1\x19s0\xd6', 0xd)
fallocate(r0, 0x0, 0x6, 0x8)
fcntl$addseals(r0, 0x409, 0xe)
ftruncate(r0, 0x0)

1m35.914532903s ago: executing program 4 (id=487):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'veth0_to_bridge\x00'})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x16)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)

1m35.543991725s ago: executing program 4 (id=489):
syz_mount_image$erofs(&(0x7f0000000040), &(0x7f0000000140)='./file2\x00', 0x0, &(0x7f00000003c0)=ANY=[], 0x1, 0x1f3, &(0x7f0000001880)="$eJzslc+q00AUxr+ZxKT3Ij6AGxde8LowbXJB3Fy4d+PKheCfiwvBYtNSTa20XdiCaJ/AvTsXPoaiWxf6BlIF0U3dqOuRyUwmQ0mrMS0Knh90+k3m5MyZM5MzIAjiv+Xjhx8z8X3/cw3AcezA18+/OLkNt+zf174+fH3p4tGTm8/f+LNgq8inEL8/vwvg1aGDd+ZdIWynO/r/KrjR18BxVusjMARa3wLHda1jMNzQ+o6l+9I+CNrdJA5u95OWFA3ZhLKJ2t2EuYvxzacMLSs+Zo0Px5O7zSSJBxsUv8rf/JBj38SHmj1+ASrahpW/EByh1ntguGJs/Sw3KiXW+k+6+fqdlev3UHHZnwDkT9oFNrzqFJnw5FTLbbKFFgwBbF17H52o7ifb87KvO0iFU/p1rtIiT8XmP4AKAu7aHAq/4CT4q85PdfH2pRZ8pfGLA7V/JtRHql9u0oMlQ15JPzrzpj6JZwxnrPqpSsnT9Kqpj3r368Px5Fy31+zEnfheFO2db2wDiOppIVLtsvLnA1tpfdrO/RfeSRKPeXjQHI0GoWpNP1JtUcXlcDGfcuyexjHZl9XUW/D7zdIs/cmvgz1WvV27XConBEEQ/wCnwNKanNblTOjbxAwIEV3+y3ESBEEQBEEQBEEQBPHn/AwAAP//W8NQxQ==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@xino_auto}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents64(r0, &(0x7f0000000580)=""/174, 0xff56)

1m35.065709573s ago: executing program 4 (id=491):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x5})
ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x1)
ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0)

1m34.515141985s ago: executing program 4 (id=493):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001400000018000180140002006e657464657673696d300000000000000800040000000000080012000300000008001100ff070000080010000000020008000f"], 0x54}}, 0x0)

1m34.007584535s ago: executing program 34 (id=493):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001400000018000180140002006e657464657673696d300000000000000800040000000000080012000300000008001100ff070000080010000000020008000f"], 0x54}}, 0x0)

3.673732716s ago: executing program 5 (id=1062):
capset(&(0x7f0000000040)={0x19980330}, &(0x7f0000000080)={0x6, 0x6, 0x40, 0x89, 0xffffffff, 0x2})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x35, 0x0, &(0x7f00000003c0)="e3008067a7f97fffff876692001b4fccdde148f0630962bb87dd446158904bcee118b4241544716b", 0x0, 0xd, 0x0, 0x0, 0xffffffffffffff02, 0x0, 0x0, 0x2, 0x0, 0x8000000b}, 0x50)
r0 = syz_open_dev$sg(&(0x7f0000000140), 0x6f5e, 0x1)
ioctl$FIBMAP(r0, 0x1, &(0x7f0000000040)=0x85)

3.43859851s ago: executing program 5 (id=1065):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="0e0001000200", @ANYBLOB=','], 0x8)

3.167556676s ago: executing program 5 (id=1069):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TCSETAW(r0, 0x5407, &(0x7f0000000040)={0x6, 0x400, 0xc, 0xffff, 0xc, "ad5c732c906953f5"})
ioctl$TIOCMSET(r0, 0x5418, &(0x7f0000000000)=0x8001)
openat$ttyS3(0xffffff9c, &(0x7f0000000140), 0x20040, 0x0)

2.875552283s ago: executing program 6 (id=1070):
pipe2$9p(&(0x7f00000005c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x800)
io_setup(0x9, &(0x7f0000000240)=<r1=>0x0)
r2 = eventfd2(0x7, 0x0)
io_submit(r1, 0x1, &(0x7f0000000b80)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x8, 0x471f, r0, &(0x7f0000000040)="1698ad382f06da0135", 0x9, 0xf4, 0x0, 0x1, r2}])

2.74663968s ago: executing program 5 (id=1071):
syz_mount_image$vfat(&(0x7f0000000100), &(0x7f0000000200)='./bus\x00', 0x1000000, &(0x7f00000005c0)=ANY=[], 0x1, 0x126f, &(0x7f0000001600)="$eJzs3U1rY1UcB+B/2vQtY5uq4+gMiAfdKEKcduHKTZEZEAtKtQMqCHdsqqFpU5pQiIhTV64EP4aoS3eC+AW6ceNaEES6cTkL8UqbjDNp0o522lSG59ncwznnd8+5veXCDedw9175cn1ttVlZzVoxUihEcXMsirdTpBiJ0ejYiRdu/PzL02+98+7rC4uL15ZSur7w9tzLKaWZZ35475Nvn/2xdeHGdzPfT8Tu7Pt7f8z/untp9/LeX99ErZlqzbTRaKUs3Ww0WtnNejWt1JprlZTerFezZjVNdse4275ab2xutlO2sTJd2tyqNpsp22intWo7tQqptdVO2YdZbSNVKpU0XQoexPLXt/M8j8jzsRiPPM/zqSjFhXgkpmMmyjEbj8Zj8XhcjCfiUjwZT8Xlg17nPW8AAAAAAAAAAAAAAAAAAAB4uNxn/3+hf///xHlPGQAAAAAAAAAAAAAAAAAAAB46h/f/FyN8/x8AAAAAAAAAAAAAAAAAAACG7D7f/z+0//9F+/8BAAAAAAAAAAAAAAAAAADgLEx2DkspTUasf769vL3cOXbqF1ajFvWoxtUox59xsPu/o1O+/tritavpwGy8tH6rm7+1vTzam58bK8dsYWB+rpNPvfmJKN2bn49yXBw8/vzA/GQ8/9x+/rNOvhLl+OmDaEQ9ViIK3as/yH86l9KrbyxO9eav7Pc70ugZ3xYAAAA4TZX0j/73951up4Htnabu+3nq9iwc8/vAoffzYlwpntdVc0ez/fFaVq9Xt05YGD/6POO9NVPdniceqxARWU98pvTb0v4pTzr5UyuMDnXQseP7PMA9jeL/4I95CoXfv7qnZjKGO/pI9x89q+8/P/9dKnby/EwnNj6oaeK41NHPjMIZP5MYnrs3/bxnAgAAAAAAAAAAwH8xcPXfVET0rQf8qK/mzvLw3nj/mY8e/YshXCEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPA3O3AsAAAAACDM3zqNjg0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4KgAA//+E38bU")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x8000, 0x1f7)
r1 = fanotify_init(0x200, 0x41000)
fanotify_mark(r1, 0x201, 0x4800003e, r0, 0x0)

2.611732568s ago: executing program 6 (id=1073):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'netdevsim0\x00', <r1=>0x0})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000000c0)=@newlink={0x44, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x1}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_ENCRYPT={0x5, 0xf, 0x1}]}}}, @IFLA_LINK={0x8, 0x5, r1}]}, 0x44}}, 0x800)

2.373765272s ago: executing program 6 (id=1075):
r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x2, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x80000001, 0x1, 0x4})
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000240)=0x1)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000240)={0x80001a, 0x1, 0x1, "3a8e07ca5de21f00713c8fa98601acc620004b0000002100", 0x3231564e})

2.361009402s ago: executing program 1 (id=1076):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000080)={{0x3, 0x1}})
ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0)
ioctl$SNDRV_TIMER_IOCTL_STOP(r0, 0x54a1)

2.187609433s ago: executing program 6 (id=1077):
munmap(&(0x7f0000001000/0x4000)=nil, 0x4000)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x2a08000, &(0x7f0000000140)={[{@mblk_io_submit}, {@resuid={'resuid', 0x3d, 0xee00}}]}, 0xfc, 0x474, &(0x7f00000003c0)="$eJzs3MtrXFUYAPBv7mTSpM/4qNqHGl9YfDRN+rALN4qCCwVBF9VdTNNSm1ppIthSTBSpSym4F5eCf4Er3Yi6EtzqXgpBsml8gFfunXvzfk0yyUTn94MJ59x7Zu75zrlncu65MxNA2+rN/lQidkfEL1k6ybMz0qJQVm566vrQH1PXhyqRpq/9Xsn33Z66PlSWLZ+3u8gcSSKSjytxaInjjl69dnFwZGT4SpHvG7v0bt/o1WtPX7g0eH74/PA7A6dPnzje/8ypgZNNiXNPVteDH1w+fOClN26+MnTm5ls/fNVR1nVBHM3SG73z2nKux5p9sBbbMydd6WhhRWhINSKy7qrl439fVGO28/bFix+1tHLApkrTNN27/O6JFPgfq0SrawC0RvmP/vZUd3Rt0nXwdjb5XP0CKIt7unjU93REUpSpLbi+baauYt3kzMSfn0fe/jvaqv0BgK33TTb/eao+/ykf9T09cc+ccnvz9eBsa8QdEXFnRNwVEXdHxP6IvOy9EXFfg8fvXZBfPP9Mbq0rsDXK5n/PFve25s//itnfP2lPtcjtie7oiVrl3IWR4WNFmxyJ2o4s37/CMb594edPl9vXW8z9ykd2/HIuWNTjVseO+c85Ozg2uLGoZ01+mK8Bji+Of/bOVZY6EBEH1/H62bz5whNfHl5u/+rxr6AJ95nSLyIer/f/RKwQ/8L7k93FvlMDJ/u6YmT4WF95Viz24083Xl3u+BuKvwmy/t+55Pk/E39PZe792tHGj3Hj10+WvaZp4Px/s9ySnf+dldfzdGex7f3BsbEr/RGdlZcXbx+YfbUyX5af3L0/4pGlx3/2HpedY1n8hyIiO4nvj4gHIuLBou4PRcTDkb/EUsanI+L75x99ez3xJ6s1bBNk/X92Xv/HKv3feKJ68buv1xN/Xdb/J/LUkWLLWt7/1lrBjbQdAAAA/Fck+WfgK8nRmXSSHD0asStf292ZjFweHXvy3OX3/jpb/6x8T9SScqWrvh5cXw/tL9aGy/zAgvzxYt34s2p3nt9Z3PsGWmfX3PGfLzjWx3/mt2qLKwdsPt/XgvZl/EP7Mv6hfRn/0L7WOv7TTa4HsPWWGv/jLagHsPXM/6F9Gf/Qvox/aF/GP7SljXyvX2KVxHjDzdsVK5Xp3CZx5YlI8kQ63sJq/F38DMvaCm9efcpfy1i9cK0Yd9uhB1dOtO49CQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoJn+DQAA//85XdxN")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f0000000d40)={0x0, 0x2904c, 0x3fffffffffffe52, 0x10003, '\x00', [{}, {0xffffffff}]})

2.074023549s ago: executing program 5 (id=1079):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000009c0)={0x44, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$EVIOCGMASK(r1, 0x80045b10, 0x0)

2.035614221s ago: executing program 1 (id=1080):
mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x0, 0x8, 0x0)
mlock(&(0x7f0000ff9000/0x4000)=nil, 0x4000)
mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil)
mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000)

1.641818834s ago: executing program 1 (id=1082):
syz_mount_image$nilfs2(&(0x7f000000a000), &(0x7f0000000400)='./file0\x00', 0x94, &(0x7f000000a380)=ANY=[@ANYBLOB="0001def4774774366f0b8a20db13db64e85fc9322c3fe018b91ff1291b4f4c56de7e4543f49818e1307d98d09daa1e2a7dbf88003e9401dc73aad0b7dbb5685565c7825ba8340621faeae92abed19c524ab06c4303258d253722e159642af447aeb096c6a26d345d82f2925163331b0e9157441a9c61dd1051d3b970f9ac12f5975cf1ad4e45acef1a54921c492a77bcb1858b68758ed339608b8e43c733219f1f9e0b867840f821e03bc0e8a497c4d5dde436000090a397637dedb2f3"], 0x1, 0xd99, &(0x7f0000006900)="$eJzs3UtvXNUdAPBzx544LxqHmMZN09glpbiP2CRYpbsaKV2gSqgSnwClgYYa+ghdgIKUsOi2kRAfoIh9F31mgRSxSsWmVb8AYtVNipBoG1UCI9vnjMf/zOjOOLbH4/n9pDtn7v2fe88587hz575OAkZWY+1xcXG6SuntW29dvDcz/r/VKTOtHLNrj+N5bCml1GzNl9JkWN7SxHr62SfXLrWnn+e0ShdSlarW9PTs3da8R1JK19Nsup0m03Mfn7z50gfPLL934saJi2/M3dmZ1gMAwGi596N3f/m3x3947fj/f39mKU20ppft86U8fjRv9y9V6+M5af0PqNrSqm28OBDyjeehEfKNdcjXXk4z5BvvUv6BsNxml3wTNeWPtU3r1G4YZhv/46vG/KbxRmN+fv0/+aoPxw5U869cWX7h6oAqCmy7T2fyLj6DwTByw8qxQa+BANbF44b3uR73LDyY1tLGeyv/7tONzvPDNtjtz7/yh6v8d29Y47B99uunqbSrfI+O5vF4HGE8zNfv978sLx6PaPZYz27HEYbl+EK3eo7tcj22qlv94+div/paTsvrcCbE278/8T0dlvcY6Oye/f8Gw8gOK4NeAQF7VjxvbiUr8XheX4xP1MQP1sQP1cQP18SP1MRhlP3h1d+mm9XG//z4n77f/WFlP9tDOf1Sn/WJ+yP7LT+e99uvBy0/nk8Me9rcf09/+uvbf4/n/38ezv8/m39LJ/MKouwvjPvVW+f+hwuDG13yPRyq81CH/GvPpzbnq6Y2lpPa1jP31WN683zHuuU7vTnfZMh3OG+LHAz1jdsnh8N8ZfujrFfL6zUe2tsM7TgQ6lHemeM5PRjac7xbu8KO7AMhXzMPJ0K7pkK7HgnzfTm0q5re3K64/7zU52SYHo+TlHzhbbvvdym+F/G6jEdz+mZO38np+zn9qEO5o6h8Hrud/18+n9OpWb1wZfnyE3m8fE7vjDUnVqef3+V6Aw+u1+t/ptPm63+OtqY3G+3rhWMb06v29cJkmH6hy/Qn83j5Pfvp2KG16fOXfr78k+1uPIy4q6+9/rPnl5cv/8oTTzzxpPVk0GsmYKctvPryLxauvvb6uSsvP//i5Rcvv3L+ie9/78mnnlpcWNuqX2jftgf2l40f/UHXBAAAAAAAAAAAAOhZdajz5JzW3d+2XE9erk+P18czHMr7Vj4N5T4G5frPbvd1KddvHt+FOrL9duNyokG3Eejs3+7/azCM7LCy4i7+wN4w6P7/yn0PS3r03D+Prw4l292nN68v4/0L4UHs9f7nlL+/+v9r9X/V8/ov9Jg1ubVy/3jv0D/aik2nei0/tr/cB3aqv/L/lMsvrXks9Vb+yu9C+fFGpT36cyj/cI/l39f+01sr/y+5/PKyzZ3ttfz1GleNzfWI+43LfQDjfuPir6H95d5+fbd/ix213crlwygbln4m+zUs/X92U5Zb1oN59dw6Tlfuvx37O+i3/uW+3+V34JGw/Krm903/n8Otrv/P8vlb0P8n7DsfOv5nMIzssLKyMtCuT0a135W9YtCv/6C3IQdd/qBf/zqx/8/4fyn2/xnjsf/PGI/9f8Z47F8rxmP/n/H1jP1/xvjJsNzYP+h0TfwrNfFTNfGv1sRP18Tj/7cYn62Jn6mJz9TEH66JP1oTP1sT/0ZN/LGa+OM18bma+H739ZyOavthlMV+I33/YXSU4z/dvv9TNXFgeMV+neP3+5s1cWB4lfM8fL9hBFWd79gR97eX/bhv5vSdnL6f0492rILshm/l9Ns5/U5Ov5vTczmdz+lCTvUNOdx+869TZ25WG+f5HQvxXs8njdcDxPvEnO+xPvH4XL/ns57ssZydKn+Ll4MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADI3G2uPi4nSV0tu33rr4n6kf/Hh1ykwrx+za43geW0opNVNKVR4fD8u7PrGefvbJtUud0ipdWHss4+nZu615j6zOn2bT7TSZnvv45M2XPnhm+b0TN05cfGPuzs60HgAAAEbDFwEAAP//ManlwQ==")
r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000080)='./bus\x00', 0x2000010, &(0x7f00000013c0)=ANY=[], 0xf, 0x6a2, &(0x7f0000000100)="$eJzs3c1vHGcdB/DvrNeuHargtEkboSKiRCpIFolf5IK5EBBCPlSoKgfOVuI0VjZOZbvIrRC4FMEJiUP/gILkGyck7kHhXG69+lgJiUvEIeJiNLOz9tq7ju3Eb4HPJxo/z8zzzDO//e0zM951Vhvg/9bsWJoPU2R27O3Vcn1jfaq1sT71Ut3cSlLWG0mzXaRYTIpHyc2yveha0lX2+HRh5t0vHm982V5r1kvVv/G0/fro03etXnIlyUBd9ho86CF2jHcrycs9XYYOOtaOjmXSrtUlnLrNHmuH2f0w5y1wxnTuTkX7vtljNDmXZLj+PSD11aFxchEej0Nd5QAAAOAF9fmD044AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXjz19/8X9dKoy1xJ0fn+/6HOtrr+Qnt42gEAAAAAAAAAwBH4xpM8yWrOd9Y3i+pv/lerlYv5z2bylXyQ5cxnKdezmrmsZCVLmUgy2jXQ0OrcysrSxNaepf57Tvbdc/KkHjEAAAAAAAAA/E/6dWa3//4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABnQZEMtItqudipj6bRbFczVP5YS/7Rqb8gin4bH558HAAAAPBchp9hn68+yZOs5nxnfbOoXvO/Vr1eHs4HWcxKFrKSVuZzu34NXb7qb2ysT7U21qful0vvuD/416HCqEZM+72H/ke+XPUYyZ0sVFuu51YVzO00qj1Llzvx9I/r4zKm4vu1A0bWrNNaHuwPe72LcCQO+1bEaBlcspWR8Tq2MhsX2hkoqjdqkt2Z2PfZae4+UhoZ3DrSRBpb7/xcPIacn6vL8vH89lhzflhbmWikysRk1+x77emZSL751z//7G5r8d7dO8tjZ+ch7WNgj+2758RUVyZe75eJ7oHOdCaah+w/XmXi0tb6bH6cn2YsV/JOlrKQn2cuK5nPZt0+V8/n8ufo0+fMzR1r7+wXyVD9vLRTfZCYruRHVW0uV6t9z2chRR7kdubzVvVvMhP5TqYznZmuZ/jSnnFXj6066xu7z/rOM/23vsFf+1ZdGUnyu7rsycEue83Oo9K+9pd5vdCV1/asf7zV60LXeTDelaVXOtkZ7Dv4s1wbm1+rK+UxPqnLs2G0zkR5AnXuEp3oXm1nolndi3rn+R+rc2O5tXhv6e7c+3uMv7Zr/c26LKfV+tcPGmX/p+JolfPllQzXV5Kds6Nse3XrKnNhx111qP6LS7ut0dN2qWoris6Z+pOeM7Wcr+WZOlT/Dtc70mTV9nrftqmq7XJX247ft/Igrdw+gfwB8JxGc25o5J8jn498NvKbkbsjbw//8KXvvvTGUAb/Pvi95vjAm403ir/ks/xy+/U/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw7JY//OjeXKs1v9S/0ti7aZ/KfiPvqhT1F/o807HOYGU4yY4tg+WGIzvEJwfsPLI7jJ7K5q+SE89P50sE+/f5fVlp5iAD3tyvz8enPhPOemUg/SfAKV+YgGN3Y+X++zeWP/zo2wv3596bf29+cXB6emZ8ZvqtqRt3Flrz4+2fpx0lcBy2b/qnHQkAAAAAAAAAAABwUP0+GHD15f0+NHKgz3j4n4UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAkZgdS/NhikyMXx8v1zfWp1rl0qlv92wmaTSS4hdJ8Si5mfaS0a7hivzpUTb7HOfThZl3v3i88eX2WM12/6RRl89hrV5yJclAXR7VeLeee7zi351HWCbsWidxcNr+GwAA///UmvRo")
ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40106e80, &(0x7f0000000100)={0x1, 0x100000000, 0x9, 0x0, 0x4000040c, 0x4fe4, 0x2401})

1.454078635s ago: executing program 6 (id=1084):
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
unshare(0x2040400)
r0 = socket$can_raw(0x1d, 0x3, 0x1)
bind$can_raw(r0, &(0x7f0000000000), 0x10)

1.229976308s ago: executing program 3 (id=1085):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000000)=0x3)
ioctl$PPPIOCSPASS(r0, 0x40107447, &(0x7f0000000080)={0x2, &(0x7f00000001c0)=[{0x40, 0x1, 0x0, 0xffcffffc}, {0x6, 0x0, 0x0, 0x3}]})
write$ppp(r0, &(0x7f0000000300)="5af9", 0x2)

1.059721589s ago: executing program 6 (id=1086):
syz_mount_image$jfs(&(0x7f0000000400), &(0x7f0000000380)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x1c802, &(0x7f0000002740)=ANY=[], 0x3, 0x5f74, &(0x7f0000002040)="$eJzs3V1vHFf9B/DfPnj90H/TqPqrChEXbgqlpTTPCZSnplxwAUggoVyTyHWrQFpQEhCtLOLKF4gLHl4C3PSGi76RIvEKEC+ASDZXlaAMGvucZLxeex1i76x9Ph/JmfntmfGeydfj2fXM7AkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIL7z7R9e6ETEjV+kB05G/F/0IroR83W9GPXMtbx8PyJOxWZzPBcRvdmIev3Nf56JuBwRH5+IWN9YWaofvrjPflw5f+/Op9/91t9+/fu1Uz9+80cfDrf/4P8vffSb+xEnv//aR5/eP5htBwAAgFJUVVV10tv80+n9fbftTgEAE5GP/1WSH1er1Wr1gda/605Xf9SF1k3VaPebRUSsNtepXzM4HQ8AR8xqfNJ2F2iR/IvWj4in2u4EMNU6bXeAQ7G+sbLUSfl2mseDxa32/HfKbfmvdh7e37HbdJzha0wm9fO1Fr14dpf+zE+oD9Mk598dzv/GVvsgLXfY+U/KbvkPtm59Kk7Ovzec/5Bt+f8hIo5s/t2R+Zcq599/nPxXe0d4/5c/AAAAAADHX/77/8mWz//OPvmm7Mte538XJ9QHAAAAAAAAADhoTzr+30PG/wMAAICpVb9Xr/3xxKPHdvsstvrx652Ip4eWBwqTbpZZaLsfAAAAAAAAAAAAAFCS/tY1vNc7ETMR8fTCQlVV9VfTcP24nnT9o6707YeStf1LHgAAtnx8It3Lnwfg60TMRcT19Fl/MwsLC1U1N79QLVTzs/n17GB2rppvvK/N0/qx2cE+XhD3B1X9zeYa6zWNe788rn34+9XPNah6++jYZLQcOgDF2zoarTsiHTNV9Uy0/SqHo8H+f/zY/9mPtn9OAQAAgMNXVVXVSR/nfTqd8++23SkAYBLm8vF/+LyAWq1Wq9Xq41c3VaPdbxYRsdpcp37NYDh+ADhiVuOTtrtAi+RftH5EnGq7E8BU67TdAQ7F+sbKUifl22keD9L47vlakG35r3Y218vrj5qOM3yNyaR+vtaiF8/u0p/nJtSHaZLz7w7nf2OrfZCWO+z8J2W3/OvtPNlCf9qW8+8N5z/k+OTfHZl/qXL+/cfKvyd/AAAAAACYYvnv/yfLPf/by/1ZnFAfAAAAAAAAAOCgrW+sLOX7XvP5/8+OWK7TnHP/57GR8+/sO3/3/x4nOf/ucP5DF+T0GvMP3niU/z83VpY+vPePz+Tp1Oc/0xvUzz3T6fb66ZqfauatuBW3YznO71i+v639wo72mW3tF8e0X9rRPqjb53P72ViKn8btePNh++yYC6PmxrRXY9pz/j37f5Fy/v3GV53/QmrvDE1rDz7o7tjvm9NRz3Ptz/9+cefeNXlr0Xu4bU319p1poT+b/ydPDeLnd5fvnP3lzXv37lyINNn26MVIkwOW859JXzn/l17Yas+/95v764MPBo+d/7RYi/6u+b/QmK+39+UJ960NOf9B+sr55yPQ6P3/KOe/+/7/Sgv9AQAAAAAAAAAAAAAAgL1UVbV5i+i1iLia7v9p695MAGCifvu9NFMloVar1Wq1+tjWTdVorzeLmNu+ztWI+NWobwYATLP/RMTf2+4ErZF/wfLn/dXTz7XdGWCi7r73/k9u3r69fOdu2z0BAAAAAAAAAP5XefzPxcb4z5vXAQ2NG71t/Nc3YvHIjv/ZHfQ2xzpPG/R87D3+95nYe/zv/pjnmxnTPhjTPjumfW5M+8gbPRpy/s+njHP+p9OGlTT+60st9KdtOf8zaaznnP8XhpZr5l/96Sjn392W/7l77/zs3N333n/11js3315+e/ndC+evXr505fKlK1fOvXXr9vL5rX9b7PHhyvnnsa9dB1qWnH/OXP5lyfl/PtXyL0vO/8VUy78sOf/8ek/+Zcn55/c+8i9Lzv/lVMu/LDn/L6Za/mXJ+b+SavmXJef/pVTLvyw5/1dTLf+y5PzPplr+Zcn5n0u1/MuS889nuORflpx/vrJB/mXJ+V9MtfzLkvO/lGr5lyXnfznV8i9Lzv9KquVflpz/1VTLvyw5/y+nWv5lyfl/JdXyL0vO/7VUy78sOf+vplr+Zcn5fy3V8i9Lzv/rqZZ/WXL+30i1/MuS8/9mquVflpz/66mWf1keff6/mQnP/OsvEVPQDTOlzrz7172Wafs3EwAAAAAAAAAAAAAwbBJXGre9jQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/2UHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoKO3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdi7uxi5zvoM4Ge/7LUTiEtCCMGQteMEQzbeXX8lJhgcIDQNLU0DoaUNdYy9/gB/1buGJIqaTZO2QURqpPYivSgFRBFSWyVCSKVSiiIVqb1rrkC5Qa2UC0tNKhNBJaokW5057/vuzOzszPpj7Tnn/H5R/PfOnJl558yZ2X3WemYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmm34+PSfD2RZlv/f+GNdll2Z/31Ntif/cm7n5V4hAAAAcKHebPz5D1elE/Ys40JN2/zb+/7jB/Pz8/PZF18/89Zfzs+nM8aybGh1ljXOi/79V7+cb94meCIbHRhs+nqwx80P9Th/uMf5Iz3OX9Xj/NU9zh/tcf6iHbDImuL3MY0r29T467pil2bXZCON8zZ1uNQTA6sHB+PvchoGGpeZHzmYHcmOZtPZ5KLLDDT+y7IXNuS3dXcWb2uw6bbWZ1l29ueP7o9rGAj7eFPWcmMNzY/da3dmY6///NH935199d2dZs/dsGilWbZ5Y77OJ7Ns4ddV2UC2Ou2TuM7BpnWu77DOoZZ1DjQul/+9fZ1nl7nOeL9Hwzpf6rLO9eG0h27MsmwuW3Kbdk9kg9natltN+3u0OCLy68gfyndkw+d0nGxYxnGSX+aVG1uPk/ZjMu7/DWGfDC+xhuaH47XHVy3a7+d7nOT3uh+O1fy6781vdHS0+VerLcdqvs2jNy19DHR87DocA+lYbjoGNvY6BgZXDTWOgcGFNW9sOQamFl1mMBto3NaZm7ofAxOzx05OzDz8yK1Hju07NH1o+vjU5M7t23Zs37Zjx8TBI0enJ4s/z22XlsjabDAdgxvDa008Bt/ftm3zITn/rYv3PBjtk+dBft8/e3O+oCsHsyWO8XybJzdf+PMgfd9veh4MNz0POr6mdngeDC/jeZBvc3bz8r5nDjf932kNK/VauK7pGLic3w/z23zgA0u/Fq4P63rqg+f6/XBo0TEQ79ZAeO7lp6Sf90ZvD/tl8XFxfX7GFauy0zPTp7Y8tG929tRUFsYlcXXTY9V+vKxtuk/ZouNl8JyPlz1//8bN13c4fV3YV6O3dH+s8m22j3d/rBqv7q37c1VW7M+WU7dmYVxkl3p/dvpulu/PlCW67M98mydvvfCfBVMuaXr9G+n1+jc0Mly8/g2lvTHS8vq3+KEZaqwsy87eurzXv5Hw/6V+/bumT17/8n31wJbux0C+zVMT53oMDHd9/bsxzIGwng+ExDDalPvfapw/VxymTY9lz+NmeHgkHDfD8RZbj5ttiy6TX1t+25snz++42Xxj62PV8nNLBY+bfF/91WT34ybf5sWpC3/tWBP/2vTasarXMTAytCpf70g6CIrXu/k18RjYku3PTmRHswPpMvmjnN/W+NblHQOrwv+X+rXjuj45BvJ99ezW7sdAvs2Pt13cn502h1PSNk0/O7X/fmGpzH/98ML1te+2i53583V+4iefTqd1yhD5Nq9uP9ec0X0/3RJOuaLDfmp//ix1TB/ILs1+ui6s8+iO7r+byre5Zucyj6c9WZa9PPVy4/dd4fe73z/9kx+0/N630++UX556+Z6J+356LusHAOD8vdX4c25V8bNm079YL+ff/wEAAIBSiLl/MMxE/gcAAIDKiLl/KMxE/gcAAIDKiLl/OMykJvn/8O27nnvzsSy9G+B8EM+Pu+HejxTbxY73XPh6bH5BfvrHvjPy3NceW95tD2ZZ9sY97+m4/eGPxHUVTsZ1fqj19EWuu2FZt//g/QvbNb9/wtldxfXH+7PcwyB2lV+Y2Nq43rGHpxrzxXuyxrxv7qkniusvvo7bn9lWbP834U1L9hwcaLn85rCeTWGOhfeUuXfPwn7IZ7zcc+vf969Xf27h9uLlBja+vXE3n/3j4nrje0Q9c3WxfbzfS63/X77+vefy7R+6qfP6HxvsvP4z4XpfCfNXu4vtm/f515rW/6dh/fH24uW2fPtHHdf//LuK7Z8Px8U3w2xf/51/8d43Oz1e8Xb23FFcLt7+5P9ub1wuXl+8/vb1jz421bI/2q//xdeL69n9lV8MNW8fT4+3Ez14R+vxPRAe35YeeZZl3/uzrGU/Zx8uLvfPbeuP13fyjs7rv6VtnScHbmhcfuH+rGu5X9/4u60d729cz55/XNdyf565K+y/1yd+nF/vmfvC8RjO/7+Xiutrfy/T5+9qfb2J239zXfG8jdc30bb+Z9rWP3dDvu96r//u14v1P//R1S3r3/PJcDzdXcxe6z/0t1e1XP5b3y0ej1NfHT9+Yub0kQNNe7X5ebx6dM3aK65829uvCq+l7V/vPTF7ePrU2OTYZJaNlfAtA1d6/d8O83+KMXfxb6Hw018Ux93Tnyq+b73/l8XXz4TTHwyPZ/z++I2/Hmk5Xtsf97mPFvNC1//BsI7letfX/+uGZW145gsvnP6nP3m1/eeCeH9OvnO0cf+e3XBt47yBF4vz21+vevnPd7Y+r382PNmYPwz7dT68M/PGa4vba7/++N4kT3+meP7Gn+Ti5bO29xNZN9R6Py50/T8LP8f86LrW1794fPzwsbZ3c16XDeRLmAuvD9lccX7cKu7vp89e2/H24vvwZHPvPpdlLmnm4ZmJo0eOn35oYnZ6ZnZi5uFH9h47cfr47N7Ge5fu/VKvyy88v9c2nt8HpnduzxrP9hPFWGGXe/0n799/4LbJmw9MH9x3+uDs/SenTx3aPzOzf/rAzM37Dh6c/mqvyx85sHtq665tt20dP3TkwO7bd+3atmv8yPET+TKKRfWwc/LL48dP7W1cZGb39l1TO3Zsnxw/duLA9O7bJifHT/e6fON703h+6a+Mn5o+um/2yLHp8Zkjj0zvntq1c+fWnu/+eOzkwZmxiVOnj0+cnpk+NVHcl7HZxsn5975el6ceZk6E17s2A+Gn88/fsjO9P27uO48veVXFJq0/nmavhfeCit/fen0dc/9ImElN8j8AAADUQcz94Y3/F86Q/wEAAKAyYu5fHWYi/wMAAEBlxNxfJP/R9PHvdcn/F6v//7j+f4P+v/5/pv+f6P/r/2f6//r/Pej/6/+Xef36//r/9NZv/f+Q+7M1Webf/wEAAKCiYu5fG2Yi/wMAAEBlxNx/RZiJ/A8AAACVEXP/lWEmNcn/Pv9f/1//v1v/P26r/5/p//dD/3/Tf+v/L6L/r/+f6f+ft8vdny/7+vuw/79G/59+02/9/5j73xZmUpP8DwAAAHUQc//bw0zkfwAAAKiMmPuvCjOR/wEAAKAyYu5fF2ZSk/yv/6//r//v8//1/0vT//f5/x3o/+v/Z/r/5+1y9+fLvv4+7P/7/H/6Tr/1/2Pu/7Uwk5rkfwAAAKiDmPvfEWYi/wMAAEBlxNx/dZiJ/A8AAACVEXP/NWEmNcn/9ez/v5Jlmf5/pv+v/9+2Tv1//f+VoP+v/9+N/r/+f5nXr/+v/09v/db/j7n/nWEmNcn/AAAAUAcx918bZiL/AwAAQGXE3P+uMBP5HwAAACoj5v7rwkxqkv/r2f/3+f/6/wX9/9Z16v/r/6+EWvf/3zis/9+D/r/+f5nXr/+v/09v/db/j7n/3WEmNcn/AAAAUAcx918fZiL/AwAAQGXE3P+eMBP5HwAAACoj5v71YSY1yf/6//r/+v/6//r/+v8rqVz9/8Elz/H5/wX9/1YXr/8/t7AA/f/SrF//X/+f3vqt/x9z/3vDTGqS/wEAAKAOYu5/X5iJ/A8AAACVEXP/DWEm8j8AAABURsz9Y2EmNcn/+v/6//r/+v/6//r/K6lc/f+l6f8X9P9b+fx//X/9f/1/uuu3/n/M/RvCTGqS/wEAAKAOYu7fGGYi/wMAAEBlxNx/Y5iJ/A8AAACVEXP/pjCTyuT/t3U9V/9f/1//X/9f/1//fyXp/+v/d6P/r/9f5vXr/+v/01u/9f9j7r8pzKQy+R8AAACIuf/mMBP5HwAAACoj5v73h5nI/wAAAFAZMfdvDjOpSf7X/9f/1/8vcf9/SP8/0//ve/r/+v/d6P/r/5d5/fr/+v/01m/9/5j7PxBmUpP8DwAAAHUQc/8Hw0zkfwAAAKiMmPtvCTOR/wEAAKAyYu4fDzOpSf7X/9f/1/8vcf/f5/+3rF//vz/p/5el/z/S+qX+/7Lo/+v/6//r/9Ndv/X/Y+6/NcykJvkfAAAA6iDm/i1hJvI/AAAAVEbM/RNhJvI/AAAAVEbM/ZNhJjXJ//r/+v/6//r/+v/6/ytJ/78s/f82+v/Lov+v/6//r/9Pd/3W/4+5fyrMpCb5HwAAAOog5v6tYSbyPwAAAFRGzP3bwkzkfwAAAKiMmPu3h5nUJP+XpP+/JRWg9P/1//X/9f/1/0tF/1//vxv9f/3/Mq9f/1//n1aDHU7rt/5/zP07wkxqkv8BAACgDmLu3xlmspD/1136VQEAAAAXU8z9t4WZ+Pd/AAAAqIyY+28PM6lJ/i9J/9/n/+v/6/830f/X/y8T/X/9/270//X/y7x+/X/9f3rrt/5/zP27wkxqkv8BAACgDmLu/1CYifwPAAAAlRFz/x1hJvI/AAAAlEqnzyGMYu7/cJhJTfK//n/V+//zq/X/9f/1/7uvX/9/Zen/6/93o/+v/1/m9ev/6//TW7/1/2Pu3x1mUpP8DwAAAHUQc/9HwkzkfwAAAKiMmPs/GmYi/wMAAEBlxNy/J8ykJvlf/7/q/X+f/6//r//fa/36/ytL/1//vxv9/3L2/8OPLfr/fdT/z48h/X/6Ub/1/2PuvzPMpCb5HwAAAOog5v6PhZnI/wAAAFAZMfd/PMxE/gcAAIDKiLn/E2EmNcn/+v/6//r/+v/l7P+P6P+XhP7/ivX/Gy+F+v8F/f/zc7n782Vffz/1/33+P/2q3/r/MfffFWZSk/wPAAAAdRBz/yfDTOR/AAAAqIyY+389zET+BwAAgMqIuf/uMJOa5H/9f/1//X/9/3L2/33+f1no//v8/270//X/y7x+/X/9f3rrt/5/zP2/EWZSk/wPAAAAdRBz/z1hJvI/AAAAVEbM/Z8KM5H/AQAAoGRWLXlOzP2/GWZSk/xfvv7/WCn7/4Pp+vX/9f/1//X/9f8vJv1//f9M//+8Xe7+fNnXr/+v/09v/db/j7n/t8JMapL/AQAAoA5i7v90mIn8DwAAAJURc/9vh5nI/wAAAFAZMfffG2ZSk/x/sfv/7Zfvxuf/6/9n+v/6//r/+v8XSP9f/z/T/z9vl7s/X+L1xx9F9P/1/+mh3/r/Mff/TphJTfI/AAAA1EHM/feFmcj/AAAA0KcOn/MlYu7/TJiJ/A8AAACVEXP/Z8NMapL/y/f5//r/+v/6//r/+v9lov+v/9+N/r/+f5nX7/P/9f/prd/6/zH33x9mUpP8DwAAAHUQc//nwkzkfwAAAKiMmPt/N8xE/gcAAIDKiLn/98JMapL/9f/1//X/9f/1//X/V5L+/+L+f/4apv9f0P/X/y/z+vX/9f/prd/6/zH3fz7MpCb5HwAAAOog5v7fDzOR/wEAAKAyYu7/gzAT+R8AAAAqI+b+B8JMapL/9f/1//X/9f/1//X/V5L+v8//70b/X/+/zOvX/9f/p7d+6//H3P+FMJOa5H8AAACog5j7/zDMRP4HAACAyoi5f2+YifwPAAAAlRFz/4NhJjXJ//r/+v/6//r/+v/6/ytJ/1//vxv9f/3/Mq9f/1//n976rf8fc/++MJM9rTcDAAAAlFfM/V8MM6nJv/8DAABAHcTcvz/MRP4HAACAyoi5/0CYSU3yv/6//r/+v/6//r/+/0rS/9f/70b/X/+/zOvX/9f/p7d+6//H3D8dZlKT/A8AAAB1EHP/wTAT+R8AAAAqI+b+Q2Em8j8AAABURsz9h8NMapL/9f/1//X/a9v/f+n7bevU/9f/Xwn6//r/3ej/6/+Xef36//r/9NZv/f+Y+4+EmdQk/wMAAEAdxNz/pTAT+R8AAAAqI+b+L4eZyP8AAABQGTH3Hw0zqUn+1//X/9f/r23/f3mf/79m4Xb1//X/z4f+v/5/N/r/+v9lXr/+v/4/vfVb/z/m/mNhJjXJ/wAAAFAHMfcfDzOR/wEAAKAyYu4/EWYi/wMAAEBlxNx/MsykJvlf///c+v8DS3QD9f87r1//vwL9/yb6//r/50P/X/+/G/1//f8yr1//X/+f3vqt/x9z/x+FmdQk/wMAAEAdxNx/KsxE/gcAAIDKiLl/JsxE/gcAAIDKiLl/NsykJvlf/9/n/+v/6//r/+v/ryT9f/3/bvT/9f/LvH79f/1/euu3/n/M/afDTGqS//+fvfte8qys9jjcNGcOQ1HeA+UdeAVegtdgleUlmAOYMSvmnDAnzIo555wxZ1EUc6zSonuthQw9e/cw/et597ue5w8Wp+EULwVW+a3xUxsAAAA6yN3/gLjF/gcAAIBp5O5/YNxi/wMAAMA0cvc/KG5psv/1//p//b/+X/+v/98l/b/+f4n+X/+/5ffr//X/rBut/8/d/+C4pcn+BwAAgA5y9z8kbrH/AQAAYBq5+x8at9j/AAAAMI3c/Q+LW5rsf/2//l//r//X/+v/d0n/r/9fov/X/2/5/fp//T/rRuv/c/c/PG5psv8BAACgg9z9j4hb7H8AAACYRu7+R8Yt9j8AAABMI3f/NXFLk/2v/9f/6/832P//n/5f/78d+n/9/xL9v/5/y+/X/+v/WTda/5+7/9q4pcn+BwAAgA5y9z8qbrH/AQAAYHPuef+jf567/9Fxi/0PAAAA08jd/5i4pcn+1//r//X/G+z/ff9f/78h+n/9/xL9v/5/y+/X/+v/WTda/5+7/7FxS5P9DwAAAB3k7n9c3GL/AwAAwDRy9z8+brH/AQAAYOvO5O/k7n9C3NJk/+v/T6//v0z/r//X/+v/9f8nTv+v/9/T/99tl7qf3/r79f/6f9btvP+/z3UH97j9f+7+6+KWJvsfAAAAOsjd/8S4xf4HAACAaeTuf1LcYv8DAADANHL3PzluabL/9f++/39H//+fy/T/+n/9/x0/1/+fDP2//n+J/l//v+X36//1/6zbef+/0vuf+3/n7n9K3NJk/wMAAEAHufufGrfY/wAAADCN3P1Pi1vsfwAAAJhG7v6nxy1N9r/+X//v+//6f/2//n+X9P/D9v/n/kfvzvT/x6L/1/+fr/+/9zHer/+ng9H6/9z9z4hbmux/AAAA6CB3/zPjFvsfAAAAppG7//q4xf4HAACAaeTuf1bc0mT/6//1//p//f+d+//9lv3/7T/T/++G/n/Y/n+Z/v9Y9P/6f9//1/+zbLT+P3f/s+OWJvsfAAAAOsjd/5y4xf4HAACAaeTuf27cYv8DAADANHL3Py9u2b9ULzpd+n/9v/5f/39R3/+/fI7+3/f/d0f/r/9fov/X/2/5/fp//T/rRuv/c/c/P27x6/8AAAAwh/292v0viFvsfwAAAJhG7v4Xxi32PwAAAEwjd/+L4pYm+1//r//X/+v/L6r/n+T7//r/3dH/6/+XHLf/39P/19+L/n+c9+v/9f+sG63/z93/4rilyf4HAACADnL3vyRusf8BAABgGrn7Xxq32P8AAAAwjdz9L4tbmux//b/+X/+v/9f/6/93Sf+v/1/i+//6/y2/X/+v/2fdaP1/7v6Xxy1N9j8AAAB0kLv/FXGL/Q8AAADTyN3/yrjF/gcAAIBp5O5/Vdxy7v7fP81XnR79v/5f/6//1//r/3dJ/6//X6L/P7r/P3uev57+f6z36//1/6wbrf/P3X9D3OLX/wEAAGAauftfHbfY/wAAADCN3P2viVvsfwAAAJhG7v7Xxi1N9v/5+v/brjr84/r/49H/H/1+/b/+X/+v/9f/6/+X6P99/3/L79f/6/9ZN1r/n7v/dXFLk/0PAAAAHeTuf33cYv8DAADANHL3vyFusf8BAABgGrn73xi3NNn/J//9/6v1//p//X9c/b/+X/+v/9f/L9P/6/+3/H79v/6fdaP1/7n73xS3NNn/AAAA0EHu/jfHLfY/AAAATCN3/1viFvsfAAAAppG7/61xS5P9f/L9v+//6/8vsP/f1/8n/X/8c9X/6/8vwFb7/339/wH9v/5/y+/X/+v/WTda/5+7/8aDqddv/wMAAEAHNx789uze2+IW+x8AAACmkbv/7XGL/Q8AAADTyN3/jrilyf7X/+v/L3n/7/v/Rf8f/1z1//r/C7DV/t/3/w/p//X/W36//l//z7rR+v/c/e+MW5rsfwAAAOggd/+74hb7HwAAAKYRu//wf/xu/wMAAMCU3n3w27N774lbmuz/xv3/1Rfb/1/5P7+v/z/6/fr/E+n/bzz33z39v/5/S/T/+v8l+n/9/5bfP07/Hz+4Rv/PeEbr/3P3vzduabL/AQAAoIPc/e+LW+x/AAAAmEbu/pviFvsfAAAAppG7//1xS5P937j/n+T7//e9NV6g/5+3//f9/7j6f/3/UfT/E/T/t//XL/1//fX1/9t5/zj9v+//M67R+v/c/R+IW5rsfwAAAOggd/8H4xb7HwAAAKaRu/9DcYv9DwAAANPI3f/huKXJ/tf/b73/9/1//b/+X/8/Nv2//n+J7//r/7f8fv2//p91o/X/ufs/Erc02f8AAADQQe7+j8Yt9j8AAABMI3f/x+IW+x8AAACmkbv/43FLk/2v/9f/76r/v/0vov9v0v9fe0X++fp//f9d6P/1/0v0//r/Lb9f/6//Z91o/X/u/k/ELU32PwAAAHSQu/+TcYv9DwAAANPI3f+puMX+BwAAgGnk7v903HCve1y6J52sM+f5eeS6+n/9v+//6/99/1//v0v6f/3/Ev2//n/L79f/6/9ZN1r/n7v/M3GLX/8HAACAaeTu/2zcYv8DAADANHL3fy5usf8BAABgGrn7Px+3NNn/+n/9v/5/s/3/lfr/O79f/z8m/b/+f4n+X/+/5fcfu/+/+ej/f/0/HYzW/+fu/0Lc0mT/AwAAQAe5+78Yt9j/AAAAMI3c/V+KW+x/AAAAmEbu/i/HLU32v/5f/6//32z/7/v/57xf/z8m/b/+/9AtR/5U/6//3/L7ff9f/8+60fr/3P1fiVua7H8AAADoIHf/V+MW+x8AAACmkbv/a3GL/Q8AAADTyN3/9bilyf7X/+v/9f/6f/2//n+X9P/6/yX6f/3/lt+v/9f/s260/j93/zfilib7HwAAADrI3f/NuMX+BwAAgGnk7v9W3GL/AwAAwDRy9387bmmy/2fu/5f+NP3/If2//n9P/6//3zH9v/5/if5f/7/l9+v/9f+sG63/z93/nbilyf4HAACADnL3fzdusf8BAABgGrn7b45b7H8AAACYRu7+78UtTfb/zP3/Ev3/If2//n9P/6//3zH9v/5/if5f/7/l9+v/9f+su0T9/5m98/T/ufu/H7c02f8AAADQQe7+H8Qt9j8AAABMI3f/D+MW+x8AAACmkbv/R3HLPPv/fjct/EH9/4n3/wf/Eun/9f97+n/9v/7/gP5f/79E/6//3/L79f/6f9aN9v3/3P0/jlvm2f8AAADQXu7+n8Qt9j8AAABMI3f/T+MW+x8AAACmkbv/Z3FLk/2v//f9f/1/q/7/8j39v/7/lOn/9f9L9P/6/y2/X/+v/2fdaP1/7v6fxy05/K66O3+XAAAAwEhy9/8ibmny6/8AAADQQe7+X8Yt9j8AAABMI3f/r+KWJvtf/6//1/+36v99/1//f+r0//r/Jfp//f+W35/9f/57p//X/3NXo/X/uft/Hbc02f8AAADQQe7+W+IW+x8AAACmkbv/N3GL/Q8AAADTyN3/27ilyf7X/+v/9f/6f/2//n+X9P/6/yX6f/3/lt/v+//6f9aN1v/n7r81bmmy/wEAAKCD3P2/i1vsfwAAAJhG7v7fxy32PwAAAEwjd/9tcUuT/a//1/9P2f9fof/X/+v/R6H/1/8v0f/r/7f8fv2//p91o/X/ufv/ELc02f8AAADQQe7+P8Yt9j8AAABMI3f/n+IW+x8AAACmkbv/z3FLk/2v/9f/X3j/f6b+voft/33/X/+v/x/GvP3//+v/j+r/z17Y+7v3/9ffcPhj/f8236//1/+zbrT+P3f/X+KWJvsfAAAAOsjd/9e4xf4HAACAaeTu/1vcYv8DAADANHL3/z1uabL/9f/6/ym//6//1//r/4cxb//v+/++/+/7//p//b/+nzWj9f+5+/8RtzTZ/wAAANBB7v5/xi32PwAAAEwjd/+/4hb7HwAAAKaRu//fcUuT/a//1//r//X/+n/9/y7p//X/S/T/+v8tv1//r/9n3Wj9f+7+/wYAAP//lgIt2A==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r0, &(0x7f00000005c0)='\"', 0x1, 0x4fed0)
sendfile(r0, r0, 0x0, 0xe3aa6ea)

955.329374ms ago: executing program 1 (id=1087):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.mems\x00', 0x2, 0x0)
write$cgroup_subtree(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB='8-'], 0x6a)

829.702402ms ago: executing program 3 (id=1088):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r1=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000580)={&(0x7f00000005c0)=[r1], 0x1, 0x80800})

679.829921ms ago: executing program 3 (id=1089):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000e40), r0)
sendmsg$IEEE802154_LLSEC_ADD_KEY(r1, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e80)={0x14, r2, 0x1, 0x70bd2b, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x20040000}, 0x8008010)

579.521926ms ago: executing program 1 (id=1090):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000080)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, r1})
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r0, 0x3b82, &(0x7f0000000100)={0x18, r1, 0x1, 0x0, &(0x7f00000000c0)=[{0x2, 0x6}]})

524.683069ms ago: executing program 3 (id=1091):
syz_mount_image$minix(&(0x7f0000000000), &(0x7f00000000c0)='./file2\x00', 0x0, &(0x7f0000000240)=ANY=[@ANYRES64=0x0, @ANYRES32, @ANYRES8, @ANYBLOB="d4346b0bb21a43199f19e660bcba1b83ef75dc12dfd3590679cfa915af614293f22f4334ba7067983304a03ab618804204f2e1486c32bd90e999"], 0xa, 0x251, &(0x7f0000000880)="$eJzs3L1v00AcxvHHduImhdKKtwGBVIEoLDS8TAwI2Dp1YO2ESoCqQaooDImQSBdgQOrExsKEhMTAiFDZEBN/AAMSGwjRIRITQ41s/JLUThoHh7Tp97P0cs/ZZ7u5+le5qQDsWlc0KUOGbPfF0cLE6gGj03Dzvx0YgL5z/K8bOScSrHIHwHC7PTboIwAwGOtXpecnpZ+NB/OybP/Gb4f1wdrUY9Xl5+aIpJefpFyYr69IR3J+bhRUbKotJtwS4oV0KtjeGI3VH+72o2G+pykphvnpE8H8ezWmfRrPu8l+WX5+I9z+cLsyJx80cmkLJAAAhpCh6a3yjgNM3VyolM+2zfNefs6rKayE3Pby8167fX4hfD0Stuaezd5/51zacPPpeUNembK1QlejgF3B7GH9fz4Wta1C5/WfC9Z/sbW/2MvBAsjUcrW2eL1ScR5KXqN81+/xG7b/zC/qsWJjMmkEzxwSIntTFDyhjO3H3UdTjxWfa3Uqfu7ZnYUZHdi4pP5cqH9q2Mnf5YwaSoi+zvy9JmGP2Y8r39I4/v33o6Wnb952M/h1yinM8F03t1ZubBrjLpWgR5m+Ab5cq9YWJ1siw1uVhe72Y9QdJ+WkiT8uoj8OoI4GdrzSvTtLpeVq7cyC+9v3rXI+uNnOfPvhVfalzvU9gJ0ruuknpSuxHqf15eyHj78aF1896WHmy5Lexx8IAgAAAAAAAAAAAACA1A7qULoNOv57IAAAAADbWfzTP5Lq2X4ka9DnCAAAAAAAAAAAAAAAAADAsPkTAAD//14jAIo=")
openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x0, 0x0)
r0 = open(&(0x7f0000000180)='./file1\x00', 0x145942, 0x0)
write$FUSE_DIRENT(r0, 0x0, 0xf000)

380.875548ms ago: executing program 1 (id=1092):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000810087406d040e0a759400000001090212000100000000090400200003"], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)

220.333847ms ago: executing program 3 (id=1093):
r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000000)={0x5})
ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000280)={0x2, 0xfffffffa})
ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r0, 0x4020565b, &(0x7f00000001c0)={0x5, 0x0, 0x2})

53.615717ms ago: executing program 3 (id=1094):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000083667d1040206402d14e0102030109021b000100000000090400000190f19c00090584"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f00000006c0)={0x84, &(0x7f00000002c0)=ANY=[@ANYBLOB="f9000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

0s ago: executing program 5 (id=1095):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x18ba00, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_MAX_VCPU_ID(r1, 0x4068aea3, &(0x7f0000000140)={0x80, 0x0, 0x3})
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x5)

kernel console output (not intermixed with test programs):

/0x200
[  148.145226][ T5778]  hci_le_conn_complete_evt+0x187/0x440
[  148.150847][ T5778]  ? hci_remote_host_features_evt+0x150/0x150
[  148.157061][ T5778]  hci_event_packet+0x7ba/0x1270
[  148.162073][ T5778]  ? bis_list+0x290/0x290
[  148.166560][ T5778]  ? lockdep_hardirqs_on+0x98/0x150
[  148.171826][ T5778]  ? hci_send_to_monitor+0xd7/0x4f0
[  148.177141][ T5778]  hci_rx_work+0x43a/0xd60
[  148.181647][ T5778]  ? process_scheduled_works+0x96f/0x15d0
[  148.187430][ T5778]  process_scheduled_works+0xa5d/0x15d0
[  148.193173][ T5778]  ? assign_work+0x430/0x430
[  148.197882][ T5778]  ? assign_work+0x3d0/0x430
[  148.202562][ T5778]  worker_thread+0xa55/0xfc0
[  148.207451][ T5778]  kthread+0x2fa/0x390
[  148.211585][ T5778]  ? pr_cont_work+0x560/0x560
[  148.216595][ T5778]  ? kthread_blkcg+0xd0/0xd0
[  148.221247][ T5778]  ret_from_fork+0x48/0x80
[  148.225739][ T5778]  ? kthread_blkcg+0xd0/0xd0
[  148.230574][ T5778]  ret_from_fork_asm+0x11/0x20
[  148.235434][ T5778]  </TASK>
[  148.244726][ T5778] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  148.259256][ T5778] Bluetooth: hci2: failed to register connection device
[  148.288182][ T6938] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  148.374711][ T6944] macsec0: entered promiscuous mode
[  149.635042][ T6975] netlink: 24 bytes leftover after parsing attributes in process `syz.4.365'.
[  149.864617][ T6935] chnl_net:caif_netlink_parms(): no params data found
[  150.049538][   T51] Bluetooth: hci0: command tx timeout
[  150.289940][   T51] Bluetooth: hci2: command tx timeout
[  150.352581][ T7004] loop0: detected capacity change from 0 to 512
[  150.431479][ T7004] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  150.445274][ T7004] ext4 filesystem being mounted at /84/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  150.499115][ T7000] loop3: detected capacity change from 0 to 8192
[  150.544564][ T7000] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  150.574036][ T5781] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  150.583322][ T7000] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
[  150.633494][ T7000] REISERFS (device loop3): using ordered data mode
[  150.641578][ T7000] reiserfs: using flush barriers
[  150.665295][ T3479] hsr_slave_0: left promiscuous mode
[  150.689448][ T7000] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  150.743161][ T7000] REISERFS (device loop3): checking transaction log (loop3)
[  150.752604][ T3479] hsr_slave_1: left promiscuous mode
[  150.768985][ T3479] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  150.780772][ T3479] batman_adv: batadv0: Removing interface: batadv_slave_0
[  150.793049][ T7000] REISERFS (device loop3): Using r5 hash to sort names
[  150.811076][ T3479] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  150.820769][ T7000] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  150.839961][ T3479] batman_adv: batadv0: Removing interface: batadv_slave_1
[  150.852917][ T3479] bridge_slave_1: left allmulticast mode
[  150.862114][ T3479] bridge_slave_1: left promiscuous mode
[  150.868019][ T3479] bridge0: port 2(bridge_slave_1) entered disabled state
[  150.885861][ T3479] bridge_slave_0: left allmulticast mode
[  150.897215][ T3479] bridge_slave_0: left promiscuous mode
[  150.913048][ T3479] bridge0: port 1(bridge_slave_0) entered disabled state
[  150.997269][ T7000] REISERFS warning (device loop3): super-6502 reiserfs_getopt: unknown mount option "ÿÿ18446744073709551615ÿÿÿÿ0177777777777777777777701777777777777777777777ÿÿ18446744073709551615ÿÿ"
[  151.060762][ T3479] veth1_macvtap: left promiscuous mode
[  151.080415][ T3479] veth0_macvtap: left promiscuous mode
[  151.086143][ T3479] veth1_vlan: left promiscuous mode
[  151.112984][ T3479] veth0_vlan: left promiscuous mode
[  151.339546][ T7022] netlink: 44 bytes leftover after parsing attributes in process `syz.3.373'.
[  152.101729][ T3479] team0 (unregistering): Port device team_slave_1 removed
[  152.129563][   T51] Bluetooth: hci0: command tx timeout
[  152.166069][ T3479] team0 (unregistering): Port device team_slave_0 removed
[  152.216683][ T3479] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  152.277192][ T3479] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  152.693302][ T3479] bond0 (unregistering): Released all slaves
[  152.775759][ T6935] bridge0: port 1(bridge_slave_0) entered blocking state
[  152.783155][ T6935] bridge0: port 1(bridge_slave_0) entered disabled state
[  152.792254][ T6935] bridge_slave_0: entered allmulticast mode
[  152.799997][ T6935] bridge_slave_0: entered promiscuous mode
[  152.820241][ T6935] bridge0: port 2(bridge_slave_1) entered blocking state
[  152.828619][ T6935] bridge0: port 2(bridge_slave_1) entered disabled state
[  152.855727][ T6935] bridge_slave_1: entered allmulticast mode
[  152.871095][ T6935] bridge_slave_1: entered promiscuous mode
[  153.076975][ T6935] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  153.090134][ T6935] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  153.119326][ T7030] netlink: 4 bytes leftover after parsing attributes in process `syz.3.375'.
[  153.243374][ T6935] team0: Port device team_slave_0 added
[  153.292827][ T6935] team0: Port device team_slave_1 added
[  153.343235][ T7038] loop3: detected capacity change from 0 to 64
[  153.407973][ T6935] batman_adv: batadv0: Adding interface: batadv_slave_0
[  153.449671][ T6935] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  153.522593][ T6935] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  153.579138][ T6935] batman_adv: batadv0: Adding interface: batadv_slave_1
[  153.595390][ T6935] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  153.673184][ T6935] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  153.842633][ T6935] hsr_slave_0: entered promiscuous mode
[  153.872419][ T6935] hsr_slave_1: entered promiscuous mode
[  153.961816][ T7051] loop4: detected capacity change from 0 to 2048
[  153.999011][ T7051] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  154.043107][ T7051] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  154.218205][   T51] Bluetooth: hci0: command tx timeout
[  155.301420][ T7078] loop4: detected capacity change from 0 to 2048
[  155.410556][ T7078] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  155.509487][ T7078] ext4 filesystem being mounted at /34/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  155.571348][ T6935] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  155.606541][ T7063] loop0: detected capacity change from 0 to 40427
[  155.620721][ T6935] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  155.647566][ T7063] F2FS-fs (loop0): invalid crc value
[  155.674744][ T7085] EXT4-fs error (device loop4): ext4_validate_block_bitmap:439: comm ext4lazyinit: bg 0: block 345: padding at end of block bitmap is not set
[  155.704688][ T6935] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  155.712985][ T7063] F2FS-fs (loop0): Found nat_bits in checkpoint
[  155.755482][ T6433] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  155.767571][ T6935] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  155.963370][ T7063] F2FS-fs (loop0): Start checkpoint disabled!
[  156.019126][ T7063] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  156.205643][ T6935] 8021q: adding VLAN 0 to HW filter on device bond0
[  156.288651][ T6935] 8021q: adding VLAN 0 to HW filter on device team0
[  156.296336][   T51] Bluetooth: hci0: command tx timeout
[  156.347249][  T150] bridge0: port 1(bridge_slave_0) entered blocking state
[  156.354855][  T150] bridge0: port 1(bridge_slave_0) entered forwarding state
[  156.464323][ T1313] bridge0: port 2(bridge_slave_1) entered blocking state
[  156.471770][ T1313] bridge0: port 2(bridge_slave_1) entered forwarding state
[  156.581572][   T11] kworker/u4:0: attempt to access beyond end of device
[  156.581572][   T11] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  156.616105][   T11] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  156.693285][ T7081] loop3: detected capacity change from 0 to 40427
[  156.768099][ T7081] F2FS-fs (loop3): invalid crc value
[  157.069951][ T7081] F2FS-fs (loop3): Start checkpoint disabled!
[  157.100182][ T7081] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  157.255379][ T6935] 8021q: adding VLAN 0 to HW filter on device batadv0
[  157.420116][ T1313] kworker/u4:7: attempt to access beyond end of device
[  157.420116][ T1313] loop3: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  157.440934][ T7122] loop0: detected capacity change from 0 to 64
[  157.466109][ T6935] veth0_vlan: entered promiscuous mode
[  157.488669][ T1313] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  157.506816][ T6935] veth1_vlan: entered promiscuous mode
[  157.523589][ T1313] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  157.734282][ T6935] veth0_macvtap: entered promiscuous mode
[  157.775803][ T6935] veth1_macvtap: entered promiscuous mode
[  157.857736][ T6935] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  157.886214][ T6935] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  157.912330][ T6935] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  157.962866][ T6935] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  157.999423][ T6935] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  158.039252][ T6935] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  158.071776][ T6935] batman_adv: batadv0: Interface activated: batadv_slave_0
[  158.121927][ T6935] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  158.166083][ T6935] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  158.189279][ T6935] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  158.221148][ T6935] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  158.254990][ T6935] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  158.296299][ T6935] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  158.332204][ T6935] batman_adv: batadv0: Interface activated: batadv_slave_1
[  158.406609][ T6935] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  158.416906][ T6935] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  158.426471][ T6935] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  158.437936][ T6935] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  158.734351][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  158.758916][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  158.858943][ T1313] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  158.898500][ T1313] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  159.618571][ T7173] loop4: detected capacity change from 0 to 512
[  159.656019][ T7173] ext3: Unexpected value for 'inlinecrypt'
[  160.278280][ T7183] capability: warning: `syz.4.409' uses 32-bit capabilities (legacy support in use)
[  160.307651][ T7183] program syz.4.409 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  160.666160][ T7171] loop1: detected capacity change from 0 to 32768
[  161.286122][ T7205] loop3: detected capacity change from 0 to 4096
[  161.299342][ T7205] ntfs3: loop3: Different NTFS sector size (2048) and media sector size (512).
[  161.836258][ T7222] sch_tbf: burst 4 is lower than device lo mtu (65550) !
[  162.270328][ T7237] loop3: detected capacity change from 0 to 764
[  162.301764][ T5804] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  162.509487][ T5804] usb 1-1: Using ep0 maxpacket: 16
[  162.529375][ T5804] usb 1-1: config 0 has no interfaces?
[  162.539644][ T5804] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  162.576380][ T5804] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  162.603445][ T5804] usb 1-1: Manufacturer: syz
[  162.627098][ T5804] usb 1-1: config 0 descriptor??
[  162.899541][   T23] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  162.978528][ T5844] usb 1-1: USB disconnect, device number 8
[  163.096774][   T23] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  163.115569][   T23] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  163.129099][   T23] usb 4-1: Product: syz
[  163.133853][   T23] usb 4-1: Manufacturer: syz
[  163.138646][   T23] usb 4-1: SerialNumber: syz
[  163.462481][   T23] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -71
[  163.518240][   T23] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -71
[  163.547611][   T23] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -71
[  163.576386][   T23] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  163.599846][   T23] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  163.713450][   T23] lan78xx: probe of 4-1:1.0 failed with error -71
[  163.767778][   T23] usb 4-1: USB disconnect, device number 5
[  164.241925][ T7296] loop4: detected capacity change from 0 to 8
[  164.861317][ T7281] loop1: detected capacity change from 0 to 40427
[  164.930626][ T7281] F2FS-fs (loop1): invalid crc value
[  164.964238][ T7281] F2FS-fs (loop1): Found nat_bits in checkpoint
[  165.188020][ T7281] F2FS-fs (loop1): Start checkpoint disabled!
[  165.214400][ T7281] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  165.573501][ T3479] kworker/u4:9: attempt to access beyond end of device
[  165.573501][ T3479] loop1: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  165.633219][ T3479] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  165.661119][ T3479] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  165.674479][   T27] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  165.899305][   T27] usb 1-1: Using ep0 maxpacket: 32
[  165.907485][   T27] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  165.938868][   T27] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  165.964472][   T27] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  165.998899][   T27] usb 1-1: config 0 descriptor??
[  166.037324][   T27] hub 1-1:0.0: bad descriptor, ignoring hub
[  166.084617][   T27] hub: probe of 1-1:0.0 failed with error -5
[  166.630188][ T5844] usb 1-1: reset high-speed USB device number 9 using dummy_hcd
[  166.852822][ T5844] usb 1-1: device firmware changed
[  166.858615][ T5844] usb 1-1: USB disconnect, device number 9
[  167.229462][ T5844] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  167.410207][ T5844] usb 1-1: Using ep0 maxpacket: 32
[  167.423770][ T5844] usb 1-1: config 0 has no interfaces?
[  167.437524][ T5844] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=67.fe
[  167.451368][ T5844] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  167.461633][ T5844] usb 1-1: Product: syz
[  167.465878][ T5844] usb 1-1: Manufacturer: syz
[  167.475060][ T5844] usb 1-1: SerialNumber: syz
[  167.484005][ T5844] usb 1-1: config 0 descriptor??
[  167.732962][ T5804] usb 1-1: USB disconnect, device number 10
[  168.364302][ T7412] loop4: detected capacity change from 0 to 128
[  168.388036][ T7415] loop3: detected capacity change from 0 to 8
[  168.419981][ T7412] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[  168.475523][ T7415] SQUASHFS error: Unable to read directory block [629:fe]
[  168.545528][ T7412] UDF-fs: error (device loop4): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40)
[  168.672938][ T7420] UDF-fs: error (device loop4): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40)
[  169.247956][ T7414] loop1: detected capacity change from 0 to 32768
[  169.285246][ T7414] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  169.307301][ T7414] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  169.377521][ T7414] gfs2: fsid=syz:syz.s: journal 0 mapped with 5 extents in 0ms
[  169.630167][ T7414] gfs2: fsid=syz:syz.s: first mount done, others may mount
[  171.700327][ T7475] loop1: detected capacity change from 0 to 32768
[  171.729925][ T7475] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.470 (7475)
[  171.753848][ T7475] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  171.769487][ T7475] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  171.778723][ T7475] BTRFS info (device loop1): force clearing of disk cache
[  171.786538][ T7475] BTRFS info (device loop1): max_inline at 0
[  171.793655][ T7475] BTRFS info (device loop1): enabling auto defrag
[  171.805116][ T7475] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  171.827443][ T7475] BTRFS info (device loop1): force zstd compression, level 3
[  171.843846][ T7475] BTRFS info (device loop1): enabling disk space caching
[  171.859750][ T7475] BTRFS info (device loop1): disk space caching is enabled
[  171.979790][ T7475] BTRFS info (device loop1): enabling ssd optimizations
[  172.001614][ T7475] BTRFS info (device loop1): auto enabling async discard
[  172.035975][ T7475] BTRFS info (device loop1): rebuilding free space tree
[  172.157964][ T7475] BTRFS info (device loop1): disabling free space tree
[  172.170136][ T7475] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  172.198524][ T7475] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  172.556843][ T7511] loop0: detected capacity change from 0 to 16
[  172.587142][  T150] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared)
[  172.620318][ T7511] erofs: (device loop0): mounted with root inode @ nid 36.
[  172.651566][ T7511] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  172.728866][ T7514] loop4: detected capacity change from 0 to 128
[  172.766108][ T6935] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  173.535726][ T2922] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.572727][ T7512] loop3: detected capacity change from 0 to 40427
[  173.644976][ T7512] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  173.686315][ T7512] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  173.760909][ T7512] F2FS-fs (loop3): Found nat_bits in checkpoint
[  173.871175][ T2922] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.975375][ T7512] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  174.020121][ T7512] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  174.093176][ T2922] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  174.227838][   T28] audit: type=1804 audit(1771310109.148:8): pid=7512 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.475" name="/newroot/138/file0/file0" dev="loop3" ino=10 res=1 errno=0
[  174.323626][ T2922] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  174.712132][ T7533] netlink: 4 bytes leftover after parsing attributes in process `syz.1.488'.
[  174.890932][ T7536] loop4: detected capacity change from 0 to 16
[  174.944348][ T7536] erofs: (device loop4): mounted with root inode @ nid 36.
[  175.021669][ T7536] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  175.120786][ T5778] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  175.133207][ T5778] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  175.142076][ T5778] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  175.151915][ T5778] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  175.160192][ T5778] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  175.167720][ T5778] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  175.218224][ T7538] loop1: detected capacity change from 0 to 4096
[  176.677423][ T7540] chnl_net:caif_netlink_parms(): no params data found
[  176.699359][ T5804] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  176.899615][ T5804] usb 2-1: Using ep0 maxpacket: 16
[  176.920290][ T5804] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  176.942086][ T5778] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  176.952887][ T5778] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  176.962429][ T5778] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  176.970845][ T5778] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  176.978738][ T5778] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  176.986747][ T5778] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  177.001417][ T5804] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  177.030624][ T5804] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  177.044073][ T5804] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  177.053614][ T5804] usb 2-1: Product: syz
[  177.057954][ T5804] usb 2-1: Manufacturer: syz
[  177.066912][ T5804] usb 2-1: SerialNumber: syz
[  177.120178][ T7540] bridge0: port 1(bridge_slave_0) entered blocking state
[  177.127572][ T7540] bridge0: port 1(bridge_slave_0) entered disabled state
[  177.156526][ T7540] bridge_slave_0: entered allmulticast mode
[  177.164785][ T7540] bridge_slave_0: entered promiscuous mode
[  177.205389][ T7540] bridge0: port 2(bridge_slave_1) entered blocking state
[  177.224461][ T7540] bridge0: port 2(bridge_slave_1) entered disabled state
[  177.235729][ T7540] bridge_slave_1: entered allmulticast mode
[  177.248811][ T7540] bridge_slave_1: entered promiscuous mode
[  177.259653][ T5778] Bluetooth: hci3: command tx timeout
[  177.275720][ T2922] hsr_slave_0: left promiscuous mode
[  177.293785][ T2922] hsr_slave_1: left promiscuous mode
[  177.295105][ T5804] usb 2-1: 0:2 : does not exist
[  177.308623][ T2922] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  177.316616][ T2922] batman_adv: batadv0: Removing interface: batadv_slave_0
[  177.330992][ T5804] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[  177.339653][ T2922] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  177.347116][ T2922] batman_adv: batadv0: Removing interface: batadv_slave_1
[  177.356362][ T2922] bridge_slave_1: left allmulticast mode
[  177.362573][ T2922] bridge_slave_1: left promiscuous mode
[  177.369084][ T2922] bridge0: port 2(bridge_slave_1) entered disabled state
[  177.397569][ T2922] bridge_slave_0: left allmulticast mode
[  177.404633][ T2922] bridge_slave_0: left promiscuous mode
[  177.413891][ T2922] bridge0: port 1(bridge_slave_0) entered disabled state
[  177.442147][ T5804] usb 2-1: USB disconnect, device number 6
[  177.514412][ T5787] udevd[5787]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  177.549117][ T2922] veth1_macvtap: left promiscuous mode
[  177.555042][ T2922] veth0_macvtap: left promiscuous mode
[  177.565316][ T2922] veth1_vlan: left promiscuous mode
[  177.575599][ T2922] veth0_vlan: left promiscuous mode
[  178.832493][ T2922] team0 (unregistering): Port device team_slave_1 removed
[  178.945105][ T2922] team0 (unregistering): Port device team_slave_0 removed
[  179.036810][ T2922] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  179.102111][ T5778] Bluetooth: hci2: command tx timeout
[  179.122567][ T2922] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  179.339467][ T5778] Bluetooth: hci3: command tx timeout
[  179.708422][ T7603] loop1: detected capacity change from 0 to 512
[  179.733638][ T7603] EXT4-fs: Ignoring removed bh option
[  179.763025][ T7603] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  179.793239][ T2922] bond0 (unregistering): Released all slaves
[  179.799907][ T7603] EXT4-fs (loop1): 1 truncate cleaned up
[  179.806952][ T7603] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  179.889996][ T7603] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.503: invalid indirect mapped block 4294901760 (level 0)
[  179.905516][ T7603] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.503: invalid indirect mapped block 4294967295 (level 1)
[  179.987436][ T6935] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  180.081527][ T7540] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  180.130327][ T7540] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  180.220164][ T7540] team0: Port device team_slave_0 added
[  180.244336][ T7540] team0: Port device team_slave_1 added
[  180.414463][ T7540] batman_adv: batadv0: Adding interface: batadv_slave_0
[  180.435812][ T7540] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  180.477641][ T7540] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  180.498807][ T7540] batman_adv: batadv0: Adding interface: batadv_slave_1
[  180.506126][ T7540] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  180.532328][ T7540] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  180.720450][ T7540] hsr_slave_0: entered promiscuous mode
[  180.727714][ T7540] hsr_slave_1: entered promiscuous mode
[  180.743834][ T7540] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  180.751708][ T7540] Cannot create hsr debugfs directory
[  181.167965][   T32] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  181.181098][ T5778] Bluetooth: hci2: command tx timeout
[  181.216082][ T7573] chnl_net:caif_netlink_parms(): no params data found
[  181.353273][   T32] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  181.406490][ T7637] loop1: detected capacity change from 0 to 128
[  181.413051][ T5778] Bluetooth: hci3: command tx timeout
[  181.529096][ T7639] loop3: detected capacity change from 0 to 128
[  181.549764][   T28] audit: type=1800 audit(1771310116.468:9): pid=7637 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.510" name="file1" dev="loop1" ino=1048605 res=0 errno=0
[  181.588244][ T7637] FAT-fs (loop1): error, invalid FAT chain (i_pos 548, last_block 8)
[  181.636517][ T7637] FAT-fs (loop1): Filesystem has been set read-only
[  181.659579][   T28] audit: type=1800 audit(1771310116.478:10): pid=7637 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.510" name="file1" dev="loop1" ino=1048605 res=0 errno=0
[  181.687890][ T7637] FAT-fs (loop1): error, corrupted file size (i_pos 548, 522)
[  181.725879][   T32] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  182.040901][   T32] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  182.116177][ T7540] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  182.128030][ T7540] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  182.152796][ T7540] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  182.203316][ T7573] bridge0: port 1(bridge_slave_0) entered blocking state
[  182.211409][ T7573] bridge0: port 1(bridge_slave_0) entered disabled state
[  182.218842][ T7573] bridge_slave_0: entered allmulticast mode
[  182.226677][ T7573] bridge_slave_0: entered promiscuous mode
[  182.236139][ T7573] bridge0: port 2(bridge_slave_1) entered blocking state
[  182.251623][ T7573] bridge0: port 2(bridge_slave_1) entered disabled state
[  182.258923][ T7573] bridge_slave_1: entered allmulticast mode
[  182.270020][ T7573] bridge_slave_1: entered promiscuous mode
[  182.276600][ T7540] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  182.331855][ T7573] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  182.374441][ T7573] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  182.508811][ T7573] team0: Port device team_slave_0 added
[  182.550973][ T7573] team0: Port device team_slave_1 added
[  182.626456][ T7573] batman_adv: batadv0: Adding interface: batadv_slave_0
[  182.635612][ T7573] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  182.664060][ T7573] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  182.741219][ T7573] batman_adv: batadv0: Adding interface: batadv_slave_1
[  182.748864][ T7573] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  182.784409][ T7573] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  182.958493][ T7573] hsr_slave_0: entered promiscuous mode
[  182.970549][ T7573] hsr_slave_1: entered promiscuous mode
[  182.977039][ T7573] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  182.985218][ T7573] Cannot create hsr debugfs directory
[  183.041873][ T7540] 8021q: adding VLAN 0 to HW filter on device bond0
[  183.186294][ T7540] 8021q: adding VLAN 0 to HW filter on device team0
[  183.202258][ T1313] bridge0: port 1(bridge_slave_0) entered blocking state
[  183.209491][ T1313] bridge0: port 1(bridge_slave_0) entered forwarding state
[  183.255263][ T5778] Bluetooth: hci2: command tx timeout
[  183.313124][ T3479] bridge0: port 2(bridge_slave_1) entered blocking state
[  183.320721][ T3479] bridge0: port 2(bridge_slave_1) entered forwarding state
[  183.489947][ T5778] Bluetooth: hci3: command tx timeout
[  183.517292][ T7540] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  183.701863][ T7573] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  183.732977][ T7573] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  183.745567][ T7573] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  183.777933][ T7573] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  183.942406][   T32] hsr_slave_0: left promiscuous mode
[  183.948744][   T32] hsr_slave_1: left promiscuous mode
[  183.966794][   T32] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  183.975599][   T32] batman_adv: batadv0: Removing interface: batadv_slave_0
[  183.984258][   T32] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  183.994159][   T32] batman_adv: batadv0: Removing interface: batadv_slave_1
[  184.005090][   T32] bridge_slave_1: left allmulticast mode
[  184.014648][   T32] bridge_slave_1: left promiscuous mode
[  184.023768][   T32] bridge0: port 2(bridge_slave_1) entered disabled state
[  184.037284][   T32] bridge_slave_0: left allmulticast mode
[  184.045636][   T32] bridge_slave_0: left promiscuous mode
[  184.053261][   T32] bridge0: port 1(bridge_slave_0) entered disabled state
[  184.104502][   T32] veth1_macvtap: left promiscuous mode
[  184.115731][   T32] veth0_macvtap: left promiscuous mode
[  184.121922][   T32] veth1_vlan: left promiscuous mode
[  184.127329][   T32] veth0_vlan: left promiscuous mode
[  185.004923][   T32] team0 (unregistering): Port device team_slave_1 removed
[  185.064736][   T32] team0 (unregistering): Port device team_slave_0 removed
[  185.120125][   T32] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  185.175299][   T32] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  185.333341][ T5778] Bluetooth: hci2: command tx timeout
[  185.585685][   T32] bond0 (unregistering): Released all slaves
[  185.694894][ T7540] 8021q: adding VLAN 0 to HW filter on device batadv0
[  185.936230][ T7573] 8021q: adding VLAN 0 to HW filter on device bond0
[  186.016107][ T7573] 8021q: adding VLAN 0 to HW filter on device team0
[  186.082035][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  186.089331][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  186.100337][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  186.107568][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  186.471521][ T7540] veth0_vlan: entered promiscuous mode
[  186.508761][ T7540] veth1_vlan: entered promiscuous mode
[  186.569830][ T7573] 8021q: adding VLAN 0 to HW filter on device batadv0
[  186.584477][ T7540] veth0_macvtap: entered promiscuous mode
[  186.598767][ T7540] veth1_macvtap: entered promiscuous mode
[  186.635513][ T7540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  186.654654][ T7540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  186.666702][ T7540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  186.682344][ T7540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  186.700609][ T7540] batman_adv: batadv0: Interface activated: batadv_slave_0
[  186.735552][ T7540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  186.748627][ T7540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  186.765677][ T7540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  186.777826][ T7540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  186.802179][ T7540] batman_adv: batadv0: Interface activated: batadv_slave_1
[  186.822078][ T7540] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  186.833789][ T7540] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  186.848093][ T7540] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  186.858422][ T7540] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  187.021140][  T150] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  187.029109][  T150] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  187.123483][   T32] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  187.143460][   T32] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  187.521151][ T7573] veth0_vlan: entered promiscuous mode
[  187.596013][ T7573] veth1_vlan: entered promiscuous mode
[  187.709516][ T7573] veth0_macvtap: entered promiscuous mode
[  187.725345][ T7573] veth1_macvtap: entered promiscuous mode
[  187.784341][ T7573] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  187.815613][ T7573] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  187.868270][ T7573] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  187.900376][ T7573] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  187.925598][ T7573] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  187.953510][ T7573] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  187.985060][ T7573] batman_adv: batadv0: Interface activated: batadv_slave_0
[  188.033714][ T7573] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  188.068531][ T7573] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  188.089433][ T7573] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  188.121126][ T7573] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  188.139742][ T7573] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  188.170914][ T7573] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  188.191093][ T7573] batman_adv: batadv0: Interface activated: batadv_slave_1
[  188.228253][ T7573] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  188.259255][ T7573] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  188.268068][ T7573] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  188.299493][ T7573] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  188.329109][ T7735] loop1: detected capacity change from 0 to 32768
[  188.435227][   T28] audit: type=1800 audit(1771310123.348:11): pid=7735 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.521" name="file2" dev="loop1" ino=5 res=0 errno=0
[  188.690623][ T1313] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  188.698713][ T1313] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  188.808999][ T2922] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  188.826405][ T2922] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  189.214820][ T7767] netlink: 'syz.1.519': attribute type 3 has an invalid length.
[  189.345892][ T7751] loop5: detected capacity change from 0 to 40427
[  189.408154][ T7751] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  189.439412][ T7751] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  189.476706][ T7751] F2FS-fs (loop5): invalid crc value
[  189.522079][ T7751] F2FS-fs (loop5): Found nat_bits in checkpoint
[  189.681630][ T7751] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  189.696356][ T7751] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  190.200400][ T7791] capability: warning: `syz.1.528' uses deprecated v2 capabilities in a way that may be insecure
[  190.414458][ T7769] loop6: detected capacity change from 0 to 40427
[  190.459002][ T7769] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12
[  190.505672][ T7769] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  190.594016][ T7769] F2FS-fs (loop6): Found nat_bits in checkpoint
[  190.784568][ T7769] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[  190.819547][ T7769] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  190.937722][   T28] audit: type=1804 audit(1771310125.858:12): pid=7769 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.6.494" name="/newroot/0/file0/file0" dev="loop6" ino=10 res=1 errno=0
[  191.323397][ T7785] loop3: detected capacity change from 0 to 40427
[  191.380476][ T7785] F2FS-fs (loop3): invalid crc value
[  191.420654][ T7785] F2FS-fs (loop3): Found nat_bits in checkpoint
[  191.591419][ T7785] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  191.930165][ T5774] syz-executor: attempt to access beyond end of device
[  191.930165][ T5774] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  191.971140][ T5774] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  192.520945][ T7838] bridge0: port 3(ip6gretap0) entered blocking state
[  192.534146][    T8] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  192.549493][ T7838] bridge0: port 3(ip6gretap0) entered disabled state
[  192.557606][ T7838] ip6gretap0: entered allmulticast mode
[  192.581848][ T7838] ip6gretap0: entered promiscuous mode
[  192.609006][ T7838] bridge0: port 3(ip6gretap0) entered blocking state
[  192.616036][ T7838] bridge0: port 3(ip6gretap0) entered forwarding state
[  192.759282][    T8] usb 6-1: Using ep0 maxpacket: 16
[  192.782433][    T8] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 8
[  192.814491][    T8] usb 6-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[  192.829429][    T8] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  192.857925][    T8] usb 6-1: Product: syz
[  192.879397][    T8] usb 6-1: Manufacturer: syz
[  192.885356][    T8] usb 6-1: SerialNumber: syz
[  192.913376][    T8] usb 6-1: config 0 descriptor??
[  192.942562][    T8] ftdi_sio 6-1:0.0: FTDI USB Serial Device converter detected
[  192.981030][    T8] usb 6-1: Detected FT232R
[  193.152071][    T8] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[  193.418144][    T8] usb 6-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  193.668566][    T8] usb 6-1: USB disconnect, device number 2
[  193.707283][    T8] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  193.726892][    T8] ftdi_sio 6-1:0.0: device disconnected
[  194.441057][ T7894] netlink: 8 bytes leftover after parsing attributes in process `syz.5.555'.
[  194.482319][ T7894] netlink: 'syz.5.555': attribute type 6 has an invalid length.
[  194.640818][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[  194.647393][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[  194.928286][ T7885] loop6: detected capacity change from 0 to 32768
[  194.980426][ T7885] XFS (loop6): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  195.088942][ T7885] XFS (loop6): Ending clean mount
[  195.114979][ T7885] XFS (loop6): Quotacheck needed: Please wait.
[  195.218864][ T7885] XFS (loop6): Quotacheck: Done.
[  195.515227][ T7573] XFS (loop6): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  195.883127][ T7929] loop5: detected capacity change from 0 to 256
[  195.956508][ T7929] exFAT-fs (loop5): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  196.475554][ T7940] loop6: detected capacity change from 0 to 256
[  196.542397][ T7940] exFAT-fs (loop6): failed to load upcase table (idx : 0x00011bf5, chksum : 0xcea91b8a, utbl_chksum : 0xe619d30d)
[  196.570529][ T7940] exFAT-fs (loop6): bogus allocation bitmap size(need : 2, cur : 17179869186)
[  196.679624][ T6522] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  196.899390][ T6522] usb 6-1: Using ep0 maxpacket: 32
[  196.920834][ T6522] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 102, changing to 10
[  196.960405][ T6522] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24624, setting to 1024
[  196.999287][ T6522] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  197.045921][ T6522] usb 6-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22
[  197.065430][ T6522] usb 6-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131
[  197.099274][ T6522] usb 6-1: Product: syz
[  197.113867][ T6522] usb 6-1: Manufacturer: syz
[  197.118653][ T6522] usb 6-1: SerialNumber: syz
[  197.214857][ T6522] input: appletouch as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/input/input5
[  197.549285][ T7966] 9pnet: p9_errstr2errno: server reported unknown error ÿÿ
[  197.584144][ T6522] usb 6-1: USB disconnect, device number 3
[  197.584291][    C0] appletouch 6-1:1.0: atp_complete: usb_submit_urb failed with result -19
[  197.724717][ T6522] appletouch 6-1:1.0: input: appletouch disconnected
[  197.882251][ T5778] block nbd0: Receive control failed (result -32)
[  198.350675][ T8003] loop3: detected capacity change from 0 to 128
[  198.474053][ T8003] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 54)
[  198.519739][ T8003] FAT-fs (loop3): Filesystem has been set read-only
[  198.569482][ T8003] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 54)
[  198.643706][ T8003] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 54)
[  198.655424][ T8005] loop6: detected capacity change from 0 to 4096
[  198.879388][ T5804] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  199.044054][ T8005] ntfs3: loop6: Mark volume as dirty due to NTFS errors
[  199.079445][ T8019] ntfs3: loop6: ino=9, attr_set_size
[  199.090821][ T5804] usb 2-1: Using ep0 maxpacket: 16
[  199.110649][ T5804] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 8
[  199.148813][ T5804] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[  199.168444][ T5804] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  199.187192][ T5804] usb 2-1: Product: syz
[  199.203407][ T5804] usb 2-1: Manufacturer: syz
[  199.215843][ T5804] usb 2-1: SerialNumber: syz
[  199.244822][ T5804] usb 2-1: config 0 descriptor??
[  199.265388][ T5804] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected
[  199.300586][ T5804] usb 2-1: Detected FT232R
[  199.414792][ T5778] block nbd1: Receive control failed (result -32)
[  199.478221][ T5804] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[  199.706995][ T5804] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  199.909476][ T8037] program syz.6.591 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  199.961083][ T6913] usb 2-1: USB disconnect, device number 7
[  199.979049][ T6913] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  200.021104][ T6913] ftdi_sio 2-1:0.0: device disconnected
[  200.129547][ T8015] loop3: detected capacity change from 0 to 40427
[  200.141976][ T8015] F2FS-fs (loop3): heap/no_heap options were deprecated
[  200.149139][ T8015] F2FS-fs (loop3): Image doesn't support compression
[  200.161741][ T8015] F2FS-fs (loop3): heap/no_heap options were deprecated
[  200.190419][ T8015] F2FS-fs (loop3): invalid crc value
[  200.223845][ T8015] F2FS-fs (loop3): Found nat_bits in checkpoint
[  200.366817][ T8015] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  200.633009][ T5774] syz-executor: attempt to access beyond end of device
[  200.633009][ T5774] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  200.680742][ T5774] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  200.767046][ T8034] loop5: detected capacity change from 0 to 32768
[  200.872456][ T8034] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  201.025103][ T8034] XFS (loop5): Ending clean mount
[  201.121480][ T8034] XFS (loop5): Quotacheck needed: Please wait.
[  201.156655][ T5778] block nbd2: Receive control failed (result -32)
[  201.349796][ T8034] XFS (loop5): Quotacheck: Done.
[  201.691692][ T7540] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  201.879107][ T8094] loop1: detected capacity change from 0 to 512
[  201.887568][ T8094] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  201.922848][ T8094] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  201.996480][ T8094] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.606: invalid indirect mapped block 4294967295 (level 1)
[  202.031506][ T8093] loop6: detected capacity change from 0 to 1764
[  202.123093][ T8094] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.606: invalid indirect mapped block 4294967295 (level 1)
[  202.213594][ T8100] (null): rxe_set_mtu: Set mtu to 1024
[  202.253356][ T8094] EXT4-fs (loop1): 2 truncates cleaned up
[  202.260275][ T8094] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  202.270462][ T8093] iso9660: Corrupted directory entry in block 2 of inode 1920
[  202.620590][ T6935] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  203.270215][ T8120] loop1: detected capacity change from 0 to 512
[  203.324009][ T8120] EXT4-fs error (device loop1): ext4_iget_extra_inode:4732: inode #15: comm syz.1.612: corrupted in-inode xattr: invalid ea_ino
[  203.348528][ T8120] EXT4-fs error (device loop1): ext4_orphan_get:1403: comm syz.1.612: couldn't read orphan inode 15 (err -117)
[  203.408892][ T8120] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  203.676908][ T6935] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  203.709970][ T8100] infiniband syz1: set active
[  203.782521][ T8100] infiniband syz1: added bond0
[  203.805606][ T8100] syz1: rxe_create_cq: returned err = -12
[  203.878485][ T8100] infiniband syz1: Couldn't create ib_mad CQ
[  203.934310][ T8100] infiniband syz1: Couldn't open port 1
[  204.114418][ T8100] RDS/IB: syz1: added
[  204.143938][ T8100] smc: adding ib device syz1 with port count 1
[  204.170084][ T8100] smc:    ib device syz1 port 1 has pnetid 
[  205.455083][ T8149] loop6: detected capacity change from 0 to 32768
[  205.530928][ T8149] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[  205.939780][ T7573] ocfs2: Unmounting device (7,6) on (node local)
[  206.459452][ T8183] loop6: detected capacity change from 0 to 2048
[  206.516181][ T8183] UDF-fs: error (device loop6): udf_read_tagged: read failed, block=26504, location=26504
[  206.627654][ T8183] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  206.840772][ T8191] loop1: detected capacity change from 0 to 2048
[  206.888276][ T8191] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  207.064044][ T8194] loop6: detected capacity change from 0 to 256
[  207.252912][ T8197] UDF-fs: bad mount option "#! 
[  207.252912][ T8197] s" or missing value
[  208.009495][ T5804] usb 2-1: new full-speed USB device number 8 using dummy_hcd
[  208.225101][ T5804] usb 2-1: config 0 interface 0 has no altsetting 0
[  208.241284][ T5804] usb 2-1: New USB device found, idVendor=054c, idProduct=09cc, bcdDevice= 0.00
[  208.262772][ T5804] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  208.287266][ T5804] usb 2-1: config 0 descriptor??
[  208.387800][ T8233] loop6: detected capacity change from 0 to 128
[  208.760609][ T5804] playstation 0003:054C:09CC.0006: hidraw0: USB HID v0.00 Device [HID 054c:09cc] on usb-dummy_hcd.1-1/input0
[  208.944703][ T5804] playstation 0003:054C:09CC.0006: Invalid byte count transferred, expected 16 got 0
[  208.999230][ T5804] playstation 0003:054C:09CC.0006: Failed to retrieve DualShock4 pairing info: -22
[  209.046286][ T5804] playstation 0003:054C:09CC.0006: Failed to get MAC address from DualShock4
[  209.077402][ T5804] playstation 0003:054C:09CC.0006: Failed to create dualshock4.
[  209.108243][ T5804] playstation: probe of 0003:054C:09CC.0006 failed with error -22
[  209.259781][ T6522] usb 2-1: USB disconnect, device number 8
[  209.376029][ T8259] loop6: detected capacity change from 0 to 256
[  209.452148][ T8259] exFAT-fs (loop6): failed to load upcase table (idx : 0x00011e5d, chksum : 0x63a11b78, utbl_chksum : 0xe619d30d)
[  209.507670][   T28] audit: type=1800 audit(1771310144.428:13): pid=8259 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.651" name="file1" dev="loop6" ino=1048621 res=0 errno=0
[  209.562594][   T28] audit: type=1800 audit(1771310144.458:14): pid=8259 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.651" name="file1" dev="loop6" ino=1048621 res=0 errno=0
[  209.799140][ T8267] loop6: detected capacity change from 0 to 64
[  210.286872][ T8277] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input6
[  210.303293][ T8280] team0: Device lo is loopback device. Loopback devices can't be added as a team port
[  210.377052][ T8280] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  211.381761][ T8312] loop1: detected capacity change from 0 to 256
[  211.448369][ T8312] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  211.484758][ T8317] netlink: 64 bytes leftover after parsing attributes in process `syz.3.668'.
[  211.732818][ T8321] loop3: detected capacity change from 0 to 1024
[  211.911662][ T8326] bond_slave_0: entered promiscuous mode
[  211.917960][ T8326] bond_slave_1: entered promiscuous mode
[  211.957151][ T8291] loop5: detected capacity change from 0 to 32768
[  211.963837][ T8326] macsec1: entered allmulticast mode
[  211.963861][ T8326] bond0: entered allmulticast mode
[  211.963875][ T8326] bond_slave_0: entered allmulticast mode
[  211.963889][ T8326] bond_slave_1: entered allmulticast mode
[  212.000500][ T8326] bond0: left allmulticast mode
[  212.005602][ T8326] bond_slave_0: left allmulticast mode
[  212.035439][ T8326] bond_slave_1: left allmulticast mode
[  212.059778][ T8326] bond_slave_0: left promiscuous mode
[  212.065468][ T8326] bond_slave_1: left promiscuous mode
[  212.083517][ T5778] Bluetooth: hci1: command 0x0406 tx timeout
[  212.162578][ T8291] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  212.630824][ T7540] ocfs2: Unmounting device (7,5) on (node local)
[  212.779453][ T5804] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  212.814138][ T8346] loop1: detected capacity change from 0 to 8192
[  212.836759][ T8352] sch_fq: defrate 1 ignored.
[  212.981976][ T5804] usb 7-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  213.010298][ T5804] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  213.036369][ T5804] usb 7-1: config 0 descriptor??
[  213.096373][ T5804] cp210x 7-1:0.0: cp210x converter detected
[  213.497917][ T5804] cp210x 7-1:0.0: failed to get vendor val 0x000e size 3: -32
[  213.527630][ T5804] usb 7-1: cp210x converter now attached to ttyUSB0
[  213.720309][ T8372] loop5: detected capacity change from 0 to 128
[  213.767277][    T8] usb 7-1: USB disconnect, device number 2
[  213.784065][ T8372] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  213.807514][    T8] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  213.815421][ T8372] hpfs: filesystem error: improperly stopped
[  213.815484][ T8372] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  213.815501][ T8372] hpfs: You really don't want any checks? You are crazy...
[  213.816697][ T8372] hpfs: hpfs_map_sector(): read error
[  213.896396][    T8] cp210x 7-1:0.0: device disconnected
[  213.923640][ T8372] hpfs: code page support is disabled
[  213.942335][ T8372] hpfs: hpfs_map_4sectors(): unaligned read
[  213.961323][ T8372] hpfs: hpfs_map_4sectors(): unaligned read
[  213.973180][ T8372] hpfs: filesystem error: unable to find root dir
[  214.031989][ T8358] loop3: detected capacity change from 0 to 32768
[  214.091237][ T8358] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  214.251688][ T8358] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  214.283488][ T8386] loop1: detected capacity change from 0 to 256
[  214.314999][ T8358] XFS (loop3): Starting recovery (logdev: internal)
[  214.328512][ T8386] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  214.381895][ T8386] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000001)
[  214.403512][ T8358] XFS (loop3): Ending recovery (logdev: internal)
[  214.480979][ T8358] XFS (loop3): Quotacheck needed: Please wait.
[  214.588042][ T8358] XFS (loop3): Quotacheck: Done.
[  214.633338][ T8389] loop6: detected capacity change from 0 to 4096
[  214.651836][ T8389] ntfs3: loop6: Different NTFS sector size (4096) and media sector size (512).
[  214.862367][ T5774] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  215.578657][ T8414] loop3: detected capacity change from 0 to 128
[  215.709596][ T6913] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  215.940038][ T6913] usb 6-1: too many configurations: 9, using maximum allowed: 8
[  215.969729][ T6913] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  215.983416][ T6913] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  216.003486][ T6913] usb 6-1: config 0 interface 0 has no altsetting 0
[  216.012034][ T6913] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  216.023714][ T6913] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  216.055481][ T6913] usb 6-1: config 0 interface 0 has no altsetting 0
[  216.099775][ T6913] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  216.119086][ T6913] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  216.141337][ T6913] usb 6-1: config 0 interface 0 has no altsetting 0
[  216.149787][ T6913] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  216.162952][ T6913] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  216.209680][ T6913] usb 6-1: config 0 interface 0 has no altsetting 0
[  216.230513][ T6913] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  216.253597][ T6913] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  216.277594][ T6913] usb 6-1: config 0 interface 0 has no altsetting 0
[  216.289128][ T6913] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  216.300789][ T8432] netlink: 72 bytes leftover after parsing attributes in process `syz.3.706'.
[  216.319295][ T6913] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  216.342621][ T8430] loop1: detected capacity change from 0 to 4096
[  216.348628][ T6913] usb 6-1: config 0 interface 0 has no altsetting 0
[  216.361827][ T6913] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  216.399989][ T6913] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  216.438057][ T6913] usb 6-1: config 0 interface 0 has no altsetting 0
[  216.495420][ T6913] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  216.540708][ T6913] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  216.569030][ T6913] usb 6-1: config 0 interface 0 has no altsetting 0
[  216.583714][ T6913] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  216.629303][ T6913] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  216.637727][ T6913] usb 6-1: Product: syz
[  216.646656][ T8437] loop3: detected capacity change from 0 to 1024
[  216.662514][ T6913] usb 6-1: Manufacturer: syz
[  216.667975][ T6913] usb 6-1: SerialNumber: syz
[  216.703442][ T6913] usb 6-1: config 0 descriptor??
[  216.738243][ T6913] yurex 6-1:0.0: USB YUREX device now attached to Yurex #0
[  216.856410][  T150] hfsplus: b-tree write err: -5, ino 4
[  217.095746][ T5844] usb 6-1: USB disconnect, device number 4
[  217.110540][ T8443] loop3: detected capacity change from 0 to 512
[  217.123229][ T5844] yurex 6-1:0.0: USB YUREX #0 now disconnected
[  217.146100][ T8443] EXT4-fs: Ignoring removed oldalloc option
[  217.203170][ T8443] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  217.274967][ T8451] loop6: detected capacity change from 0 to 512
[  217.283004][ T8451] EXT4-fs: Ignoring removed nobh option
[  217.329719][ T8451] EXT4-fs error (device loop6): ext4_orphan_get:1398: inode #15: comm syz.6.712: iget: bad i_size value: 38620345925642
[  217.384450][ T8451] EXT4-fs error (device loop6): ext4_orphan_get:1403: comm syz.6.712: couldn't read orphan inode 15 (err -117)
[  217.415689][ T8451] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  217.601253][ T5774] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  217.651768][ T7573] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  217.858397][ T8461] loop3: detected capacity change from 0 to 2048
[  217.941533][ T8461]  loop3: p2 < > p4
[  217.984454][ T8461] loop3: p4 size 262144 extends beyond EOD, truncated
[  218.124800][ T8471] loop6: detected capacity change from 0 to 128
[  218.212352][ T8471] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  218.293301][ T8471] hpfs: filesystem error: improperly stopped
[  218.334296][ T8471] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  218.389401][ T8471] hpfs: You really don't want any checks? You are crazy...
[  218.411690][ T8471] hpfs: hpfs_map_sector(): read error
[  218.417268][ T8471] hpfs: code page support is disabled
[  218.449130][ T5787] udevd[5787]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory
[  218.472461][ T8471] hpfs: hpfs_map_4sectors(): unaligned read
[  218.478553][ T8471] hpfs: hpfs_map_4sectors(): unaligned read
[  218.493387][ T6324] udevd[6324]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory
[  218.539624][ T8471] hpfs: filesystem error: unable to find root dir
[  218.671276][ T8484] netlink: 12 bytes leftover after parsing attributes in process `syz.5.724'.
[  218.689895][ T8484] netlink: 8 bytes leftover after parsing attributes in process `syz.5.724'.
[  218.832118][ T8489] netlink: 4 bytes leftover after parsing attributes in process `syz.1.726'.
[  218.943766][ T8495] netlink: 96 bytes leftover after parsing attributes in process `syz.3.729'.
[  219.225386][ T8505] loop4: detected capacity change from 0 to 7
[  219.239418][ T8505] Dev loop4: unable to read RDB block 7
[  219.249095][ T8505]  loop4: unable to read partition table
[  219.262659][ T8505] loop4: partition table beyond EOD, truncated
[  219.279497][ T8505] loop_reread_partitions: partition scan of loop4 (úùƒå¡™‰ü�¾SêjºÐ	œëÜ%õ«`ÉæÖ€ù…ˆŠ5) failed (rc=-5)
[  219.324260][ T8513] loop5: detected capacity change from 0 to 8
[  219.350627][ T8513] SQUASHFS error: zlib decompression failed, data probably corrupt
[  219.379756][ T8513] SQUASHFS error: Failed to read block 0x9b: -5
[  219.386079][ T8513] SQUASHFS error: Unable to read metadata cache entry [99]
[  219.441775][ T8513] SQUASHFS error: Unable to read inode 0x127
[  219.817182][ T8527] Bluetooth: MGMT ver 1.22
[  220.016588][ T8534] loop5: detected capacity change from 0 to 1024
[  220.083684][ T8534] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  220.127426][ T8534] EXT4-fs (loop5): revision level too high, forcing read-only mode
[  220.188327][ T8534] EXT4-fs (loop5): orphan cleanup on readonly fs
[  220.215725][ T8534] Quota error (device loop5): v2_read_file_info: Can't read info structure
[  220.243660][ T8534] EXT4-fs warning (device loop5): ext4_enable_quotas:7184: Failed to enable quota tracking (type=0, err=-5, ino=3). Please run e2fsck to fix.
[  220.288137][ T8534] EXT4-fs (loop5): Cannot turn on quotas: error -5
[  220.316416][ T8534] EXT4-fs (loop5): 1 truncate cleaned up
[  220.343779][ T8534] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  220.478698][ T8544] loop1: detected capacity change from 0 to 512
[  220.501552][ T7540] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  220.619281][ T8544] EXT4-fs (loop1): 1 truncate cleaned up
[  220.654460][ T8544] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  220.774916][   T28] audit: type=1800 audit(1771310155.698:15): pid=8544 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.741" name="file0" dev="loop1" ino=13 res=0 errno=0
[  220.808256][ T8544] EXT4-fs error (device loop1): ext4_validate_block_bitmap:439: comm syz.1.741: bg 0: block 465: padding at end of block bitmap is not set
[  220.858516][ T8544] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6653: Corrupt filesystem
[  220.875583][ T8544] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.741: invalid indirect mapped block 234881024 (level 0)
[  220.965497][ T6935] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  220.999405][ T6913] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  221.223143][ T6913] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  221.238072][ T6913] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  221.269000][ T6913] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  221.292168][ T6913] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  221.309435][ T6913] usb 6-1: SerialNumber: syz
[  221.553911][ T6913] usb 6-1: 0:2 : does not exist
[  221.584940][ T6913] usb 6-1: 5:0: cannot get min/max values for control 23 (id 5)
[  221.632035][ T6913] usb 6-1: USB disconnect, device number 5
[  221.703589][ T5787] udevd[5787]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  221.804793][ T8562] loop1: detected capacity change from 0 to 32768
[  221.916445][ T8562] ERROR: (device loop1): xtSearch: XT_GETPAGE: xtree page corrupt
[  221.916445][ T8562] 
[  221.937500][ T8562] xtLookup: xtSearch returned -5
[  221.945501][ T8562] free_index: error reading directory table
[  221.952597][ T8562] ERROR: (device loop1): xtSearch: XT_GETPAGE: xtree page corrupt
[  221.952597][ T8562] 
[  221.964245][ T8562] xtLookup: xtSearch returned -5
[  221.970915][ T8562] free_index: error reading directory table
[  221.988067][ T8562] ERROR: (device loop1): xtSearch: XT_GETPAGE: xtree page corrupt
[  221.988067][ T8562] 
[  222.014572][ T8562] xtLookup: xtSearch returned -5
[  222.025903][ T8562] free_index: error reading directory table
[  222.040329][ T8562] ERROR: (device loop1): xtSearch: XT_GETPAGE: xtree page corrupt
[  222.040329][ T8562] 
[  222.068059][ T8562] xtLookup: xtSearch returned -5
[  222.090699][ T8562] free_index: error reading directory table
[  222.097761][ T8562] ERROR: (device loop1): xtSearch: XT_GETPAGE: xtree page corrupt
[  222.097761][ T8562] 
[  222.133435][ T8562] xtLookup: xtSearch returned -5
[  222.138471][ T8562] free_index: error reading directory table
[  222.160835][ T8562] ERROR: (device loop1): xtSearch: XT_GETPAGE: xtree page corrupt
[  222.160835][ T8562] 
[  222.175495][ T8562] xtLookup: xtSearch returned -5
[  222.183479][ T8562] add_index: get/read_metapage failed!
[  222.189018][ T8562] ERROR: (device loop1): xtSearch: XT_GETPAGE: xtree page corrupt
[  222.189018][ T8562] 
[  222.205243][ T8562] xtLookup: xtSearch returned -5
[  222.223094][ T8562] free_index: error reading directory table
[  222.229687][ T8562] ERROR: (device loop1): xtSearch: XT_GETPAGE: xtree page corrupt
[  222.229687][ T8562] 
[  222.249406][ T8562] xtLookup: xtSearch returned -5
[  222.254434][ T8562] free_index: error reading directory table
[  222.279665][ T8562] ERROR: (device loop1): xtSearch: XT_GETPAGE: xtree page corrupt
[  222.279665][ T8562] 
[  222.299258][ T8562] xtLookup: xtSearch returned -5
[  222.304279][ T8562] free_index: error reading directory table
[  222.336337][ T8562] ERROR: (device loop1): xtSearch: XT_GETPAGE: xtree page corrupt
[  222.336337][ T8562] 
[  222.371921][ T8562] xtLookup: xtSearch returned -5
[  222.377364][ T8562] free_index: error reading directory table
[  222.397929][ T8585] loop5: detected capacity change from 0 to 512
[  222.405987][ T8562] ERROR: (device loop1): xtSearch: XT_GETPAGE: xtree page corrupt
[  222.405987][ T8562] 
[  222.416407][ T8562] xtLookup: xtSearch returned -5
[  222.423278][ T8585] EXT4-fs: Ignoring removed oldalloc option
[  222.443282][ T8562] free_index: error reading directory table
[  222.501309][ T8562] ERROR: (device loop1): xtSearch: XT_GETPAGE: xtree page corrupt
[  222.501309][ T8562] 
[  222.536078][ T8562] xtLookup: xtSearch returned -5
[  222.544137][ T8562] add_index: get/read_metapage failed!
[  222.549671][ T8585] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  222.779882][ T7540] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  222.955787][ T8597] netlink: 12 bytes leftover after parsing attributes in process `syz.5.752'.
[  223.009544][ T8597] tipc: Started in network mode
[  223.014604][ T8597] tipc: Node identity 7, cluster identity 4711
[  223.077586][ T8597] tipc: Node number set to 7
[  224.248801][ T8637] netlink: 24 bytes leftover after parsing attributes in process `syz.1.762'.
[  224.659621][   T27] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  224.756863][ T8654] loop1: detected capacity change from 0 to 512
[  224.780408][ T8654] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  224.849280][   T27] usb 4-1: Using ep0 maxpacket: 8
[  224.857548][   T27] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  224.868826][ T8654] EXT4-fs (loop1): 1 truncate cleaned up
[  224.875707][   T27] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  224.887741][ T8654] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  224.901979][   T27] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  224.913069][   T27] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  224.923369][   T27] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  224.937501][   T27] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  224.946988][   T27] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  225.103663][ T8654] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  225.156360][ T8662] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  225.192817][   T27] usb 4-1: GET_CAPABILITIES returned 0
[  225.198396][   T27] usbtmc 4-1:16.0: can't read capabilities
[  225.245750][ T6935] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  225.263511][ T8665] loop5: detected capacity change from 0 to 1024
[  225.280873][ T6913] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  225.463160][ T5844] usb 4-1: USB disconnect, device number 6
[  225.507472][ T6913] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  225.536836][ T6913] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  225.556739][ T8670] hfsplus: trying to free free bnode 0(1)
[  225.564064][ T6913] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[  225.596152][ T6913] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  225.612307][ T6913] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  225.633024][ T6913] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  225.646064][ T6913] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  225.657461][ T6913] usb 7-1: Product: syz
[  225.667113][ T6913] usb 7-1: Manufacturer: syz
[  225.695943][ T6913] cdc_wdm 7-1:1.0: skipping garbage
[  225.704719][ T6913] cdc_wdm 7-1:1.0: skipping garbage
[  225.715727][ T6913] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device
[  225.725367][ T6913] cdc_wdm 7-1:1.0: Unknown control protocol
[  225.764861][ T3479] hfsplus: b-tree write err: -5, ino 4
[  226.192775][ T5844] usb 7-1: USB disconnect, device number 3
[  226.290463][ T8673] overlayfs: statfs failed on './file0'
[  226.362057][ T8695] loop5: detected capacity change from 0 to 1024
[  227.032786][ T8716] loop5: detected capacity change from 0 to 2048
[  227.063191][ T8716] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  227.261417][ T8721] netlink: 40 bytes leftover after parsing attributes in process `syz.6.786'.
[  227.512416][ T8732] loop5: detected capacity change from 0 to 128
[  227.584802][ T8732] VFS: Found a Xenix FS (block size = 512) on device loop5
[  227.846373][ T7540] sysv_free_block: trying to free block not in datazone
[  227.901696][ T7540] sysv_free_inode: inode 0,1,2 or nonexistent inode
[  228.496383][ T8755] netlink: 8 bytes leftover after parsing attributes in process `syz.3.798'.
[  228.729587][ T8735] loop6: detected capacity change from 0 to 32768
[  228.786906][ T8735] (syz.6.791,8735,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  228.824234][ T8735] (syz.6.791,8735,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  228.977772][ T8735] JBD2: Ignoring recovery information on journal
[  229.086909][ T8771] netlink: 12 bytes leftover after parsing attributes in process `syz.3.801'.
[  229.129342][ T8771] tipc: Started in network mode
[  229.152154][ T8771] tipc: Node identity 7, cluster identity 4711
[  229.184283][ T8771] tipc: Node number set to 7
[  229.206747][ T8735] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[  229.709043][ T8735] syz.6.791 (8735) used greatest stack depth: 18768 bytes left
[  229.842450][ T8795] loop1: detected capacity change from 0 to 1024
[  229.929513][ T7573] ocfs2: Unmounting device (7,6) on (node local)
[  229.975768][ T8795] hfsplus: trying to free free bnode 0(1)
[  230.138536][ T3479] hfsplus: b-tree write err: -5, ino 4
[  230.802693][ T8817] loop6: detected capacity change from 0 to 128
[  230.863485][ T8817] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  230.937831][ T8817] ext4 filesystem being mounted at /68/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  231.138375][ T8792] loop5: detected capacity change from 0 to 40427
[  231.185822][ T8792] F2FS-fs (loop5): build fault injection attr: rate: 0, type: 0x35f7
[  231.204429][ T8792] F2FS-fs (loop5): build fault injection attr: rate: 690, type: 0x7ffff
[  231.236141][ T7573] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  231.249413][ T8792] F2FS-fs (loop5): Image doesn't support compression
[  231.289518][ T8792] F2FS-fs (loop5): invalid crc value
[  231.312290][ T8792] F2FS-fs (loop5): Found nat_bits in checkpoint
[  231.574987][ T8792] F2FS-fs (loop5): Start checkpoint disabled!
[  231.640282][ T8792] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  231.787706][ T8792] F2FS-fs (loop5): inject no more block in inc_valid_node_count of f2fs_new_node_page+0x187/0x910
[  232.140115][  T150] kworker/u4:5: attempt to access beyond end of device
[  232.140115][  T150] loop5: rw=2049, sector=40960, nr_sectors = 24 limit=40427
[  232.179287][  T150] F2FS-fs (loop5): Remounting filesystem read-only
[  232.196200][  T150] F2FS-fs (loop5): Remounting filesystem read-only
[  232.219603][  T150] F2FS-fs (loop5): Remounting filesystem read-only
[  232.976147][ T8872] netlink: 8 bytes leftover after parsing attributes in process `syz.1.826'.
[  233.054102][ T8878] loop3: detected capacity change from 0 to 512
[  233.155192][ T8878] EXT4-fs error (device loop3): ext4_orphan_get:1403: comm syz.3.828: couldn't read orphan inode 26 (err -116)
[  233.231591][ T8878] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  233.261604][ T8878] ext4 filesystem being mounted at /226/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  233.276492][ T8887] loop6: detected capacity change from 0 to 128
[  233.295555][ T8878] EXT4-fs error (device loop3): ext4_lookup:1858: inode #15: comm syz.3.828: iget: bad i_size value: 360287970189639690
[  233.302218][ T8887] VFS: Found a Xenix FS (block size = 512) on device loop6
[  233.367827][ T7573] sysv_free_block: trying to free block not in datazone
[  233.379807][ T8878] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  233.391649][ T7573] sysv_free_inode: inode 0,1,2 or nonexistent inode
[  233.445812][ T5774] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  233.509726][ T6913] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  233.533163][ T8889] netlink: 8 bytes leftover after parsing attributes in process `syz.6.831'.
[  233.642215][ T8891] loop3: detected capacity change from 0 to 2048
[  233.688373][ T8894] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  233.709542][ T6913] usb 2-1: Using ep0 maxpacket: 8
[  233.716951][ T6913] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  233.726889][ T6913] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  233.755234][ T6913] pvrusb2: Hardware description: Terratec Grabster AV400
[  233.765795][ T6913] pvrusb2: **********
[  233.774190][ T6913] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  233.799355][ T6913] pvrusb2: Important functionality might not be entirely working.
[  233.815796][ T6913] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  233.839268][ T6913] pvrusb2: **********
[  233.982129][ T2320] pvrusb2: Invalid write control endpoint
[  234.050598][ T8894] NILFS (loop3): vblocknr = 18 has abnormal lifetime: start cno (= 504403158265495554) > current cno (= 3)
[  234.082724][ T8894] NILFS error (device loop3): nilfs_bmap_propagate: broken bmap (inode number=2)
[  234.130329][ T8894] Remounting filesystem read-only
[  234.151830][   T49] NILFS (loop3): discard dirty page: offset=0, ino=6
[  234.158652][   T49] NILFS (loop3): discard dirty block: blocknr=35, size=1024
[  234.204193][ T2320] pvrusb2: Invalid write control endpoint
[  234.226543][   T49] NILFS (loop3): discard dirty block: blocknr=36, size=1024
[  234.240296][ T2320] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  234.253107][   T49] NILFS (loop3): discard dirty block: blocknr=37, size=1024
[  234.261825][ T2320] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  234.269852][   T49] NILFS (loop3): discard dirty block: blocknr=38, size=1024
[  234.277211][   T49] NILFS (loop3): discard dirty page: offset=4096, ino=6
[  234.284810][ T2320] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  234.296017][   T49] NILFS (loop3): discard dirty block: blocknr=39, size=1024
[  234.303968][ T2320] pvrusb2: Device being rendered inoperable
[  234.310411][   T49] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[  234.334998][ T8883] pvrusb2: Attempted to execute control transfer when device not ok
[  234.350541][   T49] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[  234.361350][   T49] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[  234.377049][ T2320] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  234.384729][   T23] usb 2-1: USB disconnect, device number 9
[  234.394104][ T8899] loop5: detected capacity change from 0 to 1024
[  234.399696][   T49] NILFS (loop3): discard dirty page: offset=0, ino=12
[  234.407337][   T49] NILFS (loop3): discard dirty block: blocknr=17, size=1024
[  234.412075][ T8899] EXT4-fs: Ignoring removed mblk_io_submit option
[  234.417607][ T2320] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  234.441127][   T49] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[  234.462912][ T2320] pvrusb2: Attached sub-driver cx25840
[  234.469145][ T2320] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  234.471800][   T49] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[  234.499259][ T2320] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  234.527780][ T8899] EXT4-fs (loop5): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  234.545181][   T49] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[  234.559485][ T8899] ext4 filesystem being mounted at /74/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  234.576413][   T49] NILFS (loop3): discard dirty page: offset=0, ino=3
[  234.608837][   T49] NILFS (loop3): discard dirty block: blocknr=42, size=1024
[  234.641919][   T49] NILFS (loop3): discard dirty block: blocknr=43, size=1024
[  234.649765][ T8899] EXT4-fs (loop5): re-mounted 00000000-0000-0006-0000-000000000000 ro.
[  234.663274][   T49] NILFS (loop3): discard dirty block: blocknr=44, size=1024
[  234.695131][   T49] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[  234.724849][   T49] NILFS (loop3): discard dirty page: offset=65536, ino=3
[  234.743653][   T49] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[  234.764268][   T49] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[  234.785383][ T7540] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  234.794969][   T49] NILFS (loop3): discard dirty block: blocknr=0, size=1024
[  234.816887][   T49] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[  234.865922][   T49] NILFS (loop3): discard dirty page: offset=0, ino=18
[  234.890273][   T49] NILFS (loop3): discard dirty block: blocknr=0, size=1024
[  234.897648][   T49] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[  234.971487][   T49] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[  234.999776][   T49] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[  235.021205][ T5774] NILFS (loop3): disposed unprocessed dirty file(s) when stopping log writer
[  235.045007][ T5774] NILFS (loop3): discard dirty page: offset=0, ino=2
[  235.059960][ T5774] NILFS (loop3): discard dirty block: blocknr=18, size=1024
[  235.086304][ T5774] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[  235.139218][ T5774] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[  235.148249][ T5774] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[  235.179041][ T5774] NILFS (loop3): discard dirty page: offset=0, ino=5
[  235.211899][ T5774] NILFS (loop3): discard dirty block: blocknr=41, size=1024
[  235.255795][ T5774] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[  235.287665][ T5774] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[  235.296592][ T5774] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[  235.641405][ T8924] loop5: detected capacity change from 0 to 4096
[  235.779299][ T8934] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  237.588965][ T8979] loop1: detected capacity change from 0 to 256
[  237.599107][ T8979] exfat: Deprecated parameter 'utf8'
[  237.624914][ T8979] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xbc51571d, utbl_chksum : 0xe619d30d)
[  237.819727][ T8986] input: syz0 as /devices/virtual/input/input7
[  237.848072][ T5804] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  238.058260][ T5804] usb 6-1: Using ep0 maxpacket: 8
[  238.065837][ T5804] usb 6-1: config 0 has an invalid interface number: 31 but max is 0
[  238.084438][ T5804] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  238.105074][ T5804] usb 6-1: config 0 has no interface number 0
[  238.126433][ T5804] usb 6-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  238.157868][ T5804] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  238.186221][ T5804] usb 6-1: Product: syz
[  238.192694][ T5804] usb 6-1: Manufacturer: syz
[  238.200702][ T5804] usb 6-1: SerialNumber: syz
[  238.213560][ T5804] usb 6-1: config 0 descriptor??
[  238.315468][ T9000] loop1: detected capacity change from 0 to 256
[  238.327922][ T8991] loop3: detected capacity change from 0 to 8192
[  238.345423][ T9000] exfat: Deprecated parameter 'utf8'
[  238.350797][ T9000] exfat: Deprecated parameter 'utf8'
[  238.463233][ T9000] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d)
[  238.481024][ T9005] loop6: detected capacity change from 0 to 512
[  238.535921][ T5804] usb 6-1: USB disconnect, device number 6
[  238.583785][ T9005] EXT4-fs (loop6): 1 truncate cleaned up
[  238.635486][ T9005] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  238.911853][ T7573] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  239.269173][ T9023] loop5: detected capacity change from 0 to 16
[  239.298676][ T9023] MTD: Attempt to mount non-MTD device "/dev/loop5"
[  239.767023][ T9036] trusted_key: syz.5.870 sent an empty control message without MSG_MORE.
[  239.910608][ T9040] loop3: detected capacity change from 0 to 16
[  239.971522][ T9040] erofs: (device loop3): mounted with root inode @ nid 36.
[  240.099862][ T9044] loop5: detected capacity change from 0 to 512
[  240.194023][ T9044] EXT4-fs (loop5): revision level too high, forcing read-only mode
[  240.203713][ T9044] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002]
[  240.213624][ T9044] System zones: 0-1, 15-15, 18-18, 34-34
[  240.219739][ T9044] EXT4-fs (loop5): orphan cleanup on readonly fs
[  240.226956][ T9044] Quota error (device loop5): v2_read_header: Failed header read: expected=8 got=0
[  240.254470][ T9044] EXT4-fs warning (device loop5): ext4_enable_quotas:7184: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  240.290936][ T9044] EXT4-fs (loop5): Cannot turn on quotas: error -22
[  240.298606][ T9048] loop3: detected capacity change from 0 to 128
[  240.305858][ T9044] EXT4-fs (loop5): 1 truncate cleaned up
[  240.313335][ T9044] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  240.365680][ T9048] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  240.426522][ T9048] hpfs: filesystem error: improperly stopped
[  240.445325][ T9048] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  240.453310][ T9044] fscrypt (loop5, inode 16): Error -61 getting encryption context
[  240.517247][ T9048] hpfs: You really don't want any checks? You are crazy...
[  240.547131][ T9020] loop6: detected capacity change from 0 to 40427
[  240.571112][ T7540] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  240.588678][ T9048] hpfs: hpfs_map_sector(): read error
[  240.594225][ T9048] hpfs: code page support is disabled
[  240.601665][ T9020] F2FS-fs (loop6): build fault injection attr: rate: 690, type: 0x7ffff
[  240.632926][ T9048] hpfs: hpfs_map_4sectors(): unaligned read
[  240.642264][ T9048] hpfs: hpfs_map_4sectors(): unaligned read
[  240.650515][ T9020] F2FS-fs (loop6): invalid crc value
[  240.697012][ T9048] hpfs: filesystem error: unable to find root dir
[  240.727717][ T9020] F2FS-fs (loop6): Found nat_bits in checkpoint
[  241.014941][ T9020] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  241.311752][ T9070] loop5: detected capacity change from 0 to 256
[  241.330056][ T9070] exfat: Deprecated parameter 'namecase'
[  241.367111][ T7573] syz-executor: attempt to access beyond end of device
[  241.367111][ T7573] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  241.409708][ T7573] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  241.435111][ T9070] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xe5cb490d, utbl_chksum : 0xe619d30d)
[  241.489976][ T9076] loop3: detected capacity change from 0 to 1024
[  241.642707][   T32] hfsplus: b-tree write err: -5, ino 4
[  241.670120][ T6913] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  241.902428][ T6913] usb 2-1: Using ep0 maxpacket: 32
[  241.935865][ T6913] usb 2-1: config 0 interface 0 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  241.968015][ T6913] usb 2-1: config 0 interface 0 has no altsetting 0
[  241.974779][ T6913] usb 2-1: New USB device found, idVendor=0c70, idProduct=f00e, bcdDevice= 0.00
[  242.020073][ T6913] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  242.058486][ T6913] usb 2-1: config 0 descriptor??
[  242.361357][ T9092] macvlan0: entered allmulticast mode
[  242.371746][ T9092] veth1_vlan: entered allmulticast mode
[  242.536021][ T6913] aquacomputer_d5next 0003:0C70:F00E.0007: hidraw0: USB HID v4.06 Device [HID 0c70:f00e] on usb-dummy_hcd.1-1/input0
[  242.711570][ T9096] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256
[  242.743921][ T9097] dvmrp1: tun_chr_ioctl cmd 1074812118
[  242.794470][ T9096] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  243.079285][ T6913] usb 2-1: USB disconnect, device number 10
[  243.773100][ T9114] set_capacity_and_notify: 2 callbacks suppressed
[  243.773117][ T9114] loop5: detected capacity change from 0 to 4096
[  243.850792][ T9117] loop3: detected capacity change from 0 to 512
[  243.882662][ T9117] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  243.926412][ T9119] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  243.993549][ T9117] EXT4-fs (loop3): 1 truncate cleaned up
[  244.015092][ T9117] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  244.067636][   T28] audit: type=1800 audit(1771310179.065:16): pid=9114 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.896" name="file2" dev="loop5" ino=16 res=0 errno=0
[  244.184379][   T28] audit: type=1800 audit(1771310179.105:17): pid=9114 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.896" name="file2" dev="loop5" ino=16 res=0 errno=0
[  244.238398][ T9108] loop6: detected capacity change from 0 to 32768
[  244.245753][ T9117] fscrypt (loop3, inode 18): Can't use IV_INO_LBLK_64 policy with contents mode other than AES-256-XTS
[  244.258465][ T9108] XFS: attr2 mount option is deprecated.
[  244.312054][ T9108] XFS (loop6): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  244.413222][ T5774] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  244.597068][ T9118] loop1: detected capacity change from 0 to 32768
[  244.615890][ T9108] XFS (loop6): Ending clean mount
[  244.626905][ T9118] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 scanned by syz.1.897 (9118)
[  244.657585][ T9108] XFS (loop6): Quotacheck needed: Please wait.
[  244.736438][ T9118] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  244.773638][ T9118] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm
[  244.798208][ T9118] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  244.849195][ T9118] BTRFS info (device loop1): use zstd compression, level 3
[  244.863085][ T9108] XFS (loop6): Quotacheck: Done.
[  244.867527][ T9118] BTRFS info (device loop1): using free space tree
[  244.978953][ T9150] loop3: detected capacity change from 0 to 256
[  244.986607][ T9150] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  245.088800][ T9118] BTRFS info (device loop1): enabling ssd optimizations
[  245.106114][ T9118] BTRFS info (device loop1): auto enabling async discard
[  245.139683][ T9150] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  245.312027][ T7573] XFS (loop6): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  245.342581][ T6935] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  245.483836][   T27] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  245.692663][   T27] usb 6-1: Using ep0 maxpacket: 8
[  245.700450][   T27] usb 6-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  245.742200][   T27] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  245.770710][   T27] pvrusb2: Hardware description: Terratec Grabster AV400
[  245.791719][   T27] pvrusb2: **********
[  245.795769][   T27] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  245.869643][   T27] pvrusb2: Important functionality might not be entirely working.
[  245.890702][   T27] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  245.925160][   T27] pvrusb2: **********
[  245.982734][ T2320] pvrusb2: Invalid write control endpoint
[  246.155723][ T2320] pvrusb2: Invalid write control endpoint
[  246.199269][ T2320] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  246.208645][ T2320] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  246.257192][ T2320] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  246.286067][ T2320] pvrusb2: Device being rendered inoperable
[  246.305348][ T9154] pvrusb2: Attempted to execute control transfer when device not ok
[  246.328520][ T2320] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  246.334134][   T23] usb 6-1: USB disconnect, device number 7
[  246.346288][ T2320] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  246.398037][ T2320] pvrusb2: Attached sub-driver cx25840
[  246.425557][ T2320] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  246.443867][ T2320] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  246.795202][ T9168] tun0: tun_chr_ioctl cmd 1074025692
[  246.818793][ T9161] loop6: detected capacity change from 0 to 32768
[  246.830310][ T9161] XFS (loop6): Invalid device [./file0], error=-15
[  247.688490][    T8] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  247.910956][    T8] usb 2-1: config 220 has an invalid interface number: 76 but max is 2
[  247.927833][    T8] usb 2-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  247.937012][    T8] usb 2-1: config 220 contains an unexpected descriptor of type 0x1, skipping
[  247.950229][ T9178] loop5: detected capacity change from 0 to 32768
[  247.963124][    T8] usb 2-1: config 220 has an invalid descriptor of length 1, skipping remainder of the config
[  247.975004][    T8] usb 2-1: config 220 has no interface number 2
[  248.005908][    T8] usb 2-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  248.021013][    T8] usb 2-1: config 220 interface 0 has no altsetting 0
[  248.029521][    T8] usb 2-1: config 220 interface 76 has no altsetting 0
[  248.037818][    T8] usb 2-1: config 220 interface 1 has no altsetting 0
[  248.055538][    T8] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  248.065105][ T9178] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  248.077611][    T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  248.085714][    T8] usb 2-1: Product: syz
[  248.092040][    T8] usb 2-1: Manufacturer: syz
[  248.096864][    T8] usb 2-1: SerialNumber: syz
[  248.193696][ T9178] XFS (loop5): Ending clean mount
[  248.221479][ T9178] XFS (loop5): Quotacheck needed: Please wait.
[  248.369842][ T9178] XFS (loop5): Quotacheck: Done.
[  248.446503][    T8] usb 2-1: Found UVC 7.01 device syz (8086:0b07)
[  248.452948][    T8] usb 2-1: No valid video chain found.
[  248.468489][    T8] usb 2-1: selecting invalid altsetting 0
[  248.515109][    T8] usb 2-1: selecting invalid altsetting 0
[  248.521032][    T8] usbtest: probe of 2-1:220.1 failed with error -22
[  248.564098][    T8] usb 2-1: USB disconnect, device number 11
[  248.576634][ T9207] loop3: detected capacity change from 0 to 4096
[  248.626947][ T9207] ntfs3: loop3: Different NTFS sector size (1024) and media sector size (512).
[  248.746708][ T7540] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  248.766892][ T9207] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[  248.880843][ T9196] loop6: detected capacity change from 0 to 40427
[  249.015775][ T9196] F2FS-fs (loop6): Found nat_bits in checkpoint
[  249.236549][ T9196] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  249.379755][ T9220] openvswitch: netlink: Actions may not be safe on all matching packets
[  249.535755][ T7573] syz-executor: attempt to access beyond end of device
[  249.535755][ T7573] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  249.597700][ T7573] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  249.657229][   T28] audit: type=1326 audit(1771310184.681:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9228 comm="syz.5.926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff860d9bf79 code=0x7ffc0000
[  249.711363][   T28] audit: type=1326 audit(1771310184.681:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9228 comm="syz.5.926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff860d9bf79 code=0x7ffc0000
[  249.749317][   T28] audit: type=1326 audit(1771310184.681:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9228 comm="syz.5.926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7ff860d9bf79 code=0x7ffc0000
[  249.771849][    C0] vkms_vblank_simulate: vblank timer overrun
[  249.785293][   T28] audit: type=1326 audit(1771310184.691:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9228 comm="syz.5.926" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff860d9bf79 code=0x0
[  249.806919][    C0] vkms_vblank_simulate: vblank timer overrun
[  250.118795][ T9239] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check.
[  250.184907][   T27] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  250.257346][ T9242] netlink: 8 bytes leftover after parsing attributes in process `syz.6.929'.
[  250.385010][   T27] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  250.394591][   T27] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  250.407675][   T27] usb 4-1: config 0 descriptor??
[  250.426129][   T27] cp210x 4-1:0.0: cp210x converter detected
[  250.438335][   T51] Bluetooth: hci2: adv larger than maximum supported
[  250.451395][ T9246] loop6: detected capacity change from 0 to 512
[  250.481903][ T9246] EXT4-fs (loop6): warning: mounting unchecked fs, running e2fsck is recommended
[  250.506592][ T9246] EXT4-fs (loop6): Errors on filesystem, clearing orphan list.
[  250.516547][ T9246] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  250.601014][ T7573] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  250.892034][   T27] cp210x 4-1:0.0: failed to get vendor val 0x000e size 3: -32
[  250.938117][   T27] usb 4-1: cp210x converter now attached to ttyUSB0
[  251.083273][ T9260] Zero length message leads to an empty skb
[  251.110737][ T9263] loop9: detected capacity change from 0 to 7
[  251.114636][ T9264] loop6: detected capacity change from 0 to 256
[  251.127643][    C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  251.137186][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[  251.145816][ T5844] usb 4-1: USB disconnect, device number 7
[  251.156653][    C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  251.165941][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[  251.184848][ T5844] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  251.187913][    C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  251.202020][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[  251.215787][    C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  251.225212][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[  251.235089][    C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  251.244556][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[  251.262789][    C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  251.272098][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[  251.286925][    C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  251.296189][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[  251.307097][ T5844] cp210x 4-1:0.0: device disconnected
[  251.312554][    C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  251.312596][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[  251.330067][ T9263] ldm_validate_partition_table(): Disk read failed.
[  251.342797][    C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  251.352220][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[  251.363923][    C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  251.373334][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[  251.384937][ T9263] Dev loop9: unable to read RDB block 0
[  251.393259][ T9263]  loop9: unable to read partition table
[  251.424034][ T9263] loop9: partition table beyond EOD, truncated
[  251.454487][ T9263] loop_reread_partitions: partition scan of loop9 (þ被xüŸÑø éÚ¬§½dG¤´à–ƒÝ¡¯ �â·û
[  251.454487][ T9263] 
) failed (rc=-5)
[  251.540752][ T9269] netlink: 68 bytes leftover after parsing attributes in process `syz.6.940'.
[  251.993555][ T9282] futex_wake_op: syz.6.947 tries to shift op by -1; fix this program
[  252.341668][ T9295] netlink: 201392 bytes leftover after parsing attributes in process `syz.1.953'.
[  252.355848][ T9295] netlink: zone id is out of range
[  252.362729][ T9295] netlink: zone id is out of range
[  252.368000][ T9295] netlink: zone id is out of range
[  252.375912][ T9295] netlink: zone id is out of range
[  252.381583][ T9295] netlink: zone id is out of range
[  252.387089][ T9295] netlink: zone id is out of range
[  252.393493][ T9295] netlink: zone id is out of range
[  252.398936][ T9295] netlink: zone id is out of range
[  252.702532][   T27] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  252.905251][ T9312] loop5: detected capacity change from 0 to 64
[  253.170489][ T9308] loop1: detected capacity change from 0 to 32768
[  253.233617][ T9308] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  253.242665][ T9308] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  253.289274][   T27] usb 7-1: Using ep0 maxpacket: 8
[  253.305393][   T27] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  253.325241][ T9308] gfs2: fsid=syz:syz.0: journal 0 mapped with 3 extents in 0ms
[  253.341512][   T27] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  253.353546][   T27] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  253.370397][ T6522] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  253.380080][   T27] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  253.390374][ T6522] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  253.404159][   T27] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  253.446017][   T27] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  253.463746][   T27] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  253.561380][ T6522] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 172ms
[  253.571572][ T6522] gfs2: fsid=syz:syz.0: jid=0: Done
[  253.592022][ T9308] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  253.749592][   T27] usb 7-1: GET_CAPABILITIES returned 0
[  253.755723][   T27] usbtmc 7-1:16.0: can't read capabilities
[  253.839188][ T9308] gfs2: fsid=syz:syz.0: found 1 quota changes
[  253.930325][ T5844] usb 7-1: USB disconnect, device number 4
[  254.029161][ T9308] gfs2: fsid=syz:syz.0: inum=2340 error=-28, nblocks=1, full=1 fail_pt=0
[  254.038486][ T9308] gfs2: fsid=syz:syz.0: rgrp 18 has an error, marking it readonly until umount
[  254.048234][ T9308] gfs2: fsid=syz:syz.0: umount on all nodes and run fsck.gfs2 to fix the error
[  254.057387][ T9308] gfs2: fsid=syz:syz.0:  R: n:18 f:80000000 b:4294967295/4294967295 i:4294967295 q:0 r:19 e:0
[  254.068507][ T9308] gfs2: fsid=syz:syz.0:   L: f:00 b:4294967295 i:4294967295
[  254.297323][ T6935] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_qd_dispose, file = fs/gfs2/quota.c, line = 129
[  254.356207][ T6935] CPU: 0 PID: 6935 Comm: syz-executor Not tainted syzkaller #0
[  254.363842][ T6935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  254.373966][ T6935] Call Trace:
[  254.377379][ T6935]  <TASK>
[  254.380356][ T6935]  dump_stack_lvl+0x18c/0x250
[  254.385098][ T6935]  ? show_regs_print_info+0x20/0x20
[  254.390375][ T6935]  ? load_image+0x400/0x400
[  254.395118][ T6935]  ? do_raw_spin_unlock+0x121/0x230
[  254.400381][ T6935]  gfs2_assert_warn_i+0x193/0x2c0
[  254.405558][ T6935]  gfs2_qd_dispose+0x4aa/0x5b0
[  254.410436][ T6935]  gfs2_quota_cleanup+0x410/0x720
[  254.415523][ T6935]  ? spin_lock_bucket+0x150/0x150
[  254.421468][ T6935]  ? __might_sleep+0xe0/0xe0
[  254.426198][ T6935]  ? gfs2_ail_empty_tr+0x2f0/0x2f0
[  254.431448][ T6935]  ? gfs2_quota_sync+0x591/0x5a0
[  254.436541][ T6935]  gfs2_make_fs_ro+0x2aa/0x320
[  254.441369][ T6935]  ? gfs2_dinode_out+0xb10/0xb10
[  254.446362][ T6935]  ? __lock_acquire+0x7d40/0x7d40
[  254.451536][ T6935]  ? __rwlock_init+0x150/0x150
[  254.456659][ T6935]  ? do_raw_spin_unlock+0x121/0x230
[  254.462206][ T6935]  gfs2_put_super+0x224/0x930
[  254.467073][ T6935]  ? gfs2_evict_inode+0x1350/0x1350
[  254.472343][ T6935]  generic_shutdown_super+0x134/0x2b0
[  254.477789][ T6935]  kill_block_super+0x44/0x90
[  254.481202][ T9337] loop5: detected capacity change from 0 to 1024
[  254.482544][ T6935]  deactivate_locked_super+0x97/0x100
[  254.494484][ T6935]  cleanup_mnt+0x43b/0x4d0
[  254.499066][ T6935]  task_work_run+0x1d4/0x260
[  254.503726][ T6935]  ? task_work_cancel+0x220/0x220
[  254.509013][ T6935]  ? exit_to_user_mode_loop+0x3b/0x110
[  254.515116][ T6935]  exit_to_user_mode_loop+0xe6/0x110
[  254.520490][ T6935]  exit_to_user_mode_prepare+0xee/0x180
[  254.526105][ T6935]  syscall_exit_to_user_mode+0x1a/0x50
[  254.531606][ T6935]  do_syscall_64+0x61/0xa0
[  254.536242][ T6935]  ? clear_bhb_loop+0x40/0x90
[  254.541078][ T6935]  ? clear_bhb_loop+0x40/0x90
[  254.545825][ T6935]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  254.551816][ T6935] RIP: 0033:0x7fb5f959d1d7
[  254.556299][ T6935] Code: a2 c7 05 bc e3 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  254.576065][ T6935] RSP: 002b:00007ffc963dd1a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  254.584627][ T6935] RAX: 0000000000000000 RBX: 00007fb5f9631c3b RCX: 00007fb5f959d1d7
[  254.592652][ T6935] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc963dd260
[  254.600707][ T6935] RBP: 00007ffc963dd260 R08: 00007ffc963de260 R09: 00000000ffffffff
[  254.608820][ T6935] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc963de2f0
[  254.616846][ T6935] R13: 00007fb5f9631c3b R14: 000000000003e107 R15: 00007ffc963de330
[  254.624891][ T6935]  </TASK>
[  254.628040][    C0] vkms_vblank_simulate: vblank timer overrun
[  254.736443][ T9337] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  254.920796][ T7540] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  254.964637][   T51] Bluetooth: Frame is too long (len 5, expected len 4)
[  255.140326][ T9345] loop6: detected capacity change from 0 to 4096
[  255.152084][ T9345] ntfs3: loop6: Different NTFS sector size (4096) and media sector size (512).
[  255.803980][ T9358] loop1: detected capacity change from 0 to 1024
[  255.888593][ T9364] loop5: detected capacity change from 0 to 256
[  255.898689][ T9363] input: syz1 as /devices/virtual/input/input8
[  255.918546][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[  255.925913][ T9358] hfsplus: bad catalog entry type
[  255.926142][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[  256.099012][ T1313] hfsplus: b-tree write err: -5, ino 4
[  256.252151][ T9370] netlink: 44 bytes leftover after parsing attributes in process `syz.1.985'.
[  256.655567][ T5844] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  256.844409][ T5844] usb 4-1: Using ep0 maxpacket: 32
[  256.852041][ T5844] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  256.884708][ T5844] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  256.902829][ T5844] usb 4-1: New USB device found, idVendor=256c, idProduct=006e, bcdDevice= 0.00
[  256.934233][ T5844] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  256.975379][ T5844] usb 4-1: config 0 descriptor??
[  257.643951][ T5844] usb 4-1: string descriptor 0 read error: -71
[  257.662894][ T5844] uclogic 0003:256C:006E.0008: failed retrieving string descriptor #200: -71
[  257.675973][ T5844] uclogic 0003:256C:006E.0008: failed retrieving pen parameters: -71
[  257.687758][ T5844] uclogic 0003:256C:006E.0008: failed probing pen v2 parameters: -71
[  257.699050][ T5844] uclogic 0003:256C:006E.0008: failed probing parameters: -71
[  257.716069][ T5844] uclogic: probe of 0003:256C:006E.0008 failed with error -71
[  257.736329][ T5844] usb 4-1: USB disconnect, device number 8
[  257.916330][ T9402] loop1: detected capacity change from 0 to 40427
[  257.916720][ T9416] loop6: detected capacity change from 0 to 128
[  257.941171][ T9402] F2FS-fs (loop1): Wrong segment_count / block_count (31 > 0)
[  257.951322][ T9402] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock
[  257.969006][ T9416] UDF-fs: error (device loop6): udf_read_tagged: read failed, block=256, location=256
[  257.993393][ T9402] F2FS-fs (loop1): invalid crc value
[  258.012599][ T9402] F2FS-fs (loop1): Found nat_bits in checkpoint
[  258.019126][ T9416] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  258.179133][ T9402] F2FS-fs (loop1): Try to recover 2th superblock, ret: 0
[  258.186524][ T9402] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  258.274112][   T28] audit: type=1800 audit(1771310193.352:22): pid=9402 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1000" name="file1" dev="loop1" ino=10 res=0 errno=0
[  258.305219][ T9402] syz.1.1000: attempt to access beyond end of device
[  258.305219][ T9402] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  258.331702][ T9402] syz.1.1000: attempt to access beyond end of device
[  258.331702][ T9402] loop1: rw=2049, sector=45136, nr_sectors = 16 limit=40427
[  258.446325][ T6935] syz-executor: attempt to access beyond end of device
[  258.446325][ T6935] loop1: rw=2049, sector=45152, nr_sectors = 8 limit=40427
[  258.479522][ T6935] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  258.905658][ T9434] loop3: detected capacity change from 0 to 512
[  258.967035][ T9434] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  258.982963][   T27] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  259.093857][ T9440] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1009'.
[  259.124390][ T9434] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  259.178227][   T27] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  259.197910][   T27] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  259.219831][   T27] usb 6-1: New USB device found, idVendor=056a, idProduct=00b9, bcdDevice= 0.00
[  259.240355][   T27] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  259.248614][ T9441] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  259.279295][   T27] usb 6-1: config 0 descriptor??
[  259.418502][ T5774] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  259.707909][   T27] wacom 0003:056A:00B9.0009: Unknown device_type for 'HID 056a:00b9'. Assuming pen.
[  259.760667][   T27] wacom 0003:056A:00B9.0009: hidraw0: USB HID v0.06 Device [HID 056a:00b9] on usb-dummy_hcd.5-1/input0
[  259.789812][   T27] input: Wacom Intuos4 6x9 Pen as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:056A:00B9.0009/input/input9
[  259.923262][ T6913] usb 6-1: USB disconnect, device number 8
[  260.070863][ T9453] fido_id[9453]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/6-1/report_descriptor': No such file or directory
[  260.154107][ T9459] loop6: detected capacity change from 0 to 512
[  260.182118][ T9459] EXT4-fs: Ignoring removed i_version option
[  260.190744][ T9459] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  260.212439][ T9459] EXT4-fs (loop6): 1 truncate cleaned up
[  260.247601][ T9459] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  260.449134][ T7573] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  260.579802][ T9471] loop6: detected capacity change from 0 to 256
[  260.729820][ T9475] process 'syz.5.1028' launched './file0' with NULL argv: empty string added
[  261.256114][ T9491] loop1: detected capacity change from 0 to 2048
[  261.277396][ T9491] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024)
[  261.331658][ T9491] NILFS (loop1): mounting unchecked fs
[  261.356565][ T5787] udevd[5787]: incorrect nilfs2 checksum on /dev/loop1
[  261.392879][ T9491] NILFS (loop1): recovery complete
[  261.426712][ T9494] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  261.437604][ T6913] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  261.550342][ T9497] loop3: detected capacity change from 0 to 1024
[  261.564682][ T9497] hfsplus: Filesystem was not cleanly unmounted, running fsck.hfsplus is recommended.  mounting read-only.
[  261.618017][   T51] Bluetooth: Frame is too long (len 5, expected len 4)
[  261.669863][ T6913] usb 6-1: Using ep0 maxpacket: 8
[  261.717333][ T6913] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  261.765408][ T6913] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  261.789607][ T6913] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  261.830896][ T6913] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  261.870253][ T6913] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  261.890608][ T6913] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  262.154825][ T6913] usb 6-1: GET_CAPABILITIES returned 0
[  262.161092][ T6913] usbtmc 6-1:16.0: can't read capabilities
[  262.424926][   T27] usb 6-1: USB disconnect, device number 9
[  262.476222][ T9512] loop6: detected capacity change from 0 to 256
[  262.522753][ T9512] exFAT-fs (loop6): failed to load upcase table (idx : 0x0000fd4f, chksum : 0xc0e7db9a, utbl_chksum : 0xe619d30d)
[  262.543033][ T9512] exFAT-fs (loop6): bogus allocation bitmap size(need : 2, cur : 17179869186)
[  262.582952][   T28] audit: type=1800 audit(1771310197.684:23): pid=9512 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1044" name="file2" dev="loop6" ino=1048637 res=0 errno=0
[  262.771470][ T9503] loop3: detected capacity change from 0 to 32768
[  262.790128][ T9503] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 scanned by syz.3.1042 (9503)
[  262.830479][ T9503] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  262.854270][ T9503] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm
[  262.877114][ T9503] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  262.930229][ T9503] BTRFS info (device loop3): use zstd compression, level 3
[  262.948085][ T9503] BTRFS info (device loop3): using free space tree
[  263.089367][ T9503] BTRFS info (device loop3): enabling ssd optimizations
[  263.118748][ T9503] BTRFS info (device loop3): auto enabling async discard
[  263.355274][ T5774] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  263.419678][    T8] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  263.672301][    T8] usb 6-1: Using ep0 maxpacket: 32
[  263.702668][    T8] usb 6-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  263.728222][    T8] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  263.777048][    T8] usb 6-1: config 0 descriptor??
[  263.806282][    T8] gspca_main: sunplus-2.14.0 probing 041e:400b
[  264.036223][ T9538] loop6: detected capacity change from 0 to 32768
[  264.056555][ T9538] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop6 scanned by syz.6.1049 (9538)
[  264.102813][ T9538] BTRFS info (device loop6): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  264.114066][ T9538] BTRFS info (device loop6): using sha256 (sha256-avx2) checksum algorithm
[  264.124083][ T9538] BTRFS info (device loop6): enabling auto defrag
[  264.131525][ T9538] BTRFS info (device loop6): use no compression
[  264.138141][ T9538] BTRFS info (device loop6): force clearing of disk cache
[  264.145436][ T9538] BTRFS info (device loop6): max_inline at 4096
[  264.152205][ T9538] BTRFS info (device loop6): disabling free space tree
[  264.208982][ T9538] BTRFS info (device loop6): enabling ssd optimizations
[  264.217293][ T9538] BTRFS info (device loop6): auto enabling async discard
[  264.242460][ T9538] BTRFS info (device loop6): rebuilding free space tree
[  264.283787][ T9538] BTRFS info (device loop6): disabling free space tree
[  264.291402][ T9538] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  264.308518][ T9538] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  264.469651][ T7573] BTRFS info (device loop6): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  264.635484][    T8] gspca_sunplus: reg_r err -71
[  264.643990][    T8] sunplus: probe of 6-1:0.0 failed with error -71
[  264.661605][    T8] usb 6-1: USB disconnect, device number 10
[  264.692417][ T5787] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 11 /dev/loop6 scanned by udevd (5787)
[  265.834216][ T9580] loop5: detected capacity change from 0 to 256
[  265.882956][ T9580] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x205ab87c, utbl_chksum : 0xe619d30d)
[  265.954238][ T9568] loop1: detected capacity change from 0 to 32768
[  265.987131][   T28] audit: type=1800 audit(1771310201.101:24): pid=9580 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1060" name="file1" dev="loop5" ino=1048638 res=0 errno=0
[  266.005343][ T9580] syz.5.1060: attempt to access beyond end of device
[  266.005343][ T9580] loop5: rw=2049, sector=256, nr_sectors = 1 limit=256
[  266.034826][ T9568] (syz.1.1054,9568,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  266.083430][ T9568] (syz.1.1054,9568,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  266.103107][ T9580] buffer_io_error: 10 callbacks suppressed
[  266.103127][ T9580] Buffer I/O error on dev loop5, logical block 256, lost async page write
[  266.138802][ T9580] syz.5.1060: attempt to access beyond end of device
[  266.138802][ T9580] loop5: rw=2049, sector=257, nr_sectors = 1 limit=256
[  266.149878][ T9583] loop6: detected capacity change from 0 to 2048
[  266.176140][ T9580] Buffer I/O error on dev loop5, logical block 257, lost async page write
[  266.192072][ T9565] loop3: detected capacity change from 0 to 32768
[  266.203327][ T9580] syz.5.1060: attempt to access beyond end of device
[  266.203327][ T9580] loop5: rw=2049, sector=258, nr_sectors = 1 limit=256
[  266.259458][ T9568] JBD2: Ignoring recovery information on journal
[  266.289447][ T9583] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  266.312308][ T9580] Buffer I/O error on dev loop5, logical block 258, lost async page write
[  266.336649][ T9580] syz.5.1060: attempt to access beyond end of device
[  266.336649][ T9580] loop5: rw=2049, sector=259, nr_sectors = 1 limit=256
[  266.355618][ T9565] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  266.399220][ T9568] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  266.443628][ T9580] Buffer I/O error on dev loop5, logical block 259, lost async page write
[  266.536871][ T9565] XFS (loop3): Ending clean mount
[  266.642380][ T7573] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  266.709575][ T9600] program syz.5.1062 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  266.763008][ T5774] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  266.989128][ T9605] Bluetooth: MGMT ver 1.22
[  267.092394][ T6935] ocfs2: Unmounting device (7,1) on (node local)
[  267.785200][ T9621] loop3: detected capacity change from 0 to 4096
[  267.795402][ T9625] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1074'.
[  267.827380][ T9621] ntfs3: loop3: Different NTFS sector size (1024) and media sector size (512).
[  267.871937][ T9621] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[  267.875248][ T9619] loop5: detected capacity change from 0 to 8192
[  268.281410][ T9631] loop6: detected capacity change from 0 to 512
[  268.317870][ T9631] EXT4-fs: Ignoring removed mblk_io_submit option
[  268.420710][ T9631] EXT4-fs error (device loop6): ext4_free_branches:1030: inode #13: comm syz.6.1077: invalid indirect mapped block 10 (level 1)
[  268.532478][ T9631] EXT4-fs error (device loop6): ext4_free_branches:1030: inode #13: comm syz.6.1077: invalid indirect mapped block 8 (level 1)
[  268.653324][ T9631] EXT4-fs (loop6): 1 truncate cleaned up
[  268.658937][    T8] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  268.677992][ T9631] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  268.828285][ T7573] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  268.893265][    T8] usb 6-1: Using ep0 maxpacket: 8
[  268.901478][ T9643] loop1: detected capacity change from 0 to 4096
[  268.921193][    T8] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  268.960561][    T8] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  268.982100][ T9647] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  269.000083][    T8] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  269.043304][    T8] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  269.089201][    T8] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  269.112893][    T8] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  269.141860][    T8] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  269.395258][    T8] usb 6-1: GET_CAPABILITIES returned 0
[  269.420945][    T8] usbtmc 6-1:16.0: can't read capabilities
[  269.637562][    T8] usb 6-1: USB disconnect, device number 11
[  269.805378][ T9661] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  269.840153][ T9663] loop3: detected capacity change from 0 to 64
[  269.975336][   T28] audit: type=1804 audit(1771310205.110:25): pid=9663 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.1091" name="/newroot/294/file2/file1" dev="loop3" ino=5 res=1 errno=0
[  270.034499][ T9653] loop6: detected capacity change from 0 to 32768
[  270.172683][ T9653] ERROR: (device loop6): dbAlloc: the hint is outside the map
[  270.172683][ T9653] 
[  270.225768][ T9653] ERROR: (device loop6): remounting filesystem as read-only
[  270.234495][ T9653] ERROR: (device loop6): dbAlloc: the hint is outside the map
[  270.234495][ T9653] 
[  270.273477][   T27] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  270.355573][ T7573] ------------[ cut here ]------------
[  270.363050][ T7573] kernel BUG at fs/jfs/inode.c:175!
[  270.379194][ T7573] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[  270.385378][ T7573] CPU: 1 PID: 7573 Comm: syz-executor Not tainted syzkaller #0
[  270.393143][ T7573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  270.403506][ T7573] RIP: 0010:jfs_evict_inode+0x431/0x440
[  270.409096][ T7573] Code: df fe e9 e0 fd ff ff 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 23 fe ff ff 4c 89 f7 e8 a9 e7 df fe e9 16 fe ff ff e8 af be 87 fe <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 41 57 41
[  270.428827][ T7573] RSP: 0018:ffffc900033afac0 EFLAGS: 00010293
[  270.434927][ T7573] RAX: ffffffff82ff54f1 RBX: ffff88805b539ff0 RCX: ffff8880270b0000
[  270.443192][ T7573] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88805b539ff0
[  270.451186][ T7573] RBP: 0000000000000001 R08: ffffffff911bf647 R09: 1ffffffff2237ec8
[  270.459177][ T7573] R10: dffffc0000000000 R11: fffffbfff2237ec9 R12: dffffc0000000000
[  270.467183][ T7573] R13: dffffc0000000000 R14: ffff88805b539c78 R15: ffff88805b53a028
[  270.475193][ T7573] FS:  0000555571828500(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[  270.484157][ T7573] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  270.490768][ T7573] CR2: 00007ffc6b6c3f70 CR3: 0000000069763000 CR4: 00000000003526e0
[  270.498777][ T7573] Call Trace:
[  270.502173][ T7573]  <TASK>
[  270.505137][ T7573]  ? evict+0x4c4/0x8d0
[  270.509236][ T7573]  ? jfs_write_inode+0x220/0x220
[  270.514219][ T7573]  evict+0x4ca/0x8d0
[  270.518173][ T7573]  ? proc_nr_inodes+0x230/0x230
[  270.523058][ T7573]  ? do_raw_spin_unlock+0x121/0x230
[  270.528299][ T7573]  ? do_raw_spin_unlock+0x121/0x230
[  270.533534][ T7573]  evict_inodes+0x606/0x6a0
[  270.538067][ T7573]  ? clear_inode+0x150/0x150
[  270.542702][ T7573]  generic_shutdown_super+0x97/0x2b0
[  270.548069][ T7573]  kill_block_super+0x44/0x90
[  270.552967][ T7573]  deactivate_locked_super+0x97/0x100
[  270.558390][ T7573]  cleanup_mnt+0x43b/0x4d0
[  270.563011][ T7573]  task_work_run+0x1d4/0x260
[  270.567641][ T7573]  ? task_work_cancel+0x220/0x220
[  270.572808][ T7573]  ? exit_to_user_mode_loop+0x3b/0x110
[  270.578297][ T7573]  exit_to_user_mode_loop+0xe6/0x110
[  270.583630][ T7573]  exit_to_user_mode_prepare+0xee/0x180
[  270.589207][ T7573]  syscall_exit_to_user_mode+0x1a/0x50
[  270.594695][ T7573]  do_syscall_64+0x61/0xa0
[  270.599149][ T7573]  ? clear_bhb_loop+0x40/0x90
[  270.603852][ T7573]  ? clear_bhb_loop+0x40/0x90
[  270.608557][ T7573]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  270.614487][ T7573] RIP: 0033:0x7faafd59d1d7
[  270.618933][ T7573] Code: a2 c7 05 bc e3 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  270.638564][ T7573] RSP: 002b:00007ffc6b6c45c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  270.647099][ T7573] RAX: 0000000000000000 RBX: 00007faafd631c3b RCX: 00007faafd59d1d7
[  270.655105][ T7573] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc6b6c4680
[  270.663182][ T7573] RBP: 00007ffc6b6c4680 R08: 00007ffc6b6c5680 R09: 00000000ffffffff
[  270.671176][ T7573] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc6b6c5710
[  270.679163][ T7573] R13: 00007faafd631c3b R14: 0000000000042056 R15: 00007ffc6b6c5750
[  270.687166][ T7573]  </TASK>
[  270.690205][ T7573] Modules linked in:
[  270.699168][ T7573] ---[ end trace 0000000000000000 ]---
[  270.707241][ T7573] RIP: 0010:jfs_evict_inode+0x431/0x440
[  270.713016][ T7573] Code: df fe e9 e0 fd ff ff 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 23 fe ff ff 4c 89 f7 e8 a9 e7 df fe e9 16 fe ff ff e8 af be 87 fe <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 41 57 41
[  270.732880][    C0] vkms_vblank_simulate: vblank timer overrun
[  270.743353][ T7573] RSP: 0018:ffffc900033afac0 EFLAGS: 00010293
[  270.749901][ T7573] RAX: ffffffff82ff54f1 RBX: ffff88805b539ff0 RCX: ffff8880270b0000
[  270.759430][ T7573] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88805b539ff0
[  270.768362][ T7573] RBP: 0000000000000001 R08: ffffffff911bf647 R09: 1ffffffff2237ec8
[  270.778060][ T7573] R10: dffffc0000000000 R11: fffffbfff2237ec9 R12: dffffc0000000000
[  270.786909][ T7573] R13: dffffc0000000000 R14: ffff88805b539c78 R15: ffff88805b53a028
[  270.797090][ T7573] FS:  0000555571828500(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[  270.809567][ T7573] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  270.817835][ T7573] CR2: 00007ffc6b6c3f70 CR3: 0000000069763000 CR4: 00000000003506e0
[  270.827053][ T7573] Kernel panic - not syncing: Fatal exception
[  270.833737][ T7573] Kernel Offset: disabled
[  270.838077][ T7573] Rebooting in 86400 seconds..